dotfiles/platforms/nixos/modules/nmasur/presets/services/paperless.nix

# Paperless-ngx is a document scanning and management solution.

{ config, lib, ... }:

let
  cfg = config.nmasur.presets.services.paperless;
in
{

  options.nmasur.presets.services.paperless.enable =
    lib.mkEnableOption "Paperless-ngx document manager";

  config = lib.mkIf cfg.enable {

    services.paperless = {
      enable = true;
      mediaDir = "/data/generic/paperless";
      passwordFile = config.secrets.paperless.dest;
      settings = {
        PAPERLESS_OCR_USER_ARGS = builtins.toJSON { invalidate_digital_signatures = true; };

        # Enable if changing the path name in Caddy
        # PAPERLESS_FORCE_SCRIPT_NAME = "/paperless";
        # PAPERLESS_STATIC_URL = "/paperless/static/";
      };
    };

    # Allow Nextcloud and user to see files
    users.users.nextcloud.extraGroups = lib.mkIf config.services.nextcloud.enable [ "paperless" ];
    users.users.${config.user}.extraGroups = [ "paperless" ];

    caddy.routes = [
      {
        match = [
          {
            host = [ config.hostnames.paperless ];
            # path = [ "/paperless*" ]; # Change path name in Caddy
          }
        ];
        handle = [
          {
            handler = "reverse_proxy";
            upstreams = [ { dial = "localhost:${builtins.toString config.services.paperless.port}"; } ];
          }
        ];
      }
    ];

    # Configure Cloudflare DNS to point to this machine
    services.cloudflare-dyndns.domains = [ config.hostnames.paperless ];

    secrets.paperless = {
      source = ../../../private/prometheus.age;
      dest = "${config.secretsDirectory}/paperless";
      owner = "paperless";
      group = "paperless";
      permissions = "0440";
    };
    systemd.services.paperless-secret = {
      requiredBy = [ "paperless.service" ];
      before = [ "paperless.service" ];
    };

    # Fix paperless shared permissions
    systemd.services.paperless-web.serviceConfig.UMask = lib.mkForce "0026";
    systemd.services.paperless-scheduler.serviceConfig.UMask = lib.mkForce "0026";
    systemd.services.paperless-task-queue.serviceConfig.UMask = lib.mkForce "0026";

    # Backups
    services.restic.backups.default.paths = [ "/data/generic/paperless/documents" ];

  };
}
add more services documentation 2024-01-09 23:11:11 -05:00			`# Paperless-ngx is a document scanning and management solution.`

move all files to new nixfmt rfc 2024-04-20 09:42:06 -04:00			`{ config, lib, ... }:`
initial refactoring 2025-01-20 22:35:40 -05:00
			`let`
			`cfg = config.nmasur.presets.services.paperless;`
			`in`
move all files to new nixfmt rfc 2024-04-20 09:42:06 -04:00			`{`
enable paperless-ngx document management 2023-11-10 03:37:34 +00:00
initial refactoring 2025-01-20 22:35:40 -05:00			`options.nmasur.presets.services.paperless.enable =`
			`lib.mkEnableOption "Paperless-ngx document manager";`

			`config = lib.mkIf cfg.enable {`
enable paperless-ngx document management 2023-11-10 03:37:34 +00:00
			`services.paperless = {`
initial refactoring 2025-01-20 22:35:40 -05:00			`enable = true;`
enable paperless-ngx document management 2023-11-10 03:37:34 +00:00			`mediaDir = "/data/generic/paperless";`
			`passwordFile = config.secrets.paperless.dest;`
fix: module renamed extraConfig to settings 2024-01-15 17:49:31 +00:00			`settings = {`
move all files to new nixfmt rfc 2024-04-20 09:42:06 -04:00			`PAPERLESS_OCR_USER_ARGS = builtins.toJSON { invalidate_digital_signatures = true; };`
enable paperless-ngx document management 2023-11-10 03:37:34 +00:00
			`# Enable if changing the path name in Caddy`
			`# PAPERLESS_FORCE_SCRIPT_NAME = "/paperless";`
			`# PAPERLESS_STATIC_URL = "/paperless/static/";`
			`};`
			`};`

update paperless group permissions 2024-01-21 02:13:10 +00:00			`# Allow Nextcloud and user to see files`
move all files to new nixfmt rfc 2024-04-20 09:42:06 -04:00			`users.users.nextcloud.extraGroups = lib.mkIf config.services.nextcloud.enable [ "paperless" ];`
update paperless group permissions 2024-01-21 02:13:10 +00:00			`users.users.${config.user}.extraGroups = [ "paperless" ];`
enable paperless-ngx document management 2023-11-10 03:37:34 +00:00
move all files to new nixfmt rfc 2024-04-20 09:42:06 -04:00			`caddy.routes = [`
			`{`
			`match = [`
			`{`
			`host = [ config.hostnames.paperless ];`
			`# path = [ "/paperless*" ]; # Change path name in Caddy`
			`}`
			`];`
			`handle = [`
			`{`
			`handler = "reverse_proxy";`
			`upstreams = [ { dial = "localhost:${builtins.toString config.services.paperless.port}"; } ];`
			`}`
			`];`
			`}`
			`];`
enable paperless-ngx document management 2023-11-10 03:37:34 +00:00
add cloudflare-dyndns domains for flame 2024-03-30 15:41:18 +00:00			`# Configure Cloudflare DNS to point to this machine`
			`services.cloudflare-dyndns.domains = [ config.hostnames.paperless ];`

enable paperless-ngx document management 2023-11-10 03:37:34 +00:00			`secrets.paperless = {`
			`source = ../../../private/prometheus.age;`
			`dest = "${config.secretsDirectory}/paperless";`
			`owner = "paperless";`
			`group = "paperless";`
			`permissions = "0440";`
			`};`
			`systemd.services.paperless-secret = {`
			`requiredBy = [ "paperless.service" ];`
			`before = [ "paperless.service" ];`
			`};`

enable paperless permissions cleanup for nextcloud and other systems 2024-01-21 03:19:19 +00:00			`# Fix paperless shared permissions`
fix paperless permissions with umask instead of running a systemd service timer 2024-02-10 01:40:04 +00:00			`systemd.services.paperless-web.serviceConfig.UMask = lib.mkForce "0026";`
move all files to new nixfmt rfc 2024-04-20 09:42:06 -04:00			`systemd.services.paperless-scheduler.serviceConfig.UMask = lib.mkForce "0026";`
			`systemd.services.paperless-task-queue.serviceConfig.UMask = lib.mkForce "0026";`
backup paperless and adjust restic bucket 2025-01-14 04:25:37 +00:00
			`# Backups`
			`services.restic.backups.default.paths = [ "/data/generic/paperless/documents" ];`

enable paperless-ngx document management 2023-11-10 03:37:34 +00:00			`};`
			`}`