nixos-config/systems/LoutreOS/services.nix

656 lines
19 KiB
Nix
Raw Normal View History

2018-04-10 20:28:22 +02:00
{ config, lib, pkgs, ... }:
with lib;
let
2018-04-19 19:35:11 +02:00
domaine = "nyanlout.re";
2018-04-25 00:32:42 +02:00
2019-06-15 14:37:58 +02:00
sendMail = to: subject: message: pkgs.writeShellScriptBin "mail.sh" ''
${pkgs.system-sendmail}/bin/sendmail ${to} <<EOF
2019-06-07 11:57:12 +02:00
From: root@nyanlout.re
2019-06-15 14:37:58 +02:00
Subject: ${subject}
${message}
2019-06-07 11:57:12 +02:00
EOF
2019-06-15 14:37:58 +02:00
'';
login_mail_alert = pkgs.writeShellScriptBin "mail_alert.sh" ''
if [ "$PAM_TYPE" != "close_session" ] && [ "$PAM_USER" != "zfspaulfixe" ] && [ "$PAM_USER" != "synology" ] && [ "$PAM_USER" != "rezome" ]; then
2019-07-31 13:53:17 +02:00
${sendMail "paul@nyanlout.re" "SSH Login: $PAM_USER from $PAM_RHOST" "`env`"}/bin/mail.sh
2019-06-07 11:57:12 +02:00
fi
'';
2019-06-15 14:37:58 +02:00
backup_mail_alert = sendMail "paul@nyanlout.re" "ERREUR: Sauvegarde Borg" "Impossible de terminer la sauvegarde. Merci de voir les logs";
2021-07-28 23:03:34 +02:00
unstable = import <nixos-unstable> { };
2018-04-10 20:28:22 +02:00
in
2018-04-01 15:04:49 +02:00
{
2018-04-11 22:09:44 +02:00
imports = [
../../services/python-ci.nix
2018-11-26 17:26:55 +01:00
../../services/sdtdserver.nix
2019-11-01 15:24:50 +01:00
# /mnt/secrets/factorio_secrets.nix
./monitoring.nix
./medias.nix
./web.nix
2018-04-11 22:09:44 +02:00
];
2021-10-11 10:43:57 +02:00
security.acme.certs = {
"${domaine}" = {
extraDomainNames = [
"mail.${domaine}"
];
postRun = ''
systemctl reload dovecot2.service
'';
};
};
mailserver = {
enable = true;
fqdn = "mail.${domaine}";
domains = [ domaine ];
# A list of all login accounts. To create the password hashes, use
# mkpasswd -m sha-512 "super secret password"
loginAccounts = {
"paul@${domaine}" = {
2021-11-03 22:06:20 +01:00
hashedPassword = "$6$eGmy2W7kbkfHAh$/y.ZML4eYL/v14WaVwSIG2ulkUFKFk82uBmrYBDULLtqUR8hQD3/BQIrRiBtsloxrUSja8aZ.E7ypChO.OiOI/";
2021-10-11 10:43:57 +02:00
};
"claire@${domaine}" = {
hashedPassword = "$6$Y.vlWP9./DX$NEQQOLzYftbHOvXDkKdBYFAjzIjh8mlpomDuQRq6qkkZijrdy/p6jSbrpBLhoWwVmj4j1OWekHU1f4C9xCNJk.";
};
};
# Certificate setup
certificateScheme = 1;
certificateFile = "/var/lib/acme/${domaine}/fullchain.pem";
keyFile = "/var/lib/acme/${domaine}/key.pem";
# Enable IMAP and POP3
enableImap = true;
enablePop3 = true;
enableImapSsl = true;
enablePop3Ssl = true;
# Enable the ManageSieve protocol
enableManageSieve = true;
};
2018-09-04 14:05:06 +02:00
services = {
2021-10-11 10:43:57 +02:00
postfix = {
relayHost = "mailvps.nyanlout.re";
relayPort = 587;
config = {
smtp_tls_cert_file = lib.mkForce "/var/lib/postfix/postfixrelay.crt";
smtp_tls_key_file = lib.mkForce "/var/lib/postfix/postfixrelay.key";
};
};
rspamd.workers.controller.extraConfig = ''
2021-12-22 22:55:01 +01:00
secure_ip = ["0.0.0.0/0"];
2021-10-11 10:43:57 +02:00
'';
2022-07-05 20:40:48 +02:00
# redis.enable = true;
2021-01-06 02:15:38 +01:00
# enable with nginx defult config
logrotate.enable = true;
2018-09-04 14:05:06 +02:00
fail2ban.enable = true;
2018-04-03 21:13:18 +02:00
2018-09-04 14:05:06 +02:00
fstrim.enable = true;
nfs.server = {
enable = true;
exports = ''
2019-05-01 23:06:17 +02:00
/mnt/medias 10.30.0.0/16(ro,no_root_squash)
2019-10-22 00:34:08 +02:00
/var/lib/minecraft 10.30.0.0/16(rw,no_root_squash)
2018-09-04 14:05:06 +02:00
'';
statdPort = 4000;
lockdPort = 4001;
mountdPort = 4002;
2018-04-22 00:01:25 +02:00
};
2018-09-04 14:05:06 +02:00
borgbackup.jobs = {
loutre = {
paths = [
"/var/certs"
"/var/dkim"
2019-06-15 14:36:14 +02:00
"/var/lib/jellyfin"
2018-09-04 14:05:06 +02:00
"/var/lib/gitea"
"/var/lib/grafana"
"/var/lib/jackett"
2019-02-27 13:32:25 +01:00
"/var/lib/matrix-synapse"
2018-09-04 14:05:06 +02:00
"/var/lib/postgresql/.zfs/snapshot/borgsnap"
"/var/lib/radarr"
"/var/lib/sonarr"
"/var/lib/transmission"
"/mnt/medias/musique"
"/mnt/medias/torrent/lidarr"
"/mnt/medias/torrent/musique"
"/mnt/paul-home/paul"
2018-09-04 14:05:06 +02:00
"/var/sieve"
"/var/vmail"
];
2021-10-11 11:00:40 +02:00
exclude = [
"/var/lib/radarr/.config/Radarr/radarr.db-wal"
"/var/lib/radarr/.config/Radarr/radarr.db-shm"
];
2022-06-14 08:16:01 +02:00
repo = "ssh://u306925@u306925.your-storagebox.de:23/./loutreos";
environment = { BORG_RSH = "ssh -i /mnt/secrets/hetzner_ssh_key"; };
2018-09-04 14:05:06 +02:00
encryption = {
mode = "repokey-blake2";
passCommand = "cat /mnt/secrets/borgbackup_loutre_encryption_pass";
};
startAt = "weekly";
prune.keep = {
within = "1d";
weekly = 4;
monthly = 12;
};
preHook = "${pkgs.zfs}/bin/zfs snapshot loutrepool/var/postgresql@borgsnap";
2021-10-11 11:00:40 +02:00
readWritePaths = [ "/var/lib/postfix/queue/maildrop" ];
2018-09-04 14:05:06 +02:00
postHook = ''
${pkgs.zfs}/bin/zfs destroy loutrepool/var/postgresql@borgsnap
'';
};
};
2018-06-05 14:04:36 +02:00
2018-09-04 14:05:06 +02:00
borgbackup.repos = {
diskstation = {
authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDllbxON66dBju7sMnhX8/E0VRo3+PDYvDsHP0/FK+h8JHol4+pouLmI7KIDKYOJmSuom283OqnyZOMqk+RShTwWIFm9hOd2R9aj45Zrd9jPW2APOCec/Epgogj0bwBnc0l2v6qxkxaBMgL5DnAQ+E00uvL1UQpK8c8j4GGiPlkWJD6Kf+pxmnfH1TIm+J2XCwl0oeCkSK/Frd8eM+wCraMSzoaGiEcfMz2jK8hxDWjDxX7epU0ELF22BVCuyN8cYRoFTnV88E38PlaqsOqD5ePkxk425gDh7j/C06f8QKgnasVH2diixo92kYSd7i/RmfeXDDwAD5xqUvODczEuIdt root@DiskStation" ];
path = "/mnt/backup_loutre/diskstation_borg";
user = "synology";
};
2021-10-11 11:01:46 +02:00
minecraft-rezome = {
authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc1nGsSesW96k0DPMSt/chjvCrYmfgPgHG1hdUYB5x0pZPdOJaVRIlETWdoFlO+ViviC518B3TF7Qc3oJXPZMchJQl684Nukbc312juf+j9z/KT3dqD8YvKX6o5ynx1Dyq52ftrfkBAEAvzE0OfRljUPbwGBOM0dGRD4R1jbiHquTXpITlbgGTZymbwr4Jr9W9atgf5kHMiX7xOqMZcasDtUE8g+AG4ysHdpjOrBOUM9QeRbVP1bxEFP8xjqOOoET5tbkwektP4B2jaf+EHBPUy2lkwjVEKT6MaSlkJx/wMvUWp25kG9mrXgwUw1bgfOeZIsK6ztcki3l92BJQD9ip shame@minecraft.rezom.eu" ];
path = "/mnt/backup_loutre/minecraft_rezome";
user = "rezome";
};
2018-09-04 14:05:06 +02:00
};
2018-06-26 14:13:45 +02:00
2019-01-22 11:03:32 +01:00
sdtdserver.enable = false;
2019-01-03 10:04:35 +01:00
factorio = {
2019-11-01 15:24:50 +01:00
enable = false;
2019-01-03 10:04:35 +01:00
autosave-interval = 10;
game-name = "Shame";
public = true;
username = "nyanloutre";
};
2019-01-24 09:53:21 +01:00
2019-10-04 22:31:43 +02:00
minecraft-server = {
2019-10-22 00:34:08 +02:00
enable = false;
2019-10-04 22:31:43 +02:00
jvmOpts = "-Xms512m -Xmx3072m";
eula = true;
declarative = true;
openFirewall = true;
whitelist = {
nyanloutre = "db0669ea-e332-4ca3-8d50-f5d1458f5822";
Hautension = "f05677f4-be5a-47df-ad77-21c739180aa2";
LordDarkKiwi = "79290cfc-0b00-484f-9c94-ab0786402de6";
Madahin = "f5f747e3-fac2-43e8-9b9b-a67dc2f368ff";
Hopegcx = "4497f759-2210-48db-8764-307d33011442";
wyrd68 = "127a3021-cdc1-419f-9010-4651df9ae3af";
sparsyateloutre = "d2ff63c1-4e9f-4b21-9bfc-decce5d987b3";
};
serverProperties = {
difficulty = 2;
gamemode = 0;
max-players = 50;
motd = "Hi Mark !";
white-list = true;
};
};
2020-08-30 21:15:31 +02:00
kresd = {
enable = true;
};
2020-08-30 21:16:41 +02:00
home-assistant = {
enable = true;
config = {
2020-09-11 02:02:36 +02:00
homeassistant = {
elevation = 143;
};
influxdb = null;
config = null;
2021-10-11 11:02:59 +02:00
dhcp = null;
frontend = null;
2020-09-11 02:02:36 +02:00
history = null;
2021-10-11 11:02:59 +02:00
http = {
use_x_forwarded_for = true;
trusted_proxies = [ "127.0.0.1" ];
};
2020-09-11 02:02:36 +02:00
logbook = null;
map = null;
mobile_app = null;
person = null;
script = null;
sun = null;
system_health = null;
2020-08-30 21:16:41 +02:00
yeelight.devices = {
"10.40.249.0".name = "Chambre";
"10.40.249.1".name = "Bureau";
"10.40.249.2".name = "Cuisine";
};
2021-01-06 02:13:08 +01:00
zha = null;
2020-09-11 02:02:36 +02:00
esphome = null;
2020-08-30 21:16:41 +02:00
light = [
{
platform = "group";
name = "Salon";
entities = [
"light.bureau"
"light.cuisine"
];
}
];
media_player = [
{
platform = "squeezebox";
host = "10.30.0.1";
}
];
2020-09-11 02:02:36 +02:00
tplink.switch = [
{ host = "10.30.50.7"; }
];
sensor = [
{
platform = "template";
sensors = {
serveur_amps = {
friendly_name_template = "{{ states.switch.serveur.name}} Current";
value_template = ''{{ states.switch.serveur.attributes["current_a"] | float }}'';
unit_of_measurement = "A";
};
serveur_watts = {
friendly_name_template = "{{ states.switch.serveur.name}} Current Consumption";
value_template = ''{{ states.switch.serveur.attributes["current_power_w"] | float }}'';
unit_of_measurement = "W";
};
serveur_total_kwh = {
friendly_name_template = "{{ states.switch.serveur.name}} Total Consumption";
value_template = ''{{ states.switch.serveur.attributes["total_energy_kwh"] | float }}'';
unit_of_measurement = "kWh";
};
serveur_volts = {
friendly_name_template = "{{ states.switch.serveur.name}} Voltage";
value_template = ''{{ states.switch.serveur.attributes["voltage"] | float }}'';
unit_of_measurement = "V";
};
serveur_today_kwh = {
friendly_name_template = "{{ states.switch.serveur.name}} Today's Consumption";
value_template = ''{{ states.switch.serveur.attributes["today_energy_kwh"] | float }}'';
unit_of_measurement = "kWh";
};
};
}
];
2020-08-30 21:16:41 +02:00
switch = [
{
platform = "wake_on_lan";
name = "PC Fixe";
mac = "b4:2e:99:ed:24:26";
host = "10.30.135.71";
broadcast_address = "10.30.255.255";
}
];
2020-11-29 12:52:41 +01:00
device_tracker = [
{
platform = "ping";
hosts = { telephone_paul = "10.30.50.2"; };
}
];
2020-09-11 02:02:36 +02:00
scene = [
{
name = "Movie";
icon = "mdi:movie-open";
entities = {
"light.salon" = {
state = "on";
xy_color = [0.299 0.115];
brightness = 50;
};
"light.bande_led_tv" = {
state = "on";
effect = "Movie";
brightness = 180;
};
"light.bande_led_bureau" = {
state = "on";
xy_color = [0.299 0.115];
brightness = 130;
};
};
}
{
name = "Home";
icon = "mdi:home";
entities = {
"light.salon" = {
state = "on";
kelvin = 2700;
brightness = 255;
};
};
}
{
name = "Night";
icon = "mdi:weather-night";
entities = {
"light.salon" = {
state = "off";
};
"light.bande_led_tv" = {
state = "off";
};
"light.bande_led_bureau" = {
state = "off";
};
"light.chambre" = {
state = "on";
kelvin = 1900;
brightness = 50;
};
};
}
];
automation = let
min_sun_elevation = 4;
2021-01-06 02:13:08 +01:00
switch_chambre = {
domain = "zha";
platform = "device";
device_id = "3329ecdcad244e5e8fc0f4b96d52ffe1";
};
switch_entree = {
domain = "zha";
platform = "device";
device_id = "7cd814190ec543dba76a7aa7e7996c41";
};
remote = {
domain = "zha";
platform = "device";
device_id = "d1230b76264e483388a8fdaad4f44143";
};
2020-09-11 02:02:36 +02:00
in [
2021-01-06 02:13:08 +01:00
# ENTREE
2020-08-30 21:16:41 +02:00
{
alias = "Aziz lumière";
trigger = [
{
2020-09-11 02:02:36 +02:00
platform = "numeric_state";
entity_id = "sun.sun";
value_template = "{{ state.attributes.elevation }}";
below = min_sun_elevation;
2020-08-30 21:16:41 +02:00
}
];
condition = [
{
condition = "state";
entity_id = "person.paul";
state = "home";
}
2020-11-29 12:52:41 +01:00
# Sun below max elevation
2020-08-30 21:16:41 +02:00
{
2020-09-11 02:02:36 +02:00
condition = "template";
value_template = "{{ state_attr('sun.sun', 'elevation') < ${toString min_sun_elevation} }}";
2020-08-30 21:16:41 +02:00
}
];
action = {
2020-09-11 02:02:36 +02:00
scene = "scene.home";
2020-08-30 21:16:41 +02:00
};
}
{
2021-01-06 02:13:08 +01:00
alias = "Aziz lumière switch";
2020-08-30 21:16:41 +02:00
trigger = {
2021-01-06 02:13:08 +01:00
type = "remote_button_short_press";
subtype = "turn_on";
} // switch_entree;
action = {
scene = "scene.home";
2020-08-30 21:16:41 +02:00
};
2021-01-06 02:13:08 +01:00
}
{
alias = "Adios";
trigger = [
{
platform = "state";
entity_id = "person.paul";
to = "not_home";
}
({
type = "remote_button_short_press";
subtype = "turn_off";
} // switch_entree)
];
2020-08-30 21:16:41 +02:00
action = [
{
service = "light.turn_off";
entity_id = "all";
}
{
2020-11-29 12:52:41 +01:00
service = "media_player.turn_off";
2020-08-30 21:16:41 +02:00
entity_id = "all";
}
];
}
2021-01-06 02:13:08 +01:00
# REMOTE
{
alias = "Button toggle";
trigger = {
type = "remote_button_short_press";
subtype = "turn_on";
} // remote;
action = {
choose = {
conditions = {
condition = "template";
value_template = ''
{% set domain = 'light' %}
{% set state = 'off' %}
{{ states[domain] | count == states[domain] | selectattr('state','eq',state) | list | count }}
'';
};
sequence = {
scene = "scene.home";
};
};
default = {
service = "light.turn_off";
entity_id = "all";
};
};
}
{
alias = "Button scene movie";
trigger = {
type = "remote_button_short_press";
subtype = "right";
} // remote;
action = {
scene = "scene.movie";
};
}
{
alias = "Button scene home";
trigger = {
type = "remote_button_short_press";
subtype = "left";
} // remote;
action = {
scene = "scene.home";
};
}
{
alias = "Button light up";
trigger = {
type = "remote_button_short_press";
subtype = "dim_up";
} // remote;
action = {
service = "light.turn_on";
entity_id = "light.salon";
data = {
brightness_step = 25;
};
};
}
{
alias = "Button light down";
trigger = {
type = "remote_button_short_press";
subtype = "dim_down";
} // remote;
action = {
service = "light.turn_on";
entity_id = "light.salon";
data = {
brightness_step = -25;
};
};
}
# CHAMBRE
{
alias = "Button scene night";
trigger = {
type = "remote_button_short_press";
subtype = "turn_on";
} // switch_chambre;
action = {
scene = "scene.night";
};
}
{
alias = "Button scene dodo";
trigger = {
type = "remote_button_short_press";
subtype = "turn_off";
} // switch_chambre;
action = {
service = "light.turn_off";
entity_id = "all";
};
}
{
alias = "Button scene lumière chambre ON";
trigger = {
type = "remote_button_long_press";
subtype = "dim_up";
} // switch_chambre;
action = {
service = "light.turn_on";
entity_id = "light.chambre";
};
}
{
alias = "Button scene lumière chambre OFF";
trigger = {
type = "remote_button_long_press";
subtype = "dim_down";
} // switch_chambre;
action = {
service = "light.turn_off";
entity_id = "light.chambre";
};
}
2020-08-30 21:16:41 +02:00
];
};
};
2018-09-04 14:05:06 +02:00
};
2018-05-10 19:00:14 +02:00
2021-10-22 11:06:14 +02:00
dogetipbot-telegram.enable = true;
2018-09-04 14:05:06 +02:00
2021-11-03 20:10:03 +01:00
ipmihddtemp.enable = true;
2020-03-02 22:38:36 +01:00
# systemd.services.minecraft-overviewer =
# let
# clientJar = pkgs.fetchurl {
# url = "https://overviewer.org/textures/1.14";
# sha256 = "0fij9wac7vj6h0kd3mfhqpn0w9gl8pbs9vs9s085zajm0szpr44k";
# name = "client.jar";
# };
# configFile = pkgs.runCommand "overviewer-config" { CLIENT_JAR = clientJar; } ''
# substitute ${./config-overviewer.py} $out \
# --subst-var CLIENT_JAR
# '';
# in
# {
# script = ''
# ${pkgs.minecraft-overviewer}/bin/overviewer.py --config ${configFile}
# ${pkgs.minecraft-overviewer}/bin/overviewer.py --config ${configFile} --genpoi
# rm /var/www/minecraft-overviewer/progress.json
# '';
# serviceConfig = {
# User = "nginx";
# Group = "nginx";
# };
# };
# systemd.timers.minecraft-overviewer = {
# wantedBy = [ "multi-user.target" ];
# timerConfig = {
# OnCalendar = "*-*-* 04:00:00";
# };
# };
2018-06-28 20:52:31 +02:00
2020-03-02 22:40:01 +01:00
# systemd.packages = with pkgs; [
# tgt
# ];
# environment.etc."tgt/targets.conf".text = ''
# <target iqn.2019-11.nyanlout.re:steam>
# backing-store /dev/zvol/loutrepool/steam-lun
# initiator-address 10.30.50.3
# </target>
# '';
2019-11-21 02:11:59 +01:00
2020-04-16 08:56:01 +02:00
users.groups.nginx.members = [ "matrix-synapse" ];
2019-11-01 15:24:50 +01:00
security.pam.services.sshd.text = pkgs.lib.mkDefault( pkgs.lib.mkAfter "session optional ${pkgs.pam}/lib/security/pam_exec.so seteuid ${login_mail_alert}/bin/mail_alert.sh" );
2018-09-04 14:05:06 +02:00
2018-09-16 16:28:47 +02:00
networking = {
wireguard.interfaces = {
wg0 = {
ips = [ "192.168.20.1/24" ];
privateKeyFile = "/mnt/secrets/wireguard/wg0.privatekey";
listenPort = 51820;
2019-10-04 22:34:13 +02:00
allowedIPsAsRoutes = true;
2018-09-16 16:28:47 +02:00
peers = [
{
2019-10-04 22:34:13 +02:00
allowedIPs = [ "192.168.20.2/32" ];
2018-09-16 16:28:47 +02:00
publicKey = "b/SXiqo+GPdNOc54lyEVeUBc6B5AbVMKh+g5EZPGzlE=";
}
];
};
};
2019-10-04 22:34:13 +02:00
nat.internalInterfaces = [ "wg0" ];
nat.internalIPs = [ "192.168.20.0/24" ];
2019-11-21 02:11:59 +01:00
firewall.interfaces.eno2.allowedTCPPorts = [
3260
];
2018-09-16 16:28:47 +02:00
firewall.allowedTCPPorts = [
8448 # Matrix federation
20 21 # FTP
];
firewall.allowedTCPPortRanges = [
{ from = 64000; to = 65535; } # FTP
];
firewall.allowedUDPPorts = [
2019-11-01 15:24:50 +01:00
config.networking.wireguard.interfaces.wg0.listenPort
2018-09-16 16:28:47 +02:00
];
};
2018-04-01 15:04:49 +02:00
}