nyanloutre/nixos-config
1
1
Fork 1
Code Issues Pull requests Releases Wiki Activity

Compare commits

base: nyanloutre:3e440a97762e7146ebdd35c17117017ee21ec464
Branches Tags
nyanloutre:master
..
compare: nyanloutre:c2c0d2bb05ee678aab19a59780f9011aea041ae1
Branches Tags
nyanloutre:master

No commits in common. "3e440a97762e7146ebdd35c17117017ee21ec464" and "c2c0d2bb05ee678aab19a59780f9011aea041ae1" have entirely different histories.
3e440a9776 ... c2c0d2bb05

5 changed files with 64 additions and 295 deletions
Show stats Expand all files Collapse all files

2
systems/LoutreOS/configuration.nix
View file

@ -32,8 +32,6 @@ in
"nixos-config=/etc/nixos/configuration.nix"
];
documentation.nixos.enable = false;
nixpkgs.config.allowUnfree = false;
nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem pkg.pname or (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.32.0-slimserver" "minecraft-server" ]);

7
systems/LoutreOS/medias.nix
View file

@ -29,12 +29,9 @@
dataDir = "/var/lib/slimserver";
};
navidrome = {
airsonic = {
enable = true;
settings = {
MusicFolder = "/mnt/medias/musique";
ImageCacheSize = 0;
};
maxMemory = 500;
};
};

91
systems/LoutreOS/monitoring.nix
View file

@ -112,99 +112,8 @@ in
ZED_EMAIL_ADDR = [ "paul@nyanlout.re" ];
ZED_NOTIFY_VERBOSE = true;
};
loki = {
enable = true;
configuration = {
auth_enabled = false;
server.http_listen_port = 3100;
ingester = {
lifecycler = {
address = "127.0.0.1";
ring = {
kvstore.store = "inmemory";
replication_factor = 1;
};
};
chunk_idle_period = "1h";
chunk_target_size = 1000000;
};
schema_config.configs = [
{
from = "2018-04-15";
store = "boltdb";
object_store = "filesystem";
schema = "v11";
index = {
prefix = "index_";
period = "168h";
};
}
];
storage_config = {
boltdb.directory = "/var/lib/loki/index";
filesystem.directory = "/var/lib/loki/chunks";
};
limits_config = {
enforce_metric_name = false;
reject_old_samples = true;
reject_old_samples_max_age = "168h";
};
chunk_store_config.max_look_back_period = "168h";
table_manager = {
retention_deletes_enabled = true;
retention_period = "168h";
};
};
};
promtail = {
enable = true;
configuration = {
server = {
http_listen_port = 9080;
grpc_listen_port = 0;
};
positions.filename = "/tmp/positions.yaml";
clients = [ { url = "http://127.0.0.1:3100/loki/api/v1/push"; } ];
scrape_configs = [
{
job_name = "nginx";
static_configs = [
{
labels = {
job = "nginx";
__path__ = "/var/log/nginx/*log";
};
}
];
pipeline_stages = [
{
match = {
selector = ''{job="nginx"}'';
stages = [
{
regex.expression = ''^(?P<remote_addr>[\w\.]+) - (?P<remote_user>[^ ]*) \[(?P<time_local>.*)\] "(?P<method>[^ ]*) (?P<request>[^ ]*) (?P<protocol>[^ ]*)" (?P<status>[\d]+) (?P<body_bytes_sent>[\d]+) "(?P<http_referer>[^"]*)" "(?P<http_user_agent>[^"]*)"?'';
}
{
labels = {
method = null;
request = null;
status = null;
};
}
];
};
}
];
}
];
};
};
};
systemd.services.promtail.serviceConfig.SupplementaryGroups = [ "nginx" ];
security.sudo.extraRules = [
{ commands = [ { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } ]; users = [ "telegraf" ]; }
];

202
systems/LoutreOS/services.nix
View file

@ -27,7 +27,7 @@ in
../../services/mail-server.nix
../../services/python-ci.nix
../../services/sdtdserver.nix
# ../../containers/vsftpd.nix
../../containers/vsftpd.nix
# /mnt/secrets/factorio_secrets.nix
./monitoring.nix
./medias.nix
@ -35,22 +35,6 @@ in
];
services = {
redis.enable = true;
logrotate = {
enable = true;
paths = {
nginx = {
path = "/var/log/nginx/*.log";
user = config.services.nginx.user;
group = config.services.nginx.group;
keep = 7;
extraConfig = ''
compress
'';
};
};
};
fail2ban.enable = true;
@ -279,7 +263,6 @@ in
"10.40.249.1".name = "Bureau";
"10.40.249.2".name = "Cuisine";
};
zha = null;
esphome = null;
light = [
{
@ -403,27 +386,7 @@ in
];
automation = let
min_sun_elevation = 4;
switch_chambre = {
domain = "zha";
platform = "device";
device_id = "3329ecdcad244e5e8fc0f4b96d52ffe1";
};
switch_entree = {
domain = "zha";
platform = "device";
device_id = "7cd814190ec543dba76a7aa7e7996c41";
};
remote = {
domain = "zha";
platform = "device";
device_id = "d1230b76264e483388a8fdaad4f44143";
};
in [
# ENTREE
{
alias = "Aziz lumière";
trigger = [
@ -433,6 +396,11 @@ in
value_template = "{{ state.attributes.elevation }}";
below = min_sun_elevation;
}
{
platform = "state";
entity_id = "person.paul";
to = "home";
}
];
condition = [
{
@ -445,34 +413,27 @@ in
condition = "template";
value_template = "{{ state_attr('sun.sun', 'elevation') < ${toString min_sun_elevation} }}";
}
# All lights off
{
condition = "template";
value_template = ''
{% set domain = 'light' %}
{% set state = 'off' %}
{{ states[domain] | count == states[domain] | selectattr('state','eq', state) | list | count }}
'';
}
];
action = {
scene = "scene.home";
};
}
{
alias = "Aziz lumière switch";
trigger = {
type = "remote_button_short_press";
subtype = "turn_on";
} // switch_entree;
action = {
scene = "scene.home";
};
}
{
alias = "Adios";
trigger = [
{
platform = "state";
entity_id = "person.paul";
to = "not_home";
}
({
type = "remote_button_short_press";
subtype = "turn_off";
} // switch_entree)
];
trigger = {
platform = "state";
entity_id = "person.paul";
to = "not_home";
};
action = [
{
service = "light.turn_off";
@ -484,129 +445,6 @@ in
}
];
}
# REMOTE
{
alias = "Button toggle";
trigger = {
type = "remote_button_short_press";
subtype = "turn_on";
} // remote;
action = {
choose = {
conditions = {
condition = "template";
value_template = ''
{% set domain = 'light' %}
{% set state = 'off' %}
{{ states[domain] | count == states[domain] | selectattr('state','eq',state) | list | count }}
'';
};
sequence = {
scene = "scene.home";
};
};
default = {
service = "light.turn_off";
entity_id = "all";
};
};
}
{
alias = "Button scene movie";
trigger = {
type = "remote_button_short_press";
subtype = "right";
} // remote;
action = {
scene = "scene.movie";
};
}
{
alias = "Button scene home";
trigger = {
type = "remote_button_short_press";
subtype = "left";
} // remote;
action = {
scene = "scene.home";
};
}
{
alias = "Button light up";
trigger = {
type = "remote_button_short_press";
subtype = "dim_up";
} // remote;
action = {
service = "light.turn_on";
entity_id = "light.salon";
data = {
brightness_step = 25;
};
};
}
{
alias = "Button light down";
trigger = {
type = "remote_button_short_press";
subtype = "dim_down";
} // remote;
action = {
service = "light.turn_on";
entity_id = "light.salon";
data = {
brightness_step = -25;
};
};
}
# CHAMBRE
{
alias = "Button scene night";
trigger = {
type = "remote_button_short_press";
subtype = "turn_on";
} // switch_chambre;
action = {
scene = "scene.night";
};
}
{
alias = "Button scene dodo";
trigger = {
type = "remote_button_short_press";
subtype = "turn_off";
} // switch_chambre;
action = {
service = "light.turn_off";
entity_id = "all";
};
}
{
alias = "Button scene lumière chambre ON";
trigger = {
type = "remote_button_long_press";
subtype = "dim_up";
} // switch_chambre;
action = {
service = "light.turn_on";
entity_id = "light.chambre";
};
}
{
alias = "Button scene lumière chambre OFF";
trigger = {
type = "remote_button_long_press";
subtype = "dim_down";
} // switch_chambre;
action = {
service = "light.turn_off";
entity_id = "light.chambre";
};
}
];
};
};

57
systems/LoutreOS/web.nix
View file

@ -57,7 +57,6 @@ in
services = {
phpfpm.pools.work = {
user = config.users.users.work.name;
phpPackage = pkgs.php.withExtensions ({ all, ... }: with all; [ redis filter ]);
settings = {
"listen.owner" = config.services.nginx.user;
"pm" = "dynamic";
@ -71,7 +70,7 @@ in
nginx = {
enable = true;
package = pkgs.nginx.override {
modules = with pkgs.nginxModules; [ dav ];
modules = with pkgs.nginxModules; [ rtmp dav ];
};
recommendedGzipSettings = true;
recommendedOptimisation = true;
@ -183,7 +182,11 @@ in
"maxspiegel.fr" = base { "/" = { root = "/run/python-ci/nyanloutre/site-max"; }; };
"stream.nyanlout.re" = base {
"/" = {
proxyPass = "http://10.30.135.71";
root = "/var/www/hls/";
extraConfig = ''
add_header Cache-Control no-cache;
add_header Access-Control-Allow-Origin *;
'';
};
};
"login.nyanlout.re" = simpleReverse config.services.nginx.sso.configuration.listen.port;
@ -195,10 +198,10 @@ in
"jackett.nyanlout.re" = authReverse 9117;
"pgmanage.nyanlout.re" = authReverse config.services.pgmanage.port;
"matrix.nyanlout.re" = simpleReverse 8008;
"airsonic.nyanlout.re" = simpleReverse 4040;
"emby.nyanlout.re" = simpleReverse 8096;
"ci.nyanlout.re" = simpleReverse 52350;
"gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort;
"musique.nyanlout.re" = simpleReverse config.services.navidrome.settings.Port;
"apart.nyanlout.re" = recursiveUpdate (simpleReverse config.services.home-assistant.port) {
locations."/" = {
proxyWebsockets = true;
@ -211,7 +214,7 @@ in
dav_ext_methods PROPFIND OPTIONS;
'';
};
"~ ^/(_h5ai/public/index|random).php" = {
"/_h5ai/public/index.php" = {
extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools.work.socket};
@ -219,13 +222,39 @@ in
include ${pkgs.nginx}/conf/fastcgi.conf;
'';
};
} // {
root = "/mnt/medias/iso_linux";
extraConfig = ''
access_log /var/log/nginx/$host.log;
'';
};
} // { root = "/mnt/medias/iso_linux"; };
};
appendConfig = let
rootLocation = config.services.nginx.virtualHosts."stream.nyanlout.re".locations."/".root;
in ''
rtmp {
server {
listen 1935;
application live {
live on;
exec_push ${pkgs.ffmpeg}/bin/ffmpeg -i rtmp://localhost/$app/$name -async 1 -vsync -1
-c:v libx264 -c:a aac -b:v 768k -b:a 96k -vf "scale=720:trunc(ow/a/2)*2" -tune zerolatency -preset ultrafast -crf 28 -f flv rtmp://localhost/show/$name_mid
-c:v libx264 -c:a aac -b:v 1024k -b:a 128k -vf "scale=960:trunc(ow/a/2)*2" -tune zerolatency -preset ultrafast -crf 28 -f flv rtmp://localhost/show/$name_high
-c copy -f flv rtmp://localhost/show/$name_src 2>>${rootLocation}/ffmpeg-$name.log;
}
application show {
live on;
hls on;
hls_path ${rootLocation};
hls_fragment 3s;
hls_playlist_length 60s;
hls_variant _mid BANDWIDTH=448000; # Medium bitrate, SD resolution
hls_variant _high BANDWIDTH=1152000; # High bitrate, higher-than-SD resolution
hls_variant _src BANDWIDTH=4096000; # Source bitrate, source resolution
}
}
}
'';
};
postgresql = {
@ -263,7 +292,7 @@ in
python-ci.enable = true;
mastodon = {
enable = false;
enable = true;
localDomain = "social.nyanlout.re";
configureNginx = true;
extraConfig = {
@ -285,9 +314,7 @@ in
systemd.services.phpfpm-work.serviceConfig = {
ReadOnlyPaths = "/mnt/medias/iso_linux";
ReadWritePaths = [
"/mnt/medias/iso_linux/_h5ai"
];
ReadWritePaths = "/mnt/medias/iso_linux/_h5ai";
};
systemd.services.site-musique = let