diff --git a/flake.lock b/flake.lock index 45994b4..ce3f14d 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ ] }, "locked": { - "lastModified": 1635873573, - "narHash": "sha256-KcrFb8HSNcVTtYNXoUwZxW531cQn6T3YBU6Goo5G9mo=", + "lastModified": 1686668177, + "narHash": "sha256-sr4VMrsUG3ePrk8HNL2OeQ/gDqqnGRjzzzDSxRf65lo=", "owner": "nyanloutre", "repo": "dogetipbot-telegram", - "rev": "e781adbbeda8aa0cbaef47558fc28f9e1dd162fb", + "rev": "baafc544b59db91dbe9466565e2f224e3aa76f7b", "type": "gitlab" }, "original": { @@ -37,6 +37,22 @@ "type": "gitlab" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1638122382, @@ -75,11 +91,26 @@ }, "nixpkgs": { "locked": { - "lastModified": 1686035213, - "narHash": "sha256-hRcXUoVWWuLqFzQ1QVQx4ewvbnst1NkCxoZhmpzrilA=", + "lastModified": 1686513595, + "narHash": "sha256-H3JNqj7TEiMx5rd8lRiONvgFZvmf3kmwHI2umDdqgFY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d83945caa7624015f11b152bf5c6c4363ffe9f7c", + "rev": "bb8b5735d6f7e06b9ddd27de115b0600c1ffbdb4", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.05", + "type": "indirect" + } + }, + "nixpkgs-22_11": { + "locked": { + "lastModified": 1669558522, + "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", "type": "github" }, "original": { @@ -90,11 +121,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1686135559, - "narHash": "sha256-pY8waAV8K/sbHBdLn5diPFnQKpNg0YS9w03MrD2lUGE=", + "lastModified": 1686501370, + "narHash": "sha256-G0WuM9fqTPRc2URKP9Lgi5nhZMqsfHGrdEbrLvAPJcg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "381e92a35e2d196fdd6077680dca0cd0197e75cb", + "rev": "75a5ebf473cd60148ba9aec0d219f72e5cf52519", "type": "github" }, "original": { @@ -116,25 +147,27 @@ "simple-nixos-mailserver": { "inputs": { "blobs": "blobs", + "flake-compat": "flake-compat", "nixpkgs": [ "nixpkgs-unstable" ], - "nixpkgs-22_11": [ + "nixpkgs-22_11": "nixpkgs-22_11", + "nixpkgs-23_05": [ "nixpkgs" ], "utils": "utils" }, "locked": { - "lastModified": 1671659164, - "narHash": "sha256-DbpT+v1POwFOInbrDL+vMbYV3mVbTkMxmJ5j50QnOcA=", + "lastModified": 1686496219, + "narHash": "sha256-8zXZ/813yzaRA84js98G3XQ3GEEzFGnxhjvVyxkEey0=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "bc667fb6afc45f6cc2d118ab77658faf2227cffd", + "rev": "4966c0f63f04659015f064f2aa34b1893a16dfde", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-22.11", + "ref": "nixos-23.05", "repo": "nixos-mailserver", "type": "gitlab" } diff --git a/flake.nix b/flake.nix index e9ef184..d6de1f2 100644 --- a/flake.nix +++ b/flake.nix @@ -1,13 +1,13 @@ { inputs = { - nixpkgs.url = "flake:nixpkgs/nixos-22.11"; + nixpkgs.url = "flake:nixpkgs/nixos-23.05"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; utils.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.3.1"; simple-nixos-mailserver = { - url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.11"; + url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05"; inputs = { nixpkgs.follows = "nixpkgs-unstable"; - nixpkgs-22_11.follows = "nixpkgs"; + nixpkgs-23_05.follows = "nixpkgs"; }; }; dogetipbot-telegram = { @@ -46,7 +46,6 @@ ]; hosts.loutreos.modules = [ - "${nixpkgs-unstable}/nixos/modules/services/web-apps/photoprism.nix" simple-nixos-mailserver.nixosModule dogetipbot-telegram.nixosModule ipmihddtemp.nixosModule diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index e292f44..720c7d7 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -22,7 +22,7 @@ supportedFilesystems = [ "zfs" ]; - tmpOnTmpfs = true; + tmp.useTmpfs = true; }; documentation.nixos.enable = false; @@ -57,10 +57,6 @@ id = 100; interface = "eno1"; }; - chinoiseries = { - id = 20; - interface = "eno2"; - }; }; interfaces = { @@ -74,11 +70,6 @@ { address = "10.30.0.1"; prefixLength = 16; } ]; }; - chinoiseries = { - ipv4.addresses = [ - { address = "10.40.0.1"; prefixLength = 16; } - ]; - }; enp0s21u2.useDHCP = true; }; @@ -88,8 +79,8 @@ externalInterface = "bouygues"; # Permet d'utiliser le SNAT plus rapide au lieu de MASQUERADE # externalIP = "0.0.0.0"; - internalIPs = [ "10.30.0.0/16" "10.40.0.0/16" ]; - internalInterfaces = [ "eno2" "chinoiseries" ]; + internalIPs = [ "10.30.0.0/16" ]; + internalInterfaces = [ "eno2" ]; forwardPorts = [ { destination = "10.30.0.1:22"; proto = "tcp"; sourcePort = 8443;} { destination = "10.30.135.35:25565"; proto = "tcp"; sourcePort = 25565; loopbackIPs=[ "195.36.180.44" ];} @@ -132,7 +123,7 @@ services.dhcpd4 = { enable = true; - interfaces = [ "eno2" "chinoiseries" ]; + interfaces = [ "eno2" ]; machines = [ { ethernetAddress = "50:c7:bf:b6:b8:ef"; hostName = "HS110"; ipAddress = "10.30.50.7"; } { ethernetAddress = "ac:1f:6b:4b:01:15"; hostName = "IPMI"; ipAddress = "10.30.1.1"; } @@ -142,11 +133,6 @@ { ethernetAddress = "e0:98:06:85:e9:ce"; hostName = "salonled"; ipAddress = "10.30.40.1"; } { ethernetAddress = "e0:98:06:86:38:fc"; hostName = "bureauled"; ipAddress = "10.30.40.2"; } { ethernetAddress = "50:02:91:78:be:be"; hostName = "guirlande"; ipAddress = "10.30.40.3"; } - - # YeeLights - { ethernetAddress = "04:cf:8c:b5:7e:18"; hostName = "yeelink-light-color3_miap7e18"; ipAddress = "10.40.249.0"; } - { ethernetAddress = "04:cf:8c:b5:2d:28"; hostName = "yeelink-light-color3_miap2d28"; ipAddress = "10.40.249.1"; } - { ethernetAddress = "04:cf:8c:b5:71:04"; hostName = "yeelink-light-color3_miap7104"; ipAddress = "10.40.249.2"; } ]; extraConfig = '' option domain-name-servers 89.234.141.66, 80.67.169.12, 80.67.169.40; @@ -155,10 +141,6 @@ option routers 10.30.0.1; range 10.30.100.0 10.30.200.0; } - subnet 10.40.0.0 netmask 255.255.0.0 { - option routers 10.40.0.1; - range 10.40.100.0 10.40.200.0; - } ''; }; @@ -168,9 +150,11 @@ services.openssh = { enable = true; - permitRootLogin = "no"; - passwordAuthentication = false; - forwardX11 = true; + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + X11Forwarding = true; + }; }; users = { diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index e028104..39d1e2a 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -62,7 +62,7 @@ in }; # Certificate setup - certificateScheme = 1; + certificateScheme = "manual"; certificateFile = "/var/lib/acme/${domaine}/fullchain.pem"; keyFile = "/var/lib/acme/${domaine}/key.pem"; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 243d4d7..52bf009 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -262,7 +262,7 @@ in }; }; "ci.nyanlout.re" = simpleReverse 52350; - "gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort; + "gitea.nyanlout.re" = simpleReverse config.services.gitea.settings.server.HTTP_PORT; "musique.nyanlout.re" = simpleReverse config.services.navidrome.settings.Port; "photo.nyanlout.re" = recursiveUpdate (simpleReverse config.services.photoprism.port) { locations."/" = { @@ -350,14 +350,16 @@ in gitea = { enable = true; - httpPort = 3001; - rootUrl = "https://gitea.nyanlout.re/"; database = { type = "postgres"; port = 5432; passwordFile = "/var/lib/gitea/custom/conf/database_password"; }; settings = { + server = { + HTTP_PORT = 3001; + ROOT_URL = "https://gitea.nyanlout.re/"; + }; ui.DEFAULT_THEME = "arc-green"; log.LEVEL = "Warn"; service.DISABLE_REGISTRATION = true;