From c2142d236e3f8d9459704150c8effd1cc8104339 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 29 Nov 2020 12:51:18 +0100 Subject: [PATCH 01/28] fixs nixos 20.09 --- services/mail-server.nix | 10 +++++----- systems/LoutreOS/configuration.nix | 2 +- systems/LoutreOS/medias.nix | 8 +++++++- systems/LoutreOS/services.nix | 1 - systems/LoutreOS/users.nix | 2 +- systems/LoutreOS/web.nix | 23 ++++++++++++----------- 6 files changed, 26 insertions(+), 20 deletions(-) diff --git a/services/mail-server.nix b/services/mail-server.nix index 9b61126..a95e337 100644 --- a/services/mail-server.nix +++ b/services/mail-server.nix @@ -17,8 +17,8 @@ in imports = [ (builtins.fetchTarball { - url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.3.0/nixos-mailserver-v2.3.0.tar.gz"; - sha256 = "0lpz08qviccvpfws2nm83n7m2r8add2wvfg9bljx9yxx8107r919"; + url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/5cd6f8e7b3f5d5bf56e407c5e79a682cb250d911/nixos-mailserver-5cd6f8e7b3f5d5bf56e407c5e79a682cb250d911.tar.gz"; + sha256 = "0vdq5qsz8vvaryyzsama76lh3v57abvq3j5a3hb23yp7z2wlrk63"; }) ]; @@ -63,9 +63,9 @@ in security.acme.certs = { "${cfg.domaine}" = { - extraDomains = { - "mail.${cfg.domaine}" = null; - }; + extraDomainNames = [ + "mail.${cfg.domaine}" + ]; postRun = '' systemctl reload dovecot2.service ''; diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 1f7af11..58c4286 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -33,7 +33,7 @@ in ]; nixpkgs.config.allowUnfree = false; - nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem pkg.pname or (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.30.1-slimserver" "minecraft-server" ]); + nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem pkg.pname or (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.32.0-slimserver" "minecraft-server" ]); services.zfs = { autoSnapshot.enable = true; diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index eea4617..f643edf 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -5,6 +5,7 @@ transmission = { enable = true; home = "/var/lib/transmission"; + port = 9091; settings = { rpc-bind-address = "127.0.0.1"; rpc-host-whitelist = "*"; @@ -18,7 +19,10 @@ sonarr.enable = true; jackett.enable = true; - jellyfin.enable = true; + jellyfin = { + enable = true; + package = pkgs.jellyfin; + }; slimserver = { enable = true; @@ -31,6 +35,8 @@ }; }; + systemd.services.transmission.serviceConfig.BindPaths = [ "/mnt/medias" ]; + networking = { firewall.allowedTCPPorts = [ config.services.transmission.settings.peer-port diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 1637006..28937b5 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -492,7 +492,6 @@ in # ''; users.groups.nginx.members = [ "matrix-synapse" ]; - security.acme.certs."nyanlout.re".allowKeysForGroup = true; security.pam.services.sshd.text = pkgs.lib.mkDefault( pkgs.lib.mkAfter "session optional ${pkgs.pam}/lib/security/pam_exec.so seteuid ${login_mail_alert}/bin/mail_alert.sh" ); diff --git a/systems/LoutreOS/users.nix b/systems/LoutreOS/users.nix index 3fd89ab..92cd009 100644 --- a/systems/LoutreOS/users.nix +++ b/systems/LoutreOS/users.nix @@ -6,7 +6,7 @@ uid = 1000; isNormalUser = true; description = "Paul TREHIOU"; - extraGroups = [ "wheel" "medias" ]; + extraGroups = [ "wheel" "medias" "transmission" ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAF7VlzHzgg70uFbRFtVTS34qNBke/RD36mRENAsa33RxztxrqMsIDscAD/d6CTe6HDy7MCGzJnWCJSXj5iOQFM4RRMvKNEgCKPHqfhmfVvO4YZuMjNB0ufVf6zhJL4Hy43STf7NIWrenGemUP+OvVSwN/ujgl2KKw4KJZt25/h/7JjlCgsZm4lWg4xcjoiKL701W2fbEoU73XKdbRTgTvKoeK1CGxdAPFefFDFcv/mtJ7d+wIxw9xODcLcA66Bu94WGMdpyEAJc4nF8IOy4pW8AzllDi0qNEZGCQ5+94upnLz0knG1ue9qU2ScAkW1/5rIJTHCVtBnmbLNSAOBAstaGQJuSL40TWZ1oPA5i1qUEhunNcJ+Sgtp6XP69qY34T/AeJvHRyw5M5LfN0g+4ka9k06NPBhbpHFASz4M8nabQ0iM63++xcapnw/8gk+EPhYVKW86SsyTa9ur+tt6oDWEKNaOhgscX44LexY7jKdeBRt3GaObtBJtVLBRx3Z2aRXgjgnKGqS40mGRiSkqb2DShspI1l8DV2RrPiuwdBzXVQjWRc0KXmJrcgXX9uoPSxihxwaUQyvmITOV1Y+NEuek4gRkVNOxjoG7RGnaYvYzxEQVoI5TwZC2/DCrAUgCv8DQawkcpEiWnBq7Q5VnpmFx5juVQ/I0G8byOkPXgRUOk9 openpgp:0xAB524BBC" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCACVI2dL4AmOdcb7RSl3JZpfK33NhqrYFfWfXMYow5SPJ9VPteOp5kVvKUuSbGH3chjpttYC/ueQJJhFagiKmkeftQTslIw6C009wUExGpJwRotHqISXv2ctURGURKy2FF848whd7xZJzdj49ZJ6S+SCbRFZvVWfT2dP/JwTiWW1mbEaWKyOgrixH6wSKt9ECumjX9KjqSWGw+k3yLJxIhdqiZAjNv4soJs1mQYdIlFCXCuznzoZIQBexZPQCx0j9HjczPz1feMLWkrHzEMexNjsBE2uA6yXLbH1wa8xCJ4VOeD7u9JqVY579AsicD62G+qIgw0B2zmyz7xTrdPv+061zmYn6qYr8EXGTk4dVgedZp8M1XzZ1PVoeeftPFcClXC7zCGyCR2uzJbQLzlaTwZrdghAiS9UhMRuKpNgZy2zDWw4MqdojrF5bndPkoijlXWYrPYBFED5OU1mpwzpanYgldowJC/Ixjwi+Hmse2q4XgZ+egfuotBqPfqB+bWsCa5GNiJWGdLP69uBSsXubGnqLwvE0FAQ2GHb+SEoZKFy/QV9GzOLlVrGlgK5YFgKJD+Q1nn1QRycXt1oMVC/AtR/NshOGanhdvIRpPATGmaxLVXSY093vyAOW4MPrS00fPAXzAfJUwIuWcloFfLMo5Jitj5rpE1s6FX8xrl4upQ== paul@nyanlout.re" diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index f771e89..506760d 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -147,7 +147,7 @@ in ''; }; } // { default = true; }; - "riot.nyanlout.re" = base { "/" = { root = pkgs.riot-web; }; }; + "riot.nyanlout.re" = base { "/" = { root = pkgs.element-web; }; }; "factorio.nyanlout.re" = base { "/" = { root = "/var/www/factorio"; }; }; "minecraft.nyanlout.re" = base { "/" = { root = "/var/www/minecraft-overviewer"; }; }; "musique-meyenheim.fr" = base { @@ -225,9 +225,9 @@ in postgresql = { enable = true; - extraConfig = '' - full_page_writes = off - ''; + settings = { + full_page_writes = false; + }; }; pgmanage = { @@ -249,13 +249,10 @@ in passwordFile = "/var/lib/gitea/custom/conf/database_password"; }; log.level = "Warn"; - extraConfig = '' - [ui] - DEFAULT_THEME = arc-green - - [service] - DISABLE_REGISTRATION = true - ''; + disableRegistration = true; + settings = { + ui.DEFAULT_THEME = "arc-green"; + }; }; python-ci.enable = true; @@ -277,6 +274,10 @@ in }; }; + systemd.services.nginx.serviceConfig = { + ReadWritePaths = "/var/www/hls"; + }; + systemd.services.site-musique = let djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_2_2 pillow setuptools ])); in { From 90dd2c2b6d8f910b6a8e20e0b166368ecb4fdf24 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 29 Nov 2020 12:51:55 +0100 Subject: [PATCH 02/28] ip fixe smartphone --- systems/LoutreOS/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 58c4286..65c875f 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -131,6 +131,7 @@ in { ethernetAddress = "ac:1f:6b:4b:01:15"; hostName = "IPMI"; ipAddress = "10.30.1.1"; } { ethernetAddress = "00:1f:c6:6e:d1:f1"; hostName = "minecraftos"; ipAddress = "10.30.135.35"; } { ethernetAddress = "b4:2e:99:ed:24:26"; hostName = "paul-fixe"; ipAddress = "10.30.135.71"; } + { ethernetAddress = "20:47:da:fc:19:98"; hostName = "telephone-nyan"; ipAddress = "10.30.50.2"; } #ESPHome { ethernetAddress = "e0:98:06:85:e9:ce"; hostName = "salonled"; ipAddress = "10.30.40.1"; } From d5e46b62a06f7c0e28bd6e7f030b380960e1e193 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 29 Nov 2020 12:52:41 +0100 Subject: [PATCH 03/28] montage hass --- systems/LoutreOS/hardware-configuration.nix | 5 +++++ systems/LoutreOS/services.nix | 23 +++++++++++++++++++-- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index 7bfc7fe..1dfe4fb 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -157,6 +157,11 @@ fsType = "zfs"; }; + fileSystems."/var/lib/hass" = + { device = "loutrepool/var/hass"; + fsType = "zfs"; + }; + swapDevices = [ { diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 28937b5..171056b 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -246,7 +246,10 @@ in }; influxdb = null; config = null; - frontend = null; + frontend.themes = "!include ${pkgs.fetchurl { + url = "https://raw.githubusercontent.com/bbbenji/synthwave-hass/0.3.3.1/themes/synthwave.yaml"; + sha256 = "1n2yhk98cf778z7fdl5bswljhj45nv6bld191rxw7q6ckp235q4h"; + }}"; history = null; logbook = null; map = null; @@ -321,6 +324,12 @@ in broadcast_address = "10.30.255.255"; } ]; + device_tracker = [ + { + platform = "ping"; + hosts = { telephone_paul = "10.30.50.2"; }; + } + ]; scene = [ { name = "Movie"; @@ -399,10 +408,20 @@ in entity_id = "person.paul"; state = "home"; } + # Sun below max elevation { condition = "template"; value_template = "{{ state_attr('sun.sun', 'elevation') < ${toString min_sun_elevation} }}"; } + # All lights off + { + condition = "template"; + value_template = '' + {% set domain = 'light' %} + {% set state = 'off' %} + {{ states[domain] | count == states[domain] | selectattr('state','eq', state) | list | count }} + ''; + } ]; action = { scene = "scene.home"; @@ -421,7 +440,7 @@ in entity_id = "all"; } { - service = "media_player.media_pause"; + service = "media_player.turn_off"; entity_id = "all"; } ]; From c2c0d2bb05ee678aab19a59780f9011aea041ae1 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 29 Nov 2020 12:53:51 +0100 Subject: [PATCH 04/28] change nginx config --- systems/LoutreOS/web.nix | 41 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 506760d..2d5518e 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -48,11 +48,29 @@ in acceptTerms = true; }; + users.groups.work = {}; + users.users.work = { + isSystemUser = true; + group = config.users.groups.work.name; + }; + services = { + phpfpm.pools.work = { + user = config.users.users.work.name; + settings = { + "listen.owner" = config.services.nginx.user; + "pm" = "dynamic"; + "pm.max_children" = 75; + "pm.start_servers" = 10; + "pm.min_spare_servers" = 5; + "pm.max_spare_servers" = 20; + "pm.max_requests" = 500; + }; + }; nginx = { enable = true; package = pkgs.nginx.override { - modules = with pkgs.nginxModules; [ rtmp ]; + modules = with pkgs.nginxModules; [ rtmp dav ]; }; recommendedGzipSettings = true; recommendedOptimisation = true; @@ -189,6 +207,22 @@ in proxyWebsockets = true; }; }; + "work.rezom.eu" = base { + "/" = { + index = "/_h5ai/public/index.php"; + extraConfig = '' + dav_ext_methods PROPFIND OPTIONS; + ''; + }; + "/_h5ai/public/index.php" = { + extraConfig = '' + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:${config.services.phpfpm.pools.work.socket}; + include ${pkgs.nginx}/conf/fastcgi_params; + include ${pkgs.nginx}/conf/fastcgi.conf; + ''; + }; + } // { root = "/mnt/medias/iso_linux"; }; }; appendConfig = let rootLocation = config.services.nginx.virtualHosts."stream.nyanlout.re".locations."/".root; @@ -278,6 +312,11 @@ in ReadWritePaths = "/var/www/hls"; }; + systemd.services.phpfpm-work.serviceConfig = { + ReadOnlyPaths = "/mnt/medias/iso_linux"; + ReadWritePaths = "/mnt/medias/iso_linux/_h5ai"; + }; + systemd.services.site-musique = let djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_2_2 pillow setuptools ])); in { From d43f3bed0183c6d16b7f362436172b1baf4c3578 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 6 Jan 2021 02:06:34 +0100 Subject: [PATCH 05/28] LoutreOS: disable docs --- systems/LoutreOS/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 65c875f..76d572f 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -32,6 +32,8 @@ in "nixos-config=/etc/nixos/configuration.nix" ]; + documentation.nixos.enable = false; + nixpkgs.config.allowUnfree = false; nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem pkg.pname or (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.32.0-slimserver" "minecraft-server" ]); From 8a2ca1fa21cdce18424e33f2c8e169dae6cfa90d Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 6 Jan 2021 02:07:56 +0100 Subject: [PATCH 06/28] LoutreOS: airsonic -> navidrome --- systems/LoutreOS/medias.nix | 7 +++++-- systems/LoutreOS/web.nix | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index f643edf..6ed2c0e 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -29,9 +29,12 @@ dataDir = "/var/lib/slimserver"; }; - airsonic = { + navidrome = { enable = true; - maxMemory = 500; + settings = { + MusicFolder = "/mnt/medias/musique"; + ImageCacheSize = 0; + }; }; }; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 2d5518e..d7c7a7f 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -198,10 +198,10 @@ in "jackett.nyanlout.re" = authReverse 9117; "pgmanage.nyanlout.re" = authReverse config.services.pgmanage.port; "matrix.nyanlout.re" = simpleReverse 8008; - "airsonic.nyanlout.re" = simpleReverse 4040; "emby.nyanlout.re" = simpleReverse 8096; "ci.nyanlout.re" = simpleReverse 52350; "gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort; + "musique.nyanlout.re" = simpleReverse config.services.navidrome.settings.Port; "apart.nyanlout.re" = recursiveUpdate (simpleReverse config.services.home-assistant.port) { locations."/" = { proxyWebsockets = true; From 21740ed665ee0aadaecefbfa3e7358e0764c3cc6 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 6 Jan 2021 02:12:01 +0100 Subject: [PATCH 07/28] LoutreOS: indexation de logs nginx avec Loki --- systems/LoutreOS/monitoring.nix | 91 +++++++++++++++++++++++++++++++++ systems/LoutreOS/services.nix | 14 +++++ systems/LoutreOS/web.nix | 7 ++- 3 files changed, 111 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/monitoring.nix b/systems/LoutreOS/monitoring.nix index d60beed..b1ce207 100644 --- a/systems/LoutreOS/monitoring.nix +++ b/systems/LoutreOS/monitoring.nix @@ -112,8 +112,99 @@ in ZED_EMAIL_ADDR = [ "paul@nyanlout.re" ]; ZED_NOTIFY_VERBOSE = true; }; + + loki = { + enable = true; + configuration = { + auth_enabled = false; + server.http_listen_port = 3100; + ingester = { + lifecycler = { + address = "127.0.0.1"; + ring = { + kvstore.store = "inmemory"; + replication_factor = 1; + }; + }; + chunk_idle_period = "1h"; + chunk_target_size = 1000000; + }; + schema_config.configs = [ + { + from = "2018-04-15"; + store = "boltdb"; + object_store = "filesystem"; + schema = "v11"; + index = { + prefix = "index_"; + period = "168h"; + }; + } + ]; + storage_config = { + boltdb.directory = "/var/lib/loki/index"; + filesystem.directory = "/var/lib/loki/chunks"; + }; + limits_config = { + enforce_metric_name = false; + reject_old_samples = true; + reject_old_samples_max_age = "168h"; + }; + chunk_store_config.max_look_back_period = "168h"; + table_manager = { + retention_deletes_enabled = true; + retention_period = "168h"; + }; + }; + }; + + promtail = { + enable = true; + configuration = { + server = { + http_listen_port = 9080; + grpc_listen_port = 0; + }; + positions.filename = "/tmp/positions.yaml"; + clients = [ { url = "http://127.0.0.1:3100/loki/api/v1/push"; } ]; + scrape_configs = [ + { + job_name = "nginx"; + static_configs = [ + { + labels = { + job = "nginx"; + __path__ = "/var/log/nginx/*log"; + }; + } + ]; + pipeline_stages = [ + { + match = { + selector = ''{job="nginx"}''; + stages = [ + { + regex.expression = ''^(?P[\w\.]+) - (?P[^ ]*) \[(?P.*)\] "(?P[^ ]*) (?P[^ ]*) (?P[^ ]*)" (?P[\d]+) (?P[\d]+) "(?P[^"]*)" "(?P[^"]*)"?''; + } + { + labels = { + method = null; + request = null; + status = null; + }; + } + ]; + }; + } + ]; + } + ]; + }; + }; }; + systemd.services.promtail.serviceConfig.SupplementaryGroups = [ "nginx" ]; + security.sudo.extraRules = [ { commands = [ { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } ]; users = [ "telegraf" ]; } ]; diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 171056b..db1aced 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -35,6 +35,20 @@ in ]; services = { + logrotate = { + enable = true; + paths = { + nginx = { + path = "/var/log/nginx/*.log"; + user = config.services.nginx.user; + group = config.services.nginx.group; + keep = 7; + extraConfig = '' + compress + ''; + }; + }; + }; fail2ban.enable = true; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index d7c7a7f..8c54545 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -222,7 +222,12 @@ in include ${pkgs.nginx}/conf/fastcgi.conf; ''; }; - } // { root = "/mnt/medias/iso_linux"; }; + } // { + root = "/mnt/medias/iso_linux"; + extraConfig = '' + access_log /var/log/nginx/$host.log; + ''; + }; }; appendConfig = let rootLocation = config.services.nginx.virtualHosts."stream.nyanlout.re".locations."/".root; From ba3ee04a83f5d39d4d0b9ea3ebce3db84bc29b27 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 6 Jan 2021 02:12:21 +0100 Subject: [PATCH 08/28] LoutreOS: disable vsftpd --- systems/LoutreOS/services.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index db1aced..25a8ed4 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -27,7 +27,7 @@ in ../../services/mail-server.nix ../../services/python-ci.nix ../../services/sdtdserver.nix - ../../containers/vsftpd.nix + # ../../containers/vsftpd.nix # /mnt/secrets/factorio_secrets.nix ./monitoring.nix ./medias.nix From 9a52f93a41be9f533dedc9beeb4e3f1cc3c0da86 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 6 Jan 2021 02:13:08 +0100 Subject: [PATCH 09/28] LoutreOS: ajout zeegbee home-assistant --- systems/LoutreOS/services.nix | 182 ++++++++++++++++++++++++++++++---- 1 file changed, 164 insertions(+), 18 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 25a8ed4..8822d0f 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -277,6 +277,7 @@ in "10.40.249.1".name = "Bureau"; "10.40.249.2".name = "Cuisine"; }; + zha = null; esphome = null; light = [ { @@ -400,7 +401,27 @@ in ]; automation = let min_sun_elevation = 4; + + switch_chambre = { + domain = "zha"; + platform = "device"; + device_id = "3329ecdcad244e5e8fc0f4b96d52ffe1"; + }; + + switch_entree = { + domain = "zha"; + platform = "device"; + device_id = "7cd814190ec543dba76a7aa7e7996c41"; + }; + + remote = { + domain = "zha"; + platform = "device"; + device_id = "d1230b76264e483388a8fdaad4f44143"; + }; in [ + # ENTREE + { alias = "Aziz lumière"; trigger = [ @@ -410,11 +431,6 @@ in value_template = "{{ state.attributes.elevation }}"; below = min_sun_elevation; } - { - platform = "state"; - entity_id = "person.paul"; - to = "home"; - } ]; condition = [ { @@ -427,27 +443,34 @@ in condition = "template"; value_template = "{{ state_attr('sun.sun', 'elevation') < ${toString min_sun_elevation} }}"; } - # All lights off - { - condition = "template"; - value_template = '' - {% set domain = 'light' %} - {% set state = 'off' %} - {{ states[domain] | count == states[domain] | selectattr('state','eq', state) | list | count }} - ''; - } ]; action = { scene = "scene.home"; }; } { - alias = "Adios"; + alias = "Aziz lumière switch"; trigger = { - platform = "state"; - entity_id = "person.paul"; - to = "not_home"; + type = "remote_button_short_press"; + subtype = "turn_on"; + } // switch_entree; + action = { + scene = "scene.home"; }; + } + { + alias = "Adios"; + trigger = [ + { + platform = "state"; + entity_id = "person.paul"; + to = "not_home"; + } + ({ + type = "remote_button_short_press"; + subtype = "turn_off"; + } // switch_entree) + ]; action = [ { service = "light.turn_off"; @@ -459,6 +482,129 @@ in } ]; } + + # REMOTE + + { + alias = "Button toggle"; + trigger = { + type = "remote_button_short_press"; + subtype = "turn_on"; + } // remote; + action = { + choose = { + conditions = { + condition = "template"; + value_template = '' + {% set domain = 'light' %} + {% set state = 'off' %} + {{ states[domain] | count == states[domain] | selectattr('state','eq',state) | list | count }} + ''; + }; + sequence = { + scene = "scene.home"; + }; + }; + default = { + service = "light.turn_off"; + entity_id = "all"; + }; + }; + } + { + alias = "Button scene movie"; + trigger = { + type = "remote_button_short_press"; + subtype = "right"; + } // remote; + action = { + scene = "scene.movie"; + }; + } + { + alias = "Button scene home"; + trigger = { + type = "remote_button_short_press"; + subtype = "left"; + } // remote; + action = { + scene = "scene.home"; + }; + } + { + alias = "Button light up"; + trigger = { + type = "remote_button_short_press"; + subtype = "dim_up"; + } // remote; + action = { + service = "light.turn_on"; + entity_id = "light.salon"; + data = { + brightness_step = 25; + }; + }; + } + { + alias = "Button light down"; + trigger = { + type = "remote_button_short_press"; + subtype = "dim_down"; + } // remote; + action = { + service = "light.turn_on"; + entity_id = "light.salon"; + data = { + brightness_step = -25; + }; + }; + } + + # CHAMBRE + + { + alias = "Button scene night"; + trigger = { + type = "remote_button_short_press"; + subtype = "turn_on"; + } // switch_chambre; + action = { + scene = "scene.night"; + }; + } + { + alias = "Button scene dodo"; + trigger = { + type = "remote_button_short_press"; + subtype = "turn_off"; + } // switch_chambre; + action = { + service = "light.turn_off"; + entity_id = "all"; + }; + } + { + alias = "Button scene lumière chambre ON"; + trigger = { + type = "remote_button_long_press"; + subtype = "dim_up"; + } // switch_chambre; + action = { + service = "light.turn_on"; + entity_id = "light.chambre"; + }; + } + { + alias = "Button scene lumière chambre OFF"; + trigger = { + type = "remote_button_long_press"; + subtype = "dim_down"; + } // switch_chambre; + action = { + service = "light.turn_off"; + entity_id = "light.chambre"; + }; + } ]; }; }; From 866106f86d3f1acddef9cd5887e667b97c5d9416 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 6 Jan 2021 02:15:38 +0100 Subject: [PATCH 10/28] LoutreOS: ajout config php redis --- systems/LoutreOS/services.nix | 2 ++ systems/LoutreOS/web.nix | 7 +++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 8822d0f..266d9d1 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -35,6 +35,8 @@ in ]; services = { + redis.enable = true; + logrotate = { enable = true; paths = { diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 8c54545..3400771 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -57,6 +57,7 @@ in services = { phpfpm.pools.work = { user = config.users.users.work.name; + phpPackage = pkgs.php.withExtensions ({ all, ... }: with all; [ redis filter ]); settings = { "listen.owner" = config.services.nginx.user; "pm" = "dynamic"; @@ -214,7 +215,7 @@ in dav_ext_methods PROPFIND OPTIONS; ''; }; - "/_h5ai/public/index.php" = { + "~ ^/(_h5ai/public/index|random).php" = { extraConfig = '' fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:${config.services.phpfpm.pools.work.socket}; @@ -319,7 +320,9 @@ in systemd.services.phpfpm-work.serviceConfig = { ReadOnlyPaths = "/mnt/medias/iso_linux"; - ReadWritePaths = "/mnt/medias/iso_linux/_h5ai"; + ReadWritePaths = [ + "/mnt/medias/iso_linux/_h5ai" + ]; }; systemd.services.site-musique = let From 20939b47b7f41456ba17dfc313b97097dd359c9b Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 6 Jan 2021 02:20:58 +0100 Subject: [PATCH 11/28] =?UTF-8?q?LoutreOS:=20d=C3=A9placement=20serveur=20?= =?UTF-8?q?rtmp?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- systems/LoutreOS/web.nix | 39 ++------------------------------------- 1 file changed, 2 insertions(+), 37 deletions(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 3400771..bd64941 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -71,7 +71,7 @@ in nginx = { enable = true; package = pkgs.nginx.override { - modules = with pkgs.nginxModules; [ rtmp dav ]; + modules = with pkgs.nginxModules; [ dav ]; }; recommendedGzipSettings = true; recommendedOptimisation = true; @@ -183,11 +183,7 @@ in "maxspiegel.fr" = base { "/" = { root = "/run/python-ci/nyanloutre/site-max"; }; }; "stream.nyanlout.re" = base { "/" = { - root = "/var/www/hls/"; - extraConfig = '' - add_header Cache-Control no-cache; - add_header Access-Control-Allow-Origin *; - ''; + proxyPass = "http://10.30.135.71"; }; }; "login.nyanlout.re" = simpleReverse config.services.nginx.sso.configuration.listen.port; @@ -230,37 +226,6 @@ in ''; }; }; - appendConfig = let - rootLocation = config.services.nginx.virtualHosts."stream.nyanlout.re".locations."/".root; - in '' - rtmp { - server { - listen 1935; - - application live { - live on; - - exec_push ${pkgs.ffmpeg}/bin/ffmpeg -i rtmp://localhost/$app/$name -async 1 -vsync -1 - -c:v libx264 -c:a aac -b:v 768k -b:a 96k -vf "scale=720:trunc(ow/a/2)*2" -tune zerolatency -preset ultrafast -crf 28 -f flv rtmp://localhost/show/$name_mid - -c:v libx264 -c:a aac -b:v 1024k -b:a 128k -vf "scale=960:trunc(ow/a/2)*2" -tune zerolatency -preset ultrafast -crf 28 -f flv rtmp://localhost/show/$name_high - -c copy -f flv rtmp://localhost/show/$name_src 2>>${rootLocation}/ffmpeg-$name.log; - } - - application show { - live on; - hls on; - - hls_path ${rootLocation}; - hls_fragment 3s; - hls_playlist_length 60s; - - hls_variant _mid BANDWIDTH=448000; # Medium bitrate, SD resolution - hls_variant _high BANDWIDTH=1152000; # High bitrate, higher-than-SD resolution - hls_variant _src BANDWIDTH=4096000; # Source bitrate, source resolution - } - } - } - ''; }; postgresql = { From 3e440a97762e7146ebdd35c17117017ee21ec464 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 6 Jan 2021 02:22:05 +0100 Subject: [PATCH 12/28] LoutreOS: disable Mastodon --- systems/LoutreOS/web.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index bd64941..994131d 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -263,7 +263,7 @@ in python-ci.enable = true; mastodon = { - enable = true; + enable = false; localDomain = "social.nyanlout.re"; configureNginx = true; extraConfig = { From 999ee11693d0945e57a829f2d03697bcfa308f59 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 28 Jul 2021 23:03:34 +0200 Subject: [PATCH 13/28] Changes for 21.05 --- services/mail-server.nix | 4 ++-- systems/LoutreOS/configuration.nix | 2 +- systems/LoutreOS/services.nix | 2 ++ systems/LoutreOS/web.nix | 2 +- 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/services/mail-server.nix b/services/mail-server.nix index a95e337..4b5b93e 100644 --- a/services/mail-server.nix +++ b/services/mail-server.nix @@ -17,8 +17,8 @@ in imports = [ (builtins.fetchTarball { - url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/5cd6f8e7b3f5d5bf56e407c5e79a682cb250d911/nixos-mailserver-5cd6f8e7b3f5d5bf56e407c5e79a682cb250d911.tar.gz"; - sha256 = "0vdq5qsz8vvaryyzsama76lh3v57abvq3j5a3hb23yp7z2wlrk63"; + url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/5675b122a947b40e551438df6a623efad19fd2e7/nixos-mailserver-5675b122a947b40e551438df6a623efad19fd2e7.tar.gz"; + sha256 = "1fwhb7a5v9c98nzhf3dyqf3a5ianqh7k50zizj8v5nmj3blxw4pi"; }) ]; diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 76d572f..3553f7b 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -35,7 +35,7 @@ in documentation.nixos.enable = false; nixpkgs.config.allowUnfree = false; - nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem pkg.pname or (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.32.0-slimserver" "minecraft-server" ]); + nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem pkg.pname or (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.32.1-slimserver" "minecraft-server" ]); services.zfs = { autoSnapshot.enable = true; diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 266d9d1..2e3a924 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -20,6 +20,8 @@ let ''; backup_mail_alert = sendMail "paul@nyanlout.re" "ERREUR: Sauvegarde Borg" "Impossible de terminer la sauvegarde. Merci de voir les logs"; + + unstable = import { }; in { diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 994131d..c2eaaf9 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -291,7 +291,7 @@ in }; systemd.services.site-musique = let - djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_2_2 pillow setuptools ])); + djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_3 pillow setuptools ])); in { description = "Site Django de la musique de Meyenheim"; after = [ "network.target" ]; From 53cf463bbaa5912bbe5e3ed2369ebb67979d7ec7 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 11 Oct 2021 10:43:57 +0200 Subject: [PATCH 14/28] migrate to nix flake --- flake.lock | 95 +++++++++++++++++++++ flake.nix | 25 ++++++ services/mail-server.nix | 76 ----------------- systems/LoutreOS/configuration.nix | 14 ++- systems/LoutreOS/hardware-configuration.nix | 4 - systems/LoutreOS/services.nix | 61 +++++++++++-- systems/LoutreOS/web.nix | 3 +- 7 files changed, 183 insertions(+), 95 deletions(-) create mode 100644 flake.lock create mode 100644 flake.nix delete mode 100644 services/mail-server.nix diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..4a1328c --- /dev/null +++ b/flake.lock @@ -0,0 +1,95 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1633934814, + "narHash": "sha256-OF62Alp2ocacmDMzvRWMduITf87lcuGonxn9eg9uGG8=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "b313502c719069cce2dd6fd1d5e7fc5999b21c70", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "release-21.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1633791597, + "narHash": "sha256-HzpxqTEnqsjkKWfW87kSI3WVizYjUMQeUjSIm3b5I0Y=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "9bf75dd50b7b6d3ce6aaf6563db95f41438b9bdb", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1607522989, + "narHash": "sha256-o/jWhOSAlaK7y2M57OIriRt6whuVVocS/T0mG7fd1TI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e9158eca70ae59e73fae23be5d13d3fa0cfc78b4", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs", + "nixpkgs-unstable": "nixpkgs-unstable", + "simple-nixos-mailserver": "simple-nixos-mailserver" + } + }, + "simple-nixos-mailserver": { + "inputs": { + "nixpkgs": "nixpkgs_2", + "utils": "utils" + }, + "locked": { + "lastModified": 1622967674, + "narHash": "sha256-8RLe6Rqy2rKR/PGDMg/EVsWihsO+DQe/RYmlXdRZkLs=", + "owner": "simple-nixos-mailserver", + "repo": "nixos-mailserver", + "rev": "5675b122a947b40e551438df6a623efad19fd2e7", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "ref": "nixos-21.05", + "repo": "nixos-mailserver", + "type": "gitlab" + } + }, + "utils": { + "locked": { + "lastModified": 1605370193, + "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5021eac20303a61fafe17224c087f5519baed54d", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..e679baf --- /dev/null +++ b/flake.nix @@ -0,0 +1,25 @@ +{ + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/release-21.05"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.05"; + }; + + outputs = { self, nixpkgs, nixpkgs-unstable, simple-nixos-mailserver }: { + nixosConfigurations.loutreos = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ({ pkgs, ... }: { + nix.nixPath = [ + "nixpkgs=${nixpkgs}" + ]; + }) + nixpkgs.nixosModules.notDetected + "${nixpkgs-unstable}/nixos/modules/services/audio/navidrome.nix" + simple-nixos-mailserver.nixosModule + ./systems/LoutreOS/configuration.nix + ]; + }; + }; +} + diff --git a/services/mail-server.nix b/services/mail-server.nix deleted file mode 100644 index 4b5b93e..0000000 --- a/services/mail-server.nix +++ /dev/null @@ -1,76 +0,0 @@ -{ lib, config, pkgs, ... }: - -with lib; - -let - cfg = config.services.mailserver; -in -{ - options.services.mailserver = { - enable = mkEnableOption "Mail Server"; - domaine = mkOption { - type = types.str; - example = "example.com"; - description = "Nom de domaine du serveur de mails"; - }; - }; - - imports = [ - (builtins.fetchTarball { - url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/5675b122a947b40e551438df6a623efad19fd2e7/nixos-mailserver-5675b122a947b40e551438df6a623efad19fd2e7.tar.gz"; - sha256 = "1fwhb7a5v9c98nzhf3dyqf3a5ianqh7k50zizj8v5nmj3blxw4pi"; - }) - ]; - - config = mkIf cfg.enable { - - mailserver = { - enable = true; - fqdn = "mail.${cfg.domaine}"; - domains = [ cfg.domaine ]; - - # A list of all login accounts. To create the password hashes, use - # mkpasswd -m sha-512 "super secret password" - loginAccounts = { - "paul@${cfg.domaine}" = { - hashedPassword = "$6$8wWQbtqVqUoH8$pQKg0bZPcjCbuPvyhjJ1lQy949M/AgfmAye/hDEIVUnCfwtlUxC1yj8CBHpNKeiiXhd8IUqk9r0/IJNvB6okf0"; - }; - }; - - # Certificate setup - certificateScheme = 1; - certificateFile = "/var/lib/acme/${cfg.domaine}/fullchain.pem"; - keyFile = "/var/lib/acme/${cfg.domaine}/key.pem"; - - # Enable IMAP and POP3 - enableImap = true; - enablePop3 = true; - enableImapSsl = true; - enablePop3Ssl = true; - - # Enable the ManageSieve protocol - enableManageSieve = true; - }; - - services.postfix = { - relayHost = "mailvps.nyanlout.re"; - relayPort = 587; - config = { - smtp_tls_cert_file = lib.mkForce "/var/lib/postfix/postfixrelay.crt"; - smtp_tls_key_file = lib.mkForce "/var/lib/postfix/postfixrelay.key"; - }; - }; - - security.acme.certs = { - "${cfg.domaine}" = { - extraDomainNames = [ - "mail.${cfg.domaine}" - ]; - postRun = '' - systemctl reload dovecot2.service - ''; - }; - }; - - }; -} diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 3553f7b..b60e6ae 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -4,10 +4,6 @@ { config, pkgs, ... }: -let - gitRev = "4c45e960e797d660358a11723e736afee3998261"; - nixpkgs = fetchTarball "https://github.com/nyanloutre/nixpkgs/archive/${gitRev}.tar.gz"; -in { imports = [ ../common-cli.nix @@ -27,10 +23,12 @@ in tmpOnTmpfs = true; }; - nix.nixPath = [ - "nixpkgs=${nixpkgs}" - "nixos-config=/etc/nixos/configuration.nix" - ]; + nix = { + package = pkgs.nixUnstable; + extraOptions = '' + experimental-features = nix-command flakes + ''; + }; documentation.nixos.enable = false; diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index 1dfe4fb..1fd5d44 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -4,10 +4,6 @@ { config, lib, pkgs, ... }: { - imports = - [ - ]; - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 2e3a924..3c9df85 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -26,7 +26,6 @@ in { imports = [ - ../../services/mail-server.nix ../../services/python-ci.nix ../../services/sdtdserver.nix # ../../containers/vsftpd.nix @@ -36,7 +35,62 @@ in ./web.nix ]; + security.acme.certs = { + "${domaine}" = { + extraDomainNames = [ + "mail.${domaine}" + ]; + postRun = '' + systemctl reload dovecot2.service + ''; + }; + }; + + mailserver = { + enable = true; + fqdn = "mail.${domaine}"; + domains = [ domaine ]; + + # A list of all login accounts. To create the password hashes, use + # mkpasswd -m sha-512 "super secret password" + loginAccounts = { + "paul@${domaine}" = { + hashedPassword = "$6$8wWQbtqVqUoH8$pQKg0bZPcjCbuPvyhjJ1lQy949M/AgfmAye/hDEIVUnCfwtlUxC1yj8CBHpNKeiiXhd8IUqk9r0/IJNvB6okf0"; + }; + "claire@${domaine}" = { + hashedPassword = "$6$Y.vlWP9./DX$NEQQOLzYftbHOvXDkKdBYFAjzIjh8mlpomDuQRq6qkkZijrdy/p6jSbrpBLhoWwVmj4j1OWekHU1f4C9xCNJk."; + }; + }; + + # Certificate setup + certificateScheme = 1; + certificateFile = "/var/lib/acme/${domaine}/fullchain.pem"; + keyFile = "/var/lib/acme/${domaine}/key.pem"; + + # Enable IMAP and POP3 + enableImap = true; + enablePop3 = true; + enableImapSsl = true; + enablePop3Ssl = true; + + # Enable the ManageSieve protocol + enableManageSieve = true; + }; + services = { + postfix = { + relayHost = "mailvps.nyanlout.re"; + relayPort = 587; + config = { + smtp_tls_cert_file = lib.mkForce "/var/lib/postfix/postfixrelay.crt"; + smtp_tls_key_file = lib.mkForce "/var/lib/postfix/postfixrelay.key"; + }; + }; + + rspamd.workers.controller.extraConfig = '' + secure_ip = ["127.0.0.1", "10.30.135.71"]; + ''; + redis.enable = true; logrotate = { @@ -58,11 +112,6 @@ in fstrim.enable = true; - mailserver = { - enable = true; - domaine = domaine; - }; - syncthing = { enable = true; dataDir = "/var/lib/syncthing"; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index c2eaaf9..0f63412 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -88,7 +88,6 @@ in ''; sso = { enable = true; - environmentFile = "/mnt/secrets/nginx-sso.env"; configuration = { listen = { addr = "127.0.0.1"; @@ -325,4 +324,6 @@ in wantedBy = [ "sockets.target" ]; listenStreams = [ "/run/site-musique.sock" ]; }; + + systemd.services.nginx-sso.serviceConfig.EnvironmentFile = "/mnt/secrets/nginx-sso.env"; } From a1d875e90342872c27571713657ddb7603ee92a8 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 11 Oct 2021 10:48:26 +0200 Subject: [PATCH 15/28] migrate slimserver to docker container --- systems/LoutreOS/configuration.nix | 2 ++ systems/LoutreOS/medias.nix | 26 +++++++++++++++++++++----- 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index b60e6ae..367f3a1 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -178,6 +178,8 @@ services.autossh.sessions = [ { extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 loutre@vps772619.ovh.net"; monitoringPort = 20000; name = "backup-ssh-reverse"; user = "autossh"; } ]; + virtualisation.podman.enable = true; + security.sudo.wheelNeedsPassword = false; system.stateVersion = "18.03"; diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index 6ed2c0e..a3dac88 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -24,11 +24,6 @@ package = pkgs.jellyfin; }; - slimserver = { - enable = true; - dataDir = "/var/lib/slimserver"; - }; - navidrome = { enable = true; settings = { @@ -49,4 +44,25 @@ config.services.transmission.settings.peer-port ]; }; + + virtualisation.oci-containers = { + backend = "podman"; + containers = { + slimserver = { + image = "docker.io/lmscommunity/logitechmediaserver:stable"; + volumes = [ + "/mnt/medias/musique:/music:ro" + "/var/lib/slimserver:/config:rw" + "/etc/localtime:/etc/localtime:ro" + ]; + ports = [ + "9000:9000/tcp" + "9090:9090/tcp" + "3483:3483/tcp" + "3483:3483/udp" + ]; + extraOptions = ["--pull=always"]; + }; + }; + }; } From c3a629cc033d33a92226914438a9a56f6e87af86 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 11 Oct 2021 10:49:30 +0200 Subject: [PATCH 16/28] set autossh as system user --- systems/LoutreOS/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 367f3a1..0cf9bc5 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -173,6 +173,7 @@ home = "/home/autossh"; createHome = true; group = "autossh"; + isSystemUser = true; }; }; From dea468e9f1570cf5dd3eac88c43fc3e67c7b1a5e Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 11 Oct 2021 10:52:39 +0200 Subject: [PATCH 17/28] setup zfs replication destination and backup --- systems/LoutreOS/hardware-configuration.nix | 5 +++++ systems/LoutreOS/services.nix | 4 ++-- systems/LoutreOS/users.nix | 9 +++++++++ systems/common-cli.nix | 1 + 4 files changed, 17 insertions(+), 2 deletions(-) diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index 1fd5d44..68e20bb 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -158,6 +158,11 @@ fsType = "zfs"; }; + fileSystems."/mnt/paul-home" = + { device = "loutrepool/zfs-replicate/paul-fixe/fastaf/home"; + fsType = "zfs"; + }; + swapDevices = [ { diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 3c9df85..9dfefb2 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -14,7 +14,7 @@ let ''; login_mail_alert = pkgs.writeShellScriptBin "mail_alert.sh" '' - if [ "$PAM_TYPE" != "close_session" ]; then + if [ "$PAM_TYPE" != "close_session" ] && [ "$PAM_USER" != "zfspaulfixe" ]; then ${sendMail "paul@nyanlout.re" "SSH Login: $PAM_USER from $PAM_RHOST" "`env`"}/bin/mail.sh fi ''; @@ -228,11 +228,11 @@ in "/var/lib/postgresql/.zfs/snapshot/borgsnap" "/var/lib/radarr" "/var/lib/sonarr" - "/var/lib/syncthing" "/var/lib/transmission" "/mnt/medias/musique" "/mnt/medias/torrent/lidarr" "/mnt/medias/torrent/musique" + "/mnt/paul-home/paul" "/var/sieve" "/var/vmail" ]; diff --git a/systems/LoutreOS/users.nix b/systems/LoutreOS/users.nix index 92cd009..c20d219 100644 --- a/systems/LoutreOS/users.nix +++ b/systems/LoutreOS/users.nix @@ -29,6 +29,15 @@ isNormalUser = true; description = "Synology Diskstation maison"; }; + + zfspaulfixe = { + uid = 1002; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDIQjzpEBNEwJhBTh82K5bJMyPSuHvYJyipaZYVtOZSJIDIRcec9YwMOQuMl9+O5kI36tiataEpmb/y3OWU567DXKp/BtljfVfNSQracKJPt6GJFOz4fKqCqoBh7M06ZGsBHUi/NsKIvw4asJsBuK6uACvxKFt2pSR6fp+/2y/3NH0LpDmDuuYORhciJUBC+RUTCLtVUfzkMAeR2p+M079Ia0rnkEXNFgc75FQon1bQu/0bnbHPweSwnNfRB0XPm6Qgz3sS2Cyhf1/GqgvARs80P4MWuqqZFXhsBTajOHOjCu6fiaylPNXNWfLnahkRzKIOkIy7/yEO+MmMD+V7pjbvSqB7MD1T5wfcPHvHTISM4E+7dw9aPj9+JspkgSSACtIFKsqxkWlq5creUV1syDm2Cd4rBnKrc8yWtAxBSusFWbAr6xtxP6I+ibS4trjNdHHrjMJK9jpbPxdblJJrO3qn6VYC/WzFAxzDDUi5ysGzNdpQLacacne/95gSGXCgIIc= root@paul-fixe" + ]; + description = "paul-fixe zfs backup user"; + }; }; users.extraGroups.medias = { diff --git a/systems/common-cli.nix b/systems/common-cli.nix index adf9ad8..537de6c 100644 --- a/systems/common-cli.nix +++ b/systems/common-cli.nix @@ -67,6 +67,7 @@ binutils bat molly-guard + lz4 # Développement openssl From d1212c9d73266019d2923647556a2bb12e2ac9a7 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 11 Oct 2021 10:58:02 +0200 Subject: [PATCH 18/28] update nginx conf --- systems/LoutreOS/hardware-configuration.nix | 5 + systems/LoutreOS/web.nix | 165 ++++++++++++++------ 2 files changed, 125 insertions(+), 45 deletions(-) diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index 68e20bb..4984718 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -163,6 +163,11 @@ fsType = "zfs"; }; + fileSystems."/mnt/webdav" = + { device = "loutrepool/webdav"; + fsType = "zfs"; + }; + swapDevices = [ { diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 0f63412..a1499b4 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -48,30 +48,56 @@ in acceptTerms = true; }; - users.groups.work = {}; - users.users.work = { - isSystemUser = true; - group = config.users.groups.work.name; + users.groups = { + work = {}; + webdav = {}; + }; + users.users = { + work = { + isSystemUser = true; + group = config.users.groups.work.name; + }; + webdav = { + isSystemUser = true; + group = config.users.groups.webdav.name; + }; }; services = { - phpfpm.pools.work = { - user = config.users.users.work.name; - phpPackage = pkgs.php.withExtensions ({ all, ... }: with all; [ redis filter ]); - settings = { - "listen.owner" = config.services.nginx.user; - "pm" = "dynamic"; - "pm.max_children" = 75; - "pm.start_servers" = 10; - "pm.min_spare_servers" = 5; - "pm.max_spare_servers" = 20; - "pm.max_requests" = 500; + phpfpm.pools = { + work = { + user = config.users.users.work.name; + phpPackage = pkgs.php.withExtensions ({ all, ... }: with all; [ redis filter ]); + settings = { + "listen.owner" = config.services.nginx.user; + "pm" = "dynamic"; + "pm.max_children" = 75; + "pm.start_servers" = 10; + "pm.min_spare_servers" = 5; + "pm.max_spare_servers" = 20; + "pm.max_requests" = 500; + }; + }; + drive = { + user = config.users.users.webdav.name; + settings = { + "listen.owner" = config.services.nginx.user; + "pm" = "dynamic"; + "pm.max_children" = 75; + "pm.start_servers" = 10; + "pm.min_spare_servers" = 5; + "pm.max_spare_servers" = 20; + "pm.max_requests" = 500; + }; + phpOptions = '' + output_buffering=off + ''; }; }; nginx = { enable = true; package = pkgs.nginx.override { - modules = with pkgs.nginxModules; [ dav ]; + modules = with pkgs.nginxModules; [ dav moreheaders ]; }; recommendedGzipSettings = true; recommendedOptimisation = true; @@ -83,8 +109,6 @@ in } add_header Strict-Transport-Security $hsts_header; add_header Referrer-Policy origin-when-cross-origin; - - error_page 500 502 503 504 https://nyanlout.re/errorpages/50x.html; ''; sso = { enable = true; @@ -128,34 +152,47 @@ in }; virtualHosts = let base = locations: { - inherit locations; + locations = locations // { + "@maintenance" = { + root = "/var/www/errorpages/"; + extraConfig = '' + rewrite ^(.*)$ /50x.html break; + ''; + }; + }; forceSSL = true; enableACME = true; + extraConfig = '' + error_page 500 502 503 504 = @maintenance; + ''; }; simpleReverse = rport: base { "/" = { proxyPass = "http://127.0.0.1:${toString(rport)}/"; }; }; - authReverse = rport: base { - "/" = { - proxyPass = "http://127.0.0.1:${toString(rport)}/"; + authReverse = rport: zipAttrsWith (name: vs: if name == "extraConfig" then (concatStrings vs) else elemAt vs 0) [ + (base { + "/" = { + proxyPass = "http://127.0.0.1:${toString(rport)}/"; + extraConfig = '' + auth_request_set $cookie $upstream_http_set_cookie; + add_header Set-Cookie $cookie; + ''; + }; + }) + { extraConfig = '' - auth_request_set $cookie $upstream_http_set_cookie; - add_header Set-Cookie $cookie; + include ${nginxSsoAuth}; ''; - }; - } // { - extraConfig = '' - include ${nginxSsoAuth}; - ''; - }; + } + ]; in { "nyanlout.re" = base { "/" = { alias = "/var/www/site-perso/"; }; - "/errorpages/" = { + "/maintenance/" = { alias = "/var/www/errorpages/"; }; "/.well-known/openpgpkey/" = { @@ -194,7 +231,11 @@ in "jackett.nyanlout.re" = authReverse 9117; "pgmanage.nyanlout.re" = authReverse config.services.pgmanage.port; "matrix.nyanlout.re" = simpleReverse 8008; - "emby.nyanlout.re" = simpleReverse 8096; + "emby.nyanlout.re" = recursiveUpdate (simpleReverse 8096) { + locations."/" = { + proxyWebsockets = true; + }; + }; "ci.nyanlout.re" = simpleReverse 52350; "gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort; "musique.nyanlout.re" = simpleReverse config.services.navidrome.settings.Port; @@ -203,27 +244,58 @@ in proxyWebsockets = true; }; }; - "work.rezom.eu" = base { + # "work.rezom.eu" = base { + # "/" = { + # index = "/_h5ai/public/index.php"; + # extraConfig = '' + # dav_ext_methods PROPFIND OPTIONS; + # ''; + # }; + # "~ ^/(_h5ai/public/index|random).php" = { + # extraConfig = '' + # fastcgi_split_path_info ^(.+\.php)(/.+)$; + # fastcgi_pass unix:${config.services.phpfpm.pools.work.socket}; + # include ${pkgs.nginx}/conf/fastcgi_params; + # include ${pkgs.nginx}/conf/fastcgi.conf; + # ''; + # }; + # } // { + # root = "/mnt/medias/iso_linux"; + # extraConfig = '' + # access_log /var/log/nginx/$host.log; + # ''; + # }; + "drive.nyanlout.re" = base { "/" = { - index = "/_h5ai/public/index.php"; - extraConfig = '' - dav_ext_methods PROPFIND OPTIONS; - ''; - }; - "~ ^/(_h5ai/public/index|random).php" = { + index = "/index.php"; extraConfig = '' fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass unix:${config.services.phpfpm.pools.work.socket}; + fastcgi_pass unix:${config.services.phpfpm.pools.drive.socket}; include ${pkgs.nginx}/conf/fastcgi_params; include ${pkgs.nginx}/conf/fastcgi.conf; + + client_max_body_size 0; ''; }; } // { - root = "/mnt/medias/iso_linux"; - extraConfig = '' - access_log /var/log/nginx/$host.log; - ''; + root = "/mnt/webdav"; }; + "rspamd.nyanlout.re" = zipAttrsWith (name: vs: if name == "extraConfig" then (concatStrings vs) else elemAt vs 0) [ + (base { + "/" = { + proxyPass = "http://unix:/run/rspamd/worker-controller.sock"; + extraConfig = '' + auth_request_set $cookie $upstream_http_set_cookie; + add_header Set-Cookie $cookie; + ''; + }; + }) + { + extraConfig = '' + include ${nginxSsoAuth}; + ''; + } + ]; }; }; @@ -279,7 +351,10 @@ in }; systemd.services.nginx.serviceConfig = { - ReadWritePaths = "/var/www/hls"; + ReadWritePaths = [ + "/var/www/hls" + "/mnt/webdav" + ]; }; systemd.services.phpfpm-work.serviceConfig = { From d39e2659f796af68cba30c2b5ccb3a61c00f0062 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 11 Oct 2021 10:59:16 +0200 Subject: [PATCH 19/28] disable loki and promtail --- systems/LoutreOS/monitoring.nix | 91 --------------------------------- 1 file changed, 91 deletions(-) diff --git a/systems/LoutreOS/monitoring.nix b/systems/LoutreOS/monitoring.nix index b1ce207..d60beed 100644 --- a/systems/LoutreOS/monitoring.nix +++ b/systems/LoutreOS/monitoring.nix @@ -112,99 +112,8 @@ in ZED_EMAIL_ADDR = [ "paul@nyanlout.re" ]; ZED_NOTIFY_VERBOSE = true; }; - - loki = { - enable = true; - configuration = { - auth_enabled = false; - server.http_listen_port = 3100; - ingester = { - lifecycler = { - address = "127.0.0.1"; - ring = { - kvstore.store = "inmemory"; - replication_factor = 1; - }; - }; - chunk_idle_period = "1h"; - chunk_target_size = 1000000; - }; - schema_config.configs = [ - { - from = "2018-04-15"; - store = "boltdb"; - object_store = "filesystem"; - schema = "v11"; - index = { - prefix = "index_"; - period = "168h"; - }; - } - ]; - storage_config = { - boltdb.directory = "/var/lib/loki/index"; - filesystem.directory = "/var/lib/loki/chunks"; - }; - limits_config = { - enforce_metric_name = false; - reject_old_samples = true; - reject_old_samples_max_age = "168h"; - }; - chunk_store_config.max_look_back_period = "168h"; - table_manager = { - retention_deletes_enabled = true; - retention_period = "168h"; - }; - }; - }; - - promtail = { - enable = true; - configuration = { - server = { - http_listen_port = 9080; - grpc_listen_port = 0; - }; - positions.filename = "/tmp/positions.yaml"; - clients = [ { url = "http://127.0.0.1:3100/loki/api/v1/push"; } ]; - scrape_configs = [ - { - job_name = "nginx"; - static_configs = [ - { - labels = { - job = "nginx"; - __path__ = "/var/log/nginx/*log"; - }; - } - ]; - pipeline_stages = [ - { - match = { - selector = ''{job="nginx"}''; - stages = [ - { - regex.expression = ''^(?P[\w\.]+) - (?P[^ ]*) \[(?P.*)\] "(?P[^ ]*) (?P[^ ]*) (?P[^ ]*)" (?P[\d]+) (?P[\d]+) "(?P[^"]*)" "(?P[^"]*)"?''; - } - { - labels = { - method = null; - request = null; - status = null; - }; - } - ]; - }; - } - ]; - } - ]; - }; - }; }; - systemd.services.promtail.serviceConfig.SupplementaryGroups = [ "nginx" ]; - security.sudo.extraRules = [ { commands = [ { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } ]; users = [ "telegraf" ]; } ]; From d9500e4a24f4b68822d7516421a17a3476c05a2f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 11 Oct 2021 11:00:09 +0200 Subject: [PATCH 20/28] fix transmission config --- systems/LoutreOS/medias.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index a3dac88..98685c9 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -6,6 +6,7 @@ enable = true; home = "/var/lib/transmission"; port = 9091; + group = "medias"; settings = { rpc-bind-address = "127.0.0.1"; rpc-host-whitelist = "*"; @@ -33,7 +34,10 @@ }; }; - systemd.services.transmission.serviceConfig.BindPaths = [ "/mnt/medias" ]; + systemd.services.transmission.serviceConfig = { + BindPaths = [ "/mnt/medias" ]; + LimitNOFILE = 1048576; + }; networking = { firewall.allowedTCPPorts = [ From aecacc75d49045adeb9fffa665a5ab763dd2bb39 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 11 Oct 2021 11:00:25 +0200 Subject: [PATCH 21/28] disable email notification for backup users --- systems/LoutreOS/services.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 9dfefb2..4c4b43d 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -14,7 +14,7 @@ let ''; login_mail_alert = pkgs.writeShellScriptBin "mail_alert.sh" '' - if [ "$PAM_TYPE" != "close_session" ] && [ "$PAM_USER" != "zfspaulfixe" ]; then + if [ "$PAM_TYPE" != "close_session" ] && [ "$PAM_USER" != "zfspaulfixe" ] && [ "$PAM_USER" != "synology" ] && [ "$PAM_USER" != "rezome" ]; then ${sendMail "paul@nyanlout.re" "SSH Login: $PAM_USER from $PAM_RHOST" "`env`"}/bin/mail.sh fi ''; From dc468ea4fe8888bc96f851630927416558cb94f9 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 11 Oct 2021 11:00:40 +0200 Subject: [PATCH 22/28] fix backup config --- systems/LoutreOS/services.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 4c4b43d..2604f68 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -236,6 +236,10 @@ in "/var/sieve" "/var/vmail" ]; + exclude = [ + "/var/lib/radarr/.config/Radarr/radarr.db-wal" + "/var/lib/radarr/.config/Radarr/radarr.db-shm" + ]; repo = "/mnt/backup/borg"; encryption = { mode = "repokey-blake2"; @@ -248,10 +252,11 @@ in monthly = 12; }; preHook = "${pkgs.zfs}/bin/zfs snapshot loutrepool/var/postgresql@borgsnap"; + readWritePaths = [ "/var/lib/postfix/queue/maildrop" ]; postHook = '' ${pkgs.zfs}/bin/zfs destroy loutrepool/var/postgresql@borgsnap if [[ $exitStatus == 0 ]]; then - ${pkgs.rclone}/bin/rclone --config /mnt/secrets/rclone_loutre.conf sync -v $BORG_REPO BackupStorage:loutre + ${pkgs.rclone}/bin/rclone --config /mnt/secrets/rclone_loutre.conf sync -v $BORG_REPO BackupStorage:default else ${backup_mail_alert}/bin/mail.sh fi From 55b5529ea87d945dbc27cb3d6c278d993490272d Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 11 Oct 2021 11:01:46 +0200 Subject: [PATCH 23/28] add minecraft backup user --- systems/LoutreOS/services.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 2604f68..9dbc243 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -270,6 +270,11 @@ in path = "/mnt/backup_loutre/diskstation_borg"; user = "synology"; }; + minecraft-rezome = { + authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc1nGsSesW96k0DPMSt/chjvCrYmfgPgHG1hdUYB5x0pZPdOJaVRIlETWdoFlO+ViviC518B3TF7Qc3oJXPZMchJQl684Nukbc312juf+j9z/KT3dqD8YvKX6o5ynx1Dyq52ftrfkBAEAvzE0OfRljUPbwGBOM0dGRD4R1jbiHquTXpITlbgGTZymbwr4Jr9W9atgf5kHMiX7xOqMZcasDtUE8g+AG4ysHdpjOrBOUM9QeRbVP1bxEFP8xjqOOoET5tbkwektP4B2jaf+EHBPUy2lkwjVEKT6MaSlkJx/wMvUWp25kG9mrXgwUw1bgfOeZIsK6ztcki3l92BJQD9ip shame@minecraft.rezom.eu" ]; + path = "/mnt/backup_loutre/minecraft_rezome"; + user = "rezome"; + }; }; sdtdserver.enable = false; From 01ba2ce633f290f249eafd4f483d70a0230f48a0 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 11 Oct 2021 11:02:59 +0200 Subject: [PATCH 24/28] change home assistant config --- systems/LoutreOS/services.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 9dbc243..4cf1e18 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -323,11 +323,13 @@ in }; influxdb = null; config = null; - frontend.themes = "!include ${pkgs.fetchurl { - url = "https://raw.githubusercontent.com/bbbenji/synthwave-hass/0.3.3.1/themes/synthwave.yaml"; - sha256 = "1n2yhk98cf778z7fdl5bswljhj45nv6bld191rxw7q6ckp235q4h"; - }}"; + dhcp = null; + frontend = null; history = null; + http = { + use_x_forwarded_for = true; + trusted_proxies = [ "127.0.0.1" ]; + }; logbook = null; map = null; mobile_app = null; From 3c348df23e8ea648e10a8306cf1390aa9cb990be Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 11 Oct 2021 11:03:18 +0200 Subject: [PATCH 25/28] change users config --- systems/LoutreOS/users.nix | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/systems/LoutreOS/users.nix b/systems/LoutreOS/users.nix index c20d219..d7def68 100644 --- a/systems/LoutreOS/users.nix +++ b/systems/LoutreOS/users.nix @@ -1,7 +1,7 @@ -{ config, pkgs, ... }: +{ lib, config, pkgs, ... }: { - users.extraUsers = { + users.users = { paul = { uid = 1000; isNormalUser = true; @@ -19,17 +19,30 @@ isNormalUser = true; description = "Victor SENE"; openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCaCc2qcQsd/VPDX1K97zJ/MjObWnTfRkA98xeNnVTeGoMmbf/fW1KszB+3IYCngCKLhliotHEXkqOK24vMLZ9ylVPTIPLNY5OWLFRQSOU/OykP8r4ikDWmMOwI+tqkoBknTUZdA1MN1JmkpE1cWL8vRJ7mnwl/p7xCMHV19N5+UdoIx3bFsm0CCUMIYSaIefoD3tpIzmgVqBkIH4FSmNwvXHwcXhhOTGqXbTJYC/GY2mI0AFvZI3T61ReV325ms7QRQlElXP8Rv8lpjr57VISNjKsPPNvifLjy10RjIS8iNioN6fJ0XBCfKOmm37VX86aFkAgWdpzxGojprOXnViwZEWSegnvKGx8FNx3gB54zF76e6koWS+qnYf9UTdogO6uXhXZb7AoMC9XD0/l6Egh8HzPWAUZtLx74zhB8ufoKmzqOp4YrCK8Cu4N/1UTFyPUoeSCZJdcE/9iqldym06mOi4rDV5cKCzs+Q0bVP8+x8SZ9ajYUH7l4sxjDHtHiyAYniWIxGPO5NazCfx7J+1GGzbtV0HuBwE/U20z+nBy+WZ4MowQTNb2E2uhq4OgQASx7uTKtyhnfT09A3toHZVerfH8ET8YEVnwdYMCA0GHYMOZ48h1ORdE+OLyqRlxjYTCB17Kc2icSL3iv8Yd66vQagy3A+C8OhZP1rdc15bEZnw== openpgp:0x28DF0235" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1r2ZzVnOlmoNoLgrc3+Lx7whO8mzcwUf2p9DiYAVg2zo2zbfubLVG1BAgFDe7y+2HwJIbGDDMNUaT+FAsv0mHRlfdUMXXF3nVsFPWGovo1ks31O5zUI9IE3qFU5AJ7SPICS4lQYox1o594iS1OcwJ7Iu6pjEQRRG1OLVYSILJ994vtGsDxfz1CZ8b7u9oSwHz0E4pdy6epkFSE/+9WsZl+ziDMigYZfubjzUCzMy2uT5Z6t+r6bW6mcxnmYax/YmrRvL/dTeDE64Qf7nugjB0XOKUOKCPN5dtqYRx0fN9aDSRf4ubmyVaYeKudm9vttGHXjSPVWAvow+jUDOq2cGr victor@sene.ovh" - ]; + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCaCc2qcQsd/VPDX1K97zJ/MjObWnTfRkA98xeNnVTeGoMmbf/fW1KszB+3IYCngCKLhliotHEXkqOK24vMLZ9ylVPTIPLNY5OWLFRQSOU/OykP8r4ikDWmMOwI+tqkoBknTUZdA1MN1JmkpE1cWL8vRJ7mnwl/p7xCMHV19N5+UdoIx3bFsm0CCUMIYSaIefoD3tpIzmgVqBkIH4FSmNwvXHwcXhhOTGqXbTJYC/GY2mI0AFvZI3T61ReV325ms7QRQlElXP8Rv8lpjr57VISNjKsPPNvifLjy10RjIS8iNioN6fJ0XBCfKOmm37VX86aFkAgWdpzxGojprOXnViwZEWSegnvKGx8FNx3gB54zF76e6koWS+qnYf9UTdogO6uXhXZb7AoMC9XD0/l6Egh8HzPWAUZtLx74zhB8ufoKmzqOp4YrCK8Cu4N/1UTFyPUoeSCZJdcE/9iqldym06mOi4rDV5cKCzs+Q0bVP8+x8SZ9ajYUH7l4sxjDHtHiyAYniWIxGPO5NazCfx7J+1GGzbtV0HuBwE/U20z+nBy+WZ4MowQTNb2E2uhq4OgQASx7uTKtyhnfT09A3toHZVerfH8ET8YEVnwdYMCA0GHYMOZ48h1ORdE+OLyqRlxjYTCB17Kc2icSL3iv8Yd66vQagy3A+C8OhZP1rdc15bEZnw== openpgp:0x28DF0235" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1r2ZzVnOlmoNoLgrc3+Lx7whO8mzcwUf2p9DiYAVg2zo2zbfubLVG1BAgFDe7y+2HwJIbGDDMNUaT+FAsv0mHRlfdUMXXF3nVsFPWGovo1ks31O5zUI9IE3qFU5AJ7SPICS4lQYox1o594iS1OcwJ7Iu6pjEQRRG1OLVYSILJ994vtGsDxfz1CZ8b7u9oSwHz0E4pdy6epkFSE/+9WsZl+ziDMigYZfubjzUCzMy2uT5Z6t+r6bW6mcxnmYax/YmrRvL/dTeDE64Qf7nugjB0XOKUOKCPN5dtqYRx0fN9aDSRf4ubmyVaYeKudm9vttGHXjSPVWAvow+jUDOq2cGr victor@sene.ovh" + ]; + }; + + amandoleen = { + isNormalUser = true; + description = "Amandine <3"; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRu0M10AfF2nS8Ky9JzQ4cDRbcjmR+LLvENohxTJhW4xwAwN/f2I0ObbiJ5PHC3mXi8V5JqnSaYNdIMXuULDxxc1QEa0aeLw4xIrYw1wEOrHvL9DeYvS289sRgWSb/PvyejEHwcBBm4Xf0/nQNQF462C064Ms56cT3YAOhNBA7ubyCAqd0VW8RHc1mZ5b/owzM7SviXrpcIM5QDPVP2051SxrqGbunAnwe5x2kNDeYqicyIik61rpYe+erhkyvL3WdgC7mHnF8VPKx049zIsfK5UmJwI+rI24cDUT9E6B4XZttpdyJK6i7/6NSYm4nrMXQxCF1tofd5yZK5vpYH8Dyiic5ykhB57kr1QCmck70VMmt77uOoMeGZ+IJCY5oZYcR/n04mUwN9mmRsECcr17a8IDQkmPd8PNbjrNRgtVKDVLtw4HyOPCAfdH+XzEGiMxnZfzq0rLEYU3S4RAkLpe2W3C0fWniEWzSnXj76AGcyJcxIVzrIYg4uzTgNhZlb08vO1ytw9QaEY17Po5YFjBD8fT9Z0UijG3WQBm7AmSrcg/OLP6UOghbnlkZFYpC0hYcbX1sTfdfysw9kT/d8BImQvwBzmJ/YRqHmCejZGTkCCmw8i93EYFm3uVFZypcSe50JV9rx9P7yPtWS4QVOg/6ltlvJiGsz45P87qjA9nO/Q== amandoleen" + ]; }; synology = { uid = 1001; isNormalUser = true; + isSystemUser = lib.mkForce false; description = "Synology Diskstation maison"; }; + rezome = { + description = "Rezome Minecraft backup"; + }; + zfspaulfixe = { uid = 1002; isNormalUser = true; From be9e640d3e847b73dd62933771584ac6d64a4066 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 11 Oct 2021 11:03:49 +0200 Subject: [PATCH 26/28] disable mastodon --- systems/LoutreOS/web.nix | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index a1499b4..99ffe8e 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -332,22 +332,6 @@ in }; python-ci.enable = true; - - mastodon = { - enable = false; - localDomain = "social.nyanlout.re"; - configureNginx = true; - extraConfig = { - SMTP_AUTH_METHOD = "none"; - SMTP_OPENSSL_VERIFY_MODE = "none"; - }; - smtp = { - fromAddress = "social@nyanlout.re"; - user = "social@nyanlout.re"; - authenticate = false; - }; - mediaPruneTimer = true; - }; }; systemd.services.nginx.serviceConfig = { From 57a50c5156c69fe502a56793f03e44e97b3fb019 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 11 Oct 2021 15:35:02 +0200 Subject: [PATCH 27/28] fix cgroup monitoring --- systems/LoutreOS/monitoring.nix | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/systems/LoutreOS/monitoring.nix b/systems/LoutreOS/monitoring.nix index d60beed..29915d2 100644 --- a/systems/LoutreOS/monitoring.nix +++ b/systems/LoutreOS/monitoring.nix @@ -35,15 +35,9 @@ in cgroup = [ { paths = [ - "/sys/fs/cgroup/memory/system.slice/*" + "/sys/fs/cgroup/system.slice/*" ]; - files = ["memory.*usage*" "memory.limit_in_bytes"]; - } - { - paths = [ - "/sys/fs/cgroup/cpu/system.slice/*" - ]; - files = ["cpuacct.usage" "cpu.cfs_period_us" "cpu.cfs_quota_us"]; + files = ["memory.current" "cpu.stat"]; } ]; ipmi_sensor = { path = "${pkgs.ipmitool}/bin/ipmitool"; }; From ff41ad8ebadfd09436d8d2bbf009ba5b35a6bcec Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 14 Oct 2021 12:44:59 +0200 Subject: [PATCH 28/28] channel update --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 4a1328c..faa78ae 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "nixpkgs": { "locked": { - "lastModified": 1633934814, - "narHash": "sha256-OF62Alp2ocacmDMzvRWMduITf87lcuGonxn9eg9uGG8=", + "lastModified": 1634115022, + "narHash": "sha256-K9DZMQ47VRrg9gtTPwex5p0E8LnwM/dDkNe7AQW0qj0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b313502c719069cce2dd6fd1d5e7fc5999b21c70", + "rev": "564cb4d81d4f734dd068684adec5a60077397fe9", "type": "github" }, "original": { @@ -18,11 +18,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1633791597, - "narHash": "sha256-HzpxqTEnqsjkKWfW87kSI3WVizYjUMQeUjSIm3b5I0Y=", + "lastModified": 1633971123, + "narHash": "sha256-WmI4NbH1IPGFWVkuBkKoYgOnxgwSfWDgdZplJlQ93vA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9bf75dd50b7b6d3ce6aaf6563db95f41438b9bdb", + "rev": "e4ef597edfd8a0ba5f12362932fc9b1dd01a0aef", "type": "github" }, "original": {