diff --git a/overlays/dogetipbot-telegram.nix b/overlays/dogetipbot-telegram.nix new file mode 100644 index 0000000..162b5f5 --- /dev/null +++ b/overlays/dogetipbot-telegram.nix @@ -0,0 +1,9 @@ +self: super: + +{ + dogetipbot-telegram = super.callPackage (super.fetchgit { + url = "https://gitlab.com/nyanloutre/dogetipbot-telegram.git"; + rev = "a63408de18d447983d65a51f176c35e434327517"; + sha256 = "12y7yd114cz64blgnyljpnnqbycsp0f1ljzaiqq05a5xa4pjvwyf"; + }) { pkgs = self; }; +} diff --git a/services/auto-pr.nix b/services/auto-pr.nix new file mode 100644 index 0000000..6e80885 --- /dev/null +++ b/services/auto-pr.nix @@ -0,0 +1,44 @@ +{lib, config, pkgs, ... }: + +with lib; + +let + cfg = config.services.auto-pr; +in +{ + options.services.auto-pr = { + enable = mkEnableOption "Cron job PR mise à jour automatique"; + }; + + config = mkIf cfg.enable { + + systemd.services.auto-pr-bot = { + description = "Création d'un PR si mise à jour"; + requires = ["network-online.target"]; + environment = { HOME = "/var/lib/auto-pr-bot"; }; + serviceConfig = { + DynamicUser = true; + CacheDirectory = "auto-pr-bot"; + StateDirectory = "auto-pr-bot"; + Type = "oneshot"; + ExecStart = with pkgs; + let env = python3Packages.python.buildEnv.override { + extraLibs = [ python3Packages.PyGithub python3Packages.pyjwt python3Packages.colorama ]; + ignoreCollisions = true; + }; + in "${pkgs.writeShellScriptBin "run.sh" '' + ${env}/bin/python ${pkgs.writeScript "pr-autobot.py" "${readFile ./pr-autobot.py}"} --private-key /var/lib/auto-pr-bot/private-key.pem --app-id 19565 --installation-id 407088 --repo nyanloutre/nixpkgs --cache-dir /var/cache/auto-pr-bot --version 19.09 + ''}/bin/run.sh"; + }; + }; + + systemd.timers.auto-pr-bot = { + description = "Timer auto PR bot"; + requires = ["network-online.target"]; + wantedBy = ["multi-user.target"]; + timerConfig = { OnCalendar = "daily"; Unit = "auto-pr-bot.service"; }; + }; + + }; + +} diff --git a/services/pr-autobot.py b/services/pr-autobot.py new file mode 100755 index 0000000..c97a2c9 --- /dev/null +++ b/services/pr-autobot.py @@ -0,0 +1,75 @@ +#!/usr/bin/env python + +import jwt, time, urllib.request, json, datetime, argparse, sys, textwrap +from github import Github +from colorama import Fore, Style +from time import sleep + +parser = argparse.ArgumentParser(description='Create PR to update nixpkgs fork') +parser.add_argument('--private-key') +parser.add_argument('--app-id') +parser.add_argument('--installation-id') +parser.add_argument('--repo') +parser.add_argument('--cache-dir') +parser.add_argument('--version') +args = vars(parser.parse_args()) + +channel_req = urllib.request.Request(url='https://nixos.org/channels/nixos-' + args["version"] + '/git-revision') +latest_commit = urllib.request.urlopen(channel_req).read().decode('utf-8') +try: + previous_commit = open(args['cache_dir'] + '/git-revision', 'r').read() +except FileNotFoundError: + open(args['cache_dir'] + '/git-revision', 'w').write(latest_commit) + print("Premier lancement, le hash du dernier commit à été sauvegardé") + sys.exit(0) + +print("Dernier commit : " + latest_commit) +print("Commit précédent : " + previous_commit) + +if latest_commit != previous_commit: + bearer_token = jwt.encode({ + 'iat': int(time.time()), + 'exp': int(time.time()) + (10 * 60), + 'iss': args['app_id'] + }, + open(args['private_key'],"r").read(), + algorithm='RS256') + + req = urllib.request.Request(url='https://api.github.com/app/installations/' + + args['installation_id'] + + '/access_tokens', + method='POST') + + req.add_header('Authorization', 'Bearer ' + bearer_token.decode('utf-8')) + req.add_header('Accept', 'application/vnd.github.machine-man-preview+json') + + token = json.loads(urllib.request.urlopen(req).read().decode('utf-8'))['token'] + + g = Github(token) + repo = g.get_repo(args['repo']) + + branch = "upgrade-" + datetime.datetime.now().strftime('%Y-%m-%d') + '-' + latest_commit[:11]; + + repo.create_git_ref('refs/heads/' + branch, latest_commit) + + pr_message = textwrap.dedent("""\ + ### Pull request automatique + ### Avancement mise à jour + - [ ] Fusionner la branche + """) + + pr = repo.create_pull(title=branch, body=pr_message, base='nixos-' + args["version"], head=branch) + + print("Pull request numéro " + str(pr.number) + " créée") + print("URL : " + pr.html_url) + + while pr.mergeable == None: + pr = repo.get_pull(pr.number) + sleep(1) + + pr.edit(body = pr.body + "\n- [ ] Exécuter `nixos-rebuild -I nixpkgs=https://github.com/nyanloutre/nixpkgs/archive/" + pr.merge_commit_sha + ".tar.gz switch`") + print("État : " + ((Fore.GREEN + "Fusionnable") if pr.mergeable else (Fore.RED + "Conflit")) + Style.RESET_ALL) + + open(args['cache_dir'] + '/git-revision', 'w').write(latest_commit) +else: + print(Fore.GREEN + "Aucun changement détecté" + Style.RESET_ALL) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 17e4955..9b8d3d2 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -40,8 +40,6 @@ in autoScrub.enable = true; }; - hardware.usbWwan.enable = true; - # eno1 -> VLAN100 -> Internet # eno2 -> LAN # eno3 -> Legacy client DHCP @@ -55,22 +53,13 @@ in persistent = true; extraConfig = '' interface bouyges - metric 10 noarp - interface enp0s21u2 - metric 999 ''; }; - vlans = { - bouyges = { - id = 100; - interface = "eno1"; - }; - chinoiseries = { - id = 20; - interface = "eno2"; - }; + vlans.bouyges = { + id = 100; + interface = "eno1"; }; interfaces = { @@ -84,11 +73,6 @@ in { address = "10.30.0.1"; prefixLength = 16; } ]; }; - chinoiseries = { - ipv4.addresses = [ - { address = "10.40.0.1"; prefixLength = 16; } - ]; - }; }; # NAT bouyges <-> eno2 @@ -97,8 +81,8 @@ in externalInterface = "bouyges"; # Permet d'utiliser le SNAT plus rapide au lieu de MASQUERADE # externalIP = "0.0.0.0"; - internalIPs = [ "10.30.0.0/16" "10.40.0.0/16" ]; - internalInterfaces = [ "eno2" "chinoiseries" ]; + internalIPs = [ "10.30.0.0/16" ]; + internalInterfaces = [ "eno2" ]; forwardPorts = [ { destination = "10.30.0.1:22"; proto = "tcp"; sourcePort = 8443;} { destination = "10.30.135.35:25565"; proto = "tcp"; sourcePort = 25565; loopbackIPs=[ "195.36.180.44" ];} @@ -125,29 +109,19 @@ in services.dhcpd4 = { enable = true; - interfaces = [ "eno2" "chinoiseries" ]; + interfaces = [ "eno2" ]; machines = [ { ethernetAddress = "50:c7:bf:b6:b8:ef"; hostName = "HS110"; ipAddress = "10.30.50.7"; } { ethernetAddress = "ac:1f:6b:4b:01:15"; hostName = "IPMI"; ipAddress = "10.30.1.1"; } { ethernetAddress = "00:1f:c6:6e:d1:f1"; hostName = "minecraftos"; ipAddress = "10.30.135.35"; } - { ethernetAddress = "b4:2e:99:ed:24:26"; hostName = "paul-fixe"; ipAddress = "10.30.135.71"; } - - # YeeLights - { ethernetAddress = "04:cf:8c:b5:7e:18"; hostName = "yeelink-light-color3_miap7e18"; ipAddress = "10.40.249.0"; } - { ethernetAddress = "04:cf:8c:b5:2d:28"; hostName = "yeelink-light-color3_miap2d28"; ipAddress = "10.40.249.1"; } - { ethernetAddress = "04:cf:8c:b5:71:04"; hostName = "yeelink-light-color3_miap7104"; ipAddress = "10.40.249.2"; } ]; extraConfig = '' option domain-name-servers 89.234.141.66, 80.67.169.12, 80.67.169.40; option subnet-mask 255.255.0.0; + option routers 10.30.0.1; subnet 10.30.0.0 netmask 255.255.0.0 { - option routers 10.30.0.1; range 10.30.50.0 10.30.250.0; } - subnet 10.40.0.0 netmask 255.255.0.0 { - option routers 10.40.0.1; - range 10.40.50.0 10.40.250.0; - } ''; }; @@ -159,20 +133,8 @@ in enable = true; permitRootLogin = "no"; passwordAuthentication = false; - forwardX11 = true; }; - users = { - groups.autossh = { }; - users.autossh = { - home = "/home/autossh"; - createHome = true; - group = "autossh"; - }; - }; - - services.autossh.sessions = [ { extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 loutre@vps772619.ovh.net"; monitoringPort = 20000; name = "backup-ssh-reverse"; user = "autossh"; } ]; - security.sudo.wheelNeedsPassword = false; system.stateVersion = "18.03"; diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index 7bfc7fe..712bb63 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -72,11 +72,6 @@ fsType = "zfs"; }; - fileSystems."/mnt/medias/incomplete" = - { device = "loutrepool/torrent-dl"; - fsType = "zfs"; - }; - fileSystems."/mnt/medias" = { device = "loutrepool/medias"; fsType = "zfs"; diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index eea4617..6b92d33 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -10,7 +10,6 @@ rpc-host-whitelist = "*"; rpc-whitelist-enabled = false; peer-port = 51413; - incomplete-dir = "/mnt/medias/incomplete"; }; }; diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 0a095c4..3e1bd25 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -25,6 +25,7 @@ in { imports = [ ../../services/mail-server.nix + ../../services/auto-pr.nix ../../services/python-ci.nix ../../services/sdtdserver.nix ../../containers/vsftpd.nix @@ -34,6 +35,10 @@ in ./web.nix ]; + nixpkgs.overlays = [ + (import ../../overlays/dogetipbot-telegram.nix) + ]; + services = { fail2ban.enable = true; @@ -200,6 +205,8 @@ in }; }; + auto-pr.enable = true; + sdtdserver.enable = false; factorio = { @@ -233,118 +240,23 @@ in white-list = true; }; }; - - kresd = { - enable = true; - }; - - home-assistant = { - enable = true; - # package = pkgs.home-assistant.override { - # extraPackages = ps: with ps; [ aiohttp-cors netdisco zeroconf ]; - # }; - config = { - default_config = null; - yeelight.devices = { - "10.40.249.0".name = "Chambre"; - "10.40.249.1".name = "Bureau"; - "10.40.249.2".name = "Cuisine"; - }; - light = [ - { - platform = "group"; - name = "Salon"; - entities = [ - "light.bureau" - "light.cuisine" - ]; - } - ]; - media_player = [ - { - platform = "squeezebox"; - host = "10.30.0.1"; - } - ]; - switch = [ - { - platform = "wake_on_lan"; - name = "PC Fixe"; - mac = "b4:2e:99:ed:24:26"; - host = "10.30.135.71"; - broadcast_address = "10.30.255.255"; - } - ]; - automation = [ - { - alias = "Aziz lumière"; - trigger = [ - { - platform = "sun"; - event = "sunset"; - offset = "-01:00:00"; - } - { - platform = "state"; - entity_id = "person.paul"; - to = "home"; - } - ]; - condition = [ - { - condition = "state"; - entity_id = "person.paul"; - state = "home"; - } - { - condition = "time"; - after = "16:00:00"; - before = "23:00:00"; - } - ]; - action = { - service = "light.turn_on"; - entity_id = "light.salon"; - }; - } - { - alias = "Adios"; - trigger = { - platform = "state"; - entity_id = "person.paul"; - to = "not_home"; - }; - action = [ - { - service = "light.turn_off"; - entity_id = "all"; - } - { - service = "media_player.media_pause"; - entity_id = "all"; - } - ]; - } - ]; - }; - }; }; - systemd.services.dogetipbot-telegram = let - dogetipbot-telegram = pkgs.callPackage (pkgs.fetchgit { - url = "https://gitlab.com/nyanloutre/dogetipbot-telegram.git"; - rev = "18c875a2e4b98221523818515a1eecb9c5aeb093"; - sha256 = "0mhv00y1c2py425wxl13if6nlv97xk5k6flf772jj1yaxipjdmpn"; - }) { inherit pkgs; }; - in { + systemd.services.dogetipbot-telegram = { after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - script = "${dogetipbot-telegram}/bin/dogetipbot-telegram --db-path $STATE_DIRECTORY/users.db"; + script = "${pkgs.dogetipbot-telegram}/bin/dogetipbot-telegram --block-io-api-key $BLOCK_IO_API_KEY --block-io-pin $BLOCK_IO_PIN --telegram-api-key $TELEGRAM_API_KEY --network DOGE"; enable = true; serviceConfig = { EnvironmentFile = "/mnt/secrets/dogetipbot-telegram_env"; DynamicUser = true; - StateDirectory = "dogetipbot"; + }; + }; + + systemd.services.matrix-synapse = { + serviceConfig = { + MemoryHigh = "3G"; + MemoryMax = "5G"; }; }; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index f771e89..a8f3399 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -184,11 +184,6 @@ in "emby.nyanlout.re" = simpleReverse 8096; "ci.nyanlout.re" = simpleReverse 52350; "gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort; - "apart.nyanlout.re" = recursiveUpdate (simpleReverse config.services.home-assistant.port) { - locations."/" = { - proxyWebsockets = true; - }; - }; }; appendConfig = let rootLocation = config.services.nginx.virtualHosts."stream.nyanlout.re".locations."/".root;