Compare commits
11 commits
paperless-
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
6304a4890b
|
|||
|
fffa0a4cae
|
|||
| 9020192203 | |||
| b6f76847a3 | |||
| 9767e8e0e4 | |||
| db88f75b34 | |||
| c751c047f4 | |||
| d17dfebff8 | |||
| cb15994cc6 | |||
| f7d3397b40 | |||
| d62b4a8204 |
10 changed files with 191 additions and 17 deletions
|
|
@ -1,10 +1,11 @@
|
|||
# vim: tabstop=2 shiftwidth=2 expandtab
|
||||
let
|
||||
base-domain = "paperless-testing.hummingbird-stork.ts.net";
|
||||
base-domain = "005540.xyz";
|
||||
in
|
||||
{ lib, ... }: {
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
./networking.nix
|
||||
./audit.nix
|
||||
|
||||
./openssh.nix
|
||||
|
|
@ -24,8 +25,9 @@ in
|
|||
./postgresql.nix
|
||||
|
||||
(import ./sourcehut.nix { inherit base-domain; })
|
||||
|
||||
(import ./paperless.nix { inherit base-domain lib; })
|
||||
(import ./mailserver.nix { inherit base-domain; })
|
||||
(import ./syncthing.nix { inherit base-domain; })
|
||||
|
||||
./userprogs.nix
|
||||
];
|
||||
|
|
@ -36,10 +38,8 @@ in
|
|||
|
||||
boot.tmp.cleanOnBoot = true;
|
||||
zramSwap.enable = true;
|
||||
networking.hostName = "paperless-testing";
|
||||
users.users.root.initialPassword = "asunarovow";
|
||||
networking.domain = "";
|
||||
nix.allowedUsers = [ "@wheel" "root" ];
|
||||
console.keyMap = "fr";
|
||||
console.keyMap = "us";
|
||||
system.stateVersion = "23.11";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
{
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [ 22 80 443 21 ];
|
||||
allowedUDPPorts = [ 22 80 443 ];
|
||||
allowedTCPPorts = [ 22 80 443 21 25 465 587 143 993 995 110 22000 ];
|
||||
allowedUDPPorts = [ 22 80 443 25 465 587 143 993 995 110 22000 ];
|
||||
allowedTCPPortRanges = [
|
||||
# vsftpd passive
|
||||
{
|
||||
|
|
|
|||
127
flake.lock
generated
127
flake.lock
generated
|
|
@ -1,12 +1,44 @@
|
|||
{
|
||||
"nodes": {
|
||||
"blobs": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1604995301,
|
||||
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
|
||||
"owner": "simple-nixos-mailserver",
|
||||
"repo": "blobs",
|
||||
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
|
||||
"type": "gitlab"
|
||||
},
|
||||
"original": {
|
||||
"owner": "simple-nixos-mailserver",
|
||||
"repo": "blobs",
|
||||
"type": "gitlab"
|
||||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1696426674,
|
||||
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1724316499,
|
||||
"narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=",
|
||||
"lastModified": 1735563628,
|
||||
"narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841",
|
||||
"rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -16,9 +48,96 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-24_05": {
|
||||
"locked": {
|
||||
"lastModified": 1717144377,
|
||||
"narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "805a384895c696f802a9bf5bf4720f37385df547",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"ref": "nixos-24.05",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1717602782,
|
||||
"narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"ref": "nixos-unstable",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs"
|
||||
"nixpkgs": "nixpkgs",
|
||||
"simple-nixos-mailserver": "simple-nixos-mailserver"
|
||||
}
|
||||
},
|
||||
"simple-nixos-mailserver": {
|
||||
"inputs": {
|
||||
"blobs": "blobs",
|
||||
"flake-compat": "flake-compat",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"nixpkgs-24_05": "nixpkgs-24_05",
|
||||
"utils": "utils"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1734885828,
|
||||
"narHash": "sha256-G0fB1YBlkalu8lLGRB07K8CpUWNVd+unfrjNomSL7SM=",
|
||||
"owner": "simple-nixos-mailserver",
|
||||
"repo": "nixos-mailserver",
|
||||
"rev": "636b82f4175e3f6b1e80d2189bb0469e2ae01a55",
|
||||
"type": "gitlab"
|
||||
},
|
||||
"original": {
|
||||
"owner": "simple-nixos-mailserver",
|
||||
"ref": "nixos-24.05",
|
||||
"repo": "nixos-mailserver",
|
||||
"type": "gitlab"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"utils": {
|
||||
"inputs": {
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1709126324,
|
||||
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
|
|||
|
|
@ -3,13 +3,15 @@
|
|||
|
||||
inputs = {
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
|
||||
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, ... }: {
|
||||
outputs = { nixpkgs, simple-nixos-mailserver, ... }: {
|
||||
nixosConfigurations.quasar = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
./configuration.nix
|
||||
simple-nixos-mailserver.nixosModule
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
|||
21
mailserver.nix
Normal file
21
mailserver.nix
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
{ base-domain, ... }:
|
||||
let
|
||||
fqdn = "mail.${base-domain}";
|
||||
in
|
||||
{
|
||||
mailserver = {
|
||||
enable = false;
|
||||
debug = true;
|
||||
inherit fqdn;
|
||||
domains = [ base-domain ];
|
||||
|
||||
loginAccounts = {
|
||||
"khais.colin@${base-domain}" = {
|
||||
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
|
||||
hashedPasswordFile = "/etc/nixos/secrets/mailserver/khais.colin.hashpassword";
|
||||
};
|
||||
};
|
||||
|
||||
certificateScheme = "acme-nginx";
|
||||
};
|
||||
}
|
||||
14
networking.nix
Normal file
14
networking.nix
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
{
|
||||
networking.hostName = "quasar";
|
||||
networking.domain = "";
|
||||
networking.interfaces.ens18 = {
|
||||
ipv6.addresses = [{
|
||||
address = "2a02:c206:2209:5178:0000:0000:0000:0001";
|
||||
prefixLength = 64;
|
||||
}];
|
||||
};
|
||||
networking.defaultGateway6 = {
|
||||
address = "fe80::1";
|
||||
interface = "ens18";
|
||||
};
|
||||
}
|
||||
12
nginx.nix
12
nginx.nix
|
|
@ -6,14 +6,9 @@
|
|||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedProxySettings = true;
|
||||
serverNamesHashBucketSize = 128;
|
||||
virtualHosts = {
|
||||
"${base-domain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:28981";
|
||||
};
|
||||
};
|
||||
"sourcehut.${base-domain}" = {
|
||||
enableACME = true;
|
||||
|
|
@ -31,6 +26,13 @@
|
|||
proxyPass = "http://localhost:28981";
|
||||
};
|
||||
};
|
||||
"syncthing.${base-domain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://syncthing.${base-domain}:8384";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,6 +19,9 @@ in
|
|||
PAPERLESS_OCR_USER_ARGS = {
|
||||
optimize = 1;
|
||||
pdfa_image_compression = "lossless";
|
||||
# do not fail to import documents that have a digital signature
|
||||
# https://github.com/paperless-ngx/paperless-ngx/discussions/4047#discussioncomment-7019544
|
||||
invalidate_digital_signatures = true;
|
||||
};
|
||||
PAPERLESS_TIME_ZONE = "Europe/Paris";
|
||||
PAPERLESS_CONSUMER_ENABLE_BARCODES = "true";
|
||||
|
|
@ -26,6 +29,7 @@ in
|
|||
PAPERLESS_CONSUMER_BARCODE_SCANNER = "ZXING";
|
||||
PAPERLESS_TASK_WORKERS = "4";
|
||||
PAPERLESS_THREADS_PER_WORKER = "1";
|
||||
PAPERLESS_WORKER_TIMEOUT = "18000";
|
||||
};
|
||||
};
|
||||
users.groups.paperless-upload = {};
|
||||
|
|
|
|||
|
|
@ -4,6 +4,8 @@ let
|
|||
fqdn = "sourcehut.${base-domain}";
|
||||
in
|
||||
{
|
||||
# workaround: https://github.com/NixOS/nixpkgs/issues/317865
|
||||
programs.git.config.safe.directory = "*";
|
||||
services.sourcehut = {
|
||||
enable = true;
|
||||
meta = {
|
||||
|
|
|
|||
10
syncthing.nix
Normal file
10
syncthing.nix
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
{ base-domain, ... }:
|
||||
let
|
||||
fqdn = "syncthing.${base-domain}:8384";
|
||||
in
|
||||
{
|
||||
services.syncthing = {
|
||||
enable = true;
|
||||
guiAddress = fqdn;
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue