diff --git a/flake.nix b/flake.nix index 18f2591..ca27da5 100644 --- a/flake.nix +++ b/flake.nix @@ -41,9 +41,8 @@ ]; }; - nixosConfigurations.loutreos = nixpkgs.lib.nixosSystem { + nixosConfigurations.loutreos = nixpkgs-unstable.lib.nixosSystem { system = "x86_64-linux"; - specialArgs = { inherit nixpkgs-unstable; }; modules = [ nixpkgs-unstable.nixosModules.notDetected simple-nixos-mailserver.nixosModule diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 5da49ec..77a4c9b 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -107,6 +107,15 @@ ]; }; extraCommands = '' + ip6tables -w -D FORWARD -j loutreos-forward 2>/dev/null || true + ip6tables -w -F loutreos-forward 2>/dev/null || true + ip6tables -w -X loutreos-forward 2>/dev/null || true + ip6tables -w -N loutreos-forward + ip6tables -A loutreos-forward -m state --state RELATED,ESTABLISHED -j ACCEPT + ip6tables -A loutreos-forward -j ACCEPT -i eno2 + ip6tables -A loutreos-forward -j nixos-fw-log-refuse + ip6tables -w -A FORWARD -j loutreos-forward + # Redirect local network request from server external IP to internal IP # Make the server available even without internet access iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true @@ -130,7 +139,6 @@ }; dhcpPrefixDelegationConfig.SubnetId = "0"; }; - "40-eno1".linkConfig.RequiredForOnline = "no"; "40-eno2" = { networkConfig = { IPv6SendRA = true; @@ -226,7 +234,7 @@ # -R 127.0.0.1:2525:127.0.0.1:25 redirect SMTP port on VPS port 2525 services.autossh.sessions = [ { - extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 loutre@vps772619.ovh.net"; + extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 -R 127.0.0.1:2525:127.0.0.1:25 loutre@vps772619.ovh.net"; monitoringPort = 20000; name = "backup-ssh-reverse"; user = "autossh"; diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index 720b883..b32d6f1 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -158,11 +158,6 @@ fsType = "zfs"; }; - fileSystems."/var/lib/nextcloud" = - { device = "loutrepool/var/nextcloud"; - fsType = "zfs"; - }; - fileSystems."/var/lib/private/photoprism" = { device = "loutrepool/var/photoprism"; fsType = "zfs"; diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index 6c3fa2b..39bf858 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -1,10 +1,10 @@ -{ config, lib, pkgs, nixpkgs-unstable, ... }: +{ config, lib, pkgs, inputs, ... }: { services = { transmission = { enable = true; - package = nixpkgs-unstable.legacyPackages.x86_64-linux.transmission_4; + package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.transmission_4; home = "/var/lib/transmission"; group = "medias"; settings = { @@ -20,17 +20,17 @@ radarr = { enable = true; - package = nixpkgs-unstable.legacyPackages.x86_64-linux.radarr; + package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.radarr; }; sonarr = { enable = true; - package = nixpkgs-unstable.legacyPackages.x86_64-linux.sonarr; + package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.sonarr; }; prowlarr.enable = true; jellyfin = { enable = true; - package = nixpkgs-unstable.legacyPackages.x86_64-linux.jellyfin; + package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.jellyfin; }; navidrome = { diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 9fda161..0d82934 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -302,17 +302,14 @@ in # }; "drive.nyanlout.re" = base { "/" = { + index = "/index.php"; extraConfig = '' fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:${config.services.phpfpm.pools.drive.socket}; include ${pkgs.nginx}/conf/fastcgi_params; include ${pkgs.nginx}/conf/fastcgi.conf; - fastcgi_param SCRIPT_FILENAME $document_root/index.php; - fastcgi_intercept_errors on; - fastcgi_buffers 64 4K; - client_body_temp_path /mnt/webdav/tmp_upload; - client_max_body_size 0; - proxy_request_buffering off; + + client_max_body_size 0; ''; }; } // { @@ -348,10 +345,6 @@ in "challenge.amandoline-creations.fr" = base { "/".alias = "/var/www/amandoline-challenge/"; }; - ${config.services.nextcloud.hostName} = { - forceSSL = true; - enableACME = true; - }; }; }; @@ -388,20 +381,6 @@ in # enable = true; # package = pkgs.mariadb; # }; - - nextcloud = { - enable = true; - package = pkgs.nextcloud29; - hostName = "cloud.nyanlout.re"; - database.createLocally = true; - https = true; - maxUploadSize = "16G"; - config = { - dbtype = "pgsql"; - adminpassFile = "$CREDENTIALS_DIRECTORY/nextcloud_admin.pass"; - }; - }; - }; systemd.services.nginx.serviceConfig = { @@ -418,16 +397,6 @@ in ]; }; - systemd.services.phpfpm-drive.serviceConfig = { - ReadWritePaths = [ - "/mnt/webdav" - ]; - }; - - systemd.services.nextcloud-setup.serviceConfig = { - LoadCredential = "nextcloud_admin.pass:/mnt/secrets/nextcloud_admin.pass"; - }; - systemd.services.site-musique = let djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_3 pillow setuptools ])); in {