From 798c2ca66cd030db079136f0e536943a0b0520ac Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 30 Aug 2020 16:25:51 +0200 Subject: [PATCH 1/9] ajout SSH de secours --- systems/LoutreOS/configuration.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 9b8d3d2..0c08867 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -40,6 +40,8 @@ in autoScrub.enable = true; }; + hardware.usbWwan.enable = true; + # eno1 -> VLAN100 -> Internet # eno2 -> LAN # eno3 -> Legacy client DHCP @@ -53,7 +55,10 @@ in persistent = true; extraConfig = '' interface bouyges + metric 10 noarp + interface enp0s21u2 + metric 999 ''; }; @@ -135,6 +140,17 @@ in passwordAuthentication = false; }; + users = { + groups.autossh = { }; + users.autossh = { + home = "/home/autossh"; + createHome = true; + group = "autossh"; + }; + }; + + services.autossh.sessions = [ { extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 loutre@vps772619.ovh.net"; monitoringPort = 20000; name = "backup-ssh-reverse"; user = "autossh"; } ]; + security.sudo.wheelNeedsPassword = false; system.stateVersion = "18.03"; From fbcf3bcac28355c09c44e2d2464b114b435903ae Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 30 Aug 2020 21:08:35 +0200 Subject: [PATCH 2/9] =?UTF-8?q?Migration=20dogetipbot=20depuis=20blockio?= =?UTF-8?q?=20vers=20wallet=20int=C3=A9gr=C3=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- overlays/dogetipbot-telegram.nix | 9 --------- systems/LoutreOS/services.nix | 15 +++++++++------ 2 files changed, 9 insertions(+), 15 deletions(-) delete mode 100644 overlays/dogetipbot-telegram.nix diff --git a/overlays/dogetipbot-telegram.nix b/overlays/dogetipbot-telegram.nix deleted file mode 100644 index 162b5f5..0000000 --- a/overlays/dogetipbot-telegram.nix +++ /dev/null @@ -1,9 +0,0 @@ -self: super: - -{ - dogetipbot-telegram = super.callPackage (super.fetchgit { - url = "https://gitlab.com/nyanloutre/dogetipbot-telegram.git"; - rev = "a63408de18d447983d65a51f176c35e434327517"; - sha256 = "12y7yd114cz64blgnyljpnnqbycsp0f1ljzaiqq05a5xa4pjvwyf"; - }) { pkgs = self; }; -} diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 3e1bd25..9325572 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -35,10 +35,6 @@ in ./web.nix ]; - nixpkgs.overlays = [ - (import ../../overlays/dogetipbot-telegram.nix) - ]; - services = { fail2ban.enable = true; @@ -242,14 +238,21 @@ in }; }; - systemd.services.dogetipbot-telegram = { + systemd.services.dogetipbot-telegram = let + dogetipbot-telegram = pkgs.callPackage (pkgs.fetchgit { + url = "https://gitlab.com/nyanloutre/dogetipbot-telegram.git"; + rev = "18c875a2e4b98221523818515a1eecb9c5aeb093"; + sha256 = "0mhv00y1c2py425wxl13if6nlv97xk5k6flf772jj1yaxipjdmpn"; + }) { inherit pkgs; }; + in { after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - script = "${pkgs.dogetipbot-telegram}/bin/dogetipbot-telegram --block-io-api-key $BLOCK_IO_API_KEY --block-io-pin $BLOCK_IO_PIN --telegram-api-key $TELEGRAM_API_KEY --network DOGE"; + script = "${dogetipbot-telegram}/bin/dogetipbot-telegram --db-path $STATE_DIRECTORY/users.db"; enable = true; serviceConfig = { EnvironmentFile = "/mnt/secrets/dogetipbot-telegram_env"; DynamicUser = true; + StateDirectory = "dogetipbot"; }; }; From 5c031c573dd8121305ae35be30650eac5cb236fa Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 30 Aug 2020 21:10:48 +0200 Subject: [PATCH 3/9] =?UTF-8?q?Ajout=20r=C3=A9seau=20sp=C3=A9cial=20chinoi?= =?UTF-8?q?series?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- systems/LoutreOS/configuration.nix | 35 ++++++++++++++++++++++++------ 1 file changed, 28 insertions(+), 7 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 0c08867..cfeb6b4 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -62,9 +62,15 @@ in ''; }; - vlans.bouyges = { - id = 100; - interface = "eno1"; + vlans = { + bouyges = { + id = 100; + interface = "eno1"; + }; + chinoiseries = { + id = 20; + interface = "eno2"; + }; }; interfaces = { @@ -78,6 +84,11 @@ in { address = "10.30.0.1"; prefixLength = 16; } ]; }; + chinoiseries = { + ipv4.addresses = [ + { address = "10.40.0.1"; prefixLength = 16; } + ]; + }; }; # NAT bouyges <-> eno2 @@ -86,8 +97,8 @@ in externalInterface = "bouyges"; # Permet d'utiliser le SNAT plus rapide au lieu de MASQUERADE # externalIP = "0.0.0.0"; - internalIPs = [ "10.30.0.0/16" ]; - internalInterfaces = [ "eno2" ]; + internalIPs = [ "10.30.0.0/16" "10.40.0.0/16" ]; + internalInterfaces = [ "eno2" "chinoiseries" ]; forwardPorts = [ { destination = "10.30.0.1:22"; proto = "tcp"; sourcePort = 8443;} { destination = "10.30.135.35:25565"; proto = "tcp"; sourcePort = 25565; loopbackIPs=[ "195.36.180.44" ];} @@ -114,19 +125,29 @@ in services.dhcpd4 = { enable = true; - interfaces = [ "eno2" ]; + interfaces = [ "eno2" "chinoiseries" ]; machines = [ { ethernetAddress = "50:c7:bf:b6:b8:ef"; hostName = "HS110"; ipAddress = "10.30.50.7"; } { ethernetAddress = "ac:1f:6b:4b:01:15"; hostName = "IPMI"; ipAddress = "10.30.1.1"; } { ethernetAddress = "00:1f:c6:6e:d1:f1"; hostName = "minecraftos"; ipAddress = "10.30.135.35"; } + { ethernetAddress = "b4:2e:99:ed:24:26"; hostName = "paul-fixe"; ipAddress = "10.30.135.71"; } + + # YeeLights + { ethernetAddress = "04:cf:8c:b5:7e:18"; hostName = "yeelink-light-color3_miap7e18"; ipAddress = "10.40.249.0"; } + { ethernetAddress = "04:cf:8c:b5:2d:28"; hostName = "yeelink-light-color3_miap2d28"; ipAddress = "10.40.249.1"; } + { ethernetAddress = "04:cf:8c:b5:71:04"; hostName = "yeelink-light-color3_miap7104"; ipAddress = "10.40.249.2"; } ]; extraConfig = '' option domain-name-servers 89.234.141.66, 80.67.169.12, 80.67.169.40; option subnet-mask 255.255.0.0; - option routers 10.30.0.1; subnet 10.30.0.0 netmask 255.255.0.0 { + option routers 10.30.0.1; range 10.30.50.0 10.30.250.0; } + subnet 10.40.0.0 netmask 255.255.0.0 { + option routers 10.40.0.1; + range 10.40.50.0 10.40.250.0; + } ''; }; From 233c85d8b6c4eae0fd926458f6b77f4689297ff6 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 30 Aug 2020 21:11:15 +0200 Subject: [PATCH 4/9] =?UTF-8?q?Volume=20ZFS=20tunn=C3=A9=20torrent?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- systems/LoutreOS/hardware-configuration.nix | 5 +++++ systems/LoutreOS/medias.nix | 1 + 2 files changed, 6 insertions(+) diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index 712bb63..7bfc7fe 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -72,6 +72,11 @@ fsType = "zfs"; }; + fileSystems."/mnt/medias/incomplete" = + { device = "loutrepool/torrent-dl"; + fsType = "zfs"; + }; + fileSystems."/mnt/medias" = { device = "loutrepool/medias"; fsType = "zfs"; diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index 6b92d33..eea4617 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -10,6 +10,7 @@ rpc-host-whitelist = "*"; rpc-whitelist-enabled = false; peer-port = 51413; + incomplete-dir = "/mnt/medias/incomplete"; }; }; From 348f1f1aa244cba01c4a8c7321a4dd0e0edf9d32 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 30 Aug 2020 21:14:33 +0200 Subject: [PATCH 5/9] supression module auto-pr --- services/auto-pr.nix | 44 -------------------- services/pr-autobot.py | 75 ----------------------------------- systems/LoutreOS/services.nix | 3 -- 3 files changed, 122 deletions(-) delete mode 100644 services/auto-pr.nix delete mode 100755 services/pr-autobot.py diff --git a/services/auto-pr.nix b/services/auto-pr.nix deleted file mode 100644 index 6e80885..0000000 --- a/services/auto-pr.nix +++ /dev/null @@ -1,44 +0,0 @@ -{lib, config, pkgs, ... }: - -with lib; - -let - cfg = config.services.auto-pr; -in -{ - options.services.auto-pr = { - enable = mkEnableOption "Cron job PR mise à jour automatique"; - }; - - config = mkIf cfg.enable { - - systemd.services.auto-pr-bot = { - description = "Création d'un PR si mise à jour"; - requires = ["network-online.target"]; - environment = { HOME = "/var/lib/auto-pr-bot"; }; - serviceConfig = { - DynamicUser = true; - CacheDirectory = "auto-pr-bot"; - StateDirectory = "auto-pr-bot"; - Type = "oneshot"; - ExecStart = with pkgs; - let env = python3Packages.python.buildEnv.override { - extraLibs = [ python3Packages.PyGithub python3Packages.pyjwt python3Packages.colorama ]; - ignoreCollisions = true; - }; - in "${pkgs.writeShellScriptBin "run.sh" '' - ${env}/bin/python ${pkgs.writeScript "pr-autobot.py" "${readFile ./pr-autobot.py}"} --private-key /var/lib/auto-pr-bot/private-key.pem --app-id 19565 --installation-id 407088 --repo nyanloutre/nixpkgs --cache-dir /var/cache/auto-pr-bot --version 19.09 - ''}/bin/run.sh"; - }; - }; - - systemd.timers.auto-pr-bot = { - description = "Timer auto PR bot"; - requires = ["network-online.target"]; - wantedBy = ["multi-user.target"]; - timerConfig = { OnCalendar = "daily"; Unit = "auto-pr-bot.service"; }; - }; - - }; - -} diff --git a/services/pr-autobot.py b/services/pr-autobot.py deleted file mode 100755 index c97a2c9..0000000 --- a/services/pr-autobot.py +++ /dev/null @@ -1,75 +0,0 @@ -#!/usr/bin/env python - -import jwt, time, urllib.request, json, datetime, argparse, sys, textwrap -from github import Github -from colorama import Fore, Style -from time import sleep - -parser = argparse.ArgumentParser(description='Create PR to update nixpkgs fork') -parser.add_argument('--private-key') -parser.add_argument('--app-id') -parser.add_argument('--installation-id') -parser.add_argument('--repo') -parser.add_argument('--cache-dir') -parser.add_argument('--version') -args = vars(parser.parse_args()) - -channel_req = urllib.request.Request(url='https://nixos.org/channels/nixos-' + args["version"] + '/git-revision') -latest_commit = urllib.request.urlopen(channel_req).read().decode('utf-8') -try: - previous_commit = open(args['cache_dir'] + '/git-revision', 'r').read() -except FileNotFoundError: - open(args['cache_dir'] + '/git-revision', 'w').write(latest_commit) - print("Premier lancement, le hash du dernier commit à été sauvegardé") - sys.exit(0) - -print("Dernier commit : " + latest_commit) -print("Commit précédent : " + previous_commit) - -if latest_commit != previous_commit: - bearer_token = jwt.encode({ - 'iat': int(time.time()), - 'exp': int(time.time()) + (10 * 60), - 'iss': args['app_id'] - }, - open(args['private_key'],"r").read(), - algorithm='RS256') - - req = urllib.request.Request(url='https://api.github.com/app/installations/' + - args['installation_id'] + - '/access_tokens', - method='POST') - - req.add_header('Authorization', 'Bearer ' + bearer_token.decode('utf-8')) - req.add_header('Accept', 'application/vnd.github.machine-man-preview+json') - - token = json.loads(urllib.request.urlopen(req).read().decode('utf-8'))['token'] - - g = Github(token) - repo = g.get_repo(args['repo']) - - branch = "upgrade-" + datetime.datetime.now().strftime('%Y-%m-%d') + '-' + latest_commit[:11]; - - repo.create_git_ref('refs/heads/' + branch, latest_commit) - - pr_message = textwrap.dedent("""\ - ### Pull request automatique - ### Avancement mise à jour - - [ ] Fusionner la branche - """) - - pr = repo.create_pull(title=branch, body=pr_message, base='nixos-' + args["version"], head=branch) - - print("Pull request numéro " + str(pr.number) + " créée") - print("URL : " + pr.html_url) - - while pr.mergeable == None: - pr = repo.get_pull(pr.number) - sleep(1) - - pr.edit(body = pr.body + "\n- [ ] Exécuter `nixos-rebuild -I nixpkgs=https://github.com/nyanloutre/nixpkgs/archive/" + pr.merge_commit_sha + ".tar.gz switch`") - print("État : " + ((Fore.GREEN + "Fusionnable") if pr.mergeable else (Fore.RED + "Conflit")) + Style.RESET_ALL) - - open(args['cache_dir'] + '/git-revision', 'w').write(latest_commit) -else: - print(Fore.GREEN + "Aucun changement détecté" + Style.RESET_ALL) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 9325572..699cffd 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -25,7 +25,6 @@ in { imports = [ ../../services/mail-server.nix - ../../services/auto-pr.nix ../../services/python-ci.nix ../../services/sdtdserver.nix ../../containers/vsftpd.nix @@ -201,8 +200,6 @@ in }; }; - auto-pr.enable = true; - sdtdserver.enable = false; factorio = { From 976b1f1d6b32cca357b3b67d4aac48f2ccdff627 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 30 Aug 2020 21:14:55 +0200 Subject: [PATCH 6/9] LoutreOS: activation redirection X --- systems/LoutreOS/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index cfeb6b4..17e4955 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -159,6 +159,7 @@ in enable = true; permitRootLogin = "no"; passwordAuthentication = false; + forwardX11 = true; }; users = { From b6cf4e19de4fcfe0bb163962369cf55a03644a48 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 30 Aug 2020 21:15:31 +0200 Subject: [PATCH 7/9] Activation daemon kresd --- systems/LoutreOS/services.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 699cffd..a5aa63d 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -233,6 +233,10 @@ in white-list = true; }; }; + + kresd = { + enable = true; + }; }; systemd.services.dogetipbot-telegram = let From f77cb355b1fb3233709dc39d5b2cf14f47d48c3f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 30 Aug 2020 21:16:41 +0200 Subject: [PATCH 8/9] Installation home-assistant --- systems/LoutreOS/services.nix | 91 +++++++++++++++++++++++++++++++++++ systems/LoutreOS/web.nix | 5 ++ 2 files changed, 96 insertions(+) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index a5aa63d..5fec541 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -237,6 +237,97 @@ in kresd = { enable = true; }; + + home-assistant = { + enable = true; + # package = pkgs.home-assistant.override { + # extraPackages = ps: with ps; [ aiohttp-cors netdisco zeroconf ]; + # }; + config = { + default_config = null; + yeelight.devices = { + "10.40.249.0".name = "Chambre"; + "10.40.249.1".name = "Bureau"; + "10.40.249.2".name = "Cuisine"; + }; + light = [ + { + platform = "group"; + name = "Salon"; + entities = [ + "light.bureau" + "light.cuisine" + ]; + } + ]; + media_player = [ + { + platform = "squeezebox"; + host = "10.30.0.1"; + } + ]; + switch = [ + { + platform = "wake_on_lan"; + name = "PC Fixe"; + mac = "b4:2e:99:ed:24:26"; + host = "10.30.135.71"; + broadcast_address = "10.30.255.255"; + } + ]; + automation = [ + { + alias = "Aziz lumière"; + trigger = [ + { + platform = "sun"; + event = "sunset"; + offset = "-01:00:00"; + } + { + platform = "state"; + entity_id = "person.paul"; + to = "home"; + } + ]; + condition = [ + { + condition = "state"; + entity_id = "person.paul"; + state = "home"; + } + { + condition = "time"; + after = "16:00:00"; + before = "23:00:00"; + } + ]; + action = { + service = "light.turn_on"; + entity_id = "light.salon"; + }; + } + { + alias = "Adios"; + trigger = { + platform = "state"; + entity_id = "person.paul"; + to = "not_home"; + }; + action = [ + { + service = "light.turn_off"; + entity_id = "all"; + } + { + service = "media_player.media_pause"; + entity_id = "all"; + } + ]; + } + ]; + }; + }; }; systemd.services.dogetipbot-telegram = let diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index a8f3399..f771e89 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -184,6 +184,11 @@ in "emby.nyanlout.re" = simpleReverse 8096; "ci.nyanlout.re" = simpleReverse 52350; "gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort; + "apart.nyanlout.re" = recursiveUpdate (simpleReverse config.services.home-assistant.port) { + locations."/" = { + proxyWebsockets = true; + }; + }; }; appendConfig = let rootLocation = config.services.nginx.virtualHosts."stream.nyanlout.re".locations."/".root; From 016da3ab5ab8778d3c300181c84b273f9a2bf4bb Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 30 Aug 2020 21:16:54 +0200 Subject: [PATCH 9/9] =?UTF-8?q?D=C3=A9sactivation=20limites=20matrix?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- systems/LoutreOS/services.nix | 7 ------- 1 file changed, 7 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 5fec541..0a095c4 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -348,13 +348,6 @@ in }; }; - systemd.services.matrix-synapse = { - serviceConfig = { - MemoryHigh = "3G"; - MemoryMax = "5G"; - }; - }; - # systemd.services.minecraft-overviewer = # let # clientJar = pkgs.fetchurl {