From f9871ae0e1d6c69765c99d7ecaf42b1eec217a54 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 May 2024 10:38:08 +0200 Subject: [PATCH 1/5] fix flake-util-plus migration --- flake.nix | 3 ++- systems/LoutreOS/medias.nix | 10 +++++----- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/flake.nix b/flake.nix index ca27da5..18f2591 100644 --- a/flake.nix +++ b/flake.nix @@ -41,8 +41,9 @@ ]; }; - nixosConfigurations.loutreos = nixpkgs-unstable.lib.nixosSystem { + nixosConfigurations.loutreos = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; + specialArgs = { inherit nixpkgs-unstable; }; modules = [ nixpkgs-unstable.nixosModules.notDetected simple-nixos-mailserver.nixosModule diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index 39bf858..6c3fa2b 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -1,10 +1,10 @@ -{ config, lib, pkgs, inputs, ... }: +{ config, lib, pkgs, nixpkgs-unstable, ... }: { services = { transmission = { enable = true; - package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.transmission_4; + package = nixpkgs-unstable.legacyPackages.x86_64-linux.transmission_4; home = "/var/lib/transmission"; group = "medias"; settings = { @@ -20,17 +20,17 @@ radarr = { enable = true; - package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.radarr; + package = nixpkgs-unstable.legacyPackages.x86_64-linux.radarr; }; sonarr = { enable = true; - package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.sonarr; + package = nixpkgs-unstable.legacyPackages.x86_64-linux.sonarr; }; prowlarr.enable = true; jellyfin = { enable = true; - package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.jellyfin; + package = nixpkgs-unstable.legacyPackages.x86_64-linux.jellyfin; }; navidrome = { From ab8c752a761b25f99dea322c5076d251dda93681 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 May 2024 10:38:42 +0200 Subject: [PATCH 2/5] remove open mail port --- systems/LoutreOS/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 77a4c9b..9cabaec 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -234,7 +234,7 @@ # -R 127.0.0.1:2525:127.0.0.1:25 redirect SMTP port on VPS port 2525 services.autossh.sessions = [ { - extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 -R 127.0.0.1:2525:127.0.0.1:25 loutre@vps772619.ovh.net"; + extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 loutre@vps772619.ovh.net"; monitoringPort = 20000; name = "backup-ssh-reverse"; user = "autossh"; From a6ce24d547353e461327b4dd17f5a7a553501a50 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 May 2024 12:08:15 +0200 Subject: [PATCH 3/5] fix firewall --- systems/LoutreOS/configuration.nix | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 9cabaec..5da49ec 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -107,15 +107,6 @@ ]; }; extraCommands = '' - ip6tables -w -D FORWARD -j loutreos-forward 2>/dev/null || true - ip6tables -w -F loutreos-forward 2>/dev/null || true - ip6tables -w -X loutreos-forward 2>/dev/null || true - ip6tables -w -N loutreos-forward - ip6tables -A loutreos-forward -m state --state RELATED,ESTABLISHED -j ACCEPT - ip6tables -A loutreos-forward -j ACCEPT -i eno2 - ip6tables -A loutreos-forward -j nixos-fw-log-refuse - ip6tables -w -A FORWARD -j loutreos-forward - # Redirect local network request from server external IP to internal IP # Make the server available even without internet access iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true @@ -139,6 +130,7 @@ }; dhcpPrefixDelegationConfig.SubnetId = "0"; }; + "40-eno1".linkConfig.RequiredForOnline = "no"; "40-eno2" = { networkConfig = { IPv6SendRA = true; From 3725e3066396ab2a0534b19bee03e19eae5a23ce Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 May 2024 17:39:29 +0200 Subject: [PATCH 4/5] install nextcloud --- systems/LoutreOS/hardware-configuration.nix | 5 +++++ systems/LoutreOS/web.nix | 22 +++++++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index b32d6f1..720b883 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -158,6 +158,11 @@ fsType = "zfs"; }; + fileSystems."/var/lib/nextcloud" = + { device = "loutrepool/var/nextcloud"; + fsType = "zfs"; + }; + fileSystems."/var/lib/private/photoprism" = { device = "loutrepool/var/photoprism"; fsType = "zfs"; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 0d82934..0d3aacd 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -345,6 +345,10 @@ in "challenge.amandoline-creations.fr" = base { "/".alias = "/var/www/amandoline-challenge/"; }; + ${config.services.nextcloud.hostName} = { + forceSSL = true; + enableACME = true; + }; }; }; @@ -381,6 +385,20 @@ in # enable = true; # package = pkgs.mariadb; # }; + + nextcloud = { + enable = true; + package = pkgs.nextcloud29; + hostName = "cloud.nyanlout.re"; + database.createLocally = true; + https = true; + maxUploadSize = "16G"; + config = { + dbtype = "pgsql"; + adminpassFile = "$CREDENTIALS_DIRECTORY/nextcloud_admin.pass"; + }; + }; + }; systemd.services.nginx.serviceConfig = { @@ -397,6 +415,10 @@ in ]; }; + systemd.services.nextcloud-setup.serviceConfig = { + LoadCredential = "nextcloud_admin.pass:/mnt/secrets/nextcloud_admin.pass"; + }; + systemd.services.site-musique = let djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_3 pillow setuptools ])); in { From 1abd6bd06deb662ade68c594d3214f54d946eaf8 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 May 2024 17:39:41 +0200 Subject: [PATCH 5/5] fix webdav server --- systems/LoutreOS/web.nix | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 0d3aacd..9fda161 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -302,14 +302,17 @@ in # }; "drive.nyanlout.re" = base { "/" = { - index = "/index.php"; extraConfig = '' fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:${config.services.phpfpm.pools.drive.socket}; include ${pkgs.nginx}/conf/fastcgi_params; include ${pkgs.nginx}/conf/fastcgi.conf; - - client_max_body_size 0; + fastcgi_param SCRIPT_FILENAME $document_root/index.php; + fastcgi_intercept_errors on; + fastcgi_buffers 64 4K; + client_body_temp_path /mnt/webdav/tmp_upload; + client_max_body_size 0; + proxy_request_buffering off; ''; }; } // { @@ -415,6 +418,12 @@ in ]; }; + systemd.services.phpfpm-drive.serviceConfig = { + ReadWritePaths = [ + "/mnt/webdav" + ]; + }; + systemd.services.nextcloud-setup.serviceConfig = { LoadCredential = "nextcloud_admin.pass:/mnt/secrets/nextcloud_admin.pass"; };