tailscale stuff

2022-07-11 15:15:09 +02:00 · 2022-07-11 15:15:09 +02:00 · ba7f19a5bf
commit ba7f19a5bf
parent c2c03c4260
5 changed files with 115 additions and 112 deletions
--- a/hosts/ds9/default.nix
+++ b/hosts/ds9/default.nix
@ -115,68 +115,68 @@ in
    </service-group>
  '';
  # Webhook service to trigger scanning the ADF from HomeAssistant
-  systemd.services.scanhook = {
-    description = "webhook go server to trigger scanning";
-    documentation = [ "https://github.com/adnanh/webhook" ];
-    wantedBy = [ "multi-user.target" ];
-    path = with pkgs; [ bash ];
-    serviceConfig = {
-      TemporaryFileSystem = "/:ro";
-      BindReadOnlyPaths = [
-        "/nix/store"
-        "-/etc/resolv.conf"
-        "-/etc/nsswitch.conf"
-        "-/etc/hosts"
-        "-/etc/localtime"
-      ];
-      BindPaths = [
-        "/data/applications/paperless-consumption"
-      ];
-      LockPersonality = true;
-      NoNewPrivileges = true;
-      PrivateMounts = true;
-      PrivateTmp = true;
-      PrivateUsers = true;
-      ProcSubset = "pid";
-      ProtectHome = true;
-      ProtectControlGroups = true;
-      ProtectKernelLogs = true;
-      ProtectKernelModules = true;
-      ProtectKernelTunables = true;
-      ProtectProc = "invisible";
-      RestrictNamespaces = true;
-      RestrictRealtime = true;
-      RestrictSUIDSGID = true;
-      DynamicUser = true;
-      ExecStart =
-        let
-          scanScript = pkgs.writeScript "plscan.sh" ''
-            #!/usr/bin/env bash
-            export PATH=${lib.makeBinPath [ pkgs.strace pkgs.gnugrep pkgs.coreutils pkgs.sane-backends pkgs.sane-airscan pkgs.imagemagick ]}
-            export LD_LIBRARY_PATH=${config.environment.sessionVariables.LD_LIBRARY_PATH} # Adds SANE Libraries to the ld library path of this script
-            set -x
-            date="''$(date --iso-8601=seconds)"
-            filename="Scan ''$date.pdf"
-            tmpdir="''$(mktemp -d)"
-            pushd "''$tmpdir"
-            scanimage --batch=out%d.jpg --format=jpeg --mode Gray -d "airscan:e0:Canon MB5100 series" --source "ADF Duplex" --resolution 300
-            for i in $(ls out*.jpg | grep 'out.*[24680]\.jpg'); do convert $i -rotate 180 $i; done # rotate even stuff
-            convert out*.jpg /data/applications/paperless-consumption/"''$filename"
-            chmod 666 /data/applications/paperless-consumption/"''$filename"
-            popd
-            rm -r "''$tmpdir"
-          '';
-          hooksFile = pkgs.writeText "webhook.json" (builtins.toJSON [
-            {
-              id = "scan-webhook";
-              execute-command = "${scanScript}";
+  #systemd.services.scanhook = {
+  #  description = "webhook go server to trigger scanning";
+  #  documentation = [ "https://github.com/adnanh/webhook" ];
+  #  wantedBy = [ "multi-user.target" ];
+  #  path = with pkgs; [ bash ];
+  #  serviceConfig = {
+  #    TemporaryFileSystem = "/:ro";
+  #    BindReadOnlyPaths = [
+  #      "/nix/store"
+  #      "-/etc/resolv.conf"
+  #      "-/etc/nsswitch.conf"
+  #      "-/etc/hosts"
+  #      "-/etc/localtime"
+  #    ];
+  #    BindPaths = [
+  #      "/data/applications/paperless-consumption"
+  #    ];
+  #    LockPersonality = true;
+  #    NoNewPrivileges = true;
+  #    PrivateMounts = true;
+  #    PrivateTmp = true;
+  #    PrivateUsers = true;
+  #    ProcSubset = "pid";
+  #    ProtectHome = true;
+  #    ProtectControlGroups = true;
+  #    ProtectKernelLogs = true;
+  #    ProtectKernelModules = true;
+  #    ProtectKernelTunables = true;
+  #    ProtectProc = "invisible";
+  #    RestrictNamespaces = true;
+  #    RestrictRealtime = true;
+  #    RestrictSUIDSGID = true;
+  #    DynamicUser = true;
+  #    ExecStart =
+  #      let
+  #        scanScript = pkgs.writeScript "plscan.sh" ''
+  #          #!/usr/bin/env bash
+  #          export PATH=${lib.makeBinPath [ pkgs.strace pkgs.gnugrep pkgs.coreutils pkgs.sane-backends pkgs.sane-airscan pkgs.imagemagick ]}
+  #          export LD_LIBRARY_PATH=${config.environment.sessionVariables.LD_LIBRARY_PATH} # Adds SANE Libraries to the ld library path of this script
+  #          set -x
+  #          date="''$(date --iso-8601=seconds)"
+  #          filename="Scan ''$date.pdf"
+  #          tmpdir="''$(mktemp -d)"
+  #          pushd "''$tmpdir"
+  #          scanimage --batch=out%d.jpg --format=jpeg --mode Gray -d "airscan:e0:Canon MB5100 series" --source "ADF Duplex" --resolution 300
+  #          for i in $(ls out*.jpg | grep 'out.*[24680]\.jpg'); do convert $i -rotate 180 $i; done # rotate even stuff
+  #          convert out*.jpg /data/applications/paperless-consumption/"''$filename"
+  #          chmod 666 /data/applications/paperless-consumption/"''$filename"
+  #          popd
+  #          rm -r "''$tmpdir"
+  #        '';
+  #        hooksFile = pkgs.writeText "webhook.json" (builtins.toJSON [
+  #          {
+  #            id = "scan-webhook";
+  #            execute-command = "${scanScript}";

-            }
-          ]);
-        in
-        "${pkgs.webhook}/bin/webhook -hooks ${hooksFile} -verbose";
-    };
-  };
+  #          }
+  #        ]);
+  #      in
+  #      "${pkgs.webhook}/bin/webhook -hooks ${hooksFile} -verbose";
+  #  };
+  #};
  networking.firewall.allowedTCPPorts = [ 9000 ];

  # Immutable users due to tmpfs