46 lines
1.5 KiB
Nix
46 lines
1.5 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
let cfg = config.services.yorick.paperless;
|
|
in {
|
|
options.services.yorick.paperless = with lib; {
|
|
enable = mkEnableOption "yorick paperless";
|
|
openFirewall = mkEnableOption "open firewall for scanner";
|
|
scanner_ip = mkOption {
|
|
type = types.str;
|
|
};
|
|
};
|
|
config = lib.mkIf cfg.enable {
|
|
networking.firewall = lib.mkIf cfg.openFirewall {
|
|
connectionTrackingModules = [ "ftp" ];
|
|
extraCommands = ''
|
|
iptables -t raw -A PREROUTING -i eno1 -s ${cfg.scanner_ip}/32 -p tcp --dport 21 -j CT --helper ftp
|
|
iptables -A nixos-fw -p tcp -m tcp --dport 21 -s ${cfg.scanner_ip}/32 -j nixos-fw-accept
|
|
'';
|
|
extraStopCommands = ''
|
|
iptables -t raw -D PREROUTING -i eno1 -s ${cfg.scanner_ip}/32 -p tcp --dport 21 -j CT --helper ftp
|
|
iptables -D nixos-fw -p tcp -m tcp --dport 21 -s ${cfg.scanner_ip}/32 -j nixos-fw-accept
|
|
'';
|
|
};
|
|
|
|
users.users.ads1600w = {
|
|
home = "/var/ads1600w";
|
|
group = "ads1600w";
|
|
initialHashedPassword =
|
|
"$6$q7E6hnTHHt9v.$OHZjuWISanANGwfhznWwfDlHAqbXBjqcr/q0lGe9ff2r.X9xCSoLP4giME5J9WoEUNuWssMLGBPMfXowBjXg70";
|
|
isSystemUser = true;
|
|
shell = "${pkgs.shadow}/bin/nologin";
|
|
createHome = true;
|
|
};
|
|
users.groups.ads1600w = { };
|
|
|
|
services.vsftpd = {
|
|
enable = true;
|
|
localUsers = true;
|
|
writeEnable = true;
|
|
chrootlocalUser = true;
|
|
allowWriteableChroot = true;
|
|
userlist = [ "ads1600w" ];
|
|
};
|
|
# todo: back up this dir
|
|
};
|
|
}
|