diff --git a/git-crypt/secrets.nix b/git-crypt/secrets.nix old mode 100755 new mode 100644 index d500f2e..c616a1e Binary files a/git-crypt/secrets.nix and b/git-crypt/secrets.nix differ diff --git a/system-modules/nx2site/paperless.nix b/system-modules/nx2site/paperless.nix index a5e45c9..185fe33 100644 --- a/system-modules/nx2site/paperless.nix +++ b/system-modules/nx2site/paperless.nix @@ -1,4 +1,4 @@ -{ config, pkgs, secrets, user, domain, ... }: +{ pkgs, config, secrets, domain, user, ... }: let paperless-user = "paperless"; in { sops.secrets = { @@ -7,7 +7,10 @@ let paperless-user = "paperless"; in }; }; - users.users."${user}".extraGroups = [ paperless-user ]; + users.users = { + "${user}".extraGroups = [ paperless-user ]; + "${paperless-user}".extraGroups = [ "redis-paperless" ]; + }; services = { postgresql = { @@ -19,179 +22,182 @@ let paperless-user = "paperless"; in }; paperless = { enable = true; - address = "127.0.0.1"; + # address = "0.0.0.0"; port = 8441; user = paperless-user; consumptionDirIsPublic = true; # package = pkgs.paperless-ngx; # dataDir = "/var/lib/paperless"; # default - # address = "127.0.0.1"; + address = "127.0.0.1"; # mediaDir = "${dataDir}/media"; passwordFile = config.sops.secrets."nx2site/paperless.pw".path; # consumptionDir = "${dataDir}/consume"; # consumptionDirIsPublic = false; # openMPThreadingWorkaround = true; settings = { - # PAPERLESS_REDIS = "redis://localhost:6379"; - # PAPERLESS_REDIS_PREFIX="" - - PAPERLESS_DBENGINE = "postgresql"; - # PAPERLESS_DBHOST = "/run/postgresql"; # config.services.postgresql.settings.listen_addresses; - # PAPERLESS_DBPORT = config.services.postgresql.settings.port; - PAPERLESS_DBNAME = paperless-user; - PAPERLESS_DBUSER = paperless-user; - PAPERLESS_DBPASS = secrets.nx2site.paperless.PAPERLESS_DBPASS; - # PAPERLESS_DBSSLMODE= - # PAPERLESS_DBSSLROOTCERT=null; # unset, using the documented path in the home directory. - # PAPERLESS_DBSSLCERT=null; # unset, using the documented path in the home directory. - # PAPERLESS_DBSSLKEY=null; # unset, using the documented path in the home directory. - # PAPERLESS_DB_TIMEOUT=null; # unset, keeping the Django defaults. - # PAPERLESS_TIKA_ENABLED=false - # PAPERLESS_TIKA_ENDPOINT="http://localhost:9998". - # PAPERLESS_TIKA_GOTENBERG_ENDPOINT="http://localhost:3000". - PAPERLESS_CONSUMPTION_DIR = "${config.services.paperless.dataDir}/consume/"; - # PAPERLESS_DATA_DIR = "${config.services.paperless.dataDir}/data/"; - PAPERLESS_EMPTY_TRASH_DIR ="${config.services.paperless.dataDir}/trash/"; # null = really delete files - # PAPERLESS_MEDIA_ROOT = "${config.services.paperless.dataDir}/media/"; - # PAPERLESS_STATICDIR = "${config.services.paperless.dataDir}/static/"; - # PAPERLESS_FILENAME_FORMAT= - # PAPERLESS_FILENAME_FORMAT_REMOVE_NONE= - # PAPERLESS_LOGGING_DIR = "${config.services.paperless.dataDir}/log/"; - # PAPERLESS_NLTK_DIR = - # PAPERLESS_MODEL_FILE= PAPERLESS_DATA_DIR/classification_model.pickle. - # PAPERLESS_LOGROTATE_MAX_SIZE= 1 MiB. - # PAPERLESS_LOGROTATE_MAX_BACKUPS= 20. - # PAPERLESS_SECRET_KEY= - # PAPERLESS_URL="" # empty string, leaving the other settings unaffected. - # PAPERLESS_CSRF_TRUSTED_ORIGINS= - # PAPERLESS_ALLOWED_HOSTS= - # PAPERLESS_CORS_ALLOWED_HOSTS= - # PAPERLESS_TRUSTED_PROXIES= - # PAPERLESS_FORCE_SCRIPT_NAME= - # PAPERLESS_STATIC_URL= "/static/". - # PAPERLESS_AUTO_LOGIN_USERNAME=null; - PAPERLESS_ADMIN_USER="${user}"; - PAPERLESS_ADMIN_MAIL=secrets.email.gmail-online.mail; - # PAPERLESS_ADMIN_PASSWORD=; - # PAPERLESS_COOKIE_PREFIX= - # PAPERLESS_ENABLE_HTTP_REMOTE_USER= - # PAPERLESS_ENABLE_HTTP_REMOTE_USER_API= - # PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME= - # PAPERLESS_LOGOUT_REDIRECT_URL="https://youtu.be/dMN-pjcchrE?si=EcFYvAnbXFkounYR"; - # PAPERLESS_USE_X_FORWARD_HOST= false - # PAPERLESS_USE_X_FORWARD_PORT= false - # PAPERLESS_PROXY_SSL_HEADER= null - # PAPERLESS_EMAIL_CERTIFICATE_LOCATION = null; - # PAPERLESS_SOCIALACCOUNT_PROVIDERS=; - # PAPERLESS_SOCIAL_AUTO_SIGNUP = false; - # PAPERLESS_SOCIALACCOUNT_ALLOW_SIGNUPS= True - # PAPERLESS_ACCOUNT_ALLOW_SIGNUPS= False - # PAPERLESS_ACCOUNT_DEFAULT_HTTP_PROTOCOL= 'https' - # PAPERLESS_ACCOUNT_EMAIL_VERIFICATION= 'optional' - # PAPERLESS_DISABLE_REGULAR_LOGIN= False - # PAPERLESS_REDIRECT_LOGIN_TO_SSO= False - # PAPERLESS_ACCOUNT_SESSION_REMEMBER= True - # PAPERLESS_SESSION_COOKIE_AGE= 1209600; # (2 weeks) - PAPERLESS_OCR_LANGUAGE = "eng+deu"; - # PAPERLESS_OCR_MODE= "skip"; - # PAPERLESS_OCR_SKIP_ARCHIVE_FILE= - # PAPERLESS_OCR_CLEAN= clean. - # PAPERLESS_OCR_DESKEW = true; # which enables this feature. - # PAPERLESS_OCR_ROTATE_PAGES = true; # which enables this feature. - # PAPERLESS_OCR_ROTATE_PAGES_THRESHOLD = "12"; - # PAPERLESS_OCR_OUTPUT_TYPE = "pdfa"; - # PAPERLESS_OCR_PAGES = null; - # PAPERLESS_OCR_IMAGE_DPI = null; - # PAPERLESS_OCR_MAX_IMAGE_PIXELS= - # PAPERLESS_OCR_COLOR_CONVERSION_STRATEGY= - PAPERLESS_OCR_USER_ARGS = { - optimize = 1; - pdfa_image_compression = "lossless"; - }; - # PAPERLESS_TASK_WORKERS= 1 - # PAPERLESS_THREADS_PER_WORKER= - # PAPERLESS_WORKER_TIMEOUT= - PAPERLESS_TIME_ZONE = "CET"; - # PAPERLESS_ENABLE_NLTK=1; - # PAPERLESS_EMAIL_TASK_CRON= */10 * * * * or every ten minutes. - # PAPERLESS_TRAIN_TASK_CRON= 5 */1 * * * or every hour at 5 minutes past the hour. - # PAPERLESS_INDEX_TASK_CRON= 0 0 * * * or daily at midnight. - # PAPERLESS_SANITY_TASK_CRON= 30 0 * * sun or Sunday at 30 minutes past midnight. - # PAPERLESS_ENABLE_COMPRESSION = 1; # enabling compression. - # PAPERLESS_CONVERT_MEMORY_LIMIT = 0; # which disables the limit. - # PAPERLESS_CONVERT_TMPDIR = - # PAPERLESS_APPS = null; - # PAPERLESS_MAX_IMAGE_PIXELS = null; - # PAPERLESS_CONSUMER_DELETE_DUPLICATES= false. - # PAPERLESS_CONSUMER_RECURSIVE= false. - # PAPERLESS_CONSUMER_SUBDIRS_AS_TAGS= false. - PAPERLESS_CONSUMER_IGNORE_PATTERNS = [ - ".DS_Store" - ".DS_STORE" - "._*" - ".stfolder/*" - ".stversions/*" - ".localized/*" - "desktop.ini" - "@eaDir/*" - "Thumbs.db" - ]; - # PAPERLESS_CONSUMER_BARCODE_SCANNER= - # PAPERLESS_PRE_CONSUME_SCRIPT= - # PAPERLESS_POST_CONSUME_SCRIPT= - # PAPERLESS_FILENAME_DATE_ORDER= none, which disables this feature. - # PAPERLESS_NUMBER_OF_SUGGESTED_DATES= 3. Set to 0 to disable this feature. - # PAPERLESS_THUMBNAIL_FONT_NAME= /usr/share/fonts/liberation/LiberationSerif-Regular.ttf. - # PAPERLESS_IGNORE_DATES=""; - # PAPERLESS_DATE_ORDER = "DMY"; - # PAPERLESS_ENABLE_GPG_DECRYPTOR = false; - # PAPERLESS_CONSUMER_POLLING = 0; # which disables polling and uses filesystem notifications. - # PAPERLESS_CONSUMER_POLLING_RETRY_COUNT = 5; - # PAPERLESS_CONSUMER_POLLING_DELAY = 5; - # PAPERLESS_CONSUMER_INOTIFY_DELAY= 0.5; # seconds. - # PAPERLESS_OAUTH_CALLBACK_BASE_URL = null; - # PAPERLESS_GMAIL_OAUTH_CLIENT_ID = null; - # PAPERLESS_GMAIL_OAUTH_CLIENT_SECRET = null; - # PAPERLESS_OUTLOOK_OAUTH_CLIENT_ID = null; - # PAPERLESS_OUTLOOK_OAUTH_CLIENT_SECRET = null; - # PAPERLESS_EMAIL_GNUPG_HOME= - # PAPERLESS_CONSUMER_ENABLE_BARCODES= - # PAPERLESS_CONSUMER_BARCODE_TIFF_SUPPORT= false. - # PAPERLESS_CONSUMER_BARCODE_STRING= "PATCHT" - # PAPERLESS_CONSUMER_BARCODE_RETAIN_SPLIT_PAGES= false. - # PAPERLESS_CONSUMER_ENABLE_ASN_BARCODE= false. - # PAPERLESS_CONSUMER_ASN_BARCODE_PREFIX= "ASN" - # PAPERLESS_CONSUMER_BARCODE_UPSCALE= 0.0 - # PAPERLESS_CONSUMER_BARCODE_DPI= "300" - # PAPERLESS_CONSUMER_BARCODE_MAX_PAGES= "0" - # PAPERLESS_CONSUMER_ENABLE_TAG_BARCODE= false. - # PAPERLESS_CONSUMER_TAG_BARCODE_MAPPING= - # PAPERLESS_AUDIT_LOG_ENABLED= true. - # PAPERLESS_CONSUMER_ENABLE_COLLATE_DOUBLE_SIDED= false. - # PAPERLESS_CONSUMER_COLLATE_DOUBLE_SIDED_SUBDIR_NAME= "double-sided". - # PAPERLESS_CONSUMER_COLLATE_DOUBLE_SIDED_TIFF_SUPPORT= false. - # PAPERLESS_EMPTY_TRASH_DELAY = 30; # days, minimum of 1 day. - # PAPERLESS_EMPTY_TRASH_TASK_CRON= 0 1 * * *, once per day. - # PAPERLESS_CONVERT_BINARY = "convert". - # PAPERLESS_GS_BINARY = "${pkgs.ghostscript}/bin/gs"; - # PAPERLESS_WEBSERVER_WORKERS= 1; - # PAPERLESS_BIND_ADDR= [::], meaning all interfaces, including IPv6. - # PAPERLESS_PORT = config.services.paperless.port; - # PAPERLESS_OCR_LANGUAGES= - # PAPERLESS_ENABLE_FLOWER= - # PAPERLESS_SUPERVISORD_WORKING_DIR= - # PAPERLESS_APP_TITLE = "NxPPL"; - # PAPERLESS_APP_LOGO = - # PAPERLESS_ENABLE_UPDATE_CHECK=false; - # PAPERLESS_EMAIL_HOST = "localhost"; - # PAPERLESS_EMAIL_PORT= 25. - # PAPERLESS_EMAIL_HOST_USER= ""; - # PAPERLESS_EMAIL_FROM= - # PAPERLESS_EMAIL_HOST_PASSWORD = "". - # PAPERLESS_EMAIL_USE_TLS = false. - # PAPERLESS_EMAIL_USE_SSL = false. + # PAPERLESS_REDIS = "redis://localhost:6379"; + # PAPERLESS_REDIS_PREFIX="" + # PAPERLESS_DBENGINE = "postgresql"; + PAPERLESS_DBHOST = "/run/postgresql"; + # PAPERLESS_DBHOST = config.services.postgresql.settings.listen_addresses; + # PAPERLESS_DBPORT = config.services.postgresql.settings.port; + # PAPERLESS_DBNAME = paperless-user; + # PAPERLESS_DBUSER = paperless-user; + PAPERLESS_DBPASS = secrets.nx2site.paperless.PAPERLESS_DBPASS; + # PAPERLESS_DBSSLMODE= + # PAPERLESS_DBSSLROOTCERT=null; # unset, using the documented path in the home directory. + # PAPERLESS_DBSSLCERT=null; # unset, using the documented path in the home directory. + # PAPERLESS_DBSSLKEY=null; # unset, using the documented path in the home directory. + # PAPERLESS_DB_TIMEOUT=null; # unset, keeping the Django defaults. + # PAPERLESS_TIKA_ENABLED=false + # PAPERLESS_TIKA_ENDPOINT="http://localhost:9998". + # PAPERLESS_TIKA_GOTENBERG_ENDPOINT="http://localhost:3000". + PAPERLESS_CONSUMPTION_DIR = "${config.services.paperless.dataDir}/consume/"; + # PAPERLESS_DATA_DIR = "${config.services.paperless.dataDir}/data/"; + # PAPERLESS_MEDIA_ROOT = "${config.services.paperless.dataDir}/media/"; + # PAPERLESS_STATICDIR = "${config.services.paperless.dataDir}/static/"; + # PAPERLESS_FILENAME_FORMAT= + # PAPERLESS_FILENAME_FORMAT_REMOVE_NONE= + # PAPERLESS_LOGGING_DIR = "${config.services.paperless.dataDir}/log/"; + # PAPERLESS_NLTK_DIR = + # PAPERLESS_MODEL_FILE= PAPERLESS_DATA_DIR/classification_model.pickle. + # PAPERLESS_LOGROTATE_MAX_SIZE= 1 MiB. + # PAPERLESS_LOGROTATE_MAX_BACKUPS= 20. + # PAPERLESS_SECRET_KEY= + PAPERLESS_URL = "https://doc.${domain}"; + # PAPERLESS_CSRF_TRUSTED_ORIGINS= + # PAPERLESS_ALLOWED_HOSTS= + # PAPERLESS_CORS_ALLOWED_HOSTS= + # PAPERLESS_TRUSTED_PROXIES= + # PAPERLESS_FORCE_SCRIPT_NAME= + # PAPERLESS_STATIC_URL= "/static/". + # PAPERLESS_AUTO_LOGIN_USERNAME=null; + # PAPERLESS_ADMIN_USER="${user}"; + # PAPERLESS_ADMIN_MAIL=secrets.email.gmail-online.mail; + # PAPERLESS_ADMIN_PASSWORD=; + # PAPERLESS_COOKIE_PREFIX= + # PAPERLESS_ENABLE_HTTP_REMOTE_USER= + # PAPERLESS_ENABLE_HTTP_REMOTE_USER_API= + # PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME= + # PAPERLESS_LOGOUT_REDIRECT_URL="https://youtu.be/dMN-pjcchrE?si=EcFYvAnbXFkounYR"; + # PAPERLESS_USE_X_FORWARD_HOST= false + # PAPERLESS_USE_X_FORWARD_PORT= false + # PAPERLESS_PROXY_SSL_HEADER= null + # PAPERLESS_EMAIL_CERTIFICATE_LOCATION = null; + # PAPERLESS_SOCIALACCOUNT_PROVIDERS=; + # PAPERLESS_SOCIAL_AUTO_SIGNUP = false; + # PAPERLESS_SOCIALACCOUNT_ALLOW_SIGNUPS= True + # PAPERLESS_ACCOUNT_ALLOW_SIGNUPS= False + # PAPERLESS_ACCOUNT_DEFAULT_HTTP_PROTOCOL= 'https' + # PAPERLESS_ACCOUNT_EMAIL_VERIFICATION= 'optional' + # PAPERLESS_DISABLE_REGULAR_LOGIN= False + # PAPERLESS_REDIRECT_LOGIN_TO_SSO= False + # PAPERLESS_ACCOUNT_SESSION_REMEMBER= True + # PAPERLESS_SESSION_COOKIE_AGE= 1209600; # (2 weeks) + PAPERLESS_OCR_LANGUAGE = "eng+deu"; + # PAPERLESS_OCR_MODE= "skip"; + # PAPERLESS_OCR_SKIP_ARCHIVE_FILE= + # PAPERLESS_OCR_CLEAN= clean. + # PAPERLESS_OCR_DESKEW = true; # which enables this feature. + # PAPERLESS_OCR_ROTATE_PAGES = true; # which enables this feature. + # PAPERLESS_OCR_ROTATE_PAGES_THRESHOLD = "12"; + # PAPERLESS_OCR_OUTPUT_TYPE = "pdfa"; + # PAPERLESS_OCR_PAGES = null; + # PAPERLESS_OCR_IMAGE_DPI = null; + # PAPERLESS_OCR_MAX_IMAGE_PIXELS= + # PAPERLESS_OCR_COLOR_CONVERSION_STRATEGY= + PAPERLESS_OCR_USER_ARGS = { + optimize = 1; + pdfa_image_compression = "lossless"; + }; + # PAPERLESS_TASK_WORKERS= 1 + # PAPERLESS_THREADS_PER_WORKER= + # PAPERLESS_WORKER_TIMEOUT= + PAPERLESS_TIME_ZONE = "CET"; + # PAPERLESS_ENABLE_NLTK=1; + # PAPERLESS_EMAIL_TASK_CRON= */10 * * * * or every ten minutes. + # PAPERLESS_TRAIN_TASK_CRON= 5 */1 * * * or every hour at 5 minutes past the hour. + # PAPERLESS_INDEX_TASK_CRON= 0 0 * * * or daily at midnight. + # PAPERLESS_SANITY_TASK_CRON= 30 0 * * sun or Sunday at 30 minutes past midnight. + # PAPERLESS_ENABLE_COMPRESSION = 1; # enabling compression. + # PAPERLESS_CONVERT_MEMORY_LIMIT = 0; # which disables the limit. + # PAPERLESS_CONVERT_TMPDIR = + # PAPERLESS_APPS = null; + # PAPERLESS_MAX_IMAGE_PIXELS = null; + # PAPERLESS_CONSUMER_DELETE_DUPLICATES= false. + # PAPERLESS_CONSUMER_RECURSIVE= false. + # PAPERLESS_CONSUMER_SUBDIRS_AS_TAGS= false. + PAPERLESS_CONSUMER_IGNORE_PATTERNS = [ + ".DS_Store" + ".DS_STORE" + "._*" + ".stfolder/*" + ".stversions/*" + ".localized/*" + "desktop.ini" + "@eaDir/*" + "Thumbs.db" + ]; + # PAPERLESS_CONSUMER_BARCODE_SCANNER= + # PAPERLESS_PRE_CONSUME_SCRIPT= + # PAPERLESS_POST_CONSUME_SCRIPT= + # PAPERLESS_FILENAME_DATE_ORDER= none, which disables this feature. + # PAPERLESS_NUMBER_OF_SUGGESTED_DATES= 3. Set to 0 to disable this feature. + # PAPERLESS_THUMBNAIL_FONT_NAME= /usr/share/fonts/liberation/LiberationSerif-Regular.ttf. + # PAPERLESS_IGNORE_DATES=""; + # PAPERLESS_DATE_ORDER = "DMY"; + # PAPERLESS_ENABLE_GPG_DECRYPTOR = false; + # PAPERLESS_CONSUMER_POLLING = 0; # which disables polling and uses filesystem notifications. + # PAPERLESS_CONSUMER_POLLING_RETRY_COUNT = 5; + # PAPERLESS_CONSUMER_POLLING_DELAY = 5; + # PAPERLESS_CONSUMER_INOTIFY_DELAY= 0.5; # seconds. + # PAPERLESS_OAUTH_CALLBACK_BASE_URL = null; + # PAPERLESS_GMAIL_OAUTH_CLIENT_ID = null; + # PAPERLESS_GMAIL_OAUTH_CLIENT_SECRET = null; + # PAPERLESS_OUTLOOK_OAUTH_CLIENT_ID = null; + # PAPERLESS_OUTLOOK_OAUTH_CLIENT_SECRET = null; + # PAPERLESS_EMAIL_GNUPG_HOME= + # PAPERLESS_CONSUMER_ENABLE_BARCODES= + # PAPERLESS_CONSUMER_BARCODE_TIFF_SUPPORT= false. + # PAPERLESS_CONSUMER_BARCODE_STRING= "PATCHT" + # PAPERLESS_CONSUMER_BARCODE_RETAIN_SPLIT_PAGES= false. + # PAPERLESS_CONSUMER_ENABLE_ASN_BARCODE= false. + # PAPERLESS_CONSUMER_ASN_BARCODE_PREFIX= "ASN" + # PAPERLESS_CONSUMER_BARCODE_UPSCALE= 0.0 + # PAPERLESS_CONSUMER_BARCODE_DPI= "300" + # PAPERLESS_CONSUMER_BARCODE_MAX_PAGES= "0" + # PAPERLESS_CONSUMER_ENABLE_TAG_BARCODE= false. + # PAPERLESS_CONSUMER_TAG_BARCODE_MAPPING= + # PAPERLESS_AUDIT_LOG_ENABLED= true. + # PAPERLESS_CONSUMER_ENABLE_COLLATE_DOUBLE_SIDED= false. + # PAPERLESS_CONSUMER_COLLATE_DOUBLE_SIDED_SUBDIR_NAME= "double-sided". + # PAPERLESS_CONSUMER_COLLATE_DOUBLE_SIDED_TIFF_SUPPORT= false. + PAPERLESS_EMPTY_TRASH_DELAY = 30; # days, minimum of 1 day. + # PAPERLESS_EMPTY_TRASH_TASK_CRON= 0 1 * * *, once per day. + # PAPERLESS_CONVERT_BINARY = "convert". + PAPERLESS_GS_BINARY = "${pkgs.ghostscript}/bin/gs"; + # PAPERLESS_WEBSERVER_WORKERS= 1; + # PAPERLESS_BIND_ADDR= [::], meaning all interfaces, including IPv6. + # PAPERLESS_PORT = config.services.paperless.port; + # PAPERLESS_OCR_LANGUAGES= + # PAPERLESS_ENABLE_FLOWER= + # PAPERLESS_SUPERVISORD_WORKING_DIR= + PAPERLESS_APP_TITLE = "NxPPL"; + # PAPERLESS_APP_LOGO = + # PAPERLESS_ENABLE_UPDATE_CHECK=false; + # PAPERLESS_EMAIL_HOST = "localhost"; + # PAPERLESS_EMAIL_PORT= 25. + # PAPERLESS_EMAIL_HOST_USER= ""; + # PAPERLESS_EMAIL_FROM= + # PAPERLESS_EMAIL_HOST_PASSWORD = "". + # PAPERLESS_EMAIL_USE_TLS = false. + # PAPERLESS_EMAIL_USE_SSL = false. }; }; }; + systemd.services.paperless-web.after = [ "postgresql.service" ]; + systemd.services.paperless-task-queue.after = [ "postgresql.service" ]; + systemd.services.paperless-consumer.after = [ "postgresql.service" ]; + systemd.services.paperless-sceduler.after = [ "postgresql.service" ]; } diff --git a/system-modules/nx2site/proxy.nix b/system-modules/nx2site/proxy.nix index d961d1e..fe6b9cb 100644 --- a/system-modules/nx2site/proxy.nix +++ b/system-modules/nx2site/proxy.nix @@ -14,7 +14,7 @@ }; certs = { "${domain}" = { - extraDomainNames = builtins.map (subd: "${subd}.${domain}") [ "git" "pw" "sync" ]; + extraDomainNames = builtins.map (subd: "${subd}.${domain}") [ "sync" ]; }; }; }; @@ -140,9 +140,24 @@ listen = dl; locations = { "/" = { proxyPass = "http://127.0.0.1:5232"; }; }; }); - "nc.${domain}" = vh // { - # directly to nc + # "nc.${domain}" = vh // { + # # directly to nc + # }; + "abs.${domain}" = vh // { + listen = dl; + locations = { "/" = { + proxyPass = "http://127.0.0.1:${builtins.toString config.services.audiobookshelf.port}"; + proxyWebsockets = true; + }; }; }; + # is done atomatically + # "cal.${domain}" = vh // { + # listen = dl; + # locations = { "/" = { + # proxyPass = "http://unix:///run/open-web-calendar/socket"; + # proxyWebsockets = true; + # }; }; + # }; "~^(.*).${domain}$" = { listen = dl; root = "/var/nginx/webroot"; diff --git a/system-modules/postgres.nix b/system-modules/postgres.nix index 6ab4f63..39c3f15 100644 --- a/system-modules/postgres.nix +++ b/system-modules/postgres.nix @@ -26,6 +26,7 @@ ensureDatabases = [ "gitea" "vaultwarden" + "paperless" "nextcloud" ]; settings = { @@ -49,6 +50,10 @@ name = "nextcloud"; ensureDBOwnership = true; } + { + name = "paperless"; + ensureDBOwnership = true; + } ]; }; postgresqlBackup = {