nyanloutre/nixos-config
1
1
Fork 1
Code Issues Pull requests Releases Wiki Activity

Compare commits

base: nyanloutre:c2c0d2bb05ee678aab19a59780f9011aea041ae1
Branches Tags
nyanloutre:master
...
compare: nyanloutre:3e440a97762e7146ebdd35c17117017ee21ec464
Branches Tags
nyanloutre:master

8 commits
c2c0d2bb05 ... 3e440a9776

Author SHA1 Message Date
nyanloutre
3e440a9776 LoutreOS: disable Mastodon 2021-01-06 02:22:05 +01:00
nyanloutre
20939b47b7 LoutreOS: déplacement serveur rtmp 2021-01-06 02:20:58 +01:00
nyanloutre
866106f86d LoutreOS: ajout config php redis 2021-01-06 02:18:41 +01:00
nyanloutre
9a52f93a41 LoutreOS: ajout zeegbee home-assistant 2021-01-06 02:13:08 +01:00
nyanloutre
ba3ee04a83 LoutreOS: disable vsftpd 2021-01-06 02:12:21 +01:00
nyanloutre
21740ed665 LoutreOS: indexation de logs nginx avec Loki 2021-01-06 02:12:01 +01:00
nyanloutre
8a2ca1fa21 LoutreOS: airsonic -> navidrome 2021-01-06 02:07:56 +01:00
nyanloutre
d43f3bed01 LoutreOS: disable docs 2021-01-06 02:06:34 +01:00
5 changed files with 294 additions and 63 deletions
Show stats Expand all files Collapse all files

2
systems/LoutreOS/configuration.nix
View file

@ -32,6 +32,8 @@ in
"nixos-config=/etc/nixos/configuration.nix" "nixos-config=/etc/nixos/configuration.nix"
]; ];
documentation.nixos.enable = false;
nixpkgs.config.allowUnfree = false; nixpkgs.config.allowUnfree = false;
nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem pkg.pname or (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.32.0-slimserver" "minecraft-server" ]); nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem pkg.pname or (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.32.0-slimserver" "minecraft-server" ]);

7
systems/LoutreOS/medias.nix
View file

@ -29,9 +29,12 @@
dataDir = "/var/lib/slimserver"; dataDir = "/var/lib/slimserver";
}; };
airsonic = { navidrome = {
enable = true; enable = true;
maxMemory = 500; settings = {
MusicFolder = "/mnt/medias/musique";
ImageCacheSize = 0;
};
}; };
}; };

91
systems/LoutreOS/monitoring.nix
View file

@ -112,8 +112,99 @@ in
ZED_EMAIL_ADDR = [ "paul@nyanlout.re" ]; ZED_EMAIL_ADDR = [ "paul@nyanlout.re" ];
ZED_NOTIFY_VERBOSE = true; ZED_NOTIFY_VERBOSE = true;
}; };
loki = {
enable = true;
configuration = {
auth_enabled = false;
server.http_listen_port = 3100;
ingester = {
lifecycler = {
address = "127.0.0.1";
ring = {
kvstore.store = "inmemory";
replication_factor = 1;
};
};
chunk_idle_period = "1h";
chunk_target_size = 1000000;
};
schema_config.configs = [
{
from = "2018-04-15";
store = "boltdb";
object_store = "filesystem";
schema = "v11";
index = {
prefix = "index_";
period = "168h";
};
}
];
storage_config = {
boltdb.directory = "/var/lib/loki/index";
filesystem.directory = "/var/lib/loki/chunks";
};
limits_config = {
enforce_metric_name = false;
reject_old_samples = true;
reject_old_samples_max_age = "168h";
};
chunk_store_config.max_look_back_period = "168h";
table_manager = {
retention_deletes_enabled = true;
retention_period = "168h";
};
};
};
promtail = {
enable = true;
configuration = {
server = {
http_listen_port = 9080;
grpc_listen_port = 0;
};
positions.filename = "/tmp/positions.yaml";
clients = [ { url = "http://127.0.0.1:3100/loki/api/v1/push"; } ];
scrape_configs = [
{
job_name = "nginx";
static_configs = [
{
labels = {
job = "nginx";
__path__ = "/var/log/nginx/*log";
};
}
];
pipeline_stages = [
{
match = {
selector = ''{job="nginx"}'';
stages = [
{
regex.expression = ''^(?P<remote_addr>[\w\.]+) - (?P<remote_user>[^ ]*) \[(?P<time_local>.*)\] "(?P<method>[^ ]*) (?P<request>[^ ]*) (?P<protocol>[^ ]*)" (?P<status>[\d]+) (?P<body_bytes_sent>[\d]+) "(?P<http_referer>[^"]*)" "(?P<http_user_agent>[^"]*)"?'';
}
{
labels = {
method = null;
request = null;
status = null;
};
}
];
};
}
];
}
];
};
};
}; };
systemd.services.promtail.serviceConfig.SupplementaryGroups = [ "nginx" ];
security.sudo.extraRules = [ security.sudo.extraRules = [
{ commands = [ { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } ]; users = [ "telegraf" ]; } { commands = [ { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } ]; users = [ "telegraf" ]; }
]; ];

200
systems/LoutreOS/services.nix
View file

@ -27,7 +27,7 @@ in
../../services/mail-server.nix ../../services/mail-server.nix
../../services/python-ci.nix ../../services/python-ci.nix
../../services/sdtdserver.nix ../../services/sdtdserver.nix
../../containers/vsftpd.nix # ../../containers/vsftpd.nix
# /mnt/secrets/factorio_secrets.nix # /mnt/secrets/factorio_secrets.nix
./monitoring.nix ./monitoring.nix
./medias.nix ./medias.nix
@ -35,6 +35,22 @@ in
]; ];
services = { services = {
redis.enable = true;
logrotate = {
enable = true;
paths = {
nginx = {
path = "/var/log/nginx/*.log";
user = config.services.nginx.user;
group = config.services.nginx.group;
keep = 7;
extraConfig = ''
compress
'';
};
};
};
fail2ban.enable = true; fail2ban.enable = true;
@ -263,6 +279,7 @@ in
"10.40.249.1".name = "Bureau"; "10.40.249.1".name = "Bureau";
"10.40.249.2".name = "Cuisine"; "10.40.249.2".name = "Cuisine";
}; };
zha = null;
esphome = null; esphome = null;
light = [ light = [
{ {
@ -386,7 +403,27 @@ in
]; ];
automation = let automation = let
min_sun_elevation = 4; min_sun_elevation = 4;
switch_chambre = {
domain = "zha";
platform = "device";
device_id = "3329ecdcad244e5e8fc0f4b96d52ffe1";
};
switch_entree = {
domain = "zha";
platform = "device";
device_id = "7cd814190ec543dba76a7aa7e7996c41";
};
remote = {
domain = "zha";
platform = "device";
device_id = "d1230b76264e483388a8fdaad4f44143";
};
in [ in [
# ENTREE
{ {
alias = "Aziz lumière"; alias = "Aziz lumière";
trigger = [ trigger = [
@ -396,11 +433,6 @@ in
value_template = "{{ state.attributes.elevation }}"; value_template = "{{ state.attributes.elevation }}";
below = min_sun_elevation; below = min_sun_elevation;
} }
{
platform = "state";
entity_id = "person.paul";
to = "home";
}
]; ];
condition = [ condition = [
{ {
@ -413,27 +445,34 @@ in
condition = "template"; condition = "template";
value_template = "{{ state_attr('sun.sun', 'elevation') < ${toString min_sun_elevation} }}"; value_template = "{{ state_attr('sun.sun', 'elevation') < ${toString min_sun_elevation} }}";
} }
# All lights off
{
condition = "template";
value_template = ''
{% set domain = 'light' %}
{% set state = 'off' %}
{{ states[domain] | count == states[domain] | selectattr('state','eq', state) | list | count }}
'';
}
]; ];
action = { action = {
scene = "scene.home"; scene = "scene.home";
}; };
} }
{ {
alias = "Adios"; alias = "Aziz lumière switch";
trigger = { trigger = {
platform = "state"; type = "remote_button_short_press";
entity_id = "person.paul"; subtype = "turn_on";
to = "not_home"; } // switch_entree;
action = {
scene = "scene.home";
}; };
}
{
alias = "Adios";
trigger = [
{
platform = "state";
entity_id = "person.paul";
to = "not_home";
}
({
type = "remote_button_short_press";
subtype = "turn_off";
} // switch_entree)
];
action = [ action = [
{ {
service = "light.turn_off"; service = "light.turn_off";
@ -445,6 +484,129 @@ in
} }
]; ];
} }
# REMOTE
{
alias = "Button toggle";
trigger = {
type = "remote_button_short_press";
subtype = "turn_on";
} // remote;
action = {
choose = {
conditions = {
condition = "template";
value_template = ''
{% set domain = 'light' %}
{% set state = 'off' %}
{{ states[domain] | count == states[domain] | selectattr('state','eq',state) | list | count }}
'';
};
sequence = {
scene = "scene.home";
};
};
default = {
service = "light.turn_off";
entity_id = "all";
};
};
}
{
alias = "Button scene movie";
trigger = {
type = "remote_button_short_press";
subtype = "right";
} // remote;
action = {
scene = "scene.movie";
};
}
{
alias = "Button scene home";
trigger = {
type = "remote_button_short_press";
subtype = "left";
} // remote;
action = {
scene = "scene.home";
};
}
{
alias = "Button light up";
trigger = {
type = "remote_button_short_press";
subtype = "dim_up";
} // remote;
action = {
service = "light.turn_on";
entity_id = "light.salon";
data = {
brightness_step = 25;
};
};
}
{
alias = "Button light down";
trigger = {
type = "remote_button_short_press";
subtype = "dim_down";
} // remote;
action = {
service = "light.turn_on";
entity_id = "light.salon";
data = {
brightness_step = -25;
};
};
}
# CHAMBRE
{
alias = "Button scene night";
trigger = {
type = "remote_button_short_press";
subtype = "turn_on";
} // switch_chambre;
action = {
scene = "scene.night";
};
}
{
alias = "Button scene dodo";
trigger = {
type = "remote_button_short_press";
subtype = "turn_off";
} // switch_chambre;
action = {
service = "light.turn_off";
entity_id = "all";
};
}
{
alias = "Button scene lumière chambre ON";
trigger = {
type = "remote_button_long_press";
subtype = "dim_up";
} // switch_chambre;
action = {
service = "light.turn_on";
entity_id = "light.chambre";
};
}
{
alias = "Button scene lumière chambre OFF";
trigger = {
type = "remote_button_long_press";
subtype = "dim_down";
} // switch_chambre;
action = {
service = "light.turn_off";
entity_id = "light.chambre";
};
}
]; ];
}; };
}; };

57
systems/LoutreOS/web.nix
View file

@ -57,6 +57,7 @@ in
services = { services = {
phpfpm.pools.work = { phpfpm.pools.work = {
user = config.users.users.work.name; user = config.users.users.work.name;
phpPackage = pkgs.php.withExtensions ({ all, ... }: with all; [ redis filter ]);
settings = { settings = {
"listen.owner" = config.services.nginx.user; "listen.owner" = config.services.nginx.user;
"pm" = "dynamic"; "pm" = "dynamic";
@ -70,7 +71,7 @@ in
nginx = { nginx = {
enable = true; enable = true;
package = pkgs.nginx.override { package = pkgs.nginx.override {
modules = with pkgs.nginxModules; [ rtmp dav ]; modules = with pkgs.nginxModules; [ dav ];
}; };
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
@ -182,11 +183,7 @@ in
"maxspiegel.fr" = base { "/" = { root = "/run/python-ci/nyanloutre/site-max"; }; }; "maxspiegel.fr" = base { "/" = { root = "/run/python-ci/nyanloutre/site-max"; }; };
"stream.nyanlout.re" = base { "stream.nyanlout.re" = base {
"/" = { "/" = {
root = "/var/www/hls/"; proxyPass = "http://10.30.135.71";
extraConfig = ''
add_header Cache-Control no-cache;
add_header Access-Control-Allow-Origin *;
'';
}; };
}; };
"login.nyanlout.re" = simpleReverse config.services.nginx.sso.configuration.listen.port; "login.nyanlout.re" = simpleReverse config.services.nginx.sso.configuration.listen.port;
@ -198,10 +195,10 @@ in
"jackett.nyanlout.re" = authReverse 9117; "jackett.nyanlout.re" = authReverse 9117;
"pgmanage.nyanlout.re" = authReverse config.services.pgmanage.port; "pgmanage.nyanlout.re" = authReverse config.services.pgmanage.port;
"matrix.nyanlout.re" = simpleReverse 8008; "matrix.nyanlout.re" = simpleReverse 8008;
"airsonic.nyanlout.re" = simpleReverse 4040;
"emby.nyanlout.re" = simpleReverse 8096; "emby.nyanlout.re" = simpleReverse 8096;
"ci.nyanlout.re" = simpleReverse 52350; "ci.nyanlout.re" = simpleReverse 52350;
"gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort; "gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort;
"musique.nyanlout.re" = simpleReverse config.services.navidrome.settings.Port;
"apart.nyanlout.re" = recursiveUpdate (simpleReverse config.services.home-assistant.port) { "apart.nyanlout.re" = recursiveUpdate (simpleReverse config.services.home-assistant.port) {
locations."/" = { locations."/" = {
proxyWebsockets = true; proxyWebsockets = true;
@ -214,7 +211,7 @@ in
dav_ext_methods PROPFIND OPTIONS; dav_ext_methods PROPFIND OPTIONS;
''; '';
}; };
"/_h5ai/public/index.php" = { "~ ^/(_h5ai/public/index|random).php" = {
extraConfig = '' extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools.work.socket}; fastcgi_pass unix:${config.services.phpfpm.pools.work.socket};
@ -222,39 +219,13 @@ in
include ${pkgs.nginx}/conf/fastcgi.conf; include ${pkgs.nginx}/conf/fastcgi.conf;
''; '';
}; };
} // { root = "/mnt/medias/iso_linux"; }; } // {
root = "/mnt/medias/iso_linux";
extraConfig = ''
access_log /var/log/nginx/$host.log;
'';
};
}; };
appendConfig = let
rootLocation = config.services.nginx.virtualHosts."stream.nyanlout.re".locations."/".root;
in ''
rtmp {
server {
listen 1935;
application live {
live on;
exec_push ${pkgs.ffmpeg}/bin/ffmpeg -i rtmp://localhost/$app/$name -async 1 -vsync -1
-c:v libx264 -c:a aac -b:v 768k -b:a 96k -vf "scale=720:trunc(ow/a/2)*2" -tune zerolatency -preset ultrafast -crf 28 -f flv rtmp://localhost/show/$name_mid
-c:v libx264 -c:a aac -b:v 1024k -b:a 128k -vf "scale=960:trunc(ow/a/2)*2" -tune zerolatency -preset ultrafast -crf 28 -f flv rtmp://localhost/show/$name_high
-c copy -f flv rtmp://localhost/show/$name_src 2>>${rootLocation}/ffmpeg-$name.log;
}
application show {
live on;
hls on;
hls_path ${rootLocation};
hls_fragment 3s;
hls_playlist_length 60s;
hls_variant _mid BANDWIDTH=448000; # Medium bitrate, SD resolution
hls_variant _high BANDWIDTH=1152000; # High bitrate, higher-than-SD resolution
hls_variant _src BANDWIDTH=4096000; # Source bitrate, source resolution
}
}
}
'';
}; };
postgresql = { postgresql = {
@ -292,7 +263,7 @@ in
python-ci.enable = true; python-ci.enable = true;
mastodon = { mastodon = {
enable = true; enable = false;
localDomain = "social.nyanlout.re"; localDomain = "social.nyanlout.re";
configureNginx = true; configureNginx = true;
extraConfig = { extraConfig = {
@ -314,7 +285,9 @@ in
systemd.services.phpfpm-work.serviceConfig = { systemd.services.phpfpm-work.serviceConfig = {
ReadOnlyPaths = "/mnt/medias/iso_linux"; ReadOnlyPaths = "/mnt/medias/iso_linux";
ReadWritePaths = "/mnt/medias/iso_linux/_h5ai"; ReadWritePaths = [
"/mnt/medias/iso_linux/_h5ai"
];
}; };
systemd.services.site-musique = let systemd.services.site-musique = let