nyanloutre/nixos-config
1
1
Fork 1
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: nyanloutre:9a0b1f679ce20543b00fefdd609858c1f12e4743
Branches Tags
nyanloutre:master
...
compare: nyanloutre:016da3ab5ab8778d3c300181c84b273f9a2bf4bb
Branches Tags
nyanloutre:master

9 Commits
9a0b1f679c ... 016da3ab5a

Author SHA1 Message Date
nyanloutre
016da3ab5a Désactivation limites matrix 2020-08-30 21:17:58 +02:00
nyanloutre
f77cb355b1 Installation home-assistant 2020-08-30 21:17:58 +02:00
nyanloutre
b6cf4e19de Activation daemon kresd 2020-08-30 21:17:58 +02:00
nyanloutre
976b1f1d6b LoutreOS: activation redirection X 2020-08-30 21:17:58 +02:00
nyanloutre
348f1f1aa2 supression module auto-pr 2020-08-30 21:17:58 +02:00
nyanloutre
233c85d8b6 Volume ZFS tunné torrent 2020-08-30 21:17:58 +02:00
nyanloutre
5c031c573d Ajout réseau spécial chinoiseries 2020-08-30 21:17:58 +02:00
nyanloutre
fbcf3bcac2 Migration dogetipbot depuis blockio vers wallet intégré 2020-08-30 21:17:58 +02:00
nyanloutre
798c2ca66c ajout SSH de secours 2020-08-30 21:17:58 +02:00
8 changed files with 160 additions and 151 deletions
Show Stats Expand all files Collapse all files

9
overlays/dogetipbot-telegram.nix
View File

@ -1,9 +0,0 @@
self: super:
{
dogetipbot-telegram = super.callPackage (super.fetchgit {
url = "https://gitlab.com/nyanloutre/dogetipbot-telegram.git";
rev = "a63408de18d447983d65a51f176c35e434327517";
sha256 = "12y7yd114cz64blgnyljpnnqbycsp0f1ljzaiqq05a5xa4pjvwyf";
}) { pkgs = self; };
}

44
services/auto-pr.nix
View File

@ -1,44 +0,0 @@
{lib, config, pkgs, ... }:
with lib;
let
cfg = config.services.auto-pr;
in
{
options.services.auto-pr = {
enable = mkEnableOption "Cron job PR mise à jour automatique";
};
config = mkIf cfg.enable {
systemd.services.auto-pr-bot = {
description = "Création d'un PR si mise à jour";
requires = ["network-online.target"];
environment = { HOME = "/var/lib/auto-pr-bot"; };
serviceConfig = {
DynamicUser = true;
CacheDirectory = "auto-pr-bot";
StateDirectory = "auto-pr-bot";
Type = "oneshot";
ExecStart = with pkgs;
let env = python3Packages.python.buildEnv.override {
extraLibs = [ python3Packages.PyGithub python3Packages.pyjwt python3Packages.colorama ];
ignoreCollisions = true;
};
in "${pkgs.writeShellScriptBin "run.sh" ''
${env}/bin/python ${pkgs.writeScript "pr-autobot.py" "${readFile ./pr-autobot.py}"} --private-key /var/lib/auto-pr-bot/private-key.pem --app-id 19565 --installation-id 407088 --repo nyanloutre/nixpkgs --cache-dir /var/cache/auto-pr-bot --version 19.09
''}/bin/run.sh";
};
};
systemd.timers.auto-pr-bot = {
description = "Timer auto PR bot";
requires = ["network-online.target"];
wantedBy = ["multi-user.target"];
timerConfig = { OnCalendar = "daily"; Unit = "auto-pr-bot.service"; };
};
};
}

75
services/pr-autobot.py
View File

@ -1,75 +0,0 @@
#!/usr/bin/env python
import jwt, time, urllib.request, json, datetime, argparse, sys, textwrap
from github import Github
from colorama import Fore, Style
from time import sleep
parser = argparse.ArgumentParser(description='Create PR to update nixpkgs fork')
parser.add_argument('--private-key')
parser.add_argument('--app-id')
parser.add_argument('--installation-id')
parser.add_argument('--repo')
parser.add_argument('--cache-dir')
parser.add_argument('--version')
args = vars(parser.parse_args())
channel_req = urllib.request.Request(url='https://nixos.org/channels/nixos-' + args["version"] + '/git-revision')
latest_commit = urllib.request.urlopen(channel_req).read().decode('utf-8')
try:
previous_commit = open(args['cache_dir'] + '/git-revision', 'r').read()
except FileNotFoundError:
open(args['cache_dir'] + '/git-revision', 'w').write(latest_commit)
print("Premier lancement, le hash du dernier commit à été sauvegardé")
sys.exit(0)
print("Dernier commit : " + latest_commit)
print("Commit précédent : " + previous_commit)
if latest_commit != previous_commit:
bearer_token = jwt.encode({
'iat': int(time.time()),
'exp': int(time.time()) + (10 * 60),
'iss': args['app_id']
},
open(args['private_key'],"r").read(),
algorithm='RS256')
req = urllib.request.Request(url='https://api.github.com/app/installations/' +
args['installation_id'] +
'/access_tokens',
method='POST')
req.add_header('Authorization', 'Bearer ' + bearer_token.decode('utf-8'))
req.add_header('Accept', 'application/vnd.github.machine-man-preview+json')
token = json.loads(urllib.request.urlopen(req).read().decode('utf-8'))['token']
g = Github(token)
repo = g.get_repo(args['repo'])
branch = "upgrade-" + datetime.datetime.now().strftime('%Y-%m-%d') + '-' + latest_commit[:11];
repo.create_git_ref('refs/heads/' + branch, latest_commit)
pr_message = textwrap.dedent("""\
### Pull request automatique
### Avancement mise à jour
- [ ] Fusionner la branche
""")
pr = repo.create_pull(title=branch, body=pr_message, base='nixos-' + args["version"], head=branch)
print("Pull request numéro " + str(pr.number) + " créée")
print("URL : " + pr.html_url)
while pr.mergeable == None:
pr = repo.get_pull(pr.number)
sleep(1)
pr.edit(body = pr.body + "\n- [ ] Exécuter `nixos-rebuild -I nixpkgs=https://github.com/nyanloutre/nixpkgs/archive/" + pr.merge_commit_sha + ".tar.gz switch`")
print("État : " + ((Fore.GREEN + "Fusionnable") if pr.mergeable else (Fore.RED + "Conflit")) + Style.RESET_ALL)
open(args['cache_dir'] + '/git-revision', 'w').write(latest_commit)
else:
print(Fore.GREEN + "Aucun changement détecté" + Style.RESET_ALL)

52
systems/LoutreOS/configuration.nix
View File

@ -40,6 +40,8 @@ in
autoScrub.enable = true;
};
hardware.usbWwan.enable = true;
# eno1 -> VLAN100 -> Internet
# eno2 -> LAN
# eno3 -> Legacy client DHCP
@ -53,13 +55,22 @@ in
persistent = true;
extraConfig = ''
interface bouyges
metric 10
noarp
interface enp0s21u2
metric 999
'';
};
vlans.bouyges = {
id = 100;
interface = "eno1";
vlans = {
bouyges = {
id = 100;
interface = "eno1";
};
chinoiseries = {
id = 20;
interface = "eno2";
};
};
interfaces = {
@ -73,6 +84,11 @@ in
{ address = "10.30.0.1"; prefixLength = 16; }
];
};
chinoiseries = {
ipv4.addresses = [
{ address = "10.40.0.1"; prefixLength = 16; }
];
};
};
# NAT bouyges <-> eno2
@ -81,8 +97,8 @@ in
externalInterface = "bouyges";
# Permet d'utiliser le SNAT plus rapide au lieu de MASQUERADE
# externalIP = "0.0.0.0";
internalIPs = [ "10.30.0.0/16" ];
internalInterfaces = [ "eno2" ];
internalIPs = [ "10.30.0.0/16" "10.40.0.0/16" ];
internalInterfaces = [ "eno2" "chinoiseries" ];
forwardPorts = [
{ destination = "10.30.0.1:22"; proto = "tcp"; sourcePort = 8443;}
{ destination = "10.30.135.35:25565"; proto = "tcp"; sourcePort = 25565; loopbackIPs=[ "195.36.180.44" ];}
@ -109,19 +125,29 @@ in
services.dhcpd4 = {
enable = true;
interfaces = [ "eno2" ];
interfaces = [ "eno2" "chinoiseries" ];
machines = [
{ ethernetAddress = "50:c7:bf:b6:b8:ef"; hostName = "HS110"; ipAddress = "10.30.50.7"; }
{ ethernetAddress = "ac:1f:6b:4b:01:15"; hostName = "IPMI"; ipAddress = "10.30.1.1"; }
{ ethernetAddress = "00:1f:c6:6e:d1:f1"; hostName = "minecraftos"; ipAddress = "10.30.135.35"; }
{ ethernetAddress = "b4:2e:99:ed:24:26"; hostName = "paul-fixe"; ipAddress = "10.30.135.71"; }
# YeeLights
{ ethernetAddress = "04:cf:8c:b5:7e:18"; hostName = "yeelink-light-color3_miap7e18"; ipAddress = "10.40.249.0"; }
{ ethernetAddress = "04:cf:8c:b5:2d:28"; hostName = "yeelink-light-color3_miap2d28"; ipAddress = "10.40.249.1"; }
{ ethernetAddress = "04:cf:8c:b5:71:04"; hostName = "yeelink-light-color3_miap7104"; ipAddress = "10.40.249.2"; }
];
extraConfig = ''
option domain-name-servers 89.234.141.66, 80.67.169.12, 80.67.169.40;
option subnet-mask 255.255.0.0;
option routers 10.30.0.1;
subnet 10.30.0.0 netmask 255.255.0.0 {
option routers 10.30.0.1;
range 10.30.50.0 10.30.250.0;
}
subnet 10.40.0.0 netmask 255.255.0.0 {
option routers 10.40.0.1;
range 10.40.50.0 10.40.250.0;
}
'';
};
@ -133,8 +159,20 @@ in
enable = true;
permitRootLogin = "no";
passwordAuthentication = false;
forwardX11 = true;
};
users = {
groups.autossh = { };
users.autossh = {
home = "/home/autossh";
createHome = true;
group = "autossh";
};
};
services.autossh.sessions = [ { extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 loutre@vps772619.ovh.net"; monitoringPort = 20000; name = "backup-ssh-reverse"; user = "autossh"; } ];
security.sudo.wheelNeedsPassword = false;
system.stateVersion = "18.03";

5
systems/LoutreOS/hardware-configuration.nix
View File

@ -72,6 +72,11 @@
fsType = "zfs";
};
fileSystems."/mnt/medias/incomplete" =
{ device = "loutrepool/torrent-dl";
fsType = "zfs";
};
fileSystems."/mnt/medias" =
{ device = "loutrepool/medias";
fsType = "zfs";

1
systems/LoutreOS/medias.nix
View File

@ -10,6 +10,7 @@
rpc-host-whitelist = "*";
rpc-whitelist-enabled = false;
peer-port = 51413;
incomplete-dir = "/mnt/medias/incomplete";
};
};

120
systems/LoutreOS/services.nix
View File

@ -25,7 +25,6 @@ in
{
imports = [
../../services/mail-server.nix
../../services/auto-pr.nix
../../services/python-ci.nix
../../services/sdtdserver.nix
../../containers/vsftpd.nix
@ -35,10 +34,6 @@ in
./web.nix
];
nixpkgs.overlays = [
(import ../../overlays/dogetipbot-telegram.nix)
];
services = {
fail2ban.enable = true;
@ -205,8 +200,6 @@ in
};
};
auto-pr.enable = true;
sdtdserver.enable = false;
factorio = {
@ -240,23 +233,118 @@ in
white-list = true;
};
};
kresd = {
enable = true;
};
home-assistant = {
enable = true;
# package = pkgs.home-assistant.override {
# extraPackages = ps: with ps; [ aiohttp-cors netdisco zeroconf ];
# };
config = {
default_config = null;
yeelight.devices = {
"10.40.249.0".name = "Chambre";
"10.40.249.1".name = "Bureau";
"10.40.249.2".name = "Cuisine";
};
light = [
{
platform = "group";
name = "Salon";
entities = [
"light.bureau"
"light.cuisine"
];
}
];
media_player = [
{
platform = "squeezebox";
host = "10.30.0.1";
}
];
switch = [
{
platform = "wake_on_lan";
name = "PC Fixe";
mac = "b4:2e:99:ed:24:26";
host = "10.30.135.71";
broadcast_address = "10.30.255.255";
}
];
automation = [
{
alias = "Aziz lumière";
trigger = [
{
platform = "sun";
event = "sunset";
offset = "-01:00:00";
}
{
platform = "state";
entity_id = "person.paul";
to = "home";
}
];
condition = [
{
condition = "state";
entity_id = "person.paul";
state = "home";
}
{
condition = "time";
after = "16:00:00";
before = "23:00:00";
}
];
action = {
service = "light.turn_on";
entity_id = "light.salon";
};
}
{
alias = "Adios";
trigger = {
platform = "state";
entity_id = "person.paul";
to = "not_home";
};
action = [
{
service = "light.turn_off";
entity_id = "all";
}
{
service = "media_player.media_pause";
entity_id = "all";
}
];
}
];
};
};
};
systemd.services.dogetipbot-telegram = {
systemd.services.dogetipbot-telegram = let
dogetipbot-telegram = pkgs.callPackage (pkgs.fetchgit {
url = "https://gitlab.com/nyanloutre/dogetipbot-telegram.git";
rev = "18c875a2e4b98221523818515a1eecb9c5aeb093";
sha256 = "0mhv00y1c2py425wxl13if6nlv97xk5k6flf772jj1yaxipjdmpn";
}) { inherit pkgs; };
in {
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
script = "${pkgs.dogetipbot-telegram}/bin/dogetipbot-telegram --block-io-api-key $BLOCK_IO_API_KEY --block-io-pin $BLOCK_IO_PIN --telegram-api-key $TELEGRAM_API_KEY --network DOGE";
script = "${dogetipbot-telegram}/bin/dogetipbot-telegram --db-path $STATE_DIRECTORY/users.db";
enable = true;
serviceConfig = {
EnvironmentFile = "/mnt/secrets/dogetipbot-telegram_env";
DynamicUser = true;
};
};
systemd.services.matrix-synapse = {
serviceConfig = {
MemoryHigh = "3G";
MemoryMax = "5G";
StateDirectory = "dogetipbot";
};
};

5
systems/LoutreOS/web.nix
View File

@ -184,6 +184,11 @@ in
"emby.nyanlout.re" = simpleReverse 8096;
"ci.nyanlout.re" = simpleReverse 52350;
"gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort;
"apart.nyanlout.re" = recursiveUpdate (simpleReverse config.services.home-assistant.port) {
locations."/" = {
proxyWebsockets = true;
};
};
};
appendConfig = let
rootLocation = config.services.nginx.virtualHosts."stream.nyanlout.re".locations."/".root;