Files organization update

templates/nix-config/misc/activation.nix

@@ -0,0 +1,57 @@
+{ config, pkgs, ... }:
+
+{
+  systemd.services.numbus-activation-chowned = {
+    description = "Numbus-Server activation : Correct permissions";
+    wantedBy = [ "multi-user.target" "traefik.service" ];
+    after = [ "network.target" "local-fs.target" ];
+    path = [ pkgs.coreutils ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+    };
+    script = ''
+      #!/usr/bin/env bash
+
+      if [[ -e /home/numbus-admin/.numbus-server/chowned.true ]]; then
+        exit 0
+      fi
+
+      mkdir -p /mnt/config/ /mnt/data/ /mnt/data/nextcloud/ 
+      mkdir -p /home/numbus-admin/.numbus-server/
+      chown -R numbus-admin:users /mnt/config/
+      chown -R numbus-admin:users /mnt/data/
+      chown -R 100032:users /mnt/data/nextcloud/
+      chown -R numbus-admin:users /home/numbus-admin/.numbus-server/
+
+      touch /home/numbus-admin/.numbus-server/chowned.true
+    '';
+  };
+
+  systemd.services.numbus-activation-networked = {
+    description = "Numbus-Server activation : Create podman networks";
+    wantedBy = [ "multi-user.target" "traefik.service" ];
+    before = [ "traefik.service" ];
+    after = [ "network.target" "local-fs.target" "numbus-activation-chowned.service" ];
+    path = [ pkgs.podman pkgs.coreutils ];
+    serviceConfig = {
+      User = "numbus-admin";
+      Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ];
+      Type = "oneshot";
+      RemainAfterExit = true;
+    };
+    script = ''
+      #!/usr/bin/env bash
+
+      export PATH=$PATH:/run/wrappers/bin
+
+      if [[ -e /home/numbus-admin/.numbus-server/networked.true ]]; then
+        exit 0
+      fi
+
+PODMAN_NETWORKS
+      mkdir -p /home/numbus-admin/.numbus-server/
+      touch /home/numbus-admin/.numbus-server/networked.true
+    '';
+  };
+}

templates/nix-config/misc/mail.nix

@@ -0,0 +1,74 @@
+{ config, pkgs, lib, ... }:
+
+let
+  cfg = config.email;
+in
+
+### --> Mail notifications configuration
+{
+  options.email = {
+    enable = lib.mkEnableOption "Email sending functionality";
+    fromAddress = lib.mkOption {
+      description = "The 'from' address";
+      type = lib.types.str;
+      default = "no-reply@DOMAIN_NAME";
+    };
+    userAddress = lib.mkOption {
+      description = "The 'to' address";
+      type = lib.types.str;
+      default = "EMAIL_ADDRESS";
+    };
+    adminAddress = lib.mkOption {
+      description = "The admin email address to receive alerts in copy";
+      type = lib.types.str;
+      default = "admin@numbus.eu";
+    };
+    smtpServer = lib.mkOption {
+      description = "The SMTP server address";
+      type = lib.types.str;
+      default = "SENDER_MAIL_DOMAIN";
+    };
+    smtpPort = lib.mkOption {
+      description = "The SMTP port";
+      type = lib.types.port;
+      default = 465;
+    };
+    smtpUsername = lib.mkOption {
+      description = "The SMTP username";
+      type = lib.types.str;
+      default = "SENDER_MAIL_ADDRESS";
+    };
+    smtpPasswordPath = lib.mkOption {
+      description = "Path to the secret containing SMTP password";
+      type = lib.types.path;
+      default = config.sops.secrets.sender_email_address_password.path;
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    environment.etc."aliases".text = ''
+      root: ${config.email.userAddress}, ${config.email.adminAddress}
+      default: ${config.email.userAddress}, ${config.email.adminAddress}
+    '';
+
+    programs.msmtp = {
+      enable = true;
+      defaults = {
+        aliases = "/etc/aliases";
+        timeout = 60;
+        syslog = "on";
+      };
+      accounts.default = {
+        auth = true;
+        host = config.email.smtpServer;
+        port = config.email.smtpPort;
+        from = config.email.fromAddress;
+        user = config.email.smtpUsername;
+        tls = true;
+        tls_starttls = false;
+        passwordeval = "${pkgs.coreutils}/bin/cat ${config.email.smtpPasswordPath}";
+      };
+    };
+  };
+### Mail notifications configuration <--
+}

templates/nix-config/misc/networking.nix

@@ -0,0 +1,33 @@
+{ config, pkgs, lib, ... }:
+
+{
+  # Hostname
+  networking.hostName = "numbus-server";
+
+  networking.networkmanager.enable = false;
+  networking.resolvconf.enable = false;
+
+  networking.nftables.enable = true;
+  networking.firewall.enable = true;
+
+  # Allow rootless containers to bind to port 53 and up
+  boot.kernel.sysctl."net.ipv4.ip_unprivileged_port_start" = 53;
+
+  # Bridge configuration for VMs
+  networking.bridges.br0.interfaces = [ "TARGET_INTERFACE" ];
+  networking.interfaces.br0.useDHCP = false;
+  networking.nameservers = [ "127.0.0.1" "9.9.9.9" ];
+  networking.interfaces.br0.ipv4.addresses = [{
+    address = "HOME_SERVER_IP";
+    prefixLength = 24;
+  }];
+  networking.defaultGateway = {
+    address = "HOME_ROUTER_IP";
+    interface = "br0";
+  };
+
+  # Open ports in the firewall
+  networking.firewall.allowPing = true;
+  networking.firewall.allowedTCPPorts = [ 53 80 443 ];
+  networking.firewall.allowedUDPPorts = [ 53 443 ];
+}

templates/nix-config/misc/smart.nix

@@ -0,0 +1,62 @@
+{ config, pkgs, ... }:
+
+let
+  smartd_notifier = pkgs.writeScript "smartd-notify.sh" ''
+    #!${pkgs.bash}/bin/bash
+    
+    # 1. Send Technical Email to Admin
+    ADMIN_EMAIL="${config.email.adminAddress}"
+    SUBJECT="Numbus Server Alert: $SMARTD_FAILTYPE on $SMARTD_DEVICE"
+    
+    TECH_BODY="
+    SMARTD Alert Details:
+    Server owner: $OWNER_NAME
+    Device: $SMARTD_DEVICE
+    Type: $SMARTD_DEVICETYPE
+    Failure Type: $SMARTD_FAILTYPE
+    Message: $SMARTD_MESSAGE
+    
+    Full Message:
+    $SMARTD_FULLMESSAGE
+    "
+    printf "Subject: [ADMIN] $SUBJECT\n\n$TECH_BODY" | /run/wrappers/bin/sendmail -t "$ADMIN_EMAIL"
+
+    # 2. Send Friendly Email to Owner
+    USER_EMAIL="${config.email.userAddress}"
+    OWNER_NAME=$(cat /etc/numbus-server/owner 2>/dev/null || echo "User")
+    
+    FRIENDLY_BODY="Cher/Chère $OWNER_NAME,
+
+    Votre serveur a automatiquement détecté une panne matérielle de disque dur.
+    Ce genre de panne est tout à fait normal selon l'âge de votre matériel et n'entraîne
+    dans la grande majorité des cas aucune perte de données grâce au système de
+    stockage redondant préventif.
+
+    Votre administrateur a été notifié de cette panne. Il vous recontactera dans de très
+    brefs délais afin de procéder au remplacement, si nécessaire, du disque dur défaillant.
+
+    Merci de votre confiance,
+    L'équipe de support,
+    Numbus-Server."
+    
+    printf "Subject: [Alerte] Défaillance matérielle sur votre serveur Numbus\n\n$FRIENDLY_BODY" | /run/wrappers/bin/sendmail -t "$USER_EMAIL"
+  '';
+in
+{
+### --> SMART disk heath
+  services.smartd = {
+    enable = true;
+    defaults.autodetected = "-a -o on -S on -s (S/../.././00|L/../../6/01) -n standby,q -M exec ${smartd_notifier}";
+    notifications = {
+      wall = {
+        enable = true;
+      };
+      mail = {
+        enable = true;
+        sender = config.email.fromAddress;
+        recipient = "${config.email.userAddress},${config.email.adminAddress}";
+      };
+    };
+  };
+### SMART disk heath <--
+}