diff --git a/flake.lock b/flake.lock index 7593ec2..9060e52 100644 --- a/flake.lock +++ b/flake.lock @@ -75,16 +75,31 @@ }, "nixpkgs": { "locked": { - "lastModified": 1656947410, - "narHash": "sha256-htDR/PZvjUJGyrRJsVqDmXR8QeoswBaRLzHt13fd0iY=", + "lastModified": 1656782578, + "narHash": "sha256-1eMCBEqJplPotTo/SZ/t5HU6Sf2I8qKlZi9MX7jv9fw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e8d47977286a44955262adbc76f2c8a66e7419d5", + "rev": "573603b7fdb9feb0eb8efc16ee18a015c667ab1b", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-22.05", + "ref": "nixos-21.11", + "type": "indirect" + } + }, + "nixpkgs-21_05": { + "locked": { + "lastModified": 1625692408, + "narHash": "sha256-e9L3TLLDVIJpMnHtiNHJE62oOh6emRtSZ244bgYJUZs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c06613c25df3fe1dd26243847a3c105cf6770627", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-21.05", "type": "indirect" } }, @@ -119,22 +134,23 @@ "nixpkgs": [ "nixpkgs-unstable" ], - "nixpkgs-22_05": [ + "nixpkgs-21_05": "nixpkgs-21_05", + "nixpkgs-21_11": [ "nixpkgs" ], "utils": "utils" }, "locked": { - "lastModified": 1655930346, - "narHash": "sha256-ht56HHOzEhjeIgAv5ZNFjSVX/in1YlUs0HG9c1EUXTM=", + "lastModified": 1638911354, + "narHash": "sha256-hNhzLOp+dApEY15vwLAQZu+sjEQbJcOXCaSfAT6lpsQ=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "f535d8123c4761b2ed8138f3d202ea710a334a1d", + "rev": "6e3a7b2ea6f0d68b82027b988aa25d3423787303", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-22.05", + "ref": "nixos-21.11", "repo": "nixos-mailserver", "type": "gitlab" } diff --git a/flake.nix b/flake.nix index 38aa468..6fae62a 100644 --- a/flake.nix +++ b/flake.nix @@ -1,13 +1,13 @@ { inputs = { - nixpkgs.url = "flake:nixpkgs/nixos-22.05"; + nixpkgs.url = "flake:nixpkgs/nixos-21.11"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; utils.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.3.1"; simple-nixos-mailserver = { - url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.05"; + url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.11"; inputs = { nixpkgs.follows = "nixpkgs-unstable"; - nixpkgs-22_05.follows = "nixpkgs"; + nixpkgs-21_11.follows = "nixpkgs"; }; }; dogetipbot-telegram = { diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index 60193b4..c0bf930 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, inputs, ... }: +{ config, lib, pkgs, ... }: { services = { @@ -22,7 +22,7 @@ jellyfin = { enable = true; - package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.jellyfin; + package = pkgs.jellyfin; }; navidrome = { diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index e94ba67..64440dc 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -90,10 +90,22 @@ in secure_ip = ["0.0.0.0/0"]; ''; - # redis.enable = true; + redis.enable = true; - # enable with nginx defult config - logrotate.enable = true; + logrotate = { + enable = true; + paths = { + nginx = { + path = "/var/log/nginx/*.log"; + user = config.services.nginx.user; + group = config.services.nginx.group; + keep = 7; + extraConfig = '' + compress + ''; + }; + }; + }; fail2ban.enable = true; @@ -110,6 +122,92 @@ in mountdPort = 4002; }; + matrix-synapse = { + enable = true; + enable_registration = true; + server_name = "nyanlout.re"; + listeners = [ + { # federation + bind_address = ""; + port = 8448; + resources = [ + { compress = true; names = [ "client" "webclient" ]; } + { compress = false; names = [ "federation" ]; } + ]; + tls = true; + type = "http"; + x_forwarded = false; + } + { # client + bind_address = "127.0.0.1"; + port = 8008; + resources = [ + { compress = true; names = [ "client" "webclient" ]; } + ]; + tls = false; + type = "http"; + x_forwarded = true; + } + ]; + max_upload_size = "100M"; + database_type = "psycopg2"; + database_args = { + database = "matrix-synapse"; + }; + tls_private_key_path = "/var/lib/acme/${domaine}/key.pem"; + tls_certificate_path = "/var/lib/acme/${domaine}/fullchain.pem"; + url_preview_enabled = true; + logConfig = '' + version: 1 + + formatters: + journal_fmt: + format: '%(name)s: [%(request)s] %(message)s' + + filters: + context: + (): synapse.util.logcontext.LoggingContextFilter + request: "" + + handlers: + journal: + class: systemd.journal.JournalHandler + formatter: journal_fmt + filters: [context] + SYSLOG_IDENTIFIER: synapse + + root: + level: WARNING + handlers: [journal] + + disable_existing_loggers: False + ''; + app_service_config_files = [ + "/var/lib/matrix-synapse/mautrix-telegram-registration.yaml" + ]; + }; + + mautrix-telegram = { + enable = true; + settings = { + homeserver = { + address = "https://matrix.nyanlout.re"; + domain = "nyanlout.re"; + }; + appservice = { + bot_username = "loutrebot"; + }; + bridge = { + relaybot.authless_portals = false; + permissions = { + "@nyanloutre:nyanlout.re" = "admin"; + }; + }; + }; + environmentFile = "/mnt/secrets/mautrix-telegram.env"; + serviceDependencies = [ "matrix-synapse.service" ]; + }; + borgbackup.jobs = { loutre = { paths = [ @@ -168,6 +266,40 @@ in }; }; + sdtdserver.enable = false; + + factorio = { + enable = false; + autosave-interval = 10; + game-name = "Shame"; + public = true; + username = "nyanloutre"; + }; + + minecraft-server = { + enable = false; + jvmOpts = "-Xms512m -Xmx3072m"; + eula = true; + declarative = true; + openFirewall = true; + whitelist = { + nyanloutre = "db0669ea-e332-4ca3-8d50-f5d1458f5822"; + Hautension = "f05677f4-be5a-47df-ad77-21c739180aa2"; + LordDarkKiwi = "79290cfc-0b00-484f-9c94-ab0786402de6"; + Madahin = "f5f747e3-fac2-43e8-9b9b-a67dc2f368ff"; + Hopegcx = "4497f759-2210-48db-8764-307d33011442"; + wyrd68 = "127a3021-cdc1-419f-9010-4651df9ae3af"; + sparsyateloutre = "d2ff63c1-4e9f-4b21-9bfc-decce5d987b3"; + }; + serverProperties = { + difficulty = 2; + gamemode = 0; + max-players = 50; + motd = "Hi Mark !"; + white-list = true; + }; + }; + kresd = { enable = true; }; @@ -536,6 +668,48 @@ in ipmihddtemp.enable = true; + # systemd.services.minecraft-overviewer = + # let + # clientJar = pkgs.fetchurl { + # url = "https://overviewer.org/textures/1.14"; + # sha256 = "0fij9wac7vj6h0kd3mfhqpn0w9gl8pbs9vs9s085zajm0szpr44k"; + # name = "client.jar"; + # }; + # configFile = pkgs.runCommand "overviewer-config" { CLIENT_JAR = clientJar; } '' + # substitute ${./config-overviewer.py} $out \ + # --subst-var CLIENT_JAR + # ''; + # in + # { + # script = '' + # ${pkgs.minecraft-overviewer}/bin/overviewer.py --config ${configFile} + # ${pkgs.minecraft-overviewer}/bin/overviewer.py --config ${configFile} --genpoi + # rm /var/www/minecraft-overviewer/progress.json + # ''; + # serviceConfig = { + # User = "nginx"; + # Group = "nginx"; + # }; + # }; + + # systemd.timers.minecraft-overviewer = { + # wantedBy = [ "multi-user.target" ]; + # timerConfig = { + # OnCalendar = "*-*-* 04:00:00"; + # }; + # }; + + # systemd.packages = with pkgs; [ + # tgt + # ]; + + # environment.etc."tgt/targets.conf".text = '' + # + # backing-store /dev/zvol/loutrepool/steam-lun + # initiator-address 10.30.50.3 + # + # ''; + users.groups.nginx.members = [ "matrix-synapse" ]; security.pam.services.sshd.text = pkgs.lib.mkDefault( pkgs.lib.mkAfter "session optional ${pkgs.pam}/lib/security/pam_exec.so seteuid ${login_mail_alert}/bin/mail_alert.sh" ); diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 6b8e924..15ecb4d 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -44,7 +44,7 @@ let in { security.acme = { - defaults.email = "paul@nyanlout.re"; + email = "paul@nyanlout.re"; acceptTerms = true; }; @@ -65,19 +65,19 @@ in services = { phpfpm.pools = { - # work = { - # user = config.users.users.work.name; - # phpPackage = pkgs.php.withExtensions ({ all, ... }: with all; [ redis filter ]); - # settings = { - # "listen.owner" = config.services.nginx.user; - # "pm" = "dynamic"; - # "pm.max_children" = 75; - # "pm.start_servers" = 10; - # "pm.min_spare_servers" = 5; - # "pm.max_spare_servers" = 20; - # "pm.max_requests" = 500; - # }; - # }; + work = { + user = config.users.users.work.name; + phpPackage = pkgs.php.withExtensions ({ all, ... }: with all; [ redis filter ]); + settings = { + "listen.owner" = config.services.nginx.user; + "pm" = "dynamic"; + "pm.max_children" = 75; + "pm.start_servers" = 10; + "pm.min_spare_servers" = 5; + "pm.max_spare_servers" = 20; + "pm.max_requests" = 500; + }; + }; drive = { user = config.users.users.webdav.name; settings = { @@ -216,7 +216,7 @@ in alias = "/var/www/site-musique/media/"; }; }; - # "maxspiegel.fr" = base { "/" = { root = "/run/python-ci/nyanloutre/site-max"; }; }; + "maxspiegel.fr" = base { "/" = { root = "/run/python-ci/nyanloutre/site-max"; }; }; "stream.nyanlout.re" = base { "/" = { proxyPass = "http://10.30.135.71"; @@ -238,7 +238,7 @@ in "ci.nyanlout.re" = simpleReverse 52350; "gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort; "musique.nyanlout.re" = simpleReverse config.services.navidrome.settings.Port; - "apart.nyanlout.re" = recursiveUpdate (simpleReverse config.services.home-assistant.config.http.server_port) { + "apart.nyanlout.re" = recursiveUpdate (simpleReverse config.services.home-assistant.port) { locations."/" = { proxyWebsockets = true; };