Compare commits
3 Commits
a93d836d36
...
c0cdb3e29d
| Author | SHA1 | Date | |
|---|---|---|---|
| c0cdb3e29d | |||
| 0f0eedc57b | |||
| b98d0b5bb4 |
@ -13,9 +13,9 @@ let
|
||||
log /dev/log local1 notice
|
||||
user haproxy
|
||||
group haproxy
|
||||
ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
|
||||
ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
|
||||
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
|
||||
ssl-default-server-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
|
||||
ssl-default-server-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
|
||||
ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
|
||||
defaults
|
||||
option forwardfor
|
||||
@ -58,6 +58,7 @@ let
|
||||
''
|
||||
backend ${name}-backend
|
||||
mode http
|
||||
${value.extraBackend}
|
||||
${(
|
||||
if value.socket == "" then
|
||||
''
|
||||
@ -100,6 +101,7 @@ in
|
||||
port = mkOption { type = int; description = "Port number"; };
|
||||
socket = mkOption { type = str; description = "Emplacement du socket"; default = ""; };
|
||||
auth = mkOption { type = bool; description = "Enable authentification"; default = false; };
|
||||
extraBackend = mkOption { type = str; description = "Options backend HaProxy suplémentaires"; default = ""; };
|
||||
extraAcls = mkOption { type = str; description = "ACL HaProxy suplémentaires"; default = ""; };
|
||||
aclBool = mkOption { type = str; description = "Logique d'authentification"; default = "!AUTH_OK"; };
|
||||
}; });
|
||||
|
||||
@ -12,15 +12,32 @@ let
|
||||
factorio_port = 52351;
|
||||
airsonic_port = 4040;
|
||||
|
||||
jellyfin_backend = ''
|
||||
http-request set-header X-Forwarded-Port %[dst_port]
|
||||
http-request add-header X-Forwarded-Proto https if { ssl_fc }
|
||||
'';
|
||||
sonarr_acl = ''
|
||||
acl API path_beg /api
|
||||
'';
|
||||
sonarr_auth = ''
|
||||
!AUTH_OK !API
|
||||
'';
|
||||
|
||||
sendMail = to: subject: message: pkgs.writeShellScriptBin "mail.sh" ''
|
||||
${pkgs.system-sendmail}/bin/sendmail ${to} <<EOF
|
||||
From: root@nyanlout.re
|
||||
Subject: ${subject}
|
||||
${message}
|
||||
EOF
|
||||
'';
|
||||
|
||||
login_mail_alert = pkgs.writeShellScriptBin "mail_alert.sh" ''
|
||||
if [ "$PAM_TYPE" != "close_session" ]; then
|
||||
${pkgs.system-sendmail}/bin/sendmail paul@nyanlout.re <<EOF
|
||||
From: root@nyanlout.re
|
||||
Subject: SSH Login: $PAM_USER from $PAM_RHOST
|
||||
`env`
|
||||
EOF
|
||||
${sendMail "paul@nyanlout.re" "SSH Login: $PAM_USER from $PAM_RHOST" "`env`"}
|
||||
fi
|
||||
'';
|
||||
|
||||
backup_mail_alert = sendMail "paul@nyanlout.re" "ERREUR: Sauvegarde Borg" "Impossible de terminer la sauvegarde. Merci de voir les logs";
|
||||
in
|
||||
|
||||
{
|
||||
@ -60,9 +77,9 @@ in
|
||||
domaine = domaine;
|
||||
services = {
|
||||
"grafana.${domaine}" = { ip = "127.0.0.1"; port = 3000; auth = true; };
|
||||
"emby.${domaine}" = { ip = "127.0.0.1"; port = 8096; auth = false; };
|
||||
"radarr.${domaine}" = { ip = "127.0.0.1"; port = 7878; auth = true; extraAcls = "acl API path_beg /api\n"; aclBool = "!AUTH_OK !API"; };
|
||||
"sonarr.${domaine}" = { ip = "127.0.0.1"; port = 8989; auth = true; extraAcls = "acl API path_beg /api\n"; aclBool = "!AUTH_OK !API"; };
|
||||
"emby.${domaine}" = { ip = "127.0.0.1"; port = 8096; auth = false; extraBackend = jellyfin_backend; };
|
||||
"radarr.${domaine}" = { ip = "127.0.0.1"; port = 7878; auth = true; extraAcls = sonarr_acl; aclBool = sonarr_auth; };
|
||||
"sonarr.${domaine}" = { ip = "127.0.0.1"; port = 8989; auth = true; extraAcls = sonarr_acl; aclBool = sonarr_auth; };
|
||||
"transmission.${domaine}" = { ip = "127.0.0.1"; port = 9091; auth = true; };
|
||||
"syncthing.${domaine}" = { ip = "127.0.0.1"; port = 8384; auth = true; };
|
||||
"jackett.${domaine}" = { ip = "127.0.0.1"; port = 9117; auth = true; };
|
||||
@ -174,10 +191,7 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
emby = {
|
||||
enable = true;
|
||||
dataDir = "/var/lib/emby/ProgramData-Server";
|
||||
};
|
||||
jellyfin.enable = true;
|
||||
|
||||
slimserver = {
|
||||
enable = true;
|
||||
@ -308,7 +322,7 @@ in
|
||||
paths = [
|
||||
"/var/certs"
|
||||
"/var/dkim"
|
||||
"/var/lib/emby"
|
||||
"/var/lib/jellyfin"
|
||||
"/var/lib/gitea"
|
||||
"/var/lib/grafana"
|
||||
"/var/lib/jackett"
|
||||
@ -340,6 +354,8 @@ in
|
||||
${pkgs.zfs}/bin/zfs destroy loutrepool/var/postgresql@borgsnap
|
||||
if [[ $exitStatus == 0 ]]; then
|
||||
${pkgs.rclone}/bin/rclone --config /mnt/secrets/rclone_loutre.conf sync -v $BORG_REPO BackupStorage:loutre
|
||||
else
|
||||
${backup_mail_alert}/bin/mail.sh
|
||||
fi
|
||||
'';
|
||||
};
|
||||
|
||||
Loading…
Reference in New Issue
Block a user