enable paperless-ngx document management

This commit is contained in:
Noah Masur 2023-11-10 03:37:34 +00:00
parent a5615da7dc
commit 09563de935
6 changed files with 70 additions and 0 deletions

View File

@ -206,6 +206,7 @@
git = "git.${baseName}"; git = "git.${baseName}";
metrics = "metrics.${baseName}"; metrics = "metrics.${baseName}";
prometheus = "prom.${baseName}"; prometheus = "prom.${baseName}";
paperless = "paper.${baseName}";
secrets = "vault.${baseName}"; secrets = "vault.${baseName}";
stream = "stream.${baseName}"; stream = "stream.${baseName}";
content = "cloud.${baseName}"; content = "cloud.${baseName}";

View File

@ -79,6 +79,7 @@ inputs.nixpkgs.lib.nixosSystem {
services.prometheus.enable = false; services.prometheus.enable = false;
services.vmagent.enable = true; services.vmagent.enable = true;
services.samba.enable = true; services.samba.enable = true;
services.paperless.enable = true;
# Allows private remote access over the internet # Allows private remote access over the internet
cloudflareTunnel = { cloudflareTunnel = {

View File

@ -75,6 +75,10 @@
type = lib.types.str; type = lib.types.str;
description = "Hostname for metrics server."; description = "Hostname for metrics server.";
}; };
paperless = lib.mkOption {
type = lib.types.str;
description = "Hostname for document server (paperless-ngx).";
};
prometheus = lib.mkOption { prometheus = lib.mkOption {
type = lib.types.str; type = lib.types.str;
description = "Hostname for Prometheus server."; description = "Hostname for Prometheus server.";

View File

@ -19,6 +19,7 @@
./n8n.nix ./n8n.nix
./netdata.nix ./netdata.nix
./nextcloud.nix ./nextcloud.nix
./paperless.nix
./prometheus.nix ./prometheus.nix
./samba.nix ./samba.nix
./secrets.nix ./secrets.nix

View File

@ -0,0 +1,48 @@
{ config, lib, ... }: {
config = lib.mkIf config.services.paperless.enable {
services.paperless = {
mediaDir = "/data/generic/paperless";
passwordFile = config.secrets.paperless.dest;
extraConfig = {
PAPERLESS_OCR_USER_ARGS =
builtins.toJSON { invalidate_digital_signatures = true; };
# Enable if changing the path name in Caddy
# PAPERLESS_FORCE_SCRIPT_NAME = "/paperless";
# PAPERLESS_STATIC_URL = "/paperless/static/";
};
};
users.users.paperless.extraGroups = [ "generic" ];
caddy.routes = [{
match = [{
host = [ config.hostnames.paperless ];
# path = [ "/paperless*" ]; # Change path name in Caddy
}];
handle = [{
handler = "reverse_proxy";
upstreams = [{
dial =
"localhost:${builtins.toString config.services.paperless.port}";
}];
}];
}];
secrets.paperless = {
source = ../../../private/prometheus.age;
dest = "${config.secretsDirectory}/paperless";
owner = "paperless";
group = "paperless";
permissions = "0440";
};
systemd.services.paperless-secret = {
requiredBy = [ "paperless.service" ];
before = [ "paperless.service" ];
};
};
}

15
private/paperless.age Normal file
View File

@ -0,0 +1,15 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBWY3N0
VkY0Y2tLQnNhZWdRVzFxU0plWThveUthK2NjZWNhZDd5ZGtXVVZ3CjVPc3YxbnBM
MmozZFlORVppQmJrQ2ovWEFVVm81ZlBpRCtQQmRiNnBCaVUKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIEtvRFJEQXJLNjlyRldpM2pMdXNxWVZmVFl2NVJjRUtuQzNtbmJq
UTBDR2cKQ1J4cHVkWHJZU1M4dnFIekx2ejlua0NjUUtET0EwN24rY2NPcGQ5eEp1
TQotPiBzc2gtZWQyNTUxOSBuanZYNUEgVnBQOHV5VUk0N2lyU2NkdXovQmJYVGhL
dnUwTG9oZkZKOUxFWTNiZkhBbwo2WjgyNHBhaGtFREJGVDk5TzJhZjRzKytaLzZR
TDQxeU9pY24zQnJBYmN3Ci0+IHNzaC1lZDI1NTE5IENxSU9VQSBQQ3I2YnNNZVlX
TEhNbWhRSjJRbk9DYnJIRUFieDBMRUtBRVhxZ1RQcVNNClNzU0VPMnh5bUFGVTZm
ekJLSzFjT3dHVVdoQ3A5ZStCUk83Qk5rcWZmN3MKLS0tIFdvRG1mYzdUenhndkY2
amo0ZGpjQkdabUdNRUJwV29CRXByVk8ySEZzTzAKsDY+DVJqZb/jCn6Xa/OqNheR
uNlV5vVKUaZu5F+MTZqZaRYdn66TJVXgz5GydbgwQGs3l0K67ikPiTOoln0FapnB
TQ==
-----END AGE ENCRYPTED FILE-----