diff --git a/configuration.nix b/configuration.nix index 69f3650..eacaa22 100644 --- a/configuration.nix +++ b/configuration.nix @@ -44,6 +44,7 @@ ./system-modules/nx2site/proxy.nix ./system-modules/nx2site/gitea.nix ./system-modules/nx2site/vaultwarden.nix + ./system-modules/nx2site/paperless.nix ] else []); # Set your time zone. diff --git a/git-crypt/secrets.nix b/git-crypt/secrets.nix index 2ef5a99..4b96c73 100755 Binary files a/git-crypt/secrets.nix and b/git-crypt/secrets.nix differ diff --git a/sops-secrets.yaml b/sops-secrets.yaml index 3499e89..46983dd 100644 --- a/sops-secrets.yaml +++ b/sops-secrets.yaml @@ -20,7 +20,6 @@ syncthing: weechat: passphrase: ENC[AES256_GCM,data:3NVhMouf3wwMJTZCvIjbi5fjHJHxe25Q+wRo,iv:W8cShdM3iUyEiRCPNupMin3gfF+cqGxslD18CAvUW4c=,tag:DXBATGEhHjhXqy+J9BNVwg==,type:str] nx2site: - namecheap.pw: ENC[AES256_GCM,data:tN6ArfQu+YfVkPPN00raPZWmghDKVFmmGgwACVQQSHs=,iv:TlUl0L3+Ea9vt43lwDlM0SE1+CLvWJdryt1lFhQ+75I=,tag:pia2ORsm66AQUOE/ZiO8yA==,type:str] cloudflare: api-token-dns-edit: ENC[AES256_GCM,data:fR4fH6NqwtHI8aebEwjUn5JMoy3q3GXgu/dREe8JK7yRBIOhJ8BKuw==,iv:fQqLRYCN/7zhpHzYxMcn8q1aA7x4qd3qWGgrFWn2E/U=,tag:GJ1muJG755ch/84Sgcf2Vw==,type:str] global-api-key: ENC[AES256_GCM,data:7WBmyEYFG0jEkxeiF9H4isfrCrn7Uv21hEJgX5i2/fOu3+evZA==,iv:IicsZo7qMG3xOKVr8lHzsOu2pTaDKUSx+85SyehDe20=,tag:nQ+CWX2kEmk3vIH4pi6Vlw==,type:str] @@ -28,6 +27,7 @@ nx2site: sslCertificateKey.pem: ENC[AES256_GCM,data:Wzmi17UA4mpCr4VaUolfKwZJEZ5K9Ybp2/K3noC/D/QYlgJfwWnQEoXDfLj3lVVnz0V/m71NAtZ9p3/jhiQCyIwt0cOmsAmd1isHf0KQwGagc8cHttwDeZT7AzLW4axqevpZM8bjVk/TJ/k+uGbArqSwgu2W7C77uCltSS8AydWzD2D7eQciDZzQ4yyHShW9f0SH8Q/wumuY4ksjLs4roYtQgtr1ezUb1U329xA1y81apd47RHviJ/moOBQYY2Y8fbNryUmfqvGYtsfXxmNElJpGAStqjBCo0bncOetP+bfj90CJlbkIn1JzcPOa5ZJjDg==,iv:28PcaWyOsQ8gN6qvZYDS3H4lKKlU7ihxxLUXMYgHPEY=,tag:6t+jvoAZkYlqg/2d8V5Emw==,type:str] dhparams.pem: ENC[AES256_GCM,data:wGIUlT8QHruxHvrlaUdEDU3aKkB5hvQLZXic1ryKr1hIFw9uOv1hOCOPY+QUDBzfm+DXv62hTFAeq4siAoZ0wWvQ0uBuSZZBGrfuY1ZTsTJmpgTphdHi+S4/kl/Vt7nuBlvdW8VbwU+mzmSK4UuIjuvAl0RI+q9C/BAu0tsXvKfaCkrbYwSi6pdPjToEoATPWfuCdkZUulENBIdBkTLZ6F97fgNgsXub2xOEIRxqFAzg3G2nO3Mn7rSRRJraZNIsHgBTYpSNcijDBwZpgYKjcKsochYUNzVrCuLOu5xJPUU87pmd+Rup2hpMfWyK0xtUjncvHyfctEZANqfo+RdEBg81n1WHkFb1WnWUsRh8RmcVZuA9skI5S7Xhp4L2B5IKn0XGnKLG3og9iYb9tDVQys4o5/68+jjxdm51fmRYo3FvghnyFCYkQ/tm+ClCcRSPocYDrfSf0Rvg2v9nPmMj0IrEHlzVnafiJgp3VjI9cYLNW2wKiwf0Z8dWkrtnS8G7p072+w0fklmvLrdvlLZduAwrY6gS2nMbPUz1AwjAoMmQi7sFmbkP6M/PmkVV+hNP7T9ntmC4BQr2k5/3gKZPOEPO/xeMLlla68QpDVxU06NhC0Z3d5t3YY0wIVISNZXi4fgQO0G5nvFpPyyWCvvg39gulyAwUJfFQ3erNNFTjJe7X9RjqoJvjTgFm4IaYcL64Cr49KDu6Za01g492rBCEL842o3lVmZSqOYCG3UEEsSwOxn2iROZKgorZ5dyd1n1WevM+pKTUAaucy52iLJGLISRAVv82ZkmbS5L4zMHkYxVjUnqrYIZsk6+7sRHIQ31E0YtUFdMjRYUcOwfR1u+Ox+zV1NawpKjsuhKl+DRN+Q1TXUdEumUU1pDHT/RXtNHsyYOgeCBbTs93kdhFcHgO0dh5Ou/2N8EcTzWwAYd/qyE3wMZZTggTb44xwu6h0XhaLtnAk2lZ4vXwSaozf+Vq/uxAvYLxrhx6ujKVyX/O053YsKqOPKerYoN17uO8PrKoA==,iv:e0RPF9ZtzSRBRzMtWTWY3AVGsMXxvldA2HjiW9hf97Q=,tag:eb9ACnuGR+8eqncWoKQ/pw==,type:str] vaultwarden.env: ENC[AES256_GCM,data:9LcB2B/IJ2xQCTNKtRr9bBbtFqZMGSi/9jPozmGUtMvgeVqlljpbtVgCzH62oeUQMLeKQ0SxHsQ7GDgU25X6wVZ8qMT4hzVzNYJnXljs1/ePPN+NfCsPtnBjo+jQLvhVPb8gIGpmT/ZqNMXBLNpLWu2U3RQVzwlJS2wQsP4kbR+z2nuEL/bs52qI9cNmsRTA/C8gIQHCHJby+PTh6BbXp0Wvy0xI+KHKx2qSYiVXsjowid+0h56/Ma1cqUcZlxUiDSUYmTvmgYPzigFD9jOkg1mhHRIi8iste6EDVWB0jHcKMMihd7dMZ64/UUY2y5/ardIP9jUA,iv:/EQv/PYTIHANDjbjMe/BmY6dwjok9YsYj5iKLWyu0eI=,tag:IMcJ3nle9wJANuogrJBUuQ==,type:str] + paperless.pw: ENC[AES256_GCM,data:zuKVsJdnCSltaX9KpB5iTFAh70s4dkQo,iv:w6hyl8ueZY5MAw25IejdMdUhs90i7aPo2U+bWBwQuKY=,tag:jJPQ/vL0gtgrv3w64Y+Eqw==,type:str] USERTrust: ECC: ENC[AES256_GCM,data:yVSxTKRhXXPwfY7STz4YOWjgBSINYG4zjISQ/9Q9Zn1gZl/wbDQjSk7prN5fSn9aVH46TbT2mPlRDt7jcfbEZ5JmUnIfDZ7JqrAukOxy7wLAF+m4R7/KdLmdM3xJ6cnH6Tm3KQjRPL26zN4BD3T1oqNw/NPxlfqWeMrjMYZSktmoNAwAjntIqrnoXIuEPKvAsqIbg+SLvrSo05DhDy48c16jSi5zzfQ9M4fEgsugw8y7BWF/eAooLsvnpinc3Ek0XpSy2QJoD9plaW0z1lUT/UFmVVZsLDejb5hbzOnklhjSgE8S7wO4Zmvnu3It5M1YATSR5PsaG7QqaP1w6dd2DdvSnfeVeS28AdgVnOUM2MwJsgTWlvtol6ErIxaUf3n3+PAXTubhH37auOoMDeFeu1lAAe2lKiQcCtpE9gy1dkZ3vSZO6eHq7REo1qauao2LrrgBfPS0p0nhMBjOiORDI06JkNwDFBktjBI9JFHBNfd/CMrgXhfsxujbVxFSD6VD7DxBb3TDgOAm5GS6YJVC5bxQx038GnHorBsUBeR6BzpxG/lrNcBdNaHKqjngBbQmYR/skbLlrJblDyXdI4Xyh55Eogz28rwT5HhjoWOGjAk9P2qk9QAqKcWuRXsS77jRIeD59cqq9EKDRzixEJntCvxxsS1LLYBG4vmzXk4qgb1vGUgNKUaVXPNjXX2ueaLtkEMkx9sMmKcyKLzLoD3/yPYEiUTwCoXaNf3o4OUrvli7mW7qzGrqXTQtQfOd7fMGupgjtR68dEQxP2M/J1725phvSUQNx8SuERMOwzHwd7Yt/Z5TKJ+B/m7uxYyVeo9QYlkHrjVAVLmHc6qnKGVZrSGSkdVVr4dksOc7gyB28MP7JZRADCnHq7+1jhRMCiOT51I/ZyrqWtTqDNBFATCeDDWF7qZcrzWq4GrWm2dmWwQlUm5lW7+MsVgrFowjnbbjwcWy2ROIPiiC3cQ7ztxqXMZZjHUVDa4OC19d4vsDETphTuFQtNHTWGnps/phrV5X5QfIC5nmrHqeyJR2YRNb1M/IZMD1nWFvDJG0B46ES03YaIrQYt46HK3Pd25arssGS+Gzx8p65NTriRBp+KAkGf8dN9+/bECHI8coWKXpi31Uu1GoN4tf0f3OoQtpq2mCF9wz9B/cl/j7jBVKN1/OPqmd/IWr737eYQLeJ/XOKs3W5+5bdnl5I0ewaipPYelUY/ZNWCMN91U8PInGrThnASRdCkNMPOzU56MIBj3gFWn/DIq/kaFpf5CFq3Zvniy5HIf/+ZyLhMH4v7O4GSgMCcomEXLlQJZ9K4ZPHo1IYfHJqi0OEfmZageDkRrD9434ByYibg1wJRVvZfUbh4HJjgIrf1yZhTAe4DVBpYnf7wuJIw0HkNRu4piiNw8LIh2ga+f36iDs5Nl0qaZtMR3gLUBiMxrLS3Yakuof+xcglzfVMo8YBD90qBFKke7OUi7CQCZw6orE/EJ8pxDTWL4sedcv/OowKo4xqh5PtUBAOljs7i1z/zHtr4Cr64SH6DW/2vp7gYA62+BPrbhSRJbW6wkWR2hWn4pYJLirKwUBasO1Iewpj6ps3if5IKVrv6kfFoFYfLF8cEpIDjek61OU15tjXRMZENR0vSQRAm9D92VGCXcD3gnW34jF+i6HnArPF8hJ8vDIAb7LYf0xuCZ0JU8QNIUqSdHIcH/GAZGNHAP2EBV+Xbffw9rIycPM4JUIPvbUNVnXsR4+Hc1URd1FkTDlvQEE3lWlPVtcbChbg/221OdKVewi4YwXFWQV45fbwsZX05FGunVBr+/G0SEGeJ25kud9YbP/C2K1i/GQeGw5ItOmThpkXr2X/OyonnFSXnYQjy6fwEBnAX2KPVTqY7T8OxgAj7UT63Niv+w68uoay/pgyuAUBKOQ3t4HmfXPaKm0bYNQNt0r8CTLIxqFxJZxJ1syTqnMXLOdowWpDpDszFHQChiFAOuBwK61dYjUC/OHFlxDkLKkKe38EuWdBCyGqHPfj7m23+h/E09u1WzwksUk9jm6DfyTAoz/MZGsbm9pSQl22qzC3og2SwUi+smgCSrcojp4q0W92onAAxe3siPAPIPpt1Gj8GRvkImHQ/rNQkgiJ4jJfN3epiJgBJ+YCGIByivV0XFLB/9UVu7Vw554/nG9BlfKJ9h0G7VPQgd5MJGvkLqJzCrPh6QyK9uOjbJLO4dWkmaL3oZr4IVbwGk3NXZ7oef7A4RFOHDDevJintMLz1ZOkaaJKWe6YoijmAC2tQNGMIoRw6YcLjcmVPJz12W+6MEPH3YOdUl3b/NnfScuTVYBSP0cFXlDwg/rphUD7oykohsLtPOWhYW/GWvAdV4iwZpzQ0yFHasYGiERPytDKmRffoILDoTOn4HGVVCQaGnm/o7pl5BU4hFQOzvUC4C4LYRwpsz7EaRp0Y3Qqt4S2Xc/k0E0W3XU+sVNSvoBgweNhDlKaefjjSSjDNza6l9fTS3XPTprrEhMU7CvDjpsC8vfd5QTiNDxC7XGJEa0FTiCr2Xyz3YM5c8jWOk1hNOcSvJ1GvZhUWw0pX/HaihI49WQqA4/4GtLfG9f5TkCsLanj0wzVLM7XntN5ol0H5R69nJ5mPLIGXsErG9A/Xai9ol9joVUIJVRwLx8iJEyGx8m1pyOENjOkudgnKFryoWsNGbQo6G+0JEvEAjUuApkYNJvqKNRKrw+GSjxRZtewo8V9rC5a6nsUOPK/U5WaF5UMxu/L4fk8jQltcBRhQpuPZboEo6KNmUzMsK3aweMrQdHnLDlOIoJiDqj9ySPv2C3aeVoKWiscQ==,iv:GS5GMpbxeweqwjUvOzqg59xBOzNZqrL5t7RjsFjpucM=,tag:j0MaMw71fnRHxeydlqAaww==,type:str] RSA: ENC[AES256_GCM,data:pgCzxri1wLZbl5e/KeVvtHRRe0XkdB8GLp2UbQOlJ9hRvRerJ6r8VhSSDh5vfySL6ow4urXzTG5oZwOcXeZgb+DgT3ZFS+npPvbzcc8T/hU8C5tVXYdqdLJHLXAmVG2nbkuIE6z7Bu8SngBZx1jXNBBl2W4vO6GcL0naNj2IyT+1nGhwuNdn4iMMTIjZhlF81PwYRY/TzcljyST4FZc4u/55oSUNrb8Z7KmhkrmaHNPFACTXiXli/zrPKfisztRvZZLfRZ57067/fiOTdwxXyiSxsh+oKRG8JlvdLQvjZ9tMGagzAafEyWVYyrVJIRBme9Uy4HtG/uOZ39gXVE+D8sh1GWftrmvjXPO2OdD/tIa6kskfZNWWFoEOtiRcKH+fuBTe7/ezjzqJA0qZvfwduXqkfVbNcS3YRNRM3jpLwGHDEv2hnVqn4bjB5We/1KBMCtbrHtAc26M3AepeAUy+ka1xW5WO9LsZ5ck1gnFrV5bkFWDr+evBRUuiId5QuAifkDsKlqLsWAeWFpgc7DdjUrpRG0yry8PFEOZP7w7D2/AEeoGc1dMDgX95mvs+0EmA4lutmt2fF14QZJwzhH39/TLGrRmjrohqJ0kD+h8XykBt1JbOPg91dnxmEJuESPNAxhotrj8xuuklvyLKAcfWWRJ1NIvbG6rmlL+m1x+2hUVw9gVGzyGaaSLOqG/6kHwIV2v+ZvCm+n3JBle+ooSi9mxgefVvJc28hSdC5SvNN0KyDvAY32NgOqYFPrvwx4QHxdm6D5jHXOoFEAkN4duSmDwmVGUq9fL5ds4v815a2Fgn2IZB1l82mLFgy4xaBPlbjrqRnuhgpRRbKu+eSNh13lTEwbrEKJfL89cX1Q9N4Y9aK/I7nq9lfybZ+XYXfoLU+7yXZ6gmm2hw6EkwvmAg1zPnoec5hCOZxotPYByvROOK4TyBCWoF2w+5vmSatZdodLwyoNWSsqtpowWHImCH/UZZ5NkBs0pWOnLBSuP32nFN5GN+0y1EKq+4AxL3pwutpo2iMAFlXI5lu5S4fP6nreZUsYqpp9QpwQtmSbU3iMC4bMSHA4LrhLSCfa3AClVirB4xabCnDWDa8tD5j40Zy0gqk289/qbcmmNC9RpTzrI3aag/hZx4eKjb92Ma5s4E2FZL0BQVrdQ8vD0yuhIaU0qp0ahU1D0/H+HS6Gsi1mfWsfNhsSBBDW0IVC/+8zFxvWYysbVPJJj7m7JY0IwW1yKzPvPnMdkWVS8OcJoODa97V15TaXt7yAstmCVYGZS9qc6VurF5MqQM6c4PluJXPyMlZAwQojrnaCuGuljXpmot5M62MvNMdh4psfa0Y1YiCWjer8XtmYhVvzQPepD/YhsouMrCRGD5pxaXozhoS1bUVD9ReBQb9Gg2sQr8MEQ8oNB/a6fLmNwqY7IWmk9pAhBmk5ng120LS5q+3vjj/hw9+Dz6Ojp6BAVNGs1us5YW86GSSlqVmLew4p+HBiYQyhFCmi9p1WIjrNyT/oHUDYGreL2A6NEo6aePPYeVtbNEYi0UahEscGUrqu953MV+PpbanJI7WHKpHek3Nsdgwyel4V9wjgxSpLWvfwj7QqXL8Xngoyd/4FL+G9MvLc3cDYhIFAryBvqRgXrwRk3CkAijzpk/2hui0qlhmDza8KRpfo/4bwz0i4d/wRyWe3+24WY1CjPkDzclc3VZVQDiSg6KsUQvGnc6Wv1+awjE2kA18j3NR4RYBXgxEflj5Ft2BLG6rq+RakLguXDCAMQA4hcx1L+ThDCdn09c58H9Uc/GRLE5uuFRgLB5UtsQimGXuXzxsA3YIN3CijT6NJTKH9WCvQ4tZnk0Jq73rq4oynTCbZBVPgQi5SrfD1Zr0eXgmirLQZFCEV4EqNrtheZ+vqTkWf7rrvG04C6QqLIHWttdsL3ejfB6ddfwM/sou1JmmgTzEo52CCYf1otKNQwD+shx7Xcrm17vu+v57q6bOQrbeBNb/MDPm8qH4/J89NgSKHO8kzvfAm2qWxmr+90Of0cxVT5l7IdnOBCuYSHgTLIALgTmLmKvPm9l/pOjfIQZmvJ7Alo/eqKfcPw6uwoSDn/5+Pj1c9p2ub1CwRZKZlnULQLI0uyw5eQGceOsuivjO6iQjsk4iGecvlGYwZtlqidz359zCysMSuKrXS+XNGT1xy7fmnyct72HJvSeyq8bSNSAEc/iW+ia9n1GJDj4vW84v/zwi0dm1s/qKnq5M2m/pUvZembcOK/1vY0tsD2McTqIjgKPDS0UO3lgEr8vHFok5kJrU3rVV8iJeLHv3oCzKvjgR9jjqdlceRjSJarVFz1lSxenzoVq0JcH2cde2yQ3vdPusEd2LZC2tVYgqPprp/zOSbWsJPq57eiUl/UX2vOuNAV28HXVIuDqs27q2BOlUvBLCirIurjlONXpdRybN3dtevk/lIel0aRU5L5g9Mr1zhtHsoo6WI0In+RzFsD63AsBNDoufVmXgHr0G/bZLwPCdk1xCeEKv1Bq4fpappx8iEQv5GtwZBkPh8N8D0+ngbccx5N0pMcL2BM/HqeRDXR1Tw72EVEG8Bx4Twue5NBi6rtlfDnDvAj524fylSMSPgab8zq3tY9DnIci3ajnRYpIO3uDgH5cbMxqEb6gnpQNkzVUk0yJXR8nvS8qT6TbryX94howqnrID/8HQZ13ja2d8pW4Sro4+xI9WFFSx8bFSeBjhj4nzyvsyam9nJGDJnuYtNEod/CBMjkRPbBq1doske2twYLudoEObY3FXdZJ5VfiD/zGKXPHjL+pd9L8V2QFicazwE4CcIDoSaOr44VADVwh/Iu6Wr1fVZvmSRPmorlRS4DnUDXEC4dl+C2Z9JhxuL9CEoin+k6yILXsBcRrp2LrRs0U6IW2rVrrtD9MzBosjOGflVABVGhCA4q0LOWF+/5NonHaeB3E0mntFyTvuGTEN2fhnrpW86UERIXOySKTm6nN6BcgmvozgGKQ49jdzuzqVjfWGI9isL9UBNmkamrqbYmdqpoIiWycS7Aeyfh6XWMR+zEjeImqvdF8RQs7Ro9MJWj5Bm5bXs+gaLV4vzNj9/ZzzHZs/UmkBWEPtYs/5KO89Xj9lHBSVfE1c/sM6iDaGLOeO1v2MAIecOoMvIjBJ/YilYJmyywuILjxGN25jlyPVEy5DWnUOSIln6G9eyDjs3VLNsITXFH1co+M2KhDr9sQqJ5lKBitpZUsl/4KI2uiAXm7+kuQOn/27NDBZ0PdW8cwyVg2tirGJDvkmDH1umCas5/OhDEfu7+N9oW6wMpZCeR2lJwS0nTSEkk2Gis7WisgB7j9yY0evOeSecaKaq9RFxg2T3qJ9QR+ZssCXacezSZm/PTa2BByHeHJJ/P6p/f+rg+hziMkESOqx6C4BgGeEZKTAdwTyRfNmsp4bdg9XcqZAgnhtSHb24qAf7Upd/ttwS496H8HdS5bTrmSr8/JvwIKy+rs+id7CzcKYc2HEq0FSUt473Vb3s7kS2YDiqnGW7BRLIPDMApLuCDYeFfHExZhdtbX7O415herG52VffHfAoVfr+DQfipqkDUqno7+coZxthnBY1e8V4bJTcul36CO/sB2vP2/4yfzv/HSuviVVRLY58cGBVk9lSiTBQao3+N/f8a23k1wqEFy60uL4jW4X9swgFed8Q48kAUq9SSfxnKHeQrKrvo9rPHGcetrCC2GQP1u0gHD1TV4F1JGloN8MhMlBGtwBGhOIFcQvUomiTqNrDCobqOqcLUJuVL7jZ+Saw6CiH1QJrSQZ5QuCW9XHoOOgvZzdPqEGuSb6nky2OQ1EjLMQtp7SsrwYp32lkWJ9RY3OUk3LLvTM8Exxg56nDqiOopg0GaWAhf4H4MTrAlssM69epH+5SaJyUEhweg5BZP3mY9FnnkdhG7W9JeDQXu1JOhSm7Td0ForDAoznBcID3SacOCbeSAqtGRBZGxnXFN01MTmUnA7Sy+Sm1WoN+o9u28ttG372sVavQlDZvM+9qXr15hcXt/IYscnbpgw0L7DrcZ4RWb8ATtOov8zhtlwB7QvDQ1LX2g2+5Ag2QcuQJmAYH731XnctUsrCmPKfCVh3CzdNS7DH90bli3cC4t+fpAuAXVNh5wPrCEb9Xco/WUKYe6XNS0Z/xi7PbGBH0s6ThYNzCFbwH4e4CDwD8uP7UA6iL+Uuts5Cz5Fcm7WMqPDFYFAdcA38fOWpXqVRYo6Dan8x/RNAPVNko6MnwXeq061jz7XTk6zEpNymxgjNPJRgcvhItfDHtrGpUqSIJxkQv0g3wppXnWlNX6zGIelUJmLkWuJUJfbznXTdkCr+oF5vwuauwO8iCx/h+7AZBD61w47BmRQLLdDP5I2ptdbrIN4ygouDUVE6bwiw2nhBZuR9ufzcO+WyWNHt5h/N5IuErH/5QcfJOBVRcJYuyFgEWrFax7fiwMCzgKhxN0x1WHa7F8gxGNTIGG9QVNf/6tpYVCAao4pQGErxKVqfVQ1374zbsFSy5PF0oyW5ueEQOVJ82RBjwYtLjX2gXY56nfdLy+D22S3XEHeHLLLg16Vtkf4Twmvzkxjc/YfN2vxu8d5tFbHnyanicj3SBgiiZLvg5iDwjtfONFQ6oX0vfoJ7B5xBsnxiLptx+HPN2onwsF/e7pCl0cTRTLO8Jt7Z8Ob0FYcmd31R2d8paemcIRzfgsqS2JWtJBckAqeQit+Gn+U82aKGew+1FVjlGUrwTO6Q6ztXh75B71V3urA65MaLRX5/7t3nGE8FKip+KfG+yTCHu0F411obb8TME+YwBfz8M4kDUBVtmFUrXEEF9aYD/atxxF02yB/ABPybB6Zcyo5r/U6P0G6jVUGXn3hgQkl1OzkQt06aH/J/LwMN271gc8whsV3pfZC3YfQ3212BAviAshfPyNtHPkShpu6fx5iVDoaL5LHS/A1K7kQ5yya4ECCndpTpF1rYamNVw9a5m64Tma3AGFORy6ZQfaHcV2w0RUs3P3ZXGPcuE2VKeTLLGG43W/FbqGAvxjax2j3qGtZ99Ox85ZAVu5O6PvZSvGSpUW6ebGTCsAgSz5h8V8TfWpaQtR0RrjuzGWoWiW5R2VqfmmIQcn34+t2GgfkZB5QH/o7S5z86UL05dLzdyXXyxIn5sWi0Q1B3yAjFCOVstaAr92fGfx+JHOrMFFKu+bLBpez8lE6f+h4HHzTDVnIB1Zb7d3wNwLVk7PmFy6NeByj0kmjY3Ts5pWctWAAQkI+nOtuM4o101AwCMdMfj3M/mr1J7OWy3Rxgaj58IknfPJpeoMhgkvu66WrkgS3XZE6e/n55sPkGHSDMcHTm2364+oJOSMzDUAJgGjDt9Jvalo1wruDA5pPF4F6y/F/8njO8qkoXnuWRG5BpzO66LwDTDOcUCCFzym6eRBnLo9sGbGZxlvRRSHwIRMa80tcqZqbAuVeW+2/PiSMN7zhzLTNdzhaC4cIOuilcdat1+//+qI3OWC5y9sti3qGuHO1U8rhSOw8Laac7JgOGCo3FkekHe8PaFF8jSDliQnodO8rGCY36xHTQkUsQjb+5ginp/dBIAUIR3QxXsMaxP/yBLpRbvFhD3DeOJRQXWdLijTcxAxLhTIPav2WC1mwyve+Jd0djTajSBgSzPzHW5ajUBaol+dVJeCD9HqiOrUMEmcMQFZZcA+RCJdIOvkKlt/sAnhQ4RuwPmzck2RMXCQfiYn0pqpJDXmF7xWgvGDBtQKP7xLE1Hj5No2q85KjLsWu8xK99Y+j2ixfBsgdc53CR4rNplnPsFzBHOucqd+Ve0/gqZgF81RbGFV1T9Wn1XFrE0e7+EkNejKj7deRmy31PnVLcBp2NwtIkhrJ06J8hmGquwUm,iv:NJkjWL5kMHET68oR5Xp22kvkThXIp7WxRVajmTfsB5M=,tag:NSXeRItMKlOQYP4QtzMKIg==,type:str] @@ -81,8 +81,8 @@ sops: SHJLR3lvdlFiRmJuU25RUHFFTmpjamMKbzycdDvQBAuOiRROTZEQSnaXoPapz73L yVS9EUP25FSx/sGqRqaCefbeaybuM1aso6LDnlomv4Bib7zjugWKSw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-12T11:43:15Z" - mac: ENC[AES256_GCM,data:pTPpth9Yx8YqCBhdoj5zwMNWVICwl2YIweEoqujainoizgTr4SIWE1dF+NUpYOYk/csZMvEImo9lJe6ywF5Yd9p+x4NyWAVIwGR5ylFT574u59ow/y2lTGWoiPS4oKjUFhdM2APk8Mfgk2/yP+ZyW0X2tiYz9CYp16v0xW8mtRk=,iv:kqRR/YMJDNLws4FtvCrE7JVVanXZ2zzYiC+Z6m6g/tk=,tag:OOGSofEVs+ms52dJ3WJmQQ==,type:str] + lastmodified: "2024-11-20T11:35:45Z" + mac: ENC[AES256_GCM,data:bbPyFazq9FUIbMIgSnimtbnPe+ZLEiZ4zvQUc24RQsHJn5H5jqisGBjMaUNWBnB1eB1+2mSE26b+nEe4VsEiSn7rlehDTk+FOvnK7rk/MhLPuDo1XT0YA4KX3ymnb3mxjlMfhYQM3soTnvqOJ1FePjJG8b8uI82x1CJsTm516UY=,iv:v/oX5mOjZWk4/v93WsyA29HjDqKQ2JDHZ/BKSCSeXN8=,tag:zpasMBmWS/1YNiTeSKKJ6w==,type:str] pgp: - created_at: "2024-06-09T19:44:41Z" enc: |- diff --git a/system-modules/boot.nix b/system-modules/boot.nix index 2b69520..2358ed9 100755 --- a/system-modules/boot.nix +++ b/system-modules/boot.nix @@ -1,11 +1,11 @@ { config, pkgs, pkgs-unstable, lib, host, domain, inputs, ... }: let grub-theme-ascii-diana = (pkgs.fetchFromGitea { - domain = "git.${domain}"; - owner = "nx2"; - repo = "grub-theme-ascii-diana"; - rev = "0.5.0"; - hash = "sha256-e+55NYsSsWY6GPbYUtdVEB9krueuCAWT3Ce/Ghops1g="; + domain = "git.${domain}"; + owner = "nx2"; + repo = "grub-theme-ascii-diana"; + rev = "0.5.0"; + hash = "sha256-e+55NYsSsWY6GPbYUtdVEB9krueuCAWT3Ce/Ghops1g="; }); in { diff --git a/system-modules/nx2site/gitea.nix b/system-modules/nx2site/gitea.nix index df41284..9226f4f 100644 --- a/system-modules/nx2site/gitea.nix +++ b/system-modules/nx2site/gitea.nix @@ -5,9 +5,6 @@ let git-user = "git"; in "postgres-pw" = { owner = config.services.gitea.user; }; }; - environment.systemPackages = with pkgs; [ - gitea - ]; users = { users = { "${user}".extraGroups = [ git-user ]; @@ -33,8 +30,8 @@ let git-user = "git"; in # camoHmacKeyFile = ; database = { createDatabase = false; # default - host = "127.0.0.1"; # default - port = 5432; + host = config.services.postgresql.settings.listen_addresses; + port = config.services.postgresql.settings.port; passwordFile = config.sops.secrets."postgres-pw".path; socket = null; type = "postgres"; @@ -66,12 +63,12 @@ let git-user = "git"; in START_SSH_SERVER = false; # default SSH_LISTEN_HOST = "0.0.0.0"; SSH_PORT = secrets.ssh.port; - DOMAIN = "pw.${domain}"; + DOMAIN = "git.${domain}"; SSH_DOMAIN = "ssh.${domain}"; # HTTP_ADDR = "${config.services.gitea.settings.server.DOMAIN}"; # HTTP_PORT = 3000; # default # PROTOCOL = "http"; # default - # ROOT_URL = "https:pw.${domain}/"; # default + ROOT_URL = "https://git.${domain}/"; # default }; session = { COOKIE_SECURE = true; @@ -79,6 +76,31 @@ let git-user = "git"; in service = { DISABLE_REGISTRATION = true; }; + ui = { + DEFAULT_THEME = "pitchblack"; + THEMES = "gitea,arc-green,pitchblack"; + }; }; }; + system.activationScripts = let + # theme = pkgs.fetchFromGitHub { + # owner = "unixtensor"; + # repo = "Gitea-Pitch-Black"; + # rev = "v1.15.X.2"; + # hash = "sha256-Eibgoc3BJUXWdq8irgXea09fAvfKx2eQrJotp3P5DTg="; + # }; + theme = pkgs.fetchFromGitea { + domain = "git.${domain}"; + owner = "nx2"; + repo = "Gitea-Pitch-Black"; + rev = "0.1.0"; + hash = "sha256-pU4YhgcPOT3PTcmBTjNE3FcyJgl39JGP41ckhRUKN7Y="; + }; + in { + "gitea-theme" = /* bash */ '' + mkdir -p ${config.services.gitea.stateDir}/custom/public/assets/css/ + ln -s ${theme}/theme-pitchblack.css ${config.services.gitea.stateDir}/custom/public/assets/css/theme-pitchblack.css + chown -R ${git-user}:${git-user} ${config.services.gitea.stateDir}/custom/ + ''; + }; } diff --git a/system-modules/nx2site/paperless.nix b/system-modules/nx2site/paperless.nix new file mode 100644 index 0000000..a5e45c9 --- /dev/null +++ b/system-modules/nx2site/paperless.nix @@ -0,0 +1,197 @@ +{ config, pkgs, secrets, user, domain, ... }: +let paperless-user = "paperless"; in +{ + sops.secrets = { + "nx2site/paperless.pw" = { + owner = paperless-user; + }; + }; + + users.users."${user}".extraGroups = [ paperless-user ]; + + services = { + postgresql = { + ensureDatabases = [ paperless-user ]; + ensureUsers = [{ + name = paperless-user; + ensureDBOwnership = true; + }]; + }; + paperless = { + enable = true; + address = "127.0.0.1"; + port = 8441; + user = paperless-user; + consumptionDirIsPublic = true; + # package = pkgs.paperless-ngx; + # dataDir = "/var/lib/paperless"; # default + # address = "127.0.0.1"; + # mediaDir = "${dataDir}/media"; + passwordFile = config.sops.secrets."nx2site/paperless.pw".path; + # consumptionDir = "${dataDir}/consume"; + # consumptionDirIsPublic = false; + # openMPThreadingWorkaround = true; + settings = { + # PAPERLESS_REDIS = "redis://localhost:6379"; + # PAPERLESS_REDIS_PREFIX="" + + PAPERLESS_DBENGINE = "postgresql"; + # PAPERLESS_DBHOST = "/run/postgresql"; # config.services.postgresql.settings.listen_addresses; + # PAPERLESS_DBPORT = config.services.postgresql.settings.port; + PAPERLESS_DBNAME = paperless-user; + PAPERLESS_DBUSER = paperless-user; + PAPERLESS_DBPASS = secrets.nx2site.paperless.PAPERLESS_DBPASS; + # PAPERLESS_DBSSLMODE= + # PAPERLESS_DBSSLROOTCERT=null; # unset, using the documented path in the home directory. + # PAPERLESS_DBSSLCERT=null; # unset, using the documented path in the home directory. + # PAPERLESS_DBSSLKEY=null; # unset, using the documented path in the home directory. + # PAPERLESS_DB_TIMEOUT=null; # unset, keeping the Django defaults. + # PAPERLESS_TIKA_ENABLED=false + # PAPERLESS_TIKA_ENDPOINT="http://localhost:9998". + # PAPERLESS_TIKA_GOTENBERG_ENDPOINT="http://localhost:3000". + PAPERLESS_CONSUMPTION_DIR = "${config.services.paperless.dataDir}/consume/"; + # PAPERLESS_DATA_DIR = "${config.services.paperless.dataDir}/data/"; + PAPERLESS_EMPTY_TRASH_DIR ="${config.services.paperless.dataDir}/trash/"; # null = really delete files + # PAPERLESS_MEDIA_ROOT = "${config.services.paperless.dataDir}/media/"; + # PAPERLESS_STATICDIR = "${config.services.paperless.dataDir}/static/"; + # PAPERLESS_FILENAME_FORMAT= + # PAPERLESS_FILENAME_FORMAT_REMOVE_NONE= + # PAPERLESS_LOGGING_DIR = "${config.services.paperless.dataDir}/log/"; + # PAPERLESS_NLTK_DIR = + # PAPERLESS_MODEL_FILE= PAPERLESS_DATA_DIR/classification_model.pickle. + # PAPERLESS_LOGROTATE_MAX_SIZE= 1 MiB. + # PAPERLESS_LOGROTATE_MAX_BACKUPS= 20. + # PAPERLESS_SECRET_KEY= + # PAPERLESS_URL="" # empty string, leaving the other settings unaffected. + # PAPERLESS_CSRF_TRUSTED_ORIGINS= + # PAPERLESS_ALLOWED_HOSTS= + # PAPERLESS_CORS_ALLOWED_HOSTS= + # PAPERLESS_TRUSTED_PROXIES= + # PAPERLESS_FORCE_SCRIPT_NAME= + # PAPERLESS_STATIC_URL= "/static/". + # PAPERLESS_AUTO_LOGIN_USERNAME=null; + PAPERLESS_ADMIN_USER="${user}"; + PAPERLESS_ADMIN_MAIL=secrets.email.gmail-online.mail; + # PAPERLESS_ADMIN_PASSWORD=; + # PAPERLESS_COOKIE_PREFIX= + # PAPERLESS_ENABLE_HTTP_REMOTE_USER= + # PAPERLESS_ENABLE_HTTP_REMOTE_USER_API= + # PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME= + # PAPERLESS_LOGOUT_REDIRECT_URL="https://youtu.be/dMN-pjcchrE?si=EcFYvAnbXFkounYR"; + # PAPERLESS_USE_X_FORWARD_HOST= false + # PAPERLESS_USE_X_FORWARD_PORT= false + # PAPERLESS_PROXY_SSL_HEADER= null + # PAPERLESS_EMAIL_CERTIFICATE_LOCATION = null; + # PAPERLESS_SOCIALACCOUNT_PROVIDERS=; + # PAPERLESS_SOCIAL_AUTO_SIGNUP = false; + # PAPERLESS_SOCIALACCOUNT_ALLOW_SIGNUPS= True + # PAPERLESS_ACCOUNT_ALLOW_SIGNUPS= False + # PAPERLESS_ACCOUNT_DEFAULT_HTTP_PROTOCOL= 'https' + # PAPERLESS_ACCOUNT_EMAIL_VERIFICATION= 'optional' + # PAPERLESS_DISABLE_REGULAR_LOGIN= False + # PAPERLESS_REDIRECT_LOGIN_TO_SSO= False + # PAPERLESS_ACCOUNT_SESSION_REMEMBER= True + # PAPERLESS_SESSION_COOKIE_AGE= 1209600; # (2 weeks) + PAPERLESS_OCR_LANGUAGE = "eng+deu"; + # PAPERLESS_OCR_MODE= "skip"; + # PAPERLESS_OCR_SKIP_ARCHIVE_FILE= + # PAPERLESS_OCR_CLEAN= clean. + # PAPERLESS_OCR_DESKEW = true; # which enables this feature. + # PAPERLESS_OCR_ROTATE_PAGES = true; # which enables this feature. + # PAPERLESS_OCR_ROTATE_PAGES_THRESHOLD = "12"; + # PAPERLESS_OCR_OUTPUT_TYPE = "pdfa"; + # PAPERLESS_OCR_PAGES = null; + # PAPERLESS_OCR_IMAGE_DPI = null; + # PAPERLESS_OCR_MAX_IMAGE_PIXELS= + # PAPERLESS_OCR_COLOR_CONVERSION_STRATEGY= + PAPERLESS_OCR_USER_ARGS = { + optimize = 1; + pdfa_image_compression = "lossless"; + }; + # PAPERLESS_TASK_WORKERS= 1 + # PAPERLESS_THREADS_PER_WORKER= + # PAPERLESS_WORKER_TIMEOUT= + PAPERLESS_TIME_ZONE = "CET"; + # PAPERLESS_ENABLE_NLTK=1; + # PAPERLESS_EMAIL_TASK_CRON= */10 * * * * or every ten minutes. + # PAPERLESS_TRAIN_TASK_CRON= 5 */1 * * * or every hour at 5 minutes past the hour. + # PAPERLESS_INDEX_TASK_CRON= 0 0 * * * or daily at midnight. + # PAPERLESS_SANITY_TASK_CRON= 30 0 * * sun or Sunday at 30 minutes past midnight. + # PAPERLESS_ENABLE_COMPRESSION = 1; # enabling compression. + # PAPERLESS_CONVERT_MEMORY_LIMIT = 0; # which disables the limit. + # PAPERLESS_CONVERT_TMPDIR = + # PAPERLESS_APPS = null; + # PAPERLESS_MAX_IMAGE_PIXELS = null; + # PAPERLESS_CONSUMER_DELETE_DUPLICATES= false. + # PAPERLESS_CONSUMER_RECURSIVE= false. + # PAPERLESS_CONSUMER_SUBDIRS_AS_TAGS= false. + PAPERLESS_CONSUMER_IGNORE_PATTERNS = [ + ".DS_Store" + ".DS_STORE" + "._*" + ".stfolder/*" + ".stversions/*" + ".localized/*" + "desktop.ini" + "@eaDir/*" + "Thumbs.db" + ]; + # PAPERLESS_CONSUMER_BARCODE_SCANNER= + # PAPERLESS_PRE_CONSUME_SCRIPT= + # PAPERLESS_POST_CONSUME_SCRIPT= + # PAPERLESS_FILENAME_DATE_ORDER= none, which disables this feature. + # PAPERLESS_NUMBER_OF_SUGGESTED_DATES= 3. Set to 0 to disable this feature. + # PAPERLESS_THUMBNAIL_FONT_NAME= /usr/share/fonts/liberation/LiberationSerif-Regular.ttf. + # PAPERLESS_IGNORE_DATES=""; + # PAPERLESS_DATE_ORDER = "DMY"; + # PAPERLESS_ENABLE_GPG_DECRYPTOR = false; + # PAPERLESS_CONSUMER_POLLING = 0; # which disables polling and uses filesystem notifications. + # PAPERLESS_CONSUMER_POLLING_RETRY_COUNT = 5; + # PAPERLESS_CONSUMER_POLLING_DELAY = 5; + # PAPERLESS_CONSUMER_INOTIFY_DELAY= 0.5; # seconds. + # PAPERLESS_OAUTH_CALLBACK_BASE_URL = null; + # PAPERLESS_GMAIL_OAUTH_CLIENT_ID = null; + # PAPERLESS_GMAIL_OAUTH_CLIENT_SECRET = null; + # PAPERLESS_OUTLOOK_OAUTH_CLIENT_ID = null; + # PAPERLESS_OUTLOOK_OAUTH_CLIENT_SECRET = null; + # PAPERLESS_EMAIL_GNUPG_HOME= + # PAPERLESS_CONSUMER_ENABLE_BARCODES= + # PAPERLESS_CONSUMER_BARCODE_TIFF_SUPPORT= false. + # PAPERLESS_CONSUMER_BARCODE_STRING= "PATCHT" + # PAPERLESS_CONSUMER_BARCODE_RETAIN_SPLIT_PAGES= false. + # PAPERLESS_CONSUMER_ENABLE_ASN_BARCODE= false. + # PAPERLESS_CONSUMER_ASN_BARCODE_PREFIX= "ASN" + # PAPERLESS_CONSUMER_BARCODE_UPSCALE= 0.0 + # PAPERLESS_CONSUMER_BARCODE_DPI= "300" + # PAPERLESS_CONSUMER_BARCODE_MAX_PAGES= "0" + # PAPERLESS_CONSUMER_ENABLE_TAG_BARCODE= false. + # PAPERLESS_CONSUMER_TAG_BARCODE_MAPPING= + # PAPERLESS_AUDIT_LOG_ENABLED= true. + # PAPERLESS_CONSUMER_ENABLE_COLLATE_DOUBLE_SIDED= false. + # PAPERLESS_CONSUMER_COLLATE_DOUBLE_SIDED_SUBDIR_NAME= "double-sided". + # PAPERLESS_CONSUMER_COLLATE_DOUBLE_SIDED_TIFF_SUPPORT= false. + # PAPERLESS_EMPTY_TRASH_DELAY = 30; # days, minimum of 1 day. + # PAPERLESS_EMPTY_TRASH_TASK_CRON= 0 1 * * *, once per day. + # PAPERLESS_CONVERT_BINARY = "convert". + # PAPERLESS_GS_BINARY = "${pkgs.ghostscript}/bin/gs"; + # PAPERLESS_WEBSERVER_WORKERS= 1; + # PAPERLESS_BIND_ADDR= [::], meaning all interfaces, including IPv6. + # PAPERLESS_PORT = config.services.paperless.port; + # PAPERLESS_OCR_LANGUAGES= + # PAPERLESS_ENABLE_FLOWER= + # PAPERLESS_SUPERVISORD_WORKING_DIR= + # PAPERLESS_APP_TITLE = "NxPPL"; + # PAPERLESS_APP_LOGO = + # PAPERLESS_ENABLE_UPDATE_CHECK=false; + # PAPERLESS_EMAIL_HOST = "localhost"; + # PAPERLESS_EMAIL_PORT= 25. + # PAPERLESS_EMAIL_HOST_USER= ""; + # PAPERLESS_EMAIL_FROM= + # PAPERLESS_EMAIL_HOST_PASSWORD = "". + # PAPERLESS_EMAIL_USE_TLS = false. + # PAPERLESS_EMAIL_USE_SSL = false. + + }; + }; + }; +} diff --git a/system-modules/nx2site/proxy.nix b/system-modules/nx2site/proxy.nix index d22f510..348d6cc 100644 --- a/system-modules/nx2site/proxy.nix +++ b/system-modules/nx2site/proxy.nix @@ -72,7 +72,7 @@ http3 = true; http3_hq = true; quic = true; - addSSL = true; + forceSSL = true; enableACME = true; }; in { @@ -132,6 +132,10 @@ listen = dl; locations = { "/" = { proxyPass = "http://127.0.0.1:3000"; }; }; }; + "doc.${domain}" = vh // { + listen = dl; + locations = { "/" = { proxyPass = "http://127.0.0.1:8441"; }; }; + }; "~^(.*).${domain}$" = { listen = dl; root = "/var/nginx/webroot"; diff --git a/system-modules/postgres.nix b/system-modules/postgres.nix index b86a5cf..48aac0c 100644 --- a/system-modules/postgres.nix +++ b/system-modules/postgres.nix @@ -27,7 +27,7 @@ ]; settings = { port = 5432; # default - listen_addresses = "localhost"; + listen_addresses = lib.mkForce "127.0.0.1"; log_line_prefix = "[%p] "; # default shared_preload_libraries = [ ]; # default };