envoi mail après backup

services/haproxy-acme.nix

@@ -13,9 +13,9 @@ let
       log /dev/log local1 notice
       user haproxy
       group haproxy
-      ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
+      ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
       ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
-      ssl-default-server-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
+      ssl-default-server-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
       ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
     defaults
       option forwardfor
@@ -58,6 +58,7 @@ let
         ''
         backend ${name}-backend
           mode http
+          ${value.extraBackend}
           ${(
             if value.socket == "" then
               ''
@@ -100,6 +101,7 @@ in
         port = mkOption { type = int; description = "Port number"; };
         socket = mkOption { type = str; description = "Emplacement du socket"; default = ""; };
         auth = mkOption { type = bool; description = "Enable authentification"; default = false; };
+        extraBackend = mkOption { type = str; description = "Options backend HaProxy suplémentaires"; default = ""; };
         extraAcls = mkOption { type = str; description = "ACL HaProxy suplémentaires"; default = ""; };
         aclBool = mkOption { type = str; description = "Logique d'authentification"; default = "!AUTH_OK"; };
       }; });

systems/LoutreOS/services.nix

@@ -12,15 +12,32 @@ let
   factorio_port = 52351;
   airsonic_port = 4040;
 
+  jellyfin_backend = ''
+    http-request set-header X-Forwarded-Port %[dst_port]
+    http-request add-header X-Forwarded-Proto https if { ssl_fc }
+  '';
+  sonarr_acl = ''
+    acl API path_beg /api
+  '';
+  sonarr_auth = ''
+    !AUTH_OK !API
+  '';
+
+  sendMail = to: subject: message: pkgs.writeShellScriptBin "mail.sh" ''
+    ${pkgs.system-sendmail}/bin/sendmail ${to} <<EOF
+    From: root@nyanlout.re
+    Subject: ${subject}
+    ${message}
+    EOF
+  '';
+
   login_mail_alert = pkgs.writeShellScriptBin "mail_alert.sh" ''
     if [ "$PAM_TYPE" != "close_session" ]; then
-    ${pkgs.system-sendmail}/bin/sendmail paul@nyanlout.re <<EOF
+      ${sendMail "paul@nyanlout.re" "SSH Login: $PAM_USER from $PAM_RHOST" "`env`"}
-    From: root@nyanlout.re
-    Subject: SSH Login: $PAM_USER from $PAM_RHOST
-    `env`
-    EOF
     fi
   '';
+
+  backup_mail_alert = sendMail "paul@nyanlout.re" "ERREUR: Sauvegarde Borg" "Impossible de terminer la sauvegarde. Merci de voir les logs";
 in
 
 {
@@ -60,9 +77,9 @@ in
       domaine = domaine;
       services = {
         "grafana.${domaine}" = { ip = "127.0.0.1"; port = 3000; auth = true; };
-        "emby.${domaine}" = { ip = "127.0.0.1"; port = 8096; auth = false; };
+        "emby.${domaine}" = { ip = "127.0.0.1"; port = 8096; auth = false; extraBackend = jellyfin_backend; };
-        "radarr.${domaine}" = { ip = "127.0.0.1"; port = 7878; auth = true; extraAcls = "acl API path_beg /api\n"; aclBool = "!AUTH_OK !API"; };
+        "radarr.${domaine}" = { ip = "127.0.0.1"; port = 7878; auth = true; extraAcls = sonarr_acl; aclBool = sonarr_auth; };
-        "sonarr.${domaine}" = { ip = "127.0.0.1"; port = 8989; auth = true; extraAcls = "acl API path_beg /api\n"; aclBool = "!AUTH_OK !API"; };
+        "sonarr.${domaine}" = { ip = "127.0.0.1"; port = 8989; auth = true; extraAcls = sonarr_acl; aclBool = sonarr_auth; };
         "transmission.${domaine}" = { ip = "127.0.0.1"; port = 9091; auth = true; };
         "syncthing.${domaine}" = { ip = "127.0.0.1"; port = 8384; auth = true; };
         "jackett.${domaine}" = { ip = "127.0.0.1"; port = 9117; auth = true; };
@@ -174,10 +191,7 @@ in
       };
     };
 
-    emby = {
+    jellyfin.enable = true;
-      enable = true;
-      dataDir = "/var/lib/emby/ProgramData-Server";
-    };
 
     slimserver = {
       enable = true;
@@ -308,7 +322,7 @@ in
         paths = [
           "/var/certs"
           "/var/dkim"
-          "/var/lib/emby"
+          "/var/lib/jellyfin"
           "/var/lib/gitea"
           "/var/lib/grafana"
           "/var/lib/jackett"
@@ -340,6 +354,8 @@ in
           ${pkgs.zfs}/bin/zfs destroy loutrepool/var/postgresql@borgsnap
           if [[ $exitStatus == 0 ]]; then
             ${pkgs.rclone}/bin/rclone --config /mnt/secrets/rclone_loutre.conf sync -v $BORG_REPO BackupStorage:loutre
+          else
+            ${backup_mail_alert}/bin/mail.sh
           fi
         '';
       };