diff --git a/flake.lock b/flake.lock index ce3f14d..45994b4 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ ] }, "locked": { - "lastModified": 1686668177, - "narHash": "sha256-sr4VMrsUG3ePrk8HNL2OeQ/gDqqnGRjzzzDSxRf65lo=", + "lastModified": 1635873573, + "narHash": "sha256-KcrFb8HSNcVTtYNXoUwZxW531cQn6T3YBU6Goo5G9mo=", "owner": "nyanloutre", "repo": "dogetipbot-telegram", - "rev": "baafc544b59db91dbe9466565e2f224e3aa76f7b", + "rev": "e781adbbeda8aa0cbaef47558fc28f9e1dd162fb", "type": "gitlab" }, "original": { @@ -37,22 +37,6 @@ "type": "gitlab" } }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1668681692, - "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "009399224d5e398d03b22badca40a37ac85412a1", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-utils": { "locked": { "lastModified": 1638122382, @@ -91,26 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1686513595, - "narHash": "sha256-H3JNqj7TEiMx5rd8lRiONvgFZvmf3kmwHI2umDdqgFY=", + "lastModified": 1686035213, + "narHash": "sha256-hRcXUoVWWuLqFzQ1QVQx4ewvbnst1NkCxoZhmpzrilA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bb8b5735d6f7e06b9ddd27de115b0600c1ffbdb4", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-23.05", - "type": "indirect" - } - }, - "nixpkgs-22_11": { - "locked": { - "lastModified": 1669558522, - "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", + "rev": "d83945caa7624015f11b152bf5c6c4363ffe9f7c", "type": "github" }, "original": { @@ -121,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1686501370, - "narHash": "sha256-G0WuM9fqTPRc2URKP9Lgi5nhZMqsfHGrdEbrLvAPJcg=", + "lastModified": 1686135559, + "narHash": "sha256-pY8waAV8K/sbHBdLn5diPFnQKpNg0YS9w03MrD2lUGE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "75a5ebf473cd60148ba9aec0d219f72e5cf52519", + "rev": "381e92a35e2d196fdd6077680dca0cd0197e75cb", "type": "github" }, "original": { @@ -147,27 +116,25 @@ "simple-nixos-mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat", "nixpkgs": [ "nixpkgs-unstable" ], - "nixpkgs-22_11": "nixpkgs-22_11", - "nixpkgs-23_05": [ + "nixpkgs-22_11": [ "nixpkgs" ], "utils": "utils" }, "locked": { - "lastModified": 1686496219, - "narHash": "sha256-8zXZ/813yzaRA84js98G3XQ3GEEzFGnxhjvVyxkEey0=", + "lastModified": 1671659164, + "narHash": "sha256-DbpT+v1POwFOInbrDL+vMbYV3mVbTkMxmJ5j50QnOcA=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "4966c0f63f04659015f064f2aa34b1893a16dfde", + "rev": "bc667fb6afc45f6cc2d118ab77658faf2227cffd", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-23.05", + "ref": "nixos-22.11", "repo": "nixos-mailserver", "type": "gitlab" } diff --git a/flake.nix b/flake.nix index d6de1f2..e9ef184 100644 --- a/flake.nix +++ b/flake.nix @@ -1,13 +1,13 @@ { inputs = { - nixpkgs.url = "flake:nixpkgs/nixos-23.05"; + nixpkgs.url = "flake:nixpkgs/nixos-22.11"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; utils.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.3.1"; simple-nixos-mailserver = { - url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05"; + url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.11"; inputs = { nixpkgs.follows = "nixpkgs-unstable"; - nixpkgs-23_05.follows = "nixpkgs"; + nixpkgs-22_11.follows = "nixpkgs"; }; }; dogetipbot-telegram = { @@ -46,6 +46,7 @@ ]; hosts.loutreos.modules = [ + "${nixpkgs-unstable}/nixos/modules/services/web-apps/photoprism.nix" simple-nixos-mailserver.nixosModule dogetipbot-telegram.nixosModule ipmihddtemp.nixosModule diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 720c7d7..e292f44 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -22,7 +22,7 @@ supportedFilesystems = [ "zfs" ]; - tmp.useTmpfs = true; + tmpOnTmpfs = true; }; documentation.nixos.enable = false; @@ -57,6 +57,10 @@ id = 100; interface = "eno1"; }; + chinoiseries = { + id = 20; + interface = "eno2"; + }; }; interfaces = { @@ -70,6 +74,11 @@ { address = "10.30.0.1"; prefixLength = 16; } ]; }; + chinoiseries = { + ipv4.addresses = [ + { address = "10.40.0.1"; prefixLength = 16; } + ]; + }; enp0s21u2.useDHCP = true; }; @@ -79,8 +88,8 @@ externalInterface = "bouygues"; # Permet d'utiliser le SNAT plus rapide au lieu de MASQUERADE # externalIP = "0.0.0.0"; - internalIPs = [ "10.30.0.0/16" ]; - internalInterfaces = [ "eno2" ]; + internalIPs = [ "10.30.0.0/16" "10.40.0.0/16" ]; + internalInterfaces = [ "eno2" "chinoiseries" ]; forwardPorts = [ { destination = "10.30.0.1:22"; proto = "tcp"; sourcePort = 8443;} { destination = "10.30.135.35:25565"; proto = "tcp"; sourcePort = 25565; loopbackIPs=[ "195.36.180.44" ];} @@ -123,7 +132,7 @@ services.dhcpd4 = { enable = true; - interfaces = [ "eno2" ]; + interfaces = [ "eno2" "chinoiseries" ]; machines = [ { ethernetAddress = "50:c7:bf:b6:b8:ef"; hostName = "HS110"; ipAddress = "10.30.50.7"; } { ethernetAddress = "ac:1f:6b:4b:01:15"; hostName = "IPMI"; ipAddress = "10.30.1.1"; } @@ -133,6 +142,11 @@ { ethernetAddress = "e0:98:06:85:e9:ce"; hostName = "salonled"; ipAddress = "10.30.40.1"; } { ethernetAddress = "e0:98:06:86:38:fc"; hostName = "bureauled"; ipAddress = "10.30.40.2"; } { ethernetAddress = "50:02:91:78:be:be"; hostName = "guirlande"; ipAddress = "10.30.40.3"; } + + # YeeLights + { ethernetAddress = "04:cf:8c:b5:7e:18"; hostName = "yeelink-light-color3_miap7e18"; ipAddress = "10.40.249.0"; } + { ethernetAddress = "04:cf:8c:b5:2d:28"; hostName = "yeelink-light-color3_miap2d28"; ipAddress = "10.40.249.1"; } + { ethernetAddress = "04:cf:8c:b5:71:04"; hostName = "yeelink-light-color3_miap7104"; ipAddress = "10.40.249.2"; } ]; extraConfig = '' option domain-name-servers 89.234.141.66, 80.67.169.12, 80.67.169.40; @@ -141,6 +155,10 @@ option routers 10.30.0.1; range 10.30.100.0 10.30.200.0; } + subnet 10.40.0.0 netmask 255.255.0.0 { + option routers 10.40.0.1; + range 10.40.100.0 10.40.200.0; + } ''; }; @@ -150,11 +168,9 @@ services.openssh = { enable = true; - settings = { - PermitRootLogin = "no"; - PasswordAuthentication = false; - X11Forwarding = true; - }; + permitRootLogin = "no"; + passwordAuthentication = false; + forwardX11 = true; }; users = { diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 39d1e2a..e028104 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -62,7 +62,7 @@ in }; # Certificate setup - certificateScheme = "manual"; + certificateScheme = 1; certificateFile = "/var/lib/acme/${domaine}/fullchain.pem"; keyFile = "/var/lib/acme/${domaine}/key.pem"; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 52bf009..243d4d7 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -262,7 +262,7 @@ in }; }; "ci.nyanlout.re" = simpleReverse 52350; - "gitea.nyanlout.re" = simpleReverse config.services.gitea.settings.server.HTTP_PORT; + "gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort; "musique.nyanlout.re" = simpleReverse config.services.navidrome.settings.Port; "photo.nyanlout.re" = recursiveUpdate (simpleReverse config.services.photoprism.port) { locations."/" = { @@ -350,16 +350,14 @@ in gitea = { enable = true; + httpPort = 3001; + rootUrl = "https://gitea.nyanlout.re/"; database = { type = "postgres"; port = 5432; passwordFile = "/var/lib/gitea/custom/conf/database_password"; }; settings = { - server = { - HTTP_PORT = 3001; - ROOT_URL = "https://gitea.nyanlout.re/"; - }; ui.DEFAULT_THEME = "arc-green"; log.LEVEL = "Warn"; service.DISABLE_REGISTRATION = true;