feat(APPA): add paperless-ngx

2024-09-17 17:58:45 +02:00 · 2024-09-17 17:58:45 +02:00 · 0517922bf0
commit 0517922bf0
parent 7d6afb5566
7 changed files with 50 additions and 2 deletions
--- a/hosts/APPA/services/adguard-home.nix
+++ b/hosts/APPA/services/adguard-home.nix
@ -54,6 +54,10 @@
            domain = "vaultwarden.dryb.org";
            answer = "192.168.2.40";
          }
          {
            domain = "paperless.dryb.org";
            answer = "192.168.2.40";
          }
        ];
      };
      dhcp = {
--- a/hosts/APPA/services/default.nix
+++ b/hosts/APPA/services/default.nix
@ -8,6 +8,7 @@
    ./homepage-dashboard.nix
    ./nextcloud.nix
    ./nginx.nix
    ./paperless.nix
    ./postgresql.nix
    ./vaultwarden.nix
  ];
--- a/hosts/APPA/services/nginx.nix
+++ b/hosts/APPA/services/nginx.nix
@ -43,6 +43,13 @@
        proxyPass = "http://127.0.0.1:8005";
      };
    };
    virtualHosts."paperless.dryb.org" = {
      useACMEHost = "dryb.org";
      forceSSL = true;
      locations."/" = {
        proxyPass = "http://127.0.0.1:8006";
      };
    };
  };
  networking.firewall = {
--- a/hosts/APPA/services/paperless.nix
+++ b/hosts/APPA/services/paperless.nix
@ -0,0 +1,18 @@
 { config, ... }:
 {
  age.secrets.passwords-paperless-admin = {
    file = ../../../secrets/passwords/paperless/admin.age;
  };
  services.paperless = {
    enable = true;
    port = 8006;
    passwordFile = config.age.secrets.passwords-paperless-admin.path;
    settings = {
      PAPERLESS_DBHOST = "/run/postgresql";
      PAPERLESS_OCR_LANGUAGE = "deu+eng";
      PAPERLESS_URL = "https://paperless.dryb.org";
    };
  };
 }
--- a/hosts/APPA/services/postgresql.nix
+++ b/hosts/APPA/services/postgresql.nix
@ -6,6 +6,7 @@
    ensureDatabases = [
      config.services.gitea.user
      "vaultwarden"
      config.services.paperless.user
    ];
    ensureUsers = [
@ -13,18 +14,24 @@
        name = "vaultwarden";
        ensureDBOwnership = true;
      }
      {
        name = config.services.paperless.user;
        ensureDBOwnership = true;
      }
    ];
    # type   database     DBuser  auth-method  mapping
    authentication = ''
      local  gitea        all     ident        map=gitea-users
      local  vaultwarden  all     ident        map=vaultwarden-users
      local  paperless    all     ident        map=paperless-users
    '';
    # name               sysuser        dbuser
    identMap = ''
      gitea-users        gitea          gitea
      vaultwarden-users  vaultwarden    vaultwarden
      paperless-users    paperless      paperless
    '';
  };
--- a/secrets/passwords/paperless/admin.age
+++ b/secrets/passwords/paperless/admin.age
@ -0,0 +1,10 @@
 age-encryption.org/v1
 -> ssh-ed25519 OFTJeQ IJMXUFizZd5OgxzxFuuvavSu1Kisvj1RE22dSoge8HU
 aTjv7pWEj8Ra1S/vr4C4QSVb7jW3aJiRqL80dZS5p6E
 -> ssh-ed25519 lfMVeg ijZGWCGpRhwhACBF3n1aBDrMujYw4+K7iXXtO91Pun0
 xl3uI1nBFkBX1qI3KaOc67O7hr9TOVFhru2yL33Y36M
 -> ssh-ed25519 ueRyzQ kitKof5Y86vTKI9+7OM152qU0Ppw0khgzCH7yMozG1s
 2DT9wLMRSap01J5J1v7fmQkZ3NiuQb8LU44VOTKStNQ
 --- a/39g6oCXIp+D5F50+QDrnnkHS9kBIdyISqSeqyyWPY
 ºaeB|–ÈLF8Óò{Û`í±¹4mT"p®
 F2#õq´Ix&$A	ïm¯úÆP<>—]S®q¸
«&U€Î
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -29,8 +29,9 @@ in
  "environments/vaultwarden.age".publicKeys = users ++ [ APPA ];
  "keys/wireguard/dryborg/privatekey.age".publicKeys = [ gandalf ] ++ clients;
  "keys/wireguard/dryborg/presharedkey.age".publicKeys = [ gandalf ] ++ clients;
  "passwords/gitea/db.age".publicKeys = users ++ [ APPA ];
  "passwords/anki/admin.age".publicKeys = users ++ [ APPA ];
  "passwords/nextcloud/admin.age".publicKeys = users ++ [ APPA ];
  "passwords/ddclient/cloudflare.age".publicKeys = users ++ [ APPA ];
  "passwords/gitea/db.age".publicKeys = users ++ [ APPA ];
  "passwords/nextcloud/admin.age".publicKeys = users ++ [ APPA ];
  "passwords/paperless/admin.age".publicKeys = users ++ [ APPA ];
 }