os/modules/paperless/default.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

85 lines
1.7 KiB
Nix
Raw Normal View History

2023-06-12 15:07:55 +00:00
{
config,
lib,
...
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.paperless;
in {
imports = [./container.nix];
options.pub-solar.paperless = {
enable = mkEnableOption {default = false;};
openFirewall = mkEnableOption (lib.mdDoc "opening of the relay port(s) in the firewall");
domain = mkOption {
type = types.str;
default = "paperless.local";
};
hostStateDir = mkOption {
type = types.str;
default = "/var/lib/paperless-container";
};
listenPort = mkOption {
type = types.int;
default = 80;
};
# ftp
ftp = {
enable = mkEnableOption (lib.mdDoc ''enable vsftpd ftp service'');
listenPort = mkOption {
type = types.int;
default = 21;
};
pasvMinPort = mkOption {
type = types.int;
default = 20021;
};
pasvMaxPort = mkOption {
type = types.int;
default = 22021;
};
};
# nextcloud
nextcloud = {
enable = mkEnableOption (lib.mdDoc ''enable backup to nextcloud'');
};
};
config = mkIf cfg.enable {
networking.firewall = {
allowedTCPPorts = [
cfg.listenPort
cfg.ftp.listenPort
];
allowedTCPPortRanges = [
{
from = cfg.ftp.pasvMinPort;
to = cfg.ftp.pasvMaxPort;
}
];
};
services.nginx = {
enable = true;
virtualHosts."${cfg.domain}" = {
locations."/" = {
proxyPass = "http://127.0.0.1:8899";
proxyWebsockets = true;
extraConfig = ''
proxy_read_timeout 300s;
proxy_set_header Host ''$host;
proxy_set_header X-Forwarded-For ''$remote_addr;
'';
};
};
};
};
}