nyanloutre/nixos-config
1
1
Fork 1
Code Issues Pull requests Releases Wiki Activity

Compare commits

base: nyanloutre:master
Branches Tags
nyanloutre:master
..
compare: nyanloutre:b1cea27df05e19564e4a49344a78188ca7e0428f
Branches Tags
nyanloutre:master

No commits in common. "master" and "b1cea27df05e19564e4a49344a78188ca7e0428f" have entirely different histories.
master ... b1cea27df0

24 changed files with 1864 additions and 2020 deletions
Download patch file Download diff file Expand all files Collapse all files

269
flake.lock generated
View file

@ -23,11 +23,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1730148450, "lastModified": 1635873573,
"narHash": "sha256-CSxPIeDqavQ3fJhshuNs0oS84P1p87BsbNoashKlrKg=", "narHash": "sha256-KcrFb8HSNcVTtYNXoUwZxW531cQn6T3YBU6Goo5G9mo=",
"owner": "nyanloutre", "owner": "nyanloutre",
"repo": "dogetipbot-telegram", "repo": "dogetipbot-telegram",
"rev": "667e318212920005917792b06e0f480b421fa6d3", "rev": "e781adbbeda8aa0cbaef47558fc28f9e1dd162fb",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -37,53 +37,13 @@
"type": "gitlab" "type": "gitlab"
} }
}, },
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1748821116,
"narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1638122382,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "rev": "74f7e4319258e287b0f9cb95426c9853b282730b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -92,54 +52,6 @@
"type": "github" "type": "github"
} }
}, },
"git-hooks": {
"inputs": {
"flake-compat": [
"simple-nixos-mailserver",
"flake-compat"
],
"gitignore": "gitignore",
"nixpkgs": [
"simple-nixos-mailserver",
"nixpkgs"
]
},
"locked": {
"lastModified": 1742649964,
"narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"simple-nixos-mailserver",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"ipmihddtemp": { "ipmihddtemp": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -147,11 +59,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1747584091, "lastModified": 1635966341,
"narHash": "sha256-6QMKT0BrLyb2wSFEpmTjYpMS6JOLHRRAMnnM5/qN/vE=", "narHash": "sha256-Y70jZPL3/fY8SzkPnpw9Ta411zbbkJ1D3qOYJ76zuIA=",
"owner": "nyanloutre", "owner": "nyanloutre",
"repo": "ipmihddtemp", "repo": "ipmihddtemp",
"rev": "837ba5a66de1688e7fbce8302cfb363c42a0e1d9", "rev": "6fe5d14f588956dfff89716f81b8101c7a94cd6d",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -161,72 +73,43 @@
"type": "gitlab" "type": "gitlab"
} }
}, },
"ixx": {
"inputs": {
"flake-utils": [
"nixvim",
"nuschtosSearch",
"flake-utils"
],
"nixpkgs": [
"nixvim",
"nuschtosSearch",
"nixpkgs"
]
},
"locked": {
"lastModified": 1748294338,
"narHash": "sha256-FVO01jdmUNArzBS7NmaktLdGA5qA3lUMJ4B7a05Iynw=",
"owner": "NuschtOS",
"repo": "ixx",
"rev": "cc5f390f7caf265461d4aab37e98d2292ebbdb85",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"ref": "v0.0.8",
"repo": "ixx",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1749727998, "lastModified": 1655096306,
"narHash": "sha256-mHv/yeUbmL91/TvV95p+mBVahm9mdQMJoqaTVTALaFw=", "narHash": "sha256-3B3zBaQVLL956deZgmucouvkZroObQ4JKHzbIfFS9/c=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "fd487183437963a59ba763c0cc4f27e3447dd6dd", "rev": "a119e218ad27bea32057a3463e3694a61c9e3802",
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "nixpkgs", "id": "nixpkgs",
"ref": "nixos-25.05", "ref": "nixos-22.05",
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs-4a3fc4cf7": { "nixpkgs-21_05": {
"locked": { "locked": {
"lastModified": 1716914467, "lastModified": 1625692408,
"narHash": "sha256-KkT6YM/yNQqirtYj/frn6RRakliB8RDvGqVGGaNhdcU=", "narHash": "sha256-e9L3TLLDVIJpMnHtiNHJE62oOh6emRtSZ244bgYJUZs=",
"owner": "nixos", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4", "rev": "c06613c25df3fe1dd26243847a3c105cf6770627",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "id": "nixpkgs",
"repo": "nixpkgs", "ref": "nixos-21.05",
"rev": "4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4", "type": "indirect"
"type": "github"
} }
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1749285348, "lastModified": 1655043425,
"narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=", "narHash": "sha256-A+oT+aQGhW5lXy8H0cqBLsYtgcnT5glmGOXWQDcGw6I=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "3e3afe5174c561dee0df6f2c2b2236990146329f", "rev": "914ef51ffa88d9b386c71bdc88bffc5273c08ada",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -235,118 +118,74 @@
"type": "indirect" "type": "indirect"
} }
}, },
"nixvim": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
],
"nuschtosSearch": "nuschtosSearch",
"systems": "systems_2"
},
"locked": {
"lastModified": 1749702372,
"narHash": "sha256-X+PDQ9kgt3/nOUQWSyz/8WHFOp+SyDND+bKpVufxpdE=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "88f452558ea37ab8ab2052cf45b5a5653a1e556b",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "nixos-25.05",
"repo": "nixvim",
"type": "github"
}
},
"nuschtosSearch": {
"inputs": {
"flake-utils": "flake-utils",
"ixx": "ixx",
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1748298102,
"narHash": "sha256-PP11GVwUt7F4ZZi5A5+99isuq39C59CKc5u5yVisU/U=",
"owner": "NuschtOS",
"repo": "search",
"rev": "f8a1c221afb8b4c642ed11ac5ee6746b0fe1d32f",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"repo": "search",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"dogetipbot-telegram": "dogetipbot-telegram", "dogetipbot-telegram": "dogetipbot-telegram",
"ipmihddtemp": "ipmihddtemp", "ipmihddtemp": "ipmihddtemp",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-4a3fc4cf7": "nixpkgs-4a3fc4cf7",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"nixvim": "nixvim", "simple-nixos-mailserver": "simple-nixos-mailserver",
"simple-nixos-mailserver": "simple-nixos-mailserver" "utils": "utils_2"
} }
}, },
"simple-nixos-mailserver": { "simple-nixos-mailserver": {
"inputs": { "inputs": {
"blobs": "blobs", "blobs": "blobs",
"flake-compat": "flake-compat",
"git-hooks": "git-hooks",
"nixpkgs": [ "nixpkgs": [
"nixpkgs-unstable" "nixpkgs-unstable"
], ],
"nixpkgs-25_05": [ "nixpkgs-21_05": "nixpkgs-21_05",
"nixpkgs-21_11": [
"nixpkgs" "nixpkgs"
] ],
"utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1747965231, "lastModified": 1638911354,
"narHash": "sha256-BW3ktviEhfCN/z3+kEyzpDKAI8qFTwO7+S0NVA0C90o=", "narHash": "sha256-hNhzLOp+dApEY15vwLAQZu+sjEQbJcOXCaSfAT6lpsQ=",
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"rev": "53007af63fade28853408370c4c600a63dd97f41", "rev": "6e3a7b2ea6f0d68b82027b988aa25d3423787303",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"ref": "nixos-25.05", "ref": "nixos-21.11",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"type": "gitlab" "type": "gitlab"
} }
}, },
"systems": { "utils": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1605370193,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
"owner": "nix-systems", "owner": "numtide",
"repo": "default", "repo": "flake-utils",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "rev": "5021eac20303a61fafe17224c087f5519baed54d",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-systems", "owner": "numtide",
"repo": "default", "repo": "flake-utils",
"type": "github" "type": "github"
} }
}, },
"systems_2": { "utils_2": {
"inputs": {
"flake-utils": "flake-utils"
},
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1638172912,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-jxhQGNEsZTdop/Br3JPS+xmBf6t9cIWRzVZFxbT76Rw=",
"owner": "nix-systems", "owner": "gytis-ivaskevicius",
"repo": "default", "repo": "flake-utils-plus",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "rev": "166d6ebd9f0de03afc98060ac92cba9c71cfe550",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-systems", "owner": "gytis-ivaskevicius",
"repo": "default", "ref": "v1.3.1",
"repo": "flake-utils-plus",
"type": "github" "type": "github"
} }
} }

114
flake.nix
View file

@ -1,20 +1,15 @@
{ {
inputs = { inputs = {
nixpkgs.url = "flake:nixpkgs/nixos-25.05"; nixpkgs.url = "flake:nixpkgs/nixos-22.05";
nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable";
# transmission 4.0.5 downgrade to fix tracker bug utils.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.3.1";
nixpkgs-4a3fc4cf7.url = "github:nixos/nixpkgs/4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4";
simple-nixos-mailserver = { simple-nixos-mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.05"; url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.11";
inputs = { inputs = {
nixpkgs.follows = "nixpkgs-unstable"; nixpkgs.follows = "nixpkgs-unstable";
nixpkgs-25_05.follows = "nixpkgs"; nixpkgs-21_11.follows = "nixpkgs";
}; };
}; };
nixvim = {
url = "github:nix-community/nixvim/nixos-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};
dogetipbot-telegram = { dogetipbot-telegram = {
url = "gitlab:nyanloutre/dogetipbot-telegram/master"; url = "gitlab:nyanloutre/dogetipbot-telegram/master";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -25,91 +20,34 @@
}; };
}; };
outputs = outputs = inputs@{ self, utils, nixpkgs, nixpkgs-unstable, simple-nixos-mailserver, dogetipbot-telegram, ipmihddtemp }: utils.lib.mkFlake {
{
self,
nixpkgs,
nixpkgs-unstable,
nixpkgs-4a3fc4cf7,
simple-nixos-mailserver,
nixvim,
dogetipbot-telegram,
ipmihddtemp,
}@inputs:
{
packages.x86_64-linux = (import ./pkgs nixpkgs.legacyPackages.x86_64-linux); inherit self inputs;
nixosConfigurations.paul-fixe = nixpkgs-unstable.lib.nixosSystem { supportedSystems = [ "x86_64-linux" ];
system = "x86_64-linux";
modules = [ hostDefaults.modules = [
nixpkgs-unstable.nixosModules.notDetected nixpkgs.nixosModules.notDetected
nixvim.nixosModules.nixvim
{ {
nixpkgs.config.allowUnfree = true; nix.generateRegistryFromInputs = true;
nix = { nix.linkInputs = true;
settings.experimental-features = [ nix.generateNixPathFromInputs = true;
"nix-command"
"flakes"
];
registry = {
nixpkgs.to = {
type = "path";
path = nixpkgs-unstable.legacyPackages.x86_64-linux.path;
};
};
};
} }
];
hosts.loutreos.modules = [
simple-nixos-mailserver.nixosModule
dogetipbot-telegram.nixosModule
ipmihddtemp.nixosModule
./systems/LoutreOS/configuration.nix
];
hosts.paul-fixe = {
channelName = "nixpkgs-unstable";
modules = [
./systems/PC-Fixe/configuration.nix ./systems/PC-Fixe/configuration.nix
]; ];
}; };
nixosConfigurations.loutreos = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
specialArgs = {
inputs = inputs;
pkgs-4a3fc4cf7 = import nixpkgs-4a3fc4cf7 {
inherit system;
};
};
modules = [
nixpkgs-unstable.nixosModules.notDetected
simple-nixos-mailserver.nixosModule
nixvim.nixosModules.nixvim
dogetipbot-telegram.nixosModule
ipmihddtemp.nixosModule
{
nix = {
settings.experimental-features = [
"nix-command"
"flakes"
];
registry = {
nixpkgs.to = {
type = "path";
path = nixpkgs.legacyPackages.x86_64-linux.path;
};
};
};
systemd.services.watcharr = {
description = "Watcharr";
after = [ "network.target" ];
environment = {
PORT = "3005";
WATCHARR_DATA = "/var/lib/watcharr";
};
serviceConfig = {
DynamicUser = true;
StateDirectory = "watcharr";
ExecStart = "${self.packages.x86_64-linux.watcharr}/bin/Watcharr";
PrivateTmp = true;
};
wantedBy = [ "multi-user.target" ];
};
}
./systems/LoutreOS/configuration.nix
];
};
}; };
} }

15
overlays/riot-web.nix Normal file
View file

@ -0,0 +1,15 @@
self: super:
{
riot-web = super.riot-web.override {
conf = {
default_hs_url = "https://matrix.nyanlout.re";
default_is_url = "https://vector.im";
brand = "Nyanloutre";
default_theme = "dark";
integrations_ui_url = "https://dimension.t2bot.io/riot";
integrations_rest_url = "https://dimension.t2bot.io/api/v1/scalar";
integrations_widgets_urls = ["https://dimension.t2bot.io/widgets"];
integrations_jitsi_widget_url = "https://dimension.t2bot.io/widgets/jitsi";
};
};
}

3
pkgs/default.nix
View file

@ -1,3 +0,0 @@
pkgs: {
watcharr = pkgs.callPackage ./watcharr { };
}

65
pkgs/watcharr/default.nix
View file

@ -1,65 +0,0 @@
{
lib,
pkgs,
buildGoModule,
fetchFromGitHub,
buildNpmPackage,
nixosTests,
caddy,
testers,
installShellFiles,
stdenv,
}:
let
version = "1.41.0";
src = fetchFromGitHub {
owner = "sbondCo";
repo = "Watcharr";
rev = "v${version}";
hash = "sha256-ZvCxgfZZ9pbp+NvH+IhWphJWnAwgAH0x/REPd/XxJ70=";
};
frontend = buildNpmPackage {
pname = "watcharr-ui";
inherit version src;
npmDepsHash = "sha256-73paI0y4QyzkEnU99f1HeLD/hW8GP3F9N8tGGQnloH8=";
installPhase = ''
cp -r build $out
cp package.json package-lock.json $out
cd $out && npm ci --omit=dev
'';
};
in
buildGoModule {
pname = "watcharr";
inherit version;
src = src + "/server";
vendorHash = "sha256-86pFpS8ZSj+c7vwn0QCwzXlvVYJIf3SBj4X81zlwBWQ=";
# Inject frontend assets into go embed
prePatch = ''
# rm -rf ui
# ln -s ${frontend} ui
substituteInPlace watcharr.go \
--replace-fail ui/index.js ${frontend}/index.js \
--replace-fail \"127.0.0.1:3000\" "\"127.0.0.1:\"+os.Getenv(\"PORT\")"
'';
buildInputs = [ pkgs.makeWrapper ];
postFixup = ''
wrapProgram "$out/bin/Watcharr" --prefix PATH : "${lib.makeBinPath [ pkgs.nodejs ]}"
'';
meta = with lib; {
homepage = "https://watcharr.app/";
description = "Open source, self-hostable watched list for all your content with user authentication, modern and clean UI and a very simple setup";
license = licenses.asl20;
# mainProgram = "caddy";
maintainers = with maintainers; [ nyanloutre ];
};
}

49
services/python-ci.nix Normal file
View file

@ -0,0 +1,49 @@
{lib, config, pkgs, ... }:
with lib;
let
cfg = config.services.python-ci;
in
{
options.services.python-ci = {
enable = mkEnableOption "Service de CI Nix écrit en Python";
};
config = mkIf cfg.enable {
users.users = {
python-ci = {
isSystemUser = true;
group = "nogroup";
description = "Python CI user";
};
};
systemd.services.python-ci = {
description = "CI Nix en Python";
requires = ["network-online.target"];
wantedBy = ["multi-user.target"];
environment = { HOME = "/var/lib/python-ci"; NIX_PATH = concatStringsSep ":" config.nix.nixPath; NIXPKGS_ALLOW_UNFREE = "1";};
path = with pkgs;[ nix gnutar gzip ];
serviceConfig = {
User = "python-ci";
StateDirectory = "python-ci";
RuntimeDirectory = "python-ci";
RuntimeDirectoryPreserve = "yes";
ExecStart = with pkgs;
let env = python3Packages.python.buildEnv.override {
extraLibs = with python3Packages;[ pyramid python-gitlab ];
ignoreCollisions = true;
};
in "${pkgs.writeShellScriptBin "run.sh" ''
${env}/bin/python ${pkgs.writeScript "python-ci.py" "${readFile ./python-ci.py}"} --port 52350 \
--secret /var/lib/python-ci/secret --gitlab-token /var/lib/python-ci/gitlab_token \
--gitea-token /var/lib/python-ci/gitea_token --output /run/python-ci
''}/bin/run.sh";
};
};
};
}

168
services/python-ci.py Executable file
View file

@ -0,0 +1,168 @@
#! /usr/bin/env nix-shell
#! nix-shell -i python3 -p "python3.withPackages(ps: [ps.pyramid ps.python-gitlab])"
from wsgiref.simple_server import make_server
from pyramid.config import Configurator
from pyramid.view import view_config, view_defaults
from pyramid.httpexceptions import HTTPNotFound
from subprocess import check_call, CalledProcessError
import urllib.request
import tarfile
from tempfile import TemporaryDirectory
from multiprocessing import Pool
from gitlab import Gitlab
import urllib.request
import json
import argparse
import hmac
import hashlib
def gitlab_build(payload, gl):
commit = gl.projects.get(payload['project']['path_with_namespace']).commits.get(payload['checkout_sha'])
commit.statuses.create({'state': 'running', 'name': 'Python CI'})
print("push from " + payload['user_name'])
print("repo: " + payload['project']['path_with_namespace'])
print("commit: " + payload['checkout_sha'])
temp_dir = TemporaryDirectory()
repo_dir = temp_dir.name + '/' + payload['project']['name'] + '-' + payload['checkout_sha']
archive_url = payload['project']['web_url'] + '/-/archive/' + payload['checkout_sha'] + \
'/' + payload['project']['name'] + '-' + payload['checkout_sha'] + '.tar.gz'
with urllib.request.urlopen(archive_url) as gitlab_archive:
with tarfile.open(fileobj=gitlab_archive, mode='r|gz') as gitlab_repo_files:
gitlab_repo_files.extractall(path=temp_dir.name)
check_call(['ls', '-lha', repo_dir])
try:
check_call(['nix-build', '-o', args.output + '/' + payload['project']['path_with_namespace'], repo_dir])
except CalledProcessError:
commit.statuses.create({'state': 'failed', 'name': 'Python CI'})
print("erreur build")
else:
commit.statuses.create({'state': 'success', 'name': 'Python CI'})
print("build terminé")
@view_defaults(
route_name="gitlab_payload", renderer="json", request_method="POST"
)
class GitlabHook(object):
def __init__(self, request):
self.request = request
self.payload = self.request.json
self.whitelist = ['nyanloutre/site-musique']
self.secret = open(args.secret, 'r').readline().splitlines()[0]
self.gitlab_token = open(args.gitlab_token, 'r').readline().splitlines()[0]
self.gl = Gitlab('https://gitlab.com', private_token=self.gitlab_token)
@view_config(header="X-Gitlab-Event:Push Hook")
def push_hook(self):
if self.payload['project']['path_with_namespace'] in self.whitelist and self.request.headers['X-Gitlab-Token'] == self.secret:
self.gl.projects.get(self.payload['project']['path_with_namespace']).commits.get(self.payload['checkout_sha']).statuses.create({'state': 'pending', 'name': 'Python CI'})
pool.apply_async(gitlab_build, (self.payload, self.gl))
return "build started"
else:
raise HTTPNotFound
def gitea_status_update(repo, commit, token, status):
url = 'https://gitea.nyanlout.re/api/v1/repos/' + repo + '/statuses/' + commit
print(url)
req = urllib.request.Request(url)
req.add_header('Content-Type', 'application/json; charset=utf-8')
req.add_header('accept', 'application/json')
req.add_header('Authorization', 'token ' + token)
jsondata = json.dumps({'state': status}).encode('utf-8')
req.add_header('Content-Length', len(jsondata))
urllib.request.urlopen(req, jsondata)
def gitea_build(payload, token):
commit = payload['after']
repo = payload['repository']['full_name']
gitea_status_update(repo, commit, token, 'pending')
print("push from " + payload['pusher']['username'])
print("repo: " + repo)
print("commit: " + commit)
temp_dir = TemporaryDirectory()
repo_dir = temp_dir.name + '/' + payload['repository']['name']
archive_url = payload['repository']['html_url'] + '/archive/' + commit + '.tar.gz'
with urllib.request.urlopen(archive_url) as gitea_archive:
with tarfile.open(fileobj=gitea_archive, mode='r|gz') as gitea_repo_files:
gitea_repo_files.extractall(path=temp_dir.name)
check_call(['ls', '-lha', repo_dir])
try:
check_call(['nix-build', '-o', args.output + '/' + repo, repo_dir])
except CalledProcessError:
gitea_status_update(repo, commit, token, 'failure')
print("erreur build")
else:
gitea_status_update(repo, commit, token, 'success')
print("build terminé")
@view_defaults(
route_name="gitea_payload", renderer="json", request_method="POST"
)
class GiteaHook(object):
def __init__(self, request):
self.payload = request.json
self.whitelist = ['nyanloutre/site-musique', 'nyanloutre/site-max']
self.gitea_token = open(args.gitea_token, 'r').readline().strip()
@view_config(header=["X-Gitea-Event:push", "X-Gitea-Signature"], check_hmac=True)
def push_hook(self):
if self.payload['repository']['full_name'] in self.whitelist:
pool.apply_async(gitea_build, (self.payload, self.gitea_token))
return "build started"
else:
raise HTTPNotFound
class CheckHmacPredicate(object):
def __init__(self, val, info):
self.secret = open(args.secret, 'r').readline().strip().encode()
def text(self):
return 'HMAC checking enabled'
phash = text
def __call__(self, context, request):
payload_signature = hmac.new(self.secret, request.body, hashlib.sha256).hexdigest()
return hmac.compare_digest(request.headers["X-Gitea-Signature"], payload_signature)
if __name__ == "__main__":
parser = argparse.ArgumentParser(description='CI server')
parser.add_argument('--address', help='listening address', default='127.0.0.1')
parser.add_argument('--port', type=int, help='listening port')
parser.add_argument('--output', help='output directory')
parser.add_argument('--secret', help='repo secret file')
parser.add_argument('--gitlab-token', help='gitlab token file')
parser.add_argument('--gitea-token', help='gitea token file')
args = parser.parse_args()
pool = Pool(1)
config = Configurator()
config.add_view_predicate('check_hmac', CheckHmacPredicate)
config.add_route("gitlab_payload", "/gitlab_payload")
config.add_route("gitea_payload", "/gitea_payload")
config.scan()
app = config.make_wsgi_app()
server = make_server(args.address, args.port, app)
print('listening ...')
server.serve_forever()

120
services/sdtdserver.nix Normal file
View file

@ -0,0 +1,120 @@
{lib, config, pkgs, ... }:
with lib;
let
cfg = config.services.sdtdserver;
gamePath = "/var/lib/sdtdserver";
gameOptions = {
ServerPort="26900";
ServerVisibility="2";
ServerName="Serveur des loutres";
ServerPassword="";
ServerMaxPlayerCount="16";
ServerReservedSlots="0";
ServerReservedSlotsPermission="100";
ServerAdminSlots="0";
ServerAdminSlotsPermission="0";
ServerDescription="Un serveur idiot anti gilets jaunes";
ServerWebsiteURL="";
ServerDisabledNetworkProtocols="";
GameWorld="Navezgane";
WorldGenSeed="Lakeu";
WorldGenSize="4096";
GameName="Lakeu";
GameDifficulty="2";
GameMode="GameModeSurvival";
ZombiesRun="0";
ZombieMove="0";
ZombieMoveNight="3";
ZombieFeralMove="3";
ZombieBMMove="3";
BuildCreate="false";
DayNightLength="60";
DayLightLength="18";
PlayerKillingMode="3";
PersistentPlayerProfiles="false";
PlayerSafeZoneLevel="5";
PlayerSafeZoneHours="5";
ControlPanelEnabled="false";
ControlPanelPort="8080";
ControlPanelPassword="CHANGEME";
TelnetEnabled="false";
TelnetPort="8081";
TelnetPassword="";
TelnetFailedLoginLimit="10";
TelnetFailedLoginsBlocktime="10";
TerminalWindowEnabled="false";
AdminFileName="serveradmin.xml";
DropOnDeath="0";
DropOnQuit="0";
BloodMoonEnemyCount="8";
EnemySpawnMode="true";
EnemyDifficulty="0";
BlockDurabilityModifier="100";
LootAbundance="100";
LootRespawnDays="30";
LandClaimSize="41";
LandClaimDeadZone="30";
LandClaimExpiryTime="3";
LandClaimDecayMode="0";
LandClaimOnlineDurabilityModifier="4";
LandClaimOfflineDurabilityModifier="4";
PartySharedKillRange="100";
AirDropFrequency="72";
AirDropMarker="false";
MaxSpawnedZombies="60";
MaxSpawnedAnimals="50";
EACEnabled="true";
HideCommandExecutionLog="0";
MaxUncoveredMapChunksPerPlayer="131072";
BedrollDeadZoneSize="15";
ServerLoginConfirmationText="Prout";
};
gameConfig = builtins.toFile "serverconfig.xml" ''
<?xml version="1.0"?>
<ServerSettings>
${concatStrings (
mapAttrsToList (name: value:
" <property name=\"${name}\" value=\"${value}\"/>\n"
) gameOptions)}
</ServerSettings>
'';
in
{
options.services.sdtdserver = {
enable = mkEnableOption "Activation du serveur dédié 7 Days to Die";
};
config = mkIf cfg.enable {
systemd.services.sdtdserver = {
description = "Serveur dédié 7 Days to Die";
requires = ["network-online.target"];
wantedBy = ["multi-user.target"];
environment = { HOME = gamePath; };
serviceConfig = {
DynamicUser = true;
StateDirectory = "sdtdserver";
};
preStart = let
libPath = with pkgs; lib.makeLibraryPath [
stdenv.cc.cc.lib
];
in ''
${pkgs.steamcmd}/bin/steamcmd +login anonymous +force_install_dir ${gamePath} +app_update 294420 validate +quit
install -m666 ${gameConfig} ${gamePath}/serverconfig.xml
'';
script = ''
${pkgs.steam-run}/bin/steam-run ${gamePath}/7DaysToDieServer.x86_64 -quit -batchmode -nographics -dedicated -configfile=serverconfig.xml
'';
};
networking.firewall = {
allowedTCPPorts = [ 26900 ];
allowedUDPPorts = [ 26900 26901 26902 ];
};
};
}

10
systems/ASUS-G46VW/configuration.nix
View file

@ -5,7 +5,8 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = [ imports =
[
../common-cli.nix ../common-cli.nix
../common-gui.nix ../common-gui.nix
./hardware-configuration.nix ./hardware-configuration.nix
@ -55,12 +56,7 @@
users.extraUsers.paul = { users.extraUsers.paul = {
isNormalUser = true; isNormalUser = true;
uid = 1000; uid = 1000;
extraGroups = [ extraGroups = [ "wheel" "networkmanager" "wireshark" "dialout" ];
"wheel"
"networkmanager"
"wireshark"
"dialout"
];
}; };
services.syncthing.enable = true; services.syncthing.enable = true;

31
systems/ASUS-G46VW/hardware-configuration.nix
View file

@ -1,25 +1,14 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
{ {
imports = [ imports =
<nixpkgs/nixos/modules/installer/scan/not-detected.nix> [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
]; ];
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" ];
"xhci_pci"
"ehci_pci"
"ahci"
"usb_storage"
"sd_mod"
];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
@ -30,18 +19,18 @@
hardware.nvidia.optimus_prime.nvidiaBusId = "PCI:1:0:0"; hardware.nvidia.optimus_prime.nvidiaBusId = "PCI:1:0:0";
hardware.nvidia.optimus_prime.intelBusId = "PCI:0:2:0"; hardware.nvidia.optimus_prime.intelBusId = "PCI:0:2:0";
fileSystems."/" = { fileSystems."/" =
device = "/dev/disk/by-uuid/7bd3a09b-b188-4ce7-bdcc-d5c5087edc86"; { device = "/dev/disk/by-uuid/7bd3a09b-b188-4ce7-bdcc-d5c5087edc86";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = { fileSystems."/boot" =
device = "/dev/disk/by-uuid/A25A-1786"; { device = "/dev/disk/by-uuid/A25A-1786";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = [ swapDevices =
{ device = "/dev/disk/by-uuid/156cd5e8-715c-48a5-9df4-14565227a6c9"; } [ { device = "/dev/disk/by-uuid/156cd5e8-715c-48a5-9df4-14565227a6c9"; }
]; ];
nix.maxJobs = lib.mkDefault 8; nix.maxJobs = lib.mkDefault 8;

47
systems/LoutreOS/config-overviewer.py Normal file
View file

@ -0,0 +1,47 @@
from .observer import MultiplexingObserver, LoggingObserver, JSObserver
global escape
from cgi import escape
def signFilter(poi):
if poi['id'] == 'Sign' or poi['id'] == 'minecraft:sign':
return "<pre>" + "\n".join(map(escape, [poi['Text1'], poi['Text2'], poi['Text3'], poi['Text4']])) + "</pre>"
global json
import json
def petFilter(poi):
if "CustomName" in poi:
custom_name = json.loads(poi['CustomName'])
if "text" in custom_name:
return custom_name["text"]
def playerIcons(poi):
if poi['id'] == 'Player':
poi['icon'] = "https://overviewer.org/avatar/%s" % poi['EntityId']
return "Last known location for %s" % poi['EntityId']
processes = 2
worlds["My world"] = "/var/lib/minecraft/world"
renders["Vue normale"] = {
"world": "My world",
"title": "Vue normale",
"texturepath": "@CLIENT_JAR@",
"rendermode": smooth_lighting,
'markers': [dict(name="All signs", filterFunction=signFilter),
dict(name="Pets", filterFunction=petFilter, icon="icons/marker_cat.png", createInfoWindow=False, checked=True),
dict(name="Position joueurs", filterFunction=playerIcons),],
}
cave_rendermode = [Base(), EdgeLines(), Cave(only_lit=True), DepthTinting()]
renders["Grottes"] = {
"world": "My world",
"title": "Grottes",
"texturepath": "@CLIENT_JAR@",
"rendermode": cave_rendermode,
}
outputdir = "/var/www/minecraft-overviewer"
observer = MultiplexingObserver(LoggingObserver(), JSObserver(outputdir))

158
systems/LoutreOS/configuration.nix
View file

@ -1,23 +1,18 @@
{ # Edit this configuration file to define what should be installed on
config, # your system. Help is available in the configuration.nix(5) man page
pkgs, # and in the NixOS manual (accessible by running nixos-help).
inputs,
... { config, pkgs, ... }:
}:
{ {
imports = [ imports = [
../common-cli.nix ../common-cli.nix
./hardware-configuration.nix ./hardware-configuration.nix
./network.nix
./users.nix ./users.nix
./services.nix ./services.nix
]; ];
nix.settings.trusted-users = [ nix.trustedUsers = [ "root" "paul" ];
"root"
"paul"
];
boot = { boot = {
loader = { loader = {
@ -27,29 +22,144 @@
supportedFilesystems = [ "zfs" ]; supportedFilesystems = [ "zfs" ];
tmp.useTmpfs = true; tmpOnTmpfs = true;
# Enabling both boot.enableContainers & virtualisation.containers on system.stateVersion < 22.05 is unsupported
enableContainers = false;
}; };
documentation.nixos.enable = false; documentation.nixos.enable = false;
nixpkgs.config.allowUnfree = false;
nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem pkg.pname or (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.32.1-slimserver" "minecraft-server" ]);
services.zfs = { services.zfs = {
autoSnapshot.enable = true; autoSnapshot.enable = true;
autoScrub = { autoScrub.enable = true;
enable = true; };
interval = "monthly";
hardware.usbWwan.enable = true;
# eno1 -> VLAN100 -> Internet
# eno2 -> LAN
# eno3 -> Legacy client DHCP
# eno4 -> Pas utilisé
networking = {
hostName = "loutreos"; # Define your hostname.
hostId = "7e66e347";
useNetworkd = true;
useDHCP = false;
vlans = {
bouygues = {
id = 100;
interface = "eno1";
};
chinoiseries = {
id = 20;
interface = "eno2";
}; };
}; };
interfaces = {
bouygues = {
# Adresse MAC BBox ? https://lafibre.info/remplacer-bbox/informations-de-connexion-ftth/msg598303/#msg598303
macAddress = "E8:AD:A6:21:73:68";
useDHCP = true;
};
eno2 = {
ipv4.addresses = [
{ address = "10.30.0.1"; prefixLength = 16; }
];
};
chinoiseries = {
ipv4.addresses = [
{ address = "10.40.0.1"; prefixLength = 16; }
];
};
enp0s21u2.useDHCP = true;
};
# NAT bouygues <-> eno2
nat = {
enable = true;
externalInterface = "bouygues";
# Permet d'utiliser le SNAT plus rapide au lieu de MASQUERADE
# externalIP = "0.0.0.0";
internalIPs = [ "10.30.0.0/16" "10.40.0.0/16" ];
internalInterfaces = [ "eno2" "chinoiseries" ];
forwardPorts = [
{ destination = "10.30.0.1:22"; proto = "tcp"; sourcePort = 8443;}
{ destination = "10.30.135.35:25565"; proto = "tcp"; sourcePort = 25565; loopbackIPs=[ "195.36.180.44" ];}
];
};
firewall = {
allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [ ];
interfaces.eno2 = {
allowedTCPPorts = [
111 2049 4000 4001 4002 # NFS
3483 9000 9090 # Slimserver
1935 # RTMP
];
allowedUDPPorts = [
111 2049 4000 4001 4002 # NFS
3483 # Slimserver
];
};
enable = true;
};
};
systemd.network.networks = {
"40-bouygues" = {
dhcpV4Config.RouteMetric = 1;
networkConfig.KeepConfiguration = "dhcp-on-stop";
};
"40-enp0s21u2".dhcpV4Config.RouteMetric = 1024;
};
services.dhcpd4 = {
enable = true;
interfaces = [ "eno2" "chinoiseries" ];
machines = [
{ ethernetAddress = "50:c7:bf:b6:b8:ef"; hostName = "HS110"; ipAddress = "10.30.50.7"; }
{ ethernetAddress = "ac:1f:6b:4b:01:15"; hostName = "IPMI"; ipAddress = "10.30.1.1"; }
{ ethernetAddress = "b4:2e:99:ed:24:26"; hostName = "paul-fixe"; ipAddress = "10.30.50.1"; }
#ESPHome
{ ethernetAddress = "e0:98:06:85:e9:ce"; hostName = "salonled"; ipAddress = "10.30.40.1"; }
{ ethernetAddress = "e0:98:06:86:38:fc"; hostName = "bureauled"; ipAddress = "10.30.40.2"; }
{ ethernetAddress = "50:02:91:78:be:be"; hostName = "guirlande"; ipAddress = "10.30.40.3"; }
# YeeLights
{ ethernetAddress = "04:cf:8c:b5:7e:18"; hostName = "yeelink-light-color3_miap7e18"; ipAddress = "10.40.249.0"; }
{ ethernetAddress = "04:cf:8c:b5:2d:28"; hostName = "yeelink-light-color3_miap2d28"; ipAddress = "10.40.249.1"; }
{ ethernetAddress = "04:cf:8c:b5:71:04"; hostName = "yeelink-light-color3_miap7104"; ipAddress = "10.40.249.2"; }
];
extraConfig = ''
option domain-name-servers 89.234.141.66, 80.67.169.12, 80.67.169.40;
option subnet-mask 255.255.0.0;
subnet 10.30.0.0 netmask 255.255.0.0 {
option routers 10.30.0.1;
range 10.30.100.0 10.30.200.0;
}
subnet 10.40.0.0 netmask 255.255.0.0 {
option routers 10.40.0.1;
range 10.40.100.0 10.40.200.0;
}
'';
};
nixpkgs.overlays = [
(import ../../overlays/riot-web.nix)
];
services.openssh = { services.openssh = {
enable = true; enable = true;
settings = { permitRootLogin = "no";
PermitRootLogin = "no"; passwordAuthentication = false;
PasswordAuthentication = false; forwardX11 = true;
X11Forwarding = true;
};
}; };
users = { users = {
@ -62,6 +172,8 @@
}; };
}; };
services.autossh.sessions = [ { extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 loutre@vps772619.ovh.net"; monitoringPort = 20000; name = "backup-ssh-reverse"; user = "autossh"; } ];
virtualisation.podman.enable = true; virtualisation.podman.enable = true;
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;

160
systems/LoutreOS/hardware-configuration.nix
View file

@ -1,203 +1,181 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
{ {
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
"ahci"
"xhci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
"sr_mod"
];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" =
device = "/dev/disk/by-uuid/fec13566-5528-4859-b185-ce37ac2665eb"; { device = "/dev/disk/by-uuid/fec13566-5528-4859-b185-ce37ac2665eb";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = { fileSystems."/boot" =
device = "/dev/disk/by-uuid/5306-AD9A"; { device = "/dev/disk/by-uuid/5306-AD9A";
fsType = "vfat"; fsType = "vfat";
}; };
fileSystems."/var/lib/acme" = { fileSystems."/var/lib/acme" =
device = "loutrepool/var/acme"; { device = "loutrepool/var/acme";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/certs" = { fileSystems."/var/certs" =
device = "loutrepool/var/certs"; { device = "loutrepool/var/certs";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib/transmission" = { fileSystems."/var/lib/transmission" =
device = "loutrepool/var/transmission"; { device = "loutrepool/var/transmission";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib/matrix-synapse" = { fileSystems."/var/lib/matrix-synapse" =
device = "loutrepool/var/matrix-synapse"; { device = "loutrepool/var/matrix-synapse";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib/radarr" = { fileSystems."/var/lib/radarr" =
device = "loutrepool/var/radarr"; { device = "loutrepool/var/radarr";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib/grafana" = { fileSystems."/var/lib/grafana" =
device = "loutrepool/var/grafana"; { device = "loutrepool/var/grafana";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib/slimserver" = { fileSystems."/var/lib/slimserver" =
device = "loutrepool/var/slimserver"; { device = "loutrepool/var/slimserver";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/db/influxdb" = { fileSystems."/var/db/influxdb" =
device = "loutrepool/var/influxdb"; { device = "loutrepool/var/influxdb";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib/postgresql" = { fileSystems."/var/lib/postgresql" =
device = "loutrepool/var/postgresql"; { device = "loutrepool/var/postgresql";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib/syncthing" = { fileSystems."/var/lib/syncthing" =
device = "loutrepool/var/syncthing"; { device = "loutrepool/var/syncthing";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/mnt/medias/incomplete" = { fileSystems."/mnt/medias/incomplete" =
device = "loutrepool/torrent-dl"; { device = "loutrepool/torrent-dl";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/mnt/medias" = { fileSystems."/mnt/medias" =
device = "loutrepool/medias"; { device = "loutrepool/medias";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/sieve" = { fileSystems."/var/sieve" =
device = "loutrepool/var/sieve"; { device = "loutrepool/var/sieve";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/vmail" = { fileSystems."/var/vmail" =
device = "loutrepool/var/vmail"; { device = "loutrepool/var/vmail";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib/sonarr" = { fileSystems."/var/lib/sonarr" =
device = "loutrepool/var/sonarr"; { device = "loutrepool/var/sonarr";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib/jackett" = { fileSystems."/var/lib/jackett" =
device = "loutrepool/var/jackett"; { device = "loutrepool/var/jackett";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib/gitea" = { fileSystems."/var/lib/gitea" =
device = "loutrepool/var/gitea"; { device = "loutrepool/var/gitea";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib/private/sdtdserver" = { fileSystems."/var/lib/private/sdtdserver" =
device = "loutrepool/var/sdtdserver"; { device = "loutrepool/var/sdtdserver";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib/private/factorio" = { fileSystems."/var/lib/private/factorio" =
device = "loutrepool/var/factorio"; { device = "loutrepool/var/factorio";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/dkim" = { fileSystems."/var/dkim" =
device = "loutrepool/var/dkim"; { device = "loutrepool/var/dkim";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/vsftpd" = { fileSystems."/var/vsftpd" =
device = "loutrepool/var/vsftpd"; { device = "loutrepool/var/vsftpd";
fsType = "zfs"; fsType = "zfs";
}; };
# fileSystems."/mnt/backup" = fileSystems."/mnt/backup" =
# { device = "backup"; { device = "backup";
# fsType = "zfs";
# };
fileSystems."/mnt/backup_loutre" = {
device = "loutrepool/backup";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/mnt/secrets" = { fileSystems."/mnt/backup_loutre" =
device = "loutrepool/secrets"; { device = "loutrepool/backup";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib/minecraft" = { fileSystems."/mnt/secrets" =
device = "loutrepool/var/minecraft"; { device = "loutrepool/secrets";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/www" = { fileSystems."/var/lib/minecraft" =
device = "loutrepool/var/www"; { device = "loutrepool/var/minecraft";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib/mastodon" = { fileSystems."/var/www" =
device = "loutrepool/var/mastodon"; { device = "loutrepool/var/www";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib/hass" = { fileSystems."/var/lib/mastodon" =
device = "loutrepool/var/hass"; { device = "loutrepool/var/mastodon";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib/nextcloud" = { fileSystems."/var/lib/hass" =
device = "loutrepool/var/nextcloud"; { device = "loutrepool/var/hass";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib/private/photoprism" = { fileSystems."/mnt/paul-home" =
device = "loutrepool/var/photoprism"; { device = "loutrepool/zfs-replicate/paul-fixe/fastaf/home";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/mnt/paul-home" = { fileSystems."/mnt/webdav" =
device = "loutrepool/zfs-replicate/paul-fixe/fastaf/home"; { device = "loutrepool/webdav";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/mnt/webdav" = { swapDevices =
device = "loutrepool/webdav"; [
fsType = "zfs";
};
swapDevices = [
{ {
device = "/var/swapfile"; device = "/var/swapfile";
size = 8096; size = 8096;
} }
]; ];
nix.settings.max-jobs = lib.mkDefault 4; nix.maxJobs = lib.mkDefault 4;
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
} }

214
systems/LoutreOS/medias.nix
View file

@ -1,16 +1,9 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
pkgs-4a3fc4cf7,
...
}:
{ {
services = { services = {
transmission = { transmission = {
enable = true; enable = true;
package = pkgs-4a3fc4cf7.transmission_4;
home = "/var/lib/transmission"; home = "/var/lib/transmission";
group = "medias"; group = "medias";
settings = { settings = {
@ -20,178 +13,25 @@
rpc-whitelist-enabled = false; rpc-whitelist-enabled = false;
peer-port = 51413; peer-port = 51413;
incomplete-dir = "/mnt/medias/incomplete"; incomplete-dir = "/mnt/medias/incomplete";
download-dir = "/mnt/medias/torrent";
}; };
}; };
radarr.enable = true; radarr.enable = true;
sonarr.enable = true; sonarr.enable = true;
prowlarr.enable = true; jackett.enable = true;
recyclarr = {
jellyfin = {
enable = true; enable = true;
configuration = { package = pkgs.jellyfin;
radarr.radarr_main = {
api_key = {
_secret = "/run/credentials/recyclarr.service/radarr-api_key";
};
base_url = "http://localhost:7878";
include = [
{
template = "radarr-quality-definition-movie";
}
{
template = "radarr-quality-profile-hd-bluray-web-french-multi-vf";
}
{
template = "radarr-custom-formats-hd-bluray-web-french-multi-vf";
}
{
template = "radarr-quality-profile-hd-bluray-web-french-multi-vo";
}
{
template = "radarr-custom-formats-hd-bluray-web-french-multi-vo";
}
];
delete_old_custom_formats = true;
replace_existing_custom_formats = true;
custom_formats = [
# ===== Versions françaises =====
{
trash_ids = [
"404c08fd0bd67f39b4d8e5709319094e" # VFF
"29b5f7b1a5f20f64228786c3ab1bdc7d" # VF2
];
assign_scores_to = [
{
name = "FR-MULTi-VF-HD";
score = 101;
}
{
name = "FR-MULTi-VO-HD";
score = 101;
}
];
}
{
trash_ids = [
"4cafa20d5584f6ba1871d1b8941aa3cb" # VOF
"52772f1cad6b5d26c2551f79bc538a50" # VFI
"f7caa1942be5cc547c266bd3dbc2cda9" # VOQ
"95aa50f71a01c82354a7a2b385f1c4d8" # VQ
"b3fb499641d7b3c2006be1d9eb014cb3" # VFB
];
assign_scores_to = [
{
name = "FR-MULTi-VF-HD";
score = 0;
}
{
name = "FR-MULTi-VO-HD";
score = 0;
}
];
}
{
trash_ids = [
"b6ace47331a1d3b77942fc18156f6df6" # VFQ
];
assign_scores_to = [
{
name = "FR-MULTi-VF-HD";
score = -101;
}
{
name = "FR-MULTi-VO-HD";
score = -101;
}
];
}
];
};
sonarr.sonarr_main = {
api_key = {
_secret = "/run/credentials/recyclarr.service/sonarr-api_key";
};
base_url = "http://localhost:8989";
include = [
{
template = "sonarr-quality-definition-series";
}
{
template = "sonarr-v4-quality-profile-bluray-web-1080p-french-multi-vf";
}
{
template = "sonarr-v4-custom-formats-bluray-web-1080p-french-multi-vf";
}
{
template = "sonarr-v4-quality-profile-bluray-web-1080p-french-multi-vo";
}
{
template = "sonarr-v4-custom-formats-bluray-web-1080p-french-multi-vo";
}
];
delete_old_custom_formats = true;
replace_existing_custom_formats = true;
custom_formats = [
# ===== Versions françaises =====
{
trash_ids = [
"2c29a39a4fdfd6d258799bc4c09731b9" # VFF
"34789ec3caa819f087e23bbf9999daf7" # VF2
];
assign_scores_to = [
{
name = "FR-MULTi-VF-WEB-1080p";
score = 101;
}
{
name = "FR-MULTi-VO-WEB-1080p";
score = 101;
}
];
}
{
trash_ids = [
"7ae924ee9b2f39df3283c6c0beb8a2aa" # VOF
"b6816a0e1d4b64bf3550ad3b74b009b6" # VFI
"802dd70b856c423a9b0cb7f34ac42be1" # VOQ
"82085412d9a53ba8d8e46fc624eb701d" # VQ
"0ce1e39a4676c6692ce47935278dac76" # VFB
];
assign_scores_to = [
{
name = "FR-MULTi-VF-WEB-1080p";
score = 0;
}
{
name = "FR-MULTi-VO-WEB-1080p";
score = 0;
}
];
}
{
trash_ids = [
"7a7f4e4f58bd1058440236d033a90b67" # VFQ
];
assign_scores_to = [
{
name = "FR-MULTi-VF-WEB-1080p";
score = -101;
}
{
name = "FR-MULTi-VO-WEB-1080p";
score = -101;
}
];
}
];
};
};
}; };
jellyfin.enable = true; navidrome = {
slimserver.enable = true; enable = true;
settings = {
MusicFolder = "/mnt/medias/musique";
ImageCacheSize = 0;
};
};
}; };
systemd.services.transmission.serviceConfig = { systemd.services.transmission.serviceConfig = {
@ -199,15 +39,6 @@
LimitNOFILE = 1048576; LimitNOFILE = 1048576;
}; };
systemd.services.recyclarr.serviceConfig.LoadCredential = [
"radarr-api_key:/mnt/secrets/radarr-api_key"
"sonarr-api_key:/mnt/secrets/sonarr-api_key"
];
systemd.services.transmission.serviceConfig = {
TimeoutStartSec = "20min";
};
networking = { networking = {
firewall.allowedTCPPorts = [ firewall.allowedTCPPorts = [
config.services.transmission.settings.peer-port config.services.transmission.settings.peer-port
@ -217,4 +48,25 @@
config.services.transmission.settings.peer-port config.services.transmission.settings.peer-port
]; ];
}; };
virtualisation.oci-containers = {
backend = "podman";
containers = {
slimserver = {
image = "docker.io/lmscommunity/logitechmediaserver:stable";
volumes = [
"/mnt/medias/musique:/music:ro"
"/var/lib/slimserver:/config:rw"
"/etc/localtime:/etc/localtime:ro"
];
ports = [
"10.30.0.1:9000:9000/tcp"
"10.30.0.1:9090:9090/tcp"
"10.30.0.1:3483:3483/tcp"
"10.30.0.1:3483:3483/udp"
];
extraOptions = ["--pull=always"];
};
};
};
} }

95
systems/LoutreOS/monitoring.nix
View file

@ -1,7 +1,4 @@
{ { config, lib, pkgs, ... }:
pkgs,
...
}:
let let
domaine = "nyanlout.re"; domaine = "nyanlout.re";
@ -10,7 +7,7 @@ in
services = { services = {
smartd = { smartd = {
enable = true; enable = true;
defaults.monitored = "-a -o on -s (S/../.././02|L/../15/./02)"; defaults.monitored = "-a -o on -s (S/../.././02|L/../../1/04)";
notifications.mail = { notifications.mail = {
enable = true; enable = true;
recipient = "paul@nyanlout.re"; recipient = "paul@nyanlout.re";
@ -25,43 +22,29 @@ in
telegraf = { telegraf = {
enable = true; enable = true;
extraConfig = { extraConfig = {
agent = {
# Mitigation for periodic high load average
# https://github.com/influxdata/telegraf/issues/3465
collection_jitter = "5s";
};
inputs = { inputs = {
zfs = { zfs = { poolMetrics = true; };
poolMetrics = true; net = { interfaces = [ "eno1" "eno2" "eno3" "eno4" ]; };
}; netstat = {};
net = { }; cpu = { totalcpu = true; };
netstat = { }; kernel = {};
cpu = { mem = {};
totalcpu = true; processes = {};
}; system = {};
kernel = { }; disk = {};
mem = { };
processes = { };
system = { };
disk = { };
cgroup = [ cgroup = [
{ {
paths = [ paths = [
"/sys/fs/cgroup/system.slice/*" "/sys/fs/cgroup/system.slice/*"
]; ];
files = [ files = ["memory.current" "cpu.stat"];
"memory.current"
"cpu.stat"
];
} }
]; ];
ipmi_sensor = { ipmi_sensor = { path = "${pkgs.ipmitool}/bin/ipmitool"; };
path = "${pkgs.ipmitool}/bin/ipmitool";
};
smart = { smart = {
path = "${pkgs.writeShellScriptBin "smartctl" "/run/wrappers/bin/sudo ${pkgs.smartmontools}/bin/smartctl $@"}/bin/smartctl"; path = "${pkgs.writeShellScriptBin "smartctl" "/run/wrappers/bin/sudo ${pkgs.smartmontools}/bin/smartctl $@"}/bin/smartctl";
}; };
exec = [ exec= [
{ {
commands = [ commands = [
"${pkgs.python3}/bin/python ${pkgs.writeText "zpool.py" '' "${pkgs.python3}/bin/python ${pkgs.writeText "zpool.py" ''
@ -93,10 +76,7 @@ in
]; ];
}; };
outputs = { outputs = {
influxdb = { influxdb = { database = "telegraf"; urls = [ "http://localhost:8086" ]; };
database = "telegraf";
urls = [ "http://localhost:8086" ];
};
}; };
}; };
}; };
@ -107,27 +87,18 @@ in
grafana = { grafana = {
enable = true; enable = true;
addr = "127.0.0.1";
dataDir = "/var/lib/grafana"; dataDir = "/var/lib/grafana";
settings = { extraOptions = {
server = { SERVER_ROOT_URL = "https://grafana.${domaine}";
http_addr = "127.0.0.1"; SMTP_ENABLED = "true";
root_url = "https://grafana.${domaine}"; SMTP_FROM_ADDRESS = "grafana@${domaine}";
}; SMTP_SKIP_VERIFY = "true";
smtp = { AUTH_DISABLE_LOGIN_FORM = "true";
enabled = true; AUTH_DISABLE_SIGNOUT_MENU = "true";
from_address = "grafana@${domaine}"; AUTH_ANONYMOUS_ENABLED = "true";
skip_verify = true; AUTH_ANONYMOUS_ORG_ROLE = "Admin";
}; AUTH_BASIC_ENABLED = "false";
auth = {
disable_signout_menu = true;
};
"auth.basic" = {
enabled = false;
};
"auth.proxy" = {
enabled = true;
header_name = "X-WEBAUTH-USER";
};
}; };
}; };
@ -137,19 +108,7 @@ in
}; };
}; };
systemd.services.influxdb.serviceConfig = {
TimeoutStartSec = "10min";
};
security.sudo.extraRules = [ security.sudo.extraRules = [
{ { commands = [ { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } ]; users = [ "telegraf" ]; }
commands = [
{
command = "${pkgs.smartmontools}/bin/smartctl";
options = [ "NOPASSWD" ];
}
];
users = [ "telegraf" ];
}
]; ];
} }

391
systems/LoutreOS/network.nix
View file

@ -1,391 +0,0 @@
{
config,
pkgs,
inputs,
...
}:
{
boot = {
kernel.sysctl = {
"net.ipv6.conf.all.forwarding" = true;
"net.ipv6.conf.default.forwarding" = true;
"net.ipv4.conf.all.forwarding" = true;
"net.ipv4.conf.default.forwarding" = true;
};
};
# Enable LTE drivers
hardware.usb-modeswitch.enable = true;
##################
# NETWORK CONFIG #
##################
# eno1 -> VLAN100 -> Internet
# eno2 -> LAN
# eno3 -> Pas utilisé
# eno4 -> Pas utilisé
# enp0s21u1 -> Clé 4G Bouygues
# wg0 -> Tunnel Wireguard ARN
networking = {
hostName = "loutreos"; # Define your hostname.
hostId = "7e66e347";
useNetworkd = true;
useDHCP = false;
nameservers = [
# https://www.dns0.eu/fr
"193.110.81.0"
"185.253.5.0"
];
vlans = {
bouygues = {
id = 100;
interface = "eno1";
};
};
interfaces = {
bouygues = {
# Adresse MAC BBox : https://lafibre.info/remplacer-bbox/informations-de-connexion-ftth/msg598303/#msg598303
macAddress = "E8:AD:A6:21:73:68";
useDHCP = true;
};
eno2 = {
ipv4.addresses = [
{
address = "10.30.0.1";
prefixLength = 16;
}
];
};
enp0s21u1.useDHCP = true;
};
nftables = {
enable = true;
flushRuleset = false;
tables = {
"multi-wan-routing" = {
family = "inet";
content = ''
chain PREROUTING {
type filter hook prerouting priority mangle; policy accept;
# Restore the packet's CONNMARK to the MARK for existing incoming connections
counter meta mark set ct mark
# If packet MARK is set, then it means that there is already a connection mark
meta mark != 0x00000000 counter accept
# Else, we need to mark the packet.
# If the packet is incoming on bouygues then set MARK to 1, LTE MARK 2 and VPN MARK 3
iifname "bouygues" counter meta mark set 0x1
iifname "enp0s21u1" counter meta mark set 0x2
iifname "wg0" counter meta mark set 0x3
# Save new mark in CONNMARK
counter ct mark set mark
}
chain OUTPUT {
type route hook output priority mangle; policy accept;
# Restore CONNMARK to MARK for outgoing packets before final routing decision
counter meta mark set ct mark
}
chain POSTROUTING {
type filter hook postrouting priority mangle; policy accept;
# Save MARK to CONNMARK
counter ct mark set mark
}
'';
};
"redirect-external-to-local" = {
family = "ip";
content = ''
chain PREROUTING {
type nat hook prerouting priority dstnat; policy accept;
# Redirect local network request from server external IP to internal IP
# This allow access to server without internet access
ip saddr 10.30.0.0/16 ip daddr 176.180.172.105 counter dnat to 10.30.0.1
}
'';
};
};
};
firewall = {
enable = true;
allowedTCPPorts = [
80
443
];
allowedUDPPorts = [ ];
# Open ports on local netwok only
interfaces.eno2 = {
allowedTCPPorts = [
111
2049
4000
4001
4002 # NFS
3483
9000
9090 # Slimserver
1935 # RTMP
];
allowedUDPPorts = [
111
2049
4000
4001
4002 # NFS
3483 # Slimserver
67 # DHCP
];
};
# Don't forward incoming IPv6 requests to local network
filterForward = true;
extraForwardRules = ''
# Forward all IPv6 traffic from local network
iifname "eno2" counter accept
'';
};
};
systemd.services.systemd-networkd = {
unitConfig = {
RequiresMountsFor = "/mnt/secrets/wireguard";
};
serviceConfig = {
LoadCredential = [
"network.wireguard.private.wg0:/mnt/secrets/wireguard/wireguard.private"
"network.wireguard.preshared.wg0:/mnt/secrets/wireguard/wireguard.preshared"
];
};
};
#################
# ROUTING RULES #
#################
# 0: from all lookup local
# 60: from all iif lo dport 25 lookup vpn # mails are forced to vpn table
# 32766: from all lookup main # main table should contain no default routes, only local network routes
# 32767: from all lookup default
# 41000: from all fwmark 0x1 lookup fiber # fwmark indicate established connection that must go through same interface
# 42000: from all fwmark 0x2 lookup lte
# 43000: from all fwmark 0x3 lookup vpn
# 51000: from all lookup fiber # first table encountered with a default route if fiber is up
# 52000: from all lookup lte # first table encountered with a default route if fiber is down
systemd.network =
let
routeTables = {
fiber = 1;
lte = 2;
vpn = 3;
};
in
{
enable = true;
config = {
inherit routeTables;
addRouteTablesToIPRoute2 = true;
};
# Wireguard ARN device configuation
netdevs = {
"10-wg0" = {
netdevConfig = {
Kind = "wireguard";
Name = "wg0";
MTUBytes = "1450";
};
wireguardConfig = {
PrivateKey = "@network.wireguard.private.wg0";
RouteTable = routeTables.vpn;
};
wireguardPeers = [
{
Endpoint = "89.234.141.83:8095";
PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g=";
PresharedKey = "@network.wireguard.preshared.wg0";
AllowedIPs = [
"0.0.0.0/0"
"::/0"
];
PersistentKeepalive = 15;
}
];
};
};
networks = {
#########
# FIBER #
#########
# Set route metric to highest priority
# Set DHCP client magic settings for Bouygues
"40-bouygues" = {
dhcpV4Config.RouteTable = routeTables.fiber;
dhcpV6Config = {
DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68";
WithoutRA = "solicit";
};
ipv6AcceptRAConfig = {
DHCPv6Client = true;
RouteTable = routeTables.fiber;
};
networkConfig = {
KeepConfiguration = "dynamic-on-stop";
IPv6AcceptRA = true;
DHCPPrefixDelegation = true;
};
# Static attribution of first IPv6 subnet
dhcpPrefixDelegationConfig.SubnetId = "0";
# Route everything to fiber link with a priority of 40000
routingPolicyRules = [
{
FirewallMark = 1;
Table = routeTables.fiber;
Priority = 41000;
Family = "both";
}
{
Table = routeTables.fiber;
Priority = 51000;
Family = "both";
}
];
};
# Don't check VLAN physical interface as it is not directly used
"40-eno1".linkConfig.RequiredForOnline = "no";
#######
# LTE #
#######
# Set LTE route to lower priority
"40-enp0s21u1" = {
dhcpV4Config.RouteTable = routeTables.lte;
# Route all to lte link with a priority of 50000
routingPolicyRules = [
{
FirewallMark = 2;
Table = routeTables.lte;
Priority = 42000;
Family = "both";
}
{
Table = routeTables.lte;
Priority = 52000;
Family = "both";
}
];
};
#######
# VPN #
#######
# Wireguard ARN network configuation
"10-wg0" = {
matchConfig.Name = "wg0";
address = [
"89.234.141.196/32"
"2a00:5881:8119:400::1/128"
];
routingPolicyRules = [
# Route outgoing emails to VPN table
{
IncomingInterface = "lo";
DestinationPort = "25";
Table = routeTables.vpn;
Priority = 60;
Family = "both";
}
# Route packets originating from wg0 device to VPN table
# Allow server to respond on the wg0 interface requests
{
FirewallMark = 3;
Table = routeTables.vpn;
Priority = 43000;
Family = "both";
}
];
};
#######
# LAN #
#######
# LAN DHCP server config
"40-eno2" = {
networkConfig = {
IPv6SendRA = true;
DHCPPrefixDelegation = true;
DHCPServer = true;
IPMasquerade = "ipv4";
};
dhcpServerConfig = {
EmitRouter = true;
EmitDNS = true;
DNS = [
# https://www.dns0.eu/fr
"193.110.81.0"
"185.253.5.0"
];
};
dhcpServerStaticLeases = [
# IPMI
{
Address = "10.30.1.1";
MACAddress = "ac:1f:6b:4b:01:15";
}
# paul-fixe
{
Address = "10.30.50.1";
MACAddress = "b4:2e:99:ed:24:26";
}
# salonled
{
Address = "10.30.40.1";
MACAddress = "e0:98:06:85:e9:ce";
}
# miroir-bleu
{
Address = "10.30.40.2";
MACAddress = "e0:98:06:86:38:fc";
}
# miroir-orange
{
Address = "10.30.40.3";
MACAddress = "50:02:91:78:be:be";
}
];
ipv6SendRAConfig = {
EmitDNS = true;
DNS = [
# https://www.dns0.eu/fr
"2a0f:fc80::"
"2a0f:fc81::"
];
};
};
};
};
}

635
systems/LoutreOS/services.nix
View file

@ -1,18 +1,11 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
with lib; with lib;
let let
domaine = "nyanlout.re"; domaine = "nyanlout.re";
sendMail = sendMail = to: subject: message: pkgs.writeShellScriptBin "mail.sh" ''
to: subject: message:
pkgs.writeShellScriptBin "mail.sh" ''
${pkgs.system-sendmail}/bin/sendmail ${to} <<EOF ${pkgs.system-sendmail}/bin/sendmail ${to} <<EOF
From: root@nyanlout.re From: root@nyanlout.re
Subject: ${subject} Subject: ${subject}
@ -26,13 +19,16 @@ let
fi fi
''; '';
backup_mail_alert = backup_mail_alert = sendMail "paul@nyanlout.re" "ERREUR: Sauvegarde Borg" "Impossible de terminer la sauvegarde. Merci de voir les logs";
sendMail "paul@nyanlout.re" "ERREUR: Sauvegarde Borg"
"Impossible de terminer la sauvegarde. Merci de voir les logs"; unstable = import <nixos-unstable> { };
in in
{ {
imports = [ imports = [
../../services/python-ci.nix
../../services/sdtdserver.nix
# /mnt/secrets/factorio_secrets.nix
./monitoring.nix ./monitoring.nix
./medias.nix ./medias.nix
./web.nix ./web.nix
@ -66,7 +62,7 @@ in
}; };
# Certificate setup # Certificate setup
certificateScheme = "manual"; certificateScheme = 1;
certificateFile = "/var/lib/acme/${domaine}/fullchain.pem"; certificateFile = "/var/lib/acme/${domaine}/fullchain.pem";
keyFile = "/var/lib/acme/${domaine}/key.pem"; keyFile = "/var/lib/acme/${domaine}/key.pem";
@ -81,19 +77,46 @@ in
}; };
services = { services = {
postfix = {
relayHost = "mailvps.nyanlout.re";
relayPort = 587;
config = {
smtp_tls_cert_file = lib.mkForce "/var/lib/postfix/postfixrelay.crt";
smtp_tls_key_file = lib.mkForce "/var/lib/postfix/postfixrelay.key";
};
};
rspamd.workers.controller.extraConfig = '' rspamd.workers.controller.extraConfig = ''
secure_ip = ["0.0.0.0/0", "::"]; secure_ip = ["0.0.0.0/0"];
''; '';
# redis.enable = true; redis.enable = true;
# enable with nginx defult config logrotate = {
logrotate.enable = true; enable = true;
paths = {
nginx = {
path = "/var/log/nginx/*.log";
user = config.services.nginx.user;
group = config.services.nginx.group;
keep = 7;
extraConfig = ''
compress
'';
};
};
};
fail2ban.enable = true; fail2ban.enable = true;
fstrim.enable = true; fstrim.enable = true;
syncthing = {
enable = true;
dataDir = "/var/lib/syncthing";
openDefaultPorts = true;
};
nfs.server = { nfs.server = {
enable = true; enable = true;
exports = '' exports = ''
@ -114,32 +137,24 @@ in
"/var/lib/gitea" "/var/lib/gitea"
"/var/lib/grafana" "/var/lib/grafana"
"/var/lib/jackett" "/var/lib/jackett"
"/mnt/borgsnap/postgresql" "/var/lib/matrix-synapse"
"/var/lib/postgresql/.zfs/snapshot/borgsnap"
"/var/lib/radarr" "/var/lib/radarr"
"/var/lib/sonarr" "/var/lib/sonarr"
"/var/lib/transmission" "/var/lib/transmission"
"/var/lib/airsonic" "/mnt/medias/musique"
"/var/lib/hass" "/mnt/medias/torrent/lidarr"
"/var/lib/opendkim" "/mnt/medias/torrent/musique"
"/var/lib/slimserver"
"/var/lib/watcharr"
"/var/lib/nextcloud"
"/mnt/paul-home/paul" "/mnt/paul-home/paul"
"/var/sieve" "/var/sieve"
"/var/vmail" "/var/vmail"
"/mnt/backup_loutre/amandoleen"
"/mnt/secrets"
"/mnt/medias/musique/musiclibrary.blb"
]; ];
exclude = [ exclude = [
"/var/lib/radarr/.config/Radarr/radarr.db-wal" "/var/lib/radarr/.config/Radarr/radarr.db-wal"
"/var/lib/radarr/.config/Radarr/radarr.db-shm" "/var/lib/radarr/.config/Radarr/radarr.db-shm"
"/mnt/paul-home/paul/.cache"
]; ];
repo = "ssh://u306925@u306925.your-storagebox.de:23/./loutreos"; repo = "ssh://u306925@u306925.your-storagebox.de:23/./loutreos";
environment = { environment = { BORG_RSH = "ssh -i /mnt/secrets/hetzner_ssh_key"; };
BORG_RSH = "ssh -i /mnt/secrets/hetzner_ssh_key";
};
encryption = { encryption = {
mode = "repokey-blake2"; mode = "repokey-blake2";
passCommand = "cat /mnt/secrets/borgbackup_loutre_encryption_pass"; passCommand = "cat /mnt/secrets/borgbackup_loutre_encryption_pass";
@ -150,136 +165,106 @@ in
weekly = 4; weekly = 4;
monthly = 12; monthly = 12;
}; };
preHook = '' preHook = "${pkgs.zfs}/bin/zfs snapshot loutrepool/var/postgresql@borgsnap";
${pkgs.zfs}/bin/zfs snapshot loutrepool/var/postgresql@borgsnap
mkdir -p /mnt/borgsnap/postgresql
${config.security.wrapperDir}/mount -t zfs loutrepool/var/postgresql@borgsnap /mnt/borgsnap/postgresql
'';
readWritePaths = [ "/var/lib/postfix/queue/maildrop" ]; readWritePaths = [ "/var/lib/postfix/queue/maildrop" ];
postHook = '' postHook = ''
${config.security.wrapperDir}/umount /mnt/borgsnap/postgresql
${pkgs.zfs}/bin/zfs destroy loutrepool/var/postgresql@borgsnap ${pkgs.zfs}/bin/zfs destroy loutrepool/var/postgresql@borgsnap
if [[ $exitStatus == 0 ]]; then
${pkgs.rclone}/bin/rclone --config /mnt/secrets/rclone_loutre.conf sync -v $BORG_REPO BackupStorage:default
else
${backup_mail_alert}/bin/mail.sh
fi
''; '';
}; };
}; };
borgbackup.repos = { borgbackup.repos = {
diskstation = { diskstation = {
authorizedKeys = [ authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDllbxON66dBju7sMnhX8/E0VRo3+PDYvDsHP0/FK+h8JHol4+pouLmI7KIDKYOJmSuom283OqnyZOMqk+RShTwWIFm9hOd2R9aj45Zrd9jPW2APOCec/Epgogj0bwBnc0l2v6qxkxaBMgL5DnAQ+E00uvL1UQpK8c8j4GGiPlkWJD6Kf+pxmnfH1TIm+J2XCwl0oeCkSK/Frd8eM+wCraMSzoaGiEcfMz2jK8hxDWjDxX7epU0ELF22BVCuyN8cYRoFTnV88E38PlaqsOqD5ePkxk425gDh7j/C06f8QKgnasVH2diixo92kYSd7i/RmfeXDDwAD5xqUvODczEuIdt root@DiskStation" ];
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDllbxON66dBju7sMnhX8/E0VRo3+PDYvDsHP0/FK+h8JHol4+pouLmI7KIDKYOJmSuom283OqnyZOMqk+RShTwWIFm9hOd2R9aj45Zrd9jPW2APOCec/Epgogj0bwBnc0l2v6qxkxaBMgL5DnAQ+E00uvL1UQpK8c8j4GGiPlkWJD6Kf+pxmnfH1TIm+J2XCwl0oeCkSK/Frd8eM+wCraMSzoaGiEcfMz2jK8hxDWjDxX7epU0ELF22BVCuyN8cYRoFTnV88E38PlaqsOqD5ePkxk425gDh7j/C06f8QKgnasVH2diixo92kYSd7i/RmfeXDDwAD5xqUvODczEuIdt root@DiskStation"
];
path = "/mnt/backup_loutre/diskstation_borg"; path = "/mnt/backup_loutre/diskstation_borg";
user = "synology"; user = "synology";
}; };
minecraft-rezome = { minecraft-rezome = {
authorizedKeys = [ authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc1nGsSesW96k0DPMSt/chjvCrYmfgPgHG1hdUYB5x0pZPdOJaVRIlETWdoFlO+ViviC518B3TF7Qc3oJXPZMchJQl684Nukbc312juf+j9z/KT3dqD8YvKX6o5ynx1Dyq52ftrfkBAEAvzE0OfRljUPbwGBOM0dGRD4R1jbiHquTXpITlbgGTZymbwr4Jr9W9atgf5kHMiX7xOqMZcasDtUE8g+AG4ysHdpjOrBOUM9QeRbVP1bxEFP8xjqOOoET5tbkwektP4B2jaf+EHBPUy2lkwjVEKT6MaSlkJx/wMvUWp25kG9mrXgwUw1bgfOeZIsK6ztcki3l92BJQD9ip shame@minecraft.rezom.eu" ];
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc1nGsSesW96k0DPMSt/chjvCrYmfgPgHG1hdUYB5x0pZPdOJaVRIlETWdoFlO+ViviC518B3TF7Qc3oJXPZMchJQl684Nukbc312juf+j9z/KT3dqD8YvKX6o5ynx1Dyq52ftrfkBAEAvzE0OfRljUPbwGBOM0dGRD4R1jbiHquTXpITlbgGTZymbwr4Jr9W9atgf5kHMiX7xOqMZcasDtUE8g+AG4ysHdpjOrBOUM9QeRbVP1bxEFP8xjqOOoET5tbkwektP4B2jaf+EHBPUy2lkwjVEKT6MaSlkJx/wMvUWp25kG9mrXgwUw1bgfOeZIsK6ztcki3l92BJQD9ip shame@minecraft.rezom.eu"
];
path = "/mnt/backup_loutre/minecraft_rezome"; path = "/mnt/backup_loutre/minecraft_rezome";
user = "rezome"; user = "rezome";
}; };
}; };
sdtdserver.enable = false;
factorio = {
enable = false;
autosave-interval = 10;
game-name = "Shame";
public = true;
username = "nyanloutre";
};
minecraft-server = {
enable = false;
jvmOpts = "-Xms512m -Xmx3072m";
eula = true;
declarative = true;
openFirewall = true;
whitelist = {
nyanloutre = "db0669ea-e332-4ca3-8d50-f5d1458f5822";
Hautension = "f05677f4-be5a-47df-ad77-21c739180aa2";
LordDarkKiwi = "79290cfc-0b00-484f-9c94-ab0786402de6";
Madahin = "f5f747e3-fac2-43e8-9b9b-a67dc2f368ff";
Hopegcx = "4497f759-2210-48db-8764-307d33011442";
wyrd68 = "127a3021-cdc1-419f-9010-4651df9ae3af";
sparsyateloutre = "d2ff63c1-4e9f-4b21-9bfc-decce5d987b3";
};
serverProperties = {
difficulty = 2;
gamemode = 0;
max-players = 50;
motd = "Hi Mark !";
white-list = true;
};
};
kresd = { kresd = {
enable = true; enable = true;
}; };
mosquitto = {
enable = true;
listeners = [
{
acl = [ "pattern readwrite #" ];
omitPasswordAuth = true;
address = "127.0.0.1";
settings.allow_anonymous = true;
}
];
};
zigbee2mqtt = {
enable = true;
package = pkgs.zigbee2mqtt_2;
settings = {
homeassistant.enabled = config.services.home-assistant.enable;
serial = {
port = "/dev/serial/by-id/usb-Texas_Instruments_TI_CC2531_USB_CDC___0X00124B0014D97058-if00";
adapter = "zstack";
};
mqtt = {
server = "mqtt://${(head config.services.mosquitto.listeners).address}:${toString (head config.services.mosquitto.listeners).port}";
};
frontend = {
port = 8080;
host = "127.0.0.1";
url = "https://zigbee.nyanlout.re";
};
groups = {
"101" = {
friendly_name = "salon";
devices = [
"0x94deb8fffe760f3d"
];
};
"102" = {
friendly_name = "cuisine";
devices = [
"0x003c84fffe6d9ee6"
];
};
"103" = {
friendly_name = "entrée";
devices = [
"0x84ba20fffe5ec243"
];
};
"104" = {
friendly_name = "tout";
devices = [
"0x94deb8fffe760f3d"
"0x003c84fffe6d9ee6"
"0x84ba20fffe5ec243"
];
};
"107" = {
friendly_name = "chambre";
devices = [
"0x84ba20fffe5eb120"
];
};
};
};
};
home-assistant = { home-assistant = {
enable = true; enable = true;
extraComponents = [
# Components required to complete the onboarding
"met"
"radio_browser"
];
config = { config = {
default_config = { };
homeassistant = { homeassistant = {
country = "FR"; elevation = 143;
latitude = 48.60038;
longitude = 7.74063;
elevation = 146;
}; };
meteo_france = null; influxdb = null;
config = null;
dhcp = null;
frontend = null;
history = null;
http = { http = {
use_x_forwarded_for = true; use_x_forwarded_for = true;
trusted_proxies = [ "127.0.0.1" ]; trusted_proxies = [ "127.0.0.1" ];
}; };
mqtt = null; logbook = null;
map = null;
mobile_app = null;
person = null;
script = null;
sun = null;
system_health = null;
yeelight.devices = {
"10.40.249.0".name = "Chambre";
"10.40.249.1".name = "Bureau";
"10.40.249.2".name = "Cuisine";
};
zha = null;
esphome = null; esphome = null;
light = [ light = [
{ {
platform = "group"; platform = "group";
name = "Salon"; name = "Salon";
entities = [ entities = [
"light.salon_light" "light.bureau"
"light.cuisine_light" "light.cuisine"
"light.entree_light"
]; ];
} }
]; ];
@ -289,38 +274,317 @@ in
host = "10.30.0.1"; host = "10.30.0.1";
} }
]; ];
tplink.switch = [
{ host = "10.30.50.7"; }
];
sensor = [
{
platform = "template";
sensors = {
serveur_amps = {
friendly_name_template = "{{ states.switch.serveur.name}} Current";
value_template = ''{{ states.switch.serveur.attributes["current_a"] | float }}'';
unit_of_measurement = "A";
}; };
serveur_watts = {
friendly_name_template = "{{ states.switch.serveur.name}} Current Consumption";
value_template = ''{{ states.switch.serveur.attributes["current_power_w"] | float }}'';
unit_of_measurement = "W";
};
serveur_total_kwh = {
friendly_name_template = "{{ states.switch.serveur.name}} Total Consumption";
value_template = ''{{ states.switch.serveur.attributes["total_energy_kwh"] | float }}'';
unit_of_measurement = "kWh";
};
serveur_volts = {
friendly_name_template = "{{ states.switch.serveur.name}} Voltage";
value_template = ''{{ states.switch.serveur.attributes["voltage"] | float }}'';
unit_of_measurement = "V";
};
serveur_today_kwh = {
friendly_name_template = "{{ states.switch.serveur.name}} Today's Consumption";
value_template = ''{{ states.switch.serveur.attributes["today_energy_kwh"] | float }}'';
unit_of_measurement = "kWh";
};
};
}
];
switch = [
{
platform = "wake_on_lan";
name = "PC Fixe";
mac = "b4:2e:99:ed:24:26";
host = "10.30.135.71";
broadcast_address = "10.30.255.255";
}
];
device_tracker = [
{
platform = "ping";
hosts = { telephone_paul = "10.30.50.2"; };
}
];
scene = [
{
name = "Movie";
icon = "mdi:movie-open";
entities = {
"light.salon" = {
state = "on";
xy_color = [0.299 0.115];
brightness = 50;
};
"light.bande_led_tv" = {
state = "on";
effect = "Movie";
brightness = 180;
};
"light.bande_led_bureau" = {
state = "on";
xy_color = [0.299 0.115];
brightness = 130;
};
};
}
{
name = "Home";
icon = "mdi:home";
entities = {
"light.salon" = {
state = "on";
kelvin = 2700;
brightness = 255;
};
};
}
{
name = "Night";
icon = "mdi:weather-night";
entities = {
"light.salon" = {
state = "off";
};
"light.bande_led_tv" = {
state = "off";
};
"light.bande_led_bureau" = {
state = "off";
};
"light.chambre" = {
state = "on";
kelvin = 1900;
brightness = 50;
};
};
}
];
automation = let
min_sun_elevation = 4;
switch_chambre = {
domain = "zha";
platform = "device";
device_id = "3329ecdcad244e5e8fc0f4b96d52ffe1";
}; };
photoprism = { switch_entree = {
enable = true; domain = "zha";
originalsPath = "/mnt/backup_loutre/amandoleen/d/Users/Amand/Pictures"; platform = "device";
passwordFile = "/mnt/secrets/photoprism_pass"; device_id = "7cd814190ec543dba76a7aa7e7996c41";
settings = {
PHOTOPRISM_READONLY = "1";
PHOTOPRISM_DETECT_NSFW = "1";
PHOTOPRISM_SITE_URL = "https://photo.nyanlout.re/";
};
};
}; };
systemd = { remote = {
timers."lg-devmode-reset" = { domain = "zha";
wantedBy = [ "timers.target" ]; platform = "device";
timerConfig = { device_id = "d1230b76264e483388a8fdaad4f44143";
OnBootSec = "5m";
OnUnitActiveSec = "1w";
}; };
in [
# ENTREE
{
alias = "Aziz lumière";
trigger = [
{
platform = "numeric_state";
entity_id = "sun.sun";
value_template = "{{ state.attributes.elevation }}";
below = min_sun_elevation;
}
];
condition = [
{
condition = "state";
entity_id = "person.paul";
state = "home";
}
# Sun below max elevation
{
condition = "template";
value_template = "{{ state_attr('sun.sun', 'elevation') < ${toString min_sun_elevation} }}";
}
];
action = {
scene = "scene.home";
}; };
services = { }
"borgbackup-job-loutre".serviceConfig.TemporaryFileSystem = [ "/mnt/borgsnap" ]; {
"lg-devmode-reset" = { alias = "Aziz lumière switch";
script = '' trigger = {
${pkgs.curl}/bin/curl https://developer.lge.com/secure/ResetDevModeSession.dev\?sessionToken\=9f94269da0dc14fd924b65d8dca28b076f931ad1ca04fe7a09ac78cdb0e22cb4 type = "remote_button_short_press";
subtype = "turn_on";
} // switch_entree;
action = {
scene = "scene.home";
};
}
{
alias = "Adios";
trigger = [
{
platform = "state";
entity_id = "person.paul";
to = "not_home";
}
({
type = "remote_button_short_press";
subtype = "turn_off";
} // switch_entree)
];
action = [
{
service = "light.turn_off";
entity_id = "all";
}
{
service = "media_player.turn_off";
entity_id = "all";
}
];
}
# REMOTE
{
alias = "Button toggle";
trigger = {
type = "remote_button_short_press";
subtype = "turn_on";
} // remote;
action = {
choose = {
conditions = {
condition = "template";
value_template = ''
{% set domain = 'light' %}
{% set state = 'off' %}
{{ states[domain] | count == states[domain] | selectattr('state','eq',state) | list | count }}
''; '';
serviceConfig = {
Type = "oneshot";
}; };
sequence = {
scene = "scene.home";
};
};
default = {
service = "light.turn_off";
entity_id = "all";
};
};
}
{
alias = "Button scene movie";
trigger = {
type = "remote_button_short_press";
subtype = "right";
} // remote;
action = {
scene = "scene.movie";
};
}
{
alias = "Button scene home";
trigger = {
type = "remote_button_short_press";
subtype = "left";
} // remote;
action = {
scene = "scene.home";
};
}
{
alias = "Button light up";
trigger = {
type = "remote_button_short_press";
subtype = "dim_up";
} // remote;
action = {
service = "light.turn_on";
entity_id = "light.salon";
data = {
brightness_step = 25;
};
};
}
{
alias = "Button light down";
trigger = {
type = "remote_button_short_press";
subtype = "dim_down";
} // remote;
action = {
service = "light.turn_on";
entity_id = "light.salon";
data = {
brightness_step = -25;
};
};
}
# CHAMBRE
{
alias = "Button scene night";
trigger = {
type = "remote_button_short_press";
subtype = "turn_on";
} // switch_chambre;
action = {
scene = "scene.night";
};
}
{
alias = "Button scene dodo";
trigger = {
type = "remote_button_short_press";
subtype = "turn_off";
} // switch_chambre;
action = {
service = "light.turn_off";
entity_id = "all";
};
}
{
alias = "Button scene lumière chambre ON";
trigger = {
type = "remote_button_long_press";
subtype = "dim_up";
} // switch_chambre;
action = {
service = "light.turn_on";
entity_id = "light.chambre";
};
}
{
alias = "Button scene lumière chambre OFF";
trigger = {
type = "remote_button_long_press";
subtype = "dim_down";
} // switch_chambre;
action = {
service = "light.turn_off";
entity_id = "light.chambre";
};
}
];
}; };
}; };
}; };
@ -329,27 +593,86 @@ in
ipmihddtemp.enable = true; ipmihddtemp.enable = true;
# systemd.services.minecraft-overviewer =
# let
# clientJar = pkgs.fetchurl {
# url = "https://overviewer.org/textures/1.14";
# sha256 = "0fij9wac7vj6h0kd3mfhqpn0w9gl8pbs9vs9s085zajm0szpr44k";
# name = "client.jar";
# };
# configFile = pkgs.runCommand "overviewer-config" { CLIENT_JAR = clientJar; } ''
# substitute ${./config-overviewer.py} $out \
# --subst-var CLIENT_JAR
# '';
# in
# {
# script = ''
# ${pkgs.minecraft-overviewer}/bin/overviewer.py --config ${configFile}
# ${pkgs.minecraft-overviewer}/bin/overviewer.py --config ${configFile} --genpoi
# rm /var/www/minecraft-overviewer/progress.json
# '';
# serviceConfig = {
# User = "nginx";
# Group = "nginx";
# };
# };
# systemd.timers.minecraft-overviewer = {
# wantedBy = [ "multi-user.target" ];
# timerConfig = {
# OnCalendar = "*-*-* 04:00:00";
# };
# };
# systemd.packages = with pkgs; [
# tgt
# ];
# environment.etc."tgt/targets.conf".text = ''
# <target iqn.2019-11.nyanlout.re:steam>
# backing-store /dev/zvol/loutrepool/steam-lun
# initiator-address 10.30.50.3
# </target>
# '';
users.groups.nginx.members = [ "matrix-synapse" ]; users.groups.nginx.members = [ "matrix-synapse" ];
security.pam.services.sshd.text = pkgs.lib.mkDefault ( security.pam.services.sshd.text = pkgs.lib.mkDefault( pkgs.lib.mkAfter "session optional ${pkgs.pam}/lib/security/pam_exec.so seteuid ${login_mail_alert}/bin/mail_alert.sh" );
pkgs.lib.mkAfter "session optional ${pkgs.pam}/lib/security/pam_exec.so seteuid ${login_mail_alert}/bin/mail_alert.sh"
);
networking = { networking = {
wireguard.interfaces = {
wg0 = {
ips = [ "192.168.20.1/24" ];
privateKeyFile = "/mnt/secrets/wireguard/wg0.privatekey";
listenPort = 51820;
allowedIPsAsRoutes = true;
peers = [
{
allowedIPs = [ "192.168.20.2/32" ];
publicKey = "b/SXiqo+GPdNOc54lyEVeUBc6B5AbVMKh+g5EZPGzlE=";
}
];
};
};
nat.internalInterfaces = [ "wg0" ];
nat.internalIPs = [ "192.168.20.0/24" ];
firewall.interfaces.eno2.allowedTCPPorts = [ firewall.interfaces.eno2.allowedTCPPorts = [
3260 3260
]; ];
firewall.allowedTCPPorts = [ firewall.allowedTCPPorts = [
20 8448 # Matrix federation
21 # FTP 20 21 # FTP
]; ];
firewall.allowedTCPPortRanges = [ firewall.allowedTCPPortRanges = [
{ { from = 64000; to = 65535; } # FTP
from = 64000; ];
to = 65535;
} # FTP firewall.allowedUDPPorts = [
config.networking.wireguard.interfaces.wg0.listenPort
]; ];
}; };
} }

22
systems/LoutreOS/users.nix
View file

@ -1,9 +1,4 @@
{ { lib, config, pkgs, ... }:
lib,
config,
pkgs,
...
}:
{ {
users.users = { users.users = {
@ -11,12 +6,7 @@
uid = 1000; uid = 1000;
isNormalUser = true; isNormalUser = true;
description = "Paul TREHIOU"; description = "Paul TREHIOU";
extraGroups = [ extraGroups = [ "wheel" "medias" "transmission" ];
"wheel"
"medias"
"transmission"
"podman"
];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAF7VlzHzgg70uFbRFtVTS34qNBke/RD36mRENAsa33RxztxrqMsIDscAD/d6CTe6HDy7MCGzJnWCJSXj5iOQFM4RRMvKNEgCKPHqfhmfVvO4YZuMjNB0ufVf6zhJL4Hy43STf7NIWrenGemUP+OvVSwN/ujgl2KKw4KJZt25/h/7JjlCgsZm4lWg4xcjoiKL701W2fbEoU73XKdbRTgTvKoeK1CGxdAPFefFDFcv/mtJ7d+wIxw9xODcLcA66Bu94WGMdpyEAJc4nF8IOy4pW8AzllDi0qNEZGCQ5+94upnLz0knG1ue9qU2ScAkW1/5rIJTHCVtBnmbLNSAOBAstaGQJuSL40TWZ1oPA5i1qUEhunNcJ+Sgtp6XP69qY34T/AeJvHRyw5M5LfN0g+4ka9k06NPBhbpHFASz4M8nabQ0iM63++xcapnw/8gk+EPhYVKW86SsyTa9ur+tt6oDWEKNaOhgscX44LexY7jKdeBRt3GaObtBJtVLBRx3Z2aRXgjgnKGqS40mGRiSkqb2DShspI1l8DV2RrPiuwdBzXVQjWRc0KXmJrcgXX9uoPSxihxwaUQyvmITOV1Y+NEuek4gRkVNOxjoG7RGnaYvYzxEQVoI5TwZC2/DCrAUgCv8DQawkcpEiWnBq7Q5VnpmFx5juVQ/I0G8byOkPXgRUOk9 openpgp:0xAB524BBC" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAF7VlzHzgg70uFbRFtVTS34qNBke/RD36mRENAsa33RxztxrqMsIDscAD/d6CTe6HDy7MCGzJnWCJSXj5iOQFM4RRMvKNEgCKPHqfhmfVvO4YZuMjNB0ufVf6zhJL4Hy43STf7NIWrenGemUP+OvVSwN/ujgl2KKw4KJZt25/h/7JjlCgsZm4lWg4xcjoiKL701W2fbEoU73XKdbRTgTvKoeK1CGxdAPFefFDFcv/mtJ7d+wIxw9xODcLcA66Bu94WGMdpyEAJc4nF8IOy4pW8AzllDi0qNEZGCQ5+94upnLz0knG1ue9qU2ScAkW1/5rIJTHCVtBnmbLNSAOBAstaGQJuSL40TWZ1oPA5i1qUEhunNcJ+Sgtp6XP69qY34T/AeJvHRyw5M5LfN0g+4ka9k06NPBhbpHFASz4M8nabQ0iM63++xcapnw/8gk+EPhYVKW86SsyTa9ur+tt6oDWEKNaOhgscX44LexY7jKdeBRt3GaObtBJtVLBRx3Z2aRXgjgnKGqS40mGRiSkqb2DShspI1l8DV2RrPiuwdBzXVQjWRc0KXmJrcgXX9uoPSxihxwaUQyvmITOV1Y+NEuek4gRkVNOxjoG7RGnaYvYzxEQVoI5TwZC2/DCrAUgCv8DQawkcpEiWnBq7Q5VnpmFx5juVQ/I0G8byOkPXgRUOk9 openpgp:0xAB524BBC"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCACVI2dL4AmOdcb7RSl3JZpfK33NhqrYFfWfXMYow5SPJ9VPteOp5kVvKUuSbGH3chjpttYC/ueQJJhFagiKmkeftQTslIw6C009wUExGpJwRotHqISXv2ctURGURKy2FF848whd7xZJzdj49ZJ6S+SCbRFZvVWfT2dP/JwTiWW1mbEaWKyOgrixH6wSKt9ECumjX9KjqSWGw+k3yLJxIhdqiZAjNv4soJs1mQYdIlFCXCuznzoZIQBexZPQCx0j9HjczPz1feMLWkrHzEMexNjsBE2uA6yXLbH1wa8xCJ4VOeD7u9JqVY579AsicD62G+qIgw0B2zmyz7xTrdPv+061zmYn6qYr8EXGTk4dVgedZp8M1XzZ1PVoeeftPFcClXC7zCGyCR2uzJbQLzlaTwZrdghAiS9UhMRuKpNgZy2zDWw4MqdojrF5bndPkoijlXWYrPYBFED5OU1mpwzpanYgldowJC/Ixjwi+Hmse2q4XgZ+egfuotBqPfqB+bWsCa5GNiJWGdLP69uBSsXubGnqLwvE0FAQ2GHb+SEoZKFy/QV9GzOLlVrGlgK5YFgKJD+Q1nn1QRycXt1oMVC/AtR/NshOGanhdvIRpPATGmaxLVXSY093vyAOW4MPrS00fPAXzAfJUwIuWcloFfLMo5Jitj5rpE1s6FX8xrl4upQ== paul@nyanlout.re" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCACVI2dL4AmOdcb7RSl3JZpfK33NhqrYFfWfXMYow5SPJ9VPteOp5kVvKUuSbGH3chjpttYC/ueQJJhFagiKmkeftQTslIw6C009wUExGpJwRotHqISXv2ctURGURKy2FF848whd7xZJzdj49ZJ6S+SCbRFZvVWfT2dP/JwTiWW1mbEaWKyOgrixH6wSKt9ECumjX9KjqSWGw+k3yLJxIhdqiZAjNv4soJs1mQYdIlFCXCuznzoZIQBexZPQCx0j9HjczPz1feMLWkrHzEMexNjsBE2uA6yXLbH1wa8xCJ4VOeD7u9JqVY579AsicD62G+qIgw0B2zmyz7xTrdPv+061zmYn6qYr8EXGTk4dVgedZp8M1XzZ1PVoeeftPFcClXC7zCGyCR2uzJbQLzlaTwZrdghAiS9UhMRuKpNgZy2zDWw4MqdojrF5bndPkoijlXWYrPYBFED5OU1mpwzpanYgldowJC/Ixjwi+Hmse2q4XgZ+egfuotBqPfqB+bWsCa5GNiJWGdLP69uBSsXubGnqLwvE0FAQ2GHb+SEoZKFy/QV9GzOLlVrGlgK5YFgKJD+Q1nn1QRycXt1oMVC/AtR/NshOGanhdvIRpPATGmaxLVXSY093vyAOW4MPrS00fPAXzAfJUwIuWcloFfLMo5Jitj5rpE1s6FX8xrl4upQ== paul@nyanlout.re"
@ -66,12 +56,6 @@
users.extraGroups.medias = { users.extraGroups.medias = {
gid = 498; gid = 498;
members = [ members = [ "slimserver" "radarr" "sonarr" "jellyfin" "transmission" ];
"slimserver"
"radarr"
"sonarr"
"jellyfin"
"transmission"
];
}; };
} }

279
systems/LoutreOS/web.nix
View file

@ -1,9 +1,4 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
with lib; with lib;
@ -20,7 +15,7 @@ let
internal; internal;
# Access /auth endpoint to query login state # Access /auth endpoint to query login state
proxy_pass http://127.0.0.1:${toString (config.services.nginx.sso.configuration.listen.port)}/auth; proxy_pass http://127.0.0.1:${toString(config.services.nginx.sso.configuration.listen.port)}/auth;
# Do not forward the request body (nginx-sso does not care about it) # Do not forward the request body (nginx-sso does not care about it)
proxy_pass_request_body off; proxy_pass_request_body off;
@ -49,18 +44,19 @@ let
in in
{ {
security.acme = { security.acme = {
defaults = {
email = "paul@nyanlout.re"; email = "paul@nyanlout.re";
# Use european ACME service
server = "https://api.buypass.com/acme/directory";
};
acceptTerms = true; acceptTerms = true;
}; };
users.groups = { users.groups = {
webdav = { }; work = {};
webdav = {};
}; };
users.users = { users.users = {
work = {
isSystemUser = true;
group = config.users.groups.work.name;
};
webdav = { webdav = {
isSystemUser = true; isSystemUser = true;
group = config.users.groups.webdav.name; group = config.users.groups.webdav.name;
@ -69,6 +65,19 @@ in
services = { services = {
phpfpm.pools = { phpfpm.pools = {
work = {
user = config.users.users.work.name;
phpPackage = pkgs.php.withExtensions ({ all, ... }: with all; [ redis filter ]);
settings = {
"listen.owner" = config.services.nginx.user;
"pm" = "dynamic";
"pm.max_children" = 75;
"pm.start_servers" = 10;
"pm.min_spare_servers" = 5;
"pm.max_spare_servers" = 20;
"pm.max_requests" = 500;
};
};
drive = { drive = {
user = config.users.users.webdav.name; user = config.users.users.webdav.name;
settings = { settings = {
@ -88,10 +97,7 @@ in
nginx = { nginx = {
enable = true; enable = true;
package = pkgs.nginx.override { package = pkgs.nginx.override {
modules = with pkgs.nginxModules; [ modules = with pkgs.nginxModules; [ dav moreheaders ];
dav
moreheaders
];
}; };
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
@ -123,12 +129,7 @@ in
}; };
audit_log = { audit_log = {
targets = [ "fd://stdout" ]; targets = [ "fd://stdout" ];
events = [ events = [ "access_denied" "login_success" "login_failure" "logout" ];
"access_denied"
"login_success"
"login_failure"
"logout"
];
}; };
providers.simple = { providers.simple = {
enable_basic_auth = true; enable_basic_auth = true;
@ -142,20 +143,14 @@ in
acl = { acl = {
rule_sets = [ rule_sets = [
{ {
rules = [ rules = [ { field = "x-host"; regexp = ".*"; } ];
{
field = "x-host";
regexp = ".*";
}
];
allow = [ "@admins" ]; allow = [ "@admins" ];
} }
]; ];
}; };
}; };
}; };
virtualHosts = virtualHosts = let
let
base = locations: { base = locations: {
locations = locations // { locations = locations // {
"@maintenance" = { "@maintenance" = {
@ -171,23 +166,17 @@ in
error_page 500 502 503 504 = @maintenance; error_page 500 502 503 504 = @maintenance;
''; '';
}; };
simpleReverse = simpleReverse = rport: base {
rport:
base {
"/" = { "/" = {
proxyPass = "http://127.0.0.1:${toString (rport)}/"; proxyPass = "http://127.0.0.1:${toString(rport)}/";
}; };
}; };
authReverse = authReverse = rport: zipAttrsWith (name: vs: if name == "extraConfig" then (concatStrings vs) else elemAt vs 0) [
rport:
zipAttrsWith (name: vs: if name == "extraConfig" then (concatStrings vs) else elemAt vs 0) [
(base { (base {
"/" = { "/" = {
proxyPass = "http://127.0.0.1:${toString (rport)}/"; proxyPass = "http://127.0.0.1:${toString(rport)}/";
extraConfig = '' extraConfig = ''
auth_request_set $cookie $upstream_http_set_cookie; auth_request_set $cookie $upstream_http_set_cookie;
auth_request_set $username $upstream_http_x_username;
proxy_set_header X-WEBAUTH-USER $username;
add_header Set-Cookie $cookie; add_header Set-Cookie $cookie;
''; '';
}; };
@ -198,10 +187,8 @@ in
''; '';
} }
]; ];
in in {
{ "nyanlout.re" = base {
"nyanlout.re" =
base {
"/" = { "/" = {
alias = "/var/www/site-perso/"; alias = "/var/www/site-perso/";
}; };
@ -214,10 +201,10 @@ in
add_header Access-Control-Allow-Origin * always; add_header Access-Control-Allow-Origin * always;
''; '';
}; };
} } // { default = true; };
// { "riot.nyanlout.re" = base { "/" = { root = pkgs.element-web; }; };
default = true; "factorio.nyanlout.re" = base { "/" = { root = "/var/www/factorio"; }; };
}; "minecraft.nyanlout.re" = base { "/" = { root = "/var/www/minecraft-overviewer"; }; };
"musique-meyenheim.fr" = base { "musique-meyenheim.fr" = base {
"/" = { "/" = {
proxyPass = "http://unix:/run/site-musique.sock"; proxyPass = "http://unix:/run/site-musique.sock";
@ -229,67 +216,70 @@ in
alias = "/var/www/site-musique/media/"; alias = "/var/www/site-musique/media/";
}; };
}; };
"www.musique-meyenheim.fr" = { "maxspiegel.fr" = base { "/" = { root = "/run/python-ci/nyanloutre/site-max"; }; };
enableACME = true; "stream.nyanlout.re" = base {
forceSSL = true; "/" = {
globalRedirect = "musique-meyenheim.fr"; proxyPass = "http://10.30.135.71";
};
}; };
"login.nyanlout.re" = simpleReverse config.services.nginx.sso.configuration.listen.port; "login.nyanlout.re" = simpleReverse config.services.nginx.sso.configuration.listen.port;
"grafana.nyanlout.re" = authReverse config.services.grafana.settings.server.http_port; "grafana.nyanlout.re" = authReverse config.services.grafana.port;
"transmission.nyanlout.re" = authReverse config.services.transmission.settings.rpc-port; "transmission.nyanlout.re" = authReverse config.services.transmission.settings.rpc-port;
"radarr.nyanlout.re" = authReverse 7878; "radarr.nyanlout.re" = authReverse 7878;
"sonarr.nyanlout.re" = authReverse 8989; "sonarr.nyanlout.re" = authReverse 8989;
"syncthing.nyanlout.re" = authReverse 8384; "syncthing.nyanlout.re" = authReverse 8384;
"prowlarr.nyanlout.re" = authReverse 9696; "jackett.nyanlout.re" = authReverse 9117;
"watcharr.nyanlout.re" = simpleReverse 3080; "matrix.nyanlout.re" = simpleReverse 8008;
"emby.nyanlout.re" = recursiveUpdate (simpleReverse 8096) { "emby.nyanlout.re" = recursiveUpdate (simpleReverse 8096) {
locations."/" = { locations."/" = {
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
"gitea.nyanlout.re" = simpleReverse config.services.forgejo.settings.server.HTTP_PORT; "ci.nyanlout.re" = simpleReverse 52350;
"photo.nyanlout.re" = recursiveUpdate (simpleReverse config.services.photoprism.port) { "gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort;
"musique.nyanlout.re" = simpleReverse config.services.navidrome.settings.Port;
"apart.nyanlout.re" = recursiveUpdate (simpleReverse config.services.home-assistant.config.http.server_port) {
locations."/" = { locations."/" = {
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
"zigbee.nyanlout.re" = # "work.rezom.eu" = base {
recursiveUpdate (authReverse config.services.zigbee2mqtt.settings.frontend.port) # "/" = {
{ # index = "/_h5ai/public/index.php";
locations."/" = { # extraConfig = ''
proxyWebsockets = true; # dav_ext_methods PROPFIND OPTIONS;
}; # '';
}; # };
"apart.nyanlout.re" = # "~ ^/(_h5ai/public/index|random).php" = {
recursiveUpdate (simpleReverse config.services.home-assistant.config.http.server_port) # extraConfig = ''
{ # fastcgi_split_path_info ^(.+\.php)(/.+)$;
locations."/" = { # fastcgi_pass unix:${config.services.phpfpm.pools.work.socket};
proxyWebsockets = true; # include ${pkgs.nginx}/conf/fastcgi_params;
}; # include ${pkgs.nginx}/conf/fastcgi.conf;
}; # '';
"drive.nyanlout.re" = # };
base { # } // {
# root = "/mnt/medias/iso_linux";
# extraConfig = ''
# access_log /var/log/nginx/$host.log;
# '';
# };
"drive.nyanlout.re" = base {
"/" = { "/" = {
index = "/index.php";
extraConfig = '' extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools.drive.socket}; fastcgi_pass unix:${config.services.phpfpm.pools.drive.socket};
include ${pkgs.nginx}/conf/fastcgi_params; include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf; include ${pkgs.nginx}/conf/fastcgi.conf;
fastcgi_param SCRIPT_FILENAME $document_root/index.php;
fastcgi_intercept_errors on;
fastcgi_buffers 64 4K;
client_body_temp_path /mnt/webdav/tmp_upload;
client_max_body_size 0; client_max_body_size 0;
proxy_request_buffering off;
''; '';
}; };
} } // {
// {
root = "/mnt/webdav"; root = "/mnt/webdav";
}; };
"rspamd.nyanlout.re" = "rspamd.nyanlout.re" = zipAttrsWith (name: vs: if name == "extraConfig" then (concatStrings vs) else elemAt vs 0) [
zipAttrsWith (name: vs: if name == "extraConfig" then (concatStrings vs) else elemAt vs 0)
[
(base { (base {
"/" = { "/" = {
proxyPass = "http://unix:/run/rspamd/worker-controller.sock"; proxyPass = "http://unix:/run/rspamd/worker-controller.sock";
@ -305,106 +295,35 @@ in
''; '';
} }
]; ];
"designyourfuture.amandoline-creations.fr" = base {
"/".alias = "/var/www/amandoline-designyourfuture/";
};
"amandoline-creations.fr" = base {
"/".alias = "/var/www/amandoline-portfolio/";
};
"www.amandoline-creations.fr" = {
enableACME = true;
forceSSL = true;
globalRedirect = "amandoline-creations.fr";
};
"challenge.amandoline-creations.fr" = base {
"/".alias = "/var/www/amandoline-challenge/";
};
${config.services.nextcloud.hostName} = {
forceSSL = true;
enableACME = true;
};
}; };
}; };
postgresql = { postgresql = {
enable = true; enable = true;
package = pkgs.postgresql_14;
settings = { settings = {
full_page_writes = false; full_page_writes = false;
}; };
}; };
forgejo = { gitea = {
enable = true; enable = true;
package = pkgs.forgejo; cookieSecure = true;
user = "gitea"; httpPort = 3001;
group = "gitea"; rootUrl = "https://gitea.nyanlout.re/";
stateDir = "/var/lib/gitea";
database = { database = {
type = "postgres"; type = "postgres";
user = "gitea"; port = 5432;
passwordFile = "/var/lib/gitea/custom/conf/database_password"; passwordFile = "/var/lib/gitea/custom/conf/database_password";
name = "gitea";
}; };
log.level = "Warn";
disableRegistration = true;
settings = { settings = {
server = rec { ui.DEFAULT_THEME = "arc-green";
HTTP_PORT = 3001;
DOMAIN = "gitea.nyanlout.re";
ROOT_URL = "https://${DOMAIN}/";
};
log.LEVEL = "Warn";
service.DISABLE_REGISTRATION = true;
session.COOKIE_SECURE = true;
}; };
}; };
nextcloud = { python-ci.enable = true;
enable = true;
package = pkgs.nextcloud31;
hostName = "cloud.nyanlout.re";
database.createLocally = true;
https = true;
maxUploadSize = "16G";
config = {
dbtype = "pgsql";
adminpassFile = "$CREDENTIALS_DIRECTORY/nextcloud_admin.pass";
}; };
settings = {
"preview_max_filesize_image" = "-1";
"preview_max_memory" = "1024";
"preview_ffmpeg_path" = "${pkgs.ffmpeg}/bin/ffmpeg";
"enabledPreviewProviders" = [
''OC\Preview\BMP''
''OC\Preview\GIF''
''OC\Preview\JPEG''
''OC\Preview\Krita''
''OC\Preview\MarkDown''
''OC\Preview\MP3''
''OC\Preview\OpenDocument''
''OC\Preview\PNG''
''OC\Preview\TXT''
''OC\Preview\XBitmap''
''OC\Preview\Movie''
];
"default_phone_region" = "FR";
"maintenance_window_start" = "23"; # Start maintenance operations after 23:00 UTC (01:00 CEST)
};
autoUpdateApps.enable = true;
phpOptions = {
"opcache.interned_strings_buffer" = "23";
};
};
};
users.users.gitea = {
home = config.services.forgejo.stateDir;
useDefaultShell = true;
group = "gitea";
isSystemUser = true;
};
users.groups.gitea = { };
systemd.services.nginx.serviceConfig = { systemd.services.nginx.serviceConfig = {
ReadWritePaths = [ ReadWritePaths = [
@ -413,30 +332,16 @@ in
]; ];
}; };
systemd.services.phpfpm-drive.serviceConfig = { systemd.services.phpfpm-work.serviceConfig = {
ReadOnlyPaths = "/mnt/medias/iso_linux";
ReadWritePaths = [ ReadWritePaths = [
"/mnt/webdav" "/mnt/medias/iso_linux/_h5ai"
]; ];
}; };
systemd.services.nextcloud-setup.serviceConfig = { systemd.services.site-musique = let
LoadCredential = "nextcloud_admin.pass:/mnt/secrets/nextcloud_admin.pass"; djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_3 pillow setuptools ]));
}; in {
systemd.services.site-musique =
let
djangoEnv = (
pkgs.python3.withPackages (
ps: with ps; [
gunicorn
django_4
pillow
setuptools
]
)
);
in
{
description = "Site Django de la musique de Meyenheim"; description = "Site Django de la musique de Meyenheim";
after = [ "network.target" ]; after = [ "network.target" ];
requires = [ "site-musique.socket" ]; requires = [ "site-musique.socket" ];
@ -453,13 +358,9 @@ in
Group = "nginx"; Group = "nginx";
StateDirectory = "site-musique"; StateDirectory = "site-musique";
WorkingDirectory = "/var/www/site-musique/"; WorkingDirectory = "/var/www/site-musique/";
ReadWritePaths = [ ReadWritePaths = [ "/var/www/site-musique/staticfiles" "/var/www/site-musique/media" ];
"/var/www/site-musique/staticfiles"
"/var/www/site-musique/media"
];
EnvironmentFile = "/mnt/secrets/site-musique.env"; EnvironmentFile = "/mnt/secrets/site-musique.env";
ExecStart = '' ExecStart = ''${djangoEnv}/bin/gunicorn \
${djangoEnv}/bin/gunicorn \
--access-logfile - \ --access-logfile - \
--bind unix:/run/site-musique.sock \ --bind unix:/run/site-musique.sock \
site_musique.wsgi:application site_musique.wsgi:application

229
systems/PC-Fixe/configuration.nix
View file

@ -5,16 +5,14 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = [ imports =
[
./hardware-configuration.nix ./hardware-configuration.nix
../common-cli.nix ../common-cli.nix
../common-gui.nix ../common-gui.nix
]; ];
nix.settings.trusted-users = [ nix.trustedUsers = [ "root" "paul" ];
"root"
"paul"
];
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub = { boot.loader.grub = {
@ -28,23 +26,21 @@
"acpi_enforce_resources=lax" "acpi_enforce_resources=lax"
"zfs.zfs_arc_max=2147483648" "zfs.zfs_arc_max=2147483648"
]; ];
boot.tmp.useTmpfs = false; boot.tmpOnTmpfs = false;
boot.supportedFilesystems = [ "zfs" ]; boot.supportedFilesystems = [ "zfs" ];
boot.extraModprobeConfig = ''
options hid_apple fnmode=2
'';
zramSwap.enable = true;
virtualisation.virtualbox.host.enable = true;
# virtualisation.virtualbox.host.enableExtensionPack = true;
# virtualisation.anbox.enable = true;
virtualisation.podman.enable = true; virtualisation.podman.enable = true;
services.zfs = { services.zfs = {
trim = { trim = {
enable = false; enable = true;
interval = "monthly"; interval = "monthly";
}; };
autoScrub = { autoScrub = {
enable = false; enable = true;
interval = "monthly"; interval = "monthly";
}; };
autoSnapshot = { autoSnapshot = {
@ -64,7 +60,22 @@
hardware.bluetooth.enable = true; hardware.bluetooth.enable = true;
# Logitech G920 # Logitech G920
hardware.usb-modeswitch.enable = true; hardware.usbWwan.enable = true;
# hardware.pulseaudio.extraConfig = ''
# load-module module-null-sink sink_name=mic_denoised_out rate=48000
# load-module module-ladspa-sink sink_name=mic_raw_in sink_master=mic_denoised_out label=noise_suppressor_mono plugin=${pkgs.rnnoise-plugin}/lib/ladspa/librnnoise_ladspa.so control=50
# load-module module-loopback source=alsa_input.pci-0000_09_00.4.analog-stereo sink=mic_raw_in channels=1 source_dont_move=true sink_dont_move=true
# load-module module-echo-cancel source_name=hd_mic source_master=mic_denoised_out.monitor sink_master=alsa_output.pci-0000_09_00.4.analog-stereo
# set-default-source hd_mic
# '';
# hardware.pulseaudio.configFile = pkgs.runCommand "default.pa" {} ''
# sed '/module-switch-on-port-available$/d' \
# ${pkgs.pulseaudio}/etc/pulse/default.pa > $out
# '';
services.udev.packages = with pkgs; [ services.udev.packages = with pkgs; [
usb-modeswitch-data # Logitech G920 usb-modeswitch-data # Logitech G920
@ -74,41 +85,32 @@
ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE="0664", GROUP="dialout" ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE="0664", GROUP="dialout"
''; '';
security.pki.certificateFiles = [ ./codemasters.pem ];
networking.hostName = "paul-fixe"; networking.hostName = "paul-fixe";
networking.hostId = "3a1f739e"; networking.hostId = "3a1f739e";
networking.hosts = { networking.hosts = {
"10.30.0.1" = [ "10.30.0.1" = ["emby.nyanlout.re" "nyanlout.re"];
"emby.nyanlout.re"
"nyanlout.re"
];
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
usb-modeswitch usb-modeswitch
esphome
]; ];
programs = { programs.wireshark.enable = true;
wireshark.enable = true; programs.wireshark.package = pkgs.wireshark;
alvr.enable = true;
};
networking.firewall.enable = false; networking.firewall.enable = false;
services.displayManager.autoLogin.user = "paul"; services.xserver.displayManager.autoLogin = {
enable = true;
user = "paul";
};
users.users.paul = { users.users.paul = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ extraGroups = [ "wheel" "networkmanager" "wireshark" "input" "dialout" "libvirtd" "vboxusers" ];
"wheel"
"networkmanager"
"wireshark"
"input"
"dialout"
"libvirtd"
"vboxusers"
];
uid = 1000; uid = 1000;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDstFRwMoTEip5IBSYE4dUj3miO0LsKrnUKQJmp7d5QYo3VhXk43jU6VUU0tVAegkzWLlQ3ohoFns+8bZyf7hj7roftrDfoC9bbbx4ihhWrZTlF0gzoH4t52yetFO5eC/tV2sm/zFoa+3IWLokOEFmAoknAVag1MmVLXTQ6WPoTPD4UsX/D3lyE4dbSKxHpMOIjqIdqSEgO0BeTdnHe5afvGXXO1VYTvPsGDHT9w8EHwQV9JXIPn7KVOp3qin7OwvFFrrB3QbiEVTJvGiH2hrfxcARTN/+TxGtf+aOFeuQykURG9Wz/aBK60EWE0wGrzuIymxtNdOR1NhmnNrUZ976Tb9WdR7FC+yM6+/kdfICy+sGQmmn8TLsGvcJTT/pl4Pa9uRAKjRJuLIEgYY6W/ms9lCRyf484yRkDlq+V0BPuN9Jy6Eb7x+tmZNkpEtkqso7wfXD8sf5BIwv2K69SVMpfTswydHGmDwHZ0zaDKGlyCiyJ1QGqUhCTXqtYVq+kQ3AcjKcysMwVEmwx/ySu0XFuV8oUkl9XK/RUoc++sMEd0EbHcn8uwCmBARNX+GLQ03vxwyMW3HyneP8EAxoqtSepZXbTdVP/0i+l7EUUeA7zsaWfU2a82ktZWpVPFGfxkuo0l3zLF19EsXPKZNqlRfkOWjSgp+qWihAkQIQk3GoduQ== openpgp:0x75EE3375" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDstFRwMoTEip5IBSYE4dUj3miO0LsKrnUKQJmp7d5QYo3VhXk43jU6VUU0tVAegkzWLlQ3ohoFns+8bZyf7hj7roftrDfoC9bbbx4ihhWrZTlF0gzoH4t52yetFO5eC/tV2sm/zFoa+3IWLokOEFmAoknAVag1MmVLXTQ6WPoTPD4UsX/D3lyE4dbSKxHpMOIjqIdqSEgO0BeTdnHe5afvGXXO1VYTvPsGDHT9w8EHwQV9JXIPn7KVOp3qin7OwvFFrrB3QbiEVTJvGiH2hrfxcARTN/+TxGtf+aOFeuQykURG9Wz/aBK60EWE0wGrzuIymxtNdOR1NhmnNrUZ976Tb9WdR7FC+yM6+/kdfICy+sGQmmn8TLsGvcJTT/pl4Pa9uRAKjRJuLIEgYY6W/ms9lCRyf484yRkDlq+V0BPuN9Jy6Eb7x+tmZNkpEtkqso7wfXD8sf5BIwv2K69SVMpfTswydHGmDwHZ0zaDKGlyCiyJ1QGqUhCTXqtYVq+kQ3AcjKcysMwVEmwx/ySu0XFuV8oUkl9XK/RUoc++sMEd0EbHcn8uwCmBARNX+GLQ03vxwyMW3HyneP8EAxoqtSepZXbTdVP/0i+l7EUUeA7zsaWfU2a82ktZWpVPFGfxkuo0l3zLF19EsXPKZNqlRfkOWjSgp+qWihAkQIQk3GoduQ== openpgp:0x75EE3375"
@ -116,23 +118,168 @@
]; ];
}; };
services.netdata.enable = true;
services.openssh.enable = true; services.openssh.enable = true;
services.openssh.settings = { services.openssh.passwordAuthentication = false;
PasswordAuthentication = false; services.openssh.forwardX11 = true;
X11Forwarding = true;
# security.pki.certificates = [
# ''
# -----BEGIN CERTIFICATE-----
# MIIDoTCCAomgAwIBAgIGDorvJrq1MA0GCSqGSIb3DQEBCwUAMCgxEjAQBgNVBAMM
# CW1pdG1wcm94eTESMBAGA1UECgwJbWl0bXByb3h5MB4XDTIwMDgzMDE5MjA1NloX
# DTIzMDkwMTE5MjA1NlowKDESMBAGA1UEAwwJbWl0bXByb3h5MRIwEAYDVQQKDAlt
# aXRtcHJveHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsUHB2if9A
# L5ytR9VrZncwDdx3J6ZdA2+wZQe9EjtX5ax1r55bbQBoJmN2HqZCSA3vdvMzr42W
# Jx0ksNhNocEGvER2dTUIqkUKeeYQIRCc5CD9T5IpUVVKm3aeJo+FATmuzg4m23MZ
# a9Up4nCdUJwufSqzv0ZWvEHERWtRXPYRZ2t+vKqnCS+dOQ3NsGWvC+12i7kNMKyy
# 0ylFBY/BZfaH/kMVzUijAnNQPWpW3T/Wqpx7z+IXZ+ccCQ1U1N26FXhSMa/+DenW
# fo27QVNOu5cIIpAYmTl6+Oek0XLSH8oFLdjeVtBJuHFA1iAfmqPv4yJDKbSgg/d8
# Jb46BE2ZyW6RAgMBAAGjgdAwgc0wDwYDVR0TAQH/BAUwAwEB/zARBglghkgBhvhC
# AQEEBAMCAgQweAYDVR0lBHEwbwYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcD
# BAYIKwYBBQUHAwgGCisGAQQBgjcCARUGCisGAQQBgjcCARYGCisGAQQBgjcKAwEG
# CisGAQQBgjcKAwMGCisGAQQBgjcKAwQGCWCGSAGG+EIEATAOBgNVHQ8BAf8EBAMC
# AQYwHQYDVR0OBBYEFEiFqrQtFmTV66rlQ9SCqp7ohrtsMA0GCSqGSIb3DQEBCwUA
# A4IBAQBfH5xpxt4mCdnjiISaMeEcKuur2kfVbQEKNceDeKLZJfcwEkMtAr0LeyMV
# 1hkExtvyU0JPmgyzU7Le4UHEB8pwyyD3kYx7vBtxjVSXAbK1YKgDllPmXtlJGmA/
# SMuxnwkUXwMeZBxmu8LR1SOQiMX+aZvYbQIjigduXOC/ZSHYtJbh+RmrvHFEBu7L
# zZx8DzJKOmlfo9gohNIW1ucRM6B4B5yy5plqurGlkFPHlRqGoWkJPI4oB+cobzMh
# QidzHgk4Set3bqIuYAsqtHGxdTtnGooagQBUWt0CxmGdmonofzinsAAasKprcBl6
# QaNGz7o/LfHprXvCM1mHjbVVbZN2
# -----END CERTIFICATE-----
# ''
# ];
# services.wakeonlan.interfaces = [ { interface = "eno1"; method = "magicpacket"; } ];
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
package = pkgs.nginx.override {
modules = with pkgs.nginxModules; [ rtmp ];
};
virtualHosts."stream.nyanlout.re" = {
locations."/" = {
root = "/var/www/hls/";
extraConfig = ''
add_header Cache-Control no-cache;
add_header Access-Control-Allow-Origin *;
'';
};
default = true;
};
appendConfig = let
rootLocation = config.services.nginx.virtualHosts."stream.nyanlout.re".locations."/".root;
in ''
rtmp {
server {
listen 1935;
application live {
live on;
interleave on;
exec_push ${pkgs.ffmpeg}/bin/ffmpeg -i rtmp://localhost/$app/$name -async 1 -vsync -1
-c:v libx264 -c:a aac -b:v 256k -b:a 96k -vf "scale=480:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_low
-c:v libx264 -c:a aac -b:v 768k -b:a 96k -vf "scale=720:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_mid
-c:v libx264 -c:a aac -b:v 1024k -b:a 128k -vf "scale=960:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_high
-c:v libx264 -c:a aac -b:v 1920k -b:a 128k -vf "scale=1280:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_hd720
-c copy -f flv rtmp://localhost/show/$name_src 2>>${rootLocation}/ffmpeg-$name.log;
}
application show {
live on;
hls on;
hls_path ${rootLocation};
hls_fragment 5;
hls_playlist_length 10;
hls_nested on;
hls_variant _low BANDWIDTH=352000; # Low bitrate, sub-SD resolution
hls_variant _mid BANDWIDTH=448000; # Medium bitrate, SD resolution
hls_variant _high BANDWIDTH=1152000; # High bitrate, higher-than-SD resolution
hls_variant _hd720 BANDWIDTH=2048000; # High bitrate, HD 720p resolution
hls_variant _src BANDWIDTH=8192000; # Source bitrate, source resolution
}
}
}
'';
}; };
services.xserver.deviceSection = '' services.xserver.deviceSection = ''
Option "metamodes" "DP-4: 3440x1440_144 +0+0 {AllowGSYNCCompatible=On}" Option "metamodes" "DP-4: 3440x1440_144 +0+0 {AllowGSYNCCompatible=On}"
''; '';
services.printing.enable = true; systemd = let
services.printing.drivers = [ pkgs.hplip ]; DP4Config = "--output DP-4 --mode 3440x1440 --rate 144";
HDMIConfig = "--output HDMI-0 --auto --left-of DP-4";
systemd.services = { in {
services = {
wol = {
description = "Wake-on-LAN";
wantedBy = [ "multi-user.target" ];
requires = [ "network.target" ];
after = [ "network.target" ];
script = ''
${pkgs.ethtool}/sbin/ethtool -s eno1 wol g
'';
serviceConfig.Type = "oneshot";
};
nginx.serviceConfig.ReadWritePaths = "/var/www/hls";
zfs-replication.serviceConfig.StateDirectory = "zfs-replication"; zfs-replication.serviceConfig.StateDirectory = "zfs-replication";
}; };
user.services = {
"enableTV" = {
description = "Enable TV output";
script = ''
${pkgs.xorg.xrandr}/bin/xrandr ${DP4Config} --primary
/run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-4: 3440x1440_144 { AllowGSYNCCompatible=On }"
${pkgs.xorg.xrandr}/bin/xrandr ${HDMIConfig}
${pkgs.pipewire}/bin/pw-cli s 43 Profile '{ index: 1 }'
'';
conflicts = ["CSMode.service"];
serviceConfig.Type = "oneshot";
};
"primaryTV" = {
description = "Set TV output as primary";
script = ''
${pkgs.xorg.xrandr}/bin/xrandr ${DP4Config}
/run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-4: 3440x1440_144 { AllowGSYNCCompatible=On }"
${pkgs.xorg.xrandr}/bin/xrandr ${HDMIConfig} --primary
${pkgs.pipewire}/bin/pw-cli s 43 Profile '{ index: 1 }'
'';
conflicts = ["CSMode.service"];
serviceConfig.Type = "oneshot";
};
"FreeSyncMode" = {
description = "Enable FreeSync screen only";
script = ''
${pkgs.xorg.xrandr}/bin/xrandr ${DP4Config}
/run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-4: 3440x1440_144 { AllowGSYNCCompatible=On }"
${pkgs.xorg.xrandr}/bin/xrandr --output HDMI-0 --off
'';
conflicts = ["CSMode.service"];
serviceConfig.Type = "oneshot";
};
"CSMode" = {
description = "Enable 4:3 black bars";
script = ''
${pkgs.xorg.xrandr}/bin/xrandr ${DP4Config} --primary
/run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-4: 3440x1440_144 { ViewPortIn=3440x1440, ViewPortOut=1920x1440+760+0, AllowGSYNCCompatible=On }"
${pkgs.xorg.xrandr}/bin/xrandr --output HDMI-0 --off
'';
preStop = ''
/run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-4: 3440x1440_144 { ViewPortIn=3440x1440, ViewPortOut=3440x1440+0+0, AllowGSYNCCompatible=On }"
'';
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
};
};
};
boot.enableContainers = false;
system.stateVersion = "20.03"; system.stateVersion = "20.03";
} }

66
systems/PC-Fixe/hardware-configuration.nix
View file

@ -1,79 +1,55 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
{ {
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ boot.kernelModules = [ "kvm-amd" "coretemp" "it87" ];
"kvm-amd"
"coretemp"
"it87"
];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
services.xserver.videoDrivers = [ "nvidia" ]; services.xserver.videoDrivers = [ "nvidia" ];
hardware.cpu.amd.updateMicrocode = true; hardware.cpu.amd.updateMicrocode = true;
hardware.nvidia = {
open = false;
modesetting.enable = true;
package = config.boot.kernelPackages.nvidiaPackages.latest;
};
fileSystems."/" = { fileSystems."/" =
device = "rpool/root/nixos"; { device = "rpool/root/nixos";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/boot" = { fileSystems."/boot" =
device = "/dev/disk/by-uuid/F4EC-57DF"; { device = "/dev/disk/by-uuid/F4EC-57DF";
fsType = "vfat"; fsType = "vfat";
}; };
fileSystems."/home" = { fileSystems."/home" =
device = "fastaf/home"; { device = "fastaf/home";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/mnt/steam" = { fileSystems."/mnt/steam" =
device = "fastaf/steam"; { device = "fastaf/steam";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/mnt/games" = { fileSystems."/mnt/games" =
device = "fastaf/games"; { device = "fastaf/games";
fsType = "zfs"; fsType = "zfs";
}; };
# fileSystems."/mnt/hdd" = fileSystems."/mnt/hdd" =
# { device = "/dev/mapper/ManjaroVG-ManjaroRoot"; { device = "/dev/mapper/ManjaroVG-ManjaroRoot";
# fsType = "ext4"; fsType = "ext4";
# }; };
fileSystems."/mnt/medias" = { fileSystems."/mnt/medias" =
device = "10.30.0.1:/mnt/medias"; { device = "10.30.0.1:/mnt/medias";
fsType = "nfs"; fsType = "nfs";
options = [ options = ["x-systemd.automount" "noauto"];
"x-systemd.automount"
"noauto"
];
}; };
swapDevices = [ ]; swapDevices = [ ];
nix.settings.max-jobs = lib.mkDefault 12; nix.maxJobs = lib.mkDefault 12;
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
} }

135
systems/common-cli.nix
View file

@ -1,104 +1,35 @@
{ pkgs, ... }: { config, pkgs, ... }:
{ {
time.timeZone = "Europe/Paris"; time.timeZone = "Europe/Paris";
programs.nixvim = { environment.systemPackages = with pkgs; [
enable = true; # Editeurs
(neovim.override {
viAlias = true; viAlias = true;
vimAlias = true; vimAlias = true;
colorschemes.catppuccin.enable = true; configure = {
highlight.ExtraWhitespace.bg = "red"; # Highlight extra white spaces customRC = ''
performance = { set tabstop=8
byteCompileLua = { set shiftwidth=4
enable = true; set softtabstop=0
nvimRuntime = true; set expandtab
configs = true; set smarttab
plugins = true; set background=dark
}; '';
}; packages.myVimPackage = with pkgs.vimPlugins; {
opts = { start = [
updatetime = 100; # Faster completion vim-startify airline sensible
polyglot ale fugitive
# Line numbers
number = true; # Display the absolute line number of the current line
hidden = true; # Keep closed buffer open in the background
mouse = "a"; # Enable mouse control
mousemodel = "extend"; # Mouse right-click extends the current selection
splitbelow = true; # A new window is put below the current one
splitright = true; # A new window is put right of the current one
modeline = true; # Tags such as 'vim:ft=sh'
modelines = 100; # Sets the type of modelines
undofile = true; # Automatically save and restore undo history
incsearch = true; # Incremental search: show match for partly typed search command
ignorecase = true; # When the search query is lower-case, match both lower and upper-case patterns
smartcase = true; # Override the 'ignorecase' option if the search pattern contains upper case characters
cursorline = true; # Highlight the screen line of the cursor
cursorcolumn = true; # Highlight the screen column of the cursor
signcolumn = "yes"; # Whether to show the signcolumn
laststatus = 3; # When to use a status line for the last window
fileencoding = "utf-8"; # File-content encoding for the current buffer
termguicolors = true; # Enables 24-bit RGB color in the |TUI|
wrap = false; # Prevent text from wrapping
# Tab options
tabstop = 2; # Number of spaces a <Tab> in the text stands for (local to buffer)
shiftwidth = 2; # Number of spaces used for each step of (auto)indent (local to buffer)
softtabstop = 0; # If non-zero, number of spaces to insert for a <Tab> (local to buffer)
expandtab = true; # Expand <Tab> to spaces in Insert mode (local to buffer)
autoindent = true; # Do clever autoindenting
showmatch = true; # when closing a bracket, briefly flash the matching one
matchtime = 1; # duration of that flashing n deci-seconds
startofline = true; # motions like "G" also move to the first char
report = 9001; # disable "x more/fewer lines" messages
};
plugins = {
lualine.enable = true;
lsp = {
enable = true;
inlayHints = true;
servers = {
nixd.enable = true;
ruff.enable = true;
};
};
lspkind.enable = true;
lsp-lines.enable = true;
lsp-signature.enable = true;
bufferline.enable = true;
telescope.enable = true;
which-key.enable = true;
treesitter = {
enable = true;
settings = {
highlight = {
enable = true;
additional_vim_regex_highlighting = true;
};
indent = {
enable = true;
};
};
};
cmp = {
enable = true;
autoEnableSources = true;
settings.sources = [
{ name = "nvim_lsp"; }
{ name = "path"; }
{ name = "buffer"; }
]; ];
}; opt = [ ];
web-devicons.enable = true;
}; };
}; };
})
environment.systemPackages = with pkgs; [
# Gestionnaires de version # Gestionnaires de version
gitMinimal
tig tig
gitAndTools.hub gitAndTools.hub
quilt quilt
@ -118,6 +49,7 @@
inetutils inetutils
rclone rclone
lftp lftp
wireguard-tools
nfs-utils nfs-utils
nmap nmap
@ -125,7 +57,7 @@
fzf fzf
file file
ncdu ncdu
yt-dlp youtube-dl
tldr tldr
starship starship
@ -142,8 +74,6 @@
# Développement # Développement
openssl openssl
treefmt
nixfmt-rfc-style
]; ];
users.defaultUserShell = pkgs.zsh; users.defaultUserShell = pkgs.zsh;
@ -164,14 +94,8 @@
''; '';
ohMyZsh = { ohMyZsh = {
enable = true; enable = true;
plugins = [ plugins = [ "git" "colored-man-pages" "command-not-found" "extract" "nix" ];
"git" customPkgs = with pkgs;[
"colored-man-pages"
"command-not-found"
"extract"
"nix"
];
customPkgs = with pkgs; [
nix-zsh-completions nix-zsh-completions
]; ];
}; };
@ -180,18 +104,15 @@
bash.interactiveShellInit = '' bash.interactiveShellInit = ''
eval "$(starship init bash)" eval "$(starship init bash)"
''; '';
git.enable = true;
}; };
environment.variables = environment.variables = let
let starshipConfToml =
starshipConfToml = pkgs.writeText "starship.toml" '' pkgs.writeText "starship.toml" ''
[[battery.display]] [[battery.display]]
threshold = 50 threshold = 50
''; '';
in in {
{
EDITOR = "nvim"; EDITOR = "nvim";
STARSHIP_CONFIG = "${starshipConfToml}"; STARSHIP_CONFIG = "${starshipConfToml}";
}; };

136
systems/common-gui.nix
View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
nixpkgs.config.allowUnfreePredicate = (pkg: true);
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
filezilla filezilla
qbittorrent qbittorrent
@ -8,49 +10,46 @@
sc-controller sc-controller
steam-run steam-run
prismlauncher minecraft
lutris lutris
teamspeak_client teamspeak_client
ryujinx
betaflight-configurator betaflight-configurator
electrum
electron-cash
ledger-live-desktop ledger-live-desktop
monero-gui monero-gui
firefox
tor-browser-bundle-bin tor-browser-bundle-bin
brave chromium
tdesktop tdesktop
element-desktop element-desktop
mumble mumble
discord discord
kdePackages.kleopatra kleopatra
gnupg gnupg
gopass gopass
xclip xclip
kdePackages.kdeplasma-addons kdeplasma-addons
kdePackages.ark ark
kdePackages.kate kate
kdePackages.kmail kmail
kdePackages.kdeconnect-kde kdeconnect
kdePackages.okular okular
kdePackages.yakuake yakuake
kdePackages.konversation konversation
kdePackages.gwenview gwenview
kdePackages.kcalc kcalc
kdePackages.spectacle spectacle
kdePackages.kinfocenter kinfocenter
kile kile
(texlive.combine { (texlive.combine {
inherit (texlive) inherit (texlive) scheme-small titling collection-langfrench cm-super;
scheme-small
titling
collection-langfrench
cm-super
;
}) })
libsForQt5.breeze-gtk libsForQt5.breeze-gtk
@ -63,80 +62,73 @@
obs-studio obs-studio
vlc vlc
mpv mpv
jellyfin-mpv-shim
kdenlive
glxinfo glxinfo
i7z i7z
appimage-run
pavucontrol pavucontrol
]; ];
fonts.packages = with pkgs; [
nerd-fonts.jetbrains-mono
nerd-fonts.ubuntu-mono
nerd-fonts.fira-mono
];
i18n = { i18n = {
defaultLocale = "fr_FR.UTF-8"; defaultLocale = "fr_FR.UTF-8";
}; };
console.keyMap = "fr"; console.keyMap = "fr";
networking.networkmanager.enable = true; programs.steam.enable = true;
systemd.extraConfig = "DefaultLimitNOFILE=1048576"; # hardware = {
# pulseaudio.enable = true;
# };
security = { # sound.enable = true;
pam.loginLimits = [
{
domain = "*";
type = "hard";
item = "nofile";
value = "1048576";
}
];
rtkit.enable = true;
};
programs = { security.rtkit.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
browserpass.enable = true;
steam.enable = true;
firefox.enable = true;
appimage.enable = true;
};
services = { services.pipewire = {
desktopManager.plasma6.enable = true;
displayManager = {
sddm = {
enable = true;
wayland.enable = true;
autoLogin.relogin = true;
};
};
xserver = {
enable = true;
xkb.layout = "fr";
exportConfiguration = true;
};
pipewire = {
enable = true; enable = true;
alsa.enable = true; alsa.enable = true;
alsa.support32Bit = true; alsa.support32Bit = true;
pulse.enable = true; pulse.enable = true;
extraConfig.pipewire = {
"10-clock-rate" = {
"context.properties" = {
"default.clock.allowed-rates" = [ 48000 ];
};
}; };
networking.networkmanager.enable = true;
systemd.extraConfig = "DefaultLimitNOFILE=1048576";
security.pam.loginLimits = [{
domain = "*";
type = "hard";
item = "nofile";
value = "1048576";
}];
programs = {
gnupg.agent = { enable = true; enableSSHSupport = true; };
browserpass.enable = true;
}; };
services = {
xserver = {
enable = true;
layout = "fr";
exportConfiguration = true;
displayManager.sddm.enable = true;
desktopManager.plasma5.enable = true;
}; };
udev.packages = with pkgs; [ ledger-udev-rules ]; udev.packages = with pkgs; [ ledger-udev-rules ];
pcscd.enable = true; pcscd = {
enable = true;
plugins = [
(pkgs.ccid.overrideAttrs (oldAttrs: rec {
preBuild = ''
echo "0x2C97:0x0001:Ledger Token" >> ./readers/supported_readers.txt
'';
})
)
];
};
}; };
environment.etc = { environment.etc = {

3
treefmt.toml
View file

@ -1,3 +0,0 @@
[formatter.nixfmt-rfc-style]
command = "nixfmt"
includes = ["*.nix"]