From 17d985a56cd01ddb7372b200209f46ccc49dcab2 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 29 Dec 2022 15:37:00 +0100 Subject: [PATCH 1/4] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/fecf05d4861f3985e8dee73f08bc82668ef75125' (2022-11-27) → 'github:NixOS/nixpkgs/dac57a4eccf1442e8bf4030df6fcbb55883cb682' (2022-12-24) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/a115bb9bd56831941be3776c8a94005867f316a7' (2022-11-27) → 'github:NixOS/nixpkgs/e182da8622a354d44c39b3d7a542dc12cd7baa5f' (2022-12-28) • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/f535d8123c4761b2ed8138f3d202ea710a334a1d' (2022-06-22) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/bc667fb6afc45f6cc2d118ab77658faf2227cffd' (2022-12-21) • Removed input 'simple-nixos-mailserver/nixpkgs-22_05' • Added input 'simple-nixos-mailserver/nixpkgs-22_11': 'github:NixOS/nixpkgs/ce5fe99df1f15a09a91a86be9738d68fadfbad82' (2022-11-27) --- flake.lock | 41 +++++++++++++++++++++++++++-------------- 1 file changed, 27 insertions(+), 14 deletions(-) diff --git a/flake.lock b/flake.lock index 2a9066c..f26b072 100644 --- a/flake.lock +++ b/flake.lock @@ -75,26 +75,41 @@ }, "nixpkgs": { "locked": { - "lastModified": 1669546925, - "narHash": "sha256-Gvtk9agz88tBgqmCdHl5U7gYttTkiuEd8/Rq1Im0pTg=", + "lastModified": 1671883564, + "narHash": "sha256-C15oAtyupmLB3coZY7qzEHXjhtUx/+77olVdqVMruAg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fecf05d4861f3985e8dee73f08bc82668ef75125", + "rev": "dac57a4eccf1442e8bf4030df6fcbb55883cb682", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-22.05", + "ref": "nixos-22.11", + "type": "indirect" + } + }, + "nixpkgs-22_11": { + "locked": { + "lastModified": 1669558522, + "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.11", "type": "indirect" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1669542132, - "narHash": "sha256-DRlg++NJAwPh8io3ExBJdNW7Djs3plVI5jgYQ+iXAZQ=", + "lastModified": 1672262501, + "narHash": "sha256-ZNXqX9lwYo1tOFAqrVtKTLcJ2QMKCr3WuIvpN8emp7I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a115bb9bd56831941be3776c8a94005867f316a7", + "rev": "e182da8622a354d44c39b3d7a542dc12cd7baa5f", "type": "github" }, "original": { @@ -119,22 +134,20 @@ "nixpkgs": [ "nixpkgs-unstable" ], - "nixpkgs-22_05": [ - "nixpkgs" - ], + "nixpkgs-22_11": "nixpkgs-22_11", "utils": "utils" }, "locked": { - "lastModified": 1655930346, - "narHash": "sha256-ht56HHOzEhjeIgAv5ZNFjSVX/in1YlUs0HG9c1EUXTM=", + "lastModified": 1671659164, + "narHash": "sha256-DbpT+v1POwFOInbrDL+vMbYV3mVbTkMxmJ5j50QnOcA=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "f535d8123c4761b2ed8138f3d202ea710a334a1d", + "rev": "bc667fb6afc45f6cc2d118ab77658faf2227cffd", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-22.05", + "ref": "nixos-22.11", "repo": "nixos-mailserver", "type": "gitlab" } From 5ce6087b57800aca90ee8babf456e76d5fe55a1f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 30 Dec 2022 15:08:20 +0100 Subject: [PATCH 2/4] update LoutreOS to 22.11 --- flake.lock | 22 +++++++++------ flake.nix | 12 ++++---- services/python-ci.nix | 2 +- systems/LoutreOS/configuration.nix | 2 +- systems/LoutreOS/hardware-configuration.nix | 2 +- systems/LoutreOS/monitoring.nix | 31 +++++++++++++-------- systems/LoutreOS/web.nix | 10 ++++--- systems/common-cli.nix | 5 ++-- 8 files changed, 52 insertions(+), 34 deletions(-) diff --git a/flake.lock b/flake.lock index f26b072..8f5449d 100644 --- a/flake.lock +++ b/flake.lock @@ -88,19 +88,20 @@ "type": "indirect" } }, - "nixpkgs-22_11": { + "nixpkgs-photoprism": { "locked": { - "lastModified": 1669558522, - "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", - "owner": "NixOS", + "lastModified": 1671922246, + "narHash": "sha256-Xh/pWG2mdheCtJZFmuuZIsvR9PVgs15Rn6yt/G1lINc=", + "owner": "Stunkymonkey", "repo": "nixpkgs", - "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", + "rev": "6805f176fcc4b3673f23df5ee67caccc24bfba8c", "type": "github" }, "original": { - "id": "nixpkgs", - "ref": "nixos-22.11", - "type": "indirect" + "owner": "Stunkymonkey", + "ref": "photoprism-module-init", + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs-unstable": { @@ -123,6 +124,7 @@ "dogetipbot-telegram": "dogetipbot-telegram", "ipmihddtemp": "ipmihddtemp", "nixpkgs": "nixpkgs", + "nixpkgs-photoprism": "nixpkgs-photoprism", "nixpkgs-unstable": "nixpkgs-unstable", "simple-nixos-mailserver": "simple-nixos-mailserver", "utils": "utils_2" @@ -134,7 +136,9 @@ "nixpkgs": [ "nixpkgs-unstable" ], - "nixpkgs-22_11": "nixpkgs-22_11", + "nixpkgs-22_11": [ + "nixpkgs" + ], "utils": "utils" }, "locked": { diff --git a/flake.nix b/flake.nix index c7c1cf6..fe8260a 100644 --- a/flake.nix +++ b/flake.nix @@ -1,13 +1,14 @@ { inputs = { - nixpkgs.url = "flake:nixpkgs/nixos-22.05"; + nixpkgs.url = "flake:nixpkgs/nixos-22.11"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; + nixpkgs-photoprism.url = "github:Stunkymonkey/nixpkgs/photoprism-module-init"; utils.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.3.1"; simple-nixos-mailserver = { - url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.05"; + url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.11"; inputs = { nixpkgs.follows = "nixpkgs-unstable"; - nixpkgs-22_05.follows = "nixpkgs"; + nixpkgs-22_11.follows = "nixpkgs"; }; }; dogetipbot-telegram = { @@ -20,7 +21,7 @@ }; }; - outputs = inputs@{ self, utils, nixpkgs, nixpkgs-unstable, simple-nixos-mailserver, dogetipbot-telegram, ipmihddtemp }: utils.lib.mkFlake { + outputs = inputs@{ self, utils, nixpkgs, nixpkgs-unstable, nixpkgs-photoprism, simple-nixos-mailserver, dogetipbot-telegram, ipmihddtemp }: utils.lib.mkFlake { inherit self inputs; @@ -32,7 +33,7 @@ # (nixpkgs-unstable.legacyPackages."x86_64-linux".fetchpatch { # name = "electron-cash.patch"; # url = "https://github.com/NixOS/nixpkgs/pull/160607.patch"; - # sha256 = "sha256-oQbiyhVWYIkEuZEKqaPuIL00PNPnuTAw64wuqZ8YeDs="; + # sha256 = nixpkgs.lib.fakeHash; # }) # ]; @@ -46,6 +47,7 @@ ]; hosts.loutreos.modules = [ + "${nixpkgs-photoprism}/nixos/modules/services/web-apps/photoprism.nix" simple-nixos-mailserver.nixosModule dogetipbot-telegram.nixosModule ipmihddtemp.nixosModule diff --git a/services/python-ci.nix b/services/python-ci.nix index 5a6a4c4..ce957db 100644 --- a/services/python-ci.nix +++ b/services/python-ci.nix @@ -33,7 +33,7 @@ in RuntimeDirectoryPreserve = "yes"; ExecStart = with pkgs; let env = python3Packages.python.buildEnv.override { - extraLibs = with python3Packages;[ pyramid python-gitlab ]; + extraLibs = with python3Packages;[ pyramid python-gitlab setuptools ]; ignoreCollisions = true; }; in "${pkgs.writeShellScriptBin "run.sh" '' diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 9cf6d06..d0adf48 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -12,7 +12,7 @@ ./services.nix ]; - nix.trustedUsers = [ "root" "paul" ]; + nix.settings.trusted-users = [ "root" "paul" ]; boot = { loader = { diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index 4984718..2c3303b 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -176,6 +176,6 @@ } ]; - nix.maxJobs = lib.mkDefault 4; + nix.settings.max-jobs = lib.mkDefault 4; powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; } diff --git a/systems/LoutreOS/monitoring.nix b/systems/LoutreOS/monitoring.nix index 9910068..e02a4fa 100644 --- a/systems/LoutreOS/monitoring.nix +++ b/systems/LoutreOS/monitoring.nix @@ -87,18 +87,27 @@ in grafana = { enable = true; - addr = "127.0.0.1"; dataDir = "/var/lib/grafana"; - extraOptions = { - SERVER_ROOT_URL = "https://grafana.${domaine}"; - SMTP_ENABLED = "true"; - SMTP_FROM_ADDRESS = "grafana@${domaine}"; - SMTP_SKIP_VERIFY = "true"; - AUTH_DISABLE_LOGIN_FORM = "true"; - AUTH_DISABLE_SIGNOUT_MENU = "true"; - AUTH_ANONYMOUS_ENABLED = "true"; - AUTH_ANONYMOUS_ORG_ROLE = "Admin"; - AUTH_BASIC_ENABLED = "false"; + settings = { + server = { + http_addr = "127.0.0.1"; + root_url = "https://grafana.${domaine}"; + }; + smtp = { + enabled = true; + from_address = "grafana@${domaine}"; + skip_verify = true; + }; + auth = { + disable_signout_menu = true; + }; + "auth.basic" = { + enabled = false; + }; + "auth.proxy" = { + enabled = true; + header_name = "X-WEBAUTH-USER"; + }; }; }; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 9731dae..9469804 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -197,6 +197,8 @@ in proxyPass = "http://127.0.0.1:${toString(rport)}/"; extraConfig = '' auth_request_set $cookie $upstream_http_set_cookie; + auth_request_set $username $upstream_http_x_username; + proxy_set_header X-WEBAUTH-USER $username; add_header Set-Cookie $cookie; ''; }; @@ -243,7 +245,7 @@ in }; }; "login.nyanlout.re" = simpleReverse config.services.nginx.sso.configuration.listen.port; - "grafana.nyanlout.re" = authReverse config.services.grafana.port; + "grafana.nyanlout.re" = authReverse config.services.grafana.settings.server.http_port; "transmission.nyanlout.re" = authReverse config.services.transmission.settings.rpc-port; "radarr.nyanlout.re" = authReverse 7878; "sonarr.nyanlout.re" = authReverse 8989; @@ -376,7 +378,6 @@ in gitea = { enable = true; - cookieSecure = true; httpPort = 3001; rootUrl = "https://gitea.nyanlout.re/"; database = { @@ -384,10 +385,11 @@ in port = 5432; passwordFile = "/var/lib/gitea/custom/conf/database_password"; }; - log.level = "Warn"; - disableRegistration = true; settings = { ui.DEFAULT_THEME = "arc-green"; + log.LEVEL = "Warn"; + service.DISABLE_REGISTRATION = true; + session.COOKIE_SECURE = true; }; }; diff --git a/systems/common-cli.nix b/systems/common-cli.nix index b0cdf52..d8359d9 100644 --- a/systems/common-cli.nix +++ b/systems/common-cli.nix @@ -11,12 +11,13 @@ vimAlias = true; configure = { customRC = '' - set tabstop=8 + set tabstop=8 set shiftwidth=4 set softtabstop=0 set expandtab - set smarttab + set smarttab set background=dark + set mouse= ''; packages.myVimPackage = with pkgs.vimPlugins; { start = [ From c4ff862ab4060f3245e721ca526c28ce1dd07452 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 30 Dec 2022 15:08:37 +0100 Subject: [PATCH 3/4] install photoprism --- systems/LoutreOS/services.nix | 9 +++++++++ systems/LoutreOS/web.nix | 5 +++++ 2 files changed, 14 insertions(+) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 4d496d7..cb0cdfb 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -545,6 +545,15 @@ in #]; }; }; + + photoprism = { + enable = true; + originalsPath = "/mnt/backup_loutre/amandoleen/d/Users/Amand/Pictures"; + extraConfig = { + PHOTOPRISM_AUTH_MODE = "public"; + PHOTOPRISM_READONLY = true; + }; + }; }; systemd.services."borgbackup-job-loutre".serviceConfig.TemporaryFileSystem = ["/mnt/borgsnap"]; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 9469804..c7f0169 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -260,6 +260,11 @@ in "ci.nyanlout.re" = simpleReverse 52350; "gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort; "musique.nyanlout.re" = simpleReverse config.services.navidrome.settings.Port; + "photo.nyanlout.re" = recursiveUpdate (authReverse config.services.photoprism.port) { + locations."/" = { + proxyWebsockets = true; + }; + }; "apart.nyanlout.re" = recursiveUpdate (simpleReverse config.services.home-assistant.config.http.server_port) { locations."/" = { proxyWebsockets = true; From a315db49c6a600bc72795963011f26b1f81add64 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 30 Dec 2022 15:09:18 +0100 Subject: [PATCH 4/4] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/dac57a4eccf1442e8bf4030df6fcbb55883cb682' (2022-12-24) → 'github:NixOS/nixpkgs/913a47cd064cc06440ea84e5e0452039a85781f0' (2022-12-29) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 8f5449d..e6dea1e 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1671883564, - "narHash": "sha256-C15oAtyupmLB3coZY7qzEHXjhtUx/+77olVdqVMruAg=", + "lastModified": 1672353432, + "narHash": "sha256-oZfgp/44/o2tWiylV30cR+DLyWTJ+5dhsdWZVpzs3e4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dac57a4eccf1442e8bf4030df6fcbb55883cb682", + "rev": "913a47cd064cc06440ea84e5e0452039a85781f0", "type": "github" }, "original": {