os/hosts/fae/paperless.nix

112 lines
2.8 KiB
Nix

{
flake,
lib,
config,
pkgs,
...
}:
with lib; let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
dataDir = "${xdg.dataHome}/Paperless";
backupDir = "${xdg.dataHome}/PaperlessBackup";
consumptionDir = "/home/${psCfg.user.name}/.local/share/scandir";
in {
services.paperless = {
enable = true;
user = psCfg.user.name;
consumptionDir = consumptionDir;
dataDir = dataDir;
address = "127.0.0.1";
settings = {
PAPERLESS_ADMIN_USER = psCfg.user.name;
PAPERLESS_AUTO_LOGIN_USERNAME = psCfg.user.name;
PAPERLESS_URL = "https://paperless.faenix.eu";
};
};
hardware.sane = {
enable = true;
# No aarch64 support for now
#brscan5.enable = true;
};
home-manager.users."${psCfg.user.name}" = {
home.sessionVariables = {
SCANNER_OUTPUT_DIR = consumptionDir;
};
systemd.user.sessionVariables = {
SCANNER_OUTPUT_DIR = consumptionDir;
};
};
security.acme.certs = {
"paperless.faenix.eu" = {};
};
services.nginx = {
enable = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedTlsSettings = true;
recommendedProxySettings = true;
clientMaxBodySize = "256m";
virtualHosts = {
"paperless.faenix.eu" = {
forceSSL = true;
useACMEHost = "paperless.faenix.eu";
locations."/".proxyPass = "http://127.0.0.1:${builtins.toString config.services.paperless.port}";
};
};
};
#services.caddy = {
# enable = true;
# globalConfig = ''
# local_certs
# '';
# virtualHosts = {
# "paperless.fritz.box" = {
# extraConfig = ''
# reverse_proxy :${builtins.toString config.services.paperless.port}
# '';
# };
# };
#};
networking.firewall.allowedTCPPorts = [ 80 443 ];
systemd.tmpfiles.rules = [
"d /home/${psCfg.user.name}/.local 0700 ${psCfg.user.name} users - -"
"d /home/${psCfg.user.name}/.local/share 0700 ${psCfg.user.name} users - -"
"d '${backupDir}' 0700 ${psCfg.user.name} users - -"
];
#age.secrets."rclone-pie.conf" = {
# file = "${flake.self}/secrets/rclone-pie.conf.age";
# path = "/root/.config/rclone/rclone.conf";
# mode = "400";
#};
#age.secrets."restic-password" = {
# file = "${flake.self}/secrets/restic-password.age";
# mode = "400";
#};
#services.restic.backups = {
# paperless = {
# paths = [ backupDir ];
# initialize = true;
# passwordFile = config.age.secrets."restic-password".path;
# # See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/
# repository = "rclone:cloud.pub.solar:/backups/Paperless";
# backupPrepareCommand = "${dataDir}/paperless-manage document_exporter ${backupDir} -c -p";
# rcloneConfigFile = config.age.secrets."rclone-pie.conf".path;
# };
#};
}