nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

paperless update

Browse Source
This commit is contained in:
Lennart J. Kurzweg (Nx2)
2025-01-27 22:18:57 +01:00
parent b4586e8661
commit ac36fa13ac
4 changed files with 191 additions and 165 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
git-crypt/secrets.nix Executable file → Normal file
View File

Binary file not shown.

38
system-modules/nx2site/paperless.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, secrets, user, domain, ... }:
{ pkgs, config, secrets, domain, user, ... }:
let paperless-user = "paperless"; in
{
sops.secrets = {
@@ -7,7 +7,10 @@ let paperless-user = "paperless"; in
};
};
users.users."${user}".extraGroups = [ paperless-user ];
users.users = {
"${user}".extraGroups = [ paperless-user ];
"${paperless-user}".extraGroups = [ "redis-paperless" ];
};
services = {
postgresql = {
@@ -19,13 +22,13 @@ let paperless-user = "paperless"; in
};
paperless = {
enable = true;
address = "127.0.0.1";
# address = "0.0.0.0";
port = 8441;
user = paperless-user;
consumptionDirIsPublic = true;
# package = pkgs.paperless-ngx;
# dataDir = "/var/lib/paperless"; # default
# address = "127.0.0.1";
address = "127.0.0.1";
# mediaDir = "${dataDir}/media";
passwordFile = config.sops.secrets."nx2site/paperless.pw".path;
# consumptionDir = "${dataDir}/consume";
@@ -34,12 +37,12 @@ let paperless-user = "paperless"; in
settings = {
# PAPERLESS_REDIS = "redis://localhost:6379";
# PAPERLESS_REDIS_PREFIX=""
PAPERLESS_DBENGINE = "postgresql";
# PAPERLESS_DBHOST = "/run/postgresql"; # config.services.postgresql.settings.listen_addresses;
# PAPERLESS_DBENGINE = "postgresql";
PAPERLESS_DBHOST = "/run/postgresql";
# PAPERLESS_DBHOST = config.services.postgresql.settings.listen_addresses;
# PAPERLESS_DBPORT = config.services.postgresql.settings.port;
PAPERLESS_DBNAME = paperless-user;
PAPERLESS_DBUSER = paperless-user;
# PAPERLESS_DBNAME = paperless-user;
# PAPERLESS_DBUSER = paperless-user;
PAPERLESS_DBPASS = secrets.nx2site.paperless.PAPERLESS_DBPASS;
# PAPERLESS_DBSSLMODE=
# PAPERLESS_DBSSLROOTCERT=null; # unset, using the documented path in the home directory.
@@ -51,7 +54,6 @@ let paperless-user = "paperless"; in
# PAPERLESS_TIKA_GOTENBERG_ENDPOINT="http://localhost:3000".
PAPERLESS_CONSUMPTION_DIR = "${config.services.paperless.dataDir}/consume/";
# PAPERLESS_DATA_DIR = "${config.services.paperless.dataDir}/data/";
PAPERLESS_EMPTY_TRASH_DIR ="${config.services.paperless.dataDir}/trash/"; # null = really delete files
# PAPERLESS_MEDIA_ROOT = "${config.services.paperless.dataDir}/media/";
# PAPERLESS_STATICDIR = "${config.services.paperless.dataDir}/static/";
# PAPERLESS_FILENAME_FORMAT=
@@ -62,7 +64,7 @@ let paperless-user = "paperless"; in
# PAPERLESS_LOGROTATE_MAX_SIZE= 1 MiB.
# PAPERLESS_LOGROTATE_MAX_BACKUPS= 20.
# PAPERLESS_SECRET_KEY=
# PAPERLESS_URL="" # empty string, leaving the other settings unaffected.
PAPERLESS_URL = "https://doc.${domain}";
# PAPERLESS_CSRF_TRUSTED_ORIGINS=
# PAPERLESS_ALLOWED_HOSTS=
# PAPERLESS_CORS_ALLOWED_HOSTS=
@@ -70,8 +72,8 @@ let paperless-user = "paperless"; in
# PAPERLESS_FORCE_SCRIPT_NAME=
# PAPERLESS_STATIC_URL= "/static/".
# PAPERLESS_AUTO_LOGIN_USERNAME=null;
PAPERLESS_ADMIN_USER="${user}";
PAPERLESS_ADMIN_MAIL=secrets.email.gmail-online.mail;
# PAPERLESS_ADMIN_USER="${user}";
# PAPERLESS_ADMIN_MAIL=secrets.email.gmail-online.mail;
# PAPERLESS_ADMIN_PASSWORD=;
# PAPERLESS_COOKIE_PREFIX=
# PAPERLESS_ENABLE_HTTP_REMOTE_USER=
@@ -170,17 +172,17 @@ let paperless-user = "paperless"; in
# PAPERLESS_CONSUMER_ENABLE_COLLATE_DOUBLE_SIDED= false.
# PAPERLESS_CONSUMER_COLLATE_DOUBLE_SIDED_SUBDIR_NAME= "double-sided".
# PAPERLESS_CONSUMER_COLLATE_DOUBLE_SIDED_TIFF_SUPPORT= false.
# PAPERLESS_EMPTY_TRASH_DELAY = 30; # days, minimum of 1 day.
PAPERLESS_EMPTY_TRASH_DELAY = 30; # days, minimum of 1 day.
# PAPERLESS_EMPTY_TRASH_TASK_CRON= 0 1 * * *, once per day.
# PAPERLESS_CONVERT_BINARY = "convert".
# PAPERLESS_GS_BINARY = "${pkgs.ghostscript}/bin/gs";
PAPERLESS_GS_BINARY = "${pkgs.ghostscript}/bin/gs";
# PAPERLESS_WEBSERVER_WORKERS= 1;
# PAPERLESS_BIND_ADDR= [::], meaning all interfaces, including IPv6.
# PAPERLESS_PORT = config.services.paperless.port;
# PAPERLESS_OCR_LANGUAGES=
# PAPERLESS_ENABLE_FLOWER=
# PAPERLESS_SUPERVISORD_WORKING_DIR=
# PAPERLESS_APP_TITLE = "NxPPL";
PAPERLESS_APP_TITLE = "NxPPL";
# PAPERLESS_APP_LOGO =
# PAPERLESS_ENABLE_UPDATE_CHECK=false;
# PAPERLESS_EMAIL_HOST = "localhost";
@@ -194,4 +196,8 @@ let paperless-user = "paperless"; in
};
};
};
systemd.services.paperless-web.after = [ "postgresql.service" ];
systemd.services.paperless-task-queue.after = [ "postgresql.service" ];
systemd.services.paperless-consumer.after = [ "postgresql.service" ];
systemd.services.paperless-sceduler.after = [ "postgresql.service" ];
}

21
system-modules/nx2site/proxy.nix
View File

@@ -14,7 +14,7 @@
};
certs = {
"${domain}" = {
extraDomainNames = builtins.map (subd: "${subd}.${domain}") [ "git" "pw" "sync" ];
extraDomainNames = builtins.map (subd: "${subd}.${domain}") [ "sync" ];
};
};
};
@@ -140,9 +140,24 @@
listen = dl;
locations = { "/" = { proxyPass = "http://127.0.0.1:5232"; }; };
});
"nc.${domain}" = vh // {
# directly to nc
# "nc.${domain}" = vh // {
# # directly to nc
# };
"abs.${domain}" = vh // {
listen = dl;
locations = { "/" = {
proxyPass = "http://127.0.0.1:${builtins.toString config.services.audiobookshelf.port}";
proxyWebsockets = true;
}; };
};
# is done atomatically
# "cal.${domain}" = vh // {
# listen = dl;
# locations = { "/" = {
# proxyPass = "http://unix:///run/open-web-calendar/socket";
# proxyWebsockets = true;
# }; };
# };
"~^(.*).${domain}$" = {
listen = dl;
root = "/var/nginx/webroot";

5
system-modules/postgres.nix
View File

@@ -26,6 +26,7 @@
ensureDatabases = [
"gitea"
"vaultwarden"
"paperless"
"nextcloud"
];
settings = {
@@ -49,6 +50,10 @@
name = "nextcloud";
ensureDBOwnership = true;
}
{
name = "paperless";
ensureDBOwnership = true;
}
];
};
postgresqlBackup = {