feat(APPA): add paperless-ngx

2024-09-17 17:58:45 +02:00 · 2024-09-17 17:58:45 +02:00 · 0517922bf0
commit 0517922bf0
parent 7d6afb5566
7 changed files with 50 additions and 2 deletions
--- a/hosts/APPA/services/adguard-home.nix
+++ b/hosts/APPA/services/adguard-home.nix
@ -54,6 +54,10 @@
            domain = "vaultwarden.dryb.org";
            answer = "192.168.2.40";
          }
+          {
+            domain = "paperless.dryb.org";
+            answer = "192.168.2.40";
+          }
        ];
      };
      dhcp = {
--- a/hosts/APPA/services/default.nix
+++ b/hosts/APPA/services/default.nix
@ -8,6 +8,7 @@
    ./homepage-dashboard.nix
    ./nextcloud.nix
    ./nginx.nix
+    ./paperless.nix
    ./postgresql.nix
    ./vaultwarden.nix
  ];
--- a/hosts/APPA/services/nginx.nix
+++ b/hosts/APPA/services/nginx.nix
@ -43,6 +43,13 @@
        proxyPass = "http://127.0.0.1:8005";
      };
    };
+    virtualHosts."paperless.dryb.org" = {
+      useACMEHost = "dryb.org";
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8006";
+      };
+    };
  };

  networking.firewall = {
--- a/hosts/APPA/services/paperless.nix
+++ b/hosts/APPA/services/paperless.nix
@ -0,0 +1,18 @@
+{ config, ... }:
+{
+
+  age.secrets.passwords-paperless-admin = {
+    file = ../../../secrets/passwords/paperless/admin.age;
+  };
+
+  services.paperless = {
+    enable = true;
+    port = 8006;
+    passwordFile = config.age.secrets.passwords-paperless-admin.path;
+    settings = {
+      PAPERLESS_DBHOST = "/run/postgresql";
+      PAPERLESS_OCR_LANGUAGE = "deu+eng";
+      PAPERLESS_URL = "https://paperless.dryb.org";
+    };
+  };
+}
--- a/hosts/APPA/services/postgresql.nix
+++ b/hosts/APPA/services/postgresql.nix
@ -6,6 +6,7 @@
    ensureDatabases = [
      config.services.gitea.user
      "vaultwarden"
+      config.services.paperless.user
    ];

    ensureUsers = [
@ -13,18 +14,24 @@
        name = "vaultwarden";
        ensureDBOwnership = true;
      }
+      {
+        name = config.services.paperless.user;
+        ensureDBOwnership = true;
+      }
    ];

    # type   database     DBuser  auth-method  mapping
    authentication = ''
      local  gitea        all     ident        map=gitea-users
      local  vaultwarden  all     ident        map=vaultwarden-users
+      local  paperless    all     ident        map=paperless-users
    '';

    # name               sysuser        dbuser
    identMap = ''
      gitea-users        gitea          gitea
      vaultwarden-users  vaultwarden    vaultwarden
+      paperless-users    paperless      paperless
    '';
  };