2018-04-10 20:28:22 +02:00
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
|
|
|
with lib;
|
|
|
|
|
|
|
|
let
|
2018-04-19 19:35:11 +02:00
|
|
|
domaine = "nyanlout.re";
|
2018-04-25 00:32:42 +02:00
|
|
|
|
2019-06-15 14:37:58 +02:00
|
|
|
sendMail = to: subject: message: pkgs.writeShellScriptBin "mail.sh" ''
|
|
|
|
${pkgs.system-sendmail}/bin/sendmail ${to} <<EOF
|
2019-06-07 11:57:12 +02:00
|
|
|
From: root@nyanlout.re
|
2019-06-15 14:37:58 +02:00
|
|
|
Subject: ${subject}
|
|
|
|
${message}
|
2019-06-07 11:57:12 +02:00
|
|
|
EOF
|
2019-06-15 14:37:58 +02:00
|
|
|
'';
|
|
|
|
|
|
|
|
login_mail_alert = pkgs.writeShellScriptBin "mail_alert.sh" ''
|
2021-10-11 11:00:25 +02:00
|
|
|
if [ "$PAM_TYPE" != "close_session" ] && [ "$PAM_USER" != "zfspaulfixe" ] && [ "$PAM_USER" != "synology" ] && [ "$PAM_USER" != "rezome" ]; then
|
2019-07-31 13:53:17 +02:00
|
|
|
${sendMail "paul@nyanlout.re" "SSH Login: $PAM_USER from $PAM_RHOST" "`env`"}/bin/mail.sh
|
2019-06-07 11:57:12 +02:00
|
|
|
fi
|
|
|
|
'';
|
2019-06-15 14:37:58 +02:00
|
|
|
|
|
|
|
backup_mail_alert = sendMail "paul@nyanlout.re" "ERREUR: Sauvegarde Borg" "Impossible de terminer la sauvegarde. Merci de voir les logs";
|
2018-04-10 20:28:22 +02:00
|
|
|
in
|
2018-04-01 15:04:49 +02:00
|
|
|
|
|
|
|
{
|
2018-04-11 22:09:44 +02:00
|
|
|
imports = [
|
2019-11-01 15:24:50 +01:00
|
|
|
./monitoring.nix
|
|
|
|
./medias.nix
|
|
|
|
./web.nix
|
2018-04-11 22:09:44 +02:00
|
|
|
];
|
|
|
|
|
2021-10-11 10:43:57 +02:00
|
|
|
security.acme.certs = {
|
|
|
|
"${domaine}" = {
|
|
|
|
extraDomainNames = [
|
|
|
|
"mail.${domaine}"
|
|
|
|
];
|
|
|
|
postRun = ''
|
|
|
|
systemctl reload dovecot2.service
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
mailserver = {
|
|
|
|
enable = true;
|
|
|
|
fqdn = "mail.${domaine}";
|
|
|
|
domains = [ domaine ];
|
|
|
|
|
|
|
|
# A list of all login accounts. To create the password hashes, use
|
|
|
|
# mkpasswd -m sha-512 "super secret password"
|
|
|
|
loginAccounts = {
|
|
|
|
"paul@${domaine}" = {
|
2021-11-03 22:06:20 +01:00
|
|
|
hashedPassword = "$6$eGmy2W7kbkfHAh$/y.ZML4eYL/v14WaVwSIG2ulkUFKFk82uBmrYBDULLtqUR8hQD3/BQIrRiBtsloxrUSja8aZ.E7ypChO.OiOI/";
|
2021-10-11 10:43:57 +02:00
|
|
|
};
|
|
|
|
"claire@${domaine}" = {
|
|
|
|
hashedPassword = "$6$Y.vlWP9./DX$NEQQOLzYftbHOvXDkKdBYFAjzIjh8mlpomDuQRq6qkkZijrdy/p6jSbrpBLhoWwVmj4j1OWekHU1f4C9xCNJk.";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
# Certificate setup
|
2023-06-13 14:05:05 +02:00
|
|
|
certificateScheme = "manual";
|
2021-10-11 10:43:57 +02:00
|
|
|
certificateFile = "/var/lib/acme/${domaine}/fullchain.pem";
|
|
|
|
keyFile = "/var/lib/acme/${domaine}/key.pem";
|
|
|
|
|
|
|
|
# Enable IMAP and POP3
|
|
|
|
enableImap = true;
|
|
|
|
enablePop3 = true;
|
|
|
|
enableImapSsl = true;
|
|
|
|
enablePop3Ssl = true;
|
|
|
|
|
|
|
|
# Enable the ManageSieve protocol
|
|
|
|
enableManageSieve = true;
|
|
|
|
};
|
|
|
|
|
2018-09-04 14:05:06 +02:00
|
|
|
services = {
|
2021-10-11 10:43:57 +02:00
|
|
|
rspamd.workers.controller.extraConfig = ''
|
2024-02-22 11:11:06 +01:00
|
|
|
secure_ip = ["0.0.0.0/0", "::"];
|
2021-10-11 10:43:57 +02:00
|
|
|
'';
|
|
|
|
|
2022-07-05 20:40:48 +02:00
|
|
|
# redis.enable = true;
|
2021-01-06 02:15:38 +01:00
|
|
|
|
2022-07-05 20:41:04 +02:00
|
|
|
# enable with nginx defult config
|
|
|
|
logrotate.enable = true;
|
2018-09-04 14:05:06 +02:00
|
|
|
|
|
|
|
fail2ban.enable = true;
|
2018-04-03 21:13:18 +02:00
|
|
|
|
2018-09-04 14:05:06 +02:00
|
|
|
fstrim.enable = true;
|
|
|
|
|
|
|
|
nfs.server = {
|
|
|
|
enable = true;
|
|
|
|
exports = ''
|
2019-05-01 23:06:17 +02:00
|
|
|
/mnt/medias 10.30.0.0/16(ro,no_root_squash)
|
2019-10-22 00:34:08 +02:00
|
|
|
/var/lib/minecraft 10.30.0.0/16(rw,no_root_squash)
|
2018-09-04 14:05:06 +02:00
|
|
|
'';
|
|
|
|
statdPort = 4000;
|
|
|
|
lockdPort = 4001;
|
|
|
|
mountdPort = 4002;
|
2018-04-22 00:01:25 +02:00
|
|
|
};
|
|
|
|
|
2018-09-04 14:05:06 +02:00
|
|
|
borgbackup.jobs = {
|
|
|
|
loutre = {
|
|
|
|
paths = [
|
|
|
|
"/var/certs"
|
|
|
|
"/var/dkim"
|
2019-06-15 14:36:14 +02:00
|
|
|
"/var/lib/jellyfin"
|
2018-09-04 14:05:06 +02:00
|
|
|
"/var/lib/gitea"
|
|
|
|
"/var/lib/grafana"
|
|
|
|
"/var/lib/jackett"
|
2022-11-29 21:45:48 +01:00
|
|
|
"/mnt/borgsnap/postgresql"
|
2018-09-04 14:05:06 +02:00
|
|
|
"/var/lib/radarr"
|
|
|
|
"/var/lib/sonarr"
|
|
|
|
"/var/lib/transmission"
|
2022-11-29 21:53:24 +01:00
|
|
|
"/var/lib/airsonic"
|
|
|
|
"/var/lib/hass"
|
|
|
|
"/var/lib/opendkim"
|
|
|
|
"/var/lib/slimserver"
|
2024-08-07 09:36:58 +02:00
|
|
|
"/var/lib/watcharr"
|
|
|
|
"/var/lib/nextcloud"
|
2021-10-11 10:52:39 +02:00
|
|
|
"/mnt/paul-home/paul"
|
2018-09-04 14:05:06 +02:00
|
|
|
"/var/sieve"
|
|
|
|
"/var/vmail"
|
2022-11-29 21:45:48 +01:00
|
|
|
"/mnt/backup_loutre/amandoleen"
|
2022-11-29 21:53:24 +01:00
|
|
|
"/mnt/secrets"
|
2018-09-04 14:05:06 +02:00
|
|
|
];
|
2021-10-11 11:00:40 +02:00
|
|
|
exclude = [
|
|
|
|
"/var/lib/radarr/.config/Radarr/radarr.db-wal"
|
|
|
|
"/var/lib/radarr/.config/Radarr/radarr.db-shm"
|
2024-08-07 09:36:58 +02:00
|
|
|
"/mnt/paul-home/paul/.cache"
|
2021-10-11 11:00:40 +02:00
|
|
|
];
|
2022-06-14 08:16:01 +02:00
|
|
|
repo = "ssh://u306925@u306925.your-storagebox.de:23/./loutreos";
|
|
|
|
environment = { BORG_RSH = "ssh -i /mnt/secrets/hetzner_ssh_key"; };
|
2018-09-04 14:05:06 +02:00
|
|
|
encryption = {
|
|
|
|
mode = "repokey-blake2";
|
|
|
|
passCommand = "cat /mnt/secrets/borgbackup_loutre_encryption_pass";
|
|
|
|
};
|
|
|
|
startAt = "weekly";
|
|
|
|
prune.keep = {
|
|
|
|
within = "1d";
|
|
|
|
weekly = 4;
|
|
|
|
monthly = 12;
|
|
|
|
};
|
2022-11-29 21:45:48 +01:00
|
|
|
preHook = ''
|
|
|
|
${pkgs.zfs}/bin/zfs snapshot loutrepool/var/postgresql@borgsnap
|
|
|
|
mkdir -p /mnt/borgsnap/postgresql
|
|
|
|
${config.security.wrapperDir}/mount -t zfs loutrepool/var/postgresql@borgsnap /mnt/borgsnap/postgresql
|
|
|
|
'';
|
2021-10-11 11:00:40 +02:00
|
|
|
readWritePaths = [ "/var/lib/postfix/queue/maildrop" ];
|
2018-09-04 14:05:06 +02:00
|
|
|
postHook = ''
|
2022-11-29 21:45:48 +01:00
|
|
|
${config.security.wrapperDir}/umount /mnt/borgsnap/postgresql
|
2018-09-04 14:05:06 +02:00
|
|
|
${pkgs.zfs}/bin/zfs destroy loutrepool/var/postgresql@borgsnap
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
2018-06-05 14:04:36 +02:00
|
|
|
|
2018-09-04 14:05:06 +02:00
|
|
|
borgbackup.repos = {
|
|
|
|
diskstation = {
|
|
|
|
authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDllbxON66dBju7sMnhX8/E0VRo3+PDYvDsHP0/FK+h8JHol4+pouLmI7KIDKYOJmSuom283OqnyZOMqk+RShTwWIFm9hOd2R9aj45Zrd9jPW2APOCec/Epgogj0bwBnc0l2v6qxkxaBMgL5DnAQ+E00uvL1UQpK8c8j4GGiPlkWJD6Kf+pxmnfH1TIm+J2XCwl0oeCkSK/Frd8eM+wCraMSzoaGiEcfMz2jK8hxDWjDxX7epU0ELF22BVCuyN8cYRoFTnV88E38PlaqsOqD5ePkxk425gDh7j/C06f8QKgnasVH2diixo92kYSd7i/RmfeXDDwAD5xqUvODczEuIdt root@DiskStation" ];
|
|
|
|
path = "/mnt/backup_loutre/diskstation_borg";
|
|
|
|
user = "synology";
|
|
|
|
};
|
2021-10-11 11:01:46 +02:00
|
|
|
minecraft-rezome = {
|
|
|
|
authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc1nGsSesW96k0DPMSt/chjvCrYmfgPgHG1hdUYB5x0pZPdOJaVRIlETWdoFlO+ViviC518B3TF7Qc3oJXPZMchJQl684Nukbc312juf+j9z/KT3dqD8YvKX6o5ynx1Dyq52ftrfkBAEAvzE0OfRljUPbwGBOM0dGRD4R1jbiHquTXpITlbgGTZymbwr4Jr9W9atgf5kHMiX7xOqMZcasDtUE8g+AG4ysHdpjOrBOUM9QeRbVP1bxEFP8xjqOOoET5tbkwektP4B2jaf+EHBPUy2lkwjVEKT6MaSlkJx/wMvUWp25kG9mrXgwUw1bgfOeZIsK6ztcki3l92BJQD9ip shame@minecraft.rezom.eu" ];
|
|
|
|
path = "/mnt/backup_loutre/minecraft_rezome";
|
|
|
|
user = "rezome";
|
|
|
|
};
|
2018-09-04 14:05:06 +02:00
|
|
|
};
|
2018-06-26 14:13:45 +02:00
|
|
|
|
2020-08-30 21:15:31 +02:00
|
|
|
kresd = {
|
|
|
|
enable = true;
|
|
|
|
};
|
2020-08-30 21:16:41 +02:00
|
|
|
|
2023-06-22 18:40:32 +02:00
|
|
|
mosquitto = {
|
|
|
|
enable = true;
|
|
|
|
listeners = [
|
|
|
|
{
|
|
|
|
acl = [ "pattern readwrite #" ];
|
|
|
|
omitPasswordAuth = true;
|
|
|
|
address = "127.0.0.1";
|
|
|
|
settings.allow_anonymous = true;
|
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
zigbee2mqtt = {
|
|
|
|
enable = true;
|
|
|
|
settings = {
|
|
|
|
mqtt = {
|
|
|
|
server = "mqtt://${(head config.services.mosquitto.listeners).address}:${toString (head config.services.mosquitto.listeners).port}";
|
|
|
|
};
|
|
|
|
frontend = {
|
|
|
|
port = 8080;
|
|
|
|
host = "127.0.0.1";
|
|
|
|
url = "https://zigbee.nyanlout.re";
|
|
|
|
};
|
|
|
|
groups = {
|
|
|
|
"101" = {
|
|
|
|
friendly_name = "salon";
|
|
|
|
devices = [
|
|
|
|
"0x94deb8fffe760f3d"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
"102" = {
|
|
|
|
friendly_name = "cuisine";
|
|
|
|
devices = [
|
|
|
|
"0x003c84fffe6d9ee6"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
"103" = {
|
|
|
|
friendly_name = "entrée";
|
|
|
|
devices = [
|
|
|
|
"0x84ba20fffe5ec243"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
"104" = {
|
|
|
|
friendly_name = "tout";
|
|
|
|
devices = [
|
|
|
|
"0x94deb8fffe760f3d"
|
|
|
|
"0x003c84fffe6d9ee6"
|
|
|
|
"0x84ba20fffe5ec243"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
"107" = {
|
|
|
|
friendly_name = "chambre";
|
|
|
|
devices = [
|
|
|
|
"0x84ba20fffe5eb120"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2020-08-30 21:16:41 +02:00
|
|
|
home-assistant = {
|
|
|
|
enable = true;
|
2022-10-14 14:12:40 +02:00
|
|
|
extraComponents = [
|
|
|
|
# Components required to complete the onboarding
|
|
|
|
"met"
|
|
|
|
"radio_browser"
|
|
|
|
];
|
2020-08-30 21:16:41 +02:00
|
|
|
config = {
|
2022-10-14 14:12:40 +02:00
|
|
|
default_config = {};
|
2020-09-11 02:02:36 +02:00
|
|
|
homeassistant = {
|
2023-06-22 18:40:32 +02:00
|
|
|
country = "FR";
|
2022-10-14 14:12:40 +02:00
|
|
|
latitude = 48.60038;
|
|
|
|
longitude = 7.74063;
|
|
|
|
elevation = 146;
|
2020-09-11 02:02:36 +02:00
|
|
|
};
|
2022-10-14 14:12:40 +02:00
|
|
|
meteo_france = null;
|
2021-10-11 11:02:59 +02:00
|
|
|
http = {
|
|
|
|
use_x_forwarded_for = true;
|
|
|
|
trusted_proxies = [ "127.0.0.1" ];
|
|
|
|
};
|
2023-06-22 18:40:32 +02:00
|
|
|
mqtt = null;
|
2020-09-11 02:02:36 +02:00
|
|
|
esphome = null;
|
2020-08-30 21:16:41 +02:00
|
|
|
light = [
|
|
|
|
{
|
|
|
|
platform = "group";
|
|
|
|
name = "Salon";
|
|
|
|
entities = [
|
2023-06-22 18:40:32 +02:00
|
|
|
"light.salon_light"
|
|
|
|
"light.cuisine_light"
|
|
|
|
"light.entree_light"
|
2020-08-30 21:16:41 +02:00
|
|
|
];
|
|
|
|
}
|
|
|
|
];
|
|
|
|
media_player = [
|
|
|
|
{
|
|
|
|
platform = "squeezebox";
|
|
|
|
host = "10.30.0.1";
|
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
2022-12-30 15:08:37 +01:00
|
|
|
|
|
|
|
photoprism = {
|
|
|
|
enable = true;
|
|
|
|
originalsPath = "/mnt/backup_loutre/amandoleen/d/Users/Amand/Pictures";
|
2023-05-18 20:23:02 +02:00
|
|
|
passwordFile = "/mnt/secrets/photoprism_pass";
|
2023-02-16 17:13:06 +01:00
|
|
|
settings = {
|
2023-01-05 11:25:26 +01:00
|
|
|
PHOTOPRISM_READONLY = "1";
|
2023-05-18 20:23:02 +02:00
|
|
|
PHOTOPRISM_DETECT_NSFW = "1";
|
2023-01-05 11:28:10 +01:00
|
|
|
PHOTOPRISM_SITE_URL = "https://photo.nyanlout.re/";
|
2022-12-30 15:08:37 +01:00
|
|
|
};
|
|
|
|
};
|
2018-09-04 14:05:06 +02:00
|
|
|
};
|
2018-05-10 19:00:14 +02:00
|
|
|
|
2024-07-14 14:56:46 +02:00
|
|
|
systemd = {
|
|
|
|
timers."lg-devmode-reset" = {
|
|
|
|
wantedBy = [ "timers.target" ];
|
|
|
|
timerConfig = {
|
|
|
|
OnBootSec = "5m";
|
|
|
|
OnUnitActiveSec = "1w";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
services = {
|
|
|
|
"borgbackup-job-loutre".serviceConfig.TemporaryFileSystem = ["/mnt/borgsnap"];
|
|
|
|
"lg-devmode-reset" = {
|
|
|
|
script = ''
|
|
|
|
${pkgs.curl}/bin/curl https://developer.lge.com/secure/ResetDevModeSession.dev\?sessionToken\=9f94269da0dc14fd924b65d8dca28b076f931ad1ca04fe7a09ac78cdb0e22cb4
|
|
|
|
'';
|
|
|
|
serviceConfig = {
|
|
|
|
Type = "oneshot";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2022-11-29 21:45:48 +01:00
|
|
|
|
2021-10-22 11:06:14 +02:00
|
|
|
dogetipbot-telegram.enable = true;
|
2018-09-04 14:05:06 +02:00
|
|
|
|
2021-11-03 20:10:03 +01:00
|
|
|
ipmihddtemp.enable = true;
|
|
|
|
|
2020-04-16 08:56:01 +02:00
|
|
|
users.groups.nginx.members = [ "matrix-synapse" ];
|
2019-02-12 11:15:01 +01:00
|
|
|
|
2019-11-01 15:24:50 +01:00
|
|
|
security.pam.services.sshd.text = pkgs.lib.mkDefault( pkgs.lib.mkAfter "session optional ${pkgs.pam}/lib/security/pam_exec.so seteuid ${login_mail_alert}/bin/mail_alert.sh" );
|
2018-09-04 14:05:06 +02:00
|
|
|
|
2018-09-16 16:28:47 +02:00
|
|
|
networking = {
|
2019-11-21 02:11:59 +01:00
|
|
|
firewall.interfaces.eno2.allowedTCPPorts = [
|
|
|
|
3260
|
|
|
|
];
|
|
|
|
|
2018-09-16 16:28:47 +02:00
|
|
|
firewall.allowedTCPPorts = [
|
|
|
|
20 21 # FTP
|
|
|
|
];
|
|
|
|
|
|
|
|
firewall.allowedTCPPortRanges = [
|
|
|
|
{ from = 64000; to = 65535; } # FTP
|
|
|
|
];
|
|
|
|
};
|
2018-04-01 15:04:49 +02:00
|
|
|
}
|