nixos-config/systems/LoutreOS/configuration.nix

{ config, pkgs, inputs, ... }:

{
  imports = [
    "${inputs.nixpkgs-unstable}/nixos/modules/services/misc/flaresolverr.nix"
    ../common-cli.nix
    ./hardware-configuration.nix
    ./network.nix
    ./users.nix
    ./services.nix
  ];

  nix.settings.trusted-users = [ "root" "paul" ];

  boot = {
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
    };

    supportedFilesystems = [ "zfs" ];

    tmp.useTmpfs = true;

    # Enabling both boot.enableContainers & virtualisation.containers on system.stateVersion < 22.05 is unsupported
    enableContainers = false;
  };

  documentation.nixos.enable = false;

  services.zfs = {
    autoSnapshot.enable = true;
    autoScrub = {
      enable = true;
      interval = "monthly";
    };
  };

  services.openssh = {
    enable = true;
    settings = {
      PermitRootLogin = "no";
      PasswordAuthentication = false;
      X11Forwarding = true;
    };
  };

  users = {
    groups.autossh = { };
    users.autossh = {
      home = "/home/autossh";
      createHome = true;
      group = "autossh";
      isSystemUser = true;
    };
  };

  # Options explanations
  # -N                              disable shell
  # -R 0.0.0.0:2222:127.0.0.1:22    redirect SSH port on VPS server on port 2222
  # -R 127.0.0.1:2525:127.0.0.1:25  redirect SMTP port on VPS port 2525
  services.autossh.sessions = [
    {
      extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 loutre@vps772619.ovh.net";
      monitoringPort = 20000;
      name = "backup-ssh-reverse";
      user = "autossh";
    }
  ];

  virtualisation.podman.enable = true;

  security.sudo.wheelNeedsPassword = false;

  system.stateVersion = "18.03";
}
import flaresolverr module 2024-10-28 22:18:03 +01:00			`{ config, pkgs, inputs, ... }:`
First commit 2018-03-31 22:16:38 +02:00
			`{`
Refactoring LoutreOS 2018-09-04 14:05:06 +02:00			`imports = [`
import flaresolverr module 2024-10-28 22:18:03 +01:00			`"${inputs.nixpkgs-unstable}/nixos/modules/services/misc/flaresolverr.nix"`
regroupements paramètres GUI 2019-10-04 22:01:49 +02:00			`../common-cli.nix`
Refactoring LoutreOS 2018-09-04 14:05:06 +02:00			`./hardware-configuration.nix`
multi table route setup 2024-11-20 16:50:26 +01:00			`./network.nix`
Refactoring LoutreOS 2018-09-04 14:05:06 +02:00			`./users.nix`
			`./services.nix`
			`];`
First commit 2018-03-31 22:16:38 +02:00
update LoutreOS to 22.11 2022-12-30 15:08:20 +01:00			`nix.settings.trusted-users = [ "root" "paul" ];`
allow paul user to use cachix 2021-12-16 19:07:52 +01:00
Refactoring LoutreOS 2018-09-04 14:05:06 +02:00			`boot = {`
			`loader = {`
			`systemd-boot.enable = true;`
			`efi.canTouchEfiVariables = true;`
			`};`
First commit 2018-03-31 22:16:38 +02:00
Refactoring LoutreOS 2018-09-04 14:05:06 +02:00			`supportedFilesystems = [ "zfs" ];`
First commit 2018-03-31 22:16:38 +02:00
LoutreOS: update to 23.05 and rename deprecated options 2023-06-13 14:05:05 +02:00			`tmp.useTmpfs = true;`
enable Bouygues IPv6 2023-09-15 15:27:47 +02:00
disable nixos containers functionality 2024-10-02 19:05:08 +02:00			`# Enabling both boot.enableContainers & virtualisation.containers on system.stateVersion < 22.05 is unsupported`
			`enableContainers = false;`
Refactoring LoutreOS 2018-09-04 14:05:06 +02:00			`};`
Snapshot ZFS automatique 2018-04-05 19:22:09 +02:00
LoutreOS: disable docs 2021-01-06 02:06:34 +01:00			`documentation.nixos.enable = false;`

Refactoring LoutreOS 2018-09-04 14:05:06 +02:00			`services.zfs = {`
			`autoSnapshot.enable = true;`
reduce frequency of high IO operations 2022-06-30 18:58:34 +02:00			`autoScrub = {`
			`enable = true;`
			`interval = "monthly";`
			`};`
Refactoring LoutreOS 2018-09-04 14:05:06 +02:00			`};`
First commit 2018-03-31 22:16:38 +02:00
Refactoring LoutreOS 2018-09-04 14:05:06 +02:00			`services.openssh = {`
			`enable = true;`
LoutreOS: update to 23.05 and rename deprecated options 2023-06-13 14:05:05 +02:00			`settings = {`
			`PermitRootLogin = "no";`
			`PasswordAuthentication = false;`
			`X11Forwarding = true;`
			`};`
Refactoring LoutreOS 2018-09-04 14:05:06 +02:00			`};`
First commit 2018-03-31 22:16:38 +02:00
ajout SSH de secours 2020-08-30 16:25:51 +02:00			`users = {`
			`groups.autossh = { };`
			`users.autossh = {`
			`home = "/home/autossh";`
			`createHome = true;`
			`group = "autossh";`
set autossh as system user 2021-10-11 10:49:30 +02:00			`isSystemUser = true;`
ajout SSH de secours 2020-08-30 16:25:51 +02:00			`};`
			`};`

redirect SMTP port to VPS server as backup 2024-02-22 13:33:43 +01:00			`# Options explanations`
			`# -N disable shell`
			`# -R 0.0.0.0:2222:127.0.0.1:22 redirect SSH port on VPS server on port 2222`
			`# -R 127.0.0.1:2525:127.0.0.1:25 redirect SMTP port on VPS port 2525`
			`services.autossh.sessions = [`
			`{`
remove open mail port 2024-05-14 10:38:42 +02:00			`extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 loutre@vps772619.ovh.net";`
redirect SMTP port to VPS server as backup 2024-02-22 13:33:43 +01:00			`monitoringPort = 20000;`
			`name = "backup-ssh-reverse";`
			`user = "autossh";`
			`}`
			`];`
ajout SSH de secours 2020-08-30 16:25:51 +02:00
migrate slimserver to docker container 2021-10-11 10:48:26 +02:00			`virtualisation.podman.enable = true;`

First commit 2018-03-31 22:16:38 +02:00			`security.sudo.wheelNeedsPassword = false;`

Freeze version paquets non rétrocompatibles 2018-05-03 00:02:19 +02:00			`system.stateVersion = "18.03";`
First commit 2018-03-31 22:16:38 +02:00			`}`