paperless update
This commit is contained in:
Lennart J. Kurzweg (Nx2)
BIN
git-crypt/secrets.nix
Executable file → Normal file
BIN
git-crypt/secrets.nix
Executable file → Normal file
Binary file not shown.
@@ -1,4 +1,4 @@
|
|||||||
{ config, pkgs, secrets, user, domain, ... }:
|
{ pkgs, config, secrets, domain, user, ... }:
|
||||||
let paperless-user = "paperless"; in
|
let paperless-user = "paperless"; in
|
||||||
{
|
{
|
||||||
sops.secrets = {
|
sops.secrets = {
|
||||||
@@ -7,7 +7,10 @@ let paperless-user = "paperless"; in
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users."${user}".extraGroups = [ paperless-user ];
|
users.users = {
|
||||||
|
"${user}".extraGroups = [ paperless-user ];
|
||||||
|
"${paperless-user}".extraGroups = [ "redis-paperless" ];
|
||||||
|
};
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
postgresql = {
|
postgresql = {
|
||||||
@@ -19,13 +22,13 @@ let paperless-user = "paperless"; in
|
|||||||
};
|
};
|
||||||
paperless = {
|
paperless = {
|
||||||
enable = true;
|
enable = true;
|
||||||
address = "127.0.0.1";
|
# address = "0.0.0.0";
|
||||||
port = 8441;
|
port = 8441;
|
||||||
user = paperless-user;
|
user = paperless-user;
|
||||||
consumptionDirIsPublic = true;
|
consumptionDirIsPublic = true;
|
||||||
# package = pkgs.paperless-ngx;
|
# package = pkgs.paperless-ngx;
|
||||||
# dataDir = "/var/lib/paperless"; # default
|
# dataDir = "/var/lib/paperless"; # default
|
||||||
# address = "127.0.0.1";
|
address = "127.0.0.1";
|
||||||
# mediaDir = "${dataDir}/media";
|
# mediaDir = "${dataDir}/media";
|
||||||
passwordFile = config.sops.secrets."nx2site/paperless.pw".path;
|
passwordFile = config.sops.secrets."nx2site/paperless.pw".path;
|
||||||
# consumptionDir = "${dataDir}/consume";
|
# consumptionDir = "${dataDir}/consume";
|
||||||
@@ -34,12 +37,12 @@ let paperless-user = "paperless"; in
|
|||||||
settings = {
|
settings = {
|
||||||
# PAPERLESS_REDIS = "redis://localhost:6379";
|
# PAPERLESS_REDIS = "redis://localhost:6379";
|
||||||
# PAPERLESS_REDIS_PREFIX=""
|
# PAPERLESS_REDIS_PREFIX=""
|
||||||
|
# PAPERLESS_DBENGINE = "postgresql";
|
||||||
PAPERLESS_DBENGINE = "postgresql";
|
PAPERLESS_DBHOST = "/run/postgresql";
|
||||||
# PAPERLESS_DBHOST = "/run/postgresql"; # config.services.postgresql.settings.listen_addresses;
|
# PAPERLESS_DBHOST = config.services.postgresql.settings.listen_addresses;
|
||||||
# PAPERLESS_DBPORT = config.services.postgresql.settings.port;
|
# PAPERLESS_DBPORT = config.services.postgresql.settings.port;
|
||||||
PAPERLESS_DBNAME = paperless-user;
|
# PAPERLESS_DBNAME = paperless-user;
|
||||||
PAPERLESS_DBUSER = paperless-user;
|
# PAPERLESS_DBUSER = paperless-user;
|
||||||
PAPERLESS_DBPASS = secrets.nx2site.paperless.PAPERLESS_DBPASS;
|
PAPERLESS_DBPASS = secrets.nx2site.paperless.PAPERLESS_DBPASS;
|
||||||
# PAPERLESS_DBSSLMODE=
|
# PAPERLESS_DBSSLMODE=
|
||||||
# PAPERLESS_DBSSLROOTCERT=null; # unset, using the documented path in the home directory.
|
# PAPERLESS_DBSSLROOTCERT=null; # unset, using the documented path in the home directory.
|
||||||
@@ -51,7 +54,6 @@ let paperless-user = "paperless"; in
|
|||||||
# PAPERLESS_TIKA_GOTENBERG_ENDPOINT="http://localhost:3000".
|
# PAPERLESS_TIKA_GOTENBERG_ENDPOINT="http://localhost:3000".
|
||||||
PAPERLESS_CONSUMPTION_DIR = "${config.services.paperless.dataDir}/consume/";
|
PAPERLESS_CONSUMPTION_DIR = "${config.services.paperless.dataDir}/consume/";
|
||||||
# PAPERLESS_DATA_DIR = "${config.services.paperless.dataDir}/data/";
|
# PAPERLESS_DATA_DIR = "${config.services.paperless.dataDir}/data/";
|
||||||
PAPERLESS_EMPTY_TRASH_DIR ="${config.services.paperless.dataDir}/trash/"; # null = really delete files
|
|
||||||
# PAPERLESS_MEDIA_ROOT = "${config.services.paperless.dataDir}/media/";
|
# PAPERLESS_MEDIA_ROOT = "${config.services.paperless.dataDir}/media/";
|
||||||
# PAPERLESS_STATICDIR = "${config.services.paperless.dataDir}/static/";
|
# PAPERLESS_STATICDIR = "${config.services.paperless.dataDir}/static/";
|
||||||
# PAPERLESS_FILENAME_FORMAT=
|
# PAPERLESS_FILENAME_FORMAT=
|
||||||
@@ -62,7 +64,7 @@ let paperless-user = "paperless"; in
|
|||||||
# PAPERLESS_LOGROTATE_MAX_SIZE= 1 MiB.
|
# PAPERLESS_LOGROTATE_MAX_SIZE= 1 MiB.
|
||||||
# PAPERLESS_LOGROTATE_MAX_BACKUPS= 20.
|
# PAPERLESS_LOGROTATE_MAX_BACKUPS= 20.
|
||||||
# PAPERLESS_SECRET_KEY=
|
# PAPERLESS_SECRET_KEY=
|
||||||
# PAPERLESS_URL="" # empty string, leaving the other settings unaffected.
|
PAPERLESS_URL = "https://doc.${domain}";
|
||||||
# PAPERLESS_CSRF_TRUSTED_ORIGINS=
|
# PAPERLESS_CSRF_TRUSTED_ORIGINS=
|
||||||
# PAPERLESS_ALLOWED_HOSTS=
|
# PAPERLESS_ALLOWED_HOSTS=
|
||||||
# PAPERLESS_CORS_ALLOWED_HOSTS=
|
# PAPERLESS_CORS_ALLOWED_HOSTS=
|
||||||
@@ -70,8 +72,8 @@ let paperless-user = "paperless"; in
|
|||||||
# PAPERLESS_FORCE_SCRIPT_NAME=
|
# PAPERLESS_FORCE_SCRIPT_NAME=
|
||||||
# PAPERLESS_STATIC_URL= "/static/".
|
# PAPERLESS_STATIC_URL= "/static/".
|
||||||
# PAPERLESS_AUTO_LOGIN_USERNAME=null;
|
# PAPERLESS_AUTO_LOGIN_USERNAME=null;
|
||||||
PAPERLESS_ADMIN_USER="${user}";
|
# PAPERLESS_ADMIN_USER="${user}";
|
||||||
PAPERLESS_ADMIN_MAIL=secrets.email.gmail-online.mail;
|
# PAPERLESS_ADMIN_MAIL=secrets.email.gmail-online.mail;
|
||||||
# PAPERLESS_ADMIN_PASSWORD=;
|
# PAPERLESS_ADMIN_PASSWORD=;
|
||||||
# PAPERLESS_COOKIE_PREFIX=
|
# PAPERLESS_COOKIE_PREFIX=
|
||||||
# PAPERLESS_ENABLE_HTTP_REMOTE_USER=
|
# PAPERLESS_ENABLE_HTTP_REMOTE_USER=
|
||||||
@@ -170,17 +172,17 @@ let paperless-user = "paperless"; in
|
|||||||
# PAPERLESS_CONSUMER_ENABLE_COLLATE_DOUBLE_SIDED= false.
|
# PAPERLESS_CONSUMER_ENABLE_COLLATE_DOUBLE_SIDED= false.
|
||||||
# PAPERLESS_CONSUMER_COLLATE_DOUBLE_SIDED_SUBDIR_NAME= "double-sided".
|
# PAPERLESS_CONSUMER_COLLATE_DOUBLE_SIDED_SUBDIR_NAME= "double-sided".
|
||||||
# PAPERLESS_CONSUMER_COLLATE_DOUBLE_SIDED_TIFF_SUPPORT= false.
|
# PAPERLESS_CONSUMER_COLLATE_DOUBLE_SIDED_TIFF_SUPPORT= false.
|
||||||
# PAPERLESS_EMPTY_TRASH_DELAY = 30; # days, minimum of 1 day.
|
PAPERLESS_EMPTY_TRASH_DELAY = 30; # days, minimum of 1 day.
|
||||||
# PAPERLESS_EMPTY_TRASH_TASK_CRON= 0 1 * * *, once per day.
|
# PAPERLESS_EMPTY_TRASH_TASK_CRON= 0 1 * * *, once per day.
|
||||||
# PAPERLESS_CONVERT_BINARY = "convert".
|
# PAPERLESS_CONVERT_BINARY = "convert".
|
||||||
# PAPERLESS_GS_BINARY = "${pkgs.ghostscript}/bin/gs";
|
PAPERLESS_GS_BINARY = "${pkgs.ghostscript}/bin/gs";
|
||||||
# PAPERLESS_WEBSERVER_WORKERS= 1;
|
# PAPERLESS_WEBSERVER_WORKERS= 1;
|
||||||
# PAPERLESS_BIND_ADDR= [::], meaning all interfaces, including IPv6.
|
# PAPERLESS_BIND_ADDR= [::], meaning all interfaces, including IPv6.
|
||||||
# PAPERLESS_PORT = config.services.paperless.port;
|
# PAPERLESS_PORT = config.services.paperless.port;
|
||||||
# PAPERLESS_OCR_LANGUAGES=
|
# PAPERLESS_OCR_LANGUAGES=
|
||||||
# PAPERLESS_ENABLE_FLOWER=
|
# PAPERLESS_ENABLE_FLOWER=
|
||||||
# PAPERLESS_SUPERVISORD_WORKING_DIR=
|
# PAPERLESS_SUPERVISORD_WORKING_DIR=
|
||||||
# PAPERLESS_APP_TITLE = "NxPPL";
|
PAPERLESS_APP_TITLE = "NxPPL";
|
||||||
# PAPERLESS_APP_LOGO =
|
# PAPERLESS_APP_LOGO =
|
||||||
# PAPERLESS_ENABLE_UPDATE_CHECK=false;
|
# PAPERLESS_ENABLE_UPDATE_CHECK=false;
|
||||||
# PAPERLESS_EMAIL_HOST = "localhost";
|
# PAPERLESS_EMAIL_HOST = "localhost";
|
||||||
@@ -194,4 +196,8 @@ let paperless-user = "paperless"; in
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
systemd.services.paperless-web.after = [ "postgresql.service" ];
|
||||||
|
systemd.services.paperless-task-queue.after = [ "postgresql.service" ];
|
||||||
|
systemd.services.paperless-consumer.after = [ "postgresql.service" ];
|
||||||
|
systemd.services.paperless-sceduler.after = [ "postgresql.service" ];
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -14,7 +14,7 @@
|
|||||||
};
|
};
|
||||||
certs = {
|
certs = {
|
||||||
"${domain}" = {
|
"${domain}" = {
|
||||||
extraDomainNames = builtins.map (subd: "${subd}.${domain}") [ "git" "pw" "sync" ];
|
extraDomainNames = builtins.map (subd: "${subd}.${domain}") [ "sync" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@@ -140,9 +140,24 @@
|
|||||||
listen = dl;
|
listen = dl;
|
||||||
locations = { "/" = { proxyPass = "http://127.0.0.1:5232"; }; };
|
locations = { "/" = { proxyPass = "http://127.0.0.1:5232"; }; };
|
||||||
});
|
});
|
||||||
"nc.${domain}" = vh // {
|
# "nc.${domain}" = vh // {
|
||||||
# directly to nc
|
# # directly to nc
|
||||||
|
# };
|
||||||
|
"abs.${domain}" = vh // {
|
||||||
|
listen = dl;
|
||||||
|
locations = { "/" = {
|
||||||
|
proxyPass = "http://127.0.0.1:${builtins.toString config.services.audiobookshelf.port}";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
}; };
|
||||||
};
|
};
|
||||||
|
# is done atomatically
|
||||||
|
# "cal.${domain}" = vh // {
|
||||||
|
# listen = dl;
|
||||||
|
# locations = { "/" = {
|
||||||
|
# proxyPass = "http://unix:///run/open-web-calendar/socket";
|
||||||
|
# proxyWebsockets = true;
|
||||||
|
# }; };
|
||||||
|
# };
|
||||||
"~^(.*).${domain}$" = {
|
"~^(.*).${domain}$" = {
|
||||||
listen = dl;
|
listen = dl;
|
||||||
root = "/var/nginx/webroot";
|
root = "/var/nginx/webroot";
|
||||||
|
|||||||
@@ -26,6 +26,7 @@
|
|||||||
ensureDatabases = [
|
ensureDatabases = [
|
||||||
"gitea"
|
"gitea"
|
||||||
"vaultwarden"
|
"vaultwarden"
|
||||||
|
"paperless"
|
||||||
"nextcloud"
|
"nextcloud"
|
||||||
];
|
];
|
||||||
settings = {
|
settings = {
|
||||||
@@ -49,6 +50,10 @@
|
|||||||
name = "nextcloud";
|
name = "nextcloud";
|
||||||
ensureDBOwnership = true;
|
ensureDBOwnership = true;
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
name = "paperless";
|
||||||
|
ensureDBOwnership = true;
|
||||||
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
postgresqlBackup = {
|
postgresqlBackup = {
|
||||||
|
|||||||
Reference in New Issue
Block a user