services: paperless: switch from docker to nixos
This commit is contained in:
parent
ed7cacb3b4
commit
516cbd4ae7
|
@ -17,6 +17,7 @@ with lib;
|
|||
gandiKey = lib.fileContents ./gandi-api-key.secret;
|
||||
|
||||
borg-backup = import ./borg-backup { inherit lib; };
|
||||
paperless = import ./paperless { inherit lib; };
|
||||
restic-backup = import ./restic-backup { inherit lib; };
|
||||
|
||||
matrixEmailConfig = import ./matrix-email-config.nix;
|
||||
|
|
BIN
secrets/paperless/admin-password.secret
Normal file
BIN
secrets/paperless/admin-password.secret
Normal file
Binary file not shown.
5
secrets/paperless/default.nix
Normal file
5
secrets/paperless/default.nix
Normal file
|
@ -0,0 +1,5 @@
|
|||
{ lib }:
|
||||
{
|
||||
secretKey = lib.fileContents ./secret-key-file.secret;
|
||||
adminPassword = lib.fileContents ./admin-password.secret;
|
||||
}
|
BIN
secrets/paperless/secret-key-file.secret
Normal file
BIN
secrets/paperless/secret-key-file.secret
Normal file
Binary file not shown.
|
@ -6,6 +6,8 @@ let
|
|||
cfg = config.my.services.paperless;
|
||||
my = config.my;
|
||||
domain = config.networking.domain;
|
||||
paperlessDomain = "paperless.${domain}";
|
||||
secretKeyFile = pkgs.writeText "paperless-secret-key-file.env" my.secrets.paperless.secretKey;
|
||||
in
|
||||
{
|
||||
options.my.services.paperless = {
|
||||
|
@ -20,16 +22,59 @@ in
|
|||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
# HACK: see https://github.com/NixOS/nixpkgs/issues/111852
|
||||
networking.firewall.extraCommands = ''
|
||||
iptables -N DOCKER-USER || true
|
||||
iptables -F DOCKER-USER
|
||||
iptables -A DOCKER-USER -i eno1 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
iptables -A DOCKER-USER -i eno1 -j DROP
|
||||
'';
|
||||
services.paperless-ng = {
|
||||
enable = true;
|
||||
port = cfg.port;
|
||||
passwordFile = pkgs.writeText "paperless-password-file.txt" config.my.secrets.paperless.adminPassword;
|
||||
extraConfig = {
|
||||
# Postgres settings
|
||||
PAPERLESS_DBHOST = "/run/postgresql";
|
||||
PAPERLESS_DBUSER = "paperless";
|
||||
PAPERLESS_DBNAME = "paperless";
|
||||
|
||||
PAPERLESS_ALLOWED_HOSTS = paperlessDomain;
|
||||
PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}";
|
||||
|
||||
PAPERLESS_OCR_LANGUAGE = "fra+eng";
|
||||
|
||||
PAPERLESS_TIME_ZONE = config.time.timeZone;
|
||||
|
||||
PAPERLESS_ADMIN_USER = "alarsyo";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services = {
|
||||
paperless-ng-server.serviceConfig = {
|
||||
EnvironmentFile = secretKeyFile;
|
||||
};
|
||||
|
||||
paperless-ng-consumer.serviceConfig = {
|
||||
EnvironmentFile = secretKeyFile;
|
||||
};
|
||||
|
||||
paperless-ng-web.serviceConfig = {
|
||||
EnvironmentFile = secretKeyFile;
|
||||
};
|
||||
};
|
||||
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
ensureDatabases = [ "paperless" ];
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "paperless";
|
||||
ensurePermissions."DATABASE paperless" = "ALL PRIVILEGES";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
systemd.services.paperless-ng-server = {
|
||||
# Make sure the DB is available
|
||||
after = [ "postgresql.service" ];
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts = {
|
||||
"paperless.${domain}" = {
|
||||
"${paperlessDomain}" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = domain;
|
||||
|
||||
|
@ -56,9 +101,8 @@ in
|
|||
|
||||
my.services.restic-backup = mkIf cfg.enable {
|
||||
paths = [
|
||||
"/var/lib/docker/volumes/paperless_data"
|
||||
"/var/lib/docker/volumes/paperless_media"
|
||||
"/home/alarsyo/paperless-ng/backups"
|
||||
config.services.paperless-ng.dataDir
|
||||
config.services.paperless-ng.mediaDir
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue