services/mail-server.nix

@@ -17,8 +17,8 @@ in
 
   imports = [
     (builtins.fetchTarball {
-      url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/5cd6f8e7b3f5d5bf56e407c5e79a682cb250d911/nixos-mailserver-5cd6f8e7b3f5d5bf56e407c5e79a682cb250d911.tar.gz";
+      url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.3.0/nixos-mailserver-v2.3.0.tar.gz";
-      sha256 = "0vdq5qsz8vvaryyzsama76lh3v57abvq3j5a3hb23yp7z2wlrk63";
+      sha256 = "0lpz08qviccvpfws2nm83n7m2r8add2wvfg9bljx9yxx8107r919";
     })
   ];
 
@@ -63,9 +63,9 @@ in
 
     security.acme.certs = {
       "${cfg.domaine}" = {
-        extraDomainNames = [
+        extraDomains = {
-          "mail.${cfg.domaine}"
+          "mail.${cfg.domaine}" = null;
-        ];
+        };
         postRun = ''
           systemctl reload dovecot2.service
         '';

systems/LoutreOS/configuration.nix

@@ -33,7 +33,7 @@ in
   ];
 
   nixpkgs.config.allowUnfree = false;
-  nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem pkg.pname or (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.32.0-slimserver" "minecraft-server" ]);
+  nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem pkg.pname or (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.30.1-slimserver" "minecraft-server" ]);
 
   services.zfs = {
     autoSnapshot.enable = true;
@@ -131,7 +131,6 @@ in
       { ethernetAddress = "ac:1f:6b:4b:01:15"; hostName = "IPMI"; ipAddress = "10.30.1.1"; }
       { ethernetAddress = "00:1f:c6:6e:d1:f1"; hostName = "minecraftos"; ipAddress = "10.30.135.35"; }
       { ethernetAddress = "b4:2e:99:ed:24:26"; hostName = "paul-fixe"; ipAddress = "10.30.135.71"; }
-      { ethernetAddress = "20:47:da:fc:19:98"; hostName = "telephone-nyan"; ipAddress = "10.30.50.2"; }
 
       #ESPHome
       { ethernetAddress = "e0:98:06:85:e9:ce"; hostName = "salonled"; ipAddress = "10.30.40.1"; }

systems/LoutreOS/hardware-configuration.nix

@@ -157,11 +157,6 @@
       fsType = "zfs";
     };
 
-  fileSystems."/var/lib/hass" =
-    { device = "loutrepool/var/hass";
-      fsType = "zfs";
-    };
-
   swapDevices =
     [
       {

systems/LoutreOS/medias.nix

@@ -5,7 +5,6 @@
     transmission = {
       enable = true;
       home = "/var/lib/transmission";
-      port = 9091;
       settings = {
         rpc-bind-address = "127.0.0.1";
         rpc-host-whitelist = "*";
@@ -19,10 +18,7 @@
     sonarr.enable = true;
     jackett.enable = true;
 
-    jellyfin = {
+    jellyfin.enable = true;
-      enable = true;
-      package = pkgs.jellyfin;
-    };
 
     slimserver = {
       enable = true;
@@ -35,8 +31,6 @@
     };
   };
 
-  systemd.services.transmission.serviceConfig.BindPaths = [ "/mnt/medias" ];
-
   networking = {
     firewall.allowedTCPPorts = [
       config.services.transmission.settings.peer-port

systems/LoutreOS/services.nix

@@ -246,10 +246,7 @@ in
         };
         influxdb = null;
         config = null;
-        frontend.themes = "!include ${pkgs.fetchurl {
+        frontend = null;
-          url = "https://raw.githubusercontent.com/bbbenji/synthwave-hass/0.3.3.1/themes/synthwave.yaml";
-          sha256 = "1n2yhk98cf778z7fdl5bswljhj45nv6bld191rxw7q6ckp235q4h";
-        }}";
         history = null;
         logbook = null;
         map = null;
@@ -324,12 +321,6 @@ in
             broadcast_address = "10.30.255.255";
           }
         ];
-        device_tracker = [
-          {
-            platform = "ping";
-            hosts = { telephone_paul = "10.30.50.2"; };
-          }
-        ];
         scene = [
           {
             name = "Movie";
@@ -408,20 +399,10 @@ in
                 entity_id = "person.paul";
                 state = "home";
               }
-              # Sun below max elevation
               {
                 condition = "template";
                 value_template = "{{ state_attr('sun.sun', 'elevation') < ${toString min_sun_elevation} }}";
               }
-              # All lights off
-              {
-                condition = "template";
-                value_template = ''
-                  {% set domain = 'light' %}
-                  {% set state = 'off' %}
-                  {{ states[domain] | count == states[domain] | selectattr('state','eq', state) | list | count }}
-                '';
-              }
             ];
             action = {
               scene = "scene.home";
@@ -440,7 +421,7 @@ in
                 entity_id = "all";
               }
               {
-                service = "media_player.turn_off";
+                service = "media_player.media_pause";
                 entity_id = "all";
               }
             ];
@@ -511,6 +492,7 @@ in
   # '';
 
   users.groups.nginx.members = [ "matrix-synapse" ];
+  security.acme.certs."nyanlout.re".allowKeysForGroup = true;
 
   security.pam.services.sshd.text = pkgs.lib.mkDefault( pkgs.lib.mkAfter "session optional ${pkgs.pam}/lib/security/pam_exec.so seteuid ${login_mail_alert}/bin/mail_alert.sh" );
 

systems/LoutreOS/users.nix

@@ -6,7 +6,7 @@
       uid = 1000;
       isNormalUser = true;
       description = "Paul TREHIOU";
-      extraGroups = [ "wheel" "medias" "transmission" ];
+      extraGroups = [ "wheel" "medias" ];
       openssh.authorizedKeys.keys = [
         "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAF7VlzHzgg70uFbRFtVTS34qNBke/RD36mRENAsa33RxztxrqMsIDscAD/d6CTe6HDy7MCGzJnWCJSXj5iOQFM4RRMvKNEgCKPHqfhmfVvO4YZuMjNB0ufVf6zhJL4Hy43STf7NIWrenGemUP+OvVSwN/ujgl2KKw4KJZt25/h/7JjlCgsZm4lWg4xcjoiKL701W2fbEoU73XKdbRTgTvKoeK1CGxdAPFefFDFcv/mtJ7d+wIxw9xODcLcA66Bu94WGMdpyEAJc4nF8IOy4pW8AzllDi0qNEZGCQ5+94upnLz0knG1ue9qU2ScAkW1/5rIJTHCVtBnmbLNSAOBAstaGQJuSL40TWZ1oPA5i1qUEhunNcJ+Sgtp6XP69qY34T/AeJvHRyw5M5LfN0g+4ka9k06NPBhbpHFASz4M8nabQ0iM63++xcapnw/8gk+EPhYVKW86SsyTa9ur+tt6oDWEKNaOhgscX44LexY7jKdeBRt3GaObtBJtVLBRx3Z2aRXgjgnKGqS40mGRiSkqb2DShspI1l8DV2RrPiuwdBzXVQjWRc0KXmJrcgXX9uoPSxihxwaUQyvmITOV1Y+NEuek4gRkVNOxjoG7RGnaYvYzxEQVoI5TwZC2/DCrAUgCv8DQawkcpEiWnBq7Q5VnpmFx5juVQ/I0G8byOkPXgRUOk9 openpgp:0xAB524BBC"
         "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCACVI2dL4AmOdcb7RSl3JZpfK33NhqrYFfWfXMYow5SPJ9VPteOp5kVvKUuSbGH3chjpttYC/ueQJJhFagiKmkeftQTslIw6C009wUExGpJwRotHqISXv2ctURGURKy2FF848whd7xZJzdj49ZJ6S+SCbRFZvVWfT2dP/JwTiWW1mbEaWKyOgrixH6wSKt9ECumjX9KjqSWGw+k3yLJxIhdqiZAjNv4soJs1mQYdIlFCXCuznzoZIQBexZPQCx0j9HjczPz1feMLWkrHzEMexNjsBE2uA6yXLbH1wa8xCJ4VOeD7u9JqVY579AsicD62G+qIgw0B2zmyz7xTrdPv+061zmYn6qYr8EXGTk4dVgedZp8M1XzZ1PVoeeftPFcClXC7zCGyCR2uzJbQLzlaTwZrdghAiS9UhMRuKpNgZy2zDWw4MqdojrF5bndPkoijlXWYrPYBFED5OU1mpwzpanYgldowJC/Ixjwi+Hmse2q4XgZ+egfuotBqPfqB+bWsCa5GNiJWGdLP69uBSsXubGnqLwvE0FAQ2GHb+SEoZKFy/QV9GzOLlVrGlgK5YFgKJD+Q1nn1QRycXt1oMVC/AtR/NshOGanhdvIRpPATGmaxLVXSY093vyAOW4MPrS00fPAXzAfJUwIuWcloFfLMo5Jitj5rpE1s6FX8xrl4upQ== paul@nyanlout.re"

systems/LoutreOS/web.nix

@@ -48,29 +48,11 @@ in
     acceptTerms = true;
   };
 
-  users.groups.work = {};
-  users.users.work = {
-    isSystemUser = true;
-    group = config.users.groups.work.name;
-  };
-
   services = {
-    phpfpm.pools.work = {
-      user = config.users.users.work.name;
-      settings = {
-        "listen.owner" = config.services.nginx.user;
-        "pm" = "dynamic";
-        "pm.max_children" = 75;
-        "pm.start_servers" = 10;
-        "pm.min_spare_servers" = 5;
-        "pm.max_spare_servers" = 20;
-        "pm.max_requests" = 500;
-      };
-    };
     nginx = {
       enable = true;
       package = pkgs.nginx.override {
-        modules = with pkgs.nginxModules; [ rtmp dav ];
+        modules = with pkgs.nginxModules; [ rtmp ];
       };
       recommendedGzipSettings = true;
       recommendedOptimisation = true;
@@ -165,7 +147,7 @@ in
             '';
           };
         } // { default = true; };
-        "riot.nyanlout.re" = base { "/" = { root = pkgs.element-web; }; };
+        "riot.nyanlout.re" = base { "/" = { root = pkgs.riot-web; }; };
         "factorio.nyanlout.re" = base { "/" = { root = "/var/www/factorio"; }; };
         "minecraft.nyanlout.re" = base { "/" = { root = "/var/www/minecraft-overviewer"; }; };
         "musique-meyenheim.fr" = base {
@@ -207,22 +189,6 @@ in
             proxyWebsockets = true;
           };
         };
-        "work.rezom.eu" = base {
-          "/" = {
-            index = "/_h5ai/public/index.php";
-            extraConfig = ''
-              dav_ext_methods PROPFIND OPTIONS;
-            '';
-          };
-          "/_h5ai/public/index.php" = {
-            extraConfig = ''
-              fastcgi_split_path_info ^(.+\.php)(/.+)$;
-              fastcgi_pass unix:${config.services.phpfpm.pools.work.socket};
-              include ${pkgs.nginx}/conf/fastcgi_params;
-              include ${pkgs.nginx}/conf/fastcgi.conf;
-            '';
-          };
-        } // { root = "/mnt/medias/iso_linux"; };
       };
       appendConfig = let
         rootLocation = config.services.nginx.virtualHosts."stream.nyanlout.re".locations."/".root;
@@ -259,9 +225,9 @@ in
 
     postgresql = {
       enable = true;
-      settings = {
+      extraConfig = ''
-        full_page_writes = false;
+        full_page_writes = off
-      };
+      '';
     };
 
     pgmanage = {
@@ -283,10 +249,13 @@ in
         passwordFile = "/var/lib/gitea/custom/conf/database_password";
       };
       log.level = "Warn";
-      disableRegistration = true;
+      extraConfig = ''
-      settings = {
+        [ui]
-        ui.DEFAULT_THEME = "arc-green";
+        DEFAULT_THEME = arc-green
-      };
+
+        [service]
+        DISABLE_REGISTRATION = true
+      '';
     };
 
     python-ci.enable = true;
@@ -308,15 +277,6 @@ in
     };
   };
 
-  systemd.services.nginx.serviceConfig = {
-    ReadWritePaths = "/var/www/hls";
-  };
-
-  systemd.services.phpfpm-work.serviceConfig = {
-    ReadOnlyPaths = "/mnt/medias/iso_linux";
-    ReadWritePaths = "/mnt/medias/iso_linux/_h5ai";
-  };
-
   systemd.services.site-musique = let
     djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_2_2 pillow setuptools ]));
   in {