diff --git a/modules/paperless/container.nix b/modules/paperless/container.nix new file mode 100644 index 00000000..00775064 --- /dev/null +++ b/modules/paperless/container.nix @@ -0,0 +1,96 @@ +{ + config, + lib, + ... +}: +with lib; let + psCfg = config.pub-solar; + cfg = config.pub-solar.paperless; +in { + config.containers."paperless" = mkIf cfg.enable { + autoStart = true; + ephemeral = true; + + tmpfs = ["/tmp:size=2G"]; + + timeoutStartSec = "5min"; + + bindMounts."/data" = { + hostPath = cfg.hostStateDir; + isReadOnly = false; + }; + + config = { + config, + pkgs, + ... + }: { + networking.firewall.enable = false; + + # paperless + services.paperless = { + enable = true; + dataDir = "/data"; + consumptionDir = "/data/ftp/consume"; + consumptionDirIsPublic = true; + port = 8899; + extraConfig = { + PAPERLESS_OCR_LANGUAGE = "deu+eng"; + PAPERLESS_ALLOWED_HOSTS = "${cfg.domain}"; + PAPERLESS_CSRF_TRUSTED_ORIGINS = "http://${cfg.domain}"; + PAPERLESS_CORS_ALLOWED_HOSTS = "http://${cfg.domain}"; + PAPERLESS_FILENAME_FORMAT = "{correspondent}/{created_year}/{asn}_{title}"; + }; + }; + + # increase timeout for systemd service + systemd.services."paperless-scheduler".serviceConfig."TimeoutStartSec" = "300"; + + # ftp + users.users."paperless".extraGroups = mkIf cfg.ftp.enable ["ftp"]; + + services.vsftpd = mkIf cfg.ftp.enable { + enable = true; + anonymousUser = true; + anonymousUserNoPassword = true; + anonymousUserHome = "/data/ftp"; + anonymousUploadEnable = true; + anonymousUmask = "007"; + writeEnable = true; + extraConfig = '' + listen=YES + listen_ipv6=NO + listen_port=${toString cfg.ftp.listenPort} + chown_uploads=YES + chown_username=paperless + download_enable=NO + pasv_min_port=${toString cfg.ftp.pasvMinPort} + pasv_max_port=${toString cfg.ftp.pasvMaxPort} + ''; + }; + + # nextcloud + systemd.services.nextcloud-autosync = mkIf cfg.nextcloud.enable { + unitConfig = { + Description = "Auto sync Nextcloud"; + After = "network-online.target"; + }; + serviceConfig = { + User = "paperless"; + Type = "simple"; + ExecStart = "${pkgs.nextcloud-client}/bin/nextcloudcmd -h -n --path Documents/_paperless /data/media/documents https://data.gssws.de"; + TimeoutStopSec = "180"; + KillMode = "process"; + KillSignal = "SIGINT"; + }; + wantedBy = ["multi-user.target"]; + }; + + systemd.timers.nextcloud-autosync = mkIf cfg.nextcloud.enable { + unitConfig.Description = "Automatic sync files with Nextcloud and rerun every 60 minutes"; + timerConfig.OnUnitActiveSec = "60min"; + wantedBy = ["multi-user.target" "timers.target"]; + }; + }; + }; +} diff --git a/modules/paperless/default.nix b/modules/paperless/default.nix new file mode 100644 index 00000000..229db527 --- /dev/null +++ b/modules/paperless/default.nix @@ -0,0 +1,84 @@ +{ + config, + lib, + ... +}: +with lib; let + psCfg = config.pub-solar; + cfg = config.pub-solar.paperless; +in { + imports = [./container.nix]; + + options.pub-solar.paperless = { + enable = mkEnableOption {default = false;}; + openFirewall = mkEnableOption (lib.mdDoc "opening of the relay port(s) in the firewall"); + + domain = mkOption { + type = types.str; + default = "paperless.local"; + }; + + hostStateDir = mkOption { + type = types.str; + default = "/var/lib/paperless-container"; + }; + + listenPort = mkOption { + type = types.int; + default = 80; + }; + + # ftp + ftp = { + enable = mkEnableOption (lib.mdDoc ''enable vsftpd ftp service''); + listenPort = mkOption { + type = types.int; + default = 21; + }; + pasvMinPort = mkOption { + type = types.int; + default = 20021; + }; + pasvMaxPort = mkOption { + type = types.int; + default = 22021; + }; + }; + + # nextcloud + nextcloud = { + enable = mkEnableOption (lib.mdDoc ''enable backup to nextcloud''); + }; + }; + + config = mkIf cfg.enable { + networking.firewall = { + allowedTCPPorts = [ + cfg.listenPort + cfg.ftp.listenPort + ]; + + allowedTCPPortRanges = [ + { + from = cfg.ftp.pasvMinPort; + to = cfg.ftp.pasvMaxPort; + } + ]; + }; + + services.nginx = { + enable = true; + virtualHosts."${cfg.domain}" = { + locations."/" = { + proxyPass = "http://127.0.0.1:8899"; + proxyWebsockets = true; + extraConfig = '' + proxy_read_timeout 300s; + proxy_set_header Host ''$host; + proxy_set_header X-Forwarded-For ''$remote_addr; + ''; + }; + }; + }; + }; +}