nyanloutre/nixos-config
1
1
Fork 1
Code Issues Pull requests Releases Wiki Activity

global reformat with treefmt

Browse source
This commit is contained in:
nyanloutre 2025-04-23 11:15:31 +02:00
parent 97f849e454
commit 393e92fe14
17 changed files with 979 additions and 726 deletions
Download patch file Download diff file Expand all files Collapse all files

63
systems/LoutreOS/services.nix
View file

@ -1,17 +1,24 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
let
domaine = "nyanlout.re";
sendMail = to: subject: message: pkgs.writeShellScriptBin "mail.sh" ''
${pkgs.system-sendmail}/bin/sendmail ${to} <<EOF
From: root@nyanlout.re
Subject: ${subject}
${message}
EOF
'';
sendMail =
to: subject: message:
pkgs.writeShellScriptBin "mail.sh" ''
${pkgs.system-sendmail}/bin/sendmail ${to} <<EOF
From: root@nyanlout.re
Subject: ${subject}
${message}
EOF
'';
login_mail_alert = pkgs.writeShellScriptBin "mail_alert.sh" ''
if [ "$PAM_TYPE" != "close_session" ] && [ "$PAM_USER" != "zfspaulfixe" ] && [ "$PAM_USER" != "synology" ] && [ "$PAM_USER" != "rezome" ]; then
@ -19,7 +26,9 @@ let
fi
'';
backup_mail_alert = sendMail "paul@nyanlout.re" "ERREUR: Sauvegarde Borg" "Impossible de terminer la sauvegarde. Merci de voir les logs";
backup_mail_alert =
sendMail "paul@nyanlout.re" "ERREUR: Sauvegarde Borg"
"Impossible de terminer la sauvegarde. Merci de voir les logs";
in
{
@ -128,7 +137,9 @@ in
"/mnt/paul-home/paul/.cache"
];
repo = "ssh://u306925@u306925.your-storagebox.de:23/./loutreos";
environment = { BORG_RSH = "ssh -i /mnt/secrets/hetzner_ssh_key"; };
environment = {
BORG_RSH = "ssh -i /mnt/secrets/hetzner_ssh_key";
};
encryption = {
mode = "repokey-blake2";
passCommand = "cat /mnt/secrets/borgbackup_loutre_encryption_pass";
@ -154,12 +165,16 @@ in
borgbackup.repos = {
diskstation = {
authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDllbxON66dBju7sMnhX8/E0VRo3+PDYvDsHP0/FK+h8JHol4+pouLmI7KIDKYOJmSuom283OqnyZOMqk+RShTwWIFm9hOd2R9aj45Zrd9jPW2APOCec/Epgogj0bwBnc0l2v6qxkxaBMgL5DnAQ+E00uvL1UQpK8c8j4GGiPlkWJD6Kf+pxmnfH1TIm+J2XCwl0oeCkSK/Frd8eM+wCraMSzoaGiEcfMz2jK8hxDWjDxX7epU0ELF22BVCuyN8cYRoFTnV88E38PlaqsOqD5ePkxk425gDh7j/C06f8QKgnasVH2diixo92kYSd7i/RmfeXDDwAD5xqUvODczEuIdt root@DiskStation" ];
authorizedKeys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDllbxON66dBju7sMnhX8/E0VRo3+PDYvDsHP0/FK+h8JHol4+pouLmI7KIDKYOJmSuom283OqnyZOMqk+RShTwWIFm9hOd2R9aj45Zrd9jPW2APOCec/Epgogj0bwBnc0l2v6qxkxaBMgL5DnAQ+E00uvL1UQpK8c8j4GGiPlkWJD6Kf+pxmnfH1TIm+J2XCwl0oeCkSK/Frd8eM+wCraMSzoaGiEcfMz2jK8hxDWjDxX7epU0ELF22BVCuyN8cYRoFTnV88E38PlaqsOqD5ePkxk425gDh7j/C06f8QKgnasVH2diixo92kYSd7i/RmfeXDDwAD5xqUvODczEuIdt root@DiskStation"
];
path = "/mnt/backup_loutre/diskstation_borg";
user = "synology";
};
minecraft-rezome = {
authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc1nGsSesW96k0DPMSt/chjvCrYmfgPgHG1hdUYB5x0pZPdOJaVRIlETWdoFlO+ViviC518B3TF7Qc3oJXPZMchJQl684Nukbc312juf+j9z/KT3dqD8YvKX6o5ynx1Dyq52ftrfkBAEAvzE0OfRljUPbwGBOM0dGRD4R1jbiHquTXpITlbgGTZymbwr4Jr9W9atgf5kHMiX7xOqMZcasDtUE8g+AG4ysHdpjOrBOUM9QeRbVP1bxEFP8xjqOOoET5tbkwektP4B2jaf+EHBPUy2lkwjVEKT6MaSlkJx/wMvUWp25kG9mrXgwUw1bgfOeZIsK6ztcki3l92BJQD9ip shame@minecraft.rezom.eu" ];
authorizedKeys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc1nGsSesW96k0DPMSt/chjvCrYmfgPgHG1hdUYB5x0pZPdOJaVRIlETWdoFlO+ViviC518B3TF7Qc3oJXPZMchJQl684Nukbc312juf+j9z/KT3dqD8YvKX6o5ynx1Dyq52ftrfkBAEAvzE0OfRljUPbwGBOM0dGRD4R1jbiHquTXpITlbgGTZymbwr4Jr9W9atgf5kHMiX7xOqMZcasDtUE8g+AG4ysHdpjOrBOUM9QeRbVP1bxEFP8xjqOOoET5tbkwektP4B2jaf+EHBPUy2lkwjVEKT6MaSlkJx/wMvUWp25kG9mrXgwUw1bgfOeZIsK6ztcki3l92BJQD9ip shame@minecraft.rezom.eu"
];
path = "/mnt/backup_loutre/minecraft_rezome";
user = "rezome";
};
@ -241,7 +256,7 @@ in
"radio_browser"
];
config = {
default_config = {};
default_config = { };
homeassistant = {
country = "FR";
latitude = 48.60038;
@ -290,13 +305,13 @@ in
systemd = {
timers."lg-devmode-reset" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "5m";
OnUnitActiveSec = "1w";
};
timerConfig = {
OnBootSec = "5m";
OnUnitActiveSec = "1w";
};
};
services = {
"borgbackup-job-loutre".serviceConfig.TemporaryFileSystem = ["/mnt/borgsnap"];
"borgbackup-job-loutre".serviceConfig.TemporaryFileSystem = [ "/mnt/borgsnap" ];
"lg-devmode-reset" = {
script = ''
${pkgs.curl}/bin/curl https://developer.lge.com/secure/ResetDevModeSession.dev\?sessionToken\=9f94269da0dc14fd924b65d8dca28b076f931ad1ca04fe7a09ac78cdb0e22cb4
@ -314,7 +329,9 @@ in
users.groups.nginx.members = [ "matrix-synapse" ];
security.pam.services.sshd.text = pkgs.lib.mkDefault( pkgs.lib.mkAfter "session optional ${pkgs.pam}/lib/security/pam_exec.so seteuid ${login_mail_alert}/bin/mail_alert.sh" );
security.pam.services.sshd.text = pkgs.lib.mkDefault (
pkgs.lib.mkAfter "session optional ${pkgs.pam}/lib/security/pam_exec.so seteuid ${login_mail_alert}/bin/mail_alert.sh"
);
networking = {
firewall.interfaces.eno2.allowedTCPPorts = [
@ -322,11 +339,15 @@ in
];
firewall.allowedTCPPorts = [
20 21 # FTP
20
21 # FTP
];
firewall.allowedTCPPortRanges = [
{ from = 64000; to = 65535; } # FTP
{
from = 64000;
to = 65535;
} # FTP
];
};
}