diff --git a/overlays/dogetipbot-telegram.nix b/overlays/dogetipbot-telegram.nix deleted file mode 100644 index 162b5f5..0000000 --- a/overlays/dogetipbot-telegram.nix +++ /dev/null @@ -1,9 +0,0 @@ -self: super: - -{ - dogetipbot-telegram = super.callPackage (super.fetchgit { - url = "https://gitlab.com/nyanloutre/dogetipbot-telegram.git"; - rev = "a63408de18d447983d65a51f176c35e434327517"; - sha256 = "12y7yd114cz64blgnyljpnnqbycsp0f1ljzaiqq05a5xa4pjvwyf"; - }) { pkgs = self; }; -} diff --git a/services/auto-pr.nix b/services/auto-pr.nix deleted file mode 100644 index 6e80885..0000000 --- a/services/auto-pr.nix +++ /dev/null @@ -1,44 +0,0 @@ -{lib, config, pkgs, ... }: - -with lib; - -let - cfg = config.services.auto-pr; -in -{ - options.services.auto-pr = { - enable = mkEnableOption "Cron job PR mise à jour automatique"; - }; - - config = mkIf cfg.enable { - - systemd.services.auto-pr-bot = { - description = "Création d'un PR si mise à jour"; - requires = ["network-online.target"]; - environment = { HOME = "/var/lib/auto-pr-bot"; }; - serviceConfig = { - DynamicUser = true; - CacheDirectory = "auto-pr-bot"; - StateDirectory = "auto-pr-bot"; - Type = "oneshot"; - ExecStart = with pkgs; - let env = python3Packages.python.buildEnv.override { - extraLibs = [ python3Packages.PyGithub python3Packages.pyjwt python3Packages.colorama ]; - ignoreCollisions = true; - }; - in "${pkgs.writeShellScriptBin "run.sh" '' - ${env}/bin/python ${pkgs.writeScript "pr-autobot.py" "${readFile ./pr-autobot.py}"} --private-key /var/lib/auto-pr-bot/private-key.pem --app-id 19565 --installation-id 407088 --repo nyanloutre/nixpkgs --cache-dir /var/cache/auto-pr-bot --version 19.09 - ''}/bin/run.sh"; - }; - }; - - systemd.timers.auto-pr-bot = { - description = "Timer auto PR bot"; - requires = ["network-online.target"]; - wantedBy = ["multi-user.target"]; - timerConfig = { OnCalendar = "daily"; Unit = "auto-pr-bot.service"; }; - }; - - }; - -} diff --git a/services/pr-autobot.py b/services/pr-autobot.py deleted file mode 100755 index c97a2c9..0000000 --- a/services/pr-autobot.py +++ /dev/null @@ -1,75 +0,0 @@ -#!/usr/bin/env python - -import jwt, time, urllib.request, json, datetime, argparse, sys, textwrap -from github import Github -from colorama import Fore, Style -from time import sleep - -parser = argparse.ArgumentParser(description='Create PR to update nixpkgs fork') -parser.add_argument('--private-key') -parser.add_argument('--app-id') -parser.add_argument('--installation-id') -parser.add_argument('--repo') -parser.add_argument('--cache-dir') -parser.add_argument('--version') -args = vars(parser.parse_args()) - -channel_req = urllib.request.Request(url='https://nixos.org/channels/nixos-' + args["version"] + '/git-revision') -latest_commit = urllib.request.urlopen(channel_req).read().decode('utf-8') -try: - previous_commit = open(args['cache_dir'] + '/git-revision', 'r').read() -except FileNotFoundError: - open(args['cache_dir'] + '/git-revision', 'w').write(latest_commit) - print("Premier lancement, le hash du dernier commit à été sauvegardé") - sys.exit(0) - -print("Dernier commit : " + latest_commit) -print("Commit précédent : " + previous_commit) - -if latest_commit != previous_commit: - bearer_token = jwt.encode({ - 'iat': int(time.time()), - 'exp': int(time.time()) + (10 * 60), - 'iss': args['app_id'] - }, - open(args['private_key'],"r").read(), - algorithm='RS256') - - req = urllib.request.Request(url='https://api.github.com/app/installations/' + - args['installation_id'] + - '/access_tokens', - method='POST') - - req.add_header('Authorization', 'Bearer ' + bearer_token.decode('utf-8')) - req.add_header('Accept', 'application/vnd.github.machine-man-preview+json') - - token = json.loads(urllib.request.urlopen(req).read().decode('utf-8'))['token'] - - g = Github(token) - repo = g.get_repo(args['repo']) - - branch = "upgrade-" + datetime.datetime.now().strftime('%Y-%m-%d') + '-' + latest_commit[:11]; - - repo.create_git_ref('refs/heads/' + branch, latest_commit) - - pr_message = textwrap.dedent("""\ - ### Pull request automatique - ### Avancement mise à jour - - [ ] Fusionner la branche - """) - - pr = repo.create_pull(title=branch, body=pr_message, base='nixos-' + args["version"], head=branch) - - print("Pull request numéro " + str(pr.number) + " créée") - print("URL : " + pr.html_url) - - while pr.mergeable == None: - pr = repo.get_pull(pr.number) - sleep(1) - - pr.edit(body = pr.body + "\n- [ ] Exécuter `nixos-rebuild -I nixpkgs=https://github.com/nyanloutre/nixpkgs/archive/" + pr.merge_commit_sha + ".tar.gz switch`") - print("État : " + ((Fore.GREEN + "Fusionnable") if pr.mergeable else (Fore.RED + "Conflit")) + Style.RESET_ALL) - - open(args['cache_dir'] + '/git-revision', 'w').write(latest_commit) -else: - print(Fore.GREEN + "Aucun changement détecté" + Style.RESET_ALL) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 9b8d3d2..17e4955 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -40,6 +40,8 @@ in autoScrub.enable = true; }; + hardware.usbWwan.enable = true; + # eno1 -> VLAN100 -> Internet # eno2 -> LAN # eno3 -> Legacy client DHCP @@ -53,13 +55,22 @@ in persistent = true; extraConfig = '' interface bouyges + metric 10 noarp + interface enp0s21u2 + metric 999 ''; }; - vlans.bouyges = { - id = 100; - interface = "eno1"; + vlans = { + bouyges = { + id = 100; + interface = "eno1"; + }; + chinoiseries = { + id = 20; + interface = "eno2"; + }; }; interfaces = { @@ -73,6 +84,11 @@ in { address = "10.30.0.1"; prefixLength = 16; } ]; }; + chinoiseries = { + ipv4.addresses = [ + { address = "10.40.0.1"; prefixLength = 16; } + ]; + }; }; # NAT bouyges <-> eno2 @@ -81,8 +97,8 @@ in externalInterface = "bouyges"; # Permet d'utiliser le SNAT plus rapide au lieu de MASQUERADE # externalIP = "0.0.0.0"; - internalIPs = [ "10.30.0.0/16" ]; - internalInterfaces = [ "eno2" ]; + internalIPs = [ "10.30.0.0/16" "10.40.0.0/16" ]; + internalInterfaces = [ "eno2" "chinoiseries" ]; forwardPorts = [ { destination = "10.30.0.1:22"; proto = "tcp"; sourcePort = 8443;} { destination = "10.30.135.35:25565"; proto = "tcp"; sourcePort = 25565; loopbackIPs=[ "195.36.180.44" ];} @@ -109,19 +125,29 @@ in services.dhcpd4 = { enable = true; - interfaces = [ "eno2" ]; + interfaces = [ "eno2" "chinoiseries" ]; machines = [ { ethernetAddress = "50:c7:bf:b6:b8:ef"; hostName = "HS110"; ipAddress = "10.30.50.7"; } { ethernetAddress = "ac:1f:6b:4b:01:15"; hostName = "IPMI"; ipAddress = "10.30.1.1"; } { ethernetAddress = "00:1f:c6:6e:d1:f1"; hostName = "minecraftos"; ipAddress = "10.30.135.35"; } + { ethernetAddress = "b4:2e:99:ed:24:26"; hostName = "paul-fixe"; ipAddress = "10.30.135.71"; } + + # YeeLights + { ethernetAddress = "04:cf:8c:b5:7e:18"; hostName = "yeelink-light-color3_miap7e18"; ipAddress = "10.40.249.0"; } + { ethernetAddress = "04:cf:8c:b5:2d:28"; hostName = "yeelink-light-color3_miap2d28"; ipAddress = "10.40.249.1"; } + { ethernetAddress = "04:cf:8c:b5:71:04"; hostName = "yeelink-light-color3_miap7104"; ipAddress = "10.40.249.2"; } ]; extraConfig = '' option domain-name-servers 89.234.141.66, 80.67.169.12, 80.67.169.40; option subnet-mask 255.255.0.0; - option routers 10.30.0.1; subnet 10.30.0.0 netmask 255.255.0.0 { + option routers 10.30.0.1; range 10.30.50.0 10.30.250.0; } + subnet 10.40.0.0 netmask 255.255.0.0 { + option routers 10.40.0.1; + range 10.40.50.0 10.40.250.0; + } ''; }; @@ -133,8 +159,20 @@ in enable = true; permitRootLogin = "no"; passwordAuthentication = false; + forwardX11 = true; }; + users = { + groups.autossh = { }; + users.autossh = { + home = "/home/autossh"; + createHome = true; + group = "autossh"; + }; + }; + + services.autossh.sessions = [ { extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 loutre@vps772619.ovh.net"; monitoringPort = 20000; name = "backup-ssh-reverse"; user = "autossh"; } ]; + security.sudo.wheelNeedsPassword = false; system.stateVersion = "18.03"; diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index 712bb63..7bfc7fe 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -72,6 +72,11 @@ fsType = "zfs"; }; + fileSystems."/mnt/medias/incomplete" = + { device = "loutrepool/torrent-dl"; + fsType = "zfs"; + }; + fileSystems."/mnt/medias" = { device = "loutrepool/medias"; fsType = "zfs"; diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index 6b92d33..eea4617 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -10,6 +10,7 @@ rpc-host-whitelist = "*"; rpc-whitelist-enabled = false; peer-port = 51413; + incomplete-dir = "/mnt/medias/incomplete"; }; }; diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 3e1bd25..0a095c4 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -25,7 +25,6 @@ in { imports = [ ../../services/mail-server.nix - ../../services/auto-pr.nix ../../services/python-ci.nix ../../services/sdtdserver.nix ../../containers/vsftpd.nix @@ -35,10 +34,6 @@ in ./web.nix ]; - nixpkgs.overlays = [ - (import ../../overlays/dogetipbot-telegram.nix) - ]; - services = { fail2ban.enable = true; @@ -205,8 +200,6 @@ in }; }; - auto-pr.enable = true; - sdtdserver.enable = false; factorio = { @@ -240,23 +233,118 @@ in white-list = true; }; }; + + kresd = { + enable = true; + }; + + home-assistant = { + enable = true; + # package = pkgs.home-assistant.override { + # extraPackages = ps: with ps; [ aiohttp-cors netdisco zeroconf ]; + # }; + config = { + default_config = null; + yeelight.devices = { + "10.40.249.0".name = "Chambre"; + "10.40.249.1".name = "Bureau"; + "10.40.249.2".name = "Cuisine"; + }; + light = [ + { + platform = "group"; + name = "Salon"; + entities = [ + "light.bureau" + "light.cuisine" + ]; + } + ]; + media_player = [ + { + platform = "squeezebox"; + host = "10.30.0.1"; + } + ]; + switch = [ + { + platform = "wake_on_lan"; + name = "PC Fixe"; + mac = "b4:2e:99:ed:24:26"; + host = "10.30.135.71"; + broadcast_address = "10.30.255.255"; + } + ]; + automation = [ + { + alias = "Aziz lumière"; + trigger = [ + { + platform = "sun"; + event = "sunset"; + offset = "-01:00:00"; + } + { + platform = "state"; + entity_id = "person.paul"; + to = "home"; + } + ]; + condition = [ + { + condition = "state"; + entity_id = "person.paul"; + state = "home"; + } + { + condition = "time"; + after = "16:00:00"; + before = "23:00:00"; + } + ]; + action = { + service = "light.turn_on"; + entity_id = "light.salon"; + }; + } + { + alias = "Adios"; + trigger = { + platform = "state"; + entity_id = "person.paul"; + to = "not_home"; + }; + action = [ + { + service = "light.turn_off"; + entity_id = "all"; + } + { + service = "media_player.media_pause"; + entity_id = "all"; + } + ]; + } + ]; + }; + }; }; - systemd.services.dogetipbot-telegram = { + systemd.services.dogetipbot-telegram = let + dogetipbot-telegram = pkgs.callPackage (pkgs.fetchgit { + url = "https://gitlab.com/nyanloutre/dogetipbot-telegram.git"; + rev = "18c875a2e4b98221523818515a1eecb9c5aeb093"; + sha256 = "0mhv00y1c2py425wxl13if6nlv97xk5k6flf772jj1yaxipjdmpn"; + }) { inherit pkgs; }; + in { after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - script = "${pkgs.dogetipbot-telegram}/bin/dogetipbot-telegram --block-io-api-key $BLOCK_IO_API_KEY --block-io-pin $BLOCK_IO_PIN --telegram-api-key $TELEGRAM_API_KEY --network DOGE"; + script = "${dogetipbot-telegram}/bin/dogetipbot-telegram --db-path $STATE_DIRECTORY/users.db"; enable = true; serviceConfig = { EnvironmentFile = "/mnt/secrets/dogetipbot-telegram_env"; DynamicUser = true; - }; - }; - - systemd.services.matrix-synapse = { - serviceConfig = { - MemoryHigh = "3G"; - MemoryMax = "5G"; + StateDirectory = "dogetipbot"; }; }; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index a8f3399..f771e89 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -184,6 +184,11 @@ in "emby.nyanlout.re" = simpleReverse 8096; "ci.nyanlout.re" = simpleReverse 52350; "gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort; + "apart.nyanlout.re" = recursiveUpdate (simpleReverse config.services.home-assistant.port) { + locations."/" = { + proxyWebsockets = true; + }; + }; }; appendConfig = let rootLocation = config.services.nginx.virtualHosts."stream.nyanlout.re".locations."/".root;