diff --git a/flake.nix b/flake.nix index ca27da5..18f2591 100644 --- a/flake.nix +++ b/flake.nix @@ -41,8 +41,9 @@ ]; }; - nixosConfigurations.loutreos = nixpkgs-unstable.lib.nixosSystem { + nixosConfigurations.loutreos = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; + specialArgs = { inherit nixpkgs-unstable; }; modules = [ nixpkgs-unstable.nixosModules.notDetected simple-nixos-mailserver.nixosModule diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 77a4c9b..5da49ec 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -107,15 +107,6 @@ ]; }; extraCommands = '' - ip6tables -w -D FORWARD -j loutreos-forward 2>/dev/null || true - ip6tables -w -F loutreos-forward 2>/dev/null || true - ip6tables -w -X loutreos-forward 2>/dev/null || true - ip6tables -w -N loutreos-forward - ip6tables -A loutreos-forward -m state --state RELATED,ESTABLISHED -j ACCEPT - ip6tables -A loutreos-forward -j ACCEPT -i eno2 - ip6tables -A loutreos-forward -j nixos-fw-log-refuse - ip6tables -w -A FORWARD -j loutreos-forward - # Redirect local network request from server external IP to internal IP # Make the server available even without internet access iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true @@ -139,6 +130,7 @@ }; dhcpPrefixDelegationConfig.SubnetId = "0"; }; + "40-eno1".linkConfig.RequiredForOnline = "no"; "40-eno2" = { networkConfig = { IPv6SendRA = true; @@ -234,7 +226,7 @@ # -R 127.0.0.1:2525:127.0.0.1:25 redirect SMTP port on VPS port 2525 services.autossh.sessions = [ { - extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 -R 127.0.0.1:2525:127.0.0.1:25 loutre@vps772619.ovh.net"; + extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 loutre@vps772619.ovh.net"; monitoringPort = 20000; name = "backup-ssh-reverse"; user = "autossh"; diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index b32d6f1..720b883 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -158,6 +158,11 @@ fsType = "zfs"; }; + fileSystems."/var/lib/nextcloud" = + { device = "loutrepool/var/nextcloud"; + fsType = "zfs"; + }; + fileSystems."/var/lib/private/photoprism" = { device = "loutrepool/var/photoprism"; fsType = "zfs"; diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index 39bf858..6c3fa2b 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -1,10 +1,10 @@ -{ config, lib, pkgs, inputs, ... }: +{ config, lib, pkgs, nixpkgs-unstable, ... }: { services = { transmission = { enable = true; - package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.transmission_4; + package = nixpkgs-unstable.legacyPackages.x86_64-linux.transmission_4; home = "/var/lib/transmission"; group = "medias"; settings = { @@ -20,17 +20,17 @@ radarr = { enable = true; - package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.radarr; + package = nixpkgs-unstable.legacyPackages.x86_64-linux.radarr; }; sonarr = { enable = true; - package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.sonarr; + package = nixpkgs-unstable.legacyPackages.x86_64-linux.sonarr; }; prowlarr.enable = true; jellyfin = { enable = true; - package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.jellyfin; + package = nixpkgs-unstable.legacyPackages.x86_64-linux.jellyfin; }; navidrome = { diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 0d82934..9fda161 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -302,14 +302,17 @@ in # }; "drive.nyanlout.re" = base { "/" = { - index = "/index.php"; extraConfig = '' fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:${config.services.phpfpm.pools.drive.socket}; include ${pkgs.nginx}/conf/fastcgi_params; include ${pkgs.nginx}/conf/fastcgi.conf; - - client_max_body_size 0; + fastcgi_param SCRIPT_FILENAME $document_root/index.php; + fastcgi_intercept_errors on; + fastcgi_buffers 64 4K; + client_body_temp_path /mnt/webdav/tmp_upload; + client_max_body_size 0; + proxy_request_buffering off; ''; }; } // { @@ -345,6 +348,10 @@ in "challenge.amandoline-creations.fr" = base { "/".alias = "/var/www/amandoline-challenge/"; }; + ${config.services.nextcloud.hostName} = { + forceSSL = true; + enableACME = true; + }; }; }; @@ -381,6 +388,20 @@ in # enable = true; # package = pkgs.mariadb; # }; + + nextcloud = { + enable = true; + package = pkgs.nextcloud29; + hostName = "cloud.nyanlout.re"; + database.createLocally = true; + https = true; + maxUploadSize = "16G"; + config = { + dbtype = "pgsql"; + adminpassFile = "$CREDENTIALS_DIRECTORY/nextcloud_admin.pass"; + }; + }; + }; systemd.services.nginx.serviceConfig = { @@ -397,6 +418,16 @@ in ]; }; + systemd.services.phpfpm-drive.serviceConfig = { + ReadWritePaths = [ + "/mnt/webdav" + ]; + }; + + systemd.services.nextcloud-setup.serviceConfig = { + LoadCredential = "nextcloud_admin.pass:/mnt/secrets/nextcloud_admin.pass"; + }; + systemd.services.site-musique = let djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_3 pillow setuptools ])); in {