raphael/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: raphael:8359a6911119e1d01540c5f8dc232e9cd2fb6aaa
Branches Tags
raphael:master
..
compare: raphael:1975d83017a7afb5fa2d9e14e5d3d31a0f6575ca
Branches Tags
raphael:master

No commits in common. "8359a6911119e1d01540c5f8dc232e9cd2fb6aaa" and "1975d83017a7afb5fa2d9e14e5d3d31a0f6575ca" have entirely different histories.
8359a69111 ... 1975d83017

26 changed files with 554 additions and 1521 deletions
Download patch file Download diff file Expand all files Collapse all files

594
assets/grafana_dashboards/alloy-logs.json
View file

@ -1,594 +0,0 @@
{
"annotations": {
"list": [
{
"$$hashKey": "object:75",
"builtIn": 1,
"datasource": {
"uid": "-- Grafana --"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"description": "Log Viewer Dashboard for Loki",
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": 20,
"links": [
{
"$$hashKey": "object:59",
"icon": "bolt",
"includeVars": true,
"keepTime": true,
"tags": [],
"targetBlank": true,
"title": "View In Explore",
"type": "link",
"url": "/explore?orgId=1&left=[\"now-1h\",\"now\",\"Loki\",{\"expr\":\"{job=\\\"$app\\\"}\"},{\"ui\":[true,true,true,\"none\"]}]"
},
{
"$$hashKey": "object:61",
"icon": "external link",
"tags": [],
"targetBlank": true,
"title": "Learn LogQL",
"type": "link",
"url": "https://grafana.com/docs/loki/latest/logql/"
}
],
"panels": [
{
"datasource": {
"uid": "bfesvtbn7l534f"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "fixed"
},
"custom": {
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
}
},
"fieldMinMax": false,
"mappings": [],
"noValue": "0",
"unit": "short"
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "error"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "semi-dark-red",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "warn"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "semi-dark-yellow",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "info"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "semi-dark-green",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "debug"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "semi-dark-blue",
"mode": "fixed"
}
}
]
}
]
},
"gridPos": {
"h": 10,
"w": 8,
"x": 0,
"y": 0
},
"id": 6,
"options": {
"displayLabels": [],
"legend": {
"displayMode": "list",
"placement": "right",
"showLegend": true,
"values": [
"percent"
]
},
"pieType": "donut",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"sort": "none",
"tooltip": {
"hideZeros": true,
"mode": "multi",
"sort": "none"
}
},
"pluginVersion": "12.3.3",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "bfesvtbn7l534f"
},
"direction": "backward",
"editorMode": "code",
"expr": "sum(count_over_time({job=\"systemd-journal\"} | detected_level = \"debug\" [$__auto])) by (detected_level)",
"hide": false,
"legendFormat": "{{detected_level}}",
"queryType": "range",
"refId": "D",
"step": ""
},
{
"datasource": {
"type": "loki",
"uid": "bfesvtbn7l534f"
},
"direction": "backward",
"editorMode": "code",
"expr": "sum(count_over_time({job=\"systemd-journal\"} | detected_level = \"info\" [$__auto])) by (detected_level)",
"hide": false,
"legendFormat": "{{detected_level}}",
"queryType": "range",
"refId": "C",
"step": ""
},
{
"datasource": {
"type": "loki",
"uid": "bfesvtbn7l534f"
},
"direction": "backward",
"editorMode": "code",
"expr": "sum(count_over_time({job=\"systemd-journal\"} | detected_level = \"unknown\" [$__auto])) by (detected_level)",
"hide": false,
"legendFormat": "{{detected_level}}",
"queryType": "range",
"refId": "E",
"step": ""
},
{
"datasource": {
"type": "loki",
"uid": "bfesvtbn7l534f"
},
"direction": "backward",
"editorMode": "code",
"expr": "sum(count_over_time({job=\"systemd-journal\"} | detected_level = \"warn\" [$__auto])) by (detected_level)",
"hide": false,
"legendFormat": "{{detected_level}}",
"queryType": "range",
"refId": "B",
"step": ""
},
{
"direction": "backward",
"editorMode": "code",
"expr": "sum(count_over_time({job=\"systemd-journal\"} | detected_level = \"error\" [$__auto])) by (detected_level)",
"legendFormat": "{{detected_level}}",
"queryType": "range",
"refId": "A",
"step": ""
}
],
"title": "Type log pie chart",
"transparent": true,
"type": "piechart"
},
{
"datasource": {
"type": "loki",
"uid": "bfesvtbn7l534f"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"axisSoftMin": 0,
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "bars",
"fillOpacity": 100,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 0,
"pointSize": 0,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "auto",
"showValues": false,
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "normal"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": 0
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": [
{
"matcher": {
"id": "byRegexp",
"options": "/^(info|information)$/i"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "semi-dark-green",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byRegexp",
"options": "/^debug$/i"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "semi-dark-blue",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byRegexp",
"options": "/^(warn|warning)$/i"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "semi-dark-orange",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byRegexp",
"options": "/^(error|errors)$/i"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "semi-dark-red",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byRegexp",
"options": "/^(crit|critical|fatal|severe)$/i"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "#705da0",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byRegexp",
"options": "/^(logs|unknown)$/i"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "darkgray",
"mode": "fixed"
}
}
]
}
]
},
"gridPos": {
"h": 10,
"w": 16,
"x": 8,
"y": 0
},
"id": 9,
"interval": "5s",
"maxDataPoints": 500,
"options": {
"legend": {
"calcs": [
"sum"
],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"hideZeros": false,
"mode": "single",
"sort": "none"
}
},
"pluginVersion": "12.3.3",
"targets": [
{
"direction": "backward",
"editorMode": "code",
"expr": "sum(count_over_time({job=\"systemd-journal\"} [$__auto])) by (detected_level)",
"legendFormat": "{{detected_level}}",
"queryType": "range",
"refId": "A"
}
],
"title": "Metric query",
"transparent": true,
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "bfesvtbn7l534f"
},
"description": "All warn/error's logs will be printed here",
"fieldConfig": {
"defaults": {},
"overrides": []
},
"gridPos": {
"h": 18,
"w": 12,
"x": 0,
"y": 10
},
"id": 8,
"maxDataPoints": "",
"options": {
"dedupStrategy": "none",
"detailsMode": "inline",
"enableInfiniteScrolling": true,
"enableLogDetails": true,
"prettifyLogMessage": false,
"showControls": false,
"showLabels": false,
"showTime": true,
"sortOrder": "Descending",
"syntaxHighlighting": true,
"timestampResolution": "ms",
"wrapLogMessage": false
},
"pluginVersion": "12.3.3",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "bfesvtbn7l534f"
},
"direction": "backward",
"editorMode": "code",
"expr": "{job=\"$app\"} | logfmt | detected_level =~ `err|error|emerg|emergency|fatal|crit|critical|warn` | line_format \"Service: {{ if .logger }}{{ .logger }}{{ else }}Loki{{ end }} | Message: {{ if .msg }}{{ .msg }}{{ else }}No Message{{ end }}\"",
"hide": false,
"legendFormat": "",
"queryType": "range",
"refId": "A"
}
],
"title": "Warn/Error's logs",
"transparent": true,
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "bfesvtbn7l534f"
},
"description": "All infos logs will be printed here",
"fieldConfig": {
"defaults": {},
"overrides": []
},
"gridPos": {
"h": 18,
"w": 12,
"x": 12,
"y": 10
},
"id": 7,
"maxDataPoints": "",
"options": {
"dedupStrategy": "none",
"detailsMode": "inline",
"enableInfiniteScrolling": true,
"enableLogDetails": true,
"prettifyLogMessage": false,
"showControls": false,
"showLabels": false,
"showTime": true,
"sortOrder": "Descending",
"syntaxHighlighting": true,
"timestampResolution": "ms",
"wrapLogMessage": false
},
"pluginVersion": "12.3.3",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "bfesvtbn7l534f"
},
"direction": "backward",
"editorMode": "code",
"expr": "{job=\"$app\"} | logfmt | detected_level =~ `info|notice|debug|trace` | line_format \"Service: {{ if .logger }}{{ .logger }}{{ else }}Loki{{ end }} | Message: {{ if .msg }}{{ .msg }}{{ else }}No Message{{ end }}\"",
"hide": false,
"legendFormat": "",
"queryType": "range",
"refId": "A"
}
],
"title": "Logs Informative",
"transparent": true,
"type": "logs"
}
],
"preload": false,
"refresh": "",
"schemaVersion": 42,
"tags": [],
"templating": {
"list": [
{
"current": {
"text": "systemd-journal",
"value": "systemd-journal"
},
"datasource": "bfesvtbn7l534f",
"definition": "label_values(job)",
"includeAll": false,
"label": "App",
"name": "app",
"options": [],
"query": "label_values(job)",
"refresh": 1,
"regex": "",
"type": "query"
},
{
"current": {
"text": "",
"value": ""
},
"label": "String Match",
"name": "search",
"options": [
{
"selected": true,
"text": "",
"value": ""
}
],
"query": "",
"type": "textbox"
}
]
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
]
},
"timezone": "",
"title": "Logs / App",
"uid": "sadlil-loki-apps-dashboard",
"version": 13
}

3
flake.nix
View file

@ -45,7 +45,6 @@
./hosts/fix/configuration.nix ./hosts/fix/configuration.nix
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
{ {
home-manager.sharedModules = [ catppuccin.homeModules.catppuccin ];
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { home-manager.extraSpecialArgs = {
@ -54,7 +53,7 @@
nixvim = inputs.nixvim.packages."x86_64-linux".default; nixvim = inputs.nixvim.packages."x86_64-linux".default;
zen-browser = inputs.zen-browser.packages."x86_64-linux".default; zen-browser = inputs.zen-browser.packages."x86_64-linux".default;
}; };
home-manager.users.raphael = import hm-config.outputs.homeModules.fix; home-manager.users.raphael = hm-config.homeConfigurations."hm-fix";
} }
]; ];
specialArgs = { specialArgs = {

70
hosts/fix/configuration.nix
View file

@ -6,12 +6,6 @@
... ...
}: }:
let
mullvad-autostart = pkgs.makeAutostartItem {
name = "mullvad-vpn";
package = pkgs.mullvad-vpn;
};
in
{ {
imports = [ imports = [
../global.nix ../global.nix
@ -25,23 +19,7 @@ in
hostName = "nixos-fix"; hostName = "nixos-fix";
firewall.enable = false; firewall.enable = false;
networkmanager.enable = true; networkmanager.enable = true;
}; wireless.enable = false;
hardware = {
graphics = {
enable = true;
enable32Bit = true;
};
nvidia = {
open = false;
modesetting.enable = true;
powerManagement = {
enable = false;
finegrained = false;
};
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
}; };
games = { games = {
@ -59,7 +37,27 @@ in
swaylock = { }; swaylock = { };
}; };
users.defaultUserShell = pkgs.zsh; users = {
defaultUserShell = pkgs.zsh;
users = {
deb = {
isNormalUser = true;
initialPassword = "pasadmin1234";
description = "deb";
useDefaultShell = true;
extraGroups = [
"networkmanager"
"dialout"
"docker"
"video"
];
packages = with pkgs; [
gnome-session
home-manager
];
};
};
};
# Bootloader. # Bootloader.
boot.loader = { boot.loader = {
@ -68,36 +66,31 @@ in
}; };
programs = { programs = {
thunderbird.enable = true;
hyprland = { hyprland = {
enable = true; enable = true;
xwayland.enable = true; xwayland.enable = true;
}; };
}; };
environment.systemPackages = with pkgs; [
mullvad-autostart
pciutils
vulkan-tools
];
services = { services = {
mullvad-vpn = {
enable = true;
package = pkgs.mullvad-vpn;
};
xserver.videoDrivers = [ "nvidia" ];
seatd.enable = true; seatd.enable = true;
xserver = {
desktopManager.gnome.enable = true;
displayManager.gdm.wayland = true;
};
greetd = { greetd = {
enable = true; enable = true;
settings = { settings = {
default_session = { default_session = {
command = "${pkgs.tuigreet}/bin/tuigreet --remember --user-menu --remember-user-session --time"; command = "${pkgs.greetd.tuigreet}/bin/tuigreet --remember --user-menu --remember-user-session --time";
}; };
}; };
useTextGreeter = true;
}; };
dbus.enable = true; dbus.enable = true;
openssh = {
enable = true;
ports = [ 42131 ];
};
pipewire = { pipewire = {
enable = true; enable = true;
alsa.enable = true; alsa.enable = true;
@ -122,7 +115,6 @@ in
enable = true; enable = true;
extraPortals = [ extraPortals = [
pkgs.xdg-desktop-portal-hyprland pkgs.xdg-desktop-portal-hyprland
pkgs.xdg-desktop-portal-gtk
]; ];
config.common.default = "*"; config.common.default = "*";
}; };

81
hosts/fix/hardware-configuration.nix
View file

@ -1,36 +1,83 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = imports = [
[ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
];
# services.dbus.enable = true;
boot = {
initrd = {
availableKernelModules = [
"xhci_pci"
"ahci"
"usbhid"
"sd_mod"
];
kernelModules = [ ];
};
kernelModules = [
"kvm-intel"
]; ];
extraModulePackages = [ ];
};
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "sd_mod" ]; fileSystems = {
boot.initrd.kernelModules = [ ]; "/" = {
boot.kernelModules = [ "kvm-intel" ]; device = "/dev/disk/by-uuid/a943d592-57d3-497e-bf43-49b50ac73f0b";
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/2eec2aaa-4576-4591-9b9e-6d36ee4b0d02";
fsType = "ext4"; fsType = "ext4";
}; };
"/boot" = {
fileSystems."/boot" = device = "/dev/disk/by-uuid/5AAB-0026";
{ device = "/dev/disk/by-uuid/FE5B-8026";
fsType = "vfat"; fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ]; options = [
"fmask=0077"
"dmask=0077"
];
}; };
"/mnt/data" = {
fileSystems."/mnt/data" = device = "/dev/disk/by-uuid/5729d30c-5806-4ccd-8a2a-080a258084dc";
{ device = "/dev/disk/by-uuid/416367e1-a2dc-4724-b9f5-9c10da4d87a5";
fsType = "ext4"; fsType = "ext4";
options = [
"acl"
"exec"
];
}; };
};
swapDevices = [ ]; swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.docker0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
services.xserver.videoDrivers = [ "nvidia" ];
hardware = {
graphics.enable = true;
nvidia = {
open = false;
modesetting.enable = true;
powerManagement.enable = false;
powerManagement.finegrained = false;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

2
hosts/global.nix
View file

@ -45,7 +45,6 @@
"wheel" "wheel"
"docker" "docker"
"video" "video"
"render"
]; ];
}; };
}; };
@ -76,7 +75,6 @@
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
uwsm
git git
postgresql postgresql
vim vim

95
hosts/server/configuration.nix
View file

@ -7,7 +7,7 @@
}: }:
let let
sshKeyMac = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIML4yVz1fhccwaTL0iHixkNkU5zUWU1rsit9u2TIIa5r raphael@raphaels-MacBook-Pro.local"; sshKeyMac = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbHk7YasSMK5FBCArKLeqIoaGXsN+WlgVquObyC5Zec raphael@MacBook-Pro-de-raphael.local";
in in
{ {
imports = [ imports = [
@ -26,6 +26,7 @@ in
hostName = "nixos-server"; hostName = "nixos-server";
firewall.enable = false; firewall.enable = false;
networkmanager.enable = true; networkmanager.enable = true;
wireless.enable = false;
interfaces.enp0s31f6.ipv4.addresses = [ interfaces.enp0s31f6.ipv4.addresses = [
{ {
address = "192.168.1.1"; address = "192.168.1.1";
@ -58,16 +59,15 @@ in
nextcloud = true; nextcloud = true;
jellyfin = true; jellyfin = true;
sso = true; sso = true;
vault = true;
}; };
forty_two.irc = false; forty_two.irc = true;
web.portefolio = true; web.portefolio = true;
server = { server = {
minecraft = true; minecraft = false;
teamspeak = true; teamspeak = true;
}; };
bot_discord = { bot_discord = {
master = false; master = true;
bde = false; bde = false;
tut = false; tut = false;
marty = false; marty = false;
@ -78,49 +78,46 @@ in
}; };
}; };
environment.systemPackages = environment.systemPackages = with pkgs; [
with pkgs; age
[ bat
age cairo
bat dconf
cairo fastfetch
dconf git
fastfetch home-manager
git lego
home-manager libjpeg
lego libpng
libjpeg libuuid
libpng linux-manual
libuuid man
linux-manual man-pages
man man-pages-posix
man-pages networkmanager
man-pages-posix openssl
networkmanager pkg-config
openssl postgresql
pkg-config protonup-ng
postgresql python3
protonup-ng python3Packages.pip
python3 qFlipper
python3Packages.pip ripgrep
qFlipper swaylock
ripgrep swaylock-fancy
swaylock tmux
swaylock-fancy unzip
tmux vim
unzip wget
vim wl-clipboard
wget xclip
wl-clipboard xdg-desktop-portal-hyprland
xclip xsel
xdg-desktop-portal-hyprland yarn
xsel zsh
yarn ] ++ [
zsh inputs.agenix.packages.${pkgs.system}.agenix
] ];
++ [
inputs.agenix.packages.${pkgs.system}.agenix
];
# Bootloader. # Bootloader.
boot.loader = { boot.loader = {
@ -143,7 +140,7 @@ in
openssh = { openssh = {
enable = true; enable = true;
ports = [ ports = [
42131 42131
]; ];
}; };
udev.extraRules = '' udev.extraRules = ''

45
hosts/server/hardware-configuration.nix
View file

@ -1,51 +1,28 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config, lib, pkgs, modulesPath, ... }:
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = [ imports =
(modulesPath + "/installer/scan/not-detected.nix") [ (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
"xhci_pci"
"ahci"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems = { fileSystems."/" =
"/" = { { device = "/dev/disk/by-uuid/67b9f544-f7d6-4203-a1ee-3d527f0c4ace";
device = "/dev/disk/by-uuid/67b9f544-f7d6-4203-a1ee-3d527f0c4ace";
fsType = "ext4"; fsType = "ext4";
}; };
"/boot" = {
device = "/dev/disk/by-uuid/C2ED-90A4"; fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/C2ED-90A4";
fsType = "vfat"; fsType = "vfat";
options = [ options = [ "fmask=0077" "dmask=0077" ];
"fmask=0077"
"dmask=0077"
];
}; };
"/mnt/data" = {
device = "/dev/disk/by-uuid/efa8669d-d141-4858-9e66-d3efa9a88816";
fsType = "ext4";
options = [
"acl"
"exec"
];
};
};
swapDevices = [ ]; swapDevices = [ ];

52
hosts/server/secrets.nix
View file

@ -5,100 +5,66 @@
age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
age.secrets."wireguard-secret" = {
file = ../../secrets/wireguard-secret.age;
owner = "root";
group = "root";
mode = "0400";
};
age.secrets."mailjet-user" = { age.secrets."mailjet-user" = {
file = ../../secrets/mailjet-user.age; file = ../../secrets/mailjet-user.age;
owner = "root"; owner = "root";
group = "root"; group = "root";
mode = "0400"; mode = "0400";
}; };
age.secrets."mailjet-pass" = { age.secrets."mailjet-pass" = {
file = ../../secrets/mailjet-pass.age; file = ../../secrets/mailjet-pass.age;
owner = "root"; owner = "root";
group = "root"; group = "root";
mode = "0400"; mode = "0400";
}; };
age.secrets."nextcloud-admin-pass" = { age.secrets."nextcloud-admin-pass" = {
file = ../../secrets/nextcloud-admin-pass.age; file = ../../secrets/nextcloud-admin-pass.age;
owner = "nextcloud"; owner = "nextcloud";
group = "nextcloud"; group = "nextcloud";
mode = "0400"; mode = "0400";
}; };
age.secrets."nextcloud-oidc-secret" = { age.secrets."nextcloud-oidc-secret" = {
file = ../../secrets/nextcloud-oidc-secret.age; file = ../../secrets/nextcloud-oidc-secret.age;
owner = "kanidm"; owner = "kanidm";
group = "kanidm"; group = "kanidm";
mode = "0400"; mode = "0400";
}; };
age.secrets."grafana-oidc-secret" = { age.secrets."grafana-oidc-secret" = {
file = ../../secrets/grafana-oidc-secret.age; file = ../../secrets/grafana-oidc-secret.age;
owner = "kanidm"; owner = "kanidm";
group = "grafana"; group = "grafana";
mode = "0440"; mode = "0440";
};
age.secrets."grafana-secret-key" = {
file = ../../secrets/grafana-secret-key.age;
owner = "grafana";
group = "grafana";
mode = "0440";
}; };
age.secrets."forgejo-oidc-secret" = { age.secrets."forgejo-oidc-secret" = {
file = ../../secrets/forgejo-oidc-secret.age; file = ../../secrets/forgejo-oidc-secret.age;
owner = "kanidm"; owner = "kanidm";
group = "forgejo"; group = "forgejo";
mode = "0440"; mode = "0440";
};
age.secrets."forgejo-runner-token" = {
file = ../../secrets/forgejo-runner-token.age;
owner = "forgejo";
group = "forgejo";
mode = "0440";
}; };
age.secrets."nextcloud-database" = { age.secrets."nextcloud-database" = {
file = ../../secrets/nextcloud-database.age; file = ../../secrets/nextcloud-database.age;
owner = "nextcloud"; owner = "nextcloud";
group = "nextcloud"; group = "nextcloud";
mode = "0400"; mode = "0400";
}; };
age.secrets."kanidm-admin" = { age.secrets."kanidm-admin" = {
file = ../../secrets/kandim-admin.age; file = ../../secrets/kandim-admin.age;
owner = "kanidm"; owner = "kanidm";
group = "kanidm"; group = "kanidm";
mode = "0400"; mode = "0400";
}; };
age.secrets."kanidm-idmAdmin" = { age.secrets."kanidm-idmAdmin" = {
file = ../../secrets/kandim-idmAdmin.age; file = ../../secrets/kandim-idmAdmin.age;
owner = "kanidm"; owner = "kanidm";
group = "kanidm"; group = "kanidm";
mode = "0400"; mode = "0400";
}; };
age.secrets."vault-oidc-secret" = {
file = ../../secrets/vault-oidc-secret.age;
owner = "kanidm";
group = "kanidm";
mode = "0400";
};
age.secrets."vault-secret-env" = {
file = ../../secrets/vault-secret-env.age;
owner = "vaultwarden";
group = "vaultwarden";
mode = "0400";
};
} }

1
modules/games/steam.nix
View file

@ -22,7 +22,6 @@ in
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
gamescope
wine-staging wine-staging
lutris lutris
dxvk dxvk

BIN
secrets/forgejo-runner-token.age
View file

Binary file not shown.

7
secrets/grafana-secret-key.age
View file

@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 Iy+0iw a6V5MbX371JEVJM4L1AiL0f3/W4oPhc0EeydmBlCwzI
QnsMyhcDyrCGkkJaQWA04u5YdiVrlIISyp/PEnY7emE
-> ssh-ed25519 ocqiLQ 6vkETQNUq8iMWqPD3uf+UrVcY34xz8KBPLWK2WRHjgk
ttdk+iK/DFYoshfffBN+tbxXkWHgVPz5fYQ+m4684aM
--- gBW+PH1fOqhXi0ChESyPAj7fqM21Lb9UYPJ5JWVuoFk
%¢Alb3£¹Sd·æT³ü÷PææHf{&Š.5@ëîúå;V†Pkz‡×¶µ<C2B6>¶ëïü»¸½ÃlZ¦øv¾ÆV£í¦

5
secrets/secrets.nix
View file

@ -10,18 +10,13 @@ let
]; ];
in in
{ {
"wireguard-secret.age".publicKeys = users ++ systems;
"mailjet-user.age".publicKeys = users ++ systems; "mailjet-user.age".publicKeys = users ++ systems;
"mailjet-pass.age".publicKeys = users ++ systems; "mailjet-pass.age".publicKeys = users ++ systems;
"nextcloud-admin-pass.age".publicKeys = users ++ systems; "nextcloud-admin-pass.age".publicKeys = users ++ systems;
"nextcloud-database.age".publicKeys = users ++ systems; "nextcloud-database.age".publicKeys = users ++ systems;
"nextcloud-oidc-secret.age".publicKeys = users ++ systems; "nextcloud-oidc-secret.age".publicKeys = users ++ systems;
"grafana-oidc-secret.age".publicKeys = users ++ systems; "grafana-oidc-secret.age".publicKeys = users ++ systems;
"grafana-secret-key.age".publicKeys = users ++ systems;
"forgejo-oidc-secret.age".publicKeys = users ++ systems; "forgejo-oidc-secret.age".publicKeys = users ++ systems;
"forgejo-runner-token.age".publicKeys = users ++ systems;
"kandim-admin.age".publicKeys = users ++ systems; "kandim-admin.age".publicKeys = users ++ systems;
"kandim-idmAdmin.age".publicKeys = users ++ systems; "kandim-idmAdmin.age".publicKeys = users ++ systems;
"vault-secret-env.age".publicKeys = users ++ systems;
"vault-oidc-secret.age".publicKeys = users ++ systems;
} }

BIN
secrets/vault-oidc-secret.age
View file

Binary file not shown.

9
secrets/vault-secret-env.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 Iy+0iw rpRn2BgDtK3p1tHofUH/nCEwRh4z7rjAwLbvbhCTSkg
6ZiVqx6pNZyYmhsDhZh3YG6+LKiRsnuWMfN8KzJLyhw
-> ssh-ed25519 ocqiLQ AguX30lc6+1ckV3ENiHhboGyNyf2pN0hqIytsTAjwz4
rAGWhtuROHn8p0eAGEKS6Xp+PyYmpbw2EbdadbfJxt0
--- WA9Zus5yXPXPD+TiHyUlEIqozmvhAxWQTE6s2olZ1fs
2*8Ö<38>3˜gã ¾E(µªÛ+ÃÝ<ïµtª<74>­Öà•ÞFúÕ×#v7Cü+|
Ò£ÉýZ¥Y(â.áÛ´Dê.‡Ôr`ý`Žz‡@™³<E284A2>Ã)141}Þ@°œ_¼þ&€¨œß2£ ÀºqÒOH>Ÿ÷w[„ðŒ<Õr<C395>Æ3àÚrI¦MÎb+ôÌo90H÷*D'ªy&ç]÷h1 솥ݞšs&Œ• Ò<ƒÇ
"ÊpœéÑÃýûiQß^×p9ÕËÎâžb#æ²)ch*ç;'"¢gõCvñfø­§Øæ}®Õùv

7
secrets/wireguard-secret.age
View file

@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 Iy+0iw 65IsIObRg7SuYCZnDp/LKpSn1tpnJTLaXFcc7/9gRkA
3L16P+XHyyfwSZLInsPv3UPMVYsPpYAV2E+/kl+oQbA
-> ssh-ed25519 ocqiLQ R3CkxF9zthAEZGE3CZypFGb/uwLazrBpwWT97N+1izA
EP6vUm4Y511GMctNJi0FO7bzUw6qHMqPRzxJiSTD23M
--- JqhMdyVwELZA++21d9WMdbGTciFtsea44hbbC+WWLHI
<>²N ±è=¬xûÓ0TEPñßßܯP<C2AF>øêmÊ=È<>aÿhª*Åp`ÉâÚ%¹Qû´…wËo+ãWJ·@åOkˆKíTRÚâÐ

16
services/self_host.nix
View file

@ -71,14 +71,6 @@ let
lib lib
; ;
}; };
vault = import ./self_host/vault.nix {
inherit
inputs
config
pkgs
lib
;
};
cfg = config.service.selfhost; cfg = config.service.selfhost;
in in
{ {
@ -91,7 +83,6 @@ in
nextcloud nextcloud
ollama ollama
sso sso
vault
]; ];
config = { config = {
@ -138,12 +129,7 @@ in
sso = lib.mkOption { sso = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
description = "Enable the sso"; description = "Enable the nextcloud";
};
vault = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable the vault";
}; };
}; };
} }

23
services/self_host/git.nix
View file

@ -1,9 +1,4 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
let let
gitDomain = "git.enium.eu"; gitDomain = "git.enium.eu";
@ -35,14 +30,13 @@ in
AUTH_URL = "https://git.enium.eu/ui/oauth2"; AUTH_URL = "https://git.enium.eu/ui/oauth2";
TOKEN_URL = "https://git.enium.eu/oauth2/token"; TOKEN_URL = "https://git.enium.eu/oauth2/token";
API_URL = "https://git.enium.eu/oauth2/openid/forgejo/userinfo"; API_URL = "https://git.enium.eu/oauth2/openid/forgejo/userinfo";
REDIRECT_URI = "https://git.enium.eu/user/oauth2/Enium/callback";
CODE_CHALLENGE_METHOD = "S256"; CODE_CHALLENGE_METHOD = "S256";
ENABLE_AUTO_REGISTRATION = true; ENABLE_AUTO_REGISTRATION = true;
UPDATE_AVATAR = true; UPDATE_AVATAR = true;
}; };
service = { service = {
DISABLE_REGISTRATION = false; DISABLE_REGISTRATION = true;
ALLOW_ONLY_EXTERNAL_REGISTRATION = true; ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
SHOW_REGISTRATION_BUTTON = false; SHOW_REGISTRATION_BUTTON = false;
DISABLE_PASSWORD_SIGNIN_FORM = true; DISABLE_PASSWORD_SIGNIN_FORM = true;
@ -52,18 +46,7 @@ in
}; };
}; };
}; };
gitea-actions-runner = {
package = pkgs.forgejo-runner;
instances.default = {
enable = true;
name = "monolith";
url = "https://git.enium.eu";
tokenFile = config.age.secrets.forgejo-runner-token.path;
labels = [
"ubuntu-latest:docker://node:16-bullseye"
];
};
};
nginx.virtualHosts."${gitDomain}" = { nginx.virtualHosts."${gitDomain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;

172
services/self_host/jellyfin.nix
View file

@ -1,128 +1,84 @@
{ {
config, config,
pkgs, pkgs,
lib, lib,
... ...
}: }:
let let
cfg = config.service.selfhost.jellyfin; cfg = config.service.selfhost.jellyfin;
wireguard-key = config.age.secrets."wireguard-secret".path;
in in
{ {
config = lib.mkIf cfg { config = lib.mkIf cfg {
virtualisation = {
docker.enable = true;
oci-containers = {
backend = "docker";
containers = {
gluetun = {
image = "qmcgaw/gluetun:latest";
autoStart = true;
extraOptions = [
"--cap-add=NET_ADMIN"
"--device=/dev/net/tun"
];
environment = {
VPN_SERVICE_PROVIDER = "mullvad";
VPN_TYPE = "wireguard";
WIREGUARD_PRIVATE_KEY = builtins.readFile wireguard-key;
BLOCK_MALICIOUS = "off";
BLOCK_SURVEILLANCE = "off";
BLOCK_ADS = "off";
WIREGUARD_ADDRESSES = "10.70.168.94/32";
SERVER_COUNTRIES = "Sweden";
SERVER_CITIES = "Stockholm";
SERVER_HOSTNAMES = "se-sto-wg-206";
TZ = "Europe/Paris";
};
ports = [
"8080:8080"
"7878:7878"
"8989:8989"
"9696:9696"
];
};
qbittorrent = {
image = "lscr.io/linuxserver/qbittorrent:latest";
autoStart = true;
extraOptions = [
"--network=container:gluetun"
];
environment = {
PUID = "1000";
PGID = "991";
WEBUI_PORT = "8080";
TZ = "Europe/Paris";
};
volumes = [
"/mnt/data/qbittorrent/config:/config"
"/mnt/data/downloads:/downloads"
];
};
radarr = {
image = "lscr.io/linuxserver/radarr:latest";
autoStart = true;
extraOptions = [
"--network=container:gluetun"
];
environment = {
PUID = "1000";
PGID = "991";
TZ = "Europe/Paris";
};
volumes = [
"/mnt/data/radarr/config:/config"
"/mnt/data/downloads:/downloads"
"/mnt/data:/data"
];
};
sonarr = {
image = "lscr.io/linuxserver/sonarr:latest";
autoStart = true;
extraOptions = [
"--network=container:gluetun"
];
environment = {
PUID = "1000";
PGID = "991";
TZ = "Europe/Paris";
};
volumes = [
"/mnt/data/sonarr/config:/config"
"/mnt/data/downloads:/downloads"
"/mnt/data:/data"
];
};
prowlarr = {
image = "lscr.io/linuxserver/prowlarr:latest";
autoStart = true;
extraOptions = [
"--network=container:gluetun"
];
environment = {
PUID = "1000";
PGID = "991";
TZ = "Europe/Paris";
};
volumes = [
"/mnt/data/prowlarr/config:/config"
];
};
};
};
};
users = { users = {
groups.datausers = { }; groups.datausers = { };
users = { users = {
jellyfin.extraGroups = [ "datausers" ]; jellyfin.extraGroups = [ "datausers" ];
radarr.extraGroups = [ "datausers" ];
sonarr.extraGroups = [ "datausers" ];
}; };
}; };
services = { services = {
jellyfin = { jellyfin = {
enable = true; enable = true;
dataDir = "/mnt/data/jellyfin"; dataDir = "/mnt/data/media";
openFirewall = true; openFirewall = true;
}; };
qbittorrent = {
enable = true;
openFirewall = true;
user = "qbittorrent";
group = "datausers";
webuiPort = 8137;
serverConfig = {
Preferences = {
Downloads = {
SavePath = "/mnt/data/downloads";
TempPathEnabled = false;
};
General = {
Locale = "fr_FR";
};
WebUI = {
Username = "raphael";
Password_PBKDF2 = "@ByteArray(CmH/e4LVehCMTT2BUTVo5g==:VqhgnDIsg0owhZqINmi6O0Ac3tXgz6JYAkxB7sqSH18VPQ6R6Tz9jT2a6KXtld4wG6ld41nFXSst0UqRFTUTUw==)";
};
};
};
};
flaresolverr = {
enable = true;
openFirewall = true;
port = 8191;
};
sonarr = {
enable = true;
dataDir = "/var/lib/sonarr";
user = "sonarr";
group = "datausers";
openFirewall = true;
};
radarr = {
enable = true;
dataDir = "/var/lib/radarr";
user = "radarr";
group = "datausers";
openFirewall = true;
};
prowlarr = {
enable = true;
dataDir = "/var/lib/prowlarr";
openFirewall = true;
};
bazarr.enable = true;
nginx.virtualHosts = { nginx.virtualHosts = {
"jellyfin.enium.eu" = { "jellyfin.enium.eu" = {
enableACME = true; enableACME = true;

139
services/self_host/mail.nix
View file

@ -22,7 +22,7 @@ in
shell = "/run/current-system/sw/bin/nologin"; shell = "/run/current-system/sw/bin/nologin";
}; };
users.groups = { users.groups = {
vmail = { }; vmail = {};
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d /run/dovecot 0755 dovecot dovecot - -" "d /run/dovecot 0755 dovecot dovecot - -"
@ -84,22 +84,14 @@ in
chroot = false; chroot = false;
command = "smtpd"; command = "smtpd";
args = [ args = [
"-o" "-o" "smtpd_recipient_restrictions=permit_sasl_authenticated,reject"
"smtpd_recipient_restrictions=permit_sasl_authenticated,reject" "-o" "smtpd_sasl_auth_enable=yes"
"-o" "-o" "smtpd_sasl_security_options=noanonymous"
"smtpd_sasl_auth_enable=yes" "-o" "smtpd_sender_login_maps=hash:/var/lib/postfix/sender_login"
"-o" "-o" "smtpd_sender_restrictions=reject_sender_login_mismatch"
"smtpd_sasl_security_options=noanonymous" "-o" "smtpd_tls_auth_only=yes"
"-o" "-o" "smtpd_tls_security_level=encrypt"
"smtpd_sender_login_maps=hash:/var/lib/postfix/sender_login" "-o" "syslog_name=postfix/submission"
"-o"
"smtpd_sender_restrictions=reject_sender_login_mismatch"
"-o"
"smtpd_tls_auth_only=yes"
"-o"
"smtpd_tls_security_level=encrypt"
"-o"
"syslog_name=postfix/submission"
]; ];
}; };
}; };
@ -219,19 +211,16 @@ in
raphael@enium.eu:{SHA512-CRYPT}$6$rIsn6/dLJ6MbITx5$vMo82dgkQZoV8BQIaO6Bs9J86ZjgcJ.LqMuIqnXVfuBRgZOqY/YiURBUOcS1P2wAo5h4TCFkKExfcjjX1reUU. raphael@enium.eu:{SHA512-CRYPT}$6$rIsn6/dLJ6MbITx5$vMo82dgkQZoV8BQIaO6Bs9J86ZjgcJ.LqMuIqnXVfuBRgZOqY/YiURBUOcS1P2wAo5h4TCFkKExfcjjX1reUU.
benjamin@enium.eu:{SHA512-CRYPT}$6$.34vS2JkrmGnioYo$pUF.vN5Q3njn5WRTLdMU5n7vGJdwk64bB/si0vQXFw.ioky4xlHUVocFXC8GI9wkVJNif.2kHvAYEcEtXvU2I0 benjamin@enium.eu:{SHA512-CRYPT}$6$.34vS2JkrmGnioYo$pUF.vN5Q3njn5WRTLdMU5n7vGJdwk64bB/si0vQXFw.ioky4xlHUVocFXC8GI9wkVJNif.2kHvAYEcEtXvU2I0
deborah@enium.eu:{SHA512-CRYPT}$6$IZ7Dd31uZ4VKzz04$z5IhS25Jve8KsX0GIIXB8GUiPYd3eSuxlDz9RZQHa2tE4hptgtXQVU3av42MIRpaN9GPqG9iM6jiQUwRZ9V39/ deborah@enium.eu:{SHA512-CRYPT}$6$IZ7Dd31uZ4VKzz04$z5IhS25Jve8KsX0GIIXB8GUiPYd3eSuxlDz9RZQHa2tE4hptgtXQVU3av42MIRpaN9GPqG9iM6jiQUwRZ9V39/
rchouraqui@enium.eu:{SHA512-CRYPT}$6$.YW4sF83D1EZXQW8$AZoxbni6XFGf3XuSp1sKhZ9cHjU5CcryEH8C45Fbu5s2nJHixDRnDeH6Vl5EvfQfH09wrxhDYp0Tld.TiUSpn.
''; '';
environment.etc."postfix-vmailbox".text = '' environment.etc."postfix-vmailbox".text = ''
raphael@enium.eu enium.eu/raphael/ raphael@enium.eu enium.eu/raphael/
benjamin@enium.eu enium.eu/benjamin/ benjamin@enium.eu enium.eu/benjamin/
deborah@enium.eu enium.eu/deborah/ deborah@enium.eu enium.eu/deborah/
rchouraqui@enium.eu enium.eu/rchouraqui/
''; '';
environment.etc."postfix-sender_login".text = '' environment.etc."postfix-sender_login".text = ''
raphael@enium.eu raphael@enium.eu raphael@enium.eu raphael@enium.eu
benjamin@enium.eu benjamin@enium.eu benjamin@enium.eu benjamin@enium.eu
deborah@enium.eu deborah@enium.eu deborah@enium.eu deborah@enium.eu
rchouraqui@enium.eu rchouraqui@enium.eu
no-reply@enium.eu raphael@enium.eu, benjamin@enium.eu no-reply@enium.eu raphael@enium.eu, benjamin@enium.eu
direction@enium.eu raphael@enium.eu, benjamin@enium.eu direction@enium.eu raphael@enium.eu, benjamin@enium.eu
@ -240,7 +229,7 @@ in
''; '';
environment.etc."postfix-virtual".text = '' environment.etc."postfix-virtual".text = ''
direction@enium.eu raphael@enium.eu, benjamin@enium.eu direction@enium.eu raphael@enium.eu, benjamin@enium.eu
recrutement@enium.eu raphael@enium.eu, benjamin@enium.eu, rchouraqui@enium.eu recrutement@enium.eu raphael@enium.eu, benjamin@enium.eu
contact@enium.eu raphael@enium.eu, benjamin@enium.eu contact@enium.eu raphael@enium.eu, benjamin@enium.eu
''; '';
@ -248,68 +237,68 @@ in
enable = true; enable = true;
postfix.enable = true; postfix.enable = true;
extraConfig = '' extraConfig = ''
worker "controller" { worker "controller" {
bind_socket = "127.0.0.1:11334"; bind_socket = "127.0.0.1:11334";
password = "admin"; password = "admin";
}; };
worker "normal" { worker "normal" {
bind_socket = "127.0.0.1:11333"; bind_socket = "127.0.0.1:11333";
}; };
worker "rspamd_proxy" { worker "rspamd_proxy" {
bind_socket = "127.0.0.1:11332"; bind_socket = "127.0.0.1:11332";
milter = yes; milter = yes;
timeout = 120s; timeout = 120s;
upstream "local" { upstream "local" {
self_scan = yes; self_scan = yes;
}; };
}; };
actions { actions {
reject = 12; reject = 12;
add_header = 6; add_header = 6;
greylist = 4; greylist = 4;
}; };
classifier "bayes" { classifier "bayes" {
backend = "redis"; backend = "redis";
servers = "127.0.0.1:6381"; servers = "127.0.0.1:6381";
autolearn = true; autolearn = true;
min_learns = 200; min_learns = 200;
new_schema = true; new_schema = true;
cache = true; cache = true;
statfile { statfile {
symbol = "BAYES_HAM"; symbol = "BAYES_HAM";
spam = false; spam = false;
}; };
statfile { statfile {
symbol = "BAYES_SPAM"; symbol = "BAYES_SPAM";
spam = true; spam = true;
}; };
learn_condition = <<EOD learn_condition = <<EOD
return function(task) return function(task)
return true return true
end end
EOD; EOD;
}; };
rbl { rbl {
enabled = true; enabled = true;
rbls = { rbls = {
spamhaus = { spamhaus = {
symbol = "RBL_SPAMHAUS"; symbol = "RBL_SPAMHAUS";
rbl = "zen.spamhaus.org"; rbl = "zen.spamhaus.org";
}; };
barracuda = { barracuda = {
symbol = "RBL_BARRACUDA"; symbol = "RBL_BARRACUDA";
rbl = "b.barracudacentral.org"; rbl = "b.barracudacentral.org";
}; };
}; };
}; };
''; '';
}; };
services.redis.servers.rspamd = { services.redis.servers.rspamd = {

549
services/self_host/monitor.nix
View file

@ -8,8 +8,6 @@
let let
cfg = config.service.selfhost.monitor; cfg = config.service.selfhost.monitor;
dashboardsDir = ../../assets/grafana_dashboards; dashboardsDir = ../../assets/grafana_dashboards;
oidc-secret = config.age.secrets.grafana-oidc-secret.path;
encryption-key = config.age.secrets.grafana-secret-key.path;
monitored = [ monitored = [
"nginx" "nginx"
"grafana" "grafana"
@ -17,332 +15,247 @@ let
in in
{ {
config = lib.mkIf cfg { config = lib.mkIf cfg {
services = { services.grafana = {
grafana = { enable = true;
enable = true; package = pkgs.grafana;
package = pkgs.grafana; dataDir = "/var/lib/grafana";
dataDir = "/var/lib/grafana"; provision = {
provision = { dashboards.settings.providers = [
dashboards.settings.providers = [ {
{ name = "nixos-dashboards";
name = "nixos-dashboards"; type = "file";
type = "file"; updateIntervalSeconds = 30;
updateIntervalSeconds = 30; editable = false;
editable = false;
options = { options = {
path = "/etc/grafana/dashboards"; path = "/etc/grafana/dashboards";
foldersFromFilesStructure = false; foldersFromFilesStructure = false;
}; };
} }
]; ];
datasources.settings.datasources = [ datasources.settings.datasources = [
{ {
name = "Prometheus"; name = "Prometheus";
type = "prometheus"; type = "prometheus";
uid = "prometheus"; uid = "prometheus";
access = "proxy"; access = "proxy";
url = "http://127.0.0.1:9090"; url = "http://127.0.0.1:9090";
isDefault = true; isDefault = true;
editable = false; editable = false;
jsonData = { jsonData = {
httpMethod = "POST"; httpMethod = "POST";
timeInterval = "15s"; timeInterval = "15s";
};
}
];
};
settings = {
server = {
root_url = "https://monitor.enium.eu";
domain = "monitor.enium.eu";
serve_from_sub_path = false;
};
"auth.generic_oauth" = {
enabled = true;
name = "Enium";
allow_sign_up = true;
client_id = "grafana";
client_secret = "$__file{${oidc-secret}}";
scopes = "openid profile email groups";
auth_url = "https://auth.enium.eu/ui/oauth2";
token_url = "https://auth.enium.eu/oauth2/token";
api_url = "https://auth.enium.eu/oauth2/openid/grafana/userinfo";
redirect_uri = "https://monitor.enium.eu/login/generic_oauth";
use_pkce = true;
use_refresh_token = true;
login_attribute_path = "preferred_username";
name_attribute_path = "name";
email_attribute_path = "email";
groups_attribute_path = "groups";
role_attribute_path = "contains(groups, 'grafana_superadmins@enium.eu') && 'GrafanaAdmin' || contains(groups, 'grafana_admins@enium.eu') && 'Admin' || contains(groups, 'grafana_editors@enium.eu') && 'Editor' || 'Viewer'";
allow_assign_grafana_admin = true;
role_attribute_strict = false;
skip_org_role_sync = false;
};
log.level = "debug";
auth = {
disable_login_form = true;
disable_signout_menu = false;
};
security = {
secret_key = "$__file{${encryption-key}}";
cookie_secure = true;
cookie_samesite = "none";
allow_embedding = true;
};
};
};
prometheus = {
enable = true;
checkConfig = false;
exporters = {
blackbox = {
enable = true;
configFile = pkgs.writeText "blackbox-exporter.yml" ''
modules:
http_2xx:
prober: http
timeout: 5s
http:
valid_http_versions: ["HTTP/1.1", "HTTP/2.0"]
valid_status_codes: []
method: GET
no_follow_redirects: false
fail_if_not_ssl: false
'';
};
node.enable = true;
systemd.enable = true;
};
scrapeConfigs = [
{
job_name = "systemd_exporter";
metrics_path = "/metrics";
static_configs = [
{
targets = [
"127.0.0.1:9558"
];
}
];
}
{
job_name = "node_exporter";
static_configs = [
{
targets = [
"127.0.0.1:9100"
];
}
];
}
{
job_name = "process_exporter";
metrics_path = "/metrics";
scheme = "http";
static_configs = [
{
targets = [
"127.0.0.1:9256"
];
}
];
}
{
job_name = "blackbox_http_probe";
metrics_path = "/probe";
params = {
module = [
"http_2xx"
];
}; };
static_configs = [
{
targets = [
"https://raphael.parodi.pro"
"https://nextcloud.enium.eu"
"https://htop.enium.eu"
"https://monitor.enium.eu"
"https://ollama.enium.eu"
"http://relance-pas-stp.me:4242"
];
}
];
relabel_configs = [
{
source_labels = [ "__address__" ];
target_label = "__param_target";
}
{
source_labels = [ "__param_target" ];
target_label = "instance";
}
{
target_label = "__address__";
replacement = "127.0.0.1:9115";
}
];
proxy_url = "http://127.0.0.1:9115";
} }
]; ];
ruleFiles = lib.mkForce [ "/etc/prometheus/services.rules" ];
}; };
loki = { settings = {
enable = true; server = {
configuration = { root_url = "https://monitor.enium.eu";
auth_enabled = false; domain = "monitor.enium.eu";
server = { serve_from_sub_path = false;
http_listen_port = 3100; };
grpc_listen_port = 9095;
}; "auth.generic_oauth" = {
common = { enabled = true;
path_prefix = "/var/lib/loki"; name = "Enium";
storage = { allow_sign_up = true;
filesystem = { client_id = "grafana";
chunks_directory = "/var/lib/loki/chunks"; client_secret = "$__file{${config.age.secrets.grafana-oidc-secret.path}}";
rules_directory = "/var/lib/loki/rules"; scopes = "openid profile email groups";
}; auth_url = "https://auth.enium.eu/ui/oauth2";
}; token_url = "https://auth.enium.eu/oauth2/token";
replication_factor = 1; api_url = "https://auth.enium.eu/oauth2/openid/grafana/userinfo";
ring = { redirect_uri = "https://monitor.enium.eu/login/generic_oauth";
instance_addr = "127.0.0.1"; use_pkce = true;
kvstore.store = "inmemory"; use_refresh_token = true;
}; login_attribute_path = "preferred_username";
}; name_attribute_path = "name";
schema_config = { email_attribute_path = "email";
configs = [ groups_attribute_path = "groups";
{ role_attribute_path = "contains(groups, 'grafana_superadmins@enium.eu') && 'GrafanaAdmin' || contains(groups, 'grafana_admins@enium.eu') && 'Admin' || contains(groups, 'grafana_editors@enium.eu') && 'Editor' || 'Viewer'";
from = "2024-01-01"; allow_assign_grafana_admin = true;
store = "tsdb"; role_attribute_strict = false;
object_store = "filesystem"; skip_org_role_sync = false;
schema = "v13"; };
index = { log.level = "debug";
prefix = "index_"; auth = {
period = "24h"; disable_login_form = true;
}; disable_signout_menu = false;
} };
security = {
cookie_secure = true;
cookie_samesite = "none";
allow_embedding = true;
};
};
};
environment.etc."process-exporter.json".text = builtins.toJSON {
procMatchers = lib.map (svc: {
name = svc;
cmdline = [
"${svc}:"
];
}) monitored;
};
systemd.services.process_exporter = {
description = "Prometheus Process Exporter";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.prometheus-process-exporter}/bin/process-exporter --config.path /etc/process-exporter.json";
Restart = "always";
};
};
services.prometheus = {
enable = true;
checkConfig = false;
exporters = {
blackbox = {
enable = true;
configFile = pkgs.writeText "blackbox-exporter.yml" ''
modules:
http_2xx:
prober: http
timeout: 5s
http:
valid_http_versions: ["HTTP/1.1", "HTTP/2.0"]
valid_status_codes: []
method: GET
no_follow_redirects: false
fail_if_not_ssl: false
'';
};
node.enable = true;
systemd.enable = true;
};
scrapeConfigs = [
{
job_name = "systemd_exporter";
metrics_path = "/metrics";
static_configs = [
{
targets = [
"127.0.0.1:9558"
];
}
];
}
{
job_name = "node_exporter";
static_configs = [
{
targets = [
"127.0.0.1:9100"
];
}
];
}
{
job_name = "process_exporter";
metrics_path = "/metrics";
scheme = "http";
static_configs = [
{
targets = [
"127.0.0.1:9256"
];
}
];
}
{
job_name = "blackbox_http_probe";
metrics_path = "/probe";
params = {
module = [
"http_2xx"
]; ];
}; };
}; static_configs = [
}; {
alloy = { targets = [
enable = true; "https://raphael.parodi.pro"
configPath = pkgs.writeText "config.alloy" '' "https://nextcloud.enium.eu"
loki.source.journal "systemd" { "https://htop.enium.eu"
forward_to = [loki.relabel.journal.receiver] "https://monitor.enium.eu"
relabel_rules = loki.relabel.journal.rules "https://ollama.enium.eu"
labels = { "http://relance-pas-stp.me:4242"
job = "systemd-journal", ];
} }
}
loki.relabel "journal" {
forward_to = [loki.write.local.receiver]
rule {
source_labels = ["__journal__systemd_unit"]
target_label = "unit"
}
rule {
source_labels = ["__journal_priority_keyword"]
target_label = "level"
}
rule {
source_labels = ["__journal__hostname"]
target_label = "hostname"
}
rule {
source_labels = ["__journal_syslog_identifier"]
target_label = "syslog_identifier"
}
}
loki.write "local" {
endpoint {
url = "http://localhost:3100/loki/api/v1/push"
}
}
'';
};
nginx.virtualHosts."monitor.enium.eu" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
proxyWebsockets = true;
};
};
};
systemd.services = {
alloy.serviceConfig.SupplementaryGroups = [ "systemd-journal" ];
process_exporter = {
description = "Prometheus Process Exporter";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.prometheus-process-exporter}/bin/process-exporter --config.path /etc/process-exporter.json";
Restart = "always";
};
};
};
environment.etc = {
"process-exporter.json".text = builtins.toJSON {
procMatchers = lib.map (svc: {
name = svc;
cmdline = [
"${svc}:"
]; ];
}) monitored; relabel_configs = [
}; {
"grafana/dashboards".source = dashboardsDir; source_labels = [ "__address__" ];
"prometheus/services.rules".text = '' target_label = "__param_target";
groups: }
- name: services {
rules: source_labels = [ "__param_target" ];
- alert: nginxServiceDown target_label = "instance";
expr: process_up{job="process_exporter",name="nginx"} == 0 }
for: 1m {
labels: target_label = "__address__";
severity: critical replacement = "127.0.0.1:9115";
annotations: }
summary: "Processus nginx arrêté" ];
description: "Le processus nginx ne tourne plus depuis >1m." proxy_url = "http://127.0.0.1:9115";
}
- alert: nginxServiceUp ];
expr: process_up{job="process_exporter",name="nginx"} == 1 ruleFiles = lib.mkForce [ "/etc/prometheus/services.rules" ];
for: 1m
labels:
severity: info
annotations:
summary: "Processus nginx rétabli"
description: "Le processus nginx tourne de nouveau."
- alert: grafanaServiceDown
expr: process_up{job="process_exporter",name="grafana"} == 0
for: 1m
labels:
severity: critical
annotations:
summary: "Processus grafana arrêté"
description: "Le processus grafana ne tourne plus depuis >1m."
- alert: grafanaServiceUp
expr: process_up{job="process_exporter",name="grafana"} == 1
for: 1m
labels:
severity: info
annotations:
summary: "Processus grafana rétabli"
description: "Le processus grafana tourne de nouveau."
'';
}; };
environment.etc."grafana/dashboards".source = dashboardsDir;
environment.etc."prometheus/services.rules".text = ''
groups:
- name: services
rules:
- alert: nginxServiceDown
expr: process_up{job="process_exporter",name="nginx"} == 0
for: 1m
labels:
severity: critical
annotations:
summary: "Processus nginx arrêté"
description: "Le processus nginx ne tourne plus depuis >1m."
- alert: nginxServiceUp
expr: process_up{job="process_exporter",name="nginx"} == 1
for: 1m
labels:
severity: info
annotations:
summary: "Processus nginx rétabli"
description: "Le processus nginx tourne de nouveau."
- alert: grafanaServiceDown
expr: process_up{job="process_exporter",name="grafana"} == 0
for: 1m
labels:
severity: critical
annotations:
summary: "Processus grafana arrêté"
description: "Le processus grafana ne tourne plus depuis >1m."
- alert: grafanaServiceUp
expr: process_up{job="process_exporter",name="grafana"} == 1
for: 1m
labels:
severity: info
annotations:
summary: "Processus grafana rétabli"
description: "Le processus grafana tourne de nouveau."
'';
services.nginx.virtualHosts."monitor.enium.eu" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
proxyWebsockets = true;
};
};
}; };
} }

11
services/self_host/nextcloud.nix
View file

@ -1,9 +1,4 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
let let
cfg = config.service.selfhost.nextcloud; cfg = config.service.selfhost.nextcloud;
@ -11,7 +6,7 @@ let
nextcloud-database = config.age.secrets."nextcloud-database".path; nextcloud-database = config.age.secrets."nextcloud-database".path;
dataDir = "/mnt/data/nextcloud"; dataDir = "/mnt/data/nextcloud";
in in
{ {
config = lib.mkIf cfg { config = lib.mkIf cfg {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
php php
@ -71,7 +66,7 @@ in
nextcloud = { nextcloud = {
enable = true; enable = true;
https = true; https = true;
package = pkgs.nextcloud33; package = pkgs.nextcloud32;
hostName = "nextcloud.enium.eu"; hostName = "nextcloud.enium.eu";
datadir = dataDir; datadir = dataDir;
config = { config = {

87
services/self_host/sso.nix
View file

@ -9,7 +9,8 @@ let
cfg = config.service.selfhost.sso; cfg = config.service.selfhost.sso;
kanidm-admin = config.age.secrets."kanidm-admin".path; kanidm-admin = config.age.secrets."kanidm-admin".path;
kanidm-idmAdmin = config.age.secrets."kanidm-idmAdmin".path; kanidm-idmAdmin = config.age.secrets."kanidm-idmAdmin".path;
forgejoLogo = pkgs.fetchurl { imagesDir = "/user/share/kanidm/assets";
kanidmLogo = pkgs.fetchurl {
url = "https://raw.githubusercontent.com/doc-sheet/forgejo/refs/heads/forgejo/assets/logo.svg"; url = "https://raw.githubusercontent.com/doc-sheet/forgejo/refs/heads/forgejo/assets/logo.svg";
name = "kanidm.svg"; name = "kanidm.svg";
sha256 = "sha256-rP7aZURtHBfF2OYuGLcKZhbvIN+B596T/3kaOxHUvig="; sha256 = "sha256-rP7aZURtHBfF2OYuGLcKZhbvIN+B596T/3kaOxHUvig=";
@ -24,16 +25,11 @@ let
name = "nextcloud.svg"; name = "nextcloud.svg";
sha256 = "sha256-hL51zJkFxUys1CoM8yUxiH8BDw111wh3Qv7eTLm+XYo="; sha256 = "sha256-hL51zJkFxUys1CoM8yUxiH8BDw111wh3Qv7eTLm+XYo=";
}; };
vaultLogo = pkgs.fetchurl {
url = "https://raw.githubusercontent.com/dani-garcia/vaultwarden/ba5519167634ebe1e1f0fc10d610d10d1f405101/resources/vaultwarden-icon.svg";
name = "vault.svg";
sha256 = "sha256-xY/pFVS9puG+Ub0M9WrISrY/eY1Rc+QeceGqHeUVx+8=";
};
in in
{ {
config = lib.mkIf cfg { config = lib.mkIf cfg {
users = { users = {
groups.kanidm = { }; groups.kanidm = {};
users.kanidm = { users.kanidm = {
isSystemUser = true; isSystemUser = true;
group = "kanidm"; group = "kanidm";
@ -43,21 +39,17 @@ in
security.acme.certs."auth.enium.eu".group = "nginx"; security.acme.certs."auth.enium.eu".group = "nginx";
services = { services = {
kanidm = { kanidm = {
package = pkgs.kanidmWithSecretProvisioning_1_9; package = pkgs.kanidmWithSecretProvisioning_1_8;
server = { enableServer = true;
enable = true; serverSettings = {
settings = { domain = "enium.eu";
domain = "enium.eu"; origin = "https://auth.enium.eu";
origin = "https://auth.enium.eu"; bindaddress = "127.0.0.1:9000";
bindaddress = "127.0.0.1:9000"; tls_chain = "/var/lib/acme/auth.enium.eu/fullchain.pem";
tls_chain = "/var/lib/acme/auth.enium.eu/fullchain.pem"; tls_key = "/var/lib/acme/auth.enium.eu/key.pem";
tls_key = "/var/lib/acme/auth.enium.eu/key.pem";
};
};
client = {
enable = true;
settings.uri = config.services.kanidm.server.settings.origin;
}; };
enableClient = true;
clientSettings.uri = config.services.kanidm.serverSettings.origin;
provision = { provision = {
enable = true; enable = true;
autoRemove = false; autoRemove = false;
@ -74,19 +66,6 @@ in
"grafana_superadmins" "grafana_superadmins"
"forgejo_admins" "forgejo_admins"
"nextcloud_user" "nextcloud_user"
"vault_admins"
];
};
deborah = {
displayName = "Deborah";
legalName = "Deborah Parodi";
mailAddresses = [
"deborah@enium.eu"
];
groups = [
"grafana_superadmins"
"forgejo_users"
"vault_users"
]; ];
}; };
}; };
@ -109,12 +88,6 @@ in
forgejo_users = { forgejo_users = {
present = true; present = true;
}; };
vault_admins = {
present = true;
};
vault_users = {
present = true;
};
nextcloud_user = { nextcloud_user = {
present = true; present = true;
}; };
@ -123,8 +96,8 @@ in
forgejo = { forgejo = {
present = true; present = true;
displayName = "Forjego"; displayName = "Forjego";
imageFile = forgejoLogo;
originUrl = "https://git.enium.eu"; originUrl = "https://git.enium.eu";
imageFile = kanidmLogo;
originLanding = "https://git.enium.eu/user/oauth2/Enium/callback"; originLanding = "https://git.enium.eu/user/oauth2/Enium/callback";
basicSecretFile = config.age.secrets.forgejo-oidc-secret.path; basicSecretFile = config.age.secrets.forgejo-oidc-secret.path;
public = false; public = false;
@ -238,47 +211,23 @@ in
email = { email = {
joinType = "array"; joinType = "array";
valuesByGroup = { valuesByGroup = {
nextcloud_user = [ "mail" ]; nextcloud_user = ["mail"];
}; };
}; };
preferred_username = { preferred_username = {
joinType = "array"; joinType = "array";
valuesByGroup = { valuesByGroup = {
nextcloud_user = [ "name" ]; nextcloud_user = ["name"];
}; };
}; };
name = { name = {
joinType = "array"; joinType = "array";
valuesByGroup = { valuesByGroup = {
nextcloud_user = [ "displayname" ]; nextcloud_user = ["displayname"];
}; };
}; };
}; };
}; };
vault = {
present = true;
displayName = "Vault";
imageFile = vaultLogo;
originUrl = "https://vault.enium.eu";
originLanding = "https://vault.enium.eu/identity/connect/oidc-signin";
basicSecretFile = config.age.secrets.vault-oidc-secret.path;
public = false;
enableLocalhostRedirects = false;
allowInsecureClientDisablePkce = false;
preferShortUsername = true;
scopeMaps = {
vault_admins = [
"openid"
"profile"
"email"
];
vault_users = [
"openid"
"profile"
"email"
];
};
};
}; };
}; };
}; };

35
services/self_host/vault.nix
View file

@ -1,35 +0,0 @@
{ config, ... }:
let
vaultEnv = config.age.secrets.vault-secret-env.path;
in
{
services.vaultwarden = {
enable = true;
environmentFile = vaultEnv;
config = {
DOMAIN = "https://vault.enium.eu";
ROCKET_PORT = 8222;
SIGNUPS_ALLOWED = false;
SSO_ENABLED = true;
SSO_CLIENT_ID = "vault";
SSO_CLIENT_SECRET = "cat ${config.age.secrets.vault-oidc-secret.path}";
SSO_AUTHORITY = "https://auth.enium.eu/oauth2/openid/vault";
SSO_SIGNUPS_MATCH_EMAIL = true;
SSO_PKCE = true;
SSO_SCOPES = "openid profile email";
SSO_ONLY = true;
};
};
services.nginx.virtualHosts."vault.enium.eu" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8222";
proxyWebsockets = true;
};
};
}

61
services/server/minecraft.nix
View file

@ -24,67 +24,18 @@ in
servers.enium-pv = { servers.enium-pv = {
enable = true; enable = true;
autoStart = true; package = pkgs.fabricServers.fabric-1_20_1;
package = pkgs.fabricServers.fabric-1_21_11; jvmOpts = "-Xms4092M -Xmx4092M";
restart = "always";
jvmOpts = "-Xms2048M -Xmx8192M";
serverProperties = { serverProperties = {
difficulty = 2; difficulty = 3;
gamemode = 0; gamemode = 0;
max-players = 42; max-players = 42;
motd = "§l §3 Enium Survival§r\n§l §b Whitelisted Server"; motd = "§l §3 Enium Survival§r\n§l §b Whitelisted Server";
server-port = 25565; server-port = 64421;
spawn-protection = 0; spawn-protection = 16;
white-list = true; white-list = true;
}; };
symlinks = { restart = "no";
mods = pkgs.linkFarmFromDrvs "mods" (
builtins.attrValues {
graves = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/kieAM9Us/versions/YiPkk2xn/ly-graves-v3.0.1.jar";
sha512 = "sha512-Wo+Sw6nVyqcaS7PWr+p3/+AkTYGAcuqk7heyBos/0jQYkCS/Z9q4Or6DInECkv8Cg4ZctmzrLOt6S8nr/sQYHw==";
};
lithium = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/gvQqBUqZ/versions/gl30uZvp/lithium-fabric-0.21.2%2Bmc1.21.11.jar";
sha512 = "sha512-lGJVEAE+DarxwuK22KRjyTL/YiD5G6WwzV+GhlghXwRtlNB7NGVmD1dsTcJ6WqGD373ByTA/EYlLWyWh3Gw7tg==";
};
jei = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/u6dRKJwZ/versions/9i2DXscL/jei-1.21.11-fabric-27.3.0.14.jar";
sha512 = "sha512-ua8at0LkNpFFIleVM6D6GQthBZvuIh7rt8GSuY0mKjMIJ+dJr5G0wIKqcnsT8oBwkQvlWuitfWAz/cnM1maM9A==";
};
jade = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/nvQzSEkH/versions/7cBo3s22/Jade-1.21.11-Fabric-21.0.1.jar";
sha512 = "sha512-aj1lnOyaPiH+AG6HYN6mNQtkqm1xGA+PCHouKn2U3t2mpfJ+r7+T3nCtxgbHXAe9/NncJb46Ds9ZTgIt7odRGw==";
};
chuncky = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/fALzjamp/versions/1CpEkmcD/Chunky-Fabric-1.4.55.jar";
sha512 = "sha512-O+DgSePepiVrOVzLH33MycayPLex9qcXp80cpV+dvaSJZ53zKGjHJmTrsoygXyw2ZZDR4aEfDcX2n5R5A7rYMw==";
};
fabric_api = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/P7dR8mSH/versions/gB6TkYEJ/fabric-api-0.140.2%2B1.21.11.jar";
sha512 = "sha512-r0RleX2AQBAhpq78jFRyAOfA+MrhNCmb8/r7wxD6gfBVJGsGFPwOA3U49KhE5VqtMKv6PGdGBCKFPfxCbwhtAA==";
};
create_fly = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/dKvj0eNn/versions/be2IkC5H/create-fly-1.21.11-6.0.8-4.jar";
sha512 = "1r9qx8q5s49xlycs9k02ylb0cgn5x0d3s0crl0942kwf2r6vvnk8pv46bxj6p4jnqg4r5c6b4526zjxwdjc1d5fg7613sgv6f71817x";
};
}
);
};
whitelist = {
EniumRaphael = "3134072d-eb2f-49d5-afb4-2a3cc4375100";
EniumBenjamin = "63e7d8d3-5090-4323-a7e6-c89707747b4b";
EniumTeam = "d4706408-ccfc-4a3d-b128-07db95b34843";
Zeldraft = "01cf2ab1-68a5-48c1-a948-76cda9574ae5";
dprive05 = "0ad8a45a-417a-40d3-aa10-b67765792c42";
};
operators = {
Zeldraft = {
uuid = "01cf2ab1-68a5-48c1-a948-76cda9574ae5";
level = 4;
bypassesPlayerLimit = true;
};
};
}; };
}; };
}; };

7
services/server/teamspeak.nix
View file

@ -21,13 +21,6 @@ in
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:9987"; proxyPass = "http://127.0.0.1:9987";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = ''
proxy_ssl_verify off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
'';
}; };
}; };
}; };

4
services/web/portefolio.nix
View file

@ -36,8 +36,8 @@ in
}; };
security.acme = { security.acme = {
certs = { certs = {
"parodi.pro" = { }; "parodi.pro" = {};
"raphael.parodi.pro" = { }; "raphael.parodi.pro" = {};
}; };
}; };
}; };