nyanloutre
/
nixos-config
1
1
Fork 1
Code Issues Pull Requests Releases Wiki Activity
nixos-config/systems/LoutreOS/services.nix

282 lines
8.3 KiB
Nix
Raw Normal View History

Mapping wizardry
2018-04-10 20:28:22 +02:00
{ config, lib, pkgs, ... }:
with lib;
let
Changement de domaine
2018-04-19 19:35:11 +02:00
domaine = "nyanlout.re";
WIP: Organizr
2018-04-25 00:32:42 +02:00
Déploiement Riot
2018-04-19 20:17:48 +02:00
riot_port = 52345;
WIP: Organizr
2018-04-25 00:32:42 +02:00
organizr_port = 52346;
pgmanage
2018-05-03 00:40:16 +02:00
pgmanage_port = 52347;
WIP: Site max
2018-05-09 16:46:33 +02:00
max_port = 52348;
WIP: Site musique
2018-05-09 16:47:02 +02:00
musique_port = 52349;
Mapping wizardry
2018-04-10 20:28:22 +02:00
in
Ajout Telegraf-InfluxDB-Grafana
2018-04-01 15:04:49 +02:00
{
Service serveur mail
2018-04-11 22:09:44 +02:00
imports = [
Regroupement configurations
2018-06-09 13:23:26 +02:00
../../services/haproxy-acme.nix
../../services/mail-server.nix
../../services/lidarr.nix
../../services/site-musique.nix
../../services/site-max.nix
Service serveur mail
2018-04-11 22:09:44 +02:00
];
Notifications mail smart
2018-05-21 21:38:12 +02:00
services.smartd.enable = true;
services.smartd.notifications.mail.enable = true;
services.smartd.notifications.mail.recipient = "paul@nyanlout.re";
Modularisation HAproxy
2018-04-12 20:36:46 +02:00
services.haproxy-acme.enable = true;
services.haproxy-acme.domaine = domaine;
services.haproxy-acme.services = {
Configuration des domaines générique
2018-05-17 15:43:35 +02:00
"grafana.${domaine}" = { ip = "127.0.0.1"; port = 3000; auth = false; };
"emby.${domaine}" = { ip = "127.0.0.1"; port = 8096; auth = false; };
ACL custom HAproxy
2018-06-21 10:15:39 +02:00
"radarr.${domaine}" = { ip = "127.0.0.1"; port = 7878; auth = true; extraAcls = "acl API url_beg /api\n"; aclBool = "!AUTH_OK !API"; };
"sonarr.${domaine}" = { ip = "127.0.0.1"; port = 8989; auth = true; extraAcls = "acl API url_beg /api\n"; aclBool = "!AUTH_OK !API"; };
"lidarr.${domaine}" = { ip = "127.0.0.1"; port = 8686; auth = true; extraAcls = "acl API url_beg /api\n"; aclBool = "!AUTH_OK !API"; };
Configuration des domaines générique
2018-05-17 15:43:35 +02:00
"transmission.${domaine}" = { ip = "127.0.0.1"; port = 9091; auth = true; };
"syncthing.${domaine}" = { ip = "127.0.0.1"; port = 8384; auth = true; };
"jackett.${domaine}" = { ip = "127.0.0.1"; port = 9117; auth = true; };
"searx.${domaine}" = { ip = "127.0.0.1"; port = 8888; auth = false; };
"riot.${domaine}" = { ip = "127.0.0.1"; port = riot_port; auth = false; };
"matrix.${domaine}" = { ip = "127.0.0.1"; port = 8008; auth = false; };
"organizr.${domaine}" = { ip = "127.0.0.1"; port = organizr_port; auth = true; };
"pgmanage.${domaine}" = { ip = "127.0.0.1"; port = pgmanage_port; auth = true; };
Ajout service Gitea
2018-06-05 14:04:36 +02:00
"gitea.${domaine}" = { ip = "127.0.0.1"; port = 3001; auth = false; };
Ajout HAProxy
2018-04-03 21:13:18 +02:00
};
Modularisation HAproxy
2018-04-12 20:36:46 +02:00
services.mailserver.enable = true;
services.mailserver.domaine = domaine;
Ajout HAProxy
2018-04-03 21:13:18 +02:00
Ajout Telegraf-InfluxDB-Grafana
2018-04-01 15:04:49 +02:00
services.influxdb.enable = true;
Nouveaux services
2018-04-03 08:47:49 +02:00
services.influxdb.dataDir = "/var/db/influxdb";
Ajout Telegraf-InfluxDB-Grafana
2018-04-01 15:04:49 +02:00
services.telegraf.enable = true;
services.telegraf.extraConfig = {
inputs = {
zfs = { poolMetrics = true; };
net = { interfaces = [ "eno1" "eno2" "eno3" "eno4" ]; };
netstat = {};
cpu = { totalcpu = true; };
kernel = {};
mem = {};
processes = {};
system = {};
Monitoring espace disque
2018-04-10 20:35:33 +02:00
disk = {};
Monitoring IPMI
2018-04-10 16:53:13 +02:00
ipmi_sensor = { path = "${pkgs.ipmitool}/bin/ipmitool"; };
Monitoring température disques
2018-06-04 12:31:07 +02:00
smart = {
path = "${pkgs.writeShellScriptBin "smartctl" "/run/wrappers/bin/sudo ${pkgs.smartmontools}/bin/smartctl $@"}/bin/smartctl";
};
Ajout Telegraf-InfluxDB-Grafana
2018-04-01 15:04:49 +02:00
};
outputs = {
influxdb = { database = "telegraf"; urls = [ "http://localhost:8086" ]; };
};
};
Monitoring IPMI
2018-04-10 16:53:13 +02:00
services.udev.extraRules = ''
KERNEL=="ipmi*", MODE="660", OWNER="telegraf"
'';
Monitoring température disques
2018-06-04 12:31:07 +02:00
security.sudo.extraRules = [
{ commands = [ { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } ]; users = [ "telegraf" ]; }
];
Ajout Telegraf-InfluxDB-Grafana
2018-04-01 15:04:49 +02:00
services.grafana.enable = true;
Règlages backends HAProxy
2018-04-03 22:25:49 +02:00
services.grafana.addr = "127.0.0.1";
Nouveaux services
2018-04-03 08:47:49 +02:00
services.grafana.dataDir = "/var/lib/grafana";
Alertes mail Grafana
2018-04-26 19:22:31 +02:00
services.grafana.extraOptions = {
SERVER_ROOT_URL = "https://grafana.${domaine}";
SMTP_ENABLED = "true";
SMTP_FROM_ADDRESS = "grafana@${domaine}";
SMTP_SKIP_VERIFY = "true";
};
Ajout Emby
2018-04-01 15:17:44 +02:00
services.emby.enable = true;
Nouveaux services
2018-04-03 08:47:49 +02:00
services.emby.dataDir = "/var/lib/emby/ProgramData-Server";
Ajout Emby
2018-04-01 15:17:44 +02:00
Service slimserver
2018-04-03 19:21:26 +02:00
services.slimserver.enable = true;
services.slimserver.dataDir = "/var/lib/slimserver";
Nouveaux services
2018-04-03 08:47:49 +02:00
services.syncthing.enable = true;
services.syncthing.dataDir = "/var/lib/syncthing";
services.syncthing.openDefaultPorts = true;
Activation NFS
2018-04-19 00:24:31 +02:00
services.nfs.server = {
enable = true;
exports = ''
/mnt/medias 192.168.0.0/24(ro,no_root_squash)
Partage NFS Steam
2018-05-08 22:55:36 +02:00
/exports/steam 192.168.0.0/24(rw,no_root_squash)
Activation NFS
2018-04-19 00:24:31 +02:00
'';
statdPort = 4000;
lockdPort = 4001;
mountdPort = 4002;
};
Partage NFS Steam
2018-04-03 18:55:07 +02:00
Service transmission
2018-04-03 23:22:44 +02:00
services.transmission.enable = true;
services.transmission.home = "/var/lib/transmission";
services.transmission.settings = {
Mot de passe HAProxy
2018-04-03 23:54:27 +02:00
rpc-bind-address = "127.0.0.1";
rpc-host-whitelist = "*";
Service transmission
2018-04-03 23:22:44 +02:00
rpc-whitelist-enabled = false;
};
Ajout service Radarr
2018-04-03 23:09:51 +02:00
services.radarr.enable = true;
Service Sonarr
2018-04-11 22:09:29 +02:00
services.sonarr.enable = true;
Service Jackett
2018-04-13 16:11:37 +02:00
services.jackett.enable = true;
Service Sonarr
2018-04-11 22:09:29 +02:00
Ajout SearX
2018-04-18 21:35:57 +02:00
services.searx.enable = true;
Déploiement Riot
2018-04-19 20:17:48 +02:00
services.nginx.enable = true;
services.nginx.virtualHosts = {
"riot" = {
listen = [ { addr = "127.0.0.1"; port = riot_port; } ];
Dossier overlays
2018-05-04 15:25:24 +02:00
locations = { "/" = { root = pkgs.riot-web; }; };
Déploiement Riot
2018-04-19 20:17:48 +02:00
};
WIP: Organizr
2018-04-25 00:32:42 +02:00
"organizr" = {
listen = [ { addr = "127.0.0.1"; port = organizr_port; } ];
locations."/" = {
Organizr en overlay
2018-05-04 16:35:00 +02:00
root = pkgs.organizr;
WIP: Organizr
2018-04-25 00:32:42 +02:00
index = "index.php";
extraConfig = ''
location ~* \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/phpfpm/nginx;
include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
}
'';
};
};
Déploiement Riot
2018-04-19 20:17:48 +02:00
};
WIP: Organizr
2018-04-25 00:32:42 +02:00
services.phpfpm.poolConfigs.mypool = ''
listen = /run/phpfpm/nginx
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
user = nginx
pm = dynamic
pm.max_children = 75
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 20
pm.max_requests = 500
php_admin_value[error_log] = 'stderr'
php_admin_flag[log_errors] = on
catch_workers_output = yes
'';
Configuration Matrix Synapse
2018-04-22 00:01:25 +02:00
services.postgresql.enable = true;
services.matrix-synapse = {
enable = true;
enable_registration = true;
server_name = "nyanlout.re";
listeners = [
{ # federation
bind_address = "";
port = 8448;
resources = [
{ compress = true; names = [ "client" "webclient" ]; }
{ compress = false; names = [ "federation" ]; }
];
tls = true;
type = "http";
x_forwarded = false;
}
{ # client
bind_address = "127.0.0.1";
port = 8008;
resources = [
{ compress = true; names = [ "client" "webclient" ]; }
];
tls = false;
type = "http";
x_forwarded = true;
}
];
database_type = "psycopg2";
database_args = {
database = "matrix-synapse";
};
extraConfig = ''
max_upload_size: "100M"
'';
};
pgmanage
2018-05-03 00:40:16 +02:00
services.pgmanage.enable = true;
services.pgmanage.port = pgmanage_port;
services.pgmanage.connections = {
localhost = "hostaddr=127.0.0.1 port=5432 dbname=postgres";
};
Solution de sauvegarde borg
2018-05-27 18:41:47 +02:00
services.borgbackup.jobs = {
loutre = {
paths = [
Ajout dossiers à sauvegarder
2018-06-05 20:15:28 +02:00
"/var/certs"
Solution de sauvegarde borg
2018-05-27 18:41:47 +02:00
"/var/dkim"
Ajout dossiers à sauvegarder
2018-06-05 20:15:28 +02:00
"/var/lib/gitea"
Solution de sauvegarde borg
2018-05-27 18:41:47 +02:00
"/var/lib/grafana"
"/var/lib/matrix-synapse"
Ajout dossiers à sauvegarder
2018-06-05 20:15:28 +02:00
"/var/lib/jackett"
Solution de sauvegarde borg
2018-05-27 18:41:47 +02:00
"/var/lib/postgresql/.zfs/snapshot/borgsnap"
Ajout dossiers à sauvegarder
2018-06-05 20:15:28 +02:00
"/var/lib/radarr"
"/var/lib/sonarr"
Solution de sauvegarde borg
2018-05-27 18:41:47 +02:00
"/var/lib/syncthing"
Ajout dossiers à sauvegarder
2018-06-05 20:15:28 +02:00
"/var/lib/transmission"
Solution de sauvegarde borg
2018-05-27 18:41:47 +02:00
"/mnt/medias/musique"
"/mnt/medias/torrent/lidarr"
"/mnt/medias/torrent/musique"
Ajout dossiers à sauvegarder
2018-06-05 20:15:28 +02:00
"/var/sieve"
"/var/vmail"
Solution de sauvegarde borg
2018-05-27 18:41:47 +02:00
];
repo = "/mnt/backup/borg";
encryption = {
mode = "repokey-blake2";
passCommand = "cat /root/borg/medias_encryption_pass";
};
startAt = "weekly";
prune.keep = {
within = "1d";
weekly = 4;
monthly = 12;
};
preHook = "${pkgs.zfs}/bin/zfs snapshot loutrepool/var/postgresql@borgsnap";
postHook = ''
${pkgs.zfs}/bin/zfs destroy loutrepool/var/postgresql@borgsnap
if [[ $exitStatus == 0 ]]; then
${pkgs.rclone}/bin/rclone --config /root/.config/rclone/rclone.conf sync -v $BORG_REPO loutre_ovh:loutre
fi
'';
};
};
Ajout service Gitea
2018-06-05 14:04:36 +02:00
services.gitea = {
enable = true;
cookieSecure = true;
httpPort = 3001;
rootUrl = "https://gitea.nyanlout.re/";
database.type = "postgres";
database.port = 5432;
database.password = "gitea";
};
Site musique en module
2018-05-10 18:53:34 +02:00
services.site-musique.enable = true;
services.site-musique.port = musique_port;
Changement domaine musique
2018-06-09 00:22:36 +02:00
services.site-musique.domaine = "musique-meyenheim.fr";
Site musique en module
2018-05-10 18:53:34 +02:00
Site max en module
2018-05-10 19:00:14 +02:00
services.site-max.enable = true;
services.site-max.port = max_port;
Changement domaine site max
2018-06-03 20:47:49 +02:00
services.site-max.domaine = "maxspiegel.fr";
Site max en module
2018-05-10 19:00:14 +02:00
Ajout Emby
2018-04-01 15:17:44 +02:00
networking.firewall.allowedTCPPorts = [
Activation NFS
2018-04-19 00:24:31 +02:00
111 2049 4000 4001 4002 # NFS
Port Slimserver manquant
2018-04-12 09:08:45 +02:00
3483 9000 9090 # Slimserver
Ports Transmission
2018-04-04 22:15:27 +02:00
51413 # Transmission
Configuration Matrix Synapse
2018-04-22 00:01:25 +02:00
8448 # Matrix federation
Partage NFS Steam
2018-04-03 18:55:07 +02:00
];
networking.firewall.allowedUDPPorts = [
Activation NFS
2018-04-19 00:24:31 +02:00
111 2049 4000 4001 4002 # NFS
Ouverture différents ports
2018-04-03 20:17:09 +02:00
3483 # Slimserver
Ports Transmission
2018-04-04 22:15:27 +02:00
51413 # Transmission
Ajout Emby
2018-04-01 15:17:44 +02:00
];
Ajout Telegraf-InfluxDB-Grafana
2018-04-01 15:04:49 +02:00
}