{ pkgs, config, secrets, domain, user, ... }: let paperless-user = "paperless"; in { sops.secrets = { "nx2site/paperless.pw" = { owner = paperless-user; }; }; users.users = { "${user}".extraGroups = [ paperless-user ]; "${paperless-user}".extraGroups = [ "redis-paperless" ]; }; services = { postgresql = { ensureDatabases = [ paperless-user ]; ensureUsers = [{ name = paperless-user; ensureDBOwnership = true; }]; }; paperless = { enable = true; # address = "0.0.0.0"; port = 8441; user = paperless-user; consumptionDirIsPublic = true; # package = pkgs.paperless-ngx; # dataDir = "/var/lib/paperless"; # default address = "127.0.0.1"; # mediaDir = "${dataDir}/media"; passwordFile = config.sops.secrets."nx2site/paperless.pw".path; # consumptionDir = "${dataDir}/consume"; # consumptionDirIsPublic = false; # openMPThreadingWorkaround = true; settings = { # PAPERLESS_REDIS = "redis://localhost:6379"; # PAPERLESS_REDIS_PREFIX="" # PAPERLESS_DBENGINE = "postgresql"; PAPERLESS_DBHOST = "/run/postgresql"; # PAPERLESS_DBHOST = config.services.postgresql.settings.listen_addresses; # PAPERLESS_DBPORT = config.services.postgresql.settings.port; # PAPERLESS_DBNAME = paperless-user; # PAPERLESS_DBUSER = paperless-user; PAPERLESS_DBPASS = secrets.nx2site.paperless.PAPERLESS_DBPASS; # PAPERLESS_DBSSLMODE= # PAPERLESS_DBSSLROOTCERT=null; # unset, using the documented path in the home directory. # PAPERLESS_DBSSLCERT=null; # unset, using the documented path in the home directory. # PAPERLESS_DBSSLKEY=null; # unset, using the documented path in the home directory. # PAPERLESS_DB_TIMEOUT=null; # unset, keeping the Django defaults. # PAPERLESS_TIKA_ENABLED=false # PAPERLESS_TIKA_ENDPOINT="http://localhost:9998". # PAPERLESS_TIKA_GOTENBERG_ENDPOINT="http://localhost:3000". PAPERLESS_CONSUMPTION_DIR = "${config.services.paperless.dataDir}/consume/"; # PAPERLESS_DATA_DIR = "${config.services.paperless.dataDir}/data/"; # PAPERLESS_MEDIA_ROOT = "${config.services.paperless.dataDir}/media/"; # PAPERLESS_STATICDIR = "${config.services.paperless.dataDir}/static/"; # PAPERLESS_FILENAME_FORMAT= # PAPERLESS_FILENAME_FORMAT_REMOVE_NONE= # PAPERLESS_LOGGING_DIR = "${config.services.paperless.dataDir}/log/"; # PAPERLESS_NLTK_DIR = # PAPERLESS_MODEL_FILE= PAPERLESS_DATA_DIR/classification_model.pickle. # PAPERLESS_LOGROTATE_MAX_SIZE= 1 MiB. # PAPERLESS_LOGROTATE_MAX_BACKUPS= 20. # PAPERLESS_SECRET_KEY= PAPERLESS_URL = "https://doc.${domain}"; # PAPERLESS_CSRF_TRUSTED_ORIGINS= # PAPERLESS_ALLOWED_HOSTS= # PAPERLESS_CORS_ALLOWED_HOSTS= # PAPERLESS_TRUSTED_PROXIES= # PAPERLESS_FORCE_SCRIPT_NAME= # PAPERLESS_STATIC_URL= "/static/". # PAPERLESS_AUTO_LOGIN_USERNAME=null; # PAPERLESS_ADMIN_USER="${user}"; # PAPERLESS_ADMIN_MAIL=secrets.email.gmail-online.mail; # PAPERLESS_ADMIN_PASSWORD=; # PAPERLESS_COOKIE_PREFIX= # PAPERLESS_ENABLE_HTTP_REMOTE_USER= # PAPERLESS_ENABLE_HTTP_REMOTE_USER_API= # PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME= # PAPERLESS_LOGOUT_REDIRECT_URL="https://youtu.be/dMN-pjcchrE?si=EcFYvAnbXFkounYR"; # PAPERLESS_USE_X_FORWARD_HOST= false # PAPERLESS_USE_X_FORWARD_PORT= false # PAPERLESS_PROXY_SSL_HEADER= null # PAPERLESS_EMAIL_CERTIFICATE_LOCATION = null; # PAPERLESS_SOCIALACCOUNT_PROVIDERS=; # PAPERLESS_SOCIAL_AUTO_SIGNUP = false; # PAPERLESS_SOCIALACCOUNT_ALLOW_SIGNUPS= True # PAPERLESS_ACCOUNT_ALLOW_SIGNUPS= False # PAPERLESS_ACCOUNT_DEFAULT_HTTP_PROTOCOL= 'https' # PAPERLESS_ACCOUNT_EMAIL_VERIFICATION= 'optional' # PAPERLESS_DISABLE_REGULAR_LOGIN= False # PAPERLESS_REDIRECT_LOGIN_TO_SSO= False # PAPERLESS_ACCOUNT_SESSION_REMEMBER= True # PAPERLESS_SESSION_COOKIE_AGE= 1209600; # (2 weeks) PAPERLESS_OCR_LANGUAGE = "eng+deu"; # PAPERLESS_OCR_MODE= "skip"; # PAPERLESS_OCR_SKIP_ARCHIVE_FILE= # PAPERLESS_OCR_CLEAN= clean. # PAPERLESS_OCR_DESKEW = true; # which enables this feature. # PAPERLESS_OCR_ROTATE_PAGES = true; # which enables this feature. # PAPERLESS_OCR_ROTATE_PAGES_THRESHOLD = "12"; # PAPERLESS_OCR_OUTPUT_TYPE = "pdfa"; # PAPERLESS_OCR_PAGES = null; # PAPERLESS_OCR_IMAGE_DPI = null; # PAPERLESS_OCR_MAX_IMAGE_PIXELS= # PAPERLESS_OCR_COLOR_CONVERSION_STRATEGY= PAPERLESS_OCR_USER_ARGS = { optimize = 1; pdfa_image_compression = "lossless"; }; # PAPERLESS_TASK_WORKERS= 1 # PAPERLESS_THREADS_PER_WORKER= # PAPERLESS_WORKER_TIMEOUT= PAPERLESS_TIME_ZONE = "CET"; # PAPERLESS_ENABLE_NLTK=1; # PAPERLESS_EMAIL_TASK_CRON= */10 * * * * or every ten minutes. # PAPERLESS_TRAIN_TASK_CRON= 5 */1 * * * or every hour at 5 minutes past the hour. # PAPERLESS_INDEX_TASK_CRON= 0 0 * * * or daily at midnight. # PAPERLESS_SANITY_TASK_CRON= 30 0 * * sun or Sunday at 30 minutes past midnight. # PAPERLESS_ENABLE_COMPRESSION = 1; # enabling compression. # PAPERLESS_CONVERT_MEMORY_LIMIT = 0; # which disables the limit. # PAPERLESS_CONVERT_TMPDIR = # PAPERLESS_APPS = null; # PAPERLESS_MAX_IMAGE_PIXELS = null; # PAPERLESS_CONSUMER_DELETE_DUPLICATES= false. # PAPERLESS_CONSUMER_RECURSIVE= false. # PAPERLESS_CONSUMER_SUBDIRS_AS_TAGS= false. PAPERLESS_CONSUMER_IGNORE_PATTERNS = [ ".DS_Store" ".DS_STORE" "._*" ".stfolder/*" ".stversions/*" ".localized/*" "desktop.ini" "@eaDir/*" "Thumbs.db" ]; # PAPERLESS_CONSUMER_BARCODE_SCANNER= # PAPERLESS_PRE_CONSUME_SCRIPT= # PAPERLESS_POST_CONSUME_SCRIPT= # PAPERLESS_FILENAME_DATE_ORDER= none, which disables this feature. # PAPERLESS_NUMBER_OF_SUGGESTED_DATES= 3. Set to 0 to disable this feature. # PAPERLESS_THUMBNAIL_FONT_NAME= /usr/share/fonts/liberation/LiberationSerif-Regular.ttf. # PAPERLESS_IGNORE_DATES=""; # PAPERLESS_DATE_ORDER = "DMY"; # PAPERLESS_ENABLE_GPG_DECRYPTOR = false; # PAPERLESS_CONSUMER_POLLING = 0; # which disables polling and uses filesystem notifications. # PAPERLESS_CONSUMER_POLLING_RETRY_COUNT = 5; # PAPERLESS_CONSUMER_POLLING_DELAY = 5; # PAPERLESS_CONSUMER_INOTIFY_DELAY= 0.5; # seconds. # PAPERLESS_OAUTH_CALLBACK_BASE_URL = null; # PAPERLESS_GMAIL_OAUTH_CLIENT_ID = null; # PAPERLESS_GMAIL_OAUTH_CLIENT_SECRET = null; # PAPERLESS_OUTLOOK_OAUTH_CLIENT_ID = null; # PAPERLESS_OUTLOOK_OAUTH_CLIENT_SECRET = null; # PAPERLESS_EMAIL_GNUPG_HOME= # PAPERLESS_CONSUMER_ENABLE_BARCODES= # PAPERLESS_CONSUMER_BARCODE_TIFF_SUPPORT= false. # PAPERLESS_CONSUMER_BARCODE_STRING= "PATCHT" # PAPERLESS_CONSUMER_BARCODE_RETAIN_SPLIT_PAGES= false. # PAPERLESS_CONSUMER_ENABLE_ASN_BARCODE= false. # PAPERLESS_CONSUMER_ASN_BARCODE_PREFIX= "ASN" # PAPERLESS_CONSUMER_BARCODE_UPSCALE= 0.0 # PAPERLESS_CONSUMER_BARCODE_DPI= "300" # PAPERLESS_CONSUMER_BARCODE_MAX_PAGES= "0" # PAPERLESS_CONSUMER_ENABLE_TAG_BARCODE= false. # PAPERLESS_CONSUMER_TAG_BARCODE_MAPPING= # PAPERLESS_AUDIT_LOG_ENABLED= true. # PAPERLESS_CONSUMER_ENABLE_COLLATE_DOUBLE_SIDED= false. # PAPERLESS_CONSUMER_COLLATE_DOUBLE_SIDED_SUBDIR_NAME= "double-sided". # PAPERLESS_CONSUMER_COLLATE_DOUBLE_SIDED_TIFF_SUPPORT= false. PAPERLESS_EMPTY_TRASH_DELAY = 30; # days, minimum of 1 day. # PAPERLESS_EMPTY_TRASH_TASK_CRON= 0 1 * * *, once per day. # PAPERLESS_CONVERT_BINARY = "convert". PAPERLESS_GS_BINARY = "${pkgs.ghostscript}/bin/gs"; # PAPERLESS_WEBSERVER_WORKERS= 1; # PAPERLESS_BIND_ADDR= [::], meaning all interfaces, including IPv6. # PAPERLESS_PORT = config.services.paperless.port; # PAPERLESS_OCR_LANGUAGES= # PAPERLESS_ENABLE_FLOWER= # PAPERLESS_SUPERVISORD_WORKING_DIR= PAPERLESS_APP_TITLE = "NxPPL"; # PAPERLESS_APP_LOGO = # PAPERLESS_ENABLE_UPDATE_CHECK=false; # PAPERLESS_EMAIL_HOST = "localhost"; # PAPERLESS_EMAIL_PORT= 25. # PAPERLESS_EMAIL_HOST_USER= ""; # PAPERLESS_EMAIL_FROM= # PAPERLESS_EMAIL_HOST_PASSWORD = "". # PAPERLESS_EMAIL_USE_TLS = false. # PAPERLESS_EMAIL_USE_SSL = false. }; }; }; systemd.services.paperless-web.after = [ "postgresql.service" ]; systemd.services.paperless-task-queue.after = [ "postgresql.service" ]; systemd.services.paperless-consumer.after = [ "postgresql.service" ]; systemd.services.paperless-sceduler.after = [ "postgresql.service" ]; }