change nginx config

services/mail-server.nix

@@ -17,8 +17,8 @@ in
 
   imports = [
     (builtins.fetchTarball {
-      url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.3.0/nixos-mailserver-v2.3.0.tar.gz";
+      url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/5cd6f8e7b3f5d5bf56e407c5e79a682cb250d911/nixos-mailserver-5cd6f8e7b3f5d5bf56e407c5e79a682cb250d911.tar.gz";
-      sha256 = "0lpz08qviccvpfws2nm83n7m2r8add2wvfg9bljx9yxx8107r919";
+      sha256 = "0vdq5qsz8vvaryyzsama76lh3v57abvq3j5a3hb23yp7z2wlrk63";
     })
   ];
 
@@ -63,9 +63,9 @@ in
 
     security.acme.certs = {
       "${cfg.domaine}" = {
-        extraDomains = {
+        extraDomainNames = [
-          "mail.${cfg.domaine}" = null;
+          "mail.${cfg.domaine}"
-        };
+        ];
         postRun = ''
           systemctl reload dovecot2.service
         '';

systems/LoutreOS/configuration.nix

@@ -33,7 +33,7 @@ in
   ];
 
   nixpkgs.config.allowUnfree = false;
-  nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem pkg.pname or (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.30.1-slimserver" "minecraft-server" ]);
+  nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem pkg.pname or (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.32.0-slimserver" "minecraft-server" ]);
 
   services.zfs = {
     autoSnapshot.enable = true;
@@ -131,6 +131,7 @@ in
       { ethernetAddress = "ac:1f:6b:4b:01:15"; hostName = "IPMI"; ipAddress = "10.30.1.1"; }
       { ethernetAddress = "00:1f:c6:6e:d1:f1"; hostName = "minecraftos"; ipAddress = "10.30.135.35"; }
       { ethernetAddress = "b4:2e:99:ed:24:26"; hostName = "paul-fixe"; ipAddress = "10.30.135.71"; }
+      { ethernetAddress = "20:47:da:fc:19:98"; hostName = "telephone-nyan"; ipAddress = "10.30.50.2"; }
 
       #ESPHome
       { ethernetAddress = "e0:98:06:85:e9:ce"; hostName = "salonled"; ipAddress = "10.30.40.1"; }

systems/LoutreOS/hardware-configuration.nix

@@ -157,6 +157,11 @@
       fsType = "zfs";
     };
 
+  fileSystems."/var/lib/hass" =
+    { device = "loutrepool/var/hass";
+      fsType = "zfs";
+    };
+
   swapDevices =
     [
       {

systems/LoutreOS/medias.nix

@@ -5,6 +5,7 @@
     transmission = {
       enable = true;
       home = "/var/lib/transmission";
+      port = 9091;
       settings = {
         rpc-bind-address = "127.0.0.1";
         rpc-host-whitelist = "*";
@@ -18,7 +19,10 @@
     sonarr.enable = true;
     jackett.enable = true;
 
-    jellyfin.enable = true;
+    jellyfin = {
+      enable = true;
+      package = pkgs.jellyfin;
+    };
 
     slimserver = {
       enable = true;
@@ -31,6 +35,8 @@
     };
   };
 
+  systemd.services.transmission.serviceConfig.BindPaths = [ "/mnt/medias" ];
+
   networking = {
     firewall.allowedTCPPorts = [
       config.services.transmission.settings.peer-port

systems/LoutreOS/services.nix

@@ -246,7 +246,10 @@ in
         };
         influxdb = null;
         config = null;
-        frontend = null;
+        frontend.themes = "!include ${pkgs.fetchurl {
+          url = "https://raw.githubusercontent.com/bbbenji/synthwave-hass/0.3.3.1/themes/synthwave.yaml";
+          sha256 = "1n2yhk98cf778z7fdl5bswljhj45nv6bld191rxw7q6ckp235q4h";
+        }}";
         history = null;
         logbook = null;
         map = null;
@@ -321,6 +324,12 @@ in
             broadcast_address = "10.30.255.255";
           }
         ];
+        device_tracker = [
+          {
+            platform = "ping";
+            hosts = { telephone_paul = "10.30.50.2"; };
+          }
+        ];
         scene = [
           {
             name = "Movie";
@@ -399,10 +408,20 @@ in
                 entity_id = "person.paul";
                 state = "home";
               }
+              # Sun below max elevation
               {
                 condition = "template";
                 value_template = "{{ state_attr('sun.sun', 'elevation') < ${toString min_sun_elevation} }}";
               }
+              # All lights off
+              {
+                condition = "template";
+                value_template = ''
+                  {% set domain = 'light' %}
+                  {% set state = 'off' %}
+                  {{ states[domain] | count == states[domain] | selectattr('state','eq', state) | list | count }}
+                '';
+              }
             ];
             action = {
               scene = "scene.home";
@@ -421,7 +440,7 @@ in
                 entity_id = "all";
               }
               {
-                service = "media_player.media_pause";
+                service = "media_player.turn_off";
                 entity_id = "all";
               }
             ];
@@ -492,7 +511,6 @@ in
   # '';
 
   users.groups.nginx.members = [ "matrix-synapse" ];
-  security.acme.certs."nyanlout.re".allowKeysForGroup = true;
 
   security.pam.services.sshd.text = pkgs.lib.mkDefault( pkgs.lib.mkAfter "session optional ${pkgs.pam}/lib/security/pam_exec.so seteuid ${login_mail_alert}/bin/mail_alert.sh" );
 

systems/LoutreOS/users.nix

@@ -6,7 +6,7 @@
       uid = 1000;
       isNormalUser = true;
       description = "Paul TREHIOU";
-      extraGroups = [ "wheel" "medias" ];
+      extraGroups = [ "wheel" "medias" "transmission" ];
       openssh.authorizedKeys.keys = [
         "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAF7VlzHzgg70uFbRFtVTS34qNBke/RD36mRENAsa33RxztxrqMsIDscAD/d6CTe6HDy7MCGzJnWCJSXj5iOQFM4RRMvKNEgCKPHqfhmfVvO4YZuMjNB0ufVf6zhJL4Hy43STf7NIWrenGemUP+OvVSwN/ujgl2KKw4KJZt25/h/7JjlCgsZm4lWg4xcjoiKL701W2fbEoU73XKdbRTgTvKoeK1CGxdAPFefFDFcv/mtJ7d+wIxw9xODcLcA66Bu94WGMdpyEAJc4nF8IOy4pW8AzllDi0qNEZGCQ5+94upnLz0knG1ue9qU2ScAkW1/5rIJTHCVtBnmbLNSAOBAstaGQJuSL40TWZ1oPA5i1qUEhunNcJ+Sgtp6XP69qY34T/AeJvHRyw5M5LfN0g+4ka9k06NPBhbpHFASz4M8nabQ0iM63++xcapnw/8gk+EPhYVKW86SsyTa9ur+tt6oDWEKNaOhgscX44LexY7jKdeBRt3GaObtBJtVLBRx3Z2aRXgjgnKGqS40mGRiSkqb2DShspI1l8DV2RrPiuwdBzXVQjWRc0KXmJrcgXX9uoPSxihxwaUQyvmITOV1Y+NEuek4gRkVNOxjoG7RGnaYvYzxEQVoI5TwZC2/DCrAUgCv8DQawkcpEiWnBq7Q5VnpmFx5juVQ/I0G8byOkPXgRUOk9 openpgp:0xAB524BBC"
         "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCACVI2dL4AmOdcb7RSl3JZpfK33NhqrYFfWfXMYow5SPJ9VPteOp5kVvKUuSbGH3chjpttYC/ueQJJhFagiKmkeftQTslIw6C009wUExGpJwRotHqISXv2ctURGURKy2FF848whd7xZJzdj49ZJ6S+SCbRFZvVWfT2dP/JwTiWW1mbEaWKyOgrixH6wSKt9ECumjX9KjqSWGw+k3yLJxIhdqiZAjNv4soJs1mQYdIlFCXCuznzoZIQBexZPQCx0j9HjczPz1feMLWkrHzEMexNjsBE2uA6yXLbH1wa8xCJ4VOeD7u9JqVY579AsicD62G+qIgw0B2zmyz7xTrdPv+061zmYn6qYr8EXGTk4dVgedZp8M1XzZ1PVoeeftPFcClXC7zCGyCR2uzJbQLzlaTwZrdghAiS9UhMRuKpNgZy2zDWw4MqdojrF5bndPkoijlXWYrPYBFED5OU1mpwzpanYgldowJC/Ixjwi+Hmse2q4XgZ+egfuotBqPfqB+bWsCa5GNiJWGdLP69uBSsXubGnqLwvE0FAQ2GHb+SEoZKFy/QV9GzOLlVrGlgK5YFgKJD+Q1nn1QRycXt1oMVC/AtR/NshOGanhdvIRpPATGmaxLVXSY093vyAOW4MPrS00fPAXzAfJUwIuWcloFfLMo5Jitj5rpE1s6FX8xrl4upQ== paul@nyanlout.re"

systems/LoutreOS/web.nix

@@ -48,11 +48,29 @@ in
     acceptTerms = true;
   };
 
+  users.groups.work = {};
+  users.users.work = {
+    isSystemUser = true;
+    group = config.users.groups.work.name;
+  };
+
   services = {
+    phpfpm.pools.work = {
+      user = config.users.users.work.name;
+      settings = {
+        "listen.owner" = config.services.nginx.user;
+        "pm" = "dynamic";
+        "pm.max_children" = 75;
+        "pm.start_servers" = 10;
+        "pm.min_spare_servers" = 5;
+        "pm.max_spare_servers" = 20;
+        "pm.max_requests" = 500;
+      };
+    };
     nginx = {
       enable = true;
       package = pkgs.nginx.override {
-        modules = with pkgs.nginxModules; [ rtmp ];
+        modules = with pkgs.nginxModules; [ rtmp dav ];
       };
       recommendedGzipSettings = true;
       recommendedOptimisation = true;
@@ -147,7 +165,7 @@ in
             '';
           };
         } // { default = true; };
-        "riot.nyanlout.re" = base { "/" = { root = pkgs.riot-web; }; };
+        "riot.nyanlout.re" = base { "/" = { root = pkgs.element-web; }; };
         "factorio.nyanlout.re" = base { "/" = { root = "/var/www/factorio"; }; };
         "minecraft.nyanlout.re" = base { "/" = { root = "/var/www/minecraft-overviewer"; }; };
         "musique-meyenheim.fr" = base {
@@ -189,6 +207,22 @@ in
             proxyWebsockets = true;
           };
         };
+        "work.rezom.eu" = base {
+          "/" = {
+            index = "/_h5ai/public/index.php";
+            extraConfig = ''
+              dav_ext_methods PROPFIND OPTIONS;
+            '';
+          };
+          "/_h5ai/public/index.php" = {
+            extraConfig = ''
+              fastcgi_split_path_info ^(.+\.php)(/.+)$;
+              fastcgi_pass unix:${config.services.phpfpm.pools.work.socket};
+              include ${pkgs.nginx}/conf/fastcgi_params;
+              include ${pkgs.nginx}/conf/fastcgi.conf;
+            '';
+          };
+        } // { root = "/mnt/medias/iso_linux"; };
       };
       appendConfig = let
         rootLocation = config.services.nginx.virtualHosts."stream.nyanlout.re".locations."/".root;
@@ -225,9 +259,9 @@ in
 
     postgresql = {
       enable = true;
-      extraConfig = ''
+      settings = {
-        full_page_writes = off
+        full_page_writes = false;
-      '';
+      };
     };
 
     pgmanage = {
@@ -249,13 +283,10 @@ in
         passwordFile = "/var/lib/gitea/custom/conf/database_password";
       };
       log.level = "Warn";
-      extraConfig = ''
+      disableRegistration = true;
-        [ui]
+      settings = {
-        DEFAULT_THEME = arc-green
+        ui.DEFAULT_THEME = "arc-green";
-
+      };
-        [service]
-        DISABLE_REGISTRATION = true
-      '';
     };
 
     python-ci.enable = true;
@@ -277,6 +308,15 @@ in
     };
   };
 
+  systemd.services.nginx.serviceConfig = {
+    ReadWritePaths = "/var/www/hls";
+  };
+
+  systemd.services.phpfpm-work.serviceConfig = {
+    ReadOnlyPaths = "/mnt/medias/iso_linux";
+    ReadWritePaths = "/mnt/medias/iso_linux/_h5ai";
+  };
+
   systemd.services.site-musique = let
     djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_2_2 pillow setuptools ]));
   in {