logistic-bot/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nix/t470.nix

99 lines
3.1 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ pkgs, lib, ... }:
{
imports = [
./hardware-configuration-t470.nix
./common.nix
./borgbackup.nix
];
networking.hostName = "t470"; # Define your hostname.
# automount smb music share
fileSystems."/home/khais/Music" = {
device = "//void/Music";
fsType = "cifs";
options = let
# prevent hanging when network is not reachable
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in [ "${automount_opts},credentials=/etc/nixos/secrets/music.smb" ];
};
fileSystems."/home/khais/Books" = {
device = "//void/Books";
fsType = "cifs";
options = let
# prevent hanging when network is not reachable
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in [ "${automount_opts},credentials=/etc/nixos/secrets/books.smb" ];
};
# scanner drop point
services.vsftpd = {
enable = true;
localUsers = true;
anonymousUser = false;
writeEnable = true;
chrootlocalUser = true;
userlistEnable = true;
userlist = [ "paperless-upload" ];
userlistDeny = false;
extraConfig = ''
log_ftp_protocol=YES
pasv_enable=YES
pasv_min_port=51000
pasv_max_port=51999
local_umask=022
file_open_mode=0777
user_sub_token=$USER
local_root=/var/lib/ftp/$USER
allow_writeable_chroot=YES
'';
};
networking.firewall.allowedTCPPorts = [ 21 ];
networking.firewall.allowedTCPPortRanges = [
{
from = 51000;
to = 51999;
}
];
users.groups.paperless-upload = {};
users.users.paperless-upload = {
isNormalUser = true;
group = "paperless-upload";
};
system.activationScripts.makeFtpDirectory = lib.stringAfter [ "var" ] ''
mkdir -m 775 -p /var/lib/ftp
chown root:root /var/lib/ftp
mkdir -m 700 -p /var/lib/ftp/paperless-upload
chown paperless-upload:paperless-upload /var/lib/ftp/paperless-upload
'';
systemd.services.uploadPaperlessDocuments = {
path = [ pkgs.openssh pkgs.inotify-tools ];
serviceConfig = {
User = "paperless-upload";
StandardOutput = "journal+console";
StandardError = "journal+console";
};
script = ''
# wait for document to finish uploading
inotifywait --event close_write --timeout 60 /var/lib/ftp/paperless-upload
# copy documents over
${pkgs.rsync}/bin/rsync --verbose --stats --sparse --recursive --checksum --remove-source-files /var/lib/ftp/paperless-upload/ paperless-upload@005540.xyz:/var/lib/paperless-upload
'';
};
systemd.paths.uploadPaperlessDocuments = {
pathConfig = {
PathChanged = "/var/lib/ftp/paperless-upload/";
};
wantedBy = [ "multi-user.target" ];
};
# fingerprint sensor setup
services.open-fprintd.enable = true;
services.python-validity.enable = true;
}
Reference in a new issue View git blame Copy permalink