Merge remote-tracking branch 'origin/develop' into develop

thrall: Make paperless consumption dir public
thrall: Add archive@failco.de email account
2023-04-11 00:56:29 +02:00 · 2023-04-11 00:55:22 +02:00 · 2023-04-11 00:51:44 +02:00 · 2023-04-09 12:04:30 +02:00 · 2023-04-08 21:56:02 +02:00 · 2023-04-08 18:27:30 +02:00
6 changed files with 118 additions and 38 deletions
--- a/hosts/dregil/configuration.nix
+++ b/hosts/dregil/configuration.nix
@ -93,28 +93,7 @@ in
    extraGroups = [ "wheel" # Enable ‘sudo’ for the user.
                    "input"
                  ];
-    packages = with pkgs; [
-      # gui tool
-      alacritty
-      firefox
-      jitsi-meet-electron
-
-      # editing
-      helix
-      nil          # nix language server
-
-      # system tools
-      htop-vim     # htop with vim bindings
-      erdtree      # du+tree had sex
-      dua          # ncdu but better
-      bat          # better cat
-      uhk-agent
-      
-      # gaming support
-      lutris
-      #inputs.simplex-chat.packages."x86_64-linux"."exe:simplex-chat"
-    ];
-  };
+ };

  # List packages installed in system profile. To search, run:
  # $ nix search wget
@ -123,6 +102,7 @@ in
     ripgrep
     git
     nvidia-offload
+     pinentry
  ];

  # adjust channels to nixpkgs used on this system via this flake
@ -134,10 +114,10 @@ in
  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };
+  programs.gnupg.agent = {
+     enable = true;
+     enableSSHSupport = true;
+  };

  programs.neovim = {
    enable = true;
--- a/hosts/thrall/default.nix
+++ b/hosts/thrall/default.nix
@ -36,6 +36,7 @@ in {

  age.secrets = {
    mailPass.file = ../../secrets/mailPass.age;
+    paperless-mail.file = ../../secrets/paperless-mail.age;
    wireguard-thrall.file = ../../secrets/wireguard-thrall.age;
  };

@ -134,6 +135,7 @@ in {
    htop
    tmux
    git
+    git-annex
    #agenix.defaultPackage.x86_64-linux
    restic # fast and secure backup
    rclone
@ -175,25 +177,56 @@ in {
  services.restic.backups = { };
  services.keybase = { enable = true; };

-  services.nginx.enable = true;
  services.nginx = {
+    enable = true;
+
+    statusPage = true;
+    clientMaxBodySize = "64m";
    recommendedTlsSettings = true;
    recommendedOptimisation = true;
    recommendedGzipSettings = true;
    recommendedProxySettings = true;
  };
  services.nginx.virtualHosts = {
+    # main site
    "failco.de" = {
      forceSSL = true;
      enableACME = true;
      root = "/srv/www/failco.de";
      serverAliases = [ "www.failco.de" "mail.failco.de" ];
+      extraConfig = ''
+        add_header X-Frame-Options 'SAMEORIGIN';
+      '';
    };

+    "www.jakalx.net" = {
+      forceSSL = true;
+      enableACME = true;
+      root = "/srv/www/jakalx.net";
+      serverAliases = [ "jakalx.net" ];
+      extraConfig = ''
+        add_header X-Frame-Options 'SAMEORIGIN';
+      '';
+    };
+
+    # gitea
    "git.failco.de" = {
      forceSSL = true;
      enableACME = true;
-      locations."/" = { proxyPass = "http://127.0.0.1:3001/"; };
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:3001/";
+        proxyWebsockets = true;
+      };
+    };
+
+    # paperless
+    "docs.failco.de" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:3002/";
+        proxyWebsockets = true;
+      };
    };
  };

@ -206,7 +239,28 @@ in {
    httpAddress = "127.0.0.1";
    httpPort = 3001;

-    settings.service.DISABLE_REGISTRATION = true;
+    settings = {
+      service.DISABLE_REGISTRATION = true;
+
+      mailer = {
+        ENABLED = true;
+        MAILER_TYPE = "smtp";
+        FROM = "git@failco.de";
+        HOST = "thrall.failco.de:25";
+        IS_TLS_ENABLED = false;
+      };
+    };
+  };
+
+  services.paperless = {
+    enable = true;
+    address = "127.0.0.1";
+    port = 3002;
+    consumptionDirIsPublic = true;
+    extraConfig = {
+      PAPERLESS_OCR_LANGUAGE = "deu+eng";
+      PAPERLESS_URL = "https://docs.failco.de";
+    };
  };

  services.fail2ban = {
@ -252,7 +306,17 @@ in {

        aliases = [ "lx@failco.de" "alex@failco.de" ];

-        catchAll = [ "failco.de" "jakalx.net" ];
+        catchAll = [ "failco.de" ];
+      };
+
+      "alex@jakalx.net" = {
+        hashedPasswordFile = config.age.secrets.mailPass.path;
+
+        catchAll = [ "jakalx.net" ];
+      };
+
+      "archive@failco.de" = {
+        hashedPasswordFile = config.age.secrets.paperless-mail.path;
      };
    };

--- a/modules/common-system.nix
+++ b/modules/common-system.nix
@ -14,16 +14,12 @@
    fd
    fzf
    bat
+    lshw
+    pciutils
  ];

  networking.firewall.enable = true;

-  users.users.alex = {
-      isNormalUser = true;
-      extraGroups = [ "wheel" "input" ];
-      shell = pkgs.zsh;
-  };
-
  nix = {
      gc = {
        automatic = true;
--- a/outputs/homeConfigurations/default.nix
+++ b/outputs/homeConfigurations/default.nix
@ -17,12 +17,50 @@ in
          username = "alex";
          homeDirectory = "/home/alex";
          stateVersion = "22.11";
-
          packages = with pkgs; [
+            alacritty           # fast terminal
+            firefox             # the browser with the fox
+
+            # social
+            jitsi-meet-electron # jitsi as a stand-alone app
+            discord             # talk to other people
+            #inputs.simplex-chat.packages."x86_64-linux"."exe:simplex-chat"
+
+            # editing
+            helix        # vim like editor
+            nil          # nix language server
+
+            # system tools
+            htop-vim     # htop with vim bindings
+            erdtree      # du+tree had sex
+            dua          # ncdu but better
+            bat          # better cat
+            uhk-agent    # my keyboard
+            mosh         # ssh via udp
+
+            # gaming support
            lutris
          ];
        };

+        programs.bash = {
+          enable = true;
+        };
+
+        programs.zsh = {
+          enable = true;
+        };
+
+        programs.git = {
+          enable = true;
+          userName = "Alexander Kobjolke";
+          userEmail = "me@failco.de";
+        };
+
+        programs.password-store = {
+          enable = true;
+        };
+
        # do not show home-manager notifications
        news.display = "silent";
      }
--- a/secrets/paperless-mail.age
+++ b/secrets/paperless-mail.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -1,10 +1,12 @@
 let
  thrall = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHNRSYszckbCwKoX/cci8D40DGM/SG/NJ/u/uB361re";
+  alex = "age13uv5phqjuvd90rr3aa7mg3xsmcmyx8cfz9v52w2a782qecssja9sw9nt8a";
  systems = [ thrall ];

-  users = [];
+  users = [ alex ];
 in
 {
  "mailPass.age".publicKeys = users ++ systems;
+  "paperless-mail.age".publicKeys = users ++ systems;
  "wireguard-thrall.age".publicKeys = [thrall];
 }
Author	SHA1	Message	Date
Alexander Kobjolke	afeae40848	Merge remote-tracking branch 'origin/develop' into develop	2023-04-11 00:56:29 +02:00
Alexander Kobjolke	591c0d68ab	thrall: Make paperless consumption dir public	2023-04-11 00:55:22 +02:00
Alexander Kobjolke	a257e533c4	thrall: Add archive@failco.de email account	2023-04-11 00:51:44 +02:00
Alexander Kobjolke	d51551aa4e	thrall: Make git-annex available globally	2023-04-09 12:04:30 +02:00
Alexander Kobjolke	ae1983ab82	thrall: Migrate mail and web server from jakalx.net	2023-04-08 21:56:02 +02:00
Alexander Kobjolke	ceba9e0883	thrall: Configure paperless on docs.failco.de	2023-04-08 18:27:30 +02:00
Alexander Kobjolke	91547ac4b6	thrall: Configure smtp for Gitea	2023-04-07 01:10:06 +02:00
Alexander Kobjolke	d0e012e79b	dregil: Move packages for alex from system config to hm config	2023-04-07 00:40:59 +02:00
Alexander Kobjolke	e4d81ba462	dregil: Enable gnupg agent	2023-04-06 23:53:41 +02:00
Alexander Kobjolke	c72baa173c	dregil: Add discord, lutris and mosh	2023-04-06 18:56:56 +02:00