nyanloutre/nixos-config
1
1
Fork 1
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: nyanloutre:b1987859d5728e7a05fd8f4f95b7063a4cd18c6b
Branches Tags
nyanloutre:master
..
compare: nyanloutre:3bba3d3e233332836865d632572441b011275c54
Branches Tags
nyanloutre:master

5 Commits
b1987859d5 ... 3bba3d3e23

Author SHA1 Message Date
nyanloutre
3bba3d3e23 Automatisation mise à jour site Max 2018-09-16 16:29:26 +02:00
nyanloutre
daff7842ea Accès NFS via VPN Wireguard 2018-09-16 16:29:07 +02:00
nyanloutre
fd9b34cd2f Configuration VPN Wireguard 2018-09-16 16:28:47 +02:00
nyanloutre
42d4d02071 [haproxy] remplacement url_beg par path_beg 2018-09-16 16:28:16 +02:00
nyanloutre
62402392e9 Installation paquet file 2018-09-16 16:26:50 +02:00
3 changed files with 81 additions and 23 deletions
Show Stats Expand all files Collapse all files

47
services/site-max.nix
View File

@ -28,14 +28,51 @@ in
${cfg.domaine} = { ip = "127.0.0.1"; port = cfg.port; auth = false; }; ${cfg.domaine} = { ip = "127.0.0.1"; port = cfg.port; auth = false; };
}; };
services.nginx.virtualHosts = { services.nginx = {
"max" = { virtualHosts = {
listen = [ { addr = "127.0.0.1"; port = cfg.port; } ]; "max" = {
locations."/" = { listen = [ { addr = "127.0.0.1"; port = cfg.port; } ];
root = pkgs.site-max; locations."/" = {
root = "/run/site-max/result";
};
}; };
}; };
}; };
systemd.services.build-site-max = {
description = "Compilation du site de Max Spiegel";
requires = ["network-online.target"];
path = with pkgs;[ git nix ];
environment = { HOME = "/var/lib/site-max"; NIX_PATH = "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs"; };
serviceConfig = {
DynamicUser = true;
RuntimeDirectory = "site-max";
RuntimeDirectoryPreserve = "yes";
CacheDirectory = "site-max";
Type = "oneshot";
ExecStart = "${pkgs.writeShellScriptBin "build.sh" ''
set -x
set -e
GIT_CLONE_DIR=/var/cache/site-max
if [ ! -d $GIT_CLONE_DIR/.git ]; then
git clone --depth 1 https://github.com/nyanloutre/site-max.git $GIT_CLONE_DIR
else
git -C $GIT_CLONE_DIR pull
fi
nix-build -o /run/site-max/result $GIT_CLONE_DIR
''}/bin/build.sh";
};
};
systemd.timers.build-site-max = {
description = "Timer de compilation du site de Max";
requires = ["network-online.target"];
wantedBy = ["multi-user.target"];
timerConfig = { OnCalendar = "*:0/5"; Unit = "build-site-max.service"; };
};
}; };
} }

1
systems/LoutreOS/configuration.nix
View File

@ -62,6 +62,7 @@
telnet telnet
tldr tldr
fzf fzf
file
]; ];
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;

56
systems/LoutreOS/services.nix
View File

@ -42,8 +42,8 @@ in
services = { services = {
"grafana.${domaine}" = { ip = "127.0.0.1"; port = 3000; auth = true; }; "grafana.${domaine}" = { ip = "127.0.0.1"; port = 3000; auth = true; };
"emby.${domaine}" = { ip = "127.0.0.1"; port = 8096; auth = false; }; "emby.${domaine}" = { ip = "127.0.0.1"; port = 8096; auth = false; };
"radarr.${domaine}" = { ip = "127.0.0.1"; port = 7878; auth = true; extraAcls = "acl API url_beg /api\n"; aclBool = "!AUTH_OK !API"; }; "radarr.${domaine}" = { ip = "127.0.0.1"; port = 7878; auth = true; extraAcls = "acl API path_beg /api\n"; aclBool = "!AUTH_OK !API"; };
"sonarr.${domaine}" = { ip = "127.0.0.1"; port = 8989; auth = true; extraAcls = "acl API url_beg /api\n"; aclBool = "!AUTH_OK !API"; }; "sonarr.${domaine}" = { ip = "127.0.0.1"; port = 8989; auth = true; extraAcls = "acl API path_beg /api\n"; aclBool = "!AUTH_OK !API"; };
"transmission.${domaine}" = { ip = "127.0.0.1"; port = 9091; auth = true; }; "transmission.${domaine}" = { ip = "127.0.0.1"; port = 9091; auth = true; };
"syncthing.${domaine}" = { ip = "127.0.0.1"; port = 8384; auth = true; }; "syncthing.${domaine}" = { ip = "127.0.0.1"; port = 8384; auth = true; };
"jackett.${domaine}" = { ip = "127.0.0.1"; port = 9117; auth = true; }; "jackett.${domaine}" = { ip = "127.0.0.1"; port = 9117; auth = true; };
@ -171,7 +171,7 @@ in
nfs.server = { nfs.server = {
enable = true; enable = true;
exports = '' exports = ''
/mnt/medias 192.168.0.0/24(ro,no_root_squash) /mnt/medias 192.168.0.0/16(ro,no_root_squash)
/exports/steam 192.168.0.0/24(rw,no_root_squash) /exports/steam 192.168.0.0/24(rw,no_root_squash)
''; '';
statdPort = 4000; statdPort = 4000;
@ -394,19 +394,39 @@ in
{ commands = [ { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } ]; users = [ "telegraf" ]; } { commands = [ { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } ]; users = [ "telegraf" ]; }
]; ];
networking.firewall.allowedTCPPorts = [ networking = {
111 2049 4000 4001 4002 # NFS wireguard.interfaces = {
3483 9000 9090 # Slimserver wg0 = {
51413 # Transmission ips = [ "192.168.20.1/24" ];
8448 # Matrix federation privateKeyFile = "/mnt/secrets/wireguard/wg0.privatekey";
20 21 # FTP listenPort = 51820;
]; allowedIPsAsRoutes = false;
networking.firewall.allowedTCPPortRanges = [ peers = [
{ from = 64000; to = 65535; } # FTP {
]; allowedIPs = [ "0.0.0.0/0" ];
networking.firewall.allowedUDPPorts = [ publicKey = "b/SXiqo+GPdNOc54lyEVeUBc6B5AbVMKh+g5EZPGzlE=";
111 2049 4000 4001 4002 # NFS }
3483 # Slimserver ];
51413 # Transmission };
]; };
firewall.allowedTCPPorts = [
111 2049 4000 4001 4002 # NFS
3483 9000 9090 # Slimserver
51413 # Transmission
8448 # Matrix federation
20 21 # FTP
];
firewall.allowedTCPPortRanges = [
{ from = 64000; to = 65535; } # FTP
];
firewall.allowedUDPPorts = [
111 2049 4000 4001 4002 # NFS
3483 # Slimserver
51413 # Transmission
51820 # Wireguard
];
};
} }