logistic-bot/quasar
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

merge into: logistic-bot:paperless-testing-vm
Branches Tags
logistic-bot:master
logistic-bot:paperless-testing-vm
...
pull from: logistic-bot:master
Branches Tags
logistic-bot:master
logistic-bot:paperless-testing-vm
Sign in to create a new pull request.

11 commits
paperless- ... master

Author SHA1 Message Date
Khaïs COLIN
6304a4890b
fix: sourcehut did not allow cloning from https 2025-03-27 23:00:20 +01:00
Khaïs COLIN
fffa0a4cae
update all flakes 2025-03-27 22:27:24 +01:00
Khaïs COLIN
9020192203 fix(paperless): do not fail to import documents with digital signatures 2024-11-09 22:29:12 +01:00
Khaïs COLIN
b6f76847a3 feat(syncthing): setup syncthing 2024-10-29 11:04:57 +01:00
Khaïs COLIN
9767e8e0e4 fix: disable mailserver for now, wait 1 month and try again 2024-09-07 15:20:19 +02:00
Khaïs COLIN
db88f75b34 fix(mail): open needed ports 2024-09-06 18:01:51 +02:00
Khaïs COLIN
c751c047f4 feat: enable IPv6 networking 2024-09-06 17:48:29 +02:00
Khaïs COLIN
d17dfebff8 feat(mail): basic config 2024-09-02 14:13:17 +02:00
Khaïs COLIN
cb15994cc6 feat(mailserver): flake setup 2024-09-02 14:05:30 +02:00
Khaïs COLIN
f7d3397b40 fix(vnc): reset keymap to us 2024-09-02 11:37:19 +02:00
Khaïs COLIN
d62b4a8204 fix(paperless): increase worker timeout for large documents 2024-09-01 12:00:46 +02:00
10 changed files with 190 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

8
configuration.nix
View file

@ -5,6 +5,7 @@ in
{ lib, ... }: {
imports = [
./hardware-configuration.nix
./networking.nix
./audit.nix
./openssh.nix
@ -24,8 +25,9 @@ in
./postgresql.nix
(import ./sourcehut.nix { inherit base-domain; })
(import ./paperless.nix { inherit base-domain lib; })
(import ./mailserver.nix { inherit base-domain; })
(import ./syncthing.nix { inherit base-domain; })
./userprogs.nix
];
@ -36,10 +38,8 @@ in
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
networking.hostName = "quasar";
users.users.root.initialPassword = "asunarovow";
networking.domain = "";
nix.allowedUsers = [ "@wheel" "root" ];
console.keyMap = "fr";
console.keyMap = "us";
system.stateVersion = "23.11";
}

4
firewall.nix
View file

@ -1,8 +1,8 @@
{
networking.firewall = {
enable = true;
allowedTCPPorts = [ 22 80 443 21 ];
allowedUDPPorts = [ 22 80 443 ];
allowedTCPPorts = [ 22 80 443 21 25 465 587 143 993 995 110 22000 ];
allowedUDPPorts = [ 22 80 443 25 465 587 143 993 995 110 22000 ];
allowedTCPPortRanges = [
# vsftpd passive
{

127
flake.lock generated
View file

@ -1,12 +1,44 @@
{
"nodes": {
"blobs": {
"flake": false,
"locked": {
"lastModified": 1604995301,
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"type": "gitlab"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1724316499,
"narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=",
"lastModified": 1735563628,
"narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841",
"rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
"type": "github"
},
"original": {
@ -16,9 +48,96 @@
"type": "github"
}
},
"nixpkgs-24_05": {
"locked": {
"lastModified": 1717144377,
"narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "805a384895c696f802a9bf5bf4720f37385df547",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-24.05",
"type": "indirect"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1717602782,
"narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-unstable",
"type": "indirect"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
"nixpkgs": "nixpkgs",
"simple-nixos-mailserver": "simple-nixos-mailserver"
}
},
"simple-nixos-mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs_2",
"nixpkgs-24_05": "nixpkgs-24_05",
"utils": "utils"
},
"locked": {
"lastModified": 1734885828,
"narHash": "sha256-G0fB1YBlkalu8lLGRB07K8CpUWNVd+unfrjNomSL7SM=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "636b82f4175e3f6b1e80d2189bb0469e2ae01a55",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"ref": "nixos-24.05",
"repo": "nixos-mailserver",
"type": "gitlab"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1709126324,
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},

4
flake.nix
View file

@ -3,13 +3,15 @@
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
};
outputs = { self, nixpkgs, ... }: {
outputs = { nixpkgs, simple-nixos-mailserver, ... }: {
nixosConfigurations.quasar = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./configuration.nix
simple-nixos-mailserver.nixosModule
];
};
};

21
mailserver.nix Normal file
View file

@ -0,0 +1,21 @@
{ base-domain, ... }:
let
fqdn = "mail.${base-domain}";
in
{
mailserver = {
enable = false;
debug = true;
inherit fqdn;
domains = [ base-domain ];
loginAccounts = {
"khais.colin@${base-domain}" = {
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
hashedPasswordFile = "/etc/nixos/secrets/mailserver/khais.colin.hashpassword";
};
};
certificateScheme = "acme-nginx";
};
}

14
networking.nix Normal file
View file

@ -0,0 +1,14 @@
{
networking.hostName = "quasar";
networking.domain = "";
networking.interfaces.ens18 = {
ipv6.addresses = [{
address = "2a02:c206:2209:5178:0000:0000:0000:0001";
prefixLength = 64;
}];
};
networking.defaultGateway6 = {
address = "fe80::1";
interface = "ens18";
};
}

7
nginx.nix
View file

@ -26,6 +26,13 @@
proxyPass = "http://localhost:28981";
};
};
"syncthing.${base-domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://syncthing.${base-domain}:8384";
};
};
};
};
}

4
paperless.nix
View file

@ -19,6 +19,9 @@ in
PAPERLESS_OCR_USER_ARGS = {
optimize = 1;
pdfa_image_compression = "lossless";
# do not fail to import documents that have a digital signature
# https://github.com/paperless-ngx/paperless-ngx/discussions/4047#discussioncomment-7019544
invalidate_digital_signatures = true;
};
PAPERLESS_TIME_ZONE = "Europe/Paris";
PAPERLESS_CONSUMER_ENABLE_BARCODES = "true";
@ -26,6 +29,7 @@ in
PAPERLESS_CONSUMER_BARCODE_SCANNER = "ZXING";
PAPERLESS_TASK_WORKERS = "4";
PAPERLESS_THREADS_PER_WORKER = "1";
PAPERLESS_WORKER_TIMEOUT = "18000";
};
};
users.groups.paperless-upload = {};

2
sourcehut.nix
View file

@ -4,6 +4,8 @@ let
fqdn = "sourcehut.${base-domain}";
in
{
# workaround: https://github.com/NixOS/nixpkgs/issues/317865
programs.git.config.safe.directory = "*";
services.sourcehut = {
enable = true;
meta = {

10
syncthing.nix Normal file
View file

@ -0,0 +1,10 @@
{ base-domain, ... }:
let
fqdn = "syncthing.${base-domain}:8384";
in
{
services.syncthing = {
enable = true;
guiAddress = fqdn;
};
}