From d43f3bed0183c6d16b7f362436172b1baf4c3578 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 6 Jan 2021 02:06:34 +0100 Subject: [PATCH 1/8] LoutreOS: disable docs --- systems/LoutreOS/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 65c875f..76d572f 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -32,6 +32,8 @@ in "nixos-config=/etc/nixos/configuration.nix" ]; + documentation.nixos.enable = false; + nixpkgs.config.allowUnfree = false; nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem pkg.pname or (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.32.0-slimserver" "minecraft-server" ]); From 8a2ca1fa21cdce18424e33f2c8e169dae6cfa90d Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 6 Jan 2021 02:07:56 +0100 Subject: [PATCH 2/8] LoutreOS: airsonic -> navidrome --- systems/LoutreOS/medias.nix | 7 +++++-- systems/LoutreOS/web.nix | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index f643edf..6ed2c0e 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -29,9 +29,12 @@ dataDir = "/var/lib/slimserver"; }; - airsonic = { + navidrome = { enable = true; - maxMemory = 500; + settings = { + MusicFolder = "/mnt/medias/musique"; + ImageCacheSize = 0; + }; }; }; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 2d5518e..d7c7a7f 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -198,10 +198,10 @@ in "jackett.nyanlout.re" = authReverse 9117; "pgmanage.nyanlout.re" = authReverse config.services.pgmanage.port; "matrix.nyanlout.re" = simpleReverse 8008; - "airsonic.nyanlout.re" = simpleReverse 4040; "emby.nyanlout.re" = simpleReverse 8096; "ci.nyanlout.re" = simpleReverse 52350; "gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort; + "musique.nyanlout.re" = simpleReverse config.services.navidrome.settings.Port; "apart.nyanlout.re" = recursiveUpdate (simpleReverse config.services.home-assistant.port) { locations."/" = { proxyWebsockets = true; From 21740ed665ee0aadaecefbfa3e7358e0764c3cc6 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 6 Jan 2021 02:12:01 +0100 Subject: [PATCH 3/8] LoutreOS: indexation de logs nginx avec Loki --- systems/LoutreOS/monitoring.nix | 91 +++++++++++++++++++++++++++++++++ systems/LoutreOS/services.nix | 14 +++++ systems/LoutreOS/web.nix | 7 ++- 3 files changed, 111 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/monitoring.nix b/systems/LoutreOS/monitoring.nix index d60beed..b1ce207 100644 --- a/systems/LoutreOS/monitoring.nix +++ b/systems/LoutreOS/monitoring.nix @@ -112,8 +112,99 @@ in ZED_EMAIL_ADDR = [ "paul@nyanlout.re" ]; ZED_NOTIFY_VERBOSE = true; }; + + loki = { + enable = true; + configuration = { + auth_enabled = false; + server.http_listen_port = 3100; + ingester = { + lifecycler = { + address = "127.0.0.1"; + ring = { + kvstore.store = "inmemory"; + replication_factor = 1; + }; + }; + chunk_idle_period = "1h"; + chunk_target_size = 1000000; + }; + schema_config.configs = [ + { + from = "2018-04-15"; + store = "boltdb"; + object_store = "filesystem"; + schema = "v11"; + index = { + prefix = "index_"; + period = "168h"; + }; + } + ]; + storage_config = { + boltdb.directory = "/var/lib/loki/index"; + filesystem.directory = "/var/lib/loki/chunks"; + }; + limits_config = { + enforce_metric_name = false; + reject_old_samples = true; + reject_old_samples_max_age = "168h"; + }; + chunk_store_config.max_look_back_period = "168h"; + table_manager = { + retention_deletes_enabled = true; + retention_period = "168h"; + }; + }; + }; + + promtail = { + enable = true; + configuration = { + server = { + http_listen_port = 9080; + grpc_listen_port = 0; + }; + positions.filename = "/tmp/positions.yaml"; + clients = [ { url = "http://127.0.0.1:3100/loki/api/v1/push"; } ]; + scrape_configs = [ + { + job_name = "nginx"; + static_configs = [ + { + labels = { + job = "nginx"; + __path__ = "/var/log/nginx/*log"; + }; + } + ]; + pipeline_stages = [ + { + match = { + selector = ''{job="nginx"}''; + stages = [ + { + regex.expression = ''^(?P[\w\.]+) - (?P[^ ]*) \[(?P.*)\] "(?P[^ ]*) (?P[^ ]*) (?P[^ ]*)" (?P[\d]+) (?P[\d]+) "(?P[^"]*)" "(?P[^"]*)"?''; + } + { + labels = { + method = null; + request = null; + status = null; + }; + } + ]; + }; + } + ]; + } + ]; + }; + }; }; + systemd.services.promtail.serviceConfig.SupplementaryGroups = [ "nginx" ]; + security.sudo.extraRules = [ { commands = [ { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } ]; users = [ "telegraf" ]; } ]; diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 171056b..db1aced 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -35,6 +35,20 @@ in ]; services = { + logrotate = { + enable = true; + paths = { + nginx = { + path = "/var/log/nginx/*.log"; + user = config.services.nginx.user; + group = config.services.nginx.group; + keep = 7; + extraConfig = '' + compress + ''; + }; + }; + }; fail2ban.enable = true; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index d7c7a7f..8c54545 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -222,7 +222,12 @@ in include ${pkgs.nginx}/conf/fastcgi.conf; ''; }; - } // { root = "/mnt/medias/iso_linux"; }; + } // { + root = "/mnt/medias/iso_linux"; + extraConfig = '' + access_log /var/log/nginx/$host.log; + ''; + }; }; appendConfig = let rootLocation = config.services.nginx.virtualHosts."stream.nyanlout.re".locations."/".root; From ba3ee04a83f5d39d4d0b9ea3ebce3db84bc29b27 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 6 Jan 2021 02:12:21 +0100 Subject: [PATCH 4/8] LoutreOS: disable vsftpd --- systems/LoutreOS/services.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index db1aced..25a8ed4 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -27,7 +27,7 @@ in ../../services/mail-server.nix ../../services/python-ci.nix ../../services/sdtdserver.nix - ../../containers/vsftpd.nix + # ../../containers/vsftpd.nix # /mnt/secrets/factorio_secrets.nix ./monitoring.nix ./medias.nix From 9a52f93a41be9f533dedc9beeb4e3f1cc3c0da86 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 6 Jan 2021 02:13:08 +0100 Subject: [PATCH 5/8] LoutreOS: ajout zeegbee home-assistant --- systems/LoutreOS/services.nix | 182 ++++++++++++++++++++++++++++++---- 1 file changed, 164 insertions(+), 18 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 25a8ed4..8822d0f 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -277,6 +277,7 @@ in "10.40.249.1".name = "Bureau"; "10.40.249.2".name = "Cuisine"; }; + zha = null; esphome = null; light = [ { @@ -400,7 +401,27 @@ in ]; automation = let min_sun_elevation = 4; + + switch_chambre = { + domain = "zha"; + platform = "device"; + device_id = "3329ecdcad244e5e8fc0f4b96d52ffe1"; + }; + + switch_entree = { + domain = "zha"; + platform = "device"; + device_id = "7cd814190ec543dba76a7aa7e7996c41"; + }; + + remote = { + domain = "zha"; + platform = "device"; + device_id = "d1230b76264e483388a8fdaad4f44143"; + }; in [ + # ENTREE + { alias = "Aziz lumière"; trigger = [ @@ -410,11 +431,6 @@ in value_template = "{{ state.attributes.elevation }}"; below = min_sun_elevation; } - { - platform = "state"; - entity_id = "person.paul"; - to = "home"; - } ]; condition = [ { @@ -427,27 +443,34 @@ in condition = "template"; value_template = "{{ state_attr('sun.sun', 'elevation') < ${toString min_sun_elevation} }}"; } - # All lights off - { - condition = "template"; - value_template = '' - {% set domain = 'light' %} - {% set state = 'off' %} - {{ states[domain] | count == states[domain] | selectattr('state','eq', state) | list | count }} - ''; - } ]; action = { scene = "scene.home"; }; } { - alias = "Adios"; + alias = "Aziz lumière switch"; trigger = { - platform = "state"; - entity_id = "person.paul"; - to = "not_home"; + type = "remote_button_short_press"; + subtype = "turn_on"; + } // switch_entree; + action = { + scene = "scene.home"; }; + } + { + alias = "Adios"; + trigger = [ + { + platform = "state"; + entity_id = "person.paul"; + to = "not_home"; + } + ({ + type = "remote_button_short_press"; + subtype = "turn_off"; + } // switch_entree) + ]; action = [ { service = "light.turn_off"; @@ -459,6 +482,129 @@ in } ]; } + + # REMOTE + + { + alias = "Button toggle"; + trigger = { + type = "remote_button_short_press"; + subtype = "turn_on"; + } // remote; + action = { + choose = { + conditions = { + condition = "template"; + value_template = '' + {% set domain = 'light' %} + {% set state = 'off' %} + {{ states[domain] | count == states[domain] | selectattr('state','eq',state) | list | count }} + ''; + }; + sequence = { + scene = "scene.home"; + }; + }; + default = { + service = "light.turn_off"; + entity_id = "all"; + }; + }; + } + { + alias = "Button scene movie"; + trigger = { + type = "remote_button_short_press"; + subtype = "right"; + } // remote; + action = { + scene = "scene.movie"; + }; + } + { + alias = "Button scene home"; + trigger = { + type = "remote_button_short_press"; + subtype = "left"; + } // remote; + action = { + scene = "scene.home"; + }; + } + { + alias = "Button light up"; + trigger = { + type = "remote_button_short_press"; + subtype = "dim_up"; + } // remote; + action = { + service = "light.turn_on"; + entity_id = "light.salon"; + data = { + brightness_step = 25; + }; + }; + } + { + alias = "Button light down"; + trigger = { + type = "remote_button_short_press"; + subtype = "dim_down"; + } // remote; + action = { + service = "light.turn_on"; + entity_id = "light.salon"; + data = { + brightness_step = -25; + }; + }; + } + + # CHAMBRE + + { + alias = "Button scene night"; + trigger = { + type = "remote_button_short_press"; + subtype = "turn_on"; + } // switch_chambre; + action = { + scene = "scene.night"; + }; + } + { + alias = "Button scene dodo"; + trigger = { + type = "remote_button_short_press"; + subtype = "turn_off"; + } // switch_chambre; + action = { + service = "light.turn_off"; + entity_id = "all"; + }; + } + { + alias = "Button scene lumière chambre ON"; + trigger = { + type = "remote_button_long_press"; + subtype = "dim_up"; + } // switch_chambre; + action = { + service = "light.turn_on"; + entity_id = "light.chambre"; + }; + } + { + alias = "Button scene lumière chambre OFF"; + trigger = { + type = "remote_button_long_press"; + subtype = "dim_down"; + } // switch_chambre; + action = { + service = "light.turn_off"; + entity_id = "light.chambre"; + }; + } ]; }; }; From 866106f86d3f1acddef9cd5887e667b97c5d9416 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 6 Jan 2021 02:15:38 +0100 Subject: [PATCH 6/8] LoutreOS: ajout config php redis --- systems/LoutreOS/services.nix | 2 ++ systems/LoutreOS/web.nix | 7 +++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 8822d0f..266d9d1 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -35,6 +35,8 @@ in ]; services = { + redis.enable = true; + logrotate = { enable = true; paths = { diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 8c54545..3400771 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -57,6 +57,7 @@ in services = { phpfpm.pools.work = { user = config.users.users.work.name; + phpPackage = pkgs.php.withExtensions ({ all, ... }: with all; [ redis filter ]); settings = { "listen.owner" = config.services.nginx.user; "pm" = "dynamic"; @@ -214,7 +215,7 @@ in dav_ext_methods PROPFIND OPTIONS; ''; }; - "/_h5ai/public/index.php" = { + "~ ^/(_h5ai/public/index|random).php" = { extraConfig = '' fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:${config.services.phpfpm.pools.work.socket}; @@ -319,7 +320,9 @@ in systemd.services.phpfpm-work.serviceConfig = { ReadOnlyPaths = "/mnt/medias/iso_linux"; - ReadWritePaths = "/mnt/medias/iso_linux/_h5ai"; + ReadWritePaths = [ + "/mnt/medias/iso_linux/_h5ai" + ]; }; systemd.services.site-musique = let From 20939b47b7f41456ba17dfc313b97097dd359c9b Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 6 Jan 2021 02:20:58 +0100 Subject: [PATCH 7/8] =?UTF-8?q?LoutreOS:=20d=C3=A9placement=20serveur=20rt?= =?UTF-8?q?mp?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- systems/LoutreOS/web.nix | 39 ++------------------------------------- 1 file changed, 2 insertions(+), 37 deletions(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 3400771..bd64941 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -71,7 +71,7 @@ in nginx = { enable = true; package = pkgs.nginx.override { - modules = with pkgs.nginxModules; [ rtmp dav ]; + modules = with pkgs.nginxModules; [ dav ]; }; recommendedGzipSettings = true; recommendedOptimisation = true; @@ -183,11 +183,7 @@ in "maxspiegel.fr" = base { "/" = { root = "/run/python-ci/nyanloutre/site-max"; }; }; "stream.nyanlout.re" = base { "/" = { - root = "/var/www/hls/"; - extraConfig = '' - add_header Cache-Control no-cache; - add_header Access-Control-Allow-Origin *; - ''; + proxyPass = "http://10.30.135.71"; }; }; "login.nyanlout.re" = simpleReverse config.services.nginx.sso.configuration.listen.port; @@ -230,37 +226,6 @@ in ''; }; }; - appendConfig = let - rootLocation = config.services.nginx.virtualHosts."stream.nyanlout.re".locations."/".root; - in '' - rtmp { - server { - listen 1935; - - application live { - live on; - - exec_push ${pkgs.ffmpeg}/bin/ffmpeg -i rtmp://localhost/$app/$name -async 1 -vsync -1 - -c:v libx264 -c:a aac -b:v 768k -b:a 96k -vf "scale=720:trunc(ow/a/2)*2" -tune zerolatency -preset ultrafast -crf 28 -f flv rtmp://localhost/show/$name_mid - -c:v libx264 -c:a aac -b:v 1024k -b:a 128k -vf "scale=960:trunc(ow/a/2)*2" -tune zerolatency -preset ultrafast -crf 28 -f flv rtmp://localhost/show/$name_high - -c copy -f flv rtmp://localhost/show/$name_src 2>>${rootLocation}/ffmpeg-$name.log; - } - - application show { - live on; - hls on; - - hls_path ${rootLocation}; - hls_fragment 3s; - hls_playlist_length 60s; - - hls_variant _mid BANDWIDTH=448000; # Medium bitrate, SD resolution - hls_variant _high BANDWIDTH=1152000; # High bitrate, higher-than-SD resolution - hls_variant _src BANDWIDTH=4096000; # Source bitrate, source resolution - } - } - } - ''; }; postgresql = { From 3e440a97762e7146ebdd35c17117017ee21ec464 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 6 Jan 2021 02:22:05 +0100 Subject: [PATCH 8/8] LoutreOS: disable Mastodon --- systems/LoutreOS/web.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index bd64941..994131d 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -263,7 +263,7 @@ in python-ci.enable = true; mastodon = { - enable = true; + enable = false; localDomain = "social.nyanlout.re"; configureNginx = true; extraConfig = {