nix/t470.nix

# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).
{
  pkgs,
  lib,
  ...
}: {
  imports = [
    ./hardware-configuration-t470.nix
    ./common.nix

    ./borgbackup.nix
  ];

  networking.hostName = "t470"; # Define your hostname.

  fileSystems."/home/khais/Books" = {
    device = "//void/Books";
    fsType = "cifs";
    options = let
      # prevent hanging when network is not reachable
      automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
    in ["${automount_opts},credentials=/etc/nixos/secrets/books.smb"];
  };

  # scanner drop point
  services.vsftpd = {
    enable = true;
    localUsers = true;
    anonymousUser = false;
    writeEnable = true;
    chrootlocalUser = true;
    userlistEnable = true;
    userlist = ["paperless-upload"];
    userlistDeny = false;
    extraConfig = ''
      log_ftp_protocol=YES
      pasv_enable=YES
      pasv_min_port=51000
      pasv_max_port=51999
      local_umask=022
      file_open_mode=0777
      user_sub_token=$USER
      local_root=/var/lib/ftp/$USER
      allow_writeable_chroot=YES
    '';
  };
  networking.firewall.allowedTCPPorts = [21];
  networking.firewall.allowedTCPPortRanges = [
    {
      from = 51000;
      to = 51999;
    }
  ];
  users.groups.paperless-upload = {};
  users.users.paperless-upload = {
    isNormalUser = true;
    group = "paperless-upload";
  };
  system.activationScripts.makeFtpDirectory = lib.stringAfter ["var"] ''
    mkdir -m 775 -p /var/lib/ftp
    chown root:root /var/lib/ftp
    mkdir -m 700 -p /var/lib/ftp/paperless-upload
    chown paperless-upload:paperless-upload /var/lib/ftp/paperless-upload
  '';
  systemd.services.uploadPaperlessDocuments = {
    path = [pkgs.openssh pkgs.inotify-tools];
    serviceConfig = {
      User = "paperless-upload";
      StandardOutput = "journal+console";
      StandardError = "journal+console";
    };
    script = ''
      # wait for document to finish uploading
      inotifywait --event close_write --timeout 60 /var/lib/ftp/paperless-upload
      # copy documents over
      ${pkgs.rsync}/bin/rsync --verbose --stats --sparse --recursive --checksum --remove-source-files /var/lib/ftp/paperless-upload/ paperless-upload@005540.xyz:/var/lib/paperless-upload
    '';
  };
  systemd.paths.uploadPaperlessDocuments = {
    pathConfig = {
      PathChanged = "/var/lib/ftp/paperless-upload/";
    };
    wantedBy = ["multi-user.target"];
  };
}
-												refactor: move to a multi-machine configuration

											
										
										
											2024-08-23 10:20:05 +02:00
+								# Edit this configuration file to define what should be installed on
 								# your system.  Help is available in the configuration.nix(5) man page
 								# and in the NixOS manual (accessible by running ‘nixos-help’).
 								{
-												chore: format code with alejandra

											
										
										
											2024-09-18 12:03:23 +02:00
+								  pkgs,
 								  lib,
 								  ...
 								}: {
-												refactor: move to a multi-machine configuration

											
										
										
											2024-08-23 10:20:05 +02:00
+								  imports = [
 								    ./hardware-configuration-t470.nix
-												fix(t470): did not import common.nix

											
										
										
											2024-08-23 14:39:38 +02:00
+								    ./common.nix
-												refactor: move to a multi-machine configuration

											
										
										
											2024-08-23 10:20:05 +02:00
+								    ./borgbackup.nix
 								  ];
 								  networking.hostName = "t470"; # Define your hostname.
 								  fileSystems."/home/khais/Books" = {
 								    device = "//void/Books";
 								    fsType = "cifs";
-												chore: format code with alejandra

											
										
										
											2024-09-18 12:03:23 +02:00
+								    options = let
-												refactor: move to a multi-machine configuration

											
										
										
											2024-08-23 10:20:05 +02:00
+								      # prevent hanging when network is not reachable
 								      automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
-												chore: format code with alejandra

											
										
										
											2024-09-18 12:03:23 +02:00
+								    in ["${automount_opts},credentials=/etc/nixos/secrets/books.smb"];
-												refactor: move to a multi-machine configuration

											
										
										
											2024-08-23 10:20:05 +02:00
+								  };
-												feat(paperless): create scanner drop point

New layout:
Scanner -(unsecure ftp over lan)-> t470 -(secure rsync)-> paperless.005540.xyz

											
										
										
											2024-08-30 15:26:14 +02:00
+								  # scanner drop point
 								  services.vsftpd = {
 								    enable = true;
 								    localUsers = true;
 								    anonymousUser = false;
 								    writeEnable = true;
 								    chrootlocalUser = true;
 								    userlistEnable = true;
-												chore: format code with alejandra

											
										
										
											2024-09-18 12:03:23 +02:00
+								    userlist = ["paperless-upload"];
-												feat(paperless): create scanner drop point

New layout:
Scanner -(unsecure ftp over lan)-> t470 -(secure rsync)-> paperless.005540.xyz

											
										
										
											2024-08-30 15:26:14 +02:00
+								    userlistDeny = false;
 								    extraConfig = ''
 								      log_ftp_protocol=YES
 								      pasv_enable=YES
 								      pasv_min_port=51000
 								      pasv_max_port=51999
 								      local_umask=022
 								      file_open_mode=0777
 								      user_sub_token=$USER
 								      local_root=/var/lib/ftp/$USER
 								      allow_writeable_chroot=YES
 								    '';
 								  };
-												chore: format code with alejandra

											
										
										
											2024-09-18 12:03:23 +02:00
+								  networking.firewall.allowedTCPPorts = [21];
-												feat(paperless): create scanner drop point

New layout:
Scanner -(unsecure ftp over lan)-> t470 -(secure rsync)-> paperless.005540.xyz

											
										
										
											2024-08-30 15:26:14 +02:00
+								  networking.firewall.allowedTCPPortRanges = [
 								    {
 								      from = 51000;
 								      to = 51999;
 								    }
 								  ];
 								  users.groups.paperless-upload = {};
 								  users.users.paperless-upload = {
-												feat(paperless): create document upload service

											
										
										
											2024-08-30 18:23:16 +02:00
+								    isNormalUser = true;
-												feat(paperless): create scanner drop point

New layout:
Scanner -(unsecure ftp over lan)-> t470 -(secure rsync)-> paperless.005540.xyz

											
										
										
											2024-08-30 15:26:14 +02:00
+								    group = "paperless-upload";
 								  };
-												chore: format code with alejandra

											
										
										
											2024-09-18 12:03:23 +02:00
+								  system.activationScripts.makeFtpDirectory = lib.stringAfter ["var"] ''
-												feat(paperless): create scanner drop point

New layout:
Scanner -(unsecure ftp over lan)-> t470 -(secure rsync)-> paperless.005540.xyz

											
										
										
											2024-08-30 15:26:14 +02:00
+								    mkdir -m 775 -p /var/lib/ftp
 								    chown root:root /var/lib/ftp
 								    mkdir -m 700 -p /var/lib/ftp/paperless-upload
 								    chown paperless-upload:paperless-upload /var/lib/ftp/paperless-upload
 								  '';
-												feat(paperless): create document upload service

											
										
										
											2024-08-30 18:23:16 +02:00
+								  systemd.services.uploadPaperlessDocuments = {
-												chore: format code with alejandra

											
										
										
											2024-09-18 12:03:23 +02:00
+								    path = [pkgs.openssh pkgs.inotify-tools];
-												feat(paperless): create document upload service

											
										
										
											2024-08-30 18:23:16 +02:00
+								    serviceConfig = {
 								      User = "paperless-upload";
 								      StandardOutput = "journal+console";
 								      StandardError = "journal+console";
 								    };
 								    script = ''
-												fix(paperless): wait for documents to finish uploading to t470 before transmitting to 005540.xyz

											
										
										
											2024-08-30 20:59:00 +02:00
+								      # wait for document to finish uploading
-												fix(paperless): timeout after waiting 60secs for document to finish uploading

this prevents having a stuck service

											
										
										
											2024-08-30 21:06:14 +02:00
+								      inotifywait --event close_write --timeout 60 /var/lib/ftp/paperless-upload
-												fix(paperless): wait for documents to finish uploading to t470 before transmitting to 005540.xyz

											
										
										
											2024-08-30 20:59:00 +02:00
+								      # copy documents over
-												feat(paperless): remove uploaded files from t470

											
										
										
											2024-08-30 21:03:33 +02:00
+								      ${pkgs.rsync}/bin/rsync --verbose --stats --sparse --recursive --checksum --remove-source-files /var/lib/ftp/paperless-upload/ paperless-upload@005540.xyz:/var/lib/paperless-upload
-												feat(paperless): create document upload service

											
										
										
											2024-08-30 18:23:16 +02:00
+								    '';
 								  };
-												feat(paperless): start upload service if new documents are detected

											
										
										
											2024-08-30 20:35:56 +02:00
+								  systemd.paths.uploadPaperlessDocuments = {
 								    pathConfig = {
 								      PathChanged = "/var/lib/ftp/paperless-upload/";
 								    };
-												chore: format code with alejandra

											
										
										
											2024-09-18 12:03:23 +02:00
+								    wantedBy = ["multi-user.target"];
-												feat(paperless): start upload service if new documents are detected

											
										
										
											2024-08-30 20:35:56 +02:00
+								  };
-												refactor: move to a multi-machine configuration

											
										
										
											2024-08-23 10:20:05 +02:00
+								}