diff --git a/flake.lock b/flake.lock index 0c1b965..ee428c0 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1725234343, - "narHash": "sha256-+ebgonl3NbiKD2UD0x4BszCZQ6sTfL4xioaM49o5B3Y=", + "lastModified": 1722555600, + "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "567b938d64d4b4112ee253b9274472dc3a346eb6", + "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1725180166, - "narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=", + "lastModified": 1724435763, + "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", "owner": "nix-community", "repo": "home-manager", - "rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb", + "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725432240, - "narHash": "sha256-+yj+xgsfZaErbfYM3T+QvEE2hU7UuE+Jf0fJCJ8uPS0=", + "lastModified": 1724479785, + "narHash": "sha256-pP3Azj5d6M5nmG68Fu4JqZmdGt4S4vqI5f8te+E/FTw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ad416d066ca1222956472ab7d0555a6946746a80", + "rev": "d0e1602ddde669d5beb01aec49d71a51937ed7be", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1725551138, - "narHash": "sha256-4tSFz+wu2NvB41MLF68PDLM3gu8lg1hjgtgikbRq6Zo=", + "lastModified": 1724704503, + "narHash": "sha256-QcZKCI9d5UNuQt6UFQSNhQwzXnXDF8jgCy7julsbnvg=", "owner": "nix-community", "repo": "NUR", - "rev": "06bc57134f691188397ebeffa9b88552cc8090d3", + "rev": "6b1fa8a8dec17eb73962a0eac8e04f2df1439448", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1725513492, - "narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=", + "lastModified": 1724440431, + "narHash": "sha256-9etXEOUtzeMgqg1u0wp+EdwG7RpmrAZ2yX516bMj2aE=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "7570de7b9b504cfe92025dd1be797bf546f66528", + "rev": "c8a54057aae480c56e28ef3e14e4960628ac495b", "type": "github" }, "original": { diff --git a/hosts/nixos/porthos/secrets/pdf-edit/login.age b/hosts/nixos/porthos/secrets/pdf-edit/login.age deleted file mode 100644 index 7f13f88..0000000 --- a/hosts/nixos/porthos/secrets/pdf-edit/login.age +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 cKojmg VYlHgHSLpfKb5bn1XA3aCpfX7M23DgbraLxxOfo9PDk -Rj+mDvAsWX3WwpuhTrOubmo17j/aud5+P87df5bosBA --> ssh-ed25519 jPowng o9ZFaYrITZ6DjWw07Vk/+TkuU187/ytlEK4sw7G32G4 -zmxlpDvDDEgQFqBVARXeX1ABhvfJ4uAHfa6mIxXzjAY ---- k/d9FWW8/OSo8EllwOBV74pZyX918u54jEljGk3ATUc -4+2{hE7!ҭGA`ׁ_@ߗR_6JL4v,6%#^  BOF|7ܽL]jR -B۾as]xS pbo#J1Q=t}5>O{+. M"7ey \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix index a8a9819..a9b9c51 100644 --- a/hosts/nixos/porthos/secrets/secrets.nix +++ b/hosts/nixos/porthos/secrets/secrets.nix @@ -77,8 +77,6 @@ in "paperless/password.age".publicKeys = all; "paperless/secret-key.age".publicKeys = all; - "pdf-edit/login.age".publicKeys = all; - "podgrab/password.age".publicKeys = all; "pyload/credentials.age".publicKeys = all; diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index 1211ee6..e877c8f 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -26,7 +26,6 @@ ./nginx ./nix-cache ./paperless - ./pdf-edit ./podgrab ./postgresql ./postgresql-backup diff --git a/modules/nixos/services/pdf-edit/default.nix b/modules/nixos/services/pdf-edit/default.nix deleted file mode 100644 index d59507b..0000000 --- a/modules/nixos/services/pdf-edit/default.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.my.services.pdf-edit; -in -{ - options.my.services.pdf-edit = with lib; { - enable = mkEnableOption "PDF edition service"; - - port = mkOption { - type = types.port; - default = 8089; - example = 8080; - description = "Internal port for webui"; - }; - - loginFile = mkOption { - type = types.str; - example = "/run/secrets/pdf-edit/login.env"; - description = '' - `SECURITY_INITIALLOGIN_USERNAME` and `SECURITY_INITIALLOGIN_PASSWORD` - defined in the format of 'EnvironmentFile' (see `systemd.exec(5)`). - ''; - }; - }; - - config = lib.mkIf cfg.enable { - services.stirling-pdf = lib.mkIf cfg.enable { - enable = true; - - environment = { - SERVER_PORT = cfg.port; - SECURITY_CSRFDISABLED = "false"; - - SYSTEM_SHOWUPDATE = "false"; # We don't care about update notifications - INSTALL_BOOK_AND_ADVANCED_HTML_OPS = "true"; # Installed by the module - - SECURITY_ENABLELOGIN = "true"; - SECURITY_LOGINATTEMPTCOUNT = "-1"; # Rely on fail2ban instead - }; - - environmentFiles = [ cfg.loginFile ]; - }; - - my.services.nginx.virtualHosts = { - pdf-edit = { - inherit (cfg) port; - - extraConfig = { - # Allow upload of PDF files up to 1G - locations."/".extraConfig = '' - client_max_body_size 1G; - ''; - }; - }; - }; - - services.fail2ban.jails = { - stirling-pdf = '' - enabled = true - filter = stirling-pdf - port = http,https - ''; - }; - - environment.etc = { - "fail2ban/filter.d/stirling-pdf.conf".text = '' - [Definition] - failregex = ^.*Failed login attempt from IP: $ - journalmatch = _SYSTEMD_UNIT=stirling-pdf.service - ''; - }; - }; -}