nyanloutre/nixos-config
1
1
Fork 1
Code Issues Pull requests Releases Wiki Activity

global reformat with treefmt

Browse source
This commit is contained in:
nyanloutre 2025-04-23 11:15:31 +02:00
parent 97f849e454
commit 393e92fe14
17 changed files with 979 additions and 726 deletions
Download patch file Download diff file Expand all files Collapse all files

19
flake.nix
View file

@ -21,15 +21,17 @@
};
};
outputs = {
outputs =
{
self,
nixpkgs,
nixpkgs-unstable,
nixpkgs-4a3fc4cf7,
simple-nixos-mailserver,
dogetipbot-telegram,
ipmihddtemp
}@inputs: {
ipmihddtemp,
}@inputs:
{
packages.x86_64-linux = (import ./pkgs nixpkgs.legacyPackages.x86_64-linux);
@ -40,7 +42,10 @@
{
nixpkgs.config.allowUnfree = true;
nix = {
settings.experimental-features = [ "nix-command" "flakes" ];
settings.experimental-features = [
"nix-command"
"flakes"
];
registry = {
nixpkgs.to = {
type = "path";
@ -68,7 +73,10 @@
ipmihddtemp.nixosModule
{
nix = {
settings.experimental-features = [ "nix-command" "flakes" ];
settings.experimental-features = [
"nix-command"
"flakes"
];
registry = {
nixpkgs.to = {
type = "path";
@ -98,4 +106,3 @@
};
}

21
pkgs/watcharr/default.nix
View file

@ -1,13 +1,14 @@
{ lib
, pkgs
, buildGoModule
, fetchFromGitHub
, buildNpmPackage
, nixosTests
, caddy
, testers
, installShellFiles
, stdenv
{
lib,
pkgs,
buildGoModule,
fetchFromGitHub,
buildNpmPackage,
nixosTests,
caddy,
testers,
installShellFiles,
stdenv,
}:
let

10
systems/ASUS-G46VW/configuration.nix
View file

@ -5,8 +5,7 @@
{ config, pkgs, ... }:
{
imports =
[
imports = [
../common-cli.nix
../common-gui.nix
./hardware-configuration.nix
@ -56,7 +55,12 @@
users.extraUsers.paul = {
isNormalUser = true;
uid = 1000;
extraGroups = [ "wheel" "networkmanager" "wireshark" "dialout" ];
extraGroups = [
"wheel"
"networkmanager"
"wireshark"
"dialout"
];
};
services.syncthing.enable = true;

31
systems/ASUS-G46VW/hardware-configuration.nix
View file

@ -1,14 +1,25 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
imports = [
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ehci_pci"
"ahci"
"usb_storage"
"sd_mod"
];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
@ -19,18 +30,18 @@
hardware.nvidia.optimus_prime.nvidiaBusId = "PCI:1:0:0";
hardware.nvidia.optimus_prime.intelBusId = "PCI:0:2:0";
fileSystems."/" =
{ device = "/dev/disk/by-uuid/7bd3a09b-b188-4ce7-bdcc-d5c5087edc86";
fileSystems."/" = {
device = "/dev/disk/by-uuid/7bd3a09b-b188-4ce7-bdcc-d5c5087edc86";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/A25A-1786";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/A25A-1786";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/156cd5e8-715c-48a5-9df4-14565227a6c9"; }
swapDevices = [
{ device = "/dev/disk/by-uuid/156cd5e8-715c-48a5-9df4-14565227a6c9"; }
];
nix.maxJobs = lib.mkDefault 8;

12
systems/LoutreOS/configuration.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, inputs, ... }:
{
config,
pkgs,
inputs,
...
}:
{
imports = [
@ -9,7 +14,10 @@
./services.nix
];
nix.settings.trusted-users = [ "root" "paul" ];
nix.settings.trusted-users = [
"root"
"paul"
];
boot = {
loader = {

152
systems/LoutreOS/hardware-configuration.nix
View file

@ -1,125 +1,138 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.availableKernelModules = [
"ahci"
"xhci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
"sr_mod"
];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/fec13566-5528-4859-b185-ce37ac2665eb";
fileSystems."/" = {
device = "/dev/disk/by-uuid/fec13566-5528-4859-b185-ce37ac2665eb";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/5306-AD9A";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/5306-AD9A";
fsType = "vfat";
};
fileSystems."/var/lib/acme" =
{ device = "loutrepool/var/acme";
fileSystems."/var/lib/acme" = {
device = "loutrepool/var/acme";
fsType = "zfs";
};
fileSystems."/var/certs" =
{ device = "loutrepool/var/certs";
fileSystems."/var/certs" = {
device = "loutrepool/var/certs";
fsType = "zfs";
};
fileSystems."/var/lib/transmission" =
{ device = "loutrepool/var/transmission";
fileSystems."/var/lib/transmission" = {
device = "loutrepool/var/transmission";
fsType = "zfs";
};
fileSystems."/var/lib/matrix-synapse" =
{ device = "loutrepool/var/matrix-synapse";
fileSystems."/var/lib/matrix-synapse" = {
device = "loutrepool/var/matrix-synapse";
fsType = "zfs";
};
fileSystems."/var/lib/radarr" =
{ device = "loutrepool/var/radarr";
fileSystems."/var/lib/radarr" = {
device = "loutrepool/var/radarr";
fsType = "zfs";
};
fileSystems."/var/lib/grafana" =
{ device = "loutrepool/var/grafana";
fileSystems."/var/lib/grafana" = {
device = "loutrepool/var/grafana";
fsType = "zfs";
};
fileSystems."/var/lib/slimserver" =
{ device = "loutrepool/var/slimserver";
fileSystems."/var/lib/slimserver" = {
device = "loutrepool/var/slimserver";
fsType = "zfs";
};
fileSystems."/var/db/influxdb" =
{ device = "loutrepool/var/influxdb";
fileSystems."/var/db/influxdb" = {
device = "loutrepool/var/influxdb";
fsType = "zfs";
};
fileSystems."/var/lib/postgresql" =
{ device = "loutrepool/var/postgresql";
fileSystems."/var/lib/postgresql" = {
device = "loutrepool/var/postgresql";
fsType = "zfs";
};
fileSystems."/var/lib/syncthing" =
{ device = "loutrepool/var/syncthing";
fileSystems."/var/lib/syncthing" = {
device = "loutrepool/var/syncthing";
fsType = "zfs";
};
fileSystems."/mnt/medias/incomplete" =
{ device = "loutrepool/torrent-dl";
fileSystems."/mnt/medias/incomplete" = {
device = "loutrepool/torrent-dl";
fsType = "zfs";
};
fileSystems."/mnt/medias" =
{ device = "loutrepool/medias";
fileSystems."/mnt/medias" = {
device = "loutrepool/medias";
fsType = "zfs";
};
fileSystems."/var/sieve" =
{ device = "loutrepool/var/sieve";
fileSystems."/var/sieve" = {
device = "loutrepool/var/sieve";
fsType = "zfs";
};
fileSystems."/var/vmail" =
{ device = "loutrepool/var/vmail";
fileSystems."/var/vmail" = {
device = "loutrepool/var/vmail";
fsType = "zfs";
};
fileSystems."/var/lib/sonarr" =
{ device = "loutrepool/var/sonarr";
fileSystems."/var/lib/sonarr" = {
device = "loutrepool/var/sonarr";
fsType = "zfs";
};
fileSystems."/var/lib/jackett" =
{ device = "loutrepool/var/jackett";
fileSystems."/var/lib/jackett" = {
device = "loutrepool/var/jackett";
fsType = "zfs";
};
fileSystems."/var/lib/gitea" =
{ device = "loutrepool/var/gitea";
fileSystems."/var/lib/gitea" = {
device = "loutrepool/var/gitea";
fsType = "zfs";
};
fileSystems."/var/lib/private/sdtdserver" =
{ device = "loutrepool/var/sdtdserver";
fileSystems."/var/lib/private/sdtdserver" = {
device = "loutrepool/var/sdtdserver";
fsType = "zfs";
};
fileSystems."/var/lib/private/factorio" =
{ device = "loutrepool/var/factorio";
fileSystems."/var/lib/private/factorio" = {
device = "loutrepool/var/factorio";
fsType = "zfs";
};
fileSystems."/var/dkim" =
{ device = "loutrepool/var/dkim";
fileSystems."/var/dkim" = {
device = "loutrepool/var/dkim";
fsType = "zfs";
};
fileSystems."/var/vsftpd" =
{ device = "loutrepool/var/vsftpd";
fileSystems."/var/vsftpd" = {
device = "loutrepool/var/vsftpd";
fsType = "zfs";
};
@ -128,58 +141,57 @@
# fsType = "zfs";
# };
fileSystems."/mnt/backup_loutre" =
{ device = "loutrepool/backup";
fileSystems."/mnt/backup_loutre" = {
device = "loutrepool/backup";
fsType = "zfs";
};
fileSystems."/mnt/secrets" =
{ device = "loutrepool/secrets";
fileSystems."/mnt/secrets" = {
device = "loutrepool/secrets";
fsType = "zfs";
};
fileSystems."/var/lib/minecraft" =
{ device = "loutrepool/var/minecraft";
fileSystems."/var/lib/minecraft" = {
device = "loutrepool/var/minecraft";
fsType = "zfs";
};
fileSystems."/var/www" =
{ device = "loutrepool/var/www";
fileSystems."/var/www" = {
device = "loutrepool/var/www";
fsType = "zfs";
};
fileSystems."/var/lib/mastodon" =
{ device = "loutrepool/var/mastodon";
fileSystems."/var/lib/mastodon" = {
device = "loutrepool/var/mastodon";
fsType = "zfs";
};
fileSystems."/var/lib/hass" =
{ device = "loutrepool/var/hass";
fileSystems."/var/lib/hass" = {
device = "loutrepool/var/hass";
fsType = "zfs";
};
fileSystems."/var/lib/nextcloud" =
{ device = "loutrepool/var/nextcloud";
fileSystems."/var/lib/nextcloud" = {
device = "loutrepool/var/nextcloud";
fsType = "zfs";
};
fileSystems."/var/lib/private/photoprism" =
{ device = "loutrepool/var/photoprism";
fileSystems."/var/lib/private/photoprism" = {
device = "loutrepool/var/photoprism";
fsType = "zfs";
};
fileSystems."/mnt/paul-home" =
{ device = "loutrepool/zfs-replicate/paul-fixe/fastaf/home";
fileSystems."/mnt/paul-home" = {
device = "loutrepool/zfs-replicate/paul-fixe/fastaf/home";
fsType = "zfs";
};
fileSystems."/mnt/webdav" =
{ device = "loutrepool/webdav";
fileSystems."/mnt/webdav" = {
device = "loutrepool/webdav";
fsType = "zfs";
};
swapDevices =
[
swapDevices = [
{
device = "/var/swapfile";
size = 8096;

8
systems/LoutreOS/medias.nix
View file

@ -1,4 +1,10 @@
{ config, lib, pkgs, pkgs-4a3fc4cf7, ... }:
{
config,
lib,
pkgs,
pkgs-4a3fc4cf7,
...
}:
{
services = {

62
systems/LoutreOS/monitoring.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
domaine = "nyanlout.re";
@ -23,28 +28,44 @@ in
enable = true;
extraConfig = {
inputs = {
zfs = { poolMetrics = true; };
net = { interfaces = [ "eno1" "eno2" "eno3" "eno4" ]; };
netstat = {};
cpu = { totalcpu = true; };
kernel = {};
mem = {};
processes = {};
system = {};
disk = {};
zfs = {
poolMetrics = true;
};
net = {
interfaces = [
"eno1"
"eno2"
"eno3"
"eno4"
];
};
netstat = { };
cpu = {
totalcpu = true;
};
kernel = { };
mem = { };
processes = { };
system = { };
disk = { };
cgroup = [
{
paths = [
"/sys/fs/cgroup/system.slice/*"
];
files = ["memory.current" "cpu.stat"];
files = [
"memory.current"
"cpu.stat"
];
}
];
ipmi_sensor = { path = "${pkgs.ipmitool}/bin/ipmitool"; };
ipmi_sensor = {
path = "${pkgs.ipmitool}/bin/ipmitool";
};
smart = {
path = "${pkgs.writeShellScriptBin "smartctl" "/run/wrappers/bin/sudo ${pkgs.smartmontools}/bin/smartctl $@"}/bin/smartctl";
};
exec= [
exec = [
{
commands = [
"${pkgs.python3}/bin/python ${pkgs.writeText "zpool.py" ''
@ -76,7 +97,10 @@ in
];
};
outputs = {
influxdb = { database = "telegraf"; urls = [ "http://localhost:8086" ]; };
influxdb = {
database = "telegraf";
urls = [ "http://localhost:8086" ];
};
};
};
};
@ -122,6 +146,14 @@ in
};
security.sudo.extraRules = [
{ commands = [ { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } ]; users = [ "telegraf" ]; }
{
commands = [
{
command = "${pkgs.smartmontools}/bin/smartctl";
options = [ "NOPASSWD" ];
}
];
users = [ "telegraf" ];
}
];
}

44
systems/LoutreOS/network.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, inputs, ... }:
{
config,
pkgs,
inputs,
...
}:
{
boot = {
@ -52,7 +57,10 @@
};
eno2 = {
ipv4.addresses = [
{ address = "10.30.0.1"; prefixLength = 16; }
{
address = "10.30.0.1";
prefixLength = 16;
}
];
};
enp0s21u1.useDHCP = true;
@ -110,18 +118,31 @@
firewall = {
enable = true;
allowedTCPPorts = [ 80 443 ];
allowedTCPPorts = [
80
443
];
allowedUDPPorts = [ ];
# Open ports on local netwok only
interfaces.eno2 = {
allowedTCPPorts = [
111 2049 4000 4001 4002 # NFS
3483 9000 9090 # Slimserver
111
2049
4000
4001
4002 # NFS
3483
9000
9090 # Slimserver
1935 # RTMP
];
allowedUDPPorts = [
111 2049 4000 4001 4002 # NFS
111
2049
4000
4001
4002 # NFS
3483 # Slimserver
67 # DHCP
];
@ -162,13 +183,15 @@
# 51000: from all lookup fiber # first table encountered with a default route if fiber is up
# 52000: from all lookup lte # first table encountered with a default route if fiber is down
systemd.network = let
systemd.network =
let
routeTables = {
fiber = 1;
lte = 2;
vpn = 3;
};
in {
in
{
enable = true;
config = {
@ -193,7 +216,10 @@
Endpoint = "89.234.141.83:8095";
PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g=";
PresharedKey = "@network.wireguard.preshared.wg0";
AllowedIPs = ["0.0.0.0/0" "::/0"];
AllowedIPs = [
"0.0.0.0/0"
"::/0"
];
PersistentKeepalive = 15;
}
];

43
systems/LoutreOS/services.nix
View file

@ -1,11 +1,18 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
let
domaine = "nyanlout.re";
sendMail = to: subject: message: pkgs.writeShellScriptBin "mail.sh" ''
sendMail =
to: subject: message:
pkgs.writeShellScriptBin "mail.sh" ''
${pkgs.system-sendmail}/bin/sendmail ${to} <<EOF
From: root@nyanlout.re
Subject: ${subject}
@ -19,7 +26,9 @@ let
fi
'';
backup_mail_alert = sendMail "paul@nyanlout.re" "ERREUR: Sauvegarde Borg" "Impossible de terminer la sauvegarde. Merci de voir les logs";
backup_mail_alert =
sendMail "paul@nyanlout.re" "ERREUR: Sauvegarde Borg"
"Impossible de terminer la sauvegarde. Merci de voir les logs";
in
{
@ -128,7 +137,9 @@ in
"/mnt/paul-home/paul/.cache"
];
repo = "ssh://u306925@u306925.your-storagebox.de:23/./loutreos";
environment = { BORG_RSH = "ssh -i /mnt/secrets/hetzner_ssh_key"; };
environment = {
BORG_RSH = "ssh -i /mnt/secrets/hetzner_ssh_key";
};
encryption = {
mode = "repokey-blake2";
passCommand = "cat /mnt/secrets/borgbackup_loutre_encryption_pass";
@ -154,12 +165,16 @@ in
borgbackup.repos = {
diskstation = {
authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDllbxON66dBju7sMnhX8/E0VRo3+PDYvDsHP0/FK+h8JHol4+pouLmI7KIDKYOJmSuom283OqnyZOMqk+RShTwWIFm9hOd2R9aj45Zrd9jPW2APOCec/Epgogj0bwBnc0l2v6qxkxaBMgL5DnAQ+E00uvL1UQpK8c8j4GGiPlkWJD6Kf+pxmnfH1TIm+J2XCwl0oeCkSK/Frd8eM+wCraMSzoaGiEcfMz2jK8hxDWjDxX7epU0ELF22BVCuyN8cYRoFTnV88E38PlaqsOqD5ePkxk425gDh7j/C06f8QKgnasVH2diixo92kYSd7i/RmfeXDDwAD5xqUvODczEuIdt root@DiskStation" ];
authorizedKeys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDllbxON66dBju7sMnhX8/E0VRo3+PDYvDsHP0/FK+h8JHol4+pouLmI7KIDKYOJmSuom283OqnyZOMqk+RShTwWIFm9hOd2R9aj45Zrd9jPW2APOCec/Epgogj0bwBnc0l2v6qxkxaBMgL5DnAQ+E00uvL1UQpK8c8j4GGiPlkWJD6Kf+pxmnfH1TIm+J2XCwl0oeCkSK/Frd8eM+wCraMSzoaGiEcfMz2jK8hxDWjDxX7epU0ELF22BVCuyN8cYRoFTnV88E38PlaqsOqD5ePkxk425gDh7j/C06f8QKgnasVH2diixo92kYSd7i/RmfeXDDwAD5xqUvODczEuIdt root@DiskStation"
];
path = "/mnt/backup_loutre/diskstation_borg";
user = "synology";
};
minecraft-rezome = {
authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc1nGsSesW96k0DPMSt/chjvCrYmfgPgHG1hdUYB5x0pZPdOJaVRIlETWdoFlO+ViviC518B3TF7Qc3oJXPZMchJQl684Nukbc312juf+j9z/KT3dqD8YvKX6o5ynx1Dyq52ftrfkBAEAvzE0OfRljUPbwGBOM0dGRD4R1jbiHquTXpITlbgGTZymbwr4Jr9W9atgf5kHMiX7xOqMZcasDtUE8g+AG4ysHdpjOrBOUM9QeRbVP1bxEFP8xjqOOoET5tbkwektP4B2jaf+EHBPUy2lkwjVEKT6MaSlkJx/wMvUWp25kG9mrXgwUw1bgfOeZIsK6ztcki3l92BJQD9ip shame@minecraft.rezom.eu" ];
authorizedKeys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc1nGsSesW96k0DPMSt/chjvCrYmfgPgHG1hdUYB5x0pZPdOJaVRIlETWdoFlO+ViviC518B3TF7Qc3oJXPZMchJQl684Nukbc312juf+j9z/KT3dqD8YvKX6o5ynx1Dyq52ftrfkBAEAvzE0OfRljUPbwGBOM0dGRD4R1jbiHquTXpITlbgGTZymbwr4Jr9W9atgf5kHMiX7xOqMZcasDtUE8g+AG4ysHdpjOrBOUM9QeRbVP1bxEFP8xjqOOoET5tbkwektP4B2jaf+EHBPUy2lkwjVEKT6MaSlkJx/wMvUWp25kG9mrXgwUw1bgfOeZIsK6ztcki3l92BJQD9ip shame@minecraft.rezom.eu"
];
path = "/mnt/backup_loutre/minecraft_rezome";
user = "rezome";
};
@ -241,7 +256,7 @@ in
"radio_browser"
];
config = {
default_config = {};
default_config = { };
homeassistant = {
country = "FR";
latitude = 48.60038;
@ -296,7 +311,7 @@ in
};
};
services = {
"borgbackup-job-loutre".serviceConfig.TemporaryFileSystem = ["/mnt/borgsnap"];
"borgbackup-job-loutre".serviceConfig.TemporaryFileSystem = [ "/mnt/borgsnap" ];
"lg-devmode-reset" = {
script = ''
${pkgs.curl}/bin/curl https://developer.lge.com/secure/ResetDevModeSession.dev\?sessionToken\=9f94269da0dc14fd924b65d8dca28b076f931ad1ca04fe7a09ac78cdb0e22cb4
@ -314,7 +329,9 @@ in
users.groups.nginx.members = [ "matrix-synapse" ];
security.pam.services.sshd.text = pkgs.lib.mkDefault( pkgs.lib.mkAfter "session optional ${pkgs.pam}/lib/security/pam_exec.so seteuid ${login_mail_alert}/bin/mail_alert.sh" );
security.pam.services.sshd.text = pkgs.lib.mkDefault (
pkgs.lib.mkAfter "session optional ${pkgs.pam}/lib/security/pam_exec.so seteuid ${login_mail_alert}/bin/mail_alert.sh"
);
networking = {
firewall.interfaces.eno2.allowedTCPPorts = [
@ -322,11 +339,15 @@ in
];
firewall.allowedTCPPorts = [
20 21 # FTP
20
21 # FTP
];
firewall.allowedTCPPortRanges = [
{ from = 64000; to = 65535; } # FTP
{
from = 64000;
to = 65535;
} # FTP
];
};
}

22
systems/LoutreOS/users.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
users.users = {
@ -6,7 +11,12 @@
uid = 1000;
isNormalUser = true;
description = "Paul TREHIOU";
extraGroups = [ "wheel" "medias" "transmission" "podman" ];
extraGroups = [
"wheel"
"medias"
"transmission"
"podman"
];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAF7VlzHzgg70uFbRFtVTS34qNBke/RD36mRENAsa33RxztxrqMsIDscAD/d6CTe6HDy7MCGzJnWCJSXj5iOQFM4RRMvKNEgCKPHqfhmfVvO4YZuMjNB0ufVf6zhJL4Hy43STf7NIWrenGemUP+OvVSwN/ujgl2KKw4KJZt25/h/7JjlCgsZm4lWg4xcjoiKL701W2fbEoU73XKdbRTgTvKoeK1CGxdAPFefFDFcv/mtJ7d+wIxw9xODcLcA66Bu94WGMdpyEAJc4nF8IOy4pW8AzllDi0qNEZGCQ5+94upnLz0knG1ue9qU2ScAkW1/5rIJTHCVtBnmbLNSAOBAstaGQJuSL40TWZ1oPA5i1qUEhunNcJ+Sgtp6XP69qY34T/AeJvHRyw5M5LfN0g+4ka9k06NPBhbpHFASz4M8nabQ0iM63++xcapnw/8gk+EPhYVKW86SsyTa9ur+tt6oDWEKNaOhgscX44LexY7jKdeBRt3GaObtBJtVLBRx3Z2aRXgjgnKGqS40mGRiSkqb2DShspI1l8DV2RrPiuwdBzXVQjWRc0KXmJrcgXX9uoPSxihxwaUQyvmITOV1Y+NEuek4gRkVNOxjoG7RGnaYvYzxEQVoI5TwZC2/DCrAUgCv8DQawkcpEiWnBq7Q5VnpmFx5juVQ/I0G8byOkPXgRUOk9 openpgp:0xAB524BBC"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCACVI2dL4AmOdcb7RSl3JZpfK33NhqrYFfWfXMYow5SPJ9VPteOp5kVvKUuSbGH3chjpttYC/ueQJJhFagiKmkeftQTslIw6C009wUExGpJwRotHqISXv2ctURGURKy2FF848whd7xZJzdj49ZJ6S+SCbRFZvVWfT2dP/JwTiWW1mbEaWKyOgrixH6wSKt9ECumjX9KjqSWGw+k3yLJxIhdqiZAjNv4soJs1mQYdIlFCXCuznzoZIQBexZPQCx0j9HjczPz1feMLWkrHzEMexNjsBE2uA6yXLbH1wa8xCJ4VOeD7u9JqVY579AsicD62G+qIgw0B2zmyz7xTrdPv+061zmYn6qYr8EXGTk4dVgedZp8M1XzZ1PVoeeftPFcClXC7zCGyCR2uzJbQLzlaTwZrdghAiS9UhMRuKpNgZy2zDWw4MqdojrF5bndPkoijlXWYrPYBFED5OU1mpwzpanYgldowJC/Ixjwi+Hmse2q4XgZ+egfuotBqPfqB+bWsCa5GNiJWGdLP69uBSsXubGnqLwvE0FAQ2GHb+SEoZKFy/QV9GzOLlVrGlgK5YFgKJD+Q1nn1QRycXt1oMVC/AtR/NshOGanhdvIRpPATGmaxLVXSY093vyAOW4MPrS00fPAXzAfJUwIuWcloFfLMo5Jitj5rpE1s6FX8xrl4upQ== paul@nyanlout.re"
@ -56,6 +66,12 @@
users.extraGroups.medias = {
gid = 498;
members = [ "slimserver" "radarr" "sonarr" "jellyfin" "transmission" ];
members = [
"slimserver"
"radarr"
"sonarr"
"jellyfin"
"transmission"
];
};
}

99
systems/LoutreOS/web.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
@ -15,7 +20,7 @@ let
internal;
# Access /auth endpoint to query login state
proxy_pass http://127.0.0.1:${toString(config.services.nginx.sso.configuration.listen.port)}/auth;
proxy_pass http://127.0.0.1:${toString (config.services.nginx.sso.configuration.listen.port)}/auth;
# Do not forward the request body (nginx-sso does not care about it)
proxy_pass_request_body off;
@ -53,7 +58,7 @@ in
};
users.groups = {
webdav = {};
webdav = { };
};
users.users = {
webdav = {
@ -83,7 +88,10 @@ in
nginx = {
enable = true;
package = pkgs.nginx.override {
modules = with pkgs.nginxModules; [ dav moreheaders ];
modules = with pkgs.nginxModules; [
dav
moreheaders
];
};
recommendedGzipSettings = true;
recommendedOptimisation = true;
@ -115,7 +123,12 @@ in
};
audit_log = {
targets = [ "fd://stdout" ];
events = [ "access_denied" "login_success" "login_failure" "logout" ];
events = [
"access_denied"
"login_success"
"login_failure"
"logout"
];
};
providers.simple = {
enable_basic_auth = true;
@ -129,14 +142,20 @@ in
acl = {
rule_sets = [
{
rules = [ { field = "x-host"; regexp = ".*"; } ];
rules = [
{
field = "x-host";
regexp = ".*";
}
];
allow = [ "@admins" ];
}
];
};
};
};
virtualHosts = let
virtualHosts =
let
base = locations: {
locations = locations // {
"@maintenance" = {
@ -152,15 +171,19 @@ in
error_page 500 502 503 504 = @maintenance;
'';
};
simpleReverse = rport: base {
simpleReverse =
rport:
base {
"/" = {
proxyPass = "http://127.0.0.1:${toString(rport)}/";
proxyPass = "http://127.0.0.1:${toString (rport)}/";
};
};
authReverse = rport: zipAttrsWith (name: vs: if name == "extraConfig" then (concatStrings vs) else elemAt vs 0) [
authReverse =
rport:
zipAttrsWith (name: vs: if name == "extraConfig" then (concatStrings vs) else elemAt vs 0) [
(base {
"/" = {
proxyPass = "http://127.0.0.1:${toString(rport)}/";
proxyPass = "http://127.0.0.1:${toString (rport)}/";
extraConfig = ''
auth_request_set $cookie $upstream_http_set_cookie;
auth_request_set $username $upstream_http_x_username;
@ -175,8 +198,10 @@ in
'';
}
];
in {
"nyanlout.re" = base {
in
{
"nyanlout.re" =
base {
"/" = {
alias = "/var/www/site-perso/";
};
@ -189,7 +214,10 @@ in
add_header Access-Control-Allow-Origin * always;
'';
};
} // { default = true; };
}
// {
default = true;
};
"musique-meyenheim.fr" = base {
"/" = {
proxyPass = "http://unix:/run/site-musique.sock";
@ -225,17 +253,22 @@ in
proxyWebsockets = true;
};
};
"zigbee.nyanlout.re" = recursiveUpdate (authReverse config.services.zigbee2mqtt.settings.frontend.port) {
"zigbee.nyanlout.re" =
recursiveUpdate (authReverse config.services.zigbee2mqtt.settings.frontend.port)
{
locations."/" = {
proxyWebsockets = true;
};
};
"apart.nyanlout.re" = recursiveUpdate (simpleReverse config.services.home-assistant.config.http.server_port) {
"apart.nyanlout.re" =
recursiveUpdate (simpleReverse config.services.home-assistant.config.http.server_port)
{
locations."/" = {
proxyWebsockets = true;
};
};
"drive.nyanlout.re" = base {
"drive.nyanlout.re" =
base {
"/" = {
extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
@ -250,10 +283,13 @@ in
proxy_request_buffering off;
'';
};
} // {
}
// {
root = "/mnt/webdav";
};
"rspamd.nyanlout.re" = zipAttrsWith (name: vs: if name == "extraConfig" then (concatStrings vs) else elemAt vs 0) [
"rspamd.nyanlout.re" =
zipAttrsWith (name: vs: if name == "extraConfig" then (concatStrings vs) else elemAt vs 0)
[
(base {
"/" = {
proxyPass = "http://unix:/run/rspamd/worker-controller.sock";
@ -382,9 +418,20 @@ in
LoadCredential = "nextcloud_admin.pass:/mnt/secrets/nextcloud_admin.pass";
};
systemd.services.site-musique = let
djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_4 pillow setuptools ]));
in {
systemd.services.site-musique =
let
djangoEnv = (
pkgs.python3.withPackages (
ps: with ps; [
gunicorn
django_4
pillow
setuptools
]
)
);
in
{
description = "Site Django de la musique de Meyenheim";
after = [ "network.target" ];
requires = [ "site-musique.socket" ];
@ -401,9 +448,13 @@ in
Group = "nginx";
StateDirectory = "site-musique";
WorkingDirectory = "/var/www/site-musique/";
ReadWritePaths = [ "/var/www/site-musique/staticfiles" "/var/www/site-musique/media" ];
ReadWritePaths = [
"/var/www/site-musique/staticfiles"
"/var/www/site-musique/media"
];
EnvironmentFile = "/mnt/secrets/site-musique.env";
ExecStart = ''${djangoEnv}/bin/gunicorn \
ExecStart = ''
${djangoEnv}/bin/gunicorn \
--access-logfile - \
--bind unix:/run/site-musique.sock \
site_musique.wsgi:application

23
systems/PC-Fixe/configuration.nix
View file

@ -5,14 +5,16 @@
{ config, pkgs, ... }:
{
imports =
[
imports = [
./hardware-configuration.nix
../common-cli.nix
../common-gui.nix
];
nix.settings.trusted-users = [ "root" "paul" ];
nix.settings.trusted-users = [
"root"
"paul"
];
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub = {
@ -76,7 +78,10 @@
networking.hostId = "3a1f739e";
networking.hosts = {
"10.30.0.1" = ["emby.nyanlout.re" "nyanlout.re"];
"10.30.0.1" = [
"emby.nyanlout.re"
"nyanlout.re"
];
};
environment.systemPackages = with pkgs; [
@ -95,7 +100,15 @@
users.users.paul = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "wireshark" "input" "dialout" "libvirtd" "vboxusers" ];
extraGroups = [
"wheel"
"networkmanager"
"wireshark"
"input"
"dialout"
"libvirtd"
"vboxusers"
];
uid = 1000;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDstFRwMoTEip5IBSYE4dUj3miO0LsKrnUKQJmp7d5QYo3VhXk43jU6VUU0tVAegkzWLlQ3ohoFns+8bZyf7hj7roftrDfoC9bbbx4ihhWrZTlF0gzoH4t52yetFO5eC/tV2sm/zFoa+3IWLokOEFmAoknAVag1MmVLXTQ6WPoTPD4UsX/D3lyE4dbSKxHpMOIjqIdqSEgO0BeTdnHe5afvGXXO1VYTvPsGDHT9w8EHwQV9JXIPn7KVOp3qin7OwvFFrrB3QbiEVTJvGiH2hrfxcARTN/+TxGtf+aOFeuQykURG9Wz/aBK60EWE0wGrzuIymxtNdOR1NhmnNrUZ976Tb9WdR7FC+yM6+/kdfICy+sGQmmn8TLsGvcJTT/pl4Pa9uRAKjRJuLIEgYY6W/ms9lCRyf484yRkDlq+V0BPuN9Jy6Eb7x+tmZNkpEtkqso7wfXD8sf5BIwv2K69SVMpfTswydHGmDwHZ0zaDKGlyCiyJ1QGqUhCTXqtYVq+kQ3AcjKcysMwVEmwx/ySu0XFuV8oUkl9XK/RUoc++sMEd0EbHcn8uwCmBARNX+GLQ03vxwyMW3HyneP8EAxoqtSepZXbTdVP/0i+l7EUUeA7zsaWfU2a82ktZWpVPFGfxkuo0l3zLF19EsXPKZNqlRfkOWjSgp+qWihAkQIQk3GoduQ== openpgp:0x75EE3375"

51
systems/PC-Fixe/hardware-configuration.nix
View file

@ -1,12 +1,28 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-amd" "coretemp" "it87" ];
boot.kernelModules = [
"kvm-amd"
"coretemp"
"it87"
];
boot.extraModulePackages = [ ];
services.xserver.videoDrivers = [ "nvidia" ];
@ -17,28 +33,28 @@
package = config.boot.kernelPackages.nvidiaPackages.latest;
};
fileSystems."/" =
{ device = "rpool/root/nixos";
fileSystems."/" = {
device = "rpool/root/nixos";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/F4EC-57DF";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/F4EC-57DF";
fsType = "vfat";
};
fileSystems."/home" =
{ device = "fastaf/home";
fileSystems."/home" = {
device = "fastaf/home";
fsType = "zfs";
};
fileSystems."/mnt/steam" =
{ device = "fastaf/steam";
fileSystems."/mnt/steam" = {
device = "fastaf/steam";
fsType = "zfs";
};
fileSystems."/mnt/games" =
{ device = "fastaf/games";
fileSystems."/mnt/games" = {
device = "fastaf/games";
fsType = "zfs";
};
@ -47,10 +63,13 @@
# fsType = "ext4";
# };
fileSystems."/mnt/medias" =
{ device = "10.30.0.1:/mnt/medias";
fileSystems."/mnt/medias" = {
device = "10.30.0.1:/mnt/medias";
fsType = "nfs";
options = ["x-systemd.automount" "noauto"];
options = [
"x-systemd.automount"
"noauto"
];
};
swapDevices = [ ];

29
systems/common-cli.nix
View file

@ -21,8 +21,12 @@
'';
packages.myVimPackage = with pkgs.vimPlugins; {
start = [
vim-startify airline sensible
polyglot ale fugitive
vim-startify
airline
sensible
polyglot
ale
fugitive
];
opt = [ ];
};
@ -73,6 +77,8 @@
# Développement
openssl
treefmt
nixfmt-rfc-style
];
users.defaultUserShell = pkgs.zsh;
@ -93,8 +99,14 @@
'';
ohMyZsh = {
enable = true;
plugins = [ "git" "colored-man-pages" "command-not-found" "extract" "nix" ];
customPkgs = with pkgs;[
plugins = [
"git"
"colored-man-pages"
"command-not-found"
"extract"
"nix"
];
customPkgs = with pkgs; [
nix-zsh-completions
];
};
@ -107,13 +119,14 @@
git.enable = true;
};
environment.variables = let
starshipConfToml =
pkgs.writeText "starship.toml" ''
environment.variables =
let
starshipConfToml = pkgs.writeText "starship.toml" ''
[[battery.display]]
threshold = 50
'';
in {
in
{
EDITOR = "nvim";
STARSHIP_CONFIG = "${starshipConfToml}";
};

18
systems/common-gui.nix
View file

@ -45,7 +45,12 @@
kdePackages.kinfocenter
kile
(texlive.combine {
inherit (texlive) scheme-small titling collection-langfrench cm-super;
inherit (texlive)
scheme-small
titling
collection-langfrench
cm-super
;
})
libsForQt5.breeze-gtk
@ -75,17 +80,22 @@
systemd.extraConfig = "DefaultLimitNOFILE=1048576";
security = {
pam.loginLimits = [{
pam.loginLimits = [
{
domain = "*";
type = "hard";
item = "nofile";
value = "1048576";
}];
}
];
rtkit.enable = true;
};
programs = {
gnupg.agent = { enable = true; enableSSHSupport = true; };
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
browserpass.enable = true;
steam.enable = true;
firefox.enable = true;

3
treefmt.toml Normal file
View file

@ -0,0 +1,3 @@
[formatter.nixfmt-rfc-style]
command = "nixfmt"
includes = ["*.nix"]