mirror of
https://github.com/nmasur/dotfiles
synced 2024-11-26 16:35:36 +00:00
49 lines
1.3 KiB
Nix
49 lines
1.3 KiB
Nix
{ config, lib, ... }: {
|
|
|
|
config = lib.mkIf config.services.paperless.enable {
|
|
|
|
services.paperless = {
|
|
mediaDir = "/data/generic/paperless";
|
|
passwordFile = config.secrets.paperless.dest;
|
|
extraConfig = {
|
|
PAPERLESS_OCR_USER_ARGS =
|
|
builtins.toJSON { invalidate_digital_signatures = true; };
|
|
|
|
# Enable if changing the path name in Caddy
|
|
# PAPERLESS_FORCE_SCRIPT_NAME = "/paperless";
|
|
# PAPERLESS_STATIC_URL = "/paperless/static/";
|
|
};
|
|
};
|
|
|
|
users.users.paperless.extraGroups = [ "generic" ];
|
|
|
|
caddy.routes = [{
|
|
match = [{
|
|
host = [ config.hostnames.paperless ];
|
|
# path = [ "/paperless*" ]; # Change path name in Caddy
|
|
}];
|
|
handle = [{
|
|
handler = "reverse_proxy";
|
|
upstreams = [{
|
|
dial =
|
|
"localhost:${builtins.toString config.services.paperless.port}";
|
|
}];
|
|
}];
|
|
}];
|
|
|
|
secrets.paperless = {
|
|
source = ../../../private/prometheus.age;
|
|
dest = "${config.secretsDirectory}/paperless";
|
|
owner = "paperless";
|
|
group = "paperless";
|
|
permissions = "0440";
|
|
};
|
|
systemd.services.paperless-secret = {
|
|
requiredBy = [ "paperless.service" ];
|
|
before = [ "paperless.service" ];
|
|
};
|
|
|
|
};
|
|
|
|
}
|