Add paperless module

2023-06-12 17:07:55 +02:00 · 2023-06-12 17:07:55 +02:00 · 4f99f73981
parent 668fa94359
commit 4f99f73981
2 changed files with 180 additions and 0 deletions
--- a/modules/paperless/container.nix
+++ b/modules/paperless/container.nix
@ -0,0 +1,96 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  psCfg = config.pub-solar;
+  cfg = config.pub-solar.paperless;
+in {
+  config.containers."paperless" = mkIf cfg.enable {
+    autoStart = true;
+    ephemeral = true;
+
+    tmpfs = ["/tmp:size=2G"];
+
+    timeoutStartSec = "5min";
+
+    bindMounts."/data" = {
+      hostPath = cfg.hostStateDir;
+      isReadOnly = false;
+    };
+
+    config = {
+      config,
+      pkgs,
+      ...
+    }: {
+      networking.firewall.enable = false;
+
+      # paperless
+      services.paperless = {
+        enable = true;
+        dataDir = "/data";
+        consumptionDir = "/data/ftp/consume";
+        consumptionDirIsPublic = true;
+        port = 8899;
+        extraConfig = {
+          PAPERLESS_OCR_LANGUAGE = "deu+eng";
+          PAPERLESS_ALLOWED_HOSTS = "${cfg.domain}";
+          PAPERLESS_CSRF_TRUSTED_ORIGINS = "http://${cfg.domain}";
+          PAPERLESS_CORS_ALLOWED_HOSTS = "http://${cfg.domain}";
+          PAPERLESS_FILENAME_FORMAT = "{correspondent}/{created_year}/{asn}_{title}";
+        };
+      };
+
+      # increase timeout for systemd service
+      systemd.services."paperless-scheduler".serviceConfig."TimeoutStartSec" = "300";
+
+      # ftp
+      users.users."paperless".extraGroups = mkIf cfg.ftp.enable ["ftp"];
+
+      services.vsftpd = mkIf cfg.ftp.enable {
+        enable = true;
+        anonymousUser = true;
+        anonymousUserNoPassword = true;
+        anonymousUserHome = "/data/ftp";
+        anonymousUploadEnable = true;
+        anonymousUmask = "007";
+        writeEnable = true;
+        extraConfig = ''
+          listen=YES
+          listen_ipv6=NO
+          listen_port=${toString cfg.ftp.listenPort}
+          chown_uploads=YES
+          chown_username=paperless
+          download_enable=NO
+          pasv_min_port=${toString cfg.ftp.pasvMinPort}
+          pasv_max_port=${toString cfg.ftp.pasvMaxPort}
+        '';
+      };
+
+      # nextcloud
+      systemd.services.nextcloud-autosync = mkIf cfg.nextcloud.enable {
+        unitConfig = {
+          Description = "Auto sync Nextcloud";
+          After = "network-online.target";
+        };
+        serviceConfig = {
+          User = "paperless";
+          Type = "simple";
+          ExecStart = "${pkgs.nextcloud-client}/bin/nextcloudcmd -h -n --path Documents/_paperless /data/media/documents https://data.gssws.de";
+          TimeoutStopSec = "180";
+          KillMode = "process";
+          KillSignal = "SIGINT";
+        };
+        wantedBy = ["multi-user.target"];
+      };
+
+      systemd.timers.nextcloud-autosync = mkIf cfg.nextcloud.enable {
+        unitConfig.Description = "Automatic sync files with Nextcloud and rerun every 60 minutes";
+        timerConfig.OnUnitActiveSec = "60min";
+        wantedBy = ["multi-user.target" "timers.target"];
+      };
+    };
+  };
+}
--- a/modules/paperless/default.nix
+++ b/modules/paperless/default.nix
@ -0,0 +1,84 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  psCfg = config.pub-solar;
+  cfg = config.pub-solar.paperless;
+in {
+  imports = [./container.nix];
+
+  options.pub-solar.paperless = {
+    enable = mkEnableOption {default = false;};
+    openFirewall = mkEnableOption (lib.mdDoc "opening of the relay port(s) in the firewall");
+
+    domain = mkOption {
+      type = types.str;
+      default = "paperless.local";
+    };
+
+    hostStateDir = mkOption {
+      type = types.str;
+      default = "/var/lib/paperless-container";
+    };
+
+    listenPort = mkOption {
+      type = types.int;
+      default = 80;
+    };
+
+    # ftp
+    ftp = {
+      enable = mkEnableOption (lib.mdDoc ''enable vsftpd ftp service'');
+      listenPort = mkOption {
+        type = types.int;
+        default = 21;
+      };
+      pasvMinPort = mkOption {
+        type = types.int;
+        default = 20021;
+      };
+      pasvMaxPort = mkOption {
+        type = types.int;
+        default = 22021;
+      };
+    };
+
+    # nextcloud
+    nextcloud = {
+      enable = mkEnableOption (lib.mdDoc ''enable backup to nextcloud'');
+    };
+  };
+
+  config = mkIf cfg.enable {
+    networking.firewall = {
+      allowedTCPPorts = [
+        cfg.listenPort
+        cfg.ftp.listenPort
+      ];
+
+      allowedTCPPortRanges = [
+        {
+          from = cfg.ftp.pasvMinPort;
+          to = cfg.ftp.pasvMaxPort;
+        }
+      ];
+    };
+
+    services.nginx = {
+      enable = true;
+      virtualHosts."${cfg.domain}" = {
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:8899";
+          proxyWebsockets = true;
+          extraConfig = ''
+            proxy_read_timeout 300s;
+            proxy_set_header Host ''$host;
+            proxy_set_header X-Forwarded-For ''$remote_addr;
+          '';
+        };
+      };
+    };
+  };
+}