From 418a7ba10765bd9925b49666a7e899551e47c5e9 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 Jun 2022 08:16:01 +0200 Subject: [PATCH 001/240] configure hetzner backup --- systems/LoutreOS/services.nix | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 425592e..34f7597 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -239,7 +239,8 @@ in "/var/lib/radarr/.config/Radarr/radarr.db-wal" "/var/lib/radarr/.config/Radarr/radarr.db-shm" ]; - repo = "/mnt/backup/borg"; + repo = "ssh://u306925@u306925.your-storagebox.de:23/./loutreos"; + environment = { BORG_RSH = "ssh -i /mnt/secrets/hetzner_ssh_key"; }; encryption = { mode = "repokey-blake2"; passCommand = "cat /mnt/secrets/borgbackup_loutre_encryption_pass"; @@ -254,11 +255,6 @@ in readWritePaths = [ "/var/lib/postfix/queue/maildrop" ]; postHook = '' ${pkgs.zfs}/bin/zfs destroy loutrepool/var/postgresql@borgsnap - if [[ $exitStatus == 0 ]]; then - ${pkgs.rclone}/bin/rclone --config /mnt/secrets/rclone_loutre.conf sync -v $BORG_REPO BackupStorage:default - else - ${backup_mail_alert}/bin/mail.sh - fi ''; }; }; From a21636baa2f1593c245e54f68fcea8c01ff18a96 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 30 Jun 2022 18:58:34 +0200 Subject: [PATCH 002/240] reduce frequency of high IO operations --- systems/LoutreOS/configuration.nix | 5 ++++- systems/LoutreOS/monitoring.nix | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index cf299f5..28e111c 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -32,7 +32,10 @@ services.zfs = { autoSnapshot.enable = true; - autoScrub.enable = true; + autoScrub = { + enable = true; + interval = "monthly"; + }; }; hardware.usbWwan.enable = true; diff --git a/systems/LoutreOS/monitoring.nix b/systems/LoutreOS/monitoring.nix index 29915d2..a2120f0 100644 --- a/systems/LoutreOS/monitoring.nix +++ b/systems/LoutreOS/monitoring.nix @@ -7,7 +7,7 @@ in services = { smartd = { enable = true; - defaults.monitored = "-a -o on -s (S/../.././02|L/../../1/04)"; + defaults.monitored = "-a -o on -s (S/../.././02|L/../15/./02)"; notifications.mail = { enable = true; recipient = "paul@nyanlout.re"; From 29e12eed94e7fdb671156b58b2c1751ac43c5d01 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 30 Jun 2022 19:57:50 +0200 Subject: [PATCH 003/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/a119e218ad27bea32057a3463e3694a61c9e3802' (2022-06-13) → 'github:NixOS/nixpkgs/be6da3774db3746e6ae94bf412dd3707e35b2800' (2022-06-29) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/914ef51ffa88d9b386c71bdc88bffc5273c08ada' (2022-06-12) → 'github:NixOS/nixpkgs/cf3ab54b4afe2b7477faa1dd0b65bf74c055d70c' (2022-06-29) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 9ba50c8..56978de 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1655096306, - "narHash": "sha256-3B3zBaQVLL956deZgmucouvkZroObQ4JKHzbIfFS9/c=", + "lastModified": 1656500841, + "narHash": "sha256-13IRoh3uu29S4IfoVO6Sb0UPwzDhSqXoBKKQ4ssEzF0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a119e218ad27bea32057a3463e3694a61c9e3802", + "rev": "be6da3774db3746e6ae94bf412dd3707e35b2800", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1655043425, - "narHash": "sha256-A+oT+aQGhW5lXy8H0cqBLsYtgcnT5glmGOXWQDcGw6I=", + "lastModified": 1656461576, + "narHash": "sha256-rlmmw6lIlkMQIiB+NsnO8wQYWTfle8TA41UREPLP5VY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "914ef51ffa88d9b386c71bdc88bffc5273c08ada", + "rev": "cf3ab54b4afe2b7477faa1dd0b65bf74c055d70c", "type": "github" }, "original": { From d5c54d97c5aeec9ec5a56661540d971ba9662892 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 4 Jul 2022 22:33:55 +0200 Subject: [PATCH 004/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/be6da3774db3746e6ae94bf412dd3707e35b2800' (2022-06-29) → 'github:NixOS/nixpkgs/09c32b0bda4db98d6454e910206188e85d5b04cc' (2022-07-02) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/cf3ab54b4afe2b7477faa1dd0b65bf74c055d70c' (2022-06-29) → 'github:NixOS/nixpkgs/0ea7a8f1b939d74e5df8af9a8f7342097cdf69eb' (2022-07-02) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 56978de..294f935 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1656500841, - "narHash": "sha256-13IRoh3uu29S4IfoVO6Sb0UPwzDhSqXoBKKQ4ssEzF0=", + "lastModified": 1656754140, + "narHash": "sha256-8thJUtZWIimyBtkYQ0tdmmnH0yJvOaw1K5W3OgKc6/A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "be6da3774db3746e6ae94bf412dd3707e35b2800", + "rev": "09c32b0bda4db98d6454e910206188e85d5b04cc", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1656461576, - "narHash": "sha256-rlmmw6lIlkMQIiB+NsnO8wQYWTfle8TA41UREPLP5VY=", + "lastModified": 1656753965, + "narHash": "sha256-BCrB3l0qpJokOnIVc3g2lHiGhnjUi0MoXiw6t1o8H1E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cf3ab54b4afe2b7477faa1dd0b65bf74c055d70c", + "rev": "0ea7a8f1b939d74e5df8af9a8f7342097cdf69eb", "type": "github" }, "original": { From 371f28a7197e13568d52caaa137b1761c448bbe7 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 4 Jul 2022 23:38:41 +0200 Subject: [PATCH 005/240] LoutreOS: use unstable Jellyfin --- systems/LoutreOS/medias.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index c0bf930..60193b4 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, inputs, ... }: { services = { @@ -22,7 +22,7 @@ jellyfin = { enable = true; - package = pkgs.jellyfin; + package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.jellyfin; }; navidrome = { From c937ecd33cd9e99aa4a3228b4865073bd877f50d Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 4 Jul 2022 23:39:05 +0200 Subject: [PATCH 006/240] LoutreOS: update Postgresql to 14 --- systems/LoutreOS/web.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 8055900..ce8599f 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -300,6 +300,7 @@ in postgresql = { enable = true; + package = pkgs.postgresql_14; settings = { full_page_writes = false; }; From 580c33acbaad339bdf530db323804c25f91a0baa Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 5 Jul 2022 20:09:13 +0200 Subject: [PATCH 007/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/09c32b0bda4db98d6454e910206188e85d5b04cc' (2022-07-02) → 'github:NixOS/nixpkgs/e8d47977286a44955262adbc76f2c8a66e7419d5' (2022-07-04) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/0ea7a8f1b939d74e5df8af9a8f7342097cdf69eb' (2022-07-02) → 'github:NixOS/nixpkgs/18b14a254dca6b68ca0ce2ce885ce2b550065799' (2022-07-03) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 294f935..e513dfb 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1656754140, - "narHash": "sha256-8thJUtZWIimyBtkYQ0tdmmnH0yJvOaw1K5W3OgKc6/A=", + "lastModified": 1656947410, + "narHash": "sha256-htDR/PZvjUJGyrRJsVqDmXR8QeoswBaRLzHt13fd0iY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "09c32b0bda4db98d6454e910206188e85d5b04cc", + "rev": "e8d47977286a44955262adbc76f2c8a66e7419d5", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1656753965, - "narHash": "sha256-BCrB3l0qpJokOnIVc3g2lHiGhnjUi0MoXiw6t1o8H1E=", + "lastModified": 1656835607, + "narHash": "sha256-zONMAG6JSfGyW20AsVWGnlZwNWws6Q/7IT0oDNGc1xY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0ea7a8f1b939d74e5df8af9a8f7342097cdf69eb", + "rev": "18b14a254dca6b68ca0ce2ce885ce2b550065799", "type": "github" }, "original": { From 7edc31423437fff95d114e38911f15d4d726e86a Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 5 Jul 2022 20:10:31 +0200 Subject: [PATCH 008/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/685d243d971c4f9655c981036b9c7bafdb728a0d' (2022-05-19) → 'github:NixOS/nixpkgs/573603b7fdb9feb0eb8efc16ee18a015c667ab1b' (2022-07-02) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/48037fd90426e44e4bf03e6479e88a11453b9b66' (2022-05-18) → 'github:NixOS/nixpkgs/18b14a254dca6b68ca0ce2ce885ce2b550065799' (2022-07-03) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 034c4bc..9060e52 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1652975354, - "narHash": "sha256-qP1DpEYQdSq7NZ542TSHffIT6xGm7MaSMG9faQWPcg0=", + "lastModified": 1656782578, + "narHash": "sha256-1eMCBEqJplPotTo/SZ/t5HU6Sf2I8qKlZi9MX7jv9fw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "685d243d971c4f9655c981036b9c7bafdb728a0d", + "rev": "573603b7fdb9feb0eb8efc16ee18a015c667ab1b", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1652885393, - "narHash": "sha256-YIgvvlk4iQ1Hi7KD9o5gsojc+ApB+jiH1d5stK8uXiw=", + "lastModified": 1656835607, + "narHash": "sha256-zONMAG6JSfGyW20AsVWGnlZwNWws6Q/7IT0oDNGc1xY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "48037fd90426e44e4bf03e6479e88a11453b9b66", + "rev": "18b14a254dca6b68ca0ce2ce885ce2b550065799", "type": "github" }, "original": { From fe517173363af7547b7d6ba11703d698a9370791 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 5 Jul 2022 20:25:00 +0200 Subject: [PATCH 009/240] LoutreOS: update nixos-mailserver --- flake.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 28f27a2..38aa468 100644 --- a/flake.nix +++ b/flake.nix @@ -4,10 +4,10 @@ nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; utils.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.3.1"; simple-nixos-mailserver = { - url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.11"; + url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.05"; inputs = { nixpkgs.follows = "nixpkgs-unstable"; - nixpkgs-21_11.follows = "nixpkgs"; + nixpkgs-22_05.follows = "nixpkgs"; }; }; dogetipbot-telegram = { From 4f0c846880194dd9ca2e5bfc0139b690ac7b83d3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 5 Jul 2022 20:25:04 +0200 Subject: [PATCH 010/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/6e3a7b2ea6f0d68b82027b988aa25d3423787303' (2021-12-07) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/f535d8123c4761b2ed8138f3d202ea710a334a1d' (2022-06-22) • Removed input 'simple-nixos-mailserver/nixpkgs-21_05' • Removed input 'simple-nixos-mailserver/nixpkgs-21_11' • Added input 'simple-nixos-mailserver/nixpkgs-22_05': follows 'nixpkgs' --- flake.lock | 26 +++++--------------------- 1 file changed, 5 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index e513dfb..7593ec2 100644 --- a/flake.lock +++ b/flake.lock @@ -88,21 +88,6 @@ "type": "indirect" } }, - "nixpkgs-21_05": { - "locked": { - "lastModified": 1625692408, - "narHash": "sha256-e9L3TLLDVIJpMnHtiNHJE62oOh6emRtSZ244bgYJUZs=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "c06613c25df3fe1dd26243847a3c105cf6770627", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-21.05", - "type": "indirect" - } - }, "nixpkgs-unstable": { "locked": { "lastModified": 1656835607, @@ -134,23 +119,22 @@ "nixpkgs": [ "nixpkgs-unstable" ], - "nixpkgs-21_05": "nixpkgs-21_05", - "nixpkgs-21_11": [ + "nixpkgs-22_05": [ "nixpkgs" ], "utils": "utils" }, "locked": { - "lastModified": 1638911354, - "narHash": "sha256-hNhzLOp+dApEY15vwLAQZu+sjEQbJcOXCaSfAT6lpsQ=", + "lastModified": 1655930346, + "narHash": "sha256-ht56HHOzEhjeIgAv5ZNFjSVX/in1YlUs0HG9c1EUXTM=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "6e3a7b2ea6f0d68b82027b988aa25d3423787303", + "rev": "f535d8123c4761b2ed8138f3d202ea710a334a1d", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-21.11", + "ref": "nixos-22.05", "repo": "nixos-mailserver", "type": "gitlab" } From be051f67d3f7ab090935898726e0c5e52acbe5b8 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 5 Jul 2022 20:40:48 +0200 Subject: [PATCH 011/240] LoutreOS: disable redis --- systems/LoutreOS/services.nix | 2 +- systems/LoutreOS/web.nix | 26 +++++++++++++------------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 2411cb4..be75dfe 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -90,7 +90,7 @@ in secure_ip = ["0.0.0.0/0"]; ''; - redis.enable = true; + # redis.enable = true; logrotate = { enable = true; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index ce8599f..dc20e52 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -65,19 +65,19 @@ in services = { phpfpm.pools = { - work = { - user = config.users.users.work.name; - phpPackage = pkgs.php.withExtensions ({ all, ... }: with all; [ redis filter ]); - settings = { - "listen.owner" = config.services.nginx.user; - "pm" = "dynamic"; - "pm.max_children" = 75; - "pm.start_servers" = 10; - "pm.min_spare_servers" = 5; - "pm.max_spare_servers" = 20; - "pm.max_requests" = 500; - }; - }; + # work = { + # user = config.users.users.work.name; + # phpPackage = pkgs.php.withExtensions ({ all, ... }: with all; [ redis filter ]); + # settings = { + # "listen.owner" = config.services.nginx.user; + # "pm" = "dynamic"; + # "pm.max_children" = 75; + # "pm.start_servers" = 10; + # "pm.min_spare_servers" = 5; + # "pm.max_spare_servers" = 20; + # "pm.max_requests" = 500; + # }; + # }; drive = { user = config.users.users.webdav.name; settings = { From 349d25b20103faa33eaf90320b6c00507e8099b3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 5 Jul 2022 20:41:04 +0200 Subject: [PATCH 012/240] LoutreOS: keep default logrotate config --- systems/LoutreOS/services.nix | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index be75dfe..ce7f4aa 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -92,20 +92,8 @@ in # redis.enable = true; - logrotate = { - enable = true; - paths = { - nginx = { - path = "/var/log/nginx/*.log"; - user = config.services.nginx.user; - group = config.services.nginx.group; - keep = 7; - extraConfig = '' - compress - ''; - }; - }; - }; + # enable with nginx defult config + logrotate.enable = true; fail2ban.enable = true; From 89a8d3baa6ef7d39a435994d3186fbc9f5546164 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 5 Jul 2022 20:41:35 +0200 Subject: [PATCH 013/240] LoutreOS: fix acme config --- systems/LoutreOS/web.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index dc20e52..7917507 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -44,7 +44,7 @@ let in { security.acme = { - email = "paul@nyanlout.re"; + defaults.email = "paul@nyanlout.re"; acceptTerms = true; }; From 8c8795cd2a1cdc07db1eda5ac65ca0b319005701 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 5 Jul 2022 21:45:28 +0200 Subject: [PATCH 014/240] LoutreOS: update PostgreSQL from 9.6 to 14 --- systems/LoutreOS/web.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index a880437..15ecb4d 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -300,6 +300,7 @@ in postgresql = { enable = true; + package = pkgs.postgresql_14; settings = { full_page_writes = false; }; From 5a479bbe032ac72015f9f8c57ce3cb715503f4d0 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 5 Jul 2022 21:46:18 +0200 Subject: [PATCH 015/240] LoutreOS: disable syncthing --- systems/LoutreOS/services.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 34f7597..64440dc 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -111,12 +111,6 @@ in fstrim.enable = true; - syncthing = { - enable = true; - dataDir = "/var/lib/syncthing"; - openDefaultPorts = true; - }; - nfs.server = { enable = true; exports = '' From e35f6defa0a757e59a371fd40140f5eb873eba99 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 5 Jul 2022 21:50:05 +0200 Subject: [PATCH 016/240] LoutreOS: remove unused game servers --- systems/LoutreOS/services.nix | 65 ----------------------------------- 1 file changed, 65 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index f5a7718..5042676 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -168,40 +168,6 @@ in }; }; - sdtdserver.enable = false; - - factorio = { - enable = false; - autosave-interval = 10; - game-name = "Shame"; - public = true; - username = "nyanloutre"; - }; - - minecraft-server = { - enable = false; - jvmOpts = "-Xms512m -Xmx3072m"; - eula = true; - declarative = true; - openFirewall = true; - whitelist = { - nyanloutre = "db0669ea-e332-4ca3-8d50-f5d1458f5822"; - Hautension = "f05677f4-be5a-47df-ad77-21c739180aa2"; - LordDarkKiwi = "79290cfc-0b00-484f-9c94-ab0786402de6"; - Madahin = "f5f747e3-fac2-43e8-9b9b-a67dc2f368ff"; - Hopegcx = "4497f759-2210-48db-8764-307d33011442"; - wyrd68 = "127a3021-cdc1-419f-9010-4651df9ae3af"; - sparsyateloutre = "d2ff63c1-4e9f-4b21-9bfc-decce5d987b3"; - }; - serverProperties = { - difficulty = 2; - gamemode = 0; - max-players = 50; - motd = "Hi Mark !"; - white-list = true; - }; - }; - kresd = { enable = true; }; @@ -570,37 +536,6 @@ in ipmihddtemp.enable = true; - # systemd.services.minecraft-overviewer = - # let - # clientJar = pkgs.fetchurl { - # url = "https://overviewer.org/textures/1.14"; - # sha256 = "0fij9wac7vj6h0kd3mfhqpn0w9gl8pbs9vs9s085zajm0szpr44k"; - # name = "client.jar"; - # }; - # configFile = pkgs.runCommand "overviewer-config" { CLIENT_JAR = clientJar; } '' - # substitute ${./config-overviewer.py} $out \ - # --subst-var CLIENT_JAR - # ''; - # in - # { - # script = '' - # ${pkgs.minecraft-overviewer}/bin/overviewer.py --config ${configFile} - # ${pkgs.minecraft-overviewer}/bin/overviewer.py --config ${configFile} --genpoi - # rm /var/www/minecraft-overviewer/progress.json - # ''; - # serviceConfig = { - # User = "nginx"; - # Group = "nginx"; - # }; - # }; - - # systemd.timers.minecraft-overviewer = { - # wantedBy = [ "multi-user.target" ]; - # timerConfig = { - # OnCalendar = "*-*-* 04:00:00"; - # }; - # }; - # systemd.packages = with pkgs; [ # tgt # ]; From 4371eb399bef7cee221eefd6d69b83ba5bbc08f0 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 5 Jul 2022 21:51:06 +0200 Subject: [PATCH 017/240] LoutreOS: remove unused iscsi config --- systems/LoutreOS/services.nix | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 5042676..e94ba67 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -536,17 +536,6 @@ in ipmihddtemp.enable = true; - # systemd.packages = with pkgs; [ - # tgt - # ]; - - # environment.etc."tgt/targets.conf".text = '' - # - # backing-store /dev/zvol/loutrepool/steam-lun - # initiator-address 10.30.50.3 - # - # ''; - users.groups.nginx.members = [ "matrix-synapse" ]; security.pam.services.sshd.text = pkgs.lib.mkDefault( pkgs.lib.mkAfter "session optional ${pkgs.pam}/lib/security/pam_exec.so seteuid ${login_mail_alert}/bin/mail_alert.sh" ); From 744d3fc57e1cd2f2540c7d753c52803c599e0fec Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 5 Jul 2022 21:53:47 +0200 Subject: [PATCH 018/240] LoutreOS: temporarily disable max website --- systems/LoutreOS/web.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 7917507..6b8e924 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -216,7 +216,7 @@ in alias = "/var/www/site-musique/media/"; }; }; - "maxspiegel.fr" = base { "/" = { root = "/run/python-ci/nyanloutre/site-max"; }; }; + # "maxspiegel.fr" = base { "/" = { root = "/run/python-ci/nyanloutre/site-max"; }; }; "stream.nyanlout.re" = base { "/" = { proxyPass = "http://10.30.135.71"; From 4fab7e63f5eb9edfa02a10e1255334cb8e63aebf Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 7 Jul 2022 19:09:21 +0200 Subject: [PATCH 019/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e8d47977286a44955262adbc76f2c8a66e7419d5' (2022-07-04) → 'github:NixOS/nixpkgs/316b762afdb9e142a803f29c49a88b4a47db80ee' (2022-07-06) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/18b14a254dca6b68ca0ce2ce885ce2b550065799' (2022-07-03) → 'github:NixOS/nixpkgs/a5c867d9fe9e4380452628e8f171c26b69fa9d3d' (2022-07-06) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 7593ec2..21929e3 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1656947410, - "narHash": "sha256-htDR/PZvjUJGyrRJsVqDmXR8QeoswBaRLzHt13fd0iY=", + "lastModified": 1657123678, + "narHash": "sha256-cowVkScfUPlbBXUp08MeVk/wgm9E1zp1uC+9no2hZYw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e8d47977286a44955262adbc76f2c8a66e7419d5", + "rev": "316b762afdb9e142a803f29c49a88b4a47db80ee", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1656835607, - "narHash": "sha256-zONMAG6JSfGyW20AsVWGnlZwNWws6Q/7IT0oDNGc1xY=", + "lastModified": 1657114324, + "narHash": "sha256-fWuaUNXrHcz/ciHRHlcSO92dvV3EVS0GJQUSBO5JIB4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "18b14a254dca6b68ca0ce2ce885ce2b550065799", + "rev": "a5c867d9fe9e4380452628e8f171c26b69fa9d3d", "type": "github" }, "original": { From ab6d9dc8483e0e2bcd1cd38ba452443f178d9e81 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 20 Jul 2022 15:29:20 +0200 Subject: [PATCH 020/240] PC-fixe: enable HP printing --- systems/PC-Fixe/configuration.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 61304dd..4710a83 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -212,6 +212,9 @@ Option "metamodes" "DP-4: 3440x1440_144 +0+0 {AllowGSYNCCompatible=On}" ''; + services.printing.enable = true; + services.printing.drivers = [ pkgs.hplip ]; + systemd = let DP4Config = "--output DP-4 --mode 3440x1440 --rate 144"; HDMIConfig = "--output HDMI-0 --auto --left-of DP-4"; From 756e619a1d9b31f8ac093fd135ba608251a1c043 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 20 Jul 2022 15:34:53 +0200 Subject: [PATCH 021/240] add channel patch example --- flake.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/flake.nix b/flake.nix index 38aa468..c7c1cf6 100644 --- a/flake.nix +++ b/flake.nix @@ -26,6 +26,16 @@ supportedSystems = [ "x86_64-linux" ]; + # Patch example + + # channels.nixpkgs-unstable.patches = [ + # (nixpkgs-unstable.legacyPackages."x86_64-linux".fetchpatch { + # name = "electron-cash.patch"; + # url = "https://github.com/NixOS/nixpkgs/pull/160607.patch"; + # sha256 = "sha256-oQbiyhVWYIkEuZEKqaPuIL00PNPnuTAw64wuqZ8YeDs="; + # }) + # ]; + hostDefaults.modules = [ nixpkgs.nixosModules.notDetected { From 000d5924ff3d73ef1e786a1f867f04c43c831e60 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 20 Jul 2022 15:35:38 +0200 Subject: [PATCH 022/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/316b762afdb9e142a803f29c49a88b4a47db80ee' (2022-07-06) → 'github:NixOS/nixpkgs/e732e1fdbf79bec59f7ade4a3675b091b4a9f6d6' (2022-07-19) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/a5c867d9fe9e4380452628e8f171c26b69fa9d3d' (2022-07-06) → 'github:NixOS/nixpkgs/e4d49de45a3b5dbcb881656b4e3986e666141ea9' (2022-07-18) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 21929e3..c53a3b3 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1657123678, - "narHash": "sha256-cowVkScfUPlbBXUp08MeVk/wgm9E1zp1uC+9no2hZYw=", + "lastModified": 1658237535, + "narHash": "sha256-z3Ff9oSXEPSZMfXdM+r29oJxtyKUnlUOc18U9E6Q48g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "316b762afdb9e142a803f29c49a88b4a47db80ee", + "rev": "e732e1fdbf79bec59f7ade4a3675b091b4a9f6d6", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1657114324, - "narHash": "sha256-fWuaUNXrHcz/ciHRHlcSO92dvV3EVS0GJQUSBO5JIB4=", + "lastModified": 1658161305, + "narHash": "sha256-X/nhnMCa1Wx4YapsspyAs6QYz6T/85FofrI6NpdPDHg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a5c867d9fe9e4380452628e8f171c26b69fa9d3d", + "rev": "e4d49de45a3b5dbcb881656b4e3986e666141ea9", "type": "github" }, "original": { From d202456d6bfd8ae11186b6bdb128b37133d3345f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 26 Jul 2022 19:33:26 +0200 Subject: [PATCH 023/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e732e1fdbf79bec59f7ade4a3675b091b4a9f6d6' (2022-07-19) → 'github:NixOS/nixpkgs/f0fa012b649a47e408291e96a15672a4fe925d65' (2022-07-25) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/e4d49de45a3b5dbcb881656b4e3986e666141ea9' (2022-07-18) → 'github:NixOS/nixpkgs/5a0e0d73b944157328d54c4ded1cf2f0146a86a5' (2022-07-25) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index c53a3b3..53c05d4 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1658237535, - "narHash": "sha256-z3Ff9oSXEPSZMfXdM+r29oJxtyKUnlUOc18U9E6Q48g=", + "lastModified": 1658777571, + "narHash": "sha256-gJMDUeaRhi47NxtrfFMIejlV5N3Ra2669w16Ndz2Jo0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e732e1fdbf79bec59f7ade4a3675b091b4a9f6d6", + "rev": "f0fa012b649a47e408291e96a15672a4fe925d65", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1658161305, - "narHash": "sha256-X/nhnMCa1Wx4YapsspyAs6QYz6T/85FofrI6NpdPDHg=", + "lastModified": 1658737577, + "narHash": "sha256-xosJ5nJT9HX+b6UWsSX6R+ap4AdZOCrl/r+IKFp2ASQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e4d49de45a3b5dbcb881656b4e3986e666141ea9", + "rev": "5a0e0d73b944157328d54c4ded1cf2f0146a86a5", "type": "github" }, "original": { From 9addf815c9c77f55f91191204514e140b7d84f0d Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 26 Jul 2022 21:27:14 +0200 Subject: [PATCH 024/240] remove unused wireguard --- systems/LoutreOS/services.nix | 22 ---------------------- systems/common-cli.nix | 1 - 2 files changed, 23 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index e94ba67..376fb3a 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -541,24 +541,6 @@ in security.pam.services.sshd.text = pkgs.lib.mkDefault( pkgs.lib.mkAfter "session optional ${pkgs.pam}/lib/security/pam_exec.so seteuid ${login_mail_alert}/bin/mail_alert.sh" ); networking = { - wireguard.interfaces = { - wg0 = { - ips = [ "192.168.20.1/24" ]; - privateKeyFile = "/mnt/secrets/wireguard/wg0.privatekey"; - listenPort = 51820; - allowedIPsAsRoutes = true; - peers = [ - { - allowedIPs = [ "192.168.20.2/32" ]; - publicKey = "b/SXiqo+GPdNOc54lyEVeUBc6B5AbVMKh+g5EZPGzlE="; - } - ]; - }; - }; - - nat.internalInterfaces = [ "wg0" ]; - nat.internalIPs = [ "192.168.20.0/24" ]; - firewall.interfaces.eno2.allowedTCPPorts = [ 3260 ]; @@ -571,9 +553,5 @@ in firewall.allowedTCPPortRanges = [ { from = 64000; to = 65535; } # FTP ]; - - firewall.allowedUDPPorts = [ - config.networking.wireguard.interfaces.wg0.listenPort - ]; }; } diff --git a/systems/common-cli.nix b/systems/common-cli.nix index 6d72c56..b0cdf52 100644 --- a/systems/common-cli.nix +++ b/systems/common-cli.nix @@ -49,7 +49,6 @@ inetutils rclone lftp - wireguard-tools nfs-utils nmap From b9981c707569610652dd8924c5f751cc051d6514 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 26 Jul 2022 21:27:31 +0200 Subject: [PATCH 025/240] fix transmission default downloaddir --- systems/LoutreOS/medias.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index 60193b4..07f3f1b 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -13,6 +13,7 @@ rpc-whitelist-enabled = false; peer-port = 51413; incomplete-dir = "/mnt/medias/incomplete"; + download-dir = "/mnt/medias/torrent"; }; }; From 0d3a998a66564985e4b043b5f5bc733fa2e240bc Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 3 Aug 2022 00:50:37 +0200 Subject: [PATCH 026/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/f0fa012b649a47e408291e96a15672a4fe925d65' (2022-07-25) → 'github:NixOS/nixpkgs/e43cf1748462c81202a32b26294e9f8eefcc3462' (2022-08-01) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/5a0e0d73b944157328d54c4ded1cf2f0146a86a5' (2022-07-25) → 'github:NixOS/nixpkgs/5857574d45925585baffde730369414319228a84' (2022-07-31) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 53c05d4..fe73bba 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1658777571, - "narHash": "sha256-gJMDUeaRhi47NxtrfFMIejlV5N3Ra2669w16Ndz2Jo0=", + "lastModified": 1659342832, + "narHash": "sha256-ePnxG4hacRd6oZMk+YeCSYMNUnHCe+qPLI0/+VaTu48=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f0fa012b649a47e408291e96a15672a4fe925d65", + "rev": "e43cf1748462c81202a32b26294e9f8eefcc3462", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1658737577, - "narHash": "sha256-xosJ5nJT9HX+b6UWsSX6R+ap4AdZOCrl/r+IKFp2ASQ=", + "lastModified": 1659305579, + "narHash": "sha256-SFeQTmh7hc9Y2fSkooHaoS8mDfPa04sfmUCtQ8MA6Pg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5a0e0d73b944157328d54c4ded1cf2f0146a86a5", + "rev": "5857574d45925585baffde730369414319228a84", "type": "github" }, "original": { From e074720847f09a66a8689e840b92f723746d85ce Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 22 Aug 2022 23:22:00 +0200 Subject: [PATCH 027/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e43cf1748462c81202a32b26294e9f8eefcc3462' (2022-08-01) → 'github:NixOS/nixpkgs/23534df34c1c499a6c82ce690df06d8c6e4e759d' (2022-08-21) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/5857574d45925585baffde730369414319228a84' (2022-07-31) → 'github:NixOS/nixpkgs/a7855f2235a1876f97473a76151fec2afa02b287' (2022-08-21) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index fe73bba..3b58bb3 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1659342832, - "narHash": "sha256-ePnxG4hacRd6oZMk+YeCSYMNUnHCe+qPLI0/+VaTu48=", + "lastModified": 1661094678, + "narHash": "sha256-RtaVb6SqfrgCi20gdju1ogS3u1ocyLnhsgolazrCwL0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e43cf1748462c81202a32b26294e9f8eefcc3462", + "rev": "23534df34c1c499a6c82ce690df06d8c6e4e759d", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1659305579, - "narHash": "sha256-SFeQTmh7hc9Y2fSkooHaoS8mDfPa04sfmUCtQ8MA6Pg=", + "lastModified": 1661088761, + "narHash": "sha256-5DGKX81wIPAAiLwUmUYECpA3vop94AHHR7WmGXSsQok=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5857574d45925585baffde730369414319228a84", + "rev": "a7855f2235a1876f97473a76151fec2afa02b287", "type": "github" }, "original": { From 8ba5ff23083294325681d6e48447315883bd2c05 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 23 Aug 2022 19:09:46 +0200 Subject: [PATCH 028/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/23534df34c1c499a6c82ce690df06d8c6e4e759d' (2022-08-21) → 'github:NixOS/nixpkgs/52527082ea267fe486f0648582d57c85486b2031' (2022-08-22) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/a7855f2235a1876f97473a76151fec2afa02b287' (2022-08-21) → 'github:NixOS/nixpkgs/5e804cd8a27f835a402b22e086e36e797716ef8b' (2022-08-23) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 3b58bb3..c63073c 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1661094678, - "narHash": "sha256-RtaVb6SqfrgCi20gdju1ogS3u1ocyLnhsgolazrCwL0=", + "lastModified": 1661187878, + "narHash": "sha256-/wCqoQB1BsaVi4nb8Iz0PreeBNMTim0p78NLtyWejFE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "23534df34c1c499a6c82ce690df06d8c6e4e759d", + "rev": "52527082ea267fe486f0648582d57c85486b2031", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1661088761, - "narHash": "sha256-5DGKX81wIPAAiLwUmUYECpA3vop94AHHR7WmGXSsQok=", + "lastModified": 1661239211, + "narHash": "sha256-pNJzBlSNpWEiFJZnLF2oETYq8cGWx1DJPW33aMtG6n8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a7855f2235a1876f97473a76151fec2afa02b287", + "rev": "5e804cd8a27f835a402b22e086e36e797716ef8b", "type": "github" }, "original": { From 5af49514f122eacdc2de06586473d00dbefdec36 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 23 Sep 2022 13:38:36 +0200 Subject: [PATCH 029/240] add wordpress website --- systems/LoutreOS/web.nix | 72 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 6b8e924..1cacd80 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -61,6 +61,10 @@ in isSystemUser = true; group = config.users.groups.webdav.name; }; + wordpress = { + isSystemUser = true; + group = config.services.nginx.group; + }; }; services = { @@ -78,6 +82,22 @@ in # "pm.max_requests" = 500; # }; # }; + + "wordpress-designyourfuture" = { + user = config.users.users.wordpress.name; + group = config.services.nginx.group; + settings = { + "listen.owner" = config.services.nginx.user; + "pm" = "dynamic"; + "pm.max_children" = 32; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 2; + "pm.max_spare_servers" = 4; + "pm.max_requests" = 500; + }; + }; + + drive = { user = config.users.users.webdav.name; settings = { @@ -295,6 +315,53 @@ in ''; } ]; + "designyourfuture.amandoline-creations.fr" = base { + "/" = { + priority = 200; + extraConfig = '' + try_files $uri $uri/ /index.php$is_args$args; + ''; + }; + "~ \\.php$" = { + priority = 500; + extraConfig = '' + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:${config.services.phpfpm.pools."wordpress-designyourfuture".socket}; + fastcgi_index index.php; + include "${config.services.nginx.package}/conf/fastcgi.conf"; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; + # Mitigate https://httpoxy.org/ vulnerabilities + fastcgi_param HTTP_PROXY ""; + fastcgi_intercept_errors off; + fastcgi_buffer_size 16k; + fastcgi_buffers 4 16k; + fastcgi_connect_timeout 300; + fastcgi_send_timeout 300; + fastcgi_read_timeout 300; + ''; + }; + "~ /\\." = { + priority = 800; + extraConfig = "deny all;"; + }; + "~* /(?:uploads|files)/.*\\.php$" = { + priority = 900; + extraConfig = "deny all;"; + }; + "~* \\.(js|css|png|jpg|jpeg|gif|ico)$" = { + priority = 1000; + extraConfig = '' + expires max; + log_not_found off; + ''; + }; + } // { + root = "/var/www/wordpress-designyourfuture"; + extraConfig = '' + index index.php; + ''; + }; }; }; @@ -324,6 +391,11 @@ in }; python-ci.enable = true; + + mysql = { + enable = true; + package = pkgs.mariadb; + }; }; systemd.services.nginx.serviceConfig = { From 28fa70ef0faf6109e091e1514bce91fc48547df3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 10 Oct 2022 21:55:24 +0200 Subject: [PATCH 030/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/52527082ea267fe486f0648582d57c85486b2031' (2022-08-22) → 'github:NixOS/nixpkgs/9ecc270f02b09b2f6a76b98488554dd842797357' (2022-10-07) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/5e804cd8a27f835a402b22e086e36e797716ef8b' (2022-08-23) → 'github:NixOS/nixpkgs/c5924154f000e6306030300592f4282949b2db6c' (2022-10-08) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index c63073c..dab8d99 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1661187878, - "narHash": "sha256-/wCqoQB1BsaVi4nb8Iz0PreeBNMTim0p78NLtyWejFE=", + "lastModified": 1665132027, + "narHash": "sha256-zoHPqSQSENt96zTk6Mt1AP+dMNqQDshXKQ4I6MfjP80=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "52527082ea267fe486f0648582d57c85486b2031", + "rev": "9ecc270f02b09b2f6a76b98488554dd842797357", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1661239211, - "narHash": "sha256-pNJzBlSNpWEiFJZnLF2oETYq8cGWx1DJPW33aMtG6n8=", + "lastModified": 1665259268, + "narHash": "sha256-ONFhHBLv5nZKhwV/F2GOH16197PbvpyWhoO0AOyktkU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5e804cd8a27f835a402b22e086e36e797716ef8b", + "rev": "c5924154f000e6306030300592f4282949b2db6c", "type": "github" }, "original": { From 41f1843e598b988e5a2c9e2f675c141b6ce2f83e Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 10 Oct 2022 22:25:14 +0200 Subject: [PATCH 031/240] fix changed options --- systems/PC-Fixe/configuration.nix | 2 +- systems/PC-Fixe/hardware-configuration.nix | 2 +- systems/common-gui.nix | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 4710a83..eaacc77 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -12,7 +12,7 @@ ../common-gui.nix ]; - nix.trustedUsers = [ "root" "paul" ]; + nix.settings.trusted-users = [ "root" "paul" ]; boot.loader.efi.canTouchEfiVariables = true; boot.loader.grub = { diff --git a/systems/PC-Fixe/hardware-configuration.nix b/systems/PC-Fixe/hardware-configuration.nix index 5d50505..1547b63 100644 --- a/systems/PC-Fixe/hardware-configuration.nix +++ b/systems/PC-Fixe/hardware-configuration.nix @@ -50,6 +50,6 @@ swapDevices = [ ]; - nix.maxJobs = lib.mkDefault 12; + nix.settings.max-jobs = lib.mkDefault 12; powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; } diff --git a/systems/common-gui.nix b/systems/common-gui.nix index dd00f94..216a765 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -39,7 +39,7 @@ ark kate kmail - kdeconnect + plasma5Packages.kdeconnect-kde okular yakuake konversation From ef246753b871c39d0a35ad5308e0bc4b0ee74d77 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 10 Oct 2022 23:05:21 +0200 Subject: [PATCH 032/240] increase influxdb startup timeout --- systems/LoutreOS/monitoring.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systems/LoutreOS/monitoring.nix b/systems/LoutreOS/monitoring.nix index a2120f0..9910068 100644 --- a/systems/LoutreOS/monitoring.nix +++ b/systems/LoutreOS/monitoring.nix @@ -108,6 +108,10 @@ in }; }; + systemd.services.influxdb.serviceConfig = { + TimeoutStartSec = "10min"; + }; + security.sudo.extraRules = [ { commands = [ { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } ]; users = [ "telegraf" ]; } ]; From 4572c8c81b9b0d7c8df2af2286258b6b1cfde65f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 14 Oct 2022 14:12:40 +0200 Subject: [PATCH 033/240] fix home assistant --- systems/LoutreOS/services.nix | 651 +++++++++++++++++----------------- 1 file changed, 328 insertions(+), 323 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 376fb3a..bab9d54 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -174,31 +174,35 @@ in home-assistant = { enable = true; + extraComponents = [ + # Components required to complete the onboarding + "met" + "radio_browser" + ]; config = { + default_config = {}; homeassistant = { - elevation = 143; + latitude = 48.60038; + longitude = 7.74063; + elevation = 146; }; - influxdb = null; - config = null; - dhcp = null; - frontend = null; - history = null; + meteo_france = null; + #influxdb = null; + #config = null; + #dhcp = null; + #frontend = null; + #history = null; http = { use_x_forwarded_for = true; trusted_proxies = [ "127.0.0.1" ]; }; - logbook = null; - map = null; - mobile_app = null; - person = null; - script = null; - sun = null; - system_health = null; - yeelight.devices = { - "10.40.249.0".name = "Chambre"; - "10.40.249.1".name = "Bureau"; - "10.40.249.2".name = "Cuisine"; - }; + #logbook = null; + #map = null; + #mobile_app = null; + #person = null; + #script = null; + #sun = null; + #system_health = null; zha = null; esphome = null; light = [ @@ -206,8 +210,9 @@ in platform = "group"; name = "Salon"; entities = [ - "light.bureau" - "light.cuisine" + "light.ikea_of_sweden_tradfri_bulb_e27_cws_806lm_e69e6dfe_level_light_color_on_off" + "light.ikea_of_sweden_tradfri_bulb_e27_cws_806lm_43c25efe_level_light_color_on_off" + "light.ikea_of_sweden_tradfri_bulb_e27_cws_806lm_3d0f76fe_level_light_color_on_off" ]; } ]; @@ -217,317 +222,317 @@ in host = "10.30.0.1"; } ]; - tplink.switch = [ - { host = "10.30.50.7"; } - ]; - sensor = [ - { - platform = "template"; - sensors = { - serveur_amps = { - friendly_name_template = "{{ states.switch.serveur.name}} Current"; - value_template = ''{{ states.switch.serveur.attributes["current_a"] | float }}''; - unit_of_measurement = "A"; - }; - serveur_watts = { - friendly_name_template = "{{ states.switch.serveur.name}} Current Consumption"; - value_template = ''{{ states.switch.serveur.attributes["current_power_w"] | float }}''; - unit_of_measurement = "W"; - }; - serveur_total_kwh = { - friendly_name_template = "{{ states.switch.serveur.name}} Total Consumption"; - value_template = ''{{ states.switch.serveur.attributes["total_energy_kwh"] | float }}''; - unit_of_measurement = "kWh"; - }; - serveur_volts = { - friendly_name_template = "{{ states.switch.serveur.name}} Voltage"; - value_template = ''{{ states.switch.serveur.attributes["voltage"] | float }}''; - unit_of_measurement = "V"; - }; - serveur_today_kwh = { - friendly_name_template = "{{ states.switch.serveur.name}} Today's Consumption"; - value_template = ''{{ states.switch.serveur.attributes["today_energy_kwh"] | float }}''; - unit_of_measurement = "kWh"; - }; - }; - } - ]; - switch = [ - { - platform = "wake_on_lan"; - name = "PC Fixe"; - mac = "b4:2e:99:ed:24:26"; - host = "10.30.135.71"; - broadcast_address = "10.30.255.255"; - } - ]; - device_tracker = [ - { - platform = "ping"; - hosts = { telephone_paul = "10.30.50.2"; }; - } - ]; - scene = [ - { - name = "Movie"; - icon = "mdi:movie-open"; - entities = { - "light.salon" = { - state = "on"; - xy_color = [0.299 0.115]; - brightness = 50; - }; - "light.bande_led_tv" = { - state = "on"; - effect = "Movie"; - brightness = 180; - }; - "light.bande_led_bureau" = { - state = "on"; - xy_color = [0.299 0.115]; - brightness = 130; - }; - }; - } - { - name = "Home"; - icon = "mdi:home"; - entities = { - "light.salon" = { - state = "on"; - kelvin = 2700; - brightness = 255; - }; - }; - } - { - name = "Night"; - icon = "mdi:weather-night"; - entities = { - "light.salon" = { - state = "off"; - }; - "light.bande_led_tv" = { - state = "off"; - }; - "light.bande_led_bureau" = { - state = "off"; - }; - "light.chambre" = { - state = "on"; - kelvin = 1900; - brightness = 50; - }; - }; - } - ]; - automation = let - min_sun_elevation = 4; + #tplink.switch = [ + # { host = "10.30.50.7"; } + #]; + #sensor = [ + # { + # platform = "template"; + # sensors = { + # serveur_amps = { + # friendly_name_template = "{{ states.switch.serveur.name}} Current"; + # value_template = ''{{ states.switch.serveur.attributes["current_a"] | float }}''; + # unit_of_measurement = "A"; + # }; + # serveur_watts = { + # friendly_name_template = "{{ states.switch.serveur.name}} Current Consumption"; + # value_template = ''{{ states.switch.serveur.attributes["current_power_w"] | float }}''; + # unit_of_measurement = "W"; + # }; + # serveur_total_kwh = { + # friendly_name_template = "{{ states.switch.serveur.name}} Total Consumption"; + # value_template = ''{{ states.switch.serveur.attributes["total_energy_kwh"] | float }}''; + # unit_of_measurement = "kWh"; + # }; + # serveur_volts = { + # friendly_name_template = "{{ states.switch.serveur.name}} Voltage"; + # value_template = ''{{ states.switch.serveur.attributes["voltage"] | float }}''; + # unit_of_measurement = "V"; + # }; + # serveur_today_kwh = { + # friendly_name_template = "{{ states.switch.serveur.name}} Today's Consumption"; + # value_template = ''{{ states.switch.serveur.attributes["today_energy_kwh"] | float }}''; + # unit_of_measurement = "kWh"; + # }; + # }; + # } + #]; + #switch = [ + # { + # platform = "wake_on_lan"; + # name = "PC Fixe"; + # mac = "b4:2e:99:ed:24:26"; + # host = "10.30.135.71"; + # broadcast_address = "10.30.255.255"; + # } + #]; + #device_tracker = [ + # { + # platform = "ping"; + # hosts = { telephone_paul = "10.30.50.2"; }; + # } + #]; + #scene = [ + # { + # name = "Movie"; + # icon = "mdi:movie-open"; + # entities = { + # "light.salon" = { + # state = "on"; + # xy_color = [0.299 0.115]; + # brightness = 50; + # }; + # "light.bande_led_tv" = { + # state = "on"; + # effect = "Movie"; + # brightness = 180; + # }; + # "light.bande_led_bureau" = { + # state = "on"; + # xy_color = [0.299 0.115]; + # brightness = 130; + # }; + # }; + # } + # { + # name = "Home"; + # icon = "mdi:home"; + # entities = { + # "light.salon" = { + # state = "on"; + # kelvin = 2700; + # brightness = 255; + # }; + # }; + # } + # { + # name = "Night"; + # icon = "mdi:weather-night"; + # entities = { + # "light.salon" = { + # state = "off"; + # }; + # "light.bande_led_tv" = { + # state = "off"; + # }; + # "light.bande_led_bureau" = { + # state = "off"; + # }; + # "light.chambre" = { + # state = "on"; + # kelvin = 1900; + # brightness = 50; + # }; + # }; + # } + #]; + #automation = let + # min_sun_elevation = 4; - switch_chambre = { - domain = "zha"; - platform = "device"; - device_id = "3329ecdcad244e5e8fc0f4b96d52ffe1"; - }; + # switch_chambre = { + # domain = "zha"; + # platform = "device"; + # device_id = "3329ecdcad244e5e8fc0f4b96d52ffe1"; + # }; - switch_entree = { - domain = "zha"; - platform = "device"; - device_id = "7cd814190ec543dba76a7aa7e7996c41"; - }; + # switch_entree = { + # domain = "zha"; + # platform = "device"; + # device_id = "7cd814190ec543dba76a7aa7e7996c41"; + # }; - remote = { - domain = "zha"; - platform = "device"; - device_id = "d1230b76264e483388a8fdaad4f44143"; - }; - in [ - # ENTREE + # remote = { + # domain = "zha"; + # platform = "device"; + # device_id = "d1230b76264e483388a8fdaad4f44143"; + # }; + #in [ + # # ENTREE - { - alias = "Aziz lumière"; - trigger = [ - { - platform = "numeric_state"; - entity_id = "sun.sun"; - value_template = "{{ state.attributes.elevation }}"; - below = min_sun_elevation; - } - ]; - condition = [ - { - condition = "state"; - entity_id = "person.paul"; - state = "home"; - } - # Sun below max elevation - { - condition = "template"; - value_template = "{{ state_attr('sun.sun', 'elevation') < ${toString min_sun_elevation} }}"; - } - ]; - action = { - scene = "scene.home"; - }; - } - { - alias = "Aziz lumière switch"; - trigger = { - type = "remote_button_short_press"; - subtype = "turn_on"; - } // switch_entree; - action = { - scene = "scene.home"; - }; - } - { - alias = "Adios"; - trigger = [ - { - platform = "state"; - entity_id = "person.paul"; - to = "not_home"; - } - ({ - type = "remote_button_short_press"; - subtype = "turn_off"; - } // switch_entree) - ]; - action = [ - { - service = "light.turn_off"; - entity_id = "all"; - } - { - service = "media_player.turn_off"; - entity_id = "all"; - } - ]; - } + # { + # alias = "Aziz lumière"; + # trigger = [ + # { + # platform = "numeric_state"; + # entity_id = "sun.sun"; + # value_template = "{{ state.attributes.elevation }}"; + # below = min_sun_elevation; + # } + # ]; + # condition = [ + # { + # condition = "state"; + # entity_id = "person.paul"; + # state = "home"; + # } + # # Sun below max elevation + # { + # condition = "template"; + # value_template = "{{ state_attr('sun.sun', 'elevation') < ${toString min_sun_elevation} }}"; + # } + # ]; + # action = { + # scene = "scene.home"; + # }; + # } + # { + # alias = "Aziz lumière switch"; + # trigger = { + # type = "remote_button_short_press"; + # subtype = "turn_on"; + # } // switch_entree; + # action = { + # scene = "scene.home"; + # }; + # } + # { + # alias = "Adios"; + # trigger = [ + # { + # platform = "state"; + # entity_id = "person.paul"; + # to = "not_home"; + # } + # ({ + # type = "remote_button_short_press"; + # subtype = "turn_off"; + # } // switch_entree) + # ]; + # action = [ + # { + # service = "light.turn_off"; + # entity_id = "all"; + # } + # { + # service = "media_player.turn_off"; + # entity_id = "all"; + # } + # ]; + # } - # REMOTE + # # REMOTE - { - alias = "Button toggle"; - trigger = { - type = "remote_button_short_press"; - subtype = "turn_on"; - } // remote; - action = { - choose = { - conditions = { - condition = "template"; - value_template = '' - {% set domain = 'light' %} - {% set state = 'off' %} - {{ states[domain] | count == states[domain] | selectattr('state','eq',state) | list | count }} - ''; - }; - sequence = { - scene = "scene.home"; - }; - }; - default = { - service = "light.turn_off"; - entity_id = "all"; - }; - }; - } - { - alias = "Button scene movie"; - trigger = { - type = "remote_button_short_press"; - subtype = "right"; - } // remote; - action = { - scene = "scene.movie"; - }; - } - { - alias = "Button scene home"; - trigger = { - type = "remote_button_short_press"; - subtype = "left"; - } // remote; - action = { - scene = "scene.home"; - }; - } - { - alias = "Button light up"; - trigger = { - type = "remote_button_short_press"; - subtype = "dim_up"; - } // remote; - action = { - service = "light.turn_on"; - entity_id = "light.salon"; - data = { - brightness_step = 25; - }; - }; - } - { - alias = "Button light down"; - trigger = { - type = "remote_button_short_press"; - subtype = "dim_down"; - } // remote; - action = { - service = "light.turn_on"; - entity_id = "light.salon"; - data = { - brightness_step = -25; - }; - }; - } + # { + # alias = "Button toggle"; + # trigger = { + # type = "remote_button_short_press"; + # subtype = "turn_on"; + # } // remote; + # action = { + # choose = { + # conditions = { + # condition = "template"; + # value_template = '' + # {% set domain = 'light' %} + # {% set state = 'off' %} + # {{ states[domain] | count == states[domain] | selectattr('state','eq',state) | list | count }} + # ''; + # }; + # sequence = { + # scene = "scene.home"; + # }; + # }; + # default = { + # service = "light.turn_off"; + # entity_id = "all"; + # }; + # }; + # } + # { + # alias = "Button scene movie"; + # trigger = { + # type = "remote_button_short_press"; + # subtype = "right"; + # } // remote; + # action = { + # scene = "scene.movie"; + # }; + # } + # { + # alias = "Button scene home"; + # trigger = { + # type = "remote_button_short_press"; + # subtype = "left"; + # } // remote; + # action = { + # scene = "scene.home"; + # }; + # } + # { + # alias = "Button light up"; + # trigger = { + # type = "remote_button_short_press"; + # subtype = "dim_up"; + # } // remote; + # action = { + # service = "light.turn_on"; + # entity_id = "light.salon"; + # data = { + # brightness_step = 25; + # }; + # }; + # } + # { + # alias = "Button light down"; + # trigger = { + # type = "remote_button_short_press"; + # subtype = "dim_down"; + # } // remote; + # action = { + # service = "light.turn_on"; + # entity_id = "light.salon"; + # data = { + # brightness_step = -25; + # }; + # }; + # } - # CHAMBRE + # # CHAMBRE - { - alias = "Button scene night"; - trigger = { - type = "remote_button_short_press"; - subtype = "turn_on"; - } // switch_chambre; - action = { - scene = "scene.night"; - }; - } - { - alias = "Button scene dodo"; - trigger = { - type = "remote_button_short_press"; - subtype = "turn_off"; - } // switch_chambre; - action = { - service = "light.turn_off"; - entity_id = "all"; - }; - } - { - alias = "Button scene lumière chambre ON"; - trigger = { - type = "remote_button_long_press"; - subtype = "dim_up"; - } // switch_chambre; - action = { - service = "light.turn_on"; - entity_id = "light.chambre"; - }; - } - { - alias = "Button scene lumière chambre OFF"; - trigger = { - type = "remote_button_long_press"; - subtype = "dim_down"; - } // switch_chambre; - action = { - service = "light.turn_off"; - entity_id = "light.chambre"; - }; - } - ]; + # { + # alias = "Button scene night"; + # trigger = { + # type = "remote_button_short_press"; + # subtype = "turn_on"; + # } // switch_chambre; + # action = { + # scene = "scene.night"; + # }; + # } + # { + # alias = "Button scene dodo"; + # trigger = { + # type = "remote_button_short_press"; + # subtype = "turn_off"; + # } // switch_chambre; + # action = { + # service = "light.turn_off"; + # entity_id = "all"; + # }; + # } + # { + # alias = "Button scene lumière chambre ON"; + # trigger = { + # type = "remote_button_long_press"; + # subtype = "dim_up"; + # } // switch_chambre; + # action = { + # service = "light.turn_on"; + # entity_id = "light.chambre"; + # }; + # } + # { + # alias = "Button scene lumière chambre OFF"; + # trigger = { + # type = "remote_button_long_press"; + # subtype = "dim_down"; + # } // switch_chambre; + # action = { + # service = "light.turn_off"; + # entity_id = "light.chambre"; + # }; + # } + #]; }; }; }; From dbaa468f36801a91b6912814d0a0d34ecd46a941 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 14 Oct 2022 14:13:12 +0200 Subject: [PATCH 034/240] amandoleene-designyourfuture: wordpress to static website --- systems/LoutreOS/web.nix | 135 ++++++++++++++++++++------------------- 1 file changed, 68 insertions(+), 67 deletions(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 1cacd80..9731dae 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -61,10 +61,10 @@ in isSystemUser = true; group = config.users.groups.webdav.name; }; - wordpress = { - isSystemUser = true; - group = config.services.nginx.group; - }; + # wordpress = { + # isSystemUser = true; + # group = config.services.nginx.group; + # }; }; services = { @@ -83,19 +83,19 @@ in # }; # }; - "wordpress-designyourfuture" = { - user = config.users.users.wordpress.name; - group = config.services.nginx.group; - settings = { - "listen.owner" = config.services.nginx.user; - "pm" = "dynamic"; - "pm.max_children" = 32; - "pm.start_servers" = 2; - "pm.min_spare_servers" = 2; - "pm.max_spare_servers" = 4; - "pm.max_requests" = 500; - }; - }; + # "wordpress-designyourfuture" = { + # user = config.users.users.wordpress.name; + # group = config.services.nginx.group; + # settings = { + # "listen.owner" = config.services.nginx.user; + # "pm" = "dynamic"; + # "pm.max_children" = 32; + # "pm.start_servers" = 2; + # "pm.min_spare_servers" = 2; + # "pm.max_spare_servers" = 4; + # "pm.max_requests" = 500; + # }; + # }; drive = { @@ -316,52 +316,53 @@ in } ]; "designyourfuture.amandoline-creations.fr" = base { - "/" = { - priority = 200; - extraConfig = '' - try_files $uri $uri/ /index.php$is_args$args; - ''; - }; - "~ \\.php$" = { - priority = 500; - extraConfig = '' - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass unix:${config.services.phpfpm.pools."wordpress-designyourfuture".socket}; - fastcgi_index index.php; - include "${config.services.nginx.package}/conf/fastcgi.conf"; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; - # Mitigate https://httpoxy.org/ vulnerabilities - fastcgi_param HTTP_PROXY ""; - fastcgi_intercept_errors off; - fastcgi_buffer_size 16k; - fastcgi_buffers 4 16k; - fastcgi_connect_timeout 300; - fastcgi_send_timeout 300; - fastcgi_read_timeout 300; - ''; - }; - "~ /\\." = { - priority = 800; - extraConfig = "deny all;"; - }; - "~* /(?:uploads|files)/.*\\.php$" = { - priority = 900; - extraConfig = "deny all;"; - }; - "~* \\.(js|css|png|jpg|jpeg|gif|ico)$" = { - priority = 1000; - extraConfig = '' - expires max; - log_not_found off; - ''; - }; - } // { - root = "/var/www/wordpress-designyourfuture"; - extraConfig = '' - index index.php; - ''; - }; + "/".alias = "/var/www/amandoleene-designyourfuture/"; + # "/" = { + # priority = 200; + # extraConfig = '' + # try_files $uri $uri/ /index.php$is_args$args; + # ''; + # }; + # "~ \\.php$" = { + # priority = 500; + # extraConfig = '' + # fastcgi_split_path_info ^(.+\.php)(/.+)$; + # fastcgi_pass unix:${config.services.phpfpm.pools."wordpress-designyourfuture".socket}; + # fastcgi_index index.php; + # include "${config.services.nginx.package}/conf/fastcgi.conf"; + # fastcgi_param PATH_INFO $fastcgi_path_info; + # fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; + # # Mitigate https://httpoxy.org/ vulnerabilities + # fastcgi_param HTTP_PROXY ""; + # fastcgi_intercept_errors off; + # fastcgi_buffer_size 16k; + # fastcgi_buffers 4 16k; + # fastcgi_connect_timeout 300; + # fastcgi_send_timeout 300; + # fastcgi_read_timeout 300; + # ''; + # }; + # "~ /\\." = { + # priority = 800; + # extraConfig = "deny all;"; + # }; + # "~* /(?:uploads|files)/.*\\.php$" = { + # priority = 900; + # extraConfig = "deny all;"; + # }; + # "~* \\.(js|css|png|jpg|jpeg|gif|ico)$" = { + # priority = 1000; + # extraConfig = '' + # expires max; + # log_not_found off; + # ''; + # }; + } // { + # root = "/var/www/wordpress-designyourfuture"; + # extraConfig = '' + # index index.php; + # ''; + }; }; }; @@ -392,10 +393,10 @@ in python-ci.enable = true; - mysql = { - enable = true; - package = pkgs.mariadb; - }; + # mysql = { + # enable = true; + # package = pkgs.mariadb; + # }; }; systemd.services.nginx.serviceConfig = { From 721e1be1f75c6fc71af31c8fedd82d4dda011bd4 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 14 Oct 2022 14:14:10 +0200 Subject: [PATCH 035/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/9ecc270f02b09b2f6a76b98488554dd842797357' (2022-10-07) → 'github:NixOS/nixpkgs/e06bd4b64bbfda91d74f13cb5eca89485d47528f' (2022-10-12) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/c5924154f000e6306030300592f4282949b2db6c' (2022-10-08) → 'github:NixOS/nixpkgs/ba187fbdc5e35322c7dff556ef2c47bddfd6e8d7' (2022-10-13) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index dab8d99..2e96fb6 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1665132027, - "narHash": "sha256-zoHPqSQSENt96zTk6Mt1AP+dMNqQDshXKQ4I6MfjP80=", + "lastModified": 1665613119, + "narHash": "sha256-VTutbv5YKeBGWou6ladtgfx11h6et+Wlkdyh4jPJ3p0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9ecc270f02b09b2f6a76b98488554dd842797357", + "rev": "e06bd4b64bbfda91d74f13cb5eca89485d47528f", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1665259268, - "narHash": "sha256-ONFhHBLv5nZKhwV/F2GOH16197PbvpyWhoO0AOyktkU=", + "lastModified": 1665643254, + "narHash": "sha256-IBVWNJxGCsshwh62eRfR6+ry3bSXmulB3VQRzLQo3hk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c5924154f000e6306030300592f4282949b2db6c", + "rev": "ba187fbdc5e35322c7dff556ef2c47bddfd6e8d7", "type": "github" }, "original": { From aba13fd530145213184ddfd50795b2a8615e15e1 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 14 Oct 2022 14:54:22 +0200 Subject: [PATCH 036/240] essai de configuration de l'IPV6 Bouygues --- systems/LoutreOS/configuration.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 28e111c..9cf6d06 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -117,7 +117,15 @@ systemd.network.networks = { "40-bouygues" = { dhcpV4Config.RouteMetric = 1; - networkConfig.KeepConfiguration = "dhcp-on-stop"; + dhcpV6Config = { + DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68"; + WithoutRA = "solicit"; + }; + ipv6AcceptRAConfig.DHCPv6Client = "yes"; + networkConfig = { + KeepConfiguration = "dhcp-on-stop"; + IPv6AcceptRA = "yes"; + }; }; "40-enp0s21u2".dhcpV4Config.RouteMetric = 1024; }; From 9157a591356ef797dacc67de1ab21e634d5ef0af Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 14 Oct 2022 14:54:48 +0200 Subject: [PATCH 037/240] jackett version unstable --- systems/LoutreOS/medias.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index 07f3f1b..96b06ee 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -19,7 +19,10 @@ radarr.enable = true; sonarr.enable = true; - jackett.enable = true; + jackett = { + enable = true; + package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.jackett; + }; jellyfin = { enable = true; From 2848cd75472af25c69062ae91e634fdeea4eb2df Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 19 Nov 2022 14:53:49 +0100 Subject: [PATCH 038/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e06bd4b64bbfda91d74f13cb5eca89485d47528f' (2022-10-12) → 'github:NixOS/nixpkgs/f42a45c015f28ac3beeb0df360e50cdbf495d44b' (2022-11-18) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/ba187fbdc5e35322c7dff556ef2c47bddfd6e8d7' (2022-10-13) → 'github:NixOS/nixpkgs/52b2ac8ae18bbad4374ff0dd5aeee0fdf1aea739' (2022-11-18) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 2e96fb6..d29b83a 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1665613119, - "narHash": "sha256-VTutbv5YKeBGWou6ladtgfx11h6et+Wlkdyh4jPJ3p0=", + "lastModified": 1668766498, + "narHash": "sha256-UjZlIrbHGlL3H3HZNPTxPSwJfr49jIfbPWCYxk0EQm4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e06bd4b64bbfda91d74f13cb5eca89485d47528f", + "rev": "f42a45c015f28ac3beeb0df360e50cdbf495d44b", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1665643254, - "narHash": "sha256-IBVWNJxGCsshwh62eRfR6+ry3bSXmulB3VQRzLQo3hk=", + "lastModified": 1668765800, + "narHash": "sha256-rC40+/W6Hio7b/RsY8SvQPKNx4WqNcTgfYv8cUMAvJk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ba187fbdc5e35322c7dff556ef2c47bddfd6e8d7", + "rev": "52b2ac8ae18bbad4374ff0dd5aeee0fdf1aea739", "type": "github" }, "original": { From 82c3e1243f3e7fd5332853223bf61e8dcb6ac499 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 29 Nov 2022 21:10:45 +0100 Subject: [PATCH 039/240] add esphome --- systems/PC-Fixe/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index eaacc77..282adba 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -96,6 +96,7 @@ environment.systemPackages = with pkgs; [ usb-modeswitch + esphome ]; programs.wireshark.enable = true; From 8f36dda4e841b8f56ae3d2aa4b9cf494acd58c9b Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 29 Nov 2022 21:11:37 +0100 Subject: [PATCH 040/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/f42a45c015f28ac3beeb0df360e50cdbf495d44b' (2022-11-18) → 'github:NixOS/nixpkgs/fecf05d4861f3985e8dee73f08bc82668ef75125' (2022-11-27) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/52b2ac8ae18bbad4374ff0dd5aeee0fdf1aea739' (2022-11-18) → 'github:NixOS/nixpkgs/a115bb9bd56831941be3776c8a94005867f316a7' (2022-11-27) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index d29b83a..2a9066c 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1668766498, - "narHash": "sha256-UjZlIrbHGlL3H3HZNPTxPSwJfr49jIfbPWCYxk0EQm4=", + "lastModified": 1669546925, + "narHash": "sha256-Gvtk9agz88tBgqmCdHl5U7gYttTkiuEd8/Rq1Im0pTg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f42a45c015f28ac3beeb0df360e50cdbf495d44b", + "rev": "fecf05d4861f3985e8dee73f08bc82668ef75125", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1668765800, - "narHash": "sha256-rC40+/W6Hio7b/RsY8SvQPKNx4WqNcTgfYv8cUMAvJk=", + "lastModified": 1669542132, + "narHash": "sha256-DRlg++NJAwPh8io3ExBJdNW7Djs3plVI5jgYQ+iXAZQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "52b2ac8ae18bbad4374ff0dd5aeee0fdf1aea739", + "rev": "a115bb9bd56831941be3776c8a94005867f316a7", "type": "github" }, "original": { From 3b4f25ead8fc33d11fc627e61f2a13719fb4c600 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 29 Nov 2022 21:45:48 +0100 Subject: [PATCH 041/240] fix postgres backup --- systems/LoutreOS/services.nix | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index bab9d54..517e54c 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -119,8 +119,7 @@ in "/var/lib/gitea" "/var/lib/grafana" "/var/lib/jackett" - "/var/lib/matrix-synapse" - "/var/lib/postgresql/.zfs/snapshot/borgsnap" + "/mnt/borgsnap/postgresql" "/var/lib/radarr" "/var/lib/sonarr" "/var/lib/transmission" @@ -130,6 +129,7 @@ in "/mnt/paul-home/paul" "/var/sieve" "/var/vmail" + "/mnt/backup_loutre/amandoleen" ]; exclude = [ "/var/lib/radarr/.config/Radarr/radarr.db-wal" @@ -147,9 +147,14 @@ in weekly = 4; monthly = 12; }; - preHook = "${pkgs.zfs}/bin/zfs snapshot loutrepool/var/postgresql@borgsnap"; + preHook = '' + ${pkgs.zfs}/bin/zfs snapshot loutrepool/var/postgresql@borgsnap + mkdir -p /mnt/borgsnap/postgresql + ${config.security.wrapperDir}/mount -t zfs loutrepool/var/postgresql@borgsnap /mnt/borgsnap/postgresql + ''; readWritePaths = [ "/var/lib/postfix/queue/maildrop" ]; postHook = '' + ${config.security.wrapperDir}/umount /mnt/borgsnap/postgresql ${pkgs.zfs}/bin/zfs destroy loutrepool/var/postgresql@borgsnap ''; }; @@ -537,6 +542,8 @@ in }; }; + systemd.services."borgbackup-job-loutre".serviceConfig.TemporaryFileSystem = ["/mnt/borgsnap"]; + dogetipbot-telegram.enable = true; ipmihddtemp.enable = true; From 7ea868668549c89c659db7c7c09571281157851b Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 29 Nov 2022 21:53:24 +0100 Subject: [PATCH 042/240] LoutreOS: backup more --- systems/LoutreOS/services.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 517e54c..4d496d7 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -123,6 +123,10 @@ in "/var/lib/radarr" "/var/lib/sonarr" "/var/lib/transmission" + "/var/lib/airsonic" + "/var/lib/hass" + "/var/lib/opendkim" + "/var/lib/slimserver" "/mnt/medias/musique" "/mnt/medias/torrent/lidarr" "/mnt/medias/torrent/musique" @@ -130,6 +134,7 @@ in "/var/sieve" "/var/vmail" "/mnt/backup_loutre/amandoleen" + "/mnt/secrets" ]; exclude = [ "/var/lib/radarr/.config/Radarr/radarr.db-wal" From 17d985a56cd01ddb7372b200209f46ccc49dcab2 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 29 Dec 2022 15:37:00 +0100 Subject: [PATCH 043/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/fecf05d4861f3985e8dee73f08bc82668ef75125' (2022-11-27) → 'github:NixOS/nixpkgs/dac57a4eccf1442e8bf4030df6fcbb55883cb682' (2022-12-24) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/a115bb9bd56831941be3776c8a94005867f316a7' (2022-11-27) → 'github:NixOS/nixpkgs/e182da8622a354d44c39b3d7a542dc12cd7baa5f' (2022-12-28) • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/f535d8123c4761b2ed8138f3d202ea710a334a1d' (2022-06-22) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/bc667fb6afc45f6cc2d118ab77658faf2227cffd' (2022-12-21) • Removed input 'simple-nixos-mailserver/nixpkgs-22_05' • Added input 'simple-nixos-mailserver/nixpkgs-22_11': 'github:NixOS/nixpkgs/ce5fe99df1f15a09a91a86be9738d68fadfbad82' (2022-11-27) --- flake.lock | 41 +++++++++++++++++++++++++++-------------- 1 file changed, 27 insertions(+), 14 deletions(-) diff --git a/flake.lock b/flake.lock index 2a9066c..f26b072 100644 --- a/flake.lock +++ b/flake.lock @@ -75,26 +75,41 @@ }, "nixpkgs": { "locked": { - "lastModified": 1669546925, - "narHash": "sha256-Gvtk9agz88tBgqmCdHl5U7gYttTkiuEd8/Rq1Im0pTg=", + "lastModified": 1671883564, + "narHash": "sha256-C15oAtyupmLB3coZY7qzEHXjhtUx/+77olVdqVMruAg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fecf05d4861f3985e8dee73f08bc82668ef75125", + "rev": "dac57a4eccf1442e8bf4030df6fcbb55883cb682", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-22.05", + "ref": "nixos-22.11", + "type": "indirect" + } + }, + "nixpkgs-22_11": { + "locked": { + "lastModified": 1669558522, + "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.11", "type": "indirect" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1669542132, - "narHash": "sha256-DRlg++NJAwPh8io3ExBJdNW7Djs3plVI5jgYQ+iXAZQ=", + "lastModified": 1672262501, + "narHash": "sha256-ZNXqX9lwYo1tOFAqrVtKTLcJ2QMKCr3WuIvpN8emp7I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a115bb9bd56831941be3776c8a94005867f316a7", + "rev": "e182da8622a354d44c39b3d7a542dc12cd7baa5f", "type": "github" }, "original": { @@ -119,22 +134,20 @@ "nixpkgs": [ "nixpkgs-unstable" ], - "nixpkgs-22_05": [ - "nixpkgs" - ], + "nixpkgs-22_11": "nixpkgs-22_11", "utils": "utils" }, "locked": { - "lastModified": 1655930346, - "narHash": "sha256-ht56HHOzEhjeIgAv5ZNFjSVX/in1YlUs0HG9c1EUXTM=", + "lastModified": 1671659164, + "narHash": "sha256-DbpT+v1POwFOInbrDL+vMbYV3mVbTkMxmJ5j50QnOcA=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "f535d8123c4761b2ed8138f3d202ea710a334a1d", + "rev": "bc667fb6afc45f6cc2d118ab77658faf2227cffd", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-22.05", + "ref": "nixos-22.11", "repo": "nixos-mailserver", "type": "gitlab" } From 5ce6087b57800aca90ee8babf456e76d5fe55a1f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 30 Dec 2022 15:08:20 +0100 Subject: [PATCH 044/240] update LoutreOS to 22.11 --- flake.lock | 22 +++++++++------ flake.nix | 12 ++++---- services/python-ci.nix | 2 +- systems/LoutreOS/configuration.nix | 2 +- systems/LoutreOS/hardware-configuration.nix | 2 +- systems/LoutreOS/monitoring.nix | 31 +++++++++++++-------- systems/LoutreOS/web.nix | 10 ++++--- systems/common-cli.nix | 5 ++-- 8 files changed, 52 insertions(+), 34 deletions(-) diff --git a/flake.lock b/flake.lock index f26b072..8f5449d 100644 --- a/flake.lock +++ b/flake.lock @@ -88,19 +88,20 @@ "type": "indirect" } }, - "nixpkgs-22_11": { + "nixpkgs-photoprism": { "locked": { - "lastModified": 1669558522, - "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", - "owner": "NixOS", + "lastModified": 1671922246, + "narHash": "sha256-Xh/pWG2mdheCtJZFmuuZIsvR9PVgs15Rn6yt/G1lINc=", + "owner": "Stunkymonkey", "repo": "nixpkgs", - "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", + "rev": "6805f176fcc4b3673f23df5ee67caccc24bfba8c", "type": "github" }, "original": { - "id": "nixpkgs", - "ref": "nixos-22.11", - "type": "indirect" + "owner": "Stunkymonkey", + "ref": "photoprism-module-init", + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs-unstable": { @@ -123,6 +124,7 @@ "dogetipbot-telegram": "dogetipbot-telegram", "ipmihddtemp": "ipmihddtemp", "nixpkgs": "nixpkgs", + "nixpkgs-photoprism": "nixpkgs-photoprism", "nixpkgs-unstable": "nixpkgs-unstable", "simple-nixos-mailserver": "simple-nixos-mailserver", "utils": "utils_2" @@ -134,7 +136,9 @@ "nixpkgs": [ "nixpkgs-unstable" ], - "nixpkgs-22_11": "nixpkgs-22_11", + "nixpkgs-22_11": [ + "nixpkgs" + ], "utils": "utils" }, "locked": { diff --git a/flake.nix b/flake.nix index c7c1cf6..fe8260a 100644 --- a/flake.nix +++ b/flake.nix @@ -1,13 +1,14 @@ { inputs = { - nixpkgs.url = "flake:nixpkgs/nixos-22.05"; + nixpkgs.url = "flake:nixpkgs/nixos-22.11"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; + nixpkgs-photoprism.url = "github:Stunkymonkey/nixpkgs/photoprism-module-init"; utils.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.3.1"; simple-nixos-mailserver = { - url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.05"; + url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.11"; inputs = { nixpkgs.follows = "nixpkgs-unstable"; - nixpkgs-22_05.follows = "nixpkgs"; + nixpkgs-22_11.follows = "nixpkgs"; }; }; dogetipbot-telegram = { @@ -20,7 +21,7 @@ }; }; - outputs = inputs@{ self, utils, nixpkgs, nixpkgs-unstable, simple-nixos-mailserver, dogetipbot-telegram, ipmihddtemp }: utils.lib.mkFlake { + outputs = inputs@{ self, utils, nixpkgs, nixpkgs-unstable, nixpkgs-photoprism, simple-nixos-mailserver, dogetipbot-telegram, ipmihddtemp }: utils.lib.mkFlake { inherit self inputs; @@ -32,7 +33,7 @@ # (nixpkgs-unstable.legacyPackages."x86_64-linux".fetchpatch { # name = "electron-cash.patch"; # url = "https://github.com/NixOS/nixpkgs/pull/160607.patch"; - # sha256 = "sha256-oQbiyhVWYIkEuZEKqaPuIL00PNPnuTAw64wuqZ8YeDs="; + # sha256 = nixpkgs.lib.fakeHash; # }) # ]; @@ -46,6 +47,7 @@ ]; hosts.loutreos.modules = [ + "${nixpkgs-photoprism}/nixos/modules/services/web-apps/photoprism.nix" simple-nixos-mailserver.nixosModule dogetipbot-telegram.nixosModule ipmihddtemp.nixosModule diff --git a/services/python-ci.nix b/services/python-ci.nix index 5a6a4c4..ce957db 100644 --- a/services/python-ci.nix +++ b/services/python-ci.nix @@ -33,7 +33,7 @@ in RuntimeDirectoryPreserve = "yes"; ExecStart = with pkgs; let env = python3Packages.python.buildEnv.override { - extraLibs = with python3Packages;[ pyramid python-gitlab ]; + extraLibs = with python3Packages;[ pyramid python-gitlab setuptools ]; ignoreCollisions = true; }; in "${pkgs.writeShellScriptBin "run.sh" '' diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 9cf6d06..d0adf48 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -12,7 +12,7 @@ ./services.nix ]; - nix.trustedUsers = [ "root" "paul" ]; + nix.settings.trusted-users = [ "root" "paul" ]; boot = { loader = { diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index 4984718..2c3303b 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -176,6 +176,6 @@ } ]; - nix.maxJobs = lib.mkDefault 4; + nix.settings.max-jobs = lib.mkDefault 4; powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; } diff --git a/systems/LoutreOS/monitoring.nix b/systems/LoutreOS/monitoring.nix index 9910068..e02a4fa 100644 --- a/systems/LoutreOS/monitoring.nix +++ b/systems/LoutreOS/monitoring.nix @@ -87,18 +87,27 @@ in grafana = { enable = true; - addr = "127.0.0.1"; dataDir = "/var/lib/grafana"; - extraOptions = { - SERVER_ROOT_URL = "https://grafana.${domaine}"; - SMTP_ENABLED = "true"; - SMTP_FROM_ADDRESS = "grafana@${domaine}"; - SMTP_SKIP_VERIFY = "true"; - AUTH_DISABLE_LOGIN_FORM = "true"; - AUTH_DISABLE_SIGNOUT_MENU = "true"; - AUTH_ANONYMOUS_ENABLED = "true"; - AUTH_ANONYMOUS_ORG_ROLE = "Admin"; - AUTH_BASIC_ENABLED = "false"; + settings = { + server = { + http_addr = "127.0.0.1"; + root_url = "https://grafana.${domaine}"; + }; + smtp = { + enabled = true; + from_address = "grafana@${domaine}"; + skip_verify = true; + }; + auth = { + disable_signout_menu = true; + }; + "auth.basic" = { + enabled = false; + }; + "auth.proxy" = { + enabled = true; + header_name = "X-WEBAUTH-USER"; + }; }; }; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 9731dae..9469804 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -197,6 +197,8 @@ in proxyPass = "http://127.0.0.1:${toString(rport)}/"; extraConfig = '' auth_request_set $cookie $upstream_http_set_cookie; + auth_request_set $username $upstream_http_x_username; + proxy_set_header X-WEBAUTH-USER $username; add_header Set-Cookie $cookie; ''; }; @@ -243,7 +245,7 @@ in }; }; "login.nyanlout.re" = simpleReverse config.services.nginx.sso.configuration.listen.port; - "grafana.nyanlout.re" = authReverse config.services.grafana.port; + "grafana.nyanlout.re" = authReverse config.services.grafana.settings.server.http_port; "transmission.nyanlout.re" = authReverse config.services.transmission.settings.rpc-port; "radarr.nyanlout.re" = authReverse 7878; "sonarr.nyanlout.re" = authReverse 8989; @@ -376,7 +378,6 @@ in gitea = { enable = true; - cookieSecure = true; httpPort = 3001; rootUrl = "https://gitea.nyanlout.re/"; database = { @@ -384,10 +385,11 @@ in port = 5432; passwordFile = "/var/lib/gitea/custom/conf/database_password"; }; - log.level = "Warn"; - disableRegistration = true; settings = { ui.DEFAULT_THEME = "arc-green"; + log.LEVEL = "Warn"; + service.DISABLE_REGISTRATION = true; + session.COOKIE_SECURE = true; }; }; diff --git a/systems/common-cli.nix b/systems/common-cli.nix index b0cdf52..d8359d9 100644 --- a/systems/common-cli.nix +++ b/systems/common-cli.nix @@ -11,12 +11,13 @@ vimAlias = true; configure = { customRC = '' - set tabstop=8 + set tabstop=8 set shiftwidth=4 set softtabstop=0 set expandtab - set smarttab + set smarttab set background=dark + set mouse= ''; packages.myVimPackage = with pkgs.vimPlugins; { start = [ From c4ff862ab4060f3245e721ca526c28ce1dd07452 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 30 Dec 2022 15:08:37 +0100 Subject: [PATCH 045/240] install photoprism --- systems/LoutreOS/services.nix | 9 +++++++++ systems/LoutreOS/web.nix | 5 +++++ 2 files changed, 14 insertions(+) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 4d496d7..cb0cdfb 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -545,6 +545,15 @@ in #]; }; }; + + photoprism = { + enable = true; + originalsPath = "/mnt/backup_loutre/amandoleen/d/Users/Amand/Pictures"; + extraConfig = { + PHOTOPRISM_AUTH_MODE = "public"; + PHOTOPRISM_READONLY = true; + }; + }; }; systemd.services."borgbackup-job-loutre".serviceConfig.TemporaryFileSystem = ["/mnt/borgsnap"]; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 9469804..c7f0169 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -260,6 +260,11 @@ in "ci.nyanlout.re" = simpleReverse 52350; "gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort; "musique.nyanlout.re" = simpleReverse config.services.navidrome.settings.Port; + "photo.nyanlout.re" = recursiveUpdate (authReverse config.services.photoprism.port) { + locations."/" = { + proxyWebsockets = true; + }; + }; "apart.nyanlout.re" = recursiveUpdate (simpleReverse config.services.home-assistant.config.http.server_port) { locations."/" = { proxyWebsockets = true; From a315db49c6a600bc72795963011f26b1f81add64 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 30 Dec 2022 15:09:18 +0100 Subject: [PATCH 046/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/dac57a4eccf1442e8bf4030df6fcbb55883cb682' (2022-12-24) → 'github:NixOS/nixpkgs/913a47cd064cc06440ea84e5e0452039a85781f0' (2022-12-29) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 8f5449d..e6dea1e 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1671883564, - "narHash": "sha256-C15oAtyupmLB3coZY7qzEHXjhtUx/+77olVdqVMruAg=", + "lastModified": 1672353432, + "narHash": "sha256-oZfgp/44/o2tWiylV30cR+DLyWTJ+5dhsdWZVpzs3e4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dac57a4eccf1442e8bf4030df6fcbb55883cb682", + "rev": "913a47cd064cc06440ea84e5e0452039a85781f0", "type": "github" }, "original": { From 09ec8c3554521b48e00cb9e02644111e0ac40fd8 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 5 Jan 2023 11:11:22 +0100 Subject: [PATCH 047/240] Add 'overlays/transmission.nix' --- overlays/transmission.nix | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 overlays/transmission.nix diff --git a/overlays/transmission.nix b/overlays/transmission.nix new file mode 100644 index 0000000..3294870 --- /dev/null +++ b/overlays/transmission.nix @@ -0,0 +1,8 @@ +self: super: +{ + transmission = (super.transmission.overrideAttrs (oA: { + patches = []; + })).override { + openssl = super.openssl_legacy; + }; +} \ No newline at end of file From eff9aadf902365f0721e58b1955d4073670d7d79 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 5 Jan 2023 11:13:39 +0100 Subject: [PATCH 048/240] Update 'systems/LoutreOS/configuration.nix' --- systems/LoutreOS/configuration.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index d0adf48..3ab6c2a 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -12,6 +12,11 @@ ./services.nix ]; + nixpkgs.overlays = [ + (import ../../overlays/transmission.nix) + ]; + + nix.settings.trusted-users = [ "root" "paul" ]; boot = { From 3d472d07c2f6666a2f55e7e3692b067aebc8dfac Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 5 Jan 2023 11:18:09 +0100 Subject: [PATCH 049/240] Update 'systems/LoutreOS/configuration.nix' --- systems/LoutreOS/configuration.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 3ab6c2a..75a7df1 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -12,11 +12,6 @@ ./services.nix ]; - nixpkgs.overlays = [ - (import ../../overlays/transmission.nix) - ]; - - nix.settings.trusted-users = [ "root" "paul" ]; boot = { @@ -169,6 +164,7 @@ nixpkgs.overlays = [ (import ../../overlays/riot-web.nix) + (import ../../overlays/transmission.nix) ]; services.openssh = { From 884498f5736ae5ba3aae947fb9383f199630198e Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 5 Jan 2023 11:25:26 +0100 Subject: [PATCH 050/240] Update 'systems/LoutreOS/services.nix' --- systems/LoutreOS/services.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index cb0cdfb..2bc5e41 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -551,7 +551,7 @@ in originalsPath = "/mnt/backup_loutre/amandoleen/d/Users/Amand/Pictures"; extraConfig = { PHOTOPRISM_AUTH_MODE = "public"; - PHOTOPRISM_READONLY = true; + PHOTOPRISM_READONLY = "1"; }; }; }; From 0cddbf1def860643f4f76a1a590d6703aaacbdc0 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 5 Jan 2023 11:22:52 +0100 Subject: [PATCH 051/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/913a47cd064cc06440ea84e5e0452039a85781f0' (2022-12-29) → 'github:NixOS/nixpkgs/e9ade2c8240e00a4784fac282a502efff2786bdc' (2023-01-04) • Updated input 'nixpkgs-photoprism': 'github:Stunkymonkey/nixpkgs/6805f176fcc4b3673f23df5ee67caccc24bfba8c' (2022-12-24) → 'github:Stunkymonkey/nixpkgs/9f3d8078ecec6f757b6fde1734f258913e062be2' (2023-01-01) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/e182da8622a354d44c39b3d7a542dc12cd7baa5f' (2022-12-28) → 'github:NixOS/nixpkgs/9813adc7f7c0edd738c6bdd8431439688bb0cb3d' (2023-01-04) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index e6dea1e..8c26b8b 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1672353432, - "narHash": "sha256-oZfgp/44/o2tWiylV30cR+DLyWTJ+5dhsdWZVpzs3e4=", + "lastModified": 1672844754, + "narHash": "sha256-o26WabuHABQsaHxxmIrR3AQRqDFUEdLckLXkVCpIjSU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "913a47cd064cc06440ea84e5e0452039a85781f0", + "rev": "e9ade2c8240e00a4784fac282a502efff2786bdc", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-photoprism": { "locked": { - "lastModified": 1671922246, - "narHash": "sha256-Xh/pWG2mdheCtJZFmuuZIsvR9PVgs15Rn6yt/G1lINc=", + "lastModified": 1672609663, + "narHash": "sha256-qDon3TnuGPW8L4+xLqUs6/Ev8yRR8qV7v5PHMrCtnao=", "owner": "Stunkymonkey", "repo": "nixpkgs", - "rev": "6805f176fcc4b3673f23df5ee67caccc24bfba8c", + "rev": "9f3d8078ecec6f757b6fde1734f258913e062be2", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1672262501, - "narHash": "sha256-ZNXqX9lwYo1tOFAqrVtKTLcJ2QMKCr3WuIvpN8emp7I=", + "lastModified": 1672791794, + "narHash": "sha256-mqGPpGmwap0Wfsf3o2b6qHJW1w2kk/I6cGCGIU+3t6o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e182da8622a354d44c39b3d7a542dc12cd7baa5f", + "rev": "9813adc7f7c0edd738c6bdd8431439688bb0cb3d", "type": "github" }, "original": { From a449f29502028e36df5b28374763fc5d80c1c6f8 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 5 Jan 2023 11:26:38 +0100 Subject: [PATCH 052/240] remove backup mount and add photoprism mount --- systems/LoutreOS/hardware-configuration.nix | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index 2c3303b..b32d6f1 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -123,10 +123,10 @@ fsType = "zfs"; }; - fileSystems."/mnt/backup" = - { device = "backup"; - fsType = "zfs"; - }; + # fileSystems."/mnt/backup" = + # { device = "backup"; + # fsType = "zfs"; + # }; fileSystems."/mnt/backup_loutre" = { device = "loutrepool/backup"; @@ -158,6 +158,11 @@ fsType = "zfs"; }; + fileSystems."/var/lib/private/photoprism" = + { device = "loutrepool/var/photoprism"; + fsType = "zfs"; + }; + fileSystems."/mnt/paul-home" = { device = "loutrepool/zfs-replicate/paul-fixe/fastaf/home"; fsType = "zfs"; From d97d8a59491430776d6cff8776882e6d410fa60b Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 5 Jan 2023 11:28:10 +0100 Subject: [PATCH 053/240] add photoprism url --- systems/LoutreOS/services.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 2bc5e41..4c8fb80 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -552,6 +552,7 @@ in extraConfig = { PHOTOPRISM_AUTH_MODE = "public"; PHOTOPRISM_READONLY = "1"; + PHOTOPRISM_SITE_URL = "https://photo.nyanlout.re/"; }; }; }; From 166219459f6911defe243e68c273fa429e917c51 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 7 Jan 2023 23:34:55 +0100 Subject: [PATCH 054/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e9ade2c8240e00a4784fac282a502efff2786bdc' (2023-01-04) → 'github:NixOS/nixpkgs/2dea8991d89b9f1e78d874945f78ca15f6954289' (2023-01-06) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/9813adc7f7c0edd738c6bdd8431439688bb0cb3d' (2023-01-04) → 'github:NixOS/nixpkgs/a518c77148585023ff56022f09c4b2c418a51ef5' (2023-01-05) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 8c26b8b..ea354b4 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1672844754, - "narHash": "sha256-o26WabuHABQsaHxxmIrR3AQRqDFUEdLckLXkVCpIjSU=", + "lastModified": 1672968032, + "narHash": "sha256-26Jns3GmHem44a06UN5Rj/KOD9qNJThyQrom02Ijur8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e9ade2c8240e00a4784fac282a502efff2786bdc", + "rev": "2dea8991d89b9f1e78d874945f78ca15f6954289", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1672791794, - "narHash": "sha256-mqGPpGmwap0Wfsf3o2b6qHJW1w2kk/I6cGCGIU+3t6o=", + "lastModified": 1672953546, + "narHash": "sha256-oz757DnJ1ITvwyTovuwG3l9cX6j9j6/DH9eH+cXFJmc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9813adc7f7c0edd738c6bdd8431439688bb0cb3d", + "rev": "a518c77148585023ff56022f09c4b2c418a51ef5", "type": "github" }, "original": { From 734f54f69fab055c37976bfce6176dad3c4f66f0 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 13 Jan 2023 09:53:31 +0100 Subject: [PATCH 055/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/2dea8991d89b9f1e78d874945f78ca15f6954289' (2023-01-06) → 'github:NixOS/nixpkgs/6a3f9996408c970b99b8b992b11bb249d1455b62' (2023-01-12) • Updated input 'nixpkgs-photoprism': 'github:Stunkymonkey/nixpkgs/9f3d8078ecec6f757b6fde1734f258913e062be2' (2023-01-01) → 'github:Stunkymonkey/nixpkgs/2dc710c13cfd1f33b16439c84afd9eafeb3371f2' (2023-01-12) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/a518c77148585023ff56022f09c4b2c418a51ef5' (2023-01-05) → 'github:NixOS/nixpkgs/6c8644fc37b6e141cbfa6c7dc8d98846c4ff0c2e' (2023-01-11) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index ea354b4..ef80203 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1672968032, - "narHash": "sha256-26Jns3GmHem44a06UN5Rj/KOD9qNJThyQrom02Ijur8=", + "lastModified": 1673527292, + "narHash": "sha256-903EpRSDCfUvic7Hsiqwy+h7zlMTLAUbCXkEGGriCfM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2dea8991d89b9f1e78d874945f78ca15f6954289", + "rev": "6a3f9996408c970b99b8b992b11bb249d1455b62", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-photoprism": { "locked": { - "lastModified": 1672609663, - "narHash": "sha256-qDon3TnuGPW8L4+xLqUs6/Ev8yRR8qV7v5PHMrCtnao=", + "lastModified": 1673563714, + "narHash": "sha256-NPVs2Sff5ubtCnsG5fciNZtM30d4nlgZxmpSK4zqwDU=", "owner": "Stunkymonkey", "repo": "nixpkgs", - "rev": "9f3d8078ecec6f757b6fde1734f258913e062be2", + "rev": "2dc710c13cfd1f33b16439c84afd9eafeb3371f2", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1672953546, - "narHash": "sha256-oz757DnJ1ITvwyTovuwG3l9cX6j9j6/DH9eH+cXFJmc=", + "lastModified": 1673450908, + "narHash": "sha256-b8em+kwrNtnB7gR8SyVf6WuTyQ+6tHS6dzt9D9wgKF0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a518c77148585023ff56022f09c4b2c418a51ef5", + "rev": "6c8644fc37b6e141cbfa6c7dc8d98846c4ff0c2e", "type": "github" }, "original": { From ea61674cffa0302e2189dc4edaf1db0ff3abc1b9 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 26 Jan 2023 20:42:59 +0100 Subject: [PATCH 056/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/6a3f9996408c970b99b8b992b11bb249d1455b62' (2023-01-12) → 'github:NixOS/nixpkgs/ab1254087f4cdf4af74b552d7fc95175d9bdbb49' (2023-01-22) • Updated input 'nixpkgs-photoprism': 'github:Stunkymonkey/nixpkgs/2dc710c13cfd1f33b16439c84afd9eafeb3371f2' (2023-01-12) → 'github:Stunkymonkey/nixpkgs/0214f02419f80674ffcaa26e9f20769a56b5f0c1' (2023-01-15) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/6c8644fc37b6e141cbfa6c7dc8d98846c4ff0c2e' (2023-01-11) → 'github:NixOS/nixpkgs/1b1f50645af2a70dc93eae18bfd88d330bfbcf7f' (2023-01-23) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index ef80203..3259cce 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1673527292, - "narHash": "sha256-903EpRSDCfUvic7Hsiqwy+h7zlMTLAUbCXkEGGriCfM=", + "lastModified": 1674407282, + "narHash": "sha256-2qwc8mrPINSFdWffPK+ji6nQ9aGnnZyHSItVcYDZDlk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6a3f9996408c970b99b8b992b11bb249d1455b62", + "rev": "ab1254087f4cdf4af74b552d7fc95175d9bdbb49", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-photoprism": { "locked": { - "lastModified": 1673563714, - "narHash": "sha256-NPVs2Sff5ubtCnsG5fciNZtM30d4nlgZxmpSK4zqwDU=", + "lastModified": 1673802166, + "narHash": "sha256-0D/Fnl7nF9tOoCFgfu8dReShYjal7LwvIRkCAjxtK78=", "owner": "Stunkymonkey", "repo": "nixpkgs", - "rev": "2dc710c13cfd1f33b16439c84afd9eafeb3371f2", + "rev": "0214f02419f80674ffcaa26e9f20769a56b5f0c1", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1673450908, - "narHash": "sha256-b8em+kwrNtnB7gR8SyVf6WuTyQ+6tHS6dzt9D9wgKF0=", + "lastModified": 1674459583, + "narHash": "sha256-L0UZl/u2H3HGsrhN+by42c5kNYeKtdmJiPzIRvEVeiM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6c8644fc37b6e141cbfa6c7dc8d98846c4ff0c2e", + "rev": "1b1f50645af2a70dc93eae18bfd88d330bfbcf7f", "type": "github" }, "original": { From a8b8356e0d24261aff88c5e40fa3fa6a6ed3eba5 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 16 Feb 2023 17:04:00 +0100 Subject: [PATCH 057/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/ab1254087f4cdf4af74b552d7fc95175d9bdbb49' (2023-01-22) → 'github:NixOS/nixpkgs/c43f676c938662072772339be6269226c77b51b8' (2023-02-14) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/1b1f50645af2a70dc93eae18bfd88d330bfbcf7f' (2023-01-23) → 'github:NixOS/nixpkgs/545c7a31e5dedea4a6d372712a18e00ce097d462' (2023-02-13) --- flake.lock | 29 ++++++----------------------- 1 file changed, 6 insertions(+), 23 deletions(-) diff --git a/flake.lock b/flake.lock index 3259cce..eecc94f 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1674407282, - "narHash": "sha256-2qwc8mrPINSFdWffPK+ji6nQ9aGnnZyHSItVcYDZDlk=", + "lastModified": 1676375384, + "narHash": "sha256-6HI3jZiuJX+KLz05cocYy2mBAWlISEKHU84ftYfxHZ8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ab1254087f4cdf4af74b552d7fc95175d9bdbb49", + "rev": "c43f676c938662072772339be6269226c77b51b8", "type": "github" }, "original": { @@ -88,29 +88,13 @@ "type": "indirect" } }, - "nixpkgs-photoprism": { - "locked": { - "lastModified": 1673802166, - "narHash": "sha256-0D/Fnl7nF9tOoCFgfu8dReShYjal7LwvIRkCAjxtK78=", - "owner": "Stunkymonkey", - "repo": "nixpkgs", - "rev": "0214f02419f80674ffcaa26e9f20769a56b5f0c1", - "type": "github" - }, - "original": { - "owner": "Stunkymonkey", - "ref": "photoprism-module-init", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs-unstable": { "locked": { - "lastModified": 1674459583, - "narHash": "sha256-L0UZl/u2H3HGsrhN+by42c5kNYeKtdmJiPzIRvEVeiM=", + "lastModified": 1676300157, + "narHash": "sha256-1HjRzfp6LOLfcj/HJHdVKWAkX9QRAouoh6AjzJiIerU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1b1f50645af2a70dc93eae18bfd88d330bfbcf7f", + "rev": "545c7a31e5dedea4a6d372712a18e00ce097d462", "type": "github" }, "original": { @@ -124,7 +108,6 @@ "dogetipbot-telegram": "dogetipbot-telegram", "ipmihddtemp": "ipmihddtemp", "nixpkgs": "nixpkgs", - "nixpkgs-photoprism": "nixpkgs-photoprism", "nixpkgs-unstable": "nixpkgs-unstable", "simple-nixos-mailserver": "simple-nixos-mailserver", "utils": "utils_2" From 4d7fc25aaf6e568c7a7a3e366f58a17d76bc22b7 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 16 Feb 2023 17:11:20 +0100 Subject: [PATCH 058/240] remove riot --- overlays/riot-web.nix | 15 --------------- systems/LoutreOS/configuration.nix | 1 - systems/LoutreOS/web.nix | 1 - 3 files changed, 17 deletions(-) delete mode 100644 overlays/riot-web.nix diff --git a/overlays/riot-web.nix b/overlays/riot-web.nix deleted file mode 100644 index 33428ff..0000000 --- a/overlays/riot-web.nix +++ /dev/null @@ -1,15 +0,0 @@ -self: super: -{ - riot-web = super.riot-web.override { - conf = { - default_hs_url = "https://matrix.nyanlout.re"; - default_is_url = "https://vector.im"; - brand = "Nyanloutre"; - default_theme = "dark"; - integrations_ui_url = "https://dimension.t2bot.io/riot"; - integrations_rest_url = "https://dimension.t2bot.io/api/v1/scalar"; - integrations_widgets_urls = ["https://dimension.t2bot.io/widgets"]; - integrations_jitsi_widget_url = "https://dimension.t2bot.io/widgets/jitsi"; - }; - }; -} diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 75a7df1..e292f44 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -163,7 +163,6 @@ }; nixpkgs.overlays = [ - (import ../../overlays/riot-web.nix) (import ../../overlays/transmission.nix) ]; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index c7f0169..8390254 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -224,7 +224,6 @@ in ''; }; } // { default = true; }; - "riot.nyanlout.re" = base { "/" = { root = pkgs.element-web; }; }; "factorio.nyanlout.re" = base { "/" = { root = "/var/www/factorio"; }; }; "minecraft.nyanlout.re" = base { "/" = { root = "/var/www/minecraft-overviewer"; }; }; "musique-meyenheim.fr" = base { From 2fac85824a2c9c0efd785de978166e2e0e76675c Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 16 Feb 2023 17:13:06 +0100 Subject: [PATCH 059/240] install photoprism from unstable --- flake.nix | 5 ++--- systems/LoutreOS/services.nix | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/flake.nix b/flake.nix index fe8260a..e9ef184 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,6 @@ inputs = { nixpkgs.url = "flake:nixpkgs/nixos-22.11"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; - nixpkgs-photoprism.url = "github:Stunkymonkey/nixpkgs/photoprism-module-init"; utils.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.3.1"; simple-nixos-mailserver = { url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.11"; @@ -21,7 +20,7 @@ }; }; - outputs = inputs@{ self, utils, nixpkgs, nixpkgs-unstable, nixpkgs-photoprism, simple-nixos-mailserver, dogetipbot-telegram, ipmihddtemp }: utils.lib.mkFlake { + outputs = inputs@{ self, utils, nixpkgs, nixpkgs-unstable, simple-nixos-mailserver, dogetipbot-telegram, ipmihddtemp }: utils.lib.mkFlake { inherit self inputs; @@ -47,7 +46,7 @@ ]; hosts.loutreos.modules = [ - "${nixpkgs-photoprism}/nixos/modules/services/web-apps/photoprism.nix" + "${nixpkgs-unstable}/nixos/modules/services/web-apps/photoprism.nix" simple-nixos-mailserver.nixosModule dogetipbot-telegram.nixosModule ipmihddtemp.nixosModule diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 4c8fb80..3b8df04 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -549,7 +549,7 @@ in photoprism = { enable = true; originalsPath = "/mnt/backup_loutre/amandoleen/d/Users/Amand/Pictures"; - extraConfig = { + settings = { PHOTOPRISM_AUTH_MODE = "public"; PHOTOPRISM_READONLY = "1"; PHOTOPRISM_SITE_URL = "https://photo.nyanlout.re/"; From 0ae3cd7ba4ddfc35c590c7b301bf52b5de1bd1ce Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 16 Feb 2023 17:30:46 +0100 Subject: [PATCH 060/240] redirect www.musique-meyenheim.fr --- systems/LoutreOS/web.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 8390254..6df086c 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -237,6 +237,11 @@ in alias = "/var/www/site-musique/media/"; }; }; + "www.musique-meyenheim.fr" = { + enableACME = true; + forceSSL = true; + globalRedirect = "musique-meyenheim.fr"; + }; # "maxspiegel.fr" = base { "/" = { root = "/run/python-ci/nyanloutre/site-max"; }; }; "stream.nyanlout.re" = base { "/" = { From 94ab3f04fe39281c3940de48972cfc75737a547e Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 16 Feb 2023 17:31:01 +0100 Subject: [PATCH 061/240] ajout amandoline-creations.fr --- systems/LoutreOS/web.nix | 55 +++++++--------------------------------- 1 file changed, 9 insertions(+), 46 deletions(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 6df086c..aa7ca38 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -327,52 +327,15 @@ in } ]; "designyourfuture.amandoline-creations.fr" = base { - "/".alias = "/var/www/amandoleene-designyourfuture/"; - # "/" = { - # priority = 200; - # extraConfig = '' - # try_files $uri $uri/ /index.php$is_args$args; - # ''; - # }; - # "~ \\.php$" = { - # priority = 500; - # extraConfig = '' - # fastcgi_split_path_info ^(.+\.php)(/.+)$; - # fastcgi_pass unix:${config.services.phpfpm.pools."wordpress-designyourfuture".socket}; - # fastcgi_index index.php; - # include "${config.services.nginx.package}/conf/fastcgi.conf"; - # fastcgi_param PATH_INFO $fastcgi_path_info; - # fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; - # # Mitigate https://httpoxy.org/ vulnerabilities - # fastcgi_param HTTP_PROXY ""; - # fastcgi_intercept_errors off; - # fastcgi_buffer_size 16k; - # fastcgi_buffers 4 16k; - # fastcgi_connect_timeout 300; - # fastcgi_send_timeout 300; - # fastcgi_read_timeout 300; - # ''; - # }; - # "~ /\\." = { - # priority = 800; - # extraConfig = "deny all;"; - # }; - # "~* /(?:uploads|files)/.*\\.php$" = { - # priority = 900; - # extraConfig = "deny all;"; - # }; - # "~* \\.(js|css|png|jpg|jpeg|gif|ico)$" = { - # priority = 1000; - # extraConfig = '' - # expires max; - # log_not_found off; - # ''; - # }; - } // { - # root = "/var/www/wordpress-designyourfuture"; - # extraConfig = '' - # index index.php; - # ''; + "/".alias = "/var/www/amandoline-designyourfuture/"; + }; + "amandoline-creations.fr" = base { + "/".alias = "/var/www/amandoline-portfolio/"; + }; + "www.amandoline-creations.fr" = { + enableACME = true; + forceSSL = true; + globalRedirect = "amandoline-creations.fr"; }; }; }; From 2da57f3126806ab73913ce1eeaab1cd10de363a0 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 23 Mar 2023 11:35:15 +0100 Subject: [PATCH 062/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/c43f676c938662072772339be6269226c77b51b8' (2023-02-14) → 'github:NixOS/nixpkgs/9ef6e7727f4c31507627815d4f8679c5841efb00' (2023-03-22) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/545c7a31e5dedea4a6d372712a18e00ce097d462' (2023-02-13) → 'github:NixOS/nixpkgs/19cf008bb18e47b6e3b4e16e32a9a4bdd4b45f7e' (2023-03-21) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index eecc94f..8c9f96d 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1676375384, - "narHash": "sha256-6HI3jZiuJX+KLz05cocYy2mBAWlISEKHU84ftYfxHZ8=", + "lastModified": 1679472241, + "narHash": "sha256-VK2YDic2NjPvfsuneJCLIrWS38qUfoW8rLLimx0rWXA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c43f676c938662072772339be6269226c77b51b8", + "rev": "9ef6e7727f4c31507627815d4f8679c5841efb00", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1676300157, - "narHash": "sha256-1HjRzfp6LOLfcj/HJHdVKWAkX9QRAouoh6AjzJiIerU=", + "lastModified": 1679437018, + "narHash": "sha256-vOuiDPLHSEo/7NkiWtxpHpHgoXoNmrm+wkXZ6a072Fc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "545c7a31e5dedea4a6d372712a18e00ce097d462", + "rev": "19cf008bb18e47b6e3b4e16e32a9a4bdd4b45f7e", "type": "github" }, "original": { From 3568d0bb16f547c9a16e0ef6de9198ae29e704f3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 1 Apr 2023 12:53:34 +0200 Subject: [PATCH 063/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/9ef6e7727f4c31507627815d4f8679c5841efb00' (2023-03-22) → 'github:NixOS/nixpkgs/a575c243c23e2851b78c00e9fa245232926ec32f' (2023-03-29) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/19cf008bb18e47b6e3b4e16e32a9a4bdd4b45f7e' (2023-03-21) → 'github:NixOS/nixpkgs/e3652e0735fbec227f342712f180f4f21f0594f2' (2023-03-30) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 8c9f96d..2213f2b 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1679472241, - "narHash": "sha256-VK2YDic2NjPvfsuneJCLIrWS38qUfoW8rLLimx0rWXA=", + "lastModified": 1680122840, + "narHash": "sha256-zCQ/9iFHzCW5JMYkkHMwgK1/1/kTMgCMHq4THPINpAU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9ef6e7727f4c31507627815d4f8679c5841efb00", + "rev": "a575c243c23e2851b78c00e9fa245232926ec32f", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1679437018, - "narHash": "sha256-vOuiDPLHSEo/7NkiWtxpHpHgoXoNmrm+wkXZ6a072Fc=", + "lastModified": 1680213900, + "narHash": "sha256-cIDr5WZIj3EkKyCgj/6j3HBH4Jj1W296z7HTcWj1aMA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "19cf008bb18e47b6e3b4e16e32a9a4bdd4b45f7e", + "rev": "e3652e0735fbec227f342712f180f4f21f0594f2", "type": "github" }, "original": { From 08833324c2d5de1103c0dc89787b5499647ee996 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 24 Apr 2023 20:29:13 +0200 Subject: [PATCH 064/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/a575c243c23e2851b78c00e9fa245232926ec32f' (2023-03-29) → 'github:NixOS/nixpkgs/f5364316e314436f6b9c8fd50592b18920ab18f9' (2023-04-24) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/e3652e0735fbec227f342712f180f4f21f0594f2' (2023-03-30) → 'github:NixOS/nixpkgs/e78d25df6f1036b3fa76750ed4603dd9d5fe90fc' (2023-04-23) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 2213f2b..ba3bbff 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1680122840, - "narHash": "sha256-zCQ/9iFHzCW5JMYkkHMwgK1/1/kTMgCMHq4THPINpAU=", + "lastModified": 1682303062, + "narHash": "sha256-x+KAADp27lbxeoPXLUMxKcRsUUHDlg+qVjt5PjgBw9A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a575c243c23e2851b78c00e9fa245232926ec32f", + "rev": "f5364316e314436f6b9c8fd50592b18920ab18f9", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1680213900, - "narHash": "sha256-cIDr5WZIj3EkKyCgj/6j3HBH4Jj1W296z7HTcWj1aMA=", + "lastModified": 1682268651, + "narHash": "sha256-2eZriMhnD24Pmb8ideZWZDiXaAVe6LzJrHQiNPck+Lk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e3652e0735fbec227f342712f180f4f21f0594f2", + "rev": "e78d25df6f1036b3fa76750ed4603dd9d5fe90fc", "type": "github" }, "original": { From da693daad6f105f69eb3df3d92c138a39579caad Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 18 May 2023 20:19:11 +0200 Subject: [PATCH 065/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/f5364316e314436f6b9c8fd50592b18920ab18f9' (2023-04-24) → 'github:NixOS/nixpkgs/628d4bb6e9f4f0c30cfd9b23d3c1cdcec9d3cb5c' (2023-05-18) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/e78d25df6f1036b3fa76750ed4603dd9d5fe90fc' (2023-04-23) → 'github:NixOS/nixpkgs/48a0fb7aab511df92a17cf239c37f2bd2ec9ae3a' (2023-05-18) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index ba3bbff..54e9e04 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1682303062, - "narHash": "sha256-x+KAADp27lbxeoPXLUMxKcRsUUHDlg+qVjt5PjgBw9A=", + "lastModified": 1684398685, + "narHash": "sha256-TRE62m91iZ5ArVMgA+uj22Yda8JoQuuhc9uwZ+NoX+0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f5364316e314436f6b9c8fd50592b18920ab18f9", + "rev": "628d4bb6e9f4f0c30cfd9b23d3c1cdcec9d3cb5c", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1682268651, - "narHash": "sha256-2eZriMhnD24Pmb8ideZWZDiXaAVe6LzJrHQiNPck+Lk=", + "lastModified": 1684385584, + "narHash": "sha256-O7y0gK8OLIDqz+LaHJJyeu09IGiXlZIS3+JgEzGmmJA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e78d25df6f1036b3fa76750ed4603dd9d5fe90fc", + "rev": "48a0fb7aab511df92a17cf239c37f2bd2ec9ae3a", "type": "github" }, "original": { From 30faf02d276ddde1a9c176ced32bf36ed9162f91 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 18 May 2023 20:23:02 +0200 Subject: [PATCH 066/240] create photoprism accounts --- systems/LoutreOS/services.nix | 3 ++- systems/LoutreOS/web.nix | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 3b8df04..e028104 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -549,9 +549,10 @@ in photoprism = { enable = true; originalsPath = "/mnt/backup_loutre/amandoleen/d/Users/Amand/Pictures"; + passwordFile = "/mnt/secrets/photoprism_pass"; settings = { - PHOTOPRISM_AUTH_MODE = "public"; PHOTOPRISM_READONLY = "1"; + PHOTOPRISM_DETECT_NSFW = "1"; PHOTOPRISM_SITE_URL = "https://photo.nyanlout.re/"; }; }; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index aa7ca38..587f5ef 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -264,7 +264,7 @@ in "ci.nyanlout.re" = simpleReverse 52350; "gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort; "musique.nyanlout.re" = simpleReverse config.services.navidrome.settings.Port; - "photo.nyanlout.re" = recursiveUpdate (authReverse config.services.photoprism.port) { + "photo.nyanlout.re" = recursiveUpdate (simpleReverse config.services.photoprism.port) { locations."/" = { proxyWebsockets = true; }; From d28de2a644e9a4541f2cac9cd47b7405f7d1e45a Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 18 May 2023 20:23:15 +0200 Subject: [PATCH 067/240] use unstable radarr and sonarr --- systems/LoutreOS/medias.nix | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index 96b06ee..f177bea 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -17,8 +17,14 @@ }; }; - radarr.enable = true; - sonarr.enable = true; + radarr = { + enable = true; + package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.radarr; + }; + sonarr = { + enable = true; + package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.sonarr; + }; jackett = { enable = true; package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.jackett; From 0167221dc56070952887648eced1bdb204feb850 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 18 May 2023 22:41:11 +0200 Subject: [PATCH 068/240] replace jackett with prowlarr --- systems/LoutreOS/medias.nix | 5 +---- systems/LoutreOS/web.nix | 2 +- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index f177bea..8a4d15d 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -25,10 +25,7 @@ enable = true; package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.sonarr; }; - jackett = { - enable = true; - package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.jackett; - }; + prowlarr.enable = true; jellyfin = { enable = true; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 587f5ef..243d4d7 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -254,7 +254,7 @@ in "radarr.nyanlout.re" = authReverse 7878; "sonarr.nyanlout.re" = authReverse 8989; "syncthing.nyanlout.re" = authReverse 8384; - "jackett.nyanlout.re" = authReverse 9117; + "prowlarr.nyanlout.re" = authReverse 9696; "matrix.nyanlout.re" = simpleReverse 8008; "emby.nyanlout.re" = recursiveUpdate (simpleReverse 8096) { locations."/" = { From cb4f74182eed56862c12e89d386067da766bfe23 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 8 Jun 2023 21:34:28 +0200 Subject: [PATCH 069/240] no trim/scrub on daily computer --- systems/PC-Fixe/configuration.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 282adba..02de5ce 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -36,11 +36,11 @@ services.zfs = { trim = { - enable = true; + enable = false; interval = "monthly"; }; autoScrub = { - enable = true; + enable = false; interval = "monthly"; }; autoSnapshot = { From 69e9788a1631c1e0a3bacb199200ab04c22ecc12 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 8 Jun 2023 21:35:19 +0200 Subject: [PATCH 070/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/628d4bb6e9f4f0c30cfd9b23d3c1cdcec9d3cb5c' (2023-05-18) → 'github:NixOS/nixpkgs/d83945caa7624015f11b152bf5c6c4363ffe9f7c' (2023-06-06) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/48a0fb7aab511df92a17cf239c37f2bd2ec9ae3a' (2023-05-18) → 'github:NixOS/nixpkgs/381e92a35e2d196fdd6077680dca0cd0197e75cb' (2023-06-07) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 54e9e04..45994b4 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1684398685, - "narHash": "sha256-TRE62m91iZ5ArVMgA+uj22Yda8JoQuuhc9uwZ+NoX+0=", + "lastModified": 1686035213, + "narHash": "sha256-hRcXUoVWWuLqFzQ1QVQx4ewvbnst1NkCxoZhmpzrilA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "628d4bb6e9f4f0c30cfd9b23d3c1cdcec9d3cb5c", + "rev": "d83945caa7624015f11b152bf5c6c4363ffe9f7c", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1684385584, - "narHash": "sha256-O7y0gK8OLIDqz+LaHJJyeu09IGiXlZIS3+JgEzGmmJA=", + "lastModified": 1686135559, + "narHash": "sha256-pY8waAV8K/sbHBdLn5diPFnQKpNg0YS9w03MrD2lUGE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "48a0fb7aab511df92a17cf239c37f2bd2ec9ae3a", + "rev": "381e92a35e2d196fdd6077680dca0cd0197e75cb", "type": "github" }, "original": { From fab9a81d0e9600a70666346bdb70bd7576ccf41c Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 8 Jun 2023 21:35:55 +0200 Subject: [PATCH 071/240] replace minecraft by prismlauncher --- systems/common-gui.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/common-gui.nix b/systems/common-gui.nix index 216a765..62e74b6 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -10,7 +10,7 @@ sc-controller steam-run - minecraft + prismlauncher lutris teamspeak_client From cacf58c7dd156cc715c9bd9fe61d1c02a8c02f25 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 13 Jun 2023 13:56:00 +0200 Subject: [PATCH 072/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d83945caa7624015f11b152bf5c6c4363ffe9f7c' (2023-06-06) → 'github:NixOS/nixpkgs/d3bb401dcfc5a46ce51cdfb5762e70cc75d082d2' (2023-06-10) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/381e92a35e2d196fdd6077680dca0cd0197e75cb' (2023-06-07) → 'github:NixOS/nixpkgs/75a5ebf473cd60148ba9aec0d219f72e5cf52519' (2023-06-11) • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/bc667fb6afc45f6cc2d118ab77658faf2227cffd' (2022-12-21) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/4966c0f63f04659015f064f2aa34b1893a16dfde' (2023-06-11) • Added input 'simple-nixos-mailserver/flake-compat': 'github:edolstra/flake-compat/009399224d5e398d03b22badca40a37ac85412a1' (2022-11-17) • Updated input 'simple-nixos-mailserver/nixpkgs-22_11': follows 'nixpkgs' → 'github:NixOS/nixpkgs/ce5fe99df1f15a09a91a86be9738d68fadfbad82' (2022-11-27) • Added input 'simple-nixos-mailserver/nixpkgs-23_05': follows 'nixpkgs' --- flake.lock | 55 +++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 44 insertions(+), 11 deletions(-) diff --git a/flake.lock b/flake.lock index 45994b4..b72ec57 100644 --- a/flake.lock +++ b/flake.lock @@ -37,6 +37,22 @@ "type": "gitlab" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1638122382, @@ -75,11 +91,26 @@ }, "nixpkgs": { "locked": { - "lastModified": 1686035213, - "narHash": "sha256-hRcXUoVWWuLqFzQ1QVQx4ewvbnst1NkCxoZhmpzrilA=", + "lastModified": 1686431482, + "narHash": "sha256-oPVQ/0YP7yC2ztNsxvWLrV+f0NQ2QAwxbrZ+bgGydEM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d83945caa7624015f11b152bf5c6c4363ffe9f7c", + "rev": "d3bb401dcfc5a46ce51cdfb5762e70cc75d082d2", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.05", + "type": "indirect" + } + }, + "nixpkgs-22_11": { + "locked": { + "lastModified": 1669558522, + "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", "type": "github" }, "original": { @@ -90,11 +121,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1686135559, - "narHash": "sha256-pY8waAV8K/sbHBdLn5diPFnQKpNg0YS9w03MrD2lUGE=", + "lastModified": 1686501370, + "narHash": "sha256-G0WuM9fqTPRc2URKP9Lgi5nhZMqsfHGrdEbrLvAPJcg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "381e92a35e2d196fdd6077680dca0cd0197e75cb", + "rev": "75a5ebf473cd60148ba9aec0d219f72e5cf52519", "type": "github" }, "original": { @@ -116,25 +147,27 @@ "simple-nixos-mailserver": { "inputs": { "blobs": "blobs", + "flake-compat": "flake-compat", "nixpkgs": [ "nixpkgs-unstable" ], - "nixpkgs-22_11": [ + "nixpkgs-22_11": "nixpkgs-22_11", + "nixpkgs-23_05": [ "nixpkgs" ], "utils": "utils" }, "locked": { - "lastModified": 1671659164, - "narHash": "sha256-DbpT+v1POwFOInbrDL+vMbYV3mVbTkMxmJ5j50QnOcA=", + "lastModified": 1686496219, + "narHash": "sha256-8zXZ/813yzaRA84js98G3XQ3GEEzFGnxhjvVyxkEey0=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "bc667fb6afc45f6cc2d118ab77658faf2227cffd", + "rev": "4966c0f63f04659015f064f2aa34b1893a16dfde", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-22.11", + "ref": "nixos-23.05", "repo": "nixos-mailserver", "type": "gitlab" } From ab08037dc9915be9d9199532438638c8cfc386dc Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 13 Jun 2023 14:05:05 +0200 Subject: [PATCH 073/240] LoutreOS: update to 23.05 and rename deprecated options --- flake.nix | 7 +++---- systems/LoutreOS/configuration.nix | 10 ++++++---- systems/LoutreOS/services.nix | 2 +- systems/LoutreOS/web.nix | 8 +++++--- 4 files changed, 15 insertions(+), 12 deletions(-) diff --git a/flake.nix b/flake.nix index e9ef184..d6de1f2 100644 --- a/flake.nix +++ b/flake.nix @@ -1,13 +1,13 @@ { inputs = { - nixpkgs.url = "flake:nixpkgs/nixos-22.11"; + nixpkgs.url = "flake:nixpkgs/nixos-23.05"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; utils.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.3.1"; simple-nixos-mailserver = { - url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.11"; + url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05"; inputs = { nixpkgs.follows = "nixpkgs-unstable"; - nixpkgs-22_11.follows = "nixpkgs"; + nixpkgs-23_05.follows = "nixpkgs"; }; }; dogetipbot-telegram = { @@ -46,7 +46,6 @@ ]; hosts.loutreos.modules = [ - "${nixpkgs-unstable}/nixos/modules/services/web-apps/photoprism.nix" simple-nixos-mailserver.nixosModule dogetipbot-telegram.nixosModule ipmihddtemp.nixosModule diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index e292f44..49da3b0 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -22,7 +22,7 @@ supportedFilesystems = [ "zfs" ]; - tmpOnTmpfs = true; + tmp.useTmpfs = true; }; documentation.nixos.enable = false; @@ -168,9 +168,11 @@ services.openssh = { enable = true; - permitRootLogin = "no"; - passwordAuthentication = false; - forwardX11 = true; + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + X11Forwarding = true; + }; }; users = { diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index e028104..39d1e2a 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -62,7 +62,7 @@ in }; # Certificate setup - certificateScheme = 1; + certificateScheme = "manual"; certificateFile = "/var/lib/acme/${domaine}/fullchain.pem"; keyFile = "/var/lib/acme/${domaine}/key.pem"; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 243d4d7..52bf009 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -262,7 +262,7 @@ in }; }; "ci.nyanlout.re" = simpleReverse 52350; - "gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort; + "gitea.nyanlout.re" = simpleReverse config.services.gitea.settings.server.HTTP_PORT; "musique.nyanlout.re" = simpleReverse config.services.navidrome.settings.Port; "photo.nyanlout.re" = recursiveUpdate (simpleReverse config.services.photoprism.port) { locations."/" = { @@ -350,14 +350,16 @@ in gitea = { enable = true; - httpPort = 3001; - rootUrl = "https://gitea.nyanlout.re/"; database = { type = "postgres"; port = 5432; passwordFile = "/var/lib/gitea/custom/conf/database_password"; }; settings = { + server = { + HTTP_PORT = 3001; + ROOT_URL = "https://gitea.nyanlout.re/"; + }; ui.DEFAULT_THEME = "arc-green"; log.LEVEL = "Warn"; service.DISABLE_REGISTRATION = true; From 0037f3fd6d31dd4a06c83b8350ea6083a6fec556 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 13 Jun 2023 14:47:44 +0200 Subject: [PATCH 074/240] LoutreOS: replace dhcpd4 with networkd --- systems/LoutreOS/configuration.nix | 65 ++++++++++-------------------- 1 file changed, 22 insertions(+), 43 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 49da3b0..86a6a54 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -57,10 +57,6 @@ id = 100; interface = "eno1"; }; - chinoiseries = { - id = 20; - interface = "eno2"; - }; }; interfaces = { @@ -74,11 +70,6 @@ { address = "10.30.0.1"; prefixLength = 16; } ]; }; - chinoiseries = { - ipv4.addresses = [ - { address = "10.40.0.1"; prefixLength = 16; } - ]; - }; enp0s21u2.useDHCP = true; }; @@ -88,8 +79,8 @@ externalInterface = "bouygues"; # Permet d'utiliser le SNAT plus rapide au lieu de MASQUERADE # externalIP = "0.0.0.0"; - internalIPs = [ "10.30.0.0/16" "10.40.0.0/16" ]; - internalInterfaces = [ "eno2" "chinoiseries" ]; + internalIPs = [ "10.30.0.0/16" ]; + internalInterfaces = [ "eno2" ]; forwardPorts = [ { destination = "10.30.0.1:22"; proto = "tcp"; sourcePort = 8443;} { destination = "10.30.135.35:25565"; proto = "tcp"; sourcePort = 25565; loopbackIPs=[ "195.36.180.44" ];} @@ -115,6 +106,26 @@ }; systemd.network.networks = { + "40-eno2" = { + networkConfig = { + DHCPServer = true; + }; + dhcpServerConfig = { + PoolOffset = 25599; + PoolSize = 25600; + DNS = [ "89.234.141.66" "80.67.169.12" "80.67.169.40" ]; + }; + dhcpServerStaticLeases = [ + { dhcpServerStaticLeaseConfig = { MACAddress = "50:c7:bf:b6:b8:ef"; Address = "10.30.50.7"; }; } # HS110 + { dhcpServerStaticLeaseConfig = { MACAddress = "ac:1f:6b:4b:01:15"; Address = "10.30.1.1"; }; } # IPMI + { dhcpServerStaticLeaseConfig = { MACAddress = "b4:2e:99:ed:24:26"; Address = "10.30.50.1"; }; } # paul-fixe + + #ESPHome + { dhcpServerStaticLeaseConfig = { MACAddress = "e0:98:06:85:e9:ce"; Address = "10.30.40.1"; }; } # salonled + { dhcpServerStaticLeaseConfig = { MACAddress = "e0:98:06:86:38:fc"; Address = "10.30.40.2"; }; } # bureauled + { dhcpServerStaticLeaseConfig = { MACAddress = "50:02:91:78:be:be"; Address = "10.30.40.3"; }; } # guirlande + ]; + }; "40-bouygues" = { dhcpV4Config.RouteMetric = 1; dhcpV6Config = { @@ -130,38 +141,6 @@ "40-enp0s21u2".dhcpV4Config.RouteMetric = 1024; }; - services.dhcpd4 = { - enable = true; - interfaces = [ "eno2" "chinoiseries" ]; - machines = [ - { ethernetAddress = "50:c7:bf:b6:b8:ef"; hostName = "HS110"; ipAddress = "10.30.50.7"; } - { ethernetAddress = "ac:1f:6b:4b:01:15"; hostName = "IPMI"; ipAddress = "10.30.1.1"; } - { ethernetAddress = "b4:2e:99:ed:24:26"; hostName = "paul-fixe"; ipAddress = "10.30.50.1"; } - - #ESPHome - { ethernetAddress = "e0:98:06:85:e9:ce"; hostName = "salonled"; ipAddress = "10.30.40.1"; } - { ethernetAddress = "e0:98:06:86:38:fc"; hostName = "bureauled"; ipAddress = "10.30.40.2"; } - { ethernetAddress = "50:02:91:78:be:be"; hostName = "guirlande"; ipAddress = "10.30.40.3"; } - - # YeeLights - { ethernetAddress = "04:cf:8c:b5:7e:18"; hostName = "yeelink-light-color3_miap7e18"; ipAddress = "10.40.249.0"; } - { ethernetAddress = "04:cf:8c:b5:2d:28"; hostName = "yeelink-light-color3_miap2d28"; ipAddress = "10.40.249.1"; } - { ethernetAddress = "04:cf:8c:b5:71:04"; hostName = "yeelink-light-color3_miap7104"; ipAddress = "10.40.249.2"; } - ]; - extraConfig = '' - option domain-name-servers 89.234.141.66, 80.67.169.12, 80.67.169.40; - option subnet-mask 255.255.0.0; - subnet 10.30.0.0 netmask 255.255.0.0 { - option routers 10.30.0.1; - range 10.30.100.0 10.30.200.0; - } - subnet 10.40.0.0 netmask 255.255.0.0 { - option routers 10.40.0.1; - range 10.40.100.0 10.40.200.0; - } - ''; - }; - nixpkgs.overlays = [ (import ../../overlays/transmission.nix) ]; From 1612f543dcc3ad7739f97a8b5b4915f17adcd3e9 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 13 Jun 2023 16:19:14 +0200 Subject: [PATCH 075/240] Revert "LoutreOS: replace dhcpd4 with networkd" This reverts commit 0037f3fd6d31dd4a06c83b8350ea6083a6fec556. --- systems/LoutreOS/configuration.nix | 43 ++++++++++++++++-------------- 1 file changed, 23 insertions(+), 20 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 86a6a54..720c7d7 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -106,26 +106,6 @@ }; systemd.network.networks = { - "40-eno2" = { - networkConfig = { - DHCPServer = true; - }; - dhcpServerConfig = { - PoolOffset = 25599; - PoolSize = 25600; - DNS = [ "89.234.141.66" "80.67.169.12" "80.67.169.40" ]; - }; - dhcpServerStaticLeases = [ - { dhcpServerStaticLeaseConfig = { MACAddress = "50:c7:bf:b6:b8:ef"; Address = "10.30.50.7"; }; } # HS110 - { dhcpServerStaticLeaseConfig = { MACAddress = "ac:1f:6b:4b:01:15"; Address = "10.30.1.1"; }; } # IPMI - { dhcpServerStaticLeaseConfig = { MACAddress = "b4:2e:99:ed:24:26"; Address = "10.30.50.1"; }; } # paul-fixe - - #ESPHome - { dhcpServerStaticLeaseConfig = { MACAddress = "e0:98:06:85:e9:ce"; Address = "10.30.40.1"; }; } # salonled - { dhcpServerStaticLeaseConfig = { MACAddress = "e0:98:06:86:38:fc"; Address = "10.30.40.2"; }; } # bureauled - { dhcpServerStaticLeaseConfig = { MACAddress = "50:02:91:78:be:be"; Address = "10.30.40.3"; }; } # guirlande - ]; - }; "40-bouygues" = { dhcpV4Config.RouteMetric = 1; dhcpV6Config = { @@ -141,6 +121,29 @@ "40-enp0s21u2".dhcpV4Config.RouteMetric = 1024; }; + services.dhcpd4 = { + enable = true; + interfaces = [ "eno2" ]; + machines = [ + { ethernetAddress = "50:c7:bf:b6:b8:ef"; hostName = "HS110"; ipAddress = "10.30.50.7"; } + { ethernetAddress = "ac:1f:6b:4b:01:15"; hostName = "IPMI"; ipAddress = "10.30.1.1"; } + { ethernetAddress = "b4:2e:99:ed:24:26"; hostName = "paul-fixe"; ipAddress = "10.30.50.1"; } + + #ESPHome + { ethernetAddress = "e0:98:06:85:e9:ce"; hostName = "salonled"; ipAddress = "10.30.40.1"; } + { ethernetAddress = "e0:98:06:86:38:fc"; hostName = "bureauled"; ipAddress = "10.30.40.2"; } + { ethernetAddress = "50:02:91:78:be:be"; hostName = "guirlande"; ipAddress = "10.30.40.3"; } + ]; + extraConfig = '' + option domain-name-servers 89.234.141.66, 80.67.169.12, 80.67.169.40; + option subnet-mask 255.255.0.0; + subnet 10.30.0.0 netmask 255.255.0.0 { + option routers 10.30.0.1; + range 10.30.100.0 10.30.200.0; + } + ''; + }; + nixpkgs.overlays = [ (import ../../overlays/transmission.nix) ]; From c9f1186eb7522d122dd46878052d25b841228802 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 13 Jun 2023 16:28:45 +0200 Subject: [PATCH 076/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d3bb401dcfc5a46ce51cdfb5762e70cc75d082d2' (2023-06-10) → 'github:NixOS/nixpkgs/bb8b5735d6f7e06b9ddd27de115b0600c1ffbdb4' (2023-06-11) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index b72ec57..1c16b89 100644 --- a/flake.lock +++ b/flake.lock @@ -91,11 +91,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1686431482, - "narHash": "sha256-oPVQ/0YP7yC2ztNsxvWLrV+f0NQ2QAwxbrZ+bgGydEM=", + "lastModified": 1686513595, + "narHash": "sha256-H3JNqj7TEiMx5rd8lRiONvgFZvmf3kmwHI2umDdqgFY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d3bb401dcfc5a46ce51cdfb5762e70cc75d082d2", + "rev": "bb8b5735d6f7e06b9ddd27de115b0600c1ffbdb4", "type": "github" }, "original": { From afe53131ad18f5d0b1732048a17ae1673cb95a59 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 13 Jun 2023 16:32:29 +0200 Subject: [PATCH 077/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'dogetipbot-telegram': 'gitlab:nyanloutre/dogetipbot-telegram/e781adbbeda8aa0cbaef47558fc28f9e1dd162fb' (2021-11-02) → 'gitlab:nyanloutre/dogetipbot-telegram/de99d17926f5c62be6fa20484669ae13bf42a30a' (2023-06-13) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 1c16b89..d0a48ca 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ ] }, "locked": { - "lastModified": 1635873573, - "narHash": "sha256-KcrFb8HSNcVTtYNXoUwZxW531cQn6T3YBU6Goo5G9mo=", + "lastModified": 1686666491, + "narHash": "sha256-6MjpVRB9OlHYaVyF0miA5M2nwYA+rjFaNx7R7Vtoy8c=", "owner": "nyanloutre", "repo": "dogetipbot-telegram", - "rev": "e781adbbeda8aa0cbaef47558fc28f9e1dd162fb", + "rev": "de99d17926f5c62be6fa20484669ae13bf42a30a", "type": "gitlab" }, "original": { From 9d55820d77dd57b700c45a151cd51c4b17e9eb04 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 13 Jun 2023 16:37:42 +0200 Subject: [PATCH 078/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'dogetipbot-telegram': 'gitlab:nyanloutre/dogetipbot-telegram/de99d17926f5c62be6fa20484669ae13bf42a30a' (2023-06-13) → 'gitlab:nyanloutre/dogetipbot-telegram/134eb1ca05cb64fa2185c9f80056aa8cb2207872' (2023-06-13) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index d0a48ca..eb53351 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ ] }, "locked": { - "lastModified": 1686666491, - "narHash": "sha256-6MjpVRB9OlHYaVyF0miA5M2nwYA+rjFaNx7R7Vtoy8c=", + "lastModified": 1686667052, + "narHash": "sha256-o8Pz8dwgclryP8+hhKxgwfi3T9jouJ9R846dfwAMASg=", "owner": "nyanloutre", "repo": "dogetipbot-telegram", - "rev": "de99d17926f5c62be6fa20484669ae13bf42a30a", + "rev": "134eb1ca05cb64fa2185c9f80056aa8cb2207872", "type": "gitlab" }, "original": { From de4fc8b6823de3e01dda4465f87cf5e9d56d9bc3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 13 Jun 2023 16:44:07 +0200 Subject: [PATCH 079/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'dogetipbot-telegram': 'gitlab:nyanloutre/dogetipbot-telegram/134eb1ca05cb64fa2185c9f80056aa8cb2207872' (2023-06-13) → 'gitlab:nyanloutre/dogetipbot-telegram/df4062f9e6dc2ebf9f5ecea27766a3189df06851' (2023-06-13) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index eb53351..2b48394 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ ] }, "locked": { - "lastModified": 1686667052, - "narHash": "sha256-o8Pz8dwgclryP8+hhKxgwfi3T9jouJ9R846dfwAMASg=", + "lastModified": 1686667442, + "narHash": "sha256-lJJFjj7MEGbqQbpNQSrhVhe40jorKL9B5oyGXp5iZWc=", "owner": "nyanloutre", "repo": "dogetipbot-telegram", - "rev": "134eb1ca05cb64fa2185c9f80056aa8cb2207872", + "rev": "df4062f9e6dc2ebf9f5ecea27766a3189df06851", "type": "gitlab" }, "original": { From ccb1ffebfeca1b30b50fad930c1ce9701458de4a Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 13 Jun 2023 16:50:57 +0200 Subject: [PATCH 080/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'dogetipbot-telegram': 'gitlab:nyanloutre/dogetipbot-telegram/df4062f9e6dc2ebf9f5ecea27766a3189df06851' (2023-06-13) → 'gitlab:nyanloutre/dogetipbot-telegram/9fa9fd3215d6b8a16af59cf6b33cde047e64b0a7' (2023-06-13) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 2b48394..8f030f4 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ ] }, "locked": { - "lastModified": 1686667442, - "narHash": "sha256-lJJFjj7MEGbqQbpNQSrhVhe40jorKL9B5oyGXp5iZWc=", + "lastModified": 1686667851, + "narHash": "sha256-eaAckl4z80kqWlE75rE3qqEiYOk7JD91BcUXpCfmnaM=", "owner": "nyanloutre", "repo": "dogetipbot-telegram", - "rev": "df4062f9e6dc2ebf9f5ecea27766a3189df06851", + "rev": "9fa9fd3215d6b8a16af59cf6b33cde047e64b0a7", "type": "gitlab" }, "original": { From 7c45822d7dcdf02e79bfa05cf6c9eaaed2ac9f21 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 13 Jun 2023 16:53:42 +0200 Subject: [PATCH 081/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'dogetipbot-telegram': 'gitlab:nyanloutre/dogetipbot-telegram/9fa9fd3215d6b8a16af59cf6b33cde047e64b0a7' (2023-06-13) → 'gitlab:nyanloutre/dogetipbot-telegram/e1b7b838a2863cb88f034ebed2fd74e1971bc962' (2023-06-13) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 8f030f4..07f00c1 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ ] }, "locked": { - "lastModified": 1686667851, - "narHash": "sha256-eaAckl4z80kqWlE75rE3qqEiYOk7JD91BcUXpCfmnaM=", + "lastModified": 1686668016, + "narHash": "sha256-ET9wTbouCiD64fhMIL7MTXqLY8mh/Zqt9xUJkx6HmRk=", "owner": "nyanloutre", "repo": "dogetipbot-telegram", - "rev": "9fa9fd3215d6b8a16af59cf6b33cde047e64b0a7", + "rev": "e1b7b838a2863cb88f034ebed2fd74e1971bc962", "type": "gitlab" }, "original": { From 2ff32860e578503d62afe90005a8802ee1fea44f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 13 Jun 2023 16:56:23 +0200 Subject: [PATCH 082/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'dogetipbot-telegram': 'gitlab:nyanloutre/dogetipbot-telegram/e1b7b838a2863cb88f034ebed2fd74e1971bc962' (2023-06-13) → 'gitlab:nyanloutre/dogetipbot-telegram/baafc544b59db91dbe9466565e2f224e3aa76f7b' (2023-06-13) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 07f00c1..ce3f14d 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ ] }, "locked": { - "lastModified": 1686668016, - "narHash": "sha256-ET9wTbouCiD64fhMIL7MTXqLY8mh/Zqt9xUJkx6HmRk=", + "lastModified": 1686668177, + "narHash": "sha256-sr4VMrsUG3ePrk8HNL2OeQ/gDqqnGRjzzzDSxRf65lo=", "owner": "nyanloutre", "repo": "dogetipbot-telegram", - "rev": "e1b7b838a2863cb88f034ebed2fd74e1971bc962", + "rev": "baafc544b59db91dbe9466565e2f224e3aa76f7b", "type": "gitlab" }, "original": { From 2d8a066fd7fe980ec183a1ece79f7920bf92fc70 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 22 Jun 2023 18:11:10 +0200 Subject: [PATCH 083/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'dogetipbot-telegram': 'gitlab:nyanloutre/dogetipbot-telegram/baafc544b59db91dbe9466565e2f224e3aa76f7b' (2023-06-13) → 'gitlab:nyanloutre/dogetipbot-telegram/d7970444d7b9b602b55aa67f5e593d41e97d12cf' (2023-06-13) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/bb8b5735d6f7e06b9ddd27de115b0600c1ffbdb4' (2023-06-11) → 'github:NixOS/nixpkgs/b6c73c5fe53bb3afbf65e870541e0645e9145171' (2023-06-20) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/75a5ebf473cd60148ba9aec0d219f72e5cf52519' (2023-06-11) → 'github:NixOS/nixpkgs/04af42f3b31dba0ef742d254456dc4c14eedac86' (2023-06-17) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index ce3f14d..ca01781 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ ] }, "locked": { - "lastModified": 1686668177, - "narHash": "sha256-sr4VMrsUG3ePrk8HNL2OeQ/gDqqnGRjzzzDSxRf65lo=", + "lastModified": 1686669604, + "narHash": "sha256-xoPWq1PMEGauyZfVDx85kWERWlCZ2KWgFZSw7Fdx7Ns=", "owner": "nyanloutre", "repo": "dogetipbot-telegram", - "rev": "baafc544b59db91dbe9466565e2f224e3aa76f7b", + "rev": "d7970444d7b9b602b55aa67f5e593d41e97d12cf", "type": "gitlab" }, "original": { @@ -91,11 +91,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1686513595, - "narHash": "sha256-H3JNqj7TEiMx5rd8lRiONvgFZvmf3kmwHI2umDdqgFY=", + "lastModified": 1687288566, + "narHash": "sha256-VckkiJ88Gzdc2cstm0z5eFcrHbvkm4VjxavHBGssvZI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bb8b5735d6f7e06b9ddd27de115b0600c1ffbdb4", + "rev": "b6c73c5fe53bb3afbf65e870541e0645e9145171", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1686501370, - "narHash": "sha256-G0WuM9fqTPRc2URKP9Lgi5nhZMqsfHGrdEbrLvAPJcg=", + "lastModified": 1686960236, + "narHash": "sha256-AYCC9rXNLpUWzD9hm+askOfpliLEC9kwAo7ITJc4HIw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "75a5ebf473cd60148ba9aec0d219f72e5cf52519", + "rev": "04af42f3b31dba0ef742d254456dc4c14eedac86", "type": "github" }, "original": { From 1a525bb29a65a0100be84056307c010b7d463853 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 22 Jun 2023 18:19:40 +0200 Subject: [PATCH 084/240] replace chromium with brave and disable netdata --- systems/PC-Fixe/configuration.nix | 2 -- systems/common-gui.nix | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 02de5ce..9c24660 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -119,8 +119,6 @@ ]; }; - services.netdata.enable = true; - services.openssh.enable = true; services.openssh.passwordAuthentication = false; services.openssh.forwardX11 = true; diff --git a/systems/common-gui.nix b/systems/common-gui.nix index 62e74b6..068afae 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -23,7 +23,7 @@ firefox tor-browser-bundle-bin - chromium + brave tdesktop element-desktop From 0c8a0c3854f1e452baa9aeb9017c850e45af5f9f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 22 Jun 2023 18:40:32 +0200 Subject: [PATCH 085/240] LoutreOS: replace zha with zigbee2mqtt --- systems/LoutreOS/services.nix | 357 +++++++--------------------------- systems/LoutreOS/web.nix | 5 + 2 files changed, 70 insertions(+), 292 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 39d1e2a..81f4f91 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -182,6 +182,66 @@ in enable = true; }; + mosquitto = { + enable = true; + listeners = [ + { + acl = [ "pattern readwrite #" ]; + omitPasswordAuth = true; + address = "127.0.0.1"; + settings.allow_anonymous = true; + } + ]; + }; + + zigbee2mqtt = { + enable = true; + settings = { + mqtt = { + server = "mqtt://${(head config.services.mosquitto.listeners).address}:${toString (head config.services.mosquitto.listeners).port}"; + }; + frontend = { + port = 8080; + host = "127.0.0.1"; + url = "https://zigbee.nyanlout.re"; + }; + groups = { + "101" = { + friendly_name = "salon"; + devices = [ + "0x94deb8fffe760f3d" + ]; + }; + "102" = { + friendly_name = "cuisine"; + devices = [ + "0x003c84fffe6d9ee6" + ]; + }; + "103" = { + friendly_name = "entrée"; + devices = [ + "0x84ba20fffe5ec243" + ]; + }; + "104" = { + friendly_name = "tout"; + devices = [ + "0x94deb8fffe760f3d" + "0x003c84fffe6d9ee6" + "0x84ba20fffe5ec243" + ]; + }; + "107" = { + friendly_name = "chambre"; + devices = [ + "0x84ba20fffe5eb120" + ]; + }; + }; + }; + }; + home-assistant = { enable = true; extraComponents = [ @@ -192,37 +252,26 @@ in config = { default_config = {}; homeassistant = { + country = "FR"; latitude = 48.60038; longitude = 7.74063; elevation = 146; }; meteo_france = null; - #influxdb = null; - #config = null; - #dhcp = null; - #frontend = null; - #history = null; http = { use_x_forwarded_for = true; trusted_proxies = [ "127.0.0.1" ]; }; - #logbook = null; - #map = null; - #mobile_app = null; - #person = null; - #script = null; - #sun = null; - #system_health = null; - zha = null; + mqtt = null; esphome = null; light = [ { platform = "group"; name = "Salon"; entities = [ - "light.ikea_of_sweden_tradfri_bulb_e27_cws_806lm_e69e6dfe_level_light_color_on_off" - "light.ikea_of_sweden_tradfri_bulb_e27_cws_806lm_43c25efe_level_light_color_on_off" - "light.ikea_of_sweden_tradfri_bulb_e27_cws_806lm_3d0f76fe_level_light_color_on_off" + "light.salon_light" + "light.cuisine_light" + "light.entree_light" ]; } ]; @@ -267,282 +316,6 @@ in # }; # } #]; - #switch = [ - # { - # platform = "wake_on_lan"; - # name = "PC Fixe"; - # mac = "b4:2e:99:ed:24:26"; - # host = "10.30.135.71"; - # broadcast_address = "10.30.255.255"; - # } - #]; - #device_tracker = [ - # { - # platform = "ping"; - # hosts = { telephone_paul = "10.30.50.2"; }; - # } - #]; - #scene = [ - # { - # name = "Movie"; - # icon = "mdi:movie-open"; - # entities = { - # "light.salon" = { - # state = "on"; - # xy_color = [0.299 0.115]; - # brightness = 50; - # }; - # "light.bande_led_tv" = { - # state = "on"; - # effect = "Movie"; - # brightness = 180; - # }; - # "light.bande_led_bureau" = { - # state = "on"; - # xy_color = [0.299 0.115]; - # brightness = 130; - # }; - # }; - # } - # { - # name = "Home"; - # icon = "mdi:home"; - # entities = { - # "light.salon" = { - # state = "on"; - # kelvin = 2700; - # brightness = 255; - # }; - # }; - # } - # { - # name = "Night"; - # icon = "mdi:weather-night"; - # entities = { - # "light.salon" = { - # state = "off"; - # }; - # "light.bande_led_tv" = { - # state = "off"; - # }; - # "light.bande_led_bureau" = { - # state = "off"; - # }; - # "light.chambre" = { - # state = "on"; - # kelvin = 1900; - # brightness = 50; - # }; - # }; - # } - #]; - #automation = let - # min_sun_elevation = 4; - - # switch_chambre = { - # domain = "zha"; - # platform = "device"; - # device_id = "3329ecdcad244e5e8fc0f4b96d52ffe1"; - # }; - - # switch_entree = { - # domain = "zha"; - # platform = "device"; - # device_id = "7cd814190ec543dba76a7aa7e7996c41"; - # }; - - # remote = { - # domain = "zha"; - # platform = "device"; - # device_id = "d1230b76264e483388a8fdaad4f44143"; - # }; - #in [ - # # ENTREE - - # { - # alias = "Aziz lumière"; - # trigger = [ - # { - # platform = "numeric_state"; - # entity_id = "sun.sun"; - # value_template = "{{ state.attributes.elevation }}"; - # below = min_sun_elevation; - # } - # ]; - # condition = [ - # { - # condition = "state"; - # entity_id = "person.paul"; - # state = "home"; - # } - # # Sun below max elevation - # { - # condition = "template"; - # value_template = "{{ state_attr('sun.sun', 'elevation') < ${toString min_sun_elevation} }}"; - # } - # ]; - # action = { - # scene = "scene.home"; - # }; - # } - # { - # alias = "Aziz lumière switch"; - # trigger = { - # type = "remote_button_short_press"; - # subtype = "turn_on"; - # } // switch_entree; - # action = { - # scene = "scene.home"; - # }; - # } - # { - # alias = "Adios"; - # trigger = [ - # { - # platform = "state"; - # entity_id = "person.paul"; - # to = "not_home"; - # } - # ({ - # type = "remote_button_short_press"; - # subtype = "turn_off"; - # } // switch_entree) - # ]; - # action = [ - # { - # service = "light.turn_off"; - # entity_id = "all"; - # } - # { - # service = "media_player.turn_off"; - # entity_id = "all"; - # } - # ]; - # } - - # # REMOTE - - # { - # alias = "Button toggle"; - # trigger = { - # type = "remote_button_short_press"; - # subtype = "turn_on"; - # } // remote; - # action = { - # choose = { - # conditions = { - # condition = "template"; - # value_template = '' - # {% set domain = 'light' %} - # {% set state = 'off' %} - # {{ states[domain] | count == states[domain] | selectattr('state','eq',state) | list | count }} - # ''; - # }; - # sequence = { - # scene = "scene.home"; - # }; - # }; - # default = { - # service = "light.turn_off"; - # entity_id = "all"; - # }; - # }; - # } - # { - # alias = "Button scene movie"; - # trigger = { - # type = "remote_button_short_press"; - # subtype = "right"; - # } // remote; - # action = { - # scene = "scene.movie"; - # }; - # } - # { - # alias = "Button scene home"; - # trigger = { - # type = "remote_button_short_press"; - # subtype = "left"; - # } // remote; - # action = { - # scene = "scene.home"; - # }; - # } - # { - # alias = "Button light up"; - # trigger = { - # type = "remote_button_short_press"; - # subtype = "dim_up"; - # } // remote; - # action = { - # service = "light.turn_on"; - # entity_id = "light.salon"; - # data = { - # brightness_step = 25; - # }; - # }; - # } - # { - # alias = "Button light down"; - # trigger = { - # type = "remote_button_short_press"; - # subtype = "dim_down"; - # } // remote; - # action = { - # service = "light.turn_on"; - # entity_id = "light.salon"; - # data = { - # brightness_step = -25; - # }; - # }; - # } - - # # CHAMBRE - - # { - # alias = "Button scene night"; - # trigger = { - # type = "remote_button_short_press"; - # subtype = "turn_on"; - # } // switch_chambre; - # action = { - # scene = "scene.night"; - # }; - # } - # { - # alias = "Button scene dodo"; - # trigger = { - # type = "remote_button_short_press"; - # subtype = "turn_off"; - # } // switch_chambre; - # action = { - # service = "light.turn_off"; - # entity_id = "all"; - # }; - # } - # { - # alias = "Button scene lumière chambre ON"; - # trigger = { - # type = "remote_button_long_press"; - # subtype = "dim_up"; - # } // switch_chambre; - # action = { - # service = "light.turn_on"; - # entity_id = "light.chambre"; - # }; - # } - # { - # alias = "Button scene lumière chambre OFF"; - # trigger = { - # type = "remote_button_long_press"; - # subtype = "dim_down"; - # } // switch_chambre; - # action = { - # service = "light.turn_off"; - # entity_id = "light.chambre"; - # }; - # } - #]; }; }; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 52bf009..b2bfa85 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -269,6 +269,11 @@ in proxyWebsockets = true; }; }; + "zigbee.nyanlout.re" = recursiveUpdate (authReverse config.services.zigbee2mqtt.settings.frontend.port) { + locations."/" = { + proxyWebsockets = true; + }; + }; "apart.nyanlout.re" = recursiveUpdate (simpleReverse config.services.home-assistant.config.http.server_port) { locations."/" = { proxyWebsockets = true; From dad1bd43a15abb0b84ce59bb56f3715f3cf77711 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 29 Jun 2023 10:51:44 +0200 Subject: [PATCH 086/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/b6c73c5fe53bb3afbf65e870541e0645e9145171' (2023-06-20) → 'github:NixOS/nixpkgs/9790f3242da2152d5aa1976e3e4b8b414f4dd206' (2023-06-27) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/04af42f3b31dba0ef742d254456dc4c14eedac86' (2023-06-17) → 'github:NixOS/nixpkgs/e18dc963075ed115afb3e312b64643bf8fd4b474' (2023-06-27) • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/4966c0f63f04659015f064f2aa34b1893a16dfde' (2023-06-11) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/24128c3052090311688b09a400aa408ba61c6ee5' (2023-06-22) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index ca01781..448abd6 100644 --- a/flake.lock +++ b/flake.lock @@ -91,11 +91,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1687288566, - "narHash": "sha256-VckkiJ88Gzdc2cstm0z5eFcrHbvkm4VjxavHBGssvZI=", + "lastModified": 1687829761, + "narHash": "sha256-QRe1Y8SS3M4GeC58F/6ajz6V0ZLUVWX3ZAMgov2N3/g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b6c73c5fe53bb3afbf65e870541e0645e9145171", + "rev": "9790f3242da2152d5aa1976e3e4b8b414f4dd206", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1686960236, - "narHash": "sha256-AYCC9rXNLpUWzD9hm+askOfpliLEC9kwAo7ITJc4HIw=", + "lastModified": 1687898314, + "narHash": "sha256-B4BHon3uMXQw8ZdbwxRK1BmxVOGBV4viipKpGaIlGwk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "04af42f3b31dba0ef742d254456dc4c14eedac86", + "rev": "e18dc963075ed115afb3e312b64643bf8fd4b474", "type": "github" }, "original": { @@ -158,11 +158,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1686496219, - "narHash": "sha256-8zXZ/813yzaRA84js98G3XQ3GEEzFGnxhjvVyxkEey0=", + "lastModified": 1687462267, + "narHash": "sha256-rNSputjn/0HEHHnsKfQ8mQVEPVchcBw7DsbND7Wg8dk=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "4966c0f63f04659015f064f2aa34b1893a16dfde", + "rev": "24128c3052090311688b09a400aa408ba61c6ee5", "type": "gitlab" }, "original": { From 9c1c0d8e761ceb80bce139e865971a5db25da516 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 29 Jun 2023 10:54:22 +0200 Subject: [PATCH 087/240] add challenge amandoline website --- systems/LoutreOS/web.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index b2bfa85..0d82934 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -342,6 +342,9 @@ in forceSSL = true; globalRedirect = "amandoline-creations.fr"; }; + "challenge.amandoline-creations.fr" = base { + "/".alias = "/var/www/amandoline-challenge/"; + }; }; }; From 4274d2d0863e8dbe4214422a43996b854adefe6b Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 7 Aug 2023 20:11:32 +0200 Subject: [PATCH 088/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/9790f3242da2152d5aa1976e3e4b8b414f4dd206' (2023-06-27) → 'github:NixOS/nixpkgs/61676e4dcfeeb058f255294bcb08ea7f3bc3ce56' (2023-08-06) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/e18dc963075ed115afb3e312b64643bf8fd4b474' (2023-06-27) → 'github:NixOS/nixpkgs/5a8e9243812ba528000995b294292d3b5e120947' (2023-08-07) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 448abd6..6e33a0c 100644 --- a/flake.lock +++ b/flake.lock @@ -91,11 +91,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1687829761, - "narHash": "sha256-QRe1Y8SS3M4GeC58F/6ajz6V0ZLUVWX3ZAMgov2N3/g=", + "lastModified": 1691328192, + "narHash": "sha256-w59N1zyDQ7SupfMJLFvtms/SIVbdryqlw5AS4+DiH+Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9790f3242da2152d5aa1976e3e4b8b414f4dd206", + "rev": "61676e4dcfeeb058f255294bcb08ea7f3bc3ce56", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1687898314, - "narHash": "sha256-B4BHon3uMXQw8ZdbwxRK1BmxVOGBV4viipKpGaIlGwk=", + "lastModified": 1691368598, + "narHash": "sha256-ia7li22keBBbj02tEdqjVeLtc7ZlSBuhUk+7XTUFr14=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e18dc963075ed115afb3e312b64643bf8fd4b474", + "rev": "5a8e9243812ba528000995b294292d3b5e120947", "type": "github" }, "original": { From f7cf15be336abb6b0aa2bfefec09a18242bba7e0 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 7 Aug 2023 23:27:36 +0200 Subject: [PATCH 089/240] GUI: disable unused apps --- systems/common-gui.nix | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/systems/common-gui.nix b/systems/common-gui.nix index 068afae..0a5a33d 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -62,7 +62,6 @@ obs-studio vlc mpv - jellyfin-mpv-shim kdenlive glxinfo @@ -118,17 +117,7 @@ desktopManager.plasma5.enable = true; }; udev.packages = with pkgs; [ ledger-udev-rules ]; - pcscd = { - enable = true; - plugins = [ - (pkgs.ccid.overrideAttrs (oldAttrs: rec { - preBuild = '' - echo "0x2C97:0x0001:Ledger Token" >> ./readers/supported_readers.txt - ''; - }) - ) - ]; - }; + pcscd.enable = true; }; environment.etc = { From bb43809bbddc23c3a57968cffd39c7f455a49fdf Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 12 Aug 2023 00:14:12 +0200 Subject: [PATCH 090/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/61676e4dcfeeb058f255294bcb08ea7f3bc3ce56' (2023-08-06) → 'github:NixOS/nixpkgs/9034b46dc4c7596a87ab837bb8a07ef2d887e8c7' (2023-08-09) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/5a8e9243812ba528000995b294292d3b5e120947' (2023-08-07) → 'github:NixOS/nixpkgs/ce5e4a6ef2e59d89a971bc434ca8ca222b9c7f5e' (2023-08-10) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 6e33a0c..bc70109 100644 --- a/flake.lock +++ b/flake.lock @@ -91,11 +91,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1691328192, - "narHash": "sha256-w59N1zyDQ7SupfMJLFvtms/SIVbdryqlw5AS4+DiH+Y=", + "lastModified": 1691592289, + "narHash": "sha256-Lqpw7lrXlLkYra33tp57ms8tZ0StWhbcl80vk4D90F8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "61676e4dcfeeb058f255294bcb08ea7f3bc3ce56", + "rev": "9034b46dc4c7596a87ab837bb8a07ef2d887e8c7", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1691368598, - "narHash": "sha256-ia7li22keBBbj02tEdqjVeLtc7ZlSBuhUk+7XTUFr14=", + "lastModified": 1691654369, + "narHash": "sha256-gSILTEx1jRaJjwZxRlnu3ZwMn1FVNk80qlwiCX8kmpo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5a8e9243812ba528000995b294292d3b5e120947", + "rev": "ce5e4a6ef2e59d89a971bc434ca8ca222b9c7f5e", "type": "github" }, "original": { From afac2029e28bda8d34781ada64a15622b0b365e1 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 15 Aug 2023 23:37:58 +0200 Subject: [PATCH 091/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/9034b46dc4c7596a87ab837bb8a07ef2d887e8c7' (2023-08-09) → 'github:NixOS/nixpkgs/09a137528c3aea3780720d19f99cd706f52c3823' (2023-08-14) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/ce5e4a6ef2e59d89a971bc434ca8ca222b9c7f5e' (2023-08-10) → 'github:NixOS/nixpkgs/6e287913f7b1ef537c97aa301b67c34ea46b640f' (2023-08-14) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index bc70109..468f0b5 100644 --- a/flake.lock +++ b/flake.lock @@ -91,11 +91,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1691592289, - "narHash": "sha256-Lqpw7lrXlLkYra33tp57ms8tZ0StWhbcl80vk4D90F8=", + "lastModified": 1692025715, + "narHash": "sha256-tsRiiopGT7HA8d/cuk5xYBRXgdnnvD+JhUGUe3x7vmY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9034b46dc4c7596a87ab837bb8a07ef2d887e8c7", + "rev": "09a137528c3aea3780720d19f99cd706f52c3823", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1691654369, - "narHash": "sha256-gSILTEx1jRaJjwZxRlnu3ZwMn1FVNk80qlwiCX8kmpo=", + "lastModified": 1691990649, + "narHash": "sha256-gMbKOiX1HwClRP9lADaaV/lnZr93NEaOFe4ApDx/zd8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ce5e4a6ef2e59d89a971bc434ca8ca222b9c7f5e", + "rev": "6e287913f7b1ef537c97aa301b67c34ea46b640f", "type": "github" }, "original": { From cbe429a351f6227dcca0edcf769148db5b24d289 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 15 Aug 2023 23:46:29 +0200 Subject: [PATCH 092/240] hotfix failed build --- flake.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/flake.nix b/flake.nix index d6de1f2..703805a 100644 --- a/flake.nix +++ b/flake.nix @@ -36,6 +36,14 @@ # }) # ]; + channels.nixpkgs-unstable.patches = [ + (nixpkgs-unstable.legacyPackages."x86_64-linux".fetchpatch { + name = "249059.patch"; + url = "https://github.com/NixOS/nixpkgs/commit/7957b4cfd79a6b7871d31e5acd84f75fc3e7ca59.patch"; + sha256 = "sha256-Ue9qzggPooVSgyzJiPhQm7+79L5d7IYX3fAXmYjTTiE="; + }) + ]; + hostDefaults.modules = [ nixpkgs.nixosModules.notDetected { From d898b83cd0670598ba28cab228e57c1cae809a26 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 16 Aug 2023 20:35:44 +0200 Subject: [PATCH 093/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/09a137528c3aea3780720d19f99cd706f52c3823' (2023-08-14) → 'github:NixOS/nixpkgs/bfd953b2c6de4f550f75461bcc5768b6f966be10' (2023-08-15) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/6e287913f7b1ef537c97aa301b67c34ea46b640f' (2023-08-14) → 'github:NixOS/nixpkgs/caac0eb6bdcad0b32cb2522e03e4002c8975c62e' (2023-08-16) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 468f0b5..8ffbb7c 100644 --- a/flake.lock +++ b/flake.lock @@ -91,11 +91,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1692025715, - "narHash": "sha256-tsRiiopGT7HA8d/cuk5xYBRXgdnnvD+JhUGUe3x7vmY=", + "lastModified": 1692134936, + "narHash": "sha256-Z68O969cioC6I3k/AFBxsuEwpJwt4l9fzwuAMUhCCs0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "09a137528c3aea3780720d19f99cd706f52c3823", + "rev": "bfd953b2c6de4f550f75461bcc5768b6f966be10", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1691990649, - "narHash": "sha256-gMbKOiX1HwClRP9lADaaV/lnZr93NEaOFe4ApDx/zd8=", + "lastModified": 1692174805, + "narHash": "sha256-xmNPFDi/AUMIxwgOH/IVom55Dks34u1g7sFKKebxUm0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6e287913f7b1ef537c97aa301b67c34ea46b640f", + "rev": "caac0eb6bdcad0b32cb2522e03e4002c8975c62e", "type": "github" }, "original": { From 317b1a24e600b695faadd626fb71f6c0673558ee Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 16 Aug 2023 20:37:06 +0200 Subject: [PATCH 094/240] remove hotfix --- flake.nix | 8 -------- 1 file changed, 8 deletions(-) diff --git a/flake.nix b/flake.nix index 703805a..d6de1f2 100644 --- a/flake.nix +++ b/flake.nix @@ -36,14 +36,6 @@ # }) # ]; - channels.nixpkgs-unstable.patches = [ - (nixpkgs-unstable.legacyPackages."x86_64-linux".fetchpatch { - name = "249059.patch"; - url = "https://github.com/NixOS/nixpkgs/commit/7957b4cfd79a6b7871d31e5acd84f75fc3e7ca59.patch"; - sha256 = "sha256-Ue9qzggPooVSgyzJiPhQm7+79L5d7IYX3fAXmYjTTiE="; - }) - ]; - hostDefaults.modules = [ nixpkgs.nixosModules.notDetected { From 15cc0c9d0d7426c09123fa73517e8b85862cc48f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 16 Aug 2023 20:47:28 +0200 Subject: [PATCH 095/240] rename old options --- systems/PC-Fixe/configuration.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 9c24660..06a816c 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -26,7 +26,7 @@ "acpi_enforce_resources=lax" "zfs.zfs_arc_max=2147483648" ]; - boot.tmpOnTmpfs = false; + boot.tmp.useTmpfs = false; boot.supportedFilesystems = [ "zfs" ]; virtualisation.virtualbox.host.enable = true; @@ -60,7 +60,7 @@ hardware.bluetooth.enable = true; # Logitech G920 - hardware.usbWwan.enable = true; + hardware.usb-modeswitch.enable = true; # hardware.pulseaudio.extraConfig = '' # load-module module-null-sink sink_name=mic_denoised_out rate=48000 @@ -120,8 +120,10 @@ }; services.openssh.enable = true; - services.openssh.passwordAuthentication = false; - services.openssh.forwardX11 = true; + services.openssh.settings = { + PasswordAuthentication = false; + X11Forwarding = true; + }; # security.pki.certificates = [ # '' From 4d10ab6aca6eb3d2f9b567441948065a8f9d6f54 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 15 Sep 2023 14:14:36 +0200 Subject: [PATCH 096/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/bfd953b2c6de4f550f75461bcc5768b6f966be10' (2023-08-15) → 'github:NixOS/nixpkgs/e5f018cf150e29aac26c61dac0790ea023c46b24' (2023-09-12) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/caac0eb6bdcad0b32cb2522e03e4002c8975c62e' (2023-08-16) → 'github:NixOS/nixpkgs/f2ea252d23ebc9a5336bf6a61e0644921f64e67c' (2023-09-14) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 8ffbb7c..58acaaa 100644 --- a/flake.lock +++ b/flake.lock @@ -91,11 +91,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1692134936, - "narHash": "sha256-Z68O969cioC6I3k/AFBxsuEwpJwt4l9fzwuAMUhCCs0=", + "lastModified": 1694499547, + "narHash": "sha256-R7xMz1Iia6JthWRHDn36s/E248WB1/je62ovC/dUVKI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bfd953b2c6de4f550f75461bcc5768b6f966be10", + "rev": "e5f018cf150e29aac26c61dac0790ea023c46b24", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1692174805, - "narHash": "sha256-xmNPFDi/AUMIxwgOH/IVom55Dks34u1g7sFKKebxUm0=", + "lastModified": 1694669921, + "narHash": "sha256-6ESpJ6FsftHV96JO/zn6je07tyV2dlLR7SdLsmkegTY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "caac0eb6bdcad0b32cb2522e03e4002c8975c62e", + "rev": "f2ea252d23ebc9a5336bf6a61e0644921f64e67c", "type": "github" }, "original": { From 55d8e55d3e6355885e0bd003c5ca535e435766f0 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 15 Sep 2023 15:27:47 +0200 Subject: [PATCH 097/240] enable Bouygues IPv6 --- systems/LoutreOS/configuration.nix | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 720c7d7..543e998 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -23,6 +23,8 @@ supportedFilesystems = [ "zfs" ]; tmp.useTmpfs = true; + + kernel.sysctl."net.ipv6.conf.all.forwarding" = true; }; documentation.nixos.enable = false; @@ -88,6 +90,7 @@ }; firewall = { + enable = true; allowedTCPPorts = [ 80 443 ]; allowedUDPPorts = [ ]; interfaces.eno2 = { @@ -101,7 +104,11 @@ 3483 # Slimserver ]; }; - enable = true; + extraCommands = '' + ip6tables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT + ip6tables -A FORWARD -j ACCEPT -i eno2 + ip6tables -A FORWARD -j nixos-fw-log-refuse + ''; }; }; @@ -118,6 +125,12 @@ IPv6AcceptRA = "yes"; }; }; + "40-eno2" = { + networkConfig = { + IPv6SendRA = "yes"; + DHCPPrefixDelegation = "yes"; + }; + }; "40-enp0s21u2".dhcpV4Config.RouteMetric = 1024; }; From c26b1d89885118d21ce55d214207e2b40b442621 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 15 Sep 2023 15:57:00 +0200 Subject: [PATCH 098/240] fix DNS servers for IPV6 --- systems/LoutreOS/configuration.nix | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 543e998..2130d9c 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -119,16 +119,23 @@ DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68"; WithoutRA = "solicit"; }; - ipv6AcceptRAConfig.DHCPv6Client = "yes"; + ipv6AcceptRAConfig.DHCPv6Client = true; networkConfig = { KeepConfiguration = "dhcp-on-stop"; - IPv6AcceptRA = "yes"; + IPv6AcceptRA = true; }; }; "40-eno2" = { networkConfig = { - IPv6SendRA = "yes"; - DHCPPrefixDelegation = "yes"; + IPv6SendRA = true; + DHCPPrefixDelegation = true; + }; + ipv6SendRAConfig = { + EmitDNS = true; + DNS = [ + "2606:4700:4700::1111" + "2606:4700:4700::1001" + ]; }; }; "40-enp0s21u2".dhcpV4Config.RouteMetric = 1024; @@ -148,7 +155,7 @@ { ethernetAddress = "50:02:91:78:be:be"; hostName = "guirlande"; ipAddress = "10.30.40.3"; } ]; extraConfig = '' - option domain-name-servers 89.234.141.66, 80.67.169.12, 80.67.169.40; + option domain-name-servers 1.1.1.1, 1.0.0.1; option subnet-mask 255.255.0.0; subnet 10.30.0.0 netmask 255.255.0.0 { option routers 10.30.0.1; From dd7dbb6be53558605bba779e761bb1133be9ed54 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 21 Sep 2023 20:01:22 +0200 Subject: [PATCH 099/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e5f018cf150e29aac26c61dac0790ea023c46b24' (2023-09-12) → 'github:NixOS/nixpkgs/5d017a8822e0907fb96f7700a319f9fe2434de02' (2023-09-17) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/f2ea252d23ebc9a5336bf6a61e0644921f64e67c' (2023-09-14) → 'github:NixOS/nixpkgs/5ba549eafcf3e33405e5f66decd1a72356632b96' (2023-09-19) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 58acaaa..26c8d3a 100644 --- a/flake.lock +++ b/flake.lock @@ -91,11 +91,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1694499547, - "narHash": "sha256-R7xMz1Iia6JthWRHDn36s/E248WB1/je62ovC/dUVKI=", + "lastModified": 1694937365, + "narHash": "sha256-iHZSGrb9gVpZRR4B2ishUN/1LRKWtSHZNO37C8z1SmA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e5f018cf150e29aac26c61dac0790ea023c46b24", + "rev": "5d017a8822e0907fb96f7700a319f9fe2434de02", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1694669921, - "narHash": "sha256-6ESpJ6FsftHV96JO/zn6je07tyV2dlLR7SdLsmkegTY=", + "lastModified": 1695145219, + "narHash": "sha256-Eoe9IHbvmo5wEDeJXKFOpKUwxYJIOxKUesounVccNYk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f2ea252d23ebc9a5336bf6a61e0644921f64e67c", + "rev": "5ba549eafcf3e33405e5f66decd1a72356632b96", "type": "github" }, "original": { From f0dcdd88cd61d50f1aba7d8d5d7a356b833a2bdb Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 21 Sep 2023 23:29:14 +0200 Subject: [PATCH 100/240] migrate dhcpcd to networkd --- systems/LoutreOS/configuration.nix | 85 +++++++++++++++++++++--------- 1 file changed, 59 insertions(+), 26 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 2130d9c..4674b9d 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -102,12 +102,18 @@ allowedUDPPorts = [ 111 2049 4000 4001 4002 # NFS 3483 # Slimserver + 67 # DHCP ]; }; extraCommands = '' - ip6tables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT - ip6tables -A FORWARD -j ACCEPT -i eno2 - ip6tables -A FORWARD -j nixos-fw-log-refuse + ip6tables -w -D FORWARD -j loutreos-forward 2>/dev/null || true + ip6tables -w -F loutreos-forward 2>/dev/null || true + ip6tables -w -X loutreos-forward 2>/dev/null || true + ip6tables -w -N loutreos-forward + ip6tables -A loutreos-forward -m state --state RELATED,ESTABLISHED -j ACCEPT + ip6tables -A loutreos-forward -j ACCEPT -i eno2 + ip6tables -A loutreos-forward -j nixos-fw-log-refuse + ip6tables -w -A FORWARD -j loutreos-forward ''; }; }; @@ -129,7 +135,57 @@ networkConfig = { IPv6SendRA = true; DHCPPrefixDelegation = true; + DHCPServer = true; }; + dhcpServerConfig = { + # MIN = 10.30.100.0 + #PoolOffset = 25500; + # MAX = 10.30.200.0 + #PoolSize = 25500; + EmitRouter = true; + EmitDNS = true; + DNS = [ + "1.1.1.1" + "1.0.0.1" + ]; + }; + dhcpServerStaticLeases = [ + # IPMI + { + dhcpServerStaticLeaseConfig = { + Address = "10.30.1.1"; + MACAddress = "ac:1f:6b:4b:01:15"; + }; + } + # paul-fixe + { + dhcpServerStaticLeaseConfig = { + Address = "10.30.50.1"; + MACAddress = "b4:2e:99:ed:24:26"; + }; + } + # salonled + { + dhcpServerStaticLeaseConfig = { + Address = "10.30.40.1"; + MACAddress = "e0:98:06:85:e9:ce"; + }; + } + # miroir-bleu + { + dhcpServerStaticLeaseConfig = { + Address = "10.30.40.2"; + MACAddress = "e0:98:06:86:38:fc"; + }; + } + # miroir-orange + { + dhcpServerStaticLeaseConfig = { + Address = "10.30.40.3"; + MACAddress = "50:02:91:78:be:be"; + }; + } + ]; ipv6SendRAConfig = { EmitDNS = true; DNS = [ @@ -141,29 +197,6 @@ "40-enp0s21u2".dhcpV4Config.RouteMetric = 1024; }; - services.dhcpd4 = { - enable = true; - interfaces = [ "eno2" ]; - machines = [ - { ethernetAddress = "50:c7:bf:b6:b8:ef"; hostName = "HS110"; ipAddress = "10.30.50.7"; } - { ethernetAddress = "ac:1f:6b:4b:01:15"; hostName = "IPMI"; ipAddress = "10.30.1.1"; } - { ethernetAddress = "b4:2e:99:ed:24:26"; hostName = "paul-fixe"; ipAddress = "10.30.50.1"; } - - #ESPHome - { ethernetAddress = "e0:98:06:85:e9:ce"; hostName = "salonled"; ipAddress = "10.30.40.1"; } - { ethernetAddress = "e0:98:06:86:38:fc"; hostName = "bureauled"; ipAddress = "10.30.40.2"; } - { ethernetAddress = "50:02:91:78:be:be"; hostName = "guirlande"; ipAddress = "10.30.40.3"; } - ]; - extraConfig = '' - option domain-name-servers 1.1.1.1, 1.0.0.1; - option subnet-mask 255.255.0.0; - subnet 10.30.0.0 netmask 255.255.0.0 { - option routers 10.30.0.1; - range 10.30.100.0 10.30.200.0; - } - ''; - }; - nixpkgs.overlays = [ (import ../../overlays/transmission.nix) ]; From 3ff503b7b704e95e4ad7683d8fccf17425907c45 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 21 Sep 2023 23:52:56 +0200 Subject: [PATCH 101/240] fix 4G key interface name --- systems/LoutreOS/configuration.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 4674b9d..f8791c7 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -72,7 +72,7 @@ { address = "10.30.0.1"; prefixLength = 16; } ]; }; - enp0s21u2.useDHCP = true; + enp0s21u1.useDHCP = true; }; # NAT bouygues <-> eno2 @@ -194,7 +194,7 @@ ]; }; }; - "40-enp0s21u2".dhcpV4Config.RouteMetric = 1024; + "40-enp0s21u1".dhcpV4Config.RouteMetric = 1024; }; nixpkgs.overlays = [ From c126a6fc58ee6ff879375a7f5f5074cd5231e68b Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 10 Oct 2023 20:12:31 +0200 Subject: [PATCH 102/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/5d017a8822e0907fb96f7700a319f9fe2434de02' (2023-09-17) → 'github:NixOS/nixpkgs/5a237aecb57296f67276ac9ab296a41c23981f56' (2023-10-07) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/5ba549eafcf3e33405e5f66decd1a72356632b96' (2023-09-19) → 'github:NixOS/nixpkgs/87828a0e03d1418e848d3dd3f3014a632e4a4f64' (2023-10-06) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 26c8d3a..d20fe8c 100644 --- a/flake.lock +++ b/flake.lock @@ -91,11 +91,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1694937365, - "narHash": "sha256-iHZSGrb9gVpZRR4B2ishUN/1LRKWtSHZNO37C8z1SmA=", + "lastModified": 1696697597, + "narHash": "sha256-q26Qv4DQ+h6IeozF2o1secyQG0jt2VUT3V0K58jr3pg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5d017a8822e0907fb96f7700a319f9fe2434de02", + "rev": "5a237aecb57296f67276ac9ab296a41c23981f56", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1695145219, - "narHash": "sha256-Eoe9IHbvmo5wEDeJXKFOpKUwxYJIOxKUesounVccNYk=", + "lastModified": 1696604326, + "narHash": "sha256-YXUNI0kLEcI5g8lqGMb0nh67fY9f2YoJsILafh6zlMo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5ba549eafcf3e33405e5f66decd1a72356632b96", + "rev": "87828a0e03d1418e848d3dd3f3014a632e4a4f64", "type": "github" }, "original": { From 18e31c8df3eb0b35ced099528a2032332878bc24 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 10 Oct 2023 22:17:02 +0200 Subject: [PATCH 103/240] assign IPv6 to upstream --- systems/LoutreOS/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index f8791c7..134a76d 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -129,6 +129,7 @@ networkConfig = { KeepConfiguration = "dhcp-on-stop"; IPv6AcceptRA = true; + DHCPPrefixDelegation = true; }; }; "40-eno2" = { From e5c82197e74339ed5d4b9940a60627ba39665a5b Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 10 Oct 2023 22:17:25 +0200 Subject: [PATCH 104/240] update transmission to version 4 --- systems/LoutreOS/medias.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index 8a4d15d..7fc072b 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -4,6 +4,7 @@ services = { transmission = { enable = true; + package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.transmission_4; home = "/var/lib/transmission"; group = "medias"; settings = { From acde13cce678931f8e2278c9fa9e7785bf3d1bc3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 10 Oct 2023 22:18:02 +0200 Subject: [PATCH 105/240] enable podman autoprune and socket --- systems/LoutreOS/medias.nix | 37 ++++++++++++++++++++----------------- systems/LoutreOS/users.nix | 2 +- 2 files changed, 21 insertions(+), 18 deletions(-) diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index 7fc072b..39bf858 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -57,23 +57,26 @@ ]; }; - virtualisation.oci-containers = { - backend = "podman"; - containers = { - slimserver = { - image = "docker.io/lmscommunity/logitechmediaserver:stable"; - volumes = [ - "/mnt/medias/musique:/music:ro" - "/var/lib/slimserver:/config:rw" - "/etc/localtime:/etc/localtime:ro" - ]; - ports = [ - "10.30.0.1:9000:9000/tcp" - "10.30.0.1:9090:9090/tcp" - "10.30.0.1:3483:3483/tcp" - "10.30.0.1:3483:3483/udp" - ]; - extraOptions = ["--pull=always"]; + virtualisation = { + podman.autoPrune.enable = true; + oci-containers = { + backend = "podman"; + containers = { + slimserver = { + image = "docker.io/lmscommunity/logitechmediaserver:stable"; + volumes = [ + "/mnt/medias/musique:/music:ro" + "/var/lib/slimserver:/config:rw" + "/etc/localtime:/etc/localtime:ro" + ]; + ports = [ + "10.30.0.1:9000:9000/tcp" + "10.30.0.1:9090:9090/tcp" + "10.30.0.1:3483:3483/tcp" + "10.30.0.1:3483:3483/udp" + ]; + extraOptions = ["--pull=always"]; + }; }; }; }; diff --git a/systems/LoutreOS/users.nix b/systems/LoutreOS/users.nix index 3bac8e3..bbfdc39 100644 --- a/systems/LoutreOS/users.nix +++ b/systems/LoutreOS/users.nix @@ -6,7 +6,7 @@ uid = 1000; isNormalUser = true; description = "Paul TREHIOU"; - extraGroups = [ "wheel" "medias" "transmission" ]; + extraGroups = [ "wheel" "medias" "transmission" "podman" ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAF7VlzHzgg70uFbRFtVTS34qNBke/RD36mRENAsa33RxztxrqMsIDscAD/d6CTe6HDy7MCGzJnWCJSXj5iOQFM4RRMvKNEgCKPHqfhmfVvO4YZuMjNB0ufVf6zhJL4Hy43STf7NIWrenGemUP+OvVSwN/ujgl2KKw4KJZt25/h/7JjlCgsZm4lWg4xcjoiKL701W2fbEoU73XKdbRTgTvKoeK1CGxdAPFefFDFcv/mtJ7d+wIxw9xODcLcA66Bu94WGMdpyEAJc4nF8IOy4pW8AzllDi0qNEZGCQ5+94upnLz0knG1ue9qU2ScAkW1/5rIJTHCVtBnmbLNSAOBAstaGQJuSL40TWZ1oPA5i1qUEhunNcJ+Sgtp6XP69qY34T/AeJvHRyw5M5LfN0g+4ka9k06NPBhbpHFASz4M8nabQ0iM63++xcapnw/8gk+EPhYVKW86SsyTa9ur+tt6oDWEKNaOhgscX44LexY7jKdeBRt3GaObtBJtVLBRx3Z2aRXgjgnKGqS40mGRiSkqb2DShspI1l8DV2RrPiuwdBzXVQjWRc0KXmJrcgXX9uoPSxihxwaUQyvmITOV1Y+NEuek4gRkVNOxjoG7RGnaYvYzxEQVoI5TwZC2/DCrAUgCv8DQawkcpEiWnBq7Q5VnpmFx5juVQ/I0G8byOkPXgRUOk9 openpgp:0xAB524BBC" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCACVI2dL4AmOdcb7RSl3JZpfK33NhqrYFfWfXMYow5SPJ9VPteOp5kVvKUuSbGH3chjpttYC/ueQJJhFagiKmkeftQTslIw6C009wUExGpJwRotHqISXv2ctURGURKy2FF848whd7xZJzdj49ZJ6S+SCbRFZvVWfT2dP/JwTiWW1mbEaWKyOgrixH6wSKt9ECumjX9KjqSWGw+k3yLJxIhdqiZAjNv4soJs1mQYdIlFCXCuznzoZIQBexZPQCx0j9HjczPz1feMLWkrHzEMexNjsBE2uA6yXLbH1wa8xCJ4VOeD7u9JqVY579AsicD62G+qIgw0B2zmyz7xTrdPv+061zmYn6qYr8EXGTk4dVgedZp8M1XzZ1PVoeeftPFcClXC7zCGyCR2uzJbQLzlaTwZrdghAiS9UhMRuKpNgZy2zDWw4MqdojrF5bndPkoijlXWYrPYBFED5OU1mpwzpanYgldowJC/Ixjwi+Hmse2q4XgZ+egfuotBqPfqB+bWsCa5GNiJWGdLP69uBSsXubGnqLwvE0FAQ2GHb+SEoZKFy/QV9GzOLlVrGlgK5YFgKJD+Q1nn1QRycXt1oMVC/AtR/NshOGanhdvIRpPATGmaxLVXSY093vyAOW4MPrS00fPAXzAfJUwIuWcloFfLMo5Jitj5rpE1s6FX8xrl4upQ== paul@nyanlout.re" From 3fa5cb96067be87b01a4d8b857368f24ce502bcf Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 1 Nov 2023 20:58:46 +0100 Subject: [PATCH 106/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/5a237aecb57296f67276ac9ab296a41c23981f56' (2023-10-07) → 'github:NixOS/nixpkgs/017ef2132a5bda50bd713aeabce8f918502d4ec1' (2023-10-30) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/87828a0e03d1418e848d3dd3f3014a632e4a4f64' (2023-10-06) → 'github:NixOS/nixpkgs/0cbe9f69c234a7700596e943bfae7ef27a31b735' (2023-10-29) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index d20fe8c..7063b6c 100644 --- a/flake.lock +++ b/flake.lock @@ -91,11 +91,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1696697597, - "narHash": "sha256-q26Qv4DQ+h6IeozF2o1secyQG0jt2VUT3V0K58jr3pg=", + "lastModified": 1698696950, + "narHash": "sha256-FHFL58t6lMumvWqwundC8fDDDLOIvc+JJBNIAlPjrDY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5a237aecb57296f67276ac9ab296a41c23981f56", + "rev": "017ef2132a5bda50bd713aeabce8f918502d4ec1", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1696604326, - "narHash": "sha256-YXUNI0kLEcI5g8lqGMb0nh67fY9f2YoJsILafh6zlMo=", + "lastModified": 1698611440, + "narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "87828a0e03d1418e848d3dd3f3014a632e4a4f64", + "rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735", "type": "github" }, "original": { From 7937c07328949ea20bd6768c6bee30f290f95dc6 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 1 Nov 2023 22:34:28 +0100 Subject: [PATCH 107/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'utils': 'github:gytis-ivaskevicius/flake-utils-plus/166d6ebd9f0de03afc98060ac92cba9c71cfe550' (2021-11-29) → 'github:gytis-ivaskevicius/flake-utils-plus/6cf1e312fb259693c4930d07ca3cbe1d07ef4a48' (2023-10-02) • Updated input 'utils/flake-utils': 'github:numtide/flake-utils/74f7e4319258e287b0f9cb95426c9853b282730b' (2021-11-28) → 'github:numtide/flake-utils/ff7b65b44d01cf9ba6a71320833626af21126384' (2023-09-12) • Added input 'utils/flake-utils/systems': 'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09) --- flake.lock | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index 7063b6c..bbc88dd 100644 --- a/flake.lock +++ b/flake.lock @@ -54,12 +54,15 @@ } }, "flake-utils": { + "inputs": { + "systems": "systems" + }, "locked": { - "lastModified": 1638122382, - "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", "owner": "numtide", "repo": "flake-utils", - "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", "type": "github" }, "original": { @@ -172,6 +175,21 @@ "type": "gitlab" } }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "utils": { "locked": { "lastModified": 1605370193, @@ -192,16 +210,16 @@ "flake-utils": "flake-utils" }, "locked": { - "lastModified": 1638172912, - "narHash": "sha256-jxhQGNEsZTdop/Br3JPS+xmBf6t9cIWRzVZFxbT76Rw=", + "lastModified": 1696281284, + "narHash": "sha256-xcmtTmoiiAOSk4abifbtqVZk0iwBcqJfg47iUbkwhcE=", "owner": "gytis-ivaskevicius", "repo": "flake-utils-plus", - "rev": "166d6ebd9f0de03afc98060ac92cba9c71cfe550", + "rev": "6cf1e312fb259693c4930d07ca3cbe1d07ef4a48", "type": "github" }, "original": { "owner": "gytis-ivaskevicius", - "ref": "v1.3.1", + "ref": "v1.4.0", "repo": "flake-utils-plus", "type": "github" } From c6c8e72cab9a669e883ce2bdb18c14b464f3ecd5 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 23 Nov 2023 20:36:11 +0100 Subject: [PATCH 108/240] fix PC fixe --- flake.nix | 4 +++- systems/common-gui.nix | 6 ++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.nix b/flake.nix index d6de1f2..5f10bbd 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ inputs = { nixpkgs.url = "flake:nixpkgs/nixos-23.05"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; - utils.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.3.1"; + utils.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.4.0"; simple-nixos-mailserver = { url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05"; inputs = { @@ -24,6 +24,8 @@ inherit self inputs; + channels.nixpkgs-unstable.config = { allowUnfree = true; }; + supportedSystems = [ "x86_64-linux" ]; # Patch example diff --git a/systems/common-gui.nix b/systems/common-gui.nix index 0a5a33d..909737d 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -1,8 +1,6 @@ { config, pkgs, ... }: { - nixpkgs.config.allowUnfreePredicate = (pkg: true); - environment.systemPackages = with pkgs; [ filezilla qbittorrent @@ -16,8 +14,8 @@ betaflight-configurator - electrum - electron-cash + # electrum + # electron-cash ledger-live-desktop monero-gui From 885ea477b2c935c7a6677ef7155626388b44c4b2 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 23 Nov 2023 20:36:51 +0100 Subject: [PATCH 109/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/017ef2132a5bda50bd713aeabce8f918502d4ec1' (2023-10-30) → 'github:NixOS/nixpkgs/8f1180704ac35baded1a74164365ac7cdfba6f38' (2023-11-22) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/0cbe9f69c234a7700596e943bfae7ef27a31b735' (2023-10-29) → 'github:NixOS/nixpkgs/e4ad989506ec7d71f7302cc3067abd82730a4beb' (2023-11-19) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index bbc88dd..1bf82d8 100644 --- a/flake.lock +++ b/flake.lock @@ -94,11 +94,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1698696950, - "narHash": "sha256-FHFL58t6lMumvWqwundC8fDDDLOIvc+JJBNIAlPjrDY=", + "lastModified": 1700678569, + "narHash": "sha256-2Ki+2UvOidxEb3xB4ADqlbPQ2BZOF4uZMR094O8or2I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "017ef2132a5bda50bd713aeabce8f918502d4ec1", + "rev": "8f1180704ac35baded1a74164365ac7cdfba6f38", "type": "github" }, "original": { @@ -124,11 +124,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1698611440, - "narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=", + "lastModified": 1700390070, + "narHash": "sha256-de9KYi8rSJpqvBfNwscWdalIJXPo8NjdIZcEJum1mH0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735", + "rev": "e4ad989506ec7d71f7302cc3067abd82730a4beb", "type": "github" }, "original": { From 4e45fc1f82ae8b3b9296b54b3ce9ec18fc0e24c2 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 5 Dec 2023 14:42:53 +0100 Subject: [PATCH 110/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/8f1180704ac35baded1a74164365ac7cdfba6f38' (2023-11-22) → 'github:NixOS/nixpkgs/6386d8aafc28b3a7ed03880a57bdc6eb4465491d' (2023-12-02) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/e4ad989506ec7d71f7302cc3067abd82730a4beb' (2023-11-19) → 'github:NixOS/nixpkgs/91050ea1e57e50388fa87a3302ba12d188ef723a' (2023-12-01) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 1bf82d8..b861d93 100644 --- a/flake.lock +++ b/flake.lock @@ -94,11 +94,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1700678569, - "narHash": "sha256-2Ki+2UvOidxEb3xB4ADqlbPQ2BZOF4uZMR094O8or2I=", + "lastModified": 1701540982, + "narHash": "sha256-5ajSy6ODgGmAbmymRdHnjfVnuVrACjI8wXoGVvrtvww=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8f1180704ac35baded1a74164365ac7cdfba6f38", + "rev": "6386d8aafc28b3a7ed03880a57bdc6eb4465491d", "type": "github" }, "original": { @@ -124,11 +124,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1700390070, - "narHash": "sha256-de9KYi8rSJpqvBfNwscWdalIJXPo8NjdIZcEJum1mH0=", + "lastModified": 1701436327, + "narHash": "sha256-tRHbnoNI8SIM5O5xuxOmtSLnswEByzmnQcGGyNRjxsE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e4ad989506ec7d71f7302cc3067abd82730a4beb", + "rev": "91050ea1e57e50388fa87a3302ba12d188ef723a", "type": "github" }, "original": { From 690e6e0249c83b559318d9d2146af1018499ea42 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 20 Jan 2024 13:10:56 +0100 Subject: [PATCH 111/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/6386d8aafc28b3a7ed03880a57bdc6eb4465491d' (2023-12-02) → 'github:NixOS/nixpkgs/d2003f2223cbb8cd95134e4a0541beea215c1073' (2024-01-19) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/91050ea1e57e50388fa87a3302ba12d188ef723a' (2023-12-01) → 'github:NixOS/nixpkgs/842d9d80cfd4560648c785f8a4e6f3b096790e19' (2024-01-17) • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/24128c3052090311688b09a400aa408ba61c6ee5' (2023-06-22) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/4bfb8eb058f098302c97b909df2d019926e11220' (2023-12-19) • Updated input 'simple-nixos-mailserver/nixpkgs-23_05': follows 'nixpkgs' → 'github:NixOS/nixpkgs/8966c43feba2c701ed624302b6a935f97bcbdf88' (2023-05-22) • Added input 'simple-nixos-mailserver/nixpkgs-23_11': follows 'nixpkgs' --- flake.lock | 42 +++++++++++++++++++++++++++++------------- 1 file changed, 29 insertions(+), 13 deletions(-) diff --git a/flake.lock b/flake.lock index b861d93..8f0a176 100644 --- a/flake.lock +++ b/flake.lock @@ -94,16 +94,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1701540982, - "narHash": "sha256-5ajSy6ODgGmAbmymRdHnjfVnuVrACjI8wXoGVvrtvww=", + "lastModified": 1705641746, + "narHash": "sha256-D6c2aH8HQbWc7ZWSV0BUpFpd94ImFyCP8jFIsKQ4Slg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6386d8aafc28b3a7ed03880a57bdc6eb4465491d", + "rev": "d2003f2223cbb8cd95134e4a0541beea215c1073", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-23.05", + "ref": "nixos-23.11", "type": "indirect" } }, @@ -122,13 +122,28 @@ "type": "indirect" } }, - "nixpkgs-unstable": { + "nixpkgs-23_05": { "locked": { - "lastModified": 1701436327, - "narHash": "sha256-tRHbnoNI8SIM5O5xuxOmtSLnswEByzmnQcGGyNRjxsE=", + "lastModified": 1684782344, + "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "91050ea1e57e50388fa87a3302ba12d188ef723a", + "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.05", + "type": "indirect" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1705496572, + "narHash": "sha256-rPIe9G5EBLXdBdn9ilGc0nq082lzQd0xGGe092R/5QE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "842d9d80cfd4560648c785f8a4e6f3b096790e19", "type": "github" }, "original": { @@ -155,22 +170,23 @@ "nixpkgs-unstable" ], "nixpkgs-22_11": "nixpkgs-22_11", - "nixpkgs-23_05": [ + "nixpkgs-23_05": "nixpkgs-23_05", + "nixpkgs-23_11": [ "nixpkgs" ], "utils": "utils" }, "locked": { - "lastModified": 1687462267, - "narHash": "sha256-rNSputjn/0HEHHnsKfQ8mQVEPVchcBw7DsbND7Wg8dk=", + "lastModified": 1703023684, + "narHash": "sha256-XQU4OaacV0F2tf9cNAvIMqlC0HBIrAtvb0MLjIHt+7M=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "24128c3052090311688b09a400aa408ba61c6ee5", + "rev": "4bfb8eb058f098302c97b909df2d019926e11220", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-23.05", + "ref": "nixos-23.11", "repo": "nixos-mailserver", "type": "gitlab" } From 44d04496cd5cae583b945de37cda0f772819680d Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 20 Jan 2024 13:10:56 +0100 Subject: [PATCH 112/240] LoutreOS: update to NixOS 23.11 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/6386d8aafc28b3a7ed03880a57bdc6eb4465491d' (2023-12-02) → 'github:NixOS/nixpkgs/d2003f2223cbb8cd95134e4a0541beea215c1073' (2024-01-19) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/91050ea1e57e50388fa87a3302ba12d188ef723a' (2023-12-01) → 'github:NixOS/nixpkgs/842d9d80cfd4560648c785f8a4e6f3b096790e19' (2024-01-17) • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/24128c3052090311688b09a400aa408ba61c6ee5' (2023-06-22) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/4bfb8eb058f098302c97b909df2d019926e11220' (2023-12-19) • Updated input 'simple-nixos-mailserver/nixpkgs-23_05': follows 'nixpkgs' → 'github:NixOS/nixpkgs/8966c43feba2c701ed624302b6a935f97bcbdf88' (2023-05-22) • Added input 'simple-nixos-mailserver/nixpkgs-23_11': follows 'nixpkgs' --- flake.lock | 42 +++++++++++++++++++++--------- flake.nix | 6 ++--- systems/LoutreOS/configuration.nix | 3 --- 3 files changed, 32 insertions(+), 19 deletions(-) diff --git a/flake.lock b/flake.lock index b861d93..8f0a176 100644 --- a/flake.lock +++ b/flake.lock @@ -94,16 +94,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1701540982, - "narHash": "sha256-5ajSy6ODgGmAbmymRdHnjfVnuVrACjI8wXoGVvrtvww=", + "lastModified": 1705641746, + "narHash": "sha256-D6c2aH8HQbWc7ZWSV0BUpFpd94ImFyCP8jFIsKQ4Slg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6386d8aafc28b3a7ed03880a57bdc6eb4465491d", + "rev": "d2003f2223cbb8cd95134e4a0541beea215c1073", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-23.05", + "ref": "nixos-23.11", "type": "indirect" } }, @@ -122,13 +122,28 @@ "type": "indirect" } }, - "nixpkgs-unstable": { + "nixpkgs-23_05": { "locked": { - "lastModified": 1701436327, - "narHash": "sha256-tRHbnoNI8SIM5O5xuxOmtSLnswEByzmnQcGGyNRjxsE=", + "lastModified": 1684782344, + "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "91050ea1e57e50388fa87a3302ba12d188ef723a", + "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.05", + "type": "indirect" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1705496572, + "narHash": "sha256-rPIe9G5EBLXdBdn9ilGc0nq082lzQd0xGGe092R/5QE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "842d9d80cfd4560648c785f8a4e6f3b096790e19", "type": "github" }, "original": { @@ -155,22 +170,23 @@ "nixpkgs-unstable" ], "nixpkgs-22_11": "nixpkgs-22_11", - "nixpkgs-23_05": [ + "nixpkgs-23_05": "nixpkgs-23_05", + "nixpkgs-23_11": [ "nixpkgs" ], "utils": "utils" }, "locked": { - "lastModified": 1687462267, - "narHash": "sha256-rNSputjn/0HEHHnsKfQ8mQVEPVchcBw7DsbND7Wg8dk=", + "lastModified": 1703023684, + "narHash": "sha256-XQU4OaacV0F2tf9cNAvIMqlC0HBIrAtvb0MLjIHt+7M=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "24128c3052090311688b09a400aa408ba61c6ee5", + "rev": "4bfb8eb058f098302c97b909df2d019926e11220", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-23.05", + "ref": "nixos-23.11", "repo": "nixos-mailserver", "type": "gitlab" } diff --git a/flake.nix b/flake.nix index 5f10bbd..ef5839c 100644 --- a/flake.nix +++ b/flake.nix @@ -1,13 +1,13 @@ { inputs = { - nixpkgs.url = "flake:nixpkgs/nixos-23.05"; + nixpkgs.url = "flake:nixpkgs/nixos-23.11"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; utils.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.4.0"; simple-nixos-mailserver = { - url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05"; + url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.11"; inputs = { nixpkgs.follows = "nixpkgs-unstable"; - nixpkgs-23_05.follows = "nixpkgs"; + nixpkgs-23_11.follows = "nixpkgs"; }; }; dogetipbot-telegram = { diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 134a76d..ed50563 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -29,9 +29,6 @@ documentation.nixos.enable = false; - nixpkgs.config.allowUnfree = false; - nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem pkg.pname or (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.32.1-slimserver" "minecraft-server" ]); - services.zfs = { autoSnapshot.enable = true; autoScrub = { From 27f34a48f2a0ceef5876689575ff125982e5fd27 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 27 Jan 2024 17:43:21 +0100 Subject: [PATCH 113/240] force first subnet on bouygues interface --- systems/LoutreOS/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index ed50563..bf95a80 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -128,6 +128,7 @@ IPv6AcceptRA = true; DHCPPrefixDelegation = true; }; + dhcpPrefixDelegationConfig.SubnetId = "0"; }; "40-eno2" = { networkConfig = { From 2b2077d46a5e67416ee5bce3480e85e4edc31de0 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 22 Feb 2024 11:10:45 +0100 Subject: [PATCH 114/240] fix server access when fiber down --- systems/LoutreOS/configuration.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index bf95a80..e9de815 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -111,6 +111,10 @@ ip6tables -A loutreos-forward -j ACCEPT -i eno2 ip6tables -A loutreos-forward -j nixos-fw-log-refuse ip6tables -w -A FORWARD -j loutreos-forward + + # Redirect local network request from server external IP to internal IP + # Make the server available even without internet access + iptables -t nat -A PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 ''; }; }; From d1b5f85fb3288fde993668721dd3367b5931294e Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 22 Feb 2024 11:11:06 +0100 Subject: [PATCH 115/240] fix rspam WebUI with IPv6 --- systems/LoutreOS/services.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 81f4f91..49d6c10 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -87,7 +87,7 @@ in }; rspamd.workers.controller.extraConfig = '' - secure_ip = ["0.0.0.0/0"]; + secure_ip = ["0.0.0.0/0", "::"]; ''; # redis.enable = true; From 50ee8138ea0e504cac5878ce891b5c2bc855d59e Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 22 Feb 2024 13:32:38 +0100 Subject: [PATCH 116/240] fix gitea for offline use --- systems/LoutreOS/configuration.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index e9de815..56c7864 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -48,6 +48,10 @@ hostName = "loutreos"; # Define your hostname. hostId = "7e66e347"; + hosts = { + "127.0.0.1" = [ "gitea.nyanlout.re" ]; + }; + useNetworkd = true; useDHCP = false; From c3f141ae24382e06427d4ff98a3428f2c9d6ac0e Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 22 Feb 2024 13:33:11 +0100 Subject: [PATCH 117/240] remove PREROUTING rule first to prevent already existing rule error --- systems/LoutreOS/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 56c7864..b643360 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -118,6 +118,7 @@ # Redirect local network request from server external IP to internal IP # Make the server available even without internet access + iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true iptables -t nat -A PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 ''; }; From 5c05e540cbb7f4fa4676fb5e9743d6535f7b0b1e Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 22 Feb 2024 13:33:43 +0100 Subject: [PATCH 118/240] redirect SMTP port to VPS server as backup --- systems/LoutreOS/configuration.nix | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index b643360..77a4c9b 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -228,7 +228,18 @@ }; }; - services.autossh.sessions = [ { extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 loutre@vps772619.ovh.net"; monitoringPort = 20000; name = "backup-ssh-reverse"; user = "autossh"; } ]; + # Options explanations + # -N disable shell + # -R 0.0.0.0:2222:127.0.0.1:22 redirect SSH port on VPS server on port 2222 + # -R 127.0.0.1:2525:127.0.0.1:25 redirect SMTP port on VPS port 2525 + services.autossh.sessions = [ + { + extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 -R 127.0.0.1:2525:127.0.0.1:25 loutre@vps772619.ovh.net"; + monitoringPort = 20000; + name = "backup-ssh-reverse"; + user = "autossh"; + } + ]; virtualisation.podman.enable = true; From 0df6f351493d0c199505d5ecb7fbb26c0f5792c2 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 28 Feb 2024 20:01:08 +0100 Subject: [PATCH 119/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d2003f2223cbb8cd95134e4a0541beea215c1073' (2024-01-19) → 'github:NixOS/nixpkgs/b7ee09cf5614b02d289cd86fcfa6f24d4e078c2a' (2024-02-26) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/842d9d80cfd4560648c785f8a4e6f3b096790e19' (2024-01-17) → 'github:NixOS/nixpkgs/13aff9b34cc32e59d35c62ac9356e4a41198a538' (2024-02-26) • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/4bfb8eb058f098302c97b909df2d019926e11220' (2023-12-19) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/e47f3719f1db3e0961a4358d4cb234a0acaa7baf' (2024-01-25) • Removed input 'simple-nixos-mailserver/nixpkgs-22_11' • Updated input 'simple-nixos-mailserver/nixpkgs-23_05': 'github:NixOS/nixpkgs/8966c43feba2c701ed624302b6a935f97bcbdf88' (2023-05-22) → 'github:NixOS/nixpkgs/70bdadeb94ffc8806c0570eb5c2695ad29f0e421' (2024-01-03) --- flake.lock | 40 ++++++++++++---------------------------- 1 file changed, 12 insertions(+), 28 deletions(-) diff --git a/flake.lock b/flake.lock index 8f0a176..58af383 100644 --- a/flake.lock +++ b/flake.lock @@ -94,11 +94,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1705641746, - "narHash": "sha256-D6c2aH8HQbWc7ZWSV0BUpFpd94ImFyCP8jFIsKQ4Slg=", + "lastModified": 1708979614, + "narHash": "sha256-FWLWmYojIg6TeqxSnHkKpHu5SGnFP5um1uUjH+wRV6g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d2003f2223cbb8cd95134e4a0541beea215c1073", + "rev": "b7ee09cf5614b02d289cd86fcfa6f24d4e078c2a", "type": "github" }, "original": { @@ -107,28 +107,13 @@ "type": "indirect" } }, - "nixpkgs-22_11": { - "locked": { - "lastModified": 1669558522, - "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-22.11", - "type": "indirect" - } - }, "nixpkgs-23_05": { "locked": { - "lastModified": 1684782344, - "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=", + "lastModified": 1704290814, + "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88", + "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421", "type": "github" }, "original": { @@ -139,11 +124,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1705496572, - "narHash": "sha256-rPIe9G5EBLXdBdn9ilGc0nq082lzQd0xGGe092R/5QE=", + "lastModified": 1708984720, + "narHash": "sha256-gJctErLbXx4QZBBbGp78PxtOOzsDaQ+yw1ylNQBuSUY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "842d9d80cfd4560648c785f8a4e6f3b096790e19", + "rev": "13aff9b34cc32e59d35c62ac9356e4a41198a538", "type": "github" }, "original": { @@ -169,7 +154,6 @@ "nixpkgs": [ "nixpkgs-unstable" ], - "nixpkgs-22_11": "nixpkgs-22_11", "nixpkgs-23_05": "nixpkgs-23_05", "nixpkgs-23_11": [ "nixpkgs" @@ -177,11 +161,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1703023684, - "narHash": "sha256-XQU4OaacV0F2tf9cNAvIMqlC0HBIrAtvb0MLjIHt+7M=", + "lastModified": 1706219574, + "narHash": "sha256-qO+8UErk+bXCq2ybHU4GzXG4Ejk4Tk0rnnTPNyypW4g=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "4bfb8eb058f098302c97b909df2d019926e11220", + "rev": "e47f3719f1db3e0961a4358d4cb234a0acaa7baf", "type": "gitlab" }, "original": { From 4d02c7a637ec2094862e3f62c781ec518c88576c Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 7 Mar 2024 20:21:03 +0100 Subject: [PATCH 120/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/b7ee09cf5614b02d289cd86fcfa6f24d4e078c2a' (2024-02-26) → 'github:NixOS/nixpkgs/880992dcc006a5e00dd0591446fdf723e6a51a64' (2024-03-05) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/13aff9b34cc32e59d35c62ac9356e4a41198a538' (2024-02-26) → 'github:NixOS/nixpkgs/9df3e30ce24fd28c7b3e2de0d986769db5d6225d' (2024-03-06) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 58af383..7a93065 100644 --- a/flake.lock +++ b/flake.lock @@ -94,11 +94,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1708979614, - "narHash": "sha256-FWLWmYojIg6TeqxSnHkKpHu5SGnFP5um1uUjH+wRV6g=", + "lastModified": 1709677081, + "narHash": "sha256-tix36Y7u0rkn6mTm0lA45b45oab2cFLqAzDbJxeXS+c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b7ee09cf5614b02d289cd86fcfa6f24d4e078c2a", + "rev": "880992dcc006a5e00dd0591446fdf723e6a51a64", "type": "github" }, "original": { @@ -124,11 +124,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1708984720, - "narHash": "sha256-gJctErLbXx4QZBBbGp78PxtOOzsDaQ+yw1ylNQBuSUY=", + "lastModified": 1709703039, + "narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "13aff9b34cc32e59d35c62ac9356e4a41198a538", + "rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d", "type": "github" }, "original": { From 9c77dca20310b23230e0e40909cf77c6ed463554 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 8 Apr 2024 21:15:52 +0200 Subject: [PATCH 121/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/880992dcc006a5e00dd0591446fdf723e6a51a64' (2024-03-05) → 'github:NixOS/nixpkgs/e38d7cb66ea4f7a0eb6681920615dfcc30fc2920' (2024-04-06) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/9df3e30ce24fd28c7b3e2de0d986769db5d6225d' (2024-03-06) → 'github:NixOS/nixpkgs/ff0dbd94265ac470dda06a657d5fe49de93b4599' (2024-04-06) --- flake.lock | 67 ++++++------------------------------------------------ 1 file changed, 7 insertions(+), 60 deletions(-) diff --git a/flake.lock b/flake.lock index 7a93065..342ddbb 100644 --- a/flake.lock +++ b/flake.lock @@ -53,24 +53,6 @@ "type": "github" } }, - "flake-utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "ipmihddtemp": { "inputs": { "nixpkgs": [ @@ -94,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1709677081, - "narHash": "sha256-tix36Y7u0rkn6mTm0lA45b45oab2cFLqAzDbJxeXS+c=", + "lastModified": 1712437997, + "narHash": "sha256-g0whLLwRvgO2FsyhY8fNk+TWenS3jg5UdlWL4uqgFeo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "880992dcc006a5e00dd0591446fdf723e6a51a64", + "rev": "e38d7cb66ea4f7a0eb6681920615dfcc30fc2920", "type": "github" }, "original": { @@ -124,11 +106,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1709703039, - "narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=", + "lastModified": 1712439257, + "narHash": "sha256-aSpiNepFOMk9932HOax0XwNxbA38GOUVOiXfUVPOrck=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d", + "rev": "ff0dbd94265ac470dda06a657d5fe49de93b4599", "type": "github" }, "original": { @@ -143,8 +125,7 @@ "ipmihddtemp": "ipmihddtemp", "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable", - "simple-nixos-mailserver": "simple-nixos-mailserver", - "utils": "utils_2" + "simple-nixos-mailserver": "simple-nixos-mailserver" } }, "simple-nixos-mailserver": { @@ -175,21 +156,6 @@ "type": "gitlab" } }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "utils": { "locked": { "lastModified": 1605370193, @@ -204,25 +170,6 @@ "repo": "flake-utils", "type": "github" } - }, - "utils_2": { - "inputs": { - "flake-utils": "flake-utils" - }, - "locked": { - "lastModified": 1696281284, - "narHash": "sha256-xcmtTmoiiAOSk4abifbtqVZk0iwBcqJfg47iUbkwhcE=", - "owner": "gytis-ivaskevicius", - "repo": "flake-utils-plus", - "rev": "6cf1e312fb259693c4930d07ca3cbe1d07ef4a48", - "type": "github" - }, - "original": { - "owner": "gytis-ivaskevicius", - "ref": "v1.4.0", - "repo": "flake-utils-plus", - "type": "github" - } } }, "root": "root", From 189885868bc2a4faf597ed6f3b8be76a654db4c9 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 23 Apr 2024 17:10:56 +0200 Subject: [PATCH 122/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e38d7cb66ea4f7a0eb6681920615dfcc30fc2920' (2024-04-06) → 'github:NixOS/nixpkgs/a5e4bbcb4780c63c79c87d29ea409abf097de3f7' (2024-04-21) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/ff0dbd94265ac470dda06a657d5fe49de93b4599' (2024-04-06) → 'github:NixOS/nixpkgs/6143fc5eeb9c4f00163267708e26191d1e918932' (2024-04-21) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 342ddbb..945bfc1 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1712437997, - "narHash": "sha256-g0whLLwRvgO2FsyhY8fNk+TWenS3jg5UdlWL4uqgFeo=", + "lastModified": 1713725259, + "narHash": "sha256-9ZR/Rbx5/Z/JZf5ehVNMoz/s5xjpP0a22tL6qNvLt5E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e38d7cb66ea4f7a0eb6681920615dfcc30fc2920", + "rev": "a5e4bbcb4780c63c79c87d29ea409abf097de3f7", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1712439257, - "narHash": "sha256-aSpiNepFOMk9932HOax0XwNxbA38GOUVOiXfUVPOrck=", + "lastModified": 1713714899, + "narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ff0dbd94265ac470dda06a657d5fe49de93b4599", + "rev": "6143fc5eeb9c4f00163267708e26191d1e918932", "type": "github" }, "original": { From 1c93135d606a935836e49fdc9a4b3366938b868a Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 May 2024 09:52:39 +0200 Subject: [PATCH 123/240] remove flake util plus --- flake.nix | 75 +++++++++++++++++++++++++++++-------------------------- 1 file changed, 39 insertions(+), 36 deletions(-) diff --git a/flake.nix b/flake.nix index ef5839c..ca27da5 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,6 @@ inputs = { nixpkgs.url = "flake:nixpkgs/nixos-23.11"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; - utils.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.4.0"; simple-nixos-mailserver = { url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.11"; inputs = { @@ -20,46 +19,50 @@ }; }; - outputs = inputs@{ self, utils, nixpkgs, nixpkgs-unstable, simple-nixos-mailserver, dogetipbot-telegram, ipmihddtemp }: utils.lib.mkFlake { + outputs = { self, nixpkgs, nixpkgs-unstable, simple-nixos-mailserver, dogetipbot-telegram, ipmihddtemp }: { - inherit self inputs; - - channels.nixpkgs-unstable.config = { allowUnfree = true; }; - - supportedSystems = [ "x86_64-linux" ]; - - # Patch example - - # channels.nixpkgs-unstable.patches = [ - # (nixpkgs-unstable.legacyPackages."x86_64-linux".fetchpatch { - # name = "electron-cash.patch"; - # url = "https://github.com/NixOS/nixpkgs/pull/160607.patch"; - # sha256 = nixpkgs.lib.fakeHash; - # }) - # ]; - - hostDefaults.modules = [ - nixpkgs.nixosModules.notDetected - { - nix.generateRegistryFromInputs = true; - nix.linkInputs = true; - nix.generateNixPathFromInputs = true; - } - ]; - - hosts.loutreos.modules = [ - simple-nixos-mailserver.nixosModule - dogetipbot-telegram.nixosModule - ipmihddtemp.nixosModule - ./systems/LoutreOS/configuration.nix - ]; - - hosts.paul-fixe = { - channelName = "nixpkgs-unstable"; + nixosConfigurations.paul-fixe = nixpkgs-unstable.lib.nixosSystem { + system = "x86_64-linux"; modules = [ + nixpkgs-unstable.nixosModules.notDetected + { + nixpkgs.config.allowUnfree = true; + nix = { + settings.experimental-features = [ "nix-command" "flakes" ]; + registry = { + nixpkgs.to = { + type = "path"; + path = nixpkgs-unstable.legacyPackages.x86_64-linux.path; + }; + }; + }; + } ./systems/PC-Fixe/configuration.nix ]; }; + + nixosConfigurations.loutreos = nixpkgs-unstable.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + nixpkgs-unstable.nixosModules.notDetected + simple-nixos-mailserver.nixosModule + dogetipbot-telegram.nixosModule + ipmihddtemp.nixosModule + { + nix = { + settings.experimental-features = [ "nix-command" "flakes" ]; + registry = { + nixpkgs.to = { + type = "path"; + path = nixpkgs.legacyPackages.x86_64-linux.path; + }; + }; + }; + } + ./systems/LoutreOS/configuration.nix + ]; + }; + }; } From 42799518f5fc0e4892b2f5cb8b1aaa61376169a3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 May 2024 09:53:33 +0200 Subject: [PATCH 124/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/a5e4bbcb4780c63c79c87d29ea409abf097de3f7' (2024-04-21) → 'github:NixOS/nixpkgs/44072e24566c5bcc0b7aa9178a0104f4cfffab19' (2024-05-12) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/6143fc5eeb9c4f00163267708e26191d1e918932' (2024-04-21) → 'github:NixOS/nixpkgs/2057814051972fa1453ddfb0d98badbea9b83c06' (2024-05-12) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 945bfc1..0482a43 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1713725259, - "narHash": "sha256-9ZR/Rbx5/Z/JZf5ehVNMoz/s5xjpP0a22tL6qNvLt5E=", + "lastModified": 1715542476, + "narHash": "sha256-FF593AtlzQqa8JpzrXyRws4CeKbc5W86o8tHt4nRfIg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a5e4bbcb4780c63c79c87d29ea409abf097de3f7", + "rev": "44072e24566c5bcc0b7aa9178a0104f4cfffab19", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1713714899, - "narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=", + "lastModified": 1715534503, + "narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6143fc5eeb9c4f00163267708e26191d1e918932", + "rev": "2057814051972fa1453ddfb0d98badbea9b83c06", "type": "github" }, "original": { From f9871ae0e1d6c69765c99d7ecaf42b1eec217a54 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 May 2024 10:38:08 +0200 Subject: [PATCH 125/240] fix flake-util-plus migration --- flake.nix | 3 ++- systems/LoutreOS/medias.nix | 10 +++++----- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/flake.nix b/flake.nix index ca27da5..18f2591 100644 --- a/flake.nix +++ b/flake.nix @@ -41,8 +41,9 @@ ]; }; - nixosConfigurations.loutreos = nixpkgs-unstable.lib.nixosSystem { + nixosConfigurations.loutreos = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; + specialArgs = { inherit nixpkgs-unstable; }; modules = [ nixpkgs-unstable.nixosModules.notDetected simple-nixos-mailserver.nixosModule diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index 39bf858..6c3fa2b 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -1,10 +1,10 @@ -{ config, lib, pkgs, inputs, ... }: +{ config, lib, pkgs, nixpkgs-unstable, ... }: { services = { transmission = { enable = true; - package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.transmission_4; + package = nixpkgs-unstable.legacyPackages.x86_64-linux.transmission_4; home = "/var/lib/transmission"; group = "medias"; settings = { @@ -20,17 +20,17 @@ radarr = { enable = true; - package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.radarr; + package = nixpkgs-unstable.legacyPackages.x86_64-linux.radarr; }; sonarr = { enable = true; - package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.sonarr; + package = nixpkgs-unstable.legacyPackages.x86_64-linux.sonarr; }; prowlarr.enable = true; jellyfin = { enable = true; - package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.jellyfin; + package = nixpkgs-unstable.legacyPackages.x86_64-linux.jellyfin; }; navidrome = { From ab8c752a761b25f99dea322c5076d251dda93681 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 May 2024 10:38:42 +0200 Subject: [PATCH 126/240] remove open mail port --- systems/LoutreOS/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 77a4c9b..9cabaec 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -234,7 +234,7 @@ # -R 127.0.0.1:2525:127.0.0.1:25 redirect SMTP port on VPS port 2525 services.autossh.sessions = [ { - extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 -R 127.0.0.1:2525:127.0.0.1:25 loutre@vps772619.ovh.net"; + extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 loutre@vps772619.ovh.net"; monitoringPort = 20000; name = "backup-ssh-reverse"; user = "autossh"; From a6ce24d547353e461327b4dd17f5a7a553501a50 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 May 2024 12:08:15 +0200 Subject: [PATCH 127/240] fix firewall --- systems/LoutreOS/configuration.nix | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 9cabaec..5da49ec 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -107,15 +107,6 @@ ]; }; extraCommands = '' - ip6tables -w -D FORWARD -j loutreos-forward 2>/dev/null || true - ip6tables -w -F loutreos-forward 2>/dev/null || true - ip6tables -w -X loutreos-forward 2>/dev/null || true - ip6tables -w -N loutreos-forward - ip6tables -A loutreos-forward -m state --state RELATED,ESTABLISHED -j ACCEPT - ip6tables -A loutreos-forward -j ACCEPT -i eno2 - ip6tables -A loutreos-forward -j nixos-fw-log-refuse - ip6tables -w -A FORWARD -j loutreos-forward - # Redirect local network request from server external IP to internal IP # Make the server available even without internet access iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true @@ -139,6 +130,7 @@ }; dhcpPrefixDelegationConfig.SubnetId = "0"; }; + "40-eno1".linkConfig.RequiredForOnline = "no"; "40-eno2" = { networkConfig = { IPv6SendRA = true; From 3725e3066396ab2a0534b19bee03e19eae5a23ce Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 May 2024 17:39:29 +0200 Subject: [PATCH 128/240] install nextcloud --- systems/LoutreOS/hardware-configuration.nix | 5 +++++ systems/LoutreOS/web.nix | 22 +++++++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index b32d6f1..720b883 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -158,6 +158,11 @@ fsType = "zfs"; }; + fileSystems."/var/lib/nextcloud" = + { device = "loutrepool/var/nextcloud"; + fsType = "zfs"; + }; + fileSystems."/var/lib/private/photoprism" = { device = "loutrepool/var/photoprism"; fsType = "zfs"; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 0d82934..0d3aacd 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -345,6 +345,10 @@ in "challenge.amandoline-creations.fr" = base { "/".alias = "/var/www/amandoline-challenge/"; }; + ${config.services.nextcloud.hostName} = { + forceSSL = true; + enableACME = true; + }; }; }; @@ -381,6 +385,20 @@ in # enable = true; # package = pkgs.mariadb; # }; + + nextcloud = { + enable = true; + package = pkgs.nextcloud29; + hostName = "cloud.nyanlout.re"; + database.createLocally = true; + https = true; + maxUploadSize = "16G"; + config = { + dbtype = "pgsql"; + adminpassFile = "$CREDENTIALS_DIRECTORY/nextcloud_admin.pass"; + }; + }; + }; systemd.services.nginx.serviceConfig = { @@ -397,6 +415,10 @@ in ]; }; + systemd.services.nextcloud-setup.serviceConfig = { + LoadCredential = "nextcloud_admin.pass:/mnt/secrets/nextcloud_admin.pass"; + }; + systemd.services.site-musique = let djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_3 pillow setuptools ])); in { From 1abd6bd06deb662ade68c594d3214f54d946eaf8 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 May 2024 17:39:41 +0200 Subject: [PATCH 129/240] fix webdav server --- systems/LoutreOS/web.nix | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 0d3aacd..9fda161 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -302,14 +302,17 @@ in # }; "drive.nyanlout.re" = base { "/" = { - index = "/index.php"; extraConfig = '' fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:${config.services.phpfpm.pools.drive.socket}; include ${pkgs.nginx}/conf/fastcgi_params; include ${pkgs.nginx}/conf/fastcgi.conf; - - client_max_body_size 0; + fastcgi_param SCRIPT_FILENAME $document_root/index.php; + fastcgi_intercept_errors on; + fastcgi_buffers 64 4K; + client_body_temp_path /mnt/webdav/tmp_upload; + client_max_body_size 0; + proxy_request_buffering off; ''; }; } // { @@ -415,6 +418,12 @@ in ]; }; + systemd.services.phpfpm-drive.serviceConfig = { + ReadWritePaths = [ + "/mnt/webdav" + ]; + }; + systemd.services.nextcloud-setup.serviceConfig = { LoadCredential = "nextcloud_admin.pass:/mnt/secrets/nextcloud_admin.pass"; }; From c5596f9a04faba745dbe9ed81987f3e11c140663 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 May 2024 22:54:04 +0200 Subject: [PATCH 130/240] revert a6ce24d547353e461327b4dd17f5a7a553501a50 (#3) revert fix firewall Reviewed-on: https://gitea.nyanlout.re/nyanloutre/nixos-config/pulls/3 --- systems/LoutreOS/configuration.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 5da49ec..a6e4dca 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -107,11 +107,25 @@ ]; }; extraCommands = '' + ip6tables -w -D FORWARD -j loutreos-forward 2>/dev/null || true + ip6tables -w -F loutreos-forward 2>/dev/null || true + ip6tables -w -X loutreos-forward 2>/dev/null || true + ip6tables -w -N loutreos-forward + ip6tables -A loutreos-forward -m state --state RELATED,ESTABLISHED -j ACCEPT + ip6tables -A loutreos-forward -j ACCEPT -i eno2 + ip6tables -A loutreos-forward -j nixos-fw-log-refuse + ip6tables -w -A FORWARD -j loutreos-forward + # Redirect local network request from server external IP to internal IP # Make the server available even without internet access iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true iptables -t nat -A PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 ''; + # remove refs to nixos-fw-log-refuse before restarting firewall + # prevents "ressource busy" errors + extraStopCommands = '' + ip6tables -D loutreos-forward -j nixos-fw-log-refuse 2>/dev/null || true + ''; }; }; From eee03fe1b4fbc5630dbb3d9977a6fd56c0bf3f70 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 28 May 2024 17:59:30 +0200 Subject: [PATCH 131/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/44072e24566c5bcc0b7aa9178a0104f4cfffab19' (2024-05-12) → 'github:NixOS/nixpkgs/9d29cd266cebf80234c98dd0b87256b6be0af44e' (2024-05-25) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/2057814051972fa1453ddfb0d98badbea9b83c06' (2024-05-12) → 'github:NixOS/nixpkgs/bfb7a882678e518398ce9a31a881538679f6f092' (2024-05-24) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 0482a43..f312499 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1715542476, - "narHash": "sha256-FF593AtlzQqa8JpzrXyRws4CeKbc5W86o8tHt4nRfIg=", + "lastModified": 1716633019, + "narHash": "sha256-xim1b5/HZYbWaZKyI7cn9TJCM6ewNVZnesRr00mXeS4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "44072e24566c5bcc0b7aa9178a0104f4cfffab19", + "rev": "9d29cd266cebf80234c98dd0b87256b6be0af44e", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1715534503, - "narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=", + "lastModified": 1716509168, + "narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2057814051972fa1453ddfb0d98badbea9b83c06", + "rev": "bfb7a882678e518398ce9a31a881538679f6f092", "type": "github" }, "original": { From f22931c57da2d01284e0a8fbdcee861a94680bb1 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 8 Jun 2024 11:15:37 +0200 Subject: [PATCH 132/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/9d29cd266cebf80234c98dd0b87256b6be0af44e' (2024-05-25) → 'github:NixOS/nixpkgs/9b5328b7f761a7bbdc0e332ac4cf076a3eedb89b' (2024-06-06) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/bfb7a882678e518398ce9a31a881538679f6f092' (2024-05-24) → 'github:NixOS/nixpkgs/e8057b67ebf307f01bdcc8fba94d94f75039d1f6' (2024-06-05) • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/e47f3719f1db3e0961a4358d4cb234a0acaa7baf' (2024-01-25) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/62afb98ef6385bcb745d7b189ef4efdce2044030' (2024-06-08) • Updated input 'simple-nixos-mailserver/flake-compat': 'github:edolstra/flake-compat/009399224d5e398d03b22badca40a37ac85412a1' (2022-11-17) → 'github:edolstra/flake-compat/0f9255e01c2351cc7d116c072cb317785dd33b33' (2023-10-04) • Removed input 'simple-nixos-mailserver/nixpkgs-23_05' • Removed input 'simple-nixos-mailserver/nixpkgs-23_11' • Added input 'simple-nixos-mailserver/nixpkgs-24_05': follows 'nixpkgs' • Updated input 'simple-nixos-mailserver/utils': 'github:numtide/flake-utils/5021eac20303a61fafe17224c087f5519baed54d' (2020-11-14) → 'github:numtide/flake-utils/d465f4819400de7c8d874d50b982301f28a84605' (2024-02-28) • Added input 'simple-nixos-mailserver/utils/systems': 'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09) --- flake.lock | 72 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 37 insertions(+), 35 deletions(-) diff --git a/flake.lock b/flake.lock index f312499..d8c6092 100644 --- a/flake.lock +++ b/flake.lock @@ -40,11 +40,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1668681692, - "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -76,41 +76,26 @@ }, "nixpkgs": { "locked": { - "lastModified": 1716633019, - "narHash": "sha256-xim1b5/HZYbWaZKyI7cn9TJCM6ewNVZnesRr00mXeS4=", + "lastModified": 1717696253, + "narHash": "sha256-1+ua0ggXlYYPLTmMl3YeYYsBXDSCqT+Gw3u6l4gvMhA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9d29cd266cebf80234c98dd0b87256b6be0af44e", + "rev": "9b5328b7f761a7bbdc0e332ac4cf076a3eedb89b", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-23.11", - "type": "indirect" - } - }, - "nixpkgs-23_05": { - "locked": { - "lastModified": 1704290814, - "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-23.05", + "ref": "nixos-24.05", "type": "indirect" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1716509168, - "narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=", + "lastModified": 1717602782, + "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bfb7a882678e518398ce9a31a881538679f6f092", + "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", "type": "github" }, "original": { @@ -135,34 +120,51 @@ "nixpkgs": [ "nixpkgs-unstable" ], - "nixpkgs-23_05": "nixpkgs-23_05", - "nixpkgs-23_11": [ + "nixpkgs-24_05": [ "nixpkgs" ], "utils": "utils" }, "locked": { - "lastModified": 1706219574, - "narHash": "sha256-qO+8UErk+bXCq2ybHU4GzXG4Ejk4Tk0rnnTPNyypW4g=", + "lastModified": 1717834029, + "narHash": "sha256-woG0M/WIrYDQeYd+aXRvGGMyojLmXND04Pi9XqE7ZxU=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "e47f3719f1db3e0961a4358d4cb234a0acaa7baf", + "rev": "62afb98ef6385bcb745d7b189ef4efdce2044030", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-23.11", + "ref": "nixos-24.05", "repo": "nixos-mailserver", "type": "gitlab" } }, - "utils": { + "systems": { "locked": { - "lastModified": 1605370193, - "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1709126324, + "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", "owner": "numtide", "repo": "flake-utils", - "rev": "5021eac20303a61fafe17224c087f5519baed54d", + "rev": "d465f4819400de7c8d874d50b982301f28a84605", "type": "github" }, "original": { From 5ff33123952cc6dbfa8feda924e9462a0686dfcf Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 8 Jun 2024 11:21:16 +0200 Subject: [PATCH 133/240] LoutreOS: upgrade to 24.05 --- flake.nix | 6 +++--- systems/LoutreOS/configuration.nix | 2 +- systems/LoutreOS/web.nix | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.nix b/flake.nix index 18f2591..32d3b48 100644 --- a/flake.nix +++ b/flake.nix @@ -1,12 +1,12 @@ { inputs = { - nixpkgs.url = "flake:nixpkgs/nixos-23.11"; + nixpkgs.url = "flake:nixpkgs/nixos-24.05"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; simple-nixos-mailserver = { - url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.11"; + url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; inputs = { nixpkgs.follows = "nixpkgs-unstable"; - nixpkgs-23_11.follows = "nixpkgs"; + nixpkgs-24_05.follows = "nixpkgs"; }; }; dogetipbot-telegram = { diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index a6e4dca..1db9963 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -37,7 +37,7 @@ }; }; - hardware.usbWwan.enable = true; + hardware.usb-modeswitch.enable = true; # eno1 -> VLAN100 -> Internet # eno2 -> LAN diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 9fda161..036a528 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -429,7 +429,7 @@ in }; systemd.services.site-musique = let - djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_3 pillow setuptools ])); + djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_4 pillow setuptools ])); in { description = "Site Django de la musique de Meyenheim"; after = [ "network.target" ]; From 5bda267c8521fda60b515d050407fd13a944a08b Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 9 Jun 2024 18:24:04 +0200 Subject: [PATCH 134/240] pkgs/watcharr: init at v1.39.0 --- flake.nix | 2 ++ pkgs/default.nix | 3 ++ pkgs/watcharr/default.nix | 63 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 68 insertions(+) create mode 100644 pkgs/default.nix create mode 100644 pkgs/watcharr/default.nix diff --git a/flake.nix b/flake.nix index 32d3b48..7fc25dc 100644 --- a/flake.nix +++ b/flake.nix @@ -21,6 +21,8 @@ outputs = { self, nixpkgs, nixpkgs-unstable, simple-nixos-mailserver, dogetipbot-telegram, ipmihddtemp }: { + packages.x86_64-linux = (import ./pkgs nixpkgs.legacyPackages.x86_64-linux); + nixosConfigurations.paul-fixe = nixpkgs-unstable.lib.nixosSystem { system = "x86_64-linux"; modules = [ diff --git a/pkgs/default.nix b/pkgs/default.nix new file mode 100644 index 0000000..f433fdd --- /dev/null +++ b/pkgs/default.nix @@ -0,0 +1,3 @@ +pkgs: { + watcharr = pkgs.callPackage ./watcharr { }; +} diff --git a/pkgs/watcharr/default.nix b/pkgs/watcharr/default.nix new file mode 100644 index 0000000..d58b28b --- /dev/null +++ b/pkgs/watcharr/default.nix @@ -0,0 +1,63 @@ +{ lib +, pkgs +, buildGoModule +, fetchFromGitHub +, buildNpmPackage +, nixosTests +, caddy +, testers +, installShellFiles +, stdenv +}: + +let + version = "1.39.0"; + src = fetchFromGitHub { + owner = "sbondCo"; + repo = "Watcharr"; + rev = "v${version}"; + sha256 = "sha256-40XLYc1ub2Qzf8r9g+Ay8Y8CAHYU+P9CI60heLAuQkE="; + }; + + frontend = buildNpmPackage { + pname = "watcharr-ui"; + inherit version src; + npmDepsHash = "sha256-sigkeK1bLbZfOU8756yLt5avqnOJWC4t4TnV6EvFTPY="; + + installPhase = '' + cp -r build $out + cp package.json package-lock.json $out + cd $out && npm ci --omit=dev + ''; + }; +in +buildGoModule { + pname = "watcharr"; + inherit version; + + src = src + "/server"; + + vendorHash = "sha256-vmroCetQc1Ix65B2Br33lyWt0FwGeQXMoD5fLinQg28="; + + # Inject frontend assets into go embed + prePatch = '' + # rm -rf ui + # ln -s ${frontend} ui + substituteInPlace watcharr.go \ + --replace-fail ui/index.js ${frontend}/index.js + ''; + + buildInputs = [ pkgs.makeWrapper ]; + + postFixup = '' + wrapProgram "$out/bin/Watcharr" --prefix PATH : "${lib.makeBinPath [ pkgs.nodejs ]}" + ''; + + meta = with lib; { + homepage = "https://watcharr.app/"; + description = "Open source, self-hostable watched list for all your content with user authentication, modern and clean UI and a very simple setup"; + license = licenses.asl20; + # mainProgram = "caddy"; + maintainers = with maintainers; [ nyanloutre ]; + }; +} From 9dc6cea27004115b3addca2a41da19c33674420a Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 25 Jun 2024 22:11:42 +0200 Subject: [PATCH 135/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/9b5328b7f761a7bbdc0e332ac4cf076a3eedb89b' (2024-06-06) → 'github:NixOS/nixpkgs/e4509b3a560c87a8d4cb6f9992b8915abf9e36d8' (2024-06-23) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/e8057b67ebf307f01bdcc8fba94d94f75039d1f6' (2024-06-05) → 'github:NixOS/nixpkgs/2893f56de08021cffd9b6b6dfc70fd9ccd51eb60' (2024-06-24) • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/62afb98ef6385bcb745d7b189ef4efdce2044030' (2024-06-08) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/29916981e7b3b5782dc5085ad18490113f8ff63b' (2024-06-11) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index d8c6092..74cf287 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1717696253, - "narHash": "sha256-1+ua0ggXlYYPLTmMl3YeYYsBXDSCqT+Gw3u6l4gvMhA=", + "lastModified": 1719145550, + "narHash": "sha256-K0i/coxxTEl30tgt4oALaylQfxqbotTSNb1/+g+mKMQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9b5328b7f761a7bbdc0e332ac4cf076a3eedb89b", + "rev": "e4509b3a560c87a8d4cb6f9992b8915abf9e36d8", "type": "github" }, "original": { @@ -91,11 +91,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1717602782, - "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", + "lastModified": 1719254875, + "narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", + "rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60", "type": "github" }, "original": { @@ -126,11 +126,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1717834029, - "narHash": "sha256-woG0M/WIrYDQeYd+aXRvGGMyojLmXND04Pi9XqE7ZxU=", + "lastModified": 1718084203, + "narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "62afb98ef6385bcb745d7b189ef4efdce2044030", + "rev": "29916981e7b3b5782dc5085ad18490113f8ff63b", "type": "gitlab" }, "original": { From 6e6498aaa1b8f47e5d5cc95a7bd2fa4d644d03b1 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 26 Jun 2024 22:52:55 +0200 Subject: [PATCH 136/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e4509b3a560c87a8d4cb6f9992b8915abf9e36d8' (2024-06-23) → 'github:NixOS/nixpkgs/fc07dc3bdf2956ddd64f24612ea7fc894933eb2e' (2024-06-24) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 74cf287..a53045c 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1719145550, - "narHash": "sha256-K0i/coxxTEl30tgt4oALaylQfxqbotTSNb1/+g+mKMQ=", + "lastModified": 1719253556, + "narHash": "sha256-A/76RFUVxZ/7Y8+OMVL1Lc8LRhBxZ8ZE2bpMnvZ1VpY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e4509b3a560c87a8d4cb6f9992b8915abf9e36d8", + "rev": "fc07dc3bdf2956ddd64f24612ea7fc894933eb2e", "type": "github" }, "original": { From d445dd9c4691632e79fc83fa41bd7aba76b3e811 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 2 Jul 2024 20:15:06 +0200 Subject: [PATCH 137/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/fc07dc3bdf2956ddd64f24612ea7fc894933eb2e' (2024-06-24) → 'github:NixOS/nixpkgs/d032c1a6dfad4eedec7e35e91986becc699d7d69' (2024-07-01) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/2893f56de08021cffd9b6b6dfc70fd9ccd51eb60' (2024-06-24) → 'github:NixOS/nixpkgs/00d80d13810dbfea8ab4ed1009b09100cca86ba8' (2024-07-01) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index a53045c..8e6bf8f 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1719253556, - "narHash": "sha256-A/76RFUVxZ/7Y8+OMVL1Lc8LRhBxZ8ZE2bpMnvZ1VpY=", + "lastModified": 1719838683, + "narHash": "sha256-Zw9rQjHz1ilNIimEXFeVa1ERNRBF8DoXDhLAZq5B4pE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fc07dc3bdf2956ddd64f24612ea7fc894933eb2e", + "rev": "d032c1a6dfad4eedec7e35e91986becc699d7d69", "type": "github" }, "original": { @@ -91,11 +91,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1719254875, - "narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=", + "lastModified": 1719848872, + "narHash": "sha256-H3+EC5cYuq+gQW8y0lSrrDZfH71LB4DAf+TDFyvwCNA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60", + "rev": "00d80d13810dbfea8ab4ed1009b09100cca86ba8", "type": "github" }, "original": { From e8586051ddecaef01781108e965f6304d21c1769 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 7 Jul 2024 22:47:05 +0200 Subject: [PATCH 138/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d032c1a6dfad4eedec7e35e91986becc699d7d69' (2024-07-01) → 'github:NixOS/nixpkgs/49ee0e94463abada1de470c9c07bfc12b36dcf40' (2024-07-06) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/00d80d13810dbfea8ab4ed1009b09100cca86ba8' (2024-07-01) → 'github:NixOS/nixpkgs/9f4128e00b0ae8ec65918efeba59db998750ead6' (2024-07-03) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 8e6bf8f..6b8ba3a 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1719838683, - "narHash": "sha256-Zw9rQjHz1ilNIimEXFeVa1ERNRBF8DoXDhLAZq5B4pE=", + "lastModified": 1720244366, + "narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d032c1a6dfad4eedec7e35e91986becc699d7d69", + "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40", "type": "github" }, "original": { @@ -91,11 +91,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1719848872, - "narHash": "sha256-H3+EC5cYuq+gQW8y0lSrrDZfH71LB4DAf+TDFyvwCNA=", + "lastModified": 1720031269, + "narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "00d80d13810dbfea8ab4ed1009b09100cca86ba8", + "rev": "9f4128e00b0ae8ec65918efeba59db998750ead6", "type": "github" }, "original": { From 5a83340353b41e5ef0f9b9ef2e78e8ce4849398e Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 8 Jul 2024 14:09:46 +0200 Subject: [PATCH 139/240] migration PC fixe vers Wayland --- systems/PC-Fixe/configuration.nix | 182 +-------------------- systems/PC-Fixe/hardware-configuration.nix | 4 + systems/common-gui.nix | 26 +-- 3 files changed, 15 insertions(+), 197 deletions(-) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 06a816c..9abe4af 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -29,9 +29,6 @@ boot.tmp.useTmpfs = false; boot.supportedFilesystems = [ "zfs" ]; - virtualisation.virtualbox.host.enable = true; - # virtualisation.virtualbox.host.enableExtensionPack = true; - # virtualisation.anbox.enable = true; virtualisation.podman.enable = true; services.zfs = { @@ -62,21 +59,6 @@ # Logitech G920 hardware.usb-modeswitch.enable = true; - # hardware.pulseaudio.extraConfig = '' - # load-module module-null-sink sink_name=mic_denoised_out rate=48000 - # load-module module-ladspa-sink sink_name=mic_raw_in sink_master=mic_denoised_out label=noise_suppressor_mono plugin=${pkgs.rnnoise-plugin}/lib/ladspa/librnnoise_ladspa.so control=50 - # load-module module-loopback source=alsa_input.pci-0000_09_00.4.analog-stereo sink=mic_raw_in channels=1 source_dont_move=true sink_dont_move=true - - # load-module module-echo-cancel source_name=hd_mic source_master=mic_denoised_out.monitor sink_master=alsa_output.pci-0000_09_00.4.analog-stereo - - # set-default-source hd_mic - # ''; - - # hardware.pulseaudio.configFile = pkgs.runCommand "default.pa" {} '' - # sed '/module-switch-on-port-available$/d' \ - # ${pkgs.pulseaudio}/etc/pulse/default.pa > $out - # ''; - services.udev.packages = with pkgs; [ usb-modeswitch-data # Logitech G920 ]; @@ -85,8 +67,6 @@ ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE="0664", GROUP="dialout" ''; - security.pki.certificateFiles = [ ./codemasters.pem ]; - networking.hostName = "paul-fixe"; networking.hostId = "3a1f739e"; @@ -104,11 +84,6 @@ networking.firewall.enable = false; - services.xserver.displayManager.autoLogin = { - enable = true; - user = "paul"; - }; - users.users.paul = { isNormalUser = true; extraGroups = [ "wheel" "networkmanager" "wireshark" "input" "dialout" "libvirtd" "vboxusers" ]; @@ -125,164 +100,11 @@ X11Forwarding = true; }; - # security.pki.certificates = [ - # '' - # -----BEGIN CERTIFICATE----- - # MIIDoTCCAomgAwIBAgIGDorvJrq1MA0GCSqGSIb3DQEBCwUAMCgxEjAQBgNVBAMM - # CW1pdG1wcm94eTESMBAGA1UECgwJbWl0bXByb3h5MB4XDTIwMDgzMDE5MjA1NloX - # DTIzMDkwMTE5MjA1NlowKDESMBAGA1UEAwwJbWl0bXByb3h5MRIwEAYDVQQKDAlt - # aXRtcHJveHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsUHB2if9A - # L5ytR9VrZncwDdx3J6ZdA2+wZQe9EjtX5ax1r55bbQBoJmN2HqZCSA3vdvMzr42W - # Jx0ksNhNocEGvER2dTUIqkUKeeYQIRCc5CD9T5IpUVVKm3aeJo+FATmuzg4m23MZ - # a9Up4nCdUJwufSqzv0ZWvEHERWtRXPYRZ2t+vKqnCS+dOQ3NsGWvC+12i7kNMKyy - # 0ylFBY/BZfaH/kMVzUijAnNQPWpW3T/Wqpx7z+IXZ+ccCQ1U1N26FXhSMa/+DenW - # fo27QVNOu5cIIpAYmTl6+Oek0XLSH8oFLdjeVtBJuHFA1iAfmqPv4yJDKbSgg/d8 - # Jb46BE2ZyW6RAgMBAAGjgdAwgc0wDwYDVR0TAQH/BAUwAwEB/zARBglghkgBhvhC - # AQEEBAMCAgQweAYDVR0lBHEwbwYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcD - # BAYIKwYBBQUHAwgGCisGAQQBgjcCARUGCisGAQQBgjcCARYGCisGAQQBgjcKAwEG - # CisGAQQBgjcKAwMGCisGAQQBgjcKAwQGCWCGSAGG+EIEATAOBgNVHQ8BAf8EBAMC - # AQYwHQYDVR0OBBYEFEiFqrQtFmTV66rlQ9SCqp7ohrtsMA0GCSqGSIb3DQEBCwUA - # A4IBAQBfH5xpxt4mCdnjiISaMeEcKuur2kfVbQEKNceDeKLZJfcwEkMtAr0LeyMV - # 1hkExtvyU0JPmgyzU7Le4UHEB8pwyyD3kYx7vBtxjVSXAbK1YKgDllPmXtlJGmA/ - # SMuxnwkUXwMeZBxmu8LR1SOQiMX+aZvYbQIjigduXOC/ZSHYtJbh+RmrvHFEBu7L - # zZx8DzJKOmlfo9gohNIW1ucRM6B4B5yy5plqurGlkFPHlRqGoWkJPI4oB+cobzMh - # QidzHgk4Set3bqIuYAsqtHGxdTtnGooagQBUWt0CxmGdmonofzinsAAasKprcBl6 - # QaNGz7o/LfHprXvCM1mHjbVVbZN2 - # -----END CERTIFICATE----- - # '' - # ]; - - # services.wakeonlan.interfaces = [ { interface = "eno1"; method = "magicpacket"; } ]; - - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - package = pkgs.nginx.override { - modules = with pkgs.nginxModules; [ rtmp ]; - }; - virtualHosts."stream.nyanlout.re" = { - locations."/" = { - root = "/var/www/hls/"; - extraConfig = '' - add_header Cache-Control no-cache; - add_header Access-Control-Allow-Origin *; - ''; - }; - default = true; - }; - appendConfig = let - rootLocation = config.services.nginx.virtualHosts."stream.nyanlout.re".locations."/".root; - in '' - rtmp { - server { - listen 1935; - - application live { - live on; - interleave on; - exec_push ${pkgs.ffmpeg}/bin/ffmpeg -i rtmp://localhost/$app/$name -async 1 -vsync -1 - -c:v libx264 -c:a aac -b:v 256k -b:a 96k -vf "scale=480:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_low - -c:v libx264 -c:a aac -b:v 768k -b:a 96k -vf "scale=720:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_mid - -c:v libx264 -c:a aac -b:v 1024k -b:a 128k -vf "scale=960:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_high - -c:v libx264 -c:a aac -b:v 1920k -b:a 128k -vf "scale=1280:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_hd720 - -c copy -f flv rtmp://localhost/show/$name_src 2>>${rootLocation}/ffmpeg-$name.log; - } - - application show { - live on; - hls on; - - hls_path ${rootLocation}; - hls_fragment 5; - hls_playlist_length 10; - hls_nested on; - - hls_variant _low BANDWIDTH=352000; # Low bitrate, sub-SD resolution - hls_variant _mid BANDWIDTH=448000; # Medium bitrate, SD resolution - hls_variant _high BANDWIDTH=1152000; # High bitrate, higher-than-SD resolution - hls_variant _hd720 BANDWIDTH=2048000; # High bitrate, HD 720p resolution - hls_variant _src BANDWIDTH=8192000; # Source bitrate, source resolution - } - } - } - ''; - }; - - services.xserver.deviceSection = '' - Option "metamodes" "DP-4: 3440x1440_144 +0+0 {AllowGSYNCCompatible=On}" - ''; - services.printing.enable = true; services.printing.drivers = [ pkgs.hplip ]; - systemd = let - DP4Config = "--output DP-4 --mode 3440x1440 --rate 144"; - HDMIConfig = "--output HDMI-0 --auto --left-of DP-4"; - in { - services = { - wol = { - description = "Wake-on-LAN"; - wantedBy = [ "multi-user.target" ]; - requires = [ "network.target" ]; - after = [ "network.target" ]; - script = '' - ${pkgs.ethtool}/sbin/ethtool -s eno1 wol g - ''; - serviceConfig.Type = "oneshot"; - }; - nginx.serviceConfig.ReadWritePaths = "/var/www/hls"; - zfs-replication.serviceConfig.StateDirectory = "zfs-replication"; - }; - user.services = { - "enableTV" = { - description = "Enable TV output"; - script = '' - ${pkgs.xorg.xrandr}/bin/xrandr ${DP4Config} --primary - /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-4: 3440x1440_144 { AllowGSYNCCompatible=On }" - ${pkgs.xorg.xrandr}/bin/xrandr ${HDMIConfig} - ${pkgs.pipewire}/bin/pw-cli s 43 Profile '{ index: 1 }' - ''; - conflicts = ["CSMode.service"]; - serviceConfig.Type = "oneshot"; - }; - "primaryTV" = { - description = "Set TV output as primary"; - script = '' - ${pkgs.xorg.xrandr}/bin/xrandr ${DP4Config} - /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-4: 3440x1440_144 { AllowGSYNCCompatible=On }" - ${pkgs.xorg.xrandr}/bin/xrandr ${HDMIConfig} --primary - ${pkgs.pipewire}/bin/pw-cli s 43 Profile '{ index: 1 }' - ''; - conflicts = ["CSMode.service"]; - serviceConfig.Type = "oneshot"; - }; - "FreeSyncMode" = { - description = "Enable FreeSync screen only"; - script = '' - ${pkgs.xorg.xrandr}/bin/xrandr ${DP4Config} - /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-4: 3440x1440_144 { AllowGSYNCCompatible=On }" - ${pkgs.xorg.xrandr}/bin/xrandr --output HDMI-0 --off - ''; - conflicts = ["CSMode.service"]; - serviceConfig.Type = "oneshot"; - }; - "CSMode" = { - description = "Enable 4:3 black bars"; - script = '' - ${pkgs.xorg.xrandr}/bin/xrandr ${DP4Config} --primary - /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-4: 3440x1440_144 { ViewPortIn=3440x1440, ViewPortOut=1920x1440+760+0, AllowGSYNCCompatible=On }" - ${pkgs.xorg.xrandr}/bin/xrandr --output HDMI-0 --off - ''; - preStop = '' - /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-4: 3440x1440_144 { ViewPortIn=3440x1440, ViewPortOut=3440x1440+0+0, AllowGSYNCCompatible=On }" - ''; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - }; - }; + systemd.services = { + zfs-replication.serviceConfig.StateDirectory = "zfs-replication"; }; system.stateVersion = "20.03"; diff --git a/systems/PC-Fixe/hardware-configuration.nix b/systems/PC-Fixe/hardware-configuration.nix index 1547b63..9277cce 100644 --- a/systems/PC-Fixe/hardware-configuration.nix +++ b/systems/PC-Fixe/hardware-configuration.nix @@ -11,6 +11,10 @@ services.xserver.videoDrivers = [ "nvidia" ]; hardware.cpu.amd.updateMicrocode = true; + hardware.nvidia = { + modesetting.enable = true; + nvidiaSettings = false; + }; fileSystems."/" = { device = "rpool/root/nixos"; diff --git a/systems/common-gui.nix b/systems/common-gui.nix index 909737d..2edf12d 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -14,8 +14,6 @@ betaflight-configurator - # electrum - # electron-cash ledger-live-desktop monero-gui @@ -37,7 +35,7 @@ ark kate kmail - plasma5Packages.kdeconnect-kde + kdePackages.kdeconnect-kde okular yakuake konversation @@ -50,8 +48,6 @@ inherit (texlive) scheme-small titling collection-langfrench cm-super; }) - libsForQt5.breeze-gtk - libreoffice gimp @@ -76,12 +72,6 @@ programs.steam.enable = true; - # hardware = { - # pulseaudio.enable = true; - # }; - - # sound.enable = true; - security.rtkit.enable = true; services.pipewire = { @@ -107,12 +97,14 @@ }; services = { - xserver = { - enable = true; - layout = "fr"; - exportConfiguration = true; - displayManager.sddm.enable = true; - desktopManager.plasma5.enable = true; + desktopManager.plasma6.enable = true; + displayManager = { + autoLogin.user = "paul"; + sddm = { + enable = true; + wayland.enable = true; + autoLogin.relogin = true; + }; }; udev.packages = with pkgs; [ ledger-udev-rules ]; pcscd.enable = true; From 968033f95dc9502373ca36a83a630662557bac94 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 8 Jul 2024 14:15:04 +0200 Subject: [PATCH 140/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/49ee0e94463abada1de470c9c07bfc12b36dcf40' (2024-07-06) → 'github:NixOS/nixpkgs/194846768975b7ad2c4988bdb82572c00222c0d7' (2024-07-07) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 6b8ba3a..c97f099 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1720244366, - "narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=", + "lastModified": 1720386169, + "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40", + "rev": "194846768975b7ad2c4988bdb82572c00222c0d7", "type": "github" }, "original": { From c39ed728910f0fcaf508b93c79dfa708f84abc4f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 8 Jul 2024 20:58:18 +0200 Subject: [PATCH 141/240] LoutreOS: rollback wayland --- systems/PC-Fixe/configuration.nix | 6 ++++++ systems/PC-Fixe/hardware-configuration.nix | 1 - systems/common-gui.nix | 13 ++++++++++--- 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 9abe4af..df609f1 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -84,6 +84,8 @@ networking.firewall.enable = false; + services.displayManager.autoLogin.user = "paul"; + users.users.paul = { isNormalUser = true; extraGroups = [ "wheel" "networkmanager" "wireshark" "input" "dialout" "libvirtd" "vboxusers" ]; @@ -100,6 +102,10 @@ X11Forwarding = true; }; + services.xserver.deviceSection = '' + Option "metamodes" "DP-4: 3440x1440_144 +0+0 {AllowGSYNCCompatible=On}" + ''; + services.printing.enable = true; services.printing.drivers = [ pkgs.hplip ]; diff --git a/systems/PC-Fixe/hardware-configuration.nix b/systems/PC-Fixe/hardware-configuration.nix index 9277cce..1deb602 100644 --- a/systems/PC-Fixe/hardware-configuration.nix +++ b/systems/PC-Fixe/hardware-configuration.nix @@ -13,7 +13,6 @@ hardware.cpu.amd.updateMicrocode = true; hardware.nvidia = { modesetting.enable = true; - nvidiaSettings = false; }; fileSystems."/" = diff --git a/systems/common-gui.nix b/systems/common-gui.nix index 2edf12d..b58f9d4 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -48,6 +48,8 @@ inherit (texlive) scheme-small titling collection-langfrench cm-super; }) + libsForQt5.breeze-gtk + libreoffice gimp @@ -97,15 +99,20 @@ }; services = { - desktopManager.plasma6.enable = true; + # desktopManager.plasma6.enable = true; displayManager = { - autoLogin.user = "paul"; sddm = { enable = true; - wayland.enable = true; + # wayland.enable = true; autoLogin.relogin = true; }; }; + xserver = { + enable = true; + xkb.layout = "fr"; + exportConfiguration = true; + desktopManager.plasma5.enable = true; + }; udev.packages = with pkgs; [ ledger-udev-rules ]; pcscd.enable = true; }; From cd2c41130dcfc7594d1718e2b6a9589f02d06bc0 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 14 Jul 2024 14:56:46 +0200 Subject: [PATCH 142/240] LoutreOS: create lg devmode reset timer --- systems/LoutreOS/services.nix | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 49d6c10..e8705c9 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -331,7 +331,26 @@ in }; }; - systemd.services."borgbackup-job-loutre".serviceConfig.TemporaryFileSystem = ["/mnt/borgsnap"]; + systemd = { + timers."lg-devmode-reset" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = "5m"; + OnUnitActiveSec = "1w"; + }; + }; + services = { + "borgbackup-job-loutre".serviceConfig.TemporaryFileSystem = ["/mnt/borgsnap"]; + "lg-devmode-reset" = { + script = '' + ${pkgs.curl}/bin/curl https://developer.lge.com/secure/ResetDevModeSession.dev\?sessionToken\=9f94269da0dc14fd924b65d8dca28b076f931ad1ca04fe7a09ac78cdb0e22cb4 + ''; + serviceConfig = { + Type = "oneshot"; + }; + }; + }; + }; dogetipbot-telegram.enable = true; From 9e08d33ccfb3e8c10dace0244135d0f54541a4a8 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 14 Jul 2024 14:57:35 +0200 Subject: [PATCH 143/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/194846768975b7ad2c4988bdb82572c00222c0d7' (2024-07-07) → 'github:NixOS/nixpkgs/f12ee5f64c6a09995e71c9626d88c4efa983b488' (2024-07-12) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/9f4128e00b0ae8ec65918efeba59db998750ead6' (2024-07-03) → 'github:NixOS/nixpkgs/7e7c39ea35c5cdd002cd4588b03a3fb9ece6fad9' (2024-07-12) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index c97f099..e2907d8 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1720386169, - "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=", + "lastModified": 1720823163, + "narHash": "sha256-FZ5dnrvKkln9ESdoTR8R7GKW9rNpXNZrxGsOXsbsTpE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "194846768975b7ad2c4988bdb82572c00222c0d7", + "rev": "f12ee5f64c6a09995e71c9626d88c4efa983b488", "type": "github" }, "original": { @@ -91,11 +91,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1720031269, - "narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=", + "lastModified": 1720768451, + "narHash": "sha256-EYekUHJE2gxeo2pM/zM9Wlqw1Uw2XTJXOSAO79ksc4Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9f4128e00b0ae8ec65918efeba59db998750ead6", + "rev": "7e7c39ea35c5cdd002cd4588b03a3fb9ece6fad9", "type": "github" }, "original": { From 260cf209714402e076feed78168b14033ff2aee2 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 14 Jul 2024 16:14:45 +0200 Subject: [PATCH 144/240] LoutreOS: install watcharr --- flake.nix | 15 +++++++++++++++ pkgs/watcharr/default.nix | 11 ++++++----- systems/LoutreOS/web.nix | 1 + 3 files changed, 22 insertions(+), 5 deletions(-) diff --git a/flake.nix b/flake.nix index 7fc25dc..2a5a3c3 100644 --- a/flake.nix +++ b/flake.nix @@ -61,6 +61,21 @@ }; }; }; + systemd.services.watcharr = { + description = "Watcharr"; + after = [ "network.target" ]; + environment = { + PORT = "3005"; + WATCHARR_DATA = "/var/lib/watcharr"; + }; + serviceConfig = { + DynamicUser = true; + StateDirectory = "watcharr"; + ExecStart = "${self.packages.x86_64-linux.watcharr}/bin/Watcharr"; + PrivateTmp = true; + }; + wantedBy = [ "multi-user.target" ]; + }; } ./systems/LoutreOS/configuration.nix ]; diff --git a/pkgs/watcharr/default.nix b/pkgs/watcharr/default.nix index d58b28b..23422d7 100644 --- a/pkgs/watcharr/default.nix +++ b/pkgs/watcharr/default.nix @@ -11,18 +11,18 @@ }: let - version = "1.39.0"; + version = "1.41.0"; src = fetchFromGitHub { owner = "sbondCo"; repo = "Watcharr"; rev = "v${version}"; - sha256 = "sha256-40XLYc1ub2Qzf8r9g+Ay8Y8CAHYU+P9CI60heLAuQkE="; + hash = "sha256-ZvCxgfZZ9pbp+NvH+IhWphJWnAwgAH0x/REPd/XxJ70="; }; frontend = buildNpmPackage { pname = "watcharr-ui"; inherit version src; - npmDepsHash = "sha256-sigkeK1bLbZfOU8756yLt5avqnOJWC4t4TnV6EvFTPY="; + npmDepsHash = "sha256-73paI0y4QyzkEnU99f1HeLD/hW8GP3F9N8tGGQnloH8="; installPhase = '' cp -r build $out @@ -37,14 +37,15 @@ buildGoModule { src = src + "/server"; - vendorHash = "sha256-vmroCetQc1Ix65B2Br33lyWt0FwGeQXMoD5fLinQg28="; + vendorHash = "sha256-86pFpS8ZSj+c7vwn0QCwzXlvVYJIf3SBj4X81zlwBWQ="; # Inject frontend assets into go embed prePatch = '' # rm -rf ui # ln -s ${frontend} ui substituteInPlace watcharr.go \ - --replace-fail ui/index.js ${frontend}/index.js + --replace-fail ui/index.js ${frontend}/index.js \ + --replace-fail \"127.0.0.1:3000\" "\"127.0.0.1:\"+os.Getenv(\"PORT\")" ''; buildInputs = [ pkgs.makeWrapper ]; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 036a528..64dbdde 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -352,6 +352,7 @@ in forceSSL = true; enableACME = true; }; + "watcharr.nyanlout.re" = simpleReverse 3080; }; }; From b34231217adbf699f0ee7300721b246ce3903ec3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 14 Jul 2024 16:14:58 +0200 Subject: [PATCH 145/240] replace youtube-dl by yt-dlp --- systems/common-cli.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/common-cli.nix b/systems/common-cli.nix index d8359d9..031f53e 100644 --- a/systems/common-cli.nix +++ b/systems/common-cli.nix @@ -57,7 +57,7 @@ fzf file ncdu - youtube-dl + yt-dlp tldr starship From 2772a3086d9cad2c3fc9d71d7aad99eca1059cd9 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 28 Jul 2024 13:57:16 +0200 Subject: [PATCH 146/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/f12ee5f64c6a09995e71c9626d88c4efa983b488' (2024-07-12) → 'github:NixOS/nixpkgs/8c50662509100d53229d4be607f1a3a31157fa12' (2024-07-27) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/7e7c39ea35c5cdd002cd4588b03a3fb9ece6fad9' (2024-07-12) → 'github:NixOS/nixpkgs/b73c2221a46c13557b1b3be9c2070cc42cf01eb3' (2024-07-27) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index e2907d8..e3e0b15 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1720823163, - "narHash": "sha256-FZ5dnrvKkln9ESdoTR8R7GKW9rNpXNZrxGsOXsbsTpE=", + "lastModified": 1722087241, + "narHash": "sha256-2ShmEaFi0kJVOEEu5gmlykN5dwjWYWYUJmlRTvZQRpU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f12ee5f64c6a09995e71c9626d88c4efa983b488", + "rev": "8c50662509100d53229d4be607f1a3a31157fa12", "type": "github" }, "original": { @@ -91,11 +91,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1720768451, - "narHash": "sha256-EYekUHJE2gxeo2pM/zM9Wlqw1Uw2XTJXOSAO79ksc4Y=", + "lastModified": 1722062969, + "narHash": "sha256-QOS0ykELUmPbrrUGmegAUlpmUFznDQeR4q7rFhl8eQg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7e7c39ea35c5cdd002cd4588b03a3fb9ece6fad9", + "rev": "b73c2221a46c13557b1b3be9c2070cc42cf01eb3", "type": "github" }, "original": { From 114fae331f1bf0ee71147b8cdd5ad187c64a45b2 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 29 Jul 2024 20:20:22 +0200 Subject: [PATCH 147/240] fix Epomaker Fn keys --- systems/PC-Fixe/configuration.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index df609f1..6caccbf 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -28,6 +28,9 @@ ]; boot.tmp.useTmpfs = false; boot.supportedFilesystems = [ "zfs" ]; + boot.extraModprobeConfig = '' + options hid_apple fnmode=2 + ''; virtualisation.podman.enable = true; From 43e14afa38e1ce3269aed6024c67891c0253f61c Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 29 Jul 2024 20:22:42 +0200 Subject: [PATCH 148/240] disable old HDD mount --- systems/PC-Fixe/hardware-configuration.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/systems/PC-Fixe/hardware-configuration.nix b/systems/PC-Fixe/hardware-configuration.nix index 1deb602..97fc3ee 100644 --- a/systems/PC-Fixe/hardware-configuration.nix +++ b/systems/PC-Fixe/hardware-configuration.nix @@ -40,10 +40,10 @@ fsType = "zfs"; }; - fileSystems."/mnt/hdd" = - { device = "/dev/mapper/ManjaroVG-ManjaroRoot"; - fsType = "ext4"; - }; + # fileSystems."/mnt/hdd" = + # { device = "/dev/mapper/ManjaroVG-ManjaroRoot"; + # fsType = "ext4"; + # }; fileSystems."/mnt/medias" = { device = "10.30.0.1:/mnt/medias"; From 2b9d525a50387a934d4470d9b9d3d5efe3f651f1 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 29 Jul 2024 20:23:06 +0200 Subject: [PATCH 149/240] fix browserpass in Firefox --- systems/common-gui.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/common-gui.nix b/systems/common-gui.nix index b58f9d4..99b065c 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -17,7 +17,6 @@ ledger-live-desktop monero-gui - firefox tor-browser-bundle-bin brave @@ -73,6 +72,7 @@ console.keyMap = "fr"; programs.steam.enable = true; + programs.firefox.enable = true; security.rtkit.enable = true; From 56095f920c79aca4704d237e716ac2d6040371ca Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 6 Aug 2024 17:56:31 +0200 Subject: [PATCH 150/240] Improve Nextcloud preview generation and autoupdate apps --- systems/LoutreOS/web.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 64dbdde..a373e0a 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -401,6 +401,25 @@ in dbtype = "pgsql"; adminpassFile = "$CREDENTIALS_DIRECTORY/nextcloud_admin.pass"; }; + settings = { + "preview_max_filesize_image" = "-1"; + "preview_max_memory" = "1024"; + "preview_ffmpeg_path" = "${pkgs.ffmpeg}/bin/ffmpeg"; + "enabledPreviewProviders" = [ + ''OC\Preview\BMP'' + ''OC\Preview\GIF'' + ''OC\Preview\JPEG'' + ''OC\Preview\Krita'' + ''OC\Preview\MarkDown'' + ''OC\Preview\MP3'' + ''OC\Preview\OpenDocument'' + ''OC\Preview\PNG'' + ''OC\Preview\TXT'' + ''OC\Preview\XBitmap'' + ''OC\Preview\Movie'' + ]; + }; + autoUpdateApps.enable = true; }; }; From 91b73bceb1da432d467ed485879743f0b9d21678 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 7 Aug 2024 09:36:58 +0200 Subject: [PATCH 151/240] backup nextcloud --- systems/LoutreOS/services.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index e8705c9..e4f0e79 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -127,6 +127,8 @@ in "/var/lib/hass" "/var/lib/opendkim" "/var/lib/slimserver" + "/var/lib/watcharr" + "/var/lib/nextcloud" "/mnt/medias/musique" "/mnt/medias/torrent/lidarr" "/mnt/medias/torrent/musique" @@ -139,6 +141,7 @@ in exclude = [ "/var/lib/radarr/.config/Radarr/radarr.db-wal" "/var/lib/radarr/.config/Radarr/radarr.db-shm" + "/mnt/paul-home/paul/.cache" ]; repo = "ssh://u306925@u306925.your-storagebox.de:23/./loutreos"; environment = { BORG_RSH = "ssh -i /mnt/secrets/hetzner_ssh_key"; }; From 01cf06eba18428d73e179cbca8a38e4ae340d3bb Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 7 Aug 2024 09:55:37 +0200 Subject: [PATCH 152/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/8c50662509100d53229d4be607f1a3a31157fa12' (2024-07-27) → 'github:NixOS/nixpkgs/883180e6550c1723395a3a342f830bfc5c371f6b' (2024-08-05) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/b73c2221a46c13557b1b3be9c2070cc42cf01eb3' (2024-07-27) → 'github:NixOS/nixpkgs/cb9a96f23c491c081b38eab96d22fa958043c9fa' (2024-08-04) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index e3e0b15..f27cff0 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1722087241, - "narHash": "sha256-2ShmEaFi0kJVOEEu5gmlykN5dwjWYWYUJmlRTvZQRpU=", + "lastModified": 1722869614, + "narHash": "sha256-7ojM1KSk3mzutD7SkrdSflHXEujPvW1u7QuqWoTLXQU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8c50662509100d53229d4be607f1a3a31157fa12", + "rev": "883180e6550c1723395a3a342f830bfc5c371f6b", "type": "github" }, "original": { @@ -91,11 +91,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1722062969, - "narHash": "sha256-QOS0ykELUmPbrrUGmegAUlpmUFznDQeR4q7rFhl8eQg=", + "lastModified": 1722813957, + "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b73c2221a46c13557b1b3be9c2070cc42cf01eb3", + "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa", "type": "github" }, "original": { From 278b49fe661affced623fd9dc2c9607259f828b3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 12 Aug 2024 10:06:12 +0200 Subject: [PATCH 153/240] cleanup common GUI config --- systems/PC-Fixe/configuration.nix | 6 +++-- systems/common-cli.nix | 3 ++- systems/common-gui.nix | 38 +++++++++++++++---------------- 3 files changed, 25 insertions(+), 22 deletions(-) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 6caccbf..eac4b97 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -82,8 +82,10 @@ esphome ]; - programs.wireshark.enable = true; - programs.wireshark.package = pkgs.wireshark; + programs = { + wireshark.enable = true; + alvr.enable = true; + }; networking.firewall.enable = false; diff --git a/systems/common-cli.nix b/systems/common-cli.nix index 031f53e..3b5e1af 100644 --- a/systems/common-cli.nix +++ b/systems/common-cli.nix @@ -30,7 +30,6 @@ }) # Gestionnaires de version - gitMinimal tig gitAndTools.hub quilt @@ -104,6 +103,8 @@ bash.interactiveShellInit = '' eval "$(starship init bash)" ''; + + git.enable = true; }; environment.variables = let diff --git a/systems/common-gui.nix b/systems/common-gui.nix index 99b065c..5de6654 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -61,7 +61,6 @@ glxinfo i7z - appimage-run pavucontrol ]; @@ -71,31 +70,26 @@ console.keyMap = "fr"; - programs.steam.enable = true; - programs.firefox.enable = true; - - security.rtkit.enable = true; - - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - }; - networking.networkmanager.enable = true; systemd.extraConfig = "DefaultLimitNOFILE=1048576"; - security.pam.loginLimits = [{ - domain = "*"; - type = "hard"; - item = "nofile"; - value = "1048576"; - }]; + + security = { + pam.loginLimits = [{ + domain = "*"; + type = "hard"; + item = "nofile"; + value = "1048576"; + }]; + rtkit.enable = true; + }; programs = { gnupg.agent = { enable = true; enableSSHSupport = true; }; browserpass.enable = true; + steam.enable = true; + firefox.enable = true; + appimage.enable = true; }; services = { @@ -113,6 +107,12 @@ exportConfiguration = true; desktopManager.plasma5.enable = true; }; + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; udev.packages = with pkgs; [ ledger-udev-rules ]; pcscd.enable = true; }; From e4c8c2acfa870b544446cfe7fec509280a643a9f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 12 Aug 2024 10:07:17 +0200 Subject: [PATCH 154/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/8c50662509100d53229d4be607f1a3a31157fa12' (2024-07-27) → 'github:NixOS/nixpkgs/a781ff33ae258bbcfd4ed6e673860c3e923bf2cc' (2024-08-10) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/b73c2221a46c13557b1b3be9c2070cc42cf01eb3' (2024-07-27) → 'github:NixOS/nixpkgs/5e0ca22929f3342b19569b21b2f3462f053e497b' (2024-08-09) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index e3e0b15..d4115c8 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1722087241, - "narHash": "sha256-2ShmEaFi0kJVOEEu5gmlykN5dwjWYWYUJmlRTvZQRpU=", + "lastModified": 1723282977, + "narHash": "sha256-oTK91aOlA/4IsjNAZGMEBz7Sq1zBS0Ltu4/nIQdYDOg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8c50662509100d53229d4be607f1a3a31157fa12", + "rev": "a781ff33ae258bbcfd4ed6e673860c3e923bf2cc", "type": "github" }, "original": { @@ -91,11 +91,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1722062969, - "narHash": "sha256-QOS0ykELUmPbrrUGmegAUlpmUFznDQeR4q7rFhl8eQg=", + "lastModified": 1723175592, + "narHash": "sha256-M0xJ3FbDUc4fRZ84dPGx5VvgFsOzds77KiBMW/mMTnI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b73c2221a46c13557b1b3be9c2070cc42cf01eb3", + "rev": "5e0ca22929f3342b19569b21b2f3462f053e497b", "type": "github" }, "original": { From c5e29217973b3d7ed5fa83ffb1b6930de961ca7d Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 6 Sep 2024 01:15:42 +0200 Subject: [PATCH 155/240] install switch emulator --- systems/common-gui.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/common-gui.nix b/systems/common-gui.nix index 5de6654..6d8365d 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -11,6 +11,7 @@ prismlauncher lutris teamspeak_client + ryujinx betaflight-configurator From 06d9956291cfaa979ceac335f1239ab77f9099da Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 6 Sep 2024 01:17:01 +0200 Subject: [PATCH 156/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/a781ff33ae258bbcfd4ed6e673860c3e923bf2cc' (2024-08-10) → 'github:NixOS/nixpkgs/6f6c45b5134a8ee2e465164811e451dcb5ad86e3' (2024-09-03) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/5e0ca22929f3342b19569b21b2f3462f053e497b' (2024-08-09) → 'github:NixOS/nixpkgs/ad416d066ca1222956472ab7d0555a6946746a80' (2024-09-04) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index d4115c8..7942c7f 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1723282977, - "narHash": "sha256-oTK91aOlA/4IsjNAZGMEBz7Sq1zBS0Ltu4/nIQdYDOg=", + "lastModified": 1725407940, + "narHash": "sha256-tiN5Rlg/jiY0tyky+soJZoRzLKbPyIdlQ77xVgREDNM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a781ff33ae258bbcfd4ed6e673860c3e923bf2cc", + "rev": "6f6c45b5134a8ee2e465164811e451dcb5ad86e3", "type": "github" }, "original": { @@ -91,11 +91,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1723175592, - "narHash": "sha256-M0xJ3FbDUc4fRZ84dPGx5VvgFsOzds77KiBMW/mMTnI=", + "lastModified": 1725432240, + "narHash": "sha256-+yj+xgsfZaErbfYM3T+QvEE2hU7UuE+Jf0fJCJ8uPS0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5e0ca22929f3342b19569b21b2f3462f053e497b", + "rev": "ad416d066ca1222956472ab7d0555a6946746a80", "type": "github" }, "original": { From 41d4a4ab12f1026e0fb23666243139181be31425 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 6 Sep 2024 01:34:44 +0200 Subject: [PATCH 157/240] fix nvidia driver --- systems/PC-Fixe/hardware-configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/PC-Fixe/hardware-configuration.nix b/systems/PC-Fixe/hardware-configuration.nix index 97fc3ee..9fa5a75 100644 --- a/systems/PC-Fixe/hardware-configuration.nix +++ b/systems/PC-Fixe/hardware-configuration.nix @@ -12,6 +12,7 @@ services.xserver.videoDrivers = [ "nvidia" ]; hardware.cpu.amd.updateMicrocode = true; hardware.nvidia = { + open = false; modesetting.enable = true; }; From 5b1cc90b6f2a96caac265ba0ad44d4dfa7524e11 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 2 Oct 2024 17:54:44 +0200 Subject: [PATCH 158/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/6f6c45b5134a8ee2e465164811e451dcb5ad86e3' (2024-09-03) → 'github:NixOS/nixpkgs/1719f27dd95fd4206afb9cec9f415b539978827e' (2024-09-30) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/ad416d066ca1222956472ab7d0555a6946746a80' (2024-09-04) → 'github:NixOS/nixpkgs/27e30d177e57d912d614c88c622dcfdb2e6e6515' (2024-10-01) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 7942c7f..256ab04 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725407940, - "narHash": "sha256-tiN5Rlg/jiY0tyky+soJZoRzLKbPyIdlQ77xVgREDNM=", + "lastModified": 1727672256, + "narHash": "sha256-9/79hjQc9+xyH+QxeMcRsA6hDyw6Z9Eo1/oxjvwirLk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6f6c45b5134a8ee2e465164811e451dcb5ad86e3", + "rev": "1719f27dd95fd4206afb9cec9f415b539978827e", "type": "github" }, "original": { @@ -91,11 +91,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1725432240, - "narHash": "sha256-+yj+xgsfZaErbfYM3T+QvEE2hU7UuE+Jf0fJCJ8uPS0=", + "lastModified": 1727802920, + "narHash": "sha256-HP89HZOT0ReIbI7IJZJQoJgxvB2Tn28V6XS3MNKnfLs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ad416d066ca1222956472ab7d0555a6946746a80", + "rev": "27e30d177e57d912d614c88c622dcfdb2e6e6515", "type": "github" }, "original": { From d271a36f7e0270045dab9853d6498ed3c1ac4167 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 2 Oct 2024 19:04:45 +0200 Subject: [PATCH 159/240] migrate slimserver to nixos module --- systems/LoutreOS/medias.nix | 26 ++------------------------ 1 file changed, 2 insertions(+), 24 deletions(-) diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index 6c3fa2b..080d54a 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -40,6 +40,8 @@ ImageCacheSize = 0; }; }; + + slimserver.enable = true; }; systemd.services.transmission.serviceConfig = { @@ -56,28 +58,4 @@ config.services.transmission.settings.peer-port ]; }; - - virtualisation = { - podman.autoPrune.enable = true; - oci-containers = { - backend = "podman"; - containers = { - slimserver = { - image = "docker.io/lmscommunity/logitechmediaserver:stable"; - volumes = [ - "/mnt/medias/musique:/music:ro" - "/var/lib/slimserver:/config:rw" - "/etc/localtime:/etc/localtime:ro" - ]; - ports = [ - "10.30.0.1:9000:9000/tcp" - "10.30.0.1:9090:9090/tcp" - "10.30.0.1:3483:3483/tcp" - "10.30.0.1:3483:3483/udp" - ]; - extraOptions = ["--pull=always"]; - }; - }; - }; - }; } From 312c1e00a9eeefda575adccfae5f2642a1d2bb1e Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 2 Oct 2024 19:05:08 +0200 Subject: [PATCH 160/240] disable nixos containers functionality --- systems/LoutreOS/configuration.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 1db9963..f4edc52 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -25,6 +25,9 @@ tmp.useTmpfs = true; kernel.sysctl."net.ipv6.conf.all.forwarding" = true; + + # Enabling both boot.enableContainers & virtualisation.containers on system.stateVersion < 22.05 is unsupported + enableContainers = false; }; documentation.nixos.enable = false; From 25d2c2ba647773b20e1e15a72924d77382ca6bcc Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 9 Oct 2024 21:13:18 +0200 Subject: [PATCH 161/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/1719f27dd95fd4206afb9cec9f415b539978827e' (2024-09-30) → 'github:NixOS/nixpkgs/1bfbbbe5bbf888d675397c66bfdb275d0b99361c' (2024-10-07) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/27e30d177e57d912d614c88c622dcfdb2e6e6515' (2024-10-01) → 'github:NixOS/nixpkgs/c31898adf5a8ed202ce5bea9f347b1c6871f32d1' (2024-10-06) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 256ab04..0992131 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1727672256, - "narHash": "sha256-9/79hjQc9+xyH+QxeMcRsA6hDyw6Z9Eo1/oxjvwirLk=", + "lastModified": 1728328465, + "narHash": "sha256-a0a0M1TmXMK34y3M0cugsmpJ4FJPT/xsblhpiiX1CXo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1719f27dd95fd4206afb9cec9f415b539978827e", + "rev": "1bfbbbe5bbf888d675397c66bfdb275d0b99361c", "type": "github" }, "original": { @@ -91,11 +91,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1727802920, - "narHash": "sha256-HP89HZOT0ReIbI7IJZJQoJgxvB2Tn28V6XS3MNKnfLs=", + "lastModified": 1728241625, + "narHash": "sha256-yumd4fBc/hi8a9QgA9IT8vlQuLZ2oqhkJXHPKxH/tRw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "27e30d177e57d912d614c88c622dcfdb2e6e6515", + "rev": "c31898adf5a8ed202ce5bea9f347b1c6871f32d1", "type": "github" }, "original": { From d2484bb5799ac703e9191a176c4fd5482a075195 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 11 Oct 2024 22:54:30 +0200 Subject: [PATCH 162/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/1bfbbbe5bbf888d675397c66bfdb275d0b99361c' (2024-10-07) → 'github:NixOS/nixpkgs/d51c28603def282a24fa034bcb007e2bcb5b5dd0' (2024-10-09) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/c31898adf5a8ed202ce5bea9f347b1c6871f32d1' (2024-10-06) → 'github:NixOS/nixpkgs/5633bcff0c6162b9e4b5f1264264611e950c8ec7' (2024-10-09) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 0992131..8d0d330 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1728328465, - "narHash": "sha256-a0a0M1TmXMK34y3M0cugsmpJ4FJPT/xsblhpiiX1CXo=", + "lastModified": 1728500571, + "narHash": "sha256-dOymOQ3AfNI4Z337yEwHGohrVQb4yPODCW9MDUyAc4w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1bfbbbe5bbf888d675397c66bfdb275d0b99361c", + "rev": "d51c28603def282a24fa034bcb007e2bcb5b5dd0", "type": "github" }, "original": { @@ -91,11 +91,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1728241625, - "narHash": "sha256-yumd4fBc/hi8a9QgA9IT8vlQuLZ2oqhkJXHPKxH/tRw=", + "lastModified": 1728492678, + "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c31898adf5a8ed202ce5bea9f347b1c6871f32d1", + "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7", "type": "github" }, "original": { From b7cd7fcfe5f384f7c06d01ab4222013d8e903bbf Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 11 Oct 2024 22:59:27 +0200 Subject: [PATCH 163/240] disable boot.enableContainers on PC-fixe --- systems/PC-Fixe/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index eac4b97..83a7ee4 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -118,5 +118,6 @@ zfs-replication.serviceConfig.StateDirectory = "zfs-replication"; }; + boot.enableContainers = false; system.stateVersion = "20.03"; } From d6733835aa2b91f4d802627fc28f328046b97b68 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 16 Oct 2024 19:57:04 +0200 Subject: [PATCH 164/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d51c28603def282a24fa034bcb007e2bcb5b5dd0' (2024-10-09) → 'github:NixOS/nixpkgs/c0b1da36f7c34a7146501f684e9ebdf15d2bebf8' (2024-10-14) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/5633bcff0c6162b9e4b5f1264264611e950c8ec7' (2024-10-09) → 'github:NixOS/nixpkgs/a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c' (2024-10-14) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 8d0d330..bba6cc1 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1728500571, - "narHash": "sha256-dOymOQ3AfNI4Z337yEwHGohrVQb4yPODCW9MDUyAc4w=", + "lastModified": 1728909085, + "narHash": "sha256-WLxED18lodtQiayIPDE5zwAfkPJSjHJ35UhZ8h3cJUg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d51c28603def282a24fa034bcb007e2bcb5b5dd0", + "rev": "c0b1da36f7c34a7146501f684e9ebdf15d2bebf8", "type": "github" }, "original": { @@ -91,11 +91,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1728492678, - "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=", + "lastModified": 1728888510, + "narHash": "sha256-nsNdSldaAyu6PE3YUA+YQLqUDJh+gRbBooMMekZJwvI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7", + "rev": "a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c", "type": "github" }, "original": { From 032fc5650376ee8f29309210d27a9959acf965cc Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 20 Oct 2024 11:20:01 +0200 Subject: [PATCH 165/240] LoutreOS: downgrade transmission to 4.0.5 --- flake.lock | 17 +++++++++++++++++ flake.nix | 15 ++++++++++++--- overlays/transmission.nix | 8 -------- systems/LoutreOS/configuration.nix | 4 ---- systems/LoutreOS/medias.nix | 10 +++++----- 5 files changed, 34 insertions(+), 20 deletions(-) delete mode 100644 overlays/transmission.nix diff --git a/flake.lock b/flake.lock index 256ab04..8cb66c6 100644 --- a/flake.lock +++ b/flake.lock @@ -89,6 +89,22 @@ "type": "indirect" } }, + "nixpkgs-4a3fc4cf7": { + "locked": { + "lastModified": 1716914467, + "narHash": "sha256-KkT6YM/yNQqirtYj/frn6RRakliB8RDvGqVGGaNhdcU=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "rev": "4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4", + "type": "github" + } + }, "nixpkgs-unstable": { "locked": { "lastModified": 1727802920, @@ -109,6 +125,7 @@ "dogetipbot-telegram": "dogetipbot-telegram", "ipmihddtemp": "ipmihddtemp", "nixpkgs": "nixpkgs", + "nixpkgs-4a3fc4cf7": "nixpkgs-4a3fc4cf7", "nixpkgs-unstable": "nixpkgs-unstable", "simple-nixos-mailserver": "simple-nixos-mailserver" } diff --git a/flake.nix b/flake.nix index 2a5a3c3..202075b 100644 --- a/flake.nix +++ b/flake.nix @@ -2,6 +2,8 @@ inputs = { nixpkgs.url = "flake:nixpkgs/nixos-24.05"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; + # transmission 4.0.5 downgrade to fix tracker bug + nixpkgs-4a3fc4cf7.url = "github:nixos/nixpkgs/4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4"; simple-nixos-mailserver = { url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; inputs = { @@ -19,7 +21,7 @@ }; }; - outputs = { self, nixpkgs, nixpkgs-unstable, simple-nixos-mailserver, dogetipbot-telegram, ipmihddtemp }: { + outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-4a3fc4cf7, simple-nixos-mailserver, dogetipbot-telegram, ipmihddtemp }: { packages.x86_64-linux = (import ./pkgs nixpkgs.legacyPackages.x86_64-linux); @@ -43,9 +45,16 @@ ]; }; - nixosConfigurations.loutreos = nixpkgs.lib.nixosSystem { + nixosConfigurations.loutreos = nixpkgs.lib.nixosSystem rec { system = "x86_64-linux"; - specialArgs = { inherit nixpkgs-unstable; }; + specialArgs = { + pkgs-unstable = import nixpkgs-unstable { + inherit system; + }; + pkgs-4a3fc4cf7 = import nixpkgs-4a3fc4cf7 { + inherit system; + }; + }; modules = [ nixpkgs-unstable.nixosModules.notDetected simple-nixos-mailserver.nixosModule diff --git a/overlays/transmission.nix b/overlays/transmission.nix deleted file mode 100644 index 3294870..0000000 --- a/overlays/transmission.nix +++ /dev/null @@ -1,8 +0,0 @@ -self: super: -{ - transmission = (super.transmission.overrideAttrs (oA: { - patches = []; - })).override { - openssl = super.openssl_legacy; - }; -} \ No newline at end of file diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index f4edc52..3c1d316 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -214,10 +214,6 @@ "40-enp0s21u1".dhcpV4Config.RouteMetric = 1024; }; - nixpkgs.overlays = [ - (import ../../overlays/transmission.nix) - ]; - services.openssh = { enable = true; settings = { diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index 080d54a..e0c9566 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -1,10 +1,10 @@ -{ config, lib, pkgs, nixpkgs-unstable, ... }: +{ config, lib, pkgs, pkgs-unstable, pkgs-4a3fc4cf7, ... }: { services = { transmission = { enable = true; - package = nixpkgs-unstable.legacyPackages.x86_64-linux.transmission_4; + package = pkgs-4a3fc4cf7.transmission_4; home = "/var/lib/transmission"; group = "medias"; settings = { @@ -20,17 +20,17 @@ radarr = { enable = true; - package = nixpkgs-unstable.legacyPackages.x86_64-linux.radarr; + package = pkgs-unstable.radarr; }; sonarr = { enable = true; - package = nixpkgs-unstable.legacyPackages.x86_64-linux.sonarr; + package = pkgs-unstable.sonarr; }; prowlarr.enable = true; jellyfin = { enable = true; - package = nixpkgs-unstable.legacyPackages.x86_64-linux.jellyfin; + package = pkgs-unstable.jellyfin; }; navidrome = { From 9984e14035ad304c8f7afbaabdfac243ace6fe76 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 28 Oct 2024 21:43:37 +0100 Subject: [PATCH 166/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'dogetipbot-telegram': 'gitlab:nyanloutre/dogetipbot-telegram/d7970444d7b9b602b55aa67f5e593d41e97d12cf' (2023-06-13) → 'gitlab:nyanloutre/dogetipbot-telegram/f5b59ef0cb8124cadf203eb26e1498847366abad' (2024-10-20) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/c0b1da36f7c34a7146501f684e9ebdf15d2bebf8' (2024-10-14) → 'github:NixOS/nixpkgs/cd3e8833d70618c4eea8df06f95b364b016d4950' (2024-10-26) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c' (2024-10-14) → 'github:NixOS/nixpkgs/18536bf04cd71abd345f9579158841376fdd0c5a' (2024-10-25) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 6b25bbc..412d0b6 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ ] }, "locked": { - "lastModified": 1686669604, - "narHash": "sha256-xoPWq1PMEGauyZfVDx85kWERWlCZ2KWgFZSw7Fdx7Ns=", + "lastModified": 1729415843, + "narHash": "sha256-5IokBDbQEeoWROH8lrfy2Ngo2hCl+tdOY9a6WqrE1Sc=", "owner": "nyanloutre", "repo": "dogetipbot-telegram", - "rev": "d7970444d7b9b602b55aa67f5e593d41e97d12cf", + "rev": "f5b59ef0cb8124cadf203eb26e1498847366abad", "type": "gitlab" }, "original": { @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1728909085, - "narHash": "sha256-WLxED18lodtQiayIPDE5zwAfkPJSjHJ35UhZ8h3cJUg=", + "lastModified": 1729973466, + "narHash": "sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c0b1da36f7c34a7146501f684e9ebdf15d2bebf8", + "rev": "cd3e8833d70618c4eea8df06f95b364b016d4950", "type": "github" }, "original": { @@ -107,11 +107,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1728888510, - "narHash": "sha256-nsNdSldaAyu6PE3YUA+YQLqUDJh+gRbBooMMekZJwvI=", + "lastModified": 1729880355, + "narHash": "sha256-RP+OQ6koQQLX5nw0NmcDrzvGL8HDLnyXt/jHhL1jwjM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c", + "rev": "18536bf04cd71abd345f9579158841376fdd0c5a", "type": "github" }, "original": { From 3d797c3c6fe261a387e4ad328475910622aaa191 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 28 Oct 2024 21:48:12 +0100 Subject: [PATCH 167/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'dogetipbot-telegram': 'gitlab:nyanloutre/dogetipbot-telegram/f5b59ef0cb8124cadf203eb26e1498847366abad' (2024-10-20) → 'gitlab:nyanloutre/dogetipbot-telegram/667e318212920005917792b06e0f480b421fa6d3' (2024-10-28) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 412d0b6..901a5ee 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ ] }, "locked": { - "lastModified": 1729415843, - "narHash": "sha256-5IokBDbQEeoWROH8lrfy2Ngo2hCl+tdOY9a6WqrE1Sc=", + "lastModified": 1730148450, + "narHash": "sha256-CSxPIeDqavQ3fJhshuNs0oS84P1p87BsbNoashKlrKg=", "owner": "nyanloutre", "repo": "dogetipbot-telegram", - "rev": "f5b59ef0cb8124cadf203eb26e1498847366abad", + "rev": "667e318212920005917792b06e0f480b421fa6d3", "type": "gitlab" }, "original": { From fae42bcdb25c44b98c52688e1df4f62f1e742d71 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 28 Oct 2024 22:18:03 +0100 Subject: [PATCH 168/240] import flaresolverr module --- flake.nix | 11 ++++++++++- systems/LoutreOS/configuration.nix | 3 ++- systems/LoutreOS/medias.nix | 9 ++++++++- 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index 202075b..ba4b897 100644 --- a/flake.nix +++ b/flake.nix @@ -21,7 +21,15 @@ }; }; - outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-4a3fc4cf7, simple-nixos-mailserver, dogetipbot-telegram, ipmihddtemp }: { + outputs = { + self, + nixpkgs, + nixpkgs-unstable, + nixpkgs-4a3fc4cf7, + simple-nixos-mailserver, + dogetipbot-telegram, + ipmihddtemp + }@inputs: { packages.x86_64-linux = (import ./pkgs nixpkgs.legacyPackages.x86_64-linux); @@ -48,6 +56,7 @@ nixosConfigurations.loutreos = nixpkgs.lib.nixosSystem rec { system = "x86_64-linux"; specialArgs = { + inputs = inputs; pkgs-unstable = import nixpkgs-unstable { inherit system; }; diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 3c1d316..ccb68d8 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -2,10 +2,11 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ config, pkgs, ... }: +{ config, pkgs, inputs, ... }: { imports = [ + "${inputs.nixpkgs-unstable}/nixos/modules/services/misc/flaresolverr.nix" ../common-cli.nix ./hardware-configuration.nix ./users.nix diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index e0c9566..2b9e642 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -26,7 +26,14 @@ enable = true; package = pkgs-unstable.sonarr; }; - prowlarr.enable = true; + flaresolverr = { + enable = false; + package = pkgs-unstable.flaresolverr; + }; + prowlarr = { + enable = true; + package = pkgs-unstable.prowlarr; + }; jellyfin = { enable = true; From ae8d6897271cd35fc2d8ae4ebdfc58e5acadce65 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 8 Nov 2024 11:04:12 +0100 Subject: [PATCH 169/240] =?UTF-8?q?Cr=C3=A9ation=20de=20la=20config=20de?= =?UTF-8?q?=20base=20WireGuard?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- systems/LoutreOS/configuration.nix | 196 +++++++++++++++++------------ 1 file changed, 115 insertions(+), 81 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index ccb68d8..899802e 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -1,7 +1,3 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - { config, pkgs, inputs, ... }: { @@ -59,6 +55,11 @@ useNetworkd = true; useDHCP = false; + nameservers = [ + "1.1.1.1" + "1.0.0.1" + ]; + vlans = { bouygues = { id = 100; @@ -133,86 +134,119 @@ }; }; - systemd.network.networks = { - "40-bouygues" = { - dhcpV4Config.RouteMetric = 1; - dhcpV6Config = { - DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68"; - WithoutRA = "solicit"; - }; - ipv6AcceptRAConfig.DHCPv6Client = true; - networkConfig = { - KeepConfiguration = "dhcp-on-stop"; - IPv6AcceptRA = true; - DHCPPrefixDelegation = true; - }; - dhcpPrefixDelegationConfig.SubnetId = "0"; - }; - "40-eno1".linkConfig.RequiredForOnline = "no"; - "40-eno2" = { - networkConfig = { - IPv6SendRA = true; - DHCPPrefixDelegation = true; - DHCPServer = true; - }; - dhcpServerConfig = { - # MIN = 10.30.100.0 - #PoolOffset = 25500; - # MAX = 10.30.200.0 - #PoolSize = 25500; - EmitRouter = true; - EmitDNS = true; - DNS = [ - "1.1.1.1" - "1.0.0.1" - ]; - }; - dhcpServerStaticLeases = [ - # IPMI - { - dhcpServerStaticLeaseConfig = { - Address = "10.30.1.1"; - MACAddress = "ac:1f:6b:4b:01:15"; - }; - } - # paul-fixe - { - dhcpServerStaticLeaseConfig = { - Address = "10.30.50.1"; - MACAddress = "b4:2e:99:ed:24:26"; - }; - } - # salonled - { - dhcpServerStaticLeaseConfig = { - Address = "10.30.40.1"; - MACAddress = "e0:98:06:85:e9:ce"; - }; - } - # miroir-bleu - { - dhcpServerStaticLeaseConfig = { - Address = "10.30.40.2"; - MACAddress = "e0:98:06:86:38:fc"; - }; - } - # miroir-orange - { - dhcpServerStaticLeaseConfig = { - Address = "10.30.40.3"; - MACAddress = "50:02:91:78:be:be"; - }; - } - ]; - ipv6SendRAConfig = { - EmitDNS = true; - DNS = [ - "2606:4700:4700::1111" - "2606:4700:4700::1001" + systemd.network = { + enable = true; + + netdevs = { + "10-wg0" = { + netdevConfig = { + Kind = "wireguard"; + Name = "wg0"; + }; + wireguardConfig = { + PrivateKeyFile = "/run/keys/wireguard-privkey"; + ListenPort = 9918; + }; + wireguardPeers = [ + { + PublicKey = "OhApdFoOYnKesRVpnYRqwk3pdM247j8PPVH5K7aIKX0="; + AllowedIPs = ["fc00::1/64" "10.100.0.1"]; + Endpoint = "{set this to the server ip}:51820"; + } ]; }; }; - "40-enp0s21u1".dhcpV4Config.RouteMetric = 1024; + + networks = { + "40-bouygues" = { + dhcpV4Config.RouteMetric = 1; + dhcpV6Config = { + DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68"; + WithoutRA = "solicit"; + }; + ipv6AcceptRAConfig.DHCPv6Client = true; + networkConfig = { + KeepConfiguration = "dhcp-on-stop"; + IPv6AcceptRA = true; + DHCPPrefixDelegation = true; + }; + dhcpPrefixDelegationConfig.SubnetId = "0"; + }; + "40-eno1".linkConfig.RequiredForOnline = "no"; + "10-wg0" = { + matchConfig.Name = "wg0"; + address = [ + "fe80::3/64" + "fc00::3/120" + "10.100.0.2/24" + ]; + }; + "40-eno2" = { + networkConfig = { + IPv6SendRA = true; + DHCPPrefixDelegation = true; + DHCPServer = true; + }; + dhcpServerConfig = { + # MIN = 10.30.100.0 + #PoolOffset = 25500; + # MAX = 10.30.200.0 + #PoolSize = 25500; + EmitRouter = true; + EmitDNS = true; + DNS = [ + "1.1.1.1" + "1.0.0.1" + ]; + }; + dhcpServerStaticLeases = [ + # IPMI + { + dhcpServerStaticLeaseConfig = { + Address = "10.30.1.1"; + MACAddress = "ac:1f:6b:4b:01:15"; + }; + } + # paul-fixe + { + dhcpServerStaticLeaseConfig = { + Address = "10.30.50.1"; + MACAddress = "b4:2e:99:ed:24:26"; + }; + } + # salonled + { + dhcpServerStaticLeaseConfig = { + Address = "10.30.40.1"; + MACAddress = "e0:98:06:85:e9:ce"; + }; + } + # miroir-bleu + { + dhcpServerStaticLeaseConfig = { + Address = "10.30.40.2"; + MACAddress = "e0:98:06:86:38:fc"; + }; + } + # miroir-orange + { + dhcpServerStaticLeaseConfig = { + Address = "10.30.40.3"; + MACAddress = "50:02:91:78:be:be"; + }; + } + ]; + ipv6SendRAConfig = { + EmitDNS = true; + DNS = [ + "2606:4700:4700::1111" + "2606:4700:4700::1001" + ]; + }; + }; + # Set 4G connection as low routing priority + "40-enp0s21u1".dhcpV4Config.RouteMetric = 1024; + }; }; services.openssh = { From 67d7b6669f3353e91ea94afcb06b6b0d3806f264 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 13 Nov 2024 14:44:13 +0100 Subject: [PATCH 170/240] setup wireguard interface --- systems/LoutreOS/configuration.nix | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 899802e..977bc58 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -142,16 +142,20 @@ netdevConfig = { Kind = "wireguard"; Name = "wg0"; + MTUBytes = "1450"; }; wireguardConfig = { PrivateKeyFile = "/run/keys/wireguard-privkey"; - ListenPort = 9918; + #ListenPort = 9918; }; wireguardPeers = [ { - PublicKey = "OhApdFoOYnKesRVpnYRqwk3pdM247j8PPVH5K7aIKX0="; - AllowedIPs = ["fc00::1/64" "10.100.0.1"]; - Endpoint = "{set this to the server ip}:51820"; + wireguardPeerConfig = { + PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g="; + AllowedIPs = ["0.0.0.0/0" "::/0"]; + Endpoint = "89.234.141.83"; + PersistentKeepalive = 15; + }; } ]; }; @@ -176,9 +180,8 @@ "10-wg0" = { matchConfig.Name = "wg0"; address = [ - "fe80::3/64" - "fc00::3/120" - "10.100.0.2/24" + "89.234.141.196/32" + "2a00:5881:8119:400::1/128" ]; }; "40-eno2" = { From e8e4c4b3115c080b527c1c85e27b25ac2c615727 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 20 Nov 2024 09:15:56 +0100 Subject: [PATCH 171/240] wireguard partial setup --- systems/LoutreOS/configuration.nix | 41 ++++++++++++++++++++++++++++-- 1 file changed, 39 insertions(+), 2 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 977bc58..616c927 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -146,14 +146,15 @@ }; wireguardConfig = { PrivateKeyFile = "/run/keys/wireguard-privkey"; - #ListenPort = 9918; + FirewallMark = 51820; }; wireguardPeers = [ { wireguardPeerConfig = { + Endpoint = "89.234.141.83:8095"; PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g="; + PresharedKeyFile = "/run/keys/wireguard-psk.key"; AllowedIPs = ["0.0.0.0/0" "::/0"]; - Endpoint = "89.234.141.83"; PersistentKeepalive = 15; }; } @@ -183,6 +184,42 @@ "89.234.141.196/32" "2a00:5881:8119:400::1/128" ]; + # routingPolicyRules = [ + # { + # routingPolicyRuleConfig = { + # FirewallMark = "51820"; + # InvertRule = true; + # Table = "51820"; + # Priority = "10"; + # }; + # } + # { + # routingPolicyRuleConfig = { + # To = "10.0.0.0/8"; + # Priority = "9"; + # }; + # } + # { + # routingPolicyRuleConfig = { + # To = "192.168.0.0/16"; + # Priority = "9"; + # }; + # } + # { + # routingPolicyRuleConfig = { + # To = "89.234.141.83/32"; + # Priority = "5"; + # }; + # } + # ]; + # routes = [ + # { + # routeConfig = { + # Destination = "0.0.0.0/0"; + # Table = 51820; + # }; + # } + # ]; }; "40-eno2" = { networkConfig = { From ca01004c8684550dfdf93dff9887ef3ed6ff889c Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 20 Nov 2024 16:50:26 +0100 Subject: [PATCH 172/240] multi table route setup --- systems/LoutreOS/configuration.nix | 255 +----------------------- systems/LoutreOS/network.nix | 309 +++++++++++++++++++++++++++++ 2 files changed, 310 insertions(+), 254 deletions(-) create mode 100644 systems/LoutreOS/network.nix diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 616c927..330a373 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -5,6 +5,7 @@ "${inputs.nixpkgs-unstable}/nixos/modules/services/misc/flaresolverr.nix" ../common-cli.nix ./hardware-configuration.nix + ./network.nix ./users.nix ./services.nix ]; @@ -21,8 +22,6 @@ tmp.useTmpfs = true; - kernel.sysctl."net.ipv6.conf.all.forwarding" = true; - # Enabling both boot.enableContainers & virtualisation.containers on system.stateVersion < 22.05 is unsupported enableContainers = false; }; @@ -37,258 +36,6 @@ }; }; - hardware.usb-modeswitch.enable = true; - - # eno1 -> VLAN100 -> Internet - # eno2 -> LAN - # eno3 -> Legacy client DHCP - # eno4 -> Pas utilisé - - networking = { - hostName = "loutreos"; # Define your hostname. - hostId = "7e66e347"; - - hosts = { - "127.0.0.1" = [ "gitea.nyanlout.re" ]; - }; - - useNetworkd = true; - useDHCP = false; - - nameservers = [ - "1.1.1.1" - "1.0.0.1" - ]; - - vlans = { - bouygues = { - id = 100; - interface = "eno1"; - }; - }; - - interfaces = { - bouygues = { - # Adresse MAC BBox ? https://lafibre.info/remplacer-bbox/informations-de-connexion-ftth/msg598303/#msg598303 - macAddress = "E8:AD:A6:21:73:68"; - useDHCP = true; - }; - eno2 = { - ipv4.addresses = [ - { address = "10.30.0.1"; prefixLength = 16; } - ]; - }; - enp0s21u1.useDHCP = true; - }; - - # NAT bouygues <-> eno2 - nat = { - enable = true; - externalInterface = "bouygues"; - # Permet d'utiliser le SNAT plus rapide au lieu de MASQUERADE - # externalIP = "0.0.0.0"; - internalIPs = [ "10.30.0.0/16" ]; - internalInterfaces = [ "eno2" ]; - forwardPorts = [ - { destination = "10.30.0.1:22"; proto = "tcp"; sourcePort = 8443;} - { destination = "10.30.135.35:25565"; proto = "tcp"; sourcePort = 25565; loopbackIPs=[ "195.36.180.44" ];} - ]; - }; - - firewall = { - enable = true; - allowedTCPPorts = [ 80 443 ]; - allowedUDPPorts = [ ]; - interfaces.eno2 = { - allowedTCPPorts = [ - 111 2049 4000 4001 4002 # NFS - 3483 9000 9090 # Slimserver - 1935 # RTMP - ]; - allowedUDPPorts = [ - 111 2049 4000 4001 4002 # NFS - 3483 # Slimserver - 67 # DHCP - ]; - }; - extraCommands = '' - ip6tables -w -D FORWARD -j loutreos-forward 2>/dev/null || true - ip6tables -w -F loutreos-forward 2>/dev/null || true - ip6tables -w -X loutreos-forward 2>/dev/null || true - ip6tables -w -N loutreos-forward - ip6tables -A loutreos-forward -m state --state RELATED,ESTABLISHED -j ACCEPT - ip6tables -A loutreos-forward -j ACCEPT -i eno2 - ip6tables -A loutreos-forward -j nixos-fw-log-refuse - ip6tables -w -A FORWARD -j loutreos-forward - - # Redirect local network request from server external IP to internal IP - # Make the server available even without internet access - iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true - iptables -t nat -A PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 - ''; - # remove refs to nixos-fw-log-refuse before restarting firewall - # prevents "ressource busy" errors - extraStopCommands = '' - ip6tables -D loutreos-forward -j nixos-fw-log-refuse 2>/dev/null || true - ''; - }; - }; - - systemd.network = { - enable = true; - - netdevs = { - "10-wg0" = { - netdevConfig = { - Kind = "wireguard"; - Name = "wg0"; - MTUBytes = "1450"; - }; - wireguardConfig = { - PrivateKeyFile = "/run/keys/wireguard-privkey"; - FirewallMark = 51820; - }; - wireguardPeers = [ - { - wireguardPeerConfig = { - Endpoint = "89.234.141.83:8095"; - PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g="; - PresharedKeyFile = "/run/keys/wireguard-psk.key"; - AllowedIPs = ["0.0.0.0/0" "::/0"]; - PersistentKeepalive = 15; - }; - } - ]; - }; - }; - - networks = { - "40-bouygues" = { - dhcpV4Config.RouteMetric = 1; - dhcpV6Config = { - DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68"; - WithoutRA = "solicit"; - }; - ipv6AcceptRAConfig.DHCPv6Client = true; - networkConfig = { - KeepConfiguration = "dhcp-on-stop"; - IPv6AcceptRA = true; - DHCPPrefixDelegation = true; - }; - dhcpPrefixDelegationConfig.SubnetId = "0"; - }; - "40-eno1".linkConfig.RequiredForOnline = "no"; - "10-wg0" = { - matchConfig.Name = "wg0"; - address = [ - "89.234.141.196/32" - "2a00:5881:8119:400::1/128" - ]; - # routingPolicyRules = [ - # { - # routingPolicyRuleConfig = { - # FirewallMark = "51820"; - # InvertRule = true; - # Table = "51820"; - # Priority = "10"; - # }; - # } - # { - # routingPolicyRuleConfig = { - # To = "10.0.0.0/8"; - # Priority = "9"; - # }; - # } - # { - # routingPolicyRuleConfig = { - # To = "192.168.0.0/16"; - # Priority = "9"; - # }; - # } - # { - # routingPolicyRuleConfig = { - # To = "89.234.141.83/32"; - # Priority = "5"; - # }; - # } - # ]; - # routes = [ - # { - # routeConfig = { - # Destination = "0.0.0.0/0"; - # Table = 51820; - # }; - # } - # ]; - }; - "40-eno2" = { - networkConfig = { - IPv6SendRA = true; - DHCPPrefixDelegation = true; - DHCPServer = true; - }; - dhcpServerConfig = { - # MIN = 10.30.100.0 - #PoolOffset = 25500; - # MAX = 10.30.200.0 - #PoolSize = 25500; - EmitRouter = true; - EmitDNS = true; - DNS = [ - "1.1.1.1" - "1.0.0.1" - ]; - }; - dhcpServerStaticLeases = [ - # IPMI - { - dhcpServerStaticLeaseConfig = { - Address = "10.30.1.1"; - MACAddress = "ac:1f:6b:4b:01:15"; - }; - } - # paul-fixe - { - dhcpServerStaticLeaseConfig = { - Address = "10.30.50.1"; - MACAddress = "b4:2e:99:ed:24:26"; - }; - } - # salonled - { - dhcpServerStaticLeaseConfig = { - Address = "10.30.40.1"; - MACAddress = "e0:98:06:85:e9:ce"; - }; - } - # miroir-bleu - { - dhcpServerStaticLeaseConfig = { - Address = "10.30.40.2"; - MACAddress = "e0:98:06:86:38:fc"; - }; - } - # miroir-orange - { - dhcpServerStaticLeaseConfig = { - Address = "10.30.40.3"; - MACAddress = "50:02:91:78:be:be"; - }; - } - ]; - ipv6SendRAConfig = { - EmitDNS = true; - DNS = [ - "2606:4700:4700::1111" - "2606:4700:4700::1001" - ]; - }; - }; - # Set 4G connection as low routing priority - "40-enp0s21u1".dhcpV4Config.RouteMetric = 1024; - }; - }; - services.openssh = { enable = true; settings = { diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix new file mode 100644 index 0000000..0f83980 --- /dev/null +++ b/systems/LoutreOS/network.nix @@ -0,0 +1,309 @@ +{ config, pkgs, inputs, ... }: + +{ + boot = { + kernel.sysctl."net.ipv6.conf.all.forwarding" = true; + }; + + # Enable LTE drivers + hardware.usb-modeswitch.enable = true; + + ################## + # NETWORK CONFIG # + ################## + + # eno1 -> VLAN100 -> Internet + # eno2 -> LAN + # eno3 -> Pas utilisé + # eno4 -> Pas utilisé + # enp0s21u1 -> Clé 4G Bouygues + # wg0 -> Tunnel Wireguard ARN + + networking = { + hostName = "loutreos"; # Define your hostname. + hostId = "7e66e347"; + + useNetworkd = true; + useDHCP = false; + + nameservers = [ + "1.1.1.1" + "1.0.0.1" + ]; + + vlans = { + bouygues = { + id = 100; + interface = "eno1"; + }; + }; + + interfaces = { + bouygues = { + # Adresse MAC BBox ? https://lafibre.info/remplacer-bbox/informations-de-connexion-ftth/msg598303/#msg598303 + macAddress = "E8:AD:A6:21:73:68"; + useDHCP = true; + }; + eno2 = { + ipv4.addresses = [ + { address = "10.30.0.1"; prefixLength = 16; } + ]; + }; + enp0s21u1.useDHCP = true; + }; + + # NAT bouygues <-> eno2 + nat = { + enable = true; + externalInterface = "bouygues"; + internalIPs = [ "10.30.0.0/16" ]; + internalInterfaces = [ "eno2" ]; + forwardPorts = [ + { destination = "10.30.0.1:22"; proto = "tcp"; sourcePort = 8443;} + { destination = "10.30.135.35:25565"; proto = "tcp"; sourcePort = 25565; loopbackIPs=[ "195.36.180.44" ];} + ]; + }; + + firewall = { + enable = true; + allowedTCPPorts = [ 80 443 ]; + allowedUDPPorts = [ ]; + + # Open ports on local netwok only + interfaces.eno2 = { + allowedTCPPorts = [ + 111 2049 4000 4001 4002 # NFS + 3483 9000 9090 # Slimserver + 1935 # RTMP + ]; + allowedUDPPorts = [ + 111 2049 4000 4001 4002 # NFS + 3483 # Slimserver + 67 # DHCP + ]; + }; + + extraCommands = '' + # Forward all IPv6 traffic from local network and reject incoming traffic + ip6tables -w -D FORWARD -j loutreos-forward 2>/dev/null || true + ip6tables -w -F loutreos-forward 2>/dev/null || true + ip6tables -w -X loutreos-forward 2>/dev/null || true + ip6tables -w -N loutreos-forward + ip6tables -A loutreos-forward -m state --state RELATED,ESTABLISHED -j ACCEPT + ip6tables -A loutreos-forward -j ACCEPT -i eno2 + ip6tables -A loutreos-forward -j nixos-fw-log-refuse + ip6tables -w -A FORWARD -j loutreos-forward + + # Redirect local network request from server external IP to internal IP + # Make the server available even without internet access + iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true + iptables -t nat -A PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 + ''; + # remove refs to nixos-fw-log-refuse before restarting firewall + # prevents "ressource busy" errors + extraStopCommands = '' + ip6tables -D loutreos-forward -j nixos-fw-log-refuse 2>/dev/null || true + ''; + }; + }; + + ################# + # ROUTING RULES # + ################# + + # 0: from all lookup local + # 50: from all ipproto tcp dport 25 lookup vpn + # 100: from all lookup fiber + # 200: from all lookup lte + # 32766: from all lookup main + # 32767: from all lookup default + + systemd.network = { + enable = true; + + config = { + routeTables = { + fiber = 1; + lte = 2; + vpn = 3; + }; + addRouteTablesToIPRoute2 = true; + }; + + # Wireguard ARN device configuation + netdevs = { + "10-wg0" = { + netdevConfig = { + Kind = "wireguard"; + Name = "wg0"; + MTUBytes = "1450"; + }; + wireguardConfig = { + PrivateKeyFile = "/run/keys/wireguard-privkey"; + RouteTable = "vpn"; + }; + wireguardPeers = [ + { + wireguardPeerConfig = { + Endpoint = "89.234.141.83:8095"; + PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g="; + PresharedKeyFile = "/run/keys/wireguard-psk.key"; + AllowedIPs = ["0.0.0.0/0" "::/0"]; + PersistentKeepalive = 15; + }; + } + ]; + }; + }; + + networks = { + ######### + # FIBER # + ######### + + # Set DHCP client magic settings for Bouygues + # Put routes in fiber table + "40-bouygues" = { + dhcpV4Config.RouteTable = "fiber"; + dhcpV6Config = { + DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68"; + WithoutRA = "solicit"; + }; + ipv6AcceptRAConfig = { + DHCPv6Client = true; + RouteTable = "fiber"; + }; + networkConfig = { + KeepConfiguration = "dhcp-on-stop"; + IPv6AcceptRA = true; + DHCPPrefixDelegation = true; + }; + # Static attribution of first IPv6 subnet + dhcpPrefixDelegationConfig.SubnetId = "0"; + + # Route everything to fiber link with a priority of 100 + routingPolicyRules = [ + { + routingPolicyRuleConfig = { + Table = "fiber"; + Priority = "100"; + Family = "both"; + }; + } + ]; + }; + + # Don't check VLAN physical interface as it is not directly used + "40-eno1".linkConfig.RequiredForOnline = "no"; + + ####### + # LTE # + ####### + + # Put routes in lte table + "40-enp0s21u1" = { + dhcpV4Config.RouteTable = "lte"; + + # Route all to lte link with a priority of 200 + routingPolicyRules = [ + { + routingPolicyRuleConfig = { + Table = "lte"; + Priority = "200"; + Family = "both"; + }; + } + ]; + }; + + ####### + # VPN # + ####### + + # Wireguard ARN network configuation + "10-wg0" = { + matchConfig.Name = "wg0"; + address = [ + "89.234.141.196/32" + "2a00:5881:8119:400::1/128" + ]; + routingPolicyRules = [ + # Route outgoing emails to VPN table + { + routingPolicyRuleConfig = { + DestinationPort = "25"; + Table = "vpn"; + Priority = "50"; + Family = "both"; + }; + } + ]; + }; + + ####### + # LAN # + ####### + + # LAN DHCP server config + "40-eno2" = { + networkConfig = { + IPv6SendRA = true; + DHCPPrefixDelegation = true; + DHCPServer = true; + }; + dhcpServerConfig = { + EmitRouter = true; + EmitDNS = true; + DNS = [ + "1.1.1.1" + "1.0.0.1" + ]; + }; + dhcpServerStaticLeases = [ + # IPMI + { + dhcpServerStaticLeaseConfig = { + Address = "10.30.1.1"; + MACAddress = "ac:1f:6b:4b:01:15"; + }; + } + # paul-fixe + { + dhcpServerStaticLeaseConfig = { + Address = "10.30.50.1"; + MACAddress = "b4:2e:99:ed:24:26"; + }; + } + # salonled + { + dhcpServerStaticLeaseConfig = { + Address = "10.30.40.1"; + MACAddress = "e0:98:06:85:e9:ce"; + }; + } + # miroir-bleu + { + dhcpServerStaticLeaseConfig = { + Address = "10.30.40.2"; + MACAddress = "e0:98:06:86:38:fc"; + }; + } + # miroir-orange + { + dhcpServerStaticLeaseConfig = { + Address = "10.30.40.3"; + MACAddress = "50:02:91:78:be:be"; + }; + } + ]; + ipv6SendRAConfig = { + EmitDNS = true; + DNS = [ + "2606:4700:4700::1111" + "2606:4700:4700::1001" + ]; + }; + }; + }; + }; +} From 4df84a3be0ffa85c62123169351689d53b7c6570 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 20 Nov 2024 21:19:10 +0100 Subject: [PATCH 173/240] begin migration to VPN --- systems/LoutreOS/network.nix | 66 +++++++++++++++++------------------ systems/LoutreOS/services.nix | 16 ++++----- 2 files changed, 41 insertions(+), 41 deletions(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 0f83980..7008094 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -140,7 +140,7 @@ }; wireguardConfig = { PrivateKeyFile = "/run/keys/wireguard-privkey"; - RouteTable = "vpn"; + RouteTable = 3; }; wireguardPeers = [ { @@ -164,14 +164,14 @@ # Set DHCP client magic settings for Bouygues # Put routes in fiber table "40-bouygues" = { - dhcpV4Config.RouteTable = "fiber"; + dhcpV4Config.RouteMetric = 1; dhcpV6Config = { DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68"; WithoutRA = "solicit"; }; ipv6AcceptRAConfig = { DHCPv6Client = true; - RouteTable = "fiber"; + # RouteTable = 1; }; networkConfig = { KeepConfiguration = "dhcp-on-stop"; @@ -182,15 +182,15 @@ dhcpPrefixDelegationConfig.SubnetId = "0"; # Route everything to fiber link with a priority of 100 - routingPolicyRules = [ - { - routingPolicyRuleConfig = { - Table = "fiber"; - Priority = "100"; - Family = "both"; - }; - } - ]; + # routingPolicyRules = [ + # { + # routingPolicyRuleConfig = { + # Table = 1; + # Priority = 100; + # Family = "both"; + # }; + # } + # ]; }; # Don't check VLAN physical interface as it is not directly used @@ -202,18 +202,18 @@ # Put routes in lte table "40-enp0s21u1" = { - dhcpV4Config.RouteTable = "lte"; + dhcpV4Config.RouteTable = 2; # Route all to lte link with a priority of 200 - routingPolicyRules = [ - { - routingPolicyRuleConfig = { - Table = "lte"; - Priority = "200"; - Family = "both"; - }; - } - ]; + # routingPolicyRules = [ + # { + # routingPolicyRuleConfig = { + # Table = 2; + # Priority = 200; + # Family = "both"; + # }; + # } + # ]; }; ####### @@ -227,17 +227,17 @@ "89.234.141.196/32" "2a00:5881:8119:400::1/128" ]; - routingPolicyRules = [ - # Route outgoing emails to VPN table - { - routingPolicyRuleConfig = { - DestinationPort = "25"; - Table = "vpn"; - Priority = "50"; - Family = "both"; - }; - } - ]; + #routingPolicyRules = [ + # # Route outgoing emails to VPN table + # { + # routingPolicyRuleConfig = { + # DestinationPort = "25"; + # Table = 3; + # Priority = 50; + # Family = "both"; + # }; + # } + #]; }; ####### diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index e4f0e79..fac5b6c 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -77,14 +77,14 @@ in }; services = { - postfix = { - relayHost = "mailvps.nyanlout.re"; - relayPort = 587; - config = { - smtp_tls_cert_file = lib.mkForce "/var/lib/postfix/postfixrelay.crt"; - smtp_tls_key_file = lib.mkForce "/var/lib/postfix/postfixrelay.key"; - }; - }; + # postfix = { + # relayHost = "mailvps.nyanlout.re"; + # relayPort = 587; + # config = { + # smtp_tls_cert_file = lib.mkForce "/var/lib/postfix/postfixrelay.crt"; + # smtp_tls_key_file = lib.mkForce "/var/lib/postfix/postfixrelay.key"; + # }; + # }; rspamd.workers.controller.extraConfig = '' secure_ip = ["0.0.0.0/0", "::"]; From 4d8c76e2078de847d154c24fe2166e219fb545e3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 21 Nov 2024 11:32:35 +0100 Subject: [PATCH 174/240] Working outgoing emails --- systems/LoutreOS/network.nix | 39 ++++++++++++++++++++++++++---------- 1 file changed, 28 insertions(+), 11 deletions(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 7008094..7bab14d 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -227,17 +227,34 @@ "89.234.141.196/32" "2a00:5881:8119:400::1/128" ]; - #routingPolicyRules = [ - # # Route outgoing emails to VPN table - # { - # routingPolicyRuleConfig = { - # DestinationPort = "25"; - # Table = 3; - # Priority = 50; - # Family = "both"; - # }; - # } - #]; + routingPolicyRules = [ + # Route outgoing emails to VPN table + { + routingPolicyRuleConfig = { + IncomingInterface = "lo"; + DestinationPort = "25"; + Table = 3; + Priority = 50; + Family = "both"; + }; + } + # Route packets originating from wg0 device to VPN table + # Allow server to respond on the wg0 interface requests + { + routingPolicyRuleConfig = { + From = "89.234.141.196"; + Table = 3; + Priority = 49; + }; + } + { + routingPolicyRuleConfig = { + From = "2a00:5881:8119:400::1"; + Table = 3; + Priority = 49; + }; + } + ]; }; ####### From 8ad48e5aa48784ab97c1ddefbca1958921bd2059 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 25 Nov 2024 17:26:38 +0100 Subject: [PATCH 175/240] set Wireguard keys with credentials --- systems/LoutreOS/network.nix | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 7bab14d..c42c405 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -107,6 +107,13 @@ }; }; + systemd.services.systemd-networkd.serviceConfig = { + LoadCredential = [ + "network.wireguard.private.wg0:/mnt/secrets/wireguard/wireguard.private" + "network.wireguard.preshared.wg0:/mnt/secrets/wireguard/wireguard.preshared" + ]; + }; + ################# # ROUTING RULES # ################# @@ -139,7 +146,9 @@ MTUBytes = "1450"; }; wireguardConfig = { - PrivateKeyFile = "/run/keys/wireguard-privkey"; + PrivateKeyFile = "/run/credentials/systemd-networkd.service/network.wireguard.private.wg0"; + # Wait for 24.11 + # PrivateKey = "@network.wireguard.private.wg0"; RouteTable = 3; }; wireguardPeers = [ @@ -147,7 +156,9 @@ wireguardPeerConfig = { Endpoint = "89.234.141.83:8095"; PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g="; - PresharedKeyFile = "/run/keys/wireguard-psk.key"; + PresharedKeyFile = "/run/credentials/systemd-networkd.service/network.wireguard.preshared.wg0"; + # Wait for 24.11 + # PresharedKey = "@network.wireguard.preshared.wg0"; AllowedIPs = ["0.0.0.0/0" "::/0"]; PersistentKeepalive = 15; }; From 0d64372b579dec1f75172329203dba4be7ea4525 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 25 Nov 2024 18:09:42 +0100 Subject: [PATCH 176/240] remove comments --- systems/LoutreOS/network.nix | 83 +++++++++++------------------------- 1 file changed, 26 insertions(+), 57 deletions(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index c42c405..141298b 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -114,26 +114,15 @@ ]; }; - ################# - # ROUTING RULES # - ################# - - # 0: from all lookup local - # 50: from all ipproto tcp dport 25 lookup vpn - # 100: from all lookup fiber - # 200: from all lookup lte - # 32766: from all lookup main - # 32767: from all lookup default - - systemd.network = { + systemd.network = let + routeTables = { + vpn = 3; + }; + in { enable = true; config = { - routeTables = { - fiber = 1; - lte = 2; - vpn = 3; - }; + inherit routeTables; addRouteTablesToIPRoute2 = true; }; @@ -149,7 +138,7 @@ PrivateKeyFile = "/run/credentials/systemd-networkd.service/network.wireguard.private.wg0"; # Wait for 24.11 # PrivateKey = "@network.wireguard.private.wg0"; - RouteTable = 3; + RouteTable = routeTables.vpn; }; wireguardPeers = [ { @@ -172,36 +161,26 @@ # FIBER # ######### + # Set route metric to highest priority # Set DHCP client magic settings for Bouygues - # Put routes in fiber table "40-bouygues" = { dhcpV4Config.RouteMetric = 1; + dhcpV6Config = { DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68"; WithoutRA = "solicit"; }; - ipv6AcceptRAConfig = { - DHCPv6Client = true; - # RouteTable = 1; - }; + + ipv6AcceptRAConfig.DHCPv6Client = true; + networkConfig = { KeepConfiguration = "dhcp-on-stop"; IPv6AcceptRA = true; DHCPPrefixDelegation = true; }; + # Static attribution of first IPv6 subnet dhcpPrefixDelegationConfig.SubnetId = "0"; - - # Route everything to fiber link with a priority of 100 - # routingPolicyRules = [ - # { - # routingPolicyRuleConfig = { - # Table = 1; - # Priority = 100; - # Family = "both"; - # }; - # } - # ]; }; # Don't check VLAN physical interface as it is not directly used @@ -211,32 +190,22 @@ # LTE # ####### - # Put routes in lte table - "40-enp0s21u1" = { - dhcpV4Config.RouteTable = 2; - - # Route all to lte link with a priority of 200 - # routingPolicyRules = [ - # { - # routingPolicyRuleConfig = { - # Table = 2; - # Priority = 200; - # Family = "both"; - # }; - # } - # ]; - }; + # Set LTE route to lower priority + "40-enp0s21u1".dhcpV4Config.RouteMetric = 1024; ####### # VPN # ####### # Wireguard ARN network configuation - "10-wg0" = { + "10-wg0" = let + vpnIPv4 = "89.234.141.196/32"; + vpnIPv6 = "2a00:5881:8119:400::1/128"; + in { matchConfig.Name = "wg0"; address = [ - "89.234.141.196/32" - "2a00:5881:8119:400::1/128" + vpnIPv4 + vpnIPv6 ]; routingPolicyRules = [ # Route outgoing emails to VPN table @@ -244,7 +213,7 @@ routingPolicyRuleConfig = { IncomingInterface = "lo"; DestinationPort = "25"; - Table = 3; + Table = routeTables.vpn; Priority = 50; Family = "both"; }; @@ -253,15 +222,15 @@ # Allow server to respond on the wg0 interface requests { routingPolicyRuleConfig = { - From = "89.234.141.196"; - Table = 3; + From = vpnIPv4; + Table = routeTables.vpn; Priority = 49; }; } { routingPolicyRuleConfig = { - From = "2a00:5881:8119:400::1"; - Table = 3; + From = vpnIPv6; + Table = routeTables.vpn; Priority = 49; }; } From fe7f6b62a0e2ea3368c7f98a0ed82cb463e8b63a Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 25 Nov 2024 18:19:05 +0100 Subject: [PATCH 177/240] disable useless autossh --- systems/LoutreOS/configuration.nix | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 330a373..7d4501e 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -55,19 +55,6 @@ }; }; - # Options explanations - # -N disable shell - # -R 0.0.0.0:2222:127.0.0.1:22 redirect SSH port on VPS server on port 2222 - # -R 127.0.0.1:2525:127.0.0.1:25 redirect SMTP port on VPS port 2525 - services.autossh.sessions = [ - { - extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 loutre@vps772619.ovh.net"; - monitoringPort = 20000; - name = "backup-ssh-reverse"; - user = "autossh"; - } - ]; - virtualisation.podman.enable = true; security.sudo.wheelNeedsPassword = false; From fad8652bac6b3b0a447d86e7307586eac4f9dec9 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 28 Nov 2024 12:14:26 +0100 Subject: [PATCH 178/240] Try to use multiple tables with CONNMARK --- systems/LoutreOS/network.nix | 96 +++++++++++++++++++++++++++++++----- 1 file changed, 83 insertions(+), 13 deletions(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 141298b..9dec1e7 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -114,8 +114,41 @@ ]; }; + ################# + # ROUTING RULES # + ################# + + # 0: from all lookup local + # 60: from all iif lo dport 25 lookup vpn + # 4000: from all fwmark 0x1 lookup fiber + # 5000: from all fwmark 0x2 lookup lte + # 6000: from all fwmark 0x3 lookup vpn + # 32766: from all lookup main + # 32767: from all lookup default + # 40000: from all lookup fiber + # 50000: from all lookup lte + + # TODO + + ################## + # iptables rules # + ################## + + # # Restore the packet's CONNMARK to the MARK. + # iptables -A PREROUTING -t mangle -j CONNMARK --restore-mark + # # If packet MARK is set, then it means that there is already a connection mark + # iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT + # # Else, we need to mark the packet. If the packet is incoming on bouygues then set MARK to 1 + # iptables -A PREROUTING -t mangle -i bouygues -j MARK --set-mark 1 + # iptables -A PREROUTING -t mangle -i enp0s21u1 -j MARK --set-mark 2 + # iptables -A PREROUTING -t mangle -i wg0 -j MARK --set-mark 3 + # # Save MARK to CONNMARK. + # iptables -A PREROUTING -t mangle -j CONNMARK --save-mark + systemd.network = let routeTables = { + fiber = 1; + lte = 2; vpn = 3; }; in { @@ -164,14 +197,17 @@ # Set route metric to highest priority # Set DHCP client magic settings for Bouygues "40-bouygues" = { - dhcpV4Config.RouteMetric = 1; + dhcpV4Config.RouteTable = routeTables.fiber; dhcpV6Config = { DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68"; WithoutRA = "solicit"; }; - ipv6AcceptRAConfig.DHCPv6Client = true; + ipv6AcceptRAConfig = { + DHCPv6Client = true; + RouteTable = routeTables.fiber; + }; networkConfig = { KeepConfiguration = "dhcp-on-stop"; @@ -181,6 +217,25 @@ # Static attribution of first IPv6 subnet dhcpPrefixDelegationConfig.SubnetId = "0"; + + # Route everything to fiber link with a priority of 40000 + routingPolicyRules = [ + { + routingPolicyRuleConfig = { + FirewallMark = 1; + Table = routeTables.fiber; + Priority = 4000; + Family = "both"; + }; + } + { + routingPolicyRuleConfig = { + Table = routeTables.fiber; + Priority = 40000; + Family = "both"; + }; + } + ]; }; # Don't check VLAN physical interface as it is not directly used @@ -191,7 +246,28 @@ ####### # Set LTE route to lower priority - "40-enp0s21u1".dhcpV4Config.RouteMetric = 1024; + "40-enp0s21u1" = { + dhcpV4Config.RouteTable = routeTables.lte; + + # Route all to lte link with a priority of 50000 + routingPolicyRules = [ + { + routingPolicyRuleConfig = { + FirewallMark = 2; + Table = routeTables.lte; + Priority = 5000; + Family = "both"; + }; + } + { + routingPolicyRuleConfig = { + Table = routeTables.lte; + Priority = 50000; + Family = "both"; + }; + } + ]; + }; ####### # VPN # @@ -214,7 +290,7 @@ IncomingInterface = "lo"; DestinationPort = "25"; Table = routeTables.vpn; - Priority = 50; + Priority = 60; Family = "both"; }; } @@ -222,16 +298,10 @@ # Allow server to respond on the wg0 interface requests { routingPolicyRuleConfig = { - From = vpnIPv4; + FirewallMark = 3; Table = routeTables.vpn; - Priority = 49; - }; - } - { - routingPolicyRuleConfig = { - From = vpnIPv6; - Table = routeTables.vpn; - Priority = 49; + Priority = 6000; + Family = "both"; }; } ]; From e15cd2091e245dbbdb6df4c8fdcd4464f2b6141d Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 28 Nov 2024 15:18:36 +0100 Subject: [PATCH 179/240] remove NixOS nat config, set networkd masquerade and add FW marks --- systems/LoutreOS/network.nix | 86 ++++++++++++++++++++---------------- 1 file changed, 48 insertions(+), 38 deletions(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 9dec1e7..e65303b 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -52,18 +52,6 @@ enp0s21u1.useDHCP = true; }; - # NAT bouygues <-> eno2 - nat = { - enable = true; - externalInterface = "bouygues"; - internalIPs = [ "10.30.0.0/16" ]; - internalInterfaces = [ "eno2" ]; - forwardPorts = [ - { destination = "10.30.0.1:22"; proto = "tcp"; sourcePort = 8443;} - { destination = "10.30.135.35:25565"; proto = "tcp"; sourcePort = 25565; loopbackIPs=[ "195.36.180.44" ];} - ]; - }; - firewall = { enable = true; allowedTCPPorts = [ 80 443 ]; @@ -84,21 +72,59 @@ }; extraCommands = '' + + ################ + # MANGLE rules # + ################ + + # Clean and recreate target + ip46tables -w -t mangle -D PREROUTING -j loutreos-mangle-pre 2>/dev/null || true + ip46tables -w -t mangle -F loutreos-mangle-pre 2>/dev/null || true + ip46tables -w -t mangle -X loutreos-mangle-pre 2>/dev/null || true + ip46tables -w -t mangle -N loutreos-mangle-pre + + # Restore the packet's CONNMARK to the MARK for existing connections + ip46tables -w -t mangle -A loutreos-mangle-pre -j CONNMARK --restore-mark + + # If packet MARK is set, then it means that there is already a connection mark + ip46tables -w -t mangle -A loutreos-mangle-pre -m mark ! --mark 0 -j ACCEPT + + # Else, we need to mark the packet. + # If the packet is incoming on bouygues then set MARK to 1, LTE MARK 2 and VPN MARK 3 + ip46tables -w -t mangle -A loutreos-mangle-pre -i bouygues -j MARK --set-mark 1 + ip46tables -w -t mangle -A loutreos-mangle-pre -i enp0s21u1 -j MARK --set-mark 2 + ip46tables -w -t mangle -A loutreos-mangle-pre -i wg0 -j MARK --set-mark 3 + + # Jump to newly created target + ip46tables -w -t mangle -A PREROUTING -j loutreos-mangle-pre + + # Save MARK to CONNMARK. + ip46tables -w -t mangle -D POSTROUTING -j CONNMARK --save-mark 2>/dev/null || true + ip46tables -w -t mangle -A POSTROUTING -j CONNMARK --save-mark + + ###################### + # IPv6 FORWARD rules # + ###################### + # Forward all IPv6 traffic from local network and reject incoming traffic ip6tables -w -D FORWARD -j loutreos-forward 2>/dev/null || true ip6tables -w -F loutreos-forward 2>/dev/null || true ip6tables -w -X loutreos-forward 2>/dev/null || true ip6tables -w -N loutreos-forward - ip6tables -A loutreos-forward -m state --state RELATED,ESTABLISHED -j ACCEPT - ip6tables -A loutreos-forward -j ACCEPT -i eno2 - ip6tables -A loutreos-forward -j nixos-fw-log-refuse + ip6tables -w -A loutreos-forward -m state --state RELATED,ESTABLISHED -j ACCEPT + ip6tables -w -A loutreos-forward -j ACCEPT -i eno2 + ip6tables -w -A loutreos-forward -j nixos-fw-log-refuse ip6tables -w -A FORWARD -j loutreos-forward + ############################################# + # Enable server access when fiber link down # + ############################################# + # Redirect local network request from server external IP to internal IP - # Make the server available even without internet access iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true iptables -t nat -A PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 ''; + # remove refs to nixos-fw-log-refuse before restarting firewall # prevents "ressource busy" errors extraStopCommands = '' @@ -119,31 +145,14 @@ ################# # 0: from all lookup local - # 60: from all iif lo dport 25 lookup vpn - # 4000: from all fwmark 0x1 lookup fiber + # 60: from all iif lo dport 25 lookup vpn # mails are forced to vpn table + # 4000: from all fwmark 0x1 lookup fiber # fwmark indicate established connection that must go through same interface # 5000: from all fwmark 0x2 lookup lte # 6000: from all fwmark 0x3 lookup vpn - # 32766: from all lookup main + # 32766: from all lookup main # main table should contain no default routes, only local network routes # 32767: from all lookup default - # 40000: from all lookup fiber - # 50000: from all lookup lte - - # TODO - - ################## - # iptables rules # - ################## - - # # Restore the packet's CONNMARK to the MARK. - # iptables -A PREROUTING -t mangle -j CONNMARK --restore-mark - # # If packet MARK is set, then it means that there is already a connection mark - # iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT - # # Else, we need to mark the packet. If the packet is incoming on bouygues then set MARK to 1 - # iptables -A PREROUTING -t mangle -i bouygues -j MARK --set-mark 1 - # iptables -A PREROUTING -t mangle -i enp0s21u1 -j MARK --set-mark 2 - # iptables -A PREROUTING -t mangle -i wg0 -j MARK --set-mark 3 - # # Save MARK to CONNMARK. - # iptables -A PREROUTING -t mangle -j CONNMARK --save-mark + # 40000: from all lookup fiber # first table encountered with a default route if fiber is up + # 50000: from all lookup lte # first table encountered with a default route if fiber is down systemd.network = let routeTables = { @@ -317,6 +326,7 @@ IPv6SendRA = true; DHCPPrefixDelegation = true; DHCPServer = true; + IPMasquerade = "ipv4"; }; dhcpServerConfig = { EmitRouter = true; From 268dbf181ab5aa27d49bb43eb79b4d4da9941b70 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 28 Nov 2024 15:30:55 +0100 Subject: [PATCH 180/240] simplify VPN network config --- systems/LoutreOS/network.nix | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index e65303b..6c97c79 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -283,14 +283,11 @@ ####### # Wireguard ARN network configuation - "10-wg0" = let - vpnIPv4 = "89.234.141.196/32"; - vpnIPv6 = "2a00:5881:8119:400::1/128"; - in { + "10-wg0" = { matchConfig.Name = "wg0"; address = [ - vpnIPv4 - vpnIPv6 + "89.234.141.196/32" + "2a00:5881:8119:400::1/128" ]; routingPolicyRules = [ # Route outgoing emails to VPN table From 933d758e3b206865165b02ce2a4059e5b3bd8484 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 10 Dec 2024 00:33:31 +0100 Subject: [PATCH 181/240] force packet forwarding to true --- systems/LoutreOS/network.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 6c97c79..869597c 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -2,7 +2,12 @@ { boot = { - kernel.sysctl."net.ipv6.conf.all.forwarding" = true; + kernel.sysctl = { + "net.ipv6.conf.all.forwarding" = true; + "net.ipv6.conf.default.forwarding" = true; + "net.ipv4.conf.all.forwarding" = true; + "net.ipv4.conf.default.forwarding" = true; + }; }; # Enable LTE drivers From 59435f987b0e78706c2735230168d7454d4da6e5 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 10 Dec 2024 00:34:58 +0100 Subject: [PATCH 182/240] fix rule priority main table should be first, else masqueraded packet responses will never reach internal network --- systems/LoutreOS/network.nix | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 869597c..4c51361 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -151,13 +151,13 @@ # 0: from all lookup local # 60: from all iif lo dport 25 lookup vpn # mails are forced to vpn table - # 4000: from all fwmark 0x1 lookup fiber # fwmark indicate established connection that must go through same interface - # 5000: from all fwmark 0x2 lookup lte - # 6000: from all fwmark 0x3 lookup vpn # 32766: from all lookup main # main table should contain no default routes, only local network routes # 32767: from all lookup default - # 40000: from all lookup fiber # first table encountered with a default route if fiber is up - # 50000: from all lookup lte # first table encountered with a default route if fiber is down + # 41000: from all fwmark 0x1 lookup fiber # fwmark indicate established connection that must go through same interface + # 42000: from all fwmark 0x2 lookup lte + # 43000: from all fwmark 0x3 lookup vpn + # 51000: from all lookup fiber # first table encountered with a default route if fiber is up + # 52000: from all lookup lte # first table encountered with a default route if fiber is down systemd.network = let routeTables = { @@ -238,14 +238,14 @@ routingPolicyRuleConfig = { FirewallMark = 1; Table = routeTables.fiber; - Priority = 4000; + Priority = 41000; Family = "both"; }; } { routingPolicyRuleConfig = { Table = routeTables.fiber; - Priority = 40000; + Priority = 51000; Family = "both"; }; } @@ -269,14 +269,14 @@ routingPolicyRuleConfig = { FirewallMark = 2; Table = routeTables.lte; - Priority = 5000; + Priority = 42000; Family = "both"; }; } { routingPolicyRuleConfig = { Table = routeTables.lte; - Priority = 50000; + Priority = 52000; Family = "both"; }; } @@ -311,7 +311,7 @@ routingPolicyRuleConfig = { FirewallMark = 3; Table = routeTables.vpn; - Priority = 6000; + Priority = 43000; Family = "both"; }; } From aaf33053c207d6f37a3c36466633d5e117cdb359 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 10 Dec 2024 00:40:12 +0100 Subject: [PATCH 183/240] disable navidrome --- systems/LoutreOS/medias.nix | 8 -------- 1 file changed, 8 deletions(-) diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index 2b9e642..c2a7004 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -40,14 +40,6 @@ package = pkgs-unstable.jellyfin; }; - navidrome = { - enable = true; - settings = { - MusicFolder = "/mnt/medias/musique"; - ImageCacheSize = 0; - }; - }; - slimserver.enable = true; }; From 9d15f4f4c849b23225c0b628533e1368b3393151 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 11 Dec 2024 14:47:50 +0100 Subject: [PATCH 184/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/cd3e8833d70618c4eea8df06f95b364b016d4950' (2024-10-26) → 'github:NixOS/nixpkgs/7109b680d161993918b0a126f38bc39763e5a709' (2024-12-09) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/18536bf04cd71abd345f9579158841376fdd0c5a' (2024-10-25) → 'github:NixOS/nixpkgs/a73246e2eef4c6ed172979932bc80e1404ba2d56' (2024-12-09) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 901a5ee..ed85b41 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1729973466, - "narHash": "sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk=", + "lastModified": 1733730953, + "narHash": "sha256-dlK7n82FEyZlHH7BFHQAM5tua+lQO1Iv7aAtglc1O5s=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cd3e8833d70618c4eea8df06f95b364b016d4950", + "rev": "7109b680d161993918b0a126f38bc39763e5a709", "type": "github" }, "original": { @@ -107,11 +107,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1729880355, - "narHash": "sha256-RP+OQ6koQQLX5nw0NmcDrzvGL8HDLnyXt/jHhL1jwjM=", + "lastModified": 1733759999, + "narHash": "sha256-463SNPWmz46iLzJKRzO3Q2b0Aurff3U1n0nYItxq7jU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "18536bf04cd71abd345f9579158841376fdd0c5a", + "rev": "a73246e2eef4c6ed172979932bc80e1404ba2d56", "type": "github" }, "original": { From 2a23c234ac5bf9d490d5aad5b5f5d6091ccceaa1 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 12 Dec 2024 16:50:50 +0100 Subject: [PATCH 185/240] fix Sonarr build --- flake.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/flake.nix b/flake.nix index ba4b897..bbed851 100644 --- a/flake.nix +++ b/flake.nix @@ -59,6 +59,12 @@ inputs = inputs; pkgs-unstable = import nixpkgs-unstable { inherit system; + config.permittedInsecurePackages = [ + "aspnetcore-runtime-6.0.36" + "aspnetcore-runtime-wrapped-6.0.36" + "dotnet-sdk-6.0.428" + "dotnet-sdk-wrapped-6.0.428" + ]; }; pkgs-4a3fc4cf7 = import nixpkgs-4a3fc4cf7 { inherit system; From 32e6d3b60ade1061487182193fff86039f408a26 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 12 Dec 2024 16:58:52 +0100 Subject: [PATCH 186/240] fix mangle rules for incoming traffic --- systems/LoutreOS/network.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 4c51361..7c8b54b 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -88,9 +88,14 @@ ip46tables -w -t mangle -X loutreos-mangle-pre 2>/dev/null || true ip46tables -w -t mangle -N loutreos-mangle-pre - # Restore the packet's CONNMARK to the MARK for existing connections + # Restore the packet's CONNMARK to the MARK for existing incoming connections ip46tables -w -t mangle -A loutreos-mangle-pre -j CONNMARK --restore-mark + # Restore CONNMARK to MARK for outgoing packets before final routing decision + ip46tables -w -t mangle -D OUTPUT -j CONNMARK --restore-mark 2>/dev/null || true + ip46tables -w -t mangle -A OUTPUT -j CONNMARK --restore-mark + + # If packet MARK is set, then it means that there is already a connection mark ip46tables -w -t mangle -A loutreos-mangle-pre -m mark ! --mark 0 -j ACCEPT @@ -100,8 +105,11 @@ ip46tables -w -t mangle -A loutreos-mangle-pre -i enp0s21u1 -j MARK --set-mark 2 ip46tables -w -t mangle -A loutreos-mangle-pre -i wg0 -j MARK --set-mark 3 + # Save new mark in CONNMARK + ip46tables -w -t mangle -A loutreos-mangle-pre -j CONNMARK --save-mark + # Jump to newly created target - ip46tables -w -t mangle -A PREROUTING -j loutreos-mangle-pre + ip46tables -w -t mangle -I PREROUTING 1 -j loutreos-mangle-pre # Save MARK to CONNMARK. ip46tables -w -t mangle -D POSTROUTING -j CONNMARK --save-mark 2>/dev/null || true From 99f63e7af8f45e0ba7246c1ba058857562d34292 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 16 Dec 2024 16:02:48 +0100 Subject: [PATCH 187/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/7109b680d161993918b0a126f38bc39763e5a709' (2024-12-09) → 'github:NixOS/nixpkgs/bcba2fbf6963bf6bed3a749f9f4cf5bff4adb96d' (2024-12-14) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/a73246e2eef4c6ed172979932bc80e1404ba2d56' (2024-12-09) → 'github:NixOS/nixpkgs/3566ab7246670a43abd2ffa913cc62dad9cdf7d5' (2024-12-13) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index ed85b41..6c5c24d 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1733730953, - "narHash": "sha256-dlK7n82FEyZlHH7BFHQAM5tua+lQO1Iv7aAtglc1O5s=", + "lastModified": 1734202038, + "narHash": "sha256-LwcGIkORU8zfQ/8jAgptgPY8Zf9lGKB0vtNdQyEkaN8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7109b680d161993918b0a126f38bc39763e5a709", + "rev": "bcba2fbf6963bf6bed3a749f9f4cf5bff4adb96d", "type": "github" }, "original": { @@ -107,11 +107,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1733759999, - "narHash": "sha256-463SNPWmz46iLzJKRzO3Q2b0Aurff3U1n0nYItxq7jU=", + "lastModified": 1734119587, + "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a73246e2eef4c6ed172979932bc80e1404ba2d56", + "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5", "type": "github" }, "original": { From f526dc30545752e24526f5e1a06b6252d1e49396 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 16 Dec 2024 16:54:58 +0100 Subject: [PATCH 188/240] common-gui: enable zram --- systems/PC-Fixe/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 83a7ee4..e6031f8 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -32,6 +32,8 @@ options hid_apple fnmode=2 ''; + zramSwap.enable = true; + virtualisation.podman.enable = true; services.zfs = { From 1a414771ba91dbfe16285ca5e79288a72f3a88a0 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 16 Dec 2024 16:55:16 +0100 Subject: [PATCH 189/240] common-gui: pipewire set clock rate --- systems/common-gui.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/systems/common-gui.nix b/systems/common-gui.nix index 6d8365d..03735e0 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -113,6 +113,13 @@ alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; + extraConfig.pipewire = { + "10-clock-rate" = { + "context.properties" = { + "default.clock.allowed-rates" = [ 48000 ]; + }; + }; + }; }; udev.packages = with pkgs; [ ledger-udev-rules ]; pcscd.enable = true; From 17ff809406d148e6efb3234968c7cb9844030114 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 20 Dec 2024 16:54:36 +0100 Subject: [PATCH 190/240] LoutreOS: update to 24.11 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit flake.lock: Update Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/bcba2fbf6963bf6bed3a749f9f4cf5bff4adb96d' (2024-12-14) → 'github:NixOS/nixpkgs/b47fd6fa00c6afca88b8ee46cfdb00e104f50bca' (2024-12-19) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/3566ab7246670a43abd2ffa913cc62dad9cdf7d5' (2024-12-13) → 'github:NixOS/nixpkgs/d3c42f187194c26d9f0309a8ecc469d6c878ce33' (2024-12-17) • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/29916981e7b3b5782dc5085ad18490113f8ff63b' (2024-06-11) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/35fa7dc495aa89bd224f08c43dfd9119b81f0fa7' (2024-12-16) • Removed input 'simple-nixos-mailserver/nixpkgs-24_05' • Added input 'simple-nixos-mailserver/nixpkgs-24_11': follows 'nixpkgs' • Removed input 'simple-nixos-mailserver/utils' • Removed input 'simple-nixos-mailserver/utils/systems' --- flake.lock | 60 ++++------------ flake.nix | 6 +- systems/LoutreOS/configuration.nix | 1 - systems/LoutreOS/network.nix | 108 +++++++++++------------------ systems/LoutreOS/web.nix | 2 +- 5 files changed, 57 insertions(+), 120 deletions(-) diff --git a/flake.lock b/flake.lock index 6c5c24d..13bf6d5 100644 --- a/flake.lock +++ b/flake.lock @@ -76,16 +76,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1734202038, - "narHash": "sha256-LwcGIkORU8zfQ/8jAgptgPY8Zf9lGKB0vtNdQyEkaN8=", + "lastModified": 1734600368, + "narHash": "sha256-nbG9TijTMcfr+au7ZVbKpAhMJzzE2nQBYmRvSdXUD8g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bcba2fbf6963bf6bed3a749f9f4cf5bff4adb96d", + "rev": "b47fd6fa00c6afca88b8ee46cfdb00e104f50bca", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-24.05", + "ref": "nixos-24.11", "type": "indirect" } }, @@ -107,11 +107,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1734119587, - "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=", + "lastModified": 1734424634, + "narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5", + "rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33", "type": "github" }, "original": { @@ -137,58 +137,24 @@ "nixpkgs": [ "nixpkgs-unstable" ], - "nixpkgs-24_05": [ + "nixpkgs-24_11": [ "nixpkgs" - ], - "utils": "utils" + ] }, "locked": { - "lastModified": 1718084203, - "narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=", + "lastModified": 1734371264, + "narHash": "sha256-YzE0lCGNKDXeinkZ6knSM8jo1VS9CeNwBJvYMEYQaQM=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "29916981e7b3b5782dc5085ad18490113f8ff63b", + "rev": "35fa7dc495aa89bd224f08c43dfd9119b81f0fa7", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-24.05", + "ref": "nixos-24.11", "repo": "nixos-mailserver", "type": "gitlab" } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1709126324, - "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "d465f4819400de7c8d874d50b982301f28a84605", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index bbed851..bb5415c 100644 --- a/flake.nix +++ b/flake.nix @@ -1,14 +1,14 @@ { inputs = { - nixpkgs.url = "flake:nixpkgs/nixos-24.05"; + nixpkgs.url = "flake:nixpkgs/nixos-24.11"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; # transmission 4.0.5 downgrade to fix tracker bug nixpkgs-4a3fc4cf7.url = "github:nixos/nixpkgs/4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4"; simple-nixos-mailserver = { - url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; + url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.11"; inputs = { nixpkgs.follows = "nixpkgs-unstable"; - nixpkgs-24_05.follows = "nixpkgs"; + nixpkgs-24_11.follows = "nixpkgs"; }; }; dogetipbot-telegram = { diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 7d4501e..001dfb7 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -2,7 +2,6 @@ { imports = [ - "${inputs.nixpkgs-unstable}/nixos/modules/services/misc/flaresolverr.nix" ../common-cli.nix ./hardware-configuration.nix ./network.nix diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 7c8b54b..1e48cc2 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -134,7 +134,7 @@ ############################################# # Redirect local network request from server external IP to internal IP - iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true + iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 2>/dev/null || true iptables -t nat -A PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 ''; @@ -190,22 +190,16 @@ MTUBytes = "1450"; }; wireguardConfig = { - PrivateKeyFile = "/run/credentials/systemd-networkd.service/network.wireguard.private.wg0"; - # Wait for 24.11 - # PrivateKey = "@network.wireguard.private.wg0"; + PrivateKey = "@network.wireguard.private.wg0"; RouteTable = routeTables.vpn; }; wireguardPeers = [ { - wireguardPeerConfig = { - Endpoint = "89.234.141.83:8095"; - PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g="; - PresharedKeyFile = "/run/credentials/systemd-networkd.service/network.wireguard.preshared.wg0"; - # Wait for 24.11 - # PresharedKey = "@network.wireguard.preshared.wg0"; - AllowedIPs = ["0.0.0.0/0" "::/0"]; - PersistentKeepalive = 15; - }; + Endpoint = "89.234.141.83:8095"; + PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g="; + PresharedKey = "@network.wireguard.preshared.wg0"; + AllowedIPs = ["0.0.0.0/0" "::/0"]; + PersistentKeepalive = 15; } ]; }; @@ -243,19 +237,15 @@ # Route everything to fiber link with a priority of 40000 routingPolicyRules = [ { - routingPolicyRuleConfig = { - FirewallMark = 1; - Table = routeTables.fiber; - Priority = 41000; - Family = "both"; - }; + FirewallMark = 1; + Table = routeTables.fiber; + Priority = 41000; + Family = "both"; } { - routingPolicyRuleConfig = { - Table = routeTables.fiber; - Priority = 51000; - Family = "both"; - }; + Table = routeTables.fiber; + Priority = 51000; + Family = "both"; } ]; }; @@ -274,19 +264,15 @@ # Route all to lte link with a priority of 50000 routingPolicyRules = [ { - routingPolicyRuleConfig = { - FirewallMark = 2; - Table = routeTables.lte; - Priority = 42000; - Family = "both"; - }; + FirewallMark = 2; + Table = routeTables.lte; + Priority = 42000; + Family = "both"; } { - routingPolicyRuleConfig = { - Table = routeTables.lte; - Priority = 52000; - Family = "both"; - }; + Table = routeTables.lte; + Priority = 52000; + Family = "both"; } ]; }; @@ -305,23 +291,19 @@ routingPolicyRules = [ # Route outgoing emails to VPN table { - routingPolicyRuleConfig = { - IncomingInterface = "lo"; - DestinationPort = "25"; - Table = routeTables.vpn; - Priority = 60; - Family = "both"; - }; + IncomingInterface = "lo"; + DestinationPort = "25"; + Table = routeTables.vpn; + Priority = 60; + Family = "both"; } # Route packets originating from wg0 device to VPN table # Allow server to respond on the wg0 interface requests { - routingPolicyRuleConfig = { - FirewallMark = 3; - Table = routeTables.vpn; - Priority = 43000; - Family = "both"; - }; + FirewallMark = 3; + Table = routeTables.vpn; + Priority = 43000; + Family = "both"; } ]; }; @@ -349,38 +331,28 @@ dhcpServerStaticLeases = [ # IPMI { - dhcpServerStaticLeaseConfig = { - Address = "10.30.1.1"; - MACAddress = "ac:1f:6b:4b:01:15"; - }; + Address = "10.30.1.1"; + MACAddress = "ac:1f:6b:4b:01:15"; } # paul-fixe { - dhcpServerStaticLeaseConfig = { - Address = "10.30.50.1"; - MACAddress = "b4:2e:99:ed:24:26"; - }; + Address = "10.30.50.1"; + MACAddress = "b4:2e:99:ed:24:26"; } # salonled { - dhcpServerStaticLeaseConfig = { - Address = "10.30.40.1"; - MACAddress = "e0:98:06:85:e9:ce"; - }; + Address = "10.30.40.1"; + MACAddress = "e0:98:06:85:e9:ce"; } # miroir-bleu { - dhcpServerStaticLeaseConfig = { - Address = "10.30.40.2"; - MACAddress = "e0:98:06:86:38:fc"; - }; + Address = "10.30.40.2"; + MACAddress = "e0:98:06:86:38:fc"; } # miroir-orange { - dhcpServerStaticLeaseConfig = { - Address = "10.30.40.3"; - MACAddress = "50:02:91:78:be:be"; - }; + Address = "10.30.40.3"; + MACAddress = "50:02:91:78:be:be"; } ]; ipv6SendRAConfig = { diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index a373e0a..87a5803 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -392,7 +392,7 @@ in nextcloud = { enable = true; - package = pkgs.nextcloud29; + package = pkgs.nextcloud30; hostName = "cloud.nyanlout.re"; database.createLocally = true; https = true; From c9c0061ff7dce208cff8fb44e68aa1b5d03cd43d Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 20 Dec 2024 19:17:16 +0100 Subject: [PATCH 191/240] fix networkd not working on boot --- systems/LoutreOS/network.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 1e48cc2..d96b7c1 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -146,11 +146,16 @@ }; }; - systemd.services.systemd-networkd.serviceConfig = { + systemd.services.systemd-networkd = { + unitConfig = { + RequiresMountsFor = "/mnt/secrets/wireguard"; + }; + serviceConfig = { LoadCredential = [ "network.wireguard.private.wg0:/mnt/secrets/wireguard/wireguard.private" "network.wireguard.preshared.wg0:/mnt/secrets/wireguard/wireguard.preshared" ]; + }; }; ################# From c028b9b6ed2810fc621a08c0d67c41d435ba42af Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 23 Dec 2024 14:23:23 +0100 Subject: [PATCH 192/240] gitea: don't set default theme Themes where renamed upstream https://github.com/go-gitea/gitea/pull/27419 --- systems/LoutreOS/web.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 87a5803..32b8663 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -376,7 +376,6 @@ in HTTP_PORT = 3001; ROOT_URL = "https://gitea.nyanlout.re/"; }; - ui.DEFAULT_THEME = "arc-green"; log.LEVEL = "Warn"; service.DISABLE_REGISTRATION = true; session.COOKIE_SECURE = true; From da67f2b52340e136d3bc338a64b80bcaf45328ae Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 31 Dec 2024 12:52:02 +0100 Subject: [PATCH 193/240] Do not backup music --- systems/LoutreOS/services.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index fac5b6c..70686dc 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -129,9 +129,6 @@ in "/var/lib/slimserver" "/var/lib/watcharr" "/var/lib/nextcloud" - "/mnt/medias/musique" - "/mnt/medias/torrent/lidarr" - "/mnt/medias/torrent/musique" "/mnt/paul-home/paul" "/var/sieve" "/var/vmail" From b8bdb492c5bce0452d9b6e0b2be4c22f5f3aaf9b Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 2 Jan 2025 12:17:02 +0100 Subject: [PATCH 194/240] remove python CI service --- services/python-ci.nix | 49 ---------- services/python-ci.py | 168 ---------------------------------- services/sdtdserver.nix | 120 ------------------------ systems/LoutreOS/services.nix | 3 - systems/LoutreOS/web.nix | 63 ------------- 5 files changed, 403 deletions(-) delete mode 100644 services/python-ci.nix delete mode 100755 services/python-ci.py delete mode 100644 services/sdtdserver.nix diff --git a/services/python-ci.nix b/services/python-ci.nix deleted file mode 100644 index ce957db..0000000 --- a/services/python-ci.nix +++ /dev/null @@ -1,49 +0,0 @@ -{lib, config, pkgs, ... }: - -with lib; - -let - cfg = config.services.python-ci; -in -{ - options.services.python-ci = { - enable = mkEnableOption "Service de CI Nix écrit en Python"; - }; - - config = mkIf cfg.enable { - - users.users = { - python-ci = { - isSystemUser = true; - group = "nogroup"; - description = "Python CI user"; - }; - }; - - systemd.services.python-ci = { - description = "CI Nix en Python"; - requires = ["network-online.target"]; - wantedBy = ["multi-user.target"]; - environment = { HOME = "/var/lib/python-ci"; NIX_PATH = concatStringsSep ":" config.nix.nixPath; NIXPKGS_ALLOW_UNFREE = "1";}; - path = with pkgs;[ nix gnutar gzip ]; - serviceConfig = { - User = "python-ci"; - StateDirectory = "python-ci"; - RuntimeDirectory = "python-ci"; - RuntimeDirectoryPreserve = "yes"; - ExecStart = with pkgs; - let env = python3Packages.python.buildEnv.override { - extraLibs = with python3Packages;[ pyramid python-gitlab setuptools ]; - ignoreCollisions = true; - }; - in "${pkgs.writeShellScriptBin "run.sh" '' - ${env}/bin/python ${pkgs.writeScript "python-ci.py" "${readFile ./python-ci.py}"} --port 52350 \ - --secret /var/lib/python-ci/secret --gitlab-token /var/lib/python-ci/gitlab_token \ - --gitea-token /var/lib/python-ci/gitea_token --output /run/python-ci - ''}/bin/run.sh"; - }; - }; - - }; - -} diff --git a/services/python-ci.py b/services/python-ci.py deleted file mode 100755 index 950cf44..0000000 --- a/services/python-ci.py +++ /dev/null @@ -1,168 +0,0 @@ -#! /usr/bin/env nix-shell -#! nix-shell -i python3 -p "python3.withPackages(ps: [ps.pyramid ps.python-gitlab])" -from wsgiref.simple_server import make_server -from pyramid.config import Configurator -from pyramid.view import view_config, view_defaults -from pyramid.httpexceptions import HTTPNotFound -from subprocess import check_call, CalledProcessError -import urllib.request -import tarfile -from tempfile import TemporaryDirectory -from multiprocessing import Pool -from gitlab import Gitlab -import urllib.request -import json -import argparse -import hmac -import hashlib - - -def gitlab_build(payload, gl): - commit = gl.projects.get(payload['project']['path_with_namespace']).commits.get(payload['checkout_sha']) - - commit.statuses.create({'state': 'running', 'name': 'Python CI'}) - print("push from " + payload['user_name']) - print("repo: " + payload['project']['path_with_namespace']) - print("commit: " + payload['checkout_sha']) - temp_dir = TemporaryDirectory() - repo_dir = temp_dir.name + '/' + payload['project']['name'] + '-' + payload['checkout_sha'] - archive_url = payload['project']['web_url'] + '/-/archive/' + payload['checkout_sha'] + \ - '/' + payload['project']['name'] + '-' + payload['checkout_sha'] + '.tar.gz' - - with urllib.request.urlopen(archive_url) as gitlab_archive: - with tarfile.open(fileobj=gitlab_archive, mode='r|gz') as gitlab_repo_files: - gitlab_repo_files.extractall(path=temp_dir.name) - - check_call(['ls', '-lha', repo_dir]) - - try: - check_call(['nix-build', '-o', args.output + '/' + payload['project']['path_with_namespace'], repo_dir]) - except CalledProcessError: - commit.statuses.create({'state': 'failed', 'name': 'Python CI'}) - print("erreur build") - else: - commit.statuses.create({'state': 'success', 'name': 'Python CI'}) - print("build terminé") - - -@view_defaults( - route_name="gitlab_payload", renderer="json", request_method="POST" -) -class GitlabHook(object): - - def __init__(self, request): - self.request = request - self.payload = self.request.json - self.whitelist = ['nyanloutre/site-musique'] - self.secret = open(args.secret, 'r').readline().splitlines()[0] - self.gitlab_token = open(args.gitlab_token, 'r').readline().splitlines()[0] - self.gl = Gitlab('https://gitlab.com', private_token=self.gitlab_token) - - @view_config(header="X-Gitlab-Event:Push Hook") - def push_hook(self): - if self.payload['project']['path_with_namespace'] in self.whitelist and self.request.headers['X-Gitlab-Token'] == self.secret: - self.gl.projects.get(self.payload['project']['path_with_namespace']).commits.get(self.payload['checkout_sha']).statuses.create({'state': 'pending', 'name': 'Python CI'}) - pool.apply_async(gitlab_build, (self.payload, self.gl)) - return "build started" - else: - raise HTTPNotFound - - -def gitea_status_update(repo, commit, token, status): - url = 'https://gitea.nyanlout.re/api/v1/repos/' + repo + '/statuses/' + commit - print(url) - req = urllib.request.Request(url) - req.add_header('Content-Type', 'application/json; charset=utf-8') - req.add_header('accept', 'application/json') - req.add_header('Authorization', 'token ' + token) - - jsondata = json.dumps({'state': status}).encode('utf-8') - req.add_header('Content-Length', len(jsondata)) - - urllib.request.urlopen(req, jsondata) - -def gitea_build(payload, token): - commit = payload['after'] - repo = payload['repository']['full_name'] - - gitea_status_update(repo, commit, token, 'pending') - - print("push from " + payload['pusher']['username']) - print("repo: " + repo) - print("commit: " + commit) - temp_dir = TemporaryDirectory() - repo_dir = temp_dir.name + '/' + payload['repository']['name'] - archive_url = payload['repository']['html_url'] + '/archive/' + commit + '.tar.gz' - - with urllib.request.urlopen(archive_url) as gitea_archive: - with tarfile.open(fileobj=gitea_archive, mode='r|gz') as gitea_repo_files: - gitea_repo_files.extractall(path=temp_dir.name) - - check_call(['ls', '-lha', repo_dir]) - - try: - check_call(['nix-build', '-o', args.output + '/' + repo, repo_dir]) - except CalledProcessError: - gitea_status_update(repo, commit, token, 'failure') - print("erreur build") - else: - gitea_status_update(repo, commit, token, 'success') - print("build terminé") - - -@view_defaults( - route_name="gitea_payload", renderer="json", request_method="POST" -) -class GiteaHook(object): - def __init__(self, request): - self.payload = request.json - self.whitelist = ['nyanloutre/site-musique', 'nyanloutre/site-max'] - self.gitea_token = open(args.gitea_token, 'r').readline().strip() - - @view_config(header=["X-Gitea-Event:push", "X-Gitea-Signature"], check_hmac=True) - def push_hook(self): - if self.payload['repository']['full_name'] in self.whitelist: - pool.apply_async(gitea_build, (self.payload, self.gitea_token)) - return "build started" - else: - raise HTTPNotFound - - -class CheckHmacPredicate(object): - def __init__(self, val, info): - self.secret = open(args.secret, 'r').readline().strip().encode() - - def text(self): - return 'HMAC checking enabled' - - phash = text - - def __call__(self, context, request): - payload_signature = hmac.new(self.secret, request.body, hashlib.sha256).hexdigest() - return hmac.compare_digest(request.headers["X-Gitea-Signature"], payload_signature) - -if __name__ == "__main__": - parser = argparse.ArgumentParser(description='CI server') - parser.add_argument('--address', help='listening address', default='127.0.0.1') - parser.add_argument('--port', type=int, help='listening port') - parser.add_argument('--output', help='output directory') - parser.add_argument('--secret', help='repo secret file') - parser.add_argument('--gitlab-token', help='gitlab token file') - parser.add_argument('--gitea-token', help='gitea token file') - args = parser.parse_args() - - - pool = Pool(1) - - config = Configurator() - - config.add_view_predicate('check_hmac', CheckHmacPredicate) - - config.add_route("gitlab_payload", "/gitlab_payload") - config.add_route("gitea_payload", "/gitea_payload") - config.scan() - - app = config.make_wsgi_app() - server = make_server(args.address, args.port, app) - print('listening ...') - server.serve_forever() diff --git a/services/sdtdserver.nix b/services/sdtdserver.nix deleted file mode 100644 index c233150..0000000 --- a/services/sdtdserver.nix +++ /dev/null @@ -1,120 +0,0 @@ -{lib, config, pkgs, ... }: - -with lib; - -let - cfg = config.services.sdtdserver; - gamePath = "/var/lib/sdtdserver"; - gameOptions = { - ServerPort="26900"; - ServerVisibility="2"; - ServerName="Serveur des loutres"; - ServerPassword=""; - ServerMaxPlayerCount="16"; - ServerReservedSlots="0"; - ServerReservedSlotsPermission="100"; - ServerAdminSlots="0"; - ServerAdminSlotsPermission="0"; - ServerDescription="Un serveur idiot anti gilets jaunes"; - ServerWebsiteURL=""; - ServerDisabledNetworkProtocols=""; - GameWorld="Navezgane"; - WorldGenSeed="Lakeu"; - WorldGenSize="4096"; - GameName="Lakeu"; - GameDifficulty="2"; - GameMode="GameModeSurvival"; - ZombiesRun="0"; - ZombieMove="0"; - ZombieMoveNight="3"; - ZombieFeralMove="3"; - ZombieBMMove="3"; - BuildCreate="false"; - DayNightLength="60"; - DayLightLength="18"; - PlayerKillingMode="3"; - PersistentPlayerProfiles="false"; - PlayerSafeZoneLevel="5"; - PlayerSafeZoneHours="5"; - ControlPanelEnabled="false"; - ControlPanelPort="8080"; - ControlPanelPassword="CHANGEME"; - TelnetEnabled="false"; - TelnetPort="8081"; - TelnetPassword=""; - TelnetFailedLoginLimit="10"; - TelnetFailedLoginsBlocktime="10"; - TerminalWindowEnabled="false"; - AdminFileName="serveradmin.xml"; - DropOnDeath="0"; - DropOnQuit="0"; - BloodMoonEnemyCount="8"; - EnemySpawnMode="true"; - EnemyDifficulty="0"; - BlockDurabilityModifier="100"; - LootAbundance="100"; - LootRespawnDays="30"; - LandClaimSize="41"; - LandClaimDeadZone="30"; - LandClaimExpiryTime="3"; - LandClaimDecayMode="0"; - LandClaimOnlineDurabilityModifier="4"; - LandClaimOfflineDurabilityModifier="4"; - PartySharedKillRange="100"; - AirDropFrequency="72"; - AirDropMarker="false"; - MaxSpawnedZombies="60"; - MaxSpawnedAnimals="50"; - EACEnabled="true"; - HideCommandExecutionLog="0"; - MaxUncoveredMapChunksPerPlayer="131072"; - BedrollDeadZoneSize="15"; - ServerLoginConfirmationText="Prout"; - }; - gameConfig = builtins.toFile "serverconfig.xml" '' - - - ${concatStrings ( - mapAttrsToList (name: value: - " \n" - ) gameOptions)} - - ''; -in -{ - options.services.sdtdserver = { - enable = mkEnableOption "Activation du serveur dédié 7 Days to Die"; - }; - - config = mkIf cfg.enable { - - systemd.services.sdtdserver = { - description = "Serveur dédié 7 Days to Die"; - requires = ["network-online.target"]; - wantedBy = ["multi-user.target"]; - environment = { HOME = gamePath; }; - serviceConfig = { - DynamicUser = true; - StateDirectory = "sdtdserver"; - }; - preStart = let - libPath = with pkgs; lib.makeLibraryPath [ - stdenv.cc.cc.lib - ]; - in '' - ${pkgs.steamcmd}/bin/steamcmd +login anonymous +force_install_dir ${gamePath} +app_update 294420 validate +quit - install -m666 ${gameConfig} ${gamePath}/serverconfig.xml - ''; - script = '' - ${pkgs.steam-run}/bin/steam-run ${gamePath}/7DaysToDieServer.x86_64 -quit -batchmode -nographics -dedicated -configfile=serverconfig.xml - ''; - }; - - networking.firewall = { - allowedTCPPorts = [ 26900 ]; - allowedUDPPorts = [ 26900 26901 26902 ]; - }; - - }; - -} diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 70686dc..e388f66 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -26,9 +26,6 @@ in { imports = [ - ../../services/python-ci.nix - ../../services/sdtdserver.nix - # /mnt/secrets/factorio_secrets.nix ./monitoring.nix ./medias.nix ./web.nix diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 32b8663..a7e1802 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -61,43 +61,10 @@ in isSystemUser = true; group = config.users.groups.webdav.name; }; - # wordpress = { - # isSystemUser = true; - # group = config.services.nginx.group; - # }; }; services = { phpfpm.pools = { - # work = { - # user = config.users.users.work.name; - # phpPackage = pkgs.php.withExtensions ({ all, ... }: with all; [ redis filter ]); - # settings = { - # "listen.owner" = config.services.nginx.user; - # "pm" = "dynamic"; - # "pm.max_children" = 75; - # "pm.start_servers" = 10; - # "pm.min_spare_servers" = 5; - # "pm.max_spare_servers" = 20; - # "pm.max_requests" = 500; - # }; - # }; - - # "wordpress-designyourfuture" = { - # user = config.users.users.wordpress.name; - # group = config.services.nginx.group; - # settings = { - # "listen.owner" = config.services.nginx.user; - # "pm" = "dynamic"; - # "pm.max_children" = 32; - # "pm.start_servers" = 2; - # "pm.min_spare_servers" = 2; - # "pm.max_spare_servers" = 4; - # "pm.max_requests" = 500; - # }; - # }; - - drive = { user = config.users.users.webdav.name; settings = { @@ -242,7 +209,6 @@ in forceSSL = true; globalRedirect = "musique-meyenheim.fr"; }; - # "maxspiegel.fr" = base { "/" = { root = "/run/python-ci/nyanloutre/site-max"; }; }; "stream.nyanlout.re" = base { "/" = { proxyPass = "http://10.30.135.71"; @@ -261,7 +227,6 @@ in proxyWebsockets = true; }; }; - "ci.nyanlout.re" = simpleReverse 52350; "gitea.nyanlout.re" = simpleReverse config.services.gitea.settings.server.HTTP_PORT; "musique.nyanlout.re" = simpleReverse config.services.navidrome.settings.Port; "photo.nyanlout.re" = recursiveUpdate (simpleReverse config.services.photoprism.port) { @@ -279,27 +244,6 @@ in proxyWebsockets = true; }; }; - # "work.rezom.eu" = base { - # "/" = { - # index = "/_h5ai/public/index.php"; - # extraConfig = '' - # dav_ext_methods PROPFIND OPTIONS; - # ''; - # }; - # "~ ^/(_h5ai/public/index|random).php" = { - # extraConfig = '' - # fastcgi_split_path_info ^(.+\.php)(/.+)$; - # fastcgi_pass unix:${config.services.phpfpm.pools.work.socket}; - # include ${pkgs.nginx}/conf/fastcgi_params; - # include ${pkgs.nginx}/conf/fastcgi.conf; - # ''; - # }; - # } // { - # root = "/mnt/medias/iso_linux"; - # extraConfig = '' - # access_log /var/log/nginx/$host.log; - # ''; - # }; "drive.nyanlout.re" = base { "/" = { extraConfig = '' @@ -382,13 +326,6 @@ in }; }; - python-ci.enable = true; - - # mysql = { - # enable = true; - # package = pkgs.mariadb; - # }; - nextcloud = { enable = true; package = pkgs.nextcloud30; From 66b8f6f52f457885c1074df49bd7d164520d6de3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 2 Jan 2025 12:20:30 +0100 Subject: [PATCH 195/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/b47fd6fa00c6afca88b8ee46cfdb00e104f50bca?narHash=sha256-nbG9TijTMcfr%2Bau7ZVbKpAhMJzzE2nQBYmRvSdXUD8g%3D' (2024-12-19) → 'github:NixOS/nixpkgs/edf04b75c13c2ac0e54df5ec5c543e300f76f1c9?narHash=sha256-tfYRbFhMOnYaM4ippqqid3BaLOXoFNdImrfBfCp4zn0%3D' (2024-12-31) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/d3c42f187194c26d9f0309a8ecc469d6c878ce33?narHash=sha256-cHar1vqHOOyC7f1%2BtVycPoWTfKIaqkoe1Q6TnKzuti4%3D' (2024-12-17) → 'github:NixOS/nixpkgs/88195a94f390381c6afcdaa933c2f6ff93959cb4?narHash=sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs%3D' (2024-12-29) • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/35fa7dc495aa89bd224f08c43dfd9119b81f0fa7?narHash=sha256-YzE0lCGNKDXeinkZ6knSM8jo1VS9CeNwBJvYMEYQaQM%3D' (2024-12-16) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/63209b1def2c9fc891ad271f474a3464a5833294?narHash=sha256-HA9fAmGNGf0cOYrhgoa%2BB6BxNVqGAYXfLyx8zIS0ZBY%3D' (2024-12-22) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 13bf6d5..44e34ee 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1734600368, - "narHash": "sha256-nbG9TijTMcfr+au7ZVbKpAhMJzzE2nQBYmRvSdXUD8g=", + "lastModified": 1735669367, + "narHash": "sha256-tfYRbFhMOnYaM4ippqqid3BaLOXoFNdImrfBfCp4zn0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b47fd6fa00c6afca88b8ee46cfdb00e104f50bca", + "rev": "edf04b75c13c2ac0e54df5ec5c543e300f76f1c9", "type": "github" }, "original": { @@ -107,11 +107,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1734424634, - "narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=", + "lastModified": 1735471104, + "narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33", + "rev": "88195a94f390381c6afcdaa933c2f6ff93959cb4", "type": "github" }, "original": { @@ -142,11 +142,11 @@ ] }, "locked": { - "lastModified": 1734371264, - "narHash": "sha256-YzE0lCGNKDXeinkZ6knSM8jo1VS9CeNwBJvYMEYQaQM=", + "lastModified": 1734884447, + "narHash": "sha256-HA9fAmGNGf0cOYrhgoa+B6BxNVqGAYXfLyx8zIS0ZBY=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "35fa7dc495aa89bd224f08c43dfd9119b81f0fa7", + "rev": "63209b1def2c9fc891ad271f474a3464a5833294", "type": "gitlab" }, "original": { From db19e625ce6f09e99e603deaa97751d990809847 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 3 Jan 2025 14:37:19 +0100 Subject: [PATCH 196/240] iptables --> nftables migrate --- systems/LoutreOS/network.nix | 120 ++++++++++++++++------------------- 1 file changed, 54 insertions(+), 66 deletions(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index d96b7c1..8226144 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -57,6 +57,55 @@ enp0s21u1.useDHCP = true; }; + nftables = { + enable = true; + tables = { + "multi-wan-routing" = { + family = "inet"; + content = '' + chain PREROUTING { + type filter hook prerouting priority mangle; policy accept; + # Restore the packet's CONNMARK to the MARK for existing incoming connections + counter meta mark set ct mark + # If packet MARK is set, then it means that there is already a connection mark + meta mark != 0x00000000 counter accept + # Else, we need to mark the packet. + # If the packet is incoming on bouygues then set MARK to 1, LTE MARK 2 and VPN MARK 3 + iifname "bouygues" counter meta mark set 0x1 + iifname "enp0s21u1" counter meta mark set 0x2 + iifname "wg0" counter meta mark set 0x3 + # Save new mark in CONNMARK + counter ct mark set mark + } + + chain OUTPUT { + type route hook output priority mangle; policy accept; + # Restore CONNMARK to MARK for outgoing packets before final routing decision + counter meta mark set ct mark + } + + chain POSTROUTING { + type filter hook postrouting priority mangle; policy accept; + # Save MARK to CONNMARK + counter ct mark set mark + } + ''; + }; + + "redirect-external-to-local" = { + family = "ip"; + content = '' + chain PREROUTING { + type nat hook prerouting priority dstnat; policy accept; + # Redirect local network request from server external IP to internal IP + # This allow access to server without internet access + ip saddr 10.30.0.0/16 ip daddr 176.180.172.105 counter dnat to 10.30.0.1 + } + ''; + } + }; + }; + firewall = { enable = true; allowedTCPPorts = [ 80 443 ]; @@ -76,72 +125,11 @@ ]; }; - extraCommands = '' - - ################ - # MANGLE rules # - ################ - - # Clean and recreate target - ip46tables -w -t mangle -D PREROUTING -j loutreos-mangle-pre 2>/dev/null || true - ip46tables -w -t mangle -F loutreos-mangle-pre 2>/dev/null || true - ip46tables -w -t mangle -X loutreos-mangle-pre 2>/dev/null || true - ip46tables -w -t mangle -N loutreos-mangle-pre - - # Restore the packet's CONNMARK to the MARK for existing incoming connections - ip46tables -w -t mangle -A loutreos-mangle-pre -j CONNMARK --restore-mark - - # Restore CONNMARK to MARK for outgoing packets before final routing decision - ip46tables -w -t mangle -D OUTPUT -j CONNMARK --restore-mark 2>/dev/null || true - ip46tables -w -t mangle -A OUTPUT -j CONNMARK --restore-mark - - - # If packet MARK is set, then it means that there is already a connection mark - ip46tables -w -t mangle -A loutreos-mangle-pre -m mark ! --mark 0 -j ACCEPT - - # Else, we need to mark the packet. - # If the packet is incoming on bouygues then set MARK to 1, LTE MARK 2 and VPN MARK 3 - ip46tables -w -t mangle -A loutreos-mangle-pre -i bouygues -j MARK --set-mark 1 - ip46tables -w -t mangle -A loutreos-mangle-pre -i enp0s21u1 -j MARK --set-mark 2 - ip46tables -w -t mangle -A loutreos-mangle-pre -i wg0 -j MARK --set-mark 3 - - # Save new mark in CONNMARK - ip46tables -w -t mangle -A loutreos-mangle-pre -j CONNMARK --save-mark - - # Jump to newly created target - ip46tables -w -t mangle -I PREROUTING 1 -j loutreos-mangle-pre - - # Save MARK to CONNMARK. - ip46tables -w -t mangle -D POSTROUTING -j CONNMARK --save-mark 2>/dev/null || true - ip46tables -w -t mangle -A POSTROUTING -j CONNMARK --save-mark - - ###################### - # IPv6 FORWARD rules # - ###################### - - # Forward all IPv6 traffic from local network and reject incoming traffic - ip6tables -w -D FORWARD -j loutreos-forward 2>/dev/null || true - ip6tables -w -F loutreos-forward 2>/dev/null || true - ip6tables -w -X loutreos-forward 2>/dev/null || true - ip6tables -w -N loutreos-forward - ip6tables -w -A loutreos-forward -m state --state RELATED,ESTABLISHED -j ACCEPT - ip6tables -w -A loutreos-forward -j ACCEPT -i eno2 - ip6tables -w -A loutreos-forward -j nixos-fw-log-refuse - ip6tables -w -A FORWARD -j loutreos-forward - - ############################################# - # Enable server access when fiber link down # - ############################################# - - # Redirect local network request from server external IP to internal IP - iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 2>/dev/null || true - iptables -t nat -A PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 - ''; - - # remove refs to nixos-fw-log-refuse before restarting firewall - # prevents "ressource busy" errors - extraStopCommands = '' - ip6tables -D loutreos-forward -j nixos-fw-log-refuse 2>/dev/null || true + # Don't forward incoming IPv6 requests to local network + filterForward = true; + extraForwardRules = '' + # Forward all IPv6 traffic from local network + iifname "eno2" counter accept ''; }; }; From 7f461268da7e1003236826f0319de17feaabf8d1 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 3 Jan 2025 14:56:07 +0100 Subject: [PATCH 197/240] Only forward IPv6 traffic --- systems/LoutreOS/network.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 8226144..95c0c82 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -129,7 +129,7 @@ filterForward = true; extraForwardRules = '' # Forward all IPv6 traffic from local network - iifname "eno2" counter accept + meta nfproto ipv6 iifname "eno2" counter accept ''; }; }; From 4c353f949edb4f7d080be61b12c40d2c6fb5c171 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 6 Jan 2025 15:44:21 +0100 Subject: [PATCH 198/240] fix typo --- systems/LoutreOS/network.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 95c0c82..8a38d56 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -102,7 +102,7 @@ ip saddr 10.30.0.0/16 ip daddr 176.180.172.105 counter dnat to 10.30.0.1 } ''; - } + }; }; }; From ea8e9a14bc74a41b714a07168a1b2d5903a45b24 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 7 Jan 2025 16:00:26 +0100 Subject: [PATCH 199/240] do not remove systemd and f2b rules on reload --- systems/LoutreOS/network.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 8a38d56..2363067 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -59,6 +59,7 @@ nftables = { enable = true; + flushRuleset = false; tables = { "multi-wan-routing" = { family = "inet"; From f10ac3078ea9cfc29f0c1e5bd56680d94a7feb81 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 7 Jan 2025 16:00:50 +0100 Subject: [PATCH 200/240] allow ipv4 forwarding needed by NAT --- systems/LoutreOS/network.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 2363067..a53f677 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -130,7 +130,7 @@ filterForward = true; extraForwardRules = '' # Forward all IPv6 traffic from local network - meta nfproto ipv6 iifname "eno2" counter accept + iifname "eno2" counter accept ''; }; }; From 053455054d059ef27f5fde14bbcccf762cde3677 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 7 Jan 2025 16:42:37 +0100 Subject: [PATCH 201/240] clean old config --- systems/LoutreOS/config-overviewer.py | 47 --------------------------- systems/LoutreOS/services.nix | 47 --------------------------- systems/LoutreOS/web.nix | 23 +------------ 3 files changed, 1 insertion(+), 116 deletions(-) delete mode 100644 systems/LoutreOS/config-overviewer.py diff --git a/systems/LoutreOS/config-overviewer.py b/systems/LoutreOS/config-overviewer.py deleted file mode 100644 index a307a38..0000000 --- a/systems/LoutreOS/config-overviewer.py +++ /dev/null @@ -1,47 +0,0 @@ -from .observer import MultiplexingObserver, LoggingObserver, JSObserver - -global escape -from cgi import escape -def signFilter(poi): - if poi['id'] == 'Sign' or poi['id'] == 'minecraft:sign': - return "
" + "\n".join(map(escape, [poi['Text1'], poi['Text2'], poi['Text3'], poi['Text4']])) + "
" - -global json -import json -def petFilter(poi): - if "CustomName" in poi: - custom_name = json.loads(poi['CustomName']) - if "text" in custom_name: - return custom_name["text"] - -def playerIcons(poi): - if poi['id'] == 'Player': - poi['icon'] = "https://overviewer.org/avatar/%s" % poi['EntityId'] - return "Last known location for %s" % poi['EntityId'] - -processes = 2 - -worlds["My world"] = "/var/lib/minecraft/world" - -renders["Vue normale"] = { - "world": "My world", - "title": "Vue normale", - "texturepath": "@CLIENT_JAR@", - "rendermode": smooth_lighting, - 'markers': [dict(name="All signs", filterFunction=signFilter), - dict(name="Pets", filterFunction=petFilter, icon="icons/marker_cat.png", createInfoWindow=False, checked=True), - dict(name="Position joueurs", filterFunction=playerIcons),], -} - -cave_rendermode = [Base(), EdgeLines(), Cave(only_lit=True), DepthTinting()] - -renders["Grottes"] = { - "world": "My world", - "title": "Grottes", - "texturepath": "@CLIENT_JAR@", - "rendermode": cave_rendermode, -} - -outputdir = "/var/www/minecraft-overviewer" - -observer = MultiplexingObserver(LoggingObserver(), JSObserver(outputdir)) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index e388f66..cc80d36 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -20,8 +20,6 @@ let ''; backup_mail_alert = sendMail "paul@nyanlout.re" "ERREUR: Sauvegarde Borg" "Impossible de terminer la sauvegarde. Merci de voir les logs"; - - unstable = import { }; in { @@ -74,15 +72,6 @@ in }; services = { - # postfix = { - # relayHost = "mailvps.nyanlout.re"; - # relayPort = 587; - # config = { - # smtp_tls_cert_file = lib.mkForce "/var/lib/postfix/postfixrelay.crt"; - # smtp_tls_key_file = lib.mkForce "/var/lib/postfix/postfixrelay.key"; - # }; - # }; - rspamd.workers.controller.extraConfig = '' secure_ip = ["0.0.0.0/0", "::"]; ''; @@ -278,41 +267,6 @@ in host = "10.30.0.1"; } ]; - #tplink.switch = [ - # { host = "10.30.50.7"; } - #]; - #sensor = [ - # { - # platform = "template"; - # sensors = { - # serveur_amps = { - # friendly_name_template = "{{ states.switch.serveur.name}} Current"; - # value_template = ''{{ states.switch.serveur.attributes["current_a"] | float }}''; - # unit_of_measurement = "A"; - # }; - # serveur_watts = { - # friendly_name_template = "{{ states.switch.serveur.name}} Current Consumption"; - # value_template = ''{{ states.switch.serveur.attributes["current_power_w"] | float }}''; - # unit_of_measurement = "W"; - # }; - # serveur_total_kwh = { - # friendly_name_template = "{{ states.switch.serveur.name}} Total Consumption"; - # value_template = ''{{ states.switch.serveur.attributes["total_energy_kwh"] | float }}''; - # unit_of_measurement = "kWh"; - # }; - # serveur_volts = { - # friendly_name_template = "{{ states.switch.serveur.name}} Voltage"; - # value_template = ''{{ states.switch.serveur.attributes["voltage"] | float }}''; - # unit_of_measurement = "V"; - # }; - # serveur_today_kwh = { - # friendly_name_template = "{{ states.switch.serveur.name}} Today's Consumption"; - # value_template = ''{{ states.switch.serveur.attributes["today_energy_kwh"] | float }}''; - # unit_of_measurement = "kWh"; - # }; - # }; - # } - #]; }; }; @@ -363,7 +317,6 @@ in ]; firewall.allowedTCPPorts = [ - 8448 # Matrix federation 20 21 # FTP ]; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index a7e1802..5b5dc9b 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -49,14 +49,9 @@ in }; users.groups = { - work = {}; webdav = {}; }; users.users = { - work = { - isSystemUser = true; - group = config.users.groups.work.name; - }; webdav = { isSystemUser = true; group = config.users.groups.webdav.name; @@ -191,8 +186,6 @@ in ''; }; } // { default = true; }; - "factorio.nyanlout.re" = base { "/" = { root = "/var/www/factorio"; }; }; - "minecraft.nyanlout.re" = base { "/" = { root = "/var/www/minecraft-overviewer"; }; }; "musique-meyenheim.fr" = base { "/" = { proxyPass = "http://unix:/run/site-musique.sock"; @@ -209,11 +202,6 @@ in forceSSL = true; globalRedirect = "musique-meyenheim.fr"; }; - "stream.nyanlout.re" = base { - "/" = { - proxyPass = "http://10.30.135.71"; - }; - }; "login.nyanlout.re" = simpleReverse config.services.nginx.sso.configuration.listen.port; "grafana.nyanlout.re" = authReverse config.services.grafana.settings.server.http_port; "transmission.nyanlout.re" = authReverse config.services.transmission.settings.rpc-port; @@ -221,14 +209,13 @@ in "sonarr.nyanlout.re" = authReverse 8989; "syncthing.nyanlout.re" = authReverse 8384; "prowlarr.nyanlout.re" = authReverse 9696; - "matrix.nyanlout.re" = simpleReverse 8008; + "watcharr.nyanlout.re" = simpleReverse 3080; "emby.nyanlout.re" = recursiveUpdate (simpleReverse 8096) { locations."/" = { proxyWebsockets = true; }; }; "gitea.nyanlout.re" = simpleReverse config.services.gitea.settings.server.HTTP_PORT; - "musique.nyanlout.re" = simpleReverse config.services.navidrome.settings.Port; "photo.nyanlout.re" = recursiveUpdate (simpleReverse config.services.photoprism.port) { locations."/" = { proxyWebsockets = true; @@ -296,7 +283,6 @@ in forceSSL = true; enableACME = true; }; - "watcharr.nyanlout.re" = simpleReverse 3080; }; }; @@ -367,13 +353,6 @@ in ]; }; - systemd.services.phpfpm-work.serviceConfig = { - ReadOnlyPaths = "/mnt/medias/iso_linux"; - ReadWritePaths = [ - "/mnt/medias/iso_linux/_h5ai" - ]; - }; - systemd.services.phpfpm-drive.serviceConfig = { ReadWritePaths = [ "/mnt/webdav" From 025c5aa148a768a51794a1a893db6e4eed7a3edc Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 8 Jan 2025 22:24:19 +0100 Subject: [PATCH 202/240] zigbee2mqtt: set stable usb serial path --- systems/LoutreOS/services.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index cc80d36..f373e0a 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -183,6 +183,7 @@ in zigbee2mqtt = { enable = true; settings = { + serial.port = "/dev/serial/by-id/usb-Texas_Instruments_TI_CC2531_USB_CDC___0X00124B0014D97058-if00"; mqtt = { server = "mqtt://${(head config.services.mosquitto.listeners).address}:${toString (head config.services.mosquitto.listeners).port}"; }; From 770eef9e098498888b6fd2c9580a136e8a931617 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 17 Feb 2025 15:33:11 +0100 Subject: [PATCH 203/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/edf04b75c13c2ac0e54df5ec5c543e300f76f1c9?narHash=sha256-tfYRbFhMOnYaM4ippqqid3BaLOXoFNdImrfBfCp4zn0%3D' (2024-12-31) → 'github:NixOS/nixpkgs/a60651b217d2e529729cbc7d989c19f3941b9250?narHash=sha256-f84lBmLl4tkDp1ZU5LBTSFzlxXP4926DVW3KnXrke10%3D' (2025-02-15) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/88195a94f390381c6afcdaa933c2f6ff93959cb4?narHash=sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs%3D' (2024-12-29) → 'github:NixOS/nixpkgs/d74a2335ac9c133d6bbec9fc98d91a77f1604c1f?narHash=sha256-zON2GNBkzsIyALlOCFiEBcIjI4w38GYOb%2BP%2BR4S8Jsw%3D' (2025-02-16) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 44e34ee..84d7b6a 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1735669367, - "narHash": "sha256-tfYRbFhMOnYaM4ippqqid3BaLOXoFNdImrfBfCp4zn0=", + "lastModified": 1739624908, + "narHash": "sha256-f84lBmLl4tkDp1ZU5LBTSFzlxXP4926DVW3KnXrke10=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "edf04b75c13c2ac0e54df5ec5c543e300f76f1c9", + "rev": "a60651b217d2e529729cbc7d989c19f3941b9250", "type": "github" }, "original": { @@ -107,11 +107,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1735471104, - "narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=", + "lastModified": 1739736696, + "narHash": "sha256-zON2GNBkzsIyALlOCFiEBcIjI4w38GYOb+P+R4S8Jsw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "88195a94f390381c6afcdaa933c2f6ff93959cb4", + "rev": "d74a2335ac9c133d6bbec9fc98d91a77f1604c1f", "type": "github" }, "original": { From 6eddd7e99090cd4bcacfb0a16c7827212ff992b6 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 20 Feb 2025 15:13:58 +0100 Subject: [PATCH 204/240] Update systems/LoutreOS/web.nix --- systems/LoutreOS/web.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 5b5dc9b..a560fdb 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -44,7 +44,11 @@ let in { security.acme = { - defaults.email = "paul@nyanlout.re"; + defaults = { + email = "paul@nyanlout.re"; + # Use european ACME service + server = "https://api.buypass.com/acme/directory"; + }; acceptTerms = true; }; From 8980c02e779e34a50fafa75a42c14d0a11bccff8 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 20 Feb 2025 15:29:38 +0100 Subject: [PATCH 205/240] switch to EU DNS servers --- systems/LoutreOS/network.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index a53f677..5fdbc50 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -32,8 +32,8 @@ useDHCP = false; nameservers = [ - "1.1.1.1" - "1.0.0.1" + "193.110.81.0" + "185.253.5.0" ]; vlans = { @@ -318,8 +318,8 @@ EmitRouter = true; EmitDNS = true; DNS = [ - "1.1.1.1" - "1.0.0.1" + "193.110.81.0" + "185.253.5.0" ]; }; dhcpServerStaticLeases = [ @@ -352,8 +352,8 @@ ipv6SendRAConfig = { EmitDNS = true; DNS = [ - "2606:4700:4700::1111" - "2606:4700:4700::1001" + "2a0f:fc80::" + "2a0f:fc81::" ]; }; }; From d8f1fe6a445fba66016a63ce4f81b680dac93396 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 20 Feb 2025 15:34:20 +0100 Subject: [PATCH 206/240] Add comments to DNS config --- systems/LoutreOS/network.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 5fdbc50..1545a79 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -32,6 +32,7 @@ useDHCP = false; nameservers = [ + # https://www.dns0.eu/fr "193.110.81.0" "185.253.5.0" ]; @@ -45,7 +46,7 @@ interfaces = { bouygues = { - # Adresse MAC BBox ? https://lafibre.info/remplacer-bbox/informations-de-connexion-ftth/msg598303/#msg598303 + # Adresse MAC BBox : https://lafibre.info/remplacer-bbox/informations-de-connexion-ftth/msg598303/#msg598303 macAddress = "E8:AD:A6:21:73:68"; useDHCP = true; }; @@ -318,6 +319,7 @@ EmitRouter = true; EmitDNS = true; DNS = [ + # https://www.dns0.eu/fr "193.110.81.0" "185.253.5.0" ]; @@ -352,6 +354,7 @@ ipv6SendRAConfig = { EmitDNS = true; DNS = [ + # https://www.dns0.eu/fr "2a0f:fc80::" "2a0f:fc81::" ]; From faae72437cbe4f13e3287f5675394a89f4d43636 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 5 Mar 2025 09:48:36 +0100 Subject: [PATCH 207/240] loutreos: only install stable packages --- flake.nix | 9 --------- systems/LoutreOS/medias.nix | 28 +++++----------------------- 2 files changed, 5 insertions(+), 32 deletions(-) diff --git a/flake.nix b/flake.nix index bb5415c..3654010 100644 --- a/flake.nix +++ b/flake.nix @@ -57,15 +57,6 @@ system = "x86_64-linux"; specialArgs = { inputs = inputs; - pkgs-unstable = import nixpkgs-unstable { - inherit system; - config.permittedInsecurePackages = [ - "aspnetcore-runtime-6.0.36" - "aspnetcore-runtime-wrapped-6.0.36" - "dotnet-sdk-6.0.428" - "dotnet-sdk-wrapped-6.0.428" - ]; - }; pkgs-4a3fc4cf7 = import nixpkgs-4a3fc4cf7 { inherit system; }; diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index c2a7004..fdd6518 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, pkgs-unstable, pkgs-4a3fc4cf7, ... }: +{ config, lib, pkgs, pkgs-4a3fc4cf7, ... }: { services = { @@ -18,28 +18,10 @@ }; }; - radarr = { - enable = true; - package = pkgs-unstable.radarr; - }; - sonarr = { - enable = true; - package = pkgs-unstable.sonarr; - }; - flaresolverr = { - enable = false; - package = pkgs-unstable.flaresolverr; - }; - prowlarr = { - enable = true; - package = pkgs-unstable.prowlarr; - }; - - jellyfin = { - enable = true; - package = pkgs-unstable.jellyfin; - }; - + radarr.enable = true; + sonarr.enable = true; + prowlarr.enable = true; + jellyfin.enable = true; slimserver.enable = true; }; From 5a990e5fb0317ea7b207a60d1d13984c23af1f24 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 5 Mar 2025 09:48:58 +0100 Subject: [PATCH 208/240] loutreos: fix zigbee config --- systems/LoutreOS/services.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index f373e0a..e21499a 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -183,7 +183,10 @@ in zigbee2mqtt = { enable = true; settings = { - serial.port = "/dev/serial/by-id/usb-Texas_Instruments_TI_CC2531_USB_CDC___0X00124B0014D97058-if00"; + serial = { + port = "/dev/serial/by-id/usb-Texas_Instruments_TI_CC2531_USB_CDC___0X00124B0014D97058-if00"; + adapter = "zstack"; + }; mqtt = { server = "mqtt://${(head config.services.mosquitto.listeners).address}:${toString (head config.services.mosquitto.listeners).port}"; }; From f519d85ca985afcd9014316345c7f3fd001a0e95 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 5 Mar 2025 09:59:23 +0100 Subject: [PATCH 209/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/a60651b217d2e529729cbc7d989c19f3941b9250?narHash=sha256-f84lBmLl4tkDp1ZU5LBTSFzlxXP4926DVW3KnXrke10%3D' (2025-02-15) → 'github:NixOS/nixpkgs/1546c45c538633ae40b93e2d14e0bb6fd8f13347?narHash=sha256-F0qDu2egq18M3edJwEOAE%2BD%2BVQ%2ByESK6YWPRQBfOqq8%3D' (2025-03-02) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/d74a2335ac9c133d6bbec9fc98d91a77f1604c1f?narHash=sha256-zON2GNBkzsIyALlOCFiEBcIjI4w38GYOb%2BP%2BR4S8Jsw%3D' (2025-02-16) → 'github:NixOS/nixpkgs/ba487dbc9d04e0634c64e3b1f0d25839a0a68246?narHash=sha256-WZNlK/KX7Sni0RyqLSqLPbK8k08Kq7H7RijPJbq9KHM%3D' (2025-03-03) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 84d7b6a..9c9f52c 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1739624908, - "narHash": "sha256-f84lBmLl4tkDp1ZU5LBTSFzlxXP4926DVW3KnXrke10=", + "lastModified": 1740932899, + "narHash": "sha256-F0qDu2egq18M3edJwEOAE+D+VQ+yESK6YWPRQBfOqq8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a60651b217d2e529729cbc7d989c19f3941b9250", + "rev": "1546c45c538633ae40b93e2d14e0bb6fd8f13347", "type": "github" }, "original": { @@ -107,11 +107,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1739736696, - "narHash": "sha256-zON2GNBkzsIyALlOCFiEBcIjI4w38GYOb+P+R4S8Jsw=", + "lastModified": 1741010256, + "narHash": "sha256-WZNlK/KX7Sni0RyqLSqLPbK8k08Kq7H7RijPJbq9KHM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d74a2335ac9c133d6bbec9fc98d91a77f1604c1f", + "rev": "ba487dbc9d04e0634c64e3b1f0d25839a0a68246", "type": "github" }, "original": { From dc4ee4c4c59ef14e6a349cc3cffea1ed22b0d6d4 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 5 Mar 2025 12:50:09 +0100 Subject: [PATCH 210/240] update nvidia drivers to latest --- systems/PC-Fixe/hardware-configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/PC-Fixe/hardware-configuration.nix b/systems/PC-Fixe/hardware-configuration.nix index 9fa5a75..253a6ae 100644 --- a/systems/PC-Fixe/hardware-configuration.nix +++ b/systems/PC-Fixe/hardware-configuration.nix @@ -14,6 +14,7 @@ hardware.nvidia = { open = false; modesetting.enable = true; + package = config.boot.kernelPackages.nvidiaPackages.latest; }; fileSystems."/" = From 2f0d121c35ff44f83f27da33044f612af656b5cb Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 10 Mar 2025 11:54:06 +0100 Subject: [PATCH 211/240] migrate gitea to forgejo --- systems/LoutreOS/web.nix | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index a560fdb..6d131da 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -219,7 +219,7 @@ in proxyWebsockets = true; }; }; - "gitea.nyanlout.re" = simpleReverse config.services.gitea.settings.server.HTTP_PORT; + "gitea.nyanlout.re" = simpleReverse config.services.forgejo.settings.server.HTTP_PORT; "photo.nyanlout.re" = recursiveUpdate (simpleReverse config.services.photoprism.port) { locations."/" = { proxyWebsockets = true; @@ -298,17 +298,20 @@ in }; }; - gitea = { + forgejo = { enable = true; + stateDir = "/var/lib/gitea"; database = { type = "postgres"; - port = 5432; + user = "gitea"; passwordFile = "/var/lib/gitea/custom/conf/database_password"; + name = "gitea"; }; settings = { - server = { + server = rec { HTTP_PORT = 3001; - ROOT_URL = "https://gitea.nyanlout.re/"; + DOMAIN = "gitea.nyanlout.re; + ROOT_URL = "https://${DOMAIN}/"; }; log.LEVEL = "Warn"; service.DISABLE_REGISTRATION = true; From ff322fd4a939114ee28bc9bad6c3db42a7239063 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 2 Apr 2025 16:39:14 +0200 Subject: [PATCH 212/240] keep gitea user and group --- systems/LoutreOS/web.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 6d131da..d0c7606 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -300,6 +300,8 @@ in forgejo = { enable = true; + user = "gitea"; + group = "gitea"; stateDir = "/var/lib/gitea"; database = { type = "postgres"; From 5fd8c86ae6ee36f933bdae8ca09d8530007ef8cb Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 22 Apr 2025 18:33:45 +0200 Subject: [PATCH 213/240] forgejo migrate --- systems/LoutreOS/web.nix | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index d0c7606..e33ea21 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -300,6 +300,7 @@ in forgejo = { enable = true; + package = pkgs.forgejo; user = "gitea"; group = "gitea"; stateDir = "/var/lib/gitea"; @@ -312,7 +313,7 @@ in settings = { server = rec { HTTP_PORT = 3001; - DOMAIN = "gitea.nyanlout.re; + DOMAIN = "gitea.nyanlout.re"; ROOT_URL = "https://${DOMAIN}/"; }; log.LEVEL = "Warn"; @@ -355,6 +356,15 @@ in }; + users.users.gitea = { + home = config.services.forgejo.stateDir; + useDefaultShell = true; + group = "gitea"; + isSystemUser = true; + }; + + users.groups.gitea = { }; + systemd.services.nginx.serviceConfig = { ReadWritePaths = [ "/var/www/hls" From 0c0d3e6fff48ccc1be8e30a91d1cb564fe1ff700 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 22 Apr 2025 18:34:55 +0200 Subject: [PATCH 214/240] fix kde package names --- systems/common-gui.nix | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/systems/common-gui.nix b/systems/common-gui.nix index 03735e0..3c24d4c 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -26,23 +26,23 @@ mumble discord - kleopatra + kdePackages.kleopatra gnupg gopass xclip - kdeplasma-addons - ark - kate - kmail + kdePackages.kdeplasma-addons + kdePackages.ark + kdePackages.kate + kdePackages.kmail kdePackages.kdeconnect-kde - okular - yakuake - konversation - gwenview - kcalc - spectacle - kinfocenter + kdePackages.okular + kdePackages.yakuake + kdePackages.konversation + kdePackages.gwenview + kdePackages.kcalc + kdePackages.spectacle + kdePackages.kinfocenter kile (texlive.combine { inherit (texlive) scheme-small titling collection-langfrench cm-super; @@ -58,7 +58,6 @@ obs-studio vlc mpv - kdenlive glxinfo i7z From 99bedb54d62ec5baaf2c765ccdbd874c36d7b3af Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 22 Apr 2025 18:38:04 +0200 Subject: [PATCH 215/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/1546c45c538633ae40b93e2d14e0bb6fd8f13347?narHash=sha256-F0qDu2egq18M3edJwEOAE%2BD%2BVQ%2ByESK6YWPRQBfOqq8%3D' (2025-03-02) → 'github:NixOS/nixpkgs/26d499fc9f1d567283d5d56fcf367edd815dba1d?narHash=sha256-FHlSkNqFmPxPJvy%2B6fNLaNeWnF1lZSgqVCl/eWaJRc4%3D' (2025-04-12) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/ba487dbc9d04e0634c64e3b1f0d25839a0a68246?narHash=sha256-WZNlK/KX7Sni0RyqLSqLPbK8k08Kq7H7RijPJbq9KHM%3D' (2025-03-03) → 'github:NixOS/nixpkgs/b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef?narHash=sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU%3D' (2025-04-17) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 9c9f52c..9c17d87 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1740932899, - "narHash": "sha256-F0qDu2egq18M3edJwEOAE+D+VQ+yESK6YWPRQBfOqq8=", + "lastModified": 1744440957, + "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1546c45c538633ae40b93e2d14e0bb6fd8f13347", + "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", "type": "github" }, "original": { @@ -107,11 +107,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1741010256, - "narHash": "sha256-WZNlK/KX7Sni0RyqLSqLPbK8k08Kq7H7RijPJbq9KHM=", + "lastModified": 1744932701, + "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ba487dbc9d04e0634c64e3b1f0d25839a0a68246", + "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", "type": "github" }, "original": { From 97f849e454ffc7b85f9a91beab4308a1b479f878 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 23 Apr 2025 10:54:01 +0200 Subject: [PATCH 216/240] backup music database --- systems/LoutreOS/services.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index e21499a..2b49fa9 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -120,6 +120,7 @@ in "/var/vmail" "/mnt/backup_loutre/amandoleen" "/mnt/secrets" + "/mnt/medias/musique/musiclibrary.blb" ]; exclude = [ "/var/lib/radarr/.config/Radarr/radarr.db-wal" From 393e92fe144d84599595cba47e5dd4846c1006b3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 23 Apr 2025 11:15:31 +0200 Subject: [PATCH 217/240] global reformat with treefmt --- flake.nix | 143 +++--- pkgs/watcharr/default.nix | 21 +- systems/ASUS-G46VW/configuration.nix | 18 +- systems/ASUS-G46VW/hardware-configuration.nix | 43 +- systems/LoutreOS/configuration.nix | 12 +- systems/LoutreOS/hardware-configuration.nix | 294 ++++++------ systems/LoutreOS/medias.nix | 8 +- systems/LoutreOS/monitoring.nix | 62 ++- systems/LoutreOS/network.nix | 426 ++++++++++-------- systems/LoutreOS/services.nix | 63 ++- systems/LoutreOS/users.nix | 24 +- systems/LoutreOS/web.nix | 409 +++++++++-------- systems/PC-Fixe/configuration.nix | 31 +- systems/PC-Fixe/hardware-configuration.nix | 75 +-- systems/common-cli.nix | 39 +- systems/common-gui.nix | 34 +- treefmt.toml | 3 + 17 files changed, 979 insertions(+), 726 deletions(-) create mode 100644 treefmt.toml diff --git a/flake.nix b/flake.nix index 3654010..4efa9e8 100644 --- a/flake.nix +++ b/flake.nix @@ -21,81 +21,88 @@ }; }; - outputs = { - self, - nixpkgs, - nixpkgs-unstable, - nixpkgs-4a3fc4cf7, - simple-nixos-mailserver, - dogetipbot-telegram, - ipmihddtemp - }@inputs: { + outputs = + { + self, + nixpkgs, + nixpkgs-unstable, + nixpkgs-4a3fc4cf7, + simple-nixos-mailserver, + dogetipbot-telegram, + ipmihddtemp, + }@inputs: + { - packages.x86_64-linux = (import ./pkgs nixpkgs.legacyPackages.x86_64-linux); + packages.x86_64-linux = (import ./pkgs nixpkgs.legacyPackages.x86_64-linux); - nixosConfigurations.paul-fixe = nixpkgs-unstable.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - nixpkgs-unstable.nixosModules.notDetected - { - nixpkgs.config.allowUnfree = true; - nix = { - settings.experimental-features = [ "nix-command" "flakes" ]; - registry = { - nixpkgs.to = { - type = "path"; - path = nixpkgs-unstable.legacyPackages.x86_64-linux.path; + nixosConfigurations.paul-fixe = nixpkgs-unstable.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + nixpkgs-unstable.nixosModules.notDetected + { + nixpkgs.config.allowUnfree = true; + nix = { + settings.experimental-features = [ + "nix-command" + "flakes" + ]; + registry = { + nixpkgs.to = { + type = "path"; + path = nixpkgs-unstable.legacyPackages.x86_64-linux.path; + }; }; }; - }; - } - ./systems/PC-Fixe/configuration.nix - ]; - }; - - nixosConfigurations.loutreos = nixpkgs.lib.nixosSystem rec { - system = "x86_64-linux"; - specialArgs = { - inputs = inputs; - pkgs-4a3fc4cf7 = import nixpkgs-4a3fc4cf7 { - inherit system; - }; + } + ./systems/PC-Fixe/configuration.nix + ]; }; - modules = [ - nixpkgs-unstable.nixosModules.notDetected - simple-nixos-mailserver.nixosModule - dogetipbot-telegram.nixosModule - ipmihddtemp.nixosModule - { - nix = { - settings.experimental-features = [ "nix-command" "flakes" ]; - registry = { - nixpkgs.to = { - type = "path"; - path = nixpkgs.legacyPackages.x86_64-linux.path; + + nixosConfigurations.loutreos = nixpkgs.lib.nixosSystem rec { + system = "x86_64-linux"; + specialArgs = { + inputs = inputs; + pkgs-4a3fc4cf7 = import nixpkgs-4a3fc4cf7 { + inherit system; + }; + }; + modules = [ + nixpkgs-unstable.nixosModules.notDetected + simple-nixos-mailserver.nixosModule + dogetipbot-telegram.nixosModule + ipmihddtemp.nixosModule + { + nix = { + settings.experimental-features = [ + "nix-command" + "flakes" + ]; + registry = { + nixpkgs.to = { + type = "path"; + path = nixpkgs.legacyPackages.x86_64-linux.path; + }; }; }; - }; - systemd.services.watcharr = { - description = "Watcharr"; - after = [ "network.target" ]; - environment = { - PORT = "3005"; - WATCHARR_DATA = "/var/lib/watcharr"; + systemd.services.watcharr = { + description = "Watcharr"; + after = [ "network.target" ]; + environment = { + PORT = "3005"; + WATCHARR_DATA = "/var/lib/watcharr"; + }; + serviceConfig = { + DynamicUser = true; + StateDirectory = "watcharr"; + ExecStart = "${self.packages.x86_64-linux.watcharr}/bin/Watcharr"; + PrivateTmp = true; + }; + wantedBy = [ "multi-user.target" ]; }; - serviceConfig = { - DynamicUser = true; - StateDirectory = "watcharr"; - ExecStart = "${self.packages.x86_64-linux.watcharr}/bin/Watcharr"; - PrivateTmp = true; - }; - wantedBy = [ "multi-user.target" ]; - }; - } - ./systems/LoutreOS/configuration.nix - ]; + } + ./systems/LoutreOS/configuration.nix + ]; + }; + }; - - }; } - diff --git a/pkgs/watcharr/default.nix b/pkgs/watcharr/default.nix index 23422d7..dc3cbd0 100644 --- a/pkgs/watcharr/default.nix +++ b/pkgs/watcharr/default.nix @@ -1,13 +1,14 @@ -{ lib -, pkgs -, buildGoModule -, fetchFromGitHub -, buildNpmPackage -, nixosTests -, caddy -, testers -, installShellFiles -, stdenv +{ + lib, + pkgs, + buildGoModule, + fetchFromGitHub, + buildNpmPackage, + nixosTests, + caddy, + testers, + installShellFiles, + stdenv, }: let diff --git a/systems/ASUS-G46VW/configuration.nix b/systems/ASUS-G46VW/configuration.nix index 3f30d96..4ae46d8 100644 --- a/systems/ASUS-G46VW/configuration.nix +++ b/systems/ASUS-G46VW/configuration.nix @@ -5,12 +5,11 @@ { config, pkgs, ... }: { - imports = - [ - ../common-cli.nix - ../common-gui.nix - ./hardware-configuration.nix - ]; + imports = [ + ../common-cli.nix + ../common-gui.nix + ./hardware-configuration.nix + ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; @@ -56,7 +55,12 @@ users.extraUsers.paul = { isNormalUser = true; uid = 1000; - extraGroups = [ "wheel" "networkmanager" "wireshark" "dialout" ]; + extraGroups = [ + "wheel" + "networkmanager" + "wireshark" + "dialout" + ]; }; services.syncthing.enable = true; diff --git a/systems/ASUS-G46VW/hardware-configuration.nix b/systems/ASUS-G46VW/hardware-configuration.nix index 19c994e..e1590ef 100644 --- a/systems/ASUS-G46VW/hardware-configuration.nix +++ b/systems/ASUS-G46VW/hardware-configuration.nix @@ -1,14 +1,25 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: { - imports = - [ - ]; + imports = [ + + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ehci_pci" + "ahci" + "usb_storage" + "sd_mod" + ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; @@ -19,19 +30,19 @@ hardware.nvidia.optimus_prime.nvidiaBusId = "PCI:1:0:0"; hardware.nvidia.optimus_prime.intelBusId = "PCI:0:2:0"; - fileSystems."/" = - { device = "/dev/disk/by-uuid/7bd3a09b-b188-4ce7-bdcc-d5c5087edc86"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/7bd3a09b-b188-4ce7-bdcc-d5c5087edc86"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/A25A-1786"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/A25A-1786"; + fsType = "vfat"; + }; - swapDevices = - [ { device = "/dev/disk/by-uuid/156cd5e8-715c-48a5-9df4-14565227a6c9"; } - ]; + swapDevices = [ + { device = "/dev/disk/by-uuid/156cd5e8-715c-48a5-9df4-14565227a6c9"; } + ]; nix.maxJobs = lib.mkDefault 8; powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 001dfb7..2e49dde 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -1,4 +1,9 @@ -{ config, pkgs, inputs, ... }: +{ + config, + pkgs, + inputs, + ... +}: { imports = [ @@ -9,7 +14,10 @@ ./services.nix ]; - nix.settings.trusted-users = [ "root" "paul" ]; + nix.settings.trusted-users = [ + "root" + "paul" + ]; boot = { loader = { diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index 720b883..5421ad0 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -1,190 +1,202 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: { - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; + boot.initrd.availableKernelModules = [ + "ahci" + "xhci_pci" + "nvme" + "usbhid" + "usb_storage" + "sd_mod" + "sr_mod" + ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/fec13566-5528-4859-b185-ce37ac2665eb"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/fec13566-5528-4859-b185-ce37ac2665eb"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/5306-AD9A"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/5306-AD9A"; + fsType = "vfat"; + }; - fileSystems."/var/lib/acme" = - { device = "loutrepool/var/acme"; - fsType = "zfs"; - }; + fileSystems."/var/lib/acme" = { + device = "loutrepool/var/acme"; + fsType = "zfs"; + }; - fileSystems."/var/certs" = - { device = "loutrepool/var/certs"; - fsType = "zfs"; - }; + fileSystems."/var/certs" = { + device = "loutrepool/var/certs"; + fsType = "zfs"; + }; - fileSystems."/var/lib/transmission" = - { device = "loutrepool/var/transmission"; - fsType = "zfs"; - }; + fileSystems."/var/lib/transmission" = { + device = "loutrepool/var/transmission"; + fsType = "zfs"; + }; - fileSystems."/var/lib/matrix-synapse" = - { device = "loutrepool/var/matrix-synapse"; - fsType = "zfs"; - }; + fileSystems."/var/lib/matrix-synapse" = { + device = "loutrepool/var/matrix-synapse"; + fsType = "zfs"; + }; - fileSystems."/var/lib/radarr" = - { device = "loutrepool/var/radarr"; - fsType = "zfs"; - }; + fileSystems."/var/lib/radarr" = { + device = "loutrepool/var/radarr"; + fsType = "zfs"; + }; - fileSystems."/var/lib/grafana" = - { device = "loutrepool/var/grafana"; - fsType = "zfs"; - }; + fileSystems."/var/lib/grafana" = { + device = "loutrepool/var/grafana"; + fsType = "zfs"; + }; - fileSystems."/var/lib/slimserver" = - { device = "loutrepool/var/slimserver"; - fsType = "zfs"; - }; + fileSystems."/var/lib/slimserver" = { + device = "loutrepool/var/slimserver"; + fsType = "zfs"; + }; - fileSystems."/var/db/influxdb" = - { device = "loutrepool/var/influxdb"; - fsType = "zfs"; - }; + fileSystems."/var/db/influxdb" = { + device = "loutrepool/var/influxdb"; + fsType = "zfs"; + }; - fileSystems."/var/lib/postgresql" = - { device = "loutrepool/var/postgresql"; - fsType = "zfs"; - }; + fileSystems."/var/lib/postgresql" = { + device = "loutrepool/var/postgresql"; + fsType = "zfs"; + }; - fileSystems."/var/lib/syncthing" = - { device = "loutrepool/var/syncthing"; - fsType = "zfs"; - }; + fileSystems."/var/lib/syncthing" = { + device = "loutrepool/var/syncthing"; + fsType = "zfs"; + }; - fileSystems."/mnt/medias/incomplete" = - { device = "loutrepool/torrent-dl"; - fsType = "zfs"; - }; + fileSystems."/mnt/medias/incomplete" = { + device = "loutrepool/torrent-dl"; + fsType = "zfs"; + }; - fileSystems."/mnt/medias" = - { device = "loutrepool/medias"; - fsType = "zfs"; - }; + fileSystems."/mnt/medias" = { + device = "loutrepool/medias"; + fsType = "zfs"; + }; - fileSystems."/var/sieve" = - { device = "loutrepool/var/sieve"; - fsType = "zfs"; - }; + fileSystems."/var/sieve" = { + device = "loutrepool/var/sieve"; + fsType = "zfs"; + }; - fileSystems."/var/vmail" = - { device = "loutrepool/var/vmail"; - fsType = "zfs"; - }; + fileSystems."/var/vmail" = { + device = "loutrepool/var/vmail"; + fsType = "zfs"; + }; - fileSystems."/var/lib/sonarr" = - { device = "loutrepool/var/sonarr"; - fsType = "zfs"; - }; + fileSystems."/var/lib/sonarr" = { + device = "loutrepool/var/sonarr"; + fsType = "zfs"; + }; - fileSystems."/var/lib/jackett" = - { device = "loutrepool/var/jackett"; - fsType = "zfs"; - }; + fileSystems."/var/lib/jackett" = { + device = "loutrepool/var/jackett"; + fsType = "zfs"; + }; - fileSystems."/var/lib/gitea" = - { device = "loutrepool/var/gitea"; - fsType = "zfs"; - }; + fileSystems."/var/lib/gitea" = { + device = "loutrepool/var/gitea"; + fsType = "zfs"; + }; - fileSystems."/var/lib/private/sdtdserver" = - { device = "loutrepool/var/sdtdserver"; - fsType = "zfs"; - }; + fileSystems."/var/lib/private/sdtdserver" = { + device = "loutrepool/var/sdtdserver"; + fsType = "zfs"; + }; - fileSystems."/var/lib/private/factorio" = - { device = "loutrepool/var/factorio"; - fsType = "zfs"; - }; + fileSystems."/var/lib/private/factorio" = { + device = "loutrepool/var/factorio"; + fsType = "zfs"; + }; - fileSystems."/var/dkim" = - { device = "loutrepool/var/dkim"; - fsType = "zfs"; - }; + fileSystems."/var/dkim" = { + device = "loutrepool/var/dkim"; + fsType = "zfs"; + }; - fileSystems."/var/vsftpd" = - { device = "loutrepool/var/vsftpd"; - fsType = "zfs"; - }; + fileSystems."/var/vsftpd" = { + device = "loutrepool/var/vsftpd"; + fsType = "zfs"; + }; # fileSystems."/mnt/backup" = # { device = "backup"; # fsType = "zfs"; # }; - fileSystems."/mnt/backup_loutre" = - { device = "loutrepool/backup"; - fsType = "zfs"; - }; + fileSystems."/mnt/backup_loutre" = { + device = "loutrepool/backup"; + fsType = "zfs"; + }; - fileSystems."/mnt/secrets" = - { device = "loutrepool/secrets"; - fsType = "zfs"; - }; + fileSystems."/mnt/secrets" = { + device = "loutrepool/secrets"; + fsType = "zfs"; + }; - fileSystems."/var/lib/minecraft" = - { device = "loutrepool/var/minecraft"; - fsType = "zfs"; - }; + fileSystems."/var/lib/minecraft" = { + device = "loutrepool/var/minecraft"; + fsType = "zfs"; + }; - fileSystems."/var/www" = - { device = "loutrepool/var/www"; - fsType = "zfs"; - }; + fileSystems."/var/www" = { + device = "loutrepool/var/www"; + fsType = "zfs"; + }; - fileSystems."/var/lib/mastodon" = - { device = "loutrepool/var/mastodon"; - fsType = "zfs"; - }; + fileSystems."/var/lib/mastodon" = { + device = "loutrepool/var/mastodon"; + fsType = "zfs"; + }; - fileSystems."/var/lib/hass" = - { device = "loutrepool/var/hass"; - fsType = "zfs"; - }; + fileSystems."/var/lib/hass" = { + device = "loutrepool/var/hass"; + fsType = "zfs"; + }; - fileSystems."/var/lib/nextcloud" = - { device = "loutrepool/var/nextcloud"; - fsType = "zfs"; - }; + fileSystems."/var/lib/nextcloud" = { + device = "loutrepool/var/nextcloud"; + fsType = "zfs"; + }; - fileSystems."/var/lib/private/photoprism" = - { device = "loutrepool/var/photoprism"; - fsType = "zfs"; - }; + fileSystems."/var/lib/private/photoprism" = { + device = "loutrepool/var/photoprism"; + fsType = "zfs"; + }; - fileSystems."/mnt/paul-home" = - { device = "loutrepool/zfs-replicate/paul-fixe/fastaf/home"; - fsType = "zfs"; - }; + fileSystems."/mnt/paul-home" = { + device = "loutrepool/zfs-replicate/paul-fixe/fastaf/home"; + fsType = "zfs"; + }; - fileSystems."/mnt/webdav" = - { device = "loutrepool/webdav"; - fsType = "zfs"; - }; + fileSystems."/mnt/webdav" = { + device = "loutrepool/webdav"; + fsType = "zfs"; + }; - swapDevices = - [ - { - device = "/var/swapfile"; - size = 8096; - } - ]; + swapDevices = [ + { + device = "/var/swapfile"; + size = 8096; + } + ]; nix.settings.max-jobs = lib.mkDefault 4; powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index fdd6518..f8a5a55 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -1,4 +1,10 @@ -{ config, lib, pkgs, pkgs-4a3fc4cf7, ... }: +{ + config, + lib, + pkgs, + pkgs-4a3fc4cf7, + ... +}: { services = { diff --git a/systems/LoutreOS/monitoring.nix b/systems/LoutreOS/monitoring.nix index e02a4fa..27b721e 100644 --- a/systems/LoutreOS/monitoring.nix +++ b/systems/LoutreOS/monitoring.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let domaine = "nyanlout.re"; @@ -23,28 +28,44 @@ in enable = true; extraConfig = { inputs = { - zfs = { poolMetrics = true; }; - net = { interfaces = [ "eno1" "eno2" "eno3" "eno4" ]; }; - netstat = {}; - cpu = { totalcpu = true; }; - kernel = {}; - mem = {}; - processes = {}; - system = {}; - disk = {}; + zfs = { + poolMetrics = true; + }; + net = { + interfaces = [ + "eno1" + "eno2" + "eno3" + "eno4" + ]; + }; + netstat = { }; + cpu = { + totalcpu = true; + }; + kernel = { }; + mem = { }; + processes = { }; + system = { }; + disk = { }; cgroup = [ { paths = [ "/sys/fs/cgroup/system.slice/*" ]; - files = ["memory.current" "cpu.stat"]; + files = [ + "memory.current" + "cpu.stat" + ]; } ]; - ipmi_sensor = { path = "${pkgs.ipmitool}/bin/ipmitool"; }; + ipmi_sensor = { + path = "${pkgs.ipmitool}/bin/ipmitool"; + }; smart = { path = "${pkgs.writeShellScriptBin "smartctl" "/run/wrappers/bin/sudo ${pkgs.smartmontools}/bin/smartctl $@"}/bin/smartctl"; }; - exec= [ + exec = [ { commands = [ "${pkgs.python3}/bin/python ${pkgs.writeText "zpool.py" '' @@ -76,7 +97,10 @@ in ]; }; outputs = { - influxdb = { database = "telegraf"; urls = [ "http://localhost:8086" ]; }; + influxdb = { + database = "telegraf"; + urls = [ "http://localhost:8086" ]; + }; }; }; }; @@ -122,6 +146,14 @@ in }; security.sudo.extraRules = [ - { commands = [ { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } ]; users = [ "telegraf" ]; } + { + commands = [ + { + command = "${pkgs.smartmontools}/bin/smartctl"; + options = [ "NOPASSWD" ]; + } + ]; + users = [ "telegraf" ]; + } ]; } diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 1545a79..80ae72a 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -1,4 +1,9 @@ -{ config, pkgs, inputs, ... }: +{ + config, + pkgs, + inputs, + ... +}: { boot = { @@ -52,7 +57,10 @@ }; eno2 = { ipv4.addresses = [ - { address = "10.30.0.1"; prefixLength = 16; } + { + address = "10.30.0.1"; + prefixLength = 16; + } ]; }; enp0s21u1.useDHCP = true; @@ -110,18 +118,31 @@ firewall = { enable = true; - allowedTCPPorts = [ 80 443 ]; + allowedTCPPorts = [ + 80 + 443 + ]; allowedUDPPorts = [ ]; # Open ports on local netwok only interfaces.eno2 = { allowedTCPPorts = [ - 111 2049 4000 4001 4002 # NFS - 3483 9000 9090 # Slimserver + 111 + 2049 + 4000 + 4001 + 4002 # NFS + 3483 + 9000 + 9090 # Slimserver 1935 # RTMP ]; allowedUDPPorts = [ - 111 2049 4000 4001 4002 # NFS + 111 + 2049 + 4000 + 4001 + 4002 # NFS 3483 # Slimserver 67 # DHCP ]; @@ -142,8 +163,8 @@ }; serviceConfig = { LoadCredential = [ - "network.wireguard.private.wg0:/mnt/secrets/wireguard/wireguard.private" - "network.wireguard.preshared.wg0:/mnt/secrets/wireguard/wireguard.preshared" + "network.wireguard.private.wg0:/mnt/secrets/wireguard/wireguard.private" + "network.wireguard.preshared.wg0:/mnt/secrets/wireguard/wireguard.preshared" ]; }; }; @@ -162,204 +183,209 @@ # 51000: from all lookup fiber # first table encountered with a default route if fiber is up # 52000: from all lookup lte # first table encountered with a default route if fiber is down - systemd.network = let - routeTables = { - fiber = 1; - lte = 2; - vpn = 3; - }; - in { - enable = true; - - config = { - inherit routeTables; - addRouteTablesToIPRoute2 = true; - }; - - # Wireguard ARN device configuation - netdevs = { - "10-wg0" = { - netdevConfig = { - Kind = "wireguard"; - Name = "wg0"; - MTUBytes = "1450"; - }; - wireguardConfig = { - PrivateKey = "@network.wireguard.private.wg0"; - RouteTable = routeTables.vpn; - }; - wireguardPeers = [ - { - Endpoint = "89.234.141.83:8095"; - PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g="; - PresharedKey = "@network.wireguard.preshared.wg0"; - AllowedIPs = ["0.0.0.0/0" "::/0"]; - PersistentKeepalive = 15; - } - ]; + systemd.network = + let + routeTables = { + fiber = 1; + lte = 2; + vpn = 3; }; - }; + in + { + enable = true; - networks = { - ######### - # FIBER # - ######### - - # Set route metric to highest priority - # Set DHCP client magic settings for Bouygues - "40-bouygues" = { - dhcpV4Config.RouteTable = routeTables.fiber; - - dhcpV6Config = { - DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68"; - WithoutRA = "solicit"; - }; - - ipv6AcceptRAConfig = { - DHCPv6Client = true; - RouteTable = routeTables.fiber; - }; - - networkConfig = { - KeepConfiguration = "dhcp-on-stop"; - IPv6AcceptRA = true; - DHCPPrefixDelegation = true; - }; - - # Static attribution of first IPv6 subnet - dhcpPrefixDelegationConfig.SubnetId = "0"; - - # Route everything to fiber link with a priority of 40000 - routingPolicyRules = [ - { - FirewallMark = 1; - Table = routeTables.fiber; - Priority = 41000; - Family = "both"; - } - { - Table = routeTables.fiber; - Priority = 51000; - Family = "both"; - } - ]; + config = { + inherit routeTables; + addRouteTablesToIPRoute2 = true; }; - # Don't check VLAN physical interface as it is not directly used - "40-eno1".linkConfig.RequiredForOnline = "no"; - - ####### - # LTE # - ####### - - # Set LTE route to lower priority - "40-enp0s21u1" = { - dhcpV4Config.RouteTable = routeTables.lte; - - # Route all to lte link with a priority of 50000 - routingPolicyRules = [ - { - FirewallMark = 2; - Table = routeTables.lte; - Priority = 42000; - Family = "both"; - } - { - Table = routeTables.lte; - Priority = 52000; - Family = "both"; - } - ]; - }; - - ####### - # VPN # - ####### - - # Wireguard ARN network configuation - "10-wg0" = { - matchConfig.Name = "wg0"; - address = [ - "89.234.141.196/32" - "2a00:5881:8119:400::1/128" - ]; - routingPolicyRules = [ - # Route outgoing emails to VPN table - { - IncomingInterface = "lo"; - DestinationPort = "25"; - Table = routeTables.vpn; - Priority = 60; - Family = "both"; - } - # Route packets originating from wg0 device to VPN table - # Allow server to respond on the wg0 interface requests - { - FirewallMark = 3; - Table = routeTables.vpn; - Priority = 43000; - Family = "both"; - } - ]; - }; - - ####### - # LAN # - ####### - - # LAN DHCP server config - "40-eno2" = { - networkConfig = { - IPv6SendRA = true; - DHCPPrefixDelegation = true; - DHCPServer = true; - IPMasquerade = "ipv4"; - }; - dhcpServerConfig = { - EmitRouter = true; - EmitDNS = true; - DNS = [ - # https://www.dns0.eu/fr - "193.110.81.0" - "185.253.5.0" - ]; - }; - dhcpServerStaticLeases = [ - # IPMI - { - Address = "10.30.1.1"; - MACAddress = "ac:1f:6b:4b:01:15"; - } - # paul-fixe - { - Address = "10.30.50.1"; - MACAddress = "b4:2e:99:ed:24:26"; - } - # salonled - { - Address = "10.30.40.1"; - MACAddress = "e0:98:06:85:e9:ce"; - } - # miroir-bleu - { - Address = "10.30.40.2"; - MACAddress = "e0:98:06:86:38:fc"; - } - # miroir-orange - { - Address = "10.30.40.3"; - MACAddress = "50:02:91:78:be:be"; - } - ]; - ipv6SendRAConfig = { - EmitDNS = true; - DNS = [ - # https://www.dns0.eu/fr - "2a0f:fc80::" - "2a0f:fc81::" + # Wireguard ARN device configuation + netdevs = { + "10-wg0" = { + netdevConfig = { + Kind = "wireguard"; + Name = "wg0"; + MTUBytes = "1450"; + }; + wireguardConfig = { + PrivateKey = "@network.wireguard.private.wg0"; + RouteTable = routeTables.vpn; + }; + wireguardPeers = [ + { + Endpoint = "89.234.141.83:8095"; + PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g="; + PresharedKey = "@network.wireguard.preshared.wg0"; + AllowedIPs = [ + "0.0.0.0/0" + "::/0" + ]; + PersistentKeepalive = 15; + } ]; }; }; + + networks = { + ######### + # FIBER # + ######### + + # Set route metric to highest priority + # Set DHCP client magic settings for Bouygues + "40-bouygues" = { + dhcpV4Config.RouteTable = routeTables.fiber; + + dhcpV6Config = { + DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68"; + WithoutRA = "solicit"; + }; + + ipv6AcceptRAConfig = { + DHCPv6Client = true; + RouteTable = routeTables.fiber; + }; + + networkConfig = { + KeepConfiguration = "dhcp-on-stop"; + IPv6AcceptRA = true; + DHCPPrefixDelegation = true; + }; + + # Static attribution of first IPv6 subnet + dhcpPrefixDelegationConfig.SubnetId = "0"; + + # Route everything to fiber link with a priority of 40000 + routingPolicyRules = [ + { + FirewallMark = 1; + Table = routeTables.fiber; + Priority = 41000; + Family = "both"; + } + { + Table = routeTables.fiber; + Priority = 51000; + Family = "both"; + } + ]; + }; + + # Don't check VLAN physical interface as it is not directly used + "40-eno1".linkConfig.RequiredForOnline = "no"; + + ####### + # LTE # + ####### + + # Set LTE route to lower priority + "40-enp0s21u1" = { + dhcpV4Config.RouteTable = routeTables.lte; + + # Route all to lte link with a priority of 50000 + routingPolicyRules = [ + { + FirewallMark = 2; + Table = routeTables.lte; + Priority = 42000; + Family = "both"; + } + { + Table = routeTables.lte; + Priority = 52000; + Family = "both"; + } + ]; + }; + + ####### + # VPN # + ####### + + # Wireguard ARN network configuation + "10-wg0" = { + matchConfig.Name = "wg0"; + address = [ + "89.234.141.196/32" + "2a00:5881:8119:400::1/128" + ]; + routingPolicyRules = [ + # Route outgoing emails to VPN table + { + IncomingInterface = "lo"; + DestinationPort = "25"; + Table = routeTables.vpn; + Priority = 60; + Family = "both"; + } + # Route packets originating from wg0 device to VPN table + # Allow server to respond on the wg0 interface requests + { + FirewallMark = 3; + Table = routeTables.vpn; + Priority = 43000; + Family = "both"; + } + ]; + }; + + ####### + # LAN # + ####### + + # LAN DHCP server config + "40-eno2" = { + networkConfig = { + IPv6SendRA = true; + DHCPPrefixDelegation = true; + DHCPServer = true; + IPMasquerade = "ipv4"; + }; + dhcpServerConfig = { + EmitRouter = true; + EmitDNS = true; + DNS = [ + # https://www.dns0.eu/fr + "193.110.81.0" + "185.253.5.0" + ]; + }; + dhcpServerStaticLeases = [ + # IPMI + { + Address = "10.30.1.1"; + MACAddress = "ac:1f:6b:4b:01:15"; + } + # paul-fixe + { + Address = "10.30.50.1"; + MACAddress = "b4:2e:99:ed:24:26"; + } + # salonled + { + Address = "10.30.40.1"; + MACAddress = "e0:98:06:85:e9:ce"; + } + # miroir-bleu + { + Address = "10.30.40.2"; + MACAddress = "e0:98:06:86:38:fc"; + } + # miroir-orange + { + Address = "10.30.40.3"; + MACAddress = "50:02:91:78:be:be"; + } + ]; + ipv6SendRAConfig = { + EmitDNS = true; + DNS = [ + # https://www.dns0.eu/fr + "2a0f:fc80::" + "2a0f:fc81::" + ]; + }; + }; + }; }; - }; } diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 2b49fa9..967130c 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -1,17 +1,24 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; let domaine = "nyanlout.re"; - sendMail = to: subject: message: pkgs.writeShellScriptBin "mail.sh" '' - ${pkgs.system-sendmail}/bin/sendmail ${to} < Date: Tue, 29 Apr 2025 14:10:42 +0200 Subject: [PATCH 218/240] mitigation for periodic high load average --- systems/LoutreOS/monitoring.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/monitoring.nix b/systems/LoutreOS/monitoring.nix index e02a4fa..251bec8 100644 --- a/systems/LoutreOS/monitoring.nix +++ b/systems/LoutreOS/monitoring.nix @@ -22,9 +22,14 @@ in telegraf = { enable = true; extraConfig = { + agent = { + # Mitigation for periodic high load average + # https://github.com/influxdata/telegraf/issues/3465 + collection_jitter = "5s"; + }; inputs = { zfs = { poolMetrics = true; }; - net = { interfaces = [ "eno1" "eno2" "eno3" "eno4" ]; }; + net = {}; netstat = {}; cpu = { totalcpu = true; }; kernel = {}; From 2a137869d4cae7475182b8cb4662de6dc667f950 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 2 May 2025 12:55:36 +0200 Subject: [PATCH 219/240] use nixvim module --- flake.lock | 285 ++++++++++++++++++++++++++++++++++++++++- flake.nix | 7 + systems/common-cli.nix | 66 ++++++---- 3 files changed, 331 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index 9c17d87..dddada5 100644 --- a/flake.lock +++ b/flake.lock @@ -16,6 +16,27 @@ "type": "gitlab" } }, + "devshell": { + "inputs": { + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741473158, + "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", + "owner": "numtide", + "repo": "devshell", + "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, "dogetipbot-telegram": { "inputs": { "nixpkgs": [ @@ -38,6 +59,20 @@ } }, "flake-compat": { + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "revCount": 69, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1696426674, @@ -53,6 +88,115 @@ "type": "github" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "git-hooks": { + "inputs": { + "flake-compat": [ + "nixvim", + "flake-compat" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1742649964, + "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "nixvim", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744743431, + "narHash": "sha256-iyn/WBYDc7OtjSawbegINDe/gIkok888kQxk3aVnkgg=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "c61bfe3ae692f42ce688b5865fac9e0de58e1387", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.11", + "repo": "home-manager", + "type": "github" + } + }, "ipmihddtemp": { "inputs": { "nixpkgs": [ @@ -74,6 +218,56 @@ "type": "gitlab" } }, + "ixx": { + "inputs": { + "flake-utils": [ + "nixvim", + "nuschtosSearch", + "flake-utils" + ], + "nixpkgs": [ + "nixvim", + "nuschtosSearch", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737371634, + "narHash": "sha256-fTVAWzT1UMm1lT+YxHuVPtH+DATrhYfea3B0MxG/cGw=", + "owner": "NuschtOS", + "repo": "ixx", + "rev": "a1176e2a10ce745ff8f63e4af124ece8fe0b1648", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "ref": "v0.0.7", + "repo": "ixx", + "type": "github" + } + }, + "nix-darwin": { + "inputs": { + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743127615, + "narHash": "sha256-+sMGqywrSr50BGMLMeY789mSrzjkoxZiu61eWjYS/8o=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "fc843893cecc1838a59713ee3e50e9e7edc6207c", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "nix-darwin-24.11", + "repo": "nix-darwin", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1744440957, @@ -120,6 +314,58 @@ "type": "indirect" } }, + "nixvim": { + "inputs": { + "devshell": "devshell", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "git-hooks": "git-hooks", + "home-manager": "home-manager", + "nix-darwin": "nix-darwin", + "nixpkgs": [ + "nixpkgs" + ], + "nuschtosSearch": "nuschtosSearch", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1745068593, + "narHash": "sha256-YuQRMvqLVu+ghl2XzqXyVg/YevH/t3XHVCl7w+UrCH8=", + "owner": "nix-community", + "repo": "nixvim", + "rev": "d35dc6dfcae3ff1a0c72f2d59491a7d83e5505a3", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "nixos-24.11", + "repo": "nixvim", + "type": "github" + } + }, + "nuschtosSearch": { + "inputs": { + "flake-utils": "flake-utils", + "ixx": "ixx", + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1745046075, + "narHash": "sha256-8v4y6k16Ra/fiecb4DxhsoOGtzLKgKlS+9/XJ9z0T2I=", + "owner": "NuschtOS", + "repo": "search", + "rev": "066afe8643274470f4a294442aadd988356a478f", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "repo": "search", + "type": "github" + } + }, "root": { "inputs": { "dogetipbot-telegram": "dogetipbot-telegram", @@ -127,13 +373,14 @@ "nixpkgs": "nixpkgs", "nixpkgs-4a3fc4cf7": "nixpkgs-4a3fc4cf7", "nixpkgs-unstable": "nixpkgs-unstable", + "nixvim": "nixvim", "simple-nixos-mailserver": "simple-nixos-mailserver" } }, "simple-nixos-mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "nixpkgs": [ "nixpkgs-unstable" ], @@ -155,6 +402,42 @@ "repo": "nixos-mailserver", "type": "gitlab" } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744961264, + "narHash": "sha256-aRmUh0AMwcbdjJHnytg1e5h5ECcaWtIFQa6d9gI85AI=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "8d404a69efe76146368885110f29a2ca3700bee6", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 4efa9e8..a5b8cdb 100644 --- a/flake.nix +++ b/flake.nix @@ -11,6 +11,10 @@ nixpkgs-24_11.follows = "nixpkgs"; }; }; + nixvim = { + url = "github:nix-community/nixvim/nixos-24.11"; + inputs.nixpkgs.follows = "nixpkgs"; + }; dogetipbot-telegram = { url = "gitlab:nyanloutre/dogetipbot-telegram/master"; inputs.nixpkgs.follows = "nixpkgs"; @@ -28,6 +32,7 @@ nixpkgs-unstable, nixpkgs-4a3fc4cf7, simple-nixos-mailserver, + nixvim, dogetipbot-telegram, ipmihddtemp, }@inputs: @@ -39,6 +44,7 @@ system = "x86_64-linux"; modules = [ nixpkgs-unstable.nixosModules.notDetected + nixvim.nixosModules.nixvim { nixpkgs.config.allowUnfree = true; nix = { @@ -69,6 +75,7 @@ modules = [ nixpkgs-unstable.nixosModules.notDetected simple-nixos-mailserver.nixosModule + nixvim.nixosModules.nixvim dogetipbot-telegram.nixosModule ipmihddtemp.nixosModule { diff --git a/systems/common-cli.nix b/systems/common-cli.nix index c075abe..67ec0c7 100644 --- a/systems/common-cli.nix +++ b/systems/common-cli.nix @@ -4,35 +4,49 @@ time.timeZone = "Europe/Paris"; - environment.systemPackages = with pkgs; [ - # Editeurs - (neovim.override { - viAlias = true; - vimAlias = true; - configure = { - customRC = '' - set tabstop=8 - set shiftwidth=4 - set softtabstop=0 - set expandtab - set smarttab - set background=dark - set mouse= - ''; - packages.myVimPackage = with pkgs.vimPlugins; { - start = [ - vim-startify - airline - sensible - polyglot - ale - fugitive - ]; - opt = [ ]; + programs.nixvim = { + enable = true; + viAlias = true; + vimAlias = true; + files = { + "ftplugin/nix.lua" = { + opts = { + tabstop = 8; + shiftwidth = 4; + softtabstop = 0; + expandtab = true; + smarttab = true; + background = "dark"; + mouse = ""; }; }; - }) + }; + plugins = { + lualine.enable = true; + lsp = { + enable = true; + servers = { + nixd.enable = true; + ruff.enable = true; + }; + }; + bufferline.enable = true; + telescope.enable = true; + which-key.enable = true; + treesitter.enable = true; + cmp = { + enable = true; + autoEnableSources = true; + settings.sources = [ + { name = "nvim_lsp"; } + { name = "path"; } + { name = "buffer"; } + ]; + }; + }; + }; + environment.systemPackages = with pkgs; [ # Gestionnaires de version tig gitAndTools.hub From 5afedf69c3f4161385b0dca8446793816ad546d5 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 2 May 2025 17:14:01 +0200 Subject: [PATCH 220/240] install Nerd Fonts on desktop --- systems/common-gui.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/systems/common-gui.nix b/systems/common-gui.nix index ff42da7..cdcad6c 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -69,6 +69,12 @@ pavucontrol ]; + fonts.packages = with pkgs; [ + nerd-fonts.jetbrains-mono + nerd-fonts.ubuntu-mono + nerd-fonts.fira-mono + ]; + i18n = { defaultLocale = "fr_FR.UTF-8"; }; From d4bc904ac727ad860b74912c9d9be5f0f9a1d4ac Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 2 May 2025 17:49:25 +0200 Subject: [PATCH 221/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/26d499fc9f1d567283d5d56fcf367edd815dba1d?narHash=sha256-FHlSkNqFmPxPJvy%2B6fNLaNeWnF1lZSgqVCl/eWaJRc4%3D' (2025-04-12) → 'github:NixOS/nixpkgs/3e362ce63e16b9572d8c2297c04f7c19ab6725a5?narHash=sha256-3dqArYSMP9hM7Qpy5YWhnSjiqniSaT2uc5h2Po7tmg0%3D' (2025-04-30) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef?narHash=sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU%3D' (2025-04-17) → 'github:NixOS/nixpkgs/f02fddb8acef29a8b32f10a335d44828d7825b78?narHash=sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds%2Bhc%3D' (2025-05-01) • Updated input 'nixvim': 'github:nix-community/nixvim/d35dc6dfcae3ff1a0c72f2d59491a7d83e5505a3?narHash=sha256-YuQRMvqLVu%2Bghl2XzqXyVg/YevH/t3XHVCl7w%2BUrCH8%3D' (2025-04-19) → 'github:nix-community/nixvim/5bef8e43ce16ee704c7b9fa9f48a07ce81c5c05d?narHash=sha256-MpLljx/1dGnBIQlUswaUz/ZeOp44R3ngc1iBf4tyzyc%3D' (2025-04-29) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index dddada5..195ec40 100644 --- a/flake.lock +++ b/flake.lock @@ -270,11 +270,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1744440957, - "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", + "lastModified": 1746055187, + "narHash": "sha256-3dqArYSMP9hM7Qpy5YWhnSjiqniSaT2uc5h2Po7tmg0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", + "rev": "3e362ce63e16b9572d8c2297c04f7c19ab6725a5", "type": "github" }, "original": { @@ -301,11 +301,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1744932701, - "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", + "lastModified": 1746141548, + "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", + "rev": "f02fddb8acef29a8b32f10a335d44828d7825b78", "type": "github" }, "original": { @@ -329,11 +329,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1745068593, - "narHash": "sha256-YuQRMvqLVu+ghl2XzqXyVg/YevH/t3XHVCl7w+UrCH8=", + "lastModified": 1745963276, + "narHash": "sha256-MpLljx/1dGnBIQlUswaUz/ZeOp44R3ngc1iBf4tyzyc=", "owner": "nix-community", "repo": "nixvim", - "rev": "d35dc6dfcae3ff1a0c72f2d59491a7d83e5505a3", + "rev": "5bef8e43ce16ee704c7b9fa9f48a07ce81c5c05d", "type": "github" }, "original": { From 9425f55d8f64427b701e61327e818dac4bca294c Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 2 May 2025 21:22:25 +0200 Subject: [PATCH 222/240] improve vim config --- systems/common-cli.nix | 76 ++++++++++++++++++++++++++++++++++-------- 1 file changed, 63 insertions(+), 13 deletions(-) diff --git a/systems/common-cli.nix b/systems/common-cli.nix index 67ec0c7..4da4392 100644 --- a/systems/common-cli.nix +++ b/systems/common-cli.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ pkgs, ... }: { @@ -8,32 +8,82 @@ enable = true; viAlias = true; vimAlias = true; - files = { - "ftplugin/nix.lua" = { - opts = { - tabstop = 8; - shiftwidth = 4; - softtabstop = 0; - expandtab = true; - smarttab = true; - background = "dark"; - mouse = ""; - }; + colorschemes.catppuccin.enable = true; + highlight.ExtraWhitespace.bg = "red"; # Highlight extra white spaces + performance = { + byteCompileLua = { + enable = true; + nvimRuntime = true; + configs = true; + plugins = true; }; }; + opts = { + updatetime = 100; # Faster completion + + # Line numbers + number = true; # Display the absolute line number of the current line + hidden = true; # Keep closed buffer open in the background + mouse = "a"; # Enable mouse control + mousemodel = "extend"; # Mouse right-click extends the current selection + splitbelow = true; # A new window is put below the current one + splitright = true; # A new window is put right of the current one + + modeline = true; # Tags such as 'vim:ft=sh' + modelines = 100; # Sets the type of modelines + undofile = true; # Automatically save and restore undo history + incsearch = true; # Incremental search: show match for partly typed search command + ignorecase = true; # When the search query is lower-case, match both lower and upper-case patterns + smartcase = true; # Override the 'ignorecase' option if the search pattern contains upper case characters + cursorline = true; # Highlight the screen line of the cursor + cursorcolumn = true; # Highlight the screen column of the cursor + signcolumn = "yes"; # Whether to show the signcolumn + laststatus = 3; # When to use a status line for the last window + fileencoding = "utf-8"; # File-content encoding for the current buffer + termguicolors = true; # Enables 24-bit RGB color in the |TUI| + wrap = false; # Prevent text from wrapping + + # Tab options + tabstop = 2; # Number of spaces a in the text stands for (local to buffer) + shiftwidth = 2; # Number of spaces used for each step of (auto)indent (local to buffer) + softtabstop = 0; # If non-zero, number of spaces to insert for a (local to buffer) + expandtab = true; # Expand to spaces in Insert mode (local to buffer) + autoindent = true; # Do clever autoindenting + + showmatch = true; # when closing a bracket, briefly flash the matching one + matchtime = 1; # duration of that flashing n deci-seconds + startofline = true; # motions like "G" also move to the first char + report = 9001; # disable "x more/fewer lines" messages + }; plugins = { lualine.enable = true; lsp = { enable = true; + inlayHints = true; servers = { nixd.enable = true; ruff.enable = true; }; }; + lspkind.enable = true; + lsp-lines.enable = true; + lsp-signature.enable = true; bufferline.enable = true; telescope.enable = true; which-key.enable = true; - treesitter.enable = true; + treesitter = { + enable = true; + settings = { + highlight = { + enable = true; + additional_vim_regex_highlighting = true; + }; + + indent = { + enable = true; + }; + }; + }; cmp = { enable = true; autoEnableSources = true; From cad30707e89447d846df116647ea8ec4155f7f20 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 18 May 2025 16:56:17 +0200 Subject: [PATCH 223/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/3e362ce63e16b9572d8c2297c04f7c19ab6725a5?narHash=sha256-3dqArYSMP9hM7Qpy5YWhnSjiqniSaT2uc5h2Po7tmg0%3D' (2025-04-30) → 'github:NixOS/nixpkgs/ba8b70ee098bc5654c459d6a95dfc498b91ff858?narHash=sha256-IKKIXTSYJMmUtE%2BKav5Rob8SgLPnfnq4Qu8LyT4gdqQ%3D' (2025-05-15) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/f02fddb8acef29a8b32f10a335d44828d7825b78?narHash=sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds%2Bhc%3D' (2025-05-01) → 'github:NixOS/nixpkgs/e06158e58f3adee28b139e9c2bcfcc41f8625b46?narHash=sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4%2BwYK4%3D' (2025-05-15) • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/63209b1def2c9fc891ad271f474a3464a5833294?narHash=sha256-HA9fAmGNGf0cOYrhgoa%2BB6BxNVqGAYXfLyx8zIS0ZBY%3D' (2024-12-22) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/14857a0309d7bbdf7c51bbfa309d0d13448ae77e?narHash=sha256-kL3cc25sc0x%2B6gBZYjuE4566RT1E3XLQs4V8sl7D%2BVE%3D' (2025-05-05) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 195ec40..23f110e 100644 --- a/flake.lock +++ b/flake.lock @@ -270,11 +270,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1746055187, - "narHash": "sha256-3dqArYSMP9hM7Qpy5YWhnSjiqniSaT2uc5h2Po7tmg0=", + "lastModified": 1747335874, + "narHash": "sha256-IKKIXTSYJMmUtE+Kav5Rob8SgLPnfnq4Qu8LyT4gdqQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3e362ce63e16b9572d8c2297c04f7c19ab6725a5", + "rev": "ba8b70ee098bc5654c459d6a95dfc498b91ff858", "type": "github" }, "original": { @@ -301,11 +301,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1746141548, - "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=", + "lastModified": 1747327360, + "narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f02fddb8acef29a8b32f10a335d44828d7825b78", + "rev": "e06158e58f3adee28b139e9c2bcfcc41f8625b46", "type": "github" }, "original": { @@ -389,11 +389,11 @@ ] }, "locked": { - "lastModified": 1734884447, - "narHash": "sha256-HA9fAmGNGf0cOYrhgoa+B6BxNVqGAYXfLyx8zIS0ZBY=", + "lastModified": 1746469806, + "narHash": "sha256-kL3cc25sc0x+6gBZYjuE4566RT1E3XLQs4V8sl7D+VE=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "63209b1def2c9fc891ad271f474a3464a5833294", + "rev": "14857a0309d7bbdf7c51bbfa309d0d13448ae77e", "type": "gitlab" }, "original": { From ad82f1d236e5d7fcdd3355e6c014e65d900503ad Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 18 May 2025 17:01:41 +0200 Subject: [PATCH 224/240] fix Nextcloud opcache warning --- systems/LoutreOS/web.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 7108cd6..c9c8d65 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -388,6 +388,9 @@ in ]; }; autoUpdateApps.enable = true; + phpOptions = { + "opcache.interned_strings_buffer" = "23"; + }; }; }; From 478aa12d8478d344c85791537f389087145fd1f7 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 18 May 2025 18:04:04 +0200 Subject: [PATCH 225/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'ipmihddtemp': 'gitlab:nyanloutre/ipmihddtemp/6fe5d14f588956dfff89716f81b8101c7a94cd6d?narHash=sha256-Y70jZPL3/fY8SzkPnpw9Ta411zbbkJ1D3qOYJ76zuIA%3D' (2021-11-03) → 'gitlab:nyanloutre/ipmihddtemp/837ba5a66de1688e7fbce8302cfb363c42a0e1d9?narHash=sha256-6QMKT0BrLyb2wSFEpmTjYpMS6JOLHRRAMnnM5/qN/vE%3D' (2025-05-18) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/ba8b70ee098bc5654c459d6a95dfc498b91ff858?narHash=sha256-IKKIXTSYJMmUtE%2BKav5Rob8SgLPnfnq4Qu8LyT4gdqQ%3D' (2025-05-15) → 'github:NixOS/nixpkgs/9b5ac7ad45298d58640540d0323ca217f32a6762?narHash=sha256-YbsZyuRE1tobO9sv0PUwg81QryYo3L1F3R3rF9bcG38%3D' (2025-05-17) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 23f110e..05a7057 100644 --- a/flake.lock +++ b/flake.lock @@ -204,11 +204,11 @@ ] }, "locked": { - "lastModified": 1635966341, - "narHash": "sha256-Y70jZPL3/fY8SzkPnpw9Ta411zbbkJ1D3qOYJ76zuIA=", + "lastModified": 1747584091, + "narHash": "sha256-6QMKT0BrLyb2wSFEpmTjYpMS6JOLHRRAMnnM5/qN/vE=", "owner": "nyanloutre", "repo": "ipmihddtemp", - "rev": "6fe5d14f588956dfff89716f81b8101c7a94cd6d", + "rev": "837ba5a66de1688e7fbce8302cfb363c42a0e1d9", "type": "gitlab" }, "original": { @@ -270,11 +270,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1747335874, - "narHash": "sha256-IKKIXTSYJMmUtE+Kav5Rob8SgLPnfnq4Qu8LyT4gdqQ=", + "lastModified": 1747485343, + "narHash": "sha256-YbsZyuRE1tobO9sv0PUwg81QryYo3L1F3R3rF9bcG38=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ba8b70ee098bc5654c459d6a95dfc498b91ff858", + "rev": "9b5ac7ad45298d58640540d0323ca217f32a6762", "type": "github" }, "original": { From beb7d791e7753e7df687270ae3a47f0a603b54c2 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 20 May 2025 09:57:39 +0200 Subject: [PATCH 226/240] fix Nextcloud warnings --- systems/LoutreOS/web.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index c9c8d65..4d06b38 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -386,6 +386,8 @@ in ''OC\Preview\XBitmap'' ''OC\Preview\Movie'' ]; + "default_phone_region" = "FR"; + "maintenance_window_start" = "23"; # Start maintenance operations after 23:00 UTC (01:00 CEST) }; autoUpdateApps.enable = true; phpOptions = { From 016bc33bea343300167b16b0bc745ce1b18a6cc1 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 26 May 2025 21:22:40 +0200 Subject: [PATCH 227/240] nextcloud: 30 -> 31 --- systems/LoutreOS/web.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 4d06b38..adeb85e 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -360,7 +360,7 @@ in nextcloud = { enable = true; - package = pkgs.nextcloud30; + package = pkgs.nextcloud31; hostName = "cloud.nyanlout.re"; database.createLocally = true; https = true; From 485a7c71ffa4b1d683edb567962cb72543697536 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 26 May 2025 14:01:12 +0200 Subject: [PATCH 228/240] Update flake.nix references to 25.05 --- flake.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.nix b/flake.nix index a5b8cdb..2802407 100644 --- a/flake.nix +++ b/flake.nix @@ -1,18 +1,18 @@ { inputs = { - nixpkgs.url = "flake:nixpkgs/nixos-24.11"; + nixpkgs.url = "flake:nixpkgs/nixos-25.05"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; # transmission 4.0.5 downgrade to fix tracker bug nixpkgs-4a3fc4cf7.url = "github:nixos/nixpkgs/4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4"; simple-nixos-mailserver = { - url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.11"; + url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.05"; inputs = { nixpkgs.follows = "nixpkgs-unstable"; - nixpkgs-24_11.follows = "nixpkgs"; + nixpkgs-25_05.follows = "nixpkgs"; }; }; nixvim = { - url = "github:nix-community/nixvim/nixos-24.11"; + url = "github:nix-community/nixvim/nixos-25.05"; inputs.nixpkgs.follows = "nixpkgs"; }; dogetipbot-telegram = { From fe9190860ed856775ef8ad30242c3cae7b1fb9c1 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 26 May 2025 14:06:19 +0200 Subject: [PATCH 229/240] zigbee2mqtt: update to v2 --- systems/LoutreOS/services.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 967130c..3709a90 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -198,7 +198,9 @@ in zigbee2mqtt = { enable = true; + package = pkg.zigbee2mqtt_2; settings = { + homeassistant.enabled = config.services.home-assistant.enable; serial = { port = "/dev/serial/by-id/usb-Texas_Instruments_TI_CC2531_USB_CDC___0X00124B0014D97058-if00"; adapter = "zstack"; From 2724322d264bbef29891cbbb11ef14b42d428367 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 26 May 2025 14:37:15 +0200 Subject: [PATCH 230/240] recyclarr: init service --- systems/LoutreOS/medias.nix | 196 ++++++++++++++++++++++++++++++++++++ 1 file changed, 196 insertions(+) diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index f8a5a55..3bd9a91 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -27,6 +27,197 @@ radarr.enable = true; sonarr.enable = true; prowlarr.enable = true; + recyclarr = { + enable = true; + configuration = { + radarr.radarr_main = { + api_key = { + _secret = "/run/credentials/recyclarr.service/radarr-api_key"; + }; + base_url = "http://localhost:7878"; + include = [ + { + template = "radarr-quality-definition-movie"; + } + { + template = "radarr-quality-profile-hd-bluray-web-french-multi-vo"; + } + { + template = "radarr-custom-formats-hd-bluray-web-french-multi-vo"; + } + ]; + custom_formats = [ + # ===== Versions françaises ===== + { + trash_ids = [ + "404c08fd0bd67f39b4d8e5709319094e" # VFF + ]; + assign_scores_to = { + name = "FR-MULTi-VO-HD"; + score = 101; + }; + } + { + trash_ids = [ + "4cafa20d5584f6ba1871d1b8941aa3cb" # VOF + ]; + assign_scores_to = { + name = "FR-MULTi-VO-HD"; + score = 0; + }; + } + { + trash_ids = [ + "52772f1cad6b5d26c2551f79bc538a50" # VFI + ]; + assign_scores_to = { + name = "FR-MULTi-VO-HD"; + score = 0; + }; + } + { + trash_ids = [ + "29b5f7b1a5f20f64228786c3ab1bdc7d" # VF2 + ]; + assign_scores_to = { + name = "FR-MULTi-VO-HD"; + score = 101; + }; + } + { + trash_ids = [ + "b6ace47331a1d3b77942fc18156f6df6" # VFQ + ]; + assign_scores_to = { + name = "FR-MULTi-VO-HD"; + score = -101; + }; + } + { + trash_ids = [ + "f7caa1942be5cc547c266bd3dbc2cda9" # VOQ + ]; + assign_scores_to = { + name = "FR-MULTi-VO-HD"; + score = 0; + }; + } + { + trash_ids = [ + "95aa50f71a01c82354a7a2b385f1c4d8" # VQ + ]; + assign_scores_to = { + name = "FR-MULTi-VO-HD"; + score = 0; + }; + } + { + trash_ids = [ + "b3fb499641d7b3c2006be1d9eb014cb3" # VFB + ]; + assign_scores_to = { + name = "FR-MULTi-VO-HD"; + score = 0; + }; + } + ]; + }; + sonarr.sonarr_main = { + api_key = { + _secret = "/run/credentials/recyclarr.service/sonarr-api_key"; + }; + base_url = "http://localhost:8989"; + include = [ + { + template = "sonarr-quality-definition-series"; + } + { + template = "sonarr-v4-quality-profile-bluray-web-1080p-french-multi-vo"; + } + { + template = "sonarr-v4-custom-formats-bluray-web-1080p-french-multi-vo"; + } + ]; + custom_formats = [ + # ===== Versions françaises ===== + { + trash_ids = [ + "2c29a39a4fdfd6d258799bc4c09731b9" # VFF + ]; + assign_scores_to = { + name = "FR-MULTi-VO-WEB-1080p"; + score = 101; + }; + } + { + trash_ids = [ + "7ae924ee9b2f39df3283c6c0beb8a2aa" # VOF + ]; + assign_scores_to = { + name = "FR-MULTi-VO-WEB-1080p"; + score = 0; + }; + } + { + trash_ids = [ + "b6816a0e1d4b64bf3550ad3b74b009b6" # VFI + ]; + assign_scores_to = { + name = "FR-MULTi-VO-WEB-1080p"; + score = 0; + }; + } + { + trash_ids = [ + "34789ec3caa819f087e23bbf9999daf7" # VF2 + ]; + assign_scores_to = { + name = "FR-MULTi-VO-WEB-1080p"; + score = 101; + }; + } + { + trash_ids = [ + "7a7f4e4f58bd1058440236d033a90b67" # VFQ + ]; + assign_scores_to = { + name = "FR-MULTi-VO-WEB-1080p"; + score = -101; + }; + } + { + trash_ids = [ + "802dd70b856c423a9b0cb7f34ac42be1" # VOQ + ]; + assign_scores_to = { + name = "FR-MULTi-VO-WEB-1080p"; + score = 0; + }; + } + { + trash_ids = [ + "82085412d9a53ba8d8e46fc624eb701d" # VQ + ]; + assign_scores_to = { + name = "FR-MULTi-VO-WEB-1080p"; + score = 0; + }; + } + { + trash_ids = [ + "0ce1e39a4676c6692ce47935278dac76" # VFB + ]; + assign_scores_to = { + name = "FR-MULTi-VO-WEB-1080p"; + score = 0; + }; + } + ]; + + }; + }; + }; + jellyfin.enable = true; slimserver.enable = true; }; @@ -36,6 +227,11 @@ LimitNOFILE = 1048576; }; + systemd.services.recyclarr.serviceConfig.LoadCredential = [ + "radarr-api_key:/mnt/secrets/radarr-api_key" + "sonarr-api_key:/mnt/secrets/sonarr-api_key" + ]; + networking = { firewall.allowedTCPPorts = [ config.services.transmission.settings.peer-port From 0e85f8b13f797fa968c3f7143d44adc257b22e49 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 26 May 2025 14:45:50 +0200 Subject: [PATCH 231/240] recyclarr: allow overwriting custom formats --- systems/LoutreOS/medias.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index 3bd9a91..557eebf 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -46,6 +46,8 @@ template = "radarr-custom-formats-hd-bluray-web-french-multi-vo"; } ]; + delete_old_custom_formats = true; + replace_existing_custom_formats = true; custom_formats = [ # ===== Versions françaises ===== { @@ -138,6 +140,8 @@ template = "sonarr-v4-custom-formats-bluray-web-1080p-french-multi-vo"; } ]; + delete_old_custom_formats = true; + replace_existing_custom_formats = true; custom_formats = [ # ===== Versions françaises ===== { From 6b3c34ec59cfad540dfaf6db3985736e6b5c140d Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 26 May 2025 21:27:21 +0200 Subject: [PATCH 232/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/9b5ac7ad45298d58640540d0323ca217f32a6762?narHash=sha256-YbsZyuRE1tobO9sv0PUwg81QryYo3L1F3R3rF9bcG38%3D' (2025-05-17) → 'github:NixOS/nixpkgs/7c43f080a7f28b2774f3b3f43234ca11661bf334?narHash=sha256-rqc2RKYTxP3tbjA%2BPB3VMRQNnjesrT0pEofXQTrMsS8%3D' (2025-05-25) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/e06158e58f3adee28b139e9c2bcfcc41f8625b46?narHash=sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4%2BwYK4%3D' (2025-05-15) → 'github:NixOS/nixpkgs/62b852f6c6742134ade1abdd2a21685fd617a291?narHash=sha256-R5HJFflOfsP5FBtk%2BzE8FpL8uqE7n62jqOsADvVshhE%3D' (2025-05-25) • Updated input 'nixvim': 'github:nix-community/nixvim/5bef8e43ce16ee704c7b9fa9f48a07ce81c5c05d?narHash=sha256-MpLljx/1dGnBIQlUswaUz/ZeOp44R3ngc1iBf4tyzyc%3D' (2025-04-29) → 'github:nix-community/nixvim/cfea16cdbe4f13b5d39dfe3df747092448252c9d?narHash=sha256-1bGQAkqnGyov/tfiJw1HTK3vTHrgEo977J6RfjqrH0s%3D' (2025-05-25) • Removed input 'nixvim/devshell' • Removed input 'nixvim/devshell/nixpkgs' • Removed input 'nixvim/flake-compat' • Removed input 'nixvim/git-hooks' • Removed input 'nixvim/git-hooks/flake-compat' • Removed input 'nixvim/git-hooks/gitignore' • Removed input 'nixvim/git-hooks/gitignore/nixpkgs' • Removed input 'nixvim/git-hooks/nixpkgs' • Removed input 'nixvim/home-manager' • Removed input 'nixvim/home-manager/nixpkgs' • Removed input 'nixvim/nix-darwin' • Removed input 'nixvim/nix-darwin/nixpkgs' • Added input 'nixvim/systems': 'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e?narHash=sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768%3D' (2023-04-09) • Removed input 'nixvim/treefmt-nix' • Removed input 'nixvim/treefmt-nix/nixpkgs' • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/14857a0309d7bbdf7c51bbfa309d0d13448ae77e?narHash=sha256-kL3cc25sc0x%2B6gBZYjuE4566RT1E3XLQs4V8sl7D%2BVE%3D' (2025-05-05) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/53007af63fade28853408370c4c600a63dd97f41?narHash=sha256-BW3ktviEhfCN/z3%2BkEyzpDKAI8qFTwO7%2BS0NVA0C90o%3D' (2025-05-23) • Updated input 'simple-nixos-mailserver/flake-compat': 'github:edolstra/flake-compat/0f9255e01c2351cc7d116c072cb317785dd33b33?narHash=sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U%3D' (2023-10-04) → 'github:edolstra/flake-compat/9100a0f413b0c601e0533d1d94ffd501ce2e7885?narHash=sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX%2BfjA8Xf8PUmqCY%3D' (2025-05-12) • Added input 'simple-nixos-mailserver/git-hooks': 'github:cachix/git-hooks.nix/dcf5072734cb576d2b0c59b2ac44f5050b5eac82?narHash=sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco%3D' (2025-03-22) • Added input 'simple-nixos-mailserver/git-hooks/flake-compat': follows 'simple-nixos-mailserver/flake-compat' • Added input 'simple-nixos-mailserver/git-hooks/gitignore': 'github:hercules-ci/gitignore.nix/637db329424fd7e46cf4185293b9cc8c88c95394?narHash=sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs%3D' (2024-02-28) • Added input 'simple-nixos-mailserver/git-hooks/gitignore/nixpkgs': follows 'simple-nixos-mailserver/git-hooks/nixpkgs' • Added input 'simple-nixos-mailserver/git-hooks/nixpkgs': follows 'simple-nixos-mailserver/nixpkgs' • Removed input 'simple-nixos-mailserver/nixpkgs-24_11' • Added input 'simple-nixos-mailserver/nixpkgs-25_05': follows 'nixpkgs' --- flake.lock | 155 ++++++++++++----------------------------------------- 1 file changed, 33 insertions(+), 122 deletions(-) diff --git a/flake.lock b/flake.lock index 05a7057..16ddfe7 100644 --- a/flake.lock +++ b/flake.lock @@ -16,27 +16,6 @@ "type": "gitlab" } }, - "devshell": { - "inputs": { - "nixpkgs": [ - "nixvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1741473158, - "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", - "owner": "numtide", - "repo": "devshell", - "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "devshell", - "type": "github" - } - }, "dogetipbot-telegram": { "inputs": { "nixpkgs": [ @@ -59,27 +38,13 @@ } }, "flake-compat": { - "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", - "revCount": 69, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" - } - }, - "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -130,12 +95,12 @@ "git-hooks": { "inputs": { "flake-compat": [ - "nixvim", + "simple-nixos-mailserver", "flake-compat" ], "gitignore": "gitignore", "nixpkgs": [ - "nixvim", + "simple-nixos-mailserver", "nixpkgs" ] }, @@ -156,7 +121,7 @@ "gitignore": { "inputs": { "nixpkgs": [ - "nixvim", + "simple-nixos-mailserver", "git-hooks", "nixpkgs" ] @@ -175,28 +140,6 @@ "type": "github" } }, - "home-manager": { - "inputs": { - "nixpkgs": [ - "nixvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1744743431, - "narHash": "sha256-iyn/WBYDc7OtjSawbegINDe/gIkok888kQxk3aVnkgg=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "c61bfe3ae692f42ce688b5865fac9e0de58e1387", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "release-24.11", - "repo": "home-manager", - "type": "github" - } - }, "ipmihddtemp": { "inputs": { "nixpkgs": [ @@ -246,40 +189,18 @@ "type": "github" } }, - "nix-darwin": { - "inputs": { - "nixpkgs": [ - "nixvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1743127615, - "narHash": "sha256-+sMGqywrSr50BGMLMeY789mSrzjkoxZiu61eWjYS/8o=", - "owner": "lnl7", - "repo": "nix-darwin", - "rev": "fc843893cecc1838a59713ee3e50e9e7edc6207c", - "type": "github" - }, - "original": { - "owner": "lnl7", - "ref": "nix-darwin-24.11", - "repo": "nix-darwin", - "type": "github" - } - }, "nixpkgs": { "locked": { - "lastModified": 1747485343, - "narHash": "sha256-YbsZyuRE1tobO9sv0PUwg81QryYo3L1F3R3rF9bcG38=", + "lastModified": 1748162331, + "narHash": "sha256-rqc2RKYTxP3tbjA+PB3VMRQNnjesrT0pEofXQTrMsS8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9b5ac7ad45298d58640540d0323ca217f32a6762", + "rev": "7c43f080a7f28b2774f3b3f43234ca11661bf334", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-24.11", + "ref": "nixos-25.05", "type": "indirect" } }, @@ -301,11 +222,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1747327360, - "narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=", + "lastModified": 1748190013, + "narHash": "sha256-R5HJFflOfsP5FBtk+zE8FpL8uqE7n62jqOsADvVshhE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e06158e58f3adee28b139e9c2bcfcc41f8625b46", + "rev": "62b852f6c6742134ade1abdd2a21685fd617a291", "type": "github" }, "original": { @@ -316,29 +237,24 @@ }, "nixvim": { "inputs": { - "devshell": "devshell", - "flake-compat": "flake-compat", "flake-parts": "flake-parts", - "git-hooks": "git-hooks", - "home-manager": "home-manager", - "nix-darwin": "nix-darwin", "nixpkgs": [ "nixpkgs" ], "nuschtosSearch": "nuschtosSearch", - "treefmt-nix": "treefmt-nix" + "systems": "systems_2" }, "locked": { - "lastModified": 1745963276, - "narHash": "sha256-MpLljx/1dGnBIQlUswaUz/ZeOp44R3ngc1iBf4tyzyc=", + "lastModified": 1748197635, + "narHash": "sha256-1bGQAkqnGyov/tfiJw1HTK3vTHrgEo977J6RfjqrH0s=", "owner": "nix-community", "repo": "nixvim", - "rev": "5bef8e43ce16ee704c7b9fa9f48a07ce81c5c05d", + "rev": "cfea16cdbe4f13b5d39dfe3df747092448252c9d", "type": "github" }, "original": { "owner": "nix-community", - "ref": "nixos-24.11", + "ref": "nixos-25.05", "repo": "nixvim", "type": "github" } @@ -380,25 +296,26 @@ "simple-nixos-mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat", + "git-hooks": "git-hooks", "nixpkgs": [ "nixpkgs-unstable" ], - "nixpkgs-24_11": [ + "nixpkgs-25_05": [ "nixpkgs" ] }, "locked": { - "lastModified": 1746469806, - "narHash": "sha256-kL3cc25sc0x+6gBZYjuE4566RT1E3XLQs4V8sl7D+VE=", + "lastModified": 1747965231, + "narHash": "sha256-BW3ktviEhfCN/z3+kEyzpDKAI8qFTwO7+S0NVA0C90o=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "14857a0309d7bbdf7c51bbfa309d0d13448ae77e", + "rev": "53007af63fade28853408370c4c600a63dd97f41", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-24.11", + "ref": "nixos-25.05", "repo": "nixos-mailserver", "type": "gitlab" } @@ -418,24 +335,18 @@ "type": "github" } }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "nixvim", - "nixpkgs" - ] - }, + "systems_2": { "locked": { - "lastModified": 1744961264, - "narHash": "sha256-aRmUh0AMwcbdjJHnytg1e5h5ECcaWtIFQa6d9gI85AI=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "8d404a69efe76146368885110f29a2ca3700bee6", + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "type": "github" }, "original": { - "owner": "numtide", - "repo": "treefmt-nix", + "owner": "nix-systems", + "repo": "default", "type": "github" } } From f97cabaf92d1d584bf5a51b45e9f07debf691b5f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 26 May 2025 21:48:04 +0200 Subject: [PATCH 233/240] fix typo --- systems/LoutreOS/services.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 3709a90..28cf410 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -198,7 +198,7 @@ in zigbee2mqtt = { enable = true; - package = pkg.zigbee2mqtt_2; + package = pkgs.zigbee2mqtt_2; settings = { homeassistant.enabled = config.services.home-assistant.enable; serial = { From 92e4d25fe258fb1a662cb3351f0768915273f3d9 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 26 May 2025 21:48:17 +0200 Subject: [PATCH 234/240] fix nixvim warning --- systems/common-cli.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/common-cli.nix b/systems/common-cli.nix index 4da4392..4651d9a 100644 --- a/systems/common-cli.nix +++ b/systems/common-cli.nix @@ -93,6 +93,7 @@ { name = "buffer"; } ]; }; + web-devicons.enable = true; }; }; From 6d9afd96441498205002af9ed02873ae0b9a1fdd Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 28 May 2025 11:32:29 +0200 Subject: [PATCH 235/240] recyclarr: simplify custom_formats and enable VF profile --- systems/LoutreOS/medias.nix | 184 +++++++++++++++--------------------- 1 file changed, 76 insertions(+), 108 deletions(-) diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index 557eebf..b2764bc 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -39,6 +39,12 @@ { template = "radarr-quality-definition-movie"; } + { + template = "radarr-quality-profile-hd-bluray-web-french-multi-vf"; + } + { + template = "radarr-custom-formats-hd-bluray-web-french-multi-vf"; + } { template = "radarr-quality-profile-hd-bluray-web-french-multi-vo"; } @@ -53,74 +59,52 @@ { trash_ids = [ "404c08fd0bd67f39b4d8e5709319094e" # VFF + "29b5f7b1a5f20f64228786c3ab1bdc7d" # VF2 + ]; + assign_scores_to = [ + { + name = "FR-MULTi-VF-HD"; + score = 101; + } + { + name = "FR-MULTi-VO-HD"; + score = 101; + } ]; - assign_scores_to = { - name = "FR-MULTi-VO-HD"; - score = 101; - }; } { trash_ids = [ "4cafa20d5584f6ba1871d1b8941aa3cb" # VOF - ]; - assign_scores_to = { - name = "FR-MULTi-VO-HD"; - score = 0; - }; - } - { - trash_ids = [ "52772f1cad6b5d26c2551f79bc538a50" # VFI + "f7caa1942be5cc547c266bd3dbc2cda9" # VOQ + "95aa50f71a01c82354a7a2b385f1c4d8" # VQ + "b3fb499641d7b3c2006be1d9eb014cb3" # VFB ]; - assign_scores_to = { - name = "FR-MULTi-VO-HD"; - score = 0; - }; - } - { - trash_ids = [ - "29b5f7b1a5f20f64228786c3ab1bdc7d" # VF2 + assign_scores_to = [ + { + name = "FR-MULTi-VF-HD"; + score = 0; + } + { + name = "FR-MULTi-VO-HD"; + score = 0; + } ]; - assign_scores_to = { - name = "FR-MULTi-VO-HD"; - score = 101; - }; } { trash_ids = [ "b6ace47331a1d3b77942fc18156f6df6" # VFQ ]; - assign_scores_to = { - name = "FR-MULTi-VO-HD"; - score = -101; - }; - } - { - trash_ids = [ - "f7caa1942be5cc547c266bd3dbc2cda9" # VOQ + assign_scores_to = [ + { + name = "FR-MULTi-VF-HD"; + score = -101; + } + { + name = "FR-MULTi-VO-HD"; + score = -101; + } ]; - assign_scores_to = { - name = "FR-MULTi-VO-HD"; - score = 0; - }; - } - { - trash_ids = [ - "95aa50f71a01c82354a7a2b385f1c4d8" # VQ - ]; - assign_scores_to = { - name = "FR-MULTi-VO-HD"; - score = 0; - }; - } - { - trash_ids = [ - "b3fb499641d7b3c2006be1d9eb014cb3" # VFB - ]; - assign_scores_to = { - name = "FR-MULTi-VO-HD"; - score = 0; - }; } ]; }; @@ -133,6 +117,12 @@ { template = "sonarr-quality-definition-series"; } + { + template = "sonarr-v4-quality-profile-bluray-web-1080p-french-multi-vf"; + } + { + template = "sonarr-v4-custom-formats-bluray-web-1080p-french-multi-vf"; + } { template = "sonarr-v4-quality-profile-bluray-web-1080p-french-multi-vo"; } @@ -147,74 +137,52 @@ { trash_ids = [ "2c29a39a4fdfd6d258799bc4c09731b9" # VFF + "34789ec3caa819f087e23bbf9999daf7" # VF2 + ]; + assign_scores_to = [ + { + name = "FR-MULTi-VF-WEB-1080p"; + score = 101; + } + { + name = "FR-MULTi-VO-WEB-1080p"; + score = 101; + } ]; - assign_scores_to = { - name = "FR-MULTi-VO-WEB-1080p"; - score = 101; - }; } { trash_ids = [ "7ae924ee9b2f39df3283c6c0beb8a2aa" # VOF - ]; - assign_scores_to = { - name = "FR-MULTi-VO-WEB-1080p"; - score = 0; - }; - } - { - trash_ids = [ "b6816a0e1d4b64bf3550ad3b74b009b6" # VFI + "802dd70b856c423a9b0cb7f34ac42be1" # VOQ + "82085412d9a53ba8d8e46fc624eb701d" # VQ + "0ce1e39a4676c6692ce47935278dac76" # VFB ]; - assign_scores_to = { - name = "FR-MULTi-VO-WEB-1080p"; - score = 0; - }; - } - { - trash_ids = [ - "34789ec3caa819f087e23bbf9999daf7" # VF2 + assign_scores_to = [ + { + name = "FR-MULTi-VF-WEB-1080p"; + score = 0; + } + { + name = "FR-MULTi-VO-WEB-1080p"; + score = 0; + } ]; - assign_scores_to = { - name = "FR-MULTi-VO-WEB-1080p"; - score = 101; - }; } { trash_ids = [ "7a7f4e4f58bd1058440236d033a90b67" # VFQ ]; - assign_scores_to = { - name = "FR-MULTi-VO-WEB-1080p"; - score = -101; - }; - } - { - trash_ids = [ - "802dd70b856c423a9b0cb7f34ac42be1" # VOQ + assign_scores_to = [ + { + name = "FR-MULTi-VF-WEB-1080p"; + score = -101; + } + { + name = "FR-MULTi-VO-WEB-1080p"; + score = -101; + } ]; - assign_scores_to = { - name = "FR-MULTi-VO-WEB-1080p"; - score = 0; - }; - } - { - trash_ids = [ - "82085412d9a53ba8d8e46fc624eb701d" # VQ - ]; - assign_scores_to = { - name = "FR-MULTi-VO-WEB-1080p"; - score = 0; - }; - } - { - trash_ids = [ - "0ce1e39a4676c6692ce47935278dac76" # VFB - ]; - assign_scores_to = { - name = "FR-MULTi-VO-WEB-1080p"; - score = 0; - }; } ]; From f7a86fb7786645b32b1660a5490c1aca273b3713 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 9 Jun 2025 22:37:22 +0200 Subject: [PATCH 236/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/7c43f080a7f28b2774f3b3f43234ca11661bf334?narHash=sha256-rqc2RKYTxP3tbjA%2BPB3VMRQNnjesrT0pEofXQTrMsS8%3D' (2025-05-25) → 'github:NixOS/nixpkgs/70c74b02eac46f4e4aa071e45a6189ce0f6d9265?narHash=sha256-N5waoqWt8aMr/MykZjSErOokYH6rOsMMXu3UOVH5kiw%3D' (2025-06-06) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/62b852f6c6742134ade1abdd2a21685fd617a291?narHash=sha256-R5HJFflOfsP5FBtk%2BzE8FpL8uqE7n62jqOsADvVshhE%3D' (2025-05-25) → 'github:NixOS/nixpkgs/3e3afe5174c561dee0df6f2c2b2236990146329f?narHash=sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU%3D' (2025-06-07) • Updated input 'nixvim': 'github:nix-community/nixvim/cfea16cdbe4f13b5d39dfe3df747092448252c9d?narHash=sha256-1bGQAkqnGyov/tfiJw1HTK3vTHrgEo977J6RfjqrH0s%3D' (2025-05-25) → 'github:nix-community/nixvim/168a51a36f3a10f0046dcec125ee9b3480dc622b?narHash=sha256-x9YXIwWgxLmqpmKVdA0JojCbL4hNNwxKKFXFuM0Jo54%3D' (2025-06-08) • Updated input 'nixvim/flake-parts': 'github:hercules-ci/flake-parts/c621e8422220273271f52058f618c94e405bb0f5?narHash=sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY%3D' (2025-04-01) → 'github:hercules-ci/flake-parts/49f0870db23e8c1ca0b5259734a02cd9e1e371a1?narHash=sha256-F82%2BgS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE%3D' (2025-06-01) • Updated input 'nixvim/nuschtosSearch': 'github:NuschtOS/search/066afe8643274470f4a294442aadd988356a478f?narHash=sha256-8v4y6k16Ra/fiecb4DxhsoOGtzLKgKlS%2B9/XJ9z0T2I%3D' (2025-04-19) → 'github:NuschtOS/search/f8a1c221afb8b4c642ed11ac5ee6746b0fe1d32f?narHash=sha256-PP11GVwUt7F4ZZi5A5%2B99isuq39C59CKc5u5yVisU/U%3D' (2025-05-26) • Updated input 'nixvim/nuschtosSearch/ixx': 'github:NuschtOS/ixx/a1176e2a10ce745ff8f63e4af124ece8fe0b1648?narHash=sha256-fTVAWzT1UMm1lT%2BYxHuVPtH%2BDATrhYfea3B0MxG/cGw%3D' (2025-01-20) → 'github:NuschtOS/ixx/cc5f390f7caf265461d4aab37e98d2292ebbdb85?narHash=sha256-FVO01jdmUNArzBS7NmaktLdGA5qA3lUMJ4B7a05Iynw%3D' (2025-05-26) --- flake.lock | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/flake.lock b/flake.lock index 16ddfe7..441328c 100644 --- a/flake.lock +++ b/flake.lock @@ -61,11 +61,11 @@ ] }, "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "lastModified": 1748821116, + "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1", "type": "github" }, "original": { @@ -175,27 +175,27 @@ ] }, "locked": { - "lastModified": 1737371634, - "narHash": "sha256-fTVAWzT1UMm1lT+YxHuVPtH+DATrhYfea3B0MxG/cGw=", + "lastModified": 1748294338, + "narHash": "sha256-FVO01jdmUNArzBS7NmaktLdGA5qA3lUMJ4B7a05Iynw=", "owner": "NuschtOS", "repo": "ixx", - "rev": "a1176e2a10ce745ff8f63e4af124ece8fe0b1648", + "rev": "cc5f390f7caf265461d4aab37e98d2292ebbdb85", "type": "github" }, "original": { "owner": "NuschtOS", - "ref": "v0.0.7", + "ref": "v0.0.8", "repo": "ixx", "type": "github" } }, "nixpkgs": { "locked": { - "lastModified": 1748162331, - "narHash": "sha256-rqc2RKYTxP3tbjA+PB3VMRQNnjesrT0pEofXQTrMsS8=", + "lastModified": 1749237914, + "narHash": "sha256-N5waoqWt8aMr/MykZjSErOokYH6rOsMMXu3UOVH5kiw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7c43f080a7f28b2774f3b3f43234ca11661bf334", + "rev": "70c74b02eac46f4e4aa071e45a6189ce0f6d9265", "type": "github" }, "original": { @@ -222,11 +222,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1748190013, - "narHash": "sha256-R5HJFflOfsP5FBtk+zE8FpL8uqE7n62jqOsADvVshhE=", + "lastModified": 1749285348, + "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "62b852f6c6742134ade1abdd2a21685fd617a291", + "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f", "type": "github" }, "original": { @@ -245,11 +245,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1748197635, - "narHash": "sha256-1bGQAkqnGyov/tfiJw1HTK3vTHrgEo977J6RfjqrH0s=", + "lastModified": 1749378622, + "narHash": "sha256-x9YXIwWgxLmqpmKVdA0JojCbL4hNNwxKKFXFuM0Jo54=", "owner": "nix-community", "repo": "nixvim", - "rev": "cfea16cdbe4f13b5d39dfe3df747092448252c9d", + "rev": "168a51a36f3a10f0046dcec125ee9b3480dc622b", "type": "github" }, "original": { @@ -269,11 +269,11 @@ ] }, "locked": { - "lastModified": 1745046075, - "narHash": "sha256-8v4y6k16Ra/fiecb4DxhsoOGtzLKgKlS+9/XJ9z0T2I=", + "lastModified": 1748298102, + "narHash": "sha256-PP11GVwUt7F4ZZi5A5+99isuq39C59CKc5u5yVisU/U=", "owner": "NuschtOS", "repo": "search", - "rev": "066afe8643274470f4a294442aadd988356a478f", + "rev": "f8a1c221afb8b4c642ed11ac5ee6746b0fe1d32f", "type": "github" }, "original": { From e6506a87292f6ab0df749f5040854ebf6e15d707 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 9 Jun 2025 23:03:53 +0200 Subject: [PATCH 237/240] fix systemd unit --- systems/LoutreOS/network.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 80ae72a..3e437bd 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -247,7 +247,7 @@ }; networkConfig = { - KeepConfiguration = "dhcp-on-stop"; + KeepConfiguration = "dynamic-on-stop"; IPv6AcceptRA = true; DHCPPrefixDelegation = true; }; From b0c45e48b3ccce4e6e79d5ded060c8611a410f7c Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 13 Jun 2025 08:59:49 +0200 Subject: [PATCH 238/240] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/70c74b02eac46f4e4aa071e45a6189ce0f6d9265?narHash=sha256-N5waoqWt8aMr/MykZjSErOokYH6rOsMMXu3UOVH5kiw%3D' (2025-06-06) → 'github:NixOS/nixpkgs/fd487183437963a59ba763c0cc4f27e3447dd6dd?narHash=sha256-mHv/yeUbmL91/TvV95p%2BmBVahm9mdQMJoqaTVTALaFw%3D' (2025-06-12) • Updated input 'nixvim': 'github:nix-community/nixvim/168a51a36f3a10f0046dcec125ee9b3480dc622b?narHash=sha256-x9YXIwWgxLmqpmKVdA0JojCbL4hNNwxKKFXFuM0Jo54%3D' (2025-06-08) → 'github:nix-community/nixvim/88f452558ea37ab8ab2052cf45b5a5653a1e556b?narHash=sha256-X%2BPDQ9kgt3/nOUQWSyz/8WHFOp%2BSyDND%2BbKpVufxpdE%3D' (2025-06-12) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 441328c..83e46d4 100644 --- a/flake.lock +++ b/flake.lock @@ -191,11 +191,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1749237914, - "narHash": "sha256-N5waoqWt8aMr/MykZjSErOokYH6rOsMMXu3UOVH5kiw=", + "lastModified": 1749727998, + "narHash": "sha256-mHv/yeUbmL91/TvV95p+mBVahm9mdQMJoqaTVTALaFw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "70c74b02eac46f4e4aa071e45a6189ce0f6d9265", + "rev": "fd487183437963a59ba763c0cc4f27e3447dd6dd", "type": "github" }, "original": { @@ -245,11 +245,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1749378622, - "narHash": "sha256-x9YXIwWgxLmqpmKVdA0JojCbL4hNNwxKKFXFuM0Jo54=", + "lastModified": 1749702372, + "narHash": "sha256-X+PDQ9kgt3/nOUQWSyz/8WHFOp+SyDND+bKpVufxpdE=", "owner": "nix-community", "repo": "nixvim", - "rev": "168a51a36f3a10f0046dcec125ee9b3480dc622b", + "rev": "88f452558ea37ab8ab2052cf45b5a5653a1e556b", "type": "github" }, "original": { From 41686a2372d9af8c8b930528193db133a394f80d Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 13 Jun 2025 09:23:14 +0200 Subject: [PATCH 239/240] transmission: allow more time to boot --- systems/LoutreOS/medias.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index b2764bc..742c719 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -204,6 +204,10 @@ "sonarr-api_key:/mnt/secrets/sonarr-api_key" ]; + systemd.services.transmission.serviceConfig = { + TimeoutStartSec = "20min"; + }; + networking = { firewall.allowedTCPPorts = [ config.services.transmission.settings.peer-port From ac583b520185dea679c709aa21c1c73a7fed8681 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 13 Jun 2025 09:45:59 +0200 Subject: [PATCH 240/240] migrate to wayland --- systems/common-gui.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/systems/common-gui.nix b/systems/common-gui.nix index cdcad6c..74c0990 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -109,11 +109,11 @@ }; services = { - # desktopManager.plasma6.enable = true; + desktopManager.plasma6.enable = true; displayManager = { sddm = { enable = true; - # wayland.enable = true; + wayland.enable = true; autoLogin.relogin = true; }; }; @@ -121,7 +121,6 @@ enable = true; xkb.layout = "fr"; exportConfiguration = true; - desktopManager.plasma5.enable = true; }; pipewire = { enable = true;