nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: nx2:5a6199a8a9e50239040e89ed61d066305169117c
Branches Tags
nx2:master nx2:nod nx2:gitea nx2:north
..
compare: nx2:b0b643f164cf66d873902488e4f3f5ced4e07b54
Branches Tags
nx2:master nx2:nod nx2:gitea nx2:north

9 Commits
5a6199a8a9 ... b0b643f164

Author SHA1 Message Date
Lennart J. Kurzweg (Nx2)
b0b643f164 Merge branch 'master' of ssh://ssh.nx2.site:50022/nx2/dotfiles 2025-01-27 22:29:12 +01:00
Lennart J. Kurzweg (Nx2)
99c07ec5fb yt-dlp 2025-01-27 22:23:19 +01:00
Lennart J. Kurzweg (Nx2)
3f553d27e1 pv 2025-01-27 22:23:10 +01:00
Lennart J. Kurzweg (Nx2)
a6a17574b8 weird fix 2025-01-27 22:22:48 +01:00
Lennart J. Kurzweg (Nx2)
78359c710f gitea-dump fix 2025-01-27 22:22:28 +01:00
Lennart J. Kurzweg (Nx2)
2206e5472b calendar public 2025-01-27 22:20:27 +01:00
Lennart J. Kurzweg (Nx2)
9c96585401 audiobookshelf 2025-01-27 22:19:32 +01:00
Lennart J. Kurzweg (Nx2)
ac36fa13ac paperless update 2025-01-27 22:18:57 +01:00
Lennart J. Kurzweg (Nx2)
b4586e8661 chmod 2025-01-27 22:17:00 +01:00
75 changed files with 398 additions and 175 deletions
Expand all files Collapse all files

0
.gitattributes vendored Executable file → Normal file
View File

0
.gitignore vendored Executable file → Normal file
View File

6
configuration.nix
View File

@@ -43,7 +43,10 @@
./system-modules/nx2site.nix
./system-modules/postgres.nix
./system-modules/nx2site/proxy.nix
./system-modules/calendar-publish.nix
./system-modules/nx2site/audiobookshelf.nix
./system-modules/nx2site/gitea.nix
./system-modules/nx2site/open-web-calendar.nix
./system-modules/nx2site/radicale.nix
# ./system-modules/nx2site/nextcloud.nix
./system-modules/nx2site/vaultwarden.nix
@@ -121,6 +124,9 @@
xwayland.enable = true;
};
systemd.extraConfig = "DefaultLimitNOFILE=2048";
boot.tmp.useTmpfs = false;
system.stateVersion = "24.11";
nixpkgs.config.allowUnfree = true;

14
flake-modules/colors.json
View File

@@ -1,13 +1,13 @@
{
"base": {
"foreground": "#eedce2",
"background": "#221016"
"foreground": "#dddddd",
"background": "#000000"
},
"to_alter": {
"accent": "#ac5271",
"secondary": "#f20c5b",
"tertiary": "#d5a287",
"special": "#51ac8d",
"weird": "#0cf2a3"
"accent": "#8888ff",
"secondary": "#4444ff",
"tertiary": "#44ff88",
"special": "#ff6666",
"weird": "#ff66ff"
}
}

0
git-crypt/easyroam-hsmw/easyroam_client_cert.pem Executable file → Normal file
View File

0
git-crypt/easyroam-hsmw/easyroam_client_key.pem Executable file → Normal file
View File

0
git-crypt/easyroam-hsmw/easyroam_root_ca.pem Executable file → Normal file
View File

0
git-crypt/pnx-vpn/ljk-pnx-ca.pem Executable file → Normal file
View File

0
git-crypt/pnx-vpn/ljk-pnx-cert.key Executable file → Normal file
View File

0
git-crypt/pnx-vpn/ljk-pnx-cert.pem Executable file → Normal file
View File

0
git-crypt/pnx-vpn/ljk-pnx.ovpn Executable file → Normal file
View File

BIN
git-crypt/secrets.nix Executable file → Normal file
View File

Binary file not shown.

0
git-crypt/vpn-hsmw/USERTrust-ECC-Certification-Authority.pem Executable file → Normal file
View File

0
git-crypt/vpn-hsmw/USERTrust-RSA-Certification-Authority.pem Executable file → Normal file
View File

0
home-modules/assets/pnx/pnx_rdp_srv-phoe3-vmdms_192-168-1-104.remmina Executable file → Normal file
View File

0
home-modules/assets/pnx/pnx_rdp_srv-phoenix-3_192-168-1-108.remmina Executable file → Normal file
View File

0
home-modules/assets/pnx/pnx_rdp_srv-phoenix2_192-168-1-101.remmina Executable file → Normal file
View File

0
home-modules/assets/pnx/pnx_rdp_srv-remote_192-168-1-21.remmina Executable file → Normal file
View File

0
home-modules/bash.nix Executable file → Normal file
View File

0
home-modules/bitwarden.nix Executable file → Normal file
View File

0
home-modules/chatterino.nix Executable file → Normal file
View File

0
home-modules/direnv.nix Executable file → Normal file
View File

0
home-modules/discord.nix Executable file → Normal file
View File

0
home-modules/email.nix Executable file → Normal file
View File

0
home-modules/fish.nix Executable file → Normal file
View File

0
home-modules/games.nix Executable file → Normal file
View File

0
home-modules/gestures.nix Executable file → Normal file
View File

0
home-modules/gimp.nix Executable file → Normal file
View File

0
home-modules/git.nix Executable file → Normal file
View File

0
home-modules/gtk.nix Executable file → Normal file
View File

0
home-modules/hyprland-autoname-workspaces.nix Executable file → Normal file
View File

0
home-modules/hyprland.nix Executable file → Normal file
View File

0
home-modules/kitty.nix Executable file → Normal file
View File

0
home-modules/latex.nix Executable file → Normal file
View File

0
home-modules/mako.nix Executable file → Normal file
View File

0
home-modules/nh.nix Executable file → Normal file
View File

0
home-modules/nx-gcal-event.nix Executable file → Normal file
View File

0
home-modules/office.nix Executable file → Normal file
View File

0
home-modules/pnx.nix Executable file → Normal file
View File

0
home-modules/programming/python.nix Executable file → Normal file
View File

0
home-modules/qt.nix Executable file → Normal file
View File

0
home-modules/rofi.nix Executable file → Normal file
View File

0
home-modules/ssh.nix Executable file → Normal file
View File

0
home-modules/starship.nix Executable file → Normal file
View File

0
home-modules/tts.nix Executable file → Normal file
View File

0
home-modules/virt-manager.nix Executable file → Normal file
View File

0
home-modules/vscode.nix Executable file → Normal file
View File

0
home-modules/waybar.nix Executable file → Normal file
View File

0
home-modules/wlogout.nix Executable file → Normal file
View File

0
home-modules/yazi.nix Executable file → Normal file
View File

0
home-modules/zoxide.nix Executable file → Normal file
View File

3
home.nix
View File

@@ -98,7 +98,10 @@
qbittorrent
glib
pv
gsettings-desktop-schemas
yt-dlp
wl-clipboard
xclip
xournal

0
nxlib/ricelib.nix Executable file → Normal file
View File

0
system-modules/boot.nix Executable file → Normal file
View File

138
system-modules/calendar-publish.nix Normal file
View File

@@ -0,0 +1,138 @@
{ config, pkgs, user, ... }:
{
environment.systemPackages = with pkgs; let
radicale-root = "/var/lib/radicale";
web-root = "/var/nginx/webroot";
in [
(writers.writePython3Bin "nx_cal_pub" {
libraries = with python3Packages; [
ical
ics
requests
dateutils
];
flakeIgnore = [ "E302" "E305" "E226" "E501" ];
} /*python */ ''
import pytz
import os
from ics import Calendar, Event
from ics.grammar.parse import ContentLine
from dateutil.rrule import rrulestr
from ics.event import datetime, timedelta
def combine_ics_from_directories(directories, output_file):
"""
Combine all .ics events from a list of directories into one .ics file, supporting recurring events.
:param directories: List of directories containing .ics files.
:param output_file: Path to the output .ics file.
"""
combined_calendar = Calendar()
for directory in directories:
if not os.path.exists(directory):
print(f"Directory '{directory}' does not exist. Skipping.")
continue
for filename in os.listdir(directory):
if filename.endswith(".ics"):
file_path = os.path.join(directory, filename)
try:
with open(file_path, 'r') as file:
calendar = Calendar(file.read())
for event in calendar.events:
# Handle recurring events
rrule_line = None
for line in event.extra:
if isinstance(line, ContentLine) and line.name == "RRULE":
rrule_line = line
break
if rrule_line:
# Convert UNTIL to UTC if DTSTART is timezone-aware
rrule_params = rrule_line.value.split(";")
rrule_dict = {}
for param in rrule_params:
key, value = param.split("=")
rrule_dict[key] = value
if "UNTIL" in rrule_dict and event.begin.tzinfo:
until = datetime.fromisoformat(rrule_dict["UNTIL"])
if until.tzinfo is None: # If UNTIL is naive, make it UTC
until = until.astimezone(pytz.UTC)
rrule_dict["UNTIL"] = until.astimezone(pytz.UTC).strftime("%Y%m%dT%H%M%SZ")
# Reconstruct RRULE string
rrule_fixed = ";".join(f"{key}={value}" for key, value in rrule_dict.items())
rrule = rrulestr(rrule_fixed, dtstart=event.begin.astimezone(pytz.timezone('CET')))
# Expand recurring events and filter based on the date
for occurrence in rrule:
notTooOld = occurrence.date() >= (datetime.now().astimezone(pytz.UTC) - timedelta(days=1)).date()
notTooFuturisic = occurrence.date() < (datetime.now().astimezone(pytz.UTC) + timedelta(days=60)).date()
if notTooOld and notTooFuturisic:
new_event = Event(
name="",
begin=occurrence,
end=occurrence + (event.end - event.begin),
transparent=event.transparent or True,
)
combined_calendar.events.add(new_event)
else:
# Regular events, directly add if within date range
if event.begin.astimezone(pytz.timezone('CET')).date() >= (datetime.now().astimezone(pytz.timezone('CET')) - timedelta(days=1)).date():
new_event = Event(
name="",
begin=event.begin,
end=event.end,
transparent=event.transparent or True,
)
combined_calendar.events.add(new_event)
except Exception as e:
print(f"Error reading file '{file_path}': {e}")
exit(1)
try:
with open(output_file, 'w') as file:
file.writelines(combined_calendar.serialize_iter())
print(f"Combined .ics file saved to '{output_file}'")
except Exception as e:
print(f"Error saving combined .ics file: {e}")
if __name__ == "__main__":
# List of directories containing .ics files
DIRECTORIES = [
"${radicale-root}/collections/collection-root/${user}/preservation",
"${radicale-root}/collections/collection-root/${user}/effort",
"${radicale-root}/collections/collection-root/${user}/experience",
"${radicale-root}/collections/collection-root/${user}/exposure",
"${radicale-root}/collections/collection-root/${user}/engagement",
]
# Path to the output .ics file
OUTPUT_FILE = "${web-root}/schedule.ics"
combine_ics_from_directories(DIRECTORIES, OUTPUT_FILE)
'')
];
systemd.timers."nx_cal_publish" = {
enable = true;
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "2m";
OnUnitActiveSec = "6h";
Unit = "nx_cal_publish.service";
};
};
systemd.services."nx_cal_publish" = {
script = ''
nx_cal_publish
'';
serviceConfig = {
Type = "oneshot";
User = "nx2";
};
};
}

0
system-modules/davmail.nix Executable file → Normal file
View File

0
system-modules/dm.nix Executable file → Normal file
View File

0
system-modules/docker.nix Executable file → Normal file
View File

0
system-modules/fuse.nix Executable file → Normal file
View File

0
system-modules/hardware-configuration.nix Executable file → Normal file
View File

0
system-modules/health_reminder.nix Executable file → Normal file
View File

0
system-modules/hsmw.nix Executable file → Normal file
View File

0
system-modules/networking.nix Executable file → Normal file
View File

0
system-modules/nvidia.nix Executable file → Normal file
View File

14
system-modules/nx2site/audiobookshelf.nix Normal file
View File

@@ -0,0 +1,14 @@
{ pkgs, ... }:
{
services = {
audiobookshelf = {
# authentication is mangaed imperatively in the web interface upon first start
enable = true;
# user = "audiobookshelf";
# group = "audiobookshelf";
# host = "127.0.0.1";
port = 11648; # spells out audi(o)
package = pkgs.audiobookshelf;
};
};
}

4
system-modules/nx2site/gitea.nix
View File

@@ -41,7 +41,7 @@ let git-user = "git"; in
dump = {
enable = true;
backupDir = "/var/backup/gitea";
file = null; # default = chosen by gitea
file = "gitea-dump.zip"; # default = chosen by gitea
interval = "daily";
type = "zip"; # default
};
@@ -99,7 +99,7 @@ let git-user = "git"; in
in {
"gitea-theme" = /* bash */ ''
mkdir -p ${config.services.gitea.stateDir}/custom/public/assets/css/
ln -s ${theme}/theme-pitchblack.css ${config.services.gitea.stateDir}/custom/public/assets/css/theme-pitchblack.css
ln -fs ${theme}/theme-pitchblack.css ${config.services.gitea.stateDir}/custom/public/assets/css/theme-pitchblack.css
chown -R ${git-user}:${git-user} ${config.services.gitea.stateDir}/custom/
'';
};

15
system-modules/nx2site/open-web-calendar.nix Normal file
View File

@@ -0,0 +1,15 @@
{ pkgs, domain, ... }:
{
services = {
open-web-calendar = {
enable = true;
domain = "cal.${domain}";
package = pkgs.open-web-calendar;
settings = {
# PORT = 21342;
};
calendarSettings = {
};
};
};
}

330
system-modules/nx2site/paperless.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, secrets, user, domain, ... }:
{ pkgs, config, secrets, domain, user, ... }:
let paperless-user = "paperless"; in
{
sops.secrets = {
@@ -7,7 +7,10 @@ let paperless-user = "paperless"; in
};
};
users.users."${user}".extraGroups = [ paperless-user ];
users.users = {
"${user}".extraGroups = [ paperless-user ];
"${paperless-user}".extraGroups = [ "redis-paperless" ];
};
services = {
postgresql = {
@@ -19,178 +22,181 @@ let paperless-user = "paperless"; in
};
paperless = {
enable = true;
address = "127.0.0.1";
# address = "0.0.0.0";
port = 8441;
user = paperless-user;
consumptionDirIsPublic = true;
# package = pkgs.paperless-ngx;
# dataDir = "/var/lib/paperless"; # default
# address = "127.0.0.1";
address = "127.0.0.1";
# mediaDir = "${dataDir}/media";
passwordFile = config.sops.secrets."nx2site/paperless.pw".path;
# consumptionDir = "${dataDir}/consume";
# consumptionDirIsPublic = false;
# openMPThreadingWorkaround = true;
settings = {
# PAPERLESS_REDIS = "redis://localhost:6379";
# PAPERLESS_REDIS_PREFIX=""
PAPERLESS_DBENGINE = "postgresql";
# PAPERLESS_DBHOST = "/run/postgresql"; # config.services.postgresql.settings.listen_addresses;
# PAPERLESS_DBPORT = config.services.postgresql.settings.port;
PAPERLESS_DBNAME = paperless-user;
PAPERLESS_DBUSER = paperless-user;
PAPERLESS_DBPASS = secrets.nx2site.paperless.PAPERLESS_DBPASS;
# PAPERLESS_DBSSLMODE=
# PAPERLESS_DBSSLROOTCERT=null; # unset, using the documented path in the home directory.
# PAPERLESS_DBSSLCERT=null; # unset, using the documented path in the home directory.
# PAPERLESS_DBSSLKEY=null; # unset, using the documented path in the home directory.
# PAPERLESS_DB_TIMEOUT=null; # unset, keeping the Django defaults.
# PAPERLESS_TIKA_ENABLED=false
# PAPERLESS_TIKA_ENDPOINT="http://localhost:9998".
# PAPERLESS_TIKA_GOTENBERG_ENDPOINT="http://localhost:3000".
PAPERLESS_CONSUMPTION_DIR = "${config.services.paperless.dataDir}/consume/";
# PAPERLESS_DATA_DIR = "${config.services.paperless.dataDir}/data/";
PAPERLESS_EMPTY_TRASH_DIR ="${config.services.paperless.dataDir}/trash/"; # null = really delete files
# PAPERLESS_MEDIA_ROOT = "${config.services.paperless.dataDir}/media/";
# PAPERLESS_STATICDIR = "${config.services.paperless.dataDir}/static/";
# PAPERLESS_FILENAME_FORMAT=
# PAPERLESS_FILENAME_FORMAT_REMOVE_NONE=
# PAPERLESS_LOGGING_DIR = "${config.services.paperless.dataDir}/log/";
# PAPERLESS_NLTK_DIR =
# PAPERLESS_MODEL_FILE= PAPERLESS_DATA_DIR/classification_model.pickle.
# PAPERLESS_LOGROTATE_MAX_SIZE= 1 MiB.
# PAPERLESS_LOGROTATE_MAX_BACKUPS= 20.
# PAPERLESS_SECRET_KEY=
# PAPERLESS_URL="" # empty string, leaving the other settings unaffected.
# PAPERLESS_CSRF_TRUSTED_ORIGINS=
# PAPERLESS_ALLOWED_HOSTS=
# PAPERLESS_CORS_ALLOWED_HOSTS=
# PAPERLESS_TRUSTED_PROXIES=
# PAPERLESS_FORCE_SCRIPT_NAME=
# PAPERLESS_STATIC_URL= "/static/".
# PAPERLESS_AUTO_LOGIN_USERNAME=null;
PAPERLESS_ADMIN_USER="${user}";
PAPERLESS_ADMIN_MAIL=secrets.email.gmail-online.mail;
# PAPERLESS_ADMIN_PASSWORD=;
# PAPERLESS_COOKIE_PREFIX=
# PAPERLESS_ENABLE_HTTP_REMOTE_USER=
# PAPERLESS_ENABLE_HTTP_REMOTE_USER_API=
# PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME=
# PAPERLESS_LOGOUT_REDIRECT_URL="https://youtu.be/dMN-pjcchrE?si=EcFYvAnbXFkounYR";
# PAPERLESS_USE_X_FORWARD_HOST= false
# PAPERLESS_USE_X_FORWARD_PORT= false
# PAPERLESS_PROXY_SSL_HEADER= null
# PAPERLESS_EMAIL_CERTIFICATE_LOCATION = null;
# PAPERLESS_SOCIALACCOUNT_PROVIDERS=;
# PAPERLESS_SOCIAL_AUTO_SIGNUP = false;
# PAPERLESS_SOCIALACCOUNT_ALLOW_SIGNUPS= True
# PAPERLESS_ACCOUNT_ALLOW_SIGNUPS= False
# PAPERLESS_ACCOUNT_DEFAULT_HTTP_PROTOCOL= 'https'
# PAPERLESS_ACCOUNT_EMAIL_VERIFICATION= 'optional'
# PAPERLESS_DISABLE_REGULAR_LOGIN= False
# PAPERLESS_REDIRECT_LOGIN_TO_SSO= False
# PAPERLESS_ACCOUNT_SESSION_REMEMBER= True
# PAPERLESS_SESSION_COOKIE_AGE= 1209600; # (2 weeks)
PAPERLESS_OCR_LANGUAGE = "eng+deu";
# PAPERLESS_OCR_MODE= "skip";
# PAPERLESS_OCR_SKIP_ARCHIVE_FILE=
# PAPERLESS_OCR_CLEAN= clean.
# PAPERLESS_OCR_DESKEW = true; # which enables this feature.
# PAPERLESS_OCR_ROTATE_PAGES = true; # which enables this feature.
# PAPERLESS_OCR_ROTATE_PAGES_THRESHOLD = "12";
# PAPERLESS_OCR_OUTPUT_TYPE = "pdfa";
# PAPERLESS_OCR_PAGES = null;
# PAPERLESS_OCR_IMAGE_DPI = null;
# PAPERLESS_OCR_MAX_IMAGE_PIXELS=
# PAPERLESS_OCR_COLOR_CONVERSION_STRATEGY=
PAPERLESS_OCR_USER_ARGS = {
optimize = 1;
pdfa_image_compression = "lossless";
};
# PAPERLESS_TASK_WORKERS= 1
# PAPERLESS_THREADS_PER_WORKER=
# PAPERLESS_WORKER_TIMEOUT=
PAPERLESS_TIME_ZONE = "CET";
# PAPERLESS_ENABLE_NLTK=1;
# PAPERLESS_EMAIL_TASK_CRON= */10 * * * * or every ten minutes.
# PAPERLESS_TRAIN_TASK_CRON= 5 */1 * * * or every hour at 5 minutes past the hour.
# PAPERLESS_INDEX_TASK_CRON= 0 0 * * * or daily at midnight.
# PAPERLESS_SANITY_TASK_CRON= 30 0 * * sun or Sunday at 30 minutes past midnight.
# PAPERLESS_ENABLE_COMPRESSION = 1; # enabling compression.
# PAPERLESS_CONVERT_MEMORY_LIMIT = 0; # which disables the limit.
# PAPERLESS_CONVERT_TMPDIR =
# PAPERLESS_APPS = null;
# PAPERLESS_MAX_IMAGE_PIXELS = null;
# PAPERLESS_CONSUMER_DELETE_DUPLICATES= false.
# PAPERLESS_CONSUMER_RECURSIVE= false.
# PAPERLESS_CONSUMER_SUBDIRS_AS_TAGS= false.
PAPERLESS_CONSUMER_IGNORE_PATTERNS = [
".DS_Store"
".DS_STORE"
"._*"
".stfolder/*"
".stversions/*"
".localized/*"
"desktop.ini"
"@eaDir/*"
"Thumbs.db"
];
# PAPERLESS_CONSUMER_BARCODE_SCANNER=
# PAPERLESS_PRE_CONSUME_SCRIPT=
# PAPERLESS_POST_CONSUME_SCRIPT=
# PAPERLESS_FILENAME_DATE_ORDER= none, which disables this feature.
# PAPERLESS_NUMBER_OF_SUGGESTED_DATES= 3. Set to 0 to disable this feature.
# PAPERLESS_THUMBNAIL_FONT_NAME= /usr/share/fonts/liberation/LiberationSerif-Regular.ttf.
# PAPERLESS_IGNORE_DATES="";
# PAPERLESS_DATE_ORDER = "DMY";
# PAPERLESS_ENABLE_GPG_DECRYPTOR = false;
# PAPERLESS_CONSUMER_POLLING = 0; # which disables polling and uses filesystem notifications.
# PAPERLESS_CONSUMER_POLLING_RETRY_COUNT = 5;
# PAPERLESS_CONSUMER_POLLING_DELAY = 5;
# PAPERLESS_CONSUMER_INOTIFY_DELAY= 0.5; # seconds.
# PAPERLESS_OAUTH_CALLBACK_BASE_URL = null;
# PAPERLESS_GMAIL_OAUTH_CLIENT_ID = null;
# PAPERLESS_GMAIL_OAUTH_CLIENT_SECRET = null;
# PAPERLESS_OUTLOOK_OAUTH_CLIENT_ID = null;
# PAPERLESS_OUTLOOK_OAUTH_CLIENT_SECRET = null;
# PAPERLESS_EMAIL_GNUPG_HOME=
# PAPERLESS_CONSUMER_ENABLE_BARCODES=
# PAPERLESS_CONSUMER_BARCODE_TIFF_SUPPORT= false.
# PAPERLESS_CONSUMER_BARCODE_STRING= "PATCHT"
# PAPERLESS_CONSUMER_BARCODE_RETAIN_SPLIT_PAGES= false.
# PAPERLESS_CONSUMER_ENABLE_ASN_BARCODE= false.
# PAPERLESS_CONSUMER_ASN_BARCODE_PREFIX= "ASN"
# PAPERLESS_CONSUMER_BARCODE_UPSCALE= 0.0
# PAPERLESS_CONSUMER_BARCODE_DPI= "300"
# PAPERLESS_CONSUMER_BARCODE_MAX_PAGES= "0"
# PAPERLESS_CONSUMER_ENABLE_TAG_BARCODE= false.
# PAPERLESS_CONSUMER_TAG_BARCODE_MAPPING=
# PAPERLESS_AUDIT_LOG_ENABLED= true.
# PAPERLESS_CONSUMER_ENABLE_COLLATE_DOUBLE_SIDED= false.
# PAPERLESS_CONSUMER_COLLATE_DOUBLE_SIDED_SUBDIR_NAME= "double-sided".
# PAPERLESS_CONSUMER_COLLATE_DOUBLE_SIDED_TIFF_SUPPORT= false.
# PAPERLESS_EMPTY_TRASH_DELAY = 30; # days, minimum of 1 day.
# PAPERLESS_EMPTY_TRASH_TASK_CRON= 0 1 * * *, once per day.
# PAPERLESS_CONVERT_BINARY = "convert".
# PAPERLESS_GS_BINARY = "${pkgs.ghostscript}/bin/gs";
# PAPERLESS_WEBSERVER_WORKERS= 1;
# PAPERLESS_BIND_ADDR= [::], meaning all interfaces, including IPv6.
# PAPERLESS_PORT = config.services.paperless.port;
# PAPERLESS_OCR_LANGUAGES=
# PAPERLESS_ENABLE_FLOWER=
# PAPERLESS_SUPERVISORD_WORKING_DIR=
# PAPERLESS_APP_TITLE = "NxPPL";
# PAPERLESS_APP_LOGO =
# PAPERLESS_ENABLE_UPDATE_CHECK=false;
# PAPERLESS_EMAIL_HOST = "localhost";
# PAPERLESS_EMAIL_PORT= 25.
# PAPERLESS_EMAIL_HOST_USER= "";
# PAPERLESS_EMAIL_FROM=
# PAPERLESS_EMAIL_HOST_PASSWORD = "".
# PAPERLESS_EMAIL_USE_TLS = false.
# PAPERLESS_EMAIL_USE_SSL = false.
# PAPERLESS_REDIS = "redis://localhost:6379";
# PAPERLESS_REDIS_PREFIX=""
# PAPERLESS_DBENGINE = "postgresql";
PAPERLESS_DBHOST = "/run/postgresql";
# PAPERLESS_DBHOST = config.services.postgresql.settings.listen_addresses;
# PAPERLESS_DBPORT = config.services.postgresql.settings.port;
# PAPERLESS_DBNAME = paperless-user;
# PAPERLESS_DBUSER = paperless-user;
PAPERLESS_DBPASS = secrets.nx2site.paperless.PAPERLESS_DBPASS;
# PAPERLESS_DBSSLMODE=
# PAPERLESS_DBSSLROOTCERT=null; # unset, using the documented path in the home directory.
# PAPERLESS_DBSSLCERT=null; # unset, using the documented path in the home directory.
# PAPERLESS_DBSSLKEY=null; # unset, using the documented path in the home directory.
# PAPERLESS_DB_TIMEOUT=null; # unset, keeping the Django defaults.
# PAPERLESS_TIKA_ENABLED=false
# PAPERLESS_TIKA_ENDPOINT="http://localhost:9998".
# PAPERLESS_TIKA_GOTENBERG_ENDPOINT="http://localhost:3000".
PAPERLESS_CONSUMPTION_DIR = "${config.services.paperless.dataDir}/consume/";
# PAPERLESS_DATA_DIR = "${config.services.paperless.dataDir}/data/";
# PAPERLESS_MEDIA_ROOT = "${config.services.paperless.dataDir}/media/";
# PAPERLESS_STATICDIR = "${config.services.paperless.dataDir}/static/";
# PAPERLESS_FILENAME_FORMAT=
# PAPERLESS_FILENAME_FORMAT_REMOVE_NONE=
# PAPERLESS_LOGGING_DIR = "${config.services.paperless.dataDir}/log/";
# PAPERLESS_NLTK_DIR =
# PAPERLESS_MODEL_FILE= PAPERLESS_DATA_DIR/classification_model.pickle.
# PAPERLESS_LOGROTATE_MAX_SIZE= 1 MiB.
# PAPERLESS_LOGROTATE_MAX_BACKUPS= 20.
# PAPERLESS_SECRET_KEY=
PAPERLESS_URL = "https://doc.${domain}";
# PAPERLESS_CSRF_TRUSTED_ORIGINS=
# PAPERLESS_ALLOWED_HOSTS=
# PAPERLESS_CORS_ALLOWED_HOSTS=
# PAPERLESS_TRUSTED_PROXIES=
# PAPERLESS_FORCE_SCRIPT_NAME=
# PAPERLESS_STATIC_URL= "/static/".
# PAPERLESS_AUTO_LOGIN_USERNAME=null;
# PAPERLESS_ADMIN_USER="${user}";
# PAPERLESS_ADMIN_MAIL=secrets.email.gmail-online.mail;
# PAPERLESS_ADMIN_PASSWORD=;
# PAPERLESS_COOKIE_PREFIX=
# PAPERLESS_ENABLE_HTTP_REMOTE_USER=
# PAPERLESS_ENABLE_HTTP_REMOTE_USER_API=
# PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME=
# PAPERLESS_LOGOUT_REDIRECT_URL="https://youtu.be/dMN-pjcchrE?si=EcFYvAnbXFkounYR";
# PAPERLESS_USE_X_FORWARD_HOST= false
# PAPERLESS_USE_X_FORWARD_PORT= false
# PAPERLESS_PROXY_SSL_HEADER= null
# PAPERLESS_EMAIL_CERTIFICATE_LOCATION = null;
# PAPERLESS_SOCIALACCOUNT_PROVIDERS=;
# PAPERLESS_SOCIAL_AUTO_SIGNUP = false;
# PAPERLESS_SOCIALACCOUNT_ALLOW_SIGNUPS= True
# PAPERLESS_ACCOUNT_ALLOW_SIGNUPS= False
# PAPERLESS_ACCOUNT_DEFAULT_HTTP_PROTOCOL= 'https'
# PAPERLESS_ACCOUNT_EMAIL_VERIFICATION= 'optional'
# PAPERLESS_DISABLE_REGULAR_LOGIN= False
# PAPERLESS_REDIRECT_LOGIN_TO_SSO= False
# PAPERLESS_ACCOUNT_SESSION_REMEMBER= True
# PAPERLESS_SESSION_COOKIE_AGE= 1209600; # (2 weeks)
PAPERLESS_OCR_LANGUAGE = "eng+deu";
# PAPERLESS_OCR_MODE= "skip";
# PAPERLESS_OCR_SKIP_ARCHIVE_FILE=
# PAPERLESS_OCR_CLEAN= clean.
# PAPERLESS_OCR_DESKEW = true; # which enables this feature.
# PAPERLESS_OCR_ROTATE_PAGES = true; # which enables this feature.
# PAPERLESS_OCR_ROTATE_PAGES_THRESHOLD = "12";
# PAPERLESS_OCR_OUTPUT_TYPE = "pdfa";
# PAPERLESS_OCR_PAGES = null;
# PAPERLESS_OCR_IMAGE_DPI = null;
# PAPERLESS_OCR_MAX_IMAGE_PIXELS=
# PAPERLESS_OCR_COLOR_CONVERSION_STRATEGY=
PAPERLESS_OCR_USER_ARGS = {
optimize = 1;
pdfa_image_compression = "lossless";
};
# PAPERLESS_TASK_WORKERS= 1
# PAPERLESS_THREADS_PER_WORKER=
# PAPERLESS_WORKER_TIMEOUT=
PAPERLESS_TIME_ZONE = "CET";
# PAPERLESS_ENABLE_NLTK=1;
# PAPERLESS_EMAIL_TASK_CRON= */10 * * * * or every ten minutes.
# PAPERLESS_TRAIN_TASK_CRON= 5 */1 * * * or every hour at 5 minutes past the hour.
# PAPERLESS_INDEX_TASK_CRON= 0 0 * * * or daily at midnight.
# PAPERLESS_SANITY_TASK_CRON= 30 0 * * sun or Sunday at 30 minutes past midnight.
# PAPERLESS_ENABLE_COMPRESSION = 1; # enabling compression.
# PAPERLESS_CONVERT_MEMORY_LIMIT = 0; # which disables the limit.
# PAPERLESS_CONVERT_TMPDIR =
# PAPERLESS_APPS = null;
# PAPERLESS_MAX_IMAGE_PIXELS = null;
# PAPERLESS_CONSUMER_DELETE_DUPLICATES= false.
# PAPERLESS_CONSUMER_RECURSIVE= false.
# PAPERLESS_CONSUMER_SUBDIRS_AS_TAGS= false.
PAPERLESS_CONSUMER_IGNORE_PATTERNS = [
".DS_Store"
".DS_STORE"
"._*"
".stfolder/*"
".stversions/*"
".localized/*"
"desktop.ini"
"@eaDir/*"
"Thumbs.db"
];
# PAPERLESS_CONSUMER_BARCODE_SCANNER=
# PAPERLESS_PRE_CONSUME_SCRIPT=
# PAPERLESS_POST_CONSUME_SCRIPT=
# PAPERLESS_FILENAME_DATE_ORDER= none, which disables this feature.
# PAPERLESS_NUMBER_OF_SUGGESTED_DATES= 3. Set to 0 to disable this feature.
# PAPERLESS_THUMBNAIL_FONT_NAME= /usr/share/fonts/liberation/LiberationSerif-Regular.ttf.
# PAPERLESS_IGNORE_DATES="";
# PAPERLESS_DATE_ORDER = "DMY";
# PAPERLESS_ENABLE_GPG_DECRYPTOR = false;
# PAPERLESS_CONSUMER_POLLING = 0; # which disables polling and uses filesystem notifications.
# PAPERLESS_CONSUMER_POLLING_RETRY_COUNT = 5;
# PAPERLESS_CONSUMER_POLLING_DELAY = 5;
# PAPERLESS_CONSUMER_INOTIFY_DELAY= 0.5; # seconds.
# PAPERLESS_OAUTH_CALLBACK_BASE_URL = null;
# PAPERLESS_GMAIL_OAUTH_CLIENT_ID = null;
# PAPERLESS_GMAIL_OAUTH_CLIENT_SECRET = null;
# PAPERLESS_OUTLOOK_OAUTH_CLIENT_ID = null;
# PAPERLESS_OUTLOOK_OAUTH_CLIENT_SECRET = null;
# PAPERLESS_EMAIL_GNUPG_HOME=
# PAPERLESS_CONSUMER_ENABLE_BARCODES=
# PAPERLESS_CONSUMER_BARCODE_TIFF_SUPPORT= false.
# PAPERLESS_CONSUMER_BARCODE_STRING= "PATCHT"
# PAPERLESS_CONSUMER_BARCODE_RETAIN_SPLIT_PAGES= false.
# PAPERLESS_CONSUMER_ENABLE_ASN_BARCODE= false.
# PAPERLESS_CONSUMER_ASN_BARCODE_PREFIX= "ASN"
# PAPERLESS_CONSUMER_BARCODE_UPSCALE= 0.0
# PAPERLESS_CONSUMER_BARCODE_DPI= "300"
# PAPERLESS_CONSUMER_BARCODE_MAX_PAGES= "0"
# PAPERLESS_CONSUMER_ENABLE_TAG_BARCODE= false.
# PAPERLESS_CONSUMER_TAG_BARCODE_MAPPING=
# PAPERLESS_AUDIT_LOG_ENABLED= true.
# PAPERLESS_CONSUMER_ENABLE_COLLATE_DOUBLE_SIDED= false.
# PAPERLESS_CONSUMER_COLLATE_DOUBLE_SIDED_SUBDIR_NAME= "double-sided".
# PAPERLESS_CONSUMER_COLLATE_DOUBLE_SIDED_TIFF_SUPPORT= false.
PAPERLESS_EMPTY_TRASH_DELAY = 30; # days, minimum of 1 day.
# PAPERLESS_EMPTY_TRASH_TASK_CRON= 0 1 * * *, once per day.
# PAPERLESS_CONVERT_BINARY = "convert".
PAPERLESS_GS_BINARY = "${pkgs.ghostscript}/bin/gs";
# PAPERLESS_WEBSERVER_WORKERS= 1;
# PAPERLESS_BIND_ADDR= [::], meaning all interfaces, including IPv6.
# PAPERLESS_PORT = config.services.paperless.port;
# PAPERLESS_OCR_LANGUAGES=
# PAPERLESS_ENABLE_FLOWER=
# PAPERLESS_SUPERVISORD_WORKING_DIR=
PAPERLESS_APP_TITLE = "NxPPL";
# PAPERLESS_APP_LOGO =
# PAPERLESS_ENABLE_UPDATE_CHECK=false;
# PAPERLESS_EMAIL_HOST = "localhost";
# PAPERLESS_EMAIL_PORT= 25.
# PAPERLESS_EMAIL_HOST_USER= "";
# PAPERLESS_EMAIL_FROM=
# PAPERLESS_EMAIL_HOST_PASSWORD = "".
# PAPERLESS_EMAIL_USE_TLS = false.
# PAPERLESS_EMAIL_USE_SSL = false.
};
};
};
systemd.services.paperless-web.after = [ "postgresql.service" ];
systemd.services.paperless-task-queue.after = [ "postgresql.service" ];
systemd.services.paperless-consumer.after = [ "postgresql.service" ];
systemd.services.paperless-sceduler.after = [ "postgresql.service" ];
}

21
system-modules/nx2site/proxy.nix
View File

@@ -14,7 +14,7 @@
};
certs = {
"${domain}" = {
extraDomainNames = builtins.map (subd: "${subd}.${domain}") [ "git" "pw" "sync" ];
extraDomainNames = builtins.map (subd: "${subd}.${domain}") [ "sync" ];
};
};
};
@@ -140,9 +140,24 @@
listen = dl;
locations = { "/" = { proxyPass = "http://127.0.0.1:5232"; }; };
});
"nc.${domain}" = vh // {
# directly to nc
# "nc.${domain}" = vh // {
# # directly to nc
# };
"abs.${domain}" = vh // {
listen = dl;
locations = { "/" = {
proxyPass = "http://127.0.0.1:${builtins.toString config.services.audiobookshelf.port}";
proxyWebsockets = true;
}; };
};
# is done atomatically
# "cal.${domain}" = vh // {
# listen = dl;
# locations = { "/" = {
# proxyPass = "http://unix:///run/open-web-calendar/socket";
# proxyWebsockets = true;
# }; };
# };
"~^(.*).${domain}$" = {
listen = dl;
root = "/var/nginx/webroot";

20
system-modules/nx2site/rallly.nix Normal file
View File

@@ -0,0 +1,20 @@
{ pkgs, ... }:
{
environment.systemPackages = [
(pkgs.mkYarnPackage {
name = "rallly";
src = pkgs.fetchFromGitHub {
owner = "lukevella";
repo = "rallly";
rev = "v3.11.2";
hash = "sha256-ej6Y0ouiheoH6dSBWsSIW6qt9UvsLh9ODDQA5Fqt3zs=";
};
packageJson = ./package.json;
yarnLock = ./yarn.lock;
yarnNix = ./yarn.nix;
# patchPhase = /* shell */ ''
# cp ........ ?
# '';
})
];
}

0
system-modules/ollama.nix Executable file → Normal file
View File

5
system-modules/postgres.nix
View File

@@ -26,6 +26,7 @@
ensureDatabases = [
"gitea"
"vaultwarden"
"paperless"
"nextcloud"
];
settings = {
@@ -49,6 +50,10 @@
name = "nextcloud";
ensureDBOwnership = true;
}
{
name = "paperless";
ensureDBOwnership = true;
}
];
};
postgresqlBackup = {

0
system-modules/sound.nix Executable file → Normal file
View File

1
system-modules/users.nix Executable file → Normal file
View File

@@ -23,6 +23,7 @@
"adbusers"
"postgres"
"radicale"
"audiobookshelf"
"nextcloud"
];
useDefaultShell = true;

0
system-modules/virtualisation.nix Executable file → Normal file
View File