{ config, pkgs, ... }: let localhost = "127.0.0.1"; postgresSocket = "/run/postgresql"; in { disabledModules = [ "services/web-apps/shiori.nix" ]; imports = [ ./nginx.nix ../../pkgs/shiori/shiori-service.nix ]; nixpkgs.config = { permittedInsecurePackages = [ "nodejs-14.21.3" "openssl-1.1.1v" ]; }; environment.systemPackages = [ # Upgrades postgres (let # XXX specify the postgresql package you'd like to upgrade to. # Do not forget to list the extensions you need. newPostgres = pkgs.postgresql_16.withPackages (pp: [ # pp.plv8 ]); in pkgs.writeScriptBin "upgrade-pg-cluster" '' set -eux # XXX it's perhaps advisable to stop all services that depend on postgresql systemctl stop postgresql export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}" export NEWBIN="${newPostgres}/bin" export OLDDATA="${config.services.postgresql.dataDir}" export OLDBIN="${config.services.postgresql.package}/bin" install -d -m 0700 -o postgres -g postgres "$NEWDATA" cd "$NEWDATA" sudo -u postgres $NEWBIN/initdb -D "$NEWDATA" sudo -u postgres $NEWBIN/pg_upgrade \ --old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \ --old-bindir $OLDBIN --new-bindir $NEWBIN \ "$@" '') ]; users.groups = { piracy.gid = 985; }; users.users = let base = { isSystemUser = true; }; in { # # prowlarr = base // { group = "piracy"; }; # # kavita = base // { # # group = "kavita"; # # extraGroups = [ "piracy" ]; # # }; nextcloud = base // { extraGroups = [ "render" ]; packages = (with pkgs; [ nodejs (python3.withPackages (ps: with ps; [ tensorflow ])) perl (perlPackages.buildPerlPackage rec { pname = "Image-ExifTool"; version = "12.70"; src = fetchurl { url = "https://exiftool.org/Image-ExifTool-${version}.tar.gz"; hash = "sha256-TLJSJEXMPj870TkExq6uraX8Wl4kmNerrSlX3LQsr/4="; }; }) ]); }; }; programs = { msmtp = { enable = true; accounts.default = { auth = true; host = "smtp.gmail.com"; port = 587; tls = true; from = "stunner6399@gmail.com"; user = "stunner6399@gmail.com"; password = "eqyctcgjdykqeuwt"; }; }; }; services = let base = { enable = true; group = "piracy"; }; in { # sonarr = base // { package = pkgs.sonarr; }; # radarr = base // { package = pkgs.radarr; }; # bazarr = base // { }; jellyfin = base // { }; # prowlarr.enable = true; # jira.enable = true; microbin = { enable = true; settings = { MICROBIN_HIDE_LOGO = false; MICROBIN_PORT = 8080; MICROBIN_HIGHLIGHTSYNTAX = true; MICROBIN_PRIVATE = true; MICROBIN_QR = true; MICROBIN_ENCRYPTION_CLIENT_SIDE = true; MICROBIN_ENCRYPTION_SERVER_SIDE = true; }; }; shiori = { enable = true; port = 4368; package = pkgs.callPackage ../../pkgs/shiori/shiori.nix { }; httpSecretKey = "password"; databaseUrl = "postgres:///shiori?host=${postgresSocket}"; }; # audiobookshelf = { # enable = true; # group = "piracy"; # port = 5687; # }; paperless = { enable = true; address = "0.0.0.0"; consumptionDirIsPublic = true; consumptionDir = "/mnt/pool/scans/"; settings = { PAPERLESS_DBENGINE = "postgress"; PAPERLESS_DBNAME = "paperless"; PAPERLESS_DBHOST = postgresSocket; PAPERLESS_CONSUMER_IGNORE_PATTERN = builtins.toJSON [ ".DS_STORE/*" "desktop.ini" ]; PAPERLESS_TIME_ZONE = "America/Mexico_City"; PAPERLESS_OCR_USER_ARGS = builtins.toJSON { optimize = 1; pdfa_image_compression = "lossless"; }; }; }; vaultwarden = { enable = true; dbBackend = "postgresql"; package = pkgs.vaultwarden; environmentFile = "/var/lib/vaultwarden.env"; config = { ROCKET_ADDRESS = "${localhost}"; ROCKET_PORT = 8222; WEBSOCKET_PORT = 8333; DATABASE_URL = "postgresql:///vaultwarden?host=${postgresSocket}"; ENABLE_DB_WAL = false; WEBSOCKET_ENABLED = true; SHOW_PASSWORD_HINT = false; SIGNUPS_ALLOWED = false; EXTENDED_LOGGING = true; LOG_LEVEL = "warn"; }; }; # kavita = { # enable = true; # tokenKeyFile = "${pkgs.writeText "kavitaToken" # "Au002BRkRxBjlQrmWSuXWTGUcpXZjzMo2nJ0Z4g4OZ1S4c2zp6oaesGUXzKp2mhvOwjju002BNoURG3CRIE2qnGybvOgAlDxAZCPBzSNRcx6RJ1lFRgvI8wQR6Nd5ivYX0RMo4S8yOH8XIDhzN6vNo31rCjyv2IycX0JqiJPIovfbvXn9Y="}"; # }; nextcloud = { enable = true; https = true; package = pkgs.nextcloud29; appstoreEnable = true; configureRedis = true; extraAppsEnable = true; enableImagemagick = true; maxUploadSize = "16G"; hostName = "cloud.servidos.lat"; extraApps = { inherit (config.services.nextcloud.package.packages.apps) calendar; }; config = { adminpassFile = "${pkgs.writeText "adminpass" "Overlying-Hatchback-Charting-Encounter-Deface-Gallantly7"}"; dbtype = "pgsql"; dbhost = postgresSocket; dbtableprefix = "oc_"; dbname = "nextcloud"; }; phpOptions = { catch_workers_output = "yes"; display_errors = "stderr"; error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT"; expose_php = "Off"; "opcache.enable_cli" = "1"; "opcache.fast_shutdown" = "1"; "opcache.interned_strings_buffer" = "16"; "opcache.jit" = "1255"; "opcache.jit_buffer_size" = "256M"; "opcache.max_accelerated_files" = "10000"; "opcache.huge_code_pages" = "1"; "opcache.enable_file_override" = "1"; "opcache.memory_consumption" = "128"; "opcache.revalidate_freq" = "60"; "opcache.save_comments" = "1"; "opcache.validate_timestamps" = "0"; "openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt"; short_open_tag = "Off"; }; settings = { log_type = "file"; log_level = 3; trusted_proxies = [ "nginx" ]; trusted_domains = [ "cloud.rotehaare.art" "danilo-reyes.com" ]; overwrite_protocol = "https"; default_phone_region = "MX"; "allow_local_remote_servers" = true; mail_smtpmode = "sendmail"; mail_sendmailmode = "pipe"; "installed" = true; "memories.exiftool" = "/etc/profiles/per-user/nextcloud/bin/exiftool"; enabledPreviewProviders = [ "OC\\Preview\\Image" "OC\\Preview\\HEIC" "OC\\Preview\\TIFF" "OC\\Preview\\MKV" "OC\\Preview\\MP4" "OC\\Preview\\AVI" "OC\\Preview\\Movie" ]; }; phpExtraExtensions = all: [ all.pdlib all.bz2 ]; }; postgresql = let dbNames = [ "jawz" "paperless" "nextcloud" "ryot" "vaultwarden" "shiori" ]; in { enable = true; ensureDatabases = dbNames; package = pkgs.postgresql_16; ensureUsers = map (name: { name = name; ensureDBOwnership = true; }) dbNames; authentication = pkgs.lib.mkOverride 10 '' local all all trust host all all ${localhost}/32 trust host all all ::1/128 trust ''; }; }; systemd = { services = { nextcloud-cron = { path = [ pkgs.perl ]; }; # sub-sync = { # restartIfChanged = true; # description = "syncronizes subtitles downloaded & modified today"; # wantedBy = [ "default.target" ]; # path = [ pkgs.bash pkgs.nix jawzSubs ]; # serviceConfig = { # Restart = "on-failure"; # RestartSec = 30; # ExecStart = "${jawzSubs}/bin/sub-sync all"; # Type = "forking"; # User = "root"; # }; # }; nextcloud-cronjob = let nextcloud-cronjob = pkgs.writeScriptBin "nextcloud-cronjob" (builtins.readFile ../../scripts/nextcloud-cronjob.sh); in { description = "Runs various nextcloud-related cronjobs"; wantedBy = [ "multi-user.target" ]; path = [ pkgs.bash nextcloud-cronjob ]; serviceConfig = { Restart = "on-failure"; RestartSec = 30; ExecStart = "${nextcloud-cronjob}/bin/nextcloud-cronjob"; }; }; }; timers = { nextcloud-cronjob = { enable = true; description = "Runs various nextcloud-related cronjobs"; wantedBy = [ "timers.target" ]; timerConfig = { OnCalendar = "*:0/10"; }; }; # sub-sync = { # enable = true; # description = "syncronizes subtitles downloaded & modified today"; # wantedBy = [ "timers.target" ]; # timerConfig = { OnCalendar = "22:00"; }; # }; }; }; networking = { firewall = let open_firewall_ports = [ config.services.paperless.port ]; in { enable = true; allowedTCPPorts = open_firewall_ports; allowedUDPPorts = open_firewall_ports; }; }; }