momo/cloud
momo/cloud
4
0
Fork 0
Code Issues9 Pull requests5 Projects Releases Packages Wiki Activity Actions
cloud/modules/paperless/default.nix

127 lines
4.3 KiB
Nix
Raw Permalink Blame History

{
lib,
config,
...
}:
let
backupDir = "/var/backups/paperless";
nixpkgs-master = builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs/archive/8852da7e72ef9f41684d83925c2f428b06587a29.tar.gz";
sha256 = "sha256:0q2ww87kqn9bard90x8w5r30gbcyjk07zngfwr2ap3pbs4rzpjxi";
};
in
{
# Pull in early https://github.com/paperless-ngx/paperless-ngx/pull/9039
imports = [
(nixpkgs-master + "/nixos/modules/services/misc/paperless.nix")
];
disabledModules = [
"services/misc/paperless.nix"
];
options.momo-cloud.paperless = with lib; {
enable = mkEnableOption "Enable paperless instance";
setup = mkEnableOption "Setup config, e.g. enablign regular login";
dataDir = mkOption {
description = "Paperless data directory";
type = types.str;
default = "/var/lib/paperless";
};
consumptionDir = mkOption {
description = "Paperless consumption directory";
type = types.str;
default = "/var/lib/paperless/consume";
};
envFile = mkOption { type = types.str; };
oidcSecretFile = mkOption { type = types.str; };
superuserPasswordFile = mkOption { type = types.str; };
};
config = lib.mkIf config.momo-cloud.paperless.enable {
security.acme.certs."paperless.${config.momo-cloud.networking.domain}" = { };
services.nginx.virtualHosts = {
"paperless.${config.momo-cloud.networking.domain}" = {
forceSSL = true;
useACMEHost = "paperless.${config.momo-cloud.networking.domain}";
listenAddresses = [
config.momo-cloud.wireguard.ipv4.address
"[${config.momo-cloud.wireguard.ipv6.address}]"
];
locations."/".proxyPass = "http://127.0.0.1:${builtins.toString config.services.paperless.port}";
};
};
services.paperless = {
enable = true;
consumptionDir = config.momo-cloud.paperless.consumptionDir;
dataDir = config.momo-cloud.paperless.dataDir;
address = "127.0.0.1";
passwordFile = config.momo-cloud.paperless.superuserPasswordFile;
settings = {
PAPERLESS_ADMIN_USER = "admin";
PAPERLESS_OCR_LANGUAGE = "deu+eng";
PAPERLESS_OCR_USER_ARGS = ''{"invalidate_digital_signatures": true}'';
PAPERLESS_URL = "https://paperless.${config.momo-cloud.networking.domain}";
PAPERLESS_DISABLE_REGULAR_LOGIN = if config.momo-cloud.paperless.setup then "false" else "true";
PAPERLESS_APPS = "allauth.socialaccount.providers.openid_connect";
PAPERLESS_SOCIAL_ACCOUNT_SYNC_GROUPS = "true";
PAPERLESS_SOCIAL_ACCOUNT_DEFAULT_GROUPS = "paperless_users";
PAPERLESS_SOCIALACCOUNT_AUTO_SIGNUP = "true";
PAPERLESS_SOCIALACCOUNT_EMAIL_AUTHENTICATION_AUTO_CONNECT = "true";
PAPERLESS_ACCOUNT_SESSION_REMEMBER = "true";
PAPERLESS_EMAIL_TASK_CRON = "*/2 * * * *";
};
};
services.kanidm.provision = {
groups.paperless_users = {
memberless = true;
};
groups.paperless_admins = {
memberless = true;
};
systems.oauth2."paperless" = {
displayName = "paperless";
originUrl = "https://paperless.${config.momo-cloud.networking.domain}/accounts/oidc/kanidm/login/callback/";
basicSecretFile = config.momo-cloud.paperless.oidcSecretFile;
preferShortUsername = true;
scopeMaps.paperless_users = [
"email"
"profile"
"openid"
"groups"
];
originLanding = "https://paperless.${config.momo-cloud.networking.domain}/accounts/login/";
};
};
systemd.services.paperless-web.serviceConfig.EnvironmentFile = [
config.momo-cloud.paperless.envFile
];
#################################
# Backups
#################################
systemd.tmpfiles.rules = [
"d '${config.momo-cloud.paperless.dataDir}' 0700 paperless paperless - -"
"d '${backupDir}' 0700 paperless paperless - -"
"d '${config.momo-cloud.paperless.consumptionDir}' 0700 paperless paperless - -"
];
momo-cloud.backups.restic.paperless = {
paths = [ backupDir ];
initialize = true;
backupPrepareCommand = "${config.momo-cloud.paperless.dataDir}/paperless-manage document_exporter ${backupDir} -c -p";
backupCleanupCommand = ''
rm -rf ${backupDir}/*
'';
};
};
}
Reference in a new issue View git blame Copy permalink