hswaw/machines/printmaster.waw.hackerspace.pl/scanning.nix - hscloud - Gitiles

 { pkgs, ...}:

 {
   # Samba server exposed for Brother scanner - exposed on http://printmaster.waw.hackerspace.pl/brother/
   services.samba = {
     enable = true;
     securityType = "user";
     openFirewall = true;
     extraConfig = ''
       workgroup = WORKGROUP
       client min protocol = NT1
       server min protocol = NT1

       server string = printmaster
       netbios name = printmaster

       # note: localhost is the ipv6 localhost ::1
       hosts allow = 10.8.1. 10.8.0. 127.0.0.1 localhost
       hosts deny = 0.0.0.0/0
       guest account = nobody
       map to guest = bad user
     '';

     shares = {
       brother = {
         path = "/run/brother";
         browseable = "yes";
         "read only" = "no";
         "guest ok" = "yes";
         "create mask" = "0644";
         "directory mask" = "0755";
         "force user" = "nobody";
         "force group" = "nogroup";
       };
     };
   };

   services.nginx = {
     enable = true;

     virtualHosts."label.waw.hackerspace.pl" = {
       locations."/".return = "302 https://label.hackerspace.pl$request_uri";
     };

     virtualHosts."printmaster.waw.hackerspace.pl" = {
       locations."/".root = pkgs.fetchzip {
         url = "https://hackerspace.pl/~informatic/printmaster.tgz";
         hash = "sha256-ngii2ejrdxNNasHVoB5sXFaSxBbPySvA4jSlBdvMkNg=";
       };

       locations."/brother/" = {
         alias = "/run/brother/";
         extraConfig = "autoindex on;";
       };

       locations."/printers/" = {
         proxyPass = "http://127.0.0.1:631";
         recommendedProxySettings = true;
       };
     };
   };

   systemd.tmpfiles.rules = [
       "d /run/brother 1777 nobody nogroup 1d"
   ];

   # FTP-to-mail proxy used for paperless
   systemd.services.ftpserver = let ftpserver-bin = pkgs.fetchzip {
       url = "https://github.com/fclairamb/ftpserver/releases/download/v0.13.0/ftpserver_0.13.0_linux_arm64.tar.gz";
       hash = "sha256-HMaE2vM4HpD80aUxt5mI0ZUexHT7XEOJPnHqwO+W01Q=";
       stripRoot = false;
     }; in {
     # TODO move ftpserver.json to secrets
     script = ''
       ${ftpserver-bin}/ftpserver -conf /etc/ftpserver.json
     '';

     after = [ "network.target" ];
     wantedBy = [ "multi-user.target" ];
   };

   networking.firewall.allowedTCPPorts = [
     # ftpserver
     2121

     # nginx
     80
   ];
 }
	{ pkgs, ...}:

	{
	# Samba server exposed for Brother scanner - exposed on http://printmaster.waw.hackerspace.pl/brother/
	services.samba = {
	enable = true;
	securityType = "user";
	openFirewall = true;
	extraConfig = ''
	workgroup = WORKGROUP
	client min protocol = NT1
	server min protocol = NT1

	server string = printmaster
	netbios name = printmaster

	# note: localhost is the ipv6 localhost ::1
	hosts allow = 10.8.1. 10.8.0. 127.0.0.1 localhost
	hosts deny = 0.0.0.0/0
	guest account = nobody
	map to guest = bad user
	'';

	shares = {
	brother = {
	path = "/run/brother";
	browseable = "yes";
	"read only" = "no";
	"guest ok" = "yes";
	"create mask" = "0644";
	"directory mask" = "0755";
	"force user" = "nobody";
	"force group" = "nogroup";
	};
	};
	};

	services.nginx = {
	enable = true;

	virtualHosts."label.waw.hackerspace.pl" = {
	locations."/".return = "302 https://label.hackerspace.pl$request_uri";
	};

	virtualHosts."printmaster.waw.hackerspace.pl" = {
	locations."/".root = pkgs.fetchzip {
	url = "https://hackerspace.pl/~informatic/printmaster.tgz";
	hash = "sha256-ngii2ejrdxNNasHVoB5sXFaSxBbPySvA4jSlBdvMkNg=";
	};

	locations."/brother/" = {
	alias = "/run/brother/";
	extraConfig = "autoindex on;";
	};

	locations."/printers/" = {
	proxyPass = "http://127.0.0.1:631";
	recommendedProxySettings = true;
	};
	};
	};

	systemd.tmpfiles.rules = [
	"d /run/brother 1777 nobody nogroup 1d"
	];

	# FTP-to-mail proxy used for paperless
	systemd.services.ftpserver = let ftpserver-bin = pkgs.fetchzip {
	url = "https://github.com/fclairamb/ftpserver/releases/download/v0.13.0/ftpserver_0.13.0_linux_arm64.tar.gz";
	hash = "sha256-HMaE2vM4HpD80aUxt5mI0ZUexHT7XEOJPnHqwO+W01Q=";
	stripRoot = false;
	}; in {
	# TODO move ftpserver.json to secrets
	script = ''
	${ftpserver-bin}/ftpserver -conf /etc/ftpserver.json
	'';

	after = [ "network.target" ];
	wantedBy = [ "multi-user.target" ];
	};

	networking.firewall.allowedTCPPorts = [
	# ftpserver
	2121

	# nginx
	80
	];
	}