forked from pub-solar/os
119 lines
2.9 KiB
Nix
119 lines
2.9 KiB
Nix
{
|
|
flake,
|
|
lib,
|
|
config,
|
|
pkgs,
|
|
...
|
|
}:
|
|
let
|
|
psCfg = config.pub-solar;
|
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
|
|
|
dataDir = "${xdg.dataHome}/Paperless";
|
|
backupDir = "${xdg.dataHome}/PaperlessBackup";
|
|
consumptionDir = "/home/${psCfg.user.name}/.local/share/scandir";
|
|
|
|
in
|
|
{
|
|
services.paperless = {
|
|
enable = true;
|
|
user = psCfg.user.name;
|
|
consumptionDir = consumptionDir;
|
|
dataDir = dataDir;
|
|
address = "127.0.0.1";
|
|
settings = {
|
|
PAPERLESS_ADMIN_USER = psCfg.user.name;
|
|
PAPERLESS_AUTO_LOGIN_USERNAME = psCfg.user.name;
|
|
PAPERLESS_URL = "https://paperless.faenix.eu";
|
|
};
|
|
};
|
|
|
|
hardware.sane = {
|
|
enable = true;
|
|
# No aarch64 support for now
|
|
#brscan5.enable = true;
|
|
};
|
|
|
|
home-manager.users."${psCfg.user.name}" = {
|
|
home.sessionVariables = {
|
|
SCANNER_OUTPUT_DIR = consumptionDir;
|
|
};
|
|
systemd.user.sessionVariables = {
|
|
SCANNER_OUTPUT_DIR = consumptionDir;
|
|
};
|
|
};
|
|
|
|
security.acme.certs = {
|
|
"paperless.faenix.eu" = { };
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
|
|
recommendedOptimisation = true;
|
|
recommendedGzipSettings = true;
|
|
recommendedTlsSettings = true;
|
|
recommendedProxySettings = true;
|
|
clientMaxBodySize = "256m";
|
|
|
|
virtualHosts = {
|
|
"paperless.faenix.eu" = {
|
|
#listenAddresses = [
|
|
# "192.168.13.35"
|
|
#];
|
|
forceSSL = true;
|
|
useACMEHost = "paperless.faenix.eu";
|
|
locations."/".proxyPass = "http://127.0.0.1:${builtins.toString config.services.paperless.port}";
|
|
};
|
|
};
|
|
};
|
|
|
|
#services.caddy = {
|
|
# enable = true;
|
|
# globalConfig = ''
|
|
# local_certs
|
|
# '';
|
|
# virtualHosts = {
|
|
# "paperless.fritz.box" = {
|
|
# extraConfig = ''
|
|
# reverse_proxy :${builtins.toString config.services.paperless.port}
|
|
# '';
|
|
# };
|
|
# };
|
|
#};
|
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
80
|
|
443
|
|
];
|
|
|
|
systemd.tmpfiles.rules = [
|
|
"d /home/${psCfg.user.name}/.local 0700 ${psCfg.user.name} users - -"
|
|
"d /home/${psCfg.user.name}/.local/share 0700 ${psCfg.user.name} users - -"
|
|
"d '${backupDir}' 0700 ${psCfg.user.name} users - -"
|
|
];
|
|
|
|
#age.secrets."rclone-pie.conf" = {
|
|
# file = "${flake.self}/secrets/rclone-pie.conf.age";
|
|
# path = "/root/.config/rclone/rclone.conf";
|
|
# mode = "400";
|
|
#};
|
|
|
|
#age.secrets."restic-password" = {
|
|
# file = "${flake.self}/secrets/restic-password.age";
|
|
# mode = "400";
|
|
#};
|
|
|
|
#services.restic.backups = {
|
|
# paperless = {
|
|
# paths = [ backupDir ];
|
|
# initialize = true;
|
|
# passwordFile = config.age.secrets."restic-password".path;
|
|
# # See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/
|
|
# repository = "rclone:cloud.pub.solar:/backups/Paperless";
|
|
# backupPrepareCommand = "${dataDir}/paperless-manage document_exporter ${backupDir} -c -p";
|
|
# rcloneConfigFile = config.age.secrets."rclone-pie.conf".path;
|
|
# };
|
|
#};
|
|
}
|