From c2142d236e3f8d9459704150c8effd1cc8104339 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 29 Nov 2020 12:51:18 +0100 Subject: [PATCH 1/4] fixs nixos 20.09 --- services/mail-server.nix | 10 +++++----- systems/LoutreOS/configuration.nix | 2 +- systems/LoutreOS/medias.nix | 8 +++++++- systems/LoutreOS/services.nix | 1 - systems/LoutreOS/users.nix | 2 +- systems/LoutreOS/web.nix | 23 ++++++++++++----------- 6 files changed, 26 insertions(+), 20 deletions(-) diff --git a/services/mail-server.nix b/services/mail-server.nix index 9b61126..a95e337 100644 --- a/services/mail-server.nix +++ b/services/mail-server.nix @@ -17,8 +17,8 @@ in imports = [ (builtins.fetchTarball { - url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.3.0/nixos-mailserver-v2.3.0.tar.gz"; - sha256 = "0lpz08qviccvpfws2nm83n7m2r8add2wvfg9bljx9yxx8107r919"; + url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/5cd6f8e7b3f5d5bf56e407c5e79a682cb250d911/nixos-mailserver-5cd6f8e7b3f5d5bf56e407c5e79a682cb250d911.tar.gz"; + sha256 = "0vdq5qsz8vvaryyzsama76lh3v57abvq3j5a3hb23yp7z2wlrk63"; }) ]; @@ -63,9 +63,9 @@ in security.acme.certs = { "${cfg.domaine}" = { - extraDomains = { - "mail.${cfg.domaine}" = null; - }; + extraDomainNames = [ + "mail.${cfg.domaine}" + ]; postRun = '' systemctl reload dovecot2.service ''; diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 1f7af11..58c4286 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -33,7 +33,7 @@ in ]; nixpkgs.config.allowUnfree = false; - nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem pkg.pname or (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.30.1-slimserver" "minecraft-server" ]); + nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem pkg.pname or (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.32.0-slimserver" "minecraft-server" ]); services.zfs = { autoSnapshot.enable = true; diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index eea4617..f643edf 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -5,6 +5,7 @@ transmission = { enable = true; home = "/var/lib/transmission"; + port = 9091; settings = { rpc-bind-address = "127.0.0.1"; rpc-host-whitelist = "*"; @@ -18,7 +19,10 @@ sonarr.enable = true; jackett.enable = true; - jellyfin.enable = true; + jellyfin = { + enable = true; + package = pkgs.jellyfin; + }; slimserver = { enable = true; @@ -31,6 +35,8 @@ }; }; + systemd.services.transmission.serviceConfig.BindPaths = [ "/mnt/medias" ]; + networking = { firewall.allowedTCPPorts = [ config.services.transmission.settings.peer-port diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 1637006..28937b5 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -492,7 +492,6 @@ in # ''; users.groups.nginx.members = [ "matrix-synapse" ]; - security.acme.certs."nyanlout.re".allowKeysForGroup = true; security.pam.services.sshd.text = pkgs.lib.mkDefault( pkgs.lib.mkAfter "session optional ${pkgs.pam}/lib/security/pam_exec.so seteuid ${login_mail_alert}/bin/mail_alert.sh" ); diff --git a/systems/LoutreOS/users.nix b/systems/LoutreOS/users.nix index 3fd89ab..92cd009 100644 --- a/systems/LoutreOS/users.nix +++ b/systems/LoutreOS/users.nix @@ -6,7 +6,7 @@ uid = 1000; isNormalUser = true; description = "Paul TREHIOU"; - extraGroups = [ "wheel" "medias" ]; + extraGroups = [ "wheel" "medias" "transmission" ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAF7VlzHzgg70uFbRFtVTS34qNBke/RD36mRENAsa33RxztxrqMsIDscAD/d6CTe6HDy7MCGzJnWCJSXj5iOQFM4RRMvKNEgCKPHqfhmfVvO4YZuMjNB0ufVf6zhJL4Hy43STf7NIWrenGemUP+OvVSwN/ujgl2KKw4KJZt25/h/7JjlCgsZm4lWg4xcjoiKL701W2fbEoU73XKdbRTgTvKoeK1CGxdAPFefFDFcv/mtJ7d+wIxw9xODcLcA66Bu94WGMdpyEAJc4nF8IOy4pW8AzllDi0qNEZGCQ5+94upnLz0knG1ue9qU2ScAkW1/5rIJTHCVtBnmbLNSAOBAstaGQJuSL40TWZ1oPA5i1qUEhunNcJ+Sgtp6XP69qY34T/AeJvHRyw5M5LfN0g+4ka9k06NPBhbpHFASz4M8nabQ0iM63++xcapnw/8gk+EPhYVKW86SsyTa9ur+tt6oDWEKNaOhgscX44LexY7jKdeBRt3GaObtBJtVLBRx3Z2aRXgjgnKGqS40mGRiSkqb2DShspI1l8DV2RrPiuwdBzXVQjWRc0KXmJrcgXX9uoPSxihxwaUQyvmITOV1Y+NEuek4gRkVNOxjoG7RGnaYvYzxEQVoI5TwZC2/DCrAUgCv8DQawkcpEiWnBq7Q5VnpmFx5juVQ/I0G8byOkPXgRUOk9 openpgp:0xAB524BBC" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCACVI2dL4AmOdcb7RSl3JZpfK33NhqrYFfWfXMYow5SPJ9VPteOp5kVvKUuSbGH3chjpttYC/ueQJJhFagiKmkeftQTslIw6C009wUExGpJwRotHqISXv2ctURGURKy2FF848whd7xZJzdj49ZJ6S+SCbRFZvVWfT2dP/JwTiWW1mbEaWKyOgrixH6wSKt9ECumjX9KjqSWGw+k3yLJxIhdqiZAjNv4soJs1mQYdIlFCXCuznzoZIQBexZPQCx0j9HjczPz1feMLWkrHzEMexNjsBE2uA6yXLbH1wa8xCJ4VOeD7u9JqVY579AsicD62G+qIgw0B2zmyz7xTrdPv+061zmYn6qYr8EXGTk4dVgedZp8M1XzZ1PVoeeftPFcClXC7zCGyCR2uzJbQLzlaTwZrdghAiS9UhMRuKpNgZy2zDWw4MqdojrF5bndPkoijlXWYrPYBFED5OU1mpwzpanYgldowJC/Ixjwi+Hmse2q4XgZ+egfuotBqPfqB+bWsCa5GNiJWGdLP69uBSsXubGnqLwvE0FAQ2GHb+SEoZKFy/QV9GzOLlVrGlgK5YFgKJD+Q1nn1QRycXt1oMVC/AtR/NshOGanhdvIRpPATGmaxLVXSY093vyAOW4MPrS00fPAXzAfJUwIuWcloFfLMo5Jitj5rpE1s6FX8xrl4upQ== paul@nyanlout.re" diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index f771e89..506760d 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -147,7 +147,7 @@ in ''; }; } // { default = true; }; - "riot.nyanlout.re" = base { "/" = { root = pkgs.riot-web; }; }; + "riot.nyanlout.re" = base { "/" = { root = pkgs.element-web; }; }; "factorio.nyanlout.re" = base { "/" = { root = "/var/www/factorio"; }; }; "minecraft.nyanlout.re" = base { "/" = { root = "/var/www/minecraft-overviewer"; }; }; "musique-meyenheim.fr" = base { @@ -225,9 +225,9 @@ in postgresql = { enable = true; - extraConfig = '' - full_page_writes = off - ''; + settings = { + full_page_writes = false; + }; }; pgmanage = { @@ -249,13 +249,10 @@ in passwordFile = "/var/lib/gitea/custom/conf/database_password"; }; log.level = "Warn"; - extraConfig = '' - [ui] - DEFAULT_THEME = arc-green - - [service] - DISABLE_REGISTRATION = true - ''; + disableRegistration = true; + settings = { + ui.DEFAULT_THEME = "arc-green"; + }; }; python-ci.enable = true; @@ -277,6 +274,10 @@ in }; }; + systemd.services.nginx.serviceConfig = { + ReadWritePaths = "/var/www/hls"; + }; + systemd.services.site-musique = let djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_2_2 pillow setuptools ])); in { From 90dd2c2b6d8f910b6a8e20e0b166368ecb4fdf24 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 29 Nov 2020 12:51:55 +0100 Subject: [PATCH 2/4] ip fixe smartphone --- systems/LoutreOS/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 58c4286..65c875f 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -131,6 +131,7 @@ in { ethernetAddress = "ac:1f:6b:4b:01:15"; hostName = "IPMI"; ipAddress = "10.30.1.1"; } { ethernetAddress = "00:1f:c6:6e:d1:f1"; hostName = "minecraftos"; ipAddress = "10.30.135.35"; } { ethernetAddress = "b4:2e:99:ed:24:26"; hostName = "paul-fixe"; ipAddress = "10.30.135.71"; } + { ethernetAddress = "20:47:da:fc:19:98"; hostName = "telephone-nyan"; ipAddress = "10.30.50.2"; } #ESPHome { ethernetAddress = "e0:98:06:85:e9:ce"; hostName = "salonled"; ipAddress = "10.30.40.1"; } From d5e46b62a06f7c0e28bd6e7f030b380960e1e193 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 29 Nov 2020 12:52:41 +0100 Subject: [PATCH 3/4] montage hass --- systems/LoutreOS/hardware-configuration.nix | 5 +++++ systems/LoutreOS/services.nix | 23 +++++++++++++++++++-- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index 7bfc7fe..1dfe4fb 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -157,6 +157,11 @@ fsType = "zfs"; }; + fileSystems."/var/lib/hass" = + { device = "loutrepool/var/hass"; + fsType = "zfs"; + }; + swapDevices = [ { diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 28937b5..171056b 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -246,7 +246,10 @@ in }; influxdb = null; config = null; - frontend = null; + frontend.themes = "!include ${pkgs.fetchurl { + url = "https://raw.githubusercontent.com/bbbenji/synthwave-hass/0.3.3.1/themes/synthwave.yaml"; + sha256 = "1n2yhk98cf778z7fdl5bswljhj45nv6bld191rxw7q6ckp235q4h"; + }}"; history = null; logbook = null; map = null; @@ -321,6 +324,12 @@ in broadcast_address = "10.30.255.255"; } ]; + device_tracker = [ + { + platform = "ping"; + hosts = { telephone_paul = "10.30.50.2"; }; + } + ]; scene = [ { name = "Movie"; @@ -399,10 +408,20 @@ in entity_id = "person.paul"; state = "home"; } + # Sun below max elevation { condition = "template"; value_template = "{{ state_attr('sun.sun', 'elevation') < ${toString min_sun_elevation} }}"; } + # All lights off + { + condition = "template"; + value_template = '' + {% set domain = 'light' %} + {% set state = 'off' %} + {{ states[domain] | count == states[domain] | selectattr('state','eq', state) | list | count }} + ''; + } ]; action = { scene = "scene.home"; @@ -421,7 +440,7 @@ in entity_id = "all"; } { - service = "media_player.media_pause"; + service = "media_player.turn_off"; entity_id = "all"; } ]; From c2c0d2bb05ee678aab19a59780f9011aea041ae1 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 29 Nov 2020 12:53:51 +0100 Subject: [PATCH 4/4] change nginx config --- systems/LoutreOS/web.nix | 41 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 506760d..2d5518e 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -48,11 +48,29 @@ in acceptTerms = true; }; + users.groups.work = {}; + users.users.work = { + isSystemUser = true; + group = config.users.groups.work.name; + }; + services = { + phpfpm.pools.work = { + user = config.users.users.work.name; + settings = { + "listen.owner" = config.services.nginx.user; + "pm" = "dynamic"; + "pm.max_children" = 75; + "pm.start_servers" = 10; + "pm.min_spare_servers" = 5; + "pm.max_spare_servers" = 20; + "pm.max_requests" = 500; + }; + }; nginx = { enable = true; package = pkgs.nginx.override { - modules = with pkgs.nginxModules; [ rtmp ]; + modules = with pkgs.nginxModules; [ rtmp dav ]; }; recommendedGzipSettings = true; recommendedOptimisation = true; @@ -189,6 +207,22 @@ in proxyWebsockets = true; }; }; + "work.rezom.eu" = base { + "/" = { + index = "/_h5ai/public/index.php"; + extraConfig = '' + dav_ext_methods PROPFIND OPTIONS; + ''; + }; + "/_h5ai/public/index.php" = { + extraConfig = '' + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:${config.services.phpfpm.pools.work.socket}; + include ${pkgs.nginx}/conf/fastcgi_params; + include ${pkgs.nginx}/conf/fastcgi.conf; + ''; + }; + } // { root = "/mnt/medias/iso_linux"; }; }; appendConfig = let rootLocation = config.services.nginx.virtualHosts."stream.nyanlout.re".locations."/".root; @@ -278,6 +312,11 @@ in ReadWritePaths = "/var/www/hls"; }; + systemd.services.phpfpm-work.serviceConfig = { + ReadOnlyPaths = "/mnt/medias/iso_linux"; + ReadWritePaths = "/mnt/medias/iso_linux/_h5ai"; + }; + systemd.services.site-musique = let djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_2_2 pillow setuptools ])); in {