Merge pull request 'update to nixos-22.05' (#2) from update_22_05 into master

Reviewed-on: #2
This commit is contained in:
nyanloutre 2022-07-07 19:08:34 +02:00
commit 5b51fdc5c2
5 changed files with 33 additions and 223 deletions

34
flake.lock generated
View File

@ -75,31 +75,16 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1656782578,
"narHash": "sha256-1eMCBEqJplPotTo/SZ/t5HU6Sf2I8qKlZi9MX7jv9fw=",
"lastModified": 1656947410,
"narHash": "sha256-htDR/PZvjUJGyrRJsVqDmXR8QeoswBaRLzHt13fd0iY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "573603b7fdb9feb0eb8efc16ee18a015c667ab1b",
"rev": "e8d47977286a44955262adbc76f2c8a66e7419d5",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-21.11",
"type": "indirect"
}
},
"nixpkgs-21_05": {
"locked": {
"lastModified": 1625692408,
"narHash": "sha256-e9L3TLLDVIJpMnHtiNHJE62oOh6emRtSZ244bgYJUZs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c06613c25df3fe1dd26243847a3c105cf6770627",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-21.05",
"ref": "nixos-22.05",
"type": "indirect"
}
},
@ -134,23 +119,22 @@
"nixpkgs": [
"nixpkgs-unstable"
],
"nixpkgs-21_05": "nixpkgs-21_05",
"nixpkgs-21_11": [
"nixpkgs-22_05": [
"nixpkgs"
],
"utils": "utils"
},
"locked": {
"lastModified": 1638911354,
"narHash": "sha256-hNhzLOp+dApEY15vwLAQZu+sjEQbJcOXCaSfAT6lpsQ=",
"lastModified": 1655930346,
"narHash": "sha256-ht56HHOzEhjeIgAv5ZNFjSVX/in1YlUs0HG9c1EUXTM=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "6e3a7b2ea6f0d68b82027b988aa25d3423787303",
"rev": "f535d8123c4761b2ed8138f3d202ea710a334a1d",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"ref": "nixos-21.11",
"ref": "nixos-22.05",
"repo": "nixos-mailserver",
"type": "gitlab"
}

View File

@ -1,13 +1,13 @@
{
inputs = {
nixpkgs.url = "flake:nixpkgs/nixos-21.11";
nixpkgs.url = "flake:nixpkgs/nixos-22.05";
nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable";
utils.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.3.1";
simple-nixos-mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.11";
url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.05";
inputs = {
nixpkgs.follows = "nixpkgs-unstable";
nixpkgs-21_11.follows = "nixpkgs";
nixpkgs-22_05.follows = "nixpkgs";
};
};
dogetipbot-telegram = {

View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ config, lib, pkgs, inputs, ... }:
{
services = {
@ -22,7 +22,7 @@
jellyfin = {
enable = true;
package = pkgs.jellyfin;
package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.jellyfin;
};
navidrome = {

View File

@ -90,22 +90,10 @@ in
secure_ip = ["0.0.0.0/0"];
'';
redis.enable = true;
# redis.enable = true;
logrotate = {
enable = true;
paths = {
nginx = {
path = "/var/log/nginx/*.log";
user = config.services.nginx.user;
group = config.services.nginx.group;
keep = 7;
extraConfig = ''
compress
'';
};
};
};
# enable with nginx defult config
logrotate.enable = true;
fail2ban.enable = true;
@ -122,92 +110,6 @@ in
mountdPort = 4002;
};
matrix-synapse = {
enable = true;
enable_registration = true;
server_name = "nyanlout.re";
listeners = [
{ # federation
bind_address = "";
port = 8448;
resources = [
{ compress = true; names = [ "client" "webclient" ]; }
{ compress = false; names = [ "federation" ]; }
];
tls = true;
type = "http";
x_forwarded = false;
}
{ # client
bind_address = "127.0.0.1";
port = 8008;
resources = [
{ compress = true; names = [ "client" "webclient" ]; }
];
tls = false;
type = "http";
x_forwarded = true;
}
];
max_upload_size = "100M";
database_type = "psycopg2";
database_args = {
database = "matrix-synapse";
};
tls_private_key_path = "/var/lib/acme/${domaine}/key.pem";
tls_certificate_path = "/var/lib/acme/${domaine}/fullchain.pem";
url_preview_enabled = true;
logConfig = ''
version: 1
formatters:
journal_fmt:
format: '%(name)s: [%(request)s] %(message)s'
filters:
context:
(): synapse.util.logcontext.LoggingContextFilter
request: ""
handlers:
journal:
class: systemd.journal.JournalHandler
formatter: journal_fmt
filters: [context]
SYSLOG_IDENTIFIER: synapse
root:
level: WARNING
handlers: [journal]
disable_existing_loggers: False
'';
app_service_config_files = [
"/var/lib/matrix-synapse/mautrix-telegram-registration.yaml"
];
};
mautrix-telegram = {
enable = true;
settings = {
homeserver = {
address = "https://matrix.nyanlout.re";
domain = "nyanlout.re";
};
appservice = {
bot_username = "loutrebot";
};
bridge = {
relaybot.authless_portals = false;
permissions = {
"@nyanloutre:nyanlout.re" = "admin";
};
};
};
environmentFile = "/mnt/secrets/mautrix-telegram.env";
serviceDependencies = [ "matrix-synapse.service" ];
};
borgbackup.jobs = {
loutre = {
paths = [
@ -266,40 +168,6 @@ in
};
};
sdtdserver.enable = false;
factorio = {
enable = false;
autosave-interval = 10;
game-name = "Shame";
public = true;
username = "nyanloutre";
};
minecraft-server = {
enable = false;
jvmOpts = "-Xms512m -Xmx3072m";
eula = true;
declarative = true;
openFirewall = true;
whitelist = {
nyanloutre = "db0669ea-e332-4ca3-8d50-f5d1458f5822";
Hautension = "f05677f4-be5a-47df-ad77-21c739180aa2";
LordDarkKiwi = "79290cfc-0b00-484f-9c94-ab0786402de6";
Madahin = "f5f747e3-fac2-43e8-9b9b-a67dc2f368ff";
Hopegcx = "4497f759-2210-48db-8764-307d33011442";
wyrd68 = "127a3021-cdc1-419f-9010-4651df9ae3af";
sparsyateloutre = "d2ff63c1-4e9f-4b21-9bfc-decce5d987b3";
};
serverProperties = {
difficulty = 2;
gamemode = 0;
max-players = 50;
motd = "Hi Mark !";
white-list = true;
};
};
kresd = {
enable = true;
};
@ -668,48 +536,6 @@ in
ipmihddtemp.enable = true;
# systemd.services.minecraft-overviewer =
# let
# clientJar = pkgs.fetchurl {
# url = "https://overviewer.org/textures/1.14";
# sha256 = "0fij9wac7vj6h0kd3mfhqpn0w9gl8pbs9vs9s085zajm0szpr44k";
# name = "client.jar";
# };
# configFile = pkgs.runCommand "overviewer-config" { CLIENT_JAR = clientJar; } ''
# substitute ${./config-overviewer.py} $out \
# --subst-var CLIENT_JAR
# '';
# in
# {
# script = ''
# ${pkgs.minecraft-overviewer}/bin/overviewer.py --config ${configFile}
# ${pkgs.minecraft-overviewer}/bin/overviewer.py --config ${configFile} --genpoi
# rm /var/www/minecraft-overviewer/progress.json
# '';
# serviceConfig = {
# User = "nginx";
# Group = "nginx";
# };
# };
# systemd.timers.minecraft-overviewer = {
# wantedBy = [ "multi-user.target" ];
# timerConfig = {
# OnCalendar = "*-*-* 04:00:00";
# };
# };
# systemd.packages = with pkgs; [
# tgt
# ];
# environment.etc."tgt/targets.conf".text = ''
# <target iqn.2019-11.nyanlout.re:steam>
# backing-store /dev/zvol/loutrepool/steam-lun
# initiator-address 10.30.50.3
# </target>
# '';
users.groups.nginx.members = [ "matrix-synapse" ];
security.pam.services.sshd.text = pkgs.lib.mkDefault( pkgs.lib.mkAfter "session optional ${pkgs.pam}/lib/security/pam_exec.so seteuid ${login_mail_alert}/bin/mail_alert.sh" );

View File

@ -44,7 +44,7 @@ let
in
{
security.acme = {
email = "paul@nyanlout.re";
defaults.email = "paul@nyanlout.re";
acceptTerms = true;
};
@ -65,19 +65,19 @@ in
services = {
phpfpm.pools = {
work = {
user = config.users.users.work.name;
phpPackage = pkgs.php.withExtensions ({ all, ... }: with all; [ redis filter ]);
settings = {
"listen.owner" = config.services.nginx.user;
"pm" = "dynamic";
"pm.max_children" = 75;
"pm.start_servers" = 10;
"pm.min_spare_servers" = 5;
"pm.max_spare_servers" = 20;
"pm.max_requests" = 500;
};
};
# work = {
# user = config.users.users.work.name;
# phpPackage = pkgs.php.withExtensions ({ all, ... }: with all; [ redis filter ]);
# settings = {
# "listen.owner" = config.services.nginx.user;
# "pm" = "dynamic";
# "pm.max_children" = 75;
# "pm.start_servers" = 10;
# "pm.min_spare_servers" = 5;
# "pm.max_spare_servers" = 20;
# "pm.max_requests" = 500;
# };
# };
drive = {
user = config.users.users.webdav.name;
settings = {
@ -216,7 +216,7 @@ in
alias = "/var/www/site-musique/media/";
};
};
"maxspiegel.fr" = base { "/" = { root = "/run/python-ci/nyanloutre/site-max"; }; };
# "maxspiegel.fr" = base { "/" = { root = "/run/python-ci/nyanloutre/site-max"; }; };
"stream.nyanlout.re" = base {
"/" = {
proxyPass = "http://10.30.135.71";
@ -238,7 +238,7 @@ in
"ci.nyanlout.re" = simpleReverse 52350;
"gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort;
"musique.nyanlout.re" = simpleReverse config.services.navidrome.settings.Port;
"apart.nyanlout.re" = recursiveUpdate (simpleReverse config.services.home-assistant.port) {
"apart.nyanlout.re" = recursiveUpdate (simpleReverse config.services.home-assistant.config.http.server_port) {
locations."/" = {
proxyWebsockets = true;
};