diff --git a/flake.lock b/flake.lock index 9060e52..7593ec2 100644 --- a/flake.lock +++ b/flake.lock @@ -75,31 +75,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1656782578, - "narHash": "sha256-1eMCBEqJplPotTo/SZ/t5HU6Sf2I8qKlZi9MX7jv9fw=", + "lastModified": 1656947410, + "narHash": "sha256-htDR/PZvjUJGyrRJsVqDmXR8QeoswBaRLzHt13fd0iY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "573603b7fdb9feb0eb8efc16ee18a015c667ab1b", + "rev": "e8d47977286a44955262adbc76f2c8a66e7419d5", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-21.11", - "type": "indirect" - } - }, - "nixpkgs-21_05": { - "locked": { - "lastModified": 1625692408, - "narHash": "sha256-e9L3TLLDVIJpMnHtiNHJE62oOh6emRtSZ244bgYJUZs=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "c06613c25df3fe1dd26243847a3c105cf6770627", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-21.05", + "ref": "nixos-22.05", "type": "indirect" } }, @@ -134,23 +119,22 @@ "nixpkgs": [ "nixpkgs-unstable" ], - "nixpkgs-21_05": "nixpkgs-21_05", - "nixpkgs-21_11": [ + "nixpkgs-22_05": [ "nixpkgs" ], "utils": "utils" }, "locked": { - "lastModified": 1638911354, - "narHash": "sha256-hNhzLOp+dApEY15vwLAQZu+sjEQbJcOXCaSfAT6lpsQ=", + "lastModified": 1655930346, + "narHash": "sha256-ht56HHOzEhjeIgAv5ZNFjSVX/in1YlUs0HG9c1EUXTM=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "6e3a7b2ea6f0d68b82027b988aa25d3423787303", + "rev": "f535d8123c4761b2ed8138f3d202ea710a334a1d", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-21.11", + "ref": "nixos-22.05", "repo": "nixos-mailserver", "type": "gitlab" } diff --git a/flake.nix b/flake.nix index 6fae62a..38aa468 100644 --- a/flake.nix +++ b/flake.nix @@ -1,13 +1,13 @@ { inputs = { - nixpkgs.url = "flake:nixpkgs/nixos-21.11"; + nixpkgs.url = "flake:nixpkgs/nixos-22.05"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; utils.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.3.1"; simple-nixos-mailserver = { - url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.11"; + url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.05"; inputs = { nixpkgs.follows = "nixpkgs-unstable"; - nixpkgs-21_11.follows = "nixpkgs"; + nixpkgs-22_05.follows = "nixpkgs"; }; }; dogetipbot-telegram = { diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index c0bf930..60193b4 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, inputs, ... }: { services = { @@ -22,7 +22,7 @@ jellyfin = { enable = true; - package = pkgs.jellyfin; + package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.jellyfin; }; navidrome = { diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 64440dc..e94ba67 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -90,22 +90,10 @@ in secure_ip = ["0.0.0.0/0"]; ''; - redis.enable = true; + # redis.enable = true; - logrotate = { - enable = true; - paths = { - nginx = { - path = "/var/log/nginx/*.log"; - user = config.services.nginx.user; - group = config.services.nginx.group; - keep = 7; - extraConfig = '' - compress - ''; - }; - }; - }; + # enable with nginx defult config + logrotate.enable = true; fail2ban.enable = true; @@ -122,92 +110,6 @@ in mountdPort = 4002; }; - matrix-synapse = { - enable = true; - enable_registration = true; - server_name = "nyanlout.re"; - listeners = [ - { # federation - bind_address = ""; - port = 8448; - resources = [ - { compress = true; names = [ "client" "webclient" ]; } - { compress = false; names = [ "federation" ]; } - ]; - tls = true; - type = "http"; - x_forwarded = false; - } - { # client - bind_address = "127.0.0.1"; - port = 8008; - resources = [ - { compress = true; names = [ "client" "webclient" ]; } - ]; - tls = false; - type = "http"; - x_forwarded = true; - } - ]; - max_upload_size = "100M"; - database_type = "psycopg2"; - database_args = { - database = "matrix-synapse"; - }; - tls_private_key_path = "/var/lib/acme/${domaine}/key.pem"; - tls_certificate_path = "/var/lib/acme/${domaine}/fullchain.pem"; - url_preview_enabled = true; - logConfig = '' - version: 1 - - formatters: - journal_fmt: - format: '%(name)s: [%(request)s] %(message)s' - - filters: - context: - (): synapse.util.logcontext.LoggingContextFilter - request: "" - - handlers: - journal: - class: systemd.journal.JournalHandler - formatter: journal_fmt - filters: [context] - SYSLOG_IDENTIFIER: synapse - - root: - level: WARNING - handlers: [journal] - - disable_existing_loggers: False - ''; - app_service_config_files = [ - "/var/lib/matrix-synapse/mautrix-telegram-registration.yaml" - ]; - }; - - mautrix-telegram = { - enable = true; - settings = { - homeserver = { - address = "https://matrix.nyanlout.re"; - domain = "nyanlout.re"; - }; - appservice = { - bot_username = "loutrebot"; - }; - bridge = { - relaybot.authless_portals = false; - permissions = { - "@nyanloutre:nyanlout.re" = "admin"; - }; - }; - }; - environmentFile = "/mnt/secrets/mautrix-telegram.env"; - serviceDependencies = [ "matrix-synapse.service" ]; - }; - borgbackup.jobs = { loutre = { paths = [ @@ -266,40 +168,6 @@ in }; }; - sdtdserver.enable = false; - - factorio = { - enable = false; - autosave-interval = 10; - game-name = "Shame"; - public = true; - username = "nyanloutre"; - }; - - minecraft-server = { - enable = false; - jvmOpts = "-Xms512m -Xmx3072m"; - eula = true; - declarative = true; - openFirewall = true; - whitelist = { - nyanloutre = "db0669ea-e332-4ca3-8d50-f5d1458f5822"; - Hautension = "f05677f4-be5a-47df-ad77-21c739180aa2"; - LordDarkKiwi = "79290cfc-0b00-484f-9c94-ab0786402de6"; - Madahin = "f5f747e3-fac2-43e8-9b9b-a67dc2f368ff"; - Hopegcx = "4497f759-2210-48db-8764-307d33011442"; - wyrd68 = "127a3021-cdc1-419f-9010-4651df9ae3af"; - sparsyateloutre = "d2ff63c1-4e9f-4b21-9bfc-decce5d987b3"; - }; - serverProperties = { - difficulty = 2; - gamemode = 0; - max-players = 50; - motd = "Hi Mark !"; - white-list = true; - }; - }; - kresd = { enable = true; }; @@ -668,48 +536,6 @@ in ipmihddtemp.enable = true; - # systemd.services.minecraft-overviewer = - # let - # clientJar = pkgs.fetchurl { - # url = "https://overviewer.org/textures/1.14"; - # sha256 = "0fij9wac7vj6h0kd3mfhqpn0w9gl8pbs9vs9s085zajm0szpr44k"; - # name = "client.jar"; - # }; - # configFile = pkgs.runCommand "overviewer-config" { CLIENT_JAR = clientJar; } '' - # substitute ${./config-overviewer.py} $out \ - # --subst-var CLIENT_JAR - # ''; - # in - # { - # script = '' - # ${pkgs.minecraft-overviewer}/bin/overviewer.py --config ${configFile} - # ${pkgs.minecraft-overviewer}/bin/overviewer.py --config ${configFile} --genpoi - # rm /var/www/minecraft-overviewer/progress.json - # ''; - # serviceConfig = { - # User = "nginx"; - # Group = "nginx"; - # }; - # }; - - # systemd.timers.minecraft-overviewer = { - # wantedBy = [ "multi-user.target" ]; - # timerConfig = { - # OnCalendar = "*-*-* 04:00:00"; - # }; - # }; - - # systemd.packages = with pkgs; [ - # tgt - # ]; - - # environment.etc."tgt/targets.conf".text = '' - # - # backing-store /dev/zvol/loutrepool/steam-lun - # initiator-address 10.30.50.3 - # - # ''; - users.groups.nginx.members = [ "matrix-synapse" ]; security.pam.services.sshd.text = pkgs.lib.mkDefault( pkgs.lib.mkAfter "session optional ${pkgs.pam}/lib/security/pam_exec.so seteuid ${login_mail_alert}/bin/mail_alert.sh" ); diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 15ecb4d..6b8e924 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -44,7 +44,7 @@ let in { security.acme = { - email = "paul@nyanlout.re"; + defaults.email = "paul@nyanlout.re"; acceptTerms = true; }; @@ -65,19 +65,19 @@ in services = { phpfpm.pools = { - work = { - user = config.users.users.work.name; - phpPackage = pkgs.php.withExtensions ({ all, ... }: with all; [ redis filter ]); - settings = { - "listen.owner" = config.services.nginx.user; - "pm" = "dynamic"; - "pm.max_children" = 75; - "pm.start_servers" = 10; - "pm.min_spare_servers" = 5; - "pm.max_spare_servers" = 20; - "pm.max_requests" = 500; - }; - }; + # work = { + # user = config.users.users.work.name; + # phpPackage = pkgs.php.withExtensions ({ all, ... }: with all; [ redis filter ]); + # settings = { + # "listen.owner" = config.services.nginx.user; + # "pm" = "dynamic"; + # "pm.max_children" = 75; + # "pm.start_servers" = 10; + # "pm.min_spare_servers" = 5; + # "pm.max_spare_servers" = 20; + # "pm.max_requests" = 500; + # }; + # }; drive = { user = config.users.users.webdav.name; settings = { @@ -216,7 +216,7 @@ in alias = "/var/www/site-musique/media/"; }; }; - "maxspiegel.fr" = base { "/" = { root = "/run/python-ci/nyanloutre/site-max"; }; }; + # "maxspiegel.fr" = base { "/" = { root = "/run/python-ci/nyanloutre/site-max"; }; }; "stream.nyanlout.re" = base { "/" = { proxyPass = "http://10.30.135.71"; @@ -238,7 +238,7 @@ in "ci.nyanlout.re" = simpleReverse 52350; "gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort; "musique.nyanlout.re" = simpleReverse config.services.navidrome.settings.Port; - "apart.nyanlout.re" = recursiveUpdate (simpleReverse config.services.home-assistant.port) { + "apart.nyanlout.re" = recursiveUpdate (simpleReverse config.services.home-assistant.config.http.server_port) { locations."/" = { proxyWebsockets = true; };