b12f/os
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
os/hosts/pie/paperless.nix

170 lines
4.6 KiB
Nix
Raw Blame History

{
flake,
lib,
config,
pkgs,
...
}:
with lib; let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
dataDir = "${xdg.dataHome}/Paperless";
backupDir = "${xdg.dataHome}/PaperlessBackup";
consumptionDir = "/home/${psCfg.user.name}/.local/share/scandir";
scan2paperless = with pkgs; writeShellScriptBin "scan2paperless" ''
DEVICE=$1
NUM_PAGES=$2
NAME=$3
if [ -z "''${DEVICE}" ] || [ -z "''${NUM_PAGES}" ] || [ -z "''${NAME}" ]; then
echo "Usage: scan2paperless <device> <num_pages> <name>"
exit 1
fi
tmpDir=$(${coreutils}/bin/mktemp -d)
files=()
for i in $(seq 1 $NUM_PAGES); do
fileName=$(${openssl}/bin/openssl rand -hex 12)
file="$tmpDir/$fileName.jpg"
echo "Start scanning page $i/$NUM_PAGES";
${sane-backends}/bin/scanimage -d $DEVICE --format=jpeg --resolution 300 --progress -o $file
echo "Finished scanning page $i";
files+=($file)
done
pdf="${consumptionDir}/$NAME.pdf"
${python3Packages.img2pdf}/bin/img2pdf --output $pdf ''${files[@]}
echo "PDF written to $pdf"
'';
in {
#################################
# Paperless service and proxy
#################################
security.acme.certs = {
"paperless.b12f.io" = {};
};
services.nginx.virtualHosts = {
"paperless.b12f.io" = {
forceSSL = true;
useACMEHost = "paperless.b12f.io";
locations."/".proxyPass = "http://127.0.0.1:${builtins.toString config.services.paperless.port}";
listenAdresses = [
"127.0.0.1"
"::1"
"10.13.12.2"
"fd00:b12f:acab:1312:acab:2::"
];
};
};
services.authelia.instances.b12f.settings.clients = [{
client_id = "paperless";
client_name = "Paperless";
client_secret = "";
consent_mode = "implicit";
}];
services.paperless = {
enable = true;
user = psCfg.user.name;
consumptionDir = consumptionDir;
dataDir = dataDir;
address = "127.0.0.1";
extraConfig = {
PAPERLESS_OCR_LANGUAGE = "nld+deu";
PAPERLESS_URL = "https://paperless.b12f.io";
PAPERLESS_SOCIALACCOUNT_PROVIDERS = (builtins.toJSON {
openid_connect = {
APPS = [
{
provider_id = "keycloak";
name = "Keycloak";
client_id = "<insert-id>";
secret = "<insert-secret>";
settings.server_url = "http://keycloak:8080/realms/master/.well-known/openid-configuration";
}
];
};
});
};
};
#################################
# Scanning
#################################
hardware.sane = {
enable = true;
extraBackends = [pkgs.hplipWithPlugin];
};
users.users."${psCfg.user.name}".packages = with pkgs; [
scan2paperless
sane-backends
];
home-manager.users."${psCfg.user.name}" = {
home.sessionVariables = {
SCANNER_OUTPUT_DIR = consumptionDir;
};
systemd.user.sessionVariables = {
SCANNER_OUTPUT_DIR = consumptionDir;
};
};
#################################
# hosting.de invoice fetch
#################################
age.secrets."hosting-de-invoice-sync-api-key" = {
file = "${flake.self}/secrets/hosting-de-invoice-sync-api-key.age";
mode = "400";
owner = psCfg.user.name;
};
services.cron = {
enable = true;
systemCronJobs = [
"30 1 * * * ${psCfg.user.name} ${pkgs.fetch-hostingde-invoices}/bin/fetch-hostingde-invoices '${config.age.secrets."hosting-de-invoice-sync-api-key".path}' '${consumptionDir}'"
];
};
#################################
# Backups
#################################
systemd.tmpfiles.rules = [
"d '${backupDir}' 0700 ${psCfg.user.name} users - -"
"d /tmp/paperless 0700 ${psCfg.user.name} users - -"
];
age.secrets."rclone-pie.conMoK~Ih_gjsd4Yo0U7eYcyZ5WHFy1n_a3BGwy_E5TVb8z2FaFzGnQS08TpTf~4ilPG5r5hytf" = {
file = "${flake.self}/secrets/rclone-pie.conf.age";
path = "/root/.config/rclone/rclone.conf";
mode = "400";
};
age.secrets."restic-password" = {
file = "${flake.self}/secrets/restic-password.age";
mode = "400";
};
services.restic.backups = {
paperless = {
paths = [ backupDir ];
initialize = true;
passwordFile = config.age.secrets."restic-password".path;
# See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/
repository = "rclone:cloud.pub.solar:/backups/Paperless";
backupPrepareCommand = "${dataDir}/paperless-manage document_exporter ${backupDir} -c -p";
rcloneConfigFile = config.age.secrets."rclone-pie.conf".path;
};
};
}
Reference in a new issue View git blame Copy permalink