forked from nyanloutre/nixos-config
Merge branch 'master' of gitea.nyanlout.re:nyanloutre/nixos-config
This commit is contained in:
commit
da8d433e8a
95
flake.lock
generated
Normal file
95
flake.lock
generated
Normal file
@ -0,0 +1,95 @@
|
|||||||
|
{
|
||||||
|
"nodes": {
|
||||||
|
"nixpkgs": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1634115022,
|
||||||
|
"narHash": "sha256-K9DZMQ47VRrg9gtTPwex5p0E8LnwM/dDkNe7AQW0qj0=",
|
||||||
|
"owner": "nixos",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "564cb4d81d4f734dd068684adec5a60077397fe9",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nixos",
|
||||||
|
"ref": "release-21.05",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs-unstable": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1633971123,
|
||||||
|
"narHash": "sha256-WmI4NbH1IPGFWVkuBkKoYgOnxgwSfWDgdZplJlQ93vA=",
|
||||||
|
"owner": "nixos",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "e4ef597edfd8a0ba5f12362932fc9b1dd01a0aef",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nixos",
|
||||||
|
"ref": "nixos-unstable",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs_2": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1607522989,
|
||||||
|
"narHash": "sha256-o/jWhOSAlaK7y2M57OIriRt6whuVVocS/T0mG7fd1TI=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "e9158eca70ae59e73fae23be5d13d3fa0cfc78b4",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"id": "nixpkgs",
|
||||||
|
"ref": "nixos-unstable",
|
||||||
|
"type": "indirect"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": "nixpkgs",
|
||||||
|
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||||
|
"simple-nixos-mailserver": "simple-nixos-mailserver"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"simple-nixos-mailserver": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": "nixpkgs_2",
|
||||||
|
"utils": "utils"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1622967674,
|
||||||
|
"narHash": "sha256-8RLe6Rqy2rKR/PGDMg/EVsWihsO+DQe/RYmlXdRZkLs=",
|
||||||
|
"owner": "simple-nixos-mailserver",
|
||||||
|
"repo": "nixos-mailserver",
|
||||||
|
"rev": "5675b122a947b40e551438df6a623efad19fd2e7",
|
||||||
|
"type": "gitlab"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "simple-nixos-mailserver",
|
||||||
|
"ref": "nixos-21.05",
|
||||||
|
"repo": "nixos-mailserver",
|
||||||
|
"type": "gitlab"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"utils": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1605370193,
|
||||||
|
"narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"rev": "5021eac20303a61fafe17224c087f5519baed54d",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": "root",
|
||||||
|
"version": 7
|
||||||
|
}
|
25
flake.nix
Normal file
25
flake.nix
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
{
|
||||||
|
inputs = {
|
||||||
|
nixpkgs.url = "github:nixos/nixpkgs/release-21.05";
|
||||||
|
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||||
|
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.05";
|
||||||
|
};
|
||||||
|
|
||||||
|
outputs = { self, nixpkgs, nixpkgs-unstable, simple-nixos-mailserver }: {
|
||||||
|
nixosConfigurations.loutreos = nixpkgs.lib.nixosSystem {
|
||||||
|
system = "x86_64-linux";
|
||||||
|
modules = [
|
||||||
|
({ pkgs, ... }: {
|
||||||
|
nix.nixPath = [
|
||||||
|
"nixpkgs=${nixpkgs}"
|
||||||
|
];
|
||||||
|
})
|
||||||
|
nixpkgs.nixosModules.notDetected
|
||||||
|
"${nixpkgs-unstable}/nixos/modules/services/audio/navidrome.nix"
|
||||||
|
simple-nixos-mailserver.nixosModule
|
||||||
|
./systems/LoutreOS/configuration.nix
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -1,76 +0,0 @@
|
|||||||
{ lib, config, pkgs, ... }:
|
|
||||||
|
|
||||||
with lib;
|
|
||||||
|
|
||||||
let
|
|
||||||
cfg = config.services.mailserver;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
options.services.mailserver = {
|
|
||||||
enable = mkEnableOption "Mail Server";
|
|
||||||
domaine = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
example = "example.com";
|
|
||||||
description = "Nom de domaine du serveur de mails";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
imports = [
|
|
||||||
(builtins.fetchTarball {
|
|
||||||
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.3.0/nixos-mailserver-v2.3.0.tar.gz";
|
|
||||||
sha256 = "0lpz08qviccvpfws2nm83n7m2r8add2wvfg9bljx9yxx8107r919";
|
|
||||||
})
|
|
||||||
];
|
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
|
||||||
|
|
||||||
mailserver = {
|
|
||||||
enable = true;
|
|
||||||
fqdn = "mail.${cfg.domaine}";
|
|
||||||
domains = [ cfg.domaine ];
|
|
||||||
|
|
||||||
# A list of all login accounts. To create the password hashes, use
|
|
||||||
# mkpasswd -m sha-512 "super secret password"
|
|
||||||
loginAccounts = {
|
|
||||||
"paul@${cfg.domaine}" = {
|
|
||||||
hashedPassword = "$6$8wWQbtqVqUoH8$pQKg0bZPcjCbuPvyhjJ1lQy949M/AgfmAye/hDEIVUnCfwtlUxC1yj8CBHpNKeiiXhd8IUqk9r0/IJNvB6okf0";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# Certificate setup
|
|
||||||
certificateScheme = 1;
|
|
||||||
certificateFile = "/var/lib/acme/${cfg.domaine}/fullchain.pem";
|
|
||||||
keyFile = "/var/lib/acme/${cfg.domaine}/key.pem";
|
|
||||||
|
|
||||||
# Enable IMAP and POP3
|
|
||||||
enableImap = true;
|
|
||||||
enablePop3 = true;
|
|
||||||
enableImapSsl = true;
|
|
||||||
enablePop3Ssl = true;
|
|
||||||
|
|
||||||
# Enable the ManageSieve protocol
|
|
||||||
enableManageSieve = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.postfix = {
|
|
||||||
relayHost = "mailvps.nyanlout.re";
|
|
||||||
relayPort = 587;
|
|
||||||
config = {
|
|
||||||
smtp_tls_cert_file = lib.mkForce "/var/lib/postfix/postfixrelay.crt";
|
|
||||||
smtp_tls_key_file = lib.mkForce "/var/lib/postfix/postfixrelay.key";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
security.acme.certs = {
|
|
||||||
"${cfg.domaine}" = {
|
|
||||||
extraDomains = {
|
|
||||||
"mail.${cfg.domaine}" = null;
|
|
||||||
};
|
|
||||||
postRun = ''
|
|
||||||
systemctl reload dovecot2.service
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
}
|
|
@ -4,10 +4,6 @@
|
|||||||
|
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
let
|
|
||||||
gitRev = "4c45e960e797d660358a11723e736afee3998261";
|
|
||||||
nixpkgs = fetchTarball "https://github.com/nyanloutre/nixpkgs/archive/${gitRev}.tar.gz";
|
|
||||||
in
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
../common-cli.nix
|
../common-cli.nix
|
||||||
@ -27,13 +23,17 @@ in
|
|||||||
tmpOnTmpfs = true;
|
tmpOnTmpfs = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
nix.nixPath = [
|
nix = {
|
||||||
"nixpkgs=${nixpkgs}"
|
package = pkgs.nixUnstable;
|
||||||
"nixos-config=/etc/nixos/configuration.nix"
|
extraOptions = ''
|
||||||
];
|
experimental-features = nix-command flakes
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
documentation.nixos.enable = false;
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = false;
|
nixpkgs.config.allowUnfree = false;
|
||||||
nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem pkg.pname or (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.30.1-slimserver" "minecraft-server" ]);
|
nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem pkg.pname or (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.32.1-slimserver" "minecraft-server" ]);
|
||||||
|
|
||||||
services.zfs = {
|
services.zfs = {
|
||||||
autoSnapshot.enable = true;
|
autoSnapshot.enable = true;
|
||||||
@ -131,6 +131,7 @@ in
|
|||||||
{ ethernetAddress = "ac:1f:6b:4b:01:15"; hostName = "IPMI"; ipAddress = "10.30.1.1"; }
|
{ ethernetAddress = "ac:1f:6b:4b:01:15"; hostName = "IPMI"; ipAddress = "10.30.1.1"; }
|
||||||
{ ethernetAddress = "00:1f:c6:6e:d1:f1"; hostName = "minecraftos"; ipAddress = "10.30.135.35"; }
|
{ ethernetAddress = "00:1f:c6:6e:d1:f1"; hostName = "minecraftos"; ipAddress = "10.30.135.35"; }
|
||||||
{ ethernetAddress = "b4:2e:99:ed:24:26"; hostName = "paul-fixe"; ipAddress = "10.30.135.71"; }
|
{ ethernetAddress = "b4:2e:99:ed:24:26"; hostName = "paul-fixe"; ipAddress = "10.30.135.71"; }
|
||||||
|
{ ethernetAddress = "20:47:da:fc:19:98"; hostName = "telephone-nyan"; ipAddress = "10.30.50.2"; }
|
||||||
|
|
||||||
#ESPHome
|
#ESPHome
|
||||||
{ ethernetAddress = "e0:98:06:85:e9:ce"; hostName = "salonled"; ipAddress = "10.30.40.1"; }
|
{ ethernetAddress = "e0:98:06:85:e9:ce"; hostName = "salonled"; ipAddress = "10.30.40.1"; }
|
||||||
@ -172,11 +173,14 @@ in
|
|||||||
home = "/home/autossh";
|
home = "/home/autossh";
|
||||||
createHome = true;
|
createHome = true;
|
||||||
group = "autossh";
|
group = "autossh";
|
||||||
|
isSystemUser = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.autossh.sessions = [ { extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 loutre@vps772619.ovh.net"; monitoringPort = 20000; name = "backup-ssh-reverse"; user = "autossh"; } ];
|
services.autossh.sessions = [ { extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 loutre@vps772619.ovh.net"; monitoringPort = 20000; name = "backup-ssh-reverse"; user = "autossh"; } ];
|
||||||
|
|
||||||
|
virtualisation.podman.enable = true;
|
||||||
|
|
||||||
security.sudo.wheelNeedsPassword = false;
|
security.sudo.wheelNeedsPassword = false;
|
||||||
|
|
||||||
system.stateVersion = "18.03";
|
system.stateVersion = "18.03";
|
||||||
|
@ -4,10 +4,6 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
|
||||||
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
|
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
@ -157,6 +153,21 @@
|
|||||||
fsType = "zfs";
|
fsType = "zfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
fileSystems."/var/lib/hass" =
|
||||||
|
{ device = "loutrepool/var/hass";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/mnt/paul-home" =
|
||||||
|
{ device = "loutrepool/zfs-replicate/paul-fixe/fastaf/home";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/mnt/webdav" =
|
||||||
|
{ device = "loutrepool/webdav";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
swapDevices =
|
swapDevices =
|
||||||
[
|
[
|
||||||
{
|
{
|
||||||
|
@ -5,6 +5,8 @@
|
|||||||
transmission = {
|
transmission = {
|
||||||
enable = true;
|
enable = true;
|
||||||
home = "/var/lib/transmission";
|
home = "/var/lib/transmission";
|
||||||
|
port = 9091;
|
||||||
|
group = "medias";
|
||||||
settings = {
|
settings = {
|
||||||
rpc-bind-address = "127.0.0.1";
|
rpc-bind-address = "127.0.0.1";
|
||||||
rpc-host-whitelist = "*";
|
rpc-host-whitelist = "*";
|
||||||
@ -18,18 +20,24 @@
|
|||||||
sonarr.enable = true;
|
sonarr.enable = true;
|
||||||
jackett.enable = true;
|
jackett.enable = true;
|
||||||
|
|
||||||
jellyfin.enable = true;
|
jellyfin = {
|
||||||
|
|
||||||
slimserver = {
|
|
||||||
enable = true;
|
enable = true;
|
||||||
dataDir = "/var/lib/slimserver";
|
package = pkgs.jellyfin;
|
||||||
};
|
};
|
||||||
|
|
||||||
airsonic = {
|
navidrome = {
|
||||||
enable = true;
|
enable = true;
|
||||||
maxMemory = 500;
|
settings = {
|
||||||
|
MusicFolder = "/mnt/medias/musique";
|
||||||
|
ImageCacheSize = 0;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.transmission.serviceConfig = {
|
||||||
|
BindPaths = [ "/mnt/medias" ];
|
||||||
|
LimitNOFILE = 1048576;
|
||||||
|
};
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
firewall.allowedTCPPorts = [
|
firewall.allowedTCPPorts = [
|
||||||
@ -40,4 +48,25 @@
|
|||||||
config.services.transmission.settings.peer-port
|
config.services.transmission.settings.peer-port
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
virtualisation.oci-containers = {
|
||||||
|
backend = "podman";
|
||||||
|
containers = {
|
||||||
|
slimserver = {
|
||||||
|
image = "docker.io/lmscommunity/logitechmediaserver:stable";
|
||||||
|
volumes = [
|
||||||
|
"/mnt/medias/musique:/music:ro"
|
||||||
|
"/var/lib/slimserver:/config:rw"
|
||||||
|
"/etc/localtime:/etc/localtime:ro"
|
||||||
|
];
|
||||||
|
ports = [
|
||||||
|
"9000:9000/tcp"
|
||||||
|
"9090:9090/tcp"
|
||||||
|
"3483:3483/tcp"
|
||||||
|
"3483:3483/udp"
|
||||||
|
];
|
||||||
|
extraOptions = ["--pull=always"];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
@ -35,15 +35,9 @@ in
|
|||||||
cgroup = [
|
cgroup = [
|
||||||
{
|
{
|
||||||
paths = [
|
paths = [
|
||||||
"/sys/fs/cgroup/memory/system.slice/*"
|
"/sys/fs/cgroup/system.slice/*"
|
||||||
];
|
];
|
||||||
files = ["memory.*usage*" "memory.limit_in_bytes"];
|
files = ["memory.current" "cpu.stat"];
|
||||||
}
|
|
||||||
{
|
|
||||||
paths = [
|
|
||||||
"/sys/fs/cgroup/cpu/system.slice/*"
|
|
||||||
];
|
|
||||||
files = ["cpuacct.usage" "cpu.cfs_period_us" "cpu.cfs_quota_us"];
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
ipmi_sensor = { path = "${pkgs.ipmitool}/bin/ipmitool"; };
|
ipmi_sensor = { path = "${pkgs.ipmitool}/bin/ipmitool"; };
|
||||||
|
@ -14,37 +14,104 @@ let
|
|||||||
'';
|
'';
|
||||||
|
|
||||||
login_mail_alert = pkgs.writeShellScriptBin "mail_alert.sh" ''
|
login_mail_alert = pkgs.writeShellScriptBin "mail_alert.sh" ''
|
||||||
if [ "$PAM_TYPE" != "close_session" ]; then
|
if [ "$PAM_TYPE" != "close_session" ] && [ "$PAM_USER" != "zfspaulfixe" ] && [ "$PAM_USER" != "synology" ] && [ "$PAM_USER" != "rezome" ]; then
|
||||||
${sendMail "paul@nyanlout.re" "SSH Login: $PAM_USER from $PAM_RHOST" "`env`"}/bin/mail.sh
|
${sendMail "paul@nyanlout.re" "SSH Login: $PAM_USER from $PAM_RHOST" "`env`"}/bin/mail.sh
|
||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
|
|
||||||
backup_mail_alert = sendMail "paul@nyanlout.re" "ERREUR: Sauvegarde Borg" "Impossible de terminer la sauvegarde. Merci de voir les logs";
|
backup_mail_alert = sendMail "paul@nyanlout.re" "ERREUR: Sauvegarde Borg" "Impossible de terminer la sauvegarde. Merci de voir les logs";
|
||||||
|
|
||||||
|
unstable = import <nixos-unstable> { };
|
||||||
in
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
../../services/mail-server.nix
|
|
||||||
../../services/python-ci.nix
|
../../services/python-ci.nix
|
||||||
../../services/sdtdserver.nix
|
../../services/sdtdserver.nix
|
||||||
../../containers/vsftpd.nix
|
# ../../containers/vsftpd.nix
|
||||||
# /mnt/secrets/factorio_secrets.nix
|
# /mnt/secrets/factorio_secrets.nix
|
||||||
./monitoring.nix
|
./monitoring.nix
|
||||||
./medias.nix
|
./medias.nix
|
||||||
./web.nix
|
./web.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
security.acme.certs = {
|
||||||
|
"${domaine}" = {
|
||||||
|
extraDomainNames = [
|
||||||
|
"mail.${domaine}"
|
||||||
|
];
|
||||||
|
postRun = ''
|
||||||
|
systemctl reload dovecot2.service
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
mailserver = {
|
||||||
|
enable = true;
|
||||||
|
fqdn = "mail.${domaine}";
|
||||||
|
domains = [ domaine ];
|
||||||
|
|
||||||
|
# A list of all login accounts. To create the password hashes, use
|
||||||
|
# mkpasswd -m sha-512 "super secret password"
|
||||||
|
loginAccounts = {
|
||||||
|
"paul@${domaine}" = {
|
||||||
|
hashedPassword = "$6$8wWQbtqVqUoH8$pQKg0bZPcjCbuPvyhjJ1lQy949M/AgfmAye/hDEIVUnCfwtlUxC1yj8CBHpNKeiiXhd8IUqk9r0/IJNvB6okf0";
|
||||||
|
};
|
||||||
|
"claire@${domaine}" = {
|
||||||
|
hashedPassword = "$6$Y.vlWP9./DX$NEQQOLzYftbHOvXDkKdBYFAjzIjh8mlpomDuQRq6qkkZijrdy/p6jSbrpBLhoWwVmj4j1OWekHU1f4C9xCNJk.";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Certificate setup
|
||||||
|
certificateScheme = 1;
|
||||||
|
certificateFile = "/var/lib/acme/${domaine}/fullchain.pem";
|
||||||
|
keyFile = "/var/lib/acme/${domaine}/key.pem";
|
||||||
|
|
||||||
|
# Enable IMAP and POP3
|
||||||
|
enableImap = true;
|
||||||
|
enablePop3 = true;
|
||||||
|
enableImapSsl = true;
|
||||||
|
enablePop3Ssl = true;
|
||||||
|
|
||||||
|
# Enable the ManageSieve protocol
|
||||||
|
enableManageSieve = true;
|
||||||
|
};
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
|
postfix = {
|
||||||
|
relayHost = "mailvps.nyanlout.re";
|
||||||
|
relayPort = 587;
|
||||||
|
config = {
|
||||||
|
smtp_tls_cert_file = lib.mkForce "/var/lib/postfix/postfixrelay.crt";
|
||||||
|
smtp_tls_key_file = lib.mkForce "/var/lib/postfix/postfixrelay.key";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
rspamd.workers.controller.extraConfig = ''
|
||||||
|
secure_ip = ["127.0.0.1", "10.30.135.71"];
|
||||||
|
'';
|
||||||
|
|
||||||
|
redis.enable = true;
|
||||||
|
|
||||||
|
logrotate = {
|
||||||
|
enable = true;
|
||||||
|
paths = {
|
||||||
|
nginx = {
|
||||||
|
path = "/var/log/nginx/*.log";
|
||||||
|
user = config.services.nginx.user;
|
||||||
|
group = config.services.nginx.group;
|
||||||
|
keep = 7;
|
||||||
|
extraConfig = ''
|
||||||
|
compress
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
fail2ban.enable = true;
|
fail2ban.enable = true;
|
||||||
|
|
||||||
fstrim.enable = true;
|
fstrim.enable = true;
|
||||||
|
|
||||||
mailserver = {
|
|
||||||
enable = true;
|
|
||||||
domaine = domaine;
|
|
||||||
};
|
|
||||||
|
|
||||||
syncthing = {
|
syncthing = {
|
||||||
enable = true;
|
enable = true;
|
||||||
dataDir = "/var/lib/syncthing";
|
dataDir = "/var/lib/syncthing";
|
||||||
@ -161,14 +228,18 @@ in
|
|||||||
"/var/lib/postgresql/.zfs/snapshot/borgsnap"
|
"/var/lib/postgresql/.zfs/snapshot/borgsnap"
|
||||||
"/var/lib/radarr"
|
"/var/lib/radarr"
|
||||||
"/var/lib/sonarr"
|
"/var/lib/sonarr"
|
||||||
"/var/lib/syncthing"
|
|
||||||
"/var/lib/transmission"
|
"/var/lib/transmission"
|
||||||
"/mnt/medias/musique"
|
"/mnt/medias/musique"
|
||||||
"/mnt/medias/torrent/lidarr"
|
"/mnt/medias/torrent/lidarr"
|
||||||
"/mnt/medias/torrent/musique"
|
"/mnt/medias/torrent/musique"
|
||||||
|
"/mnt/paul-home/paul"
|
||||||
"/var/sieve"
|
"/var/sieve"
|
||||||
"/var/vmail"
|
"/var/vmail"
|
||||||
];
|
];
|
||||||
|
exclude = [
|
||||||
|
"/var/lib/radarr/.config/Radarr/radarr.db-wal"
|
||||||
|
"/var/lib/radarr/.config/Radarr/radarr.db-shm"
|
||||||
|
];
|
||||||
repo = "/mnt/backup/borg";
|
repo = "/mnt/backup/borg";
|
||||||
encryption = {
|
encryption = {
|
||||||
mode = "repokey-blake2";
|
mode = "repokey-blake2";
|
||||||
@ -181,10 +252,11 @@ in
|
|||||||
monthly = 12;
|
monthly = 12;
|
||||||
};
|
};
|
||||||
preHook = "${pkgs.zfs}/bin/zfs snapshot loutrepool/var/postgresql@borgsnap";
|
preHook = "${pkgs.zfs}/bin/zfs snapshot loutrepool/var/postgresql@borgsnap";
|
||||||
|
readWritePaths = [ "/var/lib/postfix/queue/maildrop" ];
|
||||||
postHook = ''
|
postHook = ''
|
||||||
${pkgs.zfs}/bin/zfs destroy loutrepool/var/postgresql@borgsnap
|
${pkgs.zfs}/bin/zfs destroy loutrepool/var/postgresql@borgsnap
|
||||||
if [[ $exitStatus == 0 ]]; then
|
if [[ $exitStatus == 0 ]]; then
|
||||||
${pkgs.rclone}/bin/rclone --config /mnt/secrets/rclone_loutre.conf sync -v $BORG_REPO BackupStorage:loutre
|
${pkgs.rclone}/bin/rclone --config /mnt/secrets/rclone_loutre.conf sync -v $BORG_REPO BackupStorage:default
|
||||||
else
|
else
|
||||||
${backup_mail_alert}/bin/mail.sh
|
${backup_mail_alert}/bin/mail.sh
|
||||||
fi
|
fi
|
||||||
@ -198,6 +270,11 @@ in
|
|||||||
path = "/mnt/backup_loutre/diskstation_borg";
|
path = "/mnt/backup_loutre/diskstation_borg";
|
||||||
user = "synology";
|
user = "synology";
|
||||||
};
|
};
|
||||||
|
minecraft-rezome = {
|
||||||
|
authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc1nGsSesW96k0DPMSt/chjvCrYmfgPgHG1hdUYB5x0pZPdOJaVRIlETWdoFlO+ViviC518B3TF7Qc3oJXPZMchJQl684Nukbc312juf+j9z/KT3dqD8YvKX6o5ynx1Dyq52ftrfkBAEAvzE0OfRljUPbwGBOM0dGRD4R1jbiHquTXpITlbgGTZymbwr4Jr9W9atgf5kHMiX7xOqMZcasDtUE8g+AG4ysHdpjOrBOUM9QeRbVP1bxEFP8xjqOOoET5tbkwektP4B2jaf+EHBPUy2lkwjVEKT6MaSlkJx/wMvUWp25kG9mrXgwUw1bgfOeZIsK6ztcki3l92BJQD9ip shame@minecraft.rezom.eu" ];
|
||||||
|
path = "/mnt/backup_loutre/minecraft_rezome";
|
||||||
|
user = "rezome";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
sdtdserver.enable = false;
|
sdtdserver.enable = false;
|
||||||
@ -246,8 +323,13 @@ in
|
|||||||
};
|
};
|
||||||
influxdb = null;
|
influxdb = null;
|
||||||
config = null;
|
config = null;
|
||||||
|
dhcp = null;
|
||||||
frontend = null;
|
frontend = null;
|
||||||
history = null;
|
history = null;
|
||||||
|
http = {
|
||||||
|
use_x_forwarded_for = true;
|
||||||
|
trusted_proxies = [ "127.0.0.1" ];
|
||||||
|
};
|
||||||
logbook = null;
|
logbook = null;
|
||||||
map = null;
|
map = null;
|
||||||
mobile_app = null;
|
mobile_app = null;
|
||||||
@ -260,6 +342,7 @@ in
|
|||||||
"10.40.249.1".name = "Bureau";
|
"10.40.249.1".name = "Bureau";
|
||||||
"10.40.249.2".name = "Cuisine";
|
"10.40.249.2".name = "Cuisine";
|
||||||
};
|
};
|
||||||
|
zha = null;
|
||||||
esphome = null;
|
esphome = null;
|
||||||
light = [
|
light = [
|
||||||
{
|
{
|
||||||
@ -321,6 +404,12 @@ in
|
|||||||
broadcast_address = "10.30.255.255";
|
broadcast_address = "10.30.255.255";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
device_tracker = [
|
||||||
|
{
|
||||||
|
platform = "ping";
|
||||||
|
hosts = { telephone_paul = "10.30.50.2"; };
|
||||||
|
}
|
||||||
|
];
|
||||||
scene = [
|
scene = [
|
||||||
{
|
{
|
||||||
name = "Movie";
|
name = "Movie";
|
||||||
@ -377,7 +466,27 @@ in
|
|||||||
];
|
];
|
||||||
automation = let
|
automation = let
|
||||||
min_sun_elevation = 4;
|
min_sun_elevation = 4;
|
||||||
|
|
||||||
|
switch_chambre = {
|
||||||
|
domain = "zha";
|
||||||
|
platform = "device";
|
||||||
|
device_id = "3329ecdcad244e5e8fc0f4b96d52ffe1";
|
||||||
|
};
|
||||||
|
|
||||||
|
switch_entree = {
|
||||||
|
domain = "zha";
|
||||||
|
platform = "device";
|
||||||
|
device_id = "7cd814190ec543dba76a7aa7e7996c41";
|
||||||
|
};
|
||||||
|
|
||||||
|
remote = {
|
||||||
|
domain = "zha";
|
||||||
|
platform = "device";
|
||||||
|
device_id = "d1230b76264e483388a8fdaad4f44143";
|
||||||
|
};
|
||||||
in [
|
in [
|
||||||
|
# ENTREE
|
||||||
|
|
||||||
{
|
{
|
||||||
alias = "Aziz lumière";
|
alias = "Aziz lumière";
|
||||||
trigger = [
|
trigger = [
|
||||||
@ -387,11 +496,6 @@ in
|
|||||||
value_template = "{{ state.attributes.elevation }}";
|
value_template = "{{ state.attributes.elevation }}";
|
||||||
below = min_sun_elevation;
|
below = min_sun_elevation;
|
||||||
}
|
}
|
||||||
{
|
|
||||||
platform = "state";
|
|
||||||
entity_id = "person.paul";
|
|
||||||
to = "home";
|
|
||||||
}
|
|
||||||
];
|
];
|
||||||
condition = [
|
condition = [
|
||||||
{
|
{
|
||||||
@ -399,6 +503,7 @@ in
|
|||||||
entity_id = "person.paul";
|
entity_id = "person.paul";
|
||||||
state = "home";
|
state = "home";
|
||||||
}
|
}
|
||||||
|
# Sun below max elevation
|
||||||
{
|
{
|
||||||
condition = "template";
|
condition = "template";
|
||||||
value_template = "{{ state_attr('sun.sun', 'elevation') < ${toString min_sun_elevation} }}";
|
value_template = "{{ state_attr('sun.sun', 'elevation') < ${toString min_sun_elevation} }}";
|
||||||
@ -409,23 +514,162 @@ in
|
|||||||
};
|
};
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
alias = "Adios";
|
alias = "Aziz lumière switch";
|
||||||
trigger = {
|
trigger = {
|
||||||
|
type = "remote_button_short_press";
|
||||||
|
subtype = "turn_on";
|
||||||
|
} // switch_entree;
|
||||||
|
action = {
|
||||||
|
scene = "scene.home";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
alias = "Adios";
|
||||||
|
trigger = [
|
||||||
|
{
|
||||||
platform = "state";
|
platform = "state";
|
||||||
entity_id = "person.paul";
|
entity_id = "person.paul";
|
||||||
to = "not_home";
|
to = "not_home";
|
||||||
};
|
}
|
||||||
|
({
|
||||||
|
type = "remote_button_short_press";
|
||||||
|
subtype = "turn_off";
|
||||||
|
} // switch_entree)
|
||||||
|
];
|
||||||
action = [
|
action = [
|
||||||
{
|
{
|
||||||
service = "light.turn_off";
|
service = "light.turn_off";
|
||||||
entity_id = "all";
|
entity_id = "all";
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
service = "media_player.media_pause";
|
service = "media_player.turn_off";
|
||||||
entity_id = "all";
|
entity_id = "all";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# REMOTE
|
||||||
|
|
||||||
|
{
|
||||||
|
alias = "Button toggle";
|
||||||
|
trigger = {
|
||||||
|
type = "remote_button_short_press";
|
||||||
|
subtype = "turn_on";
|
||||||
|
} // remote;
|
||||||
|
action = {
|
||||||
|
choose = {
|
||||||
|
conditions = {
|
||||||
|
condition = "template";
|
||||||
|
value_template = ''
|
||||||
|
{% set domain = 'light' %}
|
||||||
|
{% set state = 'off' %}
|
||||||
|
{{ states[domain] | count == states[domain] | selectattr('state','eq',state) | list | count }}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
sequence = {
|
||||||
|
scene = "scene.home";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
default = {
|
||||||
|
service = "light.turn_off";
|
||||||
|
entity_id = "all";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
alias = "Button scene movie";
|
||||||
|
trigger = {
|
||||||
|
type = "remote_button_short_press";
|
||||||
|
subtype = "right";
|
||||||
|
} // remote;
|
||||||
|
action = {
|
||||||
|
scene = "scene.movie";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
alias = "Button scene home";
|
||||||
|
trigger = {
|
||||||
|
type = "remote_button_short_press";
|
||||||
|
subtype = "left";
|
||||||
|
} // remote;
|
||||||
|
action = {
|
||||||
|
scene = "scene.home";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
alias = "Button light up";
|
||||||
|
trigger = {
|
||||||
|
type = "remote_button_short_press";
|
||||||
|
subtype = "dim_up";
|
||||||
|
} // remote;
|
||||||
|
action = {
|
||||||
|
service = "light.turn_on";
|
||||||
|
entity_id = "light.salon";
|
||||||
|
data = {
|
||||||
|
brightness_step = 25;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
alias = "Button light down";
|
||||||
|
trigger = {
|
||||||
|
type = "remote_button_short_press";
|
||||||
|
subtype = "dim_down";
|
||||||
|
} // remote;
|
||||||
|
action = {
|
||||||
|
service = "light.turn_on";
|
||||||
|
entity_id = "light.salon";
|
||||||
|
data = {
|
||||||
|
brightness_step = -25;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
# CHAMBRE
|
||||||
|
|
||||||
|
{
|
||||||
|
alias = "Button scene night";
|
||||||
|
trigger = {
|
||||||
|
type = "remote_button_short_press";
|
||||||
|
subtype = "turn_on";
|
||||||
|
} // switch_chambre;
|
||||||
|
action = {
|
||||||
|
scene = "scene.night";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
alias = "Button scene dodo";
|
||||||
|
trigger = {
|
||||||
|
type = "remote_button_short_press";
|
||||||
|
subtype = "turn_off";
|
||||||
|
} // switch_chambre;
|
||||||
|
action = {
|
||||||
|
service = "light.turn_off";
|
||||||
|
entity_id = "all";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
alias = "Button scene lumière chambre ON";
|
||||||
|
trigger = {
|
||||||
|
type = "remote_button_long_press";
|
||||||
|
subtype = "dim_up";
|
||||||
|
} // switch_chambre;
|
||||||
|
action = {
|
||||||
|
service = "light.turn_on";
|
||||||
|
entity_id = "light.chambre";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
alias = "Button scene lumière chambre OFF";
|
||||||
|
trigger = {
|
||||||
|
type = "remote_button_long_press";
|
||||||
|
subtype = "dim_down";
|
||||||
|
} // switch_chambre;
|
||||||
|
action = {
|
||||||
|
service = "light.turn_off";
|
||||||
|
entity_id = "light.chambre";
|
||||||
|
};
|
||||||
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@ -492,7 +736,6 @@ in
|
|||||||
# '';
|
# '';
|
||||||
|
|
||||||
users.groups.nginx.members = [ "matrix-synapse" ];
|
users.groups.nginx.members = [ "matrix-synapse" ];
|
||||||
security.acme.certs."nyanlout.re".allowKeysForGroup = true;
|
|
||||||
|
|
||||||
security.pam.services.sshd.text = pkgs.lib.mkDefault( pkgs.lib.mkAfter "session optional ${pkgs.pam}/lib/security/pam_exec.so seteuid ${login_mail_alert}/bin/mail_alert.sh" );
|
security.pam.services.sshd.text = pkgs.lib.mkDefault( pkgs.lib.mkAfter "session optional ${pkgs.pam}/lib/security/pam_exec.so seteuid ${login_mail_alert}/bin/mail_alert.sh" );
|
||||||
|
|
||||||
|
@ -1,12 +1,12 @@
|
|||||||
{ config, pkgs, ... }:
|
{ lib, config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
users.extraUsers = {
|
users.users = {
|
||||||
paul = {
|
paul = {
|
||||||
uid = 1000;
|
uid = 1000;
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
description = "Paul TREHIOU";
|
description = "Paul TREHIOU";
|
||||||
extraGroups = [ "wheel" "medias" ];
|
extraGroups = [ "wheel" "medias" "transmission" ];
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAF7VlzHzgg70uFbRFtVTS34qNBke/RD36mRENAsa33RxztxrqMsIDscAD/d6CTe6HDy7MCGzJnWCJSXj5iOQFM4RRMvKNEgCKPHqfhmfVvO4YZuMjNB0ufVf6zhJL4Hy43STf7NIWrenGemUP+OvVSwN/ujgl2KKw4KJZt25/h/7JjlCgsZm4lWg4xcjoiKL701W2fbEoU73XKdbRTgTvKoeK1CGxdAPFefFDFcv/mtJ7d+wIxw9xODcLcA66Bu94WGMdpyEAJc4nF8IOy4pW8AzllDi0qNEZGCQ5+94upnLz0knG1ue9qU2ScAkW1/5rIJTHCVtBnmbLNSAOBAstaGQJuSL40TWZ1oPA5i1qUEhunNcJ+Sgtp6XP69qY34T/AeJvHRyw5M5LfN0g+4ka9k06NPBhbpHFASz4M8nabQ0iM63++xcapnw/8gk+EPhYVKW86SsyTa9ur+tt6oDWEKNaOhgscX44LexY7jKdeBRt3GaObtBJtVLBRx3Z2aRXgjgnKGqS40mGRiSkqb2DShspI1l8DV2RrPiuwdBzXVQjWRc0KXmJrcgXX9uoPSxihxwaUQyvmITOV1Y+NEuek4gRkVNOxjoG7RGnaYvYzxEQVoI5TwZC2/DCrAUgCv8DQawkcpEiWnBq7Q5VnpmFx5juVQ/I0G8byOkPXgRUOk9 openpgp:0xAB524BBC"
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAF7VlzHzgg70uFbRFtVTS34qNBke/RD36mRENAsa33RxztxrqMsIDscAD/d6CTe6HDy7MCGzJnWCJSXj5iOQFM4RRMvKNEgCKPHqfhmfVvO4YZuMjNB0ufVf6zhJL4Hy43STf7NIWrenGemUP+OvVSwN/ujgl2KKw4KJZt25/h/7JjlCgsZm4lWg4xcjoiKL701W2fbEoU73XKdbRTgTvKoeK1CGxdAPFefFDFcv/mtJ7d+wIxw9xODcLcA66Bu94WGMdpyEAJc4nF8IOy4pW8AzllDi0qNEZGCQ5+94upnLz0knG1ue9qU2ScAkW1/5rIJTHCVtBnmbLNSAOBAstaGQJuSL40TWZ1oPA5i1qUEhunNcJ+Sgtp6XP69qY34T/AeJvHRyw5M5LfN0g+4ka9k06NPBhbpHFASz4M8nabQ0iM63++xcapnw/8gk+EPhYVKW86SsyTa9ur+tt6oDWEKNaOhgscX44LexY7jKdeBRt3GaObtBJtVLBRx3Z2aRXgjgnKGqS40mGRiSkqb2DShspI1l8DV2RrPiuwdBzXVQjWRc0KXmJrcgXX9uoPSxihxwaUQyvmITOV1Y+NEuek4gRkVNOxjoG7RGnaYvYzxEQVoI5TwZC2/DCrAUgCv8DQawkcpEiWnBq7Q5VnpmFx5juVQ/I0G8byOkPXgRUOk9 openpgp:0xAB524BBC"
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCACVI2dL4AmOdcb7RSl3JZpfK33NhqrYFfWfXMYow5SPJ9VPteOp5kVvKUuSbGH3chjpttYC/ueQJJhFagiKmkeftQTslIw6C009wUExGpJwRotHqISXv2ctURGURKy2FF848whd7xZJzdj49ZJ6S+SCbRFZvVWfT2dP/JwTiWW1mbEaWKyOgrixH6wSKt9ECumjX9KjqSWGw+k3yLJxIhdqiZAjNv4soJs1mQYdIlFCXCuznzoZIQBexZPQCx0j9HjczPz1feMLWkrHzEMexNjsBE2uA6yXLbH1wa8xCJ4VOeD7u9JqVY579AsicD62G+qIgw0B2zmyz7xTrdPv+061zmYn6qYr8EXGTk4dVgedZp8M1XzZ1PVoeeftPFcClXC7zCGyCR2uzJbQLzlaTwZrdghAiS9UhMRuKpNgZy2zDWw4MqdojrF5bndPkoijlXWYrPYBFED5OU1mpwzpanYgldowJC/Ixjwi+Hmse2q4XgZ+egfuotBqPfqB+bWsCa5GNiJWGdLP69uBSsXubGnqLwvE0FAQ2GHb+SEoZKFy/QV9GzOLlVrGlgK5YFgKJD+Q1nn1QRycXt1oMVC/AtR/NshOGanhdvIRpPATGmaxLVXSY093vyAOW4MPrS00fPAXzAfJUwIuWcloFfLMo5Jitj5rpE1s6FX8xrl4upQ== paul@nyanlout.re"
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCACVI2dL4AmOdcb7RSl3JZpfK33NhqrYFfWfXMYow5SPJ9VPteOp5kVvKUuSbGH3chjpttYC/ueQJJhFagiKmkeftQTslIw6C009wUExGpJwRotHqISXv2ctURGURKy2FF848whd7xZJzdj49ZJ6S+SCbRFZvVWfT2dP/JwTiWW1mbEaWKyOgrixH6wSKt9ECumjX9KjqSWGw+k3yLJxIhdqiZAjNv4soJs1mQYdIlFCXCuznzoZIQBexZPQCx0j9HjczPz1feMLWkrHzEMexNjsBE2uA6yXLbH1wa8xCJ4VOeD7u9JqVY579AsicD62G+qIgw0B2zmyz7xTrdPv+061zmYn6qYr8EXGTk4dVgedZp8M1XzZ1PVoeeftPFcClXC7zCGyCR2uzJbQLzlaTwZrdghAiS9UhMRuKpNgZy2zDWw4MqdojrF5bndPkoijlXWYrPYBFED5OU1mpwzpanYgldowJC/Ixjwi+Hmse2q4XgZ+egfuotBqPfqB+bWsCa5GNiJWGdLP69uBSsXubGnqLwvE0FAQ2GHb+SEoZKFy/QV9GzOLlVrGlgK5YFgKJD+Q1nn1QRycXt1oMVC/AtR/NshOGanhdvIRpPATGmaxLVXSY093vyAOW4MPrS00fPAXzAfJUwIuWcloFfLMo5Jitj5rpE1s6FX8xrl4upQ== paul@nyanlout.re"
|
||||||
@ -24,11 +24,33 @@
|
|||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
amandoleen = {
|
||||||
|
isNormalUser = true;
|
||||||
|
description = "Amandine <3";
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRu0M10AfF2nS8Ky9JzQ4cDRbcjmR+LLvENohxTJhW4xwAwN/f2I0ObbiJ5PHC3mXi8V5JqnSaYNdIMXuULDxxc1QEa0aeLw4xIrYw1wEOrHvL9DeYvS289sRgWSb/PvyejEHwcBBm4Xf0/nQNQF462C064Ms56cT3YAOhNBA7ubyCAqd0VW8RHc1mZ5b/owzM7SviXrpcIM5QDPVP2051SxrqGbunAnwe5x2kNDeYqicyIik61rpYe+erhkyvL3WdgC7mHnF8VPKx049zIsfK5UmJwI+rI24cDUT9E6B4XZttpdyJK6i7/6NSYm4nrMXQxCF1tofd5yZK5vpYH8Dyiic5ykhB57kr1QCmck70VMmt77uOoMeGZ+IJCY5oZYcR/n04mUwN9mmRsECcr17a8IDQkmPd8PNbjrNRgtVKDVLtw4HyOPCAfdH+XzEGiMxnZfzq0rLEYU3S4RAkLpe2W3C0fWniEWzSnXj76AGcyJcxIVzrIYg4uzTgNhZlb08vO1ytw9QaEY17Po5YFjBD8fT9Z0UijG3WQBm7AmSrcg/OLP6UOghbnlkZFYpC0hYcbX1sTfdfysw9kT/d8BImQvwBzmJ/YRqHmCejZGTkCCmw8i93EYFm3uVFZypcSe50JV9rx9P7yPtWS4QVOg/6ltlvJiGsz45P87qjA9nO/Q== amandoleen"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
synology = {
|
synology = {
|
||||||
uid = 1001;
|
uid = 1001;
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
|
isSystemUser = lib.mkForce false;
|
||||||
description = "Synology Diskstation maison";
|
description = "Synology Diskstation maison";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
rezome = {
|
||||||
|
description = "Rezome Minecraft backup";
|
||||||
|
};
|
||||||
|
|
||||||
|
zfspaulfixe = {
|
||||||
|
uid = 1002;
|
||||||
|
isNormalUser = true;
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDIQjzpEBNEwJhBTh82K5bJMyPSuHvYJyipaZYVtOZSJIDIRcec9YwMOQuMl9+O5kI36tiataEpmb/y3OWU567DXKp/BtljfVfNSQracKJPt6GJFOz4fKqCqoBh7M06ZGsBHUi/NsKIvw4asJsBuK6uACvxKFt2pSR6fp+/2y/3NH0LpDmDuuYORhciJUBC+RUTCLtVUfzkMAeR2p+M079Ia0rnkEXNFgc75FQon1bQu/0bnbHPweSwnNfRB0XPm6Qgz3sS2Cyhf1/GqgvARs80P4MWuqqZFXhsBTajOHOjCu6fiaylPNXNWfLnahkRzKIOkIy7/yEO+MmMD+V7pjbvSqB7MD1T5wfcPHvHTISM4E+7dw9aPj9+JspkgSSACtIFKsqxkWlq5creUV1syDm2Cd4rBnKrc8yWtAxBSusFWbAr6xtxP6I+ibS4trjNdHHrjMJK9jpbPxdblJJrO3qn6VYC/WzFAxzDDUi5ysGzNdpQLacacne/95gSGXCgIIc= root@paul-fixe"
|
||||||
|
];
|
||||||
|
description = "paul-fixe zfs backup user";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
users.extraGroups.medias = {
|
users.extraGroups.medias = {
|
||||||
|
@ -48,11 +48,56 @@ in
|
|||||||
acceptTerms = true;
|
acceptTerms = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
users.groups = {
|
||||||
|
work = {};
|
||||||
|
webdav = {};
|
||||||
|
};
|
||||||
|
users.users = {
|
||||||
|
work = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = config.users.groups.work.name;
|
||||||
|
};
|
||||||
|
webdav = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = config.users.groups.webdav.name;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
|
phpfpm.pools = {
|
||||||
|
work = {
|
||||||
|
user = config.users.users.work.name;
|
||||||
|
phpPackage = pkgs.php.withExtensions ({ all, ... }: with all; [ redis filter ]);
|
||||||
|
settings = {
|
||||||
|
"listen.owner" = config.services.nginx.user;
|
||||||
|
"pm" = "dynamic";
|
||||||
|
"pm.max_children" = 75;
|
||||||
|
"pm.start_servers" = 10;
|
||||||
|
"pm.min_spare_servers" = 5;
|
||||||
|
"pm.max_spare_servers" = 20;
|
||||||
|
"pm.max_requests" = 500;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
drive = {
|
||||||
|
user = config.users.users.webdav.name;
|
||||||
|
settings = {
|
||||||
|
"listen.owner" = config.services.nginx.user;
|
||||||
|
"pm" = "dynamic";
|
||||||
|
"pm.max_children" = 75;
|
||||||
|
"pm.start_servers" = 10;
|
||||||
|
"pm.min_spare_servers" = 5;
|
||||||
|
"pm.max_spare_servers" = 20;
|
||||||
|
"pm.max_requests" = 500;
|
||||||
|
};
|
||||||
|
phpOptions = ''
|
||||||
|
output_buffering=off
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
nginx = {
|
nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.nginx.override {
|
package = pkgs.nginx.override {
|
||||||
modules = with pkgs.nginxModules; [ rtmp ];
|
modules = with pkgs.nginxModules; [ dav moreheaders ];
|
||||||
};
|
};
|
||||||
recommendedGzipSettings = true;
|
recommendedGzipSettings = true;
|
||||||
recommendedOptimisation = true;
|
recommendedOptimisation = true;
|
||||||
@ -64,12 +109,9 @@ in
|
|||||||
}
|
}
|
||||||
add_header Strict-Transport-Security $hsts_header;
|
add_header Strict-Transport-Security $hsts_header;
|
||||||
add_header Referrer-Policy origin-when-cross-origin;
|
add_header Referrer-Policy origin-when-cross-origin;
|
||||||
|
|
||||||
error_page 500 502 503 504 https://nyanlout.re/errorpages/50x.html;
|
|
||||||
'';
|
'';
|
||||||
sso = {
|
sso = {
|
||||||
enable = true;
|
enable = true;
|
||||||
environmentFile = "/mnt/secrets/nginx-sso.env";
|
|
||||||
configuration = {
|
configuration = {
|
||||||
listen = {
|
listen = {
|
||||||
addr = "127.0.0.1";
|
addr = "127.0.0.1";
|
||||||
@ -110,16 +152,27 @@ in
|
|||||||
};
|
};
|
||||||
virtualHosts = let
|
virtualHosts = let
|
||||||
base = locations: {
|
base = locations: {
|
||||||
inherit locations;
|
locations = locations // {
|
||||||
|
"@maintenance" = {
|
||||||
|
root = "/var/www/errorpages/";
|
||||||
|
extraConfig = ''
|
||||||
|
rewrite ^(.*)$ /50x.html break;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
extraConfig = ''
|
||||||
|
error_page 500 502 503 504 = @maintenance;
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
simpleReverse = rport: base {
|
simpleReverse = rport: base {
|
||||||
"/" = {
|
"/" = {
|
||||||
proxyPass = "http://127.0.0.1:${toString(rport)}/";
|
proxyPass = "http://127.0.0.1:${toString(rport)}/";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
authReverse = rport: base {
|
authReverse = rport: zipAttrsWith (name: vs: if name == "extraConfig" then (concatStrings vs) else elemAt vs 0) [
|
||||||
|
(base {
|
||||||
"/" = {
|
"/" = {
|
||||||
proxyPass = "http://127.0.0.1:${toString(rport)}/";
|
proxyPass = "http://127.0.0.1:${toString(rport)}/";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
@ -127,17 +180,19 @@ in
|
|||||||
add_header Set-Cookie $cookie;
|
add_header Set-Cookie $cookie;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
} // {
|
})
|
||||||
|
{
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
include ${nginxSsoAuth};
|
include ${nginxSsoAuth};
|
||||||
'';
|
'';
|
||||||
};
|
}
|
||||||
|
];
|
||||||
in {
|
in {
|
||||||
"nyanlout.re" = base {
|
"nyanlout.re" = base {
|
||||||
"/" = {
|
"/" = {
|
||||||
alias = "/var/www/site-perso/";
|
alias = "/var/www/site-perso/";
|
||||||
};
|
};
|
||||||
"/errorpages/" = {
|
"/maintenance/" = {
|
||||||
alias = "/var/www/errorpages/";
|
alias = "/var/www/errorpages/";
|
||||||
};
|
};
|
||||||
"/.well-known/openpgpkey/" = {
|
"/.well-known/openpgpkey/" = {
|
||||||
@ -147,7 +202,7 @@ in
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
} // { default = true; };
|
} // { default = true; };
|
||||||
"riot.nyanlout.re" = base { "/" = { root = pkgs.riot-web; }; };
|
"riot.nyanlout.re" = base { "/" = { root = pkgs.element-web; }; };
|
||||||
"factorio.nyanlout.re" = base { "/" = { root = "/var/www/factorio"; }; };
|
"factorio.nyanlout.re" = base { "/" = { root = "/var/www/factorio"; }; };
|
||||||
"minecraft.nyanlout.re" = base { "/" = { root = "/var/www/minecraft-overviewer"; }; };
|
"minecraft.nyanlout.re" = base { "/" = { root = "/var/www/minecraft-overviewer"; }; };
|
||||||
"musique-meyenheim.fr" = base {
|
"musique-meyenheim.fr" = base {
|
||||||
@ -164,11 +219,7 @@ in
|
|||||||
"maxspiegel.fr" = base { "/" = { root = "/run/python-ci/nyanloutre/site-max"; }; };
|
"maxspiegel.fr" = base { "/" = { root = "/run/python-ci/nyanloutre/site-max"; }; };
|
||||||
"stream.nyanlout.re" = base {
|
"stream.nyanlout.re" = base {
|
||||||
"/" = {
|
"/" = {
|
||||||
root = "/var/www/hls/";
|
proxyPass = "http://10.30.135.71";
|
||||||
extraConfig = ''
|
|
||||||
add_header Cache-Control no-cache;
|
|
||||||
add_header Access-Control-Allow-Origin *;
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
"login.nyanlout.re" = simpleReverse config.services.nginx.sso.configuration.listen.port;
|
"login.nyanlout.re" = simpleReverse config.services.nginx.sso.configuration.listen.port;
|
||||||
@ -180,54 +231,79 @@ in
|
|||||||
"jackett.nyanlout.re" = authReverse 9117;
|
"jackett.nyanlout.re" = authReverse 9117;
|
||||||
"pgmanage.nyanlout.re" = authReverse config.services.pgmanage.port;
|
"pgmanage.nyanlout.re" = authReverse config.services.pgmanage.port;
|
||||||
"matrix.nyanlout.re" = simpleReverse 8008;
|
"matrix.nyanlout.re" = simpleReverse 8008;
|
||||||
"airsonic.nyanlout.re" = simpleReverse 4040;
|
"emby.nyanlout.re" = recursiveUpdate (simpleReverse 8096) {
|
||||||
"emby.nyanlout.re" = simpleReverse 8096;
|
locations."/" = {
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
"ci.nyanlout.re" = simpleReverse 52350;
|
"ci.nyanlout.re" = simpleReverse 52350;
|
||||||
"gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort;
|
"gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort;
|
||||||
|
"musique.nyanlout.re" = simpleReverse config.services.navidrome.settings.Port;
|
||||||
"apart.nyanlout.re" = recursiveUpdate (simpleReverse config.services.home-assistant.port) {
|
"apart.nyanlout.re" = recursiveUpdate (simpleReverse config.services.home-assistant.port) {
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
# "work.rezom.eu" = base {
|
||||||
appendConfig = let
|
# "/" = {
|
||||||
rootLocation = config.services.nginx.virtualHosts."stream.nyanlout.re".locations."/".root;
|
# index = "/_h5ai/public/index.php";
|
||||||
in ''
|
# extraConfig = ''
|
||||||
rtmp {
|
# dav_ext_methods PROPFIND OPTIONS;
|
||||||
server {
|
# '';
|
||||||
listen 1935;
|
# };
|
||||||
|
# "~ ^/(_h5ai/public/index|random).php" = {
|
||||||
|
# extraConfig = ''
|
||||||
|
# fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
|
# fastcgi_pass unix:${config.services.phpfpm.pools.work.socket};
|
||||||
|
# include ${pkgs.nginx}/conf/fastcgi_params;
|
||||||
|
# include ${pkgs.nginx}/conf/fastcgi.conf;
|
||||||
|
# '';
|
||||||
|
# };
|
||||||
|
# } // {
|
||||||
|
# root = "/mnt/medias/iso_linux";
|
||||||
|
# extraConfig = ''
|
||||||
|
# access_log /var/log/nginx/$host.log;
|
||||||
|
# '';
|
||||||
|
# };
|
||||||
|
"drive.nyanlout.re" = base {
|
||||||
|
"/" = {
|
||||||
|
index = "/index.php";
|
||||||
|
extraConfig = ''
|
||||||
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
|
fastcgi_pass unix:${config.services.phpfpm.pools.drive.socket};
|
||||||
|
include ${pkgs.nginx}/conf/fastcgi_params;
|
||||||
|
include ${pkgs.nginx}/conf/fastcgi.conf;
|
||||||
|
|
||||||
application live {
|
client_max_body_size 0;
|
||||||
live on;
|
|
||||||
|
|
||||||
exec_push ${pkgs.ffmpeg}/bin/ffmpeg -i rtmp://localhost/$app/$name -async 1 -vsync -1
|
|
||||||
-c:v libx264 -c:a aac -b:v 768k -b:a 96k -vf "scale=720:trunc(ow/a/2)*2" -tune zerolatency -preset ultrafast -crf 28 -f flv rtmp://localhost/show/$name_mid
|
|
||||||
-c:v libx264 -c:a aac -b:v 1024k -b:a 128k -vf "scale=960:trunc(ow/a/2)*2" -tune zerolatency -preset ultrafast -crf 28 -f flv rtmp://localhost/show/$name_high
|
|
||||||
-c copy -f flv rtmp://localhost/show/$name_src 2>>${rootLocation}/ffmpeg-$name.log;
|
|
||||||
}
|
|
||||||
|
|
||||||
application show {
|
|
||||||
live on;
|
|
||||||
hls on;
|
|
||||||
|
|
||||||
hls_path ${rootLocation};
|
|
||||||
hls_fragment 3s;
|
|
||||||
hls_playlist_length 60s;
|
|
||||||
|
|
||||||
hls_variant _mid BANDWIDTH=448000; # Medium bitrate, SD resolution
|
|
||||||
hls_variant _high BANDWIDTH=1152000; # High bitrate, higher-than-SD resolution
|
|
||||||
hls_variant _src BANDWIDTH=4096000; # Source bitrate, source resolution
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
} // {
|
||||||
|
root = "/mnt/webdav";
|
||||||
|
};
|
||||||
|
"rspamd.nyanlout.re" = zipAttrsWith (name: vs: if name == "extraConfig" then (concatStrings vs) else elemAt vs 0) [
|
||||||
|
(base {
|
||||||
|
"/" = {
|
||||||
|
proxyPass = "http://unix:/run/rspamd/worker-controller.sock";
|
||||||
|
extraConfig = ''
|
||||||
|
auth_request_set $cookie $upstream_http_set_cookie;
|
||||||
|
add_header Set-Cookie $cookie;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
})
|
||||||
|
{
|
||||||
|
extraConfig = ''
|
||||||
|
include ${nginxSsoAuth};
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
postgresql = {
|
postgresql = {
|
||||||
enable = true;
|
enable = true;
|
||||||
extraConfig = ''
|
settings = {
|
||||||
full_page_writes = off
|
full_page_writes = false;
|
||||||
'';
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
pgmanage = {
|
pgmanage = {
|
||||||
@ -249,36 +325,31 @@ in
|
|||||||
passwordFile = "/var/lib/gitea/custom/conf/database_password";
|
passwordFile = "/var/lib/gitea/custom/conf/database_password";
|
||||||
};
|
};
|
||||||
log.level = "Warn";
|
log.level = "Warn";
|
||||||
extraConfig = ''
|
disableRegistration = true;
|
||||||
[ui]
|
settings = {
|
||||||
DEFAULT_THEME = arc-green
|
ui.DEFAULT_THEME = "arc-green";
|
||||||
|
};
|
||||||
[service]
|
|
||||||
DISABLE_REGISTRATION = true
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
|
|
||||||
python-ci.enable = true;
|
python-ci.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
mastodon = {
|
systemd.services.nginx.serviceConfig = {
|
||||||
enable = true;
|
ReadWritePaths = [
|
||||||
localDomain = "social.nyanlout.re";
|
"/var/www/hls"
|
||||||
configureNginx = true;
|
"/mnt/webdav"
|
||||||
extraConfig = {
|
];
|
||||||
SMTP_AUTH_METHOD = "none";
|
|
||||||
SMTP_OPENSSL_VERIFY_MODE = "none";
|
|
||||||
};
|
|
||||||
smtp = {
|
|
||||||
fromAddress = "social@nyanlout.re";
|
|
||||||
user = "social@nyanlout.re";
|
|
||||||
authenticate = false;
|
|
||||||
};
|
|
||||||
mediaPruneTimer = true;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.services.phpfpm-work.serviceConfig = {
|
||||||
|
ReadOnlyPaths = "/mnt/medias/iso_linux";
|
||||||
|
ReadWritePaths = [
|
||||||
|
"/mnt/medias/iso_linux/_h5ai"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.site-musique = let
|
systemd.services.site-musique = let
|
||||||
djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_2_2 pillow setuptools ]));
|
djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_3 pillow setuptools ]));
|
||||||
in {
|
in {
|
||||||
description = "Site Django de la musique de Meyenheim";
|
description = "Site Django de la musique de Meyenheim";
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
@ -312,4 +383,6 @@ in
|
|||||||
wantedBy = [ "sockets.target" ];
|
wantedBy = [ "sockets.target" ];
|
||||||
listenStreams = [ "/run/site-musique.sock" ];
|
listenStreams = [ "/run/site-musique.sock" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.services.nginx-sso.serviceConfig.EnvironmentFile = "/mnt/secrets/nginx-sso.env";
|
||||||
}
|
}
|
||||||
|
@ -70,6 +70,7 @@
|
|||||||
bat
|
bat
|
||||||
molly-guard
|
molly-guard
|
||||||
nix-template
|
nix-template
|
||||||
|
lz4
|
||||||
|
|
||||||
# Développement
|
# Développement
|
||||||
openssl
|
openssl
|
||||||
|
Loading…
Reference in New Issue
Block a user