diff --git a/services/mail-server.nix b/services/mail-server.nix index 9b6112606..a95e33706 100644 --- a/services/mail-server.nix +++ b/services/mail-server.nix @@ -17,8 +17,8 @@ in imports = [ (builtins.fetchTarball { - url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.3.0/nixos-mailserver-v2.3.0.tar.gz"; - sha256 = "0lpz08qviccvpfws2nm83n7m2r8add2wvfg9bljx9yxx8107r919"; + url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/5cd6f8e7b3f5d5bf56e407c5e79a682cb250d911/nixos-mailserver-5cd6f8e7b3f5d5bf56e407c5e79a682cb250d911.tar.gz"; + sha256 = "0vdq5qsz8vvaryyzsama76lh3v57abvq3j5a3hb23yp7z2wlrk63"; }) ]; @@ -63,9 +63,9 @@ in security.acme.certs = { "${cfg.domaine}" = { - extraDomains = { - "mail.${cfg.domaine}" = null; - }; + extraDomainNames = [ + "mail.${cfg.domaine}" + ]; postRun = '' systemctl reload dovecot2.service ''; diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 1f7af1183..58c42860c 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -33,7 +33,7 @@ in ]; nixpkgs.config.allowUnfree = false; - nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem pkg.pname or (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.30.1-slimserver" "minecraft-server" ]); + nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem pkg.pname or (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.32.0-slimserver" "minecraft-server" ]); services.zfs = { autoSnapshot.enable = true; diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index eea4617fd..f643edfe4 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -5,6 +5,7 @@ transmission = { enable = true; home = "/var/lib/transmission"; + port = 9091; settings = { rpc-bind-address = "127.0.0.1"; rpc-host-whitelist = "*"; @@ -18,7 +19,10 @@ sonarr.enable = true; jackett.enable = true; - jellyfin.enable = true; + jellyfin = { + enable = true; + package = pkgs.jellyfin; + }; slimserver = { enable = true; @@ -31,6 +35,8 @@ }; }; + systemd.services.transmission.serviceConfig.BindPaths = [ "/mnt/medias" ]; + networking = { firewall.allowedTCPPorts = [ config.services.transmission.settings.peer-port diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 16370062c..28937b5c8 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -492,7 +492,6 @@ in # ''; users.groups.nginx.members = [ "matrix-synapse" ]; - security.acme.certs."nyanlout.re".allowKeysForGroup = true; security.pam.services.sshd.text = pkgs.lib.mkDefault( pkgs.lib.mkAfter "session optional ${pkgs.pam}/lib/security/pam_exec.so seteuid ${login_mail_alert}/bin/mail_alert.sh" ); diff --git a/systems/LoutreOS/users.nix b/systems/LoutreOS/users.nix index 3fd89ab50..92cd00965 100644 --- a/systems/LoutreOS/users.nix +++ b/systems/LoutreOS/users.nix @@ -6,7 +6,7 @@ uid = 1000; isNormalUser = true; description = "Paul TREHIOU"; - extraGroups = [ "wheel" "medias" ]; + extraGroups = [ "wheel" "medias" "transmission" ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAF7VlzHzgg70uFbRFtVTS34qNBke/RD36mRENAsa33RxztxrqMsIDscAD/d6CTe6HDy7MCGzJnWCJSXj5iOQFM4RRMvKNEgCKPHqfhmfVvO4YZuMjNB0ufVf6zhJL4Hy43STf7NIWrenGemUP+OvVSwN/ujgl2KKw4KJZt25/h/7JjlCgsZm4lWg4xcjoiKL701W2fbEoU73XKdbRTgTvKoeK1CGxdAPFefFDFcv/mtJ7d+wIxw9xODcLcA66Bu94WGMdpyEAJc4nF8IOy4pW8AzllDi0qNEZGCQ5+94upnLz0knG1ue9qU2ScAkW1/5rIJTHCVtBnmbLNSAOBAstaGQJuSL40TWZ1oPA5i1qUEhunNcJ+Sgtp6XP69qY34T/AeJvHRyw5M5LfN0g+4ka9k06NPBhbpHFASz4M8nabQ0iM63++xcapnw/8gk+EPhYVKW86SsyTa9ur+tt6oDWEKNaOhgscX44LexY7jKdeBRt3GaObtBJtVLBRx3Z2aRXgjgnKGqS40mGRiSkqb2DShspI1l8DV2RrPiuwdBzXVQjWRc0KXmJrcgXX9uoPSxihxwaUQyvmITOV1Y+NEuek4gRkVNOxjoG7RGnaYvYzxEQVoI5TwZC2/DCrAUgCv8DQawkcpEiWnBq7Q5VnpmFx5juVQ/I0G8byOkPXgRUOk9 openpgp:0xAB524BBC" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCACVI2dL4AmOdcb7RSl3JZpfK33NhqrYFfWfXMYow5SPJ9VPteOp5kVvKUuSbGH3chjpttYC/ueQJJhFagiKmkeftQTslIw6C009wUExGpJwRotHqISXv2ctURGURKy2FF848whd7xZJzdj49ZJ6S+SCbRFZvVWfT2dP/JwTiWW1mbEaWKyOgrixH6wSKt9ECumjX9KjqSWGw+k3yLJxIhdqiZAjNv4soJs1mQYdIlFCXCuznzoZIQBexZPQCx0j9HjczPz1feMLWkrHzEMexNjsBE2uA6yXLbH1wa8xCJ4VOeD7u9JqVY579AsicD62G+qIgw0B2zmyz7xTrdPv+061zmYn6qYr8EXGTk4dVgedZp8M1XzZ1PVoeeftPFcClXC7zCGyCR2uzJbQLzlaTwZrdghAiS9UhMRuKpNgZy2zDWw4MqdojrF5bndPkoijlXWYrPYBFED5OU1mpwzpanYgldowJC/Ixjwi+Hmse2q4XgZ+egfuotBqPfqB+bWsCa5GNiJWGdLP69uBSsXubGnqLwvE0FAQ2GHb+SEoZKFy/QV9GzOLlVrGlgK5YFgKJD+Q1nn1QRycXt1oMVC/AtR/NshOGanhdvIRpPATGmaxLVXSY093vyAOW4MPrS00fPAXzAfJUwIuWcloFfLMo5Jitj5rpE1s6FX8xrl4upQ== paul@nyanlout.re" diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index f771e8947..506760d48 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -147,7 +147,7 @@ in ''; }; } // { default = true; }; - "riot.nyanlout.re" = base { "/" = { root = pkgs.riot-web; }; }; + "riot.nyanlout.re" = base { "/" = { root = pkgs.element-web; }; }; "factorio.nyanlout.re" = base { "/" = { root = "/var/www/factorio"; }; }; "minecraft.nyanlout.re" = base { "/" = { root = "/var/www/minecraft-overviewer"; }; }; "musique-meyenheim.fr" = base { @@ -225,9 +225,9 @@ in postgresql = { enable = true; - extraConfig = '' - full_page_writes = off - ''; + settings = { + full_page_writes = false; + }; }; pgmanage = { @@ -249,13 +249,10 @@ in passwordFile = "/var/lib/gitea/custom/conf/database_password"; }; log.level = "Warn"; - extraConfig = '' - [ui] - DEFAULT_THEME = arc-green - - [service] - DISABLE_REGISTRATION = true - ''; + disableRegistration = true; + settings = { + ui.DEFAULT_THEME = "arc-green"; + }; }; python-ci.enable = true; @@ -277,6 +274,10 @@ in }; }; + systemd.services.nginx.serviceConfig = { + ReadWritePaths = "/var/www/hls"; + }; + systemd.services.site-musique = let djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_2_2 pillow setuptools ])); in {