From 31a1ae1f957fc988859f496553224ccb38e3af72 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 12 Jan 2019 13:47:41 +0100 Subject: [PATCH 001/474] steam: limite nofile --- systems/ASUS-G46VW/configuration.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/systems/ASUS-G46VW/configuration.nix b/systems/ASUS-G46VW/configuration.nix index 4dba9dc0..f1590ccb 100644 --- a/systems/ASUS-G46VW/configuration.nix +++ b/systems/ASUS-G46VW/configuration.nix @@ -200,6 +200,16 @@ services.syncthing.user = "paul"; services.syncthing.group = "users"; + # Set limits for esync (SteamPlay Proton) + systemd.extraConfig = "DefaultLimitNOFILE=1048576"; + + security.pam.loginLimits = [{ + domain = "*"; + type = "hard"; + item = "nofile"; + value = "1048576"; + }]; + # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database # servers. You should change this only after NixOS release notes say you From 5ec285e329afa188212da759cc4be674e8e9fbff Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 16 Jan 2019 23:31:35 +0100 Subject: [PATCH 002/474] activation du module hid_steam --- systems/PC-Fixe/hardware-configuration.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/systems/PC-Fixe/hardware-configuration.nix b/systems/PC-Fixe/hardware-configuration.nix index eeebbd8d..2439beb6 100644 --- a/systems/PC-Fixe/hardware-configuration.nix +++ b/systems/PC-Fixe/hardware-configuration.nix @@ -11,7 +11,6 @@ boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "firewire_ohci" "pata_marvell" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ]; boot.kernelModules = [ "kvm-intel" "nct6775" ]; boot.extraModulePackages = [ ]; - boot.blacklistedKernelModules = [ "hid-steam" ]; fileSystems."/" = { device = "/dev/disk/by-uuid/509a5842-56fe-40bd-8b00-6bda87e02e5e"; From 54539eb80e92614e099ec0a7d374f7fa4636dc2b Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 16 Jan 2019 23:33:01 +0100 Subject: [PATCH 003/474] =?UTF-8?q?d=C3=A9sactivation=20joystick=20Corsair?= =?UTF-8?q?=20K70?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Un joystick suplémentaire correspondant au clavier était ajouté dans /dev/input/js* rendant Rocket League injouable. Cette règle supprime directement ce joystick --- systems/PC-Fixe/configuration.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 88012414..f91e7f39 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -37,6 +37,11 @@ usb-modeswitch-data # Logitech G920 ]; + # Corsair K70 + services.udev.extraRules = '' + SUBSYSTEM=="usb", ATTR{bInterfaceNumber}=="00", ATTRS{idVendor}=="1b1c", ATTRS{idProduct}=="1b09", RUN+="${pkgs.bash}/bin/sh -c '${pkgs.coreutils}/bin/echo -n %k > /sys''${DEVPATH}/driver/unbind'" + ''; + networking.hostName = "paul-fixe"; # Define your hostname. networking.networkmanager.enable = true; # Enables wireless support via wpa_supplicant. From 20d2f30fc7deb1e9546bb89b071f062f56808413 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 16 Jan 2019 23:35:32 +0100 Subject: [PATCH 004/474] Wine 64 bits --- systems/PC-Fixe/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index f91e7f39..bb747921 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -56,7 +56,7 @@ nixpkgs.config.allowUnfree = true; environment.systemPackages = with pkgs; [ filezilla - wineStaging + wineWowPackages.staging winetricks qbittorrent transmission-remote-gtk From eaf0c9e9559751a05000c4f21fa97a66ef13a244 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 3 Jan 2019 10:04:35 +0100 Subject: [PATCH 005/474] configuration serveur Factorio --- systems/LoutreOS/hardware-configuration.nix | 5 +++++ systems/LoutreOS/services.nix | 9 +++++++++ 2 files changed, 14 insertions(+) diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index a093111e..e72ceb1d 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -117,6 +117,11 @@ fsType = "zfs"; }; + fileSystems."/var/lib/factorio" = + { device = "loutrepool/var/factorio"; + fsType = "zfs"; + }; + fileSystems."/var/dkim" = { device = "loutrepool/var/dkim"; fsType = "zfs"; diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index f246a1e9..0539a300 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -21,6 +21,7 @@ in ../../services/python-ci.nix ../../services/sdtdserver.nix ../../containers/vsftpd.nix + /mnt/secrets/factorio_secrets.nix ]; nixpkgs.overlays = [ @@ -363,6 +364,14 @@ in python-ci.enable = true; sdtdserver.enable = true; + + factorio = { + enable = true; + autosave-interval = 10; + game-name = "Shame"; + public = true; + username = "nyanloutre"; + }; }; /* From b4f345b1c59405ad91877775f014895cc7a8f114 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 22 Jan 2019 11:03:01 +0100 Subject: [PATCH 006/474] =?UTF-8?q?cr=C3=A9ation=20site=20Factorio?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- systems/LoutreOS/services.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 0539a300..fa6a9f31 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -9,6 +9,7 @@ let pgmanage_port = 52347; max_port = 52348; musique_port = 52349; + factorio_port = 52351; in { @@ -60,6 +61,7 @@ in "pgmanage.${domaine}" = { ip = "127.0.0.1"; port = pgmanage_port; auth = true; }; "gitea.${domaine}" = { ip = "127.0.0.1"; port = 3001; auth = false; }; "ci.${domaine}" = { ip = "127.0.0.1"; port = 52350; auth = false; }; + "factorio.${domaine}" = { ip = "127.0.0.1"; port = factorio_port; auth = false; }; }; }; @@ -210,6 +212,10 @@ in listen = [ { addr = "127.0.0.1"; port = riot_port; } ]; locations = { "/" = { root = pkgs.riot-web; }; }; }; + "factorio" = { + listen = [ { addr = "127.0.0.1"; port = factorio_port; } ]; + locations = { "/" = { root = "/var/www/factorio"; }; }; + }; }; }; From a158ee98d850855ba901d7d46c2faf188ad5a891 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 22 Jan 2019 11:03:32 +0100 Subject: [PATCH 007/474] =?UTF-8?q?d=C3=A9sactivation=20server=207=20days?= =?UTF-8?q?=20to=20die?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- systems/LoutreOS/services.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index fa6a9f31..a2a24c20 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -369,7 +369,7 @@ in python-ci.enable = true; - sdtdserver.enable = true; + sdtdserver.enable = false; factorio = { enable = true; From 26b53b57f627c79d5c97c21bbdba9a205e8210d4 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 22 Jan 2019 11:03:15 +0100 Subject: [PATCH 008/474] activation sauvegardes --- systems/LoutreOS/services.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index a2a24c20..5ef3e923 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -290,7 +290,6 @@ in }; }; - /* borgbackup.jobs = { loutre = { paths = [ @@ -326,12 +325,11 @@ in postHook = '' ${pkgs.zfs}/bin/zfs destroy loutrepool/var/postgresql@borgsnap if [[ $exitStatus == 0 ]]; then - ${pkgs.rclone}/bin/rclone --config /mnt/secrets/rclone_loutre.conf sync -v $BORG_REPO loutre_ovh:loutre + ${pkgs.rclone}/bin/rclone --config /mnt/secrets/rclone_loutre.conf sync -v $BORG_REPO BackupStorage:loutre fi ''; }; }; - */ borgbackup.repos = { diskstation = { From 8576f0eb84a4b0361ad3d31b54c9b8a085ab1cb3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 22 Jan 2019 11:01:25 +0100 Subject: [PATCH 009/474] activation dogetipbot telegram --- overlays/dogetipbot-telegram.nix | 4 ++-- systems/LoutreOS/services.nix | 5 +---- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/overlays/dogetipbot-telegram.nix b/overlays/dogetipbot-telegram.nix index 9bc16e05..c3462a5d 100644 --- a/overlays/dogetipbot-telegram.nix +++ b/overlays/dogetipbot-telegram.nix @@ -3,7 +3,7 @@ self: super: { dogetipbot-telegram = super.callPackage (super.fetchgit { url = "https://gitlab.com/nyanloutre/dogetipbot-telegram.git"; - rev = "3bf1c89aaccded42ce41452c72f7ebf6d4d056ca"; - sha256 = "1gd1wi054ihbxanvj1ac7mz5ghnxab89a0r3i4hy482sglbxqcih"; + rev = "33e5a2273cc1e447dec9a37676913915706fd332"; + sha256 = "1rzv5qd7bj1dzx5qa2h4mdzzvxk77hz3svfcg7hq0sff8a7npk46"; }) { pkgs = self; }; } diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 5ef3e923..63081a14 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -378,7 +378,6 @@ in }; }; - /* systemd.services.dogetipbot-telegram = { after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; @@ -386,11 +385,9 @@ in enable = true; serviceConfig = { EnvironmentFile = "/mnt/secrets/dogetipbot-telegram_env"; - User = "nobody"; - Group = "nogroup"; + DynamicUser = true; }; }; - */ systemd.services.matrix-synapse = { serviceConfig = { From 4a1de9e6f61560f799cf1a98469dc6e9ed06b670 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 22 Jan 2019 11:02:11 +0100 Subject: [PATCH 010/474] maj mailserver module MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Désactivation socket rspamd --- services/mail-server.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/mail-server.nix b/services/mail-server.nix index 13fca175..bcfa5915 100644 --- a/services/mail-server.nix +++ b/services/mail-server.nix @@ -17,8 +17,8 @@ in imports = [ (builtins.fetchTarball { - url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.0/nixos-mailserver-v2.2.0.tar.gz"; - sha256 = "0gqzgy50hgb5zmdjiffaqp277a68564vflfpjvk1gv6079zahksc"; + url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/8b7dde4b54da821ca3dc2058178d6ffbd2e25bc5/nixos-mailserver-8b7dde4b54da821ca3dc2058178d6ffbd2e25bc5.tar.gz"; + sha256 = "0pf25ns3yq9vdbpb30cplx4zkj7srrklamd6kw7ifaf7gyc7fy65"; }) ]; From 34dd10327fbf4407028da13321d3d094b5ec244c Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 22 Jan 2019 11:02:32 +0100 Subject: [PATCH 011/474] maj NixOS --- systems/LoutreOS/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index b65f1675..193a1815 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -5,7 +5,7 @@ { config, pkgs, ... }: let - gitRev = "baee8283bb858602e6b8d9c4763f11f79d4ac813"; + gitRev = "0af0b7a9cf9dc426c3686fd8b9369251ef18805a"; nixpkgs = fetchTarball "https://github.com/nyanloutre/nixpkgs/archive/${gitRev}.tar.gz"; in { From ede5d9f70aa50f57adffa4130c817cab69968f16 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 24 Jan 2019 09:53:39 +0100 Subject: [PATCH 012/474] personnalisation Gitea --- systems/LoutreOS/services.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 63081a14..711f83c1 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -349,6 +349,14 @@ in port = 5432; passwordFile = "/mnt/secrets/gitea_database_passwordFile"; }; + log.level = "Warn"; + extraConfig = '' + [ui] + DEFAULT_THEME = arc-green + + [service] + DISABLE_REGISTRATION = true + ''; }; site-musique = { From e041e07fd913d52c52a7ddd45e6066ad55c984d1 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 24 Jan 2019 09:52:58 +0100 Subject: [PATCH 013/474] changement mot de passe --- services/haproxy-acme.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/haproxy-acme.nix b/services/haproxy-acme.nix index b16cf76f..e4727239 100644 --- a/services/haproxy-acme.nix +++ b/services/haproxy-acme.nix @@ -24,7 +24,7 @@ let timeout connect 4s timeout server 30s userlist LOUTRE - user paul password $6$6rDdCtzSVsAwB6KP$V8bR7KP7FSL2BSEh6n3op6iYhAnsVSPI2Ar3H6MwKrJ/lZRzUI8a0TwVBD2JPnAntUhLpmRudrvdq2Ls2odAy. + user paul password $6$YNjCpiPABu9$.iEp.3BgoswHcX3SMjz1/CiyqFQn/fjnxtT9CWBqQHBKynvK2kh/i62ije0WmCvhKRUhy9gdVbJStM3ciGXnC1 frontend public bind :::80 v4v6 bind :::443 v4v6 ssl crt /var/lib/acme/${cfg.domaine}/full.pem alpn h2,http/1.1 From 745b342aabb20bb68033099ccf92ea2cc3264779 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 24 Jan 2019 09:53:21 +0100 Subject: [PATCH 014/474] installation airsonic --- systems/LoutreOS/services.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 711f83c1..7f9744e6 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -10,6 +10,7 @@ let max_port = 52348; musique_port = 52349; factorio_port = 52351; + airsonic_port = 4040; in { @@ -62,6 +63,7 @@ in "gitea.${domaine}" = { ip = "127.0.0.1"; port = 3001; auth = false; }; "ci.${domaine}" = { ip = "127.0.0.1"; port = 52350; auth = false; }; "factorio.${domaine}" = { ip = "127.0.0.1"; port = factorio_port; auth = false; }; + "airsonic.${domaine}" = { ip = "127.0.0.1"; port = airsonic_port; auth = false; }; }; }; @@ -384,6 +386,9 @@ in public = true; username = "nyanloutre"; }; + + airsonic.enable = true; + airsonic.maxMemory = 500; }; systemd.services.dogetipbot-telegram = { From 8c79c29b5de9848edbcf9ad584873693834c655e Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 24 Jan 2019 09:52:40 +0100 Subject: [PATCH 015/474] simplification build dogetipbot --- overlays/dogetipbot-telegram.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/overlays/dogetipbot-telegram.nix b/overlays/dogetipbot-telegram.nix index c3462a5d..162b5f5e 100644 --- a/overlays/dogetipbot-telegram.nix +++ b/overlays/dogetipbot-telegram.nix @@ -3,7 +3,7 @@ self: super: { dogetipbot-telegram = super.callPackage (super.fetchgit { url = "https://gitlab.com/nyanloutre/dogetipbot-telegram.git"; - rev = "33e5a2273cc1e447dec9a37676913915706fd332"; - sha256 = "1rzv5qd7bj1dzx5qa2h4mdzzvxk77hz3svfcg7hq0sff8a7npk46"; + rev = "a63408de18d447983d65a51f176c35e434327517"; + sha256 = "12y7yd114cz64blgnyljpnnqbycsp0f1ljzaiqq05a5xa4pjvwyf"; }) { pkgs = self; }; } From 51514e5c5afe399add0b297a0c55e8b85f554aa8 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 24 Jan 2019 18:56:12 +0100 Subject: [PATCH 016/474] erreurs HTTP perso sur haproxy --- services/errorfiles/503.html | 39 ++++++++++++++++++++++++++++++++++++ services/haproxy-acme.nix | 1 + 2 files changed, 40 insertions(+) create mode 100644 services/errorfiles/503.html diff --git a/services/errorfiles/503.html b/services/errorfiles/503.html new file mode 100644 index 00000000..c511c008 --- /dev/null +++ b/services/errorfiles/503.html @@ -0,0 +1,39 @@ +HTTP/1.0 503 Service Unavailable +Cache-Control: no-cache +Connection: close +Content-Type: text/html + + + + + + + + 503 Service Unavailable + + + + + + + +

503 Service non disponible

+ +

Impossible de contacter le serveur demandé

+ + diff --git a/services/haproxy-acme.nix b/services/haproxy-acme.nix index e4727239..ad599045 100644 --- a/services/haproxy-acme.nix +++ b/services/haproxy-acme.nix @@ -23,6 +23,7 @@ let timeout client 10s timeout connect 4s timeout server 30s + errorfile 503 ${./errorfiles/503.html} userlist LOUTRE user paul password $6$YNjCpiPABu9$.iEp.3BgoswHcX3SMjz1/CiyqFQn/fjnxtT9CWBqQHBKynvK2kh/i62ije0WmCvhKRUhy9gdVbJStM3ciGXnC1 frontend public From 88953c1832335531e9c5393d48e5eab9754daca2 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 24 Jan 2019 18:56:25 +0100 Subject: [PATCH 017/474] update NixOS --- systems/LoutreOS/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 193a1815..9b094b38 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -5,7 +5,7 @@ { config, pkgs, ... }: let - gitRev = "0af0b7a9cf9dc426c3686fd8b9369251ef18805a"; + gitRev = "d9634b4788a69eba897a5efb826f313942a860e2"; nixpkgs = fetchTarball "https://github.com/nyanloutre/nixpkgs/archive/${gitRev}.tar.gz"; in { From 692baa892bd4809344452ae8e8ee318af20b58cd Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 24 Jan 2019 18:56:41 +0100 Subject: [PATCH 018/474] refactor airsonic --- systems/LoutreOS/services.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 7f9744e6..abe891ed 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -387,8 +387,10 @@ in username = "nyanloutre"; }; - airsonic.enable = true; - airsonic.maxMemory = 500; + airsonic = { + enable = true; + maxMemory = 500; + }; }; systemd.services.dogetipbot-telegram = { From f39adc65fd9bc2b192899b634177d317afb9e26f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 24 Jan 2019 18:56:56 +0100 Subject: [PATCH 019/474] ajout paquet binutils --- systems/common.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/common.nix b/systems/common.nix index 460716e0..3b6aba4a 100644 --- a/systems/common.nix +++ b/systems/common.nix @@ -49,6 +49,7 @@ # Outils borgbackup + binutils # Développement openssl From 75a9bf301fa2f1d7565b2667cd24d7e18c673654 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 24 Jan 2019 18:58:13 +0100 Subject: [PATCH 020/474] activation Bluetooth --- systems/PC-Fixe/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index bb747921..66983b00 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -32,6 +32,8 @@ hardware.u2f.enable = true; + hardware.bluetooth.enable = true; + services.udev.packages = with pkgs; [ ledger-udev-rules usb-modeswitch-data # Logitech G920 From 151469500c6c156fd078b4343fe10acc9a16135d Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 24 Jan 2019 18:58:27 +0100 Subject: [PATCH 021/474] installation tor browser --- systems/PC-Fixe/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 66983b00..7b44c627 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -74,6 +74,7 @@ firefox chromium + torbrowser tdesktop mumble From c8f2fd50e50c554951152b18baa094e6543e2cee Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 12 Feb 2019 11:13:40 +0100 Subject: [PATCH 022/474] modification mot de passe FTP claire --- containers/vsftpd.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/vsftpd.nix b/containers/vsftpd.nix index 2881580e..730b35a3 100644 --- a/containers/vsftpd.nix +++ b/containers/vsftpd.nix @@ -26,7 +26,7 @@ users.extraUsers = { claire = { isNormalUser = true; - hashedPassword = "$6$Mu47EjsbNTewDkRp$XeQh6rcdvb3BUXzsGqekKImLTrMgnN0VyERoSbpI4rMPlx8oHM9NNeHZtfIiLEaZGtQ9otnbLa54jYse5Iwev1"; + hashedPassword = "$6$ZyXB0fvcTbScnrM$6YQSr18QlGyjxPwaVrKkJxUShNoX0DjsmhlVnoVZwlELP7r9gSoGskfM4qBF3GSUdtfQOn5TOHIls5QVUmVAW0"; description = "Claire TREHIOU"; }; From b51cde0014511752802015442cc527e831df7869 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 12 Feb 2019 11:15:01 +0100 Subject: [PATCH 023/474] matrix-synapse: utilisation du certificat ACME --- services/haproxy-acme.nix | 6 ++++-- systems/LoutreOS/services.nix | 4 ++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/services/haproxy-acme.nix b/services/haproxy-acme.nix index ad599045..96d28cd2 100644 --- a/services/haproxy-acme.nix +++ b/services/haproxy-acme.nix @@ -133,8 +133,8 @@ in ) cfg.services; webroot = "/var/www/challenges"; email = "paul@nyanlout.re"; - user = "haproxy"; - group = "haproxy"; + allowKeysForGroup = true; + group = "acme"; postRun = '' systemctl reload haproxy.service ''; @@ -142,6 +142,8 @@ in }; security.acme.directory = "/var/lib/acme"; + users.groups.acme.members = [ "haproxy" ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index abe891ed..0a9ad17c 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -254,6 +254,8 @@ in database_args = { database = "matrix-synapse"; }; + tls_private_key_path = "/var/lib/acme/${domaine}/key.pem"; + tls_certificate_path = "/var/lib/acme/${domaine}/fullchain.pem"; extraConfig = '' max_upload_size: "100M" ''; @@ -411,6 +413,8 @@ in }; }; + users.groups.acme.members = [ "matrix-synapse" ]; + security.sudo.extraRules = [ { commands = [ { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } ]; users = [ "telegraf" ]; } ]; From c3e051501be2d32d7e45ea8de63a441ad5d1f52b Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 12 Feb 2019 11:15:39 +0100 Subject: [PATCH 024/474] activation plus fine des paquets non libres --- systems/LoutreOS/configuration.nix | 3 +++ systems/common.nix | 1 - 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 9b094b38..2343ee6d 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -32,6 +32,9 @@ in "nixos-config=/etc/nixos/configuration.nix" ]; + nixpkgs.config.allowUnfree = false; + nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.28.1-slimserver" ]); + services.zfs = { autoSnapshot.enable = true; autoScrub.enable = true; diff --git a/systems/common.nix b/systems/common.nix index 3b6aba4a..6fbe1b1d 100644 --- a/systems/common.nix +++ b/systems/common.nix @@ -9,7 +9,6 @@ (import ../overlays/neovim.nix) ]; - nixpkgs.config.allowUnfree = true; environment.systemPackages = with pkgs; [ # Editeurs neovim From f5efe91d93ce1464c2921e40af8c5e7a892a20ab Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 12 Feb 2019 11:16:06 +0100 Subject: [PATCH 025/474] maj 18.09 --- systems/LoutreOS/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 2343ee6d..86fc367b 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -5,7 +5,7 @@ { config, pkgs, ... }: let - gitRev = "d9634b4788a69eba897a5efb826f313942a860e2"; + gitRev = "0ecd242437a00f0ad39d8adb19bfb0ccba5af760"; nixpkgs = fetchTarball "https://github.com/nyanloutre/nixpkgs/archive/${gitRev}.tar.gz"; in { From e0d6318603132f69e57c1f811bea3f60d0e3b94a Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 17 Feb 2019 21:05:04 +0100 Subject: [PATCH 026/474] =?UTF-8?q?PC-Fixe:=20d=C3=A9sactivation=20rkt?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- systems/PC-Fixe/configuration.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 7b44c627..0414784d 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -159,8 +159,6 @@ services.syncthing.user = "paul"; services.syncthing.group = "users"; - virtualisation.rkt.enable = true; - # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database # servers. You should change this only after NixOS release notes say you From 44d914cd8c795e31193abdff1d2021feb61edd83 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 17 Feb 2019 21:05:28 +0100 Subject: [PATCH 027/474] =?UTF-8?q?PC-Fixe:=20activation=20mise=20=C3=A0?= =?UTF-8?q?=20jour=20microcode=20Intel?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- systems/PC-Fixe/hardware-configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systems/PC-Fixe/hardware-configuration.nix b/systems/PC-Fixe/hardware-configuration.nix index 2439beb6..fcbbff7b 100644 --- a/systems/PC-Fixe/hardware-configuration.nix +++ b/systems/PC-Fixe/hardware-configuration.nix @@ -12,6 +12,8 @@ boot.kernelModules = [ "kvm-intel" "nct6775" ]; boot.extraModulePackages = [ ]; + hardware.cpu.intel.updateMicrocode = true; + fileSystems."/" = { device = "/dev/disk/by-uuid/509a5842-56fe-40bd-8b00-6bda87e02e5e"; fsType = "ext4"; From 00ca645ce78fe0dac7d25e997c3f174ceb146694 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 27 Feb 2019 13:31:43 +0100 Subject: [PATCH 028/474] matrix-synapse: activation preview URL et upload permis plus gros --- systems/LoutreOS/services.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 0a9ad17c..a76d502a 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -250,15 +250,14 @@ in x_forwarded = true; } ]; + max_upload_size = "100M"; database_type = "psycopg2"; database_args = { database = "matrix-synapse"; }; tls_private_key_path = "/var/lib/acme/${domaine}/key.pem"; tls_certificate_path = "/var/lib/acme/${domaine}/fullchain.pem"; - extraConfig = '' - max_upload_size: "100M" - ''; + url_preview_enabled = true; logConfig = '' version: 1 From 5c569b72dfed3478ccf1147b8089dae0201bf4f7 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 27 Feb 2019 13:32:25 +0100 Subject: [PATCH 029/474] borg: sauvegarde Emby --- systems/LoutreOS/services.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index a76d502a..57a2a6b3 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -298,10 +298,11 @@ in paths = [ "/var/certs" "/var/dkim" + "/var/lib/emby" "/var/lib/gitea" "/var/lib/grafana" - "/var/lib/matrix-synapse" "/var/lib/jackett" + "/var/lib/matrix-synapse" "/var/lib/postgresql/.zfs/snapshot/borgsnap" "/var/lib/radarr" "/var/lib/sonarr" From d3beedb3b5542643729774f22c4c3bf9bb776fb4 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 27 Feb 2019 13:32:00 +0100 Subject: [PATCH 030/474] =?UTF-8?q?mise=20=C3=A0=20jour=20syst=C3=A8me?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- systems/LoutreOS/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 86fc367b..d7f246bd 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -5,7 +5,7 @@ { config, pkgs, ... }: let - gitRev = "0ecd242437a00f0ad39d8adb19bfb0ccba5af760"; + gitRev = "7d77db315d44ef6059a5d184f61eb584cfcf2d46"; nixpkgs = fetchTarball "https://github.com/nyanloutre/nixpkgs/archive/${gitRev}.tar.gz"; in { From 0f28540bc9ac15639062214dccc038717475fb16 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 13 Mar 2019 22:47:39 +0100 Subject: [PATCH 031/474] partage NFS steam mode asynchrone --- systems/LoutreOS/services.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 57a2a6b3..c7138f66 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -184,7 +184,7 @@ in enable = true; exports = '' /mnt/medias 192.168.0.0/16(ro,no_root_squash) - /exports/steam 192.168.0.0/24(rw,no_root_squash) + /exports/steam 192.168.0.0/24(rw,async,no_root_squash) ''; statdPort = 4000; lockdPort = 4001; From 32badf4d627f99a223ef939ac1cf0c64467840ac Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 26 Mar 2019 11:20:05 +0100 Subject: [PATCH 032/474] vsftpd: changement mot de passe claire --- containers/vsftpd.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/vsftpd.nix b/containers/vsftpd.nix index 730b35a3..02fab550 100644 --- a/containers/vsftpd.nix +++ b/containers/vsftpd.nix @@ -26,7 +26,7 @@ users.extraUsers = { claire = { isNormalUser = true; - hashedPassword = "$6$ZyXB0fvcTbScnrM$6YQSr18QlGyjxPwaVrKkJxUShNoX0DjsmhlVnoVZwlELP7r9gSoGskfM4qBF3GSUdtfQOn5TOHIls5QVUmVAW0"; + hashedPassword = "$6$DjEjaibh$cRoOEHH.CjUgXXwyVphgnOGMhD3AVjPtawQb9BxvNSmWNqfcxoNH.6HhdxYa7PM0y0yctYXjsAc.vnkIov/NA/"; description = "Claire TREHIOU"; }; From c4be6b797692dc1fe7f81af3d04258057698bb02 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 26 Mar 2019 11:22:08 +0100 Subject: [PATCH 033/474] update --- systems/LoutreOS/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index d7f246bd..aefe0da4 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -5,7 +5,7 @@ { config, pkgs, ... }: let - gitRev = "7d77db315d44ef6059a5d184f61eb584cfcf2d46"; + gitRev = "afca3f977175280668aaed92112eb42a171510d2"; nixpkgs = fetchTarball "https://github.com/nyanloutre/nixpkgs/archive/${gitRev}.tar.gz"; in { From 3ce21d6e7b363373022a0e958b96afc250ceb504 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 4 Apr 2019 23:47:24 +0200 Subject: [PATCH 034/474] configuration NAT --- systems/LoutreOS/configuration.nix | 76 ++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index aefe0da4..64152628 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -40,9 +40,85 @@ in autoScrub.enable = true; }; + # eno1 -> VLAN100 -> Internet + # eno2 -> LAN + # eno3 -> accès serveur + # eno4 -> Wifi ? + networking = { hostName = "loutreos"; # Define your hostname. hostId = "7e66e347"; + + # firewall.trustedInterfaces = [ "eno3" ]; + # interface.eno3 = { + # ipv4.addresses = [ + # { address = "10.30.0.5"; prefixLength = 24; } + # ]; + # }; + + vlans.bouyges = { + id = 100; + interface = "eno1"; + }; + + interfaces = { + bouyges = { + # Adresse MAC BBox ? https://lafibre.info/remplacer-bbox/informations-de-connexion-ftth/msg598303/#msg598303 + macAddress = "00:11:22:33:44:55"; + }; + eno2 = { + ipv4.addresses = [ + { address = "10.30.0.1"; prefixLength = 16; } + ]; + }; + }; + + # NAT bouyges <-> eno2 + nat = { + enable = true; + externalInterface = "bouyges"; + # Permet d'utiliser le SNAT plus rapide au lieu de MASQUERADE + # externalIP = "0.0.0.0"; + forwardPorts = [ + # FTP + { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 20; } + { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 21; } + { destination = "10.30.0.5"; proto = "tcp"; sourcePort = "64000:65535"; } + # SSH + { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 22; } + # Mails + { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 25; } + { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 143; } + { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 587; } + { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 4190; } + # HAProxy + { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 80; } + { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 443; } + # Matrix + { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 8448; } + # Syncthing + { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 22000; } + # Transmission + { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 51413; } + { destination = "10.30.0.5"; proto = "udp"; sourcePort = 51413; } + ]; + internalIPs = [ "10.30.0.0/16" ]; + internalInterfaces = [ "eno2" ]; + }; + + }; + + services.dhcpd4 = { + enable = true; + interfaces = [ "eno2" ]; + extraConfig = '' + option domain-name-servers 89.234.141.66, 80.67.169.12, 80.67.169.40; + option subnet-mask 255.255.0.0; + option routers 10.30.0.1; + subnet 10.30.0.0 netmask 255.255.0.0 { + range 10.30.50.0 10.30.250.0; + } + ''; }; nixpkgs.overlays = [ From 35e0d8da5629caebcd8b103900705f15412b84cf Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 21 Apr 2019 11:04:42 +0200 Subject: [PATCH 035/474] riot: dimension t2bot --- overlays/riot-web.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/overlays/riot-web.nix b/overlays/riot-web.nix index 74539b12..c92dfa5e 100644 --- a/overlays/riot-web.nix +++ b/overlays/riot-web.nix @@ -6,7 +6,11 @@ self: super: "default_hs_url": "https://matrix.nyanlout.re", "default_is_url": "https://vector.im", "brand": "Nyanloutre", - "default_theme": "dark" + "default_theme": "dark", + "integrations_ui_url": "https://dimension.t2bot.io/riot", + "integrations_rest_url": "https://dimension.t2bot.io/api/v1/scalar", + "integrations_widgets_urls": ["https://dimension.t2bot.io/widgets"], + "integrations_jitsi_widget_url": "https://dimension.t2bot.io/widgets/jitsi" } ''; }; From d9c00135027cf654e8e082b53ac21bd896d22446 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 21 Apr 2019 11:05:45 +0200 Subject: [PATCH 036/474] nat: config de test --- systems/LoutreOS/configuration.nix | 37 ++++-------------------------- 1 file changed, 4 insertions(+), 33 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 64152628..25a7fdbd 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -42,20 +42,13 @@ in # eno1 -> VLAN100 -> Internet # eno2 -> LAN - # eno3 -> accès serveur - # eno4 -> Wifi ? + # eno3 -> Legacy client DHCP + # eno4 -> Pas utilisé networking = { hostName = "loutreos"; # Define your hostname. hostId = "7e66e347"; - # firewall.trustedInterfaces = [ "eno3" ]; - # interface.eno3 = { - # ipv4.addresses = [ - # { address = "10.30.0.5"; prefixLength = 24; } - # ]; - # }; - vlans.bouyges = { id = 100; interface = "eno1"; @@ -76,32 +69,10 @@ in # NAT bouyges <-> eno2 nat = { enable = true; - externalInterface = "bouyges"; + # À remplacer par bouyges + externalInterface = "eno3"; # Permet d'utiliser le SNAT plus rapide au lieu de MASQUERADE # externalIP = "0.0.0.0"; - forwardPorts = [ - # FTP - { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 20; } - { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 21; } - { destination = "10.30.0.5"; proto = "tcp"; sourcePort = "64000:65535"; } - # SSH - { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 22; } - # Mails - { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 25; } - { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 143; } - { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 587; } - { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 4190; } - # HAProxy - { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 80; } - { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 443; } - # Matrix - { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 8448; } - # Syncthing - { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 22000; } - # Transmission - { destination = "10.30.0.5"; proto = "tcp"; sourcePort = 51413; } - { destination = "10.30.0.5"; proto = "udp"; sourcePort = 51413; } - ]; internalIPs = [ "10.30.0.0/16" ]; internalInterfaces = [ "eno2" ]; }; From 74e9983200784ab2b0e2d83bcce30331e0dc68ed Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 26 Mar 2019 11:22:08 +0100 Subject: [PATCH 037/474] update --- systems/LoutreOS/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 25a7fdbd..907b12ff 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -5,7 +5,7 @@ { config, pkgs, ... }: let - gitRev = "afca3f977175280668aaed92112eb42a171510d2"; + gitRev = "83dbfc9fc8fab023f21743c13bb0f42287a5eb50"; nixpkgs = fetchTarball "https://github.com/nyanloutre/nixpkgs/archive/${gitRev}.tar.gz"; in { From 34ea855049b7e4636f1911ee417789d8257520c4 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 27 Feb 2019 15:06:57 +0100 Subject: [PATCH 038/474] =?UTF-8?q?vsftpd:=20fix=2019.03=20->=20SSL=20acti?= =?UTF-8?q?v=C3=A9=20par=20d=C3=A9faut?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- containers/vsftpd.nix | 3 --- overlays/vsftpd.nix | 6 ------ 2 files changed, 9 deletions(-) delete mode 100644 overlays/vsftpd.nix diff --git a/containers/vsftpd.nix b/containers/vsftpd.nix index 02fab550..77fceae2 100644 --- a/containers/vsftpd.nix +++ b/containers/vsftpd.nix @@ -5,9 +5,6 @@ config = { config, pkgs, ... }: { - nixpkgs.overlays = [ - (import ../overlays/vsftpd.nix) - ]; services.vsftpd = { enable = true; forceLocalLoginsSSL = true; diff --git a/overlays/vsftpd.nix b/overlays/vsftpd.nix deleted file mode 100644 index 9475490e..00000000 --- a/overlays/vsftpd.nix +++ /dev/null @@ -1,6 +0,0 @@ -self: super: -{ - vsftpd = super.vsftpd.override { - sslEnable = true; - }; -} From ad7cf6495926609856698314c0935e24f1ab5cd6 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 26 Mar 2019 11:23:48 +0100 Subject: [PATCH 039/474] update 19.03 --- systems/LoutreOS/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 907b12ff..a6d4124f 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -5,7 +5,7 @@ { config, pkgs, ... }: let - gitRev = "83dbfc9fc8fab023f21743c13bb0f42287a5eb50"; + gitRev = "91cb80e4397d55b19b0beba3fa3846f1a02d0342"; nixpkgs = fetchTarball "https://github.com/nyanloutre/nixpkgs/archive/${gitRev}.tar.gz"; in { From 414be4c06a6422b95fe266e6203c038f61d7f5ef Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 26 Apr 2019 00:04:44 +0200 Subject: [PATCH 040/474] pr-autobot: migration 18.09 -> 19.03 --- services/auto-pr.nix | 2 +- services/pr-autobot.py | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/services/auto-pr.nix b/services/auto-pr.nix index 0ac765c1..228f7a9f 100644 --- a/services/auto-pr.nix +++ b/services/auto-pr.nix @@ -27,7 +27,7 @@ in ignoreCollisions = true; }; in "${pkgs.writeShellScriptBin "run.sh" '' - ${env}/bin/python ${pkgs.writeScript "pr-autobot.py" "${readFile ./pr-autobot.py}"} --private-key /var/lib/auto-pr-bot/private-key.pem --app-id 19565 --installation-id 407088 --repo nyanloutre/nixpkgs --cache-dir /var/cache/auto-pr-bot + ${env}/bin/python ${pkgs.writeScript "pr-autobot.py" "${readFile ./pr-autobot.py}"} --private-key /var/lib/auto-pr-bot/private-key.pem --app-id 19565 --installation-id 407088 --repo nyanloutre/nixpkgs --cache-dir /var/cache/auto-pr-bot --version 19.03 ''}/bin/run.sh"; }; }; diff --git a/services/pr-autobot.py b/services/pr-autobot.py index a1ad4b10..c97a2c9a 100755 --- a/services/pr-autobot.py +++ b/services/pr-autobot.py @@ -11,9 +11,10 @@ parser.add_argument('--app-id') parser.add_argument('--installation-id') parser.add_argument('--repo') parser.add_argument('--cache-dir') +parser.add_argument('--version') args = vars(parser.parse_args()) -channel_req = urllib.request.Request(url='https://nixos.org/channels/nixos-18.09/git-revision') +channel_req = urllib.request.Request(url='https://nixos.org/channels/nixos-' + args["version"] + '/git-revision') latest_commit = urllib.request.urlopen(channel_req).read().decode('utf-8') try: previous_commit = open(args['cache_dir'] + '/git-revision', 'r').read() @@ -57,7 +58,7 @@ if latest_commit != previous_commit: - [ ] Fusionner la branche """) - pr = repo.create_pull(title=branch, body=pr_message, base='nixos-18.09', head=branch) + pr = repo.create_pull(title=branch, body=pr_message, base='nixos-' + args["version"], head=branch) print("Pull request numéro " + str(pr.number) + " créée") print("URL : " + pr.html_url) From ef0a6f3cc926723a645b735b192dd139d2ef97ae Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 27 Apr 2019 10:36:01 +0200 Subject: [PATCH 041/474] configuration FTTH bouyges --- systems/LoutreOS/configuration.nix | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index a6d4124f..8923f96e 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -49,15 +49,22 @@ in hostName = "loutreos"; # Define your hostname. hostId = "7e66e347"; + dhcpcd.extraConfig = '' + interface "bouyges" { + send vendor-class-identifier "BYGTELIAD"; + } + ''; + vlans.bouyges = { id = 100; interface = "eno1"; }; interfaces = { + eno1.useDHCP = false; bouyges = { # Adresse MAC BBox ? https://lafibre.info/remplacer-bbox/informations-de-connexion-ftth/msg598303/#msg598303 - macAddress = "00:11:22:33:44:55"; + macAddress = "E8:AD:A6:21:73:68"; }; eno2 = { ipv4.addresses = [ @@ -69,8 +76,7 @@ in # NAT bouyges <-> eno2 nat = { enable = true; - # À remplacer par bouyges - externalInterface = "eno3"; + externalInterface = "bouyges"; # Permet d'utiliser le SNAT plus rapide au lieu de MASQUERADE # externalIP = "0.0.0.0"; internalIPs = [ "10.30.0.0/16" ]; From e53f70e680eab3fdd1ca742e2fff322cdde6b6cb Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 27 Apr 2019 11:34:17 +0200 Subject: [PATCH 042/474] firewall: limitation NFS et Slimserver au LAN --- systems/LoutreOS/configuration.nix | 21 +++++++++++++++------ systems/LoutreOS/services.nix | 4 ---- 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 8923f96e..dc2d3f27 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -83,6 +83,21 @@ in internalInterfaces = [ "eno2" ]; }; + firewall = { + allowedTCPPorts = [ ]; + allowedUDPPorts = [ ]; + interfaces.eno2 = { + allowedTCPPorts = [ + 111 2049 4000 4001 4002 # NFS + 3483 9000 9090 # Slimserver + ]; + allowedUDPPorts = [ + 111 2049 4000 4001 4002 # NFS + 3483 # Slimserver + ]; + }; + enable = true; + }; }; services.dhcpd4 = { @@ -108,12 +123,6 @@ in passwordAuthentication = false; }; - networking.firewall = { - allowedTCPPorts = [ ]; - allowedUDPPorts = [ ]; - enable = true; - }; - security.sudo.wheelNeedsPassword = false; system.stateVersion = "18.03"; diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index c7138f66..4bb92498 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -436,8 +436,6 @@ in }; firewall.allowedTCPPorts = [ - 111 2049 4000 4001 4002 # NFS - 3483 9000 9090 # Slimserver 51413 # Transmission 8448 # Matrix federation 20 21 # FTP @@ -448,8 +446,6 @@ in ]; firewall.allowedUDPPorts = [ - 111 2049 4000 4001 4002 # NFS - 3483 # Slimserver 51413 # Transmission 51820 # Wireguard ]; From ad8bcba5d09a2d80f59f730155eab50767df9923 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 1 May 2019 23:06:17 +0200 Subject: [PATCH 043/474] migration Bouyges, corrections --- systems/LoutreOS/configuration.nix | 4 ++++ systems/LoutreOS/services.nix | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index dc2d3f27..fec57f54 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -103,6 +103,10 @@ in services.dhcpd4 = { enable = true; interfaces = [ "eno2" ]; + machines = [ + { ethernetAddress = "50:c7:bf:b6:b8:ef"; hostName = "HS110"; ipAddress = "10.30.50.7"; } + { ethernetAddress = "ac:1f:6b:4b:01:15"; hostName = "IPMI"; ipAddress = "10.30.1.1"; } + ]; extraConfig = '' option domain-name-servers 89.234.141.66, 80.67.169.12, 80.67.169.40; option subnet-mask 255.255.0.0; diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 4bb92498..fa29bc8a 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -102,7 +102,7 @@ in rev = "a0996112fc451b76448589698de440ad5fd6ea79"; sha256 = "1f1625g7rfsddgk428g76p8fr7vz5gfhq3f452q17bjni3rf2pj3"; } - }/tplink_smartplug.py -t 192.168.0.57 -c energy" + }/tplink_smartplug.py -t 10.30.50.7 -c energy" ]; data_format = "json"; name_suffix = "_tplink-smartplug"; @@ -183,8 +183,8 @@ in nfs.server = { enable = true; exports = '' - /mnt/medias 192.168.0.0/16(ro,no_root_squash) - /exports/steam 192.168.0.0/24(rw,async,no_root_squash) + /mnt/medias 10.30.0.0/16(ro,no_root_squash) + /exports/steam 10.30.0.0/16(rw,async,no_root_squash) ''; statdPort = 4000; lockdPort = 4001; From 06c2b3db147e5eb6e99b12587fe80a6aa2ed5981 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 1 May 2019 23:07:04 +0200 Subject: [PATCH 044/474] factorio: migration dynamic user --- systems/LoutreOS/hardware-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index e72ceb1d..a3834d98 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -117,7 +117,7 @@ fsType = "zfs"; }; - fileSystems."/var/lib/factorio" = + fileSystems."/var/lib/private/factorio" = { device = "loutrepool/var/factorio"; fsType = "zfs"; }; From b90a2c79b29d43d83b6f3c4f6e23dfb41725e12c Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 7 Jun 2019 10:26:33 +0200 Subject: [PATCH 045/474] nixos-mailserver: update 2.2.1 --- services/mail-server.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/mail-server.nix b/services/mail-server.nix index bcfa5915..b1048206 100644 --- a/services/mail-server.nix +++ b/services/mail-server.nix @@ -17,8 +17,8 @@ in imports = [ (builtins.fetchTarball { - url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/8b7dde4b54da821ca3dc2058178d6ffbd2e25bc5/nixos-mailserver-8b7dde4b54da821ca3dc2058178d6ffbd2e25bc5.tar.gz"; - sha256 = "0pf25ns3yq9vdbpb30cplx4zkj7srrklamd6kw7ifaf7gyc7fy65"; + url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.1/nixos-mailserver-v2.2.1.tar.gz"; + sha256 = "03d49v8qnid9g9rha0wg2z6vic06mhp0b049s3whccn1axvs2zzx"; }) ]; From de25eb9a3607210e11c8c924837e2e0670cfa4d9 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 7 Jun 2019 10:27:23 +0200 Subject: [PATCH 046/474] ajout utilisateur jellyfin dans groupe media --- systems/LoutreOS/users.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/users.nix b/systems/LoutreOS/users.nix index 0698d647..3fd89ab5 100644 --- a/systems/LoutreOS/users.nix +++ b/systems/LoutreOS/users.nix @@ -33,6 +33,6 @@ users.extraGroups.medias = { gid = 498; - members = [ "slimserver" "radarr" "sonarr" "emby" "transmission" ]; + members = [ "slimserver" "radarr" "sonarr" "jellyfin" "transmission" ]; }; } From 651a0d3c647ae4633e36623360aa76e5828a51dc Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 7 Jun 2019 10:28:24 +0200 Subject: [PATCH 047/474] port SSH alternatif --- systems/LoutreOS/configuration.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index fec57f54..2aeb3752 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -81,6 +81,9 @@ in # externalIP = "0.0.0.0"; internalIPs = [ "10.30.0.0/16" ]; internalInterfaces = [ "eno2" ]; + forwardPorts = [ + { destination = "10.30.0.1:22"; proto = "tcp"; sourcePort = 8443;} + ]; }; firewall = { From a93d836d36b123f104e70348d61536b2932a66d6 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 7 Jun 2019 11:57:12 +0200 Subject: [PATCH 048/474] =?UTF-8?q?envoi=20mail=20apr=C3=A8s=20login?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- systems/LoutreOS/services.nix | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index fa29bc8a..36493fe1 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -11,6 +11,16 @@ let musique_port = 52349; factorio_port = 52351; airsonic_port = 4040; + + login_mail_alert = pkgs.writeShellScriptBin "mail_alert.sh" '' + if [ "$PAM_TYPE" != "close_session" ]; then + ${pkgs.system-sendmail}/bin/sendmail paul@nyanlout.re < Date: Sat, 15 Jun 2019 14:36:14 +0200 Subject: [PATCH 049/474] migration Emby -> Jellyfin --- services/haproxy-acme.nix | 2 ++ systems/LoutreOS/services.nix | 24 ++++++++++++++++-------- 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/services/haproxy-acme.nix b/services/haproxy-acme.nix index 96d28cd2..74a4dfe7 100644 --- a/services/haproxy-acme.nix +++ b/services/haproxy-acme.nix @@ -58,6 +58,7 @@ let '' backend ${name}-backend mode http + ${value.extraBackend} ${( if value.socket == "" then '' @@ -100,6 +101,7 @@ in port = mkOption { type = int; description = "Port number"; }; socket = mkOption { type = str; description = "Emplacement du socket"; default = ""; }; auth = mkOption { type = bool; description = "Enable authentification"; default = false; }; + extraBackend = mkOption { type = str; description = "Options backend HaProxy suplémentaires"; default = ""; }; extraAcls = mkOption { type = str; description = "ACL HaProxy suplémentaires"; default = ""; }; aclBool = mkOption { type = str; description = "Logique d'authentification"; default = "!AUTH_OK"; }; }; }); diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 36493fe1..ebef955e 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -12,6 +12,17 @@ let factorio_port = 52351; airsonic_port = 4040; + jellyfin_backend = '' + http-request set-header X-Forwarded-Port %[dst_port] + http-request add-header X-Forwarded-Proto https if { ssl_fc } + ''; + sonarr_acl = '' + acl API path_beg /api + ''; + sonarr_auth = '' + !AUTH_OK !API + ''; + login_mail_alert = pkgs.writeShellScriptBin "mail_alert.sh" '' if [ "$PAM_TYPE" != "close_session" ]; then ${pkgs.system-sendmail}/bin/sendmail paul@nyanlout.re < Date: Sat, 15 Jun 2019 14:36:44 +0200 Subject: [PATCH 050/474] =?UTF-8?q?haproxy:=20d=C3=A9sactivation=20ciphers?= =?UTF-8?q?=20obsol=C3=A8tes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- services/haproxy-acme.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/haproxy-acme.nix b/services/haproxy-acme.nix index 74a4dfe7..312ad438 100644 --- a/services/haproxy-acme.nix +++ b/services/haproxy-acme.nix @@ -13,9 +13,9 @@ let log /dev/log local1 notice user haproxy group haproxy - ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 + ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256 ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets - ssl-default-server-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 + ssl-default-server-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256 ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets defaults option forwardfor From c0cdb3e29d626b4ab311f5a0f1057bdf466e935e Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 15 Jun 2019 14:37:58 +0200 Subject: [PATCH 051/474] =?UTF-8?q?envoi=20mail=20apr=C3=A8s=20backup?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- systems/LoutreOS/services.nix | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index ebef955e..914b5bce 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -23,15 +23,21 @@ let !AUTH_OK !API ''; + sendMail = to: subject: message: pkgs.writeShellScriptBin "mail.sh" '' + ${pkgs.system-sendmail}/bin/sendmail ${to} < Date: Sun, 30 Jun 2019 11:03:51 +0200 Subject: [PATCH 052/474] winetricks utilisation de wine unstable --- systems/ASUS-G46VW/configuration.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/systems/ASUS-G46VW/configuration.nix b/systems/ASUS-G46VW/configuration.nix index f1590ccb..4fd6f9f0 100644 --- a/systems/ASUS-G46VW/configuration.nix +++ b/systems/ASUS-G46VW/configuration.nix @@ -62,8 +62,10 @@ nixpkgs.config.allowUnfree = true; environment.systemPackages = with pkgs; [ filezilla - wineStaging - winetricks + wineWowPackages.unstable + (winetricks.override { + wine = wineWowPackages.unstable; + }) qbittorrent transmission-remote-gtk appimage-run From 74dce71c437edc0fec30ae34c945d3366920f086 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 30 Jun 2019 11:04:44 +0200 Subject: [PATCH 053/474] service redshift --- systems/ASUS-G46VW/configuration.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/systems/ASUS-G46VW/configuration.nix b/systems/ASUS-G46VW/configuration.nix index 4fd6f9f0..190e2aab 100644 --- a/systems/ASUS-G46VW/configuration.nix +++ b/systems/ASUS-G46VW/configuration.nix @@ -212,6 +212,13 @@ value = "1048576"; }]; + services.redshift = { + enable = true; + latitude = "48.573406"; + longitude = "7.752111"; + temperature.night = 2700; + }; + # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database # servers. You should change this only after NixOS release notes say you From 25c24a6c3eca679dcb3e1a0946e67496f19eb723 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 30 Jun 2019 11:34:09 +0200 Subject: [PATCH 054/474] ajout groupe dialout --- systems/ASUS-G46VW/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/ASUS-G46VW/configuration.nix b/systems/ASUS-G46VW/configuration.nix index 190e2aab..320c9661 100644 --- a/systems/ASUS-G46VW/configuration.nix +++ b/systems/ASUS-G46VW/configuration.nix @@ -195,7 +195,7 @@ users.extraUsers.paul = { isNormalUser = true; uid = 1000; - extraGroups = [ "wheel" "networkmanager" "wireshark" ]; + extraGroups = [ "wheel" "networkmanager" "wireshark" "dialout" ]; }; services.syncthing.enable = true; From 612a41ca9b4f3a537e152f342b7cabcc8e3996ac Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 31 Jul 2019 13:51:51 +0200 Subject: [PATCH 055/474] Ajout Wololoc au FTP --- containers/vsftpd.nix | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/containers/vsftpd.nix b/containers/vsftpd.nix index 77fceae2..a21d8eee 100644 --- a/containers/vsftpd.nix +++ b/containers/vsftpd.nix @@ -11,7 +11,7 @@ forceLocalDataSSL = true; userlistDeny = false; localUsers = true; - userlist = ["claire" "manu"]; + userlist = ["claire" "manu" "lakeu" "fusil" "stryxion"]; rsaCertFile = "/var/vsftpd/vsftpd.pem"; extraConfig = '' pasv_min_port=64000 @@ -32,6 +32,24 @@ hashedPassword = "$6$YGNIdGEclo$JcUotBS6hqlpENjjUeYhDjtrwxu10oARF4Nq4tEo072Sumr3Rl/w3ZXSHI5/3RxfvUMmJ4ulUVctBLhwrqP.g0"; description = "Emmanuel ZENNER"; }; + + lakeu = { + isNormalUser = true; + hashedPassword = "$6$Y7Rohw3xMzCGp$DVTZVAQccBeM/iVUH1IOgkXUohWjTvujNuvekezWS3vdEm1BUxkYZqH2ECHj5DN.ZiGFjJHhBh7PpbE8GDxSz."; + description = "Lakeu"; + }; + + fusil = { + isNormalUser = true; + hashedPassword = "$6$HndxtEEO1w4$FC6rXf1h98tyt0Ay670iz1jbaNj8vKwH8BHYf3vsbSennA63r94x67I5KxmVOxOIEbIf55zIWFsM8GpyJ9K6Y/"; + description = "Fusil"; + }; + + stryxion = { + isNormalUser = true; + hashedPassword = "$6$KZKwBLI6yGuvFg2Q$VCfSnhAacgxlxybTyuCDyNQ2InM8ppG3aa3Bw176TiNAX8tHWUpKesfI9YfcCoGAi1zSzA7b6uC8BmmfrQwg1."; + description = "Stryxion"; + }; }; }; bindMounts = { From 78284f5e60c6176f289eb59f582671274e5ce240 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 31 Jul 2019 13:52:19 +0200 Subject: [PATCH 056/474] haproxy: supression espaces inutiles --- services/haproxy-acme.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/services/haproxy-acme.nix b/services/haproxy-acme.nix index 312ad438..48df6987 100644 --- a/services/haproxy-acme.nix +++ b/services/haproxy-acme.nix @@ -36,13 +36,11 @@ let http-response set-header Strict-Transport-Security max-age=15768000 use_backend letsencrypt-backend if letsencrypt-acl use_backend haproxy_stats if haproxy-acl - ${concatStrings ( mapAttrsToList (name: value: " acl ${name}-acl hdr(host) -i ${name}\n" + " use_backend ${name}-backend if ${name}-acl\n" ) cfg.services)} - backend letsencrypt-backend mode http server letsencrypt 127.0.0.1:${toString nginx_port} @@ -52,7 +50,6 @@ let stats hide-version acl AuthOK_LOUTRE http_auth(LOUTRE) http-request auth realm LOUTRE if !AuthOK_LOUTRE - ${concatStrings ( mapAttrsToList (name: value: '' @@ -78,7 +75,6 @@ let ) else "")} '' ) cfg.services)} - ''; in { From 5aff716570217d16de7da754d9158d5ba6484f13 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 31 Jul 2019 13:52:47 +0200 Subject: [PATCH 057/474] =?UTF-8?q?mount:=20supression=20montage=20Emby=20?= =?UTF-8?q?inutilis=C3=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- systems/LoutreOS/hardware-configuration.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index a3834d98..436363e7 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -72,11 +72,6 @@ fsType = "zfs"; }; - fileSystems."/var/lib/emby/ProgramData-Server" = - { device = "loutrepool/var/emby"; - fsType = "zfs"; - }; - fileSystems."/var/lib/syncthing" = { device = "loutrepool/var/syncthing"; fsType = "zfs"; From e2cf877e6af8c12b3409aea2c6259e8b67fcc62c Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 31 Jul 2019 13:53:17 +0200 Subject: [PATCH 058/474] fix: mauvais appel alerte login mail --- systems/LoutreOS/services.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 914b5bce..6d5ae8d8 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -33,7 +33,7 @@ let login_mail_alert = pkgs.writeShellScriptBin "mail_alert.sh" '' if [ "$PAM_TYPE" != "close_session" ]; then - ${sendMail "paul@nyanlout.re" "SSH Login: $PAM_USER from $PAM_RHOST" "`env`"} + ${sendMail "paul@nyanlout.re" "SSH Login: $PAM_USER from $PAM_RHOST" "`env`"}/bin/mail.sh fi ''; From a189abf9120b3edda89755c7bc9bcd800887db8f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 31 Jul 2019 13:53:35 +0200 Subject: [PATCH 059/474] installation gitAndTools.hub --- systems/common.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/common.nix b/systems/common.nix index 6fbe1b1d..b3e181b6 100644 --- a/systems/common.nix +++ b/systems/common.nix @@ -16,6 +16,7 @@ # Gestionnaires de version gitFull tig + gitAndTools.hub # Gestion de paquets nix-prefetch-scripts From bb257b08cb010f1201822e0c351c534842344fbf Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 20 Aug 2019 15:56:02 +0200 Subject: [PATCH 060/474] Update 'services/haproxy-acme.nix' --- services/haproxy-acme.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/services/haproxy-acme.nix b/services/haproxy-acme.nix index 48df6987..fe72ce60 100644 --- a/services/haproxy-acme.nix +++ b/services/haproxy-acme.nix @@ -13,9 +13,11 @@ let log /dev/log local1 notice user haproxy group haproxy - ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256 + ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 + ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets - ssl-default-server-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256 + ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 + ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets defaults option forwardfor From 67a6b2bfa7acd95bcb9a23475f3d217ca9497d5a Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 21 Sep 2019 21:57:55 +0200 Subject: [PATCH 061/474] zsh: spaceship -> starship --- systems/common.nix | 58 +++++++++++++++++++++++++++------------------- 1 file changed, 34 insertions(+), 24 deletions(-) diff --git a/systems/common.nix b/systems/common.nix index b3e181b6..073caa61 100644 --- a/systems/common.nix +++ b/systems/common.nix @@ -43,6 +43,7 @@ ncdu youtube-dl tldr + starship # Audio beets @@ -55,36 +56,45 @@ openssl ]; - programs.tmux = { - enable = true; - clock24 = true; - }; - users.defaultUserShell = pkgs.zsh; - programs.zsh = { - enable = true; - autosuggestions.enable = true; - enableCompletion = true; - syntaxHighlighting.enable = true; - interactiveShellInit = '' - source "$(${pkgs.fzf}/bin/fzf-share)/key-bindings.zsh" - ''; - ohMyZsh = { + programs = { + tmux = { enable = true; - plugins = [ "git" "colored-man-pages" "command-not-found" "extract" "nix" ]; - customPkgs = with pkgs;[ - spaceship-prompt - nix-zsh-completions - ]; - theme = "spaceship"; + clock24 = true; }; + + zsh = { + enable = true; + autosuggestions.enable = true; + enableCompletion = true; + syntaxHighlighting.enable = true; + interactiveShellInit = '' + source "$(${pkgs.fzf}/bin/fzf-share)/key-bindings.zsh" + eval "$(starship init zsh)" + ''; + ohMyZsh = { + enable = true; + plugins = [ "git" "colored-man-pages" "command-not-found" "extract" "nix" ]; + customPkgs = with pkgs;[ + nix-zsh-completions + ]; + }; + }; + + bash.interactiveShellInit = '' + eval "$(starship init bash)" + ''; }; - environment.variables = { + environment.variables = let + starshipConfToml = + pkgs.writeText "starship.toml" '' + [[battery.display]] + threshold = 50 + ''; + in { EDITOR = "nvim"; - SPACESHIP_TIME_SHOW = "true"; - SPACESHIP_BATTERY_THRESHOLD = "50"; - SPACESHIP_EXIT_CODE_SHOW = "true"; + STARSHIP_CONFIG = "${starshipConfToml}"; }; nix.gc.automatic = true; From 1895a5312cf396295f4dbb7fbc41121da010cc4e Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 4 Oct 2019 21:17:13 +0200 Subject: [PATCH 062/474] =?UTF-8?q?G46VW:=20coordon=C3=A9es=20d=C3=A9pr?= =?UTF-8?q?=C3=A9ci=C3=A9s=20dans=20module=20redshift?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- systems/ASUS-G46VW/configuration.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/systems/ASUS-G46VW/configuration.nix b/systems/ASUS-G46VW/configuration.nix index 320c9661..9823500d 100644 --- a/systems/ASUS-G46VW/configuration.nix +++ b/systems/ASUS-G46VW/configuration.nix @@ -214,11 +214,12 @@ services.redshift = { enable = true; - latitude = "48.573406"; - longitude = "7.752111"; temperature.night = 2700; }; + location.latitude = "48.573406"; + location.longitude = "7.752111"; + # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database # servers. You should change this only after NixOS release notes say you From c127ccfc264ab62326174a280c8a9d5586694ce5 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 4 Oct 2019 21:18:43 +0200 Subject: [PATCH 063/474] =?UTF-8?q?G46VW:=20coordon=C3=A9es=20string=20->?= =?UTF-8?q?=20float?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- systems/ASUS-G46VW/configuration.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systems/ASUS-G46VW/configuration.nix b/systems/ASUS-G46VW/configuration.nix index 9823500d..c6ac12a9 100644 --- a/systems/ASUS-G46VW/configuration.nix +++ b/systems/ASUS-G46VW/configuration.nix @@ -217,8 +217,8 @@ temperature.night = 2700; }; - location.latitude = "48.573406"; - location.longitude = "7.752111"; + location.latitude = 48.573406; + location.longitude = 7.752111; # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database From 6e89404a876f0bdd4f8798b015e67df56bf00596 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 4 Oct 2019 22:01:49 +0200 Subject: [PATCH 064/474] =?UTF-8?q?regroupements=20param=C3=A8tres=20GUI?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- systems/ASUS-G46VW/configuration.nix | 160 +----------------- systems/ASUS-G46VW/hardware-configuration.nix | 7 + systems/LoutreOS/configuration.nix | 2 +- systems/PC-Fixe/configuration.nix | 121 +------------ systems/PC-Fixe/hardware-configuration.nix | 2 + systems/{common.nix => common-cli.nix} | 1 + systems/common-gui.nix | 124 ++++++++++++++ 7 files changed, 141 insertions(+), 276 deletions(-) rename systems/{common.nix => common-cli.nix} (99%) create mode 100644 systems/common-gui.nix diff --git a/systems/ASUS-G46VW/configuration.nix b/systems/ASUS-G46VW/configuration.nix index c6ac12a9..3f30d967 100644 --- a/systems/ASUS-G46VW/configuration.nix +++ b/systems/ASUS-G46VW/configuration.nix @@ -7,15 +7,11 @@ { imports = [ - ../common.nix + ../common-cli.nix + ../common-gui.nix ./hardware-configuration.nix ]; - nixpkgs.overlays = [ - (import ../../overlays/ledger-udev-rules.nix) - ]; - - # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.tmpOnTmpfs = true; @@ -29,130 +25,11 @@ ENERGY_PERF_POLICY_ON_BAT=powersave ''; - # NVIDIA - services.xserver.videoDrivers = [ "nvidia" ]; - hardware.nvidia.optimus_prime.enable = true; - hardware.nvidia.modesetting.enable = true; - hardware.nvidia.optimus_prime.nvidiaBusId = "PCI:1:0:0"; - hardware.nvidia.optimus_prime.intelBusId = "PCI:0:2:0"; - - # For Steam - hardware.opengl.driSupport32Bit = true; - hardware.pulseaudio.support32Bit = true; - hardware.steam-hardware.enable = true; - - hardware.u2f.enable = true; - - services.udev.packages = with pkgs; [ - ledger-udev-rules - ]; - - networking.hostName = "rog-paul"; # Define your hostname. - networking.networkmanager.enable = true; # Enables wireless support via wpa_supplicant. - - # Select internationalisation properties. - i18n = { - # consoleFont = "Lat2-Terminus16"; - consoleKeyMap = "fr"; - defaultLocale = "fr_FR.UTF-8"; - }; - - # List packages installed in system profile. To search by name, run: - # $ nix-env -qaP | grep wget - nixpkgs.config.allowUnfree = true; - environment.systemPackages = with pkgs; [ - filezilla - wineWowPackages.unstable - (winetricks.override { - wine = wineWowPackages.unstable; - }) - qbittorrent - transmission-remote-gtk - appimage-run - bat - - gopass - xclip - - electrum - electron-cash - - firefox - torbrowser - chromium - qutebrowser - - tdesktop - mumble - - kleopatra - gnupg - - kdeplasma-addons - ark - kate - kmail - kdeconnect - okular - yakuake - konversation - gwenview - kcalc - spectacle - kile - (texlive.combine { - inherit (texlive) scheme-small titling collection-langfrench cm-super; - }) - imagemagick - - gnome-breeze - arc-theme - materia-theme - - libreoffice - gimp - vlc - kodiPlain - mpv - - steam - sc-controller - steam-run - minecraft - - glxinfo - i7z - obs-studio - ]; + networking.hostName = "rog-paul"; programs.wireshark.enable = true; programs.wireshark.package = pkgs.wireshark; - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.bash.enableCompletion = true; - # programs.mtr.enable = true; - programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; - programs.browserpass.enable = true; - services.pcscd.enable = true; - services.pcscd.plugins = [ - (pkgs.ccid.overrideAttrs (oldAttrs: rec { - preBuild = '' - echo "0x2C97:0x0001:Ledger Token" >> ./readers/supported_readers.txt - ''; - }) - ) - ]; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - # services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ 8000 ]; - # networking.firewall.allowedUDPPorts = [ ]; - # Or disable the firewall altogether. networking.firewall.enable = false; networking.wireguard.interfaces = { @@ -170,28 +47,12 @@ }; }; - # Enable CUPS to print documents. services.printing.enable = true; services.printing.drivers = [ pkgs.hplip ]; - # Enable sound. - sound.enable = true; - hardware.pulseaudio.enable = true; - - # Enable the X11 windowing system. - services.xserver.enable = true; - services.xserver.layout = "fr"; - # services.xserver.xkbOptions = "eurosign:e"; - - # Enable touchpad support. services.xserver.libinput.enable = true; services.xserver.libinput.naturalScrolling = true; - # Enable the KDE Desktop Environment. - services.xserver.displayManager.sddm.enable = true; - services.xserver.desktopManager.plasma5.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. users.extraUsers.paul = { isNormalUser = true; uid = 1000; @@ -202,16 +63,6 @@ services.syncthing.user = "paul"; services.syncthing.group = "users"; - # Set limits for esync (SteamPlay Proton) - systemd.extraConfig = "DefaultLimitNOFILE=1048576"; - - security.pam.loginLimits = [{ - domain = "*"; - type = "hard"; - item = "nofile"; - value = "1048576"; - }]; - services.redshift = { enable = true; temperature.night = 2700; @@ -220,10 +71,5 @@ location.latitude = 48.573406; location.longitude = 7.752111; - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. system.stateVersion = "18.03"; # Did you read the comment? - } diff --git a/systems/ASUS-G46VW/hardware-configuration.nix b/systems/ASUS-G46VW/hardware-configuration.nix index 4394c6b2..19c994e5 100644 --- a/systems/ASUS-G46VW/hardware-configuration.nix +++ b/systems/ASUS-G46VW/hardware-configuration.nix @@ -12,6 +12,13 @@ boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; + # NVIDIA + services.xserver.videoDrivers = [ "nvidia" ]; + hardware.nvidia.optimus_prime.enable = true; + hardware.nvidia.modesetting.enable = true; + hardware.nvidia.optimus_prime.nvidiaBusId = "PCI:1:0:0"; + hardware.nvidia.optimus_prime.intelBusId = "PCI:0:2:0"; + fileSystems."/" = { device = "/dev/disk/by-uuid/7bd3a09b-b188-4ce7-bdcc-d5c5087edc86"; fsType = "ext4"; diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 2aeb3752..44839c5f 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -10,7 +10,7 @@ let in { imports = [ - ../common.nix + ../common-cli.nix ./hardware-configuration.nix ./users.nix ./services.nix diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 0414784d..6e5d035d 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -8,34 +8,18 @@ imports = [ ./hardware-configuration.nix - ../common.nix + ../common-cli.nix + ../common-gui.nix ]; - nixpkgs.overlays = [ - (import ../../overlays/ledger-udev-rules.nix) - ]; - - # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - # boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelParams = ["acpi_enforce_resources=lax"]; boot.tmpOnTmpfs = true; - # NVIDIA - services.xserver.videoDrivers = [ "nvidia" ]; - - # For Steam - hardware.opengl.driSupport32Bit = true; - hardware.pulseaudio.support32Bit = true; - hardware.steam-hardware.enable = true; - - hardware.u2f.enable = true; - hardware.bluetooth.enable = true; services.udev.packages = with pkgs; [ - ledger-udev-rules usb-modeswitch-data # Logitech G920 ]; @@ -44,111 +28,17 @@ SUBSYSTEM=="usb", ATTR{bInterfaceNumber}=="00", ATTRS{idVendor}=="1b1c", ATTRS{idProduct}=="1b09", RUN+="${pkgs.bash}/bin/sh -c '${pkgs.coreutils}/bin/echo -n %k > /sys''${DEVPATH}/driver/unbind'" ''; - networking.hostName = "paul-fixe"; # Define your hostname. - networking.networkmanager.enable = true; # Enables wireless support via wpa_supplicant. + networking.hostName = "paul-fixe"; - # Select internationalisation properties. - i18n = { - consoleKeyMap = "fr"; - defaultLocale = "fr_FR.UTF-8"; - }; - - # List packages installed in system profile. To search by name, run: - # $ nix-env -qaP | grep wget - nixpkgs.config.allowUnfree = true; environment.systemPackages = with pkgs; [ - filezilla - wineWowPackages.staging - winetricks - qbittorrent - transmission-remote-gtk - appimage-run - bat usb_modeswitch - - gopass - xclip - - electrum - electron-cash - - firefox - chromium - torbrowser - - tdesktop - mumble - - kleopatra - gnupg - - kdeplasma-addons - ark - kate - kmail - kdeconnect - okular - yakuake - konversation - gwenview - kcalc - spectacle - kile - (texlive.combine { - inherit (texlive) scheme-small titling collection-langfrench cm-super; - }) - imagemagick - - gnome-breeze - arc-theme - materia-theme - - libreoffice - gimp - vlc - kodiPlain - - steam - sc-controller - steam-run - minecraft - - glxinfo - i7z - lm_sensors - obs-studio ]; programs.wireshark.enable = true; programs.wireshark.package = pkgs.wireshark; - programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; - programs.browserpass.enable = true; - services.pcscd.enable = true; - services.pcscd.plugins = [ - (pkgs.ccid.overrideAttrs (oldAttrs: rec { - preBuild = '' - echo "0x2C97:0x0001:Ledger Token" >> ./readers/supported_readers.txt - ''; - }) - ) - ]; - networking.firewall.enable = false; - # Enable sound. - sound.enable = true; - hardware.pulseaudio.enable = true; - - # Enable the X11 windowing system. - services.xserver.enable = true; - services.xserver.layout = "fr"; - - # Enable the KDE Desktop Environment. - services.xserver.displayManager.sddm.enable = true; - services.xserver.desktopManager.plasma5.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. users.users.paul = { isNormalUser = true; extraGroups = [ "wheel" "networkmanager" "wireshark" "input" ]; @@ -159,10 +49,5 @@ services.syncthing.user = "paul"; services.syncthing.group = "users"; - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. system.stateVersion = "18.09"; # Did you read the comment? - } diff --git a/systems/PC-Fixe/hardware-configuration.nix b/systems/PC-Fixe/hardware-configuration.nix index fcbbff7b..ebb4e0fe 100644 --- a/systems/PC-Fixe/hardware-configuration.nix +++ b/systems/PC-Fixe/hardware-configuration.nix @@ -12,6 +12,8 @@ boot.kernelModules = [ "kvm-intel" "nct6775" ]; boot.extraModulePackages = [ ]; + services.xserver.videoDrivers = [ "nvidia" ]; + hardware.cpu.intel.updateMicrocode = true; fileSystems."/" = diff --git a/systems/common.nix b/systems/common-cli.nix similarity index 99% rename from systems/common.nix rename to systems/common-cli.nix index 073caa61..1a69611b 100644 --- a/systems/common.nix +++ b/systems/common-cli.nix @@ -51,6 +51,7 @@ # Outils borgbackup binutils + bat # Développement openssl diff --git a/systems/common-gui.nix b/systems/common-gui.nix new file mode 100644 index 00000000..e65b56db --- /dev/null +++ b/systems/common-gui.nix @@ -0,0 +1,124 @@ +{ config, pkgs, ... }: + +{ + nixpkgs.overlays = [ + (import ../overlays/ledger-udev-rules.nix) + ]; + + nixpkgs.config.allowUnfree = true; + + environment.systemPackages = with pkgs; [ + filezilla + qbittorrent + transmission-remote-gtk + + wineWowPackages.staging + (winetricks.override { + wine = wineWowPackages.staging; + }) + steam + sc-controller + steam-run + minecraft + multimc + + electrum + electron-cash + + firefox + torbrowser + chromium + + tdesktop + mumble + + kleopatra + gnupg + gopass + xclip + + kdeplasma-addons + ark + kate + kmail + kdeconnect + okular + yakuake + konversation + gwenview + kcalc + spectacle + kile + (texlive.combine { + inherit (texlive) scheme-small titling collection-langfrench cm-super; + }) + + gnome-breeze + arc-theme + materia-theme + + libreoffice + + gimp + imagemagick + obs-studio + vlc + kodiPlain + mpv + + glxinfo + i7z + appimage-run + ]; + + i18n = { + consoleKeyMap = "fr"; + defaultLocale = "fr_FR.UTF-8"; + }; + + hardware = { + opengl.driSupport32Bit = true; + pulseaudio.support32Bit = true; + steam-hardware.enable = true; + u2f.enable = true; + pulseaudio.enable = true; + }; + + sound.enable = true; + + networking.networkmanager.enable = true; + + systemd.extraConfig = "DefaultLimitNOFILE=1048576"; + security.pam.loginLimits = [{ + domain = "*"; + type = "hard"; + item = "nofile"; + value = "1048576"; + }]; + + programs = { + gnupg.agent = { enable = true; enableSSHSupport = true; }; + browserpass.enable = true; + }; + + services = { + xserver = { + enable = true; + layout = "fr"; + displayManager.sddm.enable = true; + desktopManager.plasma5.enable = true; + }; + udev.packages = with pkgs; [ ledger-udev-rules ]; + pcscd = { + enable = true; + plugins = [ + (pkgs.ccid.overrideAttrs (oldAttrs: rec { + preBuild = '' + echo "0x2C97:0x0001:Ledger Token" >> ./readers/supported_readers.txt + ''; + }) + ) + ]; + }; + }; +} From 52fca0a527ee0cea46d10c6af47c24bc9f2a51c0 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 4 Oct 2019 22:20:56 +0200 Subject: [PATCH 065/474] installation ledger-live-desktop --- systems/common-gui.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/common-gui.nix b/systems/common-gui.nix index e65b56db..9724079b 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -24,6 +24,7 @@ electrum electron-cash + ledger-live-desktop firefox torbrowser From 1b16b40a791f4c41a5555a41ce43c14dd296868e Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 4 Oct 2019 22:30:36 +0200 Subject: [PATCH 066/474] ftp: ajout nico --- containers/vsftpd.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/containers/vsftpd.nix b/containers/vsftpd.nix index a21d8eee..409ab6f0 100644 --- a/containers/vsftpd.nix +++ b/containers/vsftpd.nix @@ -11,7 +11,7 @@ forceLocalDataSSL = true; userlistDeny = false; localUsers = true; - userlist = ["claire" "manu" "lakeu" "fusil" "stryxion"]; + userlist = ["claire" "manu" "lakeu" "fusil" "stryxion" "nico"]; rsaCertFile = "/var/vsftpd/vsftpd.pem"; extraConfig = '' pasv_min_port=64000 @@ -50,6 +50,12 @@ hashedPassword = "$6$KZKwBLI6yGuvFg2Q$VCfSnhAacgxlxybTyuCDyNQ2InM8ppG3aa3Bw176TiNAX8tHWUpKesfI9YfcCoGAi1zSzA7b6uC8BmmfrQwg1."; description = "Stryxion"; }; + + nico = { + isNormalUser = true; + hashedPassword = "$6$.sMznhhJ0fG2qx$XevsEqsjlLAnu/VMgeA6B5YfWY36dUZXtUGiEgPueHzRcfAEi2UXLWRHqcN6AsW1AozepeAP6/lZW3fDAyULA1"; + description = "MAGENI"; + }; }; }; bindMounts = { From 4ee31add541701a09b77563b5ab6e61a15ee93de Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 4 Oct 2019 22:31:43 +0200 Subject: [PATCH 067/474] ajout serveur Minecraft --- systems/LoutreOS/configuration.nix | 2 +- systems/LoutreOS/services.nix | 24 ++++++++++++++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 44839c5f..152ee1c1 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -33,7 +33,7 @@ in ]; nixpkgs.config.allowUnfree = false; - nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.28.1-slimserver" ]); + nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.28.1-slimserver" "minecraft-server" ]); services.zfs = { autoSnapshot.enable = true; diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 6d5ae8d8..79666577 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -419,6 +419,30 @@ in enable = true; maxMemory = 500; }; + + minecraft-server = { + enable = true; + jvmOpts = "-Xms512m -Xmx3072m"; + eula = true; + declarative = true; + openFirewall = true; + whitelist = { + nyanloutre = "db0669ea-e332-4ca3-8d50-f5d1458f5822"; + Hautension = "f05677f4-be5a-47df-ad77-21c739180aa2"; + LordDarkKiwi = "79290cfc-0b00-484f-9c94-ab0786402de6"; + Madahin = "f5f747e3-fac2-43e8-9b9b-a67dc2f368ff"; + Hopegcx = "4497f759-2210-48db-8764-307d33011442"; + wyrd68 = "127a3021-cdc1-419f-9010-4651df9ae3af"; + sparsyateloutre = "d2ff63c1-4e9f-4b21-9bfc-decce5d987b3"; + }; + serverProperties = { + difficulty = 2; + gamemode = 0; + max-players = 50; + motd = "Hi Mark !"; + white-list = true; + }; + }; }; systemd.services.dogetipbot-telegram = { From f621cb3a21718c9eea26b59a401d0f18ed145a82 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 4 Oct 2019 22:32:59 +0200 Subject: [PATCH 068/474] ajout bot mautrix-telegram --- systems/LoutreOS/services.nix | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 79666577..bf09956e 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -307,6 +307,30 @@ in disable_existing_loggers: False ''; + app_service_config_files = [ + "/var/lib/matrix-synapse/mautrix-telegram-registration.yaml" + ]; + }; + + mautrix-telegram = { + enable = true; + settings = { + homeserver = { + address = "https://matrix.nyanlout.re"; + domain = "nyanlout.re"; + }; + appservice = { + bot_username = "loutrebot"; + }; + bridge = { + relaybot.authless_portals = false; + permissions = { + "@nyanloutre:nyanlout.re" = "admin"; + }; + }; + }; + environmentFile = "/mnt/secrets/mautrix-telegram.env"; + serviceDependencies = [ "matrix-synapse.service" ]; }; pgmanage = { From a06a8bebab237eb65acd5ffd40bdc5fae5ea0076 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 4 Oct 2019 22:34:13 +0200 Subject: [PATCH 069/474] wireguard: config serveur pour NAT --- systems/LoutreOS/services.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index bf09956e..8951e9d0 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -502,16 +502,19 @@ in ips = [ "192.168.20.1/24" ]; privateKeyFile = "/mnt/secrets/wireguard/wg0.privatekey"; listenPort = 51820; - allowedIPsAsRoutes = false; + allowedIPsAsRoutes = true; peers = [ { - allowedIPs = [ "0.0.0.0/0" ]; + allowedIPs = [ "192.168.20.2/32" ]; publicKey = "b/SXiqo+GPdNOc54lyEVeUBc6B5AbVMKh+g5EZPGzlE="; } ]; }; }; + nat.internalInterfaces = [ "wg0" ]; + nat.internalIPs = [ "192.168.20.0/24" ]; + firewall.allowedTCPPorts = [ 51413 # Transmission 8448 # Matrix federation From 9d252f374cb42792bc8726528e7dc4c2220e61f0 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 4 Oct 2019 22:38:36 +0200 Subject: [PATCH 070/474] =?UTF-8?q?mise=20=C3=A0=20jour=20LoutreOS?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- systems/LoutreOS/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 152ee1c1..bc6be765 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -5,7 +5,7 @@ { config, pkgs, ... }: let - gitRev = "91cb80e4397d55b19b0beba3fa3846f1a02d0342"; + gitRev = "4c45e960e797d660358a11723e736afee3998261"; nixpkgs = fetchTarball "https://github.com/nyanloutre/nixpkgs/archive/${gitRev}.tar.gz"; in { From d03e849f26b5b5f78f441d9cdf4be0accdc933ab Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 6 Oct 2019 18:01:20 +0200 Subject: [PATCH 071/474] installation molly-guard --- systems/common-cli.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/common-cli.nix b/systems/common-cli.nix index 1a69611b..fb3d9439 100644 --- a/systems/common-cli.nix +++ b/systems/common-cli.nix @@ -52,6 +52,7 @@ borgbackup binutils bat + molly-guard # Développement openssl From 8b5d860942cf495ef4b3880ad9c7c4ac2fabe699 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 6 Oct 2019 18:25:00 +0200 Subject: [PATCH 072/474] PC-Fixe: maj config --- systems/PC-Fixe/codemasters.pem | 23 ++++++++++++++++ systems/PC-Fixe/configuration.nix | 31 ++++++++++++++++++++-- systems/PC-Fixe/hardware-configuration.nix | 16 +++++++---- systems/common-gui.nix | 4 +++ 4 files changed, 67 insertions(+), 7 deletions(-) create mode 100644 systems/PC-Fixe/codemasters.pem diff --git a/systems/PC-Fixe/codemasters.pem b/systems/PC-Fixe/codemasters.pem new file mode 100644 index 00000000..856d0cac --- /dev/null +++ b/systems/PC-Fixe/codemasters.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID5zCCAs+gAwIBAgIJAIIfD20HgCPEMA0GCSqGSIb3DQEBBQUAMIGJMQswCQYD +VQQGEwJVSzEVMBMGA1UECAwMV2Fyd2lja3NoaXJlMSEwHwYDVQQKDBhDb2RlbWFz +dGVycyBTb2Z0d2FyZSBMdGQxGzAZBgNVBAsMEkNvZGVtYXN0ZXJzIE9ubGluZTEj +MCEGA1UEAwwaQ29kZW1hc3RlcnMgT25saW5lIFJvb3QgQ0EwHhcNMTAwOTIyMDgx +NjA4WhcNMzUwOTE2MDgxNjA4WjCBiTELMAkGA1UEBhMCVUsxFTATBgNVBAgMDFdh +cndpY2tzaGlyZTEhMB8GA1UECgwYQ29kZW1hc3RlcnMgU29mdHdhcmUgTHRkMRsw +GQYDVQQLDBJDb2RlbWFzdGVycyBPbmxpbmUxIzAhBgNVBAMMGkNvZGVtYXN0ZXJz +IE9ubGluZSBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +ncw3VeQt3N8ZJmNGiCa8UJ61qtBWxat2yx9bWfyf2o4VqQtn7Cc79esHkf5Zbjpc +zqMpxO/c0vZnHWgH1R0TWRDrSqKHuJxgbxT2JFoLAQQKm+uTUOclLvlC00IrINks +Y6KPYaQDkaLDAQWX42YGqb7CaKna8DwX6Ms4RHLEm5+L0L5GgRk9RfPlphVYCA9r +tjJIQluYMc0Ny4tzJ6IuCnDjgRfmehWSpBV+UAx8FHFxmOUgone6dhA0pTLtR/lu +P/S2aISWgQZJ0GWWfQ/mjVpccnWKtZUK0TCVoKTPpGaV4kTDHYq9ylpuNItTww9E +rXR0/9gWOZHQ49QXd2rnrQIDAQABo1AwTjAdBgNVHQ4EFgQU9vW1MrzNfAbZeTQJ +gHCzyQQlAZgwHwYDVR0jBBgwFoAU9vW1MrzNfAbZeTQJgHCzyQQlAZgwDAYDVR0T +BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAcOUnPyvrbAdzMSPN9PLnvh34I9jW +EwU81ks67EBNHaMdghiUhOFZ65vzQLoUYoqQcgzu+i0rAkLZrfviC1TUlv+mdlgK +ce6eD2VgpQOPrpOG6O/TfmyAhS5mOlA35NMsZqZTpIiTZnZLGHSSu/Shvnk7UDTs +lTp1yNj6etlY03ABieBsSIDu0UmhNfEY2HgjPaGGiAmcenw2d4U5Z2oCiJVDseeq +RdlVx/sg4UM8L24/ccqn5uV05cg5aUF5dAlAYLq2wXNgbkpePtmo+/tqdiE3pL+q +TRW14lealjJNmjUUTO/KHjKOpfPJNCHSGLk/h/UskEvcTUTqwDZATCl4jw== +-----END CERTIFICATE----- diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 6e5d035d..76a6531f 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -14,11 +14,15 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + boot.loader.systemd-boot.memtest86.enable = true; boot.kernelParams = ["acpi_enforce_resources=lax"]; boot.tmpOnTmpfs = true; hardware.bluetooth.enable = true; + # Logitech G920 + hardware.usbWwan.enable = true; + services.udev.packages = with pkgs; [ usb-modeswitch-data # Logitech G920 ]; @@ -26,12 +30,16 @@ # Corsair K70 services.udev.extraRules = '' SUBSYSTEM=="usb", ATTR{bInterfaceNumber}=="00", ATTRS{idVendor}=="1b1c", ATTRS{idProduct}=="1b09", RUN+="${pkgs.bash}/bin/sh -c '${pkgs.coreutils}/bin/echo -n %k > /sys''${DEVPATH}/driver/unbind'" + ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE="0664", GROUP="dialout" ''; + security.pki.certificateFiles = [ ./codemasters.pem ]; + networking.hostName = "paul-fixe"; environment.systemPackages = with pkgs; [ usb_modeswitch + virtmanager ]; programs.wireshark.enable = true; @@ -39,15 +47,34 @@ networking.firewall.enable = false; + services.xserver.displayManager.sddm.autoLogin = { + enable = true; + user = "paul"; + }; + users.users.paul = { isNormalUser = true; - extraGroups = [ "wheel" "networkmanager" "wireshark" "input" ]; + extraGroups = [ "wheel" "networkmanager" "wireshark" "input" "dialout" "libvirtd" ]; uid = 1000; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDstFRwMoTEip5IBSYE4dUj3miO0LsKrnUKQJmp7d5QYo3VhXk43jU6VUU0tVAegkzWLlQ3ohoFns+8bZyf7hj7roftrDfoC9bbbx4ihhWrZTlF0gzoH4t52yetFO5eC/tV2sm/zFoa+3IWLokOEFmAoknAVag1MmVLXTQ6WPoTPD4UsX/D3lyE4dbSKxHpMOIjqIdqSEgO0BeTdnHe5afvGXXO1VYTvPsGDHT9w8EHwQV9JXIPn7KVOp3qin7OwvFFrrB3QbiEVTJvGiH2hrfxcARTN/+TxGtf+aOFeuQykURG9Wz/aBK60EWE0wGrzuIymxtNdOR1NhmnNrUZ976Tb9WdR7FC+yM6+/kdfICy+sGQmmn8TLsGvcJTT/pl4Pa9uRAKjRJuLIEgYY6W/ms9lCRyf484yRkDlq+V0BPuN9Jy6Eb7x+tmZNkpEtkqso7wfXD8sf5BIwv2K69SVMpfTswydHGmDwHZ0zaDKGlyCiyJ1QGqUhCTXqtYVq+kQ3AcjKcysMwVEmwx/ySu0XFuV8oUkl9XK/RUoc++sMEd0EbHcn8uwCmBARNX+GLQ03vxwyMW3HyneP8EAxoqtSepZXbTdVP/0i+l7EUUeA7zsaWfU2a82ktZWpVPFGfxkuo0l3zLF19EsXPKZNqlRfkOWjSgp+qWihAkQIQk3GoduQ== openpgp:0x75EE3375" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3fEmkmrhccW8NegIk/Ubu6Yw80VCQ1ttG419e+1V1wkJPXFAqcIhffwrIlz81dJ47T+H+zeptpAX8U1Gbk1B5ZH4DW8OcqU6ymM+j6g/gICpvrjJUOpdgyA3GIOjuBJGijGQGggDw1k2SdopAVV1H38YUAJ33RGDvjLJO6VREYLDYLF4oaDp8ann7Wn8BpX2T7cRvhrzqcwbEGaw1f/xrLE5KklOb6pOHRWFJMxW83d8OKiLkQvM4vFGlvvG0/AKGZaZWHDXS7ldoyAv+vnN8DrIxmWEQjdNLfAwYDBHp6XqE0slde4dqBjVHji5+ajFr7eJnrzc4IXsHJ1jM9xGB paul@loutreos" + ]; }; services.syncthing.enable = true; services.syncthing.user = "paul"; services.syncthing.group = "users"; - system.stateVersion = "18.09"; # Did you read the comment? + services.netdata.enable = true; + + services.tor.enable = true; + services.tor.client.enable = true; + + virtualisation.libvirtd.enable = true; + + services.openssh.enable = true; + services.openssh.passwordAuthentication = false; + + system.stateVersion = "18.09"; } diff --git a/systems/PC-Fixe/hardware-configuration.nix b/systems/PC-Fixe/hardware-configuration.nix index ebb4e0fe..724c6def 100644 --- a/systems/PC-Fixe/hardware-configuration.nix +++ b/systems/PC-Fixe/hardware-configuration.nix @@ -36,28 +36,34 @@ options = [ "bind" ]; }; - fileSystems."/home/paul/Downloads" = + fileSystems."/home/paul/Téléchargements" = { device = "/mnt/hdd/paul/Téléchargements"; options = [ "bind" ]; }; - fileSystems."/home/paul/Music" = + fileSystems."/home/paul/Musique" = { device = "/mnt/hdd/paul/Musique"; options = [ "bind" ]; }; - fileSystems."/home/paul/Pictures" = + fileSystems."/home/paul/Images" = { device = "/mnt/hdd/paul/Images"; options = [ "bind" ]; }; - fileSystems."/home/paul/Videos" = + fileSystems."/home/paul/Vidéos" = { device = "/mnt/hdd/paul/Vidéos"; options = [ "bind" ]; }; fileSystems."/mnt/steam" = - { device = "192.168.0.5:/exports/steam"; + { device = "10.30.0.1:/exports/steam"; + fsType = "nfs"; + options = ["x-systemd.automount" "noauto"]; + }; + + fileSystems."/mnt/medias" = + { device = "10.30.0.1:/mnt/medias"; fsType = "nfs"; options = ["x-systemd.automount" "noauto"]; }; diff --git a/systems/common-gui.nix b/systems/common-gui.nix index 9724079b..3ef475a1 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -22,6 +22,8 @@ minecraft multimc + betaflight-configurator + electrum electron-cash ledger-live-desktop @@ -31,7 +33,9 @@ chromium tdesktop + riot-desktop mumble + discord kleopatra gnupg From ac2ee4b50c0da6a5aa685a1df24ea724206cc184 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 10 Oct 2019 23:50:17 +0200 Subject: [PATCH 073/474] service wkd PGP --- systems/LoutreOS/services.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 8951e9d0..1ef512f2 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -11,6 +11,7 @@ let musique_port = 52349; factorio_port = 52351; airsonic_port = 4040; + wkd_port = 52352; jellyfin_backend = '' http-request set-header X-Forwarded-Port %[dst_port] @@ -91,6 +92,7 @@ in "ci.${domaine}" = { ip = "127.0.0.1"; port = 52350; auth = false; }; "factorio.${domaine}" = { ip = "127.0.0.1"; port = factorio_port; auth = false; }; "airsonic.${domaine}" = { ip = "127.0.0.1"; port = airsonic_port; auth = false; }; + "${domaine}" = { ip = "127.0.0.1"; port = wkd_port; auth = false; }; }; }; @@ -242,6 +244,15 @@ in listen = [ { addr = "127.0.0.1"; port = factorio_port; } ]; locations = { "/" = { root = "/var/www/factorio"; }; }; }; + "wkd" = { + listen = [ { addr = "127.0.0.1"; port = wkd_port; } ]; + locations = { "/.well-known/openpgpkey/" = { + alias = "/var/lib/gnupg/wks/nyanlout.re"; + extraConfig = '' + add_header Access-Control-Allow-Origin * always; + ''; + }; }; + }; }; }; From e028e0b545ff2bfd9b1bff73d5152aff4e8059f5 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 4 Oct 2019 22:31:43 +0200 Subject: [PATCH 074/474] ajout serveur Minecraft --- systems/LoutreOS/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index bc6be765..51cee57d 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -33,7 +33,7 @@ in ]; nixpkgs.config.allowUnfree = false; - nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.28.1-slimserver" "minecraft-server" ]); + nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.30.0-slimserver" "minecraft-server" ]); services.zfs = { autoSnapshot.enable = true; From b8b055d492efc9cfb12c96d698e63e9ef5cd5d8c Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 4 Oct 2019 22:36:31 +0200 Subject: [PATCH 075/474] changements pour 19.09 --- services/haproxy-acme.nix | 3 +-- services/mail-server.nix | 2 +- services/site-musique.nix | 35 +++++++++++++++--------------- systems/LoutreOS/configuration.nix | 2 +- 4 files changed, 21 insertions(+), 21 deletions(-) diff --git a/services/haproxy-acme.nix b/services/haproxy-acme.nix index fe72ce60..4309e958 100644 --- a/services/haproxy-acme.nix +++ b/services/haproxy-acme.nix @@ -84,7 +84,7 @@ in enable = mkEnableOption "HAproxy + ACME"; domaine = mkOption { - type = types.string; + type = types.str; example = "example.com"; description = '' Sous domaine à utiliser @@ -140,7 +140,6 @@ in ''; }; }; - security.acme.directory = "/var/lib/acme"; users.groups.acme.members = [ "haproxy" ]; diff --git a/services/mail-server.nix b/services/mail-server.nix index b1048206..15a52885 100644 --- a/services/mail-server.nix +++ b/services/mail-server.nix @@ -9,7 +9,7 @@ in options.services.mailserver = { enable = mkEnableOption "Mail Server"; domaine = mkOption { - type = types.string; + type = types.str; example = "example.com"; description = "Nom de domaine du serveur de mails"; }; diff --git a/services/site-musique.nix b/services/site-musique.nix index 62cee74a..ff4fde4c 100644 --- a/services/site-musique.nix +++ b/services/site-musique.nix @@ -37,7 +37,7 @@ in extraConfig = '' location ~* \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass unix:/run/phpfpm/musique; + fastcgi_pass unix:${config.services.phpfpm.pools.musique.socket}; include ${pkgs.nginx}/conf/fastcgi_params; include ${pkgs.nginx}/conf/fastcgi.conf; } @@ -46,21 +46,22 @@ in }; }; - services.phpfpm.poolConfigs.musique = '' - listen = /run/phpfpm/musique - listen.owner = nginx - listen.group = nginx - listen.mode = 0660 - user = nginx - pm = dynamic - pm.max_children = 75 - pm.start_servers = 2 - pm.min_spare_servers = 1 - pm.max_spare_servers = 20 - pm.max_requests = 500 - php_admin_value[error_log] = 'stderr' - php_admin_flag[log_errors] = on - catch_workers_output = yes - ''; + services.phpfpm.pools.musique = { + user = "nginx"; + settings = { + "listen.owner" = "nginx"; + "listen.group" = "nginx"; + "listen.mode" = "0660"; + "pm" = "dynamic"; + "pm.max_children" = 75; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 1; + "pm.max_spare_servers" = 20; + "pm.max_requests" = 500; + "php_admin_value[error_log]" = "stderr"; + "php_admin_flag[log_errors]" = "on"; + "catch_workers_output" = "yes"; + }; + }; }; } diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 51cee57d..3cb1df7d 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -33,7 +33,7 @@ in ]; nixpkgs.config.allowUnfree = false; - nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.30.0-slimserver" "minecraft-server" ]); + nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem (builtins.parseDrvName pkg.pname).name [ "factorio-headless" "perl5.30.0-slimserver" "minecraft-server" ]); services.zfs = { autoSnapshot.enable = true; From e10c46d37ed8345120be10e354f57e3f7f81c4d3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 11 Oct 2019 00:24:15 +0200 Subject: [PATCH 076/474] gitea: fix database password file --- systems/LoutreOS/services.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 1ef512f2..1a36b6e3 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -412,7 +412,7 @@ in database = { type = "postgres"; port = 5432; - passwordFile = "/mnt/secrets/gitea_database_passwordFile"; + passwordFile = "/var/lib/gitea/custom/conf/database_password"; }; log.level = "Warn"; extraConfig = '' From f5c093493324ada46e38f538fe14980fc07ae8cb Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 15 Oct 2019 21:38:23 +0200 Subject: [PATCH 077/474] PC-Fixe: migration ZFS miroir --- systems/PC-Fixe/configuration.nix | 11 ++++++++--- systems/PC-Fixe/hardware-configuration.nix | 14 ++++++++++---- 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 76a6531f..3b15ac17 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -12,11 +12,15 @@ ../common-gui.nix ]; - boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - boot.loader.systemd-boot.memtest86.enable = true; + boot.loader.grub = { + efiSupport = true; + device = "nodev"; + zfsSupport = true; + }; boot.kernelParams = ["acpi_enforce_resources=lax"]; boot.tmpOnTmpfs = true; + boot.supportedFilesystems = [ "zfs" ]; hardware.bluetooth.enable = true; @@ -36,6 +40,7 @@ security.pki.certificateFiles = [ ./codemasters.pem ]; networking.hostName = "paul-fixe"; + networking.hostId = "3a1f739e"; environment.systemPackages = with pkgs; [ usb_modeswitch @@ -76,5 +81,5 @@ services.openssh.enable = true; services.openssh.passwordAuthentication = false; - system.stateVersion = "18.09"; + system.stateVersion = "20.03"; } diff --git a/systems/PC-Fixe/hardware-configuration.nix b/systems/PC-Fixe/hardware-configuration.nix index 724c6def..4c1ba898 100644 --- a/systems/PC-Fixe/hardware-configuration.nix +++ b/systems/PC-Fixe/hardware-configuration.nix @@ -8,7 +8,8 @@ [ ]; - boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "firewire_ohci" "pata_marvell" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ]; + boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "nvme" "firewire_ohci" "pata_marvell" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.kernelModules = [ "kvm-intel" "nct6775" ]; boot.extraModulePackages = [ ]; @@ -17,12 +18,17 @@ hardware.cpu.intel.updateMicrocode = true; fileSystems."/" = - { device = "/dev/disk/by-uuid/509a5842-56fe-40bd-8b00-6bda87e02e5e"; - fsType = "ext4"; + { device = "rpool/root/nixos"; + fsType = "zfs"; + }; + + fileSystems."/home" = + { device = "rpool/home"; + fsType = "zfs"; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/A225-07A5"; + { device = "/dev/disk/by-uuid/F4EC-57DF"; fsType = "vfat"; }; From c1b4370bace27c77a9dd5210aea6eff0af7c7105 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 22 Oct 2019 00:33:29 +0200 Subject: [PATCH 078/474] auto-pr: nixos-19.09 --- services/auto-pr.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/auto-pr.nix b/services/auto-pr.nix index 228f7a9f..6e808851 100644 --- a/services/auto-pr.nix +++ b/services/auto-pr.nix @@ -27,7 +27,7 @@ in ignoreCollisions = true; }; in "${pkgs.writeShellScriptBin "run.sh" '' - ${env}/bin/python ${pkgs.writeScript "pr-autobot.py" "${readFile ./pr-autobot.py}"} --private-key /var/lib/auto-pr-bot/private-key.pem --app-id 19565 --installation-id 407088 --repo nyanloutre/nixpkgs --cache-dir /var/cache/auto-pr-bot --version 19.03 + ${env}/bin/python ${pkgs.writeScript "pr-autobot.py" "${readFile ./pr-autobot.py}"} --private-key /var/lib/auto-pr-bot/private-key.pem --app-id 19565 --installation-id 407088 --repo nyanloutre/nixpkgs --cache-dir /var/cache/auto-pr-bot --version 19.09 ''}/bin/run.sh"; }; }; From ed36d650af236026f1fc30307166cf9dd2867703 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 22 Oct 2019 00:34:08 +0200 Subject: [PATCH 079/474] =?UTF-8?q?minecraft:=20serveur=20d=C3=A9port?= =?UTF-8?q?=C3=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- systems/LoutreOS/configuration.nix | 2 ++ systems/LoutreOS/hardware-configuration.nix | 5 +++++ systems/LoutreOS/services.nix | 3 ++- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 3cb1df7d..29aa22ba 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -83,6 +83,7 @@ in internalInterfaces = [ "eno2" ]; forwardPorts = [ { destination = "10.30.0.1:22"; proto = "tcp"; sourcePort = 8443;} + { destination = "10.30.135.35:25565"; proto = "tcp"; sourcePort = 25565; loopbackIPs=[ "195.36.180.44" ];} ]; }; @@ -109,6 +110,7 @@ in machines = [ { ethernetAddress = "50:c7:bf:b6:b8:ef"; hostName = "HS110"; ipAddress = "10.30.50.7"; } { ethernetAddress = "ac:1f:6b:4b:01:15"; hostName = "IPMI"; ipAddress = "10.30.1.1"; } + { ethernetAddress = "00:1f:c6:6e:d1:f1"; hostName = "minecraftos"; ipAddress = "10.30.135.35"; } ]; extraConfig = '' option domain-name-servers 89.234.141.66, 80.67.169.12, 80.67.169.40; diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index 436363e7..bc18a465 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -142,6 +142,11 @@ fsType = "zfs"; }; + fileSystems."/var/lib/minecraft" = + { device = "loutrepool/var/minecraft"; + fsType = "zfs"; + }; + swapDevices = [ { diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 1a36b6e3..158b7af4 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -211,6 +211,7 @@ in exports = '' /mnt/medias 10.30.0.0/16(ro,no_root_squash) /exports/steam 10.30.0.0/16(rw,async,no_root_squash) + /var/lib/minecraft 10.30.0.0/16(rw,no_root_squash) ''; statdPort = 4000; lockdPort = 4001; @@ -456,7 +457,7 @@ in }; minecraft-server = { - enable = true; + enable = false; jvmOpts = "-Xms512m -Xmx3072m"; eula = true; declarative = true; From 0d6653ed9bccf6e79321808db13bb0fdaeb667fd Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 22 Oct 2019 00:34:22 +0200 Subject: [PATCH 080/474] cli: installation quilt --- systems/common-cli.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/common-cli.nix b/systems/common-cli.nix index fb3d9439..9d8317b6 100644 --- a/systems/common-cli.nix +++ b/systems/common-cli.nix @@ -17,6 +17,7 @@ gitFull tig gitAndTools.hub + quilt # Gestion de paquets nix-prefetch-scripts From edb891e22454179bd9b18d6a3fd879c46b721ef0 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 1 Nov 2019 15:24:50 +0100 Subject: [PATCH 081/474] LoutreOS: refactor services --- systems/LoutreOS/medias.nix | 42 ++++++ systems/LoutreOS/monitoring.nix | 113 ++++++++++++++ systems/LoutreOS/services.nix | 256 +------------------------------- systems/LoutreOS/web.nix | 113 ++++++++++++++ 4 files changed, 275 insertions(+), 249 deletions(-) create mode 100644 systems/LoutreOS/medias.nix create mode 100644 systems/LoutreOS/monitoring.nix create mode 100644 systems/LoutreOS/web.nix diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix new file mode 100644 index 00000000..6b92d33a --- /dev/null +++ b/systems/LoutreOS/medias.nix @@ -0,0 +1,42 @@ +{ config, lib, pkgs, ... }: + +{ + services = { + transmission = { + enable = true; + home = "/var/lib/transmission"; + settings = { + rpc-bind-address = "127.0.0.1"; + rpc-host-whitelist = "*"; + rpc-whitelist-enabled = false; + peer-port = 51413; + }; + }; + + radarr.enable = true; + sonarr.enable = true; + jackett.enable = true; + + jellyfin.enable = true; + + slimserver = { + enable = true; + dataDir = "/var/lib/slimserver"; + }; + + airsonic = { + enable = true; + maxMemory = 500; + }; + }; + + networking = { + firewall.allowedTCPPorts = [ + config.services.transmission.settings.peer-port + ]; + + firewall.allowedUDPPorts = [ + config.services.transmission.settings.peer-port + ]; + }; +} diff --git a/systems/LoutreOS/monitoring.nix b/systems/LoutreOS/monitoring.nix new file mode 100644 index 00000000..4c5bcd2f --- /dev/null +++ b/systems/LoutreOS/monitoring.nix @@ -0,0 +1,113 @@ +{ config, lib, pkgs, ... }: + +let + domaine = "nyanlout.re"; +in +{ + services = { + smartd = { + enable = true; + defaults.monitored = "-a -o on -s (S/../.././02|L/../../1/04)"; + notifications.mail = { + enable = true; + recipient = "paul@nyanlout.re"; + }; + }; + + influxdb = { + enable = true; + dataDir = "/var/db/influxdb"; + }; + + telegraf = { + enable = true; + extraConfig = { + inputs = { + zfs = { poolMetrics = true; }; + net = { interfaces = [ "eno1" "eno2" "eno3" "eno4" ]; }; + netstat = {}; + cpu = { totalcpu = true; }; + kernel = {}; + mem = {}; + processes = {}; + system = {}; + disk = {}; + ipmi_sensor = { path = "${pkgs.ipmitool}/bin/ipmitool"; }; + smart = { + path = "${pkgs.writeShellScriptBin "smartctl" "/run/wrappers/bin/sudo ${pkgs.smartmontools}/bin/smartctl $@"}/bin/smartctl"; + }; + exec= [ + { commands = [ + "${pkgs.python}/bin/python ${ + pkgs.fetchgit { + url = "https://gitlab.com/nyanloutre/tplink-smartplug.git"; + rev = "a0996112fc451b76448589698de440ad5fd6ea79"; + sha256 = "1f1625g7rfsddgk428g76p8fr7vz5gfhq3f452q17bjni3rf2pj3"; + } + }/tplink_smartplug.py -t 10.30.50.7 -c energy" + ]; + data_format = "json"; + name_suffix = "_tplink-smartplug"; + } + { + commands = [ + "${pkgs.python3}/bin/python ${pkgs.writeText "zpool.py" '' + import json + from subprocess import check_output + + columns = ["NAME", "SIZE", "ALLOC", "FREE", "EXPANDSZ", "FRAG", "CAP", "DEDUP", "HEALTH", "ALTROOT"] + health = {'ONLINE':0, 'DEGRADED':11, 'OFFLINE':21, 'UNAVAIL':22, 'FAULTED':23, 'REMOVED':24} + + stdout = check_output(["${pkgs.zfs}/bin/zpool", "list", "-Hp"],encoding='UTF-8').split('\n') + parsed_stdout = list(map(lambda x: dict(zip(columns,x.split('\t'))), stdout))[:-1] + + for pool in parsed_stdout: + for item in pool: + if item in ["SIZE", "ALLOC", "FREE", "FRAG", "CAP"]: + pool[item] = int(pool[item]) + if item in ["DEDUP"]: + pool[item] = float(pool[item]) + if item == "HEALTH": + pool[item] = health[pool[item]] + + print(json.dumps(parsed_stdout)) + ''}" + ]; + tag_keys = [ "NAME" ]; + data_format = "json"; + name_suffix = "_python_zpool"; + } + ]; + }; + outputs = { + influxdb = { database = "telegraf"; urls = [ "http://localhost:8086" ]; }; + }; + }; + }; + + udev.extraRules = '' + KERNEL=="ipmi*", MODE="660", OWNER="telegraf" + ''; + + grafana = { + enable = true; + addr = "127.0.0.1"; + dataDir = "/var/lib/grafana"; + extraOptions = { + SERVER_ROOT_URL = "https://grafana.${domaine}"; + SMTP_ENABLED = "true"; + SMTP_FROM_ADDRESS = "grafana@${domaine}"; + SMTP_SKIP_VERIFY = "true"; + AUTH_DISABLE_LOGIN_FORM = "true"; + AUTH_DISABLE_SIGNOUT_MENU = "true"; + AUTH_ANONYMOUS_ENABLED = "true"; + AUTH_ANONYMOUS_ORG_ROLE = "Admin"; + AUTH_BASIC_ENABLED = "false"; + }; + }; + }; + + security.sudo.extraRules = [ + { commands = [ { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } ]; users = [ "telegraf" ]; } + ]; +} diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 158b7af4..df277e46 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -5,25 +5,6 @@ with lib; let domaine = "nyanlout.re"; - riot_port = 52345; - pgmanage_port = 52347; - max_port = 52348; - musique_port = 52349; - factorio_port = 52351; - airsonic_port = 4040; - wkd_port = 52352; - - jellyfin_backend = '' - http-request set-header X-Forwarded-Port %[dst_port] - http-request add-header X-Forwarded-Proto https if { ssl_fc } - ''; - sonarr_acl = '' - acl API path_beg /api - ''; - sonarr_auth = '' - !AUTH_OK !API - ''; - sendMail = to: subject: message: pkgs.writeShellScriptBin "mail.sh" '' ${pkgs.system-sendmail}/bin/sendmail ${to} < Date: Fri, 1 Nov 2019 15:37:42 +0100 Subject: [PATCH 082/474] LoutreOS: fonction nginxGetFirstLocalPort --- systems/LoutreOS/web.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index a7273b63..200d61dd 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -15,6 +15,8 @@ let sonarr_auth = '' !AUTH_OK !API ''; + + nginxGetFirstLocalPort = vh: (findFirst (x: x.addr == "127.0.0.1") (throw "No local port found") config.services.nginx.virtualHosts.${vh}.listen).port; in { services = { @@ -30,14 +32,14 @@ in "syncthing.${domaine}" = { ip = "127.0.0.1"; port = 8384; auth = true; }; "jackett.${domaine}" = { ip = "127.0.0.1"; port = 9117; auth = true; }; "searx.${domaine}" = { ip = "127.0.0.1"; port = 8888; auth = false; }; - "riot.${domaine}" = { ip = "127.0.0.1"; port = (findFirst (x: x.addr == "127.0.0.1") "" config.services.nginx.virtualHosts.riot.listen).port; auth = false; }; + "riot.${domaine}" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "riot"; auth = false; }; "matrix.${domaine}" = { ip = "127.0.0.1"; port = 8008; auth = false; }; "pgmanage.${domaine}" = { ip = "127.0.0.1"; port = config.services.pgmanage.port; auth = true; }; "gitea.${domaine}" = { ip = "127.0.0.1"; port = config.services.gitea.httpPort; auth = false; }; "ci.${domaine}" = { ip = "127.0.0.1"; port = 52350; auth = false; }; - "factorio.${domaine}" = { ip = "127.0.0.1"; port = (findFirst (x: x.addr == "127.0.0.1") "" config.services.nginx.virtualHosts.factorio.listen).port; auth = false; }; + "factorio.${domaine}" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "factorio"; auth = false; }; "airsonic.${domaine}" = { ip = "127.0.0.1"; port = 4040; auth = false; }; - "${domaine}" = { ip = "127.0.0.1"; port = (findFirst (x: x.addr == "127.0.0.1") "" config.services.nginx.virtualHosts.wkd.listen).port; auth = false; }; + "${domaine}" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "wkd"; auth = false; }; }; }; From 3254dc04681834c90eb6f8fc9b2f8eb2f74d421b Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 1 Nov 2019 22:23:20 +0100 Subject: [PATCH 083/474] LoutreOS: migration site musique Django --- services/site-musique.nix | 67 ----------------------------------- systems/LoutreOS/services.nix | 1 - systems/LoutreOS/web.nix | 61 +++++++++++++++++++++++++++---- 3 files changed, 55 insertions(+), 74 deletions(-) delete mode 100644 services/site-musique.nix diff --git a/services/site-musique.nix b/services/site-musique.nix deleted file mode 100644 index ff4fde4c..00000000 --- a/services/site-musique.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ lib, config, pkgs, ... }: - -with lib; - -let - cfg = config.services.site-musique; -in -{ - options.services.site-musique = { - enable = mkEnableOption "Site musique"; - - port = mkOption { - type = types.int; - example = 54321; - description = "Local listening port"; - }; - - domaine = mkOption { - type = types.str; - example = "example.com"; - description = "Domaine à utiliser"; - }; - }; - - config = mkIf cfg.enable { - - services.haproxy-acme.services = { - ${cfg.domaine} = { ip = "127.0.0.1"; port = cfg.port; auth = false; }; - }; - - services.nginx.virtualHosts = { - "musique" = { - listen = [ { addr = "127.0.0.1"; port = cfg.port; } ]; - locations."/" = { - root = "/run/python-ci/nyanloutre/site-musique"; - index = "index.php"; - extraConfig = '' - location ~* \.php$ { - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass unix:${config.services.phpfpm.pools.musique.socket}; - include ${pkgs.nginx}/conf/fastcgi_params; - include ${pkgs.nginx}/conf/fastcgi.conf; - } - ''; - }; - }; - }; - - services.phpfpm.pools.musique = { - user = "nginx"; - settings = { - "listen.owner" = "nginx"; - "listen.group" = "nginx"; - "listen.mode" = "0660"; - "pm" = "dynamic"; - "pm.max_children" = 75; - "pm.start_servers" = 2; - "pm.min_spare_servers" = 1; - "pm.max_spare_servers" = 20; - "pm.max_requests" = 500; - "php_admin_value[error_log]" = "stderr"; - "php_admin_flag[log_errors]" = "on"; - "catch_workers_output" = "yes"; - }; - }; - }; -} diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index df277e46..5b9cf77c 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -26,7 +26,6 @@ in imports = [ ../../services/haproxy-acme.nix ../../services/mail-server.nix - ../../services/site-musique.nix ../../services/site-max.nix ../../services/auto-pr.nix ../../services/python-ci.nix diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 200d61dd..d86bc053 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -40,6 +40,7 @@ in "factorio.${domaine}" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "factorio"; auth = false; }; "airsonic.${domaine}" = { ip = "127.0.0.1"; port = 4040; auth = false; }; "${domaine}" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "wkd"; auth = false; }; + "musique-meyenheim.fr" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "musique-meyenheim.fr"; auth = false; }; }; }; @@ -65,6 +66,24 @@ in ''; }; }; }; + "musique-meyenheim.fr" = { + listen = [ { addr = "127.0.0.1"; port = 52353; } ]; + locations = { + "/" = { + proxyPass = "http://unix:/run/site-musique.sock"; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + ''; + }; + "/static/" = { + alias = "/var/www/site-musique/staticfiles/"; + }; + "/media/" = { + alias = "/var/www/site-musique/media/"; + }; + }; + }; }; }; @@ -100,16 +119,46 @@ in python-ci.enable = true; - site-musique = { - enable = true; - port = 52349; - domaine = "musique-meyenheim.fr"; - }; - site-max = { enable = true; port = 52348; domaine = "maxspiegel.fr"; }; }; + + systemd.services.site-musique = let + djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_2_2 pillow setuptools ])); + in { + description = "Site Django de la musique de Meyenheim"; + after = [ "network.target" ]; + requires = [ "site-musique.socket" ]; + preStart = '' + ${djangoEnv}/bin/python manage.py migrate; + ${djangoEnv}/bin/python manage.py collectstatic --no-input; + ''; + environment = { + DJANGO_SETTINGS_MODULE = "site_musique.settings.prod"; + NGINX_DIRECTORY = "/var/www/site-musique"; + }; + serviceConfig = { + DynamicUser = true; + Group = "nginx"; + StateDirectory = "site-musique"; + WorkingDirectory = "/var/www/site-musique/"; + ReadWritePaths = [ "/var/www/site-musique/staticfiles" "/var/www/site-musique/media" ]; + EnvironmentFile = "/mnt/secrets/site-musique.env"; + ExecStart = ''${djangoEnv}/bin/gunicorn \ + --access-logfile - \ + --bind unix:/run/site-musique.sock \ + site_musique.wsgi:application + ''; + PrivateTmp = true; + }; + }; + + systemd.sockets.site-musique = { + description = "Site Musique socket"; + wantedBy = [ "sockets.target" ]; + listenStreams = [ "/run/site-musique.sock" ]; + }; } From e5e12f0e23555203016563b28caf6d568d73bb78 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 2 Nov 2019 13:53:53 +0100 Subject: [PATCH 084/474] LoutreOS: ajout site Minecraft --- systems/LoutreOS/hardware-configuration.nix | 5 +++++ systems/LoutreOS/web.nix | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index bc18a465..418346f6 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -147,6 +147,11 @@ fsType = "zfs"; }; + fileSystems."/var/www" = + { device = "loutrepool/var/www"; + fsType = "zfs"; + }; + swapDevices = [ { diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index d86bc053..599a8c95 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -41,6 +41,7 @@ in "airsonic.${domaine}" = { ip = "127.0.0.1"; port = 4040; auth = false; }; "${domaine}" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "wkd"; auth = false; }; "musique-meyenheim.fr" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "musique-meyenheim.fr"; auth = false; }; + "minecraft.${domaine}" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "minecraft-overviewer"; auth = false; }; }; }; @@ -57,6 +58,10 @@ in listen = [ { addr = "127.0.0.1"; port = 52351; } ]; locations = { "/" = { root = "/var/www/factorio"; }; }; }; + "minecraft-overviewer" = { + listen = [ { addr = "127.0.0.1"; port = 52354; } ]; + locations = { "/" = { root = "/var/www/minecraft-overviewer"; }; }; + }; "wkd" = { listen = [ { addr = "127.0.0.1"; port = 52352; } ]; locations = { "/.well-known/openpgpkey/" = { From 17b70c79736d25119abfdc891bcfde073238bd7e Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 2 Nov 2019 13:54:12 +0100 Subject: [PATCH 085/474] LoutreOS: fix telegraf zpool --- systems/LoutreOS/monitoring.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/monitoring.nix b/systems/LoutreOS/monitoring.nix index 4c5bcd2f..b8260cf2 100644 --- a/systems/LoutreOS/monitoring.nix +++ b/systems/LoutreOS/monitoring.nix @@ -55,7 +55,7 @@ in import json from subprocess import check_output - columns = ["NAME", "SIZE", "ALLOC", "FREE", "EXPANDSZ", "FRAG", "CAP", "DEDUP", "HEALTH", "ALTROOT"] + columns = ["NAME", "SIZE", "ALLOC", "FREE", "CKPOINT", "EXPANDSZ", "FRAG", "CAP", "DEDUP", "HEALTH", "ALTROOT"] health = {'ONLINE':0, 'DEGRADED':11, 'OFFLINE':21, 'UNAVAIL':22, 'FAULTED':23, 'REMOVED':24} stdout = check_output(["${pkgs.zfs}/bin/zpool", "list", "-Hp"],encoding='UTF-8').split('\n') From a9a3785e80437cedda701ec31695f63fbd640b78 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 2 Nov 2019 13:54:34 +0100 Subject: [PATCH 086/474] LoutreOS: ajout metrics cgroup dans Telegraf --- systems/LoutreOS/monitoring.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/systems/LoutreOS/monitoring.nix b/systems/LoutreOS/monitoring.nix index b8260cf2..599eded9 100644 --- a/systems/LoutreOS/monitoring.nix +++ b/systems/LoutreOS/monitoring.nix @@ -32,6 +32,20 @@ in processes = {}; system = {}; disk = {}; + cgroup = [ + { + paths = [ + "/sys/fs/cgroup/memory/system.slice/*" + ]; + files = ["memory.*usage*" "memory.limit_in_bytes"]; + } + { + paths = [ + "/sys/fs/cgroup/cpu/system.slice/*" + ]; + files = ["cpuacct.usage" "cpu.cfs_period_us" "cpu.cfs_quota_us"]; + } + ]; ipmi_sensor = { path = "${pkgs.ipmitool}/bin/ipmitool"; }; smart = { path = "${pkgs.writeShellScriptBin "smartctl" "/run/wrappers/bin/sudo ${pkgs.smartmontools}/bin/smartctl $@"}/bin/smartctl"; From 519e402a1bf00c6a9a4db159653f1c6650c26376 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 2 Nov 2019 15:41:59 +0100 Subject: [PATCH 087/474] LoutreOS: ajout timer minecraft overviewer --- systems/LoutreOS/config-overviewer.py | 41 +++++++++++++++++++++++++++ systems/LoutreOS/services.nix | 30 ++++++++++++++++++++ 2 files changed, 71 insertions(+) create mode 100644 systems/LoutreOS/config-overviewer.py diff --git a/systems/LoutreOS/config-overviewer.py b/systems/LoutreOS/config-overviewer.py new file mode 100644 index 00000000..67332a30 --- /dev/null +++ b/systems/LoutreOS/config-overviewer.py @@ -0,0 +1,41 @@ +from .observer import JSObserver + +global escape +from cgi import escape +def signFilter(poi): + if poi['id'] == 'Sign' or poi['id'] == 'minecraft:sign': + return "
" + "\n".join(map(escape, [poi['Text1'], poi['Text2'], poi['Text3'], poi['Text4']])) + "
" + +global json +import json +def petFilter(poi): + if "CustomName" in poi: + custom_name = json.loads(poi['CustomName']) + if "text" in custom_name: + return custom_name["text"] + +processes = 2 + +worlds["My world"] = "/var/lib/minecraft/world" + +renders["Vue normale"] = { + "world": "My world", + "title": "Vue normale", + "texturepath": "@CLIENT_JAR@", + "rendermode": smooth_lighting, + 'markers': [dict(name="All signs", filterFunction=signFilter), + dict(name="Pets", filterFunction=petFilter, icon="icons/marker_cat.png", createInfoWindow=False, checked=True)], +} + +cave_rendermode = [Base(), EdgeLines(), Cave(only_lit=True), DepthTinting()] + +renders["Grottes"] = { + "world": "My world", + "title": "Grottes", + "texturepath": "@CLIENT_JAR@", + "rendermode": cave_rendermode, +} + +outputdir = "/var/www/minecraft-overviewer" + +observer = JSObserver(outputdir=outputdir) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 5b9cf77c..7fdea085 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -263,6 +263,36 @@ in }; }; + systemd.services.minecraft-overviewer = + let + clientJar = pkgs.fetchurl { + url = "https://overviewer.org/textures/1.14"; + sha256 = "0fij9wac7vj6h0kd3mfhqpn0w9gl8pbs9vs9s085zajm0szpr44k"; + name = "client.jar"; + }; + configFile = pkgs.runCommand "overviewer-config" { CLIENT_JAR = clientJar; } '' + substitute ${./config-overviewer.py} $out \ + --subst-var CLIENT_JAR + ''; + in + { + script = '' + ${pkgs.minecraft-overviewer}/bin/overviewer.py --config ${configFile} + ${pkgs.minecraft-overviewer}/bin/overviewer.py --config ${configFile} --genpoi + ''; + serviceConfig = { + User = "nginx"; + Group = "nginx"; + }; + }; + + systemd.timers.minecraft-overviewer = { + wantedBy = [ "multi-user.target" ]; + timerConfig = { + OnCalendar = "*-*-* 04:00:00"; + }; + }; + users.groups.acme.members = [ "matrix-synapse" ]; security.pam.services.sshd.text = pkgs.lib.mkDefault( pkgs.lib.mkAfter "session optional ${pkgs.pam}/lib/security/pam_exec.so seteuid ${login_mail_alert}/bin/mail_alert.sh" ); From 2bce0bc5acbec2d0104312ee27daf467e5bc9575 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 2 Nov 2019 16:59:44 +0100 Subject: [PATCH 088/474] =?UTF-8?q?LoutreOS:=20am=C3=A9liorations=20minecr?= =?UTF-8?q?aft=20overviewer?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- systems/LoutreOS/config-overviewer.py | 4 ++-- systems/LoutreOS/services.nix | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/systems/LoutreOS/config-overviewer.py b/systems/LoutreOS/config-overviewer.py index 67332a30..aea7cea7 100644 --- a/systems/LoutreOS/config-overviewer.py +++ b/systems/LoutreOS/config-overviewer.py @@ -1,4 +1,4 @@ -from .observer import JSObserver +from .observer import MultiplexingObserver, LoggingObserver, JSObserver global escape from cgi import escape @@ -38,4 +38,4 @@ renders["Grottes"] = { outputdir = "/var/www/minecraft-overviewer" -observer = JSObserver(outputdir=outputdir) +observer = MultiplexingObserver(LoggingObserver(), JSObserver(outputdir)) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 7fdea085..44cd7bb6 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -279,6 +279,7 @@ in script = '' ${pkgs.minecraft-overviewer}/bin/overviewer.py --config ${configFile} ${pkgs.minecraft-overviewer}/bin/overviewer.py --config ${configFile} --genpoi + rm /var/www/minecraft-overviewer/progress.json ''; serviceConfig = { User = "nginx"; From b6c1b4cbf44fea9c4f6fb119272fb7a529e12ddc Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 3 Nov 2019 23:38:31 +0100 Subject: [PATCH 089/474] LoutreOS: minecraft overviewer ajout position joueurs --- systems/LoutreOS/config-overviewer.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/config-overviewer.py b/systems/LoutreOS/config-overviewer.py index aea7cea7..a307a38a 100644 --- a/systems/LoutreOS/config-overviewer.py +++ b/systems/LoutreOS/config-overviewer.py @@ -14,6 +14,11 @@ def petFilter(poi): if "text" in custom_name: return custom_name["text"] +def playerIcons(poi): + if poi['id'] == 'Player': + poi['icon'] = "https://overviewer.org/avatar/%s" % poi['EntityId'] + return "Last known location for %s" % poi['EntityId'] + processes = 2 worlds["My world"] = "/var/lib/minecraft/world" @@ -24,7 +29,8 @@ renders["Vue normale"] = { "texturepath": "@CLIENT_JAR@", "rendermode": smooth_lighting, 'markers': [dict(name="All signs", filterFunction=signFilter), - dict(name="Pets", filterFunction=petFilter, icon="icons/marker_cat.png", createInfoWindow=False, checked=True)], + dict(name="Pets", filterFunction=petFilter, icon="icons/marker_cat.png", createInfoWindow=False, checked=True), + dict(name="Position joueurs", filterFunction=playerIcons),], } cave_rendermode = [Base(), EdgeLines(), Cave(only_lit=True), DepthTinting()] From 42dd305fdb5cad15864bb311c8af1e3f0e4f2b18 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 21 Nov 2019 02:11:59 +0100 Subject: [PATCH 090/474] LoutreOS: LUN Steam --- systems/LoutreOS/hardware-configuration.nix | 5 ----- systems/LoutreOS/services.nix | 16 +++++++++++++++- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index 418346f6..72279d0f 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -67,11 +67,6 @@ fsType = "zfs"; }; - fileSystems."/exports/steam" = - { device = "loutrepool/steam"; - fsType = "zfs"; - }; - fileSystems."/var/lib/syncthing" = { device = "loutrepool/var/syncthing"; fsType = "zfs"; diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 44cd7bb6..ebbfc84a 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -62,7 +62,6 @@ in enable = true; exports = '' /mnt/medias 10.30.0.0/16(ro,no_root_squash) - /exports/steam 10.30.0.0/16(rw,async,no_root_squash) /var/lib/minecraft 10.30.0.0/16(rw,no_root_squash) ''; statdPort = 4000; @@ -294,6 +293,17 @@ in }; }; + systemd.packages = with pkgs; [ + tgt + ]; + + environment.etc."tgt/targets.conf".text = '' + + backing-store /dev/zvol/loutrepool/steam-lun + initiator-address 10.30.50.3 + + ''; + users.groups.acme.members = [ "matrix-synapse" ]; security.pam.services.sshd.text = pkgs.lib.mkDefault( pkgs.lib.mkAfter "session optional ${pkgs.pam}/lib/security/pam_exec.so seteuid ${login_mail_alert}/bin/mail_alert.sh" ); @@ -317,6 +327,10 @@ in nat.internalInterfaces = [ "wg0" ]; nat.internalIPs = [ "192.168.20.0/24" ]; + firewall.interfaces.eno2.allowedTCPPorts = [ + 3260 + ]; + firewall.allowedTCPPorts = [ 8448 # Matrix federation 20 21 # FTP From 67944691a44bed4f661900ab06836a7e85660251 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 21 Nov 2019 02:12:58 +0100 Subject: [PATCH 091/474] PC-Fixe: montage LUN Steam --- systems/PC-Fixe/configuration.nix | 15 +++++++++++++++ systems/PC-Fixe/hardware-configuration.nix | 6 +++--- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 3b15ac17..0d9fb388 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -81,5 +81,20 @@ services.openssh.enable = true; services.openssh.passwordAuthentication = false; + systemd.services.iscsid = { + description = "iscsid daemon"; + wantedBy = [ "network-online.target" ]; + preStart = "${pkgs.kmod}/bin/modprobe iscsi_tcp"; + postStart = '' + ${pkgs.openiscsi}/bin/iscsiadm -m discovery -t st -p 10.30.0.1 + ${pkgs.openiscsi}/bin/iscsiadm -m node -T iqn.2019-11.nyanlout.re:steam -l + ''; + serviceConfig = { + ExecStart = "${pkgs.openiscsi}/bin/iscsid -f -c ${pkgs.openiscsi}/etc/iscsi/iscsid.conf -i ${pkgs.openiscsi}/etc/iscsi/initiatorname.iscsi"; + KillMode = "process"; + Restart = "on-success"; + }; + }; + system.stateVersion = "20.03"; } diff --git a/systems/PC-Fixe/hardware-configuration.nix b/systems/PC-Fixe/hardware-configuration.nix index 4c1ba898..348f9925 100644 --- a/systems/PC-Fixe/hardware-configuration.nix +++ b/systems/PC-Fixe/hardware-configuration.nix @@ -62,9 +62,9 @@ options = [ "bind" ]; }; - fileSystems."/mnt/steam" = - { device = "10.30.0.1:/exports/steam"; - fsType = "nfs"; + fileSystems."/mnt/steam-lun" = + { device = "/dev/disk/by-path/ip-10.30.0.1:3260-iscsi-iqn.2019-11.nyanlout.re:steam-lun-1"; + fsType = "ext4"; options = ["x-systemd.automount" "noauto"]; }; From 36462dd228be6c30b90c984c947158cdf0f0030c Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 21 Nov 2019 02:13:25 +0100 Subject: [PATCH 092/474] PC-Fixe: activation services ZFS --- systems/PC-Fixe/configuration.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 0d9fb388..19bd7821 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -22,6 +22,15 @@ boot.tmpOnTmpfs = true; boot.supportedFilesystems = [ "zfs" ]; + services.zfs = { + trim.enable = true; + autoSnapshot = { + enable = true; + monthly = 6; + }; + autoScrub.enable = true; + }; + hardware.bluetooth.enable = true; # Logitech G920 From ab1dc5e87a77a8abb5d07a1bac426e9c5ace77ae Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 9 Dec 2019 00:11:36 +0100 Subject: [PATCH 093/474] LoutreOS: tunning dhcpcd --- systems/LoutreOS/configuration.nix | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 29aa22ba..8edcfe9e 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -49,11 +49,13 @@ in hostName = "loutreos"; # Define your hostname. hostId = "7e66e347"; - dhcpcd.extraConfig = '' - interface "bouyges" { - send vendor-class-identifier "BYGTELIAD"; - } - ''; + dhcpcd = { + persistent = true; + extraConfig = '' + interface bouyges + noarp + ''; + }; vlans.bouyges = { id = 100; From a630b1a58c342aab3819e5ec387e9124d9738f6b Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 16 Dec 2019 22:35:32 +0100 Subject: [PATCH 094/474] mail-server: 2.2.1 -> 2.3.0 --- services/mail-server.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/mail-server.nix b/services/mail-server.nix index 15a52885..86615ead 100644 --- a/services/mail-server.nix +++ b/services/mail-server.nix @@ -17,8 +17,8 @@ in imports = [ (builtins.fetchTarball { - url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.1/nixos-mailserver-v2.2.1.tar.gz"; - sha256 = "03d49v8qnid9g9rha0wg2z6vic06mhp0b049s3whccn1axvs2zzx"; + url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.3.0/nixos-mailserver-v2.3.0.tar.gz"; + sha256 = "0lpz08qviccvpfws2nm83n7m2r8add2wvfg9bljx9yxx8107r919"; }) ]; From 5a6a41fe2da5a07de25b7b90890b80637e4e0a7f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 8 Jan 2020 01:28:27 +0100 Subject: [PATCH 095/474] mail-server: configuration postfix serveur relai --- services/mail-server.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/services/mail-server.nix b/services/mail-server.nix index 86615ead..9b611260 100644 --- a/services/mail-server.nix +++ b/services/mail-server.nix @@ -52,6 +52,15 @@ in enableManageSieve = true; }; + services.postfix = { + relayHost = "mailvps.nyanlout.re"; + relayPort = 587; + config = { + smtp_tls_cert_file = lib.mkForce "/var/lib/postfix/postfixrelay.crt"; + smtp_tls_key_file = lib.mkForce "/var/lib/postfix/postfixrelay.key"; + }; + }; + security.acme.certs = { "${cfg.domaine}" = { extraDomains = { From 72d0802b67696909f387980a099805686d843de7 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 8 Jan 2020 01:29:31 +0100 Subject: [PATCH 096/474] =?UTF-8?q?python-ci:=20cr=C3=A9ation=20utilisateu?= =?UTF-8?q?r?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Permet d'utiliser un RuntimeDir public --- services/python-ci.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/services/python-ci.nix b/services/python-ci.nix index 2523d8f6..5a6a4c43 100644 --- a/services/python-ci.nix +++ b/services/python-ci.nix @@ -12,6 +12,14 @@ in config = mkIf cfg.enable { + users.users = { + python-ci = { + isSystemUser = true; + group = "nogroup"; + description = "Python CI user"; + }; + }; + systemd.services.python-ci = { description = "CI Nix en Python"; requires = ["network-online.target"]; @@ -19,7 +27,7 @@ in environment = { HOME = "/var/lib/python-ci"; NIX_PATH = concatStringsSep ":" config.nix.nixPath; NIXPKGS_ALLOW_UNFREE = "1";}; path = with pkgs;[ nix gnutar gzip ]; serviceConfig = { - DynamicUser = true; + User = "python-ci"; StateDirectory = "python-ci"; RuntimeDirectory = "python-ci"; RuntimeDirectoryPreserve = "yes"; From ec60e54c9aeaa39fbcf535b018017061529ac555 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 2 Mar 2020 22:38:36 +0100 Subject: [PATCH 097/474] maj 20.03 --- overlays/riot-web.nix | 22 ++++++------ services/haproxy-acme.nix | 1 + systems/LoutreOS/configuration.nix | 2 +- systems/LoutreOS/services.nix | 58 +++++++++++++++--------------- 4 files changed, 41 insertions(+), 42 deletions(-) diff --git a/overlays/riot-web.nix b/overlays/riot-web.nix index c92dfa5e..33428ffb 100644 --- a/overlays/riot-web.nix +++ b/overlays/riot-web.nix @@ -1,17 +1,15 @@ self: super: { riot-web = super.riot-web.override { - conf = '' - { - "default_hs_url": "https://matrix.nyanlout.re", - "default_is_url": "https://vector.im", - "brand": "Nyanloutre", - "default_theme": "dark", - "integrations_ui_url": "https://dimension.t2bot.io/riot", - "integrations_rest_url": "https://dimension.t2bot.io/api/v1/scalar", - "integrations_widgets_urls": ["https://dimension.t2bot.io/widgets"], - "integrations_jitsi_widget_url": "https://dimension.t2bot.io/widgets/jitsi" - } - ''; + conf = { + default_hs_url = "https://matrix.nyanlout.re"; + default_is_url = "https://vector.im"; + brand = "Nyanloutre"; + default_theme = "dark"; + integrations_ui_url = "https://dimension.t2bot.io/riot"; + integrations_rest_url = "https://dimension.t2bot.io/api/v1/scalar"; + integrations_widgets_urls = ["https://dimension.t2bot.io/widgets"]; + integrations_jitsi_widget_url = "https://dimension.t2bot.io/widgets/jitsi"; + }; }; } diff --git a/services/haproxy-acme.nix b/services/haproxy-acme.nix index 4309e958..9383f380 100644 --- a/services/haproxy-acme.nix +++ b/services/haproxy-acme.nix @@ -126,6 +126,7 @@ in }; }; + security.acme.acceptTerms = true; security.acme.certs = { ${cfg.domaine} = { extraDomains = mapAttrs' (name: value: diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 8edcfe9e..a1d8c67e 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -33,7 +33,7 @@ in ]; nixpkgs.config.allowUnfree = false; - nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem (builtins.parseDrvName pkg.pname).name [ "factorio-headless" "perl5.30.0-slimserver" "minecraft-server" ]); + nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem (builtins.parseDrvName pkg.pname).name [ "factorio-headless" "perl5.30.1-slimserver" "minecraft-server" ]); services.zfs = { autoSnapshot.enable = true; diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index ebbfc84a..6f77f1f5 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -262,36 +262,36 @@ in }; }; - systemd.services.minecraft-overviewer = - let - clientJar = pkgs.fetchurl { - url = "https://overviewer.org/textures/1.14"; - sha256 = "0fij9wac7vj6h0kd3mfhqpn0w9gl8pbs9vs9s085zajm0szpr44k"; - name = "client.jar"; - }; - configFile = pkgs.runCommand "overviewer-config" { CLIENT_JAR = clientJar; } '' - substitute ${./config-overviewer.py} $out \ - --subst-var CLIENT_JAR - ''; - in - { - script = '' - ${pkgs.minecraft-overviewer}/bin/overviewer.py --config ${configFile} - ${pkgs.minecraft-overviewer}/bin/overviewer.py --config ${configFile} --genpoi - rm /var/www/minecraft-overviewer/progress.json - ''; - serviceConfig = { - User = "nginx"; - Group = "nginx"; - }; - }; + # systemd.services.minecraft-overviewer = + # let + # clientJar = pkgs.fetchurl { + # url = "https://overviewer.org/textures/1.14"; + # sha256 = "0fij9wac7vj6h0kd3mfhqpn0w9gl8pbs9vs9s085zajm0szpr44k"; + # name = "client.jar"; + # }; + # configFile = pkgs.runCommand "overviewer-config" { CLIENT_JAR = clientJar; } '' + # substitute ${./config-overviewer.py} $out \ + # --subst-var CLIENT_JAR + # ''; + # in + # { + # script = '' + # ${pkgs.minecraft-overviewer}/bin/overviewer.py --config ${configFile} + # ${pkgs.minecraft-overviewer}/bin/overviewer.py --config ${configFile} --genpoi + # rm /var/www/minecraft-overviewer/progress.json + # ''; + # serviceConfig = { + # User = "nginx"; + # Group = "nginx"; + # }; + # }; - systemd.timers.minecraft-overviewer = { - wantedBy = [ "multi-user.target" ]; - timerConfig = { - OnCalendar = "*-*-* 04:00:00"; - }; - }; + # systemd.timers.minecraft-overviewer = { + # wantedBy = [ "multi-user.target" ]; + # timerConfig = { + # OnCalendar = "*-*-* 04:00:00"; + # }; + # }; systemd.packages = with pkgs; [ tgt From 551cf94d4ea5902e1f993472acfe72bc1cbc3b5f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 2 Mar 2020 22:39:16 +0100 Subject: [PATCH 098/474] vsftpd: utilisation du certif let's encrypt --- containers/vsftpd.nix | 6 +++--- services/haproxy-acme.nix | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/containers/vsftpd.nix b/containers/vsftpd.nix index 409ab6f0..77e01dd3 100644 --- a/containers/vsftpd.nix +++ b/containers/vsftpd.nix @@ -12,7 +12,7 @@ userlistDeny = false; localUsers = true; userlist = ["claire" "manu" "lakeu" "fusil" "stryxion" "nico"]; - rsaCertFile = "/var/vsftpd/vsftpd.pem"; + rsaCertFile = "/var/lib/acme/nyanlout.re/full.pem"; extraConfig = '' pasv_min_port=64000 pasv_max_port=65535 @@ -59,8 +59,8 @@ }; }; bindMounts = { - "/var/vsftpd/vsftpd.pem" = { - hostPath = "/var/vsftpd/vsftpd.pem"; + "/var/lib/acme/nyanlout.re" = { + hostPath = "/var/lib/acme/nyanlout.re"; }; "/mnt/medias" = { hostPath = "/mnt/medias"; diff --git a/services/haproxy-acme.nix b/services/haproxy-acme.nix index 9383f380..8bdef077 100644 --- a/services/haproxy-acme.nix +++ b/services/haproxy-acme.nix @@ -138,6 +138,7 @@ in group = "acme"; postRun = '' systemctl reload haproxy.service + nixos-container run vsftpd -- systemctl restart vsftpd ''; }; }; From 5d755bf63b7df2cf14a35c318e39b60b7457bd2e Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 2 Mar 2020 22:40:01 +0100 Subject: [PATCH 099/474] tgt: disable --- systems/LoutreOS/services.nix | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 6f77f1f5..c0d1a5e3 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -293,16 +293,16 @@ in # }; # }; - systemd.packages = with pkgs; [ - tgt - ]; + # systemd.packages = with pkgs; [ + # tgt + # ]; - environment.etc."tgt/targets.conf".text = '' - - backing-store /dev/zvol/loutrepool/steam-lun - initiator-address 10.30.50.3 - - ''; + # environment.etc."tgt/targets.conf".text = '' + # + # backing-store /dev/zvol/loutrepool/steam-lun + # initiator-address 10.30.50.3 + # + # ''; users.groups.acme.members = [ "matrix-synapse" ]; From f86ef0518dae498ce5c170c471c8b35096058879 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 2 Mar 2020 23:20:17 +0100 Subject: [PATCH 100/474] web: refactor nginx config --- services/haproxy-acme.nix | 17 ++++++---- systems/LoutreOS/web.nix | 67 ++++++++++++++++++++++++--------------- 2 files changed, 53 insertions(+), 31 deletions(-) diff --git a/services/haproxy-acme.nix b/services/haproxy-acme.nix index 8bdef077..f7b16e35 100644 --- a/services/haproxy-acme.nix +++ b/services/haproxy-acme.nix @@ -20,23 +20,28 @@ let ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets defaults + mode http option forwardfor option http-server-close + option httplog + option dontlognull timeout client 10s timeout connect 4s timeout server 30s + timeout tunnel 3600s errorfile 503 ${./errorfiles/503.html} userlist LOUTRE user paul password $6$YNjCpiPABu9$.iEp.3BgoswHcX3SMjz1/CiyqFQn/fjnxtT9CWBqQHBKynvK2kh/i62ije0WmCvhKRUhy9gdVbJStM3ciGXnC1 - frontend public + frontend http-in bind :::80 v4v6 - bind :::443 v4v6 ssl crt /var/lib/acme/${cfg.domaine}/full.pem alpn h2,http/1.1 - mode http acl letsencrypt-acl path_beg /.well-known/acme-challenge/ - acl haproxy-acl path_beg /haproxy - redirect scheme https code 301 if !{ ssl_fc } !letsencrypt-acl - http-response set-header Strict-Transport-Security max-age=15768000 use_backend letsencrypt-backend if letsencrypt-acl + redirect scheme https code 301 if !letsencrypt-acl + frontend public + bind :::443 v4v6 ssl crt /var/lib/acme/${cfg.domaine}/full.pem alpn h2,http/1.1 + http-response set-header Strict-Transport-Security max-age=15768000 + http-request add-header X-Forwarded-Proto https + acl haproxy-acl path_beg /haproxy use_backend haproxy_stats if haproxy-acl ${concatStrings ( mapAttrsToList (name: value: diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 599a8c95..d98099fe 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -2,6 +2,17 @@ with lib; +#### VHost table #### +# 10000 riot.nyanlout.re +# 10001 factorio.nyanlout.re +# 10002 minecraft.nyanlout.re +# 10003 nyanlout.re +# 10004 musique-meyenheim.fr +# 10005 social.nyanlout.re +# 10006 pgmanage.nyanlout.re +# 10007 maxspiegel.fr +#### + let domaine = "nyanlout.re"; @@ -32,16 +43,16 @@ in "syncthing.${domaine}" = { ip = "127.0.0.1"; port = 8384; auth = true; }; "jackett.${domaine}" = { ip = "127.0.0.1"; port = 9117; auth = true; }; "searx.${domaine}" = { ip = "127.0.0.1"; port = 8888; auth = false; }; - "riot.${domaine}" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "riot"; auth = false; }; + "riot.${domaine}" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "riot.nyanlout.re"; auth = false; }; "matrix.${domaine}" = { ip = "127.0.0.1"; port = 8008; auth = false; }; "pgmanage.${domaine}" = { ip = "127.0.0.1"; port = config.services.pgmanage.port; auth = true; }; "gitea.${domaine}" = { ip = "127.0.0.1"; port = config.services.gitea.httpPort; auth = false; }; "ci.${domaine}" = { ip = "127.0.0.1"; port = 52350; auth = false; }; - "factorio.${domaine}" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "factorio"; auth = false; }; + "factorio.${domaine}" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "factorio.nyanlout.re"; auth = false; }; "airsonic.${domaine}" = { ip = "127.0.0.1"; port = 4040; auth = false; }; - "${domaine}" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "wkd"; auth = false; }; + "${domaine}" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "nyanlout.re"; auth = false; }; "musique-meyenheim.fr" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "musique-meyenheim.fr"; auth = false; }; - "minecraft.${domaine}" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "minecraft-overviewer"; auth = false; }; + "minecraft.${domaine}" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "minecraft.nyanlout.re"; auth = false; }; }; }; @@ -49,37 +60,43 @@ in nginx = { enable = true; + recommendedProxySettings = true; + appendHttpConfig = '' + set_real_ip_from 127.0.0.1; + real_ip_header X-Forwarded-For; + ''; virtualHosts = { - "riot" = { - listen = [ { addr = "127.0.0.1"; port = 52345; } ]; + "riot.nyanlout.re" = { + listen = [ { addr = "127.0.0.1"; port = 10000; } ]; locations = { "/" = { root = pkgs.riot-web; }; }; }; - "factorio" = { - listen = [ { addr = "127.0.0.1"; port = 52351; } ]; + "factorio.nyanlout.re" = { + listen = [ { addr = "127.0.0.1"; port = 10001; } ]; locations = { "/" = { root = "/var/www/factorio"; }; }; }; - "minecraft-overviewer" = { - listen = [ { addr = "127.0.0.1"; port = 52354; } ]; + "minecraft.nyanlout.re" = { + listen = [ { addr = "127.0.0.1"; port = 10002; } ]; locations = { "/" = { root = "/var/www/minecraft-overviewer"; }; }; }; - "wkd" = { - listen = [ { addr = "127.0.0.1"; port = 52352; } ]; - locations = { "/.well-known/openpgpkey/" = { - alias = "/var/lib/gnupg/wks/nyanlout.re"; - extraConfig = '' - add_header Access-Control-Allow-Origin * always; - ''; - }; }; + "nyanlout.re" = { + listen = [ { addr = "127.0.0.1"; port = 10003; } ]; + locations = { + "/" = { + alias = "/var/www/site-perso/"; + }; + "/.well-known/openpgpkey/" = { + alias = "/var/lib/gnupg/wks/nyanlout.re"; + extraConfig = '' + add_header Access-Control-Allow-Origin * always; + ''; + }; + }; }; "musique-meyenheim.fr" = { - listen = [ { addr = "127.0.0.1"; port = 52353; } ]; + listen = [ { addr = "127.0.0.1"; port = 10004; } ]; locations = { "/" = { proxyPass = "http://unix:/run/site-musique.sock"; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $remote_addr; - ''; }; "/static/" = { alias = "/var/www/site-musique/staticfiles/"; @@ -96,7 +113,7 @@ in pgmanage = { enable = true; - port = 52347; + port = 10006; connections = { localhost = "hostaddr=127.0.0.1 port=5432 dbname=postgres"; }; @@ -126,7 +143,7 @@ in site-max = { enable = true; - port = 52348; + port = 10007; domaine = "maxspiegel.fr"; }; }; From 2da8af253dafbd6fc54b6e3b80407e7e9eea5954 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 8 Apr 2020 12:45:36 +0200 Subject: [PATCH 101/474] migrate haproxy -> nginx --- services/errorfiles/503.html | 39 ----- services/haproxy-acme.nix | 158 ------------------- services/site-max.nix | 42 ----- systems/LoutreOS/configuration.nix | 2 +- systems/LoutreOS/services.nix | 2 - systems/LoutreOS/web.nix | 240 ++++++++++++++++++++--------- 6 files changed, 169 insertions(+), 314 deletions(-) delete mode 100644 services/errorfiles/503.html delete mode 100644 services/haproxy-acme.nix delete mode 100644 services/site-max.nix diff --git a/services/errorfiles/503.html b/services/errorfiles/503.html deleted file mode 100644 index c511c008..00000000 --- a/services/errorfiles/503.html +++ /dev/null @@ -1,39 +0,0 @@ -HTTP/1.0 503 Service Unavailable -Cache-Control: no-cache -Connection: close -Content-Type: text/html - - - - - - - - 503 Service Unavailable - - - - - - - -

503 Service non disponible

- -

Impossible de contacter le serveur demandé

- - diff --git a/services/haproxy-acme.nix b/services/haproxy-acme.nix deleted file mode 100644 index f7b16e35..00000000 --- a/services/haproxy-acme.nix +++ /dev/null @@ -1,158 +0,0 @@ -{ lib, config, pkgs, ... }: - -with lib; - -let - cfg = config.services.haproxy-acme; - - nginx_port = 54321; - - haproxyConf = '' - global - log /dev/log local0 - log /dev/log local1 notice - user haproxy - group haproxy - ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 - ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets - ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 - ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets - defaults - mode http - option forwardfor - option http-server-close - option httplog - option dontlognull - timeout client 10s - timeout connect 4s - timeout server 30s - timeout tunnel 3600s - errorfile 503 ${./errorfiles/503.html} - userlist LOUTRE - user paul password $6$YNjCpiPABu9$.iEp.3BgoswHcX3SMjz1/CiyqFQn/fjnxtT9CWBqQHBKynvK2kh/i62ije0WmCvhKRUhy9gdVbJStM3ciGXnC1 - frontend http-in - bind :::80 v4v6 - acl letsencrypt-acl path_beg /.well-known/acme-challenge/ - use_backend letsencrypt-backend if letsencrypt-acl - redirect scheme https code 301 if !letsencrypt-acl - frontend public - bind :::443 v4v6 ssl crt /var/lib/acme/${cfg.domaine}/full.pem alpn h2,http/1.1 - http-response set-header Strict-Transport-Security max-age=15768000 - http-request add-header X-Forwarded-Proto https - acl haproxy-acl path_beg /haproxy - use_backend haproxy_stats if haproxy-acl - ${concatStrings ( - mapAttrsToList (name: value: - " acl ${name}-acl hdr(host) -i ${name}\n" - + " use_backend ${name}-backend if ${name}-acl\n" - ) cfg.services)} - backend letsencrypt-backend - mode http - server letsencrypt 127.0.0.1:${toString nginx_port} - backend haproxy_stats - mode http - stats enable - stats hide-version - acl AuthOK_LOUTRE http_auth(LOUTRE) - http-request auth realm LOUTRE if !AuthOK_LOUTRE - ${concatStrings ( - mapAttrsToList (name: value: - '' - backend ${name}-backend - mode http - ${value.extraBackend} - ${( - if value.socket == "" then - '' - server ${name} ${value.ip}:${toString value.port} - '' - else - '' - server ${name} ${value.socket} - '' - )} - ${(if value.auth then ( - value.extraAcls - + '' - acl AUTH_OK http_auth(LOUTRE) - http-request auth realm LOUTRE if ${value.aclBool} - '' - ) else "")} - '' - ) cfg.services)} - ''; -in -{ - options.services.haproxy-acme = { - enable = mkEnableOption "HAproxy + ACME"; - - domaine = mkOption { - type = types.str; - example = "example.com"; - description = '' - Sous domaine à utiliser - - Il est necessaire d'avoir un enregistrement pointant sur la wildcard de ce domaine vers le serveur - ''; - }; - - services = mkOption { - type = with types; attrsOf (submodule { options = { - ip = mkOption { type = str; description = "IP address"; }; - port = mkOption { type = int; description = "Port number"; }; - socket = mkOption { type = str; description = "Emplacement du socket"; default = ""; }; - auth = mkOption { type = bool; description = "Enable authentification"; default = false; }; - extraBackend = mkOption { type = str; description = "Options backend HaProxy suplémentaires"; default = ""; }; - extraAcls = mkOption { type = str; description = "ACL HaProxy suplémentaires"; default = ""; }; - aclBool = mkOption { type = str; description = "Logique d'authentification"; default = "!AUTH_OK"; }; - }; }); - example = '' - haproxy_backends = { - example = { ip = "127.0.0.1"; port = 1234; auth = false; }; - }; - ''; - description = "Liste des noms de domaines associés à leur backend"; - }; - }; - - config = mkIf cfg.enable { - - services.haproxy.enable = true; - - services.haproxy.config = haproxyConf; - - services.nginx.enable = true; - services.nginx.virtualHosts = { - "acme" = { - listen = [ { addr = "127.0.0.1"; port = nginx_port; } ]; - locations = { "/" = { root = "/var/www/challenges"; }; }; - }; - }; - - security.acme.acceptTerms = true; - security.acme.certs = { - ${cfg.domaine} = { - extraDomains = mapAttrs' (name: value: - nameValuePair ("${name}") (null) - ) cfg.services; - webroot = "/var/www/challenges"; - email = "paul@nyanlout.re"; - allowKeysForGroup = true; - group = "acme"; - postRun = '' - systemctl reload haproxy.service - nixos-container run vsftpd -- systemctl restart vsftpd - ''; - }; - }; - - users.groups.acme.members = [ "haproxy" ]; - - networking.firewall.allowedTCPPorts = [ - 80 443 - ]; - - }; -} diff --git a/services/site-max.nix b/services/site-max.nix deleted file mode 100644 index da900b12..00000000 --- a/services/site-max.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ lib, config, pkgs, ... }: - -with lib; - -let - cfg = config.services.site-max; -in -{ - options.services.site-max = { - enable = mkEnableOption "Site Max Spiegel"; - - port = mkOption { - type = types.int; - example = 54321; - description = "Local listening port"; - }; - - domaine = mkOption { - type = types.str; - example = "example.com"; - description = "Domaine à utiliser"; - }; - }; - - config = mkIf cfg.enable { - - services.haproxy-acme.services = { - ${cfg.domaine} = { ip = "127.0.0.1"; port = cfg.port; auth = false; }; - }; - - services.nginx = { - virtualHosts = { - "max" = { - listen = [ { addr = "127.0.0.1"; port = cfg.port; } ]; - locations."/" = { - root = "/run/python-ci/nyanloutre/site-max"; - }; - }; - }; - }; - }; -} diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index a1d8c67e..fb52a444 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -90,7 +90,7 @@ in }; firewall = { - allowedTCPPorts = [ ]; + allowedTCPPorts = [ 80 443 ]; allowedUDPPorts = [ ]; interfaces.eno2 = { allowedTCPPorts = [ diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index c0d1a5e3..9ecd136e 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -24,9 +24,7 @@ in { imports = [ - ../../services/haproxy-acme.nix ../../services/mail-server.nix - ../../services/site-max.nix ../../services/auto-pr.nix ../../services/python-ci.nix ../../services/sdtdserver.nix diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index d98099fe..53f019e7 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -2,88 +2,147 @@ with lib; -#### VHost table #### -# 10000 riot.nyanlout.re -# 10001 factorio.nyanlout.re -# 10002 minecraft.nyanlout.re -# 10003 nyanlout.re -# 10004 musique-meyenheim.fr -# 10005 social.nyanlout.re -# 10006 pgmanage.nyanlout.re -# 10007 maxspiegel.fr -#### - let - domaine = "nyanlout.re"; + nginxSsoAuth = pkgs.writeText "nginx-sso_auth.inc" '' + # Protect this location using the auth_request + auth_request /sso-auth; - jellyfin_backend = '' - http-request set-header X-Forwarded-Port %[dst_port] - http-request add-header X-Forwarded-Proto https if { ssl_fc } - ''; - sonarr_acl = '' - acl API path_beg /api - ''; - sonarr_auth = '' - !AUTH_OK !API + # Redirect the user to the login page when they are not logged in + error_page 401 = @error401; + + location /sso-auth { + # Do not allow requests from outside + internal; + + # Access /auth endpoint to query login state + proxy_pass http://127.0.0.1:${toString(config.services.nginx.sso.configuration.listen.port)}/auth; + + # Do not forward the request body (nginx-sso does not care about it) + proxy_pass_request_body off; + proxy_set_header Content-Length ""; + + # Set custom information for ACL matching: Each one is available as + # a field for matching: X-Host = x-host, ... + proxy_set_header X-Origin-URI $request_uri; + proxy_set_header X-Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + # If the user is lead to /logout redirect them to the logout endpoint + # of ngninx-sso which then will redirect the user to / on the current host + location /sso-logout { + return 302 https://login.nyanlout.re/logout?go=$scheme://$http_host/; + } + + # Define where to send the user to login and specify how to get back + location @error401 { + return 302 https://login.nyanlout.re/login?go=$scheme://$http_host$request_uri; + } ''; - nginxGetFirstLocalPort = vh: (findFirst (x: x.addr == "127.0.0.1") (throw "No local port found") config.services.nginx.virtualHosts.${vh}.listen).port; + nginxSimpleReverse = rport: { + enableACME = true; + forceSSL = true; + + locations."/" = { + proxyPass = "http://127.0.0.1:${toString(rport)}/"; + }; + }; + + nginxAuthReverse = rport: { + enableACME = true; + forceSSL = true; + + extraConfig = '' + include ${nginxSsoAuth}; + ''; + + locations."/" = { + proxyPass = "http://127.0.0.1:${toString(rport)}/"; + extraConfig = '' + auth_request_set $cookie $upstream_http_set_cookie; + add_header Set-Cookie $cookie; + ''; + }; + }; in { + security.acme = { + email = "paul@nyanlout.re"; + acceptTerms = true; + }; + services = { - haproxy-acme = { - enable = true; - domaine = domaine; - services = { - "grafana.${domaine}" = { ip = "127.0.0.1"; port = config.services.grafana.port; auth = true; }; - "emby.${domaine}" = { ip = "127.0.0.1"; port = 8096; auth = false; extraBackend = jellyfin_backend; }; - "radarr.${domaine}" = { ip = "127.0.0.1"; port = 7878; auth = true; extraAcls = sonarr_acl; aclBool = sonarr_auth; }; - "sonarr.${domaine}" = { ip = "127.0.0.1"; port = 8989; auth = true; extraAcls = sonarr_acl; aclBool = sonarr_auth; }; - "transmission.${domaine}" = { ip = "127.0.0.1"; port = config.services.transmission.port; auth = true; }; - "syncthing.${domaine}" = { ip = "127.0.0.1"; port = 8384; auth = true; }; - "jackett.${domaine}" = { ip = "127.0.0.1"; port = 9117; auth = true; }; - "searx.${domaine}" = { ip = "127.0.0.1"; port = 8888; auth = false; }; - "riot.${domaine}" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "riot.nyanlout.re"; auth = false; }; - "matrix.${domaine}" = { ip = "127.0.0.1"; port = 8008; auth = false; }; - "pgmanage.${domaine}" = { ip = "127.0.0.1"; port = config.services.pgmanage.port; auth = true; }; - "gitea.${domaine}" = { ip = "127.0.0.1"; port = config.services.gitea.httpPort; auth = false; }; - "ci.${domaine}" = { ip = "127.0.0.1"; port = 52350; auth = false; }; - "factorio.${domaine}" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "factorio.nyanlout.re"; auth = false; }; - "airsonic.${domaine}" = { ip = "127.0.0.1"; port = 4040; auth = false; }; - "${domaine}" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "nyanlout.re"; auth = false; }; - "musique-meyenheim.fr" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "musique-meyenheim.fr"; auth = false; }; - "minecraft.${domaine}" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "minecraft.nyanlout.re"; auth = false; }; - }; - }; - - searx.enable = true; - nginx = { enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; recommendedProxySettings = true; - appendHttpConfig = '' - set_real_ip_from 127.0.0.1; - real_ip_header X-Forwarded-For; + recommendedTlsSettings = true; + commonHttpConfig = '' + map $scheme $hsts_header { + https "max-age=31536000; includeSubdomains; preload"; + } + add_header Strict-Transport-Security $hsts_header; + add_header Referrer-Policy origin-when-cross-origin; + + error_page 500 502 503 504 https://nyanlout.re/errorpages/50x.html; ''; + sso = { + enable = true; + environmentFile = "/mnt/secrets/nginx-sso.env"; + configuration = { + listen = { + addr = "127.0.0.1"; + port = 8082; + }; + login = { + title = "LoutreOS login"; + default_method = "simple"; + hide_mfa_field = true; + names.simple = "Username / Password"; + }; + cookie = { + domain = ".nyanlout.re"; + secure = true; + }; + audit_log = { + targets = [ "fd://stdout" ]; + events = [ "access_denied" "login_success" "login_failure" "logout" ]; + }; + providers.simple = { + enable_basic_auth = true; + users = { + paul = "$2y$10$RMqeJF/hUasXZ5/SLKAu4uKKp6ac6qXCaRu4OY/fIN6ZYucDXzqYm"; + }; + groups = { + admins = [ "paul" ]; + }; + }; + acl = { + rule_sets = [ + { + rules = [ { field = "x-host"; regexp = ".*"; } ]; + allow = [ "@admins" ]; + } + ]; + }; + }; + }; virtualHosts = { - "riot.nyanlout.re" = { - listen = [ { addr = "127.0.0.1"; port = 10000; } ]; - locations = { "/" = { root = pkgs.riot-web; }; }; - }; - "factorio.nyanlout.re" = { - listen = [ { addr = "127.0.0.1"; port = 10001; } ]; - locations = { "/" = { root = "/var/www/factorio"; }; }; - }; - "minecraft.nyanlout.re" = { - listen = [ { addr = "127.0.0.1"; port = 10002; } ]; - locations = { "/" = { root = "/var/www/minecraft-overviewer"; }; }; - }; "nyanlout.re" = { - listen = [ { addr = "127.0.0.1"; port = 10003; } ]; + default = true; + enableACME = true; + forceSSL = true; locations = { "/" = { alias = "/var/www/site-perso/"; }; + "/errorpages/" = { + alias = "/var/www/errorpages/"; + }; "/.well-known/openpgpkey/" = { alias = "/var/lib/gnupg/wks/nyanlout.re"; extraConfig = '' @@ -92,8 +151,24 @@ in }; }; }; + "riot.nyanlout.re" = { + enableACME = true; + forceSSL = true; + locations = { "/" = { root = pkgs.riot-web; }; }; + }; + "factorio.nyanlout.re" = { + enableACME = true; + forceSSL = true; + locations = { "/" = { root = "/var/www/factorio"; }; }; + }; + "minecraft.nyanlout.re" = { + enableACME = true; + forceSSL = true; + locations = { "/" = { root = "/var/www/minecraft-overviewer"; }; }; + }; "musique-meyenheim.fr" = { - listen = [ { addr = "127.0.0.1"; port = 10004; } ]; + enableACME = true; + forceSSL = true; locations = { "/" = { proxyPass = "http://unix:/run/site-musique.sock"; @@ -106,6 +181,33 @@ in }; }; }; + "maxspiegel.fr" = { + enableACME = true; + forceSSL = true; + locations."/" = { + root = "/run/python-ci/nyanloutre/site-max"; + }; + }; + "login.nyanlout.re" = { + enableACME = true; + forceSSL = true; + + locations."/" = { + proxyPass = "http://127.0.0.1:${toString(config.services.nginx.sso.configuration.listen.port)}/"; + }; + }; + "grafana.nyanlout.re" = nginxAuthReverse config.services.grafana.port; + "transmission.nyanlout.re" = nginxAuthReverse config.services.transmission.port; + "radarr.nyanlout.re" = nginxAuthReverse 7878; + "sonarr.nyanlout.re" = nginxAuthReverse 8989; + "syncthing.nyanlout.re" = nginxAuthReverse 8384; + "jackett.nyanlout.re" = nginxAuthReverse 9117; + "pgmanage.nyanlout.re" = nginxAuthReverse config.services.pgmanage.port; + "matrix.nyanlout.re" = nginxSimpleReverse 8008; + "airsonic.nyanlout.re" = nginxSimpleReverse 4040; + "emby.nyanlout.re" = nginxSimpleReverse 8096; + "ci.nyanlout.re" = nginxSimpleReverse 52350; + "gitea.nyanlout.re" = nginxSimpleReverse config.services.gitea.httpPort; }; }; @@ -140,12 +242,6 @@ in }; python-ci.enable = true; - - site-max = { - enable = true; - port = 10007; - domaine = "maxspiegel.fr"; - }; }; systemd.services.site-musique = let From e1fbcd0143ee133db750e5d7a35aa6ff6631e3d7 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 8 Apr 2020 12:46:43 +0200 Subject: [PATCH 102/474] vsftpd: fix pam --- containers/vsftpd.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/containers/vsftpd.nix b/containers/vsftpd.nix index 77e01dd3..b7194cc4 100644 --- a/containers/vsftpd.nix +++ b/containers/vsftpd.nix @@ -13,10 +13,11 @@ localUsers = true; userlist = ["claire" "manu" "lakeu" "fusil" "stryxion" "nico"]; rsaCertFile = "/var/lib/acme/nyanlout.re/full.pem"; + localRoot = "/mnt/medias"; extraConfig = '' pasv_min_port=64000 pasv_max_port=65535 - local_root=/mnt/medias + pam_service_name=vsftpd ''; }; From 26f5a98f032cc5bf15ac9d09c2c67d4d8720c15d Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 8 Apr 2020 12:46:54 +0200 Subject: [PATCH 103/474] vsftpd: add Sli --- containers/vsftpd.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/containers/vsftpd.nix b/containers/vsftpd.nix index b7194cc4..683b555c 100644 --- a/containers/vsftpd.nix +++ b/containers/vsftpd.nix @@ -57,6 +57,12 @@ hashedPassword = "$6$.sMznhhJ0fG2qx$XevsEqsjlLAnu/VMgeA6B5YfWY36dUZXtUGiEgPueHzRcfAEi2UXLWRHqcN6AsW1AozepeAP6/lZW3fDAyULA1"; description = "MAGENI"; }; + + sli = { + isNormalUser = true; + hashedPassword = "$6$ewTJHnkTpnw56$askXnJP9iX6.S5IgsSXvlcJA7ncLosPYVIw3TcOlRuK/z8UcFYqVlLX5uDJ.W6DiJ1Uk6FVfbL0jDL2ac22Mx0"; + description = "Sli"; + }; }; }; bindMounts = { From 12d95c1808b0a2b751c408ca49ff76a3920d4154 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 8 Apr 2020 12:47:12 +0200 Subject: [PATCH 104/474] fix unfree predicate for 20.03 --- systems/LoutreOS/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index fb52a444..5c0f592a 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -33,7 +33,7 @@ in ]; nixpkgs.config.allowUnfree = false; - nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem (builtins.parseDrvName pkg.pname).name [ "factorio-headless" "perl5.30.1-slimserver" "minecraft-server" ]); + nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem pkg.pname or (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.30.1-slimserver" "minecraft-server" ]); services.zfs = { autoSnapshot.enable = true; From 24a9343a2090c87373ff6181923138efe92de7f4 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 8 Apr 2020 12:48:42 +0200 Subject: [PATCH 105/474] nginx: create rtmp streaming server --- systems/LoutreOS/configuration.nix | 1 + systems/LoutreOS/web.nix | 44 ++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 5c0f592a..9b8d3d2f 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -96,6 +96,7 @@ in allowedTCPPorts = [ 111 2049 4000 4001 4002 # NFS 3483 9000 9090 # Slimserver + 1935 # RTMP ]; allowedUDPPorts = [ 111 2049 4000 4001 4002 # NFS diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 53f019e7..9a4ee8e1 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -77,6 +77,9 @@ in services = { nginx = { enable = true; + package = pkgs.nginx.override { + modules = with pkgs.nginxModules; [ rtmp ]; + }; recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; @@ -188,6 +191,18 @@ in root = "/run/python-ci/nyanloutre/site-max"; }; }; + "stream.nyanlout.re" = { + enableACME = true; + forceSSL = true; + root = "/var/www/hls/"; + + locations."/" = { + extraConfig = '' + add_header Cache-Control no-cache; + add_header Access-Control-Allow-Origin *; + ''; + }; + }; "login.nyanlout.re" = { enableACME = true; forceSSL = true; @@ -209,6 +224,35 @@ in "ci.nyanlout.re" = nginxSimpleReverse 52350; "gitea.nyanlout.re" = nginxSimpleReverse config.services.gitea.httpPort; }; + appendConfig = '' + rtmp { + server { + listen 1935; + + application live { + live on; + + exec_push ${pkgs.ffmpeg}/bin/ffmpeg -i rtmp://localhost/$app/$name -async 1 -vsync -1 + -c:v libx264 -c:a aac -b:v 768k -b:a 96k -vf "scale=720:trunc(ow/a/2)*2" -tune zerolatency -preset ultrafast -crf 28 -f flv rtmp://localhost/show/$name_mid + -c:v libx264 -c:a aac -b:v 1024k -b:a 128k -vf "scale=960:trunc(ow/a/2)*2" -tune zerolatency -preset ultrafast -crf 28 -f flv rtmp://localhost/show/$name_high + -c copy -f flv rtmp://localhost/show/$name_src 2>>${config.services.nginx.virtualHosts."stream.nyanlout.re".root}/ffmpeg-$name.log; + } + + application show { + live on; + hls on; + + hls_path ${config.services.nginx.virtualHosts."stream.nyanlout.re".root}; + hls_fragment 3s; + hls_playlist_length 60s; + + hls_variant _mid BANDWIDTH=448000; # Medium bitrate, SD resolution + hls_variant _high BANDWIDTH=1152000; # High bitrate, higher-than-SD resolution + hls_variant _src BANDWIDTH=4096000; # Source bitrate, source resolution + } + } + } + ''; }; postgresql.enable = true; From 74b611ded7185e1f2aa17d57cd5212408dd69d3f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 8 Apr 2020 12:49:45 +0200 Subject: [PATCH 106/474] mastodon: init --- systems/LoutreOS/hardware-configuration.nix | 5 +++ systems/LoutreOS/web.nix | 43 +++++++++++++++++++++ 2 files changed, 48 insertions(+) diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index 72279d0f..712bb63b 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -147,6 +147,11 @@ fsType = "zfs"; }; + fileSystems."/var/lib/mastodon" = + { device = "loutrepool/var/mastodon"; + fsType = "zfs"; + }; + swapDevices = [ { diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 9a4ee8e1..8d7ca3e9 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -191,6 +191,34 @@ in root = "/run/python-ci/nyanloutre/site-max"; }; }; + "social.nyanlout.re" = { + enableACME = true; + forceSSL = true; + + root = "${config.services.mastodon.package}/public/"; + + locations."/system/".alias = "/var/lib/mastodon/public-system/"; + + locations."/" = { + tryFiles = "$uri @proxy"; + }; + + locations."@proxy" = { + proxyPass = "http://127.0.0.1:${toString(config.services.mastodon.webPort)}"; + proxyWebsockets = true; + extraConfig = '' + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + ''; + }; + + locations."/api/v1/streaming/" = { + proxyPass = "http://127.0.0.1:${toString(config.services.mastodon.streamingPort)}/"; + proxyWebsockets = true; + extraConfig = '' + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + ''; + }; + }; "stream.nyanlout.re" = { enableACME = true; forceSSL = true; @@ -286,6 +314,21 @@ in }; python-ci.enable = true; + + mastodon = { + enable = true; + localDomain = "social.nyanlout.re"; + extraConfig = { + SMTP_AUTH_METHOD = "none"; + SMTP_OPENSSL_VERIFY_MODE = "none"; + }; + smtp = { + fromAddress = "social@nyanlout.re"; + user = "social@nyanlout.re"; + authenticate = false; + }; + mediaPruneTimer = true; + }; }; systemd.services.site-musique = let From e08bd357edbe446b110cdb983893e4911ce5db6e Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 8 Apr 2020 12:53:30 +0200 Subject: [PATCH 107/474] zed: init --- systems/LoutreOS/monitoring.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/systems/LoutreOS/monitoring.nix b/systems/LoutreOS/monitoring.nix index 599eded9..9449cf03 100644 --- a/systems/LoutreOS/monitoring.nix +++ b/systems/LoutreOS/monitoring.nix @@ -119,6 +119,11 @@ in AUTH_BASIC_ENABLED = "false"; }; }; + + zfs.zed.settings = { + ZED_EMAIL_ADDR = [ "paul@nyanlout.re" ]; + ZED_NOTIFY_VERBOSE = true; + }; }; security.sudo.extraRules = [ From ec1f659ce4e1ece504a872b7dc062eb823802f9a Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 8 Apr 2020 12:53:53 +0200 Subject: [PATCH 108/474] postgresql: improve zfs performances --- systems/LoutreOS/web.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 8d7ca3e9..0992c900 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -283,7 +283,12 @@ in ''; }; - postgresql.enable = true; + postgresql = { + enable = true; + extraConfig = '' + full_page_writes = off + ''; + }; pgmanage = { enable = true; From 3c6677354a96a43056bd209881f2d54f307eb7b7 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 8 Apr 2020 13:03:01 +0200 Subject: [PATCH 109/474] nginx: simplify nix functions --- systems/LoutreOS/web.nix | 76 +++++++++++++++++++--------------------- 1 file changed, 37 insertions(+), 39 deletions(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 0992c900..ce4c50a7 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -41,32 +41,6 @@ let return 302 https://login.nyanlout.re/login?go=$scheme://$http_host$request_uri; } ''; - - nginxSimpleReverse = rport: { - enableACME = true; - forceSSL = true; - - locations."/" = { - proxyPass = "http://127.0.0.1:${toString(rport)}/"; - }; - }; - - nginxAuthReverse = rport: { - enableACME = true; - forceSSL = true; - - extraConfig = '' - include ${nginxSsoAuth}; - ''; - - locations."/" = { - proxyPass = "http://127.0.0.1:${toString(rport)}/"; - extraConfig = '' - auth_request_set $cookie $upstream_http_set_cookie; - add_header Set-Cookie $cookie; - ''; - }; - }; in { security.acme = { @@ -134,7 +108,31 @@ in }; }; }; - virtualHosts = { + virtualHosts = let + base = locations: { + inherit locations; + forceSSL = true; + enableACME = true; + }; + simpleReverse = rport: base { + "/" = { + proxyPass = "http://127.0.0.1:${toString(rport)}/"; + }; + }; + authReverse = rport: base { + "/" = { + proxyPass = "http://127.0.0.1:${toString(rport)}/"; + extraConfig = '' + auth_request_set $cookie $upstream_http_set_cookie; + add_header Set-Cookie $cookie; + ''; + }; + } // { + extraConfig = '' + include ${nginxSsoAuth}; + ''; + }; + in { "nyanlout.re" = { default = true; enableACME = true; @@ -239,18 +237,18 @@ in proxyPass = "http://127.0.0.1:${toString(config.services.nginx.sso.configuration.listen.port)}/"; }; }; - "grafana.nyanlout.re" = nginxAuthReverse config.services.grafana.port; - "transmission.nyanlout.re" = nginxAuthReverse config.services.transmission.port; - "radarr.nyanlout.re" = nginxAuthReverse 7878; - "sonarr.nyanlout.re" = nginxAuthReverse 8989; - "syncthing.nyanlout.re" = nginxAuthReverse 8384; - "jackett.nyanlout.re" = nginxAuthReverse 9117; - "pgmanage.nyanlout.re" = nginxAuthReverse config.services.pgmanage.port; - "matrix.nyanlout.re" = nginxSimpleReverse 8008; - "airsonic.nyanlout.re" = nginxSimpleReverse 4040; - "emby.nyanlout.re" = nginxSimpleReverse 8096; - "ci.nyanlout.re" = nginxSimpleReverse 52350; - "gitea.nyanlout.re" = nginxSimpleReverse config.services.gitea.httpPort; + "grafana.nyanlout.re" = authReverse config.services.grafana.port; + "transmission.nyanlout.re" = authReverse config.services.transmission.port; + "radarr.nyanlout.re" = authReverse 7878; + "sonarr.nyanlout.re" = authReverse 8989; + "syncthing.nyanlout.re" = authReverse 8384; + "jackett.nyanlout.re" = authReverse 9117; + "pgmanage.nyanlout.re" = authReverse config.services.pgmanage.port; + "matrix.nyanlout.re" = simpleReverse 8008; + "airsonic.nyanlout.re" = simpleReverse 4040; + "emby.nyanlout.re" = simpleReverse 8096; + "ci.nyanlout.re" = simpleReverse 52350; + "gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort; }; appendConfig = '' rtmp { From dfa4431c47fb8df3d132195eaa19f5a7c0524adf Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 9 Apr 2020 16:28:25 +0200 Subject: [PATCH 110/474] nginx: utilisation fonctions --- systems/LoutreOS/web.nix | 118 +++++++++------------------------------ 1 file changed, 27 insertions(+), 91 deletions(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index ce4c50a7..b639fc79 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -133,110 +133,45 @@ in ''; }; in { - "nyanlout.re" = { - default = true; - enableACME = true; - forceSSL = true; - locations = { - "/" = { - alias = "/var/www/site-perso/"; - }; - "/errorpages/" = { - alias = "/var/www/errorpages/"; - }; - "/.well-known/openpgpkey/" = { - alias = "/var/lib/gnupg/wks/nyanlout.re"; - extraConfig = '' - add_header Access-Control-Allow-Origin * always; - ''; - }; + "nyanlout.re" = base { + "/" = { + alias = "/var/www/site-perso/"; }; - }; - "riot.nyanlout.re" = { - enableACME = true; - forceSSL = true; - locations = { "/" = { root = pkgs.riot-web; }; }; - }; - "factorio.nyanlout.re" = { - enableACME = true; - forceSSL = true; - locations = { "/" = { root = "/var/www/factorio"; }; }; - }; - "minecraft.nyanlout.re" = { - enableACME = true; - forceSSL = true; - locations = { "/" = { root = "/var/www/minecraft-overviewer"; }; }; - }; - "musique-meyenheim.fr" = { - enableACME = true; - forceSSL = true; - locations = { - "/" = { - proxyPass = "http://unix:/run/site-musique.sock"; - }; - "/static/" = { - alias = "/var/www/site-musique/staticfiles/"; - }; - "/media/" = { - alias = "/var/www/site-musique/media/"; - }; + "/errorpages/" = { + alias = "/var/www/errorpages/"; }; - }; - "maxspiegel.fr" = { - enableACME = true; - forceSSL = true; - locations."/" = { - root = "/run/python-ci/nyanloutre/site-max"; - }; - }; - "social.nyanlout.re" = { - enableACME = true; - forceSSL = true; - - root = "${config.services.mastodon.package}/public/"; - - locations."/system/".alias = "/var/lib/mastodon/public-system/"; - - locations."/" = { - tryFiles = "$uri @proxy"; - }; - - locations."@proxy" = { - proxyPass = "http://127.0.0.1:${toString(config.services.mastodon.webPort)}"; - proxyWebsockets = true; + "/.well-known/openpgpkey/" = { + alias = "/var/lib/gnupg/wks/nyanlout.re"; extraConfig = '' - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + add_header Access-Control-Allow-Origin * always; ''; }; - - locations."/api/v1/streaming/" = { - proxyPass = "http://127.0.0.1:${toString(config.services.mastodon.streamingPort)}/"; - proxyWebsockets = true; - extraConfig = '' - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - ''; + } // { default = true; }; + "riot.nyanlout.re" = base { "/" = { root = pkgs.riot-web; }; }; + "factorio.nyanlout.re" = base { "/" = { root = "/var/www/factorio"; }; }; + "minecraft.nyanlout.re" = base { "/" = { root = "/var/www/minecraft-overviewer"; }; }; + "musique-meyenheim.fr" = base { + "/" = { + proxyPass = "http://unix:/run/site-musique.sock"; + }; + "/static/" = { + alias = "/var/www/site-musique/staticfiles/"; + }; + "/media/" = { + alias = "/var/www/site-musique/media/"; }; }; - "stream.nyanlout.re" = { - enableACME = true; - forceSSL = true; - root = "/var/www/hls/"; - - locations."/" = { + "maxspiegel.fr" = base { "/" = { root = "/run/python-ci/nyanloutre/site-max"; }; + "stream.nyanlout.re" = base { + "/" = { + root = "/var/www/hls/" extraConfig = '' add_header Cache-Control no-cache; add_header Access-Control-Allow-Origin *; ''; }; }; - "login.nyanlout.re" = { - enableACME = true; - forceSSL = true; - - locations."/" = { - proxyPass = "http://127.0.0.1:${toString(config.services.nginx.sso.configuration.listen.port)}/"; - }; - }; + "login.nyanlout.re" = simpleReverse config.services.nginx.sso.configuration.listen.port; "grafana.nyanlout.re" = authReverse config.services.grafana.port; "transmission.nyanlout.re" = authReverse config.services.transmission.port; "radarr.nyanlout.re" = authReverse 7878; @@ -321,6 +256,7 @@ in mastodon = { enable = true; localDomain = "social.nyanlout.re"; + configureNginx = true; extraConfig = { SMTP_AUTH_METHOD = "none"; SMTP_OPENSSL_VERIFY_MODE = "none"; From 447ae08e2498eda27e66df8c638eefc695cb840d Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 16 Apr 2020 08:56:01 +0200 Subject: [PATCH 111/474] matrix-synapse: fix cert permissions --- systems/LoutreOS/services.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 9ecd136e..3e1bd25e 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -302,7 +302,8 @@ in # # ''; - users.groups.acme.members = [ "matrix-synapse" ]; + users.groups.nginx.members = [ "matrix-synapse" ]; + security.acme.certs."nyanlout.re".allowKeysForGroup = true; security.pam.services.sshd.text = pkgs.lib.mkDefault( pkgs.lib.mkAfter "session optional ${pkgs.pam}/lib/security/pam_exec.so seteuid ${login_mail_alert}/bin/mail_alert.sh" ); From 1cbf2463946f1ec139b8d9973d133099cca79fa9 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 16 Apr 2020 09:12:30 +0200 Subject: [PATCH 112/474] web: fix config --- systems/LoutreOS/web.nix | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index b639fc79..a8f33999 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -161,10 +161,10 @@ in alias = "/var/www/site-musique/media/"; }; }; - "maxspiegel.fr" = base { "/" = { root = "/run/python-ci/nyanloutre/site-max"; }; + "maxspiegel.fr" = base { "/" = { root = "/run/python-ci/nyanloutre/site-max"; }; }; "stream.nyanlout.re" = base { "/" = { - root = "/var/www/hls/" + root = "/var/www/hls/"; extraConfig = '' add_header Cache-Control no-cache; add_header Access-Control-Allow-Origin *; @@ -185,7 +185,9 @@ in "ci.nyanlout.re" = simpleReverse 52350; "gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort; }; - appendConfig = '' + appendConfig = let + rootLocation = config.services.nginx.virtualHosts."stream.nyanlout.re".locations."/".root; + in '' rtmp { server { listen 1935; @@ -196,14 +198,14 @@ in exec_push ${pkgs.ffmpeg}/bin/ffmpeg -i rtmp://localhost/$app/$name -async 1 -vsync -1 -c:v libx264 -c:a aac -b:v 768k -b:a 96k -vf "scale=720:trunc(ow/a/2)*2" -tune zerolatency -preset ultrafast -crf 28 -f flv rtmp://localhost/show/$name_mid -c:v libx264 -c:a aac -b:v 1024k -b:a 128k -vf "scale=960:trunc(ow/a/2)*2" -tune zerolatency -preset ultrafast -crf 28 -f flv rtmp://localhost/show/$name_high - -c copy -f flv rtmp://localhost/show/$name_src 2>>${config.services.nginx.virtualHosts."stream.nyanlout.re".root}/ffmpeg-$name.log; + -c copy -f flv rtmp://localhost/show/$name_src 2>>${rootLocation}/ffmpeg-$name.log; } application show { live on; hls on; - hls_path ${config.services.nginx.virtualHosts."stream.nyanlout.re".root}; + hls_path ${rootLocation}; hls_fragment 3s; hls_playlist_length 60s; From 7f4611feefea8662210b16a705241afa3d31f075 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 16 Apr 2020 09:14:37 +0200 Subject: [PATCH 113/474] overlays: remove custom sudo --- overlays/neovim.nix | 22 ---------------------- overlays/sudo.nix | 6 ------ systems/common-cli.nix | 25 +++++++++++++++++++------ 3 files changed, 19 insertions(+), 34 deletions(-) delete mode 100644 overlays/neovim.nix delete mode 100644 overlays/sudo.nix diff --git a/overlays/neovim.nix b/overlays/neovim.nix deleted file mode 100644 index 48d85316..00000000 --- a/overlays/neovim.nix +++ /dev/null @@ -1,22 +0,0 @@ -self: super: -{ - neovim = super.neovim.override { - viAlias = true; - vimAlias = true; - configure = { - customRC = '' - set shiftwidth=2 - set softtabstop=2 - set expandtab - set background=dark - ''; - packages.myVimPackage = with super.vimPlugins; { - start = [ - vim-startify airline sensible - polyglot ale fugitive - ]; - opt = [ ]; - }; - }; - }; -} diff --git a/overlays/sudo.nix b/overlays/sudo.nix deleted file mode 100644 index 229ad6ea..00000000 --- a/overlays/sudo.nix +++ /dev/null @@ -1,6 +0,0 @@ -self: super: -{ - sudo = super.sudo.override { - withInsults = true; - }; -} diff --git a/systems/common-cli.nix b/systems/common-cli.nix index 9d8317b6..adf9ad8e 100644 --- a/systems/common-cli.nix +++ b/systems/common-cli.nix @@ -4,14 +4,27 @@ time.timeZone = "Europe/Paris"; - nixpkgs.overlays = [ - (import ../overlays/sudo.nix) - (import ../overlays/neovim.nix) - ]; - environment.systemPackages = with pkgs; [ # Editeurs - neovim + (neovim.override { + viAlias = true; + vimAlias = true; + configure = { + customRC = '' + set shiftwidth=2 + set softtabstop=2 + set expandtab + set background=dark + ''; + packages.myVimPackage = with pkgs.vimPlugins; { + start = [ + vim-startify airline sensible + polyglot ale fugitive + ]; + opt = [ ]; + }; + }; + }) # Gestionnaires de version gitFull From b26cf3b8ae2cc41df54391e3af4bb9e68ef1e8cd Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 21 Apr 2020 02:39:01 +0200 Subject: [PATCH 114/474] PC-Fixe: activation memtest GRUB --- systems/PC-Fixe/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 19bd7821..d3a6f518 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -17,6 +17,7 @@ efiSupport = true; device = "nodev"; zfsSupport = true; + memtest86.enable = true; }; boot.kernelParams = ["acpi_enforce_resources=lax"]; boot.tmpOnTmpfs = true; From 52e48282b015355a9449889db464aeb35fe091b8 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 21 Apr 2020 02:39:41 +0200 Subject: [PATCH 115/474] PC-Fixe: Intel -> AMD --- systems/PC-Fixe/hardware-configuration.nix | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/systems/PC-Fixe/hardware-configuration.nix b/systems/PC-Fixe/hardware-configuration.nix index 348f9925..eb8e3572 100644 --- a/systems/PC-Fixe/hardware-configuration.nix +++ b/systems/PC-Fixe/hardware-configuration.nix @@ -8,14 +8,13 @@ [ ]; - boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "nvme" "firewire_ohci" "pata_marvell" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ]; + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.kernelModules = [ "kvm-intel" "nct6775" ]; + boot.kernelModules = [ "kvm-amd" "coretemp" "it87" ]; boot.extraModulePackages = [ ]; services.xserver.videoDrivers = [ "nvidia" ]; - - hardware.cpu.intel.updateMicrocode = true; + hardware.cpu.amd.updateMicrocode = true; fileSystems."/" = { device = "rpool/root/nixos"; @@ -76,6 +75,6 @@ swapDevices = [ ]; - nix.maxJobs = lib.mkDefault 4; + nix.maxJobs = lib.mkDefault 12; powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; } From 9a0b1f679ce20543b00fefdd609858c1f12e4743 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 7 May 2020 12:13:35 +0200 Subject: [PATCH 116/474] PC-Fixe: update config --- overlays/ledger-udev-rules.nix | 18 ------------ systems/PC-Fixe/configuration.nix | 32 +++++++--------------- systems/PC-Fixe/hardware-configuration.nix | 6 ---- systems/common-gui.nix | 14 ++++------ 4 files changed, 16 insertions(+), 54 deletions(-) delete mode 100644 overlays/ledger-udev-rules.nix diff --git a/overlays/ledger-udev-rules.nix b/overlays/ledger-udev-rules.nix deleted file mode 100644 index 495e4606..00000000 --- a/overlays/ledger-udev-rules.nix +++ /dev/null @@ -1,18 +0,0 @@ -self: super: - -{ - ledger-udev-rules = super.writeTextFile { - name = "ledger-udev-rules"; - text = '' - SUBSYSTEMS=="usb", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="1b7c", MODE="0660", TAG+="uaccess", TAG+="udev-acl", GROUP="users" - SUBSYSTEMS=="usb", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="2b7c", MODE="0660", TAG+="uaccess", TAG+="udev-acl", GROUP="users" - SUBSYSTEMS=="usb", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="3b7c", MODE="0660", TAG+="uaccess", TAG+="udev-acl", GROUP="users" - SUBSYSTEMS=="usb", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="4b7c", MODE="0660", TAG+="uaccess", TAG+="udev-acl", GROUP="users" - SUBSYSTEMS=="usb", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="1807", MODE="0660", TAG+="uaccess", TAG+="udev-acl", GROUP="users" - SUBSYSTEMS=="usb", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="1808", MODE="0660", TAG+="uaccess", TAG+="udev-acl", GROUP="users" - SUBSYSTEMS=="usb", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0000", MODE="0660", TAG+="uaccess", TAG+="udev-acl", GROUP="users" - SUBSYSTEMS=="usb", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0001", MODE="0660", TAG+="uaccess", TAG+="udev-acl", GROUP="users" - ''; - destination = "/etc/udev/rules.d/99-ledger.rules"; - }; -} diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index d3a6f518..dd66d018 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -23,6 +23,15 @@ boot.tmpOnTmpfs = true; boot.supportedFilesystems = [ "zfs" ]; + boot.kernelPatches = [ + { name = "dirt_rally_2_ffb_fix"; + patch = pkgs.fetchpatch { + url = "https://git.kernel.org/pub/scm/linux/kernel/git/dtor/input.git/patch/?id=09264098ff153f60866039d60b31d39b66f55a31"; + sha256 = "17g7zvn46b9252qk4sqd3j73989lr0hkd86zz4bq1c4dhziy219w"; + }; + } + ]; + services.zfs = { trim.enable = true; autoSnapshot = { @@ -41,9 +50,7 @@ usb-modeswitch-data # Logitech G920 ]; - # Corsair K70 services.udev.extraRules = '' - SUBSYSTEM=="usb", ATTR{bInterfaceNumber}=="00", ATTRS{idVendor}=="1b1c", ATTRS{idProduct}=="1b09", RUN+="${pkgs.bash}/bin/sh -c '${pkgs.coreutils}/bin/echo -n %k > /sys''${DEVPATH}/driver/unbind'" ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE="0664", GROUP="dialout" ''; @@ -54,7 +61,6 @@ environment.systemPackages = with pkgs; [ usb_modeswitch - virtmanager ]; programs.wireshark.enable = true; @@ -83,28 +89,10 @@ services.netdata.enable = true; - services.tor.enable = true; - services.tor.client.enable = true; - - virtualisation.libvirtd.enable = true; - services.openssh.enable = true; services.openssh.passwordAuthentication = false; + services.openssh.forwardX11 = true; - systemd.services.iscsid = { - description = "iscsid daemon"; - wantedBy = [ "network-online.target" ]; - preStart = "${pkgs.kmod}/bin/modprobe iscsi_tcp"; - postStart = '' - ${pkgs.openiscsi}/bin/iscsiadm -m discovery -t st -p 10.30.0.1 - ${pkgs.openiscsi}/bin/iscsiadm -m node -T iqn.2019-11.nyanlout.re:steam -l - ''; - serviceConfig = { - ExecStart = "${pkgs.openiscsi}/bin/iscsid -f -c ${pkgs.openiscsi}/etc/iscsi/iscsid.conf -i ${pkgs.openiscsi}/etc/iscsi/initiatorname.iscsi"; - KillMode = "process"; - Restart = "on-success"; - }; - }; system.stateVersion = "20.03"; } diff --git a/systems/PC-Fixe/hardware-configuration.nix b/systems/PC-Fixe/hardware-configuration.nix index eb8e3572..82d25920 100644 --- a/systems/PC-Fixe/hardware-configuration.nix +++ b/systems/PC-Fixe/hardware-configuration.nix @@ -61,12 +61,6 @@ options = [ "bind" ]; }; - fileSystems."/mnt/steam-lun" = - { device = "/dev/disk/by-path/ip-10.30.0.1:3260-iscsi-iqn.2019-11.nyanlout.re:steam-lun-1"; - fsType = "ext4"; - options = ["x-systemd.automount" "noauto"]; - }; - fileSystems."/mnt/medias" = { device = "10.30.0.1:/mnt/medias"; fsType = "nfs"; diff --git a/systems/common-gui.nix b/systems/common-gui.nix index 3ef475a1..4c90469c 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -1,10 +1,6 @@ { config, pkgs, ... }: { - nixpkgs.overlays = [ - (import ../overlays/ledger-udev-rules.nix) - ]; - nixpkgs.config.allowUnfree = true; environment.systemPackages = with pkgs; [ @@ -21,6 +17,7 @@ steam-run minecraft multimc + lutris betaflight-configurator @@ -59,17 +56,17 @@ }) gnome-breeze - arc-theme - materia-theme libreoffice gimp + inkscape imagemagick obs-studio vlc - kodiPlain mpv + jftui + calibre glxinfo i7z @@ -77,10 +74,11 @@ ]; i18n = { - consoleKeyMap = "fr"; defaultLocale = "fr_FR.UTF-8"; }; + console.keyMap = "fr"; + hardware = { opengl.driSupport32Bit = true; pulseaudio.support32Bit = true; From 798c2ca66cd030db079136f0e536943a0b0520ac Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 30 Aug 2020 16:25:51 +0200 Subject: [PATCH 117/474] ajout SSH de secours --- systems/LoutreOS/configuration.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 9b8d3d2f..0c088675 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -40,6 +40,8 @@ in autoScrub.enable = true; }; + hardware.usbWwan.enable = true; + # eno1 -> VLAN100 -> Internet # eno2 -> LAN # eno3 -> Legacy client DHCP @@ -53,7 +55,10 @@ in persistent = true; extraConfig = '' interface bouyges + metric 10 noarp + interface enp0s21u2 + metric 999 ''; }; @@ -135,6 +140,17 @@ in passwordAuthentication = false; }; + users = { + groups.autossh = { }; + users.autossh = { + home = "/home/autossh"; + createHome = true; + group = "autossh"; + }; + }; + + services.autossh.sessions = [ { extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 loutre@vps772619.ovh.net"; monitoringPort = 20000; name = "backup-ssh-reverse"; user = "autossh"; } ]; + security.sudo.wheelNeedsPassword = false; system.stateVersion = "18.03"; From fbcf3bcac28355c09c44e2d2464b114b435903ae Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 30 Aug 2020 21:08:35 +0200 Subject: [PATCH 118/474] =?UTF-8?q?Migration=20dogetipbot=20depuis=20block?= =?UTF-8?q?io=20vers=20wallet=20int=C3=A9gr=C3=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- overlays/dogetipbot-telegram.nix | 9 --------- systems/LoutreOS/services.nix | 15 +++++++++------ 2 files changed, 9 insertions(+), 15 deletions(-) delete mode 100644 overlays/dogetipbot-telegram.nix diff --git a/overlays/dogetipbot-telegram.nix b/overlays/dogetipbot-telegram.nix deleted file mode 100644 index 162b5f5e..00000000 --- a/overlays/dogetipbot-telegram.nix +++ /dev/null @@ -1,9 +0,0 @@ -self: super: - -{ - dogetipbot-telegram = super.callPackage (super.fetchgit { - url = "https://gitlab.com/nyanloutre/dogetipbot-telegram.git"; - rev = "a63408de18d447983d65a51f176c35e434327517"; - sha256 = "12y7yd114cz64blgnyljpnnqbycsp0f1ljzaiqq05a5xa4pjvwyf"; - }) { pkgs = self; }; -} diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 3e1bd25e..9325572c 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -35,10 +35,6 @@ in ./web.nix ]; - nixpkgs.overlays = [ - (import ../../overlays/dogetipbot-telegram.nix) - ]; - services = { fail2ban.enable = true; @@ -242,14 +238,21 @@ in }; }; - systemd.services.dogetipbot-telegram = { + systemd.services.dogetipbot-telegram = let + dogetipbot-telegram = pkgs.callPackage (pkgs.fetchgit { + url = "https://gitlab.com/nyanloutre/dogetipbot-telegram.git"; + rev = "18c875a2e4b98221523818515a1eecb9c5aeb093"; + sha256 = "0mhv00y1c2py425wxl13if6nlv97xk5k6flf772jj1yaxipjdmpn"; + }) { inherit pkgs; }; + in { after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - script = "${pkgs.dogetipbot-telegram}/bin/dogetipbot-telegram --block-io-api-key $BLOCK_IO_API_KEY --block-io-pin $BLOCK_IO_PIN --telegram-api-key $TELEGRAM_API_KEY --network DOGE"; + script = "${dogetipbot-telegram}/bin/dogetipbot-telegram --db-path $STATE_DIRECTORY/users.db"; enable = true; serviceConfig = { EnvironmentFile = "/mnt/secrets/dogetipbot-telegram_env"; DynamicUser = true; + StateDirectory = "dogetipbot"; }; }; From 5c031c573dd8121305ae35be30650eac5cb236fa Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 30 Aug 2020 21:10:48 +0200 Subject: [PATCH 119/474] =?UTF-8?q?Ajout=20r=C3=A9seau=20sp=C3=A9cial=20ch?= =?UTF-8?q?inoiseries?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- systems/LoutreOS/configuration.nix | 35 ++++++++++++++++++++++++------ 1 file changed, 28 insertions(+), 7 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 0c088675..cfeb6b45 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -62,9 +62,15 @@ in ''; }; - vlans.bouyges = { - id = 100; - interface = "eno1"; + vlans = { + bouyges = { + id = 100; + interface = "eno1"; + }; + chinoiseries = { + id = 20; + interface = "eno2"; + }; }; interfaces = { @@ -78,6 +84,11 @@ in { address = "10.30.0.1"; prefixLength = 16; } ]; }; + chinoiseries = { + ipv4.addresses = [ + { address = "10.40.0.1"; prefixLength = 16; } + ]; + }; }; # NAT bouyges <-> eno2 @@ -86,8 +97,8 @@ in externalInterface = "bouyges"; # Permet d'utiliser le SNAT plus rapide au lieu de MASQUERADE # externalIP = "0.0.0.0"; - internalIPs = [ "10.30.0.0/16" ]; - internalInterfaces = [ "eno2" ]; + internalIPs = [ "10.30.0.0/16" "10.40.0.0/16" ]; + internalInterfaces = [ "eno2" "chinoiseries" ]; forwardPorts = [ { destination = "10.30.0.1:22"; proto = "tcp"; sourcePort = 8443;} { destination = "10.30.135.35:25565"; proto = "tcp"; sourcePort = 25565; loopbackIPs=[ "195.36.180.44" ];} @@ -114,19 +125,29 @@ in services.dhcpd4 = { enable = true; - interfaces = [ "eno2" ]; + interfaces = [ "eno2" "chinoiseries" ]; machines = [ { ethernetAddress = "50:c7:bf:b6:b8:ef"; hostName = "HS110"; ipAddress = "10.30.50.7"; } { ethernetAddress = "ac:1f:6b:4b:01:15"; hostName = "IPMI"; ipAddress = "10.30.1.1"; } { ethernetAddress = "00:1f:c6:6e:d1:f1"; hostName = "minecraftos"; ipAddress = "10.30.135.35"; } + { ethernetAddress = "b4:2e:99:ed:24:26"; hostName = "paul-fixe"; ipAddress = "10.30.135.71"; } + + # YeeLights + { ethernetAddress = "04:cf:8c:b5:7e:18"; hostName = "yeelink-light-color3_miap7e18"; ipAddress = "10.40.249.0"; } + { ethernetAddress = "04:cf:8c:b5:2d:28"; hostName = "yeelink-light-color3_miap2d28"; ipAddress = "10.40.249.1"; } + { ethernetAddress = "04:cf:8c:b5:71:04"; hostName = "yeelink-light-color3_miap7104"; ipAddress = "10.40.249.2"; } ]; extraConfig = '' option domain-name-servers 89.234.141.66, 80.67.169.12, 80.67.169.40; option subnet-mask 255.255.0.0; - option routers 10.30.0.1; subnet 10.30.0.0 netmask 255.255.0.0 { + option routers 10.30.0.1; range 10.30.50.0 10.30.250.0; } + subnet 10.40.0.0 netmask 255.255.0.0 { + option routers 10.40.0.1; + range 10.40.50.0 10.40.250.0; + } ''; }; From 233c85d8b6c4eae0fd926458f6b77f4689297ff6 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 30 Aug 2020 21:11:15 +0200 Subject: [PATCH 120/474] =?UTF-8?q?Volume=20ZFS=20tunn=C3=A9=20torrent?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- systems/LoutreOS/hardware-configuration.nix | 5 +++++ systems/LoutreOS/medias.nix | 1 + 2 files changed, 6 insertions(+) diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index 712bb63b..7bfc7fe6 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -72,6 +72,11 @@ fsType = "zfs"; }; + fileSystems."/mnt/medias/incomplete" = + { device = "loutrepool/torrent-dl"; + fsType = "zfs"; + }; + fileSystems."/mnt/medias" = { device = "loutrepool/medias"; fsType = "zfs"; diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index 6b92d33a..eea4617f 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -10,6 +10,7 @@ rpc-host-whitelist = "*"; rpc-whitelist-enabled = false; peer-port = 51413; + incomplete-dir = "/mnt/medias/incomplete"; }; }; From 348f1f1aa244cba01c4a8c7321a4dd0e0edf9d32 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 30 Aug 2020 21:14:33 +0200 Subject: [PATCH 121/474] supression module auto-pr --- services/auto-pr.nix | 44 -------------------- services/pr-autobot.py | 75 ----------------------------------- systems/LoutreOS/services.nix | 3 -- 3 files changed, 122 deletions(-) delete mode 100644 services/auto-pr.nix delete mode 100755 services/pr-autobot.py diff --git a/services/auto-pr.nix b/services/auto-pr.nix deleted file mode 100644 index 6e808851..00000000 --- a/services/auto-pr.nix +++ /dev/null @@ -1,44 +0,0 @@ -{lib, config, pkgs, ... }: - -with lib; - -let - cfg = config.services.auto-pr; -in -{ - options.services.auto-pr = { - enable = mkEnableOption "Cron job PR mise à jour automatique"; - }; - - config = mkIf cfg.enable { - - systemd.services.auto-pr-bot = { - description = "Création d'un PR si mise à jour"; - requires = ["network-online.target"]; - environment = { HOME = "/var/lib/auto-pr-bot"; }; - serviceConfig = { - DynamicUser = true; - CacheDirectory = "auto-pr-bot"; - StateDirectory = "auto-pr-bot"; - Type = "oneshot"; - ExecStart = with pkgs; - let env = python3Packages.python.buildEnv.override { - extraLibs = [ python3Packages.PyGithub python3Packages.pyjwt python3Packages.colorama ]; - ignoreCollisions = true; - }; - in "${pkgs.writeShellScriptBin "run.sh" '' - ${env}/bin/python ${pkgs.writeScript "pr-autobot.py" "${readFile ./pr-autobot.py}"} --private-key /var/lib/auto-pr-bot/private-key.pem --app-id 19565 --installation-id 407088 --repo nyanloutre/nixpkgs --cache-dir /var/cache/auto-pr-bot --version 19.09 - ''}/bin/run.sh"; - }; - }; - - systemd.timers.auto-pr-bot = { - description = "Timer auto PR bot"; - requires = ["network-online.target"]; - wantedBy = ["multi-user.target"]; - timerConfig = { OnCalendar = "daily"; Unit = "auto-pr-bot.service"; }; - }; - - }; - -} diff --git a/services/pr-autobot.py b/services/pr-autobot.py deleted file mode 100755 index c97a2c9a..00000000 --- a/services/pr-autobot.py +++ /dev/null @@ -1,75 +0,0 @@ -#!/usr/bin/env python - -import jwt, time, urllib.request, json, datetime, argparse, sys, textwrap -from github import Github -from colorama import Fore, Style -from time import sleep - -parser = argparse.ArgumentParser(description='Create PR to update nixpkgs fork') -parser.add_argument('--private-key') -parser.add_argument('--app-id') -parser.add_argument('--installation-id') -parser.add_argument('--repo') -parser.add_argument('--cache-dir') -parser.add_argument('--version') -args = vars(parser.parse_args()) - -channel_req = urllib.request.Request(url='https://nixos.org/channels/nixos-' + args["version"] + '/git-revision') -latest_commit = urllib.request.urlopen(channel_req).read().decode('utf-8') -try: - previous_commit = open(args['cache_dir'] + '/git-revision', 'r').read() -except FileNotFoundError: - open(args['cache_dir'] + '/git-revision', 'w').write(latest_commit) - print("Premier lancement, le hash du dernier commit à été sauvegardé") - sys.exit(0) - -print("Dernier commit : " + latest_commit) -print("Commit précédent : " + previous_commit) - -if latest_commit != previous_commit: - bearer_token = jwt.encode({ - 'iat': int(time.time()), - 'exp': int(time.time()) + (10 * 60), - 'iss': args['app_id'] - }, - open(args['private_key'],"r").read(), - algorithm='RS256') - - req = urllib.request.Request(url='https://api.github.com/app/installations/' + - args['installation_id'] + - '/access_tokens', - method='POST') - - req.add_header('Authorization', 'Bearer ' + bearer_token.decode('utf-8')) - req.add_header('Accept', 'application/vnd.github.machine-man-preview+json') - - token = json.loads(urllib.request.urlopen(req).read().decode('utf-8'))['token'] - - g = Github(token) - repo = g.get_repo(args['repo']) - - branch = "upgrade-" + datetime.datetime.now().strftime('%Y-%m-%d') + '-' + latest_commit[:11]; - - repo.create_git_ref('refs/heads/' + branch, latest_commit) - - pr_message = textwrap.dedent("""\ - ### Pull request automatique - ### Avancement mise à jour - - [ ] Fusionner la branche - """) - - pr = repo.create_pull(title=branch, body=pr_message, base='nixos-' + args["version"], head=branch) - - print("Pull request numéro " + str(pr.number) + " créée") - print("URL : " + pr.html_url) - - while pr.mergeable == None: - pr = repo.get_pull(pr.number) - sleep(1) - - pr.edit(body = pr.body + "\n- [ ] Exécuter `nixos-rebuild -I nixpkgs=https://github.com/nyanloutre/nixpkgs/archive/" + pr.merge_commit_sha + ".tar.gz switch`") - print("État : " + ((Fore.GREEN + "Fusionnable") if pr.mergeable else (Fore.RED + "Conflit")) + Style.RESET_ALL) - - open(args['cache_dir'] + '/git-revision', 'w').write(latest_commit) -else: - print(Fore.GREEN + "Aucun changement détecté" + Style.RESET_ALL) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 9325572c..699cffd5 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -25,7 +25,6 @@ in { imports = [ ../../services/mail-server.nix - ../../services/auto-pr.nix ../../services/python-ci.nix ../../services/sdtdserver.nix ../../containers/vsftpd.nix @@ -201,8 +200,6 @@ in }; }; - auto-pr.enable = true; - sdtdserver.enable = false; factorio = { From 976b1f1d6b32cca357b3b67d4aac48f2ccdff627 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 30 Aug 2020 21:14:55 +0200 Subject: [PATCH 122/474] LoutreOS: activation redirection X --- systems/LoutreOS/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index cfeb6b45..17e49551 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -159,6 +159,7 @@ in enable = true; permitRootLogin = "no"; passwordAuthentication = false; + forwardX11 = true; }; users = { From b6cf4e19de4fcfe0bb163962369cf55a03644a48 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 30 Aug 2020 21:15:31 +0200 Subject: [PATCH 123/474] Activation daemon kresd --- systems/LoutreOS/services.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 699cffd5..a5aa63da 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -233,6 +233,10 @@ in white-list = true; }; }; + + kresd = { + enable = true; + }; }; systemd.services.dogetipbot-telegram = let From f77cb355b1fb3233709dc39d5b2cf14f47d48c3f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 30 Aug 2020 21:16:41 +0200 Subject: [PATCH 124/474] Installation home-assistant --- systems/LoutreOS/services.nix | 91 +++++++++++++++++++++++++++++++++++ systems/LoutreOS/web.nix | 5 ++ 2 files changed, 96 insertions(+) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index a5aa63da..5fec541c 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -237,6 +237,97 @@ in kresd = { enable = true; }; + + home-assistant = { + enable = true; + # package = pkgs.home-assistant.override { + # extraPackages = ps: with ps; [ aiohttp-cors netdisco zeroconf ]; + # }; + config = { + default_config = null; + yeelight.devices = { + "10.40.249.0".name = "Chambre"; + "10.40.249.1".name = "Bureau"; + "10.40.249.2".name = "Cuisine"; + }; + light = [ + { + platform = "group"; + name = "Salon"; + entities = [ + "light.bureau" + "light.cuisine" + ]; + } + ]; + media_player = [ + { + platform = "squeezebox"; + host = "10.30.0.1"; + } + ]; + switch = [ + { + platform = "wake_on_lan"; + name = "PC Fixe"; + mac = "b4:2e:99:ed:24:26"; + host = "10.30.135.71"; + broadcast_address = "10.30.255.255"; + } + ]; + automation = [ + { + alias = "Aziz lumière"; + trigger = [ + { + platform = "sun"; + event = "sunset"; + offset = "-01:00:00"; + } + { + platform = "state"; + entity_id = "person.paul"; + to = "home"; + } + ]; + condition = [ + { + condition = "state"; + entity_id = "person.paul"; + state = "home"; + } + { + condition = "time"; + after = "16:00:00"; + before = "23:00:00"; + } + ]; + action = { + service = "light.turn_on"; + entity_id = "light.salon"; + }; + } + { + alias = "Adios"; + trigger = { + platform = "state"; + entity_id = "person.paul"; + to = "not_home"; + }; + action = [ + { + service = "light.turn_off"; + entity_id = "all"; + } + { + service = "media_player.media_pause"; + entity_id = "all"; + } + ]; + } + ]; + }; + }; }; systemd.services.dogetipbot-telegram = let diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index a8f33999..f771e894 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -184,6 +184,11 @@ in "emby.nyanlout.re" = simpleReverse 8096; "ci.nyanlout.re" = simpleReverse 52350; "gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort; + "apart.nyanlout.re" = recursiveUpdate (simpleReverse config.services.home-assistant.port) { + locations."/" = { + proxyWebsockets = true; + }; + }; }; appendConfig = let rootLocation = config.services.nginx.virtualHosts."stream.nyanlout.re".locations."/".root; From 016da3ab5ab8778d3c300181c84b273f9a2bf4bb Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 30 Aug 2020 21:16:54 +0200 Subject: [PATCH 125/474] =?UTF-8?q?D=C3=A9sactivation=20limites=20matrix?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- systems/LoutreOS/services.nix | 7 ------- 1 file changed, 7 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 5fec541c..0a095c47 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -348,13 +348,6 @@ in }; }; - systemd.services.matrix-synapse = { - serviceConfig = { - MemoryHigh = "3G"; - MemoryMax = "5G"; - }; - }; - # systemd.services.minecraft-overviewer = # let # clientJar = pkgs.fetchurl { From acfc561544297880af3b5c8c567e896b240c92cc Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 11 Sep 2020 01:59:02 +0200 Subject: [PATCH 126/474] Ajout IP fixe ESPHome --- systems/LoutreOS/configuration.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 17e49551..1f7af118 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -132,6 +132,10 @@ in { ethernetAddress = "00:1f:c6:6e:d1:f1"; hostName = "minecraftos"; ipAddress = "10.30.135.35"; } { ethernetAddress = "b4:2e:99:ed:24:26"; hostName = "paul-fixe"; ipAddress = "10.30.135.71"; } + #ESPHome + { ethernetAddress = "e0:98:06:85:e9:ce"; hostName = "salonled"; ipAddress = "10.30.40.1"; } + { ethernetAddress = "e0:98:06:86:38:fc"; hostName = "bureauled"; ipAddress = "10.30.40.2"; } + # YeeLights { ethernetAddress = "04:cf:8c:b5:7e:18"; hostName = "yeelink-light-color3_miap7e18"; ipAddress = "10.40.249.0"; } { ethernetAddress = "04:cf:8c:b5:2d:28"; hostName = "yeelink-light-color3_miap2d28"; ipAddress = "10.40.249.1"; } From 9da8d39d61db879533558fa56a6355347b1f5154 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 11 Sep 2020 02:02:36 +0200 Subject: [PATCH 127/474] ajout plus d'automation --- systems/LoutreOS/services.nix | 127 ++++++++++++++++++++++++++++++---- 1 file changed, 114 insertions(+), 13 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 0a095c47..16370062 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -240,16 +240,27 @@ in home-assistant = { enable = true; - # package = pkgs.home-assistant.override { - # extraPackages = ps: with ps; [ aiohttp-cors netdisco zeroconf ]; - # }; config = { - default_config = null; + homeassistant = { + elevation = 143; + }; + influxdb = null; + config = null; + frontend = null; + history = null; + logbook = null; + map = null; + mobile_app = null; + person = null; + script = null; + sun = null; + system_health = null; yeelight.devices = { "10.40.249.0".name = "Chambre"; "10.40.249.1".name = "Bureau"; "10.40.249.2".name = "Cuisine"; }; + esphome = null; light = [ { platform = "group"; @@ -266,6 +277,41 @@ in host = "10.30.0.1"; } ]; + tplink.switch = [ + { host = "10.30.50.7"; } + ]; + sensor = [ + { + platform = "template"; + sensors = { + serveur_amps = { + friendly_name_template = "{{ states.switch.serveur.name}} Current"; + value_template = ''{{ states.switch.serveur.attributes["current_a"] | float }}''; + unit_of_measurement = "A"; + }; + serveur_watts = { + friendly_name_template = "{{ states.switch.serveur.name}} Current Consumption"; + value_template = ''{{ states.switch.serveur.attributes["current_power_w"] | float }}''; + unit_of_measurement = "W"; + }; + serveur_total_kwh = { + friendly_name_template = "{{ states.switch.serveur.name}} Total Consumption"; + value_template = ''{{ states.switch.serveur.attributes["total_energy_kwh"] | float }}''; + unit_of_measurement = "kWh"; + }; + serveur_volts = { + friendly_name_template = "{{ states.switch.serveur.name}} Voltage"; + value_template = ''{{ states.switch.serveur.attributes["voltage"] | float }}''; + unit_of_measurement = "V"; + }; + serveur_today_kwh = { + friendly_name_template = "{{ states.switch.serveur.name}} Today's Consumption"; + value_template = ''{{ states.switch.serveur.attributes["today_energy_kwh"] | float }}''; + unit_of_measurement = "kWh"; + }; + }; + } + ]; switch = [ { platform = "wake_on_lan"; @@ -275,14 +321,71 @@ in broadcast_address = "10.30.255.255"; } ]; - automation = [ + scene = [ + { + name = "Movie"; + icon = "mdi:movie-open"; + entities = { + "light.salon" = { + state = "on"; + xy_color = [0.299 0.115]; + brightness = 50; + }; + "light.bande_led_tv" = { + state = "on"; + effect = "Movie"; + brightness = 180; + }; + "light.bande_led_bureau" = { + state = "on"; + xy_color = [0.299 0.115]; + brightness = 130; + }; + }; + } + { + name = "Home"; + icon = "mdi:home"; + entities = { + "light.salon" = { + state = "on"; + kelvin = 2700; + brightness = 255; + }; + }; + } + { + name = "Night"; + icon = "mdi:weather-night"; + entities = { + "light.salon" = { + state = "off"; + }; + "light.bande_led_tv" = { + state = "off"; + }; + "light.bande_led_bureau" = { + state = "off"; + }; + "light.chambre" = { + state = "on"; + kelvin = 1900; + brightness = 50; + }; + }; + } + ]; + automation = let + min_sun_elevation = 4; + in [ { alias = "Aziz lumière"; trigger = [ { - platform = "sun"; - event = "sunset"; - offset = "-01:00:00"; + platform = "numeric_state"; + entity_id = "sun.sun"; + value_template = "{{ state.attributes.elevation }}"; + below = min_sun_elevation; } { platform = "state"; @@ -297,14 +400,12 @@ in state = "home"; } { - condition = "time"; - after = "16:00:00"; - before = "23:00:00"; + condition = "template"; + value_template = "{{ state_attr('sun.sun', 'elevation') < ${toString min_sun_elevation} }}"; } ]; action = { - service = "light.turn_on"; - entity_id = "light.salon"; + scene = "scene.home"; }; } { From 550aba79f0e23f5707cc75aad41277e4ca7a8d20 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 11 Sep 2020 02:02:55 +0200 Subject: [PATCH 128/474] =?UTF-8?q?d=C3=A9sactivation=20script=20maison=20?= =?UTF-8?q?HS110?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- systems/LoutreOS/monitoring.nix | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/systems/LoutreOS/monitoring.nix b/systems/LoutreOS/monitoring.nix index 9449cf03..d60beed6 100644 --- a/systems/LoutreOS/monitoring.nix +++ b/systems/LoutreOS/monitoring.nix @@ -51,18 +51,6 @@ in path = "${pkgs.writeShellScriptBin "smartctl" "/run/wrappers/bin/sudo ${pkgs.smartmontools}/bin/smartctl $@"}/bin/smartctl"; }; exec= [ - { commands = [ - "${pkgs.python}/bin/python ${ - pkgs.fetchgit { - url = "https://gitlab.com/nyanloutre/tplink-smartplug.git"; - rev = "a0996112fc451b76448589698de440ad5fd6ea79"; - sha256 = "1f1625g7rfsddgk428g76p8fr7vz5gfhq3f452q17bjni3rf2pj3"; - } - }/tplink_smartplug.py -t 10.30.50.7 -c energy" - ]; - data_format = "json"; - name_suffix = "_tplink-smartplug"; - } { commands = [ "${pkgs.python3}/bin/python ${pkgs.writeText "zpool.py" '' From 9e7f38133d83d027862ba78690dad289caf46052 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 23 Jun 2020 01:06:30 +0200 Subject: [PATCH 129/474] patch kernel ffb Dirt rallye upstream --- systems/PC-Fixe/configuration.nix | 9 --------- 1 file changed, 9 deletions(-) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index dd66d018..834112a4 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -23,15 +23,6 @@ boot.tmpOnTmpfs = true; boot.supportedFilesystems = [ "zfs" ]; - boot.kernelPatches = [ - { name = "dirt_rally_2_ffb_fix"; - patch = pkgs.fetchpatch { - url = "https://git.kernel.org/pub/scm/linux/kernel/git/dtor/input.git/patch/?id=09264098ff153f60866039d60b31d39b66f55a31"; - sha256 = "17g7zvn46b9252qk4sqd3j73989lr0hkd86zz4bq1c4dhziy219w"; - }; - } - ]; - services.zfs = { trim.enable = true; autoSnapshot = { From 19fc863396079aa7b6856cf0c82154d3da8d9716 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 23 Jun 2020 01:08:15 +0200 Subject: [PATCH 130/474] activation wakeonlan --- systems/PC-Fixe/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 834112a4..84958ace 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -84,6 +84,7 @@ services.openssh.passwordAuthentication = false; services.openssh.forwardX11 = true; + services.wakeonlan.interfaces = [ { interface = "eno1"; method = "magicpacket"; } ]; system.stateVersion = "20.03"; } From 60ba1ecca6bda5c20958aef38b3b174ca054296c Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 23 Jun 2020 01:08:37 +0200 Subject: [PATCH 131/474] installation gui monero --- systems/common-gui.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/common-gui.nix b/systems/common-gui.nix index 4c90469c..ac3086aa 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -24,6 +24,7 @@ electrum electron-cash ledger-live-desktop + monero-gui firefox torbrowser @@ -83,7 +84,6 @@ opengl.driSupport32Bit = true; pulseaudio.support32Bit = true; steam-hardware.enable = true; - u2f.enable = true; pulseaudio.enable = true; }; From ef342c79aedb1b26603e8ff215d05bad4bdfb676 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 6 Oct 2020 00:19:43 +0200 Subject: [PATCH 132/474] fullscreen GRUB --- systems/PC-Fixe/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 84958ace..0bf4c4be 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -17,7 +17,9 @@ efiSupport = true; device = "nodev"; zfsSupport = true; + gfxmodeEfi = "1920x1080,auto"; memtest86.enable = true; + fontSize = 32; }; boot.kernelParams = ["acpi_enforce_resources=lax"]; boot.tmpOnTmpfs = true; From ffe9aa77c1e3ecad8729945759049bc99c5a8fdb Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 6 Oct 2020 00:20:54 +0200 Subject: [PATCH 133/474] activation anbox et virtualbox --- systems/PC-Fixe/configuration.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 0bf4c4be..fa4f1626 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -25,6 +25,10 @@ boot.tmpOnTmpfs = true; boot.supportedFilesystems = [ "zfs" ]; + virtualisation.virtualbox.host.enable = true; + # virtualisation.virtualbox.host.enableExtensionPack = true; + virtualisation.anbox.enable = true; + services.zfs = { trim.enable = true; autoSnapshot = { @@ -61,14 +65,14 @@ networking.firewall.enable = false; - services.xserver.displayManager.sddm.autoLogin = { + services.xserver.displayManager.autoLogin = { enable = true; user = "paul"; }; users.users.paul = { isNormalUser = true; - extraGroups = [ "wheel" "networkmanager" "wireshark" "input" "dialout" "libvirtd" ]; + extraGroups = [ "wheel" "networkmanager" "wireshark" "input" "dialout" "libvirtd" "vboxusers" ]; uid = 1000; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDstFRwMoTEip5IBSYE4dUj3miO0LsKrnUKQJmp7d5QYo3VhXk43jU6VUU0tVAegkzWLlQ3ohoFns+8bZyf7hj7roftrDfoC9bbbx4ihhWrZTlF0gzoH4t52yetFO5eC/tV2sm/zFoa+3IWLokOEFmAoknAVag1MmVLXTQ6WPoTPD4UsX/D3lyE4dbSKxHpMOIjqIdqSEgO0BeTdnHe5afvGXXO1VYTvPsGDHT9w8EHwQV9JXIPn7KVOp3qin7OwvFFrrB3QbiEVTJvGiH2hrfxcARTN/+TxGtf+aOFeuQykURG9Wz/aBK60EWE0wGrzuIymxtNdOR1NhmnNrUZ976Tb9WdR7FC+yM6+/kdfICy+sGQmmn8TLsGvcJTT/pl4Pa9uRAKjRJuLIEgYY6W/ms9lCRyf484yRkDlq+V0BPuN9Jy6Eb7x+tmZNkpEtkqso7wfXD8sf5BIwv2K69SVMpfTswydHGmDwHZ0zaDKGlyCiyJ1QGqUhCTXqtYVq+kQ3AcjKcysMwVEmwx/ySu0XFuV8oUkl9XK/RUoc++sMEd0EbHcn8uwCmBARNX+GLQ03vxwyMW3HyneP8EAxoqtSepZXbTdVP/0i+l7EUUeA7zsaWfU2a82ktZWpVPFGfxkuo0l3zLF19EsXPKZNqlRfkOWjSgp+qWihAkQIQk3GoduQ== openpgp:0x75EE3375" From eb1161768f0d30ef413c24de4d033b373ebb99b7 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 6 Oct 2020 00:21:48 +0200 Subject: [PATCH 134/474] steam: utilisation nouvelle option + fix CK3 --- systems/common-gui.nix | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/systems/common-gui.nix b/systems/common-gui.nix index ac3086aa..87160897 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -12,7 +12,6 @@ (winetricks.override { wine = wineWowPackages.staging; }) - steam sc-controller steam-run minecraft @@ -80,10 +79,9 @@ console.keyMap = "fr"; + programs.steam.enable = true; + hardware = { - opengl.driSupport32Bit = true; - pulseaudio.support32Bit = true; - steam-hardware.enable = true; pulseaudio.enable = true; }; @@ -124,4 +122,9 @@ ]; }; }; + + environment.etc = { + # CK3 fix + "ssl/certs/f387163d.0".source = "${pkgs.cacert.unbundled}/etc/ssl/certs/Starfield_Class_2_CA.crt"; + }; } From 0167c84fd504241b9cc7da54a715abc5a968f09b Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 6 Oct 2020 00:22:19 +0200 Subject: [PATCH 135/474] wak on lan custom service --- systems/PC-Fixe/configuration.nix | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index fa4f1626..656a5751 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -90,7 +90,18 @@ services.openssh.passwordAuthentication = false; services.openssh.forwardX11 = true; - services.wakeonlan.interfaces = [ { interface = "eno1"; method = "magicpacket"; } ]; + systemd.services = { + "wol" = { + description = "Wake-on-LAN"; + wantedBy = [ "multi-user.target" ]; + requires = [ "network.target" ]; + after = [ "network.target" ]; + script = '' + ${pkgs.ethtool}/sbin/ethtool -s eno1 wol g + ''; + serviceConfig.Type = "oneshot"; + }; + }; system.stateVersion = "20.03"; } From 40b035492e45c19547bd130b5ad00a1f6b141bfa Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 6 Oct 2020 00:22:48 +0200 Subject: [PATCH 136/474] riot-desktop -> element-desktop --- systems/common-gui.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/common-gui.nix b/systems/common-gui.nix index 87160897..a9c5b3a8 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -30,7 +30,7 @@ chromium tdesktop - riot-desktop + element-desktop mumble discord From c2142d236e3f8d9459704150c8effd1cc8104339 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 29 Nov 2020 12:51:18 +0100 Subject: [PATCH 137/474] fixs nixos 20.09 --- services/mail-server.nix | 10 +++++----- systems/LoutreOS/configuration.nix | 2 +- systems/LoutreOS/medias.nix | 8 +++++++- systems/LoutreOS/services.nix | 1 - systems/LoutreOS/users.nix | 2 +- systems/LoutreOS/web.nix | 23 ++++++++++++----------- 6 files changed, 26 insertions(+), 20 deletions(-) diff --git a/services/mail-server.nix b/services/mail-server.nix index 9b611260..a95e3370 100644 --- a/services/mail-server.nix +++ b/services/mail-server.nix @@ -17,8 +17,8 @@ in imports = [ (builtins.fetchTarball { - url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.3.0/nixos-mailserver-v2.3.0.tar.gz"; - sha256 = "0lpz08qviccvpfws2nm83n7m2r8add2wvfg9bljx9yxx8107r919"; + url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/5cd6f8e7b3f5d5bf56e407c5e79a682cb250d911/nixos-mailserver-5cd6f8e7b3f5d5bf56e407c5e79a682cb250d911.tar.gz"; + sha256 = "0vdq5qsz8vvaryyzsama76lh3v57abvq3j5a3hb23yp7z2wlrk63"; }) ]; @@ -63,9 +63,9 @@ in security.acme.certs = { "${cfg.domaine}" = { - extraDomains = { - "mail.${cfg.domaine}" = null; - }; + extraDomainNames = [ + "mail.${cfg.domaine}" + ]; postRun = '' systemctl reload dovecot2.service ''; diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 1f7af118..58c42860 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -33,7 +33,7 @@ in ]; nixpkgs.config.allowUnfree = false; - nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem pkg.pname or (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.30.1-slimserver" "minecraft-server" ]); + nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem pkg.pname or (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.32.0-slimserver" "minecraft-server" ]); services.zfs = { autoSnapshot.enable = true; diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index eea4617f..f643edfe 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -5,6 +5,7 @@ transmission = { enable = true; home = "/var/lib/transmission"; + port = 9091; settings = { rpc-bind-address = "127.0.0.1"; rpc-host-whitelist = "*"; @@ -18,7 +19,10 @@ sonarr.enable = true; jackett.enable = true; - jellyfin.enable = true; + jellyfin = { + enable = true; + package = pkgs.jellyfin; + }; slimserver = { enable = true; @@ -31,6 +35,8 @@ }; }; + systemd.services.transmission.serviceConfig.BindPaths = [ "/mnt/medias" ]; + networking = { firewall.allowedTCPPorts = [ config.services.transmission.settings.peer-port diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 16370062..28937b5c 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -492,7 +492,6 @@ in # ''; users.groups.nginx.members = [ "matrix-synapse" ]; - security.acme.certs."nyanlout.re".allowKeysForGroup = true; security.pam.services.sshd.text = pkgs.lib.mkDefault( pkgs.lib.mkAfter "session optional ${pkgs.pam}/lib/security/pam_exec.so seteuid ${login_mail_alert}/bin/mail_alert.sh" ); diff --git a/systems/LoutreOS/users.nix b/systems/LoutreOS/users.nix index 3fd89ab5..92cd0096 100644 --- a/systems/LoutreOS/users.nix +++ b/systems/LoutreOS/users.nix @@ -6,7 +6,7 @@ uid = 1000; isNormalUser = true; description = "Paul TREHIOU"; - extraGroups = [ "wheel" "medias" ]; + extraGroups = [ "wheel" "medias" "transmission" ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAF7VlzHzgg70uFbRFtVTS34qNBke/RD36mRENAsa33RxztxrqMsIDscAD/d6CTe6HDy7MCGzJnWCJSXj5iOQFM4RRMvKNEgCKPHqfhmfVvO4YZuMjNB0ufVf6zhJL4Hy43STf7NIWrenGemUP+OvVSwN/ujgl2KKw4KJZt25/h/7JjlCgsZm4lWg4xcjoiKL701W2fbEoU73XKdbRTgTvKoeK1CGxdAPFefFDFcv/mtJ7d+wIxw9xODcLcA66Bu94WGMdpyEAJc4nF8IOy4pW8AzllDi0qNEZGCQ5+94upnLz0knG1ue9qU2ScAkW1/5rIJTHCVtBnmbLNSAOBAstaGQJuSL40TWZ1oPA5i1qUEhunNcJ+Sgtp6XP69qY34T/AeJvHRyw5M5LfN0g+4ka9k06NPBhbpHFASz4M8nabQ0iM63++xcapnw/8gk+EPhYVKW86SsyTa9ur+tt6oDWEKNaOhgscX44LexY7jKdeBRt3GaObtBJtVLBRx3Z2aRXgjgnKGqS40mGRiSkqb2DShspI1l8DV2RrPiuwdBzXVQjWRc0KXmJrcgXX9uoPSxihxwaUQyvmITOV1Y+NEuek4gRkVNOxjoG7RGnaYvYzxEQVoI5TwZC2/DCrAUgCv8DQawkcpEiWnBq7Q5VnpmFx5juVQ/I0G8byOkPXgRUOk9 openpgp:0xAB524BBC" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCACVI2dL4AmOdcb7RSl3JZpfK33NhqrYFfWfXMYow5SPJ9VPteOp5kVvKUuSbGH3chjpttYC/ueQJJhFagiKmkeftQTslIw6C009wUExGpJwRotHqISXv2ctURGURKy2FF848whd7xZJzdj49ZJ6S+SCbRFZvVWfT2dP/JwTiWW1mbEaWKyOgrixH6wSKt9ECumjX9KjqSWGw+k3yLJxIhdqiZAjNv4soJs1mQYdIlFCXCuznzoZIQBexZPQCx0j9HjczPz1feMLWkrHzEMexNjsBE2uA6yXLbH1wa8xCJ4VOeD7u9JqVY579AsicD62G+qIgw0B2zmyz7xTrdPv+061zmYn6qYr8EXGTk4dVgedZp8M1XzZ1PVoeeftPFcClXC7zCGyCR2uzJbQLzlaTwZrdghAiS9UhMRuKpNgZy2zDWw4MqdojrF5bndPkoijlXWYrPYBFED5OU1mpwzpanYgldowJC/Ixjwi+Hmse2q4XgZ+egfuotBqPfqB+bWsCa5GNiJWGdLP69uBSsXubGnqLwvE0FAQ2GHb+SEoZKFy/QV9GzOLlVrGlgK5YFgKJD+Q1nn1QRycXt1oMVC/AtR/NshOGanhdvIRpPATGmaxLVXSY093vyAOW4MPrS00fPAXzAfJUwIuWcloFfLMo5Jitj5rpE1s6FX8xrl4upQ== paul@nyanlout.re" diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index f771e894..506760d4 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -147,7 +147,7 @@ in ''; }; } // { default = true; }; - "riot.nyanlout.re" = base { "/" = { root = pkgs.riot-web; }; }; + "riot.nyanlout.re" = base { "/" = { root = pkgs.element-web; }; }; "factorio.nyanlout.re" = base { "/" = { root = "/var/www/factorio"; }; }; "minecraft.nyanlout.re" = base { "/" = { root = "/var/www/minecraft-overviewer"; }; }; "musique-meyenheim.fr" = base { @@ -225,9 +225,9 @@ in postgresql = { enable = true; - extraConfig = '' - full_page_writes = off - ''; + settings = { + full_page_writes = false; + }; }; pgmanage = { @@ -249,13 +249,10 @@ in passwordFile = "/var/lib/gitea/custom/conf/database_password"; }; log.level = "Warn"; - extraConfig = '' - [ui] - DEFAULT_THEME = arc-green - - [service] - DISABLE_REGISTRATION = true - ''; + disableRegistration = true; + settings = { + ui.DEFAULT_THEME = "arc-green"; + }; }; python-ci.enable = true; @@ -277,6 +274,10 @@ in }; }; + systemd.services.nginx.serviceConfig = { + ReadWritePaths = "/var/www/hls"; + }; + systemd.services.site-musique = let djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_2_2 pillow setuptools ])); in { From 90dd2c2b6d8f910b6a8e20e0b166368ecb4fdf24 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 29 Nov 2020 12:51:55 +0100 Subject: [PATCH 138/474] ip fixe smartphone --- systems/LoutreOS/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 58c42860..65c875f6 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -131,6 +131,7 @@ in { ethernetAddress = "ac:1f:6b:4b:01:15"; hostName = "IPMI"; ipAddress = "10.30.1.1"; } { ethernetAddress = "00:1f:c6:6e:d1:f1"; hostName = "minecraftos"; ipAddress = "10.30.135.35"; } { ethernetAddress = "b4:2e:99:ed:24:26"; hostName = "paul-fixe"; ipAddress = "10.30.135.71"; } + { ethernetAddress = "20:47:da:fc:19:98"; hostName = "telephone-nyan"; ipAddress = "10.30.50.2"; } #ESPHome { ethernetAddress = "e0:98:06:85:e9:ce"; hostName = "salonled"; ipAddress = "10.30.40.1"; } From d5e46b62a06f7c0e28bd6e7f030b380960e1e193 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 29 Nov 2020 12:52:41 +0100 Subject: [PATCH 139/474] montage hass --- systems/LoutreOS/hardware-configuration.nix | 5 +++++ systems/LoutreOS/services.nix | 23 +++++++++++++++++++-- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index 7bfc7fe6..1dfe4fbc 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -157,6 +157,11 @@ fsType = "zfs"; }; + fileSystems."/var/lib/hass" = + { device = "loutrepool/var/hass"; + fsType = "zfs"; + }; + swapDevices = [ { diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 28937b5c..171056bc 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -246,7 +246,10 @@ in }; influxdb = null; config = null; - frontend = null; + frontend.themes = "!include ${pkgs.fetchurl { + url = "https://raw.githubusercontent.com/bbbenji/synthwave-hass/0.3.3.1/themes/synthwave.yaml"; + sha256 = "1n2yhk98cf778z7fdl5bswljhj45nv6bld191rxw7q6ckp235q4h"; + }}"; history = null; logbook = null; map = null; @@ -321,6 +324,12 @@ in broadcast_address = "10.30.255.255"; } ]; + device_tracker = [ + { + platform = "ping"; + hosts = { telephone_paul = "10.30.50.2"; }; + } + ]; scene = [ { name = "Movie"; @@ -399,10 +408,20 @@ in entity_id = "person.paul"; state = "home"; } + # Sun below max elevation { condition = "template"; value_template = "{{ state_attr('sun.sun', 'elevation') < ${toString min_sun_elevation} }}"; } + # All lights off + { + condition = "template"; + value_template = '' + {% set domain = 'light' %} + {% set state = 'off' %} + {{ states[domain] | count == states[domain] | selectattr('state','eq', state) | list | count }} + ''; + } ]; action = { scene = "scene.home"; @@ -421,7 +440,7 @@ in entity_id = "all"; } { - service = "media_player.media_pause"; + service = "media_player.turn_off"; entity_id = "all"; } ]; From c2c0d2bb05ee678aab19a59780f9011aea041ae1 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 29 Nov 2020 12:53:51 +0100 Subject: [PATCH 140/474] change nginx config --- systems/LoutreOS/web.nix | 41 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 506760d4..2d5518e1 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -48,11 +48,29 @@ in acceptTerms = true; }; + users.groups.work = {}; + users.users.work = { + isSystemUser = true; + group = config.users.groups.work.name; + }; + services = { + phpfpm.pools.work = { + user = config.users.users.work.name; + settings = { + "listen.owner" = config.services.nginx.user; + "pm" = "dynamic"; + "pm.max_children" = 75; + "pm.start_servers" = 10; + "pm.min_spare_servers" = 5; + "pm.max_spare_servers" = 20; + "pm.max_requests" = 500; + }; + }; nginx = { enable = true; package = pkgs.nginx.override { - modules = with pkgs.nginxModules; [ rtmp ]; + modules = with pkgs.nginxModules; [ rtmp dav ]; }; recommendedGzipSettings = true; recommendedOptimisation = true; @@ -189,6 +207,22 @@ in proxyWebsockets = true; }; }; + "work.rezom.eu" = base { + "/" = { + index = "/_h5ai/public/index.php"; + extraConfig = '' + dav_ext_methods PROPFIND OPTIONS; + ''; + }; + "/_h5ai/public/index.php" = { + extraConfig = '' + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:${config.services.phpfpm.pools.work.socket}; + include ${pkgs.nginx}/conf/fastcgi_params; + include ${pkgs.nginx}/conf/fastcgi.conf; + ''; + }; + } // { root = "/mnt/medias/iso_linux"; }; }; appendConfig = let rootLocation = config.services.nginx.virtualHosts."stream.nyanlout.re".locations."/".root; @@ -278,6 +312,11 @@ in ReadWritePaths = "/var/www/hls"; }; + systemd.services.phpfpm-work.serviceConfig = { + ReadOnlyPaths = "/mnt/medias/iso_linux"; + ReadWritePaths = "/mnt/medias/iso_linux/_h5ai"; + }; + systemd.services.site-musique = let djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_2_2 pillow setuptools ])); in { From d43f3bed0183c6d16b7f362436172b1baf4c3578 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 6 Jan 2021 02:06:34 +0100 Subject: [PATCH 141/474] LoutreOS: disable docs --- systems/LoutreOS/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 65c875f6..76d572f8 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -32,6 +32,8 @@ in "nixos-config=/etc/nixos/configuration.nix" ]; + documentation.nixos.enable = false; + nixpkgs.config.allowUnfree = false; nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem pkg.pname or (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.32.0-slimserver" "minecraft-server" ]); From 8a2ca1fa21cdce18424e33f2c8e169dae6cfa90d Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 6 Jan 2021 02:07:56 +0100 Subject: [PATCH 142/474] LoutreOS: airsonic -> navidrome --- systems/LoutreOS/medias.nix | 7 +++++-- systems/LoutreOS/web.nix | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index f643edfe..6ed2c0eb 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -29,9 +29,12 @@ dataDir = "/var/lib/slimserver"; }; - airsonic = { + navidrome = { enable = true; - maxMemory = 500; + settings = { + MusicFolder = "/mnt/medias/musique"; + ImageCacheSize = 0; + }; }; }; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 2d5518e1..d7c7a7ff 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -198,10 +198,10 @@ in "jackett.nyanlout.re" = authReverse 9117; "pgmanage.nyanlout.re" = authReverse config.services.pgmanage.port; "matrix.nyanlout.re" = simpleReverse 8008; - "airsonic.nyanlout.re" = simpleReverse 4040; "emby.nyanlout.re" = simpleReverse 8096; "ci.nyanlout.re" = simpleReverse 52350; "gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort; + "musique.nyanlout.re" = simpleReverse config.services.navidrome.settings.Port; "apart.nyanlout.re" = recursiveUpdate (simpleReverse config.services.home-assistant.port) { locations."/" = { proxyWebsockets = true; From 21740ed665ee0aadaecefbfa3e7358e0764c3cc6 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 6 Jan 2021 02:12:01 +0100 Subject: [PATCH 143/474] LoutreOS: indexation de logs nginx avec Loki --- systems/LoutreOS/monitoring.nix | 91 +++++++++++++++++++++++++++++++++ systems/LoutreOS/services.nix | 14 +++++ systems/LoutreOS/web.nix | 7 ++- 3 files changed, 111 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/monitoring.nix b/systems/LoutreOS/monitoring.nix index d60beed6..b1ce2078 100644 --- a/systems/LoutreOS/monitoring.nix +++ b/systems/LoutreOS/monitoring.nix @@ -112,8 +112,99 @@ in ZED_EMAIL_ADDR = [ "paul@nyanlout.re" ]; ZED_NOTIFY_VERBOSE = true; }; + + loki = { + enable = true; + configuration = { + auth_enabled = false; + server.http_listen_port = 3100; + ingester = { + lifecycler = { + address = "127.0.0.1"; + ring = { + kvstore.store = "inmemory"; + replication_factor = 1; + }; + }; + chunk_idle_period = "1h"; + chunk_target_size = 1000000; + }; + schema_config.configs = [ + { + from = "2018-04-15"; + store = "boltdb"; + object_store = "filesystem"; + schema = "v11"; + index = { + prefix = "index_"; + period = "168h"; + }; + } + ]; + storage_config = { + boltdb.directory = "/var/lib/loki/index"; + filesystem.directory = "/var/lib/loki/chunks"; + }; + limits_config = { + enforce_metric_name = false; + reject_old_samples = true; + reject_old_samples_max_age = "168h"; + }; + chunk_store_config.max_look_back_period = "168h"; + table_manager = { + retention_deletes_enabled = true; + retention_period = "168h"; + }; + }; + }; + + promtail = { + enable = true; + configuration = { + server = { + http_listen_port = 9080; + grpc_listen_port = 0; + }; + positions.filename = "/tmp/positions.yaml"; + clients = [ { url = "http://127.0.0.1:3100/loki/api/v1/push"; } ]; + scrape_configs = [ + { + job_name = "nginx"; + static_configs = [ + { + labels = { + job = "nginx"; + __path__ = "/var/log/nginx/*log"; + }; + } + ]; + pipeline_stages = [ + { + match = { + selector = ''{job="nginx"}''; + stages = [ + { + regex.expression = ''^(?P[\w\.]+) - (?P[^ ]*) \[(?P.*)\] "(?P[^ ]*) (?P[^ ]*) (?P[^ ]*)" (?P[\d]+) (?P[\d]+) "(?P[^"]*)" "(?P[^"]*)"?''; + } + { + labels = { + method = null; + request = null; + status = null; + }; + } + ]; + }; + } + ]; + } + ]; + }; + }; }; + systemd.services.promtail.serviceConfig.SupplementaryGroups = [ "nginx" ]; + security.sudo.extraRules = [ { commands = [ { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } ]; users = [ "telegraf" ]; } ]; diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 171056bc..db1aced3 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -35,6 +35,20 @@ in ]; services = { + logrotate = { + enable = true; + paths = { + nginx = { + path = "/var/log/nginx/*.log"; + user = config.services.nginx.user; + group = config.services.nginx.group; + keep = 7; + extraConfig = '' + compress + ''; + }; + }; + }; fail2ban.enable = true; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index d7c7a7ff..8c54545b 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -222,7 +222,12 @@ in include ${pkgs.nginx}/conf/fastcgi.conf; ''; }; - } // { root = "/mnt/medias/iso_linux"; }; + } // { + root = "/mnt/medias/iso_linux"; + extraConfig = '' + access_log /var/log/nginx/$host.log; + ''; + }; }; appendConfig = let rootLocation = config.services.nginx.virtualHosts."stream.nyanlout.re".locations."/".root; From ba3ee04a83f5d39d4d0b9ea3ebce3db84bc29b27 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 6 Jan 2021 02:12:21 +0100 Subject: [PATCH 144/474] LoutreOS: disable vsftpd --- systems/LoutreOS/services.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index db1aced3..25a8ed44 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -27,7 +27,7 @@ in ../../services/mail-server.nix ../../services/python-ci.nix ../../services/sdtdserver.nix - ../../containers/vsftpd.nix + # ../../containers/vsftpd.nix # /mnt/secrets/factorio_secrets.nix ./monitoring.nix ./medias.nix From 9a52f93a41be9f533dedc9beeb4e3f1cc3c0da86 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 6 Jan 2021 02:13:08 +0100 Subject: [PATCH 145/474] LoutreOS: ajout zeegbee home-assistant --- systems/LoutreOS/services.nix | 182 ++++++++++++++++++++++++++++++---- 1 file changed, 164 insertions(+), 18 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 25a8ed44..8822d0fb 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -277,6 +277,7 @@ in "10.40.249.1".name = "Bureau"; "10.40.249.2".name = "Cuisine"; }; + zha = null; esphome = null; light = [ { @@ -400,7 +401,27 @@ in ]; automation = let min_sun_elevation = 4; + + switch_chambre = { + domain = "zha"; + platform = "device"; + device_id = "3329ecdcad244e5e8fc0f4b96d52ffe1"; + }; + + switch_entree = { + domain = "zha"; + platform = "device"; + device_id = "7cd814190ec543dba76a7aa7e7996c41"; + }; + + remote = { + domain = "zha"; + platform = "device"; + device_id = "d1230b76264e483388a8fdaad4f44143"; + }; in [ + # ENTREE + { alias = "Aziz lumière"; trigger = [ @@ -410,11 +431,6 @@ in value_template = "{{ state.attributes.elevation }}"; below = min_sun_elevation; } - { - platform = "state"; - entity_id = "person.paul"; - to = "home"; - } ]; condition = [ { @@ -427,27 +443,34 @@ in condition = "template"; value_template = "{{ state_attr('sun.sun', 'elevation') < ${toString min_sun_elevation} }}"; } - # All lights off - { - condition = "template"; - value_template = '' - {% set domain = 'light' %} - {% set state = 'off' %} - {{ states[domain] | count == states[domain] | selectattr('state','eq', state) | list | count }} - ''; - } ]; action = { scene = "scene.home"; }; } { - alias = "Adios"; + alias = "Aziz lumière switch"; trigger = { - platform = "state"; - entity_id = "person.paul"; - to = "not_home"; + type = "remote_button_short_press"; + subtype = "turn_on"; + } // switch_entree; + action = { + scene = "scene.home"; }; + } + { + alias = "Adios"; + trigger = [ + { + platform = "state"; + entity_id = "person.paul"; + to = "not_home"; + } + ({ + type = "remote_button_short_press"; + subtype = "turn_off"; + } // switch_entree) + ]; action = [ { service = "light.turn_off"; @@ -459,6 +482,129 @@ in } ]; } + + # REMOTE + + { + alias = "Button toggle"; + trigger = { + type = "remote_button_short_press"; + subtype = "turn_on"; + } // remote; + action = { + choose = { + conditions = { + condition = "template"; + value_template = '' + {% set domain = 'light' %} + {% set state = 'off' %} + {{ states[domain] | count == states[domain] | selectattr('state','eq',state) | list | count }} + ''; + }; + sequence = { + scene = "scene.home"; + }; + }; + default = { + service = "light.turn_off"; + entity_id = "all"; + }; + }; + } + { + alias = "Button scene movie"; + trigger = { + type = "remote_button_short_press"; + subtype = "right"; + } // remote; + action = { + scene = "scene.movie"; + }; + } + { + alias = "Button scene home"; + trigger = { + type = "remote_button_short_press"; + subtype = "left"; + } // remote; + action = { + scene = "scene.home"; + }; + } + { + alias = "Button light up"; + trigger = { + type = "remote_button_short_press"; + subtype = "dim_up"; + } // remote; + action = { + service = "light.turn_on"; + entity_id = "light.salon"; + data = { + brightness_step = 25; + }; + }; + } + { + alias = "Button light down"; + trigger = { + type = "remote_button_short_press"; + subtype = "dim_down"; + } // remote; + action = { + service = "light.turn_on"; + entity_id = "light.salon"; + data = { + brightness_step = -25; + }; + }; + } + + # CHAMBRE + + { + alias = "Button scene night"; + trigger = { + type = "remote_button_short_press"; + subtype = "turn_on"; + } // switch_chambre; + action = { + scene = "scene.night"; + }; + } + { + alias = "Button scene dodo"; + trigger = { + type = "remote_button_short_press"; + subtype = "turn_off"; + } // switch_chambre; + action = { + service = "light.turn_off"; + entity_id = "all"; + }; + } + { + alias = "Button scene lumière chambre ON"; + trigger = { + type = "remote_button_long_press"; + subtype = "dim_up"; + } // switch_chambre; + action = { + service = "light.turn_on"; + entity_id = "light.chambre"; + }; + } + { + alias = "Button scene lumière chambre OFF"; + trigger = { + type = "remote_button_long_press"; + subtype = "dim_down"; + } // switch_chambre; + action = { + service = "light.turn_off"; + entity_id = "light.chambre"; + }; + } ]; }; }; From 866106f86d3f1acddef9cd5887e667b97c5d9416 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 6 Jan 2021 02:15:38 +0100 Subject: [PATCH 146/474] LoutreOS: ajout config php redis --- systems/LoutreOS/services.nix | 2 ++ systems/LoutreOS/web.nix | 7 +++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 8822d0fb..266d9d1b 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -35,6 +35,8 @@ in ]; services = { + redis.enable = true; + logrotate = { enable = true; paths = { diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 8c54545b..34007711 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -57,6 +57,7 @@ in services = { phpfpm.pools.work = { user = config.users.users.work.name; + phpPackage = pkgs.php.withExtensions ({ all, ... }: with all; [ redis filter ]); settings = { "listen.owner" = config.services.nginx.user; "pm" = "dynamic"; @@ -214,7 +215,7 @@ in dav_ext_methods PROPFIND OPTIONS; ''; }; - "/_h5ai/public/index.php" = { + "~ ^/(_h5ai/public/index|random).php" = { extraConfig = '' fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:${config.services.phpfpm.pools.work.socket}; @@ -319,7 +320,9 @@ in systemd.services.phpfpm-work.serviceConfig = { ReadOnlyPaths = "/mnt/medias/iso_linux"; - ReadWritePaths = "/mnt/medias/iso_linux/_h5ai"; + ReadWritePaths = [ + "/mnt/medias/iso_linux/_h5ai" + ]; }; systemd.services.site-musique = let From 20939b47b7f41456ba17dfc313b97097dd359c9b Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 6 Jan 2021 02:20:58 +0100 Subject: [PATCH 147/474] =?UTF-8?q?LoutreOS:=20d=C3=A9placement=20serveur?= =?UTF-8?q?=20rtmp?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- systems/LoutreOS/web.nix | 39 ++------------------------------------- 1 file changed, 2 insertions(+), 37 deletions(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 34007711..bd649418 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -71,7 +71,7 @@ in nginx = { enable = true; package = pkgs.nginx.override { - modules = with pkgs.nginxModules; [ rtmp dav ]; + modules = with pkgs.nginxModules; [ dav ]; }; recommendedGzipSettings = true; recommendedOptimisation = true; @@ -183,11 +183,7 @@ in "maxspiegel.fr" = base { "/" = { root = "/run/python-ci/nyanloutre/site-max"; }; }; "stream.nyanlout.re" = base { "/" = { - root = "/var/www/hls/"; - extraConfig = '' - add_header Cache-Control no-cache; - add_header Access-Control-Allow-Origin *; - ''; + proxyPass = "http://10.30.135.71"; }; }; "login.nyanlout.re" = simpleReverse config.services.nginx.sso.configuration.listen.port; @@ -230,37 +226,6 @@ in ''; }; }; - appendConfig = let - rootLocation = config.services.nginx.virtualHosts."stream.nyanlout.re".locations."/".root; - in '' - rtmp { - server { - listen 1935; - - application live { - live on; - - exec_push ${pkgs.ffmpeg}/bin/ffmpeg -i rtmp://localhost/$app/$name -async 1 -vsync -1 - -c:v libx264 -c:a aac -b:v 768k -b:a 96k -vf "scale=720:trunc(ow/a/2)*2" -tune zerolatency -preset ultrafast -crf 28 -f flv rtmp://localhost/show/$name_mid - -c:v libx264 -c:a aac -b:v 1024k -b:a 128k -vf "scale=960:trunc(ow/a/2)*2" -tune zerolatency -preset ultrafast -crf 28 -f flv rtmp://localhost/show/$name_high - -c copy -f flv rtmp://localhost/show/$name_src 2>>${rootLocation}/ffmpeg-$name.log; - } - - application show { - live on; - hls on; - - hls_path ${rootLocation}; - hls_fragment 3s; - hls_playlist_length 60s; - - hls_variant _mid BANDWIDTH=448000; # Medium bitrate, SD resolution - hls_variant _high BANDWIDTH=1152000; # High bitrate, higher-than-SD resolution - hls_variant _src BANDWIDTH=4096000; # Source bitrate, source resolution - } - } - } - ''; }; postgresql = { From 3e440a97762e7146ebdd35c17117017ee21ec464 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 6 Jan 2021 02:22:05 +0100 Subject: [PATCH 148/474] LoutreOS: disable Mastodon --- systems/LoutreOS/web.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index bd649418..994131d9 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -263,7 +263,7 @@ in python-ci.enable = true; mastodon = { - enable = true; + enable = false; localDomain = "social.nyanlout.re"; configureNginx = true; extraConfig = { From 999ee11693d0945e57a829f2d03697bcfa308f59 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 28 Jul 2021 23:03:34 +0200 Subject: [PATCH 149/474] Changes for 21.05 --- services/mail-server.nix | 4 ++-- systems/LoutreOS/configuration.nix | 2 +- systems/LoutreOS/services.nix | 2 ++ systems/LoutreOS/web.nix | 2 +- 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/services/mail-server.nix b/services/mail-server.nix index a95e3370..4b5b93e6 100644 --- a/services/mail-server.nix +++ b/services/mail-server.nix @@ -17,8 +17,8 @@ in imports = [ (builtins.fetchTarball { - url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/5cd6f8e7b3f5d5bf56e407c5e79a682cb250d911/nixos-mailserver-5cd6f8e7b3f5d5bf56e407c5e79a682cb250d911.tar.gz"; - sha256 = "0vdq5qsz8vvaryyzsama76lh3v57abvq3j5a3hb23yp7z2wlrk63"; + url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/5675b122a947b40e551438df6a623efad19fd2e7/nixos-mailserver-5675b122a947b40e551438df6a623efad19fd2e7.tar.gz"; + sha256 = "1fwhb7a5v9c98nzhf3dyqf3a5ianqh7k50zizj8v5nmj3blxw4pi"; }) ]; diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 76d572f8..3553f7bc 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -35,7 +35,7 @@ in documentation.nixos.enable = false; nixpkgs.config.allowUnfree = false; - nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem pkg.pname or (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.32.0-slimserver" "minecraft-server" ]); + nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem pkg.pname or (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.32.1-slimserver" "minecraft-server" ]); services.zfs = { autoSnapshot.enable = true; diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 266d9d1b..2e3a9240 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -20,6 +20,8 @@ let ''; backup_mail_alert = sendMail "paul@nyanlout.re" "ERREUR: Sauvegarde Borg" "Impossible de terminer la sauvegarde. Merci de voir les logs"; + + unstable = import { }; in { diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 994131d9..c2eaaf99 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -291,7 +291,7 @@ in }; systemd.services.site-musique = let - djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_2_2 pillow setuptools ])); + djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_3 pillow setuptools ])); in { description = "Site Django de la musique de Meyenheim"; after = [ "network.target" ]; From 53cf463bbaa5912bbe5e3ed2369ebb67979d7ec7 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 11 Oct 2021 10:43:57 +0200 Subject: [PATCH 150/474] migrate to nix flake --- flake.lock | 95 +++++++++++++++++++++ flake.nix | 25 ++++++ services/mail-server.nix | 76 ----------------- systems/LoutreOS/configuration.nix | 14 ++- systems/LoutreOS/hardware-configuration.nix | 4 - systems/LoutreOS/services.nix | 61 +++++++++++-- systems/LoutreOS/web.nix | 3 +- 7 files changed, 183 insertions(+), 95 deletions(-) create mode 100644 flake.lock create mode 100644 flake.nix delete mode 100644 services/mail-server.nix diff --git a/flake.lock b/flake.lock new file mode 100644 index 00000000..4a1328c9 --- /dev/null +++ b/flake.lock @@ -0,0 +1,95 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1633934814, + "narHash": "sha256-OF62Alp2ocacmDMzvRWMduITf87lcuGonxn9eg9uGG8=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "b313502c719069cce2dd6fd1d5e7fc5999b21c70", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "release-21.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1633791597, + "narHash": "sha256-HzpxqTEnqsjkKWfW87kSI3WVizYjUMQeUjSIm3b5I0Y=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "9bf75dd50b7b6d3ce6aaf6563db95f41438b9bdb", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1607522989, + "narHash": "sha256-o/jWhOSAlaK7y2M57OIriRt6whuVVocS/T0mG7fd1TI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e9158eca70ae59e73fae23be5d13d3fa0cfc78b4", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs", + "nixpkgs-unstable": "nixpkgs-unstable", + "simple-nixos-mailserver": "simple-nixos-mailserver" + } + }, + "simple-nixos-mailserver": { + "inputs": { + "nixpkgs": "nixpkgs_2", + "utils": "utils" + }, + "locked": { + "lastModified": 1622967674, + "narHash": "sha256-8RLe6Rqy2rKR/PGDMg/EVsWihsO+DQe/RYmlXdRZkLs=", + "owner": "simple-nixos-mailserver", + "repo": "nixos-mailserver", + "rev": "5675b122a947b40e551438df6a623efad19fd2e7", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "ref": "nixos-21.05", + "repo": "nixos-mailserver", + "type": "gitlab" + } + }, + "utils": { + "locked": { + "lastModified": 1605370193, + "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5021eac20303a61fafe17224c087f5519baed54d", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 00000000..e679baf9 --- /dev/null +++ b/flake.nix @@ -0,0 +1,25 @@ +{ + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/release-21.05"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.05"; + }; + + outputs = { self, nixpkgs, nixpkgs-unstable, simple-nixos-mailserver }: { + nixosConfigurations.loutreos = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ({ pkgs, ... }: { + nix.nixPath = [ + "nixpkgs=${nixpkgs}" + ]; + }) + nixpkgs.nixosModules.notDetected + "${nixpkgs-unstable}/nixos/modules/services/audio/navidrome.nix" + simple-nixos-mailserver.nixosModule + ./systems/LoutreOS/configuration.nix + ]; + }; + }; +} + diff --git a/services/mail-server.nix b/services/mail-server.nix deleted file mode 100644 index 4b5b93e6..00000000 --- a/services/mail-server.nix +++ /dev/null @@ -1,76 +0,0 @@ -{ lib, config, pkgs, ... }: - -with lib; - -let - cfg = config.services.mailserver; -in -{ - options.services.mailserver = { - enable = mkEnableOption "Mail Server"; - domaine = mkOption { - type = types.str; - example = "example.com"; - description = "Nom de domaine du serveur de mails"; - }; - }; - - imports = [ - (builtins.fetchTarball { - url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/5675b122a947b40e551438df6a623efad19fd2e7/nixos-mailserver-5675b122a947b40e551438df6a623efad19fd2e7.tar.gz"; - sha256 = "1fwhb7a5v9c98nzhf3dyqf3a5ianqh7k50zizj8v5nmj3blxw4pi"; - }) - ]; - - config = mkIf cfg.enable { - - mailserver = { - enable = true; - fqdn = "mail.${cfg.domaine}"; - domains = [ cfg.domaine ]; - - # A list of all login accounts. To create the password hashes, use - # mkpasswd -m sha-512 "super secret password" - loginAccounts = { - "paul@${cfg.domaine}" = { - hashedPassword = "$6$8wWQbtqVqUoH8$pQKg0bZPcjCbuPvyhjJ1lQy949M/AgfmAye/hDEIVUnCfwtlUxC1yj8CBHpNKeiiXhd8IUqk9r0/IJNvB6okf0"; - }; - }; - - # Certificate setup - certificateScheme = 1; - certificateFile = "/var/lib/acme/${cfg.domaine}/fullchain.pem"; - keyFile = "/var/lib/acme/${cfg.domaine}/key.pem"; - - # Enable IMAP and POP3 - enableImap = true; - enablePop3 = true; - enableImapSsl = true; - enablePop3Ssl = true; - - # Enable the ManageSieve protocol - enableManageSieve = true; - }; - - services.postfix = { - relayHost = "mailvps.nyanlout.re"; - relayPort = 587; - config = { - smtp_tls_cert_file = lib.mkForce "/var/lib/postfix/postfixrelay.crt"; - smtp_tls_key_file = lib.mkForce "/var/lib/postfix/postfixrelay.key"; - }; - }; - - security.acme.certs = { - "${cfg.domaine}" = { - extraDomainNames = [ - "mail.${cfg.domaine}" - ]; - postRun = '' - systemctl reload dovecot2.service - ''; - }; - }; - - }; -} diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 3553f7bc..b60e6ae4 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -4,10 +4,6 @@ { config, pkgs, ... }: -let - gitRev = "4c45e960e797d660358a11723e736afee3998261"; - nixpkgs = fetchTarball "https://github.com/nyanloutre/nixpkgs/archive/${gitRev}.tar.gz"; -in { imports = [ ../common-cli.nix @@ -27,10 +23,12 @@ in tmpOnTmpfs = true; }; - nix.nixPath = [ - "nixpkgs=${nixpkgs}" - "nixos-config=/etc/nixos/configuration.nix" - ]; + nix = { + package = pkgs.nixUnstable; + extraOptions = '' + experimental-features = nix-command flakes + ''; + }; documentation.nixos.enable = false; diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index 1dfe4fbc..1fd5d447 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -4,10 +4,6 @@ { config, lib, pkgs, ... }: { - imports = - [ - ]; - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 2e3a9240..3c9df85e 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -26,7 +26,6 @@ in { imports = [ - ../../services/mail-server.nix ../../services/python-ci.nix ../../services/sdtdserver.nix # ../../containers/vsftpd.nix @@ -36,7 +35,62 @@ in ./web.nix ]; + security.acme.certs = { + "${domaine}" = { + extraDomainNames = [ + "mail.${domaine}" + ]; + postRun = '' + systemctl reload dovecot2.service + ''; + }; + }; + + mailserver = { + enable = true; + fqdn = "mail.${domaine}"; + domains = [ domaine ]; + + # A list of all login accounts. To create the password hashes, use + # mkpasswd -m sha-512 "super secret password" + loginAccounts = { + "paul@${domaine}" = { + hashedPassword = "$6$8wWQbtqVqUoH8$pQKg0bZPcjCbuPvyhjJ1lQy949M/AgfmAye/hDEIVUnCfwtlUxC1yj8CBHpNKeiiXhd8IUqk9r0/IJNvB6okf0"; + }; + "claire@${domaine}" = { + hashedPassword = "$6$Y.vlWP9./DX$NEQQOLzYftbHOvXDkKdBYFAjzIjh8mlpomDuQRq6qkkZijrdy/p6jSbrpBLhoWwVmj4j1OWekHU1f4C9xCNJk."; + }; + }; + + # Certificate setup + certificateScheme = 1; + certificateFile = "/var/lib/acme/${domaine}/fullchain.pem"; + keyFile = "/var/lib/acme/${domaine}/key.pem"; + + # Enable IMAP and POP3 + enableImap = true; + enablePop3 = true; + enableImapSsl = true; + enablePop3Ssl = true; + + # Enable the ManageSieve protocol + enableManageSieve = true; + }; + services = { + postfix = { + relayHost = "mailvps.nyanlout.re"; + relayPort = 587; + config = { + smtp_tls_cert_file = lib.mkForce "/var/lib/postfix/postfixrelay.crt"; + smtp_tls_key_file = lib.mkForce "/var/lib/postfix/postfixrelay.key"; + }; + }; + + rspamd.workers.controller.extraConfig = '' + secure_ip = ["127.0.0.1", "10.30.135.71"]; + ''; + redis.enable = true; logrotate = { @@ -58,11 +112,6 @@ in fstrim.enable = true; - mailserver = { - enable = true; - domaine = domaine; - }; - syncthing = { enable = true; dataDir = "/var/lib/syncthing"; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index c2eaaf99..0f634129 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -88,7 +88,6 @@ in ''; sso = { enable = true; - environmentFile = "/mnt/secrets/nginx-sso.env"; configuration = { listen = { addr = "127.0.0.1"; @@ -325,4 +324,6 @@ in wantedBy = [ "sockets.target" ]; listenStreams = [ "/run/site-musique.sock" ]; }; + + systemd.services.nginx-sso.serviceConfig.EnvironmentFile = "/mnt/secrets/nginx-sso.env"; } From a1d875e90342872c27571713657ddb7603ee92a8 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 11 Oct 2021 10:48:26 +0200 Subject: [PATCH 151/474] migrate slimserver to docker container --- systems/LoutreOS/configuration.nix | 2 ++ systems/LoutreOS/medias.nix | 26 +++++++++++++++++++++----- 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index b60e6ae4..367f3a16 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -178,6 +178,8 @@ services.autossh.sessions = [ { extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 loutre@vps772619.ovh.net"; monitoringPort = 20000; name = "backup-ssh-reverse"; user = "autossh"; } ]; + virtualisation.podman.enable = true; + security.sudo.wheelNeedsPassword = false; system.stateVersion = "18.03"; diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index 6ed2c0eb..a3dac882 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -24,11 +24,6 @@ package = pkgs.jellyfin; }; - slimserver = { - enable = true; - dataDir = "/var/lib/slimserver"; - }; - navidrome = { enable = true; settings = { @@ -49,4 +44,25 @@ config.services.transmission.settings.peer-port ]; }; + + virtualisation.oci-containers = { + backend = "podman"; + containers = { + slimserver = { + image = "docker.io/lmscommunity/logitechmediaserver:stable"; + volumes = [ + "/mnt/medias/musique:/music:ro" + "/var/lib/slimserver:/config:rw" + "/etc/localtime:/etc/localtime:ro" + ]; + ports = [ + "9000:9000/tcp" + "9090:9090/tcp" + "3483:3483/tcp" + "3483:3483/udp" + ]; + extraOptions = ["--pull=always"]; + }; + }; + }; } From c3a629cc033d33a92226914438a9a56f6e87af86 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 11 Oct 2021 10:49:30 +0200 Subject: [PATCH 152/474] set autossh as system user --- systems/LoutreOS/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 367f3a16..0cf9bc53 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -173,6 +173,7 @@ home = "/home/autossh"; createHome = true; group = "autossh"; + isSystemUser = true; }; }; From dea468e9f1570cf5dd3eac88c43fc3e67c7b1a5e Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 11 Oct 2021 10:52:39 +0200 Subject: [PATCH 153/474] setup zfs replication destination and backup --- systems/LoutreOS/hardware-configuration.nix | 5 +++++ systems/LoutreOS/services.nix | 4 ++-- systems/LoutreOS/users.nix | 9 +++++++++ systems/common-cli.nix | 1 + 4 files changed, 17 insertions(+), 2 deletions(-) diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index 1fd5d447..68e20bb3 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -158,6 +158,11 @@ fsType = "zfs"; }; + fileSystems."/mnt/paul-home" = + { device = "loutrepool/zfs-replicate/paul-fixe/fastaf/home"; + fsType = "zfs"; + }; + swapDevices = [ { diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 3c9df85e..9dfefb2c 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -14,7 +14,7 @@ let ''; login_mail_alert = pkgs.writeShellScriptBin "mail_alert.sh" '' - if [ "$PAM_TYPE" != "close_session" ]; then + if [ "$PAM_TYPE" != "close_session" ] && [ "$PAM_USER" != "zfspaulfixe" ]; then ${sendMail "paul@nyanlout.re" "SSH Login: $PAM_USER from $PAM_RHOST" "`env`"}/bin/mail.sh fi ''; @@ -228,11 +228,11 @@ in "/var/lib/postgresql/.zfs/snapshot/borgsnap" "/var/lib/radarr" "/var/lib/sonarr" - "/var/lib/syncthing" "/var/lib/transmission" "/mnt/medias/musique" "/mnt/medias/torrent/lidarr" "/mnt/medias/torrent/musique" + "/mnt/paul-home/paul" "/var/sieve" "/var/vmail" ]; diff --git a/systems/LoutreOS/users.nix b/systems/LoutreOS/users.nix index 92cd0096..c20d2195 100644 --- a/systems/LoutreOS/users.nix +++ b/systems/LoutreOS/users.nix @@ -29,6 +29,15 @@ isNormalUser = true; description = "Synology Diskstation maison"; }; + + zfspaulfixe = { + uid = 1002; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDIQjzpEBNEwJhBTh82K5bJMyPSuHvYJyipaZYVtOZSJIDIRcec9YwMOQuMl9+O5kI36tiataEpmb/y3OWU567DXKp/BtljfVfNSQracKJPt6GJFOz4fKqCqoBh7M06ZGsBHUi/NsKIvw4asJsBuK6uACvxKFt2pSR6fp+/2y/3NH0LpDmDuuYORhciJUBC+RUTCLtVUfzkMAeR2p+M079Ia0rnkEXNFgc75FQon1bQu/0bnbHPweSwnNfRB0XPm6Qgz3sS2Cyhf1/GqgvARs80P4MWuqqZFXhsBTajOHOjCu6fiaylPNXNWfLnahkRzKIOkIy7/yEO+MmMD+V7pjbvSqB7MD1T5wfcPHvHTISM4E+7dw9aPj9+JspkgSSACtIFKsqxkWlq5creUV1syDm2Cd4rBnKrc8yWtAxBSusFWbAr6xtxP6I+ibS4trjNdHHrjMJK9jpbPxdblJJrO3qn6VYC/WzFAxzDDUi5ysGzNdpQLacacne/95gSGXCgIIc= root@paul-fixe" + ]; + description = "paul-fixe zfs backup user"; + }; }; users.extraGroups.medias = { diff --git a/systems/common-cli.nix b/systems/common-cli.nix index adf9ad8e..537de6c2 100644 --- a/systems/common-cli.nix +++ b/systems/common-cli.nix @@ -67,6 +67,7 @@ binutils bat molly-guard + lz4 # Développement openssl From d1212c9d73266019d2923647556a2bb12e2ac9a7 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 11 Oct 2021 10:58:02 +0200 Subject: [PATCH 154/474] update nginx conf --- systems/LoutreOS/hardware-configuration.nix | 5 + systems/LoutreOS/web.nix | 165 ++++++++++++++------ 2 files changed, 125 insertions(+), 45 deletions(-) diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index 68e20bb3..49847181 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -163,6 +163,11 @@ fsType = "zfs"; }; + fileSystems."/mnt/webdav" = + { device = "loutrepool/webdav"; + fsType = "zfs"; + }; + swapDevices = [ { diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 0f634129..a1499b4a 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -48,30 +48,56 @@ in acceptTerms = true; }; - users.groups.work = {}; - users.users.work = { - isSystemUser = true; - group = config.users.groups.work.name; + users.groups = { + work = {}; + webdav = {}; + }; + users.users = { + work = { + isSystemUser = true; + group = config.users.groups.work.name; + }; + webdav = { + isSystemUser = true; + group = config.users.groups.webdav.name; + }; }; services = { - phpfpm.pools.work = { - user = config.users.users.work.name; - phpPackage = pkgs.php.withExtensions ({ all, ... }: with all; [ redis filter ]); - settings = { - "listen.owner" = config.services.nginx.user; - "pm" = "dynamic"; - "pm.max_children" = 75; - "pm.start_servers" = 10; - "pm.min_spare_servers" = 5; - "pm.max_spare_servers" = 20; - "pm.max_requests" = 500; + phpfpm.pools = { + work = { + user = config.users.users.work.name; + phpPackage = pkgs.php.withExtensions ({ all, ... }: with all; [ redis filter ]); + settings = { + "listen.owner" = config.services.nginx.user; + "pm" = "dynamic"; + "pm.max_children" = 75; + "pm.start_servers" = 10; + "pm.min_spare_servers" = 5; + "pm.max_spare_servers" = 20; + "pm.max_requests" = 500; + }; + }; + drive = { + user = config.users.users.webdav.name; + settings = { + "listen.owner" = config.services.nginx.user; + "pm" = "dynamic"; + "pm.max_children" = 75; + "pm.start_servers" = 10; + "pm.min_spare_servers" = 5; + "pm.max_spare_servers" = 20; + "pm.max_requests" = 500; + }; + phpOptions = '' + output_buffering=off + ''; }; }; nginx = { enable = true; package = pkgs.nginx.override { - modules = with pkgs.nginxModules; [ dav ]; + modules = with pkgs.nginxModules; [ dav moreheaders ]; }; recommendedGzipSettings = true; recommendedOptimisation = true; @@ -83,8 +109,6 @@ in } add_header Strict-Transport-Security $hsts_header; add_header Referrer-Policy origin-when-cross-origin; - - error_page 500 502 503 504 https://nyanlout.re/errorpages/50x.html; ''; sso = { enable = true; @@ -128,34 +152,47 @@ in }; virtualHosts = let base = locations: { - inherit locations; + locations = locations // { + "@maintenance" = { + root = "/var/www/errorpages/"; + extraConfig = '' + rewrite ^(.*)$ /50x.html break; + ''; + }; + }; forceSSL = true; enableACME = true; + extraConfig = '' + error_page 500 502 503 504 = @maintenance; + ''; }; simpleReverse = rport: base { "/" = { proxyPass = "http://127.0.0.1:${toString(rport)}/"; }; }; - authReverse = rport: base { - "/" = { - proxyPass = "http://127.0.0.1:${toString(rport)}/"; + authReverse = rport: zipAttrsWith (name: vs: if name == "extraConfig" then (concatStrings vs) else elemAt vs 0) [ + (base { + "/" = { + proxyPass = "http://127.0.0.1:${toString(rport)}/"; + extraConfig = '' + auth_request_set $cookie $upstream_http_set_cookie; + add_header Set-Cookie $cookie; + ''; + }; + }) + { extraConfig = '' - auth_request_set $cookie $upstream_http_set_cookie; - add_header Set-Cookie $cookie; + include ${nginxSsoAuth}; ''; - }; - } // { - extraConfig = '' - include ${nginxSsoAuth}; - ''; - }; + } + ]; in { "nyanlout.re" = base { "/" = { alias = "/var/www/site-perso/"; }; - "/errorpages/" = { + "/maintenance/" = { alias = "/var/www/errorpages/"; }; "/.well-known/openpgpkey/" = { @@ -194,7 +231,11 @@ in "jackett.nyanlout.re" = authReverse 9117; "pgmanage.nyanlout.re" = authReverse config.services.pgmanage.port; "matrix.nyanlout.re" = simpleReverse 8008; - "emby.nyanlout.re" = simpleReverse 8096; + "emby.nyanlout.re" = recursiveUpdate (simpleReverse 8096) { + locations."/" = { + proxyWebsockets = true; + }; + }; "ci.nyanlout.re" = simpleReverse 52350; "gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort; "musique.nyanlout.re" = simpleReverse config.services.navidrome.settings.Port; @@ -203,27 +244,58 @@ in proxyWebsockets = true; }; }; - "work.rezom.eu" = base { + # "work.rezom.eu" = base { + # "/" = { + # index = "/_h5ai/public/index.php"; + # extraConfig = '' + # dav_ext_methods PROPFIND OPTIONS; + # ''; + # }; + # "~ ^/(_h5ai/public/index|random).php" = { + # extraConfig = '' + # fastcgi_split_path_info ^(.+\.php)(/.+)$; + # fastcgi_pass unix:${config.services.phpfpm.pools.work.socket}; + # include ${pkgs.nginx}/conf/fastcgi_params; + # include ${pkgs.nginx}/conf/fastcgi.conf; + # ''; + # }; + # } // { + # root = "/mnt/medias/iso_linux"; + # extraConfig = '' + # access_log /var/log/nginx/$host.log; + # ''; + # }; + "drive.nyanlout.re" = base { "/" = { - index = "/_h5ai/public/index.php"; - extraConfig = '' - dav_ext_methods PROPFIND OPTIONS; - ''; - }; - "~ ^/(_h5ai/public/index|random).php" = { + index = "/index.php"; extraConfig = '' fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass unix:${config.services.phpfpm.pools.work.socket}; + fastcgi_pass unix:${config.services.phpfpm.pools.drive.socket}; include ${pkgs.nginx}/conf/fastcgi_params; include ${pkgs.nginx}/conf/fastcgi.conf; + + client_max_body_size 0; ''; }; } // { - root = "/mnt/medias/iso_linux"; - extraConfig = '' - access_log /var/log/nginx/$host.log; - ''; + root = "/mnt/webdav"; }; + "rspamd.nyanlout.re" = zipAttrsWith (name: vs: if name == "extraConfig" then (concatStrings vs) else elemAt vs 0) [ + (base { + "/" = { + proxyPass = "http://unix:/run/rspamd/worker-controller.sock"; + extraConfig = '' + auth_request_set $cookie $upstream_http_set_cookie; + add_header Set-Cookie $cookie; + ''; + }; + }) + { + extraConfig = '' + include ${nginxSsoAuth}; + ''; + } + ]; }; }; @@ -279,7 +351,10 @@ in }; systemd.services.nginx.serviceConfig = { - ReadWritePaths = "/var/www/hls"; + ReadWritePaths = [ + "/var/www/hls" + "/mnt/webdav" + ]; }; systemd.services.phpfpm-work.serviceConfig = { From d39e2659f796af68cba30c2b5ccb3a61c00f0062 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 11 Oct 2021 10:59:16 +0200 Subject: [PATCH 155/474] disable loki and promtail --- systems/LoutreOS/monitoring.nix | 91 --------------------------------- 1 file changed, 91 deletions(-) diff --git a/systems/LoutreOS/monitoring.nix b/systems/LoutreOS/monitoring.nix index b1ce2078..d60beed6 100644 --- a/systems/LoutreOS/monitoring.nix +++ b/systems/LoutreOS/monitoring.nix @@ -112,99 +112,8 @@ in ZED_EMAIL_ADDR = [ "paul@nyanlout.re" ]; ZED_NOTIFY_VERBOSE = true; }; - - loki = { - enable = true; - configuration = { - auth_enabled = false; - server.http_listen_port = 3100; - ingester = { - lifecycler = { - address = "127.0.0.1"; - ring = { - kvstore.store = "inmemory"; - replication_factor = 1; - }; - }; - chunk_idle_period = "1h"; - chunk_target_size = 1000000; - }; - schema_config.configs = [ - { - from = "2018-04-15"; - store = "boltdb"; - object_store = "filesystem"; - schema = "v11"; - index = { - prefix = "index_"; - period = "168h"; - }; - } - ]; - storage_config = { - boltdb.directory = "/var/lib/loki/index"; - filesystem.directory = "/var/lib/loki/chunks"; - }; - limits_config = { - enforce_metric_name = false; - reject_old_samples = true; - reject_old_samples_max_age = "168h"; - }; - chunk_store_config.max_look_back_period = "168h"; - table_manager = { - retention_deletes_enabled = true; - retention_period = "168h"; - }; - }; - }; - - promtail = { - enable = true; - configuration = { - server = { - http_listen_port = 9080; - grpc_listen_port = 0; - }; - positions.filename = "/tmp/positions.yaml"; - clients = [ { url = "http://127.0.0.1:3100/loki/api/v1/push"; } ]; - scrape_configs = [ - { - job_name = "nginx"; - static_configs = [ - { - labels = { - job = "nginx"; - __path__ = "/var/log/nginx/*log"; - }; - } - ]; - pipeline_stages = [ - { - match = { - selector = ''{job="nginx"}''; - stages = [ - { - regex.expression = ''^(?P[\w\.]+) - (?P[^ ]*) \[(?P.*)\] "(?P[^ ]*) (?P[^ ]*) (?P[^ ]*)" (?P[\d]+) (?P[\d]+) "(?P[^"]*)" "(?P[^"]*)"?''; - } - { - labels = { - method = null; - request = null; - status = null; - }; - } - ]; - }; - } - ]; - } - ]; - }; - }; }; - systemd.services.promtail.serviceConfig.SupplementaryGroups = [ "nginx" ]; - security.sudo.extraRules = [ { commands = [ { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } ]; users = [ "telegraf" ]; } ]; From d9500e4a24f4b68822d7516421a17a3476c05a2f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 11 Oct 2021 11:00:09 +0200 Subject: [PATCH 156/474] fix transmission config --- systems/LoutreOS/medias.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index a3dac882..98685c98 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -6,6 +6,7 @@ enable = true; home = "/var/lib/transmission"; port = 9091; + group = "medias"; settings = { rpc-bind-address = "127.0.0.1"; rpc-host-whitelist = "*"; @@ -33,7 +34,10 @@ }; }; - systemd.services.transmission.serviceConfig.BindPaths = [ "/mnt/medias" ]; + systemd.services.transmission.serviceConfig = { + BindPaths = [ "/mnt/medias" ]; + LimitNOFILE = 1048576; + }; networking = { firewall.allowedTCPPorts = [ From aecacc75d49045adeb9fffa665a5ab763dd2bb39 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 11 Oct 2021 11:00:25 +0200 Subject: [PATCH 157/474] disable email notification for backup users --- systems/LoutreOS/services.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 9dfefb2c..4c4b43d3 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -14,7 +14,7 @@ let ''; login_mail_alert = pkgs.writeShellScriptBin "mail_alert.sh" '' - if [ "$PAM_TYPE" != "close_session" ] && [ "$PAM_USER" != "zfspaulfixe" ]; then + if [ "$PAM_TYPE" != "close_session" ] && [ "$PAM_USER" != "zfspaulfixe" ] && [ "$PAM_USER" != "synology" ] && [ "$PAM_USER" != "rezome" ]; then ${sendMail "paul@nyanlout.re" "SSH Login: $PAM_USER from $PAM_RHOST" "`env`"}/bin/mail.sh fi ''; From dc468ea4fe8888bc96f851630927416558cb94f9 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 11 Oct 2021 11:00:40 +0200 Subject: [PATCH 158/474] fix backup config --- systems/LoutreOS/services.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 4c4b43d3..2604f684 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -236,6 +236,10 @@ in "/var/sieve" "/var/vmail" ]; + exclude = [ + "/var/lib/radarr/.config/Radarr/radarr.db-wal" + "/var/lib/radarr/.config/Radarr/radarr.db-shm" + ]; repo = "/mnt/backup/borg"; encryption = { mode = "repokey-blake2"; @@ -248,10 +252,11 @@ in monthly = 12; }; preHook = "${pkgs.zfs}/bin/zfs snapshot loutrepool/var/postgresql@borgsnap"; + readWritePaths = [ "/var/lib/postfix/queue/maildrop" ]; postHook = '' ${pkgs.zfs}/bin/zfs destroy loutrepool/var/postgresql@borgsnap if [[ $exitStatus == 0 ]]; then - ${pkgs.rclone}/bin/rclone --config /mnt/secrets/rclone_loutre.conf sync -v $BORG_REPO BackupStorage:loutre + ${pkgs.rclone}/bin/rclone --config /mnt/secrets/rclone_loutre.conf sync -v $BORG_REPO BackupStorage:default else ${backup_mail_alert}/bin/mail.sh fi From 55b5529ea87d945dbc27cb3d6c278d993490272d Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 11 Oct 2021 11:01:46 +0200 Subject: [PATCH 159/474] add minecraft backup user --- systems/LoutreOS/services.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 2604f684..9dbc243e 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -270,6 +270,11 @@ in path = "/mnt/backup_loutre/diskstation_borg"; user = "synology"; }; + minecraft-rezome = { + authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc1nGsSesW96k0DPMSt/chjvCrYmfgPgHG1hdUYB5x0pZPdOJaVRIlETWdoFlO+ViviC518B3TF7Qc3oJXPZMchJQl684Nukbc312juf+j9z/KT3dqD8YvKX6o5ynx1Dyq52ftrfkBAEAvzE0OfRljUPbwGBOM0dGRD4R1jbiHquTXpITlbgGTZymbwr4Jr9W9atgf5kHMiX7xOqMZcasDtUE8g+AG4ysHdpjOrBOUM9QeRbVP1bxEFP8xjqOOoET5tbkwektP4B2jaf+EHBPUy2lkwjVEKT6MaSlkJx/wMvUWp25kG9mrXgwUw1bgfOeZIsK6ztcki3l92BJQD9ip shame@minecraft.rezom.eu" ]; + path = "/mnt/backup_loutre/minecraft_rezome"; + user = "rezome"; + }; }; sdtdserver.enable = false; From 01ba2ce633f290f249eafd4f483d70a0230f48a0 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 11 Oct 2021 11:02:59 +0200 Subject: [PATCH 160/474] change home assistant config --- systems/LoutreOS/services.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 9dbc243e..4cf1e18b 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -323,11 +323,13 @@ in }; influxdb = null; config = null; - frontend.themes = "!include ${pkgs.fetchurl { - url = "https://raw.githubusercontent.com/bbbenji/synthwave-hass/0.3.3.1/themes/synthwave.yaml"; - sha256 = "1n2yhk98cf778z7fdl5bswljhj45nv6bld191rxw7q6ckp235q4h"; - }}"; + dhcp = null; + frontend = null; history = null; + http = { + use_x_forwarded_for = true; + trusted_proxies = [ "127.0.0.1" ]; + }; logbook = null; map = null; mobile_app = null; From 3c348df23e8ea648e10a8306cf1390aa9cb990be Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 11 Oct 2021 11:03:18 +0200 Subject: [PATCH 161/474] change users config --- systems/LoutreOS/users.nix | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/systems/LoutreOS/users.nix b/systems/LoutreOS/users.nix index c20d2195..d7def68f 100644 --- a/systems/LoutreOS/users.nix +++ b/systems/LoutreOS/users.nix @@ -1,7 +1,7 @@ -{ config, pkgs, ... }: +{ lib, config, pkgs, ... }: { - users.extraUsers = { + users.users = { paul = { uid = 1000; isNormalUser = true; @@ -19,17 +19,30 @@ isNormalUser = true; description = "Victor SENE"; openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCaCc2qcQsd/VPDX1K97zJ/MjObWnTfRkA98xeNnVTeGoMmbf/fW1KszB+3IYCngCKLhliotHEXkqOK24vMLZ9ylVPTIPLNY5OWLFRQSOU/OykP8r4ikDWmMOwI+tqkoBknTUZdA1MN1JmkpE1cWL8vRJ7mnwl/p7xCMHV19N5+UdoIx3bFsm0CCUMIYSaIefoD3tpIzmgVqBkIH4FSmNwvXHwcXhhOTGqXbTJYC/GY2mI0AFvZI3T61ReV325ms7QRQlElXP8Rv8lpjr57VISNjKsPPNvifLjy10RjIS8iNioN6fJ0XBCfKOmm37VX86aFkAgWdpzxGojprOXnViwZEWSegnvKGx8FNx3gB54zF76e6koWS+qnYf9UTdogO6uXhXZb7AoMC9XD0/l6Egh8HzPWAUZtLx74zhB8ufoKmzqOp4YrCK8Cu4N/1UTFyPUoeSCZJdcE/9iqldym06mOi4rDV5cKCzs+Q0bVP8+x8SZ9ajYUH7l4sxjDHtHiyAYniWIxGPO5NazCfx7J+1GGzbtV0HuBwE/U20z+nBy+WZ4MowQTNb2E2uhq4OgQASx7uTKtyhnfT09A3toHZVerfH8ET8YEVnwdYMCA0GHYMOZ48h1ORdE+OLyqRlxjYTCB17Kc2icSL3iv8Yd66vQagy3A+C8OhZP1rdc15bEZnw== openpgp:0x28DF0235" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1r2ZzVnOlmoNoLgrc3+Lx7whO8mzcwUf2p9DiYAVg2zo2zbfubLVG1BAgFDe7y+2HwJIbGDDMNUaT+FAsv0mHRlfdUMXXF3nVsFPWGovo1ks31O5zUI9IE3qFU5AJ7SPICS4lQYox1o594iS1OcwJ7Iu6pjEQRRG1OLVYSILJ994vtGsDxfz1CZ8b7u9oSwHz0E4pdy6epkFSE/+9WsZl+ziDMigYZfubjzUCzMy2uT5Z6t+r6bW6mcxnmYax/YmrRvL/dTeDE64Qf7nugjB0XOKUOKCPN5dtqYRx0fN9aDSRf4ubmyVaYeKudm9vttGHXjSPVWAvow+jUDOq2cGr victor@sene.ovh" - ]; + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCaCc2qcQsd/VPDX1K97zJ/MjObWnTfRkA98xeNnVTeGoMmbf/fW1KszB+3IYCngCKLhliotHEXkqOK24vMLZ9ylVPTIPLNY5OWLFRQSOU/OykP8r4ikDWmMOwI+tqkoBknTUZdA1MN1JmkpE1cWL8vRJ7mnwl/p7xCMHV19N5+UdoIx3bFsm0CCUMIYSaIefoD3tpIzmgVqBkIH4FSmNwvXHwcXhhOTGqXbTJYC/GY2mI0AFvZI3T61ReV325ms7QRQlElXP8Rv8lpjr57VISNjKsPPNvifLjy10RjIS8iNioN6fJ0XBCfKOmm37VX86aFkAgWdpzxGojprOXnViwZEWSegnvKGx8FNx3gB54zF76e6koWS+qnYf9UTdogO6uXhXZb7AoMC9XD0/l6Egh8HzPWAUZtLx74zhB8ufoKmzqOp4YrCK8Cu4N/1UTFyPUoeSCZJdcE/9iqldym06mOi4rDV5cKCzs+Q0bVP8+x8SZ9ajYUH7l4sxjDHtHiyAYniWIxGPO5NazCfx7J+1GGzbtV0HuBwE/U20z+nBy+WZ4MowQTNb2E2uhq4OgQASx7uTKtyhnfT09A3toHZVerfH8ET8YEVnwdYMCA0GHYMOZ48h1ORdE+OLyqRlxjYTCB17Kc2icSL3iv8Yd66vQagy3A+C8OhZP1rdc15bEZnw== openpgp:0x28DF0235" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1r2ZzVnOlmoNoLgrc3+Lx7whO8mzcwUf2p9DiYAVg2zo2zbfubLVG1BAgFDe7y+2HwJIbGDDMNUaT+FAsv0mHRlfdUMXXF3nVsFPWGovo1ks31O5zUI9IE3qFU5AJ7SPICS4lQYox1o594iS1OcwJ7Iu6pjEQRRG1OLVYSILJ994vtGsDxfz1CZ8b7u9oSwHz0E4pdy6epkFSE/+9WsZl+ziDMigYZfubjzUCzMy2uT5Z6t+r6bW6mcxnmYax/YmrRvL/dTeDE64Qf7nugjB0XOKUOKCPN5dtqYRx0fN9aDSRf4ubmyVaYeKudm9vttGHXjSPVWAvow+jUDOq2cGr victor@sene.ovh" + ]; + }; + + amandoleen = { + isNormalUser = true; + description = "Amandine <3"; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRu0M10AfF2nS8Ky9JzQ4cDRbcjmR+LLvENohxTJhW4xwAwN/f2I0ObbiJ5PHC3mXi8V5JqnSaYNdIMXuULDxxc1QEa0aeLw4xIrYw1wEOrHvL9DeYvS289sRgWSb/PvyejEHwcBBm4Xf0/nQNQF462C064Ms56cT3YAOhNBA7ubyCAqd0VW8RHc1mZ5b/owzM7SviXrpcIM5QDPVP2051SxrqGbunAnwe5x2kNDeYqicyIik61rpYe+erhkyvL3WdgC7mHnF8VPKx049zIsfK5UmJwI+rI24cDUT9E6B4XZttpdyJK6i7/6NSYm4nrMXQxCF1tofd5yZK5vpYH8Dyiic5ykhB57kr1QCmck70VMmt77uOoMeGZ+IJCY5oZYcR/n04mUwN9mmRsECcr17a8IDQkmPd8PNbjrNRgtVKDVLtw4HyOPCAfdH+XzEGiMxnZfzq0rLEYU3S4RAkLpe2W3C0fWniEWzSnXj76AGcyJcxIVzrIYg4uzTgNhZlb08vO1ytw9QaEY17Po5YFjBD8fT9Z0UijG3WQBm7AmSrcg/OLP6UOghbnlkZFYpC0hYcbX1sTfdfysw9kT/d8BImQvwBzmJ/YRqHmCejZGTkCCmw8i93EYFm3uVFZypcSe50JV9rx9P7yPtWS4QVOg/6ltlvJiGsz45P87qjA9nO/Q== amandoleen" + ]; }; synology = { uid = 1001; isNormalUser = true; + isSystemUser = lib.mkForce false; description = "Synology Diskstation maison"; }; + rezome = { + description = "Rezome Minecraft backup"; + }; + zfspaulfixe = { uid = 1002; isNormalUser = true; From be9e640d3e847b73dd62933771584ac6d64a4066 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 11 Oct 2021 11:03:49 +0200 Subject: [PATCH 162/474] disable mastodon --- systems/LoutreOS/web.nix | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index a1499b4a..99ffe8ed 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -332,22 +332,6 @@ in }; python-ci.enable = true; - - mastodon = { - enable = false; - localDomain = "social.nyanlout.re"; - configureNginx = true; - extraConfig = { - SMTP_AUTH_METHOD = "none"; - SMTP_OPENSSL_VERIFY_MODE = "none"; - }; - smtp = { - fromAddress = "social@nyanlout.re"; - user = "social@nyanlout.re"; - authenticate = false; - }; - mediaPruneTimer = true; - }; }; systemd.services.nginx.serviceConfig = { From 57a50c5156c69fe502a56793f03e44e97b3fb019 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 11 Oct 2021 15:35:02 +0200 Subject: [PATCH 163/474] fix cgroup monitoring --- systems/LoutreOS/monitoring.nix | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/systems/LoutreOS/monitoring.nix b/systems/LoutreOS/monitoring.nix index d60beed6..29915d2b 100644 --- a/systems/LoutreOS/monitoring.nix +++ b/systems/LoutreOS/monitoring.nix @@ -35,15 +35,9 @@ in cgroup = [ { paths = [ - "/sys/fs/cgroup/memory/system.slice/*" + "/sys/fs/cgroup/system.slice/*" ]; - files = ["memory.*usage*" "memory.limit_in_bytes"]; - } - { - paths = [ - "/sys/fs/cgroup/cpu/system.slice/*" - ]; - files = ["cpuacct.usage" "cpu.cfs_period_us" "cpu.cfs_quota_us"]; + files = ["memory.current" "cpu.stat"]; } ]; ipmi_sensor = { path = "${pkgs.ipmitool}/bin/ipmitool"; }; From ff41ad8ebadfd09436d8d2bbf009ba5b35a6bcec Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 14 Oct 2021 12:44:59 +0200 Subject: [PATCH 164/474] channel update --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 4a1328c9..faa78ae4 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "nixpkgs": { "locked": { - "lastModified": 1633934814, - "narHash": "sha256-OF62Alp2ocacmDMzvRWMduITf87lcuGonxn9eg9uGG8=", + "lastModified": 1634115022, + "narHash": "sha256-K9DZMQ47VRrg9gtTPwex5p0E8LnwM/dDkNe7AQW0qj0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b313502c719069cce2dd6fd1d5e7fc5999b21c70", + "rev": "564cb4d81d4f734dd068684adec5a60077397fe9", "type": "github" }, "original": { @@ -18,11 +18,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1633791597, - "narHash": "sha256-HzpxqTEnqsjkKWfW87kSI3WVizYjUMQeUjSIm3b5I0Y=", + "lastModified": 1633971123, + "narHash": "sha256-WmI4NbH1IPGFWVkuBkKoYgOnxgwSfWDgdZplJlQ93vA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9bf75dd50b7b6d3ce6aaf6563db95f41438b9bdb", + "rev": "e4ef597edfd8a0ba5f12362932fc9b1dd01a0aef", "type": "github" }, "original": { From 8ee4f912544a609ac55ffa59ea724bd2ba3f27c6 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 14 Oct 2021 13:01:23 +0200 Subject: [PATCH 165/474] paul-fixe: update config --- systems/PC-Fixe/configuration.nix | 215 +++++++++++++++++++-- systems/PC-Fixe/hardware-configuration.nix | 47 ++--- systems/common-cli.nix | 11 +- systems/common-gui.nix | 39 +++- 4 files changed, 250 insertions(+), 62 deletions(-) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 656a5751..bbe8de09 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -17,25 +17,42 @@ efiSupport = true; device = "nodev"; zfsSupport = true; - gfxmodeEfi = "1920x1080,auto"; memtest86.enable = true; fontSize = 32; }; - boot.kernelParams = ["acpi_enforce_resources=lax"]; - boot.tmpOnTmpfs = true; + boot.kernelParams = [ + "acpi_enforce_resources=lax" + "zfs.zfs_arc_max=2147483648" + ]; + boot.tmpOnTmpfs = false; boot.supportedFilesystems = [ "zfs" ]; virtualisation.virtualbox.host.enable = true; # virtualisation.virtualbox.host.enableExtensionPack = true; - virtualisation.anbox.enable = true; + # virtualisation.anbox.enable = true; + virtualisation.podman.enable = true; services.zfs = { - trim.enable = true; + trim = { + enable = true; + interval = "monthly"; + }; + autoScrub = { + enable = true; + interval = "monthly"; + }; autoSnapshot = { enable = true; monthly = 6; }; - autoScrub.enable = true; + autoReplication = { + enable = true; + host = "nyanlout.re"; + username = "zfspaulfixe"; + identityFilePath = "/var/lib/zfs-replication/id_rsa"; + localFilesystem = "fastaf/home"; + remoteFilesystem = "loutrepool/zfs-replicate/paul-fixe"; + }; }; hardware.bluetooth.enable = true; @@ -43,6 +60,21 @@ # Logitech G920 hardware.usbWwan.enable = true; + # hardware.pulseaudio.extraConfig = '' + # load-module module-null-sink sink_name=mic_denoised_out rate=48000 + # load-module module-ladspa-sink sink_name=mic_raw_in sink_master=mic_denoised_out label=noise_suppressor_mono plugin=${pkgs.rnnoise-plugin}/lib/ladspa/librnnoise_ladspa.so control=50 + # load-module module-loopback source=alsa_input.pci-0000_09_00.4.analog-stereo sink=mic_raw_in channels=1 source_dont_move=true sink_dont_move=true + + # load-module module-echo-cancel source_name=hd_mic source_master=mic_denoised_out.monitor sink_master=alsa_output.pci-0000_09_00.4.analog-stereo + + # set-default-source hd_mic + # ''; + + # hardware.pulseaudio.configFile = pkgs.runCommand "default.pa" {} '' + # sed '/module-switch-on-port-available$/d' \ + # ${pkgs.pulseaudio}/etc/pulse/default.pa > $out + # ''; + services.udev.packages = with pkgs; [ usb-modeswitch-data # Logitech G920 ]; @@ -56,6 +88,10 @@ networking.hostName = "paul-fixe"; networking.hostId = "3a1f739e"; + networking.hosts = { + "10.30.0.1" = ["emby.nyanlout.re" "nyanlout.re"]; + }; + environment.systemPackages = with pkgs; [ usb_modeswitch ]; @@ -80,26 +116,165 @@ ]; }; - services.syncthing.enable = true; - services.syncthing.user = "paul"; - services.syncthing.group = "users"; - services.netdata.enable = true; services.openssh.enable = true; services.openssh.passwordAuthentication = false; services.openssh.forwardX11 = true; - systemd.services = { - "wol" = { - description = "Wake-on-LAN"; - wantedBy = [ "multi-user.target" ]; - requires = [ "network.target" ]; - after = [ "network.target" ]; - script = '' - ${pkgs.ethtool}/sbin/ethtool -s eno1 wol g - ''; - serviceConfig.Type = "oneshot"; + # security.pki.certificates = [ + # '' + # -----BEGIN CERTIFICATE----- + # MIIDoTCCAomgAwIBAgIGDorvJrq1MA0GCSqGSIb3DQEBCwUAMCgxEjAQBgNVBAMM + # CW1pdG1wcm94eTESMBAGA1UECgwJbWl0bXByb3h5MB4XDTIwMDgzMDE5MjA1NloX + # DTIzMDkwMTE5MjA1NlowKDESMBAGA1UEAwwJbWl0bXByb3h5MRIwEAYDVQQKDAlt + # aXRtcHJveHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsUHB2if9A + # L5ytR9VrZncwDdx3J6ZdA2+wZQe9EjtX5ax1r55bbQBoJmN2HqZCSA3vdvMzr42W + # Jx0ksNhNocEGvER2dTUIqkUKeeYQIRCc5CD9T5IpUVVKm3aeJo+FATmuzg4m23MZ + # a9Up4nCdUJwufSqzv0ZWvEHERWtRXPYRZ2t+vKqnCS+dOQ3NsGWvC+12i7kNMKyy + # 0ylFBY/BZfaH/kMVzUijAnNQPWpW3T/Wqpx7z+IXZ+ccCQ1U1N26FXhSMa/+DenW + # fo27QVNOu5cIIpAYmTl6+Oek0XLSH8oFLdjeVtBJuHFA1iAfmqPv4yJDKbSgg/d8 + # Jb46BE2ZyW6RAgMBAAGjgdAwgc0wDwYDVR0TAQH/BAUwAwEB/zARBglghkgBhvhC + # AQEEBAMCAgQweAYDVR0lBHEwbwYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcD + # BAYIKwYBBQUHAwgGCisGAQQBgjcCARUGCisGAQQBgjcCARYGCisGAQQBgjcKAwEG + # CisGAQQBgjcKAwMGCisGAQQBgjcKAwQGCWCGSAGG+EIEATAOBgNVHQ8BAf8EBAMC + # AQYwHQYDVR0OBBYEFEiFqrQtFmTV66rlQ9SCqp7ohrtsMA0GCSqGSIb3DQEBCwUA + # A4IBAQBfH5xpxt4mCdnjiISaMeEcKuur2kfVbQEKNceDeKLZJfcwEkMtAr0LeyMV + # 1hkExtvyU0JPmgyzU7Le4UHEB8pwyyD3kYx7vBtxjVSXAbK1YKgDllPmXtlJGmA/ + # SMuxnwkUXwMeZBxmu8LR1SOQiMX+aZvYbQIjigduXOC/ZSHYtJbh+RmrvHFEBu7L + # zZx8DzJKOmlfo9gohNIW1ucRM6B4B5yy5plqurGlkFPHlRqGoWkJPI4oB+cobzMh + # QidzHgk4Set3bqIuYAsqtHGxdTtnGooagQBUWt0CxmGdmonofzinsAAasKprcBl6 + # QaNGz7o/LfHprXvCM1mHjbVVbZN2 + # -----END CERTIFICATE----- + # '' + # ]; + + # services.wakeonlan.interfaces = [ { interface = "eno1"; method = "magicpacket"; } ]; + + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + package = pkgs.nginx.override { + modules = with pkgs.nginxModules; [ rtmp ]; + }; + virtualHosts."stream.nyanlout.re" = { + locations."/" = { + root = "/var/www/hls/"; + extraConfig = '' + add_header Cache-Control no-cache; + add_header Access-Control-Allow-Origin *; + ''; + }; + default = true; + }; + appendConfig = let + rootLocation = config.services.nginx.virtualHosts."stream.nyanlout.re".locations."/".root; + in '' + rtmp { + server { + listen 1935; + + application live { + live on; + interleave on; + exec_push ${pkgs.ffmpeg}/bin/ffmpeg -i rtmp://localhost/$app/$name -async 1 -vsync -1 + -c:v libx264 -c:a aac -b:v 256k -b:a 96k -vf "scale=480:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_low + -c:v libx264 -c:a aac -b:v 768k -b:a 96k -vf "scale=720:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_mid + -c:v libx264 -c:a aac -b:v 1024k -b:a 128k -vf "scale=960:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_high + -c:v libx264 -c:a aac -b:v 1920k -b:a 128k -vf "scale=1280:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_hd720 + -c copy -f flv rtmp://localhost/show/$name_src 2>>${rootLocation}/ffmpeg-$name.log; + } + + application show { + live on; + hls on; + + hls_path ${rootLocation}; + hls_fragment 5; + hls_playlist_length 10; + hls_nested on; + + hls_variant _low BANDWIDTH=352000; # Low bitrate, sub-SD resolution + hls_variant _mid BANDWIDTH=448000; # Medium bitrate, SD resolution + hls_variant _high BANDWIDTH=1152000; # High bitrate, higher-than-SD resolution + hls_variant _hd720 BANDWIDTH=2048000; # High bitrate, HD 720p resolution + hls_variant _src BANDWIDTH=8192000; # Source bitrate, source resolution + } + } + } + ''; + }; + + services.xserver.deviceSection = '' + Option "metamodes" "DP-0: 3440x1440_144 +0+0 {AllowGSYNCCompatible=On}" + ''; + + systemd = let + DP0Config = "--mode 3440x1440 --rate 144"; + DP2Config = "--auto --left-of DP-0"; + HDMIConfig = "--auto --left-of DP-0"; + in { + services = { + wol = { + description = "Wake-on-LAN"; + wantedBy = [ "multi-user.target" ]; + requires = [ "network.target" ]; + after = [ "network.target" ]; + script = '' + ${pkgs.ethtool}/sbin/ethtool -s eno1 wol g + ''; + serviceConfig.Type = "oneshot"; + }; + nginx.serviceConfig.ReadWritePaths = "/var/www/hls"; + zfs-replication.serviceConfig.StateDirectory = "zfs-replication"; + }; + user.services = { + "enableTV" = { + description = "Enable TV output"; + script = '' + ${pkgs.xorg.xrandr}/bin/xrandr --output DP-0 --mode 3440x1440 --rate 144 --primary + /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-0: 3440x1440_144 { AllowGSYNCCompatible=On }" + ${pkgs.xorg.xrandr}/bin/xrandr --output HDMI-0 ${HDMIConfig} + ''; + conflicts = ["CSMode.service"]; + serviceConfig.Type = "oneshot"; + }; + "primaryTV" = { + description = "Set TV output as primary"; + script = '' + ${pkgs.xorg.xrandr}/bin/xrandr --output DP-0 --mode 3440x1440 --rate 144 + /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-0: 3440x1440_144 { AllowGSYNCCompatible=On }" + ${pkgs.xorg.xrandr}/bin/xrandr --output HDMI-0 --primary ${HDMIConfig} + ''; + conflicts = ["CSMode.service"]; + serviceConfig.Type = "oneshot"; + }; + "FreeSyncMode" = { + description = "Enable FreeSync screen only"; + script = '' + ${pkgs.xorg.xrandr}/bin/xrandr --output DP-0 --mode 3440x1440 --rate 144 + /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-0: 3440x1440_144 { AllowGSYNCCompatible=On }" + ${pkgs.xorg.xrandr}/bin/xrandr --output HDMI-0 --off + ''; + conflicts = ["CSMode.service"]; + serviceConfig.Type = "oneshot"; + }; + "CSMode" = { + description = "Enable 4:3 black bars"; + script = '' + ${pkgs.xorg.xrandr}/bin/xrandr --output DP-0 --mode 3440x1440 --rate 144 --primary + /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-0: 3440x1440_144 { ViewPortIn=3440x1440, ViewPortOut=1920x1440+760+0, AllowGSYNCCompatible=On }" + ${pkgs.xorg.xrandr}/bin/xrandr --output HDMI-0 --off + ''; + preStop = '' + /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-0: 3440x1440_144 { ViewPortIn=3440x1440, ViewPortOut=3440x1440+0+0, AllowGSYNCCompatible=On }" + ''; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + }; }; }; diff --git a/systems/PC-Fixe/hardware-configuration.nix b/systems/PC-Fixe/hardware-configuration.nix index 82d25920..1c08f149 100644 --- a/systems/PC-Fixe/hardware-configuration.nix +++ b/systems/PC-Fixe/hardware-configuration.nix @@ -21,46 +21,31 @@ fsType = "zfs"; }; - fileSystems."/home" = - { device = "rpool/home"; - fsType = "zfs"; - }; - fileSystems."/boot" = { device = "/dev/disk/by-uuid/F4EC-57DF"; fsType = "vfat"; }; + fileSystems."/home" = + { device = "fastaf/home"; + fsType = "zfs"; + }; + + fileSystems."/mnt/steam" = + { device = "fastaf/steam"; + fsType = "zfs"; + }; + + fileSystems."/mnt/games" = + { device = "fastaf/games"; + fsType = "zfs"; + }; + fileSystems."/mnt/hdd" = { device = "/dev/mapper/ManjaroVG-ManjaroRoot"; fsType = "ext4"; }; - fileSystems."/home/paul/Documents" = - { device = "/mnt/hdd/paul/Documents"; - options = [ "bind" ]; - }; - - fileSystems."/home/paul/Téléchargements" = - { device = "/mnt/hdd/paul/Téléchargements"; - options = [ "bind" ]; - }; - - fileSystems."/home/paul/Musique" = - { device = "/mnt/hdd/paul/Musique"; - options = [ "bind" ]; - }; - - fileSystems."/home/paul/Images" = - { device = "/mnt/hdd/paul/Images"; - options = [ "bind" ]; - }; - - fileSystems."/home/paul/Vidéos" = - { device = "/mnt/hdd/paul/Vidéos"; - options = [ "bind" ]; - }; - fileSystems."/mnt/medias" = { device = "10.30.0.1:/mnt/medias"; fsType = "nfs"; @@ -70,5 +55,5 @@ swapDevices = [ ]; nix.maxJobs = lib.mkDefault 12; - powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; + powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; } diff --git a/systems/common-cli.nix b/systems/common-cli.nix index adf9ad8e..5482971a 100644 --- a/systems/common-cli.nix +++ b/systems/common-cli.nix @@ -11,9 +11,11 @@ vimAlias = true; configure = { customRC = '' - set shiftwidth=2 - set softtabstop=2 + set tabstop=8 + set shiftwidth=4 + set softtabstop=0 set expandtab + set smarttab set background=dark ''; packages.myVimPackage = with pkgs.vimPlugins; { @@ -27,7 +29,7 @@ }) # Gestionnaires de version - gitFull + gitMinimal tig gitAndTools.hub quilt @@ -60,13 +62,14 @@ starship # Audio - beets + # beets # Outils borgbackup binutils bat molly-guard + nix-template # Développement openssl diff --git a/systems/common-gui.nix b/systems/common-gui.nix index a9c5b3a8..dbff6b6a 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -17,6 +17,7 @@ minecraft multimc lutris + teamspeak_client betaflight-configurator @@ -50,6 +51,7 @@ gwenview kcalc spectacle + kinfocenter kile (texlive.combine { inherit (texlive) scheme-small titling collection-langfrench cm-super; @@ -57,7 +59,7 @@ gnome-breeze - libreoffice + libreoffice-fresh gimp inkscape @@ -65,12 +67,15 @@ obs-studio vlc mpv - jftui - calibre + # jftui + # calibre + jellyfin-mpv-shim + kdenlive glxinfo i7z appimage-run + pavucontrol ]; i18n = { @@ -81,11 +86,20 @@ programs.steam.enable = true; - hardware = { - pulseaudio.enable = true; - }; + # hardware = { + # pulseaudio.enable = true; + # }; - sound.enable = true; + # sound.enable = true; + + security.rtkit.enable = true; + + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; networking.networkmanager.enable = true; @@ -106,6 +120,7 @@ xserver = { enable = true; layout = "fr"; + exportConfiguration = true; displayManager.sddm.enable = true; desktopManager.plasma5.enable = true; }; @@ -124,6 +139,16 @@ }; environment.etc = { + "mpv/mpv.conf" = { + text = '' + profile=gpu-hq + scale=ewa_lanczossharp + cscale=ewa_lanczossharp + video-sync=display-resample + interpolation + tscale=oversample + ''; + }; # CK3 fix "ssl/certs/f387163d.0".source = "${pkgs.cacert.unbundled}/etc/ssl/certs/Starfield_Class_2_CA.crt"; }; From 9cfccf44e1b7f461f65c7d05fda1c8c0d4a12428 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 14 Oct 2021 13:49:55 +0200 Subject: [PATCH 166/474] paul-fixe: config flake --- flake.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/flake.nix b/flake.nix index e679baf9..2fc65825 100644 --- a/flake.nix +++ b/flake.nix @@ -20,6 +20,19 @@ ./systems/LoutreOS/configuration.nix ]; }; + + nixosConfigurations.paul-fixe = nixpkgs-unstable.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ({ pkgs, ... }: { + nix.nixPath = [ + "nixpkgs=${nixpkgs}" + ]; + }) + nixpkgs.nixosModules.notDetected + ./systems/PC-Fixe/configuration.nix + ]; + }; }; } From 0eda8382491b691b8c51215d3625b0daf12b1aeb Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 14 Oct 2021 14:05:57 +0200 Subject: [PATCH 167/474] put nix unstable in global config --- systems/LoutreOS/configuration.nix | 7 ------- systems/common-cli.nix | 7 +++++++ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 0cf9bc53..016a386a 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -23,13 +23,6 @@ tmpOnTmpfs = true; }; - nix = { - package = pkgs.nixUnstable; - extraOptions = '' - experimental-features = nix-command flakes - ''; - }; - documentation.nixos.enable = false; nixpkgs.config.allowUnfree = false; diff --git a/systems/common-cli.nix b/systems/common-cli.nix index 25e08ff4..431da82d 100644 --- a/systems/common-cli.nix +++ b/systems/common-cli.nix @@ -4,6 +4,13 @@ time.timeZone = "Europe/Paris"; + nix = { + package = pkgs.nixUnstable; + extraOptions = '' + experimental-features = nix-command flakes + ''; + }; + environment.systemPackages = with pkgs; [ # Editeurs (neovim.override { From 1a42ae58b8d454f1f2ad1b000bc96de03a3d6d35 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 14 Oct 2021 14:16:53 +0200 Subject: [PATCH 168/474] paul-fixe: fix flake config --- flake.nix | 2 +- systems/PC-Fixe/hardware-configuration.nix | 4 ---- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/flake.nix b/flake.nix index 2fc65825..bd155edf 100644 --- a/flake.nix +++ b/flake.nix @@ -29,7 +29,7 @@ "nixpkgs=${nixpkgs}" ]; }) - nixpkgs.nixosModules.notDetected + nixpkgs-unstable.nixosModules.notDetected ./systems/PC-Fixe/configuration.nix ]; }; diff --git a/systems/PC-Fixe/hardware-configuration.nix b/systems/PC-Fixe/hardware-configuration.nix index 1c08f149..5d505050 100644 --- a/systems/PC-Fixe/hardware-configuration.nix +++ b/systems/PC-Fixe/hardware-configuration.nix @@ -4,10 +4,6 @@ { config, lib, pkgs, ... }: { - imports = - [ - ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.kernelModules = [ "kvm-amd" "coretemp" "it87" ]; From 35e6b8e32712edc401d02e78e7ccf8a11681ba79 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 14 Oct 2021 14:20:08 +0200 Subject: [PATCH 169/474] update flakes --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index faa78ae4..373455d2 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "nixpkgs": { "locked": { - "lastModified": 1634115022, - "narHash": "sha256-K9DZMQ47VRrg9gtTPwex5p0E8LnwM/dDkNe7AQW0qj0=", + "lastModified": 1634211226, + "narHash": "sha256-ocGVLT3dUGjmIQJE8pXrJOIJHzI2N3NaCWlKsQuKTYY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "564cb4d81d4f734dd068684adec5a60077397fe9", + "rev": "0ebb82a648a6f2ca9841fb8e09848a6067a79cbd", "type": "github" }, "original": { From 61d2c807e59d5027a1bb4ae8caa65e982672cbf0 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 14 Oct 2021 14:59:20 +0200 Subject: [PATCH 170/474] release-21.05 -> nixos-21.05 switch to channel --- flake.lock | 8 ++++---- flake.nix | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 373455d2..d2d10cef 100644 --- a/flake.lock +++ b/flake.lock @@ -2,16 +2,16 @@ "nodes": { "nixpkgs": { "locked": { - "lastModified": 1634211226, - "narHash": "sha256-ocGVLT3dUGjmIQJE8pXrJOIJHzI2N3NaCWlKsQuKTYY=", + "lastModified": 1634115022, + "narHash": "sha256-K9DZMQ47VRrg9gtTPwex5p0E8LnwM/dDkNe7AQW0qj0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "0ebb82a648a6f2ca9841fb8e09848a6067a79cbd", + "rev": "564cb4d81d4f734dd068684adec5a60077397fe9", "type": "github" }, "original": { "owner": "nixos", - "ref": "release-21.05", + "ref": "nixos-21.05", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index bd155edf..3bb51374 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,6 @@ { inputs = { - nixpkgs.url = "github:nixos/nixpkgs/release-21.05"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-21.05"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.05"; }; From 0f3ee16912c183fcc3277a56514c443c562fc531 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 15 Oct 2021 11:38:01 +0200 Subject: [PATCH 171/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'nixpkgs-unstable': 'github:nixos/nixpkgs/e4ef597edfd8a0ba5f12362932fc9b1dd01a0aef' (2021-10-11) → 'github:nixos/nixpkgs/2cf9db0e3d45b9d00f16f2836cb1297bcadc475e' (2021-10-14) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index d2d10cef..dc0de009 100644 --- a/flake.lock +++ b/flake.lock @@ -18,11 +18,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1633971123, - "narHash": "sha256-WmI4NbH1IPGFWVkuBkKoYgOnxgwSfWDgdZplJlQ93vA=", + "lastModified": 1634172192, + "narHash": "sha256-FBF4U/T+bMg4sEyT/zkgasvVquGzgdAf4y8uCosKMmo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e4ef597edfd8a0ba5f12362932fc9b1dd01a0aef", + "rev": "2cf9db0e3d45b9d00f16f2836cb1297bcadc475e", "type": "github" }, "original": { From 458b6a72cdc8044ee2a272ef49cb92763e280c92 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 18 Oct 2021 10:45:52 +0200 Subject: [PATCH 172/474] flake.lock: Update --- flake.lock | 12 ++++++------ flake.nix | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index dc0de009..1698b1d7 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "nixpkgs": { "locked": { - "lastModified": 1634115022, - "narHash": "sha256-K9DZMQ47VRrg9gtTPwex5p0E8LnwM/dDkNe7AQW0qj0=", + "lastModified": 1634327140, + "narHash": "sha256-d5L7oMjUVC6VU0cQMsF0tceAPkmzuAQ51DWBFNChbEQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "564cb4d81d4f734dd068684adec5a60077397fe9", + "rev": "83667ff60a88e22b76ef4b0bdf5334670b39c2b6", "type": "github" }, "original": { @@ -18,11 +18,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1634172192, - "narHash": "sha256-FBF4U/T+bMg4sEyT/zkgasvVquGzgdAf4y8uCosKMmo=", + "lastModified": 1634436779, + "narHash": "sha256-D/nrXTWpe1bPIjFy85sgiLHYqu+AeaC6v5/+KlA9PRg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2cf9db0e3d45b9d00f16f2836cb1297bcadc475e", + "rev": "9aeeb7574fb784eaf6395f4400705b5f619e6cc3", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 3bb51374..a586e8b0 100644 --- a/flake.nix +++ b/flake.nix @@ -26,7 +26,7 @@ modules = [ ({ pkgs, ... }: { nix.nixPath = [ - "nixpkgs=${nixpkgs}" + "nixpkgs=${nixpkgs-unstable}" ]; }) nixpkgs-unstable.nixosModules.notDetected From 1383d2574d93bcbecc7a55a847edbbb0792c3964 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 19 Oct 2021 14:27:42 +0200 Subject: [PATCH 173/474] ajout script ipmihddtemp --- flake.lock | 17 +++++++++++++++++ flake.nix | 20 +++++++++++++++++++- ipmihddtemp.py | 42 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 78 insertions(+), 1 deletion(-) create mode 100644 ipmihddtemp.py diff --git a/flake.lock b/flake.lock index 1698b1d7..9e35e36c 100644 --- a/flake.lock +++ b/flake.lock @@ -16,6 +16,22 @@ "type": "github" } }, + "nixpkgs-nyanloutre-pysmart": { + "locked": { + "lastModified": 1634643555, + "narHash": "sha256-Fu0JVScZt0fUqfeo2tsTUcoehtpalBU7+15pxy1Ld+Y=", + "owner": "nyanloutre", + "repo": "nixpkgs", + "rev": "256d8d34f05c8badeaf3ecb615d3af08a4b492d6", + "type": "github" + }, + "original": { + "owner": "nyanloutre", + "ref": "pysmart-init", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-unstable": { "locked": { "lastModified": 1634436779, @@ -50,6 +66,7 @@ "root": { "inputs": { "nixpkgs": "nixpkgs", + "nixpkgs-nyanloutre-pysmart": "nixpkgs-nyanloutre-pysmart", "nixpkgs-unstable": "nixpkgs-unstable", "simple-nixos-mailserver": "simple-nixos-mailserver" } diff --git a/flake.nix b/flake.nix index a586e8b0..ac35fd12 100644 --- a/flake.nix +++ b/flake.nix @@ -2,10 +2,11 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-21.05"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs-nyanloutre-pysmart.url = "github:nyanloutre/nixpkgs/pysmart-init"; simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.05"; }; - outputs = { self, nixpkgs, nixpkgs-unstable, simple-nixos-mailserver }: { + outputs = { self, nixpkgs, nixpkgs-unstable, simple-nixos-mailserver, nixpkgs-nyanloutre-pysmart }: { nixosConfigurations.loutreos = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ @@ -18,6 +19,23 @@ "${nixpkgs-unstable}/nixos/modules/services/audio/navidrome.nix" simple-nixos-mailserver.nixosModule ./systems/LoutreOS/configuration.nix + ({ pkgs, ... }: { + systemd.services.ipmihddtemp = { + description = "IPMI HDD temp fan control"; + wantedBy = ["multi-user.target"]; + path = with pkgs;[ ipmitool smartmontools ]; + serviceConfig = { + ExecStart = with nixpkgs-nyanloutre-pysmart.legacyPackages.x86_64-linux; + let env = python3Packages.python.buildEnv.override { + extraLibs = with python3Packages;[ pysmart ]; + ignoreCollisions = true; + }; + in "${pkgs.writeShellScriptBin "run.sh" '' + ${env}/bin/python ${pkgs.writeScript "ipmihddtemp.py" "${builtins.readFile ./ipmihddtemp.py}"} + ''}/bin/run.sh"; + }; + }; + }) ]; }; diff --git a/ipmihddtemp.py b/ipmihddtemp.py new file mode 100644 index 00000000..ee7e21ff --- /dev/null +++ b/ipmihddtemp.py @@ -0,0 +1,42 @@ +import math +import subprocess +import time +from pySMART import DeviceList + +MIN_FAN_SPEED = 30 +MAX_FAN_SPEED = 100 + +MIN_HDD_TEMP = 30 +MAX_HDD_TEMP = 50 + +devlist = DeviceList() + +# Put fans in full speed mode +subprocess.run(["ipmitool", "raw", "0x30", "0x45", "0x01", "0x01"]) + +while True: + for device in devlist: + device.update() + + # Linear fan speed between MIN_FAN_SPEED and MAX_FAN_SPEED + fan_speed = max( + min( + math.ceil( + MIN_FAN_SPEED + + ( + (MAX_FAN_SPEED - MIN_FAN_SPEED) + * ( + (max([x.temperature for x in devlist]) - MIN_HDD_TEMP) + / (MAX_HDD_TEMP - MIN_HDD_TEMP) + ) + ) + ), + MAX_FAN_SPEED, + ), + MIN_FAN_SPEED, + ) + + subprocess.run(["ipmitool", "raw", "0x30", "0x70", "0x66", "0x01", "0x00", hex(fan_speed)]) + + time.sleep(10) + From d7de965eda9b64fd6a071132cce67bd3c1812004 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 19 Oct 2021 14:31:05 +0200 Subject: [PATCH 174/474] flake.lock: Update --- flake.lock | 20 +++++++++----------- flake.nix | 4 ++-- 2 files changed, 11 insertions(+), 13 deletions(-) diff --git a/flake.lock b/flake.lock index 9e35e36c..4a0e5b53 100644 --- a/flake.lock +++ b/flake.lock @@ -2,18 +2,17 @@ "nodes": { "nixpkgs": { "locked": { - "lastModified": 1634327140, - "narHash": "sha256-d5L7oMjUVC6VU0cQMsF0tceAPkmzuAQ51DWBFNChbEQ=", - "owner": "nixos", + "lastModified": 1634551044, + "narHash": "sha256-HOHemrQt3wA7eS5YT8n+X0OdB9+X4O08YUPTrFMBG60=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "83667ff60a88e22b76ef4b0bdf5334670b39c2b6", + "rev": "f001876680c0e32a89bced8d02d2c61250684e17", "type": "github" }, "original": { - "owner": "nixos", + "id": "nixpkgs", "ref": "nixos-21.05", - "repo": "nixpkgs", - "type": "github" + "type": "indirect" } }, "nixpkgs-nyanloutre-pysmart": { @@ -36,16 +35,15 @@ "locked": { "lastModified": 1634436779, "narHash": "sha256-D/nrXTWpe1bPIjFy85sgiLHYqu+AeaC6v5/+KlA9PRg=", - "owner": "nixos", + "owner": "NixOS", "repo": "nixpkgs", "rev": "9aeeb7574fb784eaf6395f4400705b5f619e6cc3", "type": "github" }, "original": { - "owner": "nixos", + "id": "nixpkgs", "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" + "type": "indirect" } }, "nixpkgs_2": { diff --git a/flake.nix b/flake.nix index ac35fd12..afdacc56 100644 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,7 @@ { inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-21.05"; - nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs.url = "flake:nixpkgs/nixos-21.05"; + nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; nixpkgs-nyanloutre-pysmart.url = "github:nyanloutre/nixpkgs/pysmart-init"; simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.05"; }; From 5a89f4151a135dfd4d13a51161b3c348f8f5fc88 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 20 Oct 2021 10:17:18 +0200 Subject: [PATCH 175/474] flake.lock: Update --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 4a0e5b53..334f9d7c 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "nixpkgs": { "locked": { - "lastModified": 1634551044, - "narHash": "sha256-HOHemrQt3wA7eS5YT8n+X0OdB9+X4O08YUPTrFMBG60=", + "lastModified": 1634661806, + "narHash": "sha256-fBuR7EZ67UOdNt3gEwhoyWJ6zJtXh4kuupIALRcx/7I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f001876680c0e32a89bced8d02d2c61250684e17", + "rev": "8fe3b97ef4527ac88d03ea33e0789f3512e01adc", "type": "github" }, "original": { @@ -33,11 +33,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1634436779, - "narHash": "sha256-D/nrXTWpe1bPIjFy85sgiLHYqu+AeaC6v5/+KlA9PRg=", + "lastModified": 1634515797, + "narHash": "sha256-elgCUC2khtBkOSpE4gDymNvthTZAI4hGI2iNu3YEUkA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9aeeb7574fb784eaf6395f4400705b5f619e6cc3", + "rev": "5f0194220f2402b06f7f79bba6351895facb5acb", "type": "github" }, "original": { From e30775bb0114cc89a80631cb16139c61d8ea0e25 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 22 Oct 2021 10:09:40 +0200 Subject: [PATCH 176/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/8fe3b97ef4527ac88d03ea33e0789f3512e01adc' (2021-10-19) → 'github:NixOS/nixpkgs/70904d4a9927a4d6e05c72c4aaac4370e05107f3' (2021-10-20) • Updated input 'nixpkgs-nyanloutre-pysmart': 'github:nyanloutre/nixpkgs/256d8d34f05c8badeaf3ecb615d3af08a4b492d6' (2021-10-19) → 'github:nyanloutre/nixpkgs/23da6c741cb865d6595708df4ea188709f184ec3' (2021-10-22) • Removed input 'nixpkgs-staging' • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/5f0194220f2402b06f7f79bba6351895facb5acb' (2021-10-18) → 'github:NixOS/nixpkgs/34ad3ffe08adfca17fcb4e4a47bb5f3b113687be' (2021-10-21) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 334f9d7c..ff9fd15d 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "nixpkgs": { "locked": { - "lastModified": 1634661806, - "narHash": "sha256-fBuR7EZ67UOdNt3gEwhoyWJ6zJtXh4kuupIALRcx/7I=", + "lastModified": 1634758644, + "narHash": "sha256-H3UW/msC6wadg28lcgZv2Ge/P7dWxesL6i37a0GOeyM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8fe3b97ef4527ac88d03ea33e0789f3512e01adc", + "rev": "70904d4a9927a4d6e05c72c4aaac4370e05107f3", "type": "github" }, "original": { @@ -17,11 +17,11 @@ }, "nixpkgs-nyanloutre-pysmart": { "locked": { - "lastModified": 1634643555, - "narHash": "sha256-Fu0JVScZt0fUqfeo2tsTUcoehtpalBU7+15pxy1Ld+Y=", + "lastModified": 1634889389, + "narHash": "sha256-fcSc2Qbmv8UfJm1sBXdbG4qsJYrg6YUxTLfWr/KaCng=", "owner": "nyanloutre", "repo": "nixpkgs", - "rev": "256d8d34f05c8badeaf3ecb615d3af08a4b492d6", + "rev": "23da6c741cb865d6595708df4ea188709f184ec3", "type": "github" }, "original": { @@ -33,11 +33,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1634515797, - "narHash": "sha256-elgCUC2khtBkOSpE4gDymNvthTZAI4hGI2iNu3YEUkA=", + "lastModified": 1634782485, + "narHash": "sha256-psfh4OQSokGXG0lpq3zKFbhOo3QfoeudRcaUnwMRkQo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5f0194220f2402b06f7f79bba6351895facb5acb", + "rev": "34ad3ffe08adfca17fcb4e4a47bb5f3b113687be", "type": "github" }, "original": { From f7319c3e20a940c19186f738bf985ef7738b4515 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 22 Oct 2021 11:06:14 +0200 Subject: [PATCH 177/474] dogetipbot-telegram: migrate to flake --- flake.lock | 45 +++++++++++++++++++++++++++++++---- flake.nix | 4 +++- systems/LoutreOS/services.nix | 18 +------------- 3 files changed, 44 insertions(+), 23 deletions(-) diff --git a/flake.lock b/flake.lock index ff9fd15d..9e9e5f5e 100644 --- a/flake.lock +++ b/flake.lock @@ -1,12 +1,31 @@ { "nodes": { + "dogetipbot-telegram": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1634893013, + "narHash": "sha256-6vcnuqNvg49PN+4FePU50CQpdy5dPbj7+58wD7duRlw=", + "owner": "nyanloutre", + "repo": "dogetipbot-telegram", + "rev": "8807fb1a2a8f2d965618e72daf300eba0233327b", + "type": "gitlab" + }, + "original": { + "owner": "nyanloutre", + "ref": "master", + "repo": "dogetipbot-telegram", + "type": "gitlab" + } + }, "nixpkgs": { "locked": { - "lastModified": 1634758644, - "narHash": "sha256-H3UW/msC6wadg28lcgZv2Ge/P7dWxesL6i37a0GOeyM=", + "lastModified": 1627805549, + "narHash": "sha256-+LHhcpzw6vAxF6q0VSLkZSEGpDC02JN21KM8eUWz+is=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "70904d4a9927a4d6e05c72c4aaac4370e05107f3", + "rev": "16bf3980bfa0d8929639be93fa8491ebad9d61ec", "type": "github" }, "original": { @@ -47,6 +66,21 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1634758644, + "narHash": "sha256-H3UW/msC6wadg28lcgZv2Ge/P7dWxesL6i37a0GOeyM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "70904d4a9927a4d6e05c72c4aaac4370e05107f3", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-21.05", + "type": "indirect" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1607522989, "narHash": "sha256-o/jWhOSAlaK7y2M57OIriRt6whuVVocS/T0mG7fd1TI=", @@ -63,7 +97,8 @@ }, "root": { "inputs": { - "nixpkgs": "nixpkgs", + "dogetipbot-telegram": "dogetipbot-telegram", + "nixpkgs": "nixpkgs_2", "nixpkgs-nyanloutre-pysmart": "nixpkgs-nyanloutre-pysmart", "nixpkgs-unstable": "nixpkgs-unstable", "simple-nixos-mailserver": "simple-nixos-mailserver" @@ -71,7 +106,7 @@ }, "simple-nixos-mailserver": { "inputs": { - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "utils": "utils" }, "locked": { diff --git a/flake.nix b/flake.nix index afdacc56..62fb6ad3 100644 --- a/flake.nix +++ b/flake.nix @@ -4,9 +4,10 @@ nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; nixpkgs-nyanloutre-pysmart.url = "github:nyanloutre/nixpkgs/pysmart-init"; simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.05"; + dogetipbot-telegram.url = "gitlab:nyanloutre/dogetipbot-telegram/master"; }; - outputs = { self, nixpkgs, nixpkgs-unstable, simple-nixos-mailserver, nixpkgs-nyanloutre-pysmart }: { + outputs = { self, nixpkgs, nixpkgs-unstable, simple-nixos-mailserver, dogetipbot-telegram, nixpkgs-nyanloutre-pysmart }: { nixosConfigurations.loutreos = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ @@ -18,6 +19,7 @@ nixpkgs.nixosModules.notDetected "${nixpkgs-unstable}/nixos/modules/services/audio/navidrome.nix" simple-nixos-mailserver.nixosModule + dogetipbot-telegram.nixosModule ./systems/LoutreOS/configuration.nix ({ pkgs, ... }: { systemd.services.ipmihddtemp = { diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 4cf1e18b..56cab716 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -675,23 +675,7 @@ in }; }; - systemd.services.dogetipbot-telegram = let - dogetipbot-telegram = pkgs.callPackage (pkgs.fetchgit { - url = "https://gitlab.com/nyanloutre/dogetipbot-telegram.git"; - rev = "18c875a2e4b98221523818515a1eecb9c5aeb093"; - sha256 = "0mhv00y1c2py425wxl13if6nlv97xk5k6flf772jj1yaxipjdmpn"; - }) { inherit pkgs; }; - in { - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - script = "${dogetipbot-telegram}/bin/dogetipbot-telegram --db-path $STATE_DIRECTORY/users.db"; - enable = true; - serviceConfig = { - EnvironmentFile = "/mnt/secrets/dogetipbot-telegram_env"; - DynamicUser = true; - StateDirectory = "dogetipbot"; - }; - }; + dogetipbot-telegram.enable = true; # systemd.services.minecraft-overviewer = # let From cd647db341b93b8d58ad7ab46b132a9a7c1ee368 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 22 Oct 2021 11:06:43 +0200 Subject: [PATCH 178/474] remove obsolete vsftpd config --- containers/vsftpd.nix | 77 ----------------------------------- systems/LoutreOS/services.nix | 1 - 2 files changed, 78 deletions(-) delete mode 100644 containers/vsftpd.nix diff --git a/containers/vsftpd.nix b/containers/vsftpd.nix deleted file mode 100644 index 683b555c..00000000 --- a/containers/vsftpd.nix +++ /dev/null @@ -1,77 +0,0 @@ -{ config, pkgs, ... }: -{ - containers.vsftpd = { - autoStart = true; - config = - { config, pkgs, ... }: - { - services.vsftpd = { - enable = true; - forceLocalLoginsSSL = true; - forceLocalDataSSL = true; - userlistDeny = false; - localUsers = true; - userlist = ["claire" "manu" "lakeu" "fusil" "stryxion" "nico"]; - rsaCertFile = "/var/lib/acme/nyanlout.re/full.pem"; - localRoot = "/mnt/medias"; - extraConfig = '' - pasv_min_port=64000 - pasv_max_port=65535 - pam_service_name=vsftpd - ''; - }; - - users.extraUsers = { - claire = { - isNormalUser = true; - hashedPassword = "$6$DjEjaibh$cRoOEHH.CjUgXXwyVphgnOGMhD3AVjPtawQb9BxvNSmWNqfcxoNH.6HhdxYa7PM0y0yctYXjsAc.vnkIov/NA/"; - description = "Claire TREHIOU"; - }; - - manu = { - isNormalUser = true; - hashedPassword = "$6$YGNIdGEclo$JcUotBS6hqlpENjjUeYhDjtrwxu10oARF4Nq4tEo072Sumr3Rl/w3ZXSHI5/3RxfvUMmJ4ulUVctBLhwrqP.g0"; - description = "Emmanuel ZENNER"; - }; - - lakeu = { - isNormalUser = true; - hashedPassword = "$6$Y7Rohw3xMzCGp$DVTZVAQccBeM/iVUH1IOgkXUohWjTvujNuvekezWS3vdEm1BUxkYZqH2ECHj5DN.ZiGFjJHhBh7PpbE8GDxSz."; - description = "Lakeu"; - }; - - fusil = { - isNormalUser = true; - hashedPassword = "$6$HndxtEEO1w4$FC6rXf1h98tyt0Ay670iz1jbaNj8vKwH8BHYf3vsbSennA63r94x67I5KxmVOxOIEbIf55zIWFsM8GpyJ9K6Y/"; - description = "Fusil"; - }; - - stryxion = { - isNormalUser = true; - hashedPassword = "$6$KZKwBLI6yGuvFg2Q$VCfSnhAacgxlxybTyuCDyNQ2InM8ppG3aa3Bw176TiNAX8tHWUpKesfI9YfcCoGAi1zSzA7b6uC8BmmfrQwg1."; - description = "Stryxion"; - }; - - nico = { - isNormalUser = true; - hashedPassword = "$6$.sMznhhJ0fG2qx$XevsEqsjlLAnu/VMgeA6B5YfWY36dUZXtUGiEgPueHzRcfAEi2UXLWRHqcN6AsW1AozepeAP6/lZW3fDAyULA1"; - description = "MAGENI"; - }; - - sli = { - isNormalUser = true; - hashedPassword = "$6$ewTJHnkTpnw56$askXnJP9iX6.S5IgsSXvlcJA7ncLosPYVIw3TcOlRuK/z8UcFYqVlLX5uDJ.W6DiJ1Uk6FVfbL0jDL2ac22Mx0"; - description = "Sli"; - }; - }; - }; - bindMounts = { - "/var/lib/acme/nyanlout.re" = { - hostPath = "/var/lib/acme/nyanlout.re"; - }; - "/mnt/medias" = { - hostPath = "/mnt/medias"; - }; - }; - }; -} diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 56cab716..5c03619c 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -28,7 +28,6 @@ in imports = [ ../../services/python-ci.nix ../../services/sdtdserver.nix - # ../../containers/vsftpd.nix # /mnt/secrets/factorio_secrets.nix ./monitoring.nix ./medias.nix From fcd96cba2f5aaccdf64d6ea75149f21fba96a1a4 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 22 Oct 2021 11:17:44 +0200 Subject: [PATCH 179/474] remove obsolete package --- pkgs/site-max/default.nix | 30 ------------------------------ 1 file changed, 30 deletions(-) delete mode 100644 pkgs/site-max/default.nix diff --git a/pkgs/site-max/default.nix b/pkgs/site-max/default.nix deleted file mode 100644 index a42387cb..00000000 --- a/pkgs/site-max/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ lib, stdenv, fetchFromGitHub, sassc }: - -stdenv.mkDerivation rec { - name= "site-max-${version}"; - version = "1.0.1"; - - src = fetchFromGitHub { - owner = "nyanloutre"; - repo = "site-max"; - rev = "85e30457291e6a1dfe85a5d7a78f226657bad279"; - sha256 = "0fj5w43gcvp0gq0xlknrf6yp0b48wg01686wp02fjc9npm424g0v"; - }; - - buildPhase = '' - ${sassc}/bin/sassc -m auto -t compressed scss/creative.scss css/creative.css - ''; - - installPhase = '' - mkdir -p $out/ - cp -R . $out/ - ''; - - meta = { - description = "Site de présentation de Max Spiegel"; - homepage = https://maxspiegel.fr/; - maintainers = with stdenv.lib.maintainers; [ nyanloutre ]; - license = stdenv.lib.licenses.cc-by-nc-sa-40; - platforms = stdenv.lib.platforms.all; - }; -} From 6a92795907d61b0f9c83ed3374f0f1ef20e1c94c Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 2 Nov 2021 13:40:21 +0100 Subject: [PATCH 180/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/70904d4a9927a4d6e05c72c4aaac4370e05107f3' (2021-10-20) → 'github:NixOS/nixpkgs/f0869b1a2c0b150aac26e10bb5c2364ffb2e804f' (2021-10-31) • Updated input 'nixpkgs-nyanloutre-pysmart': 'github:nyanloutre/nixpkgs/23da6c741cb865d6595708df4ea188709f184ec3' (2021-10-22) → 'github:nyanloutre/nixpkgs/9b2bd68adc2455180887d952ce204ae69dfd651e' (2021-10-22) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/34ad3ffe08adfca17fcb4e4a47bb5f3b113687be' (2021-10-21) → 'github:NixOS/nixpkgs/b165ce0c4efbb74246714b5c66b6bcdce8cde175' (2021-11-01) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 9e9e5f5e..5352dedf 100644 --- a/flake.lock +++ b/flake.lock @@ -36,11 +36,11 @@ }, "nixpkgs-nyanloutre-pysmart": { "locked": { - "lastModified": 1634889389, - "narHash": "sha256-fcSc2Qbmv8UfJm1sBXdbG4qsJYrg6YUxTLfWr/KaCng=", + "lastModified": 1634908616, + "narHash": "sha256-JoJyEZKpTOHc6NMH76l8Jg/0QrMSEQsX0PtZXVtnCpA=", "owner": "nyanloutre", "repo": "nixpkgs", - "rev": "23da6c741cb865d6595708df4ea188709f184ec3", + "rev": "9b2bd68adc2455180887d952ce204ae69dfd651e", "type": "github" }, "original": { @@ -52,11 +52,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1634782485, - "narHash": "sha256-psfh4OQSokGXG0lpq3zKFbhOo3QfoeudRcaUnwMRkQo=", + "lastModified": 1635792138, + "narHash": "sha256-D79GqaYrwgyM4wvOPbQeKveAHROnVh97F36iSGZO9uA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "34ad3ffe08adfca17fcb4e4a47bb5f3b113687be", + "rev": "b165ce0c4efbb74246714b5c66b6bcdce8cde175", "type": "github" }, "original": { @@ -67,11 +67,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1634758644, - "narHash": "sha256-H3UW/msC6wadg28lcgZv2Ge/P7dWxesL6i37a0GOeyM=", + "lastModified": 1635719588, + "narHash": "sha256-pWjdy0NheM97NsPE6+jUnr5LYyeA0sBGTdw4mfXMGZQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "70904d4a9927a4d6e05c72c4aaac4370e05107f3", + "rev": "f0869b1a2c0b150aac26e10bb5c2364ffb2e804f", "type": "github" }, "original": { From c49431f175fa1a06625bf1d33f8d7c0cf72f9286 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 2 Nov 2021 18:06:07 +0100 Subject: [PATCH 181/474] pysmart in unstable branch --- flake.lock | 17 ----------------- flake.nix | 5 ++--- 2 files changed, 2 insertions(+), 20 deletions(-) diff --git a/flake.lock b/flake.lock index 5352dedf..90966607 100644 --- a/flake.lock +++ b/flake.lock @@ -34,22 +34,6 @@ "type": "indirect" } }, - "nixpkgs-nyanloutre-pysmart": { - "locked": { - "lastModified": 1634908616, - "narHash": "sha256-JoJyEZKpTOHc6NMH76l8Jg/0QrMSEQsX0PtZXVtnCpA=", - "owner": "nyanloutre", - "repo": "nixpkgs", - "rev": "9b2bd68adc2455180887d952ce204ae69dfd651e", - "type": "github" - }, - "original": { - "owner": "nyanloutre", - "ref": "pysmart-init", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs-unstable": { "locked": { "lastModified": 1635792138, @@ -99,7 +83,6 @@ "inputs": { "dogetipbot-telegram": "dogetipbot-telegram", "nixpkgs": "nixpkgs_2", - "nixpkgs-nyanloutre-pysmart": "nixpkgs-nyanloutre-pysmart", "nixpkgs-unstable": "nixpkgs-unstable", "simple-nixos-mailserver": "simple-nixos-mailserver" } diff --git a/flake.nix b/flake.nix index 62fb6ad3..740953ad 100644 --- a/flake.nix +++ b/flake.nix @@ -2,12 +2,11 @@ inputs = { nixpkgs.url = "flake:nixpkgs/nixos-21.05"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; - nixpkgs-nyanloutre-pysmart.url = "github:nyanloutre/nixpkgs/pysmart-init"; simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.05"; dogetipbot-telegram.url = "gitlab:nyanloutre/dogetipbot-telegram/master"; }; - outputs = { self, nixpkgs, nixpkgs-unstable, simple-nixos-mailserver, dogetipbot-telegram, nixpkgs-nyanloutre-pysmart }: { + outputs = { self, nixpkgs, nixpkgs-unstable, simple-nixos-mailserver, dogetipbot-telegram }: { nixosConfigurations.loutreos = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ @@ -27,7 +26,7 @@ wantedBy = ["multi-user.target"]; path = with pkgs;[ ipmitool smartmontools ]; serviceConfig = { - ExecStart = with nixpkgs-nyanloutre-pysmart.legacyPackages.x86_64-linux; + ExecStart = with nixpkgs-unstable.legacyPackages.x86_64-linux; let env = python3Packages.python.buildEnv.override { extraLibs = with python3Packages;[ pysmart ]; ignoreCollisions = true; From abdf4ac5bc572fa8ecbf96c4806bb24e19437165 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 2 Nov 2021 18:06:18 +0100 Subject: [PATCH 182/474] reenable beet CLI --- systems/common-cli.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/common-cli.nix b/systems/common-cli.nix index 431da82d..8ab65623 100644 --- a/systems/common-cli.nix +++ b/systems/common-cli.nix @@ -69,7 +69,7 @@ starship # Audio - # beets + beets # Outils borgbackup From ea8db5c950a3897afe02b0ccb77a596e31c3234c Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 2 Nov 2021 18:23:17 +0100 Subject: [PATCH 183/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'dogetipbot-telegram': 'gitlab:nyanloutre/dogetipbot-telegram/8807fb1a2a8f2d965618e72daf300eba0233327b' (2021-10-22) → 'gitlab:nyanloutre/dogetipbot-telegram/e781adbbeda8aa0cbaef47558fc28f9e1dd162fb' (2021-11-02) • Updated input 'dogetipbot-telegram/nixpkgs': 'github:NixOS/nixpkgs/16bf3980bfa0d8929639be93fa8491ebad9d61ec' (2021-08-01) → 'github:NixOS/nixpkgs/f0869b1a2c0b150aac26e10bb5c2364ffb2e804f' (2021-10-31) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 90966607..90b877d8 100644 --- a/flake.lock +++ b/flake.lock @@ -5,11 +5,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1634893013, - "narHash": "sha256-6vcnuqNvg49PN+4FePU50CQpdy5dPbj7+58wD7duRlw=", + "lastModified": 1635873573, + "narHash": "sha256-KcrFb8HSNcVTtYNXoUwZxW531cQn6T3YBU6Goo5G9mo=", "owner": "nyanloutre", "repo": "dogetipbot-telegram", - "rev": "8807fb1a2a8f2d965618e72daf300eba0233327b", + "rev": "e781adbbeda8aa0cbaef47558fc28f9e1dd162fb", "type": "gitlab" }, "original": { @@ -21,11 +21,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1627805549, - "narHash": "sha256-+LHhcpzw6vAxF6q0VSLkZSEGpDC02JN21KM8eUWz+is=", + "lastModified": 1635719588, + "narHash": "sha256-pWjdy0NheM97NsPE6+jUnr5LYyeA0sBGTdw4mfXMGZQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "16bf3980bfa0d8929639be93fa8491ebad9d61ec", + "rev": "f0869b1a2c0b150aac26e10bb5c2364ffb2e804f", "type": "github" }, "original": { From dfa0da3e24439baef68c7e0f13cad0d360ffdfa4 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 3 Nov 2021 19:33:55 +0100 Subject: [PATCH 184/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/f0869b1a2c0b150aac26e10bb5c2364ffb2e804f' (2021-10-31) → 'github:NixOS/nixpkgs/372e59d2af704bffd133cbe029f1d5efe73ba6fb' (2021-11-01) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/b165ce0c4efbb74246714b5c66b6bcdce8cde175' (2021-11-01) → 'github:NixOS/nixpkgs/b67e752c29f18a0ca5534a07661366d6a2c2e649' (2021-11-02) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 90b877d8..7b7d657b 100644 --- a/flake.lock +++ b/flake.lock @@ -36,11 +36,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1635792138, - "narHash": "sha256-D79GqaYrwgyM4wvOPbQeKveAHROnVh97F36iSGZO9uA=", + "lastModified": 1635844945, + "narHash": "sha256-tZcL307dj28jgEU1Wdn+zwG9neyW0H2+ZjdVhvJxh9g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b165ce0c4efbb74246714b5c66b6bcdce8cde175", + "rev": "b67e752c29f18a0ca5534a07661366d6a2c2e649", "type": "github" }, "original": { @@ -51,11 +51,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1635719588, - "narHash": "sha256-pWjdy0NheM97NsPE6+jUnr5LYyeA0sBGTdw4mfXMGZQ=", + "lastModified": 1635806954, + "narHash": "sha256-yX/zjbIL/HdXh8a92hWJ+31gsLLv7byA1XRuPARaLro=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f0869b1a2c0b150aac26e10bb5c2364ffb2e804f", + "rev": "372e59d2af704bffd133cbe029f1d5efe73ba6fb", "type": "github" }, "original": { From 99ce7ced428e4d3587d74df34fdeb414e3991cc5 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 3 Nov 2021 19:43:27 +0100 Subject: [PATCH 185/474] flakes follows same stable channel --- flake.lock | 46 ++++++++++------------------------------------ flake.nix | 10 ++++++++-- 2 files changed, 18 insertions(+), 38 deletions(-) diff --git a/flake.lock b/flake.lock index 7b7d657b..a848ba77 100644 --- a/flake.lock +++ b/flake.lock @@ -2,7 +2,9 @@ "nodes": { "dogetipbot-telegram": { "inputs": { - "nixpkgs": "nixpkgs" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1635873573, @@ -21,11 +23,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1635719588, - "narHash": "sha256-pWjdy0NheM97NsPE6+jUnr5LYyeA0sBGTdw4mfXMGZQ=", + "lastModified": 1635806954, + "narHash": "sha256-yX/zjbIL/HdXh8a92hWJ+31gsLLv7byA1XRuPARaLro=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f0869b1a2c0b150aac26e10bb5c2364ffb2e804f", + "rev": "372e59d2af704bffd133cbe029f1d5efe73ba6fb", "type": "github" }, "original": { @@ -49,47 +51,19 @@ "type": "indirect" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1635806954, - "narHash": "sha256-yX/zjbIL/HdXh8a92hWJ+31gsLLv7byA1XRuPARaLro=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "372e59d2af704bffd133cbe029f1d5efe73ba6fb", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-21.05", - "type": "indirect" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1607522989, - "narHash": "sha256-o/jWhOSAlaK7y2M57OIriRt6whuVVocS/T0mG7fd1TI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "e9158eca70ae59e73fae23be5d13d3fa0cfc78b4", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-unstable", - "type": "indirect" - } - }, "root": { "inputs": { "dogetipbot-telegram": "dogetipbot-telegram", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable", "simple-nixos-mailserver": "simple-nixos-mailserver" } }, "simple-nixos-mailserver": { "inputs": { - "nixpkgs": "nixpkgs_3", + "nixpkgs": [ + "nixpkgs" + ], "utils": "utils" }, "locked": { diff --git a/flake.nix b/flake.nix index 740953ad..cbcb814d 100644 --- a/flake.nix +++ b/flake.nix @@ -2,8 +2,14 @@ inputs = { nixpkgs.url = "flake:nixpkgs/nixos-21.05"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; - simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.05"; - dogetipbot-telegram.url = "gitlab:nyanloutre/dogetipbot-telegram/master"; + simple-nixos-mailserver = { + url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.05"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + dogetipbot-telegram = { + url = "gitlab:nyanloutre/dogetipbot-telegram/master"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { self, nixpkgs, nixpkgs-unstable, simple-nixos-mailserver, dogetipbot-telegram }: { From 6098357ec2dedbe20ba50adc781f1fd30d5af2c4 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 3 Nov 2021 20:10:03 +0100 Subject: [PATCH 186/474] put ipmihddtemp in separate repo --- flake.lock | 22 ++++++++++++++++++++++ flake.nix | 24 ++++++------------------ systems/LoutreOS/services.nix | 2 ++ 3 files changed, 30 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index a848ba77..bf3df907 100644 --- a/flake.lock +++ b/flake.lock @@ -21,6 +21,27 @@ "type": "gitlab" } }, + "ipmihddtemp": { + "inputs": { + "nixpkgs": [ + "nixpkgs-unstable" + ] + }, + "locked": { + "lastModified": 1635966341, + "narHash": "sha256-Y70jZPL3/fY8SzkPnpw9Ta411zbbkJ1D3qOYJ76zuIA=", + "owner": "nyanloutre", + "repo": "ipmihddtemp", + "rev": "6fe5d14f588956dfff89716f81b8101c7a94cd6d", + "type": "gitlab" + }, + "original": { + "owner": "nyanloutre", + "ref": "master", + "repo": "ipmihddtemp", + "type": "gitlab" + } + }, "nixpkgs": { "locked": { "lastModified": 1635806954, @@ -54,6 +75,7 @@ "root": { "inputs": { "dogetipbot-telegram": "dogetipbot-telegram", + "ipmihddtemp": "ipmihddtemp", "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable", "simple-nixos-mailserver": "simple-nixos-mailserver" diff --git a/flake.nix b/flake.nix index cbcb814d..f1d0adf1 100644 --- a/flake.nix +++ b/flake.nix @@ -10,9 +10,13 @@ url = "gitlab:nyanloutre/dogetipbot-telegram/master"; inputs.nixpkgs.follows = "nixpkgs"; }; + ipmihddtemp = { + url = "gitlab:nyanloutre/ipmihddtemp/master"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; + }; }; - outputs = { self, nixpkgs, nixpkgs-unstable, simple-nixos-mailserver, dogetipbot-telegram }: { + outputs = { self, nixpkgs, nixpkgs-unstable, simple-nixos-mailserver, dogetipbot-telegram, ipmihddtemp }: { nixosConfigurations.loutreos = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ @@ -25,24 +29,8 @@ "${nixpkgs-unstable}/nixos/modules/services/audio/navidrome.nix" simple-nixos-mailserver.nixosModule dogetipbot-telegram.nixosModule + ipmihddtemp.nixosModule ./systems/LoutreOS/configuration.nix - ({ pkgs, ... }: { - systemd.services.ipmihddtemp = { - description = "IPMI HDD temp fan control"; - wantedBy = ["multi-user.target"]; - path = with pkgs;[ ipmitool smartmontools ]; - serviceConfig = { - ExecStart = with nixpkgs-unstable.legacyPackages.x86_64-linux; - let env = python3Packages.python.buildEnv.override { - extraLibs = with python3Packages;[ pysmart ]; - ignoreCollisions = true; - }; - in "${pkgs.writeShellScriptBin "run.sh" '' - ${env}/bin/python ${pkgs.writeScript "ipmihddtemp.py" "${builtins.readFile ./ipmihddtemp.py}"} - ''}/bin/run.sh"; - }; - }; - }) ]; }; diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 5c03619c..ac1a373e 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -676,6 +676,8 @@ in dogetipbot-telegram.enable = true; + ipmihddtemp.enable = true; + # systemd.services.minecraft-overviewer = # let # clientJar = pkgs.fetchurl { From 2d2d3ee72de56eef559dcb6baff2a210fcd09d2e Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 3 Nov 2021 21:44:09 +0100 Subject: [PATCH 187/474] use flake-utils-plus --- flake.lock | 37 ++++++++++++++++++++++++++++++- flake.nix | 50 +++++++++++++++++++++--------------------- ipmihddtemp.py | 42 ----------------------------------- systems/common-cli.nix | 7 ------ 4 files changed, 61 insertions(+), 75 deletions(-) delete mode 100644 ipmihddtemp.py diff --git a/flake.lock b/flake.lock index bf3df907..5dcdd207 100644 --- a/flake.lock +++ b/flake.lock @@ -21,6 +21,21 @@ "type": "gitlab" } }, + "flake-utils": { + "locked": { + "lastModified": 1629481132, + "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "997f7efcb746a9c140ce1f13c72263189225f482", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "ipmihddtemp": { "inputs": { "nixpkgs": [ @@ -78,7 +93,8 @@ "ipmihddtemp": "ipmihddtemp", "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable", - "simple-nixos-mailserver": "simple-nixos-mailserver" + "simple-nixos-mailserver": "simple-nixos-mailserver", + "utils": "utils_2" } }, "simple-nixos-mailserver": { @@ -117,6 +133,25 @@ "repo": "flake-utils", "type": "github" } + }, + "utils_2": { + "inputs": { + "flake-utils": "flake-utils" + }, + "locked": { + "lastModified": 1630860118, + "narHash": "sha256-JwLcC/zRR6ypk4/Ks7plWBvThYoLhURaH2zvjuWVmyA=", + "owner": "gytis-ivaskevicius", + "repo": "flake-utils-plus", + "rev": "813281281363ec45af155c8d2ceb7c5132d4de45", + "type": "github" + }, + "original": { + "owner": "gytis-ivaskevicius", + "ref": "1.3.0", + "repo": "flake-utils-plus", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index f1d0adf1..4f6e88b2 100644 --- a/flake.nix +++ b/flake.nix @@ -2,6 +2,7 @@ inputs = { nixpkgs.url = "flake:nixpkgs/nixos-21.05"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; + utils.url = "github:gytis-ivaskevicius/flake-utils-plus/1.3.0"; simple-nixos-mailserver = { url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.05"; inputs.nixpkgs.follows = "nixpkgs"; @@ -16,33 +17,32 @@ }; }; - outputs = { self, nixpkgs, nixpkgs-unstable, simple-nixos-mailserver, dogetipbot-telegram, ipmihddtemp }: { - nixosConfigurations.loutreos = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ({ pkgs, ... }: { - nix.nixPath = [ - "nixpkgs=${nixpkgs}" - ]; - }) - nixpkgs.nixosModules.notDetected - "${nixpkgs-unstable}/nixos/modules/services/audio/navidrome.nix" - simple-nixos-mailserver.nixosModule - dogetipbot-telegram.nixosModule - ipmihddtemp.nixosModule - ./systems/LoutreOS/configuration.nix - ]; - }; + outputs = inputs@{ self, utils, nixpkgs, nixpkgs-unstable, simple-nixos-mailserver, dogetipbot-telegram, ipmihddtemp }: utils.lib.mkFlake { - nixosConfigurations.paul-fixe = nixpkgs-unstable.lib.nixosSystem { - system = "x86_64-linux"; + inherit self inputs; + + supportedSystems = [ "x86_64-linux" ]; + + hostDefaults.modules = [ + nixpkgs.nixosModules.notDetected + { + nix.generateRegistryFromInputs = true; + nix.linkInputs = true; + nix.generateNixPathFromInputs = true; + } + ]; + + hosts.loutreos.modules = [ + "${nixpkgs-unstable}/nixos/modules/services/audio/navidrome.nix" + simple-nixos-mailserver.nixosModule + dogetipbot-telegram.nixosModule + ipmihddtemp.nixosModule + ./systems/LoutreOS/configuration.nix + ]; + + hosts.paul-fixe = { + channelName = "nixpkgs-unstable"; modules = [ - ({ pkgs, ... }: { - nix.nixPath = [ - "nixpkgs=${nixpkgs-unstable}" - ]; - }) - nixpkgs-unstable.nixosModules.notDetected ./systems/PC-Fixe/configuration.nix ]; }; diff --git a/ipmihddtemp.py b/ipmihddtemp.py deleted file mode 100644 index ee7e21ff..00000000 --- a/ipmihddtemp.py +++ /dev/null @@ -1,42 +0,0 @@ -import math -import subprocess -import time -from pySMART import DeviceList - -MIN_FAN_SPEED = 30 -MAX_FAN_SPEED = 100 - -MIN_HDD_TEMP = 30 -MAX_HDD_TEMP = 50 - -devlist = DeviceList() - -# Put fans in full speed mode -subprocess.run(["ipmitool", "raw", "0x30", "0x45", "0x01", "0x01"]) - -while True: - for device in devlist: - device.update() - - # Linear fan speed between MIN_FAN_SPEED and MAX_FAN_SPEED - fan_speed = max( - min( - math.ceil( - MIN_FAN_SPEED - + ( - (MAX_FAN_SPEED - MIN_FAN_SPEED) - * ( - (max([x.temperature for x in devlist]) - MIN_HDD_TEMP) - / (MAX_HDD_TEMP - MIN_HDD_TEMP) - ) - ) - ), - MAX_FAN_SPEED, - ), - MIN_FAN_SPEED, - ) - - subprocess.run(["ipmitool", "raw", "0x30", "0x70", "0x66", "0x01", "0x00", hex(fan_speed)]) - - time.sleep(10) - diff --git a/systems/common-cli.nix b/systems/common-cli.nix index 8ab65623..756a9532 100644 --- a/systems/common-cli.nix +++ b/systems/common-cli.nix @@ -4,13 +4,6 @@ time.timeZone = "Europe/Paris"; - nix = { - package = pkgs.nixUnstable; - extraOptions = '' - experimental-features = nix-command flakes - ''; - }; - environment.systemPackages = with pkgs; [ # Editeurs (neovim.override { From 27c339615a453a2fb8cef122cad5a5c7f1bf09c9 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 3 Nov 2021 22:06:20 +0100 Subject: [PATCH 188/474] update email password --- systems/LoutreOS/services.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index ac1a373e..1770471c 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -54,7 +54,7 @@ in # mkpasswd -m sha-512 "super secret password" loginAccounts = { "paul@${domaine}" = { - hashedPassword = "$6$8wWQbtqVqUoH8$pQKg0bZPcjCbuPvyhjJ1lQy949M/AgfmAye/hDEIVUnCfwtlUxC1yj8CBHpNKeiiXhd8IUqk9r0/IJNvB6okf0"; + hashedPassword = "$6$eGmy2W7kbkfHAh$/y.ZML4eYL/v14WaVwSIG2ulkUFKFk82uBmrYBDULLtqUR8hQD3/BQIrRiBtsloxrUSja8aZ.E7ypChO.OiOI/"; }; "claire@${domaine}" = { hashedPassword = "$6$Y.vlWP9./DX$NEQQOLzYftbHOvXDkKdBYFAjzIjh8mlpomDuQRq6qkkZijrdy/p6jSbrpBLhoWwVmj4j1OWekHU1f4C9xCNJk."; From 6b4fe176b7ad98c66c317e0f2b1eb880269671de Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 9 Nov 2021 13:40:36 +0100 Subject: [PATCH 189/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/372e59d2af704bffd133cbe029f1d5efe73ba6fb' (2021-11-01) → 'github:NixOS/nixpkgs/e74894146a42ba552ebafa19ab2d1df7ccbc1738' (2021-11-08) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/b67e752c29f18a0ca5534a07661366d6a2c2e649' (2021-11-02) → 'github:NixOS/nixpkgs/c935f5e0add2cf0ae650d072c8357533e21b0c35' (2021-11-07) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 5dcdd207..f36dc7ea 100644 --- a/flake.lock +++ b/flake.lock @@ -59,11 +59,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1635806954, - "narHash": "sha256-yX/zjbIL/HdXh8a92hWJ+31gsLLv7byA1XRuPARaLro=", + "lastModified": 1636333654, + "narHash": "sha256-3wh9PtCzcaJQuZrgZ+ygKfhltkDNNqT6zOzGsRbjZEo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "372e59d2af704bffd133cbe029f1d5efe73ba6fb", + "rev": "e74894146a42ba552ebafa19ab2d1df7ccbc1738", "type": "github" }, "original": { @@ -74,11 +74,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1635844945, - "narHash": "sha256-tZcL307dj28jgEU1Wdn+zwG9neyW0H2+ZjdVhvJxh9g=", + "lastModified": 1636267212, + "narHash": "sha256-KDS173KqmqrYUPY9N4vf750GxIo+S6E0djyq2BsQm8s=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b67e752c29f18a0ca5534a07661366d6a2c2e649", + "rev": "c935f5e0add2cf0ae650d072c8357533e21b0c35", "type": "github" }, "original": { From 615cee59cc3fbda970318afc777ba32bb8edba87 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 17 Nov 2021 07:51:59 +0100 Subject: [PATCH 190/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e74894146a42ba552ebafa19ab2d1df7ccbc1738' (2021-11-08) → 'github:NixOS/nixpkgs/46251a79f752ae1d46ef733e8e9760b6d3429da4' (2021-11-15) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/c935f5e0add2cf0ae650d072c8357533e21b0c35' (2021-11-07) → 'github:NixOS/nixpkgs/931ab058daa7e4cd539533963f95e2bb0dbd41e6' (2021-11-15) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index f36dc7ea..9d80c105 100644 --- a/flake.lock +++ b/flake.lock @@ -59,11 +59,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1636333654, - "narHash": "sha256-3wh9PtCzcaJQuZrgZ+ygKfhltkDNNqT6zOzGsRbjZEo=", + "lastModified": 1636944046, + "narHash": "sha256-74KLDsiWSBsYXKj/ql9EGbw1TbIJRE7clFkhl30HV/c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e74894146a42ba552ebafa19ab2d1df7ccbc1738", + "rev": "46251a79f752ae1d46ef733e8e9760b6d3429da4", "type": "github" }, "original": { @@ -74,11 +74,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1636267212, - "narHash": "sha256-KDS173KqmqrYUPY9N4vf750GxIo+S6E0djyq2BsQm8s=", + "lastModified": 1636976544, + "narHash": "sha256-9ZmdyoRz4Qu8bP5BKR1T10YbzcB9nvCeQjOEw2cRKR0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c935f5e0add2cf0ae650d072c8357533e21b0c35", + "rev": "931ab058daa7e4cd539533963f95e2bb0dbd41e6", "type": "github" }, "original": { From b1e302361d2f0bbe3120e492cf67470c667dc645 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 22 Nov 2021 11:57:37 +0100 Subject: [PATCH 191/474] remove unused softwares --- systems/common-gui.nix | 7 ------- 1 file changed, 7 deletions(-) diff --git a/systems/common-gui.nix b/systems/common-gui.nix index dbff6b6a..9b13e826 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -8,14 +8,9 @@ qbittorrent transmission-remote-gtk - wineWowPackages.staging - (winetricks.override { - wine = wineWowPackages.staging; - }) sc-controller steam-run minecraft - multimc lutris teamspeak_client @@ -67,8 +62,6 @@ obs-studio vlc mpv - # jftui - # calibre jellyfin-mpv-shim kdenlive From cc746caaeaf703878d37f0ce9be9b8bb64eb0c83 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 22 Nov 2021 11:58:14 +0100 Subject: [PATCH 192/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/46251a79f752ae1d46ef733e8e9760b6d3429da4' (2021-11-15) → 'github:NixOS/nixpkgs/d5b65f812cd4f5a8fa74b406075b59a46f1cfd98' (2021-11-20) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/931ab058daa7e4cd539533963f95e2bb0dbd41e6' (2021-11-15) → 'github:NixOS/nixpkgs/715f63411952c86c8f57ab9e3e3cb866a015b5f2' (2021-11-17) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 9d80c105..f8bdec94 100644 --- a/flake.lock +++ b/flake.lock @@ -59,11 +59,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1636944046, - "narHash": "sha256-74KLDsiWSBsYXKj/ql9EGbw1TbIJRE7clFkhl30HV/c=", + "lastModified": 1637448181, + "narHash": "sha256-ujcXli4esmtIHUBjE1BjmMuBWrcNvlHZrVXx56i5B1M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "46251a79f752ae1d46ef733e8e9760b6d3429da4", + "rev": "d5b65f812cd4f5a8fa74b406075b59a46f1cfd98", "type": "github" }, "original": { @@ -74,11 +74,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1636976544, - "narHash": "sha256-9ZmdyoRz4Qu8bP5BKR1T10YbzcB9nvCeQjOEw2cRKR0=", + "lastModified": 1637155076, + "narHash": "sha256-26ZPNiuzlsnXpt55Q44+yzXvp385aNAfevzVEKbrU5Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "931ab058daa7e4cd539533963f95e2bb0dbd41e6", + "rev": "715f63411952c86c8f57ab9e3e3cb866a015b5f2", "type": "github" }, "original": { From ca9fab7295c5ab406c5236d0a1e6e1660b192098 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 22 Nov 2021 11:59:07 +0100 Subject: [PATCH 193/474] LoutreOS: ajout IP guirlande --- systems/LoutreOS/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 016a386a..1a76410a 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -129,6 +129,7 @@ #ESPHome { ethernetAddress = "e0:98:06:85:e9:ce"; hostName = "salonled"; ipAddress = "10.30.40.1"; } { ethernetAddress = "e0:98:06:86:38:fc"; hostName = "bureauled"; ipAddress = "10.30.40.2"; } + { ethernetAddress = "50:02:91:78:be:be"; hostName = "guirlande"; ipAddress = "10.30.40.3"; } # YeeLights { ethernetAddress = "04:cf:8c:b5:7e:18"; hostName = "yeelink-light-color3_miap7e18"; ipAddress = "10.40.249.0"; } From 630dee18590b03ab4cff40ac15338dd32b12a9a4 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 22 Nov 2021 22:14:58 +0100 Subject: [PATCH 194/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/715f63411952c86c8f57ab9e3e3cb866a015b5f2' (2021-11-17) → 'github:NixOS/nixpkgs/263ef4cc4146c9fab808085487438c625d4426a9' (2021-11-22) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index f8bdec94..cf839c88 100644 --- a/flake.lock +++ b/flake.lock @@ -74,11 +74,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1637155076, - "narHash": "sha256-26ZPNiuzlsnXpt55Q44+yzXvp385aNAfevzVEKbrU5Q=", + "lastModified": 1637595801, + "narHash": "sha256-LkIMwVFKCuEqidaUdg8uxwpESAXjsPo4oCz3eJ7RaRw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "715f63411952c86c8f57ab9e3e3cb866a015b5f2", + "rev": "263ef4cc4146c9fab808085487438c625d4426a9", "type": "github" }, "original": { From a9182a1c923b74c7d4e22539f26264e4d214282c Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 24 Nov 2021 18:43:27 +0100 Subject: [PATCH 195/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d5b65f812cd4f5a8fa74b406075b59a46f1cfd98' (2021-11-20) → 'github:NixOS/nixpkgs/09650059d7f5ae59a7f0fb2dd3bfc6d2042a74de' (2021-11-22) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/715f63411952c86c8f57ab9e3e3cb866a015b5f2' (2021-11-17) → 'github:NixOS/nixpkgs/263ef4cc4146c9fab808085487438c625d4426a9' (2021-11-22) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index f8bdec94..8daf90e2 100644 --- a/flake.lock +++ b/flake.lock @@ -59,11 +59,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1637448181, - "narHash": "sha256-ujcXli4esmtIHUBjE1BjmMuBWrcNvlHZrVXx56i5B1M=", + "lastModified": 1637615379, + "narHash": "sha256-wL5+nm7z+42IHyhc52P3aAj1Kp2fQ6C8IyPBihj7Bjg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d5b65f812cd4f5a8fa74b406075b59a46f1cfd98", + "rev": "09650059d7f5ae59a7f0fb2dd3bfc6d2042a74de", "type": "github" }, "original": { @@ -74,11 +74,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1637155076, - "narHash": "sha256-26ZPNiuzlsnXpt55Q44+yzXvp385aNAfevzVEKbrU5Q=", + "lastModified": 1637595801, + "narHash": "sha256-LkIMwVFKCuEqidaUdg8uxwpESAXjsPo4oCz3eJ7RaRw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "715f63411952c86c8f57ab9e3e3cb866a015b5f2", + "rev": "263ef4cc4146c9fab808085487438c625d4426a9", "type": "github" }, "original": { From ea9adaffcb6e50d917c7b00e829fd47256e47062 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 27 Nov 2021 18:13:45 +0100 Subject: [PATCH 196/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d5b65f812cd4f5a8fa74b406075b59a46f1cfd98' (2021-11-20) → 'github:NixOS/nixpkgs/3bea86e918d8b54aa49780505d2d4cd9261413be' (2021-11-25) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/263ef4cc4146c9fab808085487438c625d4426a9' (2021-11-22) → 'github:NixOS/nixpkgs/73369f8d0864854d1acfa7f1e6217f7d6b6e3fa1' (2021-11-25) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index cf839c88..380e6a9e 100644 --- a/flake.lock +++ b/flake.lock @@ -59,11 +59,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1637448181, - "narHash": "sha256-ujcXli4esmtIHUBjE1BjmMuBWrcNvlHZrVXx56i5B1M=", + "lastModified": 1637875414, + "narHash": "sha256-Ica++SXFuLyxX9Q7YxhfZulUif6/gwM8AEQYlUxqSgE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d5b65f812cd4f5a8fa74b406075b59a46f1cfd98", + "rev": "3bea86e918d8b54aa49780505d2d4cd9261413be", "type": "github" }, "original": { @@ -74,11 +74,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1637595801, - "narHash": "sha256-LkIMwVFKCuEqidaUdg8uxwpESAXjsPo4oCz3eJ7RaRw=", + "lastModified": 1637841632, + "narHash": "sha256-QYqiKHdda0EOnLGQCHE+GluD/Lq2EJj4hVTooPM55Ic=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "263ef4cc4146c9fab808085487438c625d4426a9", + "rev": "73369f8d0864854d1acfa7f1e6217f7d6b6e3fa1", "type": "github" }, "original": { From ae9c6a528b12473059bf113cd4d74a6d0145b5b3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 28 Nov 2021 17:23:01 +0100 Subject: [PATCH 197/474] add amandoleen backup --- systems/LoutreOS/services.nix | 5 +++++ systems/LoutreOS/users.nix | 1 + 2 files changed, 6 insertions(+) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 1770471c..811b9ce4 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -274,6 +274,11 @@ in path = "/mnt/backup_loutre/minecraft_rezome"; user = "rezome"; }; + amandoleen = { + authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDPio7GmYEZLGSHOsUBV91E3brXVLbGVjGWtfMOzO0X4BRN/3sgNPvnDxjtKtRX6VwHVOnfzYFBYtL9aoMlT8r+aegwpNv75i26f1KXwIY3OCgmMhsn/ZLNuDJPUxlsMU360kYcrXtpD2uS1m3MZrupzfWptFnMBTyksFbgdIA75kbwZCXK1pKRJqTyM9mM21gzbOD6CXHE6M96ab0OEw5t1xb379zB2/x36ihcT18a2rGDJUw6PoDiR4w5bz1Ji7rGO+tuHdmahe+0iws5eU9XNuVSVOvVxeszgfVnwc7WCUhV7nCNogWyng/hpAXZExgpli5meiv99Tv1CDimy7BRe1nmu2bztAivz8kdUKd5oSMLAkVHuCxD6omAPMUDX26yOf8nXh50CAxtPlDfnKy4aGCCnNP0HH9tgkFSMvjR6JNcPyTGATWW5p1zehOA5qady2ZVP39YuDOa1N5dLt0yVcX7e2sRbVreMkwJ9AIUVGYClOiyqzwq51iSLrUq+BkUzIeR9E5p1+LQpMhoZ+lIUtvpWjbRp+gAXgbnAbRuAjemEDBTTIdjAZgrnO4ybteyZbJgEF1ItnIcQzTlCF9fsIZrgexuiC1VPj1gkVgh20j4Qh1Qt7eAltRm4PWE6//l2B0wVtHIpanHuvWrVY1qe3ddNHZKkuoLVu302T474w== paul@paul-fixe" ]; + path = "/mnt/backup_loutre/amandoleen"; + user = "amandoleen"; + }; }; sdtdserver.enable = false; diff --git a/systems/LoutreOS/users.nix b/systems/LoutreOS/users.nix index d7def68f..3bac8e3b 100644 --- a/systems/LoutreOS/users.nix +++ b/systems/LoutreOS/users.nix @@ -26,6 +26,7 @@ amandoleen = { isNormalUser = true; + isSystemUser = lib.mkForce false; description = "Amandine <3"; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRu0M10AfF2nS8Ky9JzQ4cDRbcjmR+LLvENohxTJhW4xwAwN/f2I0ObbiJ5PHC3mXi8V5JqnSaYNdIMXuULDxxc1QEa0aeLw4xIrYw1wEOrHvL9DeYvS289sRgWSb/PvyejEHwcBBm4Xf0/nQNQF462C064Ms56cT3YAOhNBA7ubyCAqd0VW8RHc1mZ5b/owzM7SviXrpcIM5QDPVP2051SxrqGbunAnwe5x2kNDeYqicyIik61rpYe+erhkyvL3WdgC7mHnF8VPKx049zIsfK5UmJwI+rI24cDUT9E6B4XZttpdyJK6i7/6NSYm4nrMXQxCF1tofd5yZK5vpYH8Dyiic5ykhB57kr1QCmck70VMmt77uOoMeGZ+IJCY5oZYcR/n04mUwN9mmRsECcr17a8IDQkmPd8PNbjrNRgtVKDVLtw4HyOPCAfdH+XzEGiMxnZfzq0rLEYU3S4RAkLpe2W3C0fWniEWzSnXj76AGcyJcxIVzrIYg4uzTgNhZlb08vO1ytw9QaEY17Po5YFjBD8fT9Z0UijG3WQBm7AmSrcg/OLP6UOghbnlkZFYpC0hYcbX1sTfdfysw9kT/d8BImQvwBzmJ/YRqHmCejZGTkCCmw8i93EYFm3uVFZypcSe50JV9rx9P7yPtWS4QVOg/6ltlvJiGsz45P87qjA9nO/Q== amandoleen" From 4947274929c1d56bc788cb1ea9aab92508c085e5 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 2 Dec 2021 08:20:17 +0100 Subject: [PATCH 198/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/4f37689c8a219a9d756c5ff38525ad09349f422f' (2021-11-27) → 'github:NixOS/nixpkgs/2553aee74fed8c2205a4aeb3ffd206ca14ede60f' (2021-11-29) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/73369f8d0864854d1acfa7f1e6217f7d6b6e3fa1' (2021-11-25) → 'github:NixOS/nixpkgs/6daa4a5c045d40e6eae60a3b6e427e8700f1c07f' (2021-12-01) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 1c46158b..3e55b277 100644 --- a/flake.lock +++ b/flake.lock @@ -59,11 +59,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1637973395, - "narHash": "sha256-wp/QgsnnKJAIMZeQgJT1bWQ/OutZ+80lHwtpYAUWDfE=", + "lastModified": 1638196344, + "narHash": "sha256-fkOqSkfOkl8tqxDd+zJU4kAgyLXp/ouaP+U9gpjEZZs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4f37689c8a219a9d756c5ff38525ad09349f422f", + "rev": "2553aee74fed8c2205a4aeb3ffd206ca14ede60f", "type": "github" }, "original": { @@ -74,11 +74,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1637841632, - "narHash": "sha256-QYqiKHdda0EOnLGQCHE+GluD/Lq2EJj4hVTooPM55Ic=", + "lastModified": 1638376152, + "narHash": "sha256-ucgLpVqhFnClH7YRUHBHnmiOd82RZdFR3XJt36ks5fE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "73369f8d0864854d1acfa7f1e6217f7d6b6e3fa1", + "rev": "6daa4a5c045d40e6eae60a3b6e427e8700f1c07f", "type": "github" }, "original": { From 5d7dbf7c6d5ac2cb21ddc223e4467759b9d5804c Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 3 Dec 2021 20:15:46 +0100 Subject: [PATCH 199/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/2553aee74fed8c2205a4aeb3ffd206ca14ede60f' (2021-11-29) → 'github:NixOS/nixpkgs/43cdc5b364511eabdcad9fde639777ffd9e5bab1' (2021-12-02) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 3e55b277..0593b281 100644 --- a/flake.lock +++ b/flake.lock @@ -59,11 +59,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1638196344, - "narHash": "sha256-fkOqSkfOkl8tqxDd+zJU4kAgyLXp/ouaP+U9gpjEZZs=", + "lastModified": 1638452135, + "narHash": "sha256-5Il6hgrTgcWIsB7zug0yDFccYXx7pJCw8cwJdXMuLfM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2553aee74fed8c2205a4aeb3ffd206ca14ede60f", + "rev": "43cdc5b364511eabdcad9fde639777ffd9e5bab1", "type": "github" }, "original": { From 8e98daf0bee404ae424d328a58ef486f7edf9694 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 3 Dec 2021 20:58:05 +0100 Subject: [PATCH 200/474] paul-fixe: switch audio TV --- systems/PC-Fixe/configuration.nix | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index bbe8de09..9b92f8f4 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -211,9 +211,9 @@ ''; systemd = let - DP0Config = "--mode 3440x1440 --rate 144"; - DP2Config = "--auto --left-of DP-0"; - HDMIConfig = "--auto --left-of DP-0"; + DP0Config = "--output DP-0 --mode 3440x1440 --rate 144"; + DP2Config = "--output DP-2 --auto --left-of DP-0"; + HDMIConfig = "--output HDMI-0 --auto --left-of DP-0"; in { services = { wol = { @@ -233,9 +233,10 @@ "enableTV" = { description = "Enable TV output"; script = '' - ${pkgs.xorg.xrandr}/bin/xrandr --output DP-0 --mode 3440x1440 --rate 144 --primary + ${pkgs.xorg.xrandr}/bin/xrandr ${DP0Config} --primary /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-0: 3440x1440_144 { AllowGSYNCCompatible=On }" - ${pkgs.xorg.xrandr}/bin/xrandr --output HDMI-0 ${HDMIConfig} + ${pkgs.xorg.xrandr}/bin/xrandr ${HDMIConfig} + ${pkgs.pipewire}/bin/pw-cli s 43 Profile '{ index: 1 }' ''; conflicts = ["CSMode.service"]; serviceConfig.Type = "oneshot"; @@ -243,9 +244,10 @@ "primaryTV" = { description = "Set TV output as primary"; script = '' - ${pkgs.xorg.xrandr}/bin/xrandr --output DP-0 --mode 3440x1440 --rate 144 + ${pkgs.xorg.xrandr}/bin/xrandr ${DP0Config} /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-0: 3440x1440_144 { AllowGSYNCCompatible=On }" - ${pkgs.xorg.xrandr}/bin/xrandr --output HDMI-0 --primary ${HDMIConfig} + ${pkgs.xorg.xrandr}/bin/xrandr ${HDMIConfig} --primary + ${pkgs.pipewire}/bin/pw-cli s 43 Profile '{ index: 1 }' ''; conflicts = ["CSMode.service"]; serviceConfig.Type = "oneshot"; @@ -253,7 +255,7 @@ "FreeSyncMode" = { description = "Enable FreeSync screen only"; script = '' - ${pkgs.xorg.xrandr}/bin/xrandr --output DP-0 --mode 3440x1440 --rate 144 + ${pkgs.xorg.xrandr}/bin/xrandr ${DP0Config} /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-0: 3440x1440_144 { AllowGSYNCCompatible=On }" ${pkgs.xorg.xrandr}/bin/xrandr --output HDMI-0 --off ''; @@ -263,7 +265,7 @@ "CSMode" = { description = "Enable 4:3 black bars"; script = '' - ${pkgs.xorg.xrandr}/bin/xrandr --output DP-0 --mode 3440x1440 --rate 144 --primary + ${pkgs.xorg.xrandr}/bin/xrandr ${DP0Config} --primary /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-0: 3440x1440_144 { ViewPortIn=3440x1440, ViewPortOut=1920x1440+760+0, AllowGSYNCCompatible=On }" ${pkgs.xorg.xrandr}/bin/xrandr --output HDMI-0 --off ''; From a695f2a0b63414eeb903d509051c90b7acb2e2bd Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 3 Dec 2021 20:59:48 +0100 Subject: [PATCH 201/474] nixpkgs: update to 21.11 --- flake.lock | 8 ++++---- flake.nix | 11 +++++++++-- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 0593b281..264ace89 100644 --- a/flake.lock +++ b/flake.lock @@ -59,16 +59,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1638452135, - "narHash": "sha256-5Il6hgrTgcWIsB7zug0yDFccYXx7pJCw8cwJdXMuLfM=", + "lastModified": 1638371214, + "narHash": "sha256-0kE6KhgH7n0vyuX4aUoGsGIQOqjIx2fJavpCWtn73rc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "43cdc5b364511eabdcad9fde639777ffd9e5bab1", + "rev": "a640d8394f34714578f3e6335fc767d0755d78f9", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-21.05", + "ref": "nixos-21.11", "type": "indirect" } }, diff --git a/flake.nix b/flake.nix index 4f6e88b2..eca4f474 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,6 @@ { inputs = { - nixpkgs.url = "flake:nixpkgs/nixos-21.05"; + nixpkgs.url = "flake:nixpkgs/nixos-21.11"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; utils.url = "github:gytis-ivaskevicius/flake-utils-plus/1.3.0"; simple-nixos-mailserver = { @@ -23,6 +23,14 @@ supportedSystems = [ "x86_64-linux" ]; + channels.nixpkgs.patches = [ + (nixpkgs.legacyPackages."x86_64-linux".fetchpatch { + name = "fix-homeassistant.patch"; + url = "https://github.com/NixOS/nixpkgs/commit/8e87ea556605e6947d1edb7cd81e58814eeadcae.patch"; + sha256 = "sha256-au5JwwmdRBsbiG9H8nh5n56QVZUFajx1ALMtzu+Nfq0="; + }) + ]; + hostDefaults.modules = [ nixpkgs.nixosModules.notDetected { @@ -33,7 +41,6 @@ ]; hosts.loutreos.modules = [ - "${nixpkgs-unstable}/nixos/modules/services/audio/navidrome.nix" simple-nixos-mailserver.nixosModule dogetipbot-telegram.nixosModule ipmihddtemp.nixosModule From 338fe536dd9d07455937628ebccfd29bd0ea2bbc Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 3 Dec 2021 21:45:47 +0100 Subject: [PATCH 202/474] nixpkgs: patch jellyfin ffmpeg --- flake.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/flake.nix b/flake.nix index 4f6e88b2..28be3f70 100644 --- a/flake.nix +++ b/flake.nix @@ -23,6 +23,14 @@ supportedSystems = [ "x86_64-linux" ]; + channels.nixpkgs.patches = [ + (nixpkgs.legacyPackages."x86_64-linux".fetchpatch { + name = "jellyfin-ffmpeg.patch"; + url = "https://github.com/NixOS/nixpkgs/compare/master...nyanloutre:jellyfin-ffmpeg-init.patch"; + sha256 = "sha256-ecKrQ9EM35IFd0vbelGhapUuMYR+RTVu4KPHI81rlZM="; + }) + ]; + hostDefaults.modules = [ nixpkgs.nixosModules.notDetected { From ac6ff0f2a153438ae63bcdeb067b061934a719dd Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 3 Dec 2021 21:46:30 +0100 Subject: [PATCH 203/474] update flake utils --- flake.lock | 14 +++++++------- flake.nix | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index 0593b281..414d27a9 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1629481132, - "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=", + "lastModified": 1638122382, + "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", "owner": "numtide", "repo": "flake-utils", - "rev": "997f7efcb746a9c140ce1f13c72263189225f482", + "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", "type": "github" }, "original": { @@ -139,16 +139,16 @@ "flake-utils": "flake-utils" }, "locked": { - "lastModified": 1630860118, - "narHash": "sha256-JwLcC/zRR6ypk4/Ks7plWBvThYoLhURaH2zvjuWVmyA=", + "lastModified": 1638172912, + "narHash": "sha256-jxhQGNEsZTdop/Br3JPS+xmBf6t9cIWRzVZFxbT76Rw=", "owner": "gytis-ivaskevicius", "repo": "flake-utils-plus", - "rev": "813281281363ec45af155c8d2ceb7c5132d4de45", + "rev": "166d6ebd9f0de03afc98060ac92cba9c71cfe550", "type": "github" }, "original": { "owner": "gytis-ivaskevicius", - "ref": "1.3.0", + "ref": "v1.3.1", "repo": "flake-utils-plus", "type": "github" } diff --git a/flake.nix b/flake.nix index 28be3f70..7816c3ab 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ inputs = { nixpkgs.url = "flake:nixpkgs/nixos-21.05"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; - utils.url = "github:gytis-ivaskevicius/flake-utils-plus/1.3.0"; + utils.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.3.1"; simple-nixos-mailserver = { url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.05"; inputs.nixpkgs.follows = "nixpkgs"; From 9ef9facd65235a4e9f41ff1df159bf65c8ef876e Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 3 Dec 2021 21:55:08 +0100 Subject: [PATCH 204/474] Revert "nixpkgs: patch jellyfin ffmpeg" This reverts commit 338fe536dd9d07455937628ebccfd29bd0ea2bbc. --- flake.nix | 8 -------- 1 file changed, 8 deletions(-) diff --git a/flake.nix b/flake.nix index 7816c3ab..cc3bc1e7 100644 --- a/flake.nix +++ b/flake.nix @@ -23,14 +23,6 @@ supportedSystems = [ "x86_64-linux" ]; - channels.nixpkgs.patches = [ - (nixpkgs.legacyPackages."x86_64-linux".fetchpatch { - name = "jellyfin-ffmpeg.patch"; - url = "https://github.com/NixOS/nixpkgs/compare/master...nyanloutre:jellyfin-ffmpeg-init.patch"; - sha256 = "sha256-ecKrQ9EM35IFd0vbelGhapUuMYR+RTVu4KPHI81rlZM="; - }) - ]; - hostDefaults.modules = [ nixpkgs.nixosModules.notDetected { From 0b6d80375d43bd0dab15fddf548a3d75bf229b1d Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 16 Dec 2021 19:03:14 +0100 Subject: [PATCH 205/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/a640d8394f34714578f3e6335fc767d0755d78f9' (2021-12-01) → 'github:NixOS/nixpkgs/573095944e7c1d58d30fc679c81af63668b54056' (2021-12-10) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/6daa4a5c045d40e6eae60a3b6e427e8700f1c07f' (2021-12-01) → 'github:NixOS/nixpkgs/a2e281f5770247855b85d70c43454ba5bff34613' (2021-12-14) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 80668031..9c9184f4 100644 --- a/flake.lock +++ b/flake.lock @@ -59,11 +59,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1638371214, - "narHash": "sha256-0kE6KhgH7n0vyuX4aUoGsGIQOqjIx2fJavpCWtn73rc=", + "lastModified": 1639161226, + "narHash": "sha256-75Y08ynJDTq6HHGIF+8IADBJSVip0UyWQH7jqSFnRR8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a640d8394f34714578f3e6335fc767d0755d78f9", + "rev": "573095944e7c1d58d30fc679c81af63668b54056", "type": "github" }, "original": { @@ -74,11 +74,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1638376152, - "narHash": "sha256-ucgLpVqhFnClH7YRUHBHnmiOd82RZdFR3XJt36ks5fE=", + "lastModified": 1639525045, + "narHash": "sha256-z4GXFNzO+5V4CAUm2DDMAryLOWUKEbQif2ifvv1Ypg4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6daa4a5c045d40e6eae60a3b6e427e8700f1c07f", + "rev": "a2e281f5770247855b85d70c43454ba5bff34613", "type": "github" }, "original": { From 3621316c1cd6c7a489a08d902b76e6ca1997a247 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 16 Dec 2021 19:07:11 +0100 Subject: [PATCH 206/474] remove merged nixpkgs patch --- flake.nix | 8 -------- 1 file changed, 8 deletions(-) diff --git a/flake.nix b/flake.nix index 76ae1d04..fe76ddcd 100644 --- a/flake.nix +++ b/flake.nix @@ -23,14 +23,6 @@ supportedSystems = [ "x86_64-linux" ]; - channels.nixpkgs.patches = [ - (nixpkgs.legacyPackages."x86_64-linux".fetchpatch { - name = "fix-homeassistant.patch"; - url = "https://github.com/NixOS/nixpkgs/commit/8e87ea556605e6947d1edb7cd81e58814eeadcae.patch"; - sha256 = "sha256-au5JwwmdRBsbiG9H8nh5n56QVZUFajx1ALMtzu+Nfq0="; - }) - ]; - hostDefaults.modules = [ nixpkgs.nixosModules.notDetected { From 3291583f6a3caa250fe1ef8d114748c4862c2681 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 16 Dec 2021 19:07:30 +0100 Subject: [PATCH 207/474] rename obsolete transmission option --- systems/LoutreOS/medias.nix | 2 +- systems/LoutreOS/web.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index 98685c98..b4fd57ed 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -5,10 +5,10 @@ transmission = { enable = true; home = "/var/lib/transmission"; - port = 9091; group = "medias"; settings = { rpc-bind-address = "127.0.0.1"; + rpc-port = 9091; rpc-host-whitelist = "*"; rpc-whitelist-enabled = false; peer-port = 51413; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 99ffe8ed..7828feaa 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -224,7 +224,7 @@ in }; "login.nyanlout.re" = simpleReverse config.services.nginx.sso.configuration.listen.port; "grafana.nyanlout.re" = authReverse config.services.grafana.port; - "transmission.nyanlout.re" = authReverse config.services.transmission.port; + "transmission.nyanlout.re" = authReverse config.services.transmission.settings.rpc-port; "radarr.nyanlout.re" = authReverse 7878; "sonarr.nyanlout.re" = authReverse 8989; "syncthing.nyanlout.re" = authReverse 8384; From 19d440a00d73767e88db10c5f50e62cd8ef8c81a Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 16 Dec 2021 19:07:52 +0100 Subject: [PATCH 208/474] allow paul user to use cachix --- systems/LoutreOS/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 1a76410a..5d42fee2 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -12,6 +12,8 @@ ./services.nix ]; + nix.trustedUsers = [ "root" "paul" ]; + boot = { loader = { systemd-boot.enable = true; From bbe8ad4e0520110545efae27be5f4256257ddd3d Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 16 Dec 2021 20:17:40 +0100 Subject: [PATCH 209/474] switch to networkd --- systems/LoutreOS/configuration.nix | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 5d42fee2..8f30b397 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -46,16 +46,8 @@ hostName = "loutreos"; # Define your hostname. hostId = "7e66e347"; - dhcpcd = { - persistent = true; - extraConfig = '' - interface bouyges - metric 10 - noarp - interface enp0s21u2 - metric 999 - ''; - }; + useNetworkd = true; + useDHCP = false; vlans = { bouyges = { @@ -69,10 +61,10 @@ }; interfaces = { - eno1.useDHCP = false; bouyges = { # Adresse MAC BBox ? https://lafibre.info/remplacer-bbox/informations-de-connexion-ftth/msg598303/#msg598303 macAddress = "E8:AD:A6:21:73:68"; + useDHCP = true; }; eno2 = { ipv4.addresses = [ From 8f5fec46379d07ffb530ec25ce0f17301f5b5ed5 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 20 Dec 2021 08:33:43 +0100 Subject: [PATCH 210/474] rename bouygues interface --- systems/LoutreOS/configuration.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 8f30b397..67eb71ce 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -50,7 +50,7 @@ useDHCP = false; vlans = { - bouyges = { + bouygues = { id = 100; interface = "eno1"; }; @@ -61,7 +61,7 @@ }; interfaces = { - bouyges = { + bouygues = { # Adresse MAC BBox ? https://lafibre.info/remplacer-bbox/informations-de-connexion-ftth/msg598303/#msg598303 macAddress = "E8:AD:A6:21:73:68"; useDHCP = true; @@ -78,10 +78,10 @@ }; }; - # NAT bouyges <-> eno2 + # NAT bouygues <-> eno2 nat = { enable = true; - externalInterface = "bouyges"; + externalInterface = "bouygues"; # Permet d'utiliser le SNAT plus rapide au lieu de MASQUERADE # externalIP = "0.0.0.0"; internalIPs = [ "10.30.0.0/16" "10.40.0.0/16" ]; From 51404a9f90e0ae908e370224a726448ba0e149ae Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 20 Dec 2021 08:34:21 +0100 Subject: [PATCH 211/474] set DHCP parameters --- systems/LoutreOS/configuration.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 67eb71ce..90280ff6 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -76,6 +76,7 @@ { address = "10.40.0.1"; prefixLength = 16; } ]; }; + enp0s21u2.useDHCP = true; }; # NAT bouygues <-> eno2 @@ -110,6 +111,11 @@ }; }; + systemd.network.networks = { + "40-bouygues".dhcpV4Config.RouteMetric = 1; + "40-enp0s21u2".dhcpV4Config.RouteMetric = 1024; + }; + services.dhcpd4 = { enable = true; interfaces = [ "eno2" "chinoiseries" ]; From 1383b829ad8a45c9284f624876d92ce7fe5ed422 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 20 Dec 2021 08:34:45 +0100 Subject: [PATCH 212/474] fix dhcp service --- systems/LoutreOS/configuration.nix | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 90280ff6..62e1c557 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -122,9 +122,7 @@ machines = [ { ethernetAddress = "50:c7:bf:b6:b8:ef"; hostName = "HS110"; ipAddress = "10.30.50.7"; } { ethernetAddress = "ac:1f:6b:4b:01:15"; hostName = "IPMI"; ipAddress = "10.30.1.1"; } - { ethernetAddress = "00:1f:c6:6e:d1:f1"; hostName = "minecraftos"; ipAddress = "10.30.135.35"; } - { ethernetAddress = "b4:2e:99:ed:24:26"; hostName = "paul-fixe"; ipAddress = "10.30.135.71"; } - { ethernetAddress = "20:47:da:fc:19:98"; hostName = "telephone-nyan"; ipAddress = "10.30.50.2"; } + { ethernetAddress = "b4:2e:99:ed:24:26"; hostName = "paul-fixe"; ipAddress = "10.30.50.1"; } #ESPHome { ethernetAddress = "e0:98:06:85:e9:ce"; hostName = "salonled"; ipAddress = "10.30.40.1"; } @@ -141,11 +139,11 @@ option subnet-mask 255.255.0.0; subnet 10.30.0.0 netmask 255.255.0.0 { option routers 10.30.0.1; - range 10.30.50.0 10.30.250.0; + range 10.30.100.0 10.30.200.0; } subnet 10.40.0.0 netmask 255.255.0.0 { option routers 10.40.0.1; - range 10.40.50.0 10.40.250.0; + range 10.40.100.0 10.40.200.0; } ''; }; From 9ec5fed7b6a5f29e7f79c79364dc7e25d577d901 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 20 Dec 2021 08:35:30 +0100 Subject: [PATCH 213/474] disable pgmanage service --- systems/LoutreOS/web.nix | 9 --------- 1 file changed, 9 deletions(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 7828feaa..a8804379 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -229,7 +229,6 @@ in "sonarr.nyanlout.re" = authReverse 8989; "syncthing.nyanlout.re" = authReverse 8384; "jackett.nyanlout.re" = authReverse 9117; - "pgmanage.nyanlout.re" = authReverse config.services.pgmanage.port; "matrix.nyanlout.re" = simpleReverse 8008; "emby.nyanlout.re" = recursiveUpdate (simpleReverse 8096) { locations."/" = { @@ -306,14 +305,6 @@ in }; }; - pgmanage = { - enable = true; - port = 10006; - connections = { - localhost = "hostaddr=127.0.0.1 port=5432 dbname=postgres"; - }; - }; - gitea = { enable = true; cookieSecure = true; From 7de8b4703b72e40240c53515f565bc03b6aa11fd Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 20 Dec 2021 08:37:05 +0100 Subject: [PATCH 214/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/573095944e7c1d58d30fc679c81af63668b54056' (2021-12-10) → 'github:NixOS/nixpkgs/e6377ff35544226392b49fa2cf05590f9f0c4b43' (2021-12-19) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/a2e281f5770247855b85d70c43454ba5bff34613' (2021-12-14) → 'github:NixOS/nixpkgs/395879c28386e1abf20c7ecacd45880759548391' (2021-12-19) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 9c9184f4..188dc448 100644 --- a/flake.lock +++ b/flake.lock @@ -59,11 +59,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1639161226, - "narHash": "sha256-75Y08ynJDTq6HHGIF+8IADBJSVip0UyWQH7jqSFnRR8=", + "lastModified": 1639891440, + "narHash": "sha256-FJxa6ObwOQKZy3VhwN5bJRzX+MV/Yq9WLHK/4jlPKrs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "573095944e7c1d58d30fc679c81af63668b54056", + "rev": "e6377ff35544226392b49fa2cf05590f9f0c4b43", "type": "github" }, "original": { @@ -74,11 +74,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1639525045, - "narHash": "sha256-z4GXFNzO+5V4CAUm2DDMAryLOWUKEbQif2ifvv1Ypg4=", + "lastModified": 1639876010, + "narHash": "sha256-naGsoUfsY92NaIGiFI8XFXBnesw8BQGe694xcfaLMDI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a2e281f5770247855b85d70c43454ba5bff34613", + "rev": "395879c28386e1abf20c7ecacd45880759548391", "type": "github" }, "original": { From fc084ab29b62bfa5d787a3df3cc0c7f01b3555d0 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 20 Dec 2021 08:42:52 +0100 Subject: [PATCH 215/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/5675b122a947b40e551438df6a623efad19fd2e7' (2021-06-06) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/6e3a7b2ea6f0d68b82027b988aa25d3423787303' (2021-12-07) • Added input 'simple-nixos-mailserver/blobs': 'gitlab:simple-nixos-mailserver/blobs/2cccdf1ca48316f2cfd1c9a0017e8de5a7156265' (2020-11-10) • Added input 'simple-nixos-mailserver/nixpkgs-21_05': 'github:NixOS/nixpkgs/c06613c25df3fe1dd26243847a3c105cf6770627' (2021-07-07) • Added input 'simple-nixos-mailserver/nixpkgs-21_11': 'github:NixOS/nixpkgs/a640d8394f34714578f3e6335fc767d0755d78f9' (2021-12-01) --- flake.lock | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 53 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 188dc448..219d3c31 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,21 @@ { "nodes": { + "blobs": { + "flake": false, + "locked": { + "lastModified": 1604995301, + "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=", + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "type": "gitlab" + } + }, "dogetipbot-telegram": { "inputs": { "nixpkgs": [ @@ -72,6 +88,36 @@ "type": "indirect" } }, + "nixpkgs-21_05": { + "locked": { + "lastModified": 1625692408, + "narHash": "sha256-e9L3TLLDVIJpMnHtiNHJE62oOh6emRtSZ244bgYJUZs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c06613c25df3fe1dd26243847a3c105cf6770627", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-21.05", + "type": "indirect" + } + }, + "nixpkgs-21_11": { + "locked": { + "lastModified": 1638371214, + "narHash": "sha256-0kE6KhgH7n0vyuX4aUoGsGIQOqjIx2fJavpCWtn73rc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a640d8394f34714578f3e6335fc767d0755d78f9", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-21.11", + "type": "indirect" + } + }, "nixpkgs-unstable": { "locked": { "lastModified": 1639876010, @@ -99,22 +145,25 @@ }, "simple-nixos-mailserver": { "inputs": { + "blobs": "blobs", "nixpkgs": [ "nixpkgs" ], + "nixpkgs-21_05": "nixpkgs-21_05", + "nixpkgs-21_11": "nixpkgs-21_11", "utils": "utils" }, "locked": { - "lastModified": 1622967674, - "narHash": "sha256-8RLe6Rqy2rKR/PGDMg/EVsWihsO+DQe/RYmlXdRZkLs=", + "lastModified": 1638911354, + "narHash": "sha256-hNhzLOp+dApEY15vwLAQZu+sjEQbJcOXCaSfAT6lpsQ=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "5675b122a947b40e551438df6a623efad19fd2e7", + "rev": "6e3a7b2ea6f0d68b82027b988aa25d3423787303", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-21.05", + "ref": "nixos-21.11", "repo": "nixos-mailserver", "type": "gitlab" } From d7936bda8e4accef57768ed027d4734819a61d52 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 20 Dec 2021 08:45:02 +0100 Subject: [PATCH 216/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'simple-nixos-mailserver/nixpkgs': follows 'nixpkgs' → follows 'nixpkgs-unstable' • Updated input 'simple-nixos-mailserver/nixpkgs-21_11': 'github:NixOS/nixpkgs/a640d8394f34714578f3e6335fc767d0755d78f9' (2021-12-01) → follows 'nixpkgs' --- flake.lock | 21 ++++----------------- 1 file changed, 4 insertions(+), 17 deletions(-) diff --git a/flake.lock b/flake.lock index 219d3c31..f94c915c 100644 --- a/flake.lock +++ b/flake.lock @@ -103,21 +103,6 @@ "type": "indirect" } }, - "nixpkgs-21_11": { - "locked": { - "lastModified": 1638371214, - "narHash": "sha256-0kE6KhgH7n0vyuX4aUoGsGIQOqjIx2fJavpCWtn73rc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "a640d8394f34714578f3e6335fc767d0755d78f9", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-21.11", - "type": "indirect" - } - }, "nixpkgs-unstable": { "locked": { "lastModified": 1639876010, @@ -147,10 +132,12 @@ "inputs": { "blobs": "blobs", "nixpkgs": [ - "nixpkgs" + "nixpkgs-unstable" ], "nixpkgs-21_05": "nixpkgs-21_05", - "nixpkgs-21_11": "nixpkgs-21_11", + "nixpkgs-21_11": [ + "nixpkgs" + ], "utils": "utils" }, "locked": { From 289277f4a408afd510f6cf92bdc440fb974dcf01 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 20 Dec 2021 08:45:45 +0100 Subject: [PATCH 217/474] update mailserver module --- flake.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index fe76ddcd..1a97e1fc 100644 --- a/flake.nix +++ b/flake.nix @@ -4,8 +4,11 @@ nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; utils.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.3.1"; simple-nixos-mailserver = { - url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.05"; - inputs.nixpkgs.follows = "nixpkgs"; + url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.11"; + inputs = { + nixpkgs.follows = "nixpkgs-unstable"; + nixpkgs-21_11.follows = "nixpkgs"; + }; }; dogetipbot-telegram = { url = "gitlab:nyanloutre/dogetipbot-telegram/master"; From 8ebf479dc1238c3bc25da7412dab53237f6ca51d Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 22 Dec 2021 22:54:44 +0100 Subject: [PATCH 218/474] prevent bouygues interface unset on switch --- systems/LoutreOS/configuration.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 62e1c557..cf299f56 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -112,7 +112,10 @@ }; systemd.network.networks = { - "40-bouygues".dhcpV4Config.RouteMetric = 1; + "40-bouygues" = { + dhcpV4Config.RouteMetric = 1; + networkConfig.KeepConfiguration = "dhcp-on-stop"; + }; "40-enp0s21u2".dhcpV4Config.RouteMetric = 1024; }; From 4edc552df2ec8f091acf8b9f637a19eebdc2f5ab Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 22 Dec 2021 22:55:01 +0100 Subject: [PATCH 219/474] allow access to rspamd web UI --- systems/LoutreOS/services.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 811b9ce4..0cffabc6 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -87,7 +87,7 @@ in }; rspamd.workers.controller.extraConfig = '' - secure_ip = ["127.0.0.1", "10.30.135.71"]; + secure_ip = ["0.0.0.0/0"]; ''; redis.enable = true; From e3fb937c8af0fa2575a760121de2de72360837ca Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 22 Dec 2021 22:55:44 +0100 Subject: [PATCH 220/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e6377ff35544226392b49fa2cf05590f9f0c4b43' (2021-12-19) → 'github:NixOS/nixpkgs/9ab7d12287ced0e1b4c03b61c781901f178d9d77' (2021-12-21) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/395879c28386e1abf20c7ecacd45880759548391' (2021-12-19) → 'github:NixOS/nixpkgs/81cef6b70fb5d5cdba5a0fef3f714c2dadaf0d6d' (2021-12-22) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index f94c915c..7b4f4606 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1639891440, - "narHash": "sha256-FJxa6ObwOQKZy3VhwN5bJRzX+MV/Yq9WLHK/4jlPKrs=", + "lastModified": 1640077788, + "narHash": "sha256-YMSDk3hlucJTTARaHNOeQEF6zEW3A/x4sXgrz94VbS0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e6377ff35544226392b49fa2cf05590f9f0c4b43", + "rev": "9ab7d12287ced0e1b4c03b61c781901f178d9d77", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1639876010, - "narHash": "sha256-naGsoUfsY92NaIGiFI8XFXBnesw8BQGe694xcfaLMDI=", + "lastModified": 1640139330, + "narHash": "sha256-Nkp3wUOGwtoQ7EH28RLVJ7EqB/e0TU7VcsM7GLy+SdY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "395879c28386e1abf20c7ecacd45880759548391", + "rev": "81cef6b70fb5d5cdba5a0fef3f714c2dadaf0d6d", "type": "github" }, "original": { From f3b7285d13cc69125ef4a3d1e506b2fa6aa9a353 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 28 Dec 2021 22:56:26 +0100 Subject: [PATCH 221/474] paul-fixe: enable cachix --- systems/PC-Fixe/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 9b92f8f4..cd1454de 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -12,6 +12,8 @@ ../common-gui.nix ]; + nix.trustedUsers = [ "root" "paul" ]; + boot.loader.efi.canTouchEfiVariables = true; boot.loader.grub = { efiSupport = true; From d38f7a3ad055588a875a13513086b7f5bd39d0aa Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 28 Dec 2021 22:56:56 +0100 Subject: [PATCH 222/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/9ab7d12287ced0e1b4c03b61c781901f178d9d77' (2021-12-21) → 'github:NixOS/nixpkgs/d887ac7aee92e8fc54dde9060d60d927afae9d69' (2021-12-27) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/81cef6b70fb5d5cdba5a0fef3f714c2dadaf0d6d' (2021-12-22) → 'github:NixOS/nixpkgs/ac169ec6371f0d835542db654a65e0f2feb07838' (2021-12-26) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 7b4f4606..e2fa1124 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1640077788, - "narHash": "sha256-YMSDk3hlucJTTARaHNOeQEF6zEW3A/x4sXgrz94VbS0=", + "lastModified": 1640572776, + "narHash": "sha256-pWMTubBy1Ep31iuQ5lEKW2mjSHWEvcbvy9uHVch2764=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9ab7d12287ced0e1b4c03b61c781901f178d9d77", + "rev": "d887ac7aee92e8fc54dde9060d60d927afae9d69", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1640139330, - "narHash": "sha256-Nkp3wUOGwtoQ7EH28RLVJ7EqB/e0TU7VcsM7GLy+SdY=", + "lastModified": 1640540585, + "narHash": "sha256-cCmknKFjWgam9jq+58wSd0Z4REia8mjBP65kXcL3ki8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "81cef6b70fb5d5cdba5a0fef3f714c2dadaf0d6d", + "rev": "ac169ec6371f0d835542db654a65e0f2feb07838", "type": "github" }, "original": { From 0e9a87ec8ec13c570dedb5c8d3d002c320323b5f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 30 Dec 2021 20:41:12 +0100 Subject: [PATCH 223/474] fix python CI --- services/python-ci.py | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/services/python-ci.py b/services/python-ci.py index 825f4022..950cf446 100755 --- a/services/python-ci.py +++ b/services/python-ci.py @@ -13,6 +13,8 @@ from gitlab import Gitlab import urllib.request import json import argparse +import hmac +import hashlib def gitlab_build(payload, gl): @@ -112,23 +114,33 @@ def gitea_build(payload, token): route_name="gitea_payload", renderer="json", request_method="POST" ) class GiteaHook(object): - def __init__(self, request): - self.request = request - self.payload = self.request.json + self.payload = request.json self.whitelist = ['nyanloutre/site-musique', 'nyanloutre/site-max'] - self.secret = open(args.secret, 'r').readline().splitlines()[0] - self.gitea_token = open(args.gitea_token, 'r').readline().splitlines()[0] + self.gitea_token = open(args.gitea_token, 'r').readline().strip() - @view_config(header="X-Gitea-Event:push") + @view_config(header=["X-Gitea-Event:push", "X-Gitea-Signature"], check_hmac=True) def push_hook(self): - if self.payload['repository']['full_name'] in self.whitelist and self.payload['secret'] == self.secret: + if self.payload['repository']['full_name'] in self.whitelist: pool.apply_async(gitea_build, (self.payload, self.gitea_token)) return "build started" else: raise HTTPNotFound +class CheckHmacPredicate(object): + def __init__(self, val, info): + self.secret = open(args.secret, 'r').readline().strip().encode() + + def text(self): + return 'HMAC checking enabled' + + phash = text + + def __call__(self, context, request): + payload_signature = hmac.new(self.secret, request.body, hashlib.sha256).hexdigest() + return hmac.compare_digest(request.headers["X-Gitea-Signature"], payload_signature) + if __name__ == "__main__": parser = argparse.ArgumentParser(description='CI server') parser.add_argument('--address', help='listening address', default='127.0.0.1') @@ -139,10 +151,13 @@ if __name__ == "__main__": parser.add_argument('--gitea-token', help='gitea token file') args = parser.parse_args() + pool = Pool(1) config = Configurator() + config.add_view_predicate('check_hmac', CheckHmacPredicate) + config.add_route("gitlab_payload", "/gitlab_payload") config.add_route("gitea_payload", "/gitea_payload") config.scan() From 82ac4833cab158b939aa1435960f29d17aba35ac Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 30 Dec 2021 20:41:58 +0100 Subject: [PATCH 224/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d887ac7aee92e8fc54dde9060d60d927afae9d69' (2021-12-27) → 'github:NixOS/nixpkgs/8588b14a397e045692d0a87192810b6dddf53003' (2021-12-29) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index e2fa1124..2b4bbb96 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1640572776, - "narHash": "sha256-pWMTubBy1Ep31iuQ5lEKW2mjSHWEvcbvy9uHVch2764=", + "lastModified": 1640798027, + "narHash": "sha256-1e7bsxWJW0ugkA95AMGL3Da9sHugkz+J4kfYB9fTWZc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d887ac7aee92e8fc54dde9060d60d927afae9d69", + "rev": "8588b14a397e045692d0a87192810b6dddf53003", "type": "github" }, "original": { From a1c5ff26bced9f01db6bae9fb9abc40c44f8dc6b Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 4 Jan 2022 18:00:18 +0100 Subject: [PATCH 225/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/8588b14a397e045692d0a87192810b6dddf53003' (2021-12-29) → 'github:NixOS/nixpkgs/c6019d8efb5530dcf7ce98086b8e091be5ff900a' (2022-01-03) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/ac169ec6371f0d835542db654a65e0f2feb07838' (2021-12-26) → 'github:NixOS/nixpkgs/78cd22c1b8604de423546cd49bfe264b786eca13' (2022-01-03) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 2b4bbb96..fdf089b2 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1640798027, - "narHash": "sha256-1e7bsxWJW0ugkA95AMGL3Da9sHugkz+J4kfYB9fTWZc=", + "lastModified": 1641244400, + "narHash": "sha256-8i4oasWEz/2y9U+F1XU15jfwSbd5YOEBh2tyBBm/W8E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8588b14a397e045692d0a87192810b6dddf53003", + "rev": "c6019d8efb5530dcf7ce98086b8e091be5ff900a", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1640540585, - "narHash": "sha256-cCmknKFjWgam9jq+58wSd0Z4REia8mjBP65kXcL3ki8=", + "lastModified": 1641230035, + "narHash": "sha256-hFyqihERaTbLxCOlugy/rpp22VLtLh8SPRnA2uu3F/8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ac169ec6371f0d835542db654a65e0f2feb07838", + "rev": "78cd22c1b8604de423546cd49bfe264b786eca13", "type": "github" }, "original": { From e7a37c92ba0eae35d5e83fee27e2d9274235f593 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 10 Jan 2022 21:51:20 +0100 Subject: [PATCH 226/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/c6019d8efb5530dcf7ce98086b8e091be5ff900a' (2022-01-03) → 'github:NixOS/nixpkgs/79c7b6a353e22f0eec342dead0bc69fb7ce846db' (2022-01-10) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/78cd22c1b8604de423546cd49bfe264b786eca13' (2022-01-03) → 'github:NixOS/nixpkgs/0ecf7d414811f831060cf55707c374d54fbb1dec' (2022-01-09) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index fdf089b2..847af124 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1641244400, - "narHash": "sha256-8i4oasWEz/2y9U+F1XU15jfwSbd5YOEBh2tyBBm/W8E=", + "lastModified": 1641783572, + "narHash": "sha256-gkrIuUtbRKGEb+SrBVl6hEG4PY9rg+zhDyX0n3mRFMY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c6019d8efb5530dcf7ce98086b8e091be5ff900a", + "rev": "79c7b6a353e22f0eec342dead0bc69fb7ce846db", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1641230035, - "narHash": "sha256-hFyqihERaTbLxCOlugy/rpp22VLtLh8SPRnA2uu3F/8=", + "lastModified": 1641710811, + "narHash": "sha256-yVJ+CtwWZY8BnkNIJ/ue5a28yrRM6CkDF1LvmGmqqwM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "78cd22c1b8604de423546cd49bfe264b786eca13", + "rev": "0ecf7d414811f831060cf55707c374d54fbb1dec", "type": "github" }, "original": { From 6cb28432a0a7e0c74ed47f840b157141af4f9359 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 10 Jan 2022 21:57:36 +0100 Subject: [PATCH 227/474] patch jellyfin-ffmpeg --- flake.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/flake.nix b/flake.nix index 1a97e1fc..69265792 100644 --- a/flake.nix +++ b/flake.nix @@ -26,6 +26,14 @@ supportedSystems = [ "x86_64-linux" ]; + channels.nixpkgs.patches = [ + (nixpkgs.legacyPackages."x86_64-linux".fetchpatch { + name = "jellyfin-ffmpeg.patch"; + url = "https://github.com/NixOS/nixpkgs/pull/151617.patch"; + sha256 = "sha256-wyHZf5diFV36h9qiSrvhpRlYGJRiXxPYqxwDEz7obvk="; + }) + ]; + hostDefaults.modules = [ nixpkgs.nixosModules.notDetected { From 5fa0cd6c1353c63ac1badead1515e14a6a60ca15 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 10 Jan 2022 22:12:06 +0100 Subject: [PATCH 228/474] Revert "patch jellyfin-ffmpeg" This reverts commit 6cb28432a0a7e0c74ed47f840b157141af4f9359. --- flake.nix | 8 -------- 1 file changed, 8 deletions(-) diff --git a/flake.nix b/flake.nix index 69265792..1a97e1fc 100644 --- a/flake.nix +++ b/flake.nix @@ -26,14 +26,6 @@ supportedSystems = [ "x86_64-linux" ]; - channels.nixpkgs.patches = [ - (nixpkgs.legacyPackages."x86_64-linux".fetchpatch { - name = "jellyfin-ffmpeg.patch"; - url = "https://github.com/NixOS/nixpkgs/pull/151617.patch"; - sha256 = "sha256-wyHZf5diFV36h9qiSrvhpRlYGJRiXxPYqxwDEz7obvk="; - }) - ]; - hostDefaults.modules = [ nixpkgs.nixosModules.notDetected { From a3ee5e2dd11e7ab0f0731cb346cf66c88172171f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 28 Jan 2022 08:53:34 +0100 Subject: [PATCH 229/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/79c7b6a353e22f0eec342dead0bc69fb7ce846db' (2022-01-10) → 'github:NixOS/nixpkgs/6c4b9f1a2fd761e2d384ef86cff0d208ca27fdca' (2022-01-27) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/0ecf7d414811f831060cf55707c374d54fbb1dec' (2022-01-09) → 'github:NixOS/nixpkgs/945ec499041db73043f745fad3b2a3a01e826081' (2022-01-26) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 847af124..6a5b8495 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1641783572, - "narHash": "sha256-gkrIuUtbRKGEb+SrBVl6hEG4PY9rg+zhDyX0n3mRFMY=", + "lastModified": 1643247693, + "narHash": "sha256-rmShxIuNjYBz4l83J0J++sug+MURUY1koPCzX4F8hfo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "79c7b6a353e22f0eec342dead0bc69fb7ce846db", + "rev": "6c4b9f1a2fd761e2d384ef86cff0d208ca27fdca", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1641710811, - "narHash": "sha256-yVJ+CtwWZY8BnkNIJ/ue5a28yrRM6CkDF1LvmGmqqwM=", + "lastModified": 1643169865, + "narHash": "sha256-+KIpNRazbc8Gac9jdWCKQkFv9bjceaLaLhlwqUEYu8c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0ecf7d414811f831060cf55707c374d54fbb1dec", + "rev": "945ec499041db73043f745fad3b2a3a01e826081", "type": "github" }, "original": { From 62fe96603c28be3583264fb5f4c51228a3213aa8 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 28 Jan 2022 09:37:42 +0100 Subject: [PATCH 230/474] ipmihddtemp nixpkgs input follows stable branch --- flake.lock | 2 +- flake.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.lock b/flake.lock index 6a5b8495..032f79b2 100644 --- a/flake.lock +++ b/flake.lock @@ -55,7 +55,7 @@ "ipmihddtemp": { "inputs": { "nixpkgs": [ - "nixpkgs-unstable" + "nixpkgs" ] }, "locked": { diff --git a/flake.nix b/flake.nix index 1a97e1fc..6fae62ad 100644 --- a/flake.nix +++ b/flake.nix @@ -16,7 +16,7 @@ }; ipmihddtemp = { url = "gitlab:nyanloutre/ipmihddtemp/master"; - inputs.nixpkgs.follows = "nixpkgs-unstable"; + inputs.nixpkgs.follows = "nixpkgs"; }; }; From 2b6edb84813aa2cbcea58591a8b5eb9da191d3c3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 16 Feb 2022 23:00:15 +0100 Subject: [PATCH 231/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/df4f1f7cc3fc5eb4c5a24adb0a6df889863c9d62' (2022-02-06) → 'github:NixOS/nixpkgs/a03ae0e6d078cfdbb8404c3bff3622bd4e2f1c57' (2022-02-14) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/76e3df7c0687d5b9ff31431fd4ee4d4cd07a4b2f' (2022-02-03) → 'github:NixOS/nixpkgs/48d63e924a2666baf37f4f14a18f19347fbd54a2' (2022-02-10) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 032f79b2..c47034fc 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1643247693, - "narHash": "sha256-rmShxIuNjYBz4l83J0J++sug+MURUY1koPCzX4F8hfo=", + "lastModified": 1644837400, + "narHash": "sha256-treFS89w/xKzeTjJSJdYp/Ceddv6oqq7bL9mZMQDPi0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6c4b9f1a2fd761e2d384ef86cff0d208ca27fdca", + "rev": "a03ae0e6d078cfdbb8404c3bff3622bd4e2f1c57", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1643169865, - "narHash": "sha256-+KIpNRazbc8Gac9jdWCKQkFv9bjceaLaLhlwqUEYu8c=", + "lastModified": 1644525281, + "narHash": "sha256-D3VuWLdnLmAXIkooWAtbTGSQI9Fc1lkvAr94wTxhnTU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "945ec499041db73043f745fad3b2a3a01e826081", + "rev": "48d63e924a2666baf37f4f14a18f19347fbd54a2", "type": "github" }, "original": { From 762c7842b71d9cbe64ccc5c3b55d889090845def Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 18 Feb 2022 12:31:04 +0100 Subject: [PATCH 232/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/a03ae0e6d078cfdbb8404c3bff3622bd4e2f1c57' (2022-02-14) → 'github:NixOS/nixpkgs/2128d0aa28edef51fd8fef38b132ffc0155595df' (2022-02-16) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index c47034fc..437fe2d3 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1644837400, - "narHash": "sha256-treFS89w/xKzeTjJSJdYp/Ceddv6oqq7bL9mZMQDPi0=", + "lastModified": 1645010845, + "narHash": "sha256-hO9X4PvxkSLMQnGGB7tOrKPwufhLMiNQMNXNwzLqneo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a03ae0e6d078cfdbb8404c3bff3622bd4e2f1c57", + "rev": "2128d0aa28edef51fd8fef38b132ffc0155595df", "type": "github" }, "original": { From 7935b24f349e164fb566d24528cef97349478fa9 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 18 Feb 2022 12:33:02 +0100 Subject: [PATCH 233/474] use stable libreoffice --- systems/common-gui.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/common-gui.nix b/systems/common-gui.nix index 9b13e826..8686638f 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -54,7 +54,7 @@ gnome-breeze - libreoffice-fresh + libreoffice gimp inkscape From b2c938debd4def2d5f2f30e2f1df02be7b84a1f4 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 6 Mar 2022 18:52:02 +0100 Subject: [PATCH 234/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/2128d0aa28edef51fd8fef38b132ffc0155595df' (2022-02-16) → 'github:NixOS/nixpkgs/47cd6702934434dd02bc53a67dbce3e5493e33a2' (2022-03-04) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/48d63e924a2666baf37f4f14a18f19347fbd54a2' (2022-02-10) → 'github:NixOS/nixpkgs/3e072546ea98db00c2364b81491b893673267827' (2022-03-02) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 437fe2d3..50602bdb 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1645010845, - "narHash": "sha256-hO9X4PvxkSLMQnGGB7tOrKPwufhLMiNQMNXNwzLqneo=", + "lastModified": 1646406548, + "narHash": "sha256-xp+3f76ycZXNf9pG65Ef9KfDl1fas2UQu/cBe/pLd+c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2128d0aa28edef51fd8fef38b132ffc0155595df", + "rev": "47cd6702934434dd02bc53a67dbce3e5493e33a2", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1644525281, - "narHash": "sha256-D3VuWLdnLmAXIkooWAtbTGSQI9Fc1lkvAr94wTxhnTU=", + "lastModified": 1646254136, + "narHash": "sha256-8nQx02tTzgYO21BP/dy5BCRopE8OwE8Drsw98j+Qoaw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "48d63e924a2666baf37f4f14a18f19347fbd54a2", + "rev": "3e072546ea98db00c2364b81491b893673267827", "type": "github" }, "original": { From 5b40223a622bb28317e04f929b6778be2d980789 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 7 Mar 2022 08:48:46 +0100 Subject: [PATCH 235/474] restrict slimserver interfaces --- systems/LoutreOS/medias.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index b4fd57ed..c0bf930e 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -60,10 +60,10 @@ "/etc/localtime:/etc/localtime:ro" ]; ports = [ - "9000:9000/tcp" - "9090:9090/tcp" - "3483:3483/tcp" - "3483:3483/udp" + "10.30.0.1:9000:9000/tcp" + "10.30.0.1:9090:9090/tcp" + "10.30.0.1:3483:3483/tcp" + "10.30.0.1:3483:3483/udp" ]; extraOptions = ["--pull=always"]; }; From f3d23f66b42260b5c0753fb14fff97dbb2dc0be9 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 30 Mar 2022 22:14:55 +0200 Subject: [PATCH 236/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/47cd6702934434dd02bc53a67dbce3e5493e33a2' (2022-03-04) → 'github:NixOS/nixpkgs/9b168e5e62406fa2e55e132f390379a6ba22b402' (2022-03-29) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/3e072546ea98db00c2364b81491b893673267827' (2022-03-02) → 'github:NixOS/nixpkgs/ce8cbe3c01fd8ee2de526ccd84bbf9b82397a510' (2022-03-27) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 50602bdb..51f25b8b 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1646406548, - "narHash": "sha256-xp+3f76ycZXNf9pG65Ef9KfDl1fas2UQu/cBe/pLd+c=", + "lastModified": 1648553562, + "narHash": "sha256-xQhRKu6h0phd56oCzGjkhHkY4eDI1XKedGqkFtlXapk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "47cd6702934434dd02bc53a67dbce3e5493e33a2", + "rev": "9b168e5e62406fa2e55e132f390379a6ba22b402", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1646254136, - "narHash": "sha256-8nQx02tTzgYO21BP/dy5BCRopE8OwE8Drsw98j+Qoaw=", + "lastModified": 1648390671, + "narHash": "sha256-u69opCeHUx3CsdIerD0wVSR+DjfDQjnztObqfk9Trqc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3e072546ea98db00c2364b81491b893673267827", + "rev": "ce8cbe3c01fd8ee2de526ccd84bbf9b82397a510", "type": "github" }, "original": { From 5328ccd93844363a355aa9264ae06a858ca83b61 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 25 Apr 2022 14:39:37 +0200 Subject: [PATCH 237/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/9b168e5e62406fa2e55e132f390379a6ba22b402' (2022-03-29) → 'github:NixOS/nixpkgs/5fb3a179605141bfa4c9c423f9b1c33658b059c8' (2022-04-23) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/ce8cbe3c01fd8ee2de526ccd84bbf9b82397a510' (2022-03-27) → 'github:NixOS/nixpkgs/87d34a6b8982e901b8e50096b8e79ebc0e66cda0' (2022-04-24) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 51f25b8b..ad9644ff 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1648553562, - "narHash": "sha256-xQhRKu6h0phd56oCzGjkhHkY4eDI1XKedGqkFtlXapk=", + "lastModified": 1650728030, + "narHash": "sha256-VfCYsC/0mZQlQqsXf5o5Cib1ncJQ5l7WHN7hEIMmZNw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9b168e5e62406fa2e55e132f390379a6ba22b402", + "rev": "5fb3a179605141bfa4c9c423f9b1c33658b059c8", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1648390671, - "narHash": "sha256-u69opCeHUx3CsdIerD0wVSR+DjfDQjnztObqfk9Trqc=", + "lastModified": 1650831523, + "narHash": "sha256-6pDZ08SAXsUx5rOP391x+TG39ENP/XA8VMa1tQvgEjc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ce8cbe3c01fd8ee2de526ccd84bbf9b82397a510", + "rev": "87d34a6b8982e901b8e50096b8e79ebc0e66cda0", "type": "github" }, "original": { From daf61a6614c7a054644fa3c3398a1e41baa24b8d Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 13 May 2022 17:12:51 +0200 Subject: [PATCH 238/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/5fb3a179605141bfa4c9c423f9b1c33658b059c8' (2022-04-23) → 'github:NixOS/nixpkgs/aa2f845096f72dde4ad0c168eeec387cbd2eae04' (2022-05-10) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/87d34a6b8982e901b8e50096b8e79ebc0e66cda0' (2022-04-24) → 'github:NixOS/nixpkgs/41ff747f882914c1f8c233207ce280ac9d0c867f' (2022-05-11) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index ad9644ff..70d2306b 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1650728030, - "narHash": "sha256-VfCYsC/0mZQlQqsXf5o5Cib1ncJQ5l7WHN7hEIMmZNw=", + "lastModified": 1652182392, + "narHash": "sha256-H9Bmor+kfogrE0X7Fi5sh0gCUWDG4pnmYxedJyIT41A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5fb3a179605141bfa4c9c423f9b1c33658b059c8", + "rev": "aa2f845096f72dde4ad0c168eeec387cbd2eae04", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1650831523, - "narHash": "sha256-6pDZ08SAXsUx5rOP391x+TG39ENP/XA8VMa1tQvgEjc=", + "lastModified": 1652231724, + "narHash": "sha256-MjalcXFZgcgchp4QqnF05JTkFBBGad5hbksA1EKoP98=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "87d34a6b8982e901b8e50096b8e79ebc0e66cda0", + "rev": "41ff747f882914c1f8c233207ce280ac9d0c867f", "type": "github" }, "original": { From b9fc58fc597a91b1ddae78f7ed92faea960c10b3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 18 May 2022 19:41:27 +0200 Subject: [PATCH 239/474] remove unused amandoleen backup user --- systems/LoutreOS/services.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 0cffabc6..425592ee 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -274,11 +274,6 @@ in path = "/mnt/backup_loutre/minecraft_rezome"; user = "rezome"; }; - amandoleen = { - authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDPio7GmYEZLGSHOsUBV91E3brXVLbGVjGWtfMOzO0X4BRN/3sgNPvnDxjtKtRX6VwHVOnfzYFBYtL9aoMlT8r+aegwpNv75i26f1KXwIY3OCgmMhsn/ZLNuDJPUxlsMU360kYcrXtpD2uS1m3MZrupzfWptFnMBTyksFbgdIA75kbwZCXK1pKRJqTyM9mM21gzbOD6CXHE6M96ab0OEw5t1xb379zB2/x36ihcT18a2rGDJUw6PoDiR4w5bz1Ji7rGO+tuHdmahe+0iws5eU9XNuVSVOvVxeszgfVnwc7WCUhV7nCNogWyng/hpAXZExgpli5meiv99Tv1CDimy7BRe1nmu2bztAivz8kdUKd5oSMLAkVHuCxD6omAPMUDX26yOf8nXh50CAxtPlDfnKy4aGCCnNP0HH9tgkFSMvjR6JNcPyTGATWW5p1zehOA5qady2ZVP39YuDOa1N5dLt0yVcX7e2sRbVreMkwJ9AIUVGYClOiyqzwq51iSLrUq+BkUzIeR9E5p1+LQpMhoZ+lIUtvpWjbRp+gAXgbnAbRuAjemEDBTTIdjAZgrnO4ybteyZbJgEF1ItnIcQzTlCF9fsIZrgexuiC1VPj1gkVgh20j4Qh1Qt7eAltRm4PWE6//l2B0wVtHIpanHuvWrVY1qe3ddNHZKkuoLVu302T474w== paul@paul-fixe" ]; - path = "/mnt/backup_loutre/amandoleen"; - user = "amandoleen"; - }; }; sdtdserver.enable = false; From 406be8c14fd8a7d40940278f795dc26b92c47256 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 18 May 2022 19:43:52 +0200 Subject: [PATCH 240/474] rename packages with new names --- systems/PC-Fixe/configuration.nix | 2 +- systems/common-cli.nix | 6 +++--- systems/common-gui.nix | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index cd1454de..9f8e5a43 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -95,7 +95,7 @@ }; environment.systemPackages = with pkgs; [ - usb_modeswitch + usb-modeswitch ]; programs.wireshark.enable = true; diff --git a/systems/common-cli.nix b/systems/common-cli.nix index 756a9532..6d72c561 100644 --- a/systems/common-cli.nix +++ b/systems/common-cli.nix @@ -46,11 +46,11 @@ usbutils # Réseau - telnet + inetutils rclone lftp - wireguard - nfsUtils + wireguard-tools + nfs-utils nmap # Divers diff --git a/systems/common-gui.nix b/systems/common-gui.nix index 8686638f..84642318 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -22,7 +22,7 @@ monero-gui firefox - torbrowser + tor-browser-bundle-bin chromium tdesktop @@ -52,7 +52,7 @@ inherit (texlive) scheme-small titling collection-langfrench cm-super; }) - gnome-breeze + libsForQt5.breeze-gtk libreoffice From 5b515d6147f0621ed0ffca6e343452a325f7bf9a Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 18 May 2022 19:44:20 +0200 Subject: [PATCH 241/474] change display port --- systems/PC-Fixe/configuration.nix | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 9f8e5a43..61304dd9 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -209,13 +209,12 @@ }; services.xserver.deviceSection = '' - Option "metamodes" "DP-0: 3440x1440_144 +0+0 {AllowGSYNCCompatible=On}" + Option "metamodes" "DP-4: 3440x1440_144 +0+0 {AllowGSYNCCompatible=On}" ''; systemd = let - DP0Config = "--output DP-0 --mode 3440x1440 --rate 144"; - DP2Config = "--output DP-2 --auto --left-of DP-0"; - HDMIConfig = "--output HDMI-0 --auto --left-of DP-0"; + DP4Config = "--output DP-4 --mode 3440x1440 --rate 144"; + HDMIConfig = "--output HDMI-0 --auto --left-of DP-4"; in { services = { wol = { @@ -235,8 +234,8 @@ "enableTV" = { description = "Enable TV output"; script = '' - ${pkgs.xorg.xrandr}/bin/xrandr ${DP0Config} --primary - /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-0: 3440x1440_144 { AllowGSYNCCompatible=On }" + ${pkgs.xorg.xrandr}/bin/xrandr ${DP4Config} --primary + /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-4: 3440x1440_144 { AllowGSYNCCompatible=On }" ${pkgs.xorg.xrandr}/bin/xrandr ${HDMIConfig} ${pkgs.pipewire}/bin/pw-cli s 43 Profile '{ index: 1 }' ''; @@ -246,8 +245,8 @@ "primaryTV" = { description = "Set TV output as primary"; script = '' - ${pkgs.xorg.xrandr}/bin/xrandr ${DP0Config} - /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-0: 3440x1440_144 { AllowGSYNCCompatible=On }" + ${pkgs.xorg.xrandr}/bin/xrandr ${DP4Config} + /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-4: 3440x1440_144 { AllowGSYNCCompatible=On }" ${pkgs.xorg.xrandr}/bin/xrandr ${HDMIConfig} --primary ${pkgs.pipewire}/bin/pw-cli s 43 Profile '{ index: 1 }' ''; @@ -257,8 +256,8 @@ "FreeSyncMode" = { description = "Enable FreeSync screen only"; script = '' - ${pkgs.xorg.xrandr}/bin/xrandr ${DP0Config} - /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-0: 3440x1440_144 { AllowGSYNCCompatible=On }" + ${pkgs.xorg.xrandr}/bin/xrandr ${DP4Config} + /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-4: 3440x1440_144 { AllowGSYNCCompatible=On }" ${pkgs.xorg.xrandr}/bin/xrandr --output HDMI-0 --off ''; conflicts = ["CSMode.service"]; @@ -267,12 +266,12 @@ "CSMode" = { description = "Enable 4:3 black bars"; script = '' - ${pkgs.xorg.xrandr}/bin/xrandr ${DP0Config} --primary - /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-0: 3440x1440_144 { ViewPortIn=3440x1440, ViewPortOut=1920x1440+760+0, AllowGSYNCCompatible=On }" + ${pkgs.xorg.xrandr}/bin/xrandr ${DP4Config} --primary + /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-4: 3440x1440_144 { ViewPortIn=3440x1440, ViewPortOut=1920x1440+760+0, AllowGSYNCCompatible=On }" ${pkgs.xorg.xrandr}/bin/xrandr --output HDMI-0 --off ''; preStop = '' - /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-0: 3440x1440_144 { ViewPortIn=3440x1440, ViewPortOut=3440x1440+0+0, AllowGSYNCCompatible=On }" + /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-4: 3440x1440_144 { ViewPortIn=3440x1440, ViewPortOut=3440x1440+0+0, AllowGSYNCCompatible=On }" ''; serviceConfig = { Type = "oneshot"; From b094d5f303d96062517c65448ce813aea631ecee Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 18 May 2022 19:44:58 +0200 Subject: [PATCH 242/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/aa2f845096f72dde4ad0c168eeec387cbd2eae04' (2022-05-10) → 'github:NixOS/nixpkgs/8b3398bc7587ebb79f93dfeea1b8c574d3c6dba1' (2022-05-14) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/41ff747f882914c1f8c233207ce280ac9d0c867f' (2022-05-11) → 'github:NixOS/nixpkgs/1d7db1b9e4cf1ee075a9f52e5c36f7b9f4207502' (2022-05-16) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 70d2306b..929269ea 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1652182392, - "narHash": "sha256-H9Bmor+kfogrE0X7Fi5sh0gCUWDG4pnmYxedJyIT41A=", + "lastModified": 1652559422, + "narHash": "sha256-jPVTNImBTUIFdtur+d4IVot6eXmsvtOcBm0TzxmhWPk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "aa2f845096f72dde4ad0c168eeec387cbd2eae04", + "rev": "8b3398bc7587ebb79f93dfeea1b8c574d3c6dba1", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1652231724, - "narHash": "sha256-MjalcXFZgcgchp4QqnF05JTkFBBGad5hbksA1EKoP98=", + "lastModified": 1652659998, + "narHash": "sha256-FqNrXC1EE6U2RACwXBlsAvg1lqQGLYpuYb6+W3DL9vA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "41ff747f882914c1f8c233207ce280ac9d0c867f", + "rev": "1d7db1b9e4cf1ee075a9f52e5c36f7b9f4207502", "type": "github" }, "original": { From a4deb6d20d46c60f884f86752fb5e0eba3cff304 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 21 May 2022 00:44:14 +0200 Subject: [PATCH 243/474] fix unfree bug --- systems/common-gui.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/common-gui.nix b/systems/common-gui.nix index 84642318..dd00f945 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: { - nixpkgs.config.allowUnfree = true; + nixpkgs.config.allowUnfreePredicate = (pkg: true); environment.systemPackages = with pkgs; [ filezilla From 8fecd6ffbffbb00136ff6adafd315ef410cf1dfc Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 21 May 2022 00:45:22 +0200 Subject: [PATCH 244/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/8b3398bc7587ebb79f93dfeea1b8c574d3c6dba1' (2022-05-14) → 'github:NixOS/nixpkgs/685d243d971c4f9655c981036b9c7bafdb728a0d' (2022-05-19) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/1d7db1b9e4cf1ee075a9f52e5c36f7b9f4207502' (2022-05-16) → 'github:NixOS/nixpkgs/48037fd90426e44e4bf03e6479e88a11453b9b66' (2022-05-18) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 929269ea..034c4bcd 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1652559422, - "narHash": "sha256-jPVTNImBTUIFdtur+d4IVot6eXmsvtOcBm0TzxmhWPk=", + "lastModified": 1652975354, + "narHash": "sha256-qP1DpEYQdSq7NZ542TSHffIT6xGm7MaSMG9faQWPcg0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8b3398bc7587ebb79f93dfeea1b8c574d3c6dba1", + "rev": "685d243d971c4f9655c981036b9c7bafdb728a0d", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1652659998, - "narHash": "sha256-FqNrXC1EE6U2RACwXBlsAvg1lqQGLYpuYb6+W3DL9vA=", + "lastModified": 1652885393, + "narHash": "sha256-YIgvvlk4iQ1Hi7KD9o5gsojc+ApB+jiH1d5stK8uXiw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1d7db1b9e4cf1ee075a9f52e5c36f7b9f4207502", + "rev": "48037fd90426e44e4bf03e6479e88a11453b9b66", "type": "github" }, "original": { From cac7f7013e323664ddae5dc635bb89b511d366f8 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 Jun 2022 08:16:01 +0200 Subject: [PATCH 245/474] configure hetzner backup --- systems/LoutreOS/services.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 425592ee..e1d336e9 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -239,7 +239,8 @@ in "/var/lib/radarr/.config/Radarr/radarr.db-wal" "/var/lib/radarr/.config/Radarr/radarr.db-shm" ]; - repo = "/mnt/backup/borg"; + repo = "ssh://u306925@u306925.your-storagebox.de:23/./loutreos"; + environment = { BORG_RSH = "ssh -i /mnt/secrets/hetzner_ssh_key"; }; encryption = { mode = "repokey-blake2"; passCommand = "cat /mnt/secrets/borgbackup_loutre_encryption_pass"; From 70bb98ca2d78d4d4acd4559e9797dcffa358c796 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 Jun 2022 08:26:11 +0200 Subject: [PATCH 246/474] update nixos to 22.05 --- flake.lock | 14 +++++++------- flake.nix | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index 034c4bcd..9ba50c89 100644 --- a/flake.lock +++ b/flake.lock @@ -75,16 +75,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1652975354, - "narHash": "sha256-qP1DpEYQdSq7NZ542TSHffIT6xGm7MaSMG9faQWPcg0=", + "lastModified": 1655096306, + "narHash": "sha256-3B3zBaQVLL956deZgmucouvkZroObQ4JKHzbIfFS9/c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "685d243d971c4f9655c981036b9c7bafdb728a0d", + "rev": "a119e218ad27bea32057a3463e3694a61c9e3802", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-21.11", + "ref": "nixos-22.05", "type": "indirect" } }, @@ -105,11 +105,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1652885393, - "narHash": "sha256-YIgvvlk4iQ1Hi7KD9o5gsojc+ApB+jiH1d5stK8uXiw=", + "lastModified": 1655043425, + "narHash": "sha256-A+oT+aQGhW5lXy8H0cqBLsYtgcnT5glmGOXWQDcGw6I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "48037fd90426e44e4bf03e6479e88a11453b9b66", + "rev": "914ef51ffa88d9b386c71bdc88bffc5273c08ada", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 6fae62ad..28f27a26 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,6 @@ { inputs = { - nixpkgs.url = "flake:nixpkgs/nixos-21.11"; + nixpkgs.url = "flake:nixpkgs/nixos-22.05"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; utils.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.3.1"; simple-nixos-mailserver = { From fbffb59a86896935e514125d824dc8ec379caac3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 Jun 2022 08:26:53 +0200 Subject: [PATCH 247/474] disable matrix synapse --- systems/LoutreOS/services.nix | 86 ----------------------------------- 1 file changed, 86 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index e1d336e9..71d4ca55 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -128,92 +128,6 @@ in mountdPort = 4002; }; - matrix-synapse = { - enable = true; - enable_registration = true; - server_name = "nyanlout.re"; - listeners = [ - { # federation - bind_address = ""; - port = 8448; - resources = [ - { compress = true; names = [ "client" "webclient" ]; } - { compress = false; names = [ "federation" ]; } - ]; - tls = true; - type = "http"; - x_forwarded = false; - } - { # client - bind_address = "127.0.0.1"; - port = 8008; - resources = [ - { compress = true; names = [ "client" "webclient" ]; } - ]; - tls = false; - type = "http"; - x_forwarded = true; - } - ]; - max_upload_size = "100M"; - database_type = "psycopg2"; - database_args = { - database = "matrix-synapse"; - }; - tls_private_key_path = "/var/lib/acme/${domaine}/key.pem"; - tls_certificate_path = "/var/lib/acme/${domaine}/fullchain.pem"; - url_preview_enabled = true; - logConfig = '' - version: 1 - - formatters: - journal_fmt: - format: '%(name)s: [%(request)s] %(message)s' - - filters: - context: - (): synapse.util.logcontext.LoggingContextFilter - request: "" - - handlers: - journal: - class: systemd.journal.JournalHandler - formatter: journal_fmt - filters: [context] - SYSLOG_IDENTIFIER: synapse - - root: - level: WARNING - handlers: [journal] - - disable_existing_loggers: False - ''; - app_service_config_files = [ - "/var/lib/matrix-synapse/mautrix-telegram-registration.yaml" - ]; - }; - - mautrix-telegram = { - enable = true; - settings = { - homeserver = { - address = "https://matrix.nyanlout.re"; - domain = "nyanlout.re"; - }; - appservice = { - bot_username = "loutrebot"; - }; - bridge = { - relaybot.authless_portals = false; - permissions = { - "@nyanloutre:nyanlout.re" = "admin"; - }; - }; - }; - environmentFile = "/mnt/secrets/mautrix-telegram.env"; - serviceDependencies = [ "matrix-synapse.service" ]; - }; - borgbackup.jobs = { loutre = { paths = [ From b1cea27df05e19564e4a49344a78188ca7e0428f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 Jun 2022 08:27:13 +0200 Subject: [PATCH 248/474] fix nginx home-assistant config --- systems/LoutreOS/web.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index a8804379..8055900d 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -238,7 +238,7 @@ in "ci.nyanlout.re" = simpleReverse 52350; "gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort; "musique.nyanlout.re" = simpleReverse config.services.navidrome.settings.Port; - "apart.nyanlout.re" = recursiveUpdate (simpleReverse config.services.home-assistant.port) { + "apart.nyanlout.re" = recursiveUpdate (simpleReverse config.services.home-assistant.config.http.server_port) { locations."/" = { proxyWebsockets = true; }; From 418a7ba10765bd9925b49666a7e899551e47c5e9 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 Jun 2022 08:16:01 +0200 Subject: [PATCH 249/474] configure hetzner backup --- systems/LoutreOS/services.nix | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 425592ee..34f75973 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -239,7 +239,8 @@ in "/var/lib/radarr/.config/Radarr/radarr.db-wal" "/var/lib/radarr/.config/Radarr/radarr.db-shm" ]; - repo = "/mnt/backup/borg"; + repo = "ssh://u306925@u306925.your-storagebox.de:23/./loutreos"; + environment = { BORG_RSH = "ssh -i /mnt/secrets/hetzner_ssh_key"; }; encryption = { mode = "repokey-blake2"; passCommand = "cat /mnt/secrets/borgbackup_loutre_encryption_pass"; @@ -254,11 +255,6 @@ in readWritePaths = [ "/var/lib/postfix/queue/maildrop" ]; postHook = '' ${pkgs.zfs}/bin/zfs destroy loutrepool/var/postgresql@borgsnap - if [[ $exitStatus == 0 ]]; then - ${pkgs.rclone}/bin/rclone --config /mnt/secrets/rclone_loutre.conf sync -v $BORG_REPO BackupStorage:default - else - ${backup_mail_alert}/bin/mail.sh - fi ''; }; }; From a21636baa2f1593c245e54f68fcea8c01ff18a96 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 30 Jun 2022 18:58:34 +0200 Subject: [PATCH 250/474] reduce frequency of high IO operations --- systems/LoutreOS/configuration.nix | 5 ++++- systems/LoutreOS/monitoring.nix | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index cf299f56..28e111cf 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -32,7 +32,10 @@ services.zfs = { autoSnapshot.enable = true; - autoScrub.enable = true; + autoScrub = { + enable = true; + interval = "monthly"; + }; }; hardware.usbWwan.enable = true; diff --git a/systems/LoutreOS/monitoring.nix b/systems/LoutreOS/monitoring.nix index 29915d2b..a2120f0c 100644 --- a/systems/LoutreOS/monitoring.nix +++ b/systems/LoutreOS/monitoring.nix @@ -7,7 +7,7 @@ in services = { smartd = { enable = true; - defaults.monitored = "-a -o on -s (S/../.././02|L/../../1/04)"; + defaults.monitored = "-a -o on -s (S/../.././02|L/../15/./02)"; notifications.mail = { enable = true; recipient = "paul@nyanlout.re"; From 29e12eed94e7fdb671156b58b2c1751ac43c5d01 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 30 Jun 2022 19:57:50 +0200 Subject: [PATCH 251/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/a119e218ad27bea32057a3463e3694a61c9e3802' (2022-06-13) → 'github:NixOS/nixpkgs/be6da3774db3746e6ae94bf412dd3707e35b2800' (2022-06-29) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/914ef51ffa88d9b386c71bdc88bffc5273c08ada' (2022-06-12) → 'github:NixOS/nixpkgs/cf3ab54b4afe2b7477faa1dd0b65bf74c055d70c' (2022-06-29) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 9ba50c89..56978dea 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1655096306, - "narHash": "sha256-3B3zBaQVLL956deZgmucouvkZroObQ4JKHzbIfFS9/c=", + "lastModified": 1656500841, + "narHash": "sha256-13IRoh3uu29S4IfoVO6Sb0UPwzDhSqXoBKKQ4ssEzF0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a119e218ad27bea32057a3463e3694a61c9e3802", + "rev": "be6da3774db3746e6ae94bf412dd3707e35b2800", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1655043425, - "narHash": "sha256-A+oT+aQGhW5lXy8H0cqBLsYtgcnT5glmGOXWQDcGw6I=", + "lastModified": 1656461576, + "narHash": "sha256-rlmmw6lIlkMQIiB+NsnO8wQYWTfle8TA41UREPLP5VY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "914ef51ffa88d9b386c71bdc88bffc5273c08ada", + "rev": "cf3ab54b4afe2b7477faa1dd0b65bf74c055d70c", "type": "github" }, "original": { From d5c54d97c5aeec9ec5a56661540d971ba9662892 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 4 Jul 2022 22:33:55 +0200 Subject: [PATCH 252/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/be6da3774db3746e6ae94bf412dd3707e35b2800' (2022-06-29) → 'github:NixOS/nixpkgs/09c32b0bda4db98d6454e910206188e85d5b04cc' (2022-07-02) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/cf3ab54b4afe2b7477faa1dd0b65bf74c055d70c' (2022-06-29) → 'github:NixOS/nixpkgs/0ea7a8f1b939d74e5df8af9a8f7342097cdf69eb' (2022-07-02) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 56978dea..294f935a 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1656500841, - "narHash": "sha256-13IRoh3uu29S4IfoVO6Sb0UPwzDhSqXoBKKQ4ssEzF0=", + "lastModified": 1656754140, + "narHash": "sha256-8thJUtZWIimyBtkYQ0tdmmnH0yJvOaw1K5W3OgKc6/A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "be6da3774db3746e6ae94bf412dd3707e35b2800", + "rev": "09c32b0bda4db98d6454e910206188e85d5b04cc", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1656461576, - "narHash": "sha256-rlmmw6lIlkMQIiB+NsnO8wQYWTfle8TA41UREPLP5VY=", + "lastModified": 1656753965, + "narHash": "sha256-BCrB3l0qpJokOnIVc3g2lHiGhnjUi0MoXiw6t1o8H1E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cf3ab54b4afe2b7477faa1dd0b65bf74c055d70c", + "rev": "0ea7a8f1b939d74e5df8af9a8f7342097cdf69eb", "type": "github" }, "original": { From 371f28a7197e13568d52caaa137b1761c448bbe7 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 4 Jul 2022 23:38:41 +0200 Subject: [PATCH 253/474] LoutreOS: use unstable Jellyfin --- systems/LoutreOS/medias.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index c0bf930e..60193b47 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, inputs, ... }: { services = { @@ -22,7 +22,7 @@ jellyfin = { enable = true; - package = pkgs.jellyfin; + package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.jellyfin; }; navidrome = { From c937ecd33cd9e99aa4a3228b4865073bd877f50d Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 4 Jul 2022 23:39:05 +0200 Subject: [PATCH 254/474] LoutreOS: update Postgresql to 14 --- systems/LoutreOS/web.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 8055900d..ce8599fb 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -300,6 +300,7 @@ in postgresql = { enable = true; + package = pkgs.postgresql_14; settings = { full_page_writes = false; }; From 580c33acbaad339bdf530db323804c25f91a0baa Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 5 Jul 2022 20:09:13 +0200 Subject: [PATCH 255/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/09c32b0bda4db98d6454e910206188e85d5b04cc' (2022-07-02) → 'github:NixOS/nixpkgs/e8d47977286a44955262adbc76f2c8a66e7419d5' (2022-07-04) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/0ea7a8f1b939d74e5df8af9a8f7342097cdf69eb' (2022-07-02) → 'github:NixOS/nixpkgs/18b14a254dca6b68ca0ce2ce885ce2b550065799' (2022-07-03) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 294f935a..e513dfb9 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1656754140, - "narHash": "sha256-8thJUtZWIimyBtkYQ0tdmmnH0yJvOaw1K5W3OgKc6/A=", + "lastModified": 1656947410, + "narHash": "sha256-htDR/PZvjUJGyrRJsVqDmXR8QeoswBaRLzHt13fd0iY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "09c32b0bda4db98d6454e910206188e85d5b04cc", + "rev": "e8d47977286a44955262adbc76f2c8a66e7419d5", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1656753965, - "narHash": "sha256-BCrB3l0qpJokOnIVc3g2lHiGhnjUi0MoXiw6t1o8H1E=", + "lastModified": 1656835607, + "narHash": "sha256-zONMAG6JSfGyW20AsVWGnlZwNWws6Q/7IT0oDNGc1xY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0ea7a8f1b939d74e5df8af9a8f7342097cdf69eb", + "rev": "18b14a254dca6b68ca0ce2ce885ce2b550065799", "type": "github" }, "original": { From 7edc31423437fff95d114e38911f15d4d726e86a Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 5 Jul 2022 20:10:31 +0200 Subject: [PATCH 256/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/685d243d971c4f9655c981036b9c7bafdb728a0d' (2022-05-19) → 'github:NixOS/nixpkgs/573603b7fdb9feb0eb8efc16ee18a015c667ab1b' (2022-07-02) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/48037fd90426e44e4bf03e6479e88a11453b9b66' (2022-05-18) → 'github:NixOS/nixpkgs/18b14a254dca6b68ca0ce2ce885ce2b550065799' (2022-07-03) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 034c4bcd..9060e527 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1652975354, - "narHash": "sha256-qP1DpEYQdSq7NZ542TSHffIT6xGm7MaSMG9faQWPcg0=", + "lastModified": 1656782578, + "narHash": "sha256-1eMCBEqJplPotTo/SZ/t5HU6Sf2I8qKlZi9MX7jv9fw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "685d243d971c4f9655c981036b9c7bafdb728a0d", + "rev": "573603b7fdb9feb0eb8efc16ee18a015c667ab1b", "type": "github" }, "original": { @@ -105,11 +105,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1652885393, - "narHash": "sha256-YIgvvlk4iQ1Hi7KD9o5gsojc+ApB+jiH1d5stK8uXiw=", + "lastModified": 1656835607, + "narHash": "sha256-zONMAG6JSfGyW20AsVWGnlZwNWws6Q/7IT0oDNGc1xY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "48037fd90426e44e4bf03e6479e88a11453b9b66", + "rev": "18b14a254dca6b68ca0ce2ce885ce2b550065799", "type": "github" }, "original": { From fe517173363af7547b7d6ba11703d698a9370791 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 5 Jul 2022 20:25:00 +0200 Subject: [PATCH 257/474] LoutreOS: update nixos-mailserver --- flake.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 28f27a26..38aa468b 100644 --- a/flake.nix +++ b/flake.nix @@ -4,10 +4,10 @@ nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; utils.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.3.1"; simple-nixos-mailserver = { - url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.11"; + url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.05"; inputs = { nixpkgs.follows = "nixpkgs-unstable"; - nixpkgs-21_11.follows = "nixpkgs"; + nixpkgs-22_05.follows = "nixpkgs"; }; }; dogetipbot-telegram = { From 4f0c846880194dd9ca2e5bfc0139b690ac7b83d3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 5 Jul 2022 20:25:04 +0200 Subject: [PATCH 258/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/6e3a7b2ea6f0d68b82027b988aa25d3423787303' (2021-12-07) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/f535d8123c4761b2ed8138f3d202ea710a334a1d' (2022-06-22) • Removed input 'simple-nixos-mailserver/nixpkgs-21_05' • Removed input 'simple-nixos-mailserver/nixpkgs-21_11' • Added input 'simple-nixos-mailserver/nixpkgs-22_05': follows 'nixpkgs' --- flake.lock | 26 +++++--------------------- 1 file changed, 5 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index e513dfb9..7593ec2d 100644 --- a/flake.lock +++ b/flake.lock @@ -88,21 +88,6 @@ "type": "indirect" } }, - "nixpkgs-21_05": { - "locked": { - "lastModified": 1625692408, - "narHash": "sha256-e9L3TLLDVIJpMnHtiNHJE62oOh6emRtSZ244bgYJUZs=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "c06613c25df3fe1dd26243847a3c105cf6770627", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-21.05", - "type": "indirect" - } - }, "nixpkgs-unstable": { "locked": { "lastModified": 1656835607, @@ -134,23 +119,22 @@ "nixpkgs": [ "nixpkgs-unstable" ], - "nixpkgs-21_05": "nixpkgs-21_05", - "nixpkgs-21_11": [ + "nixpkgs-22_05": [ "nixpkgs" ], "utils": "utils" }, "locked": { - "lastModified": 1638911354, - "narHash": "sha256-hNhzLOp+dApEY15vwLAQZu+sjEQbJcOXCaSfAT6lpsQ=", + "lastModified": 1655930346, + "narHash": "sha256-ht56HHOzEhjeIgAv5ZNFjSVX/in1YlUs0HG9c1EUXTM=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "6e3a7b2ea6f0d68b82027b988aa25d3423787303", + "rev": "f535d8123c4761b2ed8138f3d202ea710a334a1d", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-21.11", + "ref": "nixos-22.05", "repo": "nixos-mailserver", "type": "gitlab" } From be051f67d3f7ab090935898726e0c5e52acbe5b8 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 5 Jul 2022 20:40:48 +0200 Subject: [PATCH 259/474] LoutreOS: disable redis --- systems/LoutreOS/services.nix | 2 +- systems/LoutreOS/web.nix | 26 +++++++++++++------------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 2411cb4e..be75dfee 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -90,7 +90,7 @@ in secure_ip = ["0.0.0.0/0"]; ''; - redis.enable = true; + # redis.enable = true; logrotate = { enable = true; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index ce8599fb..dc20e52c 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -65,19 +65,19 @@ in services = { phpfpm.pools = { - work = { - user = config.users.users.work.name; - phpPackage = pkgs.php.withExtensions ({ all, ... }: with all; [ redis filter ]); - settings = { - "listen.owner" = config.services.nginx.user; - "pm" = "dynamic"; - "pm.max_children" = 75; - "pm.start_servers" = 10; - "pm.min_spare_servers" = 5; - "pm.max_spare_servers" = 20; - "pm.max_requests" = 500; - }; - }; + # work = { + # user = config.users.users.work.name; + # phpPackage = pkgs.php.withExtensions ({ all, ... }: with all; [ redis filter ]); + # settings = { + # "listen.owner" = config.services.nginx.user; + # "pm" = "dynamic"; + # "pm.max_children" = 75; + # "pm.start_servers" = 10; + # "pm.min_spare_servers" = 5; + # "pm.max_spare_servers" = 20; + # "pm.max_requests" = 500; + # }; + # }; drive = { user = config.users.users.webdav.name; settings = { From 349d25b20103faa33eaf90320b6c00507e8099b3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 5 Jul 2022 20:41:04 +0200 Subject: [PATCH 260/474] LoutreOS: keep default logrotate config --- systems/LoutreOS/services.nix | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index be75dfee..ce7f4aac 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -92,20 +92,8 @@ in # redis.enable = true; - logrotate = { - enable = true; - paths = { - nginx = { - path = "/var/log/nginx/*.log"; - user = config.services.nginx.user; - group = config.services.nginx.group; - keep = 7; - extraConfig = '' - compress - ''; - }; - }; - }; + # enable with nginx defult config + logrotate.enable = true; fail2ban.enable = true; From 89a8d3baa6ef7d39a435994d3186fbc9f5546164 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 5 Jul 2022 20:41:35 +0200 Subject: [PATCH 261/474] LoutreOS: fix acme config --- systems/LoutreOS/web.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index dc20e52c..7917507b 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -44,7 +44,7 @@ let in { security.acme = { - email = "paul@nyanlout.re"; + defaults.email = "paul@nyanlout.re"; acceptTerms = true; }; From 8c8795cd2a1cdc07db1eda5ac65ca0b319005701 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 5 Jul 2022 21:45:28 +0200 Subject: [PATCH 262/474] LoutreOS: update PostgreSQL from 9.6 to 14 --- systems/LoutreOS/web.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index a8804379..15ecb4d8 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -300,6 +300,7 @@ in postgresql = { enable = true; + package = pkgs.postgresql_14; settings = { full_page_writes = false; }; From 5a479bbe032ac72015f9f8c57ce3cb715503f4d0 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 5 Jul 2022 21:46:18 +0200 Subject: [PATCH 263/474] LoutreOS: disable syncthing --- systems/LoutreOS/services.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 34f75973..64440dc7 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -111,12 +111,6 @@ in fstrim.enable = true; - syncthing = { - enable = true; - dataDir = "/var/lib/syncthing"; - openDefaultPorts = true; - }; - nfs.server = { enable = true; exports = '' From e35f6defa0a757e59a371fd40140f5eb873eba99 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 5 Jul 2022 21:50:05 +0200 Subject: [PATCH 264/474] LoutreOS: remove unused game servers --- systems/LoutreOS/services.nix | 65 ----------------------------------- 1 file changed, 65 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index f5a77189..50426765 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -168,40 +168,6 @@ in }; }; - sdtdserver.enable = false; - - factorio = { - enable = false; - autosave-interval = 10; - game-name = "Shame"; - public = true; - username = "nyanloutre"; - }; - - minecraft-server = { - enable = false; - jvmOpts = "-Xms512m -Xmx3072m"; - eula = true; - declarative = true; - openFirewall = true; - whitelist = { - nyanloutre = "db0669ea-e332-4ca3-8d50-f5d1458f5822"; - Hautension = "f05677f4-be5a-47df-ad77-21c739180aa2"; - LordDarkKiwi = "79290cfc-0b00-484f-9c94-ab0786402de6"; - Madahin = "f5f747e3-fac2-43e8-9b9b-a67dc2f368ff"; - Hopegcx = "4497f759-2210-48db-8764-307d33011442"; - wyrd68 = "127a3021-cdc1-419f-9010-4651df9ae3af"; - sparsyateloutre = "d2ff63c1-4e9f-4b21-9bfc-decce5d987b3"; - }; - serverProperties = { - difficulty = 2; - gamemode = 0; - max-players = 50; - motd = "Hi Mark !"; - white-list = true; - }; - }; - kresd = { enable = true; }; @@ -570,37 +536,6 @@ in ipmihddtemp.enable = true; - # systemd.services.minecraft-overviewer = - # let - # clientJar = pkgs.fetchurl { - # url = "https://overviewer.org/textures/1.14"; - # sha256 = "0fij9wac7vj6h0kd3mfhqpn0w9gl8pbs9vs9s085zajm0szpr44k"; - # name = "client.jar"; - # }; - # configFile = pkgs.runCommand "overviewer-config" { CLIENT_JAR = clientJar; } '' - # substitute ${./config-overviewer.py} $out \ - # --subst-var CLIENT_JAR - # ''; - # in - # { - # script = '' - # ${pkgs.minecraft-overviewer}/bin/overviewer.py --config ${configFile} - # ${pkgs.minecraft-overviewer}/bin/overviewer.py --config ${configFile} --genpoi - # rm /var/www/minecraft-overviewer/progress.json - # ''; - # serviceConfig = { - # User = "nginx"; - # Group = "nginx"; - # }; - # }; - - # systemd.timers.minecraft-overviewer = { - # wantedBy = [ "multi-user.target" ]; - # timerConfig = { - # OnCalendar = "*-*-* 04:00:00"; - # }; - # }; - # systemd.packages = with pkgs; [ # tgt # ]; From 4371eb399bef7cee221eefd6d69b83ba5bbc08f0 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 5 Jul 2022 21:51:06 +0200 Subject: [PATCH 265/474] LoutreOS: remove unused iscsi config --- systems/LoutreOS/services.nix | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 50426765..e94ba67a 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -536,17 +536,6 @@ in ipmihddtemp.enable = true; - # systemd.packages = with pkgs; [ - # tgt - # ]; - - # environment.etc."tgt/targets.conf".text = '' - # - # backing-store /dev/zvol/loutrepool/steam-lun - # initiator-address 10.30.50.3 - # - # ''; - users.groups.nginx.members = [ "matrix-synapse" ]; security.pam.services.sshd.text = pkgs.lib.mkDefault( pkgs.lib.mkAfter "session optional ${pkgs.pam}/lib/security/pam_exec.so seteuid ${login_mail_alert}/bin/mail_alert.sh" ); From 744d3fc57e1cd2f2540c7d753c52803c599e0fec Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 5 Jul 2022 21:53:47 +0200 Subject: [PATCH 266/474] LoutreOS: temporarily disable max website --- systems/LoutreOS/web.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 7917507b..6b8e9244 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -216,7 +216,7 @@ in alias = "/var/www/site-musique/media/"; }; }; - "maxspiegel.fr" = base { "/" = { root = "/run/python-ci/nyanloutre/site-max"; }; }; + # "maxspiegel.fr" = base { "/" = { root = "/run/python-ci/nyanloutre/site-max"; }; }; "stream.nyanlout.re" = base { "/" = { proxyPass = "http://10.30.135.71"; From 4fab7e63f5eb9edfa02a10e1255334cb8e63aebf Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 7 Jul 2022 19:09:21 +0200 Subject: [PATCH 267/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e8d47977286a44955262adbc76f2c8a66e7419d5' (2022-07-04) → 'github:NixOS/nixpkgs/316b762afdb9e142a803f29c49a88b4a47db80ee' (2022-07-06) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/18b14a254dca6b68ca0ce2ce885ce2b550065799' (2022-07-03) → 'github:NixOS/nixpkgs/a5c867d9fe9e4380452628e8f171c26b69fa9d3d' (2022-07-06) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 7593ec2d..21929e38 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1656947410, - "narHash": "sha256-htDR/PZvjUJGyrRJsVqDmXR8QeoswBaRLzHt13fd0iY=", + "lastModified": 1657123678, + "narHash": "sha256-cowVkScfUPlbBXUp08MeVk/wgm9E1zp1uC+9no2hZYw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e8d47977286a44955262adbc76f2c8a66e7419d5", + "rev": "316b762afdb9e142a803f29c49a88b4a47db80ee", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1656835607, - "narHash": "sha256-zONMAG6JSfGyW20AsVWGnlZwNWws6Q/7IT0oDNGc1xY=", + "lastModified": 1657114324, + "narHash": "sha256-fWuaUNXrHcz/ciHRHlcSO92dvV3EVS0GJQUSBO5JIB4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "18b14a254dca6b68ca0ce2ce885ce2b550065799", + "rev": "a5c867d9fe9e4380452628e8f171c26b69fa9d3d", "type": "github" }, "original": { From ab6d9dc8483e0e2bcd1cd38ba452443f178d9e81 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 20 Jul 2022 15:29:20 +0200 Subject: [PATCH 268/474] PC-fixe: enable HP printing --- systems/PC-Fixe/configuration.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 61304dd9..4710a838 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -212,6 +212,9 @@ Option "metamodes" "DP-4: 3440x1440_144 +0+0 {AllowGSYNCCompatible=On}" ''; + services.printing.enable = true; + services.printing.drivers = [ pkgs.hplip ]; + systemd = let DP4Config = "--output DP-4 --mode 3440x1440 --rate 144"; HDMIConfig = "--output HDMI-0 --auto --left-of DP-4"; From 756e619a1d9b31f8ac093fd135ba608251a1c043 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 20 Jul 2022 15:34:53 +0200 Subject: [PATCH 269/474] add channel patch example --- flake.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/flake.nix b/flake.nix index 38aa468b..c7c1cf61 100644 --- a/flake.nix +++ b/flake.nix @@ -26,6 +26,16 @@ supportedSystems = [ "x86_64-linux" ]; + # Patch example + + # channels.nixpkgs-unstable.patches = [ + # (nixpkgs-unstable.legacyPackages."x86_64-linux".fetchpatch { + # name = "electron-cash.patch"; + # url = "https://github.com/NixOS/nixpkgs/pull/160607.patch"; + # sha256 = "sha256-oQbiyhVWYIkEuZEKqaPuIL00PNPnuTAw64wuqZ8YeDs="; + # }) + # ]; + hostDefaults.modules = [ nixpkgs.nixosModules.notDetected { From 000d5924ff3d73ef1e786a1f867f04c43c831e60 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 20 Jul 2022 15:35:38 +0200 Subject: [PATCH 270/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/316b762afdb9e142a803f29c49a88b4a47db80ee' (2022-07-06) → 'github:NixOS/nixpkgs/e732e1fdbf79bec59f7ade4a3675b091b4a9f6d6' (2022-07-19) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/a5c867d9fe9e4380452628e8f171c26b69fa9d3d' (2022-07-06) → 'github:NixOS/nixpkgs/e4d49de45a3b5dbcb881656b4e3986e666141ea9' (2022-07-18) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 21929e38..c53a3b34 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1657123678, - "narHash": "sha256-cowVkScfUPlbBXUp08MeVk/wgm9E1zp1uC+9no2hZYw=", + "lastModified": 1658237535, + "narHash": "sha256-z3Ff9oSXEPSZMfXdM+r29oJxtyKUnlUOc18U9E6Q48g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "316b762afdb9e142a803f29c49a88b4a47db80ee", + "rev": "e732e1fdbf79bec59f7ade4a3675b091b4a9f6d6", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1657114324, - "narHash": "sha256-fWuaUNXrHcz/ciHRHlcSO92dvV3EVS0GJQUSBO5JIB4=", + "lastModified": 1658161305, + "narHash": "sha256-X/nhnMCa1Wx4YapsspyAs6QYz6T/85FofrI6NpdPDHg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a5c867d9fe9e4380452628e8f171c26b69fa9d3d", + "rev": "e4d49de45a3b5dbcb881656b4e3986e666141ea9", "type": "github" }, "original": { From d202456d6bfd8ae11186b6bdb128b37133d3345f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 26 Jul 2022 19:33:26 +0200 Subject: [PATCH 271/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e732e1fdbf79bec59f7ade4a3675b091b4a9f6d6' (2022-07-19) → 'github:NixOS/nixpkgs/f0fa012b649a47e408291e96a15672a4fe925d65' (2022-07-25) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/e4d49de45a3b5dbcb881656b4e3986e666141ea9' (2022-07-18) → 'github:NixOS/nixpkgs/5a0e0d73b944157328d54c4ded1cf2f0146a86a5' (2022-07-25) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index c53a3b34..53c05d45 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1658237535, - "narHash": "sha256-z3Ff9oSXEPSZMfXdM+r29oJxtyKUnlUOc18U9E6Q48g=", + "lastModified": 1658777571, + "narHash": "sha256-gJMDUeaRhi47NxtrfFMIejlV5N3Ra2669w16Ndz2Jo0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e732e1fdbf79bec59f7ade4a3675b091b4a9f6d6", + "rev": "f0fa012b649a47e408291e96a15672a4fe925d65", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1658161305, - "narHash": "sha256-X/nhnMCa1Wx4YapsspyAs6QYz6T/85FofrI6NpdPDHg=", + "lastModified": 1658737577, + "narHash": "sha256-xosJ5nJT9HX+b6UWsSX6R+ap4AdZOCrl/r+IKFp2ASQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e4d49de45a3b5dbcb881656b4e3986e666141ea9", + "rev": "5a0e0d73b944157328d54c4ded1cf2f0146a86a5", "type": "github" }, "original": { From 9addf815c9c77f55f91191204514e140b7d84f0d Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 26 Jul 2022 21:27:14 +0200 Subject: [PATCH 272/474] remove unused wireguard --- systems/LoutreOS/services.nix | 22 ---------------------- systems/common-cli.nix | 1 - 2 files changed, 23 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index e94ba67a..376fb3aa 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -541,24 +541,6 @@ in security.pam.services.sshd.text = pkgs.lib.mkDefault( pkgs.lib.mkAfter "session optional ${pkgs.pam}/lib/security/pam_exec.so seteuid ${login_mail_alert}/bin/mail_alert.sh" ); networking = { - wireguard.interfaces = { - wg0 = { - ips = [ "192.168.20.1/24" ]; - privateKeyFile = "/mnt/secrets/wireguard/wg0.privatekey"; - listenPort = 51820; - allowedIPsAsRoutes = true; - peers = [ - { - allowedIPs = [ "192.168.20.2/32" ]; - publicKey = "b/SXiqo+GPdNOc54lyEVeUBc6B5AbVMKh+g5EZPGzlE="; - } - ]; - }; - }; - - nat.internalInterfaces = [ "wg0" ]; - nat.internalIPs = [ "192.168.20.0/24" ]; - firewall.interfaces.eno2.allowedTCPPorts = [ 3260 ]; @@ -571,9 +553,5 @@ in firewall.allowedTCPPortRanges = [ { from = 64000; to = 65535; } # FTP ]; - - firewall.allowedUDPPorts = [ - config.networking.wireguard.interfaces.wg0.listenPort - ]; }; } diff --git a/systems/common-cli.nix b/systems/common-cli.nix index 6d72c561..b0cdf52a 100644 --- a/systems/common-cli.nix +++ b/systems/common-cli.nix @@ -49,7 +49,6 @@ inetutils rclone lftp - wireguard-tools nfs-utils nmap From b9981c707569610652dd8924c5f751cc051d6514 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 26 Jul 2022 21:27:31 +0200 Subject: [PATCH 273/474] fix transmission default downloaddir --- systems/LoutreOS/medias.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index 60193b47..07f3f1ba 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -13,6 +13,7 @@ rpc-whitelist-enabled = false; peer-port = 51413; incomplete-dir = "/mnt/medias/incomplete"; + download-dir = "/mnt/medias/torrent"; }; }; From 0d3a998a66564985e4b043b5f5bc733fa2e240bc Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 3 Aug 2022 00:50:37 +0200 Subject: [PATCH 274/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/f0fa012b649a47e408291e96a15672a4fe925d65' (2022-07-25) → 'github:NixOS/nixpkgs/e43cf1748462c81202a32b26294e9f8eefcc3462' (2022-08-01) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/5a0e0d73b944157328d54c4ded1cf2f0146a86a5' (2022-07-25) → 'github:NixOS/nixpkgs/5857574d45925585baffde730369414319228a84' (2022-07-31) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 53c05d45..fe73bbae 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1658777571, - "narHash": "sha256-gJMDUeaRhi47NxtrfFMIejlV5N3Ra2669w16Ndz2Jo0=", + "lastModified": 1659342832, + "narHash": "sha256-ePnxG4hacRd6oZMk+YeCSYMNUnHCe+qPLI0/+VaTu48=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f0fa012b649a47e408291e96a15672a4fe925d65", + "rev": "e43cf1748462c81202a32b26294e9f8eefcc3462", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1658737577, - "narHash": "sha256-xosJ5nJT9HX+b6UWsSX6R+ap4AdZOCrl/r+IKFp2ASQ=", + "lastModified": 1659305579, + "narHash": "sha256-SFeQTmh7hc9Y2fSkooHaoS8mDfPa04sfmUCtQ8MA6Pg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5a0e0d73b944157328d54c4ded1cf2f0146a86a5", + "rev": "5857574d45925585baffde730369414319228a84", "type": "github" }, "original": { From e074720847f09a66a8689e840b92f723746d85ce Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 22 Aug 2022 23:22:00 +0200 Subject: [PATCH 275/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e43cf1748462c81202a32b26294e9f8eefcc3462' (2022-08-01) → 'github:NixOS/nixpkgs/23534df34c1c499a6c82ce690df06d8c6e4e759d' (2022-08-21) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/5857574d45925585baffde730369414319228a84' (2022-07-31) → 'github:NixOS/nixpkgs/a7855f2235a1876f97473a76151fec2afa02b287' (2022-08-21) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index fe73bbae..3b58bb36 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1659342832, - "narHash": "sha256-ePnxG4hacRd6oZMk+YeCSYMNUnHCe+qPLI0/+VaTu48=", + "lastModified": 1661094678, + "narHash": "sha256-RtaVb6SqfrgCi20gdju1ogS3u1ocyLnhsgolazrCwL0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e43cf1748462c81202a32b26294e9f8eefcc3462", + "rev": "23534df34c1c499a6c82ce690df06d8c6e4e759d", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1659305579, - "narHash": "sha256-SFeQTmh7hc9Y2fSkooHaoS8mDfPa04sfmUCtQ8MA6Pg=", + "lastModified": 1661088761, + "narHash": "sha256-5DGKX81wIPAAiLwUmUYECpA3vop94AHHR7WmGXSsQok=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5857574d45925585baffde730369414319228a84", + "rev": "a7855f2235a1876f97473a76151fec2afa02b287", "type": "github" }, "original": { From 8ba5ff23083294325681d6e48447315883bd2c05 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 23 Aug 2022 19:09:46 +0200 Subject: [PATCH 276/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/23534df34c1c499a6c82ce690df06d8c6e4e759d' (2022-08-21) → 'github:NixOS/nixpkgs/52527082ea267fe486f0648582d57c85486b2031' (2022-08-22) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/a7855f2235a1876f97473a76151fec2afa02b287' (2022-08-21) → 'github:NixOS/nixpkgs/5e804cd8a27f835a402b22e086e36e797716ef8b' (2022-08-23) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 3b58bb36..c63073ce 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1661094678, - "narHash": "sha256-RtaVb6SqfrgCi20gdju1ogS3u1ocyLnhsgolazrCwL0=", + "lastModified": 1661187878, + "narHash": "sha256-/wCqoQB1BsaVi4nb8Iz0PreeBNMTim0p78NLtyWejFE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "23534df34c1c499a6c82ce690df06d8c6e4e759d", + "rev": "52527082ea267fe486f0648582d57c85486b2031", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1661088761, - "narHash": "sha256-5DGKX81wIPAAiLwUmUYECpA3vop94AHHR7WmGXSsQok=", + "lastModified": 1661239211, + "narHash": "sha256-pNJzBlSNpWEiFJZnLF2oETYq8cGWx1DJPW33aMtG6n8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a7855f2235a1876f97473a76151fec2afa02b287", + "rev": "5e804cd8a27f835a402b22e086e36e797716ef8b", "type": "github" }, "original": { From 5af49514f122eacdc2de06586473d00dbefdec36 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 23 Sep 2022 13:38:36 +0200 Subject: [PATCH 277/474] add wordpress website --- systems/LoutreOS/web.nix | 72 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 6b8e9244..1cacd80e 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -61,6 +61,10 @@ in isSystemUser = true; group = config.users.groups.webdav.name; }; + wordpress = { + isSystemUser = true; + group = config.services.nginx.group; + }; }; services = { @@ -78,6 +82,22 @@ in # "pm.max_requests" = 500; # }; # }; + + "wordpress-designyourfuture" = { + user = config.users.users.wordpress.name; + group = config.services.nginx.group; + settings = { + "listen.owner" = config.services.nginx.user; + "pm" = "dynamic"; + "pm.max_children" = 32; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 2; + "pm.max_spare_servers" = 4; + "pm.max_requests" = 500; + }; + }; + + drive = { user = config.users.users.webdav.name; settings = { @@ -295,6 +315,53 @@ in ''; } ]; + "designyourfuture.amandoline-creations.fr" = base { + "/" = { + priority = 200; + extraConfig = '' + try_files $uri $uri/ /index.php$is_args$args; + ''; + }; + "~ \\.php$" = { + priority = 500; + extraConfig = '' + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:${config.services.phpfpm.pools."wordpress-designyourfuture".socket}; + fastcgi_index index.php; + include "${config.services.nginx.package}/conf/fastcgi.conf"; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; + # Mitigate https://httpoxy.org/ vulnerabilities + fastcgi_param HTTP_PROXY ""; + fastcgi_intercept_errors off; + fastcgi_buffer_size 16k; + fastcgi_buffers 4 16k; + fastcgi_connect_timeout 300; + fastcgi_send_timeout 300; + fastcgi_read_timeout 300; + ''; + }; + "~ /\\." = { + priority = 800; + extraConfig = "deny all;"; + }; + "~* /(?:uploads|files)/.*\\.php$" = { + priority = 900; + extraConfig = "deny all;"; + }; + "~* \\.(js|css|png|jpg|jpeg|gif|ico)$" = { + priority = 1000; + extraConfig = '' + expires max; + log_not_found off; + ''; + }; + } // { + root = "/var/www/wordpress-designyourfuture"; + extraConfig = '' + index index.php; + ''; + }; }; }; @@ -324,6 +391,11 @@ in }; python-ci.enable = true; + + mysql = { + enable = true; + package = pkgs.mariadb; + }; }; systemd.services.nginx.serviceConfig = { From 28fa70ef0faf6109e091e1514bce91fc48547df3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 10 Oct 2022 21:55:24 +0200 Subject: [PATCH 278/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/52527082ea267fe486f0648582d57c85486b2031' (2022-08-22) → 'github:NixOS/nixpkgs/9ecc270f02b09b2f6a76b98488554dd842797357' (2022-10-07) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/5e804cd8a27f835a402b22e086e36e797716ef8b' (2022-08-23) → 'github:NixOS/nixpkgs/c5924154f000e6306030300592f4282949b2db6c' (2022-10-08) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index c63073ce..dab8d99b 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1661187878, - "narHash": "sha256-/wCqoQB1BsaVi4nb8Iz0PreeBNMTim0p78NLtyWejFE=", + "lastModified": 1665132027, + "narHash": "sha256-zoHPqSQSENt96zTk6Mt1AP+dMNqQDshXKQ4I6MfjP80=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "52527082ea267fe486f0648582d57c85486b2031", + "rev": "9ecc270f02b09b2f6a76b98488554dd842797357", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1661239211, - "narHash": "sha256-pNJzBlSNpWEiFJZnLF2oETYq8cGWx1DJPW33aMtG6n8=", + "lastModified": 1665259268, + "narHash": "sha256-ONFhHBLv5nZKhwV/F2GOH16197PbvpyWhoO0AOyktkU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5e804cd8a27f835a402b22e086e36e797716ef8b", + "rev": "c5924154f000e6306030300592f4282949b2db6c", "type": "github" }, "original": { From 41f1843e598b988e5a2c9e2f675c141b6ce2f83e Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 10 Oct 2022 22:25:14 +0200 Subject: [PATCH 279/474] fix changed options --- systems/PC-Fixe/configuration.nix | 2 +- systems/PC-Fixe/hardware-configuration.nix | 2 +- systems/common-gui.nix | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 4710a838..eaacc770 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -12,7 +12,7 @@ ../common-gui.nix ]; - nix.trustedUsers = [ "root" "paul" ]; + nix.settings.trusted-users = [ "root" "paul" ]; boot.loader.efi.canTouchEfiVariables = true; boot.loader.grub = { diff --git a/systems/PC-Fixe/hardware-configuration.nix b/systems/PC-Fixe/hardware-configuration.nix index 5d505050..1547b63d 100644 --- a/systems/PC-Fixe/hardware-configuration.nix +++ b/systems/PC-Fixe/hardware-configuration.nix @@ -50,6 +50,6 @@ swapDevices = [ ]; - nix.maxJobs = lib.mkDefault 12; + nix.settings.max-jobs = lib.mkDefault 12; powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; } diff --git a/systems/common-gui.nix b/systems/common-gui.nix index dd00f945..216a765e 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -39,7 +39,7 @@ ark kate kmail - kdeconnect + plasma5Packages.kdeconnect-kde okular yakuake konversation From ef246753b871c39d0a35ad5308e0bc4b0ee74d77 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 10 Oct 2022 23:05:21 +0200 Subject: [PATCH 280/474] increase influxdb startup timeout --- systems/LoutreOS/monitoring.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systems/LoutreOS/monitoring.nix b/systems/LoutreOS/monitoring.nix index a2120f0c..99100687 100644 --- a/systems/LoutreOS/monitoring.nix +++ b/systems/LoutreOS/monitoring.nix @@ -108,6 +108,10 @@ in }; }; + systemd.services.influxdb.serviceConfig = { + TimeoutStartSec = "10min"; + }; + security.sudo.extraRules = [ { commands = [ { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } ]; users = [ "telegraf" ]; } ]; From 4572c8c81b9b0d7c8df2af2286258b6b1cfde65f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 14 Oct 2022 14:12:40 +0200 Subject: [PATCH 281/474] fix home assistant --- systems/LoutreOS/services.nix | 651 +++++++++++++++++----------------- 1 file changed, 328 insertions(+), 323 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 376fb3aa..bab9d549 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -174,31 +174,35 @@ in home-assistant = { enable = true; + extraComponents = [ + # Components required to complete the onboarding + "met" + "radio_browser" + ]; config = { + default_config = {}; homeassistant = { - elevation = 143; + latitude = 48.60038; + longitude = 7.74063; + elevation = 146; }; - influxdb = null; - config = null; - dhcp = null; - frontend = null; - history = null; + meteo_france = null; + #influxdb = null; + #config = null; + #dhcp = null; + #frontend = null; + #history = null; http = { use_x_forwarded_for = true; trusted_proxies = [ "127.0.0.1" ]; }; - logbook = null; - map = null; - mobile_app = null; - person = null; - script = null; - sun = null; - system_health = null; - yeelight.devices = { - "10.40.249.0".name = "Chambre"; - "10.40.249.1".name = "Bureau"; - "10.40.249.2".name = "Cuisine"; - }; + #logbook = null; + #map = null; + #mobile_app = null; + #person = null; + #script = null; + #sun = null; + #system_health = null; zha = null; esphome = null; light = [ @@ -206,8 +210,9 @@ in platform = "group"; name = "Salon"; entities = [ - "light.bureau" - "light.cuisine" + "light.ikea_of_sweden_tradfri_bulb_e27_cws_806lm_e69e6dfe_level_light_color_on_off" + "light.ikea_of_sweden_tradfri_bulb_e27_cws_806lm_43c25efe_level_light_color_on_off" + "light.ikea_of_sweden_tradfri_bulb_e27_cws_806lm_3d0f76fe_level_light_color_on_off" ]; } ]; @@ -217,317 +222,317 @@ in host = "10.30.0.1"; } ]; - tplink.switch = [ - { host = "10.30.50.7"; } - ]; - sensor = [ - { - platform = "template"; - sensors = { - serveur_amps = { - friendly_name_template = "{{ states.switch.serveur.name}} Current"; - value_template = ''{{ states.switch.serveur.attributes["current_a"] | float }}''; - unit_of_measurement = "A"; - }; - serveur_watts = { - friendly_name_template = "{{ states.switch.serveur.name}} Current Consumption"; - value_template = ''{{ states.switch.serveur.attributes["current_power_w"] | float }}''; - unit_of_measurement = "W"; - }; - serveur_total_kwh = { - friendly_name_template = "{{ states.switch.serveur.name}} Total Consumption"; - value_template = ''{{ states.switch.serveur.attributes["total_energy_kwh"] | float }}''; - unit_of_measurement = "kWh"; - }; - serveur_volts = { - friendly_name_template = "{{ states.switch.serveur.name}} Voltage"; - value_template = ''{{ states.switch.serveur.attributes["voltage"] | float }}''; - unit_of_measurement = "V"; - }; - serveur_today_kwh = { - friendly_name_template = "{{ states.switch.serveur.name}} Today's Consumption"; - value_template = ''{{ states.switch.serveur.attributes["today_energy_kwh"] | float }}''; - unit_of_measurement = "kWh"; - }; - }; - } - ]; - switch = [ - { - platform = "wake_on_lan"; - name = "PC Fixe"; - mac = "b4:2e:99:ed:24:26"; - host = "10.30.135.71"; - broadcast_address = "10.30.255.255"; - } - ]; - device_tracker = [ - { - platform = "ping"; - hosts = { telephone_paul = "10.30.50.2"; }; - } - ]; - scene = [ - { - name = "Movie"; - icon = "mdi:movie-open"; - entities = { - "light.salon" = { - state = "on"; - xy_color = [0.299 0.115]; - brightness = 50; - }; - "light.bande_led_tv" = { - state = "on"; - effect = "Movie"; - brightness = 180; - }; - "light.bande_led_bureau" = { - state = "on"; - xy_color = [0.299 0.115]; - brightness = 130; - }; - }; - } - { - name = "Home"; - icon = "mdi:home"; - entities = { - "light.salon" = { - state = "on"; - kelvin = 2700; - brightness = 255; - }; - }; - } - { - name = "Night"; - icon = "mdi:weather-night"; - entities = { - "light.salon" = { - state = "off"; - }; - "light.bande_led_tv" = { - state = "off"; - }; - "light.bande_led_bureau" = { - state = "off"; - }; - "light.chambre" = { - state = "on"; - kelvin = 1900; - brightness = 50; - }; - }; - } - ]; - automation = let - min_sun_elevation = 4; + #tplink.switch = [ + # { host = "10.30.50.7"; } + #]; + #sensor = [ + # { + # platform = "template"; + # sensors = { + # serveur_amps = { + # friendly_name_template = "{{ states.switch.serveur.name}} Current"; + # value_template = ''{{ states.switch.serveur.attributes["current_a"] | float }}''; + # unit_of_measurement = "A"; + # }; + # serveur_watts = { + # friendly_name_template = "{{ states.switch.serveur.name}} Current Consumption"; + # value_template = ''{{ states.switch.serveur.attributes["current_power_w"] | float }}''; + # unit_of_measurement = "W"; + # }; + # serveur_total_kwh = { + # friendly_name_template = "{{ states.switch.serveur.name}} Total Consumption"; + # value_template = ''{{ states.switch.serveur.attributes["total_energy_kwh"] | float }}''; + # unit_of_measurement = "kWh"; + # }; + # serveur_volts = { + # friendly_name_template = "{{ states.switch.serveur.name}} Voltage"; + # value_template = ''{{ states.switch.serveur.attributes["voltage"] | float }}''; + # unit_of_measurement = "V"; + # }; + # serveur_today_kwh = { + # friendly_name_template = "{{ states.switch.serveur.name}} Today's Consumption"; + # value_template = ''{{ states.switch.serveur.attributes["today_energy_kwh"] | float }}''; + # unit_of_measurement = "kWh"; + # }; + # }; + # } + #]; + #switch = [ + # { + # platform = "wake_on_lan"; + # name = "PC Fixe"; + # mac = "b4:2e:99:ed:24:26"; + # host = "10.30.135.71"; + # broadcast_address = "10.30.255.255"; + # } + #]; + #device_tracker = [ + # { + # platform = "ping"; + # hosts = { telephone_paul = "10.30.50.2"; }; + # } + #]; + #scene = [ + # { + # name = "Movie"; + # icon = "mdi:movie-open"; + # entities = { + # "light.salon" = { + # state = "on"; + # xy_color = [0.299 0.115]; + # brightness = 50; + # }; + # "light.bande_led_tv" = { + # state = "on"; + # effect = "Movie"; + # brightness = 180; + # }; + # "light.bande_led_bureau" = { + # state = "on"; + # xy_color = [0.299 0.115]; + # brightness = 130; + # }; + # }; + # } + # { + # name = "Home"; + # icon = "mdi:home"; + # entities = { + # "light.salon" = { + # state = "on"; + # kelvin = 2700; + # brightness = 255; + # }; + # }; + # } + # { + # name = "Night"; + # icon = "mdi:weather-night"; + # entities = { + # "light.salon" = { + # state = "off"; + # }; + # "light.bande_led_tv" = { + # state = "off"; + # }; + # "light.bande_led_bureau" = { + # state = "off"; + # }; + # "light.chambre" = { + # state = "on"; + # kelvin = 1900; + # brightness = 50; + # }; + # }; + # } + #]; + #automation = let + # min_sun_elevation = 4; - switch_chambre = { - domain = "zha"; - platform = "device"; - device_id = "3329ecdcad244e5e8fc0f4b96d52ffe1"; - }; + # switch_chambre = { + # domain = "zha"; + # platform = "device"; + # device_id = "3329ecdcad244e5e8fc0f4b96d52ffe1"; + # }; - switch_entree = { - domain = "zha"; - platform = "device"; - device_id = "7cd814190ec543dba76a7aa7e7996c41"; - }; + # switch_entree = { + # domain = "zha"; + # platform = "device"; + # device_id = "7cd814190ec543dba76a7aa7e7996c41"; + # }; - remote = { - domain = "zha"; - platform = "device"; - device_id = "d1230b76264e483388a8fdaad4f44143"; - }; - in [ - # ENTREE + # remote = { + # domain = "zha"; + # platform = "device"; + # device_id = "d1230b76264e483388a8fdaad4f44143"; + # }; + #in [ + # # ENTREE - { - alias = "Aziz lumière"; - trigger = [ - { - platform = "numeric_state"; - entity_id = "sun.sun"; - value_template = "{{ state.attributes.elevation }}"; - below = min_sun_elevation; - } - ]; - condition = [ - { - condition = "state"; - entity_id = "person.paul"; - state = "home"; - } - # Sun below max elevation - { - condition = "template"; - value_template = "{{ state_attr('sun.sun', 'elevation') < ${toString min_sun_elevation} }}"; - } - ]; - action = { - scene = "scene.home"; - }; - } - { - alias = "Aziz lumière switch"; - trigger = { - type = "remote_button_short_press"; - subtype = "turn_on"; - } // switch_entree; - action = { - scene = "scene.home"; - }; - } - { - alias = "Adios"; - trigger = [ - { - platform = "state"; - entity_id = "person.paul"; - to = "not_home"; - } - ({ - type = "remote_button_short_press"; - subtype = "turn_off"; - } // switch_entree) - ]; - action = [ - { - service = "light.turn_off"; - entity_id = "all"; - } - { - service = "media_player.turn_off"; - entity_id = "all"; - } - ]; - } + # { + # alias = "Aziz lumière"; + # trigger = [ + # { + # platform = "numeric_state"; + # entity_id = "sun.sun"; + # value_template = "{{ state.attributes.elevation }}"; + # below = min_sun_elevation; + # } + # ]; + # condition = [ + # { + # condition = "state"; + # entity_id = "person.paul"; + # state = "home"; + # } + # # Sun below max elevation + # { + # condition = "template"; + # value_template = "{{ state_attr('sun.sun', 'elevation') < ${toString min_sun_elevation} }}"; + # } + # ]; + # action = { + # scene = "scene.home"; + # }; + # } + # { + # alias = "Aziz lumière switch"; + # trigger = { + # type = "remote_button_short_press"; + # subtype = "turn_on"; + # } // switch_entree; + # action = { + # scene = "scene.home"; + # }; + # } + # { + # alias = "Adios"; + # trigger = [ + # { + # platform = "state"; + # entity_id = "person.paul"; + # to = "not_home"; + # } + # ({ + # type = "remote_button_short_press"; + # subtype = "turn_off"; + # } // switch_entree) + # ]; + # action = [ + # { + # service = "light.turn_off"; + # entity_id = "all"; + # } + # { + # service = "media_player.turn_off"; + # entity_id = "all"; + # } + # ]; + # } - # REMOTE + # # REMOTE - { - alias = "Button toggle"; - trigger = { - type = "remote_button_short_press"; - subtype = "turn_on"; - } // remote; - action = { - choose = { - conditions = { - condition = "template"; - value_template = '' - {% set domain = 'light' %} - {% set state = 'off' %} - {{ states[domain] | count == states[domain] | selectattr('state','eq',state) | list | count }} - ''; - }; - sequence = { - scene = "scene.home"; - }; - }; - default = { - service = "light.turn_off"; - entity_id = "all"; - }; - }; - } - { - alias = "Button scene movie"; - trigger = { - type = "remote_button_short_press"; - subtype = "right"; - } // remote; - action = { - scene = "scene.movie"; - }; - } - { - alias = "Button scene home"; - trigger = { - type = "remote_button_short_press"; - subtype = "left"; - } // remote; - action = { - scene = "scene.home"; - }; - } - { - alias = "Button light up"; - trigger = { - type = "remote_button_short_press"; - subtype = "dim_up"; - } // remote; - action = { - service = "light.turn_on"; - entity_id = "light.salon"; - data = { - brightness_step = 25; - }; - }; - } - { - alias = "Button light down"; - trigger = { - type = "remote_button_short_press"; - subtype = "dim_down"; - } // remote; - action = { - service = "light.turn_on"; - entity_id = "light.salon"; - data = { - brightness_step = -25; - }; - }; - } + # { + # alias = "Button toggle"; + # trigger = { + # type = "remote_button_short_press"; + # subtype = "turn_on"; + # } // remote; + # action = { + # choose = { + # conditions = { + # condition = "template"; + # value_template = '' + # {% set domain = 'light' %} + # {% set state = 'off' %} + # {{ states[domain] | count == states[domain] | selectattr('state','eq',state) | list | count }} + # ''; + # }; + # sequence = { + # scene = "scene.home"; + # }; + # }; + # default = { + # service = "light.turn_off"; + # entity_id = "all"; + # }; + # }; + # } + # { + # alias = "Button scene movie"; + # trigger = { + # type = "remote_button_short_press"; + # subtype = "right"; + # } // remote; + # action = { + # scene = "scene.movie"; + # }; + # } + # { + # alias = "Button scene home"; + # trigger = { + # type = "remote_button_short_press"; + # subtype = "left"; + # } // remote; + # action = { + # scene = "scene.home"; + # }; + # } + # { + # alias = "Button light up"; + # trigger = { + # type = "remote_button_short_press"; + # subtype = "dim_up"; + # } // remote; + # action = { + # service = "light.turn_on"; + # entity_id = "light.salon"; + # data = { + # brightness_step = 25; + # }; + # }; + # } + # { + # alias = "Button light down"; + # trigger = { + # type = "remote_button_short_press"; + # subtype = "dim_down"; + # } // remote; + # action = { + # service = "light.turn_on"; + # entity_id = "light.salon"; + # data = { + # brightness_step = -25; + # }; + # }; + # } - # CHAMBRE + # # CHAMBRE - { - alias = "Button scene night"; - trigger = { - type = "remote_button_short_press"; - subtype = "turn_on"; - } // switch_chambre; - action = { - scene = "scene.night"; - }; - } - { - alias = "Button scene dodo"; - trigger = { - type = "remote_button_short_press"; - subtype = "turn_off"; - } // switch_chambre; - action = { - service = "light.turn_off"; - entity_id = "all"; - }; - } - { - alias = "Button scene lumière chambre ON"; - trigger = { - type = "remote_button_long_press"; - subtype = "dim_up"; - } // switch_chambre; - action = { - service = "light.turn_on"; - entity_id = "light.chambre"; - }; - } - { - alias = "Button scene lumière chambre OFF"; - trigger = { - type = "remote_button_long_press"; - subtype = "dim_down"; - } // switch_chambre; - action = { - service = "light.turn_off"; - entity_id = "light.chambre"; - }; - } - ]; + # { + # alias = "Button scene night"; + # trigger = { + # type = "remote_button_short_press"; + # subtype = "turn_on"; + # } // switch_chambre; + # action = { + # scene = "scene.night"; + # }; + # } + # { + # alias = "Button scene dodo"; + # trigger = { + # type = "remote_button_short_press"; + # subtype = "turn_off"; + # } // switch_chambre; + # action = { + # service = "light.turn_off"; + # entity_id = "all"; + # }; + # } + # { + # alias = "Button scene lumière chambre ON"; + # trigger = { + # type = "remote_button_long_press"; + # subtype = "dim_up"; + # } // switch_chambre; + # action = { + # service = "light.turn_on"; + # entity_id = "light.chambre"; + # }; + # } + # { + # alias = "Button scene lumière chambre OFF"; + # trigger = { + # type = "remote_button_long_press"; + # subtype = "dim_down"; + # } // switch_chambre; + # action = { + # service = "light.turn_off"; + # entity_id = "light.chambre"; + # }; + # } + #]; }; }; }; From dbaa468f36801a91b6912814d0a0d34ecd46a941 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 14 Oct 2022 14:13:12 +0200 Subject: [PATCH 282/474] amandoleene-designyourfuture: wordpress to static website --- systems/LoutreOS/web.nix | 135 ++++++++++++++++++++------------------- 1 file changed, 68 insertions(+), 67 deletions(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 1cacd80e..9731dae6 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -61,10 +61,10 @@ in isSystemUser = true; group = config.users.groups.webdav.name; }; - wordpress = { - isSystemUser = true; - group = config.services.nginx.group; - }; + # wordpress = { + # isSystemUser = true; + # group = config.services.nginx.group; + # }; }; services = { @@ -83,19 +83,19 @@ in # }; # }; - "wordpress-designyourfuture" = { - user = config.users.users.wordpress.name; - group = config.services.nginx.group; - settings = { - "listen.owner" = config.services.nginx.user; - "pm" = "dynamic"; - "pm.max_children" = 32; - "pm.start_servers" = 2; - "pm.min_spare_servers" = 2; - "pm.max_spare_servers" = 4; - "pm.max_requests" = 500; - }; - }; + # "wordpress-designyourfuture" = { + # user = config.users.users.wordpress.name; + # group = config.services.nginx.group; + # settings = { + # "listen.owner" = config.services.nginx.user; + # "pm" = "dynamic"; + # "pm.max_children" = 32; + # "pm.start_servers" = 2; + # "pm.min_spare_servers" = 2; + # "pm.max_spare_servers" = 4; + # "pm.max_requests" = 500; + # }; + # }; drive = { @@ -316,52 +316,53 @@ in } ]; "designyourfuture.amandoline-creations.fr" = base { - "/" = { - priority = 200; - extraConfig = '' - try_files $uri $uri/ /index.php$is_args$args; - ''; - }; - "~ \\.php$" = { - priority = 500; - extraConfig = '' - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass unix:${config.services.phpfpm.pools."wordpress-designyourfuture".socket}; - fastcgi_index index.php; - include "${config.services.nginx.package}/conf/fastcgi.conf"; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; - # Mitigate https://httpoxy.org/ vulnerabilities - fastcgi_param HTTP_PROXY ""; - fastcgi_intercept_errors off; - fastcgi_buffer_size 16k; - fastcgi_buffers 4 16k; - fastcgi_connect_timeout 300; - fastcgi_send_timeout 300; - fastcgi_read_timeout 300; - ''; - }; - "~ /\\." = { - priority = 800; - extraConfig = "deny all;"; - }; - "~* /(?:uploads|files)/.*\\.php$" = { - priority = 900; - extraConfig = "deny all;"; - }; - "~* \\.(js|css|png|jpg|jpeg|gif|ico)$" = { - priority = 1000; - extraConfig = '' - expires max; - log_not_found off; - ''; - }; - } // { - root = "/var/www/wordpress-designyourfuture"; - extraConfig = '' - index index.php; - ''; - }; + "/".alias = "/var/www/amandoleene-designyourfuture/"; + # "/" = { + # priority = 200; + # extraConfig = '' + # try_files $uri $uri/ /index.php$is_args$args; + # ''; + # }; + # "~ \\.php$" = { + # priority = 500; + # extraConfig = '' + # fastcgi_split_path_info ^(.+\.php)(/.+)$; + # fastcgi_pass unix:${config.services.phpfpm.pools."wordpress-designyourfuture".socket}; + # fastcgi_index index.php; + # include "${config.services.nginx.package}/conf/fastcgi.conf"; + # fastcgi_param PATH_INFO $fastcgi_path_info; + # fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; + # # Mitigate https://httpoxy.org/ vulnerabilities + # fastcgi_param HTTP_PROXY ""; + # fastcgi_intercept_errors off; + # fastcgi_buffer_size 16k; + # fastcgi_buffers 4 16k; + # fastcgi_connect_timeout 300; + # fastcgi_send_timeout 300; + # fastcgi_read_timeout 300; + # ''; + # }; + # "~ /\\." = { + # priority = 800; + # extraConfig = "deny all;"; + # }; + # "~* /(?:uploads|files)/.*\\.php$" = { + # priority = 900; + # extraConfig = "deny all;"; + # }; + # "~* \\.(js|css|png|jpg|jpeg|gif|ico)$" = { + # priority = 1000; + # extraConfig = '' + # expires max; + # log_not_found off; + # ''; + # }; + } // { + # root = "/var/www/wordpress-designyourfuture"; + # extraConfig = '' + # index index.php; + # ''; + }; }; }; @@ -392,10 +393,10 @@ in python-ci.enable = true; - mysql = { - enable = true; - package = pkgs.mariadb; - }; + # mysql = { + # enable = true; + # package = pkgs.mariadb; + # }; }; systemd.services.nginx.serviceConfig = { From 721e1be1f75c6fc71af31c8fedd82d4dda011bd4 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 14 Oct 2022 14:14:10 +0200 Subject: [PATCH 283/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/9ecc270f02b09b2f6a76b98488554dd842797357' (2022-10-07) → 'github:NixOS/nixpkgs/e06bd4b64bbfda91d74f13cb5eca89485d47528f' (2022-10-12) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/c5924154f000e6306030300592f4282949b2db6c' (2022-10-08) → 'github:NixOS/nixpkgs/ba187fbdc5e35322c7dff556ef2c47bddfd6e8d7' (2022-10-13) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index dab8d99b..2e96fb64 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1665132027, - "narHash": "sha256-zoHPqSQSENt96zTk6Mt1AP+dMNqQDshXKQ4I6MfjP80=", + "lastModified": 1665613119, + "narHash": "sha256-VTutbv5YKeBGWou6ladtgfx11h6et+Wlkdyh4jPJ3p0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9ecc270f02b09b2f6a76b98488554dd842797357", + "rev": "e06bd4b64bbfda91d74f13cb5eca89485d47528f", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1665259268, - "narHash": "sha256-ONFhHBLv5nZKhwV/F2GOH16197PbvpyWhoO0AOyktkU=", + "lastModified": 1665643254, + "narHash": "sha256-IBVWNJxGCsshwh62eRfR6+ry3bSXmulB3VQRzLQo3hk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c5924154f000e6306030300592f4282949b2db6c", + "rev": "ba187fbdc5e35322c7dff556ef2c47bddfd6e8d7", "type": "github" }, "original": { From aba13fd530145213184ddfd50795b2a8615e15e1 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 14 Oct 2022 14:54:22 +0200 Subject: [PATCH 284/474] essai de configuration de l'IPV6 Bouygues --- systems/LoutreOS/configuration.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 28e111cf..9cf6d067 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -117,7 +117,15 @@ systemd.network.networks = { "40-bouygues" = { dhcpV4Config.RouteMetric = 1; - networkConfig.KeepConfiguration = "dhcp-on-stop"; + dhcpV6Config = { + DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68"; + WithoutRA = "solicit"; + }; + ipv6AcceptRAConfig.DHCPv6Client = "yes"; + networkConfig = { + KeepConfiguration = "dhcp-on-stop"; + IPv6AcceptRA = "yes"; + }; }; "40-enp0s21u2".dhcpV4Config.RouteMetric = 1024; }; From 9157a591356ef797dacc67de1ab21e634d5ef0af Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 14 Oct 2022 14:54:48 +0200 Subject: [PATCH 285/474] jackett version unstable --- systems/LoutreOS/medias.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index 07f3f1ba..96b06ee0 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -19,7 +19,10 @@ radarr.enable = true; sonarr.enable = true; - jackett.enable = true; + jackett = { + enable = true; + package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.jackett; + }; jellyfin = { enable = true; From 2848cd75472af25c69062ae91e634fdeea4eb2df Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 19 Nov 2022 14:53:49 +0100 Subject: [PATCH 286/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e06bd4b64bbfda91d74f13cb5eca89485d47528f' (2022-10-12) → 'github:NixOS/nixpkgs/f42a45c015f28ac3beeb0df360e50cdbf495d44b' (2022-11-18) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/ba187fbdc5e35322c7dff556ef2c47bddfd6e8d7' (2022-10-13) → 'github:NixOS/nixpkgs/52b2ac8ae18bbad4374ff0dd5aeee0fdf1aea739' (2022-11-18) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 2e96fb64..d29b83a0 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1665613119, - "narHash": "sha256-VTutbv5YKeBGWou6ladtgfx11h6et+Wlkdyh4jPJ3p0=", + "lastModified": 1668766498, + "narHash": "sha256-UjZlIrbHGlL3H3HZNPTxPSwJfr49jIfbPWCYxk0EQm4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e06bd4b64bbfda91d74f13cb5eca89485d47528f", + "rev": "f42a45c015f28ac3beeb0df360e50cdbf495d44b", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1665643254, - "narHash": "sha256-IBVWNJxGCsshwh62eRfR6+ry3bSXmulB3VQRzLQo3hk=", + "lastModified": 1668765800, + "narHash": "sha256-rC40+/W6Hio7b/RsY8SvQPKNx4WqNcTgfYv8cUMAvJk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ba187fbdc5e35322c7dff556ef2c47bddfd6e8d7", + "rev": "52b2ac8ae18bbad4374ff0dd5aeee0fdf1aea739", "type": "github" }, "original": { From 82c3e1243f3e7fd5332853223bf61e8dcb6ac499 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 29 Nov 2022 21:10:45 +0100 Subject: [PATCH 287/474] add esphome --- systems/PC-Fixe/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index eaacc770..282adbae 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -96,6 +96,7 @@ environment.systemPackages = with pkgs; [ usb-modeswitch + esphome ]; programs.wireshark.enable = true; From 8f36dda4e841b8f56ae3d2aa4b9cf494acd58c9b Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 29 Nov 2022 21:11:37 +0100 Subject: [PATCH 288/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/f42a45c015f28ac3beeb0df360e50cdbf495d44b' (2022-11-18) → 'github:NixOS/nixpkgs/fecf05d4861f3985e8dee73f08bc82668ef75125' (2022-11-27) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/52b2ac8ae18bbad4374ff0dd5aeee0fdf1aea739' (2022-11-18) → 'github:NixOS/nixpkgs/a115bb9bd56831941be3776c8a94005867f316a7' (2022-11-27) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index d29b83a0..2a9066c8 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1668766498, - "narHash": "sha256-UjZlIrbHGlL3H3HZNPTxPSwJfr49jIfbPWCYxk0EQm4=", + "lastModified": 1669546925, + "narHash": "sha256-Gvtk9agz88tBgqmCdHl5U7gYttTkiuEd8/Rq1Im0pTg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f42a45c015f28ac3beeb0df360e50cdbf495d44b", + "rev": "fecf05d4861f3985e8dee73f08bc82668ef75125", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1668765800, - "narHash": "sha256-rC40+/W6Hio7b/RsY8SvQPKNx4WqNcTgfYv8cUMAvJk=", + "lastModified": 1669542132, + "narHash": "sha256-DRlg++NJAwPh8io3ExBJdNW7Djs3plVI5jgYQ+iXAZQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "52b2ac8ae18bbad4374ff0dd5aeee0fdf1aea739", + "rev": "a115bb9bd56831941be3776c8a94005867f316a7", "type": "github" }, "original": { From 3b4f25ead8fc33d11fc627e61f2a13719fb4c600 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 29 Nov 2022 21:45:48 +0100 Subject: [PATCH 289/474] fix postgres backup --- systems/LoutreOS/services.nix | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index bab9d549..517e54c8 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -119,8 +119,7 @@ in "/var/lib/gitea" "/var/lib/grafana" "/var/lib/jackett" - "/var/lib/matrix-synapse" - "/var/lib/postgresql/.zfs/snapshot/borgsnap" + "/mnt/borgsnap/postgresql" "/var/lib/radarr" "/var/lib/sonarr" "/var/lib/transmission" @@ -130,6 +129,7 @@ in "/mnt/paul-home/paul" "/var/sieve" "/var/vmail" + "/mnt/backup_loutre/amandoleen" ]; exclude = [ "/var/lib/radarr/.config/Radarr/radarr.db-wal" @@ -147,9 +147,14 @@ in weekly = 4; monthly = 12; }; - preHook = "${pkgs.zfs}/bin/zfs snapshot loutrepool/var/postgresql@borgsnap"; + preHook = '' + ${pkgs.zfs}/bin/zfs snapshot loutrepool/var/postgresql@borgsnap + mkdir -p /mnt/borgsnap/postgresql + ${config.security.wrapperDir}/mount -t zfs loutrepool/var/postgresql@borgsnap /mnt/borgsnap/postgresql + ''; readWritePaths = [ "/var/lib/postfix/queue/maildrop" ]; postHook = '' + ${config.security.wrapperDir}/umount /mnt/borgsnap/postgresql ${pkgs.zfs}/bin/zfs destroy loutrepool/var/postgresql@borgsnap ''; }; @@ -537,6 +542,8 @@ in }; }; + systemd.services."borgbackup-job-loutre".serviceConfig.TemporaryFileSystem = ["/mnt/borgsnap"]; + dogetipbot-telegram.enable = true; ipmihddtemp.enable = true; From 7ea868668549c89c659db7c7c09571281157851b Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 29 Nov 2022 21:53:24 +0100 Subject: [PATCH 290/474] LoutreOS: backup more --- systems/LoutreOS/services.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 517e54c8..4d496d74 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -123,6 +123,10 @@ in "/var/lib/radarr" "/var/lib/sonarr" "/var/lib/transmission" + "/var/lib/airsonic" + "/var/lib/hass" + "/var/lib/opendkim" + "/var/lib/slimserver" "/mnt/medias/musique" "/mnt/medias/torrent/lidarr" "/mnt/medias/torrent/musique" @@ -130,6 +134,7 @@ in "/var/sieve" "/var/vmail" "/mnt/backup_loutre/amandoleen" + "/mnt/secrets" ]; exclude = [ "/var/lib/radarr/.config/Radarr/radarr.db-wal" From 17d985a56cd01ddb7372b200209f46ccc49dcab2 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 29 Dec 2022 15:37:00 +0100 Subject: [PATCH 291/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/fecf05d4861f3985e8dee73f08bc82668ef75125' (2022-11-27) → 'github:NixOS/nixpkgs/dac57a4eccf1442e8bf4030df6fcbb55883cb682' (2022-12-24) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/a115bb9bd56831941be3776c8a94005867f316a7' (2022-11-27) → 'github:NixOS/nixpkgs/e182da8622a354d44c39b3d7a542dc12cd7baa5f' (2022-12-28) • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/f535d8123c4761b2ed8138f3d202ea710a334a1d' (2022-06-22) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/bc667fb6afc45f6cc2d118ab77658faf2227cffd' (2022-12-21) • Removed input 'simple-nixos-mailserver/nixpkgs-22_05' • Added input 'simple-nixos-mailserver/nixpkgs-22_11': 'github:NixOS/nixpkgs/ce5fe99df1f15a09a91a86be9738d68fadfbad82' (2022-11-27) --- flake.lock | 41 +++++++++++++++++++++++++++-------------- 1 file changed, 27 insertions(+), 14 deletions(-) diff --git a/flake.lock b/flake.lock index 2a9066c8..f26b072e 100644 --- a/flake.lock +++ b/flake.lock @@ -75,26 +75,41 @@ }, "nixpkgs": { "locked": { - "lastModified": 1669546925, - "narHash": "sha256-Gvtk9agz88tBgqmCdHl5U7gYttTkiuEd8/Rq1Im0pTg=", + "lastModified": 1671883564, + "narHash": "sha256-C15oAtyupmLB3coZY7qzEHXjhtUx/+77olVdqVMruAg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fecf05d4861f3985e8dee73f08bc82668ef75125", + "rev": "dac57a4eccf1442e8bf4030df6fcbb55883cb682", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-22.05", + "ref": "nixos-22.11", + "type": "indirect" + } + }, + "nixpkgs-22_11": { + "locked": { + "lastModified": 1669558522, + "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.11", "type": "indirect" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1669542132, - "narHash": "sha256-DRlg++NJAwPh8io3ExBJdNW7Djs3plVI5jgYQ+iXAZQ=", + "lastModified": 1672262501, + "narHash": "sha256-ZNXqX9lwYo1tOFAqrVtKTLcJ2QMKCr3WuIvpN8emp7I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a115bb9bd56831941be3776c8a94005867f316a7", + "rev": "e182da8622a354d44c39b3d7a542dc12cd7baa5f", "type": "github" }, "original": { @@ -119,22 +134,20 @@ "nixpkgs": [ "nixpkgs-unstable" ], - "nixpkgs-22_05": [ - "nixpkgs" - ], + "nixpkgs-22_11": "nixpkgs-22_11", "utils": "utils" }, "locked": { - "lastModified": 1655930346, - "narHash": "sha256-ht56HHOzEhjeIgAv5ZNFjSVX/in1YlUs0HG9c1EUXTM=", + "lastModified": 1671659164, + "narHash": "sha256-DbpT+v1POwFOInbrDL+vMbYV3mVbTkMxmJ5j50QnOcA=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "f535d8123c4761b2ed8138f3d202ea710a334a1d", + "rev": "bc667fb6afc45f6cc2d118ab77658faf2227cffd", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-22.05", + "ref": "nixos-22.11", "repo": "nixos-mailserver", "type": "gitlab" } From 5ce6087b57800aca90ee8babf456e76d5fe55a1f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 30 Dec 2022 15:08:20 +0100 Subject: [PATCH 292/474] update LoutreOS to 22.11 --- flake.lock | 22 +++++++++------ flake.nix | 12 ++++---- services/python-ci.nix | 2 +- systems/LoutreOS/configuration.nix | 2 +- systems/LoutreOS/hardware-configuration.nix | 2 +- systems/LoutreOS/monitoring.nix | 31 +++++++++++++-------- systems/LoutreOS/web.nix | 10 ++++--- systems/common-cli.nix | 5 ++-- 8 files changed, 52 insertions(+), 34 deletions(-) diff --git a/flake.lock b/flake.lock index f26b072e..8f5449d7 100644 --- a/flake.lock +++ b/flake.lock @@ -88,19 +88,20 @@ "type": "indirect" } }, - "nixpkgs-22_11": { + "nixpkgs-photoprism": { "locked": { - "lastModified": 1669558522, - "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", - "owner": "NixOS", + "lastModified": 1671922246, + "narHash": "sha256-Xh/pWG2mdheCtJZFmuuZIsvR9PVgs15Rn6yt/G1lINc=", + "owner": "Stunkymonkey", "repo": "nixpkgs", - "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", + "rev": "6805f176fcc4b3673f23df5ee67caccc24bfba8c", "type": "github" }, "original": { - "id": "nixpkgs", - "ref": "nixos-22.11", - "type": "indirect" + "owner": "Stunkymonkey", + "ref": "photoprism-module-init", + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs-unstable": { @@ -123,6 +124,7 @@ "dogetipbot-telegram": "dogetipbot-telegram", "ipmihddtemp": "ipmihddtemp", "nixpkgs": "nixpkgs", + "nixpkgs-photoprism": "nixpkgs-photoprism", "nixpkgs-unstable": "nixpkgs-unstable", "simple-nixos-mailserver": "simple-nixos-mailserver", "utils": "utils_2" @@ -134,7 +136,9 @@ "nixpkgs": [ "nixpkgs-unstable" ], - "nixpkgs-22_11": "nixpkgs-22_11", + "nixpkgs-22_11": [ + "nixpkgs" + ], "utils": "utils" }, "locked": { diff --git a/flake.nix b/flake.nix index c7c1cf61..fe8260aa 100644 --- a/flake.nix +++ b/flake.nix @@ -1,13 +1,14 @@ { inputs = { - nixpkgs.url = "flake:nixpkgs/nixos-22.05"; + nixpkgs.url = "flake:nixpkgs/nixos-22.11"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; + nixpkgs-photoprism.url = "github:Stunkymonkey/nixpkgs/photoprism-module-init"; utils.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.3.1"; simple-nixos-mailserver = { - url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.05"; + url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.11"; inputs = { nixpkgs.follows = "nixpkgs-unstable"; - nixpkgs-22_05.follows = "nixpkgs"; + nixpkgs-22_11.follows = "nixpkgs"; }; }; dogetipbot-telegram = { @@ -20,7 +21,7 @@ }; }; - outputs = inputs@{ self, utils, nixpkgs, nixpkgs-unstable, simple-nixos-mailserver, dogetipbot-telegram, ipmihddtemp }: utils.lib.mkFlake { + outputs = inputs@{ self, utils, nixpkgs, nixpkgs-unstable, nixpkgs-photoprism, simple-nixos-mailserver, dogetipbot-telegram, ipmihddtemp }: utils.lib.mkFlake { inherit self inputs; @@ -32,7 +33,7 @@ # (nixpkgs-unstable.legacyPackages."x86_64-linux".fetchpatch { # name = "electron-cash.patch"; # url = "https://github.com/NixOS/nixpkgs/pull/160607.patch"; - # sha256 = "sha256-oQbiyhVWYIkEuZEKqaPuIL00PNPnuTAw64wuqZ8YeDs="; + # sha256 = nixpkgs.lib.fakeHash; # }) # ]; @@ -46,6 +47,7 @@ ]; hosts.loutreos.modules = [ + "${nixpkgs-photoprism}/nixos/modules/services/web-apps/photoprism.nix" simple-nixos-mailserver.nixosModule dogetipbot-telegram.nixosModule ipmihddtemp.nixosModule diff --git a/services/python-ci.nix b/services/python-ci.nix index 5a6a4c43..ce957db7 100644 --- a/services/python-ci.nix +++ b/services/python-ci.nix @@ -33,7 +33,7 @@ in RuntimeDirectoryPreserve = "yes"; ExecStart = with pkgs; let env = python3Packages.python.buildEnv.override { - extraLibs = with python3Packages;[ pyramid python-gitlab ]; + extraLibs = with python3Packages;[ pyramid python-gitlab setuptools ]; ignoreCollisions = true; }; in "${pkgs.writeShellScriptBin "run.sh" '' diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 9cf6d067..d0adf484 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -12,7 +12,7 @@ ./services.nix ]; - nix.trustedUsers = [ "root" "paul" ]; + nix.settings.trusted-users = [ "root" "paul" ]; boot = { loader = { diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index 49847181..2c3303b6 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -176,6 +176,6 @@ } ]; - nix.maxJobs = lib.mkDefault 4; + nix.settings.max-jobs = lib.mkDefault 4; powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; } diff --git a/systems/LoutreOS/monitoring.nix b/systems/LoutreOS/monitoring.nix index 99100687..e02a4fa0 100644 --- a/systems/LoutreOS/monitoring.nix +++ b/systems/LoutreOS/monitoring.nix @@ -87,18 +87,27 @@ in grafana = { enable = true; - addr = "127.0.0.1"; dataDir = "/var/lib/grafana"; - extraOptions = { - SERVER_ROOT_URL = "https://grafana.${domaine}"; - SMTP_ENABLED = "true"; - SMTP_FROM_ADDRESS = "grafana@${domaine}"; - SMTP_SKIP_VERIFY = "true"; - AUTH_DISABLE_LOGIN_FORM = "true"; - AUTH_DISABLE_SIGNOUT_MENU = "true"; - AUTH_ANONYMOUS_ENABLED = "true"; - AUTH_ANONYMOUS_ORG_ROLE = "Admin"; - AUTH_BASIC_ENABLED = "false"; + settings = { + server = { + http_addr = "127.0.0.1"; + root_url = "https://grafana.${domaine}"; + }; + smtp = { + enabled = true; + from_address = "grafana@${domaine}"; + skip_verify = true; + }; + auth = { + disable_signout_menu = true; + }; + "auth.basic" = { + enabled = false; + }; + "auth.proxy" = { + enabled = true; + header_name = "X-WEBAUTH-USER"; + }; }; }; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 9731dae6..94698043 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -197,6 +197,8 @@ in proxyPass = "http://127.0.0.1:${toString(rport)}/"; extraConfig = '' auth_request_set $cookie $upstream_http_set_cookie; + auth_request_set $username $upstream_http_x_username; + proxy_set_header X-WEBAUTH-USER $username; add_header Set-Cookie $cookie; ''; }; @@ -243,7 +245,7 @@ in }; }; "login.nyanlout.re" = simpleReverse config.services.nginx.sso.configuration.listen.port; - "grafana.nyanlout.re" = authReverse config.services.grafana.port; + "grafana.nyanlout.re" = authReverse config.services.grafana.settings.server.http_port; "transmission.nyanlout.re" = authReverse config.services.transmission.settings.rpc-port; "radarr.nyanlout.re" = authReverse 7878; "sonarr.nyanlout.re" = authReverse 8989; @@ -376,7 +378,6 @@ in gitea = { enable = true; - cookieSecure = true; httpPort = 3001; rootUrl = "https://gitea.nyanlout.re/"; database = { @@ -384,10 +385,11 @@ in port = 5432; passwordFile = "/var/lib/gitea/custom/conf/database_password"; }; - log.level = "Warn"; - disableRegistration = true; settings = { ui.DEFAULT_THEME = "arc-green"; + log.LEVEL = "Warn"; + service.DISABLE_REGISTRATION = true; + session.COOKIE_SECURE = true; }; }; diff --git a/systems/common-cli.nix b/systems/common-cli.nix index b0cdf52a..d8359d9f 100644 --- a/systems/common-cli.nix +++ b/systems/common-cli.nix @@ -11,12 +11,13 @@ vimAlias = true; configure = { customRC = '' - set tabstop=8 + set tabstop=8 set shiftwidth=4 set softtabstop=0 set expandtab - set smarttab + set smarttab set background=dark + set mouse= ''; packages.myVimPackage = with pkgs.vimPlugins; { start = [ From c4ff862ab4060f3245e721ca526c28ce1dd07452 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 30 Dec 2022 15:08:37 +0100 Subject: [PATCH 293/474] install photoprism --- systems/LoutreOS/services.nix | 9 +++++++++ systems/LoutreOS/web.nix | 5 +++++ 2 files changed, 14 insertions(+) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 4d496d74..cb0cdfb1 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -545,6 +545,15 @@ in #]; }; }; + + photoprism = { + enable = true; + originalsPath = "/mnt/backup_loutre/amandoleen/d/Users/Amand/Pictures"; + extraConfig = { + PHOTOPRISM_AUTH_MODE = "public"; + PHOTOPRISM_READONLY = true; + }; + }; }; systemd.services."borgbackup-job-loutre".serviceConfig.TemporaryFileSystem = ["/mnt/borgsnap"]; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 94698043..c7f01693 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -260,6 +260,11 @@ in "ci.nyanlout.re" = simpleReverse 52350; "gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort; "musique.nyanlout.re" = simpleReverse config.services.navidrome.settings.Port; + "photo.nyanlout.re" = recursiveUpdate (authReverse config.services.photoprism.port) { + locations."/" = { + proxyWebsockets = true; + }; + }; "apart.nyanlout.re" = recursiveUpdate (simpleReverse config.services.home-assistant.config.http.server_port) { locations."/" = { proxyWebsockets = true; From a315db49c6a600bc72795963011f26b1f81add64 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 30 Dec 2022 15:09:18 +0100 Subject: [PATCH 294/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/dac57a4eccf1442e8bf4030df6fcbb55883cb682' (2022-12-24) → 'github:NixOS/nixpkgs/913a47cd064cc06440ea84e5e0452039a85781f0' (2022-12-29) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 8f5449d7..e6dea1e1 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1671883564, - "narHash": "sha256-C15oAtyupmLB3coZY7qzEHXjhtUx/+77olVdqVMruAg=", + "lastModified": 1672353432, + "narHash": "sha256-oZfgp/44/o2tWiylV30cR+DLyWTJ+5dhsdWZVpzs3e4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dac57a4eccf1442e8bf4030df6fcbb55883cb682", + "rev": "913a47cd064cc06440ea84e5e0452039a85781f0", "type": "github" }, "original": { From 09ec8c3554521b48e00cb9e02644111e0ac40fd8 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 5 Jan 2023 11:11:22 +0100 Subject: [PATCH 295/474] Add 'overlays/transmission.nix' --- overlays/transmission.nix | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 overlays/transmission.nix diff --git a/overlays/transmission.nix b/overlays/transmission.nix new file mode 100644 index 00000000..3294870a --- /dev/null +++ b/overlays/transmission.nix @@ -0,0 +1,8 @@ +self: super: +{ + transmission = (super.transmission.overrideAttrs (oA: { + patches = []; + })).override { + openssl = super.openssl_legacy; + }; +} \ No newline at end of file From eff9aadf902365f0721e58b1955d4073670d7d79 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 5 Jan 2023 11:13:39 +0100 Subject: [PATCH 296/474] Update 'systems/LoutreOS/configuration.nix' --- systems/LoutreOS/configuration.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index d0adf484..3ab6c2a6 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -12,6 +12,11 @@ ./services.nix ]; + nixpkgs.overlays = [ + (import ../../overlays/transmission.nix) + ]; + + nix.settings.trusted-users = [ "root" "paul" ]; boot = { From 3d472d07c2f6666a2f55e7e3692b067aebc8dfac Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 5 Jan 2023 11:18:09 +0100 Subject: [PATCH 297/474] Update 'systems/LoutreOS/configuration.nix' --- systems/LoutreOS/configuration.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 3ab6c2a6..75a7df13 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -12,11 +12,6 @@ ./services.nix ]; - nixpkgs.overlays = [ - (import ../../overlays/transmission.nix) - ]; - - nix.settings.trusted-users = [ "root" "paul" ]; boot = { @@ -169,6 +164,7 @@ nixpkgs.overlays = [ (import ../../overlays/riot-web.nix) + (import ../../overlays/transmission.nix) ]; services.openssh = { From 884498f5736ae5ba3aae947fb9383f199630198e Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 5 Jan 2023 11:25:26 +0100 Subject: [PATCH 298/474] Update 'systems/LoutreOS/services.nix' --- systems/LoutreOS/services.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index cb0cdfb1..2bc5e415 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -551,7 +551,7 @@ in originalsPath = "/mnt/backup_loutre/amandoleen/d/Users/Amand/Pictures"; extraConfig = { PHOTOPRISM_AUTH_MODE = "public"; - PHOTOPRISM_READONLY = true; + PHOTOPRISM_READONLY = "1"; }; }; }; From 0cddbf1def860643f4f76a1a590d6703aaacbdc0 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 5 Jan 2023 11:22:52 +0100 Subject: [PATCH 299/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/913a47cd064cc06440ea84e5e0452039a85781f0' (2022-12-29) → 'github:NixOS/nixpkgs/e9ade2c8240e00a4784fac282a502efff2786bdc' (2023-01-04) • Updated input 'nixpkgs-photoprism': 'github:Stunkymonkey/nixpkgs/6805f176fcc4b3673f23df5ee67caccc24bfba8c' (2022-12-24) → 'github:Stunkymonkey/nixpkgs/9f3d8078ecec6f757b6fde1734f258913e062be2' (2023-01-01) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/e182da8622a354d44c39b3d7a542dc12cd7baa5f' (2022-12-28) → 'github:NixOS/nixpkgs/9813adc7f7c0edd738c6bdd8431439688bb0cb3d' (2023-01-04) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index e6dea1e1..8c26b8b7 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1672353432, - "narHash": "sha256-oZfgp/44/o2tWiylV30cR+DLyWTJ+5dhsdWZVpzs3e4=", + "lastModified": 1672844754, + "narHash": "sha256-o26WabuHABQsaHxxmIrR3AQRqDFUEdLckLXkVCpIjSU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "913a47cd064cc06440ea84e5e0452039a85781f0", + "rev": "e9ade2c8240e00a4784fac282a502efff2786bdc", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-photoprism": { "locked": { - "lastModified": 1671922246, - "narHash": "sha256-Xh/pWG2mdheCtJZFmuuZIsvR9PVgs15Rn6yt/G1lINc=", + "lastModified": 1672609663, + "narHash": "sha256-qDon3TnuGPW8L4+xLqUs6/Ev8yRR8qV7v5PHMrCtnao=", "owner": "Stunkymonkey", "repo": "nixpkgs", - "rev": "6805f176fcc4b3673f23df5ee67caccc24bfba8c", + "rev": "9f3d8078ecec6f757b6fde1734f258913e062be2", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1672262501, - "narHash": "sha256-ZNXqX9lwYo1tOFAqrVtKTLcJ2QMKCr3WuIvpN8emp7I=", + "lastModified": 1672791794, + "narHash": "sha256-mqGPpGmwap0Wfsf3o2b6qHJW1w2kk/I6cGCGIU+3t6o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e182da8622a354d44c39b3d7a542dc12cd7baa5f", + "rev": "9813adc7f7c0edd738c6bdd8431439688bb0cb3d", "type": "github" }, "original": { From a449f29502028e36df5b28374763fc5d80c1c6f8 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 5 Jan 2023 11:26:38 +0100 Subject: [PATCH 300/474] remove backup mount and add photoprism mount --- systems/LoutreOS/hardware-configuration.nix | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index 2c3303b6..b32d6f11 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -123,10 +123,10 @@ fsType = "zfs"; }; - fileSystems."/mnt/backup" = - { device = "backup"; - fsType = "zfs"; - }; + # fileSystems."/mnt/backup" = + # { device = "backup"; + # fsType = "zfs"; + # }; fileSystems."/mnt/backup_loutre" = { device = "loutrepool/backup"; @@ -158,6 +158,11 @@ fsType = "zfs"; }; + fileSystems."/var/lib/private/photoprism" = + { device = "loutrepool/var/photoprism"; + fsType = "zfs"; + }; + fileSystems."/mnt/paul-home" = { device = "loutrepool/zfs-replicate/paul-fixe/fastaf/home"; fsType = "zfs"; From d97d8a59491430776d6cff8776882e6d410fa60b Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 5 Jan 2023 11:28:10 +0100 Subject: [PATCH 301/474] add photoprism url --- systems/LoutreOS/services.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 2bc5e415..4c8fb805 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -552,6 +552,7 @@ in extraConfig = { PHOTOPRISM_AUTH_MODE = "public"; PHOTOPRISM_READONLY = "1"; + PHOTOPRISM_SITE_URL = "https://photo.nyanlout.re/"; }; }; }; From 166219459f6911defe243e68c273fa429e917c51 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 7 Jan 2023 23:34:55 +0100 Subject: [PATCH 302/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e9ade2c8240e00a4784fac282a502efff2786bdc' (2023-01-04) → 'github:NixOS/nixpkgs/2dea8991d89b9f1e78d874945f78ca15f6954289' (2023-01-06) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/9813adc7f7c0edd738c6bdd8431439688bb0cb3d' (2023-01-04) → 'github:NixOS/nixpkgs/a518c77148585023ff56022f09c4b2c418a51ef5' (2023-01-05) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 8c26b8b7..ea354b46 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1672844754, - "narHash": "sha256-o26WabuHABQsaHxxmIrR3AQRqDFUEdLckLXkVCpIjSU=", + "lastModified": 1672968032, + "narHash": "sha256-26Jns3GmHem44a06UN5Rj/KOD9qNJThyQrom02Ijur8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e9ade2c8240e00a4784fac282a502efff2786bdc", + "rev": "2dea8991d89b9f1e78d874945f78ca15f6954289", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1672791794, - "narHash": "sha256-mqGPpGmwap0Wfsf3o2b6qHJW1w2kk/I6cGCGIU+3t6o=", + "lastModified": 1672953546, + "narHash": "sha256-oz757DnJ1ITvwyTovuwG3l9cX6j9j6/DH9eH+cXFJmc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9813adc7f7c0edd738c6bdd8431439688bb0cb3d", + "rev": "a518c77148585023ff56022f09c4b2c418a51ef5", "type": "github" }, "original": { From 734f54f69fab055c37976bfce6176dad3c4f66f0 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 13 Jan 2023 09:53:31 +0100 Subject: [PATCH 303/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/2dea8991d89b9f1e78d874945f78ca15f6954289' (2023-01-06) → 'github:NixOS/nixpkgs/6a3f9996408c970b99b8b992b11bb249d1455b62' (2023-01-12) • Updated input 'nixpkgs-photoprism': 'github:Stunkymonkey/nixpkgs/9f3d8078ecec6f757b6fde1734f258913e062be2' (2023-01-01) → 'github:Stunkymonkey/nixpkgs/2dc710c13cfd1f33b16439c84afd9eafeb3371f2' (2023-01-12) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/a518c77148585023ff56022f09c4b2c418a51ef5' (2023-01-05) → 'github:NixOS/nixpkgs/6c8644fc37b6e141cbfa6c7dc8d98846c4ff0c2e' (2023-01-11) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index ea354b46..ef802032 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1672968032, - "narHash": "sha256-26Jns3GmHem44a06UN5Rj/KOD9qNJThyQrom02Ijur8=", + "lastModified": 1673527292, + "narHash": "sha256-903EpRSDCfUvic7Hsiqwy+h7zlMTLAUbCXkEGGriCfM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2dea8991d89b9f1e78d874945f78ca15f6954289", + "rev": "6a3f9996408c970b99b8b992b11bb249d1455b62", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-photoprism": { "locked": { - "lastModified": 1672609663, - "narHash": "sha256-qDon3TnuGPW8L4+xLqUs6/Ev8yRR8qV7v5PHMrCtnao=", + "lastModified": 1673563714, + "narHash": "sha256-NPVs2Sff5ubtCnsG5fciNZtM30d4nlgZxmpSK4zqwDU=", "owner": "Stunkymonkey", "repo": "nixpkgs", - "rev": "9f3d8078ecec6f757b6fde1734f258913e062be2", + "rev": "2dc710c13cfd1f33b16439c84afd9eafeb3371f2", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1672953546, - "narHash": "sha256-oz757DnJ1ITvwyTovuwG3l9cX6j9j6/DH9eH+cXFJmc=", + "lastModified": 1673450908, + "narHash": "sha256-b8em+kwrNtnB7gR8SyVf6WuTyQ+6tHS6dzt9D9wgKF0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a518c77148585023ff56022f09c4b2c418a51ef5", + "rev": "6c8644fc37b6e141cbfa6c7dc8d98846c4ff0c2e", "type": "github" }, "original": { From ea61674cffa0302e2189dc4edaf1db0ff3abc1b9 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 26 Jan 2023 20:42:59 +0100 Subject: [PATCH 304/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/6a3f9996408c970b99b8b992b11bb249d1455b62' (2023-01-12) → 'github:NixOS/nixpkgs/ab1254087f4cdf4af74b552d7fc95175d9bdbb49' (2023-01-22) • Updated input 'nixpkgs-photoprism': 'github:Stunkymonkey/nixpkgs/2dc710c13cfd1f33b16439c84afd9eafeb3371f2' (2023-01-12) → 'github:Stunkymonkey/nixpkgs/0214f02419f80674ffcaa26e9f20769a56b5f0c1' (2023-01-15) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/6c8644fc37b6e141cbfa6c7dc8d98846c4ff0c2e' (2023-01-11) → 'github:NixOS/nixpkgs/1b1f50645af2a70dc93eae18bfd88d330bfbcf7f' (2023-01-23) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index ef802032..3259ccea 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1673527292, - "narHash": "sha256-903EpRSDCfUvic7Hsiqwy+h7zlMTLAUbCXkEGGriCfM=", + "lastModified": 1674407282, + "narHash": "sha256-2qwc8mrPINSFdWffPK+ji6nQ9aGnnZyHSItVcYDZDlk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6a3f9996408c970b99b8b992b11bb249d1455b62", + "rev": "ab1254087f4cdf4af74b552d7fc95175d9bdbb49", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-photoprism": { "locked": { - "lastModified": 1673563714, - "narHash": "sha256-NPVs2Sff5ubtCnsG5fciNZtM30d4nlgZxmpSK4zqwDU=", + "lastModified": 1673802166, + "narHash": "sha256-0D/Fnl7nF9tOoCFgfu8dReShYjal7LwvIRkCAjxtK78=", "owner": "Stunkymonkey", "repo": "nixpkgs", - "rev": "2dc710c13cfd1f33b16439c84afd9eafeb3371f2", + "rev": "0214f02419f80674ffcaa26e9f20769a56b5f0c1", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1673450908, - "narHash": "sha256-b8em+kwrNtnB7gR8SyVf6WuTyQ+6tHS6dzt9D9wgKF0=", + "lastModified": 1674459583, + "narHash": "sha256-L0UZl/u2H3HGsrhN+by42c5kNYeKtdmJiPzIRvEVeiM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6c8644fc37b6e141cbfa6c7dc8d98846c4ff0c2e", + "rev": "1b1f50645af2a70dc93eae18bfd88d330bfbcf7f", "type": "github" }, "original": { From a8b8356e0d24261aff88c5e40fa3fa6a6ed3eba5 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 16 Feb 2023 17:04:00 +0100 Subject: [PATCH 305/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/ab1254087f4cdf4af74b552d7fc95175d9bdbb49' (2023-01-22) → 'github:NixOS/nixpkgs/c43f676c938662072772339be6269226c77b51b8' (2023-02-14) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/1b1f50645af2a70dc93eae18bfd88d330bfbcf7f' (2023-01-23) → 'github:NixOS/nixpkgs/545c7a31e5dedea4a6d372712a18e00ce097d462' (2023-02-13) --- flake.lock | 29 ++++++----------------------- 1 file changed, 6 insertions(+), 23 deletions(-) diff --git a/flake.lock b/flake.lock index 3259ccea..eecc94f6 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1674407282, - "narHash": "sha256-2qwc8mrPINSFdWffPK+ji6nQ9aGnnZyHSItVcYDZDlk=", + "lastModified": 1676375384, + "narHash": "sha256-6HI3jZiuJX+KLz05cocYy2mBAWlISEKHU84ftYfxHZ8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ab1254087f4cdf4af74b552d7fc95175d9bdbb49", + "rev": "c43f676c938662072772339be6269226c77b51b8", "type": "github" }, "original": { @@ -88,29 +88,13 @@ "type": "indirect" } }, - "nixpkgs-photoprism": { - "locked": { - "lastModified": 1673802166, - "narHash": "sha256-0D/Fnl7nF9tOoCFgfu8dReShYjal7LwvIRkCAjxtK78=", - "owner": "Stunkymonkey", - "repo": "nixpkgs", - "rev": "0214f02419f80674ffcaa26e9f20769a56b5f0c1", - "type": "github" - }, - "original": { - "owner": "Stunkymonkey", - "ref": "photoprism-module-init", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs-unstable": { "locked": { - "lastModified": 1674459583, - "narHash": "sha256-L0UZl/u2H3HGsrhN+by42c5kNYeKtdmJiPzIRvEVeiM=", + "lastModified": 1676300157, + "narHash": "sha256-1HjRzfp6LOLfcj/HJHdVKWAkX9QRAouoh6AjzJiIerU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1b1f50645af2a70dc93eae18bfd88d330bfbcf7f", + "rev": "545c7a31e5dedea4a6d372712a18e00ce097d462", "type": "github" }, "original": { @@ -124,7 +108,6 @@ "dogetipbot-telegram": "dogetipbot-telegram", "ipmihddtemp": "ipmihddtemp", "nixpkgs": "nixpkgs", - "nixpkgs-photoprism": "nixpkgs-photoprism", "nixpkgs-unstable": "nixpkgs-unstable", "simple-nixos-mailserver": "simple-nixos-mailserver", "utils": "utils_2" From 4d7fc25aaf6e568c7a7a3e366f58a17d76bc22b7 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 16 Feb 2023 17:11:20 +0100 Subject: [PATCH 306/474] remove riot --- overlays/riot-web.nix | 15 --------------- systems/LoutreOS/configuration.nix | 1 - systems/LoutreOS/web.nix | 1 - 3 files changed, 17 deletions(-) delete mode 100644 overlays/riot-web.nix diff --git a/overlays/riot-web.nix b/overlays/riot-web.nix deleted file mode 100644 index 33428ffb..00000000 --- a/overlays/riot-web.nix +++ /dev/null @@ -1,15 +0,0 @@ -self: super: -{ - riot-web = super.riot-web.override { - conf = { - default_hs_url = "https://matrix.nyanlout.re"; - default_is_url = "https://vector.im"; - brand = "Nyanloutre"; - default_theme = "dark"; - integrations_ui_url = "https://dimension.t2bot.io/riot"; - integrations_rest_url = "https://dimension.t2bot.io/api/v1/scalar"; - integrations_widgets_urls = ["https://dimension.t2bot.io/widgets"]; - integrations_jitsi_widget_url = "https://dimension.t2bot.io/widgets/jitsi"; - }; - }; -} diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 75a7df13..e292f440 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -163,7 +163,6 @@ }; nixpkgs.overlays = [ - (import ../../overlays/riot-web.nix) (import ../../overlays/transmission.nix) ]; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index c7f01693..8390254f 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -224,7 +224,6 @@ in ''; }; } // { default = true; }; - "riot.nyanlout.re" = base { "/" = { root = pkgs.element-web; }; }; "factorio.nyanlout.re" = base { "/" = { root = "/var/www/factorio"; }; }; "minecraft.nyanlout.re" = base { "/" = { root = "/var/www/minecraft-overviewer"; }; }; "musique-meyenheim.fr" = base { From 2fac85824a2c9c0efd785de978166e2e0e76675c Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 16 Feb 2023 17:13:06 +0100 Subject: [PATCH 307/474] install photoprism from unstable --- flake.nix | 5 ++--- systems/LoutreOS/services.nix | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/flake.nix b/flake.nix index fe8260aa..e9ef1840 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,6 @@ inputs = { nixpkgs.url = "flake:nixpkgs/nixos-22.11"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; - nixpkgs-photoprism.url = "github:Stunkymonkey/nixpkgs/photoprism-module-init"; utils.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.3.1"; simple-nixos-mailserver = { url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.11"; @@ -21,7 +20,7 @@ }; }; - outputs = inputs@{ self, utils, nixpkgs, nixpkgs-unstable, nixpkgs-photoprism, simple-nixos-mailserver, dogetipbot-telegram, ipmihddtemp }: utils.lib.mkFlake { + outputs = inputs@{ self, utils, nixpkgs, nixpkgs-unstable, simple-nixos-mailserver, dogetipbot-telegram, ipmihddtemp }: utils.lib.mkFlake { inherit self inputs; @@ -47,7 +46,7 @@ ]; hosts.loutreos.modules = [ - "${nixpkgs-photoprism}/nixos/modules/services/web-apps/photoprism.nix" + "${nixpkgs-unstable}/nixos/modules/services/web-apps/photoprism.nix" simple-nixos-mailserver.nixosModule dogetipbot-telegram.nixosModule ipmihddtemp.nixosModule diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 4c8fb805..3b8df046 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -549,7 +549,7 @@ in photoprism = { enable = true; originalsPath = "/mnt/backup_loutre/amandoleen/d/Users/Amand/Pictures"; - extraConfig = { + settings = { PHOTOPRISM_AUTH_MODE = "public"; PHOTOPRISM_READONLY = "1"; PHOTOPRISM_SITE_URL = "https://photo.nyanlout.re/"; From 0ae3cd7ba4ddfc35c590c7b301bf52b5de1bd1ce Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 16 Feb 2023 17:30:46 +0100 Subject: [PATCH 308/474] redirect www.musique-meyenheim.fr --- systems/LoutreOS/web.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 8390254f..6df086c9 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -237,6 +237,11 @@ in alias = "/var/www/site-musique/media/"; }; }; + "www.musique-meyenheim.fr" = { + enableACME = true; + forceSSL = true; + globalRedirect = "musique-meyenheim.fr"; + }; # "maxspiegel.fr" = base { "/" = { root = "/run/python-ci/nyanloutre/site-max"; }; }; "stream.nyanlout.re" = base { "/" = { From 94ab3f04fe39281c3940de48972cfc75737a547e Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 16 Feb 2023 17:31:01 +0100 Subject: [PATCH 309/474] ajout amandoline-creations.fr --- systems/LoutreOS/web.nix | 55 +++++++--------------------------------- 1 file changed, 9 insertions(+), 46 deletions(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 6df086c9..aa7ca388 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -327,52 +327,15 @@ in } ]; "designyourfuture.amandoline-creations.fr" = base { - "/".alias = "/var/www/amandoleene-designyourfuture/"; - # "/" = { - # priority = 200; - # extraConfig = '' - # try_files $uri $uri/ /index.php$is_args$args; - # ''; - # }; - # "~ \\.php$" = { - # priority = 500; - # extraConfig = '' - # fastcgi_split_path_info ^(.+\.php)(/.+)$; - # fastcgi_pass unix:${config.services.phpfpm.pools."wordpress-designyourfuture".socket}; - # fastcgi_index index.php; - # include "${config.services.nginx.package}/conf/fastcgi.conf"; - # fastcgi_param PATH_INFO $fastcgi_path_info; - # fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; - # # Mitigate https://httpoxy.org/ vulnerabilities - # fastcgi_param HTTP_PROXY ""; - # fastcgi_intercept_errors off; - # fastcgi_buffer_size 16k; - # fastcgi_buffers 4 16k; - # fastcgi_connect_timeout 300; - # fastcgi_send_timeout 300; - # fastcgi_read_timeout 300; - # ''; - # }; - # "~ /\\." = { - # priority = 800; - # extraConfig = "deny all;"; - # }; - # "~* /(?:uploads|files)/.*\\.php$" = { - # priority = 900; - # extraConfig = "deny all;"; - # }; - # "~* \\.(js|css|png|jpg|jpeg|gif|ico)$" = { - # priority = 1000; - # extraConfig = '' - # expires max; - # log_not_found off; - # ''; - # }; - } // { - # root = "/var/www/wordpress-designyourfuture"; - # extraConfig = '' - # index index.php; - # ''; + "/".alias = "/var/www/amandoline-designyourfuture/"; + }; + "amandoline-creations.fr" = base { + "/".alias = "/var/www/amandoline-portfolio/"; + }; + "www.amandoline-creations.fr" = { + enableACME = true; + forceSSL = true; + globalRedirect = "amandoline-creations.fr"; }; }; }; From 2da57f3126806ab73913ce1eeaab1cd10de363a0 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 23 Mar 2023 11:35:15 +0100 Subject: [PATCH 310/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/c43f676c938662072772339be6269226c77b51b8' (2023-02-14) → 'github:NixOS/nixpkgs/9ef6e7727f4c31507627815d4f8679c5841efb00' (2023-03-22) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/545c7a31e5dedea4a6d372712a18e00ce097d462' (2023-02-13) → 'github:NixOS/nixpkgs/19cf008bb18e47b6e3b4e16e32a9a4bdd4b45f7e' (2023-03-21) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index eecc94f6..8c9f96d9 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1676375384, - "narHash": "sha256-6HI3jZiuJX+KLz05cocYy2mBAWlISEKHU84ftYfxHZ8=", + "lastModified": 1679472241, + "narHash": "sha256-VK2YDic2NjPvfsuneJCLIrWS38qUfoW8rLLimx0rWXA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c43f676c938662072772339be6269226c77b51b8", + "rev": "9ef6e7727f4c31507627815d4f8679c5841efb00", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1676300157, - "narHash": "sha256-1HjRzfp6LOLfcj/HJHdVKWAkX9QRAouoh6AjzJiIerU=", + "lastModified": 1679437018, + "narHash": "sha256-vOuiDPLHSEo/7NkiWtxpHpHgoXoNmrm+wkXZ6a072Fc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "545c7a31e5dedea4a6d372712a18e00ce097d462", + "rev": "19cf008bb18e47b6e3b4e16e32a9a4bdd4b45f7e", "type": "github" }, "original": { From 3568d0bb16f547c9a16e0ef6de9198ae29e704f3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 1 Apr 2023 12:53:34 +0200 Subject: [PATCH 311/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/9ef6e7727f4c31507627815d4f8679c5841efb00' (2023-03-22) → 'github:NixOS/nixpkgs/a575c243c23e2851b78c00e9fa245232926ec32f' (2023-03-29) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/19cf008bb18e47b6e3b4e16e32a9a4bdd4b45f7e' (2023-03-21) → 'github:NixOS/nixpkgs/e3652e0735fbec227f342712f180f4f21f0594f2' (2023-03-30) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 8c9f96d9..2213f2b9 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1679472241, - "narHash": "sha256-VK2YDic2NjPvfsuneJCLIrWS38qUfoW8rLLimx0rWXA=", + "lastModified": 1680122840, + "narHash": "sha256-zCQ/9iFHzCW5JMYkkHMwgK1/1/kTMgCMHq4THPINpAU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9ef6e7727f4c31507627815d4f8679c5841efb00", + "rev": "a575c243c23e2851b78c00e9fa245232926ec32f", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1679437018, - "narHash": "sha256-vOuiDPLHSEo/7NkiWtxpHpHgoXoNmrm+wkXZ6a072Fc=", + "lastModified": 1680213900, + "narHash": "sha256-cIDr5WZIj3EkKyCgj/6j3HBH4Jj1W296z7HTcWj1aMA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "19cf008bb18e47b6e3b4e16e32a9a4bdd4b45f7e", + "rev": "e3652e0735fbec227f342712f180f4f21f0594f2", "type": "github" }, "original": { From 08833324c2d5de1103c0dc89787b5499647ee996 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 24 Apr 2023 20:29:13 +0200 Subject: [PATCH 312/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/a575c243c23e2851b78c00e9fa245232926ec32f' (2023-03-29) → 'github:NixOS/nixpkgs/f5364316e314436f6b9c8fd50592b18920ab18f9' (2023-04-24) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/e3652e0735fbec227f342712f180f4f21f0594f2' (2023-03-30) → 'github:NixOS/nixpkgs/e78d25df6f1036b3fa76750ed4603dd9d5fe90fc' (2023-04-23) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 2213f2b9..ba3bbff7 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1680122840, - "narHash": "sha256-zCQ/9iFHzCW5JMYkkHMwgK1/1/kTMgCMHq4THPINpAU=", + "lastModified": 1682303062, + "narHash": "sha256-x+KAADp27lbxeoPXLUMxKcRsUUHDlg+qVjt5PjgBw9A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a575c243c23e2851b78c00e9fa245232926ec32f", + "rev": "f5364316e314436f6b9c8fd50592b18920ab18f9", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1680213900, - "narHash": "sha256-cIDr5WZIj3EkKyCgj/6j3HBH4Jj1W296z7HTcWj1aMA=", + "lastModified": 1682268651, + "narHash": "sha256-2eZriMhnD24Pmb8ideZWZDiXaAVe6LzJrHQiNPck+Lk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e3652e0735fbec227f342712f180f4f21f0594f2", + "rev": "e78d25df6f1036b3fa76750ed4603dd9d5fe90fc", "type": "github" }, "original": { From da693daad6f105f69eb3df3d92c138a39579caad Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 18 May 2023 20:19:11 +0200 Subject: [PATCH 313/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/f5364316e314436f6b9c8fd50592b18920ab18f9' (2023-04-24) → 'github:NixOS/nixpkgs/628d4bb6e9f4f0c30cfd9b23d3c1cdcec9d3cb5c' (2023-05-18) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/e78d25df6f1036b3fa76750ed4603dd9d5fe90fc' (2023-04-23) → 'github:NixOS/nixpkgs/48a0fb7aab511df92a17cf239c37f2bd2ec9ae3a' (2023-05-18) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index ba3bbff7..54e9e044 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1682303062, - "narHash": "sha256-x+KAADp27lbxeoPXLUMxKcRsUUHDlg+qVjt5PjgBw9A=", + "lastModified": 1684398685, + "narHash": "sha256-TRE62m91iZ5ArVMgA+uj22Yda8JoQuuhc9uwZ+NoX+0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f5364316e314436f6b9c8fd50592b18920ab18f9", + "rev": "628d4bb6e9f4f0c30cfd9b23d3c1cdcec9d3cb5c", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1682268651, - "narHash": "sha256-2eZriMhnD24Pmb8ideZWZDiXaAVe6LzJrHQiNPck+Lk=", + "lastModified": 1684385584, + "narHash": "sha256-O7y0gK8OLIDqz+LaHJJyeu09IGiXlZIS3+JgEzGmmJA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e78d25df6f1036b3fa76750ed4603dd9d5fe90fc", + "rev": "48a0fb7aab511df92a17cf239c37f2bd2ec9ae3a", "type": "github" }, "original": { From 30faf02d276ddde1a9c176ced32bf36ed9162f91 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 18 May 2023 20:23:02 +0200 Subject: [PATCH 314/474] create photoprism accounts --- systems/LoutreOS/services.nix | 3 ++- systems/LoutreOS/web.nix | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 3b8df046..e0281049 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -549,9 +549,10 @@ in photoprism = { enable = true; originalsPath = "/mnt/backup_loutre/amandoleen/d/Users/Amand/Pictures"; + passwordFile = "/mnt/secrets/photoprism_pass"; settings = { - PHOTOPRISM_AUTH_MODE = "public"; PHOTOPRISM_READONLY = "1"; + PHOTOPRISM_DETECT_NSFW = "1"; PHOTOPRISM_SITE_URL = "https://photo.nyanlout.re/"; }; }; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index aa7ca388..587f5efc 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -264,7 +264,7 @@ in "ci.nyanlout.re" = simpleReverse 52350; "gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort; "musique.nyanlout.re" = simpleReverse config.services.navidrome.settings.Port; - "photo.nyanlout.re" = recursiveUpdate (authReverse config.services.photoprism.port) { + "photo.nyanlout.re" = recursiveUpdate (simpleReverse config.services.photoprism.port) { locations."/" = { proxyWebsockets = true; }; From d28de2a644e9a4541f2cac9cd47b7405f7d1e45a Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 18 May 2023 20:23:15 +0200 Subject: [PATCH 315/474] use unstable radarr and sonarr --- systems/LoutreOS/medias.nix | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index 96b06ee0..f177bea2 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -17,8 +17,14 @@ }; }; - radarr.enable = true; - sonarr.enable = true; + radarr = { + enable = true; + package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.radarr; + }; + sonarr = { + enable = true; + package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.sonarr; + }; jackett = { enable = true; package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.jackett; From 0167221dc56070952887648eced1bdb204feb850 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 18 May 2023 22:41:11 +0200 Subject: [PATCH 316/474] replace jackett with prowlarr --- systems/LoutreOS/medias.nix | 5 +---- systems/LoutreOS/web.nix | 2 +- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index f177bea2..8a4d15d5 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -25,10 +25,7 @@ enable = true; package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.sonarr; }; - jackett = { - enable = true; - package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.jackett; - }; + prowlarr.enable = true; jellyfin = { enable = true; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 587f5efc..243d4d7b 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -254,7 +254,7 @@ in "radarr.nyanlout.re" = authReverse 7878; "sonarr.nyanlout.re" = authReverse 8989; "syncthing.nyanlout.re" = authReverse 8384; - "jackett.nyanlout.re" = authReverse 9117; + "prowlarr.nyanlout.re" = authReverse 9696; "matrix.nyanlout.re" = simpleReverse 8008; "emby.nyanlout.re" = recursiveUpdate (simpleReverse 8096) { locations."/" = { From cb4f74182eed56862c12e89d386067da766bfe23 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 8 Jun 2023 21:34:28 +0200 Subject: [PATCH 317/474] no trim/scrub on daily computer --- systems/PC-Fixe/configuration.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 282adbae..02de5cea 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -36,11 +36,11 @@ services.zfs = { trim = { - enable = true; + enable = false; interval = "monthly"; }; autoScrub = { - enable = true; + enable = false; interval = "monthly"; }; autoSnapshot = { From 69e9788a1631c1e0a3bacb199200ab04c22ecc12 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 8 Jun 2023 21:35:19 +0200 Subject: [PATCH 318/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/628d4bb6e9f4f0c30cfd9b23d3c1cdcec9d3cb5c' (2023-05-18) → 'github:NixOS/nixpkgs/d83945caa7624015f11b152bf5c6c4363ffe9f7c' (2023-06-06) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/48a0fb7aab511df92a17cf239c37f2bd2ec9ae3a' (2023-05-18) → 'github:NixOS/nixpkgs/381e92a35e2d196fdd6077680dca0cd0197e75cb' (2023-06-07) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 54e9e044..45994b48 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1684398685, - "narHash": "sha256-TRE62m91iZ5ArVMgA+uj22Yda8JoQuuhc9uwZ+NoX+0=", + "lastModified": 1686035213, + "narHash": "sha256-hRcXUoVWWuLqFzQ1QVQx4ewvbnst1NkCxoZhmpzrilA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "628d4bb6e9f4f0c30cfd9b23d3c1cdcec9d3cb5c", + "rev": "d83945caa7624015f11b152bf5c6c4363ffe9f7c", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1684385584, - "narHash": "sha256-O7y0gK8OLIDqz+LaHJJyeu09IGiXlZIS3+JgEzGmmJA=", + "lastModified": 1686135559, + "narHash": "sha256-pY8waAV8K/sbHBdLn5diPFnQKpNg0YS9w03MrD2lUGE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "48a0fb7aab511df92a17cf239c37f2bd2ec9ae3a", + "rev": "381e92a35e2d196fdd6077680dca0cd0197e75cb", "type": "github" }, "original": { From fab9a81d0e9600a70666346bdb70bd7576ccf41c Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 8 Jun 2023 21:35:55 +0200 Subject: [PATCH 319/474] replace minecraft by prismlauncher --- systems/common-gui.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/common-gui.nix b/systems/common-gui.nix index 216a765e..62e74b6b 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -10,7 +10,7 @@ sc-controller steam-run - minecraft + prismlauncher lutris teamspeak_client From cacf58c7dd156cc715c9bd9fe61d1c02a8c02f25 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 13 Jun 2023 13:56:00 +0200 Subject: [PATCH 320/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d83945caa7624015f11b152bf5c6c4363ffe9f7c' (2023-06-06) → 'github:NixOS/nixpkgs/d3bb401dcfc5a46ce51cdfb5762e70cc75d082d2' (2023-06-10) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/381e92a35e2d196fdd6077680dca0cd0197e75cb' (2023-06-07) → 'github:NixOS/nixpkgs/75a5ebf473cd60148ba9aec0d219f72e5cf52519' (2023-06-11) • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/bc667fb6afc45f6cc2d118ab77658faf2227cffd' (2022-12-21) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/4966c0f63f04659015f064f2aa34b1893a16dfde' (2023-06-11) • Added input 'simple-nixos-mailserver/flake-compat': 'github:edolstra/flake-compat/009399224d5e398d03b22badca40a37ac85412a1' (2022-11-17) • Updated input 'simple-nixos-mailserver/nixpkgs-22_11': follows 'nixpkgs' → 'github:NixOS/nixpkgs/ce5fe99df1f15a09a91a86be9738d68fadfbad82' (2022-11-27) • Added input 'simple-nixos-mailserver/nixpkgs-23_05': follows 'nixpkgs' --- flake.lock | 55 +++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 44 insertions(+), 11 deletions(-) diff --git a/flake.lock b/flake.lock index 45994b48..b72ec571 100644 --- a/flake.lock +++ b/flake.lock @@ -37,6 +37,22 @@ "type": "gitlab" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1638122382, @@ -75,11 +91,26 @@ }, "nixpkgs": { "locked": { - "lastModified": 1686035213, - "narHash": "sha256-hRcXUoVWWuLqFzQ1QVQx4ewvbnst1NkCxoZhmpzrilA=", + "lastModified": 1686431482, + "narHash": "sha256-oPVQ/0YP7yC2ztNsxvWLrV+f0NQ2QAwxbrZ+bgGydEM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d83945caa7624015f11b152bf5c6c4363ffe9f7c", + "rev": "d3bb401dcfc5a46ce51cdfb5762e70cc75d082d2", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.05", + "type": "indirect" + } + }, + "nixpkgs-22_11": { + "locked": { + "lastModified": 1669558522, + "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", "type": "github" }, "original": { @@ -90,11 +121,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1686135559, - "narHash": "sha256-pY8waAV8K/sbHBdLn5diPFnQKpNg0YS9w03MrD2lUGE=", + "lastModified": 1686501370, + "narHash": "sha256-G0WuM9fqTPRc2URKP9Lgi5nhZMqsfHGrdEbrLvAPJcg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "381e92a35e2d196fdd6077680dca0cd0197e75cb", + "rev": "75a5ebf473cd60148ba9aec0d219f72e5cf52519", "type": "github" }, "original": { @@ -116,25 +147,27 @@ "simple-nixos-mailserver": { "inputs": { "blobs": "blobs", + "flake-compat": "flake-compat", "nixpkgs": [ "nixpkgs-unstable" ], - "nixpkgs-22_11": [ + "nixpkgs-22_11": "nixpkgs-22_11", + "nixpkgs-23_05": [ "nixpkgs" ], "utils": "utils" }, "locked": { - "lastModified": 1671659164, - "narHash": "sha256-DbpT+v1POwFOInbrDL+vMbYV3mVbTkMxmJ5j50QnOcA=", + "lastModified": 1686496219, + "narHash": "sha256-8zXZ/813yzaRA84js98G3XQ3GEEzFGnxhjvVyxkEey0=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "bc667fb6afc45f6cc2d118ab77658faf2227cffd", + "rev": "4966c0f63f04659015f064f2aa34b1893a16dfde", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-22.11", + "ref": "nixos-23.05", "repo": "nixos-mailserver", "type": "gitlab" } From ab08037dc9915be9d9199532438638c8cfc386dc Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 13 Jun 2023 14:05:05 +0200 Subject: [PATCH 321/474] LoutreOS: update to 23.05 and rename deprecated options --- flake.nix | 7 +++---- systems/LoutreOS/configuration.nix | 10 ++++++---- systems/LoutreOS/services.nix | 2 +- systems/LoutreOS/web.nix | 8 +++++--- 4 files changed, 15 insertions(+), 12 deletions(-) diff --git a/flake.nix b/flake.nix index e9ef1840..d6de1f25 100644 --- a/flake.nix +++ b/flake.nix @@ -1,13 +1,13 @@ { inputs = { - nixpkgs.url = "flake:nixpkgs/nixos-22.11"; + nixpkgs.url = "flake:nixpkgs/nixos-23.05"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; utils.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.3.1"; simple-nixos-mailserver = { - url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.11"; + url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05"; inputs = { nixpkgs.follows = "nixpkgs-unstable"; - nixpkgs-22_11.follows = "nixpkgs"; + nixpkgs-23_05.follows = "nixpkgs"; }; }; dogetipbot-telegram = { @@ -46,7 +46,6 @@ ]; hosts.loutreos.modules = [ - "${nixpkgs-unstable}/nixos/modules/services/web-apps/photoprism.nix" simple-nixos-mailserver.nixosModule dogetipbot-telegram.nixosModule ipmihddtemp.nixosModule diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index e292f440..49da3b01 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -22,7 +22,7 @@ supportedFilesystems = [ "zfs" ]; - tmpOnTmpfs = true; + tmp.useTmpfs = true; }; documentation.nixos.enable = false; @@ -168,9 +168,11 @@ services.openssh = { enable = true; - permitRootLogin = "no"; - passwordAuthentication = false; - forwardX11 = true; + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + X11Forwarding = true; + }; }; users = { diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index e0281049..39d1e2a2 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -62,7 +62,7 @@ in }; # Certificate setup - certificateScheme = 1; + certificateScheme = "manual"; certificateFile = "/var/lib/acme/${domaine}/fullchain.pem"; keyFile = "/var/lib/acme/${domaine}/key.pem"; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 243d4d7b..52bf0091 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -262,7 +262,7 @@ in }; }; "ci.nyanlout.re" = simpleReverse 52350; - "gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort; + "gitea.nyanlout.re" = simpleReverse config.services.gitea.settings.server.HTTP_PORT; "musique.nyanlout.re" = simpleReverse config.services.navidrome.settings.Port; "photo.nyanlout.re" = recursiveUpdate (simpleReverse config.services.photoprism.port) { locations."/" = { @@ -350,14 +350,16 @@ in gitea = { enable = true; - httpPort = 3001; - rootUrl = "https://gitea.nyanlout.re/"; database = { type = "postgres"; port = 5432; passwordFile = "/var/lib/gitea/custom/conf/database_password"; }; settings = { + server = { + HTTP_PORT = 3001; + ROOT_URL = "https://gitea.nyanlout.re/"; + }; ui.DEFAULT_THEME = "arc-green"; log.LEVEL = "Warn"; service.DISABLE_REGISTRATION = true; From 0037f3fd6d31dd4a06c83b8350ea6083a6fec556 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 13 Jun 2023 14:47:44 +0200 Subject: [PATCH 322/474] LoutreOS: replace dhcpd4 with networkd --- systems/LoutreOS/configuration.nix | 65 ++++++++++-------------------- 1 file changed, 22 insertions(+), 43 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 49da3b01..86a6a542 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -57,10 +57,6 @@ id = 100; interface = "eno1"; }; - chinoiseries = { - id = 20; - interface = "eno2"; - }; }; interfaces = { @@ -74,11 +70,6 @@ { address = "10.30.0.1"; prefixLength = 16; } ]; }; - chinoiseries = { - ipv4.addresses = [ - { address = "10.40.0.1"; prefixLength = 16; } - ]; - }; enp0s21u2.useDHCP = true; }; @@ -88,8 +79,8 @@ externalInterface = "bouygues"; # Permet d'utiliser le SNAT plus rapide au lieu de MASQUERADE # externalIP = "0.0.0.0"; - internalIPs = [ "10.30.0.0/16" "10.40.0.0/16" ]; - internalInterfaces = [ "eno2" "chinoiseries" ]; + internalIPs = [ "10.30.0.0/16" ]; + internalInterfaces = [ "eno2" ]; forwardPorts = [ { destination = "10.30.0.1:22"; proto = "tcp"; sourcePort = 8443;} { destination = "10.30.135.35:25565"; proto = "tcp"; sourcePort = 25565; loopbackIPs=[ "195.36.180.44" ];} @@ -115,6 +106,26 @@ }; systemd.network.networks = { + "40-eno2" = { + networkConfig = { + DHCPServer = true; + }; + dhcpServerConfig = { + PoolOffset = 25599; + PoolSize = 25600; + DNS = [ "89.234.141.66" "80.67.169.12" "80.67.169.40" ]; + }; + dhcpServerStaticLeases = [ + { dhcpServerStaticLeaseConfig = { MACAddress = "50:c7:bf:b6:b8:ef"; Address = "10.30.50.7"; }; } # HS110 + { dhcpServerStaticLeaseConfig = { MACAddress = "ac:1f:6b:4b:01:15"; Address = "10.30.1.1"; }; } # IPMI + { dhcpServerStaticLeaseConfig = { MACAddress = "b4:2e:99:ed:24:26"; Address = "10.30.50.1"; }; } # paul-fixe + + #ESPHome + { dhcpServerStaticLeaseConfig = { MACAddress = "e0:98:06:85:e9:ce"; Address = "10.30.40.1"; }; } # salonled + { dhcpServerStaticLeaseConfig = { MACAddress = "e0:98:06:86:38:fc"; Address = "10.30.40.2"; }; } # bureauled + { dhcpServerStaticLeaseConfig = { MACAddress = "50:02:91:78:be:be"; Address = "10.30.40.3"; }; } # guirlande + ]; + }; "40-bouygues" = { dhcpV4Config.RouteMetric = 1; dhcpV6Config = { @@ -130,38 +141,6 @@ "40-enp0s21u2".dhcpV4Config.RouteMetric = 1024; }; - services.dhcpd4 = { - enable = true; - interfaces = [ "eno2" "chinoiseries" ]; - machines = [ - { ethernetAddress = "50:c7:bf:b6:b8:ef"; hostName = "HS110"; ipAddress = "10.30.50.7"; } - { ethernetAddress = "ac:1f:6b:4b:01:15"; hostName = "IPMI"; ipAddress = "10.30.1.1"; } - { ethernetAddress = "b4:2e:99:ed:24:26"; hostName = "paul-fixe"; ipAddress = "10.30.50.1"; } - - #ESPHome - { ethernetAddress = "e0:98:06:85:e9:ce"; hostName = "salonled"; ipAddress = "10.30.40.1"; } - { ethernetAddress = "e0:98:06:86:38:fc"; hostName = "bureauled"; ipAddress = "10.30.40.2"; } - { ethernetAddress = "50:02:91:78:be:be"; hostName = "guirlande"; ipAddress = "10.30.40.3"; } - - # YeeLights - { ethernetAddress = "04:cf:8c:b5:7e:18"; hostName = "yeelink-light-color3_miap7e18"; ipAddress = "10.40.249.0"; } - { ethernetAddress = "04:cf:8c:b5:2d:28"; hostName = "yeelink-light-color3_miap2d28"; ipAddress = "10.40.249.1"; } - { ethernetAddress = "04:cf:8c:b5:71:04"; hostName = "yeelink-light-color3_miap7104"; ipAddress = "10.40.249.2"; } - ]; - extraConfig = '' - option domain-name-servers 89.234.141.66, 80.67.169.12, 80.67.169.40; - option subnet-mask 255.255.0.0; - subnet 10.30.0.0 netmask 255.255.0.0 { - option routers 10.30.0.1; - range 10.30.100.0 10.30.200.0; - } - subnet 10.40.0.0 netmask 255.255.0.0 { - option routers 10.40.0.1; - range 10.40.100.0 10.40.200.0; - } - ''; - }; - nixpkgs.overlays = [ (import ../../overlays/transmission.nix) ]; From 1612f543dcc3ad7739f97a8b5b4915f17adcd3e9 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 13 Jun 2023 16:19:14 +0200 Subject: [PATCH 323/474] Revert "LoutreOS: replace dhcpd4 with networkd" This reverts commit 0037f3fd6d31dd4a06c83b8350ea6083a6fec556. --- systems/LoutreOS/configuration.nix | 43 ++++++++++++++++-------------- 1 file changed, 23 insertions(+), 20 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 86a6a542..720c7d72 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -106,26 +106,6 @@ }; systemd.network.networks = { - "40-eno2" = { - networkConfig = { - DHCPServer = true; - }; - dhcpServerConfig = { - PoolOffset = 25599; - PoolSize = 25600; - DNS = [ "89.234.141.66" "80.67.169.12" "80.67.169.40" ]; - }; - dhcpServerStaticLeases = [ - { dhcpServerStaticLeaseConfig = { MACAddress = "50:c7:bf:b6:b8:ef"; Address = "10.30.50.7"; }; } # HS110 - { dhcpServerStaticLeaseConfig = { MACAddress = "ac:1f:6b:4b:01:15"; Address = "10.30.1.1"; }; } # IPMI - { dhcpServerStaticLeaseConfig = { MACAddress = "b4:2e:99:ed:24:26"; Address = "10.30.50.1"; }; } # paul-fixe - - #ESPHome - { dhcpServerStaticLeaseConfig = { MACAddress = "e0:98:06:85:e9:ce"; Address = "10.30.40.1"; }; } # salonled - { dhcpServerStaticLeaseConfig = { MACAddress = "e0:98:06:86:38:fc"; Address = "10.30.40.2"; }; } # bureauled - { dhcpServerStaticLeaseConfig = { MACAddress = "50:02:91:78:be:be"; Address = "10.30.40.3"; }; } # guirlande - ]; - }; "40-bouygues" = { dhcpV4Config.RouteMetric = 1; dhcpV6Config = { @@ -141,6 +121,29 @@ "40-enp0s21u2".dhcpV4Config.RouteMetric = 1024; }; + services.dhcpd4 = { + enable = true; + interfaces = [ "eno2" ]; + machines = [ + { ethernetAddress = "50:c7:bf:b6:b8:ef"; hostName = "HS110"; ipAddress = "10.30.50.7"; } + { ethernetAddress = "ac:1f:6b:4b:01:15"; hostName = "IPMI"; ipAddress = "10.30.1.1"; } + { ethernetAddress = "b4:2e:99:ed:24:26"; hostName = "paul-fixe"; ipAddress = "10.30.50.1"; } + + #ESPHome + { ethernetAddress = "e0:98:06:85:e9:ce"; hostName = "salonled"; ipAddress = "10.30.40.1"; } + { ethernetAddress = "e0:98:06:86:38:fc"; hostName = "bureauled"; ipAddress = "10.30.40.2"; } + { ethernetAddress = "50:02:91:78:be:be"; hostName = "guirlande"; ipAddress = "10.30.40.3"; } + ]; + extraConfig = '' + option domain-name-servers 89.234.141.66, 80.67.169.12, 80.67.169.40; + option subnet-mask 255.255.0.0; + subnet 10.30.0.0 netmask 255.255.0.0 { + option routers 10.30.0.1; + range 10.30.100.0 10.30.200.0; + } + ''; + }; + nixpkgs.overlays = [ (import ../../overlays/transmission.nix) ]; From c9f1186eb7522d122dd46878052d25b841228802 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 13 Jun 2023 16:28:45 +0200 Subject: [PATCH 324/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d3bb401dcfc5a46ce51cdfb5762e70cc75d082d2' (2023-06-10) → 'github:NixOS/nixpkgs/bb8b5735d6f7e06b9ddd27de115b0600c1ffbdb4' (2023-06-11) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index b72ec571..1c16b890 100644 --- a/flake.lock +++ b/flake.lock @@ -91,11 +91,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1686431482, - "narHash": "sha256-oPVQ/0YP7yC2ztNsxvWLrV+f0NQ2QAwxbrZ+bgGydEM=", + "lastModified": 1686513595, + "narHash": "sha256-H3JNqj7TEiMx5rd8lRiONvgFZvmf3kmwHI2umDdqgFY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d3bb401dcfc5a46ce51cdfb5762e70cc75d082d2", + "rev": "bb8b5735d6f7e06b9ddd27de115b0600c1ffbdb4", "type": "github" }, "original": { From afe53131ad18f5d0b1732048a17ae1673cb95a59 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 13 Jun 2023 16:32:29 +0200 Subject: [PATCH 325/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'dogetipbot-telegram': 'gitlab:nyanloutre/dogetipbot-telegram/e781adbbeda8aa0cbaef47558fc28f9e1dd162fb' (2021-11-02) → 'gitlab:nyanloutre/dogetipbot-telegram/de99d17926f5c62be6fa20484669ae13bf42a30a' (2023-06-13) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 1c16b890..d0a48ca4 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ ] }, "locked": { - "lastModified": 1635873573, - "narHash": "sha256-KcrFb8HSNcVTtYNXoUwZxW531cQn6T3YBU6Goo5G9mo=", + "lastModified": 1686666491, + "narHash": "sha256-6MjpVRB9OlHYaVyF0miA5M2nwYA+rjFaNx7R7Vtoy8c=", "owner": "nyanloutre", "repo": "dogetipbot-telegram", - "rev": "e781adbbeda8aa0cbaef47558fc28f9e1dd162fb", + "rev": "de99d17926f5c62be6fa20484669ae13bf42a30a", "type": "gitlab" }, "original": { From 9d55820d77dd57b700c45a151cd51c4b17e9eb04 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 13 Jun 2023 16:37:42 +0200 Subject: [PATCH 326/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'dogetipbot-telegram': 'gitlab:nyanloutre/dogetipbot-telegram/de99d17926f5c62be6fa20484669ae13bf42a30a' (2023-06-13) → 'gitlab:nyanloutre/dogetipbot-telegram/134eb1ca05cb64fa2185c9f80056aa8cb2207872' (2023-06-13) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index d0a48ca4..eb53351e 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ ] }, "locked": { - "lastModified": 1686666491, - "narHash": "sha256-6MjpVRB9OlHYaVyF0miA5M2nwYA+rjFaNx7R7Vtoy8c=", + "lastModified": 1686667052, + "narHash": "sha256-o8Pz8dwgclryP8+hhKxgwfi3T9jouJ9R846dfwAMASg=", "owner": "nyanloutre", "repo": "dogetipbot-telegram", - "rev": "de99d17926f5c62be6fa20484669ae13bf42a30a", + "rev": "134eb1ca05cb64fa2185c9f80056aa8cb2207872", "type": "gitlab" }, "original": { From de4fc8b6823de3e01dda4465f87cf5e9d56d9bc3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 13 Jun 2023 16:44:07 +0200 Subject: [PATCH 327/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'dogetipbot-telegram': 'gitlab:nyanloutre/dogetipbot-telegram/134eb1ca05cb64fa2185c9f80056aa8cb2207872' (2023-06-13) → 'gitlab:nyanloutre/dogetipbot-telegram/df4062f9e6dc2ebf9f5ecea27766a3189df06851' (2023-06-13) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index eb53351e..2b483945 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ ] }, "locked": { - "lastModified": 1686667052, - "narHash": "sha256-o8Pz8dwgclryP8+hhKxgwfi3T9jouJ9R846dfwAMASg=", + "lastModified": 1686667442, + "narHash": "sha256-lJJFjj7MEGbqQbpNQSrhVhe40jorKL9B5oyGXp5iZWc=", "owner": "nyanloutre", "repo": "dogetipbot-telegram", - "rev": "134eb1ca05cb64fa2185c9f80056aa8cb2207872", + "rev": "df4062f9e6dc2ebf9f5ecea27766a3189df06851", "type": "gitlab" }, "original": { From ccb1ffebfeca1b30b50fad930c1ce9701458de4a Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 13 Jun 2023 16:50:57 +0200 Subject: [PATCH 328/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'dogetipbot-telegram': 'gitlab:nyanloutre/dogetipbot-telegram/df4062f9e6dc2ebf9f5ecea27766a3189df06851' (2023-06-13) → 'gitlab:nyanloutre/dogetipbot-telegram/9fa9fd3215d6b8a16af59cf6b33cde047e64b0a7' (2023-06-13) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 2b483945..8f030f48 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ ] }, "locked": { - "lastModified": 1686667442, - "narHash": "sha256-lJJFjj7MEGbqQbpNQSrhVhe40jorKL9B5oyGXp5iZWc=", + "lastModified": 1686667851, + "narHash": "sha256-eaAckl4z80kqWlE75rE3qqEiYOk7JD91BcUXpCfmnaM=", "owner": "nyanloutre", "repo": "dogetipbot-telegram", - "rev": "df4062f9e6dc2ebf9f5ecea27766a3189df06851", + "rev": "9fa9fd3215d6b8a16af59cf6b33cde047e64b0a7", "type": "gitlab" }, "original": { From 7c45822d7dcdf02e79bfa05cf6c9eaaed2ac9f21 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 13 Jun 2023 16:53:42 +0200 Subject: [PATCH 329/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'dogetipbot-telegram': 'gitlab:nyanloutre/dogetipbot-telegram/9fa9fd3215d6b8a16af59cf6b33cde047e64b0a7' (2023-06-13) → 'gitlab:nyanloutre/dogetipbot-telegram/e1b7b838a2863cb88f034ebed2fd74e1971bc962' (2023-06-13) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 8f030f48..07f00c1b 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ ] }, "locked": { - "lastModified": 1686667851, - "narHash": "sha256-eaAckl4z80kqWlE75rE3qqEiYOk7JD91BcUXpCfmnaM=", + "lastModified": 1686668016, + "narHash": "sha256-ET9wTbouCiD64fhMIL7MTXqLY8mh/Zqt9xUJkx6HmRk=", "owner": "nyanloutre", "repo": "dogetipbot-telegram", - "rev": "9fa9fd3215d6b8a16af59cf6b33cde047e64b0a7", + "rev": "e1b7b838a2863cb88f034ebed2fd74e1971bc962", "type": "gitlab" }, "original": { From 2ff32860e578503d62afe90005a8802ee1fea44f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 13 Jun 2023 16:56:23 +0200 Subject: [PATCH 330/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'dogetipbot-telegram': 'gitlab:nyanloutre/dogetipbot-telegram/e1b7b838a2863cb88f034ebed2fd74e1971bc962' (2023-06-13) → 'gitlab:nyanloutre/dogetipbot-telegram/baafc544b59db91dbe9466565e2f224e3aa76f7b' (2023-06-13) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 07f00c1b..ce3f14dd 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ ] }, "locked": { - "lastModified": 1686668016, - "narHash": "sha256-ET9wTbouCiD64fhMIL7MTXqLY8mh/Zqt9xUJkx6HmRk=", + "lastModified": 1686668177, + "narHash": "sha256-sr4VMrsUG3ePrk8HNL2OeQ/gDqqnGRjzzzDSxRf65lo=", "owner": "nyanloutre", "repo": "dogetipbot-telegram", - "rev": "e1b7b838a2863cb88f034ebed2fd74e1971bc962", + "rev": "baafc544b59db91dbe9466565e2f224e3aa76f7b", "type": "gitlab" }, "original": { From 2d8a066fd7fe980ec183a1ece79f7920bf92fc70 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 22 Jun 2023 18:11:10 +0200 Subject: [PATCH 331/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'dogetipbot-telegram': 'gitlab:nyanloutre/dogetipbot-telegram/baafc544b59db91dbe9466565e2f224e3aa76f7b' (2023-06-13) → 'gitlab:nyanloutre/dogetipbot-telegram/d7970444d7b9b602b55aa67f5e593d41e97d12cf' (2023-06-13) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/bb8b5735d6f7e06b9ddd27de115b0600c1ffbdb4' (2023-06-11) → 'github:NixOS/nixpkgs/b6c73c5fe53bb3afbf65e870541e0645e9145171' (2023-06-20) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/75a5ebf473cd60148ba9aec0d219f72e5cf52519' (2023-06-11) → 'github:NixOS/nixpkgs/04af42f3b31dba0ef742d254456dc4c14eedac86' (2023-06-17) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index ce3f14dd..ca01781c 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ ] }, "locked": { - "lastModified": 1686668177, - "narHash": "sha256-sr4VMrsUG3ePrk8HNL2OeQ/gDqqnGRjzzzDSxRf65lo=", + "lastModified": 1686669604, + "narHash": "sha256-xoPWq1PMEGauyZfVDx85kWERWlCZ2KWgFZSw7Fdx7Ns=", "owner": "nyanloutre", "repo": "dogetipbot-telegram", - "rev": "baafc544b59db91dbe9466565e2f224e3aa76f7b", + "rev": "d7970444d7b9b602b55aa67f5e593d41e97d12cf", "type": "gitlab" }, "original": { @@ -91,11 +91,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1686513595, - "narHash": "sha256-H3JNqj7TEiMx5rd8lRiONvgFZvmf3kmwHI2umDdqgFY=", + "lastModified": 1687288566, + "narHash": "sha256-VckkiJ88Gzdc2cstm0z5eFcrHbvkm4VjxavHBGssvZI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bb8b5735d6f7e06b9ddd27de115b0600c1ffbdb4", + "rev": "b6c73c5fe53bb3afbf65e870541e0645e9145171", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1686501370, - "narHash": "sha256-G0WuM9fqTPRc2URKP9Lgi5nhZMqsfHGrdEbrLvAPJcg=", + "lastModified": 1686960236, + "narHash": "sha256-AYCC9rXNLpUWzD9hm+askOfpliLEC9kwAo7ITJc4HIw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "75a5ebf473cd60148ba9aec0d219f72e5cf52519", + "rev": "04af42f3b31dba0ef742d254456dc4c14eedac86", "type": "github" }, "original": { From 1a525bb29a65a0100be84056307c010b7d463853 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 22 Jun 2023 18:19:40 +0200 Subject: [PATCH 332/474] replace chromium with brave and disable netdata --- systems/PC-Fixe/configuration.nix | 2 -- systems/common-gui.nix | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 02de5cea..9c246602 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -119,8 +119,6 @@ ]; }; - services.netdata.enable = true; - services.openssh.enable = true; services.openssh.passwordAuthentication = false; services.openssh.forwardX11 = true; diff --git a/systems/common-gui.nix b/systems/common-gui.nix index 62e74b6b..068afaee 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -23,7 +23,7 @@ firefox tor-browser-bundle-bin - chromium + brave tdesktop element-desktop From 0c8a0c3854f1e452baa9aeb9017c850e45af5f9f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 22 Jun 2023 18:40:32 +0200 Subject: [PATCH 333/474] LoutreOS: replace zha with zigbee2mqtt --- systems/LoutreOS/services.nix | 357 +++++++--------------------------- systems/LoutreOS/web.nix | 5 + 2 files changed, 70 insertions(+), 292 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 39d1e2a2..81f4f919 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -182,6 +182,66 @@ in enable = true; }; + mosquitto = { + enable = true; + listeners = [ + { + acl = [ "pattern readwrite #" ]; + omitPasswordAuth = true; + address = "127.0.0.1"; + settings.allow_anonymous = true; + } + ]; + }; + + zigbee2mqtt = { + enable = true; + settings = { + mqtt = { + server = "mqtt://${(head config.services.mosquitto.listeners).address}:${toString (head config.services.mosquitto.listeners).port}"; + }; + frontend = { + port = 8080; + host = "127.0.0.1"; + url = "https://zigbee.nyanlout.re"; + }; + groups = { + "101" = { + friendly_name = "salon"; + devices = [ + "0x94deb8fffe760f3d" + ]; + }; + "102" = { + friendly_name = "cuisine"; + devices = [ + "0x003c84fffe6d9ee6" + ]; + }; + "103" = { + friendly_name = "entrée"; + devices = [ + "0x84ba20fffe5ec243" + ]; + }; + "104" = { + friendly_name = "tout"; + devices = [ + "0x94deb8fffe760f3d" + "0x003c84fffe6d9ee6" + "0x84ba20fffe5ec243" + ]; + }; + "107" = { + friendly_name = "chambre"; + devices = [ + "0x84ba20fffe5eb120" + ]; + }; + }; + }; + }; + home-assistant = { enable = true; extraComponents = [ @@ -192,37 +252,26 @@ in config = { default_config = {}; homeassistant = { + country = "FR"; latitude = 48.60038; longitude = 7.74063; elevation = 146; }; meteo_france = null; - #influxdb = null; - #config = null; - #dhcp = null; - #frontend = null; - #history = null; http = { use_x_forwarded_for = true; trusted_proxies = [ "127.0.0.1" ]; }; - #logbook = null; - #map = null; - #mobile_app = null; - #person = null; - #script = null; - #sun = null; - #system_health = null; - zha = null; + mqtt = null; esphome = null; light = [ { platform = "group"; name = "Salon"; entities = [ - "light.ikea_of_sweden_tradfri_bulb_e27_cws_806lm_e69e6dfe_level_light_color_on_off" - "light.ikea_of_sweden_tradfri_bulb_e27_cws_806lm_43c25efe_level_light_color_on_off" - "light.ikea_of_sweden_tradfri_bulb_e27_cws_806lm_3d0f76fe_level_light_color_on_off" + "light.salon_light" + "light.cuisine_light" + "light.entree_light" ]; } ]; @@ -267,282 +316,6 @@ in # }; # } #]; - #switch = [ - # { - # platform = "wake_on_lan"; - # name = "PC Fixe"; - # mac = "b4:2e:99:ed:24:26"; - # host = "10.30.135.71"; - # broadcast_address = "10.30.255.255"; - # } - #]; - #device_tracker = [ - # { - # platform = "ping"; - # hosts = { telephone_paul = "10.30.50.2"; }; - # } - #]; - #scene = [ - # { - # name = "Movie"; - # icon = "mdi:movie-open"; - # entities = { - # "light.salon" = { - # state = "on"; - # xy_color = [0.299 0.115]; - # brightness = 50; - # }; - # "light.bande_led_tv" = { - # state = "on"; - # effect = "Movie"; - # brightness = 180; - # }; - # "light.bande_led_bureau" = { - # state = "on"; - # xy_color = [0.299 0.115]; - # brightness = 130; - # }; - # }; - # } - # { - # name = "Home"; - # icon = "mdi:home"; - # entities = { - # "light.salon" = { - # state = "on"; - # kelvin = 2700; - # brightness = 255; - # }; - # }; - # } - # { - # name = "Night"; - # icon = "mdi:weather-night"; - # entities = { - # "light.salon" = { - # state = "off"; - # }; - # "light.bande_led_tv" = { - # state = "off"; - # }; - # "light.bande_led_bureau" = { - # state = "off"; - # }; - # "light.chambre" = { - # state = "on"; - # kelvin = 1900; - # brightness = 50; - # }; - # }; - # } - #]; - #automation = let - # min_sun_elevation = 4; - - # switch_chambre = { - # domain = "zha"; - # platform = "device"; - # device_id = "3329ecdcad244e5e8fc0f4b96d52ffe1"; - # }; - - # switch_entree = { - # domain = "zha"; - # platform = "device"; - # device_id = "7cd814190ec543dba76a7aa7e7996c41"; - # }; - - # remote = { - # domain = "zha"; - # platform = "device"; - # device_id = "d1230b76264e483388a8fdaad4f44143"; - # }; - #in [ - # # ENTREE - - # { - # alias = "Aziz lumière"; - # trigger = [ - # { - # platform = "numeric_state"; - # entity_id = "sun.sun"; - # value_template = "{{ state.attributes.elevation }}"; - # below = min_sun_elevation; - # } - # ]; - # condition = [ - # { - # condition = "state"; - # entity_id = "person.paul"; - # state = "home"; - # } - # # Sun below max elevation - # { - # condition = "template"; - # value_template = "{{ state_attr('sun.sun', 'elevation') < ${toString min_sun_elevation} }}"; - # } - # ]; - # action = { - # scene = "scene.home"; - # }; - # } - # { - # alias = "Aziz lumière switch"; - # trigger = { - # type = "remote_button_short_press"; - # subtype = "turn_on"; - # } // switch_entree; - # action = { - # scene = "scene.home"; - # }; - # } - # { - # alias = "Adios"; - # trigger = [ - # { - # platform = "state"; - # entity_id = "person.paul"; - # to = "not_home"; - # } - # ({ - # type = "remote_button_short_press"; - # subtype = "turn_off"; - # } // switch_entree) - # ]; - # action = [ - # { - # service = "light.turn_off"; - # entity_id = "all"; - # } - # { - # service = "media_player.turn_off"; - # entity_id = "all"; - # } - # ]; - # } - - # # REMOTE - - # { - # alias = "Button toggle"; - # trigger = { - # type = "remote_button_short_press"; - # subtype = "turn_on"; - # } // remote; - # action = { - # choose = { - # conditions = { - # condition = "template"; - # value_template = '' - # {% set domain = 'light' %} - # {% set state = 'off' %} - # {{ states[domain] | count == states[domain] | selectattr('state','eq',state) | list | count }} - # ''; - # }; - # sequence = { - # scene = "scene.home"; - # }; - # }; - # default = { - # service = "light.turn_off"; - # entity_id = "all"; - # }; - # }; - # } - # { - # alias = "Button scene movie"; - # trigger = { - # type = "remote_button_short_press"; - # subtype = "right"; - # } // remote; - # action = { - # scene = "scene.movie"; - # }; - # } - # { - # alias = "Button scene home"; - # trigger = { - # type = "remote_button_short_press"; - # subtype = "left"; - # } // remote; - # action = { - # scene = "scene.home"; - # }; - # } - # { - # alias = "Button light up"; - # trigger = { - # type = "remote_button_short_press"; - # subtype = "dim_up"; - # } // remote; - # action = { - # service = "light.turn_on"; - # entity_id = "light.salon"; - # data = { - # brightness_step = 25; - # }; - # }; - # } - # { - # alias = "Button light down"; - # trigger = { - # type = "remote_button_short_press"; - # subtype = "dim_down"; - # } // remote; - # action = { - # service = "light.turn_on"; - # entity_id = "light.salon"; - # data = { - # brightness_step = -25; - # }; - # }; - # } - - # # CHAMBRE - - # { - # alias = "Button scene night"; - # trigger = { - # type = "remote_button_short_press"; - # subtype = "turn_on"; - # } // switch_chambre; - # action = { - # scene = "scene.night"; - # }; - # } - # { - # alias = "Button scene dodo"; - # trigger = { - # type = "remote_button_short_press"; - # subtype = "turn_off"; - # } // switch_chambre; - # action = { - # service = "light.turn_off"; - # entity_id = "all"; - # }; - # } - # { - # alias = "Button scene lumière chambre ON"; - # trigger = { - # type = "remote_button_long_press"; - # subtype = "dim_up"; - # } // switch_chambre; - # action = { - # service = "light.turn_on"; - # entity_id = "light.chambre"; - # }; - # } - # { - # alias = "Button scene lumière chambre OFF"; - # trigger = { - # type = "remote_button_long_press"; - # subtype = "dim_down"; - # } // switch_chambre; - # action = { - # service = "light.turn_off"; - # entity_id = "light.chambre"; - # }; - # } - #]; }; }; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 52bf0091..b2bfa85a 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -269,6 +269,11 @@ in proxyWebsockets = true; }; }; + "zigbee.nyanlout.re" = recursiveUpdate (authReverse config.services.zigbee2mqtt.settings.frontend.port) { + locations."/" = { + proxyWebsockets = true; + }; + }; "apart.nyanlout.re" = recursiveUpdate (simpleReverse config.services.home-assistant.config.http.server_port) { locations."/" = { proxyWebsockets = true; From dad1bd43a15abb0b84ce59bb56f3715f3cf77711 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 29 Jun 2023 10:51:44 +0200 Subject: [PATCH 334/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/b6c73c5fe53bb3afbf65e870541e0645e9145171' (2023-06-20) → 'github:NixOS/nixpkgs/9790f3242da2152d5aa1976e3e4b8b414f4dd206' (2023-06-27) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/04af42f3b31dba0ef742d254456dc4c14eedac86' (2023-06-17) → 'github:NixOS/nixpkgs/e18dc963075ed115afb3e312b64643bf8fd4b474' (2023-06-27) • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/4966c0f63f04659015f064f2aa34b1893a16dfde' (2023-06-11) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/24128c3052090311688b09a400aa408ba61c6ee5' (2023-06-22) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index ca01781c..448abd66 100644 --- a/flake.lock +++ b/flake.lock @@ -91,11 +91,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1687288566, - "narHash": "sha256-VckkiJ88Gzdc2cstm0z5eFcrHbvkm4VjxavHBGssvZI=", + "lastModified": 1687829761, + "narHash": "sha256-QRe1Y8SS3M4GeC58F/6ajz6V0ZLUVWX3ZAMgov2N3/g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b6c73c5fe53bb3afbf65e870541e0645e9145171", + "rev": "9790f3242da2152d5aa1976e3e4b8b414f4dd206", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1686960236, - "narHash": "sha256-AYCC9rXNLpUWzD9hm+askOfpliLEC9kwAo7ITJc4HIw=", + "lastModified": 1687898314, + "narHash": "sha256-B4BHon3uMXQw8ZdbwxRK1BmxVOGBV4viipKpGaIlGwk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "04af42f3b31dba0ef742d254456dc4c14eedac86", + "rev": "e18dc963075ed115afb3e312b64643bf8fd4b474", "type": "github" }, "original": { @@ -158,11 +158,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1686496219, - "narHash": "sha256-8zXZ/813yzaRA84js98G3XQ3GEEzFGnxhjvVyxkEey0=", + "lastModified": 1687462267, + "narHash": "sha256-rNSputjn/0HEHHnsKfQ8mQVEPVchcBw7DsbND7Wg8dk=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "4966c0f63f04659015f064f2aa34b1893a16dfde", + "rev": "24128c3052090311688b09a400aa408ba61c6ee5", "type": "gitlab" }, "original": { From 9c1c0d8e761ceb80bce139e865971a5db25da516 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 29 Jun 2023 10:54:22 +0200 Subject: [PATCH 335/474] add challenge amandoline website --- systems/LoutreOS/web.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index b2bfa85a..0d829342 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -342,6 +342,9 @@ in forceSSL = true; globalRedirect = "amandoline-creations.fr"; }; + "challenge.amandoline-creations.fr" = base { + "/".alias = "/var/www/amandoline-challenge/"; + }; }; }; From 4274d2d0863e8dbe4214422a43996b854adefe6b Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 7 Aug 2023 20:11:32 +0200 Subject: [PATCH 336/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/9790f3242da2152d5aa1976e3e4b8b414f4dd206' (2023-06-27) → 'github:NixOS/nixpkgs/61676e4dcfeeb058f255294bcb08ea7f3bc3ce56' (2023-08-06) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/e18dc963075ed115afb3e312b64643bf8fd4b474' (2023-06-27) → 'github:NixOS/nixpkgs/5a8e9243812ba528000995b294292d3b5e120947' (2023-08-07) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 448abd66..6e33a0c6 100644 --- a/flake.lock +++ b/flake.lock @@ -91,11 +91,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1687829761, - "narHash": "sha256-QRe1Y8SS3M4GeC58F/6ajz6V0ZLUVWX3ZAMgov2N3/g=", + "lastModified": 1691328192, + "narHash": "sha256-w59N1zyDQ7SupfMJLFvtms/SIVbdryqlw5AS4+DiH+Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9790f3242da2152d5aa1976e3e4b8b414f4dd206", + "rev": "61676e4dcfeeb058f255294bcb08ea7f3bc3ce56", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1687898314, - "narHash": "sha256-B4BHon3uMXQw8ZdbwxRK1BmxVOGBV4viipKpGaIlGwk=", + "lastModified": 1691368598, + "narHash": "sha256-ia7li22keBBbj02tEdqjVeLtc7ZlSBuhUk+7XTUFr14=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e18dc963075ed115afb3e312b64643bf8fd4b474", + "rev": "5a8e9243812ba528000995b294292d3b5e120947", "type": "github" }, "original": { From f7cf15be336abb6b0aa2bfefec09a18242bba7e0 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 7 Aug 2023 23:27:36 +0200 Subject: [PATCH 337/474] GUI: disable unused apps --- systems/common-gui.nix | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/systems/common-gui.nix b/systems/common-gui.nix index 068afaee..0a5a33da 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -62,7 +62,6 @@ obs-studio vlc mpv - jellyfin-mpv-shim kdenlive glxinfo @@ -118,17 +117,7 @@ desktopManager.plasma5.enable = true; }; udev.packages = with pkgs; [ ledger-udev-rules ]; - pcscd = { - enable = true; - plugins = [ - (pkgs.ccid.overrideAttrs (oldAttrs: rec { - preBuild = '' - echo "0x2C97:0x0001:Ledger Token" >> ./readers/supported_readers.txt - ''; - }) - ) - ]; - }; + pcscd.enable = true; }; environment.etc = { From bb43809bbddc23c3a57968cffd39c7f455a49fdf Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 12 Aug 2023 00:14:12 +0200 Subject: [PATCH 338/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/61676e4dcfeeb058f255294bcb08ea7f3bc3ce56' (2023-08-06) → 'github:NixOS/nixpkgs/9034b46dc4c7596a87ab837bb8a07ef2d887e8c7' (2023-08-09) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/5a8e9243812ba528000995b294292d3b5e120947' (2023-08-07) → 'github:NixOS/nixpkgs/ce5e4a6ef2e59d89a971bc434ca8ca222b9c7f5e' (2023-08-10) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 6e33a0c6..bc701090 100644 --- a/flake.lock +++ b/flake.lock @@ -91,11 +91,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1691328192, - "narHash": "sha256-w59N1zyDQ7SupfMJLFvtms/SIVbdryqlw5AS4+DiH+Y=", + "lastModified": 1691592289, + "narHash": "sha256-Lqpw7lrXlLkYra33tp57ms8tZ0StWhbcl80vk4D90F8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "61676e4dcfeeb058f255294bcb08ea7f3bc3ce56", + "rev": "9034b46dc4c7596a87ab837bb8a07ef2d887e8c7", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1691368598, - "narHash": "sha256-ia7li22keBBbj02tEdqjVeLtc7ZlSBuhUk+7XTUFr14=", + "lastModified": 1691654369, + "narHash": "sha256-gSILTEx1jRaJjwZxRlnu3ZwMn1FVNk80qlwiCX8kmpo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5a8e9243812ba528000995b294292d3b5e120947", + "rev": "ce5e4a6ef2e59d89a971bc434ca8ca222b9c7f5e", "type": "github" }, "original": { From afac2029e28bda8d34781ada64a15622b0b365e1 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 15 Aug 2023 23:37:58 +0200 Subject: [PATCH 339/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/9034b46dc4c7596a87ab837bb8a07ef2d887e8c7' (2023-08-09) → 'github:NixOS/nixpkgs/09a137528c3aea3780720d19f99cd706f52c3823' (2023-08-14) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/ce5e4a6ef2e59d89a971bc434ca8ca222b9c7f5e' (2023-08-10) → 'github:NixOS/nixpkgs/6e287913f7b1ef537c97aa301b67c34ea46b640f' (2023-08-14) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index bc701090..468f0b54 100644 --- a/flake.lock +++ b/flake.lock @@ -91,11 +91,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1691592289, - "narHash": "sha256-Lqpw7lrXlLkYra33tp57ms8tZ0StWhbcl80vk4D90F8=", + "lastModified": 1692025715, + "narHash": "sha256-tsRiiopGT7HA8d/cuk5xYBRXgdnnvD+JhUGUe3x7vmY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9034b46dc4c7596a87ab837bb8a07ef2d887e8c7", + "rev": "09a137528c3aea3780720d19f99cd706f52c3823", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1691654369, - "narHash": "sha256-gSILTEx1jRaJjwZxRlnu3ZwMn1FVNk80qlwiCX8kmpo=", + "lastModified": 1691990649, + "narHash": "sha256-gMbKOiX1HwClRP9lADaaV/lnZr93NEaOFe4ApDx/zd8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ce5e4a6ef2e59d89a971bc434ca8ca222b9c7f5e", + "rev": "6e287913f7b1ef537c97aa301b67c34ea46b640f", "type": "github" }, "original": { From cbe429a351f6227dcca0edcf769148db5b24d289 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 15 Aug 2023 23:46:29 +0200 Subject: [PATCH 340/474] hotfix failed build --- flake.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/flake.nix b/flake.nix index d6de1f25..703805ae 100644 --- a/flake.nix +++ b/flake.nix @@ -36,6 +36,14 @@ # }) # ]; + channels.nixpkgs-unstable.patches = [ + (nixpkgs-unstable.legacyPackages."x86_64-linux".fetchpatch { + name = "249059.patch"; + url = "https://github.com/NixOS/nixpkgs/commit/7957b4cfd79a6b7871d31e5acd84f75fc3e7ca59.patch"; + sha256 = "sha256-Ue9qzggPooVSgyzJiPhQm7+79L5d7IYX3fAXmYjTTiE="; + }) + ]; + hostDefaults.modules = [ nixpkgs.nixosModules.notDetected { From d898b83cd0670598ba28cab228e57c1cae809a26 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 16 Aug 2023 20:35:44 +0200 Subject: [PATCH 341/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/09a137528c3aea3780720d19f99cd706f52c3823' (2023-08-14) → 'github:NixOS/nixpkgs/bfd953b2c6de4f550f75461bcc5768b6f966be10' (2023-08-15) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/6e287913f7b1ef537c97aa301b67c34ea46b640f' (2023-08-14) → 'github:NixOS/nixpkgs/caac0eb6bdcad0b32cb2522e03e4002c8975c62e' (2023-08-16) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 468f0b54..8ffbb7ca 100644 --- a/flake.lock +++ b/flake.lock @@ -91,11 +91,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1692025715, - "narHash": "sha256-tsRiiopGT7HA8d/cuk5xYBRXgdnnvD+JhUGUe3x7vmY=", + "lastModified": 1692134936, + "narHash": "sha256-Z68O969cioC6I3k/AFBxsuEwpJwt4l9fzwuAMUhCCs0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "09a137528c3aea3780720d19f99cd706f52c3823", + "rev": "bfd953b2c6de4f550f75461bcc5768b6f966be10", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1691990649, - "narHash": "sha256-gMbKOiX1HwClRP9lADaaV/lnZr93NEaOFe4ApDx/zd8=", + "lastModified": 1692174805, + "narHash": "sha256-xmNPFDi/AUMIxwgOH/IVom55Dks34u1g7sFKKebxUm0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6e287913f7b1ef537c97aa301b67c34ea46b640f", + "rev": "caac0eb6bdcad0b32cb2522e03e4002c8975c62e", "type": "github" }, "original": { From 317b1a24e600b695faadd626fb71f6c0673558ee Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 16 Aug 2023 20:37:06 +0200 Subject: [PATCH 342/474] remove hotfix --- flake.nix | 8 -------- 1 file changed, 8 deletions(-) diff --git a/flake.nix b/flake.nix index 703805ae..d6de1f25 100644 --- a/flake.nix +++ b/flake.nix @@ -36,14 +36,6 @@ # }) # ]; - channels.nixpkgs-unstable.patches = [ - (nixpkgs-unstable.legacyPackages."x86_64-linux".fetchpatch { - name = "249059.patch"; - url = "https://github.com/NixOS/nixpkgs/commit/7957b4cfd79a6b7871d31e5acd84f75fc3e7ca59.patch"; - sha256 = "sha256-Ue9qzggPooVSgyzJiPhQm7+79L5d7IYX3fAXmYjTTiE="; - }) - ]; - hostDefaults.modules = [ nixpkgs.nixosModules.notDetected { From 15cc0c9d0d7426c09123fa73517e8b85862cc48f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 16 Aug 2023 20:47:28 +0200 Subject: [PATCH 343/474] rename old options --- systems/PC-Fixe/configuration.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 9c246602..06a816c3 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -26,7 +26,7 @@ "acpi_enforce_resources=lax" "zfs.zfs_arc_max=2147483648" ]; - boot.tmpOnTmpfs = false; + boot.tmp.useTmpfs = false; boot.supportedFilesystems = [ "zfs" ]; virtualisation.virtualbox.host.enable = true; @@ -60,7 +60,7 @@ hardware.bluetooth.enable = true; # Logitech G920 - hardware.usbWwan.enable = true; + hardware.usb-modeswitch.enable = true; # hardware.pulseaudio.extraConfig = '' # load-module module-null-sink sink_name=mic_denoised_out rate=48000 @@ -120,8 +120,10 @@ }; services.openssh.enable = true; - services.openssh.passwordAuthentication = false; - services.openssh.forwardX11 = true; + services.openssh.settings = { + PasswordAuthentication = false; + X11Forwarding = true; + }; # security.pki.certificates = [ # '' From 4d10ab6aca6eb3d2f9b567441948065a8f9d6f54 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 15 Sep 2023 14:14:36 +0200 Subject: [PATCH 344/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/bfd953b2c6de4f550f75461bcc5768b6f966be10' (2023-08-15) → 'github:NixOS/nixpkgs/e5f018cf150e29aac26c61dac0790ea023c46b24' (2023-09-12) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/caac0eb6bdcad0b32cb2522e03e4002c8975c62e' (2023-08-16) → 'github:NixOS/nixpkgs/f2ea252d23ebc9a5336bf6a61e0644921f64e67c' (2023-09-14) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 8ffbb7ca..58acaaaf 100644 --- a/flake.lock +++ b/flake.lock @@ -91,11 +91,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1692134936, - "narHash": "sha256-Z68O969cioC6I3k/AFBxsuEwpJwt4l9fzwuAMUhCCs0=", + "lastModified": 1694499547, + "narHash": "sha256-R7xMz1Iia6JthWRHDn36s/E248WB1/je62ovC/dUVKI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bfd953b2c6de4f550f75461bcc5768b6f966be10", + "rev": "e5f018cf150e29aac26c61dac0790ea023c46b24", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1692174805, - "narHash": "sha256-xmNPFDi/AUMIxwgOH/IVom55Dks34u1g7sFKKebxUm0=", + "lastModified": 1694669921, + "narHash": "sha256-6ESpJ6FsftHV96JO/zn6je07tyV2dlLR7SdLsmkegTY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "caac0eb6bdcad0b32cb2522e03e4002c8975c62e", + "rev": "f2ea252d23ebc9a5336bf6a61e0644921f64e67c", "type": "github" }, "original": { From 55d8e55d3e6355885e0bd003c5ca535e435766f0 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 15 Sep 2023 15:27:47 +0200 Subject: [PATCH 345/474] enable Bouygues IPv6 --- systems/LoutreOS/configuration.nix | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 720c7d72..543e9989 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -23,6 +23,8 @@ supportedFilesystems = [ "zfs" ]; tmp.useTmpfs = true; + + kernel.sysctl."net.ipv6.conf.all.forwarding" = true; }; documentation.nixos.enable = false; @@ -88,6 +90,7 @@ }; firewall = { + enable = true; allowedTCPPorts = [ 80 443 ]; allowedUDPPorts = [ ]; interfaces.eno2 = { @@ -101,7 +104,11 @@ 3483 # Slimserver ]; }; - enable = true; + extraCommands = '' + ip6tables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT + ip6tables -A FORWARD -j ACCEPT -i eno2 + ip6tables -A FORWARD -j nixos-fw-log-refuse + ''; }; }; @@ -118,6 +125,12 @@ IPv6AcceptRA = "yes"; }; }; + "40-eno2" = { + networkConfig = { + IPv6SendRA = "yes"; + DHCPPrefixDelegation = "yes"; + }; + }; "40-enp0s21u2".dhcpV4Config.RouteMetric = 1024; }; From c26b1d89885118d21ce55d214207e2b40b442621 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 15 Sep 2023 15:57:00 +0200 Subject: [PATCH 346/474] fix DNS servers for IPV6 --- systems/LoutreOS/configuration.nix | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 543e9989..2130d9c1 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -119,16 +119,23 @@ DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68"; WithoutRA = "solicit"; }; - ipv6AcceptRAConfig.DHCPv6Client = "yes"; + ipv6AcceptRAConfig.DHCPv6Client = true; networkConfig = { KeepConfiguration = "dhcp-on-stop"; - IPv6AcceptRA = "yes"; + IPv6AcceptRA = true; }; }; "40-eno2" = { networkConfig = { - IPv6SendRA = "yes"; - DHCPPrefixDelegation = "yes"; + IPv6SendRA = true; + DHCPPrefixDelegation = true; + }; + ipv6SendRAConfig = { + EmitDNS = true; + DNS = [ + "2606:4700:4700::1111" + "2606:4700:4700::1001" + ]; }; }; "40-enp0s21u2".dhcpV4Config.RouteMetric = 1024; @@ -148,7 +155,7 @@ { ethernetAddress = "50:02:91:78:be:be"; hostName = "guirlande"; ipAddress = "10.30.40.3"; } ]; extraConfig = '' - option domain-name-servers 89.234.141.66, 80.67.169.12, 80.67.169.40; + option domain-name-servers 1.1.1.1, 1.0.0.1; option subnet-mask 255.255.0.0; subnet 10.30.0.0 netmask 255.255.0.0 { option routers 10.30.0.1; From dd7dbb6be53558605bba779e761bb1133be9ed54 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 21 Sep 2023 20:01:22 +0200 Subject: [PATCH 347/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e5f018cf150e29aac26c61dac0790ea023c46b24' (2023-09-12) → 'github:NixOS/nixpkgs/5d017a8822e0907fb96f7700a319f9fe2434de02' (2023-09-17) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/f2ea252d23ebc9a5336bf6a61e0644921f64e67c' (2023-09-14) → 'github:NixOS/nixpkgs/5ba549eafcf3e33405e5f66decd1a72356632b96' (2023-09-19) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 58acaaaf..26c8d3a8 100644 --- a/flake.lock +++ b/flake.lock @@ -91,11 +91,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1694499547, - "narHash": "sha256-R7xMz1Iia6JthWRHDn36s/E248WB1/je62ovC/dUVKI=", + "lastModified": 1694937365, + "narHash": "sha256-iHZSGrb9gVpZRR4B2ishUN/1LRKWtSHZNO37C8z1SmA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e5f018cf150e29aac26c61dac0790ea023c46b24", + "rev": "5d017a8822e0907fb96f7700a319f9fe2434de02", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1694669921, - "narHash": "sha256-6ESpJ6FsftHV96JO/zn6je07tyV2dlLR7SdLsmkegTY=", + "lastModified": 1695145219, + "narHash": "sha256-Eoe9IHbvmo5wEDeJXKFOpKUwxYJIOxKUesounVccNYk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f2ea252d23ebc9a5336bf6a61e0644921f64e67c", + "rev": "5ba549eafcf3e33405e5f66decd1a72356632b96", "type": "github" }, "original": { From f0dcdd88cd61d50f1aba7d8d5d7a356b833a2bdb Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 21 Sep 2023 23:29:14 +0200 Subject: [PATCH 348/474] migrate dhcpcd to networkd --- systems/LoutreOS/configuration.nix | 85 +++++++++++++++++++++--------- 1 file changed, 59 insertions(+), 26 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 2130d9c1..4674b9d7 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -102,12 +102,18 @@ allowedUDPPorts = [ 111 2049 4000 4001 4002 # NFS 3483 # Slimserver + 67 # DHCP ]; }; extraCommands = '' - ip6tables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT - ip6tables -A FORWARD -j ACCEPT -i eno2 - ip6tables -A FORWARD -j nixos-fw-log-refuse + ip6tables -w -D FORWARD -j loutreos-forward 2>/dev/null || true + ip6tables -w -F loutreos-forward 2>/dev/null || true + ip6tables -w -X loutreos-forward 2>/dev/null || true + ip6tables -w -N loutreos-forward + ip6tables -A loutreos-forward -m state --state RELATED,ESTABLISHED -j ACCEPT + ip6tables -A loutreos-forward -j ACCEPT -i eno2 + ip6tables -A loutreos-forward -j nixos-fw-log-refuse + ip6tables -w -A FORWARD -j loutreos-forward ''; }; }; @@ -129,7 +135,57 @@ networkConfig = { IPv6SendRA = true; DHCPPrefixDelegation = true; + DHCPServer = true; }; + dhcpServerConfig = { + # MIN = 10.30.100.0 + #PoolOffset = 25500; + # MAX = 10.30.200.0 + #PoolSize = 25500; + EmitRouter = true; + EmitDNS = true; + DNS = [ + "1.1.1.1" + "1.0.0.1" + ]; + }; + dhcpServerStaticLeases = [ + # IPMI + { + dhcpServerStaticLeaseConfig = { + Address = "10.30.1.1"; + MACAddress = "ac:1f:6b:4b:01:15"; + }; + } + # paul-fixe + { + dhcpServerStaticLeaseConfig = { + Address = "10.30.50.1"; + MACAddress = "b4:2e:99:ed:24:26"; + }; + } + # salonled + { + dhcpServerStaticLeaseConfig = { + Address = "10.30.40.1"; + MACAddress = "e0:98:06:85:e9:ce"; + }; + } + # miroir-bleu + { + dhcpServerStaticLeaseConfig = { + Address = "10.30.40.2"; + MACAddress = "e0:98:06:86:38:fc"; + }; + } + # miroir-orange + { + dhcpServerStaticLeaseConfig = { + Address = "10.30.40.3"; + MACAddress = "50:02:91:78:be:be"; + }; + } + ]; ipv6SendRAConfig = { EmitDNS = true; DNS = [ @@ -141,29 +197,6 @@ "40-enp0s21u2".dhcpV4Config.RouteMetric = 1024; }; - services.dhcpd4 = { - enable = true; - interfaces = [ "eno2" ]; - machines = [ - { ethernetAddress = "50:c7:bf:b6:b8:ef"; hostName = "HS110"; ipAddress = "10.30.50.7"; } - { ethernetAddress = "ac:1f:6b:4b:01:15"; hostName = "IPMI"; ipAddress = "10.30.1.1"; } - { ethernetAddress = "b4:2e:99:ed:24:26"; hostName = "paul-fixe"; ipAddress = "10.30.50.1"; } - - #ESPHome - { ethernetAddress = "e0:98:06:85:e9:ce"; hostName = "salonled"; ipAddress = "10.30.40.1"; } - { ethernetAddress = "e0:98:06:86:38:fc"; hostName = "bureauled"; ipAddress = "10.30.40.2"; } - { ethernetAddress = "50:02:91:78:be:be"; hostName = "guirlande"; ipAddress = "10.30.40.3"; } - ]; - extraConfig = '' - option domain-name-servers 1.1.1.1, 1.0.0.1; - option subnet-mask 255.255.0.0; - subnet 10.30.0.0 netmask 255.255.0.0 { - option routers 10.30.0.1; - range 10.30.100.0 10.30.200.0; - } - ''; - }; - nixpkgs.overlays = [ (import ../../overlays/transmission.nix) ]; From 3ff503b7b704e95e4ad7683d8fccf17425907c45 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 21 Sep 2023 23:52:56 +0200 Subject: [PATCH 349/474] fix 4G key interface name --- systems/LoutreOS/configuration.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 4674b9d7..f8791c73 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -72,7 +72,7 @@ { address = "10.30.0.1"; prefixLength = 16; } ]; }; - enp0s21u2.useDHCP = true; + enp0s21u1.useDHCP = true; }; # NAT bouygues <-> eno2 @@ -194,7 +194,7 @@ ]; }; }; - "40-enp0s21u2".dhcpV4Config.RouteMetric = 1024; + "40-enp0s21u1".dhcpV4Config.RouteMetric = 1024; }; nixpkgs.overlays = [ From c126a6fc58ee6ff879375a7f5f5074cd5231e68b Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 10 Oct 2023 20:12:31 +0200 Subject: [PATCH 350/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/5d017a8822e0907fb96f7700a319f9fe2434de02' (2023-09-17) → 'github:NixOS/nixpkgs/5a237aecb57296f67276ac9ab296a41c23981f56' (2023-10-07) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/5ba549eafcf3e33405e5f66decd1a72356632b96' (2023-09-19) → 'github:NixOS/nixpkgs/87828a0e03d1418e848d3dd3f3014a632e4a4f64' (2023-10-06) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 26c8d3a8..d20fe8c6 100644 --- a/flake.lock +++ b/flake.lock @@ -91,11 +91,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1694937365, - "narHash": "sha256-iHZSGrb9gVpZRR4B2ishUN/1LRKWtSHZNO37C8z1SmA=", + "lastModified": 1696697597, + "narHash": "sha256-q26Qv4DQ+h6IeozF2o1secyQG0jt2VUT3V0K58jr3pg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5d017a8822e0907fb96f7700a319f9fe2434de02", + "rev": "5a237aecb57296f67276ac9ab296a41c23981f56", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1695145219, - "narHash": "sha256-Eoe9IHbvmo5wEDeJXKFOpKUwxYJIOxKUesounVccNYk=", + "lastModified": 1696604326, + "narHash": "sha256-YXUNI0kLEcI5g8lqGMb0nh67fY9f2YoJsILafh6zlMo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5ba549eafcf3e33405e5f66decd1a72356632b96", + "rev": "87828a0e03d1418e848d3dd3f3014a632e4a4f64", "type": "github" }, "original": { From 18e31c8df3eb0b35ced099528a2032332878bc24 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 10 Oct 2023 22:17:02 +0200 Subject: [PATCH 351/474] assign IPv6 to upstream --- systems/LoutreOS/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index f8791c73..134a76da 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -129,6 +129,7 @@ networkConfig = { KeepConfiguration = "dhcp-on-stop"; IPv6AcceptRA = true; + DHCPPrefixDelegation = true; }; }; "40-eno2" = { From e5c82197e74339ed5d4b9940a60627ba39665a5b Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 10 Oct 2023 22:17:25 +0200 Subject: [PATCH 352/474] update transmission to version 4 --- systems/LoutreOS/medias.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index 8a4d15d5..7fc072b5 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -4,6 +4,7 @@ services = { transmission = { enable = true; + package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.transmission_4; home = "/var/lib/transmission"; group = "medias"; settings = { From acde13cce678931f8e2278c9fa9e7785bf3d1bc3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 10 Oct 2023 22:18:02 +0200 Subject: [PATCH 353/474] enable podman autoprune and socket --- systems/LoutreOS/medias.nix | 37 ++++++++++++++++++++----------------- systems/LoutreOS/users.nix | 2 +- 2 files changed, 21 insertions(+), 18 deletions(-) diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index 7fc072b5..39bf8585 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -57,23 +57,26 @@ ]; }; - virtualisation.oci-containers = { - backend = "podman"; - containers = { - slimserver = { - image = "docker.io/lmscommunity/logitechmediaserver:stable"; - volumes = [ - "/mnt/medias/musique:/music:ro" - "/var/lib/slimserver:/config:rw" - "/etc/localtime:/etc/localtime:ro" - ]; - ports = [ - "10.30.0.1:9000:9000/tcp" - "10.30.0.1:9090:9090/tcp" - "10.30.0.1:3483:3483/tcp" - "10.30.0.1:3483:3483/udp" - ]; - extraOptions = ["--pull=always"]; + virtualisation = { + podman.autoPrune.enable = true; + oci-containers = { + backend = "podman"; + containers = { + slimserver = { + image = "docker.io/lmscommunity/logitechmediaserver:stable"; + volumes = [ + "/mnt/medias/musique:/music:ro" + "/var/lib/slimserver:/config:rw" + "/etc/localtime:/etc/localtime:ro" + ]; + ports = [ + "10.30.0.1:9000:9000/tcp" + "10.30.0.1:9090:9090/tcp" + "10.30.0.1:3483:3483/tcp" + "10.30.0.1:3483:3483/udp" + ]; + extraOptions = ["--pull=always"]; + }; }; }; }; diff --git a/systems/LoutreOS/users.nix b/systems/LoutreOS/users.nix index 3bac8e3b..bbfdc39f 100644 --- a/systems/LoutreOS/users.nix +++ b/systems/LoutreOS/users.nix @@ -6,7 +6,7 @@ uid = 1000; isNormalUser = true; description = "Paul TREHIOU"; - extraGroups = [ "wheel" "medias" "transmission" ]; + extraGroups = [ "wheel" "medias" "transmission" "podman" ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAF7VlzHzgg70uFbRFtVTS34qNBke/RD36mRENAsa33RxztxrqMsIDscAD/d6CTe6HDy7MCGzJnWCJSXj5iOQFM4RRMvKNEgCKPHqfhmfVvO4YZuMjNB0ufVf6zhJL4Hy43STf7NIWrenGemUP+OvVSwN/ujgl2KKw4KJZt25/h/7JjlCgsZm4lWg4xcjoiKL701W2fbEoU73XKdbRTgTvKoeK1CGxdAPFefFDFcv/mtJ7d+wIxw9xODcLcA66Bu94WGMdpyEAJc4nF8IOy4pW8AzllDi0qNEZGCQ5+94upnLz0knG1ue9qU2ScAkW1/5rIJTHCVtBnmbLNSAOBAstaGQJuSL40TWZ1oPA5i1qUEhunNcJ+Sgtp6XP69qY34T/AeJvHRyw5M5LfN0g+4ka9k06NPBhbpHFASz4M8nabQ0iM63++xcapnw/8gk+EPhYVKW86SsyTa9ur+tt6oDWEKNaOhgscX44LexY7jKdeBRt3GaObtBJtVLBRx3Z2aRXgjgnKGqS40mGRiSkqb2DShspI1l8DV2RrPiuwdBzXVQjWRc0KXmJrcgXX9uoPSxihxwaUQyvmITOV1Y+NEuek4gRkVNOxjoG7RGnaYvYzxEQVoI5TwZC2/DCrAUgCv8DQawkcpEiWnBq7Q5VnpmFx5juVQ/I0G8byOkPXgRUOk9 openpgp:0xAB524BBC" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCACVI2dL4AmOdcb7RSl3JZpfK33NhqrYFfWfXMYow5SPJ9VPteOp5kVvKUuSbGH3chjpttYC/ueQJJhFagiKmkeftQTslIw6C009wUExGpJwRotHqISXv2ctURGURKy2FF848whd7xZJzdj49ZJ6S+SCbRFZvVWfT2dP/JwTiWW1mbEaWKyOgrixH6wSKt9ECumjX9KjqSWGw+k3yLJxIhdqiZAjNv4soJs1mQYdIlFCXCuznzoZIQBexZPQCx0j9HjczPz1feMLWkrHzEMexNjsBE2uA6yXLbH1wa8xCJ4VOeD7u9JqVY579AsicD62G+qIgw0B2zmyz7xTrdPv+061zmYn6qYr8EXGTk4dVgedZp8M1XzZ1PVoeeftPFcClXC7zCGyCR2uzJbQLzlaTwZrdghAiS9UhMRuKpNgZy2zDWw4MqdojrF5bndPkoijlXWYrPYBFED5OU1mpwzpanYgldowJC/Ixjwi+Hmse2q4XgZ+egfuotBqPfqB+bWsCa5GNiJWGdLP69uBSsXubGnqLwvE0FAQ2GHb+SEoZKFy/QV9GzOLlVrGlgK5YFgKJD+Q1nn1QRycXt1oMVC/AtR/NshOGanhdvIRpPATGmaxLVXSY093vyAOW4MPrS00fPAXzAfJUwIuWcloFfLMo5Jitj5rpE1s6FX8xrl4upQ== paul@nyanlout.re" From 3fa5cb96067be87b01a4d8b857368f24ce502bcf Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 1 Nov 2023 20:58:46 +0100 Subject: [PATCH 354/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/5a237aecb57296f67276ac9ab296a41c23981f56' (2023-10-07) → 'github:NixOS/nixpkgs/017ef2132a5bda50bd713aeabce8f918502d4ec1' (2023-10-30) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/87828a0e03d1418e848d3dd3f3014a632e4a4f64' (2023-10-06) → 'github:NixOS/nixpkgs/0cbe9f69c234a7700596e943bfae7ef27a31b735' (2023-10-29) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index d20fe8c6..7063b6c5 100644 --- a/flake.lock +++ b/flake.lock @@ -91,11 +91,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1696697597, - "narHash": "sha256-q26Qv4DQ+h6IeozF2o1secyQG0jt2VUT3V0K58jr3pg=", + "lastModified": 1698696950, + "narHash": "sha256-FHFL58t6lMumvWqwundC8fDDDLOIvc+JJBNIAlPjrDY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5a237aecb57296f67276ac9ab296a41c23981f56", + "rev": "017ef2132a5bda50bd713aeabce8f918502d4ec1", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1696604326, - "narHash": "sha256-YXUNI0kLEcI5g8lqGMb0nh67fY9f2YoJsILafh6zlMo=", + "lastModified": 1698611440, + "narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "87828a0e03d1418e848d3dd3f3014a632e4a4f64", + "rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735", "type": "github" }, "original": { From 7937c07328949ea20bd6768c6bee30f290f95dc6 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 1 Nov 2023 22:34:28 +0100 Subject: [PATCH 355/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'utils': 'github:gytis-ivaskevicius/flake-utils-plus/166d6ebd9f0de03afc98060ac92cba9c71cfe550' (2021-11-29) → 'github:gytis-ivaskevicius/flake-utils-plus/6cf1e312fb259693c4930d07ca3cbe1d07ef4a48' (2023-10-02) • Updated input 'utils/flake-utils': 'github:numtide/flake-utils/74f7e4319258e287b0f9cb95426c9853b282730b' (2021-11-28) → 'github:numtide/flake-utils/ff7b65b44d01cf9ba6a71320833626af21126384' (2023-09-12) • Added input 'utils/flake-utils/systems': 'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09) --- flake.lock | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index 7063b6c5..bbc88dd5 100644 --- a/flake.lock +++ b/flake.lock @@ -54,12 +54,15 @@ } }, "flake-utils": { + "inputs": { + "systems": "systems" + }, "locked": { - "lastModified": 1638122382, - "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", "owner": "numtide", "repo": "flake-utils", - "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", "type": "github" }, "original": { @@ -172,6 +175,21 @@ "type": "gitlab" } }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "utils": { "locked": { "lastModified": 1605370193, @@ -192,16 +210,16 @@ "flake-utils": "flake-utils" }, "locked": { - "lastModified": 1638172912, - "narHash": "sha256-jxhQGNEsZTdop/Br3JPS+xmBf6t9cIWRzVZFxbT76Rw=", + "lastModified": 1696281284, + "narHash": "sha256-xcmtTmoiiAOSk4abifbtqVZk0iwBcqJfg47iUbkwhcE=", "owner": "gytis-ivaskevicius", "repo": "flake-utils-plus", - "rev": "166d6ebd9f0de03afc98060ac92cba9c71cfe550", + "rev": "6cf1e312fb259693c4930d07ca3cbe1d07ef4a48", "type": "github" }, "original": { "owner": "gytis-ivaskevicius", - "ref": "v1.3.1", + "ref": "v1.4.0", "repo": "flake-utils-plus", "type": "github" } From c6c8e72cab9a669e883ce2bdb18c14b464f3ecd5 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 23 Nov 2023 20:36:11 +0100 Subject: [PATCH 356/474] fix PC fixe --- flake.nix | 4 +++- systems/common-gui.nix | 6 ++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.nix b/flake.nix index d6de1f25..5f10bbd3 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ inputs = { nixpkgs.url = "flake:nixpkgs/nixos-23.05"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; - utils.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.3.1"; + utils.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.4.0"; simple-nixos-mailserver = { url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05"; inputs = { @@ -24,6 +24,8 @@ inherit self inputs; + channels.nixpkgs-unstable.config = { allowUnfree = true; }; + supportedSystems = [ "x86_64-linux" ]; # Patch example diff --git a/systems/common-gui.nix b/systems/common-gui.nix index 0a5a33da..909737d8 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -1,8 +1,6 @@ { config, pkgs, ... }: { - nixpkgs.config.allowUnfreePredicate = (pkg: true); - environment.systemPackages = with pkgs; [ filezilla qbittorrent @@ -16,8 +14,8 @@ betaflight-configurator - electrum - electron-cash + # electrum + # electron-cash ledger-live-desktop monero-gui From 885ea477b2c935c7a6677ef7155626388b44c4b2 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 23 Nov 2023 20:36:51 +0100 Subject: [PATCH 357/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/017ef2132a5bda50bd713aeabce8f918502d4ec1' (2023-10-30) → 'github:NixOS/nixpkgs/8f1180704ac35baded1a74164365ac7cdfba6f38' (2023-11-22) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/0cbe9f69c234a7700596e943bfae7ef27a31b735' (2023-10-29) → 'github:NixOS/nixpkgs/e4ad989506ec7d71f7302cc3067abd82730a4beb' (2023-11-19) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index bbc88dd5..1bf82d8a 100644 --- a/flake.lock +++ b/flake.lock @@ -94,11 +94,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1698696950, - "narHash": "sha256-FHFL58t6lMumvWqwundC8fDDDLOIvc+JJBNIAlPjrDY=", + "lastModified": 1700678569, + "narHash": "sha256-2Ki+2UvOidxEb3xB4ADqlbPQ2BZOF4uZMR094O8or2I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "017ef2132a5bda50bd713aeabce8f918502d4ec1", + "rev": "8f1180704ac35baded1a74164365ac7cdfba6f38", "type": "github" }, "original": { @@ -124,11 +124,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1698611440, - "narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=", + "lastModified": 1700390070, + "narHash": "sha256-de9KYi8rSJpqvBfNwscWdalIJXPo8NjdIZcEJum1mH0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735", + "rev": "e4ad989506ec7d71f7302cc3067abd82730a4beb", "type": "github" }, "original": { From 4e45fc1f82ae8b3b9296b54b3ce9ec18fc0e24c2 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 5 Dec 2023 14:42:53 +0100 Subject: [PATCH 358/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/8f1180704ac35baded1a74164365ac7cdfba6f38' (2023-11-22) → 'github:NixOS/nixpkgs/6386d8aafc28b3a7ed03880a57bdc6eb4465491d' (2023-12-02) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/e4ad989506ec7d71f7302cc3067abd82730a4beb' (2023-11-19) → 'github:NixOS/nixpkgs/91050ea1e57e50388fa87a3302ba12d188ef723a' (2023-12-01) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 1bf82d8a..b861d93d 100644 --- a/flake.lock +++ b/flake.lock @@ -94,11 +94,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1700678569, - "narHash": "sha256-2Ki+2UvOidxEb3xB4ADqlbPQ2BZOF4uZMR094O8or2I=", + "lastModified": 1701540982, + "narHash": "sha256-5ajSy6ODgGmAbmymRdHnjfVnuVrACjI8wXoGVvrtvww=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8f1180704ac35baded1a74164365ac7cdfba6f38", + "rev": "6386d8aafc28b3a7ed03880a57bdc6eb4465491d", "type": "github" }, "original": { @@ -124,11 +124,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1700390070, - "narHash": "sha256-de9KYi8rSJpqvBfNwscWdalIJXPo8NjdIZcEJum1mH0=", + "lastModified": 1701436327, + "narHash": "sha256-tRHbnoNI8SIM5O5xuxOmtSLnswEByzmnQcGGyNRjxsE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e4ad989506ec7d71f7302cc3067abd82730a4beb", + "rev": "91050ea1e57e50388fa87a3302ba12d188ef723a", "type": "github" }, "original": { From 690e6e0249c83b559318d9d2146af1018499ea42 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 20 Jan 2024 13:10:56 +0100 Subject: [PATCH 359/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/6386d8aafc28b3a7ed03880a57bdc6eb4465491d' (2023-12-02) → 'github:NixOS/nixpkgs/d2003f2223cbb8cd95134e4a0541beea215c1073' (2024-01-19) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/91050ea1e57e50388fa87a3302ba12d188ef723a' (2023-12-01) → 'github:NixOS/nixpkgs/842d9d80cfd4560648c785f8a4e6f3b096790e19' (2024-01-17) • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/24128c3052090311688b09a400aa408ba61c6ee5' (2023-06-22) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/4bfb8eb058f098302c97b909df2d019926e11220' (2023-12-19) • Updated input 'simple-nixos-mailserver/nixpkgs-23_05': follows 'nixpkgs' → 'github:NixOS/nixpkgs/8966c43feba2c701ed624302b6a935f97bcbdf88' (2023-05-22) • Added input 'simple-nixos-mailserver/nixpkgs-23_11': follows 'nixpkgs' --- flake.lock | 42 +++++++++++++++++++++++++++++------------- 1 file changed, 29 insertions(+), 13 deletions(-) diff --git a/flake.lock b/flake.lock index b861d93d..8f0a1766 100644 --- a/flake.lock +++ b/flake.lock @@ -94,16 +94,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1701540982, - "narHash": "sha256-5ajSy6ODgGmAbmymRdHnjfVnuVrACjI8wXoGVvrtvww=", + "lastModified": 1705641746, + "narHash": "sha256-D6c2aH8HQbWc7ZWSV0BUpFpd94ImFyCP8jFIsKQ4Slg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6386d8aafc28b3a7ed03880a57bdc6eb4465491d", + "rev": "d2003f2223cbb8cd95134e4a0541beea215c1073", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-23.05", + "ref": "nixos-23.11", "type": "indirect" } }, @@ -122,13 +122,28 @@ "type": "indirect" } }, - "nixpkgs-unstable": { + "nixpkgs-23_05": { "locked": { - "lastModified": 1701436327, - "narHash": "sha256-tRHbnoNI8SIM5O5xuxOmtSLnswEByzmnQcGGyNRjxsE=", + "lastModified": 1684782344, + "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "91050ea1e57e50388fa87a3302ba12d188ef723a", + "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.05", + "type": "indirect" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1705496572, + "narHash": "sha256-rPIe9G5EBLXdBdn9ilGc0nq082lzQd0xGGe092R/5QE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "842d9d80cfd4560648c785f8a4e6f3b096790e19", "type": "github" }, "original": { @@ -155,22 +170,23 @@ "nixpkgs-unstable" ], "nixpkgs-22_11": "nixpkgs-22_11", - "nixpkgs-23_05": [ + "nixpkgs-23_05": "nixpkgs-23_05", + "nixpkgs-23_11": [ "nixpkgs" ], "utils": "utils" }, "locked": { - "lastModified": 1687462267, - "narHash": "sha256-rNSputjn/0HEHHnsKfQ8mQVEPVchcBw7DsbND7Wg8dk=", + "lastModified": 1703023684, + "narHash": "sha256-XQU4OaacV0F2tf9cNAvIMqlC0HBIrAtvb0MLjIHt+7M=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "24128c3052090311688b09a400aa408ba61c6ee5", + "rev": "4bfb8eb058f098302c97b909df2d019926e11220", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-23.05", + "ref": "nixos-23.11", "repo": "nixos-mailserver", "type": "gitlab" } From 44d04496cd5cae583b945de37cda0f772819680d Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 20 Jan 2024 13:10:56 +0100 Subject: [PATCH 360/474] LoutreOS: update to NixOS 23.11 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/6386d8aafc28b3a7ed03880a57bdc6eb4465491d' (2023-12-02) → 'github:NixOS/nixpkgs/d2003f2223cbb8cd95134e4a0541beea215c1073' (2024-01-19) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/91050ea1e57e50388fa87a3302ba12d188ef723a' (2023-12-01) → 'github:NixOS/nixpkgs/842d9d80cfd4560648c785f8a4e6f3b096790e19' (2024-01-17) • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/24128c3052090311688b09a400aa408ba61c6ee5' (2023-06-22) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/4bfb8eb058f098302c97b909df2d019926e11220' (2023-12-19) • Updated input 'simple-nixos-mailserver/nixpkgs-23_05': follows 'nixpkgs' → 'github:NixOS/nixpkgs/8966c43feba2c701ed624302b6a935f97bcbdf88' (2023-05-22) • Added input 'simple-nixos-mailserver/nixpkgs-23_11': follows 'nixpkgs' --- flake.lock | 42 +++++++++++++++++++++--------- flake.nix | 6 ++--- systems/LoutreOS/configuration.nix | 3 --- 3 files changed, 32 insertions(+), 19 deletions(-) diff --git a/flake.lock b/flake.lock index b861d93d..8f0a1766 100644 --- a/flake.lock +++ b/flake.lock @@ -94,16 +94,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1701540982, - "narHash": "sha256-5ajSy6ODgGmAbmymRdHnjfVnuVrACjI8wXoGVvrtvww=", + "lastModified": 1705641746, + "narHash": "sha256-D6c2aH8HQbWc7ZWSV0BUpFpd94ImFyCP8jFIsKQ4Slg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6386d8aafc28b3a7ed03880a57bdc6eb4465491d", + "rev": "d2003f2223cbb8cd95134e4a0541beea215c1073", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-23.05", + "ref": "nixos-23.11", "type": "indirect" } }, @@ -122,13 +122,28 @@ "type": "indirect" } }, - "nixpkgs-unstable": { + "nixpkgs-23_05": { "locked": { - "lastModified": 1701436327, - "narHash": "sha256-tRHbnoNI8SIM5O5xuxOmtSLnswEByzmnQcGGyNRjxsE=", + "lastModified": 1684782344, + "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "91050ea1e57e50388fa87a3302ba12d188ef723a", + "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.05", + "type": "indirect" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1705496572, + "narHash": "sha256-rPIe9G5EBLXdBdn9ilGc0nq082lzQd0xGGe092R/5QE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "842d9d80cfd4560648c785f8a4e6f3b096790e19", "type": "github" }, "original": { @@ -155,22 +170,23 @@ "nixpkgs-unstable" ], "nixpkgs-22_11": "nixpkgs-22_11", - "nixpkgs-23_05": [ + "nixpkgs-23_05": "nixpkgs-23_05", + "nixpkgs-23_11": [ "nixpkgs" ], "utils": "utils" }, "locked": { - "lastModified": 1687462267, - "narHash": "sha256-rNSputjn/0HEHHnsKfQ8mQVEPVchcBw7DsbND7Wg8dk=", + "lastModified": 1703023684, + "narHash": "sha256-XQU4OaacV0F2tf9cNAvIMqlC0HBIrAtvb0MLjIHt+7M=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "24128c3052090311688b09a400aa408ba61c6ee5", + "rev": "4bfb8eb058f098302c97b909df2d019926e11220", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-23.05", + "ref": "nixos-23.11", "repo": "nixos-mailserver", "type": "gitlab" } diff --git a/flake.nix b/flake.nix index 5f10bbd3..ef5839ce 100644 --- a/flake.nix +++ b/flake.nix @@ -1,13 +1,13 @@ { inputs = { - nixpkgs.url = "flake:nixpkgs/nixos-23.05"; + nixpkgs.url = "flake:nixpkgs/nixos-23.11"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; utils.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.4.0"; simple-nixos-mailserver = { - url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05"; + url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.11"; inputs = { nixpkgs.follows = "nixpkgs-unstable"; - nixpkgs-23_05.follows = "nixpkgs"; + nixpkgs-23_11.follows = "nixpkgs"; }; }; dogetipbot-telegram = { diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 134a76da..ed50563b 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -29,9 +29,6 @@ documentation.nixos.enable = false; - nixpkgs.config.allowUnfree = false; - nixpkgs.config.allowUnfreePredicate = (pkg: builtins.elem pkg.pname or (builtins.parseDrvName pkg.name).name [ "factorio-headless" "perl5.32.1-slimserver" "minecraft-server" ]); - services.zfs = { autoSnapshot.enable = true; autoScrub = { From 27f34a48f2a0ceef5876689575ff125982e5fd27 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 27 Jan 2024 17:43:21 +0100 Subject: [PATCH 361/474] force first subnet on bouygues interface --- systems/LoutreOS/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index ed50563b..bf95a804 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -128,6 +128,7 @@ IPv6AcceptRA = true; DHCPPrefixDelegation = true; }; + dhcpPrefixDelegationConfig.SubnetId = "0"; }; "40-eno2" = { networkConfig = { From 2b2077d46a5e67416ee5bce3480e85e4edc31de0 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 22 Feb 2024 11:10:45 +0100 Subject: [PATCH 362/474] fix server access when fiber down --- systems/LoutreOS/configuration.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index bf95a804..e9de815c 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -111,6 +111,10 @@ ip6tables -A loutreos-forward -j ACCEPT -i eno2 ip6tables -A loutreos-forward -j nixos-fw-log-refuse ip6tables -w -A FORWARD -j loutreos-forward + + # Redirect local network request from server external IP to internal IP + # Make the server available even without internet access + iptables -t nat -A PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 ''; }; }; From d1b5f85fb3288fde993668721dd3367b5931294e Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 22 Feb 2024 11:11:06 +0100 Subject: [PATCH 363/474] fix rspam WebUI with IPv6 --- systems/LoutreOS/services.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 81f4f919..49d6c10c 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -87,7 +87,7 @@ in }; rspamd.workers.controller.extraConfig = '' - secure_ip = ["0.0.0.0/0"]; + secure_ip = ["0.0.0.0/0", "::"]; ''; # redis.enable = true; From 50ee8138ea0e504cac5878ce891b5c2bc855d59e Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 22 Feb 2024 13:32:38 +0100 Subject: [PATCH 364/474] fix gitea for offline use --- systems/LoutreOS/configuration.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index e9de815c..56c7864d 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -48,6 +48,10 @@ hostName = "loutreos"; # Define your hostname. hostId = "7e66e347"; + hosts = { + "127.0.0.1" = [ "gitea.nyanlout.re" ]; + }; + useNetworkd = true; useDHCP = false; From c3f141ae24382e06427d4ff98a3428f2c9d6ac0e Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 22 Feb 2024 13:33:11 +0100 Subject: [PATCH 365/474] remove PREROUTING rule first to prevent already existing rule error --- systems/LoutreOS/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 56c7864d..b6433606 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -118,6 +118,7 @@ # Redirect local network request from server external IP to internal IP # Make the server available even without internet access + iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true iptables -t nat -A PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 ''; }; From 5c05e540cbb7f4fa4676fb5e9743d6535f7b0b1e Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 22 Feb 2024 13:33:43 +0100 Subject: [PATCH 366/474] redirect SMTP port to VPS server as backup --- systems/LoutreOS/configuration.nix | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index b6433606..77a4c9b0 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -228,7 +228,18 @@ }; }; - services.autossh.sessions = [ { extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 loutre@vps772619.ovh.net"; monitoringPort = 20000; name = "backup-ssh-reverse"; user = "autossh"; } ]; + # Options explanations + # -N disable shell + # -R 0.0.0.0:2222:127.0.0.1:22 redirect SSH port on VPS server on port 2222 + # -R 127.0.0.1:2525:127.0.0.1:25 redirect SMTP port on VPS port 2525 + services.autossh.sessions = [ + { + extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 -R 127.0.0.1:2525:127.0.0.1:25 loutre@vps772619.ovh.net"; + monitoringPort = 20000; + name = "backup-ssh-reverse"; + user = "autossh"; + } + ]; virtualisation.podman.enable = true; From 0df6f351493d0c199505d5ecb7fbb26c0f5792c2 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 28 Feb 2024 20:01:08 +0100 Subject: [PATCH 367/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d2003f2223cbb8cd95134e4a0541beea215c1073' (2024-01-19) → 'github:NixOS/nixpkgs/b7ee09cf5614b02d289cd86fcfa6f24d4e078c2a' (2024-02-26) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/842d9d80cfd4560648c785f8a4e6f3b096790e19' (2024-01-17) → 'github:NixOS/nixpkgs/13aff9b34cc32e59d35c62ac9356e4a41198a538' (2024-02-26) • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/4bfb8eb058f098302c97b909df2d019926e11220' (2023-12-19) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/e47f3719f1db3e0961a4358d4cb234a0acaa7baf' (2024-01-25) • Removed input 'simple-nixos-mailserver/nixpkgs-22_11' • Updated input 'simple-nixos-mailserver/nixpkgs-23_05': 'github:NixOS/nixpkgs/8966c43feba2c701ed624302b6a935f97bcbdf88' (2023-05-22) → 'github:NixOS/nixpkgs/70bdadeb94ffc8806c0570eb5c2695ad29f0e421' (2024-01-03) --- flake.lock | 40 ++++++++++++---------------------------- 1 file changed, 12 insertions(+), 28 deletions(-) diff --git a/flake.lock b/flake.lock index 8f0a1766..58af3830 100644 --- a/flake.lock +++ b/flake.lock @@ -94,11 +94,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1705641746, - "narHash": "sha256-D6c2aH8HQbWc7ZWSV0BUpFpd94ImFyCP8jFIsKQ4Slg=", + "lastModified": 1708979614, + "narHash": "sha256-FWLWmYojIg6TeqxSnHkKpHu5SGnFP5um1uUjH+wRV6g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d2003f2223cbb8cd95134e4a0541beea215c1073", + "rev": "b7ee09cf5614b02d289cd86fcfa6f24d4e078c2a", "type": "github" }, "original": { @@ -107,28 +107,13 @@ "type": "indirect" } }, - "nixpkgs-22_11": { - "locked": { - "lastModified": 1669558522, - "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-22.11", - "type": "indirect" - } - }, "nixpkgs-23_05": { "locked": { - "lastModified": 1684782344, - "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=", + "lastModified": 1704290814, + "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88", + "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421", "type": "github" }, "original": { @@ -139,11 +124,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1705496572, - "narHash": "sha256-rPIe9G5EBLXdBdn9ilGc0nq082lzQd0xGGe092R/5QE=", + "lastModified": 1708984720, + "narHash": "sha256-gJctErLbXx4QZBBbGp78PxtOOzsDaQ+yw1ylNQBuSUY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "842d9d80cfd4560648c785f8a4e6f3b096790e19", + "rev": "13aff9b34cc32e59d35c62ac9356e4a41198a538", "type": "github" }, "original": { @@ -169,7 +154,6 @@ "nixpkgs": [ "nixpkgs-unstable" ], - "nixpkgs-22_11": "nixpkgs-22_11", "nixpkgs-23_05": "nixpkgs-23_05", "nixpkgs-23_11": [ "nixpkgs" @@ -177,11 +161,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1703023684, - "narHash": "sha256-XQU4OaacV0F2tf9cNAvIMqlC0HBIrAtvb0MLjIHt+7M=", + "lastModified": 1706219574, + "narHash": "sha256-qO+8UErk+bXCq2ybHU4GzXG4Ejk4Tk0rnnTPNyypW4g=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "4bfb8eb058f098302c97b909df2d019926e11220", + "rev": "e47f3719f1db3e0961a4358d4cb234a0acaa7baf", "type": "gitlab" }, "original": { From 4d02c7a637ec2094862e3f62c781ec518c88576c Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 7 Mar 2024 20:21:03 +0100 Subject: [PATCH 368/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/b7ee09cf5614b02d289cd86fcfa6f24d4e078c2a' (2024-02-26) → 'github:NixOS/nixpkgs/880992dcc006a5e00dd0591446fdf723e6a51a64' (2024-03-05) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/13aff9b34cc32e59d35c62ac9356e4a41198a538' (2024-02-26) → 'github:NixOS/nixpkgs/9df3e30ce24fd28c7b3e2de0d986769db5d6225d' (2024-03-06) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 58af3830..7a93065d 100644 --- a/flake.lock +++ b/flake.lock @@ -94,11 +94,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1708979614, - "narHash": "sha256-FWLWmYojIg6TeqxSnHkKpHu5SGnFP5um1uUjH+wRV6g=", + "lastModified": 1709677081, + "narHash": "sha256-tix36Y7u0rkn6mTm0lA45b45oab2cFLqAzDbJxeXS+c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b7ee09cf5614b02d289cd86fcfa6f24d4e078c2a", + "rev": "880992dcc006a5e00dd0591446fdf723e6a51a64", "type": "github" }, "original": { @@ -124,11 +124,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1708984720, - "narHash": "sha256-gJctErLbXx4QZBBbGp78PxtOOzsDaQ+yw1ylNQBuSUY=", + "lastModified": 1709703039, + "narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "13aff9b34cc32e59d35c62ac9356e4a41198a538", + "rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d", "type": "github" }, "original": { From 9c77dca20310b23230e0e40909cf77c6ed463554 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 8 Apr 2024 21:15:52 +0200 Subject: [PATCH 369/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/880992dcc006a5e00dd0591446fdf723e6a51a64' (2024-03-05) → 'github:NixOS/nixpkgs/e38d7cb66ea4f7a0eb6681920615dfcc30fc2920' (2024-04-06) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/9df3e30ce24fd28c7b3e2de0d986769db5d6225d' (2024-03-06) → 'github:NixOS/nixpkgs/ff0dbd94265ac470dda06a657d5fe49de93b4599' (2024-04-06) --- flake.lock | 67 ++++++------------------------------------------------ 1 file changed, 7 insertions(+), 60 deletions(-) diff --git a/flake.lock b/flake.lock index 7a93065d..342ddbbd 100644 --- a/flake.lock +++ b/flake.lock @@ -53,24 +53,6 @@ "type": "github" } }, - "flake-utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "ipmihddtemp": { "inputs": { "nixpkgs": [ @@ -94,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1709677081, - "narHash": "sha256-tix36Y7u0rkn6mTm0lA45b45oab2cFLqAzDbJxeXS+c=", + "lastModified": 1712437997, + "narHash": "sha256-g0whLLwRvgO2FsyhY8fNk+TWenS3jg5UdlWL4uqgFeo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "880992dcc006a5e00dd0591446fdf723e6a51a64", + "rev": "e38d7cb66ea4f7a0eb6681920615dfcc30fc2920", "type": "github" }, "original": { @@ -124,11 +106,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1709703039, - "narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=", + "lastModified": 1712439257, + "narHash": "sha256-aSpiNepFOMk9932HOax0XwNxbA38GOUVOiXfUVPOrck=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d", + "rev": "ff0dbd94265ac470dda06a657d5fe49de93b4599", "type": "github" }, "original": { @@ -143,8 +125,7 @@ "ipmihddtemp": "ipmihddtemp", "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable", - "simple-nixos-mailserver": "simple-nixos-mailserver", - "utils": "utils_2" + "simple-nixos-mailserver": "simple-nixos-mailserver" } }, "simple-nixos-mailserver": { @@ -175,21 +156,6 @@ "type": "gitlab" } }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "utils": { "locked": { "lastModified": 1605370193, @@ -204,25 +170,6 @@ "repo": "flake-utils", "type": "github" } - }, - "utils_2": { - "inputs": { - "flake-utils": "flake-utils" - }, - "locked": { - "lastModified": 1696281284, - "narHash": "sha256-xcmtTmoiiAOSk4abifbtqVZk0iwBcqJfg47iUbkwhcE=", - "owner": "gytis-ivaskevicius", - "repo": "flake-utils-plus", - "rev": "6cf1e312fb259693c4930d07ca3cbe1d07ef4a48", - "type": "github" - }, - "original": { - "owner": "gytis-ivaskevicius", - "ref": "v1.4.0", - "repo": "flake-utils-plus", - "type": "github" - } } }, "root": "root", From 189885868bc2a4faf597ed6f3b8be76a654db4c9 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 23 Apr 2024 17:10:56 +0200 Subject: [PATCH 370/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e38d7cb66ea4f7a0eb6681920615dfcc30fc2920' (2024-04-06) → 'github:NixOS/nixpkgs/a5e4bbcb4780c63c79c87d29ea409abf097de3f7' (2024-04-21) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/ff0dbd94265ac470dda06a657d5fe49de93b4599' (2024-04-06) → 'github:NixOS/nixpkgs/6143fc5eeb9c4f00163267708e26191d1e918932' (2024-04-21) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 342ddbbd..945bfc1c 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1712437997, - "narHash": "sha256-g0whLLwRvgO2FsyhY8fNk+TWenS3jg5UdlWL4uqgFeo=", + "lastModified": 1713725259, + "narHash": "sha256-9ZR/Rbx5/Z/JZf5ehVNMoz/s5xjpP0a22tL6qNvLt5E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e38d7cb66ea4f7a0eb6681920615dfcc30fc2920", + "rev": "a5e4bbcb4780c63c79c87d29ea409abf097de3f7", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1712439257, - "narHash": "sha256-aSpiNepFOMk9932HOax0XwNxbA38GOUVOiXfUVPOrck=", + "lastModified": 1713714899, + "narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ff0dbd94265ac470dda06a657d5fe49de93b4599", + "rev": "6143fc5eeb9c4f00163267708e26191d1e918932", "type": "github" }, "original": { From 1c93135d606a935836e49fdc9a4b3366938b868a Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 May 2024 09:52:39 +0200 Subject: [PATCH 371/474] remove flake util plus --- flake.nix | 75 +++++++++++++++++++++++++++++-------------------------- 1 file changed, 39 insertions(+), 36 deletions(-) diff --git a/flake.nix b/flake.nix index ef5839ce..ca27da56 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,6 @@ inputs = { nixpkgs.url = "flake:nixpkgs/nixos-23.11"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; - utils.url = "github:gytis-ivaskevicius/flake-utils-plus/v1.4.0"; simple-nixos-mailserver = { url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.11"; inputs = { @@ -20,46 +19,50 @@ }; }; - outputs = inputs@{ self, utils, nixpkgs, nixpkgs-unstable, simple-nixos-mailserver, dogetipbot-telegram, ipmihddtemp }: utils.lib.mkFlake { + outputs = { self, nixpkgs, nixpkgs-unstable, simple-nixos-mailserver, dogetipbot-telegram, ipmihddtemp }: { - inherit self inputs; - - channels.nixpkgs-unstable.config = { allowUnfree = true; }; - - supportedSystems = [ "x86_64-linux" ]; - - # Patch example - - # channels.nixpkgs-unstable.patches = [ - # (nixpkgs-unstable.legacyPackages."x86_64-linux".fetchpatch { - # name = "electron-cash.patch"; - # url = "https://github.com/NixOS/nixpkgs/pull/160607.patch"; - # sha256 = nixpkgs.lib.fakeHash; - # }) - # ]; - - hostDefaults.modules = [ - nixpkgs.nixosModules.notDetected - { - nix.generateRegistryFromInputs = true; - nix.linkInputs = true; - nix.generateNixPathFromInputs = true; - } - ]; - - hosts.loutreos.modules = [ - simple-nixos-mailserver.nixosModule - dogetipbot-telegram.nixosModule - ipmihddtemp.nixosModule - ./systems/LoutreOS/configuration.nix - ]; - - hosts.paul-fixe = { - channelName = "nixpkgs-unstable"; + nixosConfigurations.paul-fixe = nixpkgs-unstable.lib.nixosSystem { + system = "x86_64-linux"; modules = [ + nixpkgs-unstable.nixosModules.notDetected + { + nixpkgs.config.allowUnfree = true; + nix = { + settings.experimental-features = [ "nix-command" "flakes" ]; + registry = { + nixpkgs.to = { + type = "path"; + path = nixpkgs-unstable.legacyPackages.x86_64-linux.path; + }; + }; + }; + } ./systems/PC-Fixe/configuration.nix ]; }; + + nixosConfigurations.loutreos = nixpkgs-unstable.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + nixpkgs-unstable.nixosModules.notDetected + simple-nixos-mailserver.nixosModule + dogetipbot-telegram.nixosModule + ipmihddtemp.nixosModule + { + nix = { + settings.experimental-features = [ "nix-command" "flakes" ]; + registry = { + nixpkgs.to = { + type = "path"; + path = nixpkgs.legacyPackages.x86_64-linux.path; + }; + }; + }; + } + ./systems/LoutreOS/configuration.nix + ]; + }; + }; } From 42799518f5fc0e4892b2f5cb8b1aaa61376169a3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 May 2024 09:53:33 +0200 Subject: [PATCH 372/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/a5e4bbcb4780c63c79c87d29ea409abf097de3f7' (2024-04-21) → 'github:NixOS/nixpkgs/44072e24566c5bcc0b7aa9178a0104f4cfffab19' (2024-05-12) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/6143fc5eeb9c4f00163267708e26191d1e918932' (2024-04-21) → 'github:NixOS/nixpkgs/2057814051972fa1453ddfb0d98badbea9b83c06' (2024-05-12) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 945bfc1c..0482a43f 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1713725259, - "narHash": "sha256-9ZR/Rbx5/Z/JZf5ehVNMoz/s5xjpP0a22tL6qNvLt5E=", + "lastModified": 1715542476, + "narHash": "sha256-FF593AtlzQqa8JpzrXyRws4CeKbc5W86o8tHt4nRfIg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a5e4bbcb4780c63c79c87d29ea409abf097de3f7", + "rev": "44072e24566c5bcc0b7aa9178a0104f4cfffab19", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1713714899, - "narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=", + "lastModified": 1715534503, + "narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6143fc5eeb9c4f00163267708e26191d1e918932", + "rev": "2057814051972fa1453ddfb0d98badbea9b83c06", "type": "github" }, "original": { From f9871ae0e1d6c69765c99d7ecaf42b1eec217a54 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 May 2024 10:38:08 +0200 Subject: [PATCH 373/474] fix flake-util-plus migration --- flake.nix | 3 ++- systems/LoutreOS/medias.nix | 10 +++++----- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/flake.nix b/flake.nix index ca27da56..18f2591e 100644 --- a/flake.nix +++ b/flake.nix @@ -41,8 +41,9 @@ ]; }; - nixosConfigurations.loutreos = nixpkgs-unstable.lib.nixosSystem { + nixosConfigurations.loutreos = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; + specialArgs = { inherit nixpkgs-unstable; }; modules = [ nixpkgs-unstable.nixosModules.notDetected simple-nixos-mailserver.nixosModule diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index 39bf8585..6c3fa2bb 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -1,10 +1,10 @@ -{ config, lib, pkgs, inputs, ... }: +{ config, lib, pkgs, nixpkgs-unstable, ... }: { services = { transmission = { enable = true; - package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.transmission_4; + package = nixpkgs-unstable.legacyPackages.x86_64-linux.transmission_4; home = "/var/lib/transmission"; group = "medias"; settings = { @@ -20,17 +20,17 @@ radarr = { enable = true; - package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.radarr; + package = nixpkgs-unstable.legacyPackages.x86_64-linux.radarr; }; sonarr = { enable = true; - package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.sonarr; + package = nixpkgs-unstable.legacyPackages.x86_64-linux.sonarr; }; prowlarr.enable = true; jellyfin = { enable = true; - package = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.jellyfin; + package = nixpkgs-unstable.legacyPackages.x86_64-linux.jellyfin; }; navidrome = { From ab8c752a761b25f99dea322c5076d251dda93681 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 May 2024 10:38:42 +0200 Subject: [PATCH 374/474] remove open mail port --- systems/LoutreOS/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 77a4c9b0..9cabaece 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -234,7 +234,7 @@ # -R 127.0.0.1:2525:127.0.0.1:25 redirect SMTP port on VPS port 2525 services.autossh.sessions = [ { - extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 -R 127.0.0.1:2525:127.0.0.1:25 loutre@vps772619.ovh.net"; + extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 loutre@vps772619.ovh.net"; monitoringPort = 20000; name = "backup-ssh-reverse"; user = "autossh"; From a6ce24d547353e461327b4dd17f5a7a553501a50 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 May 2024 12:08:15 +0200 Subject: [PATCH 375/474] fix firewall --- systems/LoutreOS/configuration.nix | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 9cabaece..5da49ec5 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -107,15 +107,6 @@ ]; }; extraCommands = '' - ip6tables -w -D FORWARD -j loutreos-forward 2>/dev/null || true - ip6tables -w -F loutreos-forward 2>/dev/null || true - ip6tables -w -X loutreos-forward 2>/dev/null || true - ip6tables -w -N loutreos-forward - ip6tables -A loutreos-forward -m state --state RELATED,ESTABLISHED -j ACCEPT - ip6tables -A loutreos-forward -j ACCEPT -i eno2 - ip6tables -A loutreos-forward -j nixos-fw-log-refuse - ip6tables -w -A FORWARD -j loutreos-forward - # Redirect local network request from server external IP to internal IP # Make the server available even without internet access iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true @@ -139,6 +130,7 @@ }; dhcpPrefixDelegationConfig.SubnetId = "0"; }; + "40-eno1".linkConfig.RequiredForOnline = "no"; "40-eno2" = { networkConfig = { IPv6SendRA = true; From 3725e3066396ab2a0534b19bee03e19eae5a23ce Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 May 2024 17:39:29 +0200 Subject: [PATCH 376/474] install nextcloud --- systems/LoutreOS/hardware-configuration.nix | 5 +++++ systems/LoutreOS/web.nix | 22 +++++++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index b32d6f11..720b883e 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -158,6 +158,11 @@ fsType = "zfs"; }; + fileSystems."/var/lib/nextcloud" = + { device = "loutrepool/var/nextcloud"; + fsType = "zfs"; + }; + fileSystems."/var/lib/private/photoprism" = { device = "loutrepool/var/photoprism"; fsType = "zfs"; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 0d829342..0d3aacd0 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -345,6 +345,10 @@ in "challenge.amandoline-creations.fr" = base { "/".alias = "/var/www/amandoline-challenge/"; }; + ${config.services.nextcloud.hostName} = { + forceSSL = true; + enableACME = true; + }; }; }; @@ -381,6 +385,20 @@ in # enable = true; # package = pkgs.mariadb; # }; + + nextcloud = { + enable = true; + package = pkgs.nextcloud29; + hostName = "cloud.nyanlout.re"; + database.createLocally = true; + https = true; + maxUploadSize = "16G"; + config = { + dbtype = "pgsql"; + adminpassFile = "$CREDENTIALS_DIRECTORY/nextcloud_admin.pass"; + }; + }; + }; systemd.services.nginx.serviceConfig = { @@ -397,6 +415,10 @@ in ]; }; + systemd.services.nextcloud-setup.serviceConfig = { + LoadCredential = "nextcloud_admin.pass:/mnt/secrets/nextcloud_admin.pass"; + }; + systemd.services.site-musique = let djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_3 pillow setuptools ])); in { From 1abd6bd06deb662ade68c594d3214f54d946eaf8 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 May 2024 17:39:41 +0200 Subject: [PATCH 377/474] fix webdav server --- systems/LoutreOS/web.nix | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 0d3aacd0..9fda1613 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -302,14 +302,17 @@ in # }; "drive.nyanlout.re" = base { "/" = { - index = "/index.php"; extraConfig = '' fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:${config.services.phpfpm.pools.drive.socket}; include ${pkgs.nginx}/conf/fastcgi_params; include ${pkgs.nginx}/conf/fastcgi.conf; - - client_max_body_size 0; + fastcgi_param SCRIPT_FILENAME $document_root/index.php; + fastcgi_intercept_errors on; + fastcgi_buffers 64 4K; + client_body_temp_path /mnt/webdav/tmp_upload; + client_max_body_size 0; + proxy_request_buffering off; ''; }; } // { @@ -415,6 +418,12 @@ in ]; }; + systemd.services.phpfpm-drive.serviceConfig = { + ReadWritePaths = [ + "/mnt/webdav" + ]; + }; + systemd.services.nextcloud-setup.serviceConfig = { LoadCredential = "nextcloud_admin.pass:/mnt/secrets/nextcloud_admin.pass"; }; From c5596f9a04faba745dbe9ed81987f3e11c140663 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 14 May 2024 22:54:04 +0200 Subject: [PATCH 378/474] revert a6ce24d547353e461327b4dd17f5a7a553501a50 (#3) revert fix firewall Reviewed-on: https://gitea.nyanlout.re/nyanloutre/nixos-config/pulls/3 --- systems/LoutreOS/configuration.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 5da49ec5..a6e4dcae 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -107,11 +107,25 @@ ]; }; extraCommands = '' + ip6tables -w -D FORWARD -j loutreos-forward 2>/dev/null || true + ip6tables -w -F loutreos-forward 2>/dev/null || true + ip6tables -w -X loutreos-forward 2>/dev/null || true + ip6tables -w -N loutreos-forward + ip6tables -A loutreos-forward -m state --state RELATED,ESTABLISHED -j ACCEPT + ip6tables -A loutreos-forward -j ACCEPT -i eno2 + ip6tables -A loutreos-forward -j nixos-fw-log-refuse + ip6tables -w -A FORWARD -j loutreos-forward + # Redirect local network request from server external IP to internal IP # Make the server available even without internet access iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true iptables -t nat -A PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 ''; + # remove refs to nixos-fw-log-refuse before restarting firewall + # prevents "ressource busy" errors + extraStopCommands = '' + ip6tables -D loutreos-forward -j nixos-fw-log-refuse 2>/dev/null || true + ''; }; }; From eee03fe1b4fbc5630dbb3d9977a6fd56c0bf3f70 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 28 May 2024 17:59:30 +0200 Subject: [PATCH 379/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/44072e24566c5bcc0b7aa9178a0104f4cfffab19' (2024-05-12) → 'github:NixOS/nixpkgs/9d29cd266cebf80234c98dd0b87256b6be0af44e' (2024-05-25) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/2057814051972fa1453ddfb0d98badbea9b83c06' (2024-05-12) → 'github:NixOS/nixpkgs/bfb7a882678e518398ce9a31a881538679f6f092' (2024-05-24) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 0482a43f..f3124995 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1715542476, - "narHash": "sha256-FF593AtlzQqa8JpzrXyRws4CeKbc5W86o8tHt4nRfIg=", + "lastModified": 1716633019, + "narHash": "sha256-xim1b5/HZYbWaZKyI7cn9TJCM6ewNVZnesRr00mXeS4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "44072e24566c5bcc0b7aa9178a0104f4cfffab19", + "rev": "9d29cd266cebf80234c98dd0b87256b6be0af44e", "type": "github" }, "original": { @@ -106,11 +106,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1715534503, - "narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=", + "lastModified": 1716509168, + "narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2057814051972fa1453ddfb0d98badbea9b83c06", + "rev": "bfb7a882678e518398ce9a31a881538679f6f092", "type": "github" }, "original": { From f22931c57da2d01284e0a8fbdcee861a94680bb1 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 8 Jun 2024 11:15:37 +0200 Subject: [PATCH 380/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/9d29cd266cebf80234c98dd0b87256b6be0af44e' (2024-05-25) → 'github:NixOS/nixpkgs/9b5328b7f761a7bbdc0e332ac4cf076a3eedb89b' (2024-06-06) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/bfb7a882678e518398ce9a31a881538679f6f092' (2024-05-24) → 'github:NixOS/nixpkgs/e8057b67ebf307f01bdcc8fba94d94f75039d1f6' (2024-06-05) • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/e47f3719f1db3e0961a4358d4cb234a0acaa7baf' (2024-01-25) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/62afb98ef6385bcb745d7b189ef4efdce2044030' (2024-06-08) • Updated input 'simple-nixos-mailserver/flake-compat': 'github:edolstra/flake-compat/009399224d5e398d03b22badca40a37ac85412a1' (2022-11-17) → 'github:edolstra/flake-compat/0f9255e01c2351cc7d116c072cb317785dd33b33' (2023-10-04) • Removed input 'simple-nixos-mailserver/nixpkgs-23_05' • Removed input 'simple-nixos-mailserver/nixpkgs-23_11' • Added input 'simple-nixos-mailserver/nixpkgs-24_05': follows 'nixpkgs' • Updated input 'simple-nixos-mailserver/utils': 'github:numtide/flake-utils/5021eac20303a61fafe17224c087f5519baed54d' (2020-11-14) → 'github:numtide/flake-utils/d465f4819400de7c8d874d50b982301f28a84605' (2024-02-28) • Added input 'simple-nixos-mailserver/utils/systems': 'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09) --- flake.lock | 72 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 37 insertions(+), 35 deletions(-) diff --git a/flake.lock b/flake.lock index f3124995..d8c6092c 100644 --- a/flake.lock +++ b/flake.lock @@ -40,11 +40,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1668681692, - "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -76,41 +76,26 @@ }, "nixpkgs": { "locked": { - "lastModified": 1716633019, - "narHash": "sha256-xim1b5/HZYbWaZKyI7cn9TJCM6ewNVZnesRr00mXeS4=", + "lastModified": 1717696253, + "narHash": "sha256-1+ua0ggXlYYPLTmMl3YeYYsBXDSCqT+Gw3u6l4gvMhA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9d29cd266cebf80234c98dd0b87256b6be0af44e", + "rev": "9b5328b7f761a7bbdc0e332ac4cf076a3eedb89b", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-23.11", - "type": "indirect" - } - }, - "nixpkgs-23_05": { - "locked": { - "lastModified": 1704290814, - "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-23.05", + "ref": "nixos-24.05", "type": "indirect" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1716509168, - "narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=", + "lastModified": 1717602782, + "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bfb7a882678e518398ce9a31a881538679f6f092", + "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", "type": "github" }, "original": { @@ -135,34 +120,51 @@ "nixpkgs": [ "nixpkgs-unstable" ], - "nixpkgs-23_05": "nixpkgs-23_05", - "nixpkgs-23_11": [ + "nixpkgs-24_05": [ "nixpkgs" ], "utils": "utils" }, "locked": { - "lastModified": 1706219574, - "narHash": "sha256-qO+8UErk+bXCq2ybHU4GzXG4Ejk4Tk0rnnTPNyypW4g=", + "lastModified": 1717834029, + "narHash": "sha256-woG0M/WIrYDQeYd+aXRvGGMyojLmXND04Pi9XqE7ZxU=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "e47f3719f1db3e0961a4358d4cb234a0acaa7baf", + "rev": "62afb98ef6385bcb745d7b189ef4efdce2044030", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-23.11", + "ref": "nixos-24.05", "repo": "nixos-mailserver", "type": "gitlab" } }, - "utils": { + "systems": { "locked": { - "lastModified": 1605370193, - "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1709126324, + "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", "owner": "numtide", "repo": "flake-utils", - "rev": "5021eac20303a61fafe17224c087f5519baed54d", + "rev": "d465f4819400de7c8d874d50b982301f28a84605", "type": "github" }, "original": { From 5ff33123952cc6dbfa8feda924e9462a0686dfcf Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sat, 8 Jun 2024 11:21:16 +0200 Subject: [PATCH 381/474] LoutreOS: upgrade to 24.05 --- flake.nix | 6 +++--- systems/LoutreOS/configuration.nix | 2 +- systems/LoutreOS/web.nix | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.nix b/flake.nix index 18f2591e..32d3b481 100644 --- a/flake.nix +++ b/flake.nix @@ -1,12 +1,12 @@ { inputs = { - nixpkgs.url = "flake:nixpkgs/nixos-23.11"; + nixpkgs.url = "flake:nixpkgs/nixos-24.05"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; simple-nixos-mailserver = { - url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.11"; + url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; inputs = { nixpkgs.follows = "nixpkgs-unstable"; - nixpkgs-23_11.follows = "nixpkgs"; + nixpkgs-24_05.follows = "nixpkgs"; }; }; dogetipbot-telegram = { diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index a6e4dcae..1db99630 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -37,7 +37,7 @@ }; }; - hardware.usbWwan.enable = true; + hardware.usb-modeswitch.enable = true; # eno1 -> VLAN100 -> Internet # eno2 -> LAN diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 9fda1613..036a5289 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -429,7 +429,7 @@ in }; systemd.services.site-musique = let - djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_3 pillow setuptools ])); + djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_4 pillow setuptools ])); in { description = "Site Django de la musique de Meyenheim"; after = [ "network.target" ]; From 5bda267c8521fda60b515d050407fd13a944a08b Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 9 Jun 2024 18:24:04 +0200 Subject: [PATCH 382/474] pkgs/watcharr: init at v1.39.0 --- flake.nix | 2 ++ pkgs/default.nix | 3 ++ pkgs/watcharr/default.nix | 63 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 68 insertions(+) create mode 100644 pkgs/default.nix create mode 100644 pkgs/watcharr/default.nix diff --git a/flake.nix b/flake.nix index 32d3b481..7fc25dca 100644 --- a/flake.nix +++ b/flake.nix @@ -21,6 +21,8 @@ outputs = { self, nixpkgs, nixpkgs-unstable, simple-nixos-mailserver, dogetipbot-telegram, ipmihddtemp }: { + packages.x86_64-linux = (import ./pkgs nixpkgs.legacyPackages.x86_64-linux); + nixosConfigurations.paul-fixe = nixpkgs-unstable.lib.nixosSystem { system = "x86_64-linux"; modules = [ diff --git a/pkgs/default.nix b/pkgs/default.nix new file mode 100644 index 00000000..f433fdd2 --- /dev/null +++ b/pkgs/default.nix @@ -0,0 +1,3 @@ +pkgs: { + watcharr = pkgs.callPackage ./watcharr { }; +} diff --git a/pkgs/watcharr/default.nix b/pkgs/watcharr/default.nix new file mode 100644 index 00000000..d58b28b6 --- /dev/null +++ b/pkgs/watcharr/default.nix @@ -0,0 +1,63 @@ +{ lib +, pkgs +, buildGoModule +, fetchFromGitHub +, buildNpmPackage +, nixosTests +, caddy +, testers +, installShellFiles +, stdenv +}: + +let + version = "1.39.0"; + src = fetchFromGitHub { + owner = "sbondCo"; + repo = "Watcharr"; + rev = "v${version}"; + sha256 = "sha256-40XLYc1ub2Qzf8r9g+Ay8Y8CAHYU+P9CI60heLAuQkE="; + }; + + frontend = buildNpmPackage { + pname = "watcharr-ui"; + inherit version src; + npmDepsHash = "sha256-sigkeK1bLbZfOU8756yLt5avqnOJWC4t4TnV6EvFTPY="; + + installPhase = '' + cp -r build $out + cp package.json package-lock.json $out + cd $out && npm ci --omit=dev + ''; + }; +in +buildGoModule { + pname = "watcharr"; + inherit version; + + src = src + "/server"; + + vendorHash = "sha256-vmroCetQc1Ix65B2Br33lyWt0FwGeQXMoD5fLinQg28="; + + # Inject frontend assets into go embed + prePatch = '' + # rm -rf ui + # ln -s ${frontend} ui + substituteInPlace watcharr.go \ + --replace-fail ui/index.js ${frontend}/index.js + ''; + + buildInputs = [ pkgs.makeWrapper ]; + + postFixup = '' + wrapProgram "$out/bin/Watcharr" --prefix PATH : "${lib.makeBinPath [ pkgs.nodejs ]}" + ''; + + meta = with lib; { + homepage = "https://watcharr.app/"; + description = "Open source, self-hostable watched list for all your content with user authentication, modern and clean UI and a very simple setup"; + license = licenses.asl20; + # mainProgram = "caddy"; + maintainers = with maintainers; [ nyanloutre ]; + }; +} From 9dc6cea27004115b3addca2a41da19c33674420a Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 25 Jun 2024 22:11:42 +0200 Subject: [PATCH 383/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/9b5328b7f761a7bbdc0e332ac4cf076a3eedb89b' (2024-06-06) → 'github:NixOS/nixpkgs/e4509b3a560c87a8d4cb6f9992b8915abf9e36d8' (2024-06-23) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/e8057b67ebf307f01bdcc8fba94d94f75039d1f6' (2024-06-05) → 'github:NixOS/nixpkgs/2893f56de08021cffd9b6b6dfc70fd9ccd51eb60' (2024-06-24) • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/62afb98ef6385bcb745d7b189ef4efdce2044030' (2024-06-08) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/29916981e7b3b5782dc5085ad18490113f8ff63b' (2024-06-11) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index d8c6092c..74cf287b 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1717696253, - "narHash": "sha256-1+ua0ggXlYYPLTmMl3YeYYsBXDSCqT+Gw3u6l4gvMhA=", + "lastModified": 1719145550, + "narHash": "sha256-K0i/coxxTEl30tgt4oALaylQfxqbotTSNb1/+g+mKMQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9b5328b7f761a7bbdc0e332ac4cf076a3eedb89b", + "rev": "e4509b3a560c87a8d4cb6f9992b8915abf9e36d8", "type": "github" }, "original": { @@ -91,11 +91,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1717602782, - "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", + "lastModified": 1719254875, + "narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", + "rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60", "type": "github" }, "original": { @@ -126,11 +126,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1717834029, - "narHash": "sha256-woG0M/WIrYDQeYd+aXRvGGMyojLmXND04Pi9XqE7ZxU=", + "lastModified": 1718084203, + "narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "62afb98ef6385bcb745d7b189ef4efdce2044030", + "rev": "29916981e7b3b5782dc5085ad18490113f8ff63b", "type": "gitlab" }, "original": { From 6e6498aaa1b8f47e5d5cc95a7bd2fa4d644d03b1 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 26 Jun 2024 22:52:55 +0200 Subject: [PATCH 384/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e4509b3a560c87a8d4cb6f9992b8915abf9e36d8' (2024-06-23) → 'github:NixOS/nixpkgs/fc07dc3bdf2956ddd64f24612ea7fc894933eb2e' (2024-06-24) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 74cf287b..a53045c6 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1719145550, - "narHash": "sha256-K0i/coxxTEl30tgt4oALaylQfxqbotTSNb1/+g+mKMQ=", + "lastModified": 1719253556, + "narHash": "sha256-A/76RFUVxZ/7Y8+OMVL1Lc8LRhBxZ8ZE2bpMnvZ1VpY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e4509b3a560c87a8d4cb6f9992b8915abf9e36d8", + "rev": "fc07dc3bdf2956ddd64f24612ea7fc894933eb2e", "type": "github" }, "original": { From d445dd9c4691632e79fc83fa41bd7aba76b3e811 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 2 Jul 2024 20:15:06 +0200 Subject: [PATCH 385/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/fc07dc3bdf2956ddd64f24612ea7fc894933eb2e' (2024-06-24) → 'github:NixOS/nixpkgs/d032c1a6dfad4eedec7e35e91986becc699d7d69' (2024-07-01) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/2893f56de08021cffd9b6b6dfc70fd9ccd51eb60' (2024-06-24) → 'github:NixOS/nixpkgs/00d80d13810dbfea8ab4ed1009b09100cca86ba8' (2024-07-01) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index a53045c6..8e6bf8f3 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1719253556, - "narHash": "sha256-A/76RFUVxZ/7Y8+OMVL1Lc8LRhBxZ8ZE2bpMnvZ1VpY=", + "lastModified": 1719838683, + "narHash": "sha256-Zw9rQjHz1ilNIimEXFeVa1ERNRBF8DoXDhLAZq5B4pE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fc07dc3bdf2956ddd64f24612ea7fc894933eb2e", + "rev": "d032c1a6dfad4eedec7e35e91986becc699d7d69", "type": "github" }, "original": { @@ -91,11 +91,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1719254875, - "narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=", + "lastModified": 1719848872, + "narHash": "sha256-H3+EC5cYuq+gQW8y0lSrrDZfH71LB4DAf+TDFyvwCNA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60", + "rev": "00d80d13810dbfea8ab4ed1009b09100cca86ba8", "type": "github" }, "original": { From e8586051ddecaef01781108e965f6304d21c1769 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 7 Jul 2024 22:47:05 +0200 Subject: [PATCH 386/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d032c1a6dfad4eedec7e35e91986becc699d7d69' (2024-07-01) → 'github:NixOS/nixpkgs/49ee0e94463abada1de470c9c07bfc12b36dcf40' (2024-07-06) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/00d80d13810dbfea8ab4ed1009b09100cca86ba8' (2024-07-01) → 'github:NixOS/nixpkgs/9f4128e00b0ae8ec65918efeba59db998750ead6' (2024-07-03) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 8e6bf8f3..6b8ba3a0 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1719838683, - "narHash": "sha256-Zw9rQjHz1ilNIimEXFeVa1ERNRBF8DoXDhLAZq5B4pE=", + "lastModified": 1720244366, + "narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d032c1a6dfad4eedec7e35e91986becc699d7d69", + "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40", "type": "github" }, "original": { @@ -91,11 +91,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1719848872, - "narHash": "sha256-H3+EC5cYuq+gQW8y0lSrrDZfH71LB4DAf+TDFyvwCNA=", + "lastModified": 1720031269, + "narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "00d80d13810dbfea8ab4ed1009b09100cca86ba8", + "rev": "9f4128e00b0ae8ec65918efeba59db998750ead6", "type": "github" }, "original": { From 5a83340353b41e5ef0f9b9ef2e78e8ce4849398e Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 8 Jul 2024 14:09:46 +0200 Subject: [PATCH 387/474] migration PC fixe vers Wayland --- systems/PC-Fixe/configuration.nix | 182 +-------------------- systems/PC-Fixe/hardware-configuration.nix | 4 + systems/common-gui.nix | 26 +-- 3 files changed, 15 insertions(+), 197 deletions(-) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 06a816c3..9abe4af5 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -29,9 +29,6 @@ boot.tmp.useTmpfs = false; boot.supportedFilesystems = [ "zfs" ]; - virtualisation.virtualbox.host.enable = true; - # virtualisation.virtualbox.host.enableExtensionPack = true; - # virtualisation.anbox.enable = true; virtualisation.podman.enable = true; services.zfs = { @@ -62,21 +59,6 @@ # Logitech G920 hardware.usb-modeswitch.enable = true; - # hardware.pulseaudio.extraConfig = '' - # load-module module-null-sink sink_name=mic_denoised_out rate=48000 - # load-module module-ladspa-sink sink_name=mic_raw_in sink_master=mic_denoised_out label=noise_suppressor_mono plugin=${pkgs.rnnoise-plugin}/lib/ladspa/librnnoise_ladspa.so control=50 - # load-module module-loopback source=alsa_input.pci-0000_09_00.4.analog-stereo sink=mic_raw_in channels=1 source_dont_move=true sink_dont_move=true - - # load-module module-echo-cancel source_name=hd_mic source_master=mic_denoised_out.monitor sink_master=alsa_output.pci-0000_09_00.4.analog-stereo - - # set-default-source hd_mic - # ''; - - # hardware.pulseaudio.configFile = pkgs.runCommand "default.pa" {} '' - # sed '/module-switch-on-port-available$/d' \ - # ${pkgs.pulseaudio}/etc/pulse/default.pa > $out - # ''; - services.udev.packages = with pkgs; [ usb-modeswitch-data # Logitech G920 ]; @@ -85,8 +67,6 @@ ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE="0664", GROUP="dialout" ''; - security.pki.certificateFiles = [ ./codemasters.pem ]; - networking.hostName = "paul-fixe"; networking.hostId = "3a1f739e"; @@ -104,11 +84,6 @@ networking.firewall.enable = false; - services.xserver.displayManager.autoLogin = { - enable = true; - user = "paul"; - }; - users.users.paul = { isNormalUser = true; extraGroups = [ "wheel" "networkmanager" "wireshark" "input" "dialout" "libvirtd" "vboxusers" ]; @@ -125,164 +100,11 @@ X11Forwarding = true; }; - # security.pki.certificates = [ - # '' - # -----BEGIN CERTIFICATE----- - # MIIDoTCCAomgAwIBAgIGDorvJrq1MA0GCSqGSIb3DQEBCwUAMCgxEjAQBgNVBAMM - # CW1pdG1wcm94eTESMBAGA1UECgwJbWl0bXByb3h5MB4XDTIwMDgzMDE5MjA1NloX - # DTIzMDkwMTE5MjA1NlowKDESMBAGA1UEAwwJbWl0bXByb3h5MRIwEAYDVQQKDAlt - # aXRtcHJveHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsUHB2if9A - # L5ytR9VrZncwDdx3J6ZdA2+wZQe9EjtX5ax1r55bbQBoJmN2HqZCSA3vdvMzr42W - # Jx0ksNhNocEGvER2dTUIqkUKeeYQIRCc5CD9T5IpUVVKm3aeJo+FATmuzg4m23MZ - # a9Up4nCdUJwufSqzv0ZWvEHERWtRXPYRZ2t+vKqnCS+dOQ3NsGWvC+12i7kNMKyy - # 0ylFBY/BZfaH/kMVzUijAnNQPWpW3T/Wqpx7z+IXZ+ccCQ1U1N26FXhSMa/+DenW - # fo27QVNOu5cIIpAYmTl6+Oek0XLSH8oFLdjeVtBJuHFA1iAfmqPv4yJDKbSgg/d8 - # Jb46BE2ZyW6RAgMBAAGjgdAwgc0wDwYDVR0TAQH/BAUwAwEB/zARBglghkgBhvhC - # AQEEBAMCAgQweAYDVR0lBHEwbwYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcD - # BAYIKwYBBQUHAwgGCisGAQQBgjcCARUGCisGAQQBgjcCARYGCisGAQQBgjcKAwEG - # CisGAQQBgjcKAwMGCisGAQQBgjcKAwQGCWCGSAGG+EIEATAOBgNVHQ8BAf8EBAMC - # AQYwHQYDVR0OBBYEFEiFqrQtFmTV66rlQ9SCqp7ohrtsMA0GCSqGSIb3DQEBCwUA - # A4IBAQBfH5xpxt4mCdnjiISaMeEcKuur2kfVbQEKNceDeKLZJfcwEkMtAr0LeyMV - # 1hkExtvyU0JPmgyzU7Le4UHEB8pwyyD3kYx7vBtxjVSXAbK1YKgDllPmXtlJGmA/ - # SMuxnwkUXwMeZBxmu8LR1SOQiMX+aZvYbQIjigduXOC/ZSHYtJbh+RmrvHFEBu7L - # zZx8DzJKOmlfo9gohNIW1ucRM6B4B5yy5plqurGlkFPHlRqGoWkJPI4oB+cobzMh - # QidzHgk4Set3bqIuYAsqtHGxdTtnGooagQBUWt0CxmGdmonofzinsAAasKprcBl6 - # QaNGz7o/LfHprXvCM1mHjbVVbZN2 - # -----END CERTIFICATE----- - # '' - # ]; - - # services.wakeonlan.interfaces = [ { interface = "eno1"; method = "magicpacket"; } ]; - - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - package = pkgs.nginx.override { - modules = with pkgs.nginxModules; [ rtmp ]; - }; - virtualHosts."stream.nyanlout.re" = { - locations."/" = { - root = "/var/www/hls/"; - extraConfig = '' - add_header Cache-Control no-cache; - add_header Access-Control-Allow-Origin *; - ''; - }; - default = true; - }; - appendConfig = let - rootLocation = config.services.nginx.virtualHosts."stream.nyanlout.re".locations."/".root; - in '' - rtmp { - server { - listen 1935; - - application live { - live on; - interleave on; - exec_push ${pkgs.ffmpeg}/bin/ffmpeg -i rtmp://localhost/$app/$name -async 1 -vsync -1 - -c:v libx264 -c:a aac -b:v 256k -b:a 96k -vf "scale=480:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_low - -c:v libx264 -c:a aac -b:v 768k -b:a 96k -vf "scale=720:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_mid - -c:v libx264 -c:a aac -b:v 1024k -b:a 128k -vf "scale=960:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_high - -c:v libx264 -c:a aac -b:v 1920k -b:a 128k -vf "scale=1280:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_hd720 - -c copy -f flv rtmp://localhost/show/$name_src 2>>${rootLocation}/ffmpeg-$name.log; - } - - application show { - live on; - hls on; - - hls_path ${rootLocation}; - hls_fragment 5; - hls_playlist_length 10; - hls_nested on; - - hls_variant _low BANDWIDTH=352000; # Low bitrate, sub-SD resolution - hls_variant _mid BANDWIDTH=448000; # Medium bitrate, SD resolution - hls_variant _high BANDWIDTH=1152000; # High bitrate, higher-than-SD resolution - hls_variant _hd720 BANDWIDTH=2048000; # High bitrate, HD 720p resolution - hls_variant _src BANDWIDTH=8192000; # Source bitrate, source resolution - } - } - } - ''; - }; - - services.xserver.deviceSection = '' - Option "metamodes" "DP-4: 3440x1440_144 +0+0 {AllowGSYNCCompatible=On}" - ''; - services.printing.enable = true; services.printing.drivers = [ pkgs.hplip ]; - systemd = let - DP4Config = "--output DP-4 --mode 3440x1440 --rate 144"; - HDMIConfig = "--output HDMI-0 --auto --left-of DP-4"; - in { - services = { - wol = { - description = "Wake-on-LAN"; - wantedBy = [ "multi-user.target" ]; - requires = [ "network.target" ]; - after = [ "network.target" ]; - script = '' - ${pkgs.ethtool}/sbin/ethtool -s eno1 wol g - ''; - serviceConfig.Type = "oneshot"; - }; - nginx.serviceConfig.ReadWritePaths = "/var/www/hls"; - zfs-replication.serviceConfig.StateDirectory = "zfs-replication"; - }; - user.services = { - "enableTV" = { - description = "Enable TV output"; - script = '' - ${pkgs.xorg.xrandr}/bin/xrandr ${DP4Config} --primary - /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-4: 3440x1440_144 { AllowGSYNCCompatible=On }" - ${pkgs.xorg.xrandr}/bin/xrandr ${HDMIConfig} - ${pkgs.pipewire}/bin/pw-cli s 43 Profile '{ index: 1 }' - ''; - conflicts = ["CSMode.service"]; - serviceConfig.Type = "oneshot"; - }; - "primaryTV" = { - description = "Set TV output as primary"; - script = '' - ${pkgs.xorg.xrandr}/bin/xrandr ${DP4Config} - /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-4: 3440x1440_144 { AllowGSYNCCompatible=On }" - ${pkgs.xorg.xrandr}/bin/xrandr ${HDMIConfig} --primary - ${pkgs.pipewire}/bin/pw-cli s 43 Profile '{ index: 1 }' - ''; - conflicts = ["CSMode.service"]; - serviceConfig.Type = "oneshot"; - }; - "FreeSyncMode" = { - description = "Enable FreeSync screen only"; - script = '' - ${pkgs.xorg.xrandr}/bin/xrandr ${DP4Config} - /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-4: 3440x1440_144 { AllowGSYNCCompatible=On }" - ${pkgs.xorg.xrandr}/bin/xrandr --output HDMI-0 --off - ''; - conflicts = ["CSMode.service"]; - serviceConfig.Type = "oneshot"; - }; - "CSMode" = { - description = "Enable 4:3 black bars"; - script = '' - ${pkgs.xorg.xrandr}/bin/xrandr ${DP4Config} --primary - /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-4: 3440x1440_144 { ViewPortIn=3440x1440, ViewPortOut=1920x1440+760+0, AllowGSYNCCompatible=On }" - ${pkgs.xorg.xrandr}/bin/xrandr --output HDMI-0 --off - ''; - preStop = '' - /run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-4: 3440x1440_144 { ViewPortIn=3440x1440, ViewPortOut=3440x1440+0+0, AllowGSYNCCompatible=On }" - ''; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - }; - }; + systemd.services = { + zfs-replication.serviceConfig.StateDirectory = "zfs-replication"; }; system.stateVersion = "20.03"; diff --git a/systems/PC-Fixe/hardware-configuration.nix b/systems/PC-Fixe/hardware-configuration.nix index 1547b63d..9277cce7 100644 --- a/systems/PC-Fixe/hardware-configuration.nix +++ b/systems/PC-Fixe/hardware-configuration.nix @@ -11,6 +11,10 @@ services.xserver.videoDrivers = [ "nvidia" ]; hardware.cpu.amd.updateMicrocode = true; + hardware.nvidia = { + modesetting.enable = true; + nvidiaSettings = false; + }; fileSystems."/" = { device = "rpool/root/nixos"; diff --git a/systems/common-gui.nix b/systems/common-gui.nix index 909737d8..2edf12d1 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -14,8 +14,6 @@ betaflight-configurator - # electrum - # electron-cash ledger-live-desktop monero-gui @@ -37,7 +35,7 @@ ark kate kmail - plasma5Packages.kdeconnect-kde + kdePackages.kdeconnect-kde okular yakuake konversation @@ -50,8 +48,6 @@ inherit (texlive) scheme-small titling collection-langfrench cm-super; }) - libsForQt5.breeze-gtk - libreoffice gimp @@ -76,12 +72,6 @@ programs.steam.enable = true; - # hardware = { - # pulseaudio.enable = true; - # }; - - # sound.enable = true; - security.rtkit.enable = true; services.pipewire = { @@ -107,12 +97,14 @@ }; services = { - xserver = { - enable = true; - layout = "fr"; - exportConfiguration = true; - displayManager.sddm.enable = true; - desktopManager.plasma5.enable = true; + desktopManager.plasma6.enable = true; + displayManager = { + autoLogin.user = "paul"; + sddm = { + enable = true; + wayland.enable = true; + autoLogin.relogin = true; + }; }; udev.packages = with pkgs; [ ledger-udev-rules ]; pcscd.enable = true; From 968033f95dc9502373ca36a83a630662557bac94 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 8 Jul 2024 14:15:04 +0200 Subject: [PATCH 388/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/49ee0e94463abada1de470c9c07bfc12b36dcf40' (2024-07-06) → 'github:NixOS/nixpkgs/194846768975b7ad2c4988bdb82572c00222c0d7' (2024-07-07) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 6b8ba3a0..c97f0991 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1720244366, - "narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=", + "lastModified": 1720386169, + "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40", + "rev": "194846768975b7ad2c4988bdb82572c00222c0d7", "type": "github" }, "original": { From c39ed728910f0fcaf508b93c79dfa708f84abc4f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 8 Jul 2024 20:58:18 +0200 Subject: [PATCH 389/474] LoutreOS: rollback wayland --- systems/PC-Fixe/configuration.nix | 6 ++++++ systems/PC-Fixe/hardware-configuration.nix | 1 - systems/common-gui.nix | 13 ++++++++++--- 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 9abe4af5..df609f1b 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -84,6 +84,8 @@ networking.firewall.enable = false; + services.displayManager.autoLogin.user = "paul"; + users.users.paul = { isNormalUser = true; extraGroups = [ "wheel" "networkmanager" "wireshark" "input" "dialout" "libvirtd" "vboxusers" ]; @@ -100,6 +102,10 @@ X11Forwarding = true; }; + services.xserver.deviceSection = '' + Option "metamodes" "DP-4: 3440x1440_144 +0+0 {AllowGSYNCCompatible=On}" + ''; + services.printing.enable = true; services.printing.drivers = [ pkgs.hplip ]; diff --git a/systems/PC-Fixe/hardware-configuration.nix b/systems/PC-Fixe/hardware-configuration.nix index 9277cce7..1deb602d 100644 --- a/systems/PC-Fixe/hardware-configuration.nix +++ b/systems/PC-Fixe/hardware-configuration.nix @@ -13,7 +13,6 @@ hardware.cpu.amd.updateMicrocode = true; hardware.nvidia = { modesetting.enable = true; - nvidiaSettings = false; }; fileSystems."/" = diff --git a/systems/common-gui.nix b/systems/common-gui.nix index 2edf12d1..b58f9d49 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -48,6 +48,8 @@ inherit (texlive) scheme-small titling collection-langfrench cm-super; }) + libsForQt5.breeze-gtk + libreoffice gimp @@ -97,15 +99,20 @@ }; services = { - desktopManager.plasma6.enable = true; + # desktopManager.plasma6.enable = true; displayManager = { - autoLogin.user = "paul"; sddm = { enable = true; - wayland.enable = true; + # wayland.enable = true; autoLogin.relogin = true; }; }; + xserver = { + enable = true; + xkb.layout = "fr"; + exportConfiguration = true; + desktopManager.plasma5.enable = true; + }; udev.packages = with pkgs; [ ledger-udev-rules ]; pcscd.enable = true; }; From cd2c41130dcfc7594d1718e2b6a9589f02d06bc0 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 14 Jul 2024 14:56:46 +0200 Subject: [PATCH 390/474] LoutreOS: create lg devmode reset timer --- systems/LoutreOS/services.nix | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 49d6c10c..e8705c99 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -331,7 +331,26 @@ in }; }; - systemd.services."borgbackup-job-loutre".serviceConfig.TemporaryFileSystem = ["/mnt/borgsnap"]; + systemd = { + timers."lg-devmode-reset" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = "5m"; + OnUnitActiveSec = "1w"; + }; + }; + services = { + "borgbackup-job-loutre".serviceConfig.TemporaryFileSystem = ["/mnt/borgsnap"]; + "lg-devmode-reset" = { + script = '' + ${pkgs.curl}/bin/curl https://developer.lge.com/secure/ResetDevModeSession.dev\?sessionToken\=9f94269da0dc14fd924b65d8dca28b076f931ad1ca04fe7a09ac78cdb0e22cb4 + ''; + serviceConfig = { + Type = "oneshot"; + }; + }; + }; + }; dogetipbot-telegram.enable = true; From 9e08d33ccfb3e8c10dace0244135d0f54541a4a8 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 14 Jul 2024 14:57:35 +0200 Subject: [PATCH 391/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/194846768975b7ad2c4988bdb82572c00222c0d7' (2024-07-07) → 'github:NixOS/nixpkgs/f12ee5f64c6a09995e71c9626d88c4efa983b488' (2024-07-12) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/9f4128e00b0ae8ec65918efeba59db998750ead6' (2024-07-03) → 'github:NixOS/nixpkgs/7e7c39ea35c5cdd002cd4588b03a3fb9ece6fad9' (2024-07-12) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index c97f0991..e2907d8d 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1720386169, - "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=", + "lastModified": 1720823163, + "narHash": "sha256-FZ5dnrvKkln9ESdoTR8R7GKW9rNpXNZrxGsOXsbsTpE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "194846768975b7ad2c4988bdb82572c00222c0d7", + "rev": "f12ee5f64c6a09995e71c9626d88c4efa983b488", "type": "github" }, "original": { @@ -91,11 +91,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1720031269, - "narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=", + "lastModified": 1720768451, + "narHash": "sha256-EYekUHJE2gxeo2pM/zM9Wlqw1Uw2XTJXOSAO79ksc4Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9f4128e00b0ae8ec65918efeba59db998750ead6", + "rev": "7e7c39ea35c5cdd002cd4588b03a3fb9ece6fad9", "type": "github" }, "original": { From 260cf209714402e076feed78168b14033ff2aee2 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 14 Jul 2024 16:14:45 +0200 Subject: [PATCH 392/474] LoutreOS: install watcharr --- flake.nix | 15 +++++++++++++++ pkgs/watcharr/default.nix | 11 ++++++----- systems/LoutreOS/web.nix | 1 + 3 files changed, 22 insertions(+), 5 deletions(-) diff --git a/flake.nix b/flake.nix index 7fc25dca..2a5a3c33 100644 --- a/flake.nix +++ b/flake.nix @@ -61,6 +61,21 @@ }; }; }; + systemd.services.watcharr = { + description = "Watcharr"; + after = [ "network.target" ]; + environment = { + PORT = "3005"; + WATCHARR_DATA = "/var/lib/watcharr"; + }; + serviceConfig = { + DynamicUser = true; + StateDirectory = "watcharr"; + ExecStart = "${self.packages.x86_64-linux.watcharr}/bin/Watcharr"; + PrivateTmp = true; + }; + wantedBy = [ "multi-user.target" ]; + }; } ./systems/LoutreOS/configuration.nix ]; diff --git a/pkgs/watcharr/default.nix b/pkgs/watcharr/default.nix index d58b28b6..23422d7f 100644 --- a/pkgs/watcharr/default.nix +++ b/pkgs/watcharr/default.nix @@ -11,18 +11,18 @@ }: let - version = "1.39.0"; + version = "1.41.0"; src = fetchFromGitHub { owner = "sbondCo"; repo = "Watcharr"; rev = "v${version}"; - sha256 = "sha256-40XLYc1ub2Qzf8r9g+Ay8Y8CAHYU+P9CI60heLAuQkE="; + hash = "sha256-ZvCxgfZZ9pbp+NvH+IhWphJWnAwgAH0x/REPd/XxJ70="; }; frontend = buildNpmPackage { pname = "watcharr-ui"; inherit version src; - npmDepsHash = "sha256-sigkeK1bLbZfOU8756yLt5avqnOJWC4t4TnV6EvFTPY="; + npmDepsHash = "sha256-73paI0y4QyzkEnU99f1HeLD/hW8GP3F9N8tGGQnloH8="; installPhase = '' cp -r build $out @@ -37,14 +37,15 @@ buildGoModule { src = src + "/server"; - vendorHash = "sha256-vmroCetQc1Ix65B2Br33lyWt0FwGeQXMoD5fLinQg28="; + vendorHash = "sha256-86pFpS8ZSj+c7vwn0QCwzXlvVYJIf3SBj4X81zlwBWQ="; # Inject frontend assets into go embed prePatch = '' # rm -rf ui # ln -s ${frontend} ui substituteInPlace watcharr.go \ - --replace-fail ui/index.js ${frontend}/index.js + --replace-fail ui/index.js ${frontend}/index.js \ + --replace-fail \"127.0.0.1:3000\" "\"127.0.0.1:\"+os.Getenv(\"PORT\")" ''; buildInputs = [ pkgs.makeWrapper ]; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 036a5289..64dbdde2 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -352,6 +352,7 @@ in forceSSL = true; enableACME = true; }; + "watcharr.nyanlout.re" = simpleReverse 3080; }; }; From b34231217adbf699f0ee7300721b246ce3903ec3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 14 Jul 2024 16:14:58 +0200 Subject: [PATCH 393/474] replace youtube-dl by yt-dlp --- systems/common-cli.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/common-cli.nix b/systems/common-cli.nix index d8359d9f..031f53e6 100644 --- a/systems/common-cli.nix +++ b/systems/common-cli.nix @@ -57,7 +57,7 @@ fzf file ncdu - youtube-dl + yt-dlp tldr starship From 2772a3086d9cad2c3fc9d71d7aad99eca1059cd9 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 28 Jul 2024 13:57:16 +0200 Subject: [PATCH 394/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/f12ee5f64c6a09995e71c9626d88c4efa983b488' (2024-07-12) → 'github:NixOS/nixpkgs/8c50662509100d53229d4be607f1a3a31157fa12' (2024-07-27) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/7e7c39ea35c5cdd002cd4588b03a3fb9ece6fad9' (2024-07-12) → 'github:NixOS/nixpkgs/b73c2221a46c13557b1b3be9c2070cc42cf01eb3' (2024-07-27) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index e2907d8d..e3e0b152 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1720823163, - "narHash": "sha256-FZ5dnrvKkln9ESdoTR8R7GKW9rNpXNZrxGsOXsbsTpE=", + "lastModified": 1722087241, + "narHash": "sha256-2ShmEaFi0kJVOEEu5gmlykN5dwjWYWYUJmlRTvZQRpU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f12ee5f64c6a09995e71c9626d88c4efa983b488", + "rev": "8c50662509100d53229d4be607f1a3a31157fa12", "type": "github" }, "original": { @@ -91,11 +91,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1720768451, - "narHash": "sha256-EYekUHJE2gxeo2pM/zM9Wlqw1Uw2XTJXOSAO79ksc4Y=", + "lastModified": 1722062969, + "narHash": "sha256-QOS0ykELUmPbrrUGmegAUlpmUFznDQeR4q7rFhl8eQg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7e7c39ea35c5cdd002cd4588b03a3fb9ece6fad9", + "rev": "b73c2221a46c13557b1b3be9c2070cc42cf01eb3", "type": "github" }, "original": { From 114fae331f1bf0ee71147b8cdd5ad187c64a45b2 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 29 Jul 2024 20:20:22 +0200 Subject: [PATCH 395/474] fix Epomaker Fn keys --- systems/PC-Fixe/configuration.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index df609f1b..6caccbf7 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -28,6 +28,9 @@ ]; boot.tmp.useTmpfs = false; boot.supportedFilesystems = [ "zfs" ]; + boot.extraModprobeConfig = '' + options hid_apple fnmode=2 + ''; virtualisation.podman.enable = true; From 43e14afa38e1ce3269aed6024c67891c0253f61c Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 29 Jul 2024 20:22:42 +0200 Subject: [PATCH 396/474] disable old HDD mount --- systems/PC-Fixe/hardware-configuration.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/systems/PC-Fixe/hardware-configuration.nix b/systems/PC-Fixe/hardware-configuration.nix index 1deb602d..97fc3ee7 100644 --- a/systems/PC-Fixe/hardware-configuration.nix +++ b/systems/PC-Fixe/hardware-configuration.nix @@ -40,10 +40,10 @@ fsType = "zfs"; }; - fileSystems."/mnt/hdd" = - { device = "/dev/mapper/ManjaroVG-ManjaroRoot"; - fsType = "ext4"; - }; + # fileSystems."/mnt/hdd" = + # { device = "/dev/mapper/ManjaroVG-ManjaroRoot"; + # fsType = "ext4"; + # }; fileSystems."/mnt/medias" = { device = "10.30.0.1:/mnt/medias"; From 2b9d525a50387a934d4470d9b9d3d5efe3f651f1 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 29 Jul 2024 20:23:06 +0200 Subject: [PATCH 397/474] fix browserpass in Firefox --- systems/common-gui.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/common-gui.nix b/systems/common-gui.nix index b58f9d49..99b065c2 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -17,7 +17,6 @@ ledger-live-desktop monero-gui - firefox tor-browser-bundle-bin brave @@ -73,6 +72,7 @@ console.keyMap = "fr"; programs.steam.enable = true; + programs.firefox.enable = true; security.rtkit.enable = true; From 56095f920c79aca4704d237e716ac2d6040371ca Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 6 Aug 2024 17:56:31 +0200 Subject: [PATCH 398/474] Improve Nextcloud preview generation and autoupdate apps --- systems/LoutreOS/web.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 64dbdde2..a373e0ae 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -401,6 +401,25 @@ in dbtype = "pgsql"; adminpassFile = "$CREDENTIALS_DIRECTORY/nextcloud_admin.pass"; }; + settings = { + "preview_max_filesize_image" = "-1"; + "preview_max_memory" = "1024"; + "preview_ffmpeg_path" = "${pkgs.ffmpeg}/bin/ffmpeg"; + "enabledPreviewProviders" = [ + ''OC\Preview\BMP'' + ''OC\Preview\GIF'' + ''OC\Preview\JPEG'' + ''OC\Preview\Krita'' + ''OC\Preview\MarkDown'' + ''OC\Preview\MP3'' + ''OC\Preview\OpenDocument'' + ''OC\Preview\PNG'' + ''OC\Preview\TXT'' + ''OC\Preview\XBitmap'' + ''OC\Preview\Movie'' + ]; + }; + autoUpdateApps.enable = true; }; }; From 91b73bceb1da432d467ed485879743f0b9d21678 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 7 Aug 2024 09:36:58 +0200 Subject: [PATCH 399/474] backup nextcloud --- systems/LoutreOS/services.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index e8705c99..e4f0e795 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -127,6 +127,8 @@ in "/var/lib/hass" "/var/lib/opendkim" "/var/lib/slimserver" + "/var/lib/watcharr" + "/var/lib/nextcloud" "/mnt/medias/musique" "/mnt/medias/torrent/lidarr" "/mnt/medias/torrent/musique" @@ -139,6 +141,7 @@ in exclude = [ "/var/lib/radarr/.config/Radarr/radarr.db-wal" "/var/lib/radarr/.config/Radarr/radarr.db-shm" + "/mnt/paul-home/paul/.cache" ]; repo = "ssh://u306925@u306925.your-storagebox.de:23/./loutreos"; environment = { BORG_RSH = "ssh -i /mnt/secrets/hetzner_ssh_key"; }; From 01cf06eba18428d73e179cbca8a38e4ae340d3bb Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 7 Aug 2024 09:55:37 +0200 Subject: [PATCH 400/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/8c50662509100d53229d4be607f1a3a31157fa12' (2024-07-27) → 'github:NixOS/nixpkgs/883180e6550c1723395a3a342f830bfc5c371f6b' (2024-08-05) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/b73c2221a46c13557b1b3be9c2070cc42cf01eb3' (2024-07-27) → 'github:NixOS/nixpkgs/cb9a96f23c491c081b38eab96d22fa958043c9fa' (2024-08-04) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index e3e0b152..f27cff0d 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1722087241, - "narHash": "sha256-2ShmEaFi0kJVOEEu5gmlykN5dwjWYWYUJmlRTvZQRpU=", + "lastModified": 1722869614, + "narHash": "sha256-7ojM1KSk3mzutD7SkrdSflHXEujPvW1u7QuqWoTLXQU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8c50662509100d53229d4be607f1a3a31157fa12", + "rev": "883180e6550c1723395a3a342f830bfc5c371f6b", "type": "github" }, "original": { @@ -91,11 +91,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1722062969, - "narHash": "sha256-QOS0ykELUmPbrrUGmegAUlpmUFznDQeR4q7rFhl8eQg=", + "lastModified": 1722813957, + "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b73c2221a46c13557b1b3be9c2070cc42cf01eb3", + "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa", "type": "github" }, "original": { From 278b49fe661affced623fd9dc2c9607259f828b3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 12 Aug 2024 10:06:12 +0200 Subject: [PATCH 401/474] cleanup common GUI config --- systems/PC-Fixe/configuration.nix | 6 +++-- systems/common-cli.nix | 3 ++- systems/common-gui.nix | 38 +++++++++++++++---------------- 3 files changed, 25 insertions(+), 22 deletions(-) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 6caccbf7..eac4b972 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -82,8 +82,10 @@ esphome ]; - programs.wireshark.enable = true; - programs.wireshark.package = pkgs.wireshark; + programs = { + wireshark.enable = true; + alvr.enable = true; + }; networking.firewall.enable = false; diff --git a/systems/common-cli.nix b/systems/common-cli.nix index 031f53e6..3b5e1af6 100644 --- a/systems/common-cli.nix +++ b/systems/common-cli.nix @@ -30,7 +30,6 @@ }) # Gestionnaires de version - gitMinimal tig gitAndTools.hub quilt @@ -104,6 +103,8 @@ bash.interactiveShellInit = '' eval "$(starship init bash)" ''; + + git.enable = true; }; environment.variables = let diff --git a/systems/common-gui.nix b/systems/common-gui.nix index 99b065c2..5de6654c 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -61,7 +61,6 @@ glxinfo i7z - appimage-run pavucontrol ]; @@ -71,31 +70,26 @@ console.keyMap = "fr"; - programs.steam.enable = true; - programs.firefox.enable = true; - - security.rtkit.enable = true; - - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - }; - networking.networkmanager.enable = true; systemd.extraConfig = "DefaultLimitNOFILE=1048576"; - security.pam.loginLimits = [{ - domain = "*"; - type = "hard"; - item = "nofile"; - value = "1048576"; - }]; + + security = { + pam.loginLimits = [{ + domain = "*"; + type = "hard"; + item = "nofile"; + value = "1048576"; + }]; + rtkit.enable = true; + }; programs = { gnupg.agent = { enable = true; enableSSHSupport = true; }; browserpass.enable = true; + steam.enable = true; + firefox.enable = true; + appimage.enable = true; }; services = { @@ -113,6 +107,12 @@ exportConfiguration = true; desktopManager.plasma5.enable = true; }; + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; udev.packages = with pkgs; [ ledger-udev-rules ]; pcscd.enable = true; }; From e4c8c2acfa870b544446cfe7fec509280a643a9f Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 12 Aug 2024 10:07:17 +0200 Subject: [PATCH 402/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/8c50662509100d53229d4be607f1a3a31157fa12' (2024-07-27) → 'github:NixOS/nixpkgs/a781ff33ae258bbcfd4ed6e673860c3e923bf2cc' (2024-08-10) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/b73c2221a46c13557b1b3be9c2070cc42cf01eb3' (2024-07-27) → 'github:NixOS/nixpkgs/5e0ca22929f3342b19569b21b2f3462f053e497b' (2024-08-09) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index e3e0b152..d4115c84 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1722087241, - "narHash": "sha256-2ShmEaFi0kJVOEEu5gmlykN5dwjWYWYUJmlRTvZQRpU=", + "lastModified": 1723282977, + "narHash": "sha256-oTK91aOlA/4IsjNAZGMEBz7Sq1zBS0Ltu4/nIQdYDOg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8c50662509100d53229d4be607f1a3a31157fa12", + "rev": "a781ff33ae258bbcfd4ed6e673860c3e923bf2cc", "type": "github" }, "original": { @@ -91,11 +91,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1722062969, - "narHash": "sha256-QOS0ykELUmPbrrUGmegAUlpmUFznDQeR4q7rFhl8eQg=", + "lastModified": 1723175592, + "narHash": "sha256-M0xJ3FbDUc4fRZ84dPGx5VvgFsOzds77KiBMW/mMTnI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b73c2221a46c13557b1b3be9c2070cc42cf01eb3", + "rev": "5e0ca22929f3342b19569b21b2f3462f053e497b", "type": "github" }, "original": { From c5e29217973b3d7ed5fa83ffb1b6930de961ca7d Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 6 Sep 2024 01:15:42 +0200 Subject: [PATCH 403/474] install switch emulator --- systems/common-gui.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/common-gui.nix b/systems/common-gui.nix index 5de6654c..6d8365d1 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -11,6 +11,7 @@ prismlauncher lutris teamspeak_client + ryujinx betaflight-configurator From 06d9956291cfaa979ceac335f1239ab77f9099da Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 6 Sep 2024 01:17:01 +0200 Subject: [PATCH 404/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/a781ff33ae258bbcfd4ed6e673860c3e923bf2cc' (2024-08-10) → 'github:NixOS/nixpkgs/6f6c45b5134a8ee2e465164811e451dcb5ad86e3' (2024-09-03) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/5e0ca22929f3342b19569b21b2f3462f053e497b' (2024-08-09) → 'github:NixOS/nixpkgs/ad416d066ca1222956472ab7d0555a6946746a80' (2024-09-04) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index d4115c84..7942c7ff 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1723282977, - "narHash": "sha256-oTK91aOlA/4IsjNAZGMEBz7Sq1zBS0Ltu4/nIQdYDOg=", + "lastModified": 1725407940, + "narHash": "sha256-tiN5Rlg/jiY0tyky+soJZoRzLKbPyIdlQ77xVgREDNM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a781ff33ae258bbcfd4ed6e673860c3e923bf2cc", + "rev": "6f6c45b5134a8ee2e465164811e451dcb5ad86e3", "type": "github" }, "original": { @@ -91,11 +91,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1723175592, - "narHash": "sha256-M0xJ3FbDUc4fRZ84dPGx5VvgFsOzds77KiBMW/mMTnI=", + "lastModified": 1725432240, + "narHash": "sha256-+yj+xgsfZaErbfYM3T+QvEE2hU7UuE+Jf0fJCJ8uPS0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5e0ca22929f3342b19569b21b2f3462f053e497b", + "rev": "ad416d066ca1222956472ab7d0555a6946746a80", "type": "github" }, "original": { From 41d4a4ab12f1026e0fb23666243139181be31425 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 6 Sep 2024 01:34:44 +0200 Subject: [PATCH 405/474] fix nvidia driver --- systems/PC-Fixe/hardware-configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/PC-Fixe/hardware-configuration.nix b/systems/PC-Fixe/hardware-configuration.nix index 97fc3ee7..9fa5a759 100644 --- a/systems/PC-Fixe/hardware-configuration.nix +++ b/systems/PC-Fixe/hardware-configuration.nix @@ -12,6 +12,7 @@ services.xserver.videoDrivers = [ "nvidia" ]; hardware.cpu.amd.updateMicrocode = true; hardware.nvidia = { + open = false; modesetting.enable = true; }; From 5b1cc90b6f2a96caac265ba0ad44d4dfa7524e11 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 2 Oct 2024 17:54:44 +0200 Subject: [PATCH 406/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/6f6c45b5134a8ee2e465164811e451dcb5ad86e3' (2024-09-03) → 'github:NixOS/nixpkgs/1719f27dd95fd4206afb9cec9f415b539978827e' (2024-09-30) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/ad416d066ca1222956472ab7d0555a6946746a80' (2024-09-04) → 'github:NixOS/nixpkgs/27e30d177e57d912d614c88c622dcfdb2e6e6515' (2024-10-01) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 7942c7ff..256ab04b 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725407940, - "narHash": "sha256-tiN5Rlg/jiY0tyky+soJZoRzLKbPyIdlQ77xVgREDNM=", + "lastModified": 1727672256, + "narHash": "sha256-9/79hjQc9+xyH+QxeMcRsA6hDyw6Z9Eo1/oxjvwirLk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6f6c45b5134a8ee2e465164811e451dcb5ad86e3", + "rev": "1719f27dd95fd4206afb9cec9f415b539978827e", "type": "github" }, "original": { @@ -91,11 +91,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1725432240, - "narHash": "sha256-+yj+xgsfZaErbfYM3T+QvEE2hU7UuE+Jf0fJCJ8uPS0=", + "lastModified": 1727802920, + "narHash": "sha256-HP89HZOT0ReIbI7IJZJQoJgxvB2Tn28V6XS3MNKnfLs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ad416d066ca1222956472ab7d0555a6946746a80", + "rev": "27e30d177e57d912d614c88c622dcfdb2e6e6515", "type": "github" }, "original": { From d271a36f7e0270045dab9853d6498ed3c1ac4167 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 2 Oct 2024 19:04:45 +0200 Subject: [PATCH 407/474] migrate slimserver to nixos module --- systems/LoutreOS/medias.nix | 26 ++------------------------ 1 file changed, 2 insertions(+), 24 deletions(-) diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index 6c3fa2bb..080d54ae 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -40,6 +40,8 @@ ImageCacheSize = 0; }; }; + + slimserver.enable = true; }; systemd.services.transmission.serviceConfig = { @@ -56,28 +58,4 @@ config.services.transmission.settings.peer-port ]; }; - - virtualisation = { - podman.autoPrune.enable = true; - oci-containers = { - backend = "podman"; - containers = { - slimserver = { - image = "docker.io/lmscommunity/logitechmediaserver:stable"; - volumes = [ - "/mnt/medias/musique:/music:ro" - "/var/lib/slimserver:/config:rw" - "/etc/localtime:/etc/localtime:ro" - ]; - ports = [ - "10.30.0.1:9000:9000/tcp" - "10.30.0.1:9090:9090/tcp" - "10.30.0.1:3483:3483/tcp" - "10.30.0.1:3483:3483/udp" - ]; - extraOptions = ["--pull=always"]; - }; - }; - }; - }; } From 312c1e00a9eeefda575adccfae5f2642a1d2bb1e Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 2 Oct 2024 19:05:08 +0200 Subject: [PATCH 408/474] disable nixos containers functionality --- systems/LoutreOS/configuration.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 1db99630..f4edc52d 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -25,6 +25,9 @@ tmp.useTmpfs = true; kernel.sysctl."net.ipv6.conf.all.forwarding" = true; + + # Enabling both boot.enableContainers & virtualisation.containers on system.stateVersion < 22.05 is unsupported + enableContainers = false; }; documentation.nixos.enable = false; From 25d2c2ba647773b20e1e15a72924d77382ca6bcc Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 9 Oct 2024 21:13:18 +0200 Subject: [PATCH 409/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/1719f27dd95fd4206afb9cec9f415b539978827e' (2024-09-30) → 'github:NixOS/nixpkgs/1bfbbbe5bbf888d675397c66bfdb275d0b99361c' (2024-10-07) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/27e30d177e57d912d614c88c622dcfdb2e6e6515' (2024-10-01) → 'github:NixOS/nixpkgs/c31898adf5a8ed202ce5bea9f347b1c6871f32d1' (2024-10-06) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 256ab04b..09921318 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1727672256, - "narHash": "sha256-9/79hjQc9+xyH+QxeMcRsA6hDyw6Z9Eo1/oxjvwirLk=", + "lastModified": 1728328465, + "narHash": "sha256-a0a0M1TmXMK34y3M0cugsmpJ4FJPT/xsblhpiiX1CXo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1719f27dd95fd4206afb9cec9f415b539978827e", + "rev": "1bfbbbe5bbf888d675397c66bfdb275d0b99361c", "type": "github" }, "original": { @@ -91,11 +91,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1727802920, - "narHash": "sha256-HP89HZOT0ReIbI7IJZJQoJgxvB2Tn28V6XS3MNKnfLs=", + "lastModified": 1728241625, + "narHash": "sha256-yumd4fBc/hi8a9QgA9IT8vlQuLZ2oqhkJXHPKxH/tRw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "27e30d177e57d912d614c88c622dcfdb2e6e6515", + "rev": "c31898adf5a8ed202ce5bea9f347b1c6871f32d1", "type": "github" }, "original": { From d2484bb5799ac703e9191a176c4fd5482a075195 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 11 Oct 2024 22:54:30 +0200 Subject: [PATCH 410/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/1bfbbbe5bbf888d675397c66bfdb275d0b99361c' (2024-10-07) → 'github:NixOS/nixpkgs/d51c28603def282a24fa034bcb007e2bcb5b5dd0' (2024-10-09) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/c31898adf5a8ed202ce5bea9f347b1c6871f32d1' (2024-10-06) → 'github:NixOS/nixpkgs/5633bcff0c6162b9e4b5f1264264611e950c8ec7' (2024-10-09) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 09921318..8d0d3301 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1728328465, - "narHash": "sha256-a0a0M1TmXMK34y3M0cugsmpJ4FJPT/xsblhpiiX1CXo=", + "lastModified": 1728500571, + "narHash": "sha256-dOymOQ3AfNI4Z337yEwHGohrVQb4yPODCW9MDUyAc4w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1bfbbbe5bbf888d675397c66bfdb275d0b99361c", + "rev": "d51c28603def282a24fa034bcb007e2bcb5b5dd0", "type": "github" }, "original": { @@ -91,11 +91,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1728241625, - "narHash": "sha256-yumd4fBc/hi8a9QgA9IT8vlQuLZ2oqhkJXHPKxH/tRw=", + "lastModified": 1728492678, + "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c31898adf5a8ed202ce5bea9f347b1c6871f32d1", + "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7", "type": "github" }, "original": { From b7cd7fcfe5f384f7c06d01ab4222013d8e903bbf Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 11 Oct 2024 22:59:27 +0200 Subject: [PATCH 411/474] disable boot.enableContainers on PC-fixe --- systems/PC-Fixe/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index eac4b972..83a7ee4e 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -118,5 +118,6 @@ zfs-replication.serviceConfig.StateDirectory = "zfs-replication"; }; + boot.enableContainers = false; system.stateVersion = "20.03"; } From d6733835aa2b91f4d802627fc28f328046b97b68 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 16 Oct 2024 19:57:04 +0200 Subject: [PATCH 412/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d51c28603def282a24fa034bcb007e2bcb5b5dd0' (2024-10-09) → 'github:NixOS/nixpkgs/c0b1da36f7c34a7146501f684e9ebdf15d2bebf8' (2024-10-14) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/5633bcff0c6162b9e4b5f1264264611e950c8ec7' (2024-10-09) → 'github:NixOS/nixpkgs/a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c' (2024-10-14) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 8d0d3301..bba6cc14 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1728500571, - "narHash": "sha256-dOymOQ3AfNI4Z337yEwHGohrVQb4yPODCW9MDUyAc4w=", + "lastModified": 1728909085, + "narHash": "sha256-WLxED18lodtQiayIPDE5zwAfkPJSjHJ35UhZ8h3cJUg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d51c28603def282a24fa034bcb007e2bcb5b5dd0", + "rev": "c0b1da36f7c34a7146501f684e9ebdf15d2bebf8", "type": "github" }, "original": { @@ -91,11 +91,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1728492678, - "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=", + "lastModified": 1728888510, + "narHash": "sha256-nsNdSldaAyu6PE3YUA+YQLqUDJh+gRbBooMMekZJwvI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7", + "rev": "a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c", "type": "github" }, "original": { From 032fc5650376ee8f29309210d27a9959acf965cc Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 20 Oct 2024 11:20:01 +0200 Subject: [PATCH 413/474] LoutreOS: downgrade transmission to 4.0.5 --- flake.lock | 17 +++++++++++++++++ flake.nix | 15 ++++++++++++--- overlays/transmission.nix | 8 -------- systems/LoutreOS/configuration.nix | 4 ---- systems/LoutreOS/medias.nix | 10 +++++----- 5 files changed, 34 insertions(+), 20 deletions(-) delete mode 100644 overlays/transmission.nix diff --git a/flake.lock b/flake.lock index 256ab04b..8cb66c65 100644 --- a/flake.lock +++ b/flake.lock @@ -89,6 +89,22 @@ "type": "indirect" } }, + "nixpkgs-4a3fc4cf7": { + "locked": { + "lastModified": 1716914467, + "narHash": "sha256-KkT6YM/yNQqirtYj/frn6RRakliB8RDvGqVGGaNhdcU=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "rev": "4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4", + "type": "github" + } + }, "nixpkgs-unstable": { "locked": { "lastModified": 1727802920, @@ -109,6 +125,7 @@ "dogetipbot-telegram": "dogetipbot-telegram", "ipmihddtemp": "ipmihddtemp", "nixpkgs": "nixpkgs", + "nixpkgs-4a3fc4cf7": "nixpkgs-4a3fc4cf7", "nixpkgs-unstable": "nixpkgs-unstable", "simple-nixos-mailserver": "simple-nixos-mailserver" } diff --git a/flake.nix b/flake.nix index 2a5a3c33..202075bd 100644 --- a/flake.nix +++ b/flake.nix @@ -2,6 +2,8 @@ inputs = { nixpkgs.url = "flake:nixpkgs/nixos-24.05"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; + # transmission 4.0.5 downgrade to fix tracker bug + nixpkgs-4a3fc4cf7.url = "github:nixos/nixpkgs/4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4"; simple-nixos-mailserver = { url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; inputs = { @@ -19,7 +21,7 @@ }; }; - outputs = { self, nixpkgs, nixpkgs-unstable, simple-nixos-mailserver, dogetipbot-telegram, ipmihddtemp }: { + outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-4a3fc4cf7, simple-nixos-mailserver, dogetipbot-telegram, ipmihddtemp }: { packages.x86_64-linux = (import ./pkgs nixpkgs.legacyPackages.x86_64-linux); @@ -43,9 +45,16 @@ ]; }; - nixosConfigurations.loutreos = nixpkgs.lib.nixosSystem { + nixosConfigurations.loutreos = nixpkgs.lib.nixosSystem rec { system = "x86_64-linux"; - specialArgs = { inherit nixpkgs-unstable; }; + specialArgs = { + pkgs-unstable = import nixpkgs-unstable { + inherit system; + }; + pkgs-4a3fc4cf7 = import nixpkgs-4a3fc4cf7 { + inherit system; + }; + }; modules = [ nixpkgs-unstable.nixosModules.notDetected simple-nixos-mailserver.nixosModule diff --git a/overlays/transmission.nix b/overlays/transmission.nix deleted file mode 100644 index 3294870a..00000000 --- a/overlays/transmission.nix +++ /dev/null @@ -1,8 +0,0 @@ -self: super: -{ - transmission = (super.transmission.overrideAttrs (oA: { - patches = []; - })).override { - openssl = super.openssl_legacy; - }; -} \ No newline at end of file diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index f4edc52d..3c1d3166 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -214,10 +214,6 @@ "40-enp0s21u1".dhcpV4Config.RouteMetric = 1024; }; - nixpkgs.overlays = [ - (import ../../overlays/transmission.nix) - ]; - services.openssh = { enable = true; settings = { diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index 080d54ae..e0c9566a 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -1,10 +1,10 @@ -{ config, lib, pkgs, nixpkgs-unstable, ... }: +{ config, lib, pkgs, pkgs-unstable, pkgs-4a3fc4cf7, ... }: { services = { transmission = { enable = true; - package = nixpkgs-unstable.legacyPackages.x86_64-linux.transmission_4; + package = pkgs-4a3fc4cf7.transmission_4; home = "/var/lib/transmission"; group = "medias"; settings = { @@ -20,17 +20,17 @@ radarr = { enable = true; - package = nixpkgs-unstable.legacyPackages.x86_64-linux.radarr; + package = pkgs-unstable.radarr; }; sonarr = { enable = true; - package = nixpkgs-unstable.legacyPackages.x86_64-linux.sonarr; + package = pkgs-unstable.sonarr; }; prowlarr.enable = true; jellyfin = { enable = true; - package = nixpkgs-unstable.legacyPackages.x86_64-linux.jellyfin; + package = pkgs-unstable.jellyfin; }; navidrome = { From 9984e14035ad304c8f7afbaabdfac243ace6fe76 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 28 Oct 2024 21:43:37 +0100 Subject: [PATCH 414/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'dogetipbot-telegram': 'gitlab:nyanloutre/dogetipbot-telegram/d7970444d7b9b602b55aa67f5e593d41e97d12cf' (2023-06-13) → 'gitlab:nyanloutre/dogetipbot-telegram/f5b59ef0cb8124cadf203eb26e1498847366abad' (2024-10-20) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/c0b1da36f7c34a7146501f684e9ebdf15d2bebf8' (2024-10-14) → 'github:NixOS/nixpkgs/cd3e8833d70618c4eea8df06f95b364b016d4950' (2024-10-26) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c' (2024-10-14) → 'github:NixOS/nixpkgs/18536bf04cd71abd345f9579158841376fdd0c5a' (2024-10-25) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 6b25bbc7..412d0b62 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ ] }, "locked": { - "lastModified": 1686669604, - "narHash": "sha256-xoPWq1PMEGauyZfVDx85kWERWlCZ2KWgFZSw7Fdx7Ns=", + "lastModified": 1729415843, + "narHash": "sha256-5IokBDbQEeoWROH8lrfy2Ngo2hCl+tdOY9a6WqrE1Sc=", "owner": "nyanloutre", "repo": "dogetipbot-telegram", - "rev": "d7970444d7b9b602b55aa67f5e593d41e97d12cf", + "rev": "f5b59ef0cb8124cadf203eb26e1498847366abad", "type": "gitlab" }, "original": { @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1728909085, - "narHash": "sha256-WLxED18lodtQiayIPDE5zwAfkPJSjHJ35UhZ8h3cJUg=", + "lastModified": 1729973466, + "narHash": "sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c0b1da36f7c34a7146501f684e9ebdf15d2bebf8", + "rev": "cd3e8833d70618c4eea8df06f95b364b016d4950", "type": "github" }, "original": { @@ -107,11 +107,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1728888510, - "narHash": "sha256-nsNdSldaAyu6PE3YUA+YQLqUDJh+gRbBooMMekZJwvI=", + "lastModified": 1729880355, + "narHash": "sha256-RP+OQ6koQQLX5nw0NmcDrzvGL8HDLnyXt/jHhL1jwjM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c", + "rev": "18536bf04cd71abd345f9579158841376fdd0c5a", "type": "github" }, "original": { From 3d797c3c6fe261a387e4ad328475910622aaa191 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 28 Oct 2024 21:48:12 +0100 Subject: [PATCH 415/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'dogetipbot-telegram': 'gitlab:nyanloutre/dogetipbot-telegram/f5b59ef0cb8124cadf203eb26e1498847366abad' (2024-10-20) → 'gitlab:nyanloutre/dogetipbot-telegram/667e318212920005917792b06e0f480b421fa6d3' (2024-10-28) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 412d0b62..901a5ee6 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ ] }, "locked": { - "lastModified": 1729415843, - "narHash": "sha256-5IokBDbQEeoWROH8lrfy2Ngo2hCl+tdOY9a6WqrE1Sc=", + "lastModified": 1730148450, + "narHash": "sha256-CSxPIeDqavQ3fJhshuNs0oS84P1p87BsbNoashKlrKg=", "owner": "nyanloutre", "repo": "dogetipbot-telegram", - "rev": "f5b59ef0cb8124cadf203eb26e1498847366abad", + "rev": "667e318212920005917792b06e0f480b421fa6d3", "type": "gitlab" }, "original": { From fae42bcdb25c44b98c52688e1df4f62f1e742d71 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 28 Oct 2024 22:18:03 +0100 Subject: [PATCH 416/474] import flaresolverr module --- flake.nix | 11 ++++++++++- systems/LoutreOS/configuration.nix | 3 ++- systems/LoutreOS/medias.nix | 9 ++++++++- 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index 202075bd..ba4b8978 100644 --- a/flake.nix +++ b/flake.nix @@ -21,7 +21,15 @@ }; }; - outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-4a3fc4cf7, simple-nixos-mailserver, dogetipbot-telegram, ipmihddtemp }: { + outputs = { + self, + nixpkgs, + nixpkgs-unstable, + nixpkgs-4a3fc4cf7, + simple-nixos-mailserver, + dogetipbot-telegram, + ipmihddtemp + }@inputs: { packages.x86_64-linux = (import ./pkgs nixpkgs.legacyPackages.x86_64-linux); @@ -48,6 +56,7 @@ nixosConfigurations.loutreos = nixpkgs.lib.nixosSystem rec { system = "x86_64-linux"; specialArgs = { + inputs = inputs; pkgs-unstable = import nixpkgs-unstable { inherit system; }; diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 3c1d3166..ccb68d8d 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -2,10 +2,11 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ config, pkgs, ... }: +{ config, pkgs, inputs, ... }: { imports = [ + "${inputs.nixpkgs-unstable}/nixos/modules/services/misc/flaresolverr.nix" ../common-cli.nix ./hardware-configuration.nix ./users.nix diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index e0c9566a..2b9e6424 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -26,7 +26,14 @@ enable = true; package = pkgs-unstable.sonarr; }; - prowlarr.enable = true; + flaresolverr = { + enable = false; + package = pkgs-unstable.flaresolverr; + }; + prowlarr = { + enable = true; + package = pkgs-unstable.prowlarr; + }; jellyfin = { enable = true; From ae8d6897271cd35fc2d8ae4ebdfc58e5acadce65 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 8 Nov 2024 11:04:12 +0100 Subject: [PATCH 417/474] =?UTF-8?q?Cr=C3=A9ation=20de=20la=20config=20de?= =?UTF-8?q?=20base=20WireGuard?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- systems/LoutreOS/configuration.nix | 196 +++++++++++++++++------------ 1 file changed, 115 insertions(+), 81 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index ccb68d8d..899802e5 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -1,7 +1,3 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - { config, pkgs, inputs, ... }: { @@ -59,6 +55,11 @@ useNetworkd = true; useDHCP = false; + nameservers = [ + "1.1.1.1" + "1.0.0.1" + ]; + vlans = { bouygues = { id = 100; @@ -133,86 +134,119 @@ }; }; - systemd.network.networks = { - "40-bouygues" = { - dhcpV4Config.RouteMetric = 1; - dhcpV6Config = { - DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68"; - WithoutRA = "solicit"; - }; - ipv6AcceptRAConfig.DHCPv6Client = true; - networkConfig = { - KeepConfiguration = "dhcp-on-stop"; - IPv6AcceptRA = true; - DHCPPrefixDelegation = true; - }; - dhcpPrefixDelegationConfig.SubnetId = "0"; - }; - "40-eno1".linkConfig.RequiredForOnline = "no"; - "40-eno2" = { - networkConfig = { - IPv6SendRA = true; - DHCPPrefixDelegation = true; - DHCPServer = true; - }; - dhcpServerConfig = { - # MIN = 10.30.100.0 - #PoolOffset = 25500; - # MAX = 10.30.200.0 - #PoolSize = 25500; - EmitRouter = true; - EmitDNS = true; - DNS = [ - "1.1.1.1" - "1.0.0.1" - ]; - }; - dhcpServerStaticLeases = [ - # IPMI - { - dhcpServerStaticLeaseConfig = { - Address = "10.30.1.1"; - MACAddress = "ac:1f:6b:4b:01:15"; - }; - } - # paul-fixe - { - dhcpServerStaticLeaseConfig = { - Address = "10.30.50.1"; - MACAddress = "b4:2e:99:ed:24:26"; - }; - } - # salonled - { - dhcpServerStaticLeaseConfig = { - Address = "10.30.40.1"; - MACAddress = "e0:98:06:85:e9:ce"; - }; - } - # miroir-bleu - { - dhcpServerStaticLeaseConfig = { - Address = "10.30.40.2"; - MACAddress = "e0:98:06:86:38:fc"; - }; - } - # miroir-orange - { - dhcpServerStaticLeaseConfig = { - Address = "10.30.40.3"; - MACAddress = "50:02:91:78:be:be"; - }; - } - ]; - ipv6SendRAConfig = { - EmitDNS = true; - DNS = [ - "2606:4700:4700::1111" - "2606:4700:4700::1001" + systemd.network = { + enable = true; + + netdevs = { + "10-wg0" = { + netdevConfig = { + Kind = "wireguard"; + Name = "wg0"; + }; + wireguardConfig = { + PrivateKeyFile = "/run/keys/wireguard-privkey"; + ListenPort = 9918; + }; + wireguardPeers = [ + { + PublicKey = "OhApdFoOYnKesRVpnYRqwk3pdM247j8PPVH5K7aIKX0="; + AllowedIPs = ["fc00::1/64" "10.100.0.1"]; + Endpoint = "{set this to the server ip}:51820"; + } ]; }; }; - "40-enp0s21u1".dhcpV4Config.RouteMetric = 1024; + + networks = { + "40-bouygues" = { + dhcpV4Config.RouteMetric = 1; + dhcpV6Config = { + DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68"; + WithoutRA = "solicit"; + }; + ipv6AcceptRAConfig.DHCPv6Client = true; + networkConfig = { + KeepConfiguration = "dhcp-on-stop"; + IPv6AcceptRA = true; + DHCPPrefixDelegation = true; + }; + dhcpPrefixDelegationConfig.SubnetId = "0"; + }; + "40-eno1".linkConfig.RequiredForOnline = "no"; + "10-wg0" = { + matchConfig.Name = "wg0"; + address = [ + "fe80::3/64" + "fc00::3/120" + "10.100.0.2/24" + ]; + }; + "40-eno2" = { + networkConfig = { + IPv6SendRA = true; + DHCPPrefixDelegation = true; + DHCPServer = true; + }; + dhcpServerConfig = { + # MIN = 10.30.100.0 + #PoolOffset = 25500; + # MAX = 10.30.200.0 + #PoolSize = 25500; + EmitRouter = true; + EmitDNS = true; + DNS = [ + "1.1.1.1" + "1.0.0.1" + ]; + }; + dhcpServerStaticLeases = [ + # IPMI + { + dhcpServerStaticLeaseConfig = { + Address = "10.30.1.1"; + MACAddress = "ac:1f:6b:4b:01:15"; + }; + } + # paul-fixe + { + dhcpServerStaticLeaseConfig = { + Address = "10.30.50.1"; + MACAddress = "b4:2e:99:ed:24:26"; + }; + } + # salonled + { + dhcpServerStaticLeaseConfig = { + Address = "10.30.40.1"; + MACAddress = "e0:98:06:85:e9:ce"; + }; + } + # miroir-bleu + { + dhcpServerStaticLeaseConfig = { + Address = "10.30.40.2"; + MACAddress = "e0:98:06:86:38:fc"; + }; + } + # miroir-orange + { + dhcpServerStaticLeaseConfig = { + Address = "10.30.40.3"; + MACAddress = "50:02:91:78:be:be"; + }; + } + ]; + ipv6SendRAConfig = { + EmitDNS = true; + DNS = [ + "2606:4700:4700::1111" + "2606:4700:4700::1001" + ]; + }; + }; + # Set 4G connection as low routing priority + "40-enp0s21u1".dhcpV4Config.RouteMetric = 1024; + }; }; services.openssh = { From 67d7b6669f3353e91ea94afcb06b6b0d3806f264 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 13 Nov 2024 14:44:13 +0100 Subject: [PATCH 418/474] setup wireguard interface --- systems/LoutreOS/configuration.nix | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 899802e5..977bc588 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -142,16 +142,20 @@ netdevConfig = { Kind = "wireguard"; Name = "wg0"; + MTUBytes = "1450"; }; wireguardConfig = { PrivateKeyFile = "/run/keys/wireguard-privkey"; - ListenPort = 9918; + #ListenPort = 9918; }; wireguardPeers = [ { - PublicKey = "OhApdFoOYnKesRVpnYRqwk3pdM247j8PPVH5K7aIKX0="; - AllowedIPs = ["fc00::1/64" "10.100.0.1"]; - Endpoint = "{set this to the server ip}:51820"; + wireguardPeerConfig = { + PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g="; + AllowedIPs = ["0.0.0.0/0" "::/0"]; + Endpoint = "89.234.141.83"; + PersistentKeepalive = 15; + }; } ]; }; @@ -176,9 +180,8 @@ "10-wg0" = { matchConfig.Name = "wg0"; address = [ - "fe80::3/64" - "fc00::3/120" - "10.100.0.2/24" + "89.234.141.196/32" + "2a00:5881:8119:400::1/128" ]; }; "40-eno2" = { From e8e4c4b3115c080b527c1c85e27b25ac2c615727 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 20 Nov 2024 09:15:56 +0100 Subject: [PATCH 419/474] wireguard partial setup --- systems/LoutreOS/configuration.nix | 41 ++++++++++++++++++++++++++++-- 1 file changed, 39 insertions(+), 2 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 977bc588..616c9272 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -146,14 +146,15 @@ }; wireguardConfig = { PrivateKeyFile = "/run/keys/wireguard-privkey"; - #ListenPort = 9918; + FirewallMark = 51820; }; wireguardPeers = [ { wireguardPeerConfig = { + Endpoint = "89.234.141.83:8095"; PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g="; + PresharedKeyFile = "/run/keys/wireguard-psk.key"; AllowedIPs = ["0.0.0.0/0" "::/0"]; - Endpoint = "89.234.141.83"; PersistentKeepalive = 15; }; } @@ -183,6 +184,42 @@ "89.234.141.196/32" "2a00:5881:8119:400::1/128" ]; + # routingPolicyRules = [ + # { + # routingPolicyRuleConfig = { + # FirewallMark = "51820"; + # InvertRule = true; + # Table = "51820"; + # Priority = "10"; + # }; + # } + # { + # routingPolicyRuleConfig = { + # To = "10.0.0.0/8"; + # Priority = "9"; + # }; + # } + # { + # routingPolicyRuleConfig = { + # To = "192.168.0.0/16"; + # Priority = "9"; + # }; + # } + # { + # routingPolicyRuleConfig = { + # To = "89.234.141.83/32"; + # Priority = "5"; + # }; + # } + # ]; + # routes = [ + # { + # routeConfig = { + # Destination = "0.0.0.0/0"; + # Table = 51820; + # }; + # } + # ]; }; "40-eno2" = { networkConfig = { From ca01004c8684550dfdf93dff9887ef3ed6ff889c Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 20 Nov 2024 16:50:26 +0100 Subject: [PATCH 420/474] multi table route setup --- systems/LoutreOS/configuration.nix | 255 +----------------------- systems/LoutreOS/network.nix | 309 +++++++++++++++++++++++++++++ 2 files changed, 310 insertions(+), 254 deletions(-) create mode 100644 systems/LoutreOS/network.nix diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 616c9272..330a373d 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -5,6 +5,7 @@ "${inputs.nixpkgs-unstable}/nixos/modules/services/misc/flaresolverr.nix" ../common-cli.nix ./hardware-configuration.nix + ./network.nix ./users.nix ./services.nix ]; @@ -21,8 +22,6 @@ tmp.useTmpfs = true; - kernel.sysctl."net.ipv6.conf.all.forwarding" = true; - # Enabling both boot.enableContainers & virtualisation.containers on system.stateVersion < 22.05 is unsupported enableContainers = false; }; @@ -37,258 +36,6 @@ }; }; - hardware.usb-modeswitch.enable = true; - - # eno1 -> VLAN100 -> Internet - # eno2 -> LAN - # eno3 -> Legacy client DHCP - # eno4 -> Pas utilisé - - networking = { - hostName = "loutreos"; # Define your hostname. - hostId = "7e66e347"; - - hosts = { - "127.0.0.1" = [ "gitea.nyanlout.re" ]; - }; - - useNetworkd = true; - useDHCP = false; - - nameservers = [ - "1.1.1.1" - "1.0.0.1" - ]; - - vlans = { - bouygues = { - id = 100; - interface = "eno1"; - }; - }; - - interfaces = { - bouygues = { - # Adresse MAC BBox ? https://lafibre.info/remplacer-bbox/informations-de-connexion-ftth/msg598303/#msg598303 - macAddress = "E8:AD:A6:21:73:68"; - useDHCP = true; - }; - eno2 = { - ipv4.addresses = [ - { address = "10.30.0.1"; prefixLength = 16; } - ]; - }; - enp0s21u1.useDHCP = true; - }; - - # NAT bouygues <-> eno2 - nat = { - enable = true; - externalInterface = "bouygues"; - # Permet d'utiliser le SNAT plus rapide au lieu de MASQUERADE - # externalIP = "0.0.0.0"; - internalIPs = [ "10.30.0.0/16" ]; - internalInterfaces = [ "eno2" ]; - forwardPorts = [ - { destination = "10.30.0.1:22"; proto = "tcp"; sourcePort = 8443;} - { destination = "10.30.135.35:25565"; proto = "tcp"; sourcePort = 25565; loopbackIPs=[ "195.36.180.44" ];} - ]; - }; - - firewall = { - enable = true; - allowedTCPPorts = [ 80 443 ]; - allowedUDPPorts = [ ]; - interfaces.eno2 = { - allowedTCPPorts = [ - 111 2049 4000 4001 4002 # NFS - 3483 9000 9090 # Slimserver - 1935 # RTMP - ]; - allowedUDPPorts = [ - 111 2049 4000 4001 4002 # NFS - 3483 # Slimserver - 67 # DHCP - ]; - }; - extraCommands = '' - ip6tables -w -D FORWARD -j loutreos-forward 2>/dev/null || true - ip6tables -w -F loutreos-forward 2>/dev/null || true - ip6tables -w -X loutreos-forward 2>/dev/null || true - ip6tables -w -N loutreos-forward - ip6tables -A loutreos-forward -m state --state RELATED,ESTABLISHED -j ACCEPT - ip6tables -A loutreos-forward -j ACCEPT -i eno2 - ip6tables -A loutreos-forward -j nixos-fw-log-refuse - ip6tables -w -A FORWARD -j loutreos-forward - - # Redirect local network request from server external IP to internal IP - # Make the server available even without internet access - iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true - iptables -t nat -A PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 - ''; - # remove refs to nixos-fw-log-refuse before restarting firewall - # prevents "ressource busy" errors - extraStopCommands = '' - ip6tables -D loutreos-forward -j nixos-fw-log-refuse 2>/dev/null || true - ''; - }; - }; - - systemd.network = { - enable = true; - - netdevs = { - "10-wg0" = { - netdevConfig = { - Kind = "wireguard"; - Name = "wg0"; - MTUBytes = "1450"; - }; - wireguardConfig = { - PrivateKeyFile = "/run/keys/wireguard-privkey"; - FirewallMark = 51820; - }; - wireguardPeers = [ - { - wireguardPeerConfig = { - Endpoint = "89.234.141.83:8095"; - PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g="; - PresharedKeyFile = "/run/keys/wireguard-psk.key"; - AllowedIPs = ["0.0.0.0/0" "::/0"]; - PersistentKeepalive = 15; - }; - } - ]; - }; - }; - - networks = { - "40-bouygues" = { - dhcpV4Config.RouteMetric = 1; - dhcpV6Config = { - DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68"; - WithoutRA = "solicit"; - }; - ipv6AcceptRAConfig.DHCPv6Client = true; - networkConfig = { - KeepConfiguration = "dhcp-on-stop"; - IPv6AcceptRA = true; - DHCPPrefixDelegation = true; - }; - dhcpPrefixDelegationConfig.SubnetId = "0"; - }; - "40-eno1".linkConfig.RequiredForOnline = "no"; - "10-wg0" = { - matchConfig.Name = "wg0"; - address = [ - "89.234.141.196/32" - "2a00:5881:8119:400::1/128" - ]; - # routingPolicyRules = [ - # { - # routingPolicyRuleConfig = { - # FirewallMark = "51820"; - # InvertRule = true; - # Table = "51820"; - # Priority = "10"; - # }; - # } - # { - # routingPolicyRuleConfig = { - # To = "10.0.0.0/8"; - # Priority = "9"; - # }; - # } - # { - # routingPolicyRuleConfig = { - # To = "192.168.0.0/16"; - # Priority = "9"; - # }; - # } - # { - # routingPolicyRuleConfig = { - # To = "89.234.141.83/32"; - # Priority = "5"; - # }; - # } - # ]; - # routes = [ - # { - # routeConfig = { - # Destination = "0.0.0.0/0"; - # Table = 51820; - # }; - # } - # ]; - }; - "40-eno2" = { - networkConfig = { - IPv6SendRA = true; - DHCPPrefixDelegation = true; - DHCPServer = true; - }; - dhcpServerConfig = { - # MIN = 10.30.100.0 - #PoolOffset = 25500; - # MAX = 10.30.200.0 - #PoolSize = 25500; - EmitRouter = true; - EmitDNS = true; - DNS = [ - "1.1.1.1" - "1.0.0.1" - ]; - }; - dhcpServerStaticLeases = [ - # IPMI - { - dhcpServerStaticLeaseConfig = { - Address = "10.30.1.1"; - MACAddress = "ac:1f:6b:4b:01:15"; - }; - } - # paul-fixe - { - dhcpServerStaticLeaseConfig = { - Address = "10.30.50.1"; - MACAddress = "b4:2e:99:ed:24:26"; - }; - } - # salonled - { - dhcpServerStaticLeaseConfig = { - Address = "10.30.40.1"; - MACAddress = "e0:98:06:85:e9:ce"; - }; - } - # miroir-bleu - { - dhcpServerStaticLeaseConfig = { - Address = "10.30.40.2"; - MACAddress = "e0:98:06:86:38:fc"; - }; - } - # miroir-orange - { - dhcpServerStaticLeaseConfig = { - Address = "10.30.40.3"; - MACAddress = "50:02:91:78:be:be"; - }; - } - ]; - ipv6SendRAConfig = { - EmitDNS = true; - DNS = [ - "2606:4700:4700::1111" - "2606:4700:4700::1001" - ]; - }; - }; - # Set 4G connection as low routing priority - "40-enp0s21u1".dhcpV4Config.RouteMetric = 1024; - }; - }; - services.openssh = { enable = true; settings = { diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix new file mode 100644 index 00000000..0f839803 --- /dev/null +++ b/systems/LoutreOS/network.nix @@ -0,0 +1,309 @@ +{ config, pkgs, inputs, ... }: + +{ + boot = { + kernel.sysctl."net.ipv6.conf.all.forwarding" = true; + }; + + # Enable LTE drivers + hardware.usb-modeswitch.enable = true; + + ################## + # NETWORK CONFIG # + ################## + + # eno1 -> VLAN100 -> Internet + # eno2 -> LAN + # eno3 -> Pas utilisé + # eno4 -> Pas utilisé + # enp0s21u1 -> Clé 4G Bouygues + # wg0 -> Tunnel Wireguard ARN + + networking = { + hostName = "loutreos"; # Define your hostname. + hostId = "7e66e347"; + + useNetworkd = true; + useDHCP = false; + + nameservers = [ + "1.1.1.1" + "1.0.0.1" + ]; + + vlans = { + bouygues = { + id = 100; + interface = "eno1"; + }; + }; + + interfaces = { + bouygues = { + # Adresse MAC BBox ? https://lafibre.info/remplacer-bbox/informations-de-connexion-ftth/msg598303/#msg598303 + macAddress = "E8:AD:A6:21:73:68"; + useDHCP = true; + }; + eno2 = { + ipv4.addresses = [ + { address = "10.30.0.1"; prefixLength = 16; } + ]; + }; + enp0s21u1.useDHCP = true; + }; + + # NAT bouygues <-> eno2 + nat = { + enable = true; + externalInterface = "bouygues"; + internalIPs = [ "10.30.0.0/16" ]; + internalInterfaces = [ "eno2" ]; + forwardPorts = [ + { destination = "10.30.0.1:22"; proto = "tcp"; sourcePort = 8443;} + { destination = "10.30.135.35:25565"; proto = "tcp"; sourcePort = 25565; loopbackIPs=[ "195.36.180.44" ];} + ]; + }; + + firewall = { + enable = true; + allowedTCPPorts = [ 80 443 ]; + allowedUDPPorts = [ ]; + + # Open ports on local netwok only + interfaces.eno2 = { + allowedTCPPorts = [ + 111 2049 4000 4001 4002 # NFS + 3483 9000 9090 # Slimserver + 1935 # RTMP + ]; + allowedUDPPorts = [ + 111 2049 4000 4001 4002 # NFS + 3483 # Slimserver + 67 # DHCP + ]; + }; + + extraCommands = '' + # Forward all IPv6 traffic from local network and reject incoming traffic + ip6tables -w -D FORWARD -j loutreos-forward 2>/dev/null || true + ip6tables -w -F loutreos-forward 2>/dev/null || true + ip6tables -w -X loutreos-forward 2>/dev/null || true + ip6tables -w -N loutreos-forward + ip6tables -A loutreos-forward -m state --state RELATED,ESTABLISHED -j ACCEPT + ip6tables -A loutreos-forward -j ACCEPT -i eno2 + ip6tables -A loutreos-forward -j nixos-fw-log-refuse + ip6tables -w -A FORWARD -j loutreos-forward + + # Redirect local network request from server external IP to internal IP + # Make the server available even without internet access + iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true + iptables -t nat -A PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 + ''; + # remove refs to nixos-fw-log-refuse before restarting firewall + # prevents "ressource busy" errors + extraStopCommands = '' + ip6tables -D loutreos-forward -j nixos-fw-log-refuse 2>/dev/null || true + ''; + }; + }; + + ################# + # ROUTING RULES # + ################# + + # 0: from all lookup local + # 50: from all ipproto tcp dport 25 lookup vpn + # 100: from all lookup fiber + # 200: from all lookup lte + # 32766: from all lookup main + # 32767: from all lookup default + + systemd.network = { + enable = true; + + config = { + routeTables = { + fiber = 1; + lte = 2; + vpn = 3; + }; + addRouteTablesToIPRoute2 = true; + }; + + # Wireguard ARN device configuation + netdevs = { + "10-wg0" = { + netdevConfig = { + Kind = "wireguard"; + Name = "wg0"; + MTUBytes = "1450"; + }; + wireguardConfig = { + PrivateKeyFile = "/run/keys/wireguard-privkey"; + RouteTable = "vpn"; + }; + wireguardPeers = [ + { + wireguardPeerConfig = { + Endpoint = "89.234.141.83:8095"; + PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g="; + PresharedKeyFile = "/run/keys/wireguard-psk.key"; + AllowedIPs = ["0.0.0.0/0" "::/0"]; + PersistentKeepalive = 15; + }; + } + ]; + }; + }; + + networks = { + ######### + # FIBER # + ######### + + # Set DHCP client magic settings for Bouygues + # Put routes in fiber table + "40-bouygues" = { + dhcpV4Config.RouteTable = "fiber"; + dhcpV6Config = { + DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68"; + WithoutRA = "solicit"; + }; + ipv6AcceptRAConfig = { + DHCPv6Client = true; + RouteTable = "fiber"; + }; + networkConfig = { + KeepConfiguration = "dhcp-on-stop"; + IPv6AcceptRA = true; + DHCPPrefixDelegation = true; + }; + # Static attribution of first IPv6 subnet + dhcpPrefixDelegationConfig.SubnetId = "0"; + + # Route everything to fiber link with a priority of 100 + routingPolicyRules = [ + { + routingPolicyRuleConfig = { + Table = "fiber"; + Priority = "100"; + Family = "both"; + }; + } + ]; + }; + + # Don't check VLAN physical interface as it is not directly used + "40-eno1".linkConfig.RequiredForOnline = "no"; + + ####### + # LTE # + ####### + + # Put routes in lte table + "40-enp0s21u1" = { + dhcpV4Config.RouteTable = "lte"; + + # Route all to lte link with a priority of 200 + routingPolicyRules = [ + { + routingPolicyRuleConfig = { + Table = "lte"; + Priority = "200"; + Family = "both"; + }; + } + ]; + }; + + ####### + # VPN # + ####### + + # Wireguard ARN network configuation + "10-wg0" = { + matchConfig.Name = "wg0"; + address = [ + "89.234.141.196/32" + "2a00:5881:8119:400::1/128" + ]; + routingPolicyRules = [ + # Route outgoing emails to VPN table + { + routingPolicyRuleConfig = { + DestinationPort = "25"; + Table = "vpn"; + Priority = "50"; + Family = "both"; + }; + } + ]; + }; + + ####### + # LAN # + ####### + + # LAN DHCP server config + "40-eno2" = { + networkConfig = { + IPv6SendRA = true; + DHCPPrefixDelegation = true; + DHCPServer = true; + }; + dhcpServerConfig = { + EmitRouter = true; + EmitDNS = true; + DNS = [ + "1.1.1.1" + "1.0.0.1" + ]; + }; + dhcpServerStaticLeases = [ + # IPMI + { + dhcpServerStaticLeaseConfig = { + Address = "10.30.1.1"; + MACAddress = "ac:1f:6b:4b:01:15"; + }; + } + # paul-fixe + { + dhcpServerStaticLeaseConfig = { + Address = "10.30.50.1"; + MACAddress = "b4:2e:99:ed:24:26"; + }; + } + # salonled + { + dhcpServerStaticLeaseConfig = { + Address = "10.30.40.1"; + MACAddress = "e0:98:06:85:e9:ce"; + }; + } + # miroir-bleu + { + dhcpServerStaticLeaseConfig = { + Address = "10.30.40.2"; + MACAddress = "e0:98:06:86:38:fc"; + }; + } + # miroir-orange + { + dhcpServerStaticLeaseConfig = { + Address = "10.30.40.3"; + MACAddress = "50:02:91:78:be:be"; + }; + } + ]; + ipv6SendRAConfig = { + EmitDNS = true; + DNS = [ + "2606:4700:4700::1111" + "2606:4700:4700::1001" + ]; + }; + }; + }; + }; +} From 4df84a3be0ffa85c62123169351689d53b7c6570 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 20 Nov 2024 21:19:10 +0100 Subject: [PATCH 421/474] begin migration to VPN --- systems/LoutreOS/network.nix | 66 +++++++++++++++++------------------ systems/LoutreOS/services.nix | 16 ++++----- 2 files changed, 41 insertions(+), 41 deletions(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 0f839803..7008094c 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -140,7 +140,7 @@ }; wireguardConfig = { PrivateKeyFile = "/run/keys/wireguard-privkey"; - RouteTable = "vpn"; + RouteTable = 3; }; wireguardPeers = [ { @@ -164,14 +164,14 @@ # Set DHCP client magic settings for Bouygues # Put routes in fiber table "40-bouygues" = { - dhcpV4Config.RouteTable = "fiber"; + dhcpV4Config.RouteMetric = 1; dhcpV6Config = { DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68"; WithoutRA = "solicit"; }; ipv6AcceptRAConfig = { DHCPv6Client = true; - RouteTable = "fiber"; + # RouteTable = 1; }; networkConfig = { KeepConfiguration = "dhcp-on-stop"; @@ -182,15 +182,15 @@ dhcpPrefixDelegationConfig.SubnetId = "0"; # Route everything to fiber link with a priority of 100 - routingPolicyRules = [ - { - routingPolicyRuleConfig = { - Table = "fiber"; - Priority = "100"; - Family = "both"; - }; - } - ]; + # routingPolicyRules = [ + # { + # routingPolicyRuleConfig = { + # Table = 1; + # Priority = 100; + # Family = "both"; + # }; + # } + # ]; }; # Don't check VLAN physical interface as it is not directly used @@ -202,18 +202,18 @@ # Put routes in lte table "40-enp0s21u1" = { - dhcpV4Config.RouteTable = "lte"; + dhcpV4Config.RouteTable = 2; # Route all to lte link with a priority of 200 - routingPolicyRules = [ - { - routingPolicyRuleConfig = { - Table = "lte"; - Priority = "200"; - Family = "both"; - }; - } - ]; + # routingPolicyRules = [ + # { + # routingPolicyRuleConfig = { + # Table = 2; + # Priority = 200; + # Family = "both"; + # }; + # } + # ]; }; ####### @@ -227,17 +227,17 @@ "89.234.141.196/32" "2a00:5881:8119:400::1/128" ]; - routingPolicyRules = [ - # Route outgoing emails to VPN table - { - routingPolicyRuleConfig = { - DestinationPort = "25"; - Table = "vpn"; - Priority = "50"; - Family = "both"; - }; - } - ]; + #routingPolicyRules = [ + # # Route outgoing emails to VPN table + # { + # routingPolicyRuleConfig = { + # DestinationPort = "25"; + # Table = 3; + # Priority = 50; + # Family = "both"; + # }; + # } + #]; }; ####### diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index e4f0e795..fac5b6c3 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -77,14 +77,14 @@ in }; services = { - postfix = { - relayHost = "mailvps.nyanlout.re"; - relayPort = 587; - config = { - smtp_tls_cert_file = lib.mkForce "/var/lib/postfix/postfixrelay.crt"; - smtp_tls_key_file = lib.mkForce "/var/lib/postfix/postfixrelay.key"; - }; - }; + # postfix = { + # relayHost = "mailvps.nyanlout.re"; + # relayPort = 587; + # config = { + # smtp_tls_cert_file = lib.mkForce "/var/lib/postfix/postfixrelay.crt"; + # smtp_tls_key_file = lib.mkForce "/var/lib/postfix/postfixrelay.key"; + # }; + # }; rspamd.workers.controller.extraConfig = '' secure_ip = ["0.0.0.0/0", "::"]; From 4d8c76e2078de847d154c24fe2166e219fb545e3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 21 Nov 2024 11:32:35 +0100 Subject: [PATCH 422/474] Working outgoing emails --- systems/LoutreOS/network.nix | 39 ++++++++++++++++++++++++++---------- 1 file changed, 28 insertions(+), 11 deletions(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 7008094c..7bab14d9 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -227,17 +227,34 @@ "89.234.141.196/32" "2a00:5881:8119:400::1/128" ]; - #routingPolicyRules = [ - # # Route outgoing emails to VPN table - # { - # routingPolicyRuleConfig = { - # DestinationPort = "25"; - # Table = 3; - # Priority = 50; - # Family = "both"; - # }; - # } - #]; + routingPolicyRules = [ + # Route outgoing emails to VPN table + { + routingPolicyRuleConfig = { + IncomingInterface = "lo"; + DestinationPort = "25"; + Table = 3; + Priority = 50; + Family = "both"; + }; + } + # Route packets originating from wg0 device to VPN table + # Allow server to respond on the wg0 interface requests + { + routingPolicyRuleConfig = { + From = "89.234.141.196"; + Table = 3; + Priority = 49; + }; + } + { + routingPolicyRuleConfig = { + From = "2a00:5881:8119:400::1"; + Table = 3; + Priority = 49; + }; + } + ]; }; ####### From 8ad48e5aa48784ab97c1ddefbca1958921bd2059 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 25 Nov 2024 17:26:38 +0100 Subject: [PATCH 423/474] set Wireguard keys with credentials --- systems/LoutreOS/network.nix | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 7bab14d9..c42c405e 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -107,6 +107,13 @@ }; }; + systemd.services.systemd-networkd.serviceConfig = { + LoadCredential = [ + "network.wireguard.private.wg0:/mnt/secrets/wireguard/wireguard.private" + "network.wireguard.preshared.wg0:/mnt/secrets/wireguard/wireguard.preshared" + ]; + }; + ################# # ROUTING RULES # ################# @@ -139,7 +146,9 @@ MTUBytes = "1450"; }; wireguardConfig = { - PrivateKeyFile = "/run/keys/wireguard-privkey"; + PrivateKeyFile = "/run/credentials/systemd-networkd.service/network.wireguard.private.wg0"; + # Wait for 24.11 + # PrivateKey = "@network.wireguard.private.wg0"; RouteTable = 3; }; wireguardPeers = [ @@ -147,7 +156,9 @@ wireguardPeerConfig = { Endpoint = "89.234.141.83:8095"; PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g="; - PresharedKeyFile = "/run/keys/wireguard-psk.key"; + PresharedKeyFile = "/run/credentials/systemd-networkd.service/network.wireguard.preshared.wg0"; + # Wait for 24.11 + # PresharedKey = "@network.wireguard.preshared.wg0"; AllowedIPs = ["0.0.0.0/0" "::/0"]; PersistentKeepalive = 15; }; From 0d64372b579dec1f75172329203dba4be7ea4525 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 25 Nov 2024 18:09:42 +0100 Subject: [PATCH 424/474] remove comments --- systems/LoutreOS/network.nix | 83 +++++++++++------------------------- 1 file changed, 26 insertions(+), 57 deletions(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index c42c405e..141298b3 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -114,26 +114,15 @@ ]; }; - ################# - # ROUTING RULES # - ################# - - # 0: from all lookup local - # 50: from all ipproto tcp dport 25 lookup vpn - # 100: from all lookup fiber - # 200: from all lookup lte - # 32766: from all lookup main - # 32767: from all lookup default - - systemd.network = { + systemd.network = let + routeTables = { + vpn = 3; + }; + in { enable = true; config = { - routeTables = { - fiber = 1; - lte = 2; - vpn = 3; - }; + inherit routeTables; addRouteTablesToIPRoute2 = true; }; @@ -149,7 +138,7 @@ PrivateKeyFile = "/run/credentials/systemd-networkd.service/network.wireguard.private.wg0"; # Wait for 24.11 # PrivateKey = "@network.wireguard.private.wg0"; - RouteTable = 3; + RouteTable = routeTables.vpn; }; wireguardPeers = [ { @@ -172,36 +161,26 @@ # FIBER # ######### + # Set route metric to highest priority # Set DHCP client magic settings for Bouygues - # Put routes in fiber table "40-bouygues" = { dhcpV4Config.RouteMetric = 1; + dhcpV6Config = { DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68"; WithoutRA = "solicit"; }; - ipv6AcceptRAConfig = { - DHCPv6Client = true; - # RouteTable = 1; - }; + + ipv6AcceptRAConfig.DHCPv6Client = true; + networkConfig = { KeepConfiguration = "dhcp-on-stop"; IPv6AcceptRA = true; DHCPPrefixDelegation = true; }; + # Static attribution of first IPv6 subnet dhcpPrefixDelegationConfig.SubnetId = "0"; - - # Route everything to fiber link with a priority of 100 - # routingPolicyRules = [ - # { - # routingPolicyRuleConfig = { - # Table = 1; - # Priority = 100; - # Family = "both"; - # }; - # } - # ]; }; # Don't check VLAN physical interface as it is not directly used @@ -211,32 +190,22 @@ # LTE # ####### - # Put routes in lte table - "40-enp0s21u1" = { - dhcpV4Config.RouteTable = 2; - - # Route all to lte link with a priority of 200 - # routingPolicyRules = [ - # { - # routingPolicyRuleConfig = { - # Table = 2; - # Priority = 200; - # Family = "both"; - # }; - # } - # ]; - }; + # Set LTE route to lower priority + "40-enp0s21u1".dhcpV4Config.RouteMetric = 1024; ####### # VPN # ####### # Wireguard ARN network configuation - "10-wg0" = { + "10-wg0" = let + vpnIPv4 = "89.234.141.196/32"; + vpnIPv6 = "2a00:5881:8119:400::1/128"; + in { matchConfig.Name = "wg0"; address = [ - "89.234.141.196/32" - "2a00:5881:8119:400::1/128" + vpnIPv4 + vpnIPv6 ]; routingPolicyRules = [ # Route outgoing emails to VPN table @@ -244,7 +213,7 @@ routingPolicyRuleConfig = { IncomingInterface = "lo"; DestinationPort = "25"; - Table = 3; + Table = routeTables.vpn; Priority = 50; Family = "both"; }; @@ -253,15 +222,15 @@ # Allow server to respond on the wg0 interface requests { routingPolicyRuleConfig = { - From = "89.234.141.196"; - Table = 3; + From = vpnIPv4; + Table = routeTables.vpn; Priority = 49; }; } { routingPolicyRuleConfig = { - From = "2a00:5881:8119:400::1"; - Table = 3; + From = vpnIPv6; + Table = routeTables.vpn; Priority = 49; }; } From fe7f6b62a0e2ea3368c7f98a0ed82cb463e8b63a Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 25 Nov 2024 18:19:05 +0100 Subject: [PATCH 425/474] disable useless autossh --- systems/LoutreOS/configuration.nix | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 330a373d..7d4501e1 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -55,19 +55,6 @@ }; }; - # Options explanations - # -N disable shell - # -R 0.0.0.0:2222:127.0.0.1:22 redirect SSH port on VPS server on port 2222 - # -R 127.0.0.1:2525:127.0.0.1:25 redirect SMTP port on VPS port 2525 - services.autossh.sessions = [ - { - extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 loutre@vps772619.ovh.net"; - monitoringPort = 20000; - name = "backup-ssh-reverse"; - user = "autossh"; - } - ]; - virtualisation.podman.enable = true; security.sudo.wheelNeedsPassword = false; From fad8652bac6b3b0a447d86e7307586eac4f9dec9 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 28 Nov 2024 12:14:26 +0100 Subject: [PATCH 426/474] Try to use multiple tables with CONNMARK --- systems/LoutreOS/network.nix | 96 +++++++++++++++++++++++++++++++----- 1 file changed, 83 insertions(+), 13 deletions(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 141298b3..9dec1e74 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -114,8 +114,41 @@ ]; }; + ################# + # ROUTING RULES # + ################# + + # 0: from all lookup local + # 60: from all iif lo dport 25 lookup vpn + # 4000: from all fwmark 0x1 lookup fiber + # 5000: from all fwmark 0x2 lookup lte + # 6000: from all fwmark 0x3 lookup vpn + # 32766: from all lookup main + # 32767: from all lookup default + # 40000: from all lookup fiber + # 50000: from all lookup lte + + # TODO + + ################## + # iptables rules # + ################## + + # # Restore the packet's CONNMARK to the MARK. + # iptables -A PREROUTING -t mangle -j CONNMARK --restore-mark + # # If packet MARK is set, then it means that there is already a connection mark + # iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT + # # Else, we need to mark the packet. If the packet is incoming on bouygues then set MARK to 1 + # iptables -A PREROUTING -t mangle -i bouygues -j MARK --set-mark 1 + # iptables -A PREROUTING -t mangle -i enp0s21u1 -j MARK --set-mark 2 + # iptables -A PREROUTING -t mangle -i wg0 -j MARK --set-mark 3 + # # Save MARK to CONNMARK. + # iptables -A PREROUTING -t mangle -j CONNMARK --save-mark + systemd.network = let routeTables = { + fiber = 1; + lte = 2; vpn = 3; }; in { @@ -164,14 +197,17 @@ # Set route metric to highest priority # Set DHCP client magic settings for Bouygues "40-bouygues" = { - dhcpV4Config.RouteMetric = 1; + dhcpV4Config.RouteTable = routeTables.fiber; dhcpV6Config = { DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68"; WithoutRA = "solicit"; }; - ipv6AcceptRAConfig.DHCPv6Client = true; + ipv6AcceptRAConfig = { + DHCPv6Client = true; + RouteTable = routeTables.fiber; + }; networkConfig = { KeepConfiguration = "dhcp-on-stop"; @@ -181,6 +217,25 @@ # Static attribution of first IPv6 subnet dhcpPrefixDelegationConfig.SubnetId = "0"; + + # Route everything to fiber link with a priority of 40000 + routingPolicyRules = [ + { + routingPolicyRuleConfig = { + FirewallMark = 1; + Table = routeTables.fiber; + Priority = 4000; + Family = "both"; + }; + } + { + routingPolicyRuleConfig = { + Table = routeTables.fiber; + Priority = 40000; + Family = "both"; + }; + } + ]; }; # Don't check VLAN physical interface as it is not directly used @@ -191,7 +246,28 @@ ####### # Set LTE route to lower priority - "40-enp0s21u1".dhcpV4Config.RouteMetric = 1024; + "40-enp0s21u1" = { + dhcpV4Config.RouteTable = routeTables.lte; + + # Route all to lte link with a priority of 50000 + routingPolicyRules = [ + { + routingPolicyRuleConfig = { + FirewallMark = 2; + Table = routeTables.lte; + Priority = 5000; + Family = "both"; + }; + } + { + routingPolicyRuleConfig = { + Table = routeTables.lte; + Priority = 50000; + Family = "both"; + }; + } + ]; + }; ####### # VPN # @@ -214,7 +290,7 @@ IncomingInterface = "lo"; DestinationPort = "25"; Table = routeTables.vpn; - Priority = 50; + Priority = 60; Family = "both"; }; } @@ -222,16 +298,10 @@ # Allow server to respond on the wg0 interface requests { routingPolicyRuleConfig = { - From = vpnIPv4; + FirewallMark = 3; Table = routeTables.vpn; - Priority = 49; - }; - } - { - routingPolicyRuleConfig = { - From = vpnIPv6; - Table = routeTables.vpn; - Priority = 49; + Priority = 6000; + Family = "both"; }; } ]; From e15cd2091e245dbbdb6df4c8fdcd4464f2b6141d Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 28 Nov 2024 15:18:36 +0100 Subject: [PATCH 427/474] remove NixOS nat config, set networkd masquerade and add FW marks --- systems/LoutreOS/network.nix | 86 ++++++++++++++++++++---------------- 1 file changed, 48 insertions(+), 38 deletions(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 9dec1e74..e65303b3 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -52,18 +52,6 @@ enp0s21u1.useDHCP = true; }; - # NAT bouygues <-> eno2 - nat = { - enable = true; - externalInterface = "bouygues"; - internalIPs = [ "10.30.0.0/16" ]; - internalInterfaces = [ "eno2" ]; - forwardPorts = [ - { destination = "10.30.0.1:22"; proto = "tcp"; sourcePort = 8443;} - { destination = "10.30.135.35:25565"; proto = "tcp"; sourcePort = 25565; loopbackIPs=[ "195.36.180.44" ];} - ]; - }; - firewall = { enable = true; allowedTCPPorts = [ 80 443 ]; @@ -84,21 +72,59 @@ }; extraCommands = '' + + ################ + # MANGLE rules # + ################ + + # Clean and recreate target + ip46tables -w -t mangle -D PREROUTING -j loutreos-mangle-pre 2>/dev/null || true + ip46tables -w -t mangle -F loutreos-mangle-pre 2>/dev/null || true + ip46tables -w -t mangle -X loutreos-mangle-pre 2>/dev/null || true + ip46tables -w -t mangle -N loutreos-mangle-pre + + # Restore the packet's CONNMARK to the MARK for existing connections + ip46tables -w -t mangle -A loutreos-mangle-pre -j CONNMARK --restore-mark + + # If packet MARK is set, then it means that there is already a connection mark + ip46tables -w -t mangle -A loutreos-mangle-pre -m mark ! --mark 0 -j ACCEPT + + # Else, we need to mark the packet. + # If the packet is incoming on bouygues then set MARK to 1, LTE MARK 2 and VPN MARK 3 + ip46tables -w -t mangle -A loutreos-mangle-pre -i bouygues -j MARK --set-mark 1 + ip46tables -w -t mangle -A loutreos-mangle-pre -i enp0s21u1 -j MARK --set-mark 2 + ip46tables -w -t mangle -A loutreos-mangle-pre -i wg0 -j MARK --set-mark 3 + + # Jump to newly created target + ip46tables -w -t mangle -A PREROUTING -j loutreos-mangle-pre + + # Save MARK to CONNMARK. + ip46tables -w -t mangle -D POSTROUTING -j CONNMARK --save-mark 2>/dev/null || true + ip46tables -w -t mangle -A POSTROUTING -j CONNMARK --save-mark + + ###################### + # IPv6 FORWARD rules # + ###################### + # Forward all IPv6 traffic from local network and reject incoming traffic ip6tables -w -D FORWARD -j loutreos-forward 2>/dev/null || true ip6tables -w -F loutreos-forward 2>/dev/null || true ip6tables -w -X loutreos-forward 2>/dev/null || true ip6tables -w -N loutreos-forward - ip6tables -A loutreos-forward -m state --state RELATED,ESTABLISHED -j ACCEPT - ip6tables -A loutreos-forward -j ACCEPT -i eno2 - ip6tables -A loutreos-forward -j nixos-fw-log-refuse + ip6tables -w -A loutreos-forward -m state --state RELATED,ESTABLISHED -j ACCEPT + ip6tables -w -A loutreos-forward -j ACCEPT -i eno2 + ip6tables -w -A loutreos-forward -j nixos-fw-log-refuse ip6tables -w -A FORWARD -j loutreos-forward + ############################################# + # Enable server access when fiber link down # + ############################################# + # Redirect local network request from server external IP to internal IP - # Make the server available even without internet access iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true iptables -t nat -A PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 ''; + # remove refs to nixos-fw-log-refuse before restarting firewall # prevents "ressource busy" errors extraStopCommands = '' @@ -119,31 +145,14 @@ ################# # 0: from all lookup local - # 60: from all iif lo dport 25 lookup vpn - # 4000: from all fwmark 0x1 lookup fiber + # 60: from all iif lo dport 25 lookup vpn # mails are forced to vpn table + # 4000: from all fwmark 0x1 lookup fiber # fwmark indicate established connection that must go through same interface # 5000: from all fwmark 0x2 lookup lte # 6000: from all fwmark 0x3 lookup vpn - # 32766: from all lookup main + # 32766: from all lookup main # main table should contain no default routes, only local network routes # 32767: from all lookup default - # 40000: from all lookup fiber - # 50000: from all lookup lte - - # TODO - - ################## - # iptables rules # - ################## - - # # Restore the packet's CONNMARK to the MARK. - # iptables -A PREROUTING -t mangle -j CONNMARK --restore-mark - # # If packet MARK is set, then it means that there is already a connection mark - # iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT - # # Else, we need to mark the packet. If the packet is incoming on bouygues then set MARK to 1 - # iptables -A PREROUTING -t mangle -i bouygues -j MARK --set-mark 1 - # iptables -A PREROUTING -t mangle -i enp0s21u1 -j MARK --set-mark 2 - # iptables -A PREROUTING -t mangle -i wg0 -j MARK --set-mark 3 - # # Save MARK to CONNMARK. - # iptables -A PREROUTING -t mangle -j CONNMARK --save-mark + # 40000: from all lookup fiber # first table encountered with a default route if fiber is up + # 50000: from all lookup lte # first table encountered with a default route if fiber is down systemd.network = let routeTables = { @@ -317,6 +326,7 @@ IPv6SendRA = true; DHCPPrefixDelegation = true; DHCPServer = true; + IPMasquerade = "ipv4"; }; dhcpServerConfig = { EmitRouter = true; From 268dbf181ab5aa27d49bb43eb79b4d4da9941b70 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 28 Nov 2024 15:30:55 +0100 Subject: [PATCH 428/474] simplify VPN network config --- systems/LoutreOS/network.nix | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index e65303b3..6c97c797 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -283,14 +283,11 @@ ####### # Wireguard ARN network configuation - "10-wg0" = let - vpnIPv4 = "89.234.141.196/32"; - vpnIPv6 = "2a00:5881:8119:400::1/128"; - in { + "10-wg0" = { matchConfig.Name = "wg0"; address = [ - vpnIPv4 - vpnIPv6 + "89.234.141.196/32" + "2a00:5881:8119:400::1/128" ]; routingPolicyRules = [ # Route outgoing emails to VPN table From 933d758e3b206865165b02ce2a4059e5b3bd8484 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 10 Dec 2024 00:33:31 +0100 Subject: [PATCH 429/474] force packet forwarding to true --- systems/LoutreOS/network.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 6c97c797..869597cc 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -2,7 +2,12 @@ { boot = { - kernel.sysctl."net.ipv6.conf.all.forwarding" = true; + kernel.sysctl = { + "net.ipv6.conf.all.forwarding" = true; + "net.ipv6.conf.default.forwarding" = true; + "net.ipv4.conf.all.forwarding" = true; + "net.ipv4.conf.default.forwarding" = true; + }; }; # Enable LTE drivers From 59435f987b0e78706c2735230168d7454d4da6e5 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 10 Dec 2024 00:34:58 +0100 Subject: [PATCH 430/474] fix rule priority main table should be first, else masqueraded packet responses will never reach internal network --- systems/LoutreOS/network.nix | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 869597cc..4c51361f 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -151,13 +151,13 @@ # 0: from all lookup local # 60: from all iif lo dport 25 lookup vpn # mails are forced to vpn table - # 4000: from all fwmark 0x1 lookup fiber # fwmark indicate established connection that must go through same interface - # 5000: from all fwmark 0x2 lookup lte - # 6000: from all fwmark 0x3 lookup vpn # 32766: from all lookup main # main table should contain no default routes, only local network routes # 32767: from all lookup default - # 40000: from all lookup fiber # first table encountered with a default route if fiber is up - # 50000: from all lookup lte # first table encountered with a default route if fiber is down + # 41000: from all fwmark 0x1 lookup fiber # fwmark indicate established connection that must go through same interface + # 42000: from all fwmark 0x2 lookup lte + # 43000: from all fwmark 0x3 lookup vpn + # 51000: from all lookup fiber # first table encountered with a default route if fiber is up + # 52000: from all lookup lte # first table encountered with a default route if fiber is down systemd.network = let routeTables = { @@ -238,14 +238,14 @@ routingPolicyRuleConfig = { FirewallMark = 1; Table = routeTables.fiber; - Priority = 4000; + Priority = 41000; Family = "both"; }; } { routingPolicyRuleConfig = { Table = routeTables.fiber; - Priority = 40000; + Priority = 51000; Family = "both"; }; } @@ -269,14 +269,14 @@ routingPolicyRuleConfig = { FirewallMark = 2; Table = routeTables.lte; - Priority = 5000; + Priority = 42000; Family = "both"; }; } { routingPolicyRuleConfig = { Table = routeTables.lte; - Priority = 50000; + Priority = 52000; Family = "both"; }; } @@ -311,7 +311,7 @@ routingPolicyRuleConfig = { FirewallMark = 3; Table = routeTables.vpn; - Priority = 6000; + Priority = 43000; Family = "both"; }; } From aaf33053c207d6f37a3c36466633d5e117cdb359 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 10 Dec 2024 00:40:12 +0100 Subject: [PATCH 431/474] disable navidrome --- systems/LoutreOS/medias.nix | 8 -------- 1 file changed, 8 deletions(-) diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index 2b9e6424..c2a70041 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -40,14 +40,6 @@ package = pkgs-unstable.jellyfin; }; - navidrome = { - enable = true; - settings = { - MusicFolder = "/mnt/medias/musique"; - ImageCacheSize = 0; - }; - }; - slimserver.enable = true; }; From 9d15f4f4c849b23225c0b628533e1368b3393151 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 11 Dec 2024 14:47:50 +0100 Subject: [PATCH 432/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/cd3e8833d70618c4eea8df06f95b364b016d4950' (2024-10-26) → 'github:NixOS/nixpkgs/7109b680d161993918b0a126f38bc39763e5a709' (2024-12-09) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/18536bf04cd71abd345f9579158841376fdd0c5a' (2024-10-25) → 'github:NixOS/nixpkgs/a73246e2eef4c6ed172979932bc80e1404ba2d56' (2024-12-09) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 901a5ee6..ed85b416 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1729973466, - "narHash": "sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk=", + "lastModified": 1733730953, + "narHash": "sha256-dlK7n82FEyZlHH7BFHQAM5tua+lQO1Iv7aAtglc1O5s=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cd3e8833d70618c4eea8df06f95b364b016d4950", + "rev": "7109b680d161993918b0a126f38bc39763e5a709", "type": "github" }, "original": { @@ -107,11 +107,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1729880355, - "narHash": "sha256-RP+OQ6koQQLX5nw0NmcDrzvGL8HDLnyXt/jHhL1jwjM=", + "lastModified": 1733759999, + "narHash": "sha256-463SNPWmz46iLzJKRzO3Q2b0Aurff3U1n0nYItxq7jU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "18536bf04cd71abd345f9579158841376fdd0c5a", + "rev": "a73246e2eef4c6ed172979932bc80e1404ba2d56", "type": "github" }, "original": { From 2a23c234ac5bf9d490d5aad5b5f5d6091ccceaa1 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 12 Dec 2024 16:50:50 +0100 Subject: [PATCH 433/474] fix Sonarr build --- flake.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/flake.nix b/flake.nix index ba4b8978..bbed851c 100644 --- a/flake.nix +++ b/flake.nix @@ -59,6 +59,12 @@ inputs = inputs; pkgs-unstable = import nixpkgs-unstable { inherit system; + config.permittedInsecurePackages = [ + "aspnetcore-runtime-6.0.36" + "aspnetcore-runtime-wrapped-6.0.36" + "dotnet-sdk-6.0.428" + "dotnet-sdk-wrapped-6.0.428" + ]; }; pkgs-4a3fc4cf7 = import nixpkgs-4a3fc4cf7 { inherit system; From 32e6d3b60ade1061487182193fff86039f408a26 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 12 Dec 2024 16:58:52 +0100 Subject: [PATCH 434/474] fix mangle rules for incoming traffic --- systems/LoutreOS/network.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 4c51361f..7c8b54b0 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -88,9 +88,14 @@ ip46tables -w -t mangle -X loutreos-mangle-pre 2>/dev/null || true ip46tables -w -t mangle -N loutreos-mangle-pre - # Restore the packet's CONNMARK to the MARK for existing connections + # Restore the packet's CONNMARK to the MARK for existing incoming connections ip46tables -w -t mangle -A loutreos-mangle-pre -j CONNMARK --restore-mark + # Restore CONNMARK to MARK for outgoing packets before final routing decision + ip46tables -w -t mangle -D OUTPUT -j CONNMARK --restore-mark 2>/dev/null || true + ip46tables -w -t mangle -A OUTPUT -j CONNMARK --restore-mark + + # If packet MARK is set, then it means that there is already a connection mark ip46tables -w -t mangle -A loutreos-mangle-pre -m mark ! --mark 0 -j ACCEPT @@ -100,8 +105,11 @@ ip46tables -w -t mangle -A loutreos-mangle-pre -i enp0s21u1 -j MARK --set-mark 2 ip46tables -w -t mangle -A loutreos-mangle-pre -i wg0 -j MARK --set-mark 3 + # Save new mark in CONNMARK + ip46tables -w -t mangle -A loutreos-mangle-pre -j CONNMARK --save-mark + # Jump to newly created target - ip46tables -w -t mangle -A PREROUTING -j loutreos-mangle-pre + ip46tables -w -t mangle -I PREROUTING 1 -j loutreos-mangle-pre # Save MARK to CONNMARK. ip46tables -w -t mangle -D POSTROUTING -j CONNMARK --save-mark 2>/dev/null || true From 99f63e7af8f45e0ba7246c1ba058857562d34292 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 16 Dec 2024 16:02:48 +0100 Subject: [PATCH 435/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/7109b680d161993918b0a126f38bc39763e5a709' (2024-12-09) → 'github:NixOS/nixpkgs/bcba2fbf6963bf6bed3a749f9f4cf5bff4adb96d' (2024-12-14) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/a73246e2eef4c6ed172979932bc80e1404ba2d56' (2024-12-09) → 'github:NixOS/nixpkgs/3566ab7246670a43abd2ffa913cc62dad9cdf7d5' (2024-12-13) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index ed85b416..6c5c24de 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1733730953, - "narHash": "sha256-dlK7n82FEyZlHH7BFHQAM5tua+lQO1Iv7aAtglc1O5s=", + "lastModified": 1734202038, + "narHash": "sha256-LwcGIkORU8zfQ/8jAgptgPY8Zf9lGKB0vtNdQyEkaN8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7109b680d161993918b0a126f38bc39763e5a709", + "rev": "bcba2fbf6963bf6bed3a749f9f4cf5bff4adb96d", "type": "github" }, "original": { @@ -107,11 +107,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1733759999, - "narHash": "sha256-463SNPWmz46iLzJKRzO3Q2b0Aurff3U1n0nYItxq7jU=", + "lastModified": 1734119587, + "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a73246e2eef4c6ed172979932bc80e1404ba2d56", + "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5", "type": "github" }, "original": { From f526dc30545752e24526f5e1a06b6252d1e49396 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 16 Dec 2024 16:54:58 +0100 Subject: [PATCH 436/474] common-gui: enable zram --- systems/PC-Fixe/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systems/PC-Fixe/configuration.nix b/systems/PC-Fixe/configuration.nix index 83a7ee4e..e6031f84 100644 --- a/systems/PC-Fixe/configuration.nix +++ b/systems/PC-Fixe/configuration.nix @@ -32,6 +32,8 @@ options hid_apple fnmode=2 ''; + zramSwap.enable = true; + virtualisation.podman.enable = true; services.zfs = { From 1a414771ba91dbfe16285ca5e79288a72f3a88a0 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 16 Dec 2024 16:55:16 +0100 Subject: [PATCH 437/474] common-gui: pipewire set clock rate --- systems/common-gui.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/systems/common-gui.nix b/systems/common-gui.nix index 6d8365d1..03735e0e 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -113,6 +113,13 @@ alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; + extraConfig.pipewire = { + "10-clock-rate" = { + "context.properties" = { + "default.clock.allowed-rates" = [ 48000 ]; + }; + }; + }; }; udev.packages = with pkgs; [ ledger-udev-rules ]; pcscd.enable = true; From 17ff809406d148e6efb3234968c7cb9844030114 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 20 Dec 2024 16:54:36 +0100 Subject: [PATCH 438/474] LoutreOS: update to 24.11 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit flake.lock: Update Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/bcba2fbf6963bf6bed3a749f9f4cf5bff4adb96d' (2024-12-14) → 'github:NixOS/nixpkgs/b47fd6fa00c6afca88b8ee46cfdb00e104f50bca' (2024-12-19) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/3566ab7246670a43abd2ffa913cc62dad9cdf7d5' (2024-12-13) → 'github:NixOS/nixpkgs/d3c42f187194c26d9f0309a8ecc469d6c878ce33' (2024-12-17) • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/29916981e7b3b5782dc5085ad18490113f8ff63b' (2024-06-11) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/35fa7dc495aa89bd224f08c43dfd9119b81f0fa7' (2024-12-16) • Removed input 'simple-nixos-mailserver/nixpkgs-24_05' • Added input 'simple-nixos-mailserver/nixpkgs-24_11': follows 'nixpkgs' • Removed input 'simple-nixos-mailserver/utils' • Removed input 'simple-nixos-mailserver/utils/systems' --- flake.lock | 60 ++++------------ flake.nix | 6 +- systems/LoutreOS/configuration.nix | 1 - systems/LoutreOS/network.nix | 108 +++++++++++------------------ systems/LoutreOS/web.nix | 2 +- 5 files changed, 57 insertions(+), 120 deletions(-) diff --git a/flake.lock b/flake.lock index 6c5c24de..13bf6d53 100644 --- a/flake.lock +++ b/flake.lock @@ -76,16 +76,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1734202038, - "narHash": "sha256-LwcGIkORU8zfQ/8jAgptgPY8Zf9lGKB0vtNdQyEkaN8=", + "lastModified": 1734600368, + "narHash": "sha256-nbG9TijTMcfr+au7ZVbKpAhMJzzE2nQBYmRvSdXUD8g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bcba2fbf6963bf6bed3a749f9f4cf5bff4adb96d", + "rev": "b47fd6fa00c6afca88b8ee46cfdb00e104f50bca", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-24.05", + "ref": "nixos-24.11", "type": "indirect" } }, @@ -107,11 +107,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1734119587, - "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=", + "lastModified": 1734424634, + "narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5", + "rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33", "type": "github" }, "original": { @@ -137,58 +137,24 @@ "nixpkgs": [ "nixpkgs-unstable" ], - "nixpkgs-24_05": [ + "nixpkgs-24_11": [ "nixpkgs" - ], - "utils": "utils" + ] }, "locked": { - "lastModified": 1718084203, - "narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=", + "lastModified": 1734371264, + "narHash": "sha256-YzE0lCGNKDXeinkZ6knSM8jo1VS9CeNwBJvYMEYQaQM=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "29916981e7b3b5782dc5085ad18490113f8ff63b", + "rev": "35fa7dc495aa89bd224f08c43dfd9119b81f0fa7", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-24.05", + "ref": "nixos-24.11", "repo": "nixos-mailserver", "type": "gitlab" } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1709126324, - "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "d465f4819400de7c8d874d50b982301f28a84605", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index bbed851c..bb5415c3 100644 --- a/flake.nix +++ b/flake.nix @@ -1,14 +1,14 @@ { inputs = { - nixpkgs.url = "flake:nixpkgs/nixos-24.05"; + nixpkgs.url = "flake:nixpkgs/nixos-24.11"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; # transmission 4.0.5 downgrade to fix tracker bug nixpkgs-4a3fc4cf7.url = "github:nixos/nixpkgs/4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4"; simple-nixos-mailserver = { - url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; + url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.11"; inputs = { nixpkgs.follows = "nixpkgs-unstable"; - nixpkgs-24_05.follows = "nixpkgs"; + nixpkgs-24_11.follows = "nixpkgs"; }; }; dogetipbot-telegram = { diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 7d4501e1..001dfb78 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -2,7 +2,6 @@ { imports = [ - "${inputs.nixpkgs-unstable}/nixos/modules/services/misc/flaresolverr.nix" ../common-cli.nix ./hardware-configuration.nix ./network.nix diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 7c8b54b0..1e48cc25 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -134,7 +134,7 @@ ############################################# # Redirect local network request from server external IP to internal IP - iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true + iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 2>/dev/null || true iptables -t nat -A PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 ''; @@ -190,22 +190,16 @@ MTUBytes = "1450"; }; wireguardConfig = { - PrivateKeyFile = "/run/credentials/systemd-networkd.service/network.wireguard.private.wg0"; - # Wait for 24.11 - # PrivateKey = "@network.wireguard.private.wg0"; + PrivateKey = "@network.wireguard.private.wg0"; RouteTable = routeTables.vpn; }; wireguardPeers = [ { - wireguardPeerConfig = { - Endpoint = "89.234.141.83:8095"; - PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g="; - PresharedKeyFile = "/run/credentials/systemd-networkd.service/network.wireguard.preshared.wg0"; - # Wait for 24.11 - # PresharedKey = "@network.wireguard.preshared.wg0"; - AllowedIPs = ["0.0.0.0/0" "::/0"]; - PersistentKeepalive = 15; - }; + Endpoint = "89.234.141.83:8095"; + PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g="; + PresharedKey = "@network.wireguard.preshared.wg0"; + AllowedIPs = ["0.0.0.0/0" "::/0"]; + PersistentKeepalive = 15; } ]; }; @@ -243,19 +237,15 @@ # Route everything to fiber link with a priority of 40000 routingPolicyRules = [ { - routingPolicyRuleConfig = { - FirewallMark = 1; - Table = routeTables.fiber; - Priority = 41000; - Family = "both"; - }; + FirewallMark = 1; + Table = routeTables.fiber; + Priority = 41000; + Family = "both"; } { - routingPolicyRuleConfig = { - Table = routeTables.fiber; - Priority = 51000; - Family = "both"; - }; + Table = routeTables.fiber; + Priority = 51000; + Family = "both"; } ]; }; @@ -274,19 +264,15 @@ # Route all to lte link with a priority of 50000 routingPolicyRules = [ { - routingPolicyRuleConfig = { - FirewallMark = 2; - Table = routeTables.lte; - Priority = 42000; - Family = "both"; - }; + FirewallMark = 2; + Table = routeTables.lte; + Priority = 42000; + Family = "both"; } { - routingPolicyRuleConfig = { - Table = routeTables.lte; - Priority = 52000; - Family = "both"; - }; + Table = routeTables.lte; + Priority = 52000; + Family = "both"; } ]; }; @@ -305,23 +291,19 @@ routingPolicyRules = [ # Route outgoing emails to VPN table { - routingPolicyRuleConfig = { - IncomingInterface = "lo"; - DestinationPort = "25"; - Table = routeTables.vpn; - Priority = 60; - Family = "both"; - }; + IncomingInterface = "lo"; + DestinationPort = "25"; + Table = routeTables.vpn; + Priority = 60; + Family = "both"; } # Route packets originating from wg0 device to VPN table # Allow server to respond on the wg0 interface requests { - routingPolicyRuleConfig = { - FirewallMark = 3; - Table = routeTables.vpn; - Priority = 43000; - Family = "both"; - }; + FirewallMark = 3; + Table = routeTables.vpn; + Priority = 43000; + Family = "both"; } ]; }; @@ -349,38 +331,28 @@ dhcpServerStaticLeases = [ # IPMI { - dhcpServerStaticLeaseConfig = { - Address = "10.30.1.1"; - MACAddress = "ac:1f:6b:4b:01:15"; - }; + Address = "10.30.1.1"; + MACAddress = "ac:1f:6b:4b:01:15"; } # paul-fixe { - dhcpServerStaticLeaseConfig = { - Address = "10.30.50.1"; - MACAddress = "b4:2e:99:ed:24:26"; - }; + Address = "10.30.50.1"; + MACAddress = "b4:2e:99:ed:24:26"; } # salonled { - dhcpServerStaticLeaseConfig = { - Address = "10.30.40.1"; - MACAddress = "e0:98:06:85:e9:ce"; - }; + Address = "10.30.40.1"; + MACAddress = "e0:98:06:85:e9:ce"; } # miroir-bleu { - dhcpServerStaticLeaseConfig = { - Address = "10.30.40.2"; - MACAddress = "e0:98:06:86:38:fc"; - }; + Address = "10.30.40.2"; + MACAddress = "e0:98:06:86:38:fc"; } # miroir-orange { - dhcpServerStaticLeaseConfig = { - Address = "10.30.40.3"; - MACAddress = "50:02:91:78:be:be"; - }; + Address = "10.30.40.3"; + MACAddress = "50:02:91:78:be:be"; } ]; ipv6SendRAConfig = { diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index a373e0ae..87a58035 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -392,7 +392,7 @@ in nextcloud = { enable = true; - package = pkgs.nextcloud29; + package = pkgs.nextcloud30; hostName = "cloud.nyanlout.re"; database.createLocally = true; https = true; From c9c0061ff7dce208cff8fb44e68aa1b5d03cd43d Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 20 Dec 2024 19:17:16 +0100 Subject: [PATCH 439/474] fix networkd not working on boot --- systems/LoutreOS/network.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 1e48cc25..d96b7c1d 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -146,11 +146,16 @@ }; }; - systemd.services.systemd-networkd.serviceConfig = { + systemd.services.systemd-networkd = { + unitConfig = { + RequiresMountsFor = "/mnt/secrets/wireguard"; + }; + serviceConfig = { LoadCredential = [ "network.wireguard.private.wg0:/mnt/secrets/wireguard/wireguard.private" "network.wireguard.preshared.wg0:/mnt/secrets/wireguard/wireguard.preshared" ]; + }; }; ################# From c028b9b6ed2810fc621a08c0d67c41d435ba42af Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 23 Dec 2024 14:23:23 +0100 Subject: [PATCH 440/474] gitea: don't set default theme Themes where renamed upstream https://github.com/go-gitea/gitea/pull/27419 --- systems/LoutreOS/web.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 87a58035..32b86637 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -376,7 +376,6 @@ in HTTP_PORT = 3001; ROOT_URL = "https://gitea.nyanlout.re/"; }; - ui.DEFAULT_THEME = "arc-green"; log.LEVEL = "Warn"; service.DISABLE_REGISTRATION = true; session.COOKIE_SECURE = true; From da67f2b52340e136d3bc338a64b80bcaf45328ae Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 31 Dec 2024 12:52:02 +0100 Subject: [PATCH 441/474] Do not backup music --- systems/LoutreOS/services.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index fac5b6c3..70686dc7 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -129,9 +129,6 @@ in "/var/lib/slimserver" "/var/lib/watcharr" "/var/lib/nextcloud" - "/mnt/medias/musique" - "/mnt/medias/torrent/lidarr" - "/mnt/medias/torrent/musique" "/mnt/paul-home/paul" "/var/sieve" "/var/vmail" From b8bdb492c5bce0452d9b6e0b2be4c22f5f3aaf9b Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 2 Jan 2025 12:17:02 +0100 Subject: [PATCH 442/474] remove python CI service --- services/python-ci.nix | 49 ---------- services/python-ci.py | 168 ---------------------------------- services/sdtdserver.nix | 120 ------------------------ systems/LoutreOS/services.nix | 3 - systems/LoutreOS/web.nix | 63 ------------- 5 files changed, 403 deletions(-) delete mode 100644 services/python-ci.nix delete mode 100755 services/python-ci.py delete mode 100644 services/sdtdserver.nix diff --git a/services/python-ci.nix b/services/python-ci.nix deleted file mode 100644 index ce957db7..00000000 --- a/services/python-ci.nix +++ /dev/null @@ -1,49 +0,0 @@ -{lib, config, pkgs, ... }: - -with lib; - -let - cfg = config.services.python-ci; -in -{ - options.services.python-ci = { - enable = mkEnableOption "Service de CI Nix écrit en Python"; - }; - - config = mkIf cfg.enable { - - users.users = { - python-ci = { - isSystemUser = true; - group = "nogroup"; - description = "Python CI user"; - }; - }; - - systemd.services.python-ci = { - description = "CI Nix en Python"; - requires = ["network-online.target"]; - wantedBy = ["multi-user.target"]; - environment = { HOME = "/var/lib/python-ci"; NIX_PATH = concatStringsSep ":" config.nix.nixPath; NIXPKGS_ALLOW_UNFREE = "1";}; - path = with pkgs;[ nix gnutar gzip ]; - serviceConfig = { - User = "python-ci"; - StateDirectory = "python-ci"; - RuntimeDirectory = "python-ci"; - RuntimeDirectoryPreserve = "yes"; - ExecStart = with pkgs; - let env = python3Packages.python.buildEnv.override { - extraLibs = with python3Packages;[ pyramid python-gitlab setuptools ]; - ignoreCollisions = true; - }; - in "${pkgs.writeShellScriptBin "run.sh" '' - ${env}/bin/python ${pkgs.writeScript "python-ci.py" "${readFile ./python-ci.py}"} --port 52350 \ - --secret /var/lib/python-ci/secret --gitlab-token /var/lib/python-ci/gitlab_token \ - --gitea-token /var/lib/python-ci/gitea_token --output /run/python-ci - ''}/bin/run.sh"; - }; - }; - - }; - -} diff --git a/services/python-ci.py b/services/python-ci.py deleted file mode 100755 index 950cf446..00000000 --- a/services/python-ci.py +++ /dev/null @@ -1,168 +0,0 @@ -#! /usr/bin/env nix-shell -#! nix-shell -i python3 -p "python3.withPackages(ps: [ps.pyramid ps.python-gitlab])" -from wsgiref.simple_server import make_server -from pyramid.config import Configurator -from pyramid.view import view_config, view_defaults -from pyramid.httpexceptions import HTTPNotFound -from subprocess import check_call, CalledProcessError -import urllib.request -import tarfile -from tempfile import TemporaryDirectory -from multiprocessing import Pool -from gitlab import Gitlab -import urllib.request -import json -import argparse -import hmac -import hashlib - - -def gitlab_build(payload, gl): - commit = gl.projects.get(payload['project']['path_with_namespace']).commits.get(payload['checkout_sha']) - - commit.statuses.create({'state': 'running', 'name': 'Python CI'}) - print("push from " + payload['user_name']) - print("repo: " + payload['project']['path_with_namespace']) - print("commit: " + payload['checkout_sha']) - temp_dir = TemporaryDirectory() - repo_dir = temp_dir.name + '/' + payload['project']['name'] + '-' + payload['checkout_sha'] - archive_url = payload['project']['web_url'] + '/-/archive/' + payload['checkout_sha'] + \ - '/' + payload['project']['name'] + '-' + payload['checkout_sha'] + '.tar.gz' - - with urllib.request.urlopen(archive_url) as gitlab_archive: - with tarfile.open(fileobj=gitlab_archive, mode='r|gz') as gitlab_repo_files: - gitlab_repo_files.extractall(path=temp_dir.name) - - check_call(['ls', '-lha', repo_dir]) - - try: - check_call(['nix-build', '-o', args.output + '/' + payload['project']['path_with_namespace'], repo_dir]) - except CalledProcessError: - commit.statuses.create({'state': 'failed', 'name': 'Python CI'}) - print("erreur build") - else: - commit.statuses.create({'state': 'success', 'name': 'Python CI'}) - print("build terminé") - - -@view_defaults( - route_name="gitlab_payload", renderer="json", request_method="POST" -) -class GitlabHook(object): - - def __init__(self, request): - self.request = request - self.payload = self.request.json - self.whitelist = ['nyanloutre/site-musique'] - self.secret = open(args.secret, 'r').readline().splitlines()[0] - self.gitlab_token = open(args.gitlab_token, 'r').readline().splitlines()[0] - self.gl = Gitlab('https://gitlab.com', private_token=self.gitlab_token) - - @view_config(header="X-Gitlab-Event:Push Hook") - def push_hook(self): - if self.payload['project']['path_with_namespace'] in self.whitelist and self.request.headers['X-Gitlab-Token'] == self.secret: - self.gl.projects.get(self.payload['project']['path_with_namespace']).commits.get(self.payload['checkout_sha']).statuses.create({'state': 'pending', 'name': 'Python CI'}) - pool.apply_async(gitlab_build, (self.payload, self.gl)) - return "build started" - else: - raise HTTPNotFound - - -def gitea_status_update(repo, commit, token, status): - url = 'https://gitea.nyanlout.re/api/v1/repos/' + repo + '/statuses/' + commit - print(url) - req = urllib.request.Request(url) - req.add_header('Content-Type', 'application/json; charset=utf-8') - req.add_header('accept', 'application/json') - req.add_header('Authorization', 'token ' + token) - - jsondata = json.dumps({'state': status}).encode('utf-8') - req.add_header('Content-Length', len(jsondata)) - - urllib.request.urlopen(req, jsondata) - -def gitea_build(payload, token): - commit = payload['after'] - repo = payload['repository']['full_name'] - - gitea_status_update(repo, commit, token, 'pending') - - print("push from " + payload['pusher']['username']) - print("repo: " + repo) - print("commit: " + commit) - temp_dir = TemporaryDirectory() - repo_dir = temp_dir.name + '/' + payload['repository']['name'] - archive_url = payload['repository']['html_url'] + '/archive/' + commit + '.tar.gz' - - with urllib.request.urlopen(archive_url) as gitea_archive: - with tarfile.open(fileobj=gitea_archive, mode='r|gz') as gitea_repo_files: - gitea_repo_files.extractall(path=temp_dir.name) - - check_call(['ls', '-lha', repo_dir]) - - try: - check_call(['nix-build', '-o', args.output + '/' + repo, repo_dir]) - except CalledProcessError: - gitea_status_update(repo, commit, token, 'failure') - print("erreur build") - else: - gitea_status_update(repo, commit, token, 'success') - print("build terminé") - - -@view_defaults( - route_name="gitea_payload", renderer="json", request_method="POST" -) -class GiteaHook(object): - def __init__(self, request): - self.payload = request.json - self.whitelist = ['nyanloutre/site-musique', 'nyanloutre/site-max'] - self.gitea_token = open(args.gitea_token, 'r').readline().strip() - - @view_config(header=["X-Gitea-Event:push", "X-Gitea-Signature"], check_hmac=True) - def push_hook(self): - if self.payload['repository']['full_name'] in self.whitelist: - pool.apply_async(gitea_build, (self.payload, self.gitea_token)) - return "build started" - else: - raise HTTPNotFound - - -class CheckHmacPredicate(object): - def __init__(self, val, info): - self.secret = open(args.secret, 'r').readline().strip().encode() - - def text(self): - return 'HMAC checking enabled' - - phash = text - - def __call__(self, context, request): - payload_signature = hmac.new(self.secret, request.body, hashlib.sha256).hexdigest() - return hmac.compare_digest(request.headers["X-Gitea-Signature"], payload_signature) - -if __name__ == "__main__": - parser = argparse.ArgumentParser(description='CI server') - parser.add_argument('--address', help='listening address', default='127.0.0.1') - parser.add_argument('--port', type=int, help='listening port') - parser.add_argument('--output', help='output directory') - parser.add_argument('--secret', help='repo secret file') - parser.add_argument('--gitlab-token', help='gitlab token file') - parser.add_argument('--gitea-token', help='gitea token file') - args = parser.parse_args() - - - pool = Pool(1) - - config = Configurator() - - config.add_view_predicate('check_hmac', CheckHmacPredicate) - - config.add_route("gitlab_payload", "/gitlab_payload") - config.add_route("gitea_payload", "/gitea_payload") - config.scan() - - app = config.make_wsgi_app() - server = make_server(args.address, args.port, app) - print('listening ...') - server.serve_forever() diff --git a/services/sdtdserver.nix b/services/sdtdserver.nix deleted file mode 100644 index c2331505..00000000 --- a/services/sdtdserver.nix +++ /dev/null @@ -1,120 +0,0 @@ -{lib, config, pkgs, ... }: - -with lib; - -let - cfg = config.services.sdtdserver; - gamePath = "/var/lib/sdtdserver"; - gameOptions = { - ServerPort="26900"; - ServerVisibility="2"; - ServerName="Serveur des loutres"; - ServerPassword=""; - ServerMaxPlayerCount="16"; - ServerReservedSlots="0"; - ServerReservedSlotsPermission="100"; - ServerAdminSlots="0"; - ServerAdminSlotsPermission="0"; - ServerDescription="Un serveur idiot anti gilets jaunes"; - ServerWebsiteURL=""; - ServerDisabledNetworkProtocols=""; - GameWorld="Navezgane"; - WorldGenSeed="Lakeu"; - WorldGenSize="4096"; - GameName="Lakeu"; - GameDifficulty="2"; - GameMode="GameModeSurvival"; - ZombiesRun="0"; - ZombieMove="0"; - ZombieMoveNight="3"; - ZombieFeralMove="3"; - ZombieBMMove="3"; - BuildCreate="false"; - DayNightLength="60"; - DayLightLength="18"; - PlayerKillingMode="3"; - PersistentPlayerProfiles="false"; - PlayerSafeZoneLevel="5"; - PlayerSafeZoneHours="5"; - ControlPanelEnabled="false"; - ControlPanelPort="8080"; - ControlPanelPassword="CHANGEME"; - TelnetEnabled="false"; - TelnetPort="8081"; - TelnetPassword=""; - TelnetFailedLoginLimit="10"; - TelnetFailedLoginsBlocktime="10"; - TerminalWindowEnabled="false"; - AdminFileName="serveradmin.xml"; - DropOnDeath="0"; - DropOnQuit="0"; - BloodMoonEnemyCount="8"; - EnemySpawnMode="true"; - EnemyDifficulty="0"; - BlockDurabilityModifier="100"; - LootAbundance="100"; - LootRespawnDays="30"; - LandClaimSize="41"; - LandClaimDeadZone="30"; - LandClaimExpiryTime="3"; - LandClaimDecayMode="0"; - LandClaimOnlineDurabilityModifier="4"; - LandClaimOfflineDurabilityModifier="4"; - PartySharedKillRange="100"; - AirDropFrequency="72"; - AirDropMarker="false"; - MaxSpawnedZombies="60"; - MaxSpawnedAnimals="50"; - EACEnabled="true"; - HideCommandExecutionLog="0"; - MaxUncoveredMapChunksPerPlayer="131072"; - BedrollDeadZoneSize="15"; - ServerLoginConfirmationText="Prout"; - }; - gameConfig = builtins.toFile "serverconfig.xml" '' - - - ${concatStrings ( - mapAttrsToList (name: value: - " \n" - ) gameOptions)} - - ''; -in -{ - options.services.sdtdserver = { - enable = mkEnableOption "Activation du serveur dédié 7 Days to Die"; - }; - - config = mkIf cfg.enable { - - systemd.services.sdtdserver = { - description = "Serveur dédié 7 Days to Die"; - requires = ["network-online.target"]; - wantedBy = ["multi-user.target"]; - environment = { HOME = gamePath; }; - serviceConfig = { - DynamicUser = true; - StateDirectory = "sdtdserver"; - }; - preStart = let - libPath = with pkgs; lib.makeLibraryPath [ - stdenv.cc.cc.lib - ]; - in '' - ${pkgs.steamcmd}/bin/steamcmd +login anonymous +force_install_dir ${gamePath} +app_update 294420 validate +quit - install -m666 ${gameConfig} ${gamePath}/serverconfig.xml - ''; - script = '' - ${pkgs.steam-run}/bin/steam-run ${gamePath}/7DaysToDieServer.x86_64 -quit -batchmode -nographics -dedicated -configfile=serverconfig.xml - ''; - }; - - networking.firewall = { - allowedTCPPorts = [ 26900 ]; - allowedUDPPorts = [ 26900 26901 26902 ]; - }; - - }; - -} diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 70686dc7..e388f662 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -26,9 +26,6 @@ in { imports = [ - ../../services/python-ci.nix - ../../services/sdtdserver.nix - # /mnt/secrets/factorio_secrets.nix ./monitoring.nix ./medias.nix ./web.nix diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 32b86637..a7e18023 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -61,43 +61,10 @@ in isSystemUser = true; group = config.users.groups.webdav.name; }; - # wordpress = { - # isSystemUser = true; - # group = config.services.nginx.group; - # }; }; services = { phpfpm.pools = { - # work = { - # user = config.users.users.work.name; - # phpPackage = pkgs.php.withExtensions ({ all, ... }: with all; [ redis filter ]); - # settings = { - # "listen.owner" = config.services.nginx.user; - # "pm" = "dynamic"; - # "pm.max_children" = 75; - # "pm.start_servers" = 10; - # "pm.min_spare_servers" = 5; - # "pm.max_spare_servers" = 20; - # "pm.max_requests" = 500; - # }; - # }; - - # "wordpress-designyourfuture" = { - # user = config.users.users.wordpress.name; - # group = config.services.nginx.group; - # settings = { - # "listen.owner" = config.services.nginx.user; - # "pm" = "dynamic"; - # "pm.max_children" = 32; - # "pm.start_servers" = 2; - # "pm.min_spare_servers" = 2; - # "pm.max_spare_servers" = 4; - # "pm.max_requests" = 500; - # }; - # }; - - drive = { user = config.users.users.webdav.name; settings = { @@ -242,7 +209,6 @@ in forceSSL = true; globalRedirect = "musique-meyenheim.fr"; }; - # "maxspiegel.fr" = base { "/" = { root = "/run/python-ci/nyanloutre/site-max"; }; }; "stream.nyanlout.re" = base { "/" = { proxyPass = "http://10.30.135.71"; @@ -261,7 +227,6 @@ in proxyWebsockets = true; }; }; - "ci.nyanlout.re" = simpleReverse 52350; "gitea.nyanlout.re" = simpleReverse config.services.gitea.settings.server.HTTP_PORT; "musique.nyanlout.re" = simpleReverse config.services.navidrome.settings.Port; "photo.nyanlout.re" = recursiveUpdate (simpleReverse config.services.photoprism.port) { @@ -279,27 +244,6 @@ in proxyWebsockets = true; }; }; - # "work.rezom.eu" = base { - # "/" = { - # index = "/_h5ai/public/index.php"; - # extraConfig = '' - # dav_ext_methods PROPFIND OPTIONS; - # ''; - # }; - # "~ ^/(_h5ai/public/index|random).php" = { - # extraConfig = '' - # fastcgi_split_path_info ^(.+\.php)(/.+)$; - # fastcgi_pass unix:${config.services.phpfpm.pools.work.socket}; - # include ${pkgs.nginx}/conf/fastcgi_params; - # include ${pkgs.nginx}/conf/fastcgi.conf; - # ''; - # }; - # } // { - # root = "/mnt/medias/iso_linux"; - # extraConfig = '' - # access_log /var/log/nginx/$host.log; - # ''; - # }; "drive.nyanlout.re" = base { "/" = { extraConfig = '' @@ -382,13 +326,6 @@ in }; }; - python-ci.enable = true; - - # mysql = { - # enable = true; - # package = pkgs.mariadb; - # }; - nextcloud = { enable = true; package = pkgs.nextcloud30; From 66b8f6f52f457885c1074df49bd7d164520d6de3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 2 Jan 2025 12:20:30 +0100 Subject: [PATCH 443/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/b47fd6fa00c6afca88b8ee46cfdb00e104f50bca?narHash=sha256-nbG9TijTMcfr%2Bau7ZVbKpAhMJzzE2nQBYmRvSdXUD8g%3D' (2024-12-19) → 'github:NixOS/nixpkgs/edf04b75c13c2ac0e54df5ec5c543e300f76f1c9?narHash=sha256-tfYRbFhMOnYaM4ippqqid3BaLOXoFNdImrfBfCp4zn0%3D' (2024-12-31) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/d3c42f187194c26d9f0309a8ecc469d6c878ce33?narHash=sha256-cHar1vqHOOyC7f1%2BtVycPoWTfKIaqkoe1Q6TnKzuti4%3D' (2024-12-17) → 'github:NixOS/nixpkgs/88195a94f390381c6afcdaa933c2f6ff93959cb4?narHash=sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs%3D' (2024-12-29) • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/35fa7dc495aa89bd224f08c43dfd9119b81f0fa7?narHash=sha256-YzE0lCGNKDXeinkZ6knSM8jo1VS9CeNwBJvYMEYQaQM%3D' (2024-12-16) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/63209b1def2c9fc891ad271f474a3464a5833294?narHash=sha256-HA9fAmGNGf0cOYrhgoa%2BB6BxNVqGAYXfLyx8zIS0ZBY%3D' (2024-12-22) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 13bf6d53..44e34ee2 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1734600368, - "narHash": "sha256-nbG9TijTMcfr+au7ZVbKpAhMJzzE2nQBYmRvSdXUD8g=", + "lastModified": 1735669367, + "narHash": "sha256-tfYRbFhMOnYaM4ippqqid3BaLOXoFNdImrfBfCp4zn0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b47fd6fa00c6afca88b8ee46cfdb00e104f50bca", + "rev": "edf04b75c13c2ac0e54df5ec5c543e300f76f1c9", "type": "github" }, "original": { @@ -107,11 +107,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1734424634, - "narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=", + "lastModified": 1735471104, + "narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33", + "rev": "88195a94f390381c6afcdaa933c2f6ff93959cb4", "type": "github" }, "original": { @@ -142,11 +142,11 @@ ] }, "locked": { - "lastModified": 1734371264, - "narHash": "sha256-YzE0lCGNKDXeinkZ6knSM8jo1VS9CeNwBJvYMEYQaQM=", + "lastModified": 1734884447, + "narHash": "sha256-HA9fAmGNGf0cOYrhgoa+B6BxNVqGAYXfLyx8zIS0ZBY=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "35fa7dc495aa89bd224f08c43dfd9119b81f0fa7", + "rev": "63209b1def2c9fc891ad271f474a3464a5833294", "type": "gitlab" }, "original": { From db19e625ce6f09e99e603deaa97751d990809847 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 3 Jan 2025 14:37:19 +0100 Subject: [PATCH 444/474] iptables --> nftables migrate --- systems/LoutreOS/network.nix | 120 ++++++++++++++++------------------- 1 file changed, 54 insertions(+), 66 deletions(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index d96b7c1d..8226144b 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -57,6 +57,55 @@ enp0s21u1.useDHCP = true; }; + nftables = { + enable = true; + tables = { + "multi-wan-routing" = { + family = "inet"; + content = '' + chain PREROUTING { + type filter hook prerouting priority mangle; policy accept; + # Restore the packet's CONNMARK to the MARK for existing incoming connections + counter meta mark set ct mark + # If packet MARK is set, then it means that there is already a connection mark + meta mark != 0x00000000 counter accept + # Else, we need to mark the packet. + # If the packet is incoming on bouygues then set MARK to 1, LTE MARK 2 and VPN MARK 3 + iifname "bouygues" counter meta mark set 0x1 + iifname "enp0s21u1" counter meta mark set 0x2 + iifname "wg0" counter meta mark set 0x3 + # Save new mark in CONNMARK + counter ct mark set mark + } + + chain OUTPUT { + type route hook output priority mangle; policy accept; + # Restore CONNMARK to MARK for outgoing packets before final routing decision + counter meta mark set ct mark + } + + chain POSTROUTING { + type filter hook postrouting priority mangle; policy accept; + # Save MARK to CONNMARK + counter ct mark set mark + } + ''; + }; + + "redirect-external-to-local" = { + family = "ip"; + content = '' + chain PREROUTING { + type nat hook prerouting priority dstnat; policy accept; + # Redirect local network request from server external IP to internal IP + # This allow access to server without internet access + ip saddr 10.30.0.0/16 ip daddr 176.180.172.105 counter dnat to 10.30.0.1 + } + ''; + } + }; + }; + firewall = { enable = true; allowedTCPPorts = [ 80 443 ]; @@ -76,72 +125,11 @@ ]; }; - extraCommands = '' - - ################ - # MANGLE rules # - ################ - - # Clean and recreate target - ip46tables -w -t mangle -D PREROUTING -j loutreos-mangle-pre 2>/dev/null || true - ip46tables -w -t mangle -F loutreos-mangle-pre 2>/dev/null || true - ip46tables -w -t mangle -X loutreos-mangle-pre 2>/dev/null || true - ip46tables -w -t mangle -N loutreos-mangle-pre - - # Restore the packet's CONNMARK to the MARK for existing incoming connections - ip46tables -w -t mangle -A loutreos-mangle-pre -j CONNMARK --restore-mark - - # Restore CONNMARK to MARK for outgoing packets before final routing decision - ip46tables -w -t mangle -D OUTPUT -j CONNMARK --restore-mark 2>/dev/null || true - ip46tables -w -t mangle -A OUTPUT -j CONNMARK --restore-mark - - - # If packet MARK is set, then it means that there is already a connection mark - ip46tables -w -t mangle -A loutreos-mangle-pre -m mark ! --mark 0 -j ACCEPT - - # Else, we need to mark the packet. - # If the packet is incoming on bouygues then set MARK to 1, LTE MARK 2 and VPN MARK 3 - ip46tables -w -t mangle -A loutreos-mangle-pre -i bouygues -j MARK --set-mark 1 - ip46tables -w -t mangle -A loutreos-mangle-pre -i enp0s21u1 -j MARK --set-mark 2 - ip46tables -w -t mangle -A loutreos-mangle-pre -i wg0 -j MARK --set-mark 3 - - # Save new mark in CONNMARK - ip46tables -w -t mangle -A loutreos-mangle-pre -j CONNMARK --save-mark - - # Jump to newly created target - ip46tables -w -t mangle -I PREROUTING 1 -j loutreos-mangle-pre - - # Save MARK to CONNMARK. - ip46tables -w -t mangle -D POSTROUTING -j CONNMARK --save-mark 2>/dev/null || true - ip46tables -w -t mangle -A POSTROUTING -j CONNMARK --save-mark - - ###################### - # IPv6 FORWARD rules # - ###################### - - # Forward all IPv6 traffic from local network and reject incoming traffic - ip6tables -w -D FORWARD -j loutreos-forward 2>/dev/null || true - ip6tables -w -F loutreos-forward 2>/dev/null || true - ip6tables -w -X loutreos-forward 2>/dev/null || true - ip6tables -w -N loutreos-forward - ip6tables -w -A loutreos-forward -m state --state RELATED,ESTABLISHED -j ACCEPT - ip6tables -w -A loutreos-forward -j ACCEPT -i eno2 - ip6tables -w -A loutreos-forward -j nixos-fw-log-refuse - ip6tables -w -A FORWARD -j loutreos-forward - - ############################################# - # Enable server access when fiber link down # - ############################################# - - # Redirect local network request from server external IP to internal IP - iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 2>/dev/null || true - iptables -t nat -A PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 - ''; - - # remove refs to nixos-fw-log-refuse before restarting firewall - # prevents "ressource busy" errors - extraStopCommands = '' - ip6tables -D loutreos-forward -j nixos-fw-log-refuse 2>/dev/null || true + # Don't forward incoming IPv6 requests to local network + filterForward = true; + extraForwardRules = '' + # Forward all IPv6 traffic from local network + iifname "eno2" counter accept ''; }; }; From 7f461268da7e1003236826f0319de17feaabf8d1 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 3 Jan 2025 14:56:07 +0100 Subject: [PATCH 445/474] Only forward IPv6 traffic --- systems/LoutreOS/network.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 8226144b..95c0c828 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -129,7 +129,7 @@ filterForward = true; extraForwardRules = '' # Forward all IPv6 traffic from local network - iifname "eno2" counter accept + meta nfproto ipv6 iifname "eno2" counter accept ''; }; }; From 4c353f949edb4f7d080be61b12c40d2c6fb5c171 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 6 Jan 2025 15:44:21 +0100 Subject: [PATCH 446/474] fix typo --- systems/LoutreOS/network.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 95c0c828..8a38d56c 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -102,7 +102,7 @@ ip saddr 10.30.0.0/16 ip daddr 176.180.172.105 counter dnat to 10.30.0.1 } ''; - } + }; }; }; From ea8e9a14bc74a41b714a07168a1b2d5903a45b24 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 7 Jan 2025 16:00:26 +0100 Subject: [PATCH 447/474] do not remove systemd and f2b rules on reload --- systems/LoutreOS/network.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 8a38d56c..23630670 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -59,6 +59,7 @@ nftables = { enable = true; + flushRuleset = false; tables = { "multi-wan-routing" = { family = "inet"; From f10ac3078ea9cfc29f0c1e5bd56680d94a7feb81 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 7 Jan 2025 16:00:50 +0100 Subject: [PATCH 448/474] allow ipv4 forwarding needed by NAT --- systems/LoutreOS/network.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 23630670..a53f6777 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -130,7 +130,7 @@ filterForward = true; extraForwardRules = '' # Forward all IPv6 traffic from local network - meta nfproto ipv6 iifname "eno2" counter accept + iifname "eno2" counter accept ''; }; }; From 053455054d059ef27f5fde14bbcccf762cde3677 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 7 Jan 2025 16:42:37 +0100 Subject: [PATCH 449/474] clean old config --- systems/LoutreOS/config-overviewer.py | 47 --------------------------- systems/LoutreOS/services.nix | 47 --------------------------- systems/LoutreOS/web.nix | 23 +------------ 3 files changed, 1 insertion(+), 116 deletions(-) delete mode 100644 systems/LoutreOS/config-overviewer.py diff --git a/systems/LoutreOS/config-overviewer.py b/systems/LoutreOS/config-overviewer.py deleted file mode 100644 index a307a38a..00000000 --- a/systems/LoutreOS/config-overviewer.py +++ /dev/null @@ -1,47 +0,0 @@ -from .observer import MultiplexingObserver, LoggingObserver, JSObserver - -global escape -from cgi import escape -def signFilter(poi): - if poi['id'] == 'Sign' or poi['id'] == 'minecraft:sign': - return "
" + "\n".join(map(escape, [poi['Text1'], poi['Text2'], poi['Text3'], poi['Text4']])) + "
" - -global json -import json -def petFilter(poi): - if "CustomName" in poi: - custom_name = json.loads(poi['CustomName']) - if "text" in custom_name: - return custom_name["text"] - -def playerIcons(poi): - if poi['id'] == 'Player': - poi['icon'] = "https://overviewer.org/avatar/%s" % poi['EntityId'] - return "Last known location for %s" % poi['EntityId'] - -processes = 2 - -worlds["My world"] = "/var/lib/minecraft/world" - -renders["Vue normale"] = { - "world": "My world", - "title": "Vue normale", - "texturepath": "@CLIENT_JAR@", - "rendermode": smooth_lighting, - 'markers': [dict(name="All signs", filterFunction=signFilter), - dict(name="Pets", filterFunction=petFilter, icon="icons/marker_cat.png", createInfoWindow=False, checked=True), - dict(name="Position joueurs", filterFunction=playerIcons),], -} - -cave_rendermode = [Base(), EdgeLines(), Cave(only_lit=True), DepthTinting()] - -renders["Grottes"] = { - "world": "My world", - "title": "Grottes", - "texturepath": "@CLIENT_JAR@", - "rendermode": cave_rendermode, -} - -outputdir = "/var/www/minecraft-overviewer" - -observer = MultiplexingObserver(LoggingObserver(), JSObserver(outputdir)) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index e388f662..cc80d36a 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -20,8 +20,6 @@ let ''; backup_mail_alert = sendMail "paul@nyanlout.re" "ERREUR: Sauvegarde Borg" "Impossible de terminer la sauvegarde. Merci de voir les logs"; - - unstable = import { }; in { @@ -74,15 +72,6 @@ in }; services = { - # postfix = { - # relayHost = "mailvps.nyanlout.re"; - # relayPort = 587; - # config = { - # smtp_tls_cert_file = lib.mkForce "/var/lib/postfix/postfixrelay.crt"; - # smtp_tls_key_file = lib.mkForce "/var/lib/postfix/postfixrelay.key"; - # }; - # }; - rspamd.workers.controller.extraConfig = '' secure_ip = ["0.0.0.0/0", "::"]; ''; @@ -278,41 +267,6 @@ in host = "10.30.0.1"; } ]; - #tplink.switch = [ - # { host = "10.30.50.7"; } - #]; - #sensor = [ - # { - # platform = "template"; - # sensors = { - # serveur_amps = { - # friendly_name_template = "{{ states.switch.serveur.name}} Current"; - # value_template = ''{{ states.switch.serveur.attributes["current_a"] | float }}''; - # unit_of_measurement = "A"; - # }; - # serveur_watts = { - # friendly_name_template = "{{ states.switch.serveur.name}} Current Consumption"; - # value_template = ''{{ states.switch.serveur.attributes["current_power_w"] | float }}''; - # unit_of_measurement = "W"; - # }; - # serveur_total_kwh = { - # friendly_name_template = "{{ states.switch.serveur.name}} Total Consumption"; - # value_template = ''{{ states.switch.serveur.attributes["total_energy_kwh"] | float }}''; - # unit_of_measurement = "kWh"; - # }; - # serveur_volts = { - # friendly_name_template = "{{ states.switch.serveur.name}} Voltage"; - # value_template = ''{{ states.switch.serveur.attributes["voltage"] | float }}''; - # unit_of_measurement = "V"; - # }; - # serveur_today_kwh = { - # friendly_name_template = "{{ states.switch.serveur.name}} Today's Consumption"; - # value_template = ''{{ states.switch.serveur.attributes["today_energy_kwh"] | float }}''; - # unit_of_measurement = "kWh"; - # }; - # }; - # } - #]; }; }; @@ -363,7 +317,6 @@ in ]; firewall.allowedTCPPorts = [ - 8448 # Matrix federation 20 21 # FTP ]; diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index a7e18023..5b5dc9b8 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -49,14 +49,9 @@ in }; users.groups = { - work = {}; webdav = {}; }; users.users = { - work = { - isSystemUser = true; - group = config.users.groups.work.name; - }; webdav = { isSystemUser = true; group = config.users.groups.webdav.name; @@ -191,8 +186,6 @@ in ''; }; } // { default = true; }; - "factorio.nyanlout.re" = base { "/" = { root = "/var/www/factorio"; }; }; - "minecraft.nyanlout.re" = base { "/" = { root = "/var/www/minecraft-overviewer"; }; }; "musique-meyenheim.fr" = base { "/" = { proxyPass = "http://unix:/run/site-musique.sock"; @@ -209,11 +202,6 @@ in forceSSL = true; globalRedirect = "musique-meyenheim.fr"; }; - "stream.nyanlout.re" = base { - "/" = { - proxyPass = "http://10.30.135.71"; - }; - }; "login.nyanlout.re" = simpleReverse config.services.nginx.sso.configuration.listen.port; "grafana.nyanlout.re" = authReverse config.services.grafana.settings.server.http_port; "transmission.nyanlout.re" = authReverse config.services.transmission.settings.rpc-port; @@ -221,14 +209,13 @@ in "sonarr.nyanlout.re" = authReverse 8989; "syncthing.nyanlout.re" = authReverse 8384; "prowlarr.nyanlout.re" = authReverse 9696; - "matrix.nyanlout.re" = simpleReverse 8008; + "watcharr.nyanlout.re" = simpleReverse 3080; "emby.nyanlout.re" = recursiveUpdate (simpleReverse 8096) { locations."/" = { proxyWebsockets = true; }; }; "gitea.nyanlout.re" = simpleReverse config.services.gitea.settings.server.HTTP_PORT; - "musique.nyanlout.re" = simpleReverse config.services.navidrome.settings.Port; "photo.nyanlout.re" = recursiveUpdate (simpleReverse config.services.photoprism.port) { locations."/" = { proxyWebsockets = true; @@ -296,7 +283,6 @@ in forceSSL = true; enableACME = true; }; - "watcharr.nyanlout.re" = simpleReverse 3080; }; }; @@ -367,13 +353,6 @@ in ]; }; - systemd.services.phpfpm-work.serviceConfig = { - ReadOnlyPaths = "/mnt/medias/iso_linux"; - ReadWritePaths = [ - "/mnt/medias/iso_linux/_h5ai" - ]; - }; - systemd.services.phpfpm-drive.serviceConfig = { ReadWritePaths = [ "/mnt/webdav" From 025c5aa148a768a51794a1a893db6e4eed7a3edc Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 8 Jan 2025 22:24:19 +0100 Subject: [PATCH 450/474] zigbee2mqtt: set stable usb serial path --- systems/LoutreOS/services.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index cc80d36a..f373e0ab 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -183,6 +183,7 @@ in zigbee2mqtt = { enable = true; settings = { + serial.port = "/dev/serial/by-id/usb-Texas_Instruments_TI_CC2531_USB_CDC___0X00124B0014D97058-if00"; mqtt = { server = "mqtt://${(head config.services.mosquitto.listeners).address}:${toString (head config.services.mosquitto.listeners).port}"; }; From 770eef9e098498888b6fd2c9580a136e8a931617 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 17 Feb 2025 15:33:11 +0100 Subject: [PATCH 451/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/edf04b75c13c2ac0e54df5ec5c543e300f76f1c9?narHash=sha256-tfYRbFhMOnYaM4ippqqid3BaLOXoFNdImrfBfCp4zn0%3D' (2024-12-31) → 'github:NixOS/nixpkgs/a60651b217d2e529729cbc7d989c19f3941b9250?narHash=sha256-f84lBmLl4tkDp1ZU5LBTSFzlxXP4926DVW3KnXrke10%3D' (2025-02-15) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/88195a94f390381c6afcdaa933c2f6ff93959cb4?narHash=sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs%3D' (2024-12-29) → 'github:NixOS/nixpkgs/d74a2335ac9c133d6bbec9fc98d91a77f1604c1f?narHash=sha256-zON2GNBkzsIyALlOCFiEBcIjI4w38GYOb%2BP%2BR4S8Jsw%3D' (2025-02-16) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 44e34ee2..84d7b6ad 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1735669367, - "narHash": "sha256-tfYRbFhMOnYaM4ippqqid3BaLOXoFNdImrfBfCp4zn0=", + "lastModified": 1739624908, + "narHash": "sha256-f84lBmLl4tkDp1ZU5LBTSFzlxXP4926DVW3KnXrke10=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "edf04b75c13c2ac0e54df5ec5c543e300f76f1c9", + "rev": "a60651b217d2e529729cbc7d989c19f3941b9250", "type": "github" }, "original": { @@ -107,11 +107,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1735471104, - "narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=", + "lastModified": 1739736696, + "narHash": "sha256-zON2GNBkzsIyALlOCFiEBcIjI4w38GYOb+P+R4S8Jsw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "88195a94f390381c6afcdaa933c2f6ff93959cb4", + "rev": "d74a2335ac9c133d6bbec9fc98d91a77f1604c1f", "type": "github" }, "original": { From 6eddd7e99090cd4bcacfb0a16c7827212ff992b6 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 20 Feb 2025 15:13:58 +0100 Subject: [PATCH 452/474] Update systems/LoutreOS/web.nix --- systems/LoutreOS/web.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 5b5dc9b8..a560fdb9 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -44,7 +44,11 @@ let in { security.acme = { - defaults.email = "paul@nyanlout.re"; + defaults = { + email = "paul@nyanlout.re"; + # Use european ACME service + server = "https://api.buypass.com/acme/directory"; + }; acceptTerms = true; }; From 8980c02e779e34a50fafa75a42c14d0a11bccff8 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 20 Feb 2025 15:29:38 +0100 Subject: [PATCH 453/474] switch to EU DNS servers --- systems/LoutreOS/network.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index a53f6777..5fdbc509 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -32,8 +32,8 @@ useDHCP = false; nameservers = [ - "1.1.1.1" - "1.0.0.1" + "193.110.81.0" + "185.253.5.0" ]; vlans = { @@ -318,8 +318,8 @@ EmitRouter = true; EmitDNS = true; DNS = [ - "1.1.1.1" - "1.0.0.1" + "193.110.81.0" + "185.253.5.0" ]; }; dhcpServerStaticLeases = [ @@ -352,8 +352,8 @@ ipv6SendRAConfig = { EmitDNS = true; DNS = [ - "2606:4700:4700::1111" - "2606:4700:4700::1001" + "2a0f:fc80::" + "2a0f:fc81::" ]; }; }; From d8f1fe6a445fba66016a63ce4f81b680dac93396 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Thu, 20 Feb 2025 15:34:20 +0100 Subject: [PATCH 454/474] Add comments to DNS config --- systems/LoutreOS/network.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 5fdbc509..1545a795 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -32,6 +32,7 @@ useDHCP = false; nameservers = [ + # https://www.dns0.eu/fr "193.110.81.0" "185.253.5.0" ]; @@ -45,7 +46,7 @@ interfaces = { bouygues = { - # Adresse MAC BBox ? https://lafibre.info/remplacer-bbox/informations-de-connexion-ftth/msg598303/#msg598303 + # Adresse MAC BBox : https://lafibre.info/remplacer-bbox/informations-de-connexion-ftth/msg598303/#msg598303 macAddress = "E8:AD:A6:21:73:68"; useDHCP = true; }; @@ -318,6 +319,7 @@ EmitRouter = true; EmitDNS = true; DNS = [ + # https://www.dns0.eu/fr "193.110.81.0" "185.253.5.0" ]; @@ -352,6 +354,7 @@ ipv6SendRAConfig = { EmitDNS = true; DNS = [ + # https://www.dns0.eu/fr "2a0f:fc80::" "2a0f:fc81::" ]; From faae72437cbe4f13e3287f5675394a89f4d43636 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 5 Mar 2025 09:48:36 +0100 Subject: [PATCH 455/474] loutreos: only install stable packages --- flake.nix | 9 --------- systems/LoutreOS/medias.nix | 28 +++++----------------------- 2 files changed, 5 insertions(+), 32 deletions(-) diff --git a/flake.nix b/flake.nix index bb5415c3..3654010f 100644 --- a/flake.nix +++ b/flake.nix @@ -57,15 +57,6 @@ system = "x86_64-linux"; specialArgs = { inputs = inputs; - pkgs-unstable = import nixpkgs-unstable { - inherit system; - config.permittedInsecurePackages = [ - "aspnetcore-runtime-6.0.36" - "aspnetcore-runtime-wrapped-6.0.36" - "dotnet-sdk-6.0.428" - "dotnet-sdk-wrapped-6.0.428" - ]; - }; pkgs-4a3fc4cf7 = import nixpkgs-4a3fc4cf7 { inherit system; }; diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index c2a70041..fdd6518e 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, pkgs-unstable, pkgs-4a3fc4cf7, ... }: +{ config, lib, pkgs, pkgs-4a3fc4cf7, ... }: { services = { @@ -18,28 +18,10 @@ }; }; - radarr = { - enable = true; - package = pkgs-unstable.radarr; - }; - sonarr = { - enable = true; - package = pkgs-unstable.sonarr; - }; - flaresolverr = { - enable = false; - package = pkgs-unstable.flaresolverr; - }; - prowlarr = { - enable = true; - package = pkgs-unstable.prowlarr; - }; - - jellyfin = { - enable = true; - package = pkgs-unstable.jellyfin; - }; - + radarr.enable = true; + sonarr.enable = true; + prowlarr.enable = true; + jellyfin.enable = true; slimserver.enable = true; }; From 5a990e5fb0317ea7b207a60d1d13984c23af1f24 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 5 Mar 2025 09:48:58 +0100 Subject: [PATCH 456/474] loutreos: fix zigbee config --- systems/LoutreOS/services.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index f373e0ab..e21499a7 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -183,7 +183,10 @@ in zigbee2mqtt = { enable = true; settings = { - serial.port = "/dev/serial/by-id/usb-Texas_Instruments_TI_CC2531_USB_CDC___0X00124B0014D97058-if00"; + serial = { + port = "/dev/serial/by-id/usb-Texas_Instruments_TI_CC2531_USB_CDC___0X00124B0014D97058-if00"; + adapter = "zstack"; + }; mqtt = { server = "mqtt://${(head config.services.mosquitto.listeners).address}:${toString (head config.services.mosquitto.listeners).port}"; }; From f519d85ca985afcd9014316345c7f3fd001a0e95 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 5 Mar 2025 09:59:23 +0100 Subject: [PATCH 457/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/a60651b217d2e529729cbc7d989c19f3941b9250?narHash=sha256-f84lBmLl4tkDp1ZU5LBTSFzlxXP4926DVW3KnXrke10%3D' (2025-02-15) → 'github:NixOS/nixpkgs/1546c45c538633ae40b93e2d14e0bb6fd8f13347?narHash=sha256-F0qDu2egq18M3edJwEOAE%2BD%2BVQ%2ByESK6YWPRQBfOqq8%3D' (2025-03-02) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/d74a2335ac9c133d6bbec9fc98d91a77f1604c1f?narHash=sha256-zON2GNBkzsIyALlOCFiEBcIjI4w38GYOb%2BP%2BR4S8Jsw%3D' (2025-02-16) → 'github:NixOS/nixpkgs/ba487dbc9d04e0634c64e3b1f0d25839a0a68246?narHash=sha256-WZNlK/KX7Sni0RyqLSqLPbK8k08Kq7H7RijPJbq9KHM%3D' (2025-03-03) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 84d7b6ad..9c9f52c1 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1739624908, - "narHash": "sha256-f84lBmLl4tkDp1ZU5LBTSFzlxXP4926DVW3KnXrke10=", + "lastModified": 1740932899, + "narHash": "sha256-F0qDu2egq18M3edJwEOAE+D+VQ+yESK6YWPRQBfOqq8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a60651b217d2e529729cbc7d989c19f3941b9250", + "rev": "1546c45c538633ae40b93e2d14e0bb6fd8f13347", "type": "github" }, "original": { @@ -107,11 +107,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1739736696, - "narHash": "sha256-zON2GNBkzsIyALlOCFiEBcIjI4w38GYOb+P+R4S8Jsw=", + "lastModified": 1741010256, + "narHash": "sha256-WZNlK/KX7Sni0RyqLSqLPbK8k08Kq7H7RijPJbq9KHM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d74a2335ac9c133d6bbec9fc98d91a77f1604c1f", + "rev": "ba487dbc9d04e0634c64e3b1f0d25839a0a68246", "type": "github" }, "original": { From dc4ee4c4c59ef14e6a349cc3cffea1ed22b0d6d4 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 5 Mar 2025 12:50:09 +0100 Subject: [PATCH 458/474] update nvidia drivers to latest --- systems/PC-Fixe/hardware-configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/PC-Fixe/hardware-configuration.nix b/systems/PC-Fixe/hardware-configuration.nix index 9fa5a759..253a6ae4 100644 --- a/systems/PC-Fixe/hardware-configuration.nix +++ b/systems/PC-Fixe/hardware-configuration.nix @@ -14,6 +14,7 @@ hardware.nvidia = { open = false; modesetting.enable = true; + package = config.boot.kernelPackages.nvidiaPackages.latest; }; fileSystems."/" = From 2f0d121c35ff44f83f27da33044f612af656b5cb Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Mon, 10 Mar 2025 11:54:06 +0100 Subject: [PATCH 459/474] migrate gitea to forgejo --- systems/LoutreOS/web.nix | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index a560fdb9..6d131da5 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -219,7 +219,7 @@ in proxyWebsockets = true; }; }; - "gitea.nyanlout.re" = simpleReverse config.services.gitea.settings.server.HTTP_PORT; + "gitea.nyanlout.re" = simpleReverse config.services.forgejo.settings.server.HTTP_PORT; "photo.nyanlout.re" = recursiveUpdate (simpleReverse config.services.photoprism.port) { locations."/" = { proxyWebsockets = true; @@ -298,17 +298,20 @@ in }; }; - gitea = { + forgejo = { enable = true; + stateDir = "/var/lib/gitea"; database = { type = "postgres"; - port = 5432; + user = "gitea"; passwordFile = "/var/lib/gitea/custom/conf/database_password"; + name = "gitea"; }; settings = { - server = { + server = rec { HTTP_PORT = 3001; - ROOT_URL = "https://gitea.nyanlout.re/"; + DOMAIN = "gitea.nyanlout.re; + ROOT_URL = "https://${DOMAIN}/"; }; log.LEVEL = "Warn"; service.DISABLE_REGISTRATION = true; From ff322fd4a939114ee28bc9bad6c3db42a7239063 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 2 Apr 2025 16:39:14 +0200 Subject: [PATCH 460/474] keep gitea user and group --- systems/LoutreOS/web.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 6d131da5..d0c7606c 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -300,6 +300,8 @@ in forgejo = { enable = true; + user = "gitea"; + group = "gitea"; stateDir = "/var/lib/gitea"; database = { type = "postgres"; From 5fd8c86ae6ee36f933bdae8ca09d8530007ef8cb Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 22 Apr 2025 18:33:45 +0200 Subject: [PATCH 461/474] forgejo migrate --- systems/LoutreOS/web.nix | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index d0c7606c..e33ea219 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -300,6 +300,7 @@ in forgejo = { enable = true; + package = pkgs.forgejo; user = "gitea"; group = "gitea"; stateDir = "/var/lib/gitea"; @@ -312,7 +313,7 @@ in settings = { server = rec { HTTP_PORT = 3001; - DOMAIN = "gitea.nyanlout.re; + DOMAIN = "gitea.nyanlout.re"; ROOT_URL = "https://${DOMAIN}/"; }; log.LEVEL = "Warn"; @@ -355,6 +356,15 @@ in }; + users.users.gitea = { + home = config.services.forgejo.stateDir; + useDefaultShell = true; + group = "gitea"; + isSystemUser = true; + }; + + users.groups.gitea = { }; + systemd.services.nginx.serviceConfig = { ReadWritePaths = [ "/var/www/hls" From 0c0d3e6fff48ccc1be8e30a91d1cb564fe1ff700 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 22 Apr 2025 18:34:55 +0200 Subject: [PATCH 462/474] fix kde package names --- systems/common-gui.nix | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/systems/common-gui.nix b/systems/common-gui.nix index 03735e0e..3c24d4c1 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -26,23 +26,23 @@ mumble discord - kleopatra + kdePackages.kleopatra gnupg gopass xclip - kdeplasma-addons - ark - kate - kmail + kdePackages.kdeplasma-addons + kdePackages.ark + kdePackages.kate + kdePackages.kmail kdePackages.kdeconnect-kde - okular - yakuake - konversation - gwenview - kcalc - spectacle - kinfocenter + kdePackages.okular + kdePackages.yakuake + kdePackages.konversation + kdePackages.gwenview + kdePackages.kcalc + kdePackages.spectacle + kdePackages.kinfocenter kile (texlive.combine { inherit (texlive) scheme-small titling collection-langfrench cm-super; @@ -58,7 +58,6 @@ obs-studio vlc mpv - kdenlive glxinfo i7z From 99bedb54d62ec5baaf2c765ccdbd874c36d7b3af Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 22 Apr 2025 18:38:04 +0200 Subject: [PATCH 463/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/1546c45c538633ae40b93e2d14e0bb6fd8f13347?narHash=sha256-F0qDu2egq18M3edJwEOAE%2BD%2BVQ%2ByESK6YWPRQBfOqq8%3D' (2025-03-02) → 'github:NixOS/nixpkgs/26d499fc9f1d567283d5d56fcf367edd815dba1d?narHash=sha256-FHlSkNqFmPxPJvy%2B6fNLaNeWnF1lZSgqVCl/eWaJRc4%3D' (2025-04-12) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/ba487dbc9d04e0634c64e3b1f0d25839a0a68246?narHash=sha256-WZNlK/KX7Sni0RyqLSqLPbK8k08Kq7H7RijPJbq9KHM%3D' (2025-03-03) → 'github:NixOS/nixpkgs/b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef?narHash=sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU%3D' (2025-04-17) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 9c9f52c1..9c17d877 100644 --- a/flake.lock +++ b/flake.lock @@ -76,11 +76,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1740932899, - "narHash": "sha256-F0qDu2egq18M3edJwEOAE+D+VQ+yESK6YWPRQBfOqq8=", + "lastModified": 1744440957, + "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1546c45c538633ae40b93e2d14e0bb6fd8f13347", + "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", "type": "github" }, "original": { @@ -107,11 +107,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1741010256, - "narHash": "sha256-WZNlK/KX7Sni0RyqLSqLPbK8k08Kq7H7RijPJbq9KHM=", + "lastModified": 1744932701, + "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ba487dbc9d04e0634c64e3b1f0d25839a0a68246", + "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", "type": "github" }, "original": { From 97f849e454ffc7b85f9a91beab4308a1b479f878 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 23 Apr 2025 10:54:01 +0200 Subject: [PATCH 464/474] backup music database --- systems/LoutreOS/services.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index e21499a7..2b49fa97 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -120,6 +120,7 @@ in "/var/vmail" "/mnt/backup_loutre/amandoleen" "/mnt/secrets" + "/mnt/medias/musique/musiclibrary.blb" ]; exclude = [ "/var/lib/radarr/.config/Radarr/radarr.db-wal" From 393e92fe144d84599595cba47e5dd4846c1006b3 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Wed, 23 Apr 2025 11:15:31 +0200 Subject: [PATCH 465/474] global reformat with treefmt --- flake.nix | 143 +++--- pkgs/watcharr/default.nix | 21 +- systems/ASUS-G46VW/configuration.nix | 18 +- systems/ASUS-G46VW/hardware-configuration.nix | 43 +- systems/LoutreOS/configuration.nix | 12 +- systems/LoutreOS/hardware-configuration.nix | 294 ++++++------ systems/LoutreOS/medias.nix | 8 +- systems/LoutreOS/monitoring.nix | 62 ++- systems/LoutreOS/network.nix | 426 ++++++++++-------- systems/LoutreOS/services.nix | 63 ++- systems/LoutreOS/users.nix | 24 +- systems/LoutreOS/web.nix | 409 +++++++++-------- systems/PC-Fixe/configuration.nix | 31 +- systems/PC-Fixe/hardware-configuration.nix | 75 +-- systems/common-cli.nix | 39 +- systems/common-gui.nix | 34 +- treefmt.toml | 3 + 17 files changed, 979 insertions(+), 726 deletions(-) create mode 100644 treefmt.toml diff --git a/flake.nix b/flake.nix index 3654010f..4efa9e8e 100644 --- a/flake.nix +++ b/flake.nix @@ -21,81 +21,88 @@ }; }; - outputs = { - self, - nixpkgs, - nixpkgs-unstable, - nixpkgs-4a3fc4cf7, - simple-nixos-mailserver, - dogetipbot-telegram, - ipmihddtemp - }@inputs: { + outputs = + { + self, + nixpkgs, + nixpkgs-unstable, + nixpkgs-4a3fc4cf7, + simple-nixos-mailserver, + dogetipbot-telegram, + ipmihddtemp, + }@inputs: + { - packages.x86_64-linux = (import ./pkgs nixpkgs.legacyPackages.x86_64-linux); + packages.x86_64-linux = (import ./pkgs nixpkgs.legacyPackages.x86_64-linux); - nixosConfigurations.paul-fixe = nixpkgs-unstable.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - nixpkgs-unstable.nixosModules.notDetected - { - nixpkgs.config.allowUnfree = true; - nix = { - settings.experimental-features = [ "nix-command" "flakes" ]; - registry = { - nixpkgs.to = { - type = "path"; - path = nixpkgs-unstable.legacyPackages.x86_64-linux.path; + nixosConfigurations.paul-fixe = nixpkgs-unstable.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + nixpkgs-unstable.nixosModules.notDetected + { + nixpkgs.config.allowUnfree = true; + nix = { + settings.experimental-features = [ + "nix-command" + "flakes" + ]; + registry = { + nixpkgs.to = { + type = "path"; + path = nixpkgs-unstable.legacyPackages.x86_64-linux.path; + }; }; }; - }; - } - ./systems/PC-Fixe/configuration.nix - ]; - }; - - nixosConfigurations.loutreos = nixpkgs.lib.nixosSystem rec { - system = "x86_64-linux"; - specialArgs = { - inputs = inputs; - pkgs-4a3fc4cf7 = import nixpkgs-4a3fc4cf7 { - inherit system; - }; + } + ./systems/PC-Fixe/configuration.nix + ]; }; - modules = [ - nixpkgs-unstable.nixosModules.notDetected - simple-nixos-mailserver.nixosModule - dogetipbot-telegram.nixosModule - ipmihddtemp.nixosModule - { - nix = { - settings.experimental-features = [ "nix-command" "flakes" ]; - registry = { - nixpkgs.to = { - type = "path"; - path = nixpkgs.legacyPackages.x86_64-linux.path; + + nixosConfigurations.loutreos = nixpkgs.lib.nixosSystem rec { + system = "x86_64-linux"; + specialArgs = { + inputs = inputs; + pkgs-4a3fc4cf7 = import nixpkgs-4a3fc4cf7 { + inherit system; + }; + }; + modules = [ + nixpkgs-unstable.nixosModules.notDetected + simple-nixos-mailserver.nixosModule + dogetipbot-telegram.nixosModule + ipmihddtemp.nixosModule + { + nix = { + settings.experimental-features = [ + "nix-command" + "flakes" + ]; + registry = { + nixpkgs.to = { + type = "path"; + path = nixpkgs.legacyPackages.x86_64-linux.path; + }; }; }; - }; - systemd.services.watcharr = { - description = "Watcharr"; - after = [ "network.target" ]; - environment = { - PORT = "3005"; - WATCHARR_DATA = "/var/lib/watcharr"; + systemd.services.watcharr = { + description = "Watcharr"; + after = [ "network.target" ]; + environment = { + PORT = "3005"; + WATCHARR_DATA = "/var/lib/watcharr"; + }; + serviceConfig = { + DynamicUser = true; + StateDirectory = "watcharr"; + ExecStart = "${self.packages.x86_64-linux.watcharr}/bin/Watcharr"; + PrivateTmp = true; + }; + wantedBy = [ "multi-user.target" ]; }; - serviceConfig = { - DynamicUser = true; - StateDirectory = "watcharr"; - ExecStart = "${self.packages.x86_64-linux.watcharr}/bin/Watcharr"; - PrivateTmp = true; - }; - wantedBy = [ "multi-user.target" ]; - }; - } - ./systems/LoutreOS/configuration.nix - ]; + } + ./systems/LoutreOS/configuration.nix + ]; + }; + }; - - }; } - diff --git a/pkgs/watcharr/default.nix b/pkgs/watcharr/default.nix index 23422d7f..dc3cbd0a 100644 --- a/pkgs/watcharr/default.nix +++ b/pkgs/watcharr/default.nix @@ -1,13 +1,14 @@ -{ lib -, pkgs -, buildGoModule -, fetchFromGitHub -, buildNpmPackage -, nixosTests -, caddy -, testers -, installShellFiles -, stdenv +{ + lib, + pkgs, + buildGoModule, + fetchFromGitHub, + buildNpmPackage, + nixosTests, + caddy, + testers, + installShellFiles, + stdenv, }: let diff --git a/systems/ASUS-G46VW/configuration.nix b/systems/ASUS-G46VW/configuration.nix index 3f30d967..4ae46d88 100644 --- a/systems/ASUS-G46VW/configuration.nix +++ b/systems/ASUS-G46VW/configuration.nix @@ -5,12 +5,11 @@ { config, pkgs, ... }: { - imports = - [ - ../common-cli.nix - ../common-gui.nix - ./hardware-configuration.nix - ]; + imports = [ + ../common-cli.nix + ../common-gui.nix + ./hardware-configuration.nix + ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; @@ -56,7 +55,12 @@ users.extraUsers.paul = { isNormalUser = true; uid = 1000; - extraGroups = [ "wheel" "networkmanager" "wireshark" "dialout" ]; + extraGroups = [ + "wheel" + "networkmanager" + "wireshark" + "dialout" + ]; }; services.syncthing.enable = true; diff --git a/systems/ASUS-G46VW/hardware-configuration.nix b/systems/ASUS-G46VW/hardware-configuration.nix index 19c994e5..e1590ef9 100644 --- a/systems/ASUS-G46VW/hardware-configuration.nix +++ b/systems/ASUS-G46VW/hardware-configuration.nix @@ -1,14 +1,25 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: { - imports = - [ - ]; + imports = [ + + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ehci_pci" + "ahci" + "usb_storage" + "sd_mod" + ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; @@ -19,19 +30,19 @@ hardware.nvidia.optimus_prime.nvidiaBusId = "PCI:1:0:0"; hardware.nvidia.optimus_prime.intelBusId = "PCI:0:2:0"; - fileSystems."/" = - { device = "/dev/disk/by-uuid/7bd3a09b-b188-4ce7-bdcc-d5c5087edc86"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/7bd3a09b-b188-4ce7-bdcc-d5c5087edc86"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/A25A-1786"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/A25A-1786"; + fsType = "vfat"; + }; - swapDevices = - [ { device = "/dev/disk/by-uuid/156cd5e8-715c-48a5-9df4-14565227a6c9"; } - ]; + swapDevices = [ + { device = "/dev/disk/by-uuid/156cd5e8-715c-48a5-9df4-14565227a6c9"; } + ]; nix.maxJobs = lib.mkDefault 8; powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 001dfb78..2e49dde2 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -1,4 +1,9 @@ -{ config, pkgs, inputs, ... }: +{ + config, + pkgs, + inputs, + ... +}: { imports = [ @@ -9,7 +14,10 @@ ./services.nix ]; - nix.settings.trusted-users = [ "root" "paul" ]; + nix.settings.trusted-users = [ + "root" + "paul" + ]; boot = { loader = { diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix index 720b883e..5421ad07 100644 --- a/systems/LoutreOS/hardware-configuration.nix +++ b/systems/LoutreOS/hardware-configuration.nix @@ -1,190 +1,202 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: { - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; + boot.initrd.availableKernelModules = [ + "ahci" + "xhci_pci" + "nvme" + "usbhid" + "usb_storage" + "sd_mod" + "sr_mod" + ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/fec13566-5528-4859-b185-ce37ac2665eb"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/fec13566-5528-4859-b185-ce37ac2665eb"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/5306-AD9A"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/5306-AD9A"; + fsType = "vfat"; + }; - fileSystems."/var/lib/acme" = - { device = "loutrepool/var/acme"; - fsType = "zfs"; - }; + fileSystems."/var/lib/acme" = { + device = "loutrepool/var/acme"; + fsType = "zfs"; + }; - fileSystems."/var/certs" = - { device = "loutrepool/var/certs"; - fsType = "zfs"; - }; + fileSystems."/var/certs" = { + device = "loutrepool/var/certs"; + fsType = "zfs"; + }; - fileSystems."/var/lib/transmission" = - { device = "loutrepool/var/transmission"; - fsType = "zfs"; - }; + fileSystems."/var/lib/transmission" = { + device = "loutrepool/var/transmission"; + fsType = "zfs"; + }; - fileSystems."/var/lib/matrix-synapse" = - { device = "loutrepool/var/matrix-synapse"; - fsType = "zfs"; - }; + fileSystems."/var/lib/matrix-synapse" = { + device = "loutrepool/var/matrix-synapse"; + fsType = "zfs"; + }; - fileSystems."/var/lib/radarr" = - { device = "loutrepool/var/radarr"; - fsType = "zfs"; - }; + fileSystems."/var/lib/radarr" = { + device = "loutrepool/var/radarr"; + fsType = "zfs"; + }; - fileSystems."/var/lib/grafana" = - { device = "loutrepool/var/grafana"; - fsType = "zfs"; - }; + fileSystems."/var/lib/grafana" = { + device = "loutrepool/var/grafana"; + fsType = "zfs"; + }; - fileSystems."/var/lib/slimserver" = - { device = "loutrepool/var/slimserver"; - fsType = "zfs"; - }; + fileSystems."/var/lib/slimserver" = { + device = "loutrepool/var/slimserver"; + fsType = "zfs"; + }; - fileSystems."/var/db/influxdb" = - { device = "loutrepool/var/influxdb"; - fsType = "zfs"; - }; + fileSystems."/var/db/influxdb" = { + device = "loutrepool/var/influxdb"; + fsType = "zfs"; + }; - fileSystems."/var/lib/postgresql" = - { device = "loutrepool/var/postgresql"; - fsType = "zfs"; - }; + fileSystems."/var/lib/postgresql" = { + device = "loutrepool/var/postgresql"; + fsType = "zfs"; + }; - fileSystems."/var/lib/syncthing" = - { device = "loutrepool/var/syncthing"; - fsType = "zfs"; - }; + fileSystems."/var/lib/syncthing" = { + device = "loutrepool/var/syncthing"; + fsType = "zfs"; + }; - fileSystems."/mnt/medias/incomplete" = - { device = "loutrepool/torrent-dl"; - fsType = "zfs"; - }; + fileSystems."/mnt/medias/incomplete" = { + device = "loutrepool/torrent-dl"; + fsType = "zfs"; + }; - fileSystems."/mnt/medias" = - { device = "loutrepool/medias"; - fsType = "zfs"; - }; + fileSystems."/mnt/medias" = { + device = "loutrepool/medias"; + fsType = "zfs"; + }; - fileSystems."/var/sieve" = - { device = "loutrepool/var/sieve"; - fsType = "zfs"; - }; + fileSystems."/var/sieve" = { + device = "loutrepool/var/sieve"; + fsType = "zfs"; + }; - fileSystems."/var/vmail" = - { device = "loutrepool/var/vmail"; - fsType = "zfs"; - }; + fileSystems."/var/vmail" = { + device = "loutrepool/var/vmail"; + fsType = "zfs"; + }; - fileSystems."/var/lib/sonarr" = - { device = "loutrepool/var/sonarr"; - fsType = "zfs"; - }; + fileSystems."/var/lib/sonarr" = { + device = "loutrepool/var/sonarr"; + fsType = "zfs"; + }; - fileSystems."/var/lib/jackett" = - { device = "loutrepool/var/jackett"; - fsType = "zfs"; - }; + fileSystems."/var/lib/jackett" = { + device = "loutrepool/var/jackett"; + fsType = "zfs"; + }; - fileSystems."/var/lib/gitea" = - { device = "loutrepool/var/gitea"; - fsType = "zfs"; - }; + fileSystems."/var/lib/gitea" = { + device = "loutrepool/var/gitea"; + fsType = "zfs"; + }; - fileSystems."/var/lib/private/sdtdserver" = - { device = "loutrepool/var/sdtdserver"; - fsType = "zfs"; - }; + fileSystems."/var/lib/private/sdtdserver" = { + device = "loutrepool/var/sdtdserver"; + fsType = "zfs"; + }; - fileSystems."/var/lib/private/factorio" = - { device = "loutrepool/var/factorio"; - fsType = "zfs"; - }; + fileSystems."/var/lib/private/factorio" = { + device = "loutrepool/var/factorio"; + fsType = "zfs"; + }; - fileSystems."/var/dkim" = - { device = "loutrepool/var/dkim"; - fsType = "zfs"; - }; + fileSystems."/var/dkim" = { + device = "loutrepool/var/dkim"; + fsType = "zfs"; + }; - fileSystems."/var/vsftpd" = - { device = "loutrepool/var/vsftpd"; - fsType = "zfs"; - }; + fileSystems."/var/vsftpd" = { + device = "loutrepool/var/vsftpd"; + fsType = "zfs"; + }; # fileSystems."/mnt/backup" = # { device = "backup"; # fsType = "zfs"; # }; - fileSystems."/mnt/backup_loutre" = - { device = "loutrepool/backup"; - fsType = "zfs"; - }; + fileSystems."/mnt/backup_loutre" = { + device = "loutrepool/backup"; + fsType = "zfs"; + }; - fileSystems."/mnt/secrets" = - { device = "loutrepool/secrets"; - fsType = "zfs"; - }; + fileSystems."/mnt/secrets" = { + device = "loutrepool/secrets"; + fsType = "zfs"; + }; - fileSystems."/var/lib/minecraft" = - { device = "loutrepool/var/minecraft"; - fsType = "zfs"; - }; + fileSystems."/var/lib/minecraft" = { + device = "loutrepool/var/minecraft"; + fsType = "zfs"; + }; - fileSystems."/var/www" = - { device = "loutrepool/var/www"; - fsType = "zfs"; - }; + fileSystems."/var/www" = { + device = "loutrepool/var/www"; + fsType = "zfs"; + }; - fileSystems."/var/lib/mastodon" = - { device = "loutrepool/var/mastodon"; - fsType = "zfs"; - }; + fileSystems."/var/lib/mastodon" = { + device = "loutrepool/var/mastodon"; + fsType = "zfs"; + }; - fileSystems."/var/lib/hass" = - { device = "loutrepool/var/hass"; - fsType = "zfs"; - }; + fileSystems."/var/lib/hass" = { + device = "loutrepool/var/hass"; + fsType = "zfs"; + }; - fileSystems."/var/lib/nextcloud" = - { device = "loutrepool/var/nextcloud"; - fsType = "zfs"; - }; + fileSystems."/var/lib/nextcloud" = { + device = "loutrepool/var/nextcloud"; + fsType = "zfs"; + }; - fileSystems."/var/lib/private/photoprism" = - { device = "loutrepool/var/photoprism"; - fsType = "zfs"; - }; + fileSystems."/var/lib/private/photoprism" = { + device = "loutrepool/var/photoprism"; + fsType = "zfs"; + }; - fileSystems."/mnt/paul-home" = - { device = "loutrepool/zfs-replicate/paul-fixe/fastaf/home"; - fsType = "zfs"; - }; + fileSystems."/mnt/paul-home" = { + device = "loutrepool/zfs-replicate/paul-fixe/fastaf/home"; + fsType = "zfs"; + }; - fileSystems."/mnt/webdav" = - { device = "loutrepool/webdav"; - fsType = "zfs"; - }; + fileSystems."/mnt/webdav" = { + device = "loutrepool/webdav"; + fsType = "zfs"; + }; - swapDevices = - [ - { - device = "/var/swapfile"; - size = 8096; - } - ]; + swapDevices = [ + { + device = "/var/swapfile"; + size = 8096; + } + ]; nix.settings.max-jobs = lib.mkDefault 4; powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; diff --git a/systems/LoutreOS/medias.nix b/systems/LoutreOS/medias.nix index fdd6518e..f8a5a551 100644 --- a/systems/LoutreOS/medias.nix +++ b/systems/LoutreOS/medias.nix @@ -1,4 +1,10 @@ -{ config, lib, pkgs, pkgs-4a3fc4cf7, ... }: +{ + config, + lib, + pkgs, + pkgs-4a3fc4cf7, + ... +}: { services = { diff --git a/systems/LoutreOS/monitoring.nix b/systems/LoutreOS/monitoring.nix index e02a4fa0..27b721ec 100644 --- a/systems/LoutreOS/monitoring.nix +++ b/systems/LoutreOS/monitoring.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let domaine = "nyanlout.re"; @@ -23,28 +28,44 @@ in enable = true; extraConfig = { inputs = { - zfs = { poolMetrics = true; }; - net = { interfaces = [ "eno1" "eno2" "eno3" "eno4" ]; }; - netstat = {}; - cpu = { totalcpu = true; }; - kernel = {}; - mem = {}; - processes = {}; - system = {}; - disk = {}; + zfs = { + poolMetrics = true; + }; + net = { + interfaces = [ + "eno1" + "eno2" + "eno3" + "eno4" + ]; + }; + netstat = { }; + cpu = { + totalcpu = true; + }; + kernel = { }; + mem = { }; + processes = { }; + system = { }; + disk = { }; cgroup = [ { paths = [ "/sys/fs/cgroup/system.slice/*" ]; - files = ["memory.current" "cpu.stat"]; + files = [ + "memory.current" + "cpu.stat" + ]; } ]; - ipmi_sensor = { path = "${pkgs.ipmitool}/bin/ipmitool"; }; + ipmi_sensor = { + path = "${pkgs.ipmitool}/bin/ipmitool"; + }; smart = { path = "${pkgs.writeShellScriptBin "smartctl" "/run/wrappers/bin/sudo ${pkgs.smartmontools}/bin/smartctl $@"}/bin/smartctl"; }; - exec= [ + exec = [ { commands = [ "${pkgs.python3}/bin/python ${pkgs.writeText "zpool.py" '' @@ -76,7 +97,10 @@ in ]; }; outputs = { - influxdb = { database = "telegraf"; urls = [ "http://localhost:8086" ]; }; + influxdb = { + database = "telegraf"; + urls = [ "http://localhost:8086" ]; + }; }; }; }; @@ -122,6 +146,14 @@ in }; security.sudo.extraRules = [ - { commands = [ { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } ]; users = [ "telegraf" ]; } + { + commands = [ + { + command = "${pkgs.smartmontools}/bin/smartctl"; + options = [ "NOPASSWD" ]; + } + ]; + users = [ "telegraf" ]; + } ]; } diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 1545a795..80ae72ae 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -1,4 +1,9 @@ -{ config, pkgs, inputs, ... }: +{ + config, + pkgs, + inputs, + ... +}: { boot = { @@ -52,7 +57,10 @@ }; eno2 = { ipv4.addresses = [ - { address = "10.30.0.1"; prefixLength = 16; } + { + address = "10.30.0.1"; + prefixLength = 16; + } ]; }; enp0s21u1.useDHCP = true; @@ -110,18 +118,31 @@ firewall = { enable = true; - allowedTCPPorts = [ 80 443 ]; + allowedTCPPorts = [ + 80 + 443 + ]; allowedUDPPorts = [ ]; # Open ports on local netwok only interfaces.eno2 = { allowedTCPPorts = [ - 111 2049 4000 4001 4002 # NFS - 3483 9000 9090 # Slimserver + 111 + 2049 + 4000 + 4001 + 4002 # NFS + 3483 + 9000 + 9090 # Slimserver 1935 # RTMP ]; allowedUDPPorts = [ - 111 2049 4000 4001 4002 # NFS + 111 + 2049 + 4000 + 4001 + 4002 # NFS 3483 # Slimserver 67 # DHCP ]; @@ -142,8 +163,8 @@ }; serviceConfig = { LoadCredential = [ - "network.wireguard.private.wg0:/mnt/secrets/wireguard/wireguard.private" - "network.wireguard.preshared.wg0:/mnt/secrets/wireguard/wireguard.preshared" + "network.wireguard.private.wg0:/mnt/secrets/wireguard/wireguard.private" + "network.wireguard.preshared.wg0:/mnt/secrets/wireguard/wireguard.preshared" ]; }; }; @@ -162,204 +183,209 @@ # 51000: from all lookup fiber # first table encountered with a default route if fiber is up # 52000: from all lookup lte # first table encountered with a default route if fiber is down - systemd.network = let - routeTables = { - fiber = 1; - lte = 2; - vpn = 3; - }; - in { - enable = true; - - config = { - inherit routeTables; - addRouteTablesToIPRoute2 = true; - }; - - # Wireguard ARN device configuation - netdevs = { - "10-wg0" = { - netdevConfig = { - Kind = "wireguard"; - Name = "wg0"; - MTUBytes = "1450"; - }; - wireguardConfig = { - PrivateKey = "@network.wireguard.private.wg0"; - RouteTable = routeTables.vpn; - }; - wireguardPeers = [ - { - Endpoint = "89.234.141.83:8095"; - PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g="; - PresharedKey = "@network.wireguard.preshared.wg0"; - AllowedIPs = ["0.0.0.0/0" "::/0"]; - PersistentKeepalive = 15; - } - ]; + systemd.network = + let + routeTables = { + fiber = 1; + lte = 2; + vpn = 3; }; - }; + in + { + enable = true; - networks = { - ######### - # FIBER # - ######### - - # Set route metric to highest priority - # Set DHCP client magic settings for Bouygues - "40-bouygues" = { - dhcpV4Config.RouteTable = routeTables.fiber; - - dhcpV6Config = { - DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68"; - WithoutRA = "solicit"; - }; - - ipv6AcceptRAConfig = { - DHCPv6Client = true; - RouteTable = routeTables.fiber; - }; - - networkConfig = { - KeepConfiguration = "dhcp-on-stop"; - IPv6AcceptRA = true; - DHCPPrefixDelegation = true; - }; - - # Static attribution of first IPv6 subnet - dhcpPrefixDelegationConfig.SubnetId = "0"; - - # Route everything to fiber link with a priority of 40000 - routingPolicyRules = [ - { - FirewallMark = 1; - Table = routeTables.fiber; - Priority = 41000; - Family = "both"; - } - { - Table = routeTables.fiber; - Priority = 51000; - Family = "both"; - } - ]; + config = { + inherit routeTables; + addRouteTablesToIPRoute2 = true; }; - # Don't check VLAN physical interface as it is not directly used - "40-eno1".linkConfig.RequiredForOnline = "no"; - - ####### - # LTE # - ####### - - # Set LTE route to lower priority - "40-enp0s21u1" = { - dhcpV4Config.RouteTable = routeTables.lte; - - # Route all to lte link with a priority of 50000 - routingPolicyRules = [ - { - FirewallMark = 2; - Table = routeTables.lte; - Priority = 42000; - Family = "both"; - } - { - Table = routeTables.lte; - Priority = 52000; - Family = "both"; - } - ]; - }; - - ####### - # VPN # - ####### - - # Wireguard ARN network configuation - "10-wg0" = { - matchConfig.Name = "wg0"; - address = [ - "89.234.141.196/32" - "2a00:5881:8119:400::1/128" - ]; - routingPolicyRules = [ - # Route outgoing emails to VPN table - { - IncomingInterface = "lo"; - DestinationPort = "25"; - Table = routeTables.vpn; - Priority = 60; - Family = "both"; - } - # Route packets originating from wg0 device to VPN table - # Allow server to respond on the wg0 interface requests - { - FirewallMark = 3; - Table = routeTables.vpn; - Priority = 43000; - Family = "both"; - } - ]; - }; - - ####### - # LAN # - ####### - - # LAN DHCP server config - "40-eno2" = { - networkConfig = { - IPv6SendRA = true; - DHCPPrefixDelegation = true; - DHCPServer = true; - IPMasquerade = "ipv4"; - }; - dhcpServerConfig = { - EmitRouter = true; - EmitDNS = true; - DNS = [ - # https://www.dns0.eu/fr - "193.110.81.0" - "185.253.5.0" - ]; - }; - dhcpServerStaticLeases = [ - # IPMI - { - Address = "10.30.1.1"; - MACAddress = "ac:1f:6b:4b:01:15"; - } - # paul-fixe - { - Address = "10.30.50.1"; - MACAddress = "b4:2e:99:ed:24:26"; - } - # salonled - { - Address = "10.30.40.1"; - MACAddress = "e0:98:06:85:e9:ce"; - } - # miroir-bleu - { - Address = "10.30.40.2"; - MACAddress = "e0:98:06:86:38:fc"; - } - # miroir-orange - { - Address = "10.30.40.3"; - MACAddress = "50:02:91:78:be:be"; - } - ]; - ipv6SendRAConfig = { - EmitDNS = true; - DNS = [ - # https://www.dns0.eu/fr - "2a0f:fc80::" - "2a0f:fc81::" + # Wireguard ARN device configuation + netdevs = { + "10-wg0" = { + netdevConfig = { + Kind = "wireguard"; + Name = "wg0"; + MTUBytes = "1450"; + }; + wireguardConfig = { + PrivateKey = "@network.wireguard.private.wg0"; + RouteTable = routeTables.vpn; + }; + wireguardPeers = [ + { + Endpoint = "89.234.141.83:8095"; + PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g="; + PresharedKey = "@network.wireguard.preshared.wg0"; + AllowedIPs = [ + "0.0.0.0/0" + "::/0" + ]; + PersistentKeepalive = 15; + } ]; }; }; + + networks = { + ######### + # FIBER # + ######### + + # Set route metric to highest priority + # Set DHCP client magic settings for Bouygues + "40-bouygues" = { + dhcpV4Config.RouteTable = routeTables.fiber; + + dhcpV6Config = { + DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68"; + WithoutRA = "solicit"; + }; + + ipv6AcceptRAConfig = { + DHCPv6Client = true; + RouteTable = routeTables.fiber; + }; + + networkConfig = { + KeepConfiguration = "dhcp-on-stop"; + IPv6AcceptRA = true; + DHCPPrefixDelegation = true; + }; + + # Static attribution of first IPv6 subnet + dhcpPrefixDelegationConfig.SubnetId = "0"; + + # Route everything to fiber link with a priority of 40000 + routingPolicyRules = [ + { + FirewallMark = 1; + Table = routeTables.fiber; + Priority = 41000; + Family = "both"; + } + { + Table = routeTables.fiber; + Priority = 51000; + Family = "both"; + } + ]; + }; + + # Don't check VLAN physical interface as it is not directly used + "40-eno1".linkConfig.RequiredForOnline = "no"; + + ####### + # LTE # + ####### + + # Set LTE route to lower priority + "40-enp0s21u1" = { + dhcpV4Config.RouteTable = routeTables.lte; + + # Route all to lte link with a priority of 50000 + routingPolicyRules = [ + { + FirewallMark = 2; + Table = routeTables.lte; + Priority = 42000; + Family = "both"; + } + { + Table = routeTables.lte; + Priority = 52000; + Family = "both"; + } + ]; + }; + + ####### + # VPN # + ####### + + # Wireguard ARN network configuation + "10-wg0" = { + matchConfig.Name = "wg0"; + address = [ + "89.234.141.196/32" + "2a00:5881:8119:400::1/128" + ]; + routingPolicyRules = [ + # Route outgoing emails to VPN table + { + IncomingInterface = "lo"; + DestinationPort = "25"; + Table = routeTables.vpn; + Priority = 60; + Family = "both"; + } + # Route packets originating from wg0 device to VPN table + # Allow server to respond on the wg0 interface requests + { + FirewallMark = 3; + Table = routeTables.vpn; + Priority = 43000; + Family = "both"; + } + ]; + }; + + ####### + # LAN # + ####### + + # LAN DHCP server config + "40-eno2" = { + networkConfig = { + IPv6SendRA = true; + DHCPPrefixDelegation = true; + DHCPServer = true; + IPMasquerade = "ipv4"; + }; + dhcpServerConfig = { + EmitRouter = true; + EmitDNS = true; + DNS = [ + # https://www.dns0.eu/fr + "193.110.81.0" + "185.253.5.0" + ]; + }; + dhcpServerStaticLeases = [ + # IPMI + { + Address = "10.30.1.1"; + MACAddress = "ac:1f:6b:4b:01:15"; + } + # paul-fixe + { + Address = "10.30.50.1"; + MACAddress = "b4:2e:99:ed:24:26"; + } + # salonled + { + Address = "10.30.40.1"; + MACAddress = "e0:98:06:85:e9:ce"; + } + # miroir-bleu + { + Address = "10.30.40.2"; + MACAddress = "e0:98:06:86:38:fc"; + } + # miroir-orange + { + Address = "10.30.40.3"; + MACAddress = "50:02:91:78:be:be"; + } + ]; + ipv6SendRAConfig = { + EmitDNS = true; + DNS = [ + # https://www.dns0.eu/fr + "2a0f:fc80::" + "2a0f:fc81::" + ]; + }; + }; + }; }; - }; } diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix index 2b49fa97..967130c4 100644 --- a/systems/LoutreOS/services.nix +++ b/systems/LoutreOS/services.nix @@ -1,17 +1,24 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; let domaine = "nyanlout.re"; - sendMail = to: subject: message: pkgs.writeShellScriptBin "mail.sh" '' - ${pkgs.system-sendmail}/bin/sendmail ${to} < Date: Tue, 29 Apr 2025 14:10:42 +0200 Subject: [PATCH 466/474] mitigation for periodic high load average --- systems/LoutreOS/monitoring.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/systems/LoutreOS/monitoring.nix b/systems/LoutreOS/monitoring.nix index e02a4fa0..251bec87 100644 --- a/systems/LoutreOS/monitoring.nix +++ b/systems/LoutreOS/monitoring.nix @@ -22,9 +22,14 @@ in telegraf = { enable = true; extraConfig = { + agent = { + # Mitigation for periodic high load average + # https://github.com/influxdata/telegraf/issues/3465 + collection_jitter = "5s"; + }; inputs = { zfs = { poolMetrics = true; }; - net = { interfaces = [ "eno1" "eno2" "eno3" "eno4" ]; }; + net = {}; netstat = {}; cpu = { totalcpu = true; }; kernel = {}; From 2a137869d4cae7475182b8cb4662de6dc667f950 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 2 May 2025 12:55:36 +0200 Subject: [PATCH 467/474] use nixvim module --- flake.lock | 285 ++++++++++++++++++++++++++++++++++++++++- flake.nix | 7 + systems/common-cli.nix | 66 ++++++---- 3 files changed, 331 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index 9c17d877..dddada5e 100644 --- a/flake.lock +++ b/flake.lock @@ -16,6 +16,27 @@ "type": "gitlab" } }, + "devshell": { + "inputs": { + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741473158, + "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", + "owner": "numtide", + "repo": "devshell", + "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, "dogetipbot-telegram": { "inputs": { "nixpkgs": [ @@ -38,6 +59,20 @@ } }, "flake-compat": { + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "revCount": 69, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1696426674, @@ -53,6 +88,115 @@ "type": "github" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "git-hooks": { + "inputs": { + "flake-compat": [ + "nixvim", + "flake-compat" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1742649964, + "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "nixvim", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744743431, + "narHash": "sha256-iyn/WBYDc7OtjSawbegINDe/gIkok888kQxk3aVnkgg=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "c61bfe3ae692f42ce688b5865fac9e0de58e1387", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.11", + "repo": "home-manager", + "type": "github" + } + }, "ipmihddtemp": { "inputs": { "nixpkgs": [ @@ -74,6 +218,56 @@ "type": "gitlab" } }, + "ixx": { + "inputs": { + "flake-utils": [ + "nixvim", + "nuschtosSearch", + "flake-utils" + ], + "nixpkgs": [ + "nixvim", + "nuschtosSearch", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737371634, + "narHash": "sha256-fTVAWzT1UMm1lT+YxHuVPtH+DATrhYfea3B0MxG/cGw=", + "owner": "NuschtOS", + "repo": "ixx", + "rev": "a1176e2a10ce745ff8f63e4af124ece8fe0b1648", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "ref": "v0.0.7", + "repo": "ixx", + "type": "github" + } + }, + "nix-darwin": { + "inputs": { + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743127615, + "narHash": "sha256-+sMGqywrSr50BGMLMeY789mSrzjkoxZiu61eWjYS/8o=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "fc843893cecc1838a59713ee3e50e9e7edc6207c", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "nix-darwin-24.11", + "repo": "nix-darwin", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1744440957, @@ -120,6 +314,58 @@ "type": "indirect" } }, + "nixvim": { + "inputs": { + "devshell": "devshell", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "git-hooks": "git-hooks", + "home-manager": "home-manager", + "nix-darwin": "nix-darwin", + "nixpkgs": [ + "nixpkgs" + ], + "nuschtosSearch": "nuschtosSearch", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1745068593, + "narHash": "sha256-YuQRMvqLVu+ghl2XzqXyVg/YevH/t3XHVCl7w+UrCH8=", + "owner": "nix-community", + "repo": "nixvim", + "rev": "d35dc6dfcae3ff1a0c72f2d59491a7d83e5505a3", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "nixos-24.11", + "repo": "nixvim", + "type": "github" + } + }, + "nuschtosSearch": { + "inputs": { + "flake-utils": "flake-utils", + "ixx": "ixx", + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1745046075, + "narHash": "sha256-8v4y6k16Ra/fiecb4DxhsoOGtzLKgKlS+9/XJ9z0T2I=", + "owner": "NuschtOS", + "repo": "search", + "rev": "066afe8643274470f4a294442aadd988356a478f", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "repo": "search", + "type": "github" + } + }, "root": { "inputs": { "dogetipbot-telegram": "dogetipbot-telegram", @@ -127,13 +373,14 @@ "nixpkgs": "nixpkgs", "nixpkgs-4a3fc4cf7": "nixpkgs-4a3fc4cf7", "nixpkgs-unstable": "nixpkgs-unstable", + "nixvim": "nixvim", "simple-nixos-mailserver": "simple-nixos-mailserver" } }, "simple-nixos-mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "nixpkgs": [ "nixpkgs-unstable" ], @@ -155,6 +402,42 @@ "repo": "nixos-mailserver", "type": "gitlab" } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744961264, + "narHash": "sha256-aRmUh0AMwcbdjJHnytg1e5h5ECcaWtIFQa6d9gI85AI=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "8d404a69efe76146368885110f29a2ca3700bee6", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 4efa9e8e..a5b8cdbe 100644 --- a/flake.nix +++ b/flake.nix @@ -11,6 +11,10 @@ nixpkgs-24_11.follows = "nixpkgs"; }; }; + nixvim = { + url = "github:nix-community/nixvim/nixos-24.11"; + inputs.nixpkgs.follows = "nixpkgs"; + }; dogetipbot-telegram = { url = "gitlab:nyanloutre/dogetipbot-telegram/master"; inputs.nixpkgs.follows = "nixpkgs"; @@ -28,6 +32,7 @@ nixpkgs-unstable, nixpkgs-4a3fc4cf7, simple-nixos-mailserver, + nixvim, dogetipbot-telegram, ipmihddtemp, }@inputs: @@ -39,6 +44,7 @@ system = "x86_64-linux"; modules = [ nixpkgs-unstable.nixosModules.notDetected + nixvim.nixosModules.nixvim { nixpkgs.config.allowUnfree = true; nix = { @@ -69,6 +75,7 @@ modules = [ nixpkgs-unstable.nixosModules.notDetected simple-nixos-mailserver.nixosModule + nixvim.nixosModules.nixvim dogetipbot-telegram.nixosModule ipmihddtemp.nixosModule { diff --git a/systems/common-cli.nix b/systems/common-cli.nix index c075abeb..67ec0c71 100644 --- a/systems/common-cli.nix +++ b/systems/common-cli.nix @@ -4,35 +4,49 @@ time.timeZone = "Europe/Paris"; - environment.systemPackages = with pkgs; [ - # Editeurs - (neovim.override { - viAlias = true; - vimAlias = true; - configure = { - customRC = '' - set tabstop=8 - set shiftwidth=4 - set softtabstop=0 - set expandtab - set smarttab - set background=dark - set mouse= - ''; - packages.myVimPackage = with pkgs.vimPlugins; { - start = [ - vim-startify - airline - sensible - polyglot - ale - fugitive - ]; - opt = [ ]; + programs.nixvim = { + enable = true; + viAlias = true; + vimAlias = true; + files = { + "ftplugin/nix.lua" = { + opts = { + tabstop = 8; + shiftwidth = 4; + softtabstop = 0; + expandtab = true; + smarttab = true; + background = "dark"; + mouse = ""; }; }; - }) + }; + plugins = { + lualine.enable = true; + lsp = { + enable = true; + servers = { + nixd.enable = true; + ruff.enable = true; + }; + }; + bufferline.enable = true; + telescope.enable = true; + which-key.enable = true; + treesitter.enable = true; + cmp = { + enable = true; + autoEnableSources = true; + settings.sources = [ + { name = "nvim_lsp"; } + { name = "path"; } + { name = "buffer"; } + ]; + }; + }; + }; + environment.systemPackages = with pkgs; [ # Gestionnaires de version tig gitAndTools.hub From 5afedf69c3f4161385b0dca8446793816ad546d5 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 2 May 2025 17:14:01 +0200 Subject: [PATCH 468/474] install Nerd Fonts on desktop --- systems/common-gui.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/systems/common-gui.nix b/systems/common-gui.nix index ff42da7b..cdcad6cb 100644 --- a/systems/common-gui.nix +++ b/systems/common-gui.nix @@ -69,6 +69,12 @@ pavucontrol ]; + fonts.packages = with pkgs; [ + nerd-fonts.jetbrains-mono + nerd-fonts.ubuntu-mono + nerd-fonts.fira-mono + ]; + i18n = { defaultLocale = "fr_FR.UTF-8"; }; From d4bc904ac727ad860b74912c9d9be5f0f9a1d4ac Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 2 May 2025 17:49:25 +0200 Subject: [PATCH 469/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/26d499fc9f1d567283d5d56fcf367edd815dba1d?narHash=sha256-FHlSkNqFmPxPJvy%2B6fNLaNeWnF1lZSgqVCl/eWaJRc4%3D' (2025-04-12) → 'github:NixOS/nixpkgs/3e362ce63e16b9572d8c2297c04f7c19ab6725a5?narHash=sha256-3dqArYSMP9hM7Qpy5YWhnSjiqniSaT2uc5h2Po7tmg0%3D' (2025-04-30) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef?narHash=sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU%3D' (2025-04-17) → 'github:NixOS/nixpkgs/f02fddb8acef29a8b32f10a335d44828d7825b78?narHash=sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds%2Bhc%3D' (2025-05-01) • Updated input 'nixvim': 'github:nix-community/nixvim/d35dc6dfcae3ff1a0c72f2d59491a7d83e5505a3?narHash=sha256-YuQRMvqLVu%2Bghl2XzqXyVg/YevH/t3XHVCl7w%2BUrCH8%3D' (2025-04-19) → 'github:nix-community/nixvim/5bef8e43ce16ee704c7b9fa9f48a07ce81c5c05d?narHash=sha256-MpLljx/1dGnBIQlUswaUz/ZeOp44R3ngc1iBf4tyzyc%3D' (2025-04-29) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index dddada5e..195ec40d 100644 --- a/flake.lock +++ b/flake.lock @@ -270,11 +270,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1744440957, - "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", + "lastModified": 1746055187, + "narHash": "sha256-3dqArYSMP9hM7Qpy5YWhnSjiqniSaT2uc5h2Po7tmg0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", + "rev": "3e362ce63e16b9572d8c2297c04f7c19ab6725a5", "type": "github" }, "original": { @@ -301,11 +301,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1744932701, - "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", + "lastModified": 1746141548, + "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", + "rev": "f02fddb8acef29a8b32f10a335d44828d7825b78", "type": "github" }, "original": { @@ -329,11 +329,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1745068593, - "narHash": "sha256-YuQRMvqLVu+ghl2XzqXyVg/YevH/t3XHVCl7w+UrCH8=", + "lastModified": 1745963276, + "narHash": "sha256-MpLljx/1dGnBIQlUswaUz/ZeOp44R3ngc1iBf4tyzyc=", "owner": "nix-community", "repo": "nixvim", - "rev": "d35dc6dfcae3ff1a0c72f2d59491a7d83e5505a3", + "rev": "5bef8e43ce16ee704c7b9fa9f48a07ce81c5c05d", "type": "github" }, "original": { From 9425f55d8f64427b701e61327e818dac4bca294c Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 2 May 2025 21:22:25 +0200 Subject: [PATCH 470/474] improve vim config --- systems/common-cli.nix | 76 ++++++++++++++++++++++++++++++++++-------- 1 file changed, 63 insertions(+), 13 deletions(-) diff --git a/systems/common-cli.nix b/systems/common-cli.nix index 67ec0c71..4da43920 100644 --- a/systems/common-cli.nix +++ b/systems/common-cli.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ pkgs, ... }: { @@ -8,32 +8,82 @@ enable = true; viAlias = true; vimAlias = true; - files = { - "ftplugin/nix.lua" = { - opts = { - tabstop = 8; - shiftwidth = 4; - softtabstop = 0; - expandtab = true; - smarttab = true; - background = "dark"; - mouse = ""; - }; + colorschemes.catppuccin.enable = true; + highlight.ExtraWhitespace.bg = "red"; # Highlight extra white spaces + performance = { + byteCompileLua = { + enable = true; + nvimRuntime = true; + configs = true; + plugins = true; }; }; + opts = { + updatetime = 100; # Faster completion + + # Line numbers + number = true; # Display the absolute line number of the current line + hidden = true; # Keep closed buffer open in the background + mouse = "a"; # Enable mouse control + mousemodel = "extend"; # Mouse right-click extends the current selection + splitbelow = true; # A new window is put below the current one + splitright = true; # A new window is put right of the current one + + modeline = true; # Tags such as 'vim:ft=sh' + modelines = 100; # Sets the type of modelines + undofile = true; # Automatically save and restore undo history + incsearch = true; # Incremental search: show match for partly typed search command + ignorecase = true; # When the search query is lower-case, match both lower and upper-case patterns + smartcase = true; # Override the 'ignorecase' option if the search pattern contains upper case characters + cursorline = true; # Highlight the screen line of the cursor + cursorcolumn = true; # Highlight the screen column of the cursor + signcolumn = "yes"; # Whether to show the signcolumn + laststatus = 3; # When to use a status line for the last window + fileencoding = "utf-8"; # File-content encoding for the current buffer + termguicolors = true; # Enables 24-bit RGB color in the |TUI| + wrap = false; # Prevent text from wrapping + + # Tab options + tabstop = 2; # Number of spaces a in the text stands for (local to buffer) + shiftwidth = 2; # Number of spaces used for each step of (auto)indent (local to buffer) + softtabstop = 0; # If non-zero, number of spaces to insert for a (local to buffer) + expandtab = true; # Expand to spaces in Insert mode (local to buffer) + autoindent = true; # Do clever autoindenting + + showmatch = true; # when closing a bracket, briefly flash the matching one + matchtime = 1; # duration of that flashing n deci-seconds + startofline = true; # motions like "G" also move to the first char + report = 9001; # disable "x more/fewer lines" messages + }; plugins = { lualine.enable = true; lsp = { enable = true; + inlayHints = true; servers = { nixd.enable = true; ruff.enable = true; }; }; + lspkind.enable = true; + lsp-lines.enable = true; + lsp-signature.enable = true; bufferline.enable = true; telescope.enable = true; which-key.enable = true; - treesitter.enable = true; + treesitter = { + enable = true; + settings = { + highlight = { + enable = true; + additional_vim_regex_highlighting = true; + }; + + indent = { + enable = true; + }; + }; + }; cmp = { enable = true; autoEnableSources = true; From cad30707e89447d846df116647ea8ec4155f7f20 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 18 May 2025 16:56:17 +0200 Subject: [PATCH 471/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/3e362ce63e16b9572d8c2297c04f7c19ab6725a5?narHash=sha256-3dqArYSMP9hM7Qpy5YWhnSjiqniSaT2uc5h2Po7tmg0%3D' (2025-04-30) → 'github:NixOS/nixpkgs/ba8b70ee098bc5654c459d6a95dfc498b91ff858?narHash=sha256-IKKIXTSYJMmUtE%2BKav5Rob8SgLPnfnq4Qu8LyT4gdqQ%3D' (2025-05-15) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/f02fddb8acef29a8b32f10a335d44828d7825b78?narHash=sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds%2Bhc%3D' (2025-05-01) → 'github:NixOS/nixpkgs/e06158e58f3adee28b139e9c2bcfcc41f8625b46?narHash=sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4%2BwYK4%3D' (2025-05-15) • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/63209b1def2c9fc891ad271f474a3464a5833294?narHash=sha256-HA9fAmGNGf0cOYrhgoa%2BB6BxNVqGAYXfLyx8zIS0ZBY%3D' (2024-12-22) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/14857a0309d7bbdf7c51bbfa309d0d13448ae77e?narHash=sha256-kL3cc25sc0x%2B6gBZYjuE4566RT1E3XLQs4V8sl7D%2BVE%3D' (2025-05-05) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 195ec40d..23f110e6 100644 --- a/flake.lock +++ b/flake.lock @@ -270,11 +270,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1746055187, - "narHash": "sha256-3dqArYSMP9hM7Qpy5YWhnSjiqniSaT2uc5h2Po7tmg0=", + "lastModified": 1747335874, + "narHash": "sha256-IKKIXTSYJMmUtE+Kav5Rob8SgLPnfnq4Qu8LyT4gdqQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3e362ce63e16b9572d8c2297c04f7c19ab6725a5", + "rev": "ba8b70ee098bc5654c459d6a95dfc498b91ff858", "type": "github" }, "original": { @@ -301,11 +301,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1746141548, - "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=", + "lastModified": 1747327360, + "narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f02fddb8acef29a8b32f10a335d44828d7825b78", + "rev": "e06158e58f3adee28b139e9c2bcfcc41f8625b46", "type": "github" }, "original": { @@ -389,11 +389,11 @@ ] }, "locked": { - "lastModified": 1734884447, - "narHash": "sha256-HA9fAmGNGf0cOYrhgoa+B6BxNVqGAYXfLyx8zIS0ZBY=", + "lastModified": 1746469806, + "narHash": "sha256-kL3cc25sc0x+6gBZYjuE4566RT1E3XLQs4V8sl7D+VE=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "63209b1def2c9fc891ad271f474a3464a5833294", + "rev": "14857a0309d7bbdf7c51bbfa309d0d13448ae77e", "type": "gitlab" }, "original": { From ad82f1d236e5d7fcdd3355e6c014e65d900503ad Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 18 May 2025 17:01:41 +0200 Subject: [PATCH 472/474] fix Nextcloud opcache warning --- systems/LoutreOS/web.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index 7108cd67..c9c8d659 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -388,6 +388,9 @@ in ]; }; autoUpdateApps.enable = true; + phpOptions = { + "opcache.interned_strings_buffer" = "23"; + }; }; }; From 478aa12d8478d344c85791537f389087145fd1f7 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Sun, 18 May 2025 18:04:04 +0200 Subject: [PATCH 473/474] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'ipmihddtemp': 'gitlab:nyanloutre/ipmihddtemp/6fe5d14f588956dfff89716f81b8101c7a94cd6d?narHash=sha256-Y70jZPL3/fY8SzkPnpw9Ta411zbbkJ1D3qOYJ76zuIA%3D' (2021-11-03) → 'gitlab:nyanloutre/ipmihddtemp/837ba5a66de1688e7fbce8302cfb363c42a0e1d9?narHash=sha256-6QMKT0BrLyb2wSFEpmTjYpMS6JOLHRRAMnnM5/qN/vE%3D' (2025-05-18) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/ba8b70ee098bc5654c459d6a95dfc498b91ff858?narHash=sha256-IKKIXTSYJMmUtE%2BKav5Rob8SgLPnfnq4Qu8LyT4gdqQ%3D' (2025-05-15) → 'github:NixOS/nixpkgs/9b5ac7ad45298d58640540d0323ca217f32a6762?narHash=sha256-YbsZyuRE1tobO9sv0PUwg81QryYo3L1F3R3rF9bcG38%3D' (2025-05-17) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 23f110e6..05a70578 100644 --- a/flake.lock +++ b/flake.lock @@ -204,11 +204,11 @@ ] }, "locked": { - "lastModified": 1635966341, - "narHash": "sha256-Y70jZPL3/fY8SzkPnpw9Ta411zbbkJ1D3qOYJ76zuIA=", + "lastModified": 1747584091, + "narHash": "sha256-6QMKT0BrLyb2wSFEpmTjYpMS6JOLHRRAMnnM5/qN/vE=", "owner": "nyanloutre", "repo": "ipmihddtemp", - "rev": "6fe5d14f588956dfff89716f81b8101c7a94cd6d", + "rev": "837ba5a66de1688e7fbce8302cfb363c42a0e1d9", "type": "gitlab" }, "original": { @@ -270,11 +270,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1747335874, - "narHash": "sha256-IKKIXTSYJMmUtE+Kav5Rob8SgLPnfnq4Qu8LyT4gdqQ=", + "lastModified": 1747485343, + "narHash": "sha256-YbsZyuRE1tobO9sv0PUwg81QryYo3L1F3R3rF9bcG38=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ba8b70ee098bc5654c459d6a95dfc498b91ff858", + "rev": "9b5ac7ad45298d58640540d0323ca217f32a6762", "type": "github" }, "original": { From beb7d791e7753e7df687270ae3a47f0a603b54c2 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Tue, 20 May 2025 09:57:39 +0200 Subject: [PATCH 474/474] fix Nextcloud warnings --- systems/LoutreOS/web.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index c9c8d659..4d06b386 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -386,6 +386,8 @@ in ''OC\Preview\XBitmap'' ''OC\Preview\Movie'' ]; + "default_phone_region" = "FR"; + "maintenance_window_start" = "23"; # Start maintenance operations after 23:00 UTC (01:00 CEST) }; autoUpdateApps.enable = true; phpOptions = {