2023-02-25 13:45:21 +00:00
|
|
|
{
|
|
|
|
pkgs,
|
|
|
|
config,
|
|
|
|
...
|
|
|
|
}: let
|
2023-01-28 21:30:37 +00:00
|
|
|
containerStateDir = "/data";
|
|
|
|
hostStateDir = "/opt/documents/paperless";
|
|
|
|
httpPort = 80;
|
|
|
|
paperlessPort = 8080;
|
|
|
|
ftpListenPort = 20021;
|
|
|
|
ftpPasvMinPort = 22021;
|
|
|
|
ftpPasvMaxPort = 24021;
|
2023-02-25 13:45:21 +00:00
|
|
|
domain = "paperless.local";
|
|
|
|
in {
|
|
|
|
networking.firewall = {
|
|
|
|
allowedTCPPorts = [
|
|
|
|
httpPort
|
|
|
|
ftpListenPort
|
|
|
|
];
|
2023-01-28 21:30:37 +00:00
|
|
|
|
2023-02-25 13:45:21 +00:00
|
|
|
allowedTCPPortRanges = [
|
|
|
|
{
|
|
|
|
from = ftpPasvMinPort;
|
|
|
|
to = ftpPasvMaxPort;
|
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
2023-01-28 21:30:37 +00:00
|
|
|
|
2023-02-25 13:45:21 +00:00
|
|
|
services.nginx = {
|
|
|
|
enable = true;
|
|
|
|
virtualHosts."${domain}" = {
|
|
|
|
locations."/" = {
|
|
|
|
proxyPass = "http://127.0.0.1:${toString paperlessPort}";
|
|
|
|
proxyWebsockets = true;
|
|
|
|
extraConfig = ''
|
|
|
|
proxy_read_timeout 300s;
|
|
|
|
proxy_set_header Host ''$host;
|
|
|
|
proxy_set_header X-Forwarded-For ''$remote_addr;
|
|
|
|
'';
|
2023-01-28 21:30:37 +00:00
|
|
|
};
|
|
|
|
};
|
2023-02-25 13:45:21 +00:00
|
|
|
};
|
2023-01-28 21:30:37 +00:00
|
|
|
|
2023-02-25 13:45:21 +00:00
|
|
|
containers."paperless" = {
|
|
|
|
autoStart = true;
|
|
|
|
ephemeral = true;
|
2023-01-28 21:30:37 +00:00
|
|
|
|
2023-02-25 13:45:21 +00:00
|
|
|
tmpfs = ["/tmp:size=2G"];
|
2023-01-28 21:30:37 +00:00
|
|
|
|
2023-02-25 13:45:21 +00:00
|
|
|
bindMounts."${containerStateDir}" = {
|
|
|
|
hostPath = hostStateDir;
|
|
|
|
isReadOnly = false;
|
|
|
|
};
|
2023-01-28 21:30:37 +00:00
|
|
|
|
2023-02-25 13:45:21 +00:00
|
|
|
config = {
|
|
|
|
config,
|
|
|
|
pkgs,
|
|
|
|
...
|
|
|
|
}: {
|
|
|
|
networking.firewall.enable = false;
|
2023-01-28 21:30:37 +00:00
|
|
|
|
2023-02-25 13:45:21 +00:00
|
|
|
users.users."paperless".extraGroups = ["ftp"];
|
2023-01-28 21:30:37 +00:00
|
|
|
|
2023-02-25 13:45:21 +00:00
|
|
|
services.paperless = {
|
|
|
|
enable = true;
|
|
|
|
dataDir = "/data";
|
|
|
|
consumptionDir = "/data/ftp/consume";
|
|
|
|
consumptionDirIsPublic = true;
|
|
|
|
port = paperlessPort;
|
|
|
|
extraConfig = {
|
|
|
|
PAPERLESS_OCR_LANGUAGE = "deu+eng";
|
|
|
|
PAPERLESS_ALLOWED_HOSTS = "${domain}";
|
|
|
|
PAPERLESS_CSRF_TRUSTED_ORIGINS = "http://${domain}";
|
|
|
|
PAPERLESS_CORS_ALLOWED_HOSTS = "http://${domain}";
|
2023-01-28 21:30:37 +00:00
|
|
|
};
|
2023-02-25 13:45:21 +00:00
|
|
|
};
|
2023-01-28 21:30:37 +00:00
|
|
|
|
2023-02-25 13:45:21 +00:00
|
|
|
services.vsftpd = {
|
|
|
|
enable = true;
|
|
|
|
anonymousUser = true;
|
|
|
|
anonymousUserNoPassword = true;
|
|
|
|
anonymousUserHome = "/data/ftp";
|
|
|
|
anonymousUploadEnable = true;
|
|
|
|
anonymousUmask = "007";
|
|
|
|
writeEnable = true;
|
|
|
|
extraConfig = ''
|
|
|
|
listen=YES
|
|
|
|
listen_ipv6=NO
|
|
|
|
listen_port=${toString ftpListenPort}
|
|
|
|
chown_uploads=YES
|
|
|
|
chown_username=paperless
|
|
|
|
download_enable=NO
|
|
|
|
pasv_min_port=${toString ftpPasvMinPort}
|
|
|
|
pasv_max_port=${toString ftpPasvMaxPort}
|
|
|
|
'';
|
|
|
|
};
|
2023-01-28 21:30:37 +00:00
|
|
|
|
2023-02-25 13:45:21 +00:00
|
|
|
systemd.services.nextcloud-autosync = {
|
|
|
|
unitConfig = {
|
|
|
|
Description = "Auto sync Nextcloud";
|
|
|
|
After = "network-online.target";
|
2023-01-28 21:30:37 +00:00
|
|
|
};
|
2023-02-25 13:45:21 +00:00
|
|
|
serviceConfig = {
|
|
|
|
User = "paperless";
|
|
|
|
Type = "simple";
|
|
|
|
ExecStart = "${pkgs.nextcloud-client}/bin/nextcloudcmd -h -n --path Documents/_paperless /data/media/documents https://data.gssws.de";
|
|
|
|
TimeoutStopSec = "180";
|
|
|
|
KillMode = "process";
|
|
|
|
KillSignal = "SIGINT";
|
2023-01-28 21:30:37 +00:00
|
|
|
};
|
2023-02-25 13:45:21 +00:00
|
|
|
wantedBy = ["multi-user.target"];
|
|
|
|
};
|
|
|
|
systemd.timers.nextcloud-autosync = {
|
|
|
|
unitConfig.Description = "Automatic sync files with Nextcloud when booted up after 5 minutes then rerun every 60 minutes";
|
|
|
|
timerConfig.OnUnitActiveSec = "60min";
|
|
|
|
wantedBy = ["multi-user.target" "timers.target"];
|
2023-01-28 21:30:37 +00:00
|
|
|
};
|
|
|
|
};
|
2023-02-25 13:45:21 +00:00
|
|
|
};
|
|
|
|
}
|