ambroisie/nix-config
ambroisie/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: ambroisie:9aba0d3ce0af402cbeb391711fd7a5403e0fc6ec
Branches Tags
ambroisie:main
ambroisie:add-impermanence
ambroisie:add-nixgl
ambroisie:add-typos-hook
ambroisie:add-bazel-template
ambroisie:nvim-lua-lsp
ambroisie:xdg-nix
ambroisie:export-nixos-homes
ambroisie:add-matrix-bridges
...
compare: ambroisie:808058d576ea24e0574bc16b56cd9a32e798a108
Branches Tags
ambroisie:main
ambroisie:add-impermanence
ambroisie:add-nixgl
ambroisie:add-typos-hook
ambroisie:add-bazel-template
ambroisie:nvim-lua-lsp
ambroisie:xdg-nix
ambroisie:export-nixos-homes
ambroisie:add-matrix-bridges

7 commits
9aba0d3ce0 ... 808058d576

Author SHA1 Message Date
Bruno BELANYI 808058d576 modules: services: paperless: proxy websockets 2021-08-31 13:52:11 +02:00
Bruno BELANYI 8ffad5d41b machines: porthos: services: enable paperless 2021-08-31 13:52:11 +02:00
Bruno BELANYI 52706ab4c4 modules: services: paperless: add admin password 
This is a fallback in case SSO stops working...
 2021-08-31 13:52:11 +02:00
Bruno BELANYI 5ae7b593e4 secrets: add paperless password 
To be used as a fallback.
 2021-08-31 13:52:11 +02:00
Bruno BELANYI 87613a9163 modules: services: add paperless 2021-08-31 13:52:11 +02:00
Bruno BELANYI 47d19e5b3f secrets: add paperless 2021-08-31 13:52:11 +02:00
Bruno BELANYI a78091c57c flake: bump inputs 2021-08-31 13:52:10 +02:00
8 changed files with 153 additions and 11 deletions
Show stats Expand all files Collapse all files

22
flake.lock
View file

@ -2,11 +2,11 @@
"nodes": { "nodes": {
"futils": { "futils": {
"locked": { "locked": {
"lastModified": 1629284811, "lastModified": 1629481132,
"narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=", "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "c5d161cc0af116a2e17f54316f0bf43f0819785c", "rev": "997f7efcb746a9c140ce1f13c72263189225f482",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -23,11 +23,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1629347633, "lastModified": 1630294974,
"narHash": "sha256-FGZJ7lmTAMIkjdrh6dIPck5HuB4KMT2GgDV5ZjiCWoc=", "narHash": "sha256-9e3AKxbCoexrsWFXxQ4QUETNxQlXaffnntEnPOO19oI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "bf6b85136b47ab1a76df4a90ea4850871147494a", "rev": "61ca2fc1c00a275b8bd61582b23195d60fe0fa40",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -39,11 +39,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1629292755, "lastModified": 1630248577,
"narHash": "sha256-5xMo32NVLnloY9DveqwJO/Cab1+PbTMPqU4WMmawX5M=", "narHash": "sha256-9d/yq96TTrnF7qjA6wPYk+rYjWAXwfUmwk3qewezSeg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "253aecf69ed7595aaefabde779aa6449195bebb7", "rev": "8d8a28b47b7c41aeb4ad01a2bd8b7d26986c3512",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -55,11 +55,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1629359626, "lastModified": 1630395220,
"narHash": "sha256-of3obB9km+QnrBpWHm1b1k33qQOqNB0c8grkVcXNP7o=", "narHash": "sha256-Nb5SppZmj+0MH33c2/qdRFqGTo/8g0CTfVtsGZ/sQf0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "805c0d529efe652fa85f92527bec68ce26a08723", "rev": "607b9cebfdbf57ec864aacf14efa64fac920016d",
"type": "github" "type": "github"
}, },
"original": { "original": {

8
machines/porthos/services.nix
View file

@ -93,6 +93,14 @@ in
nginx = { nginx = {
enable = true; enable = true;
}; };
paperless = {
enable = true;
documentPath = "/data/media/paperless";
# Insecure, I don't care
passwordFile =
builtins.toFile "paperless.env" my.secrets.paperless.password;
secretKey = my.secrets.paperless.secretKey;
};
# The whole *arr software suite # The whole *arr software suite
pirate.enable = true; pirate.enable = true;
# Podcast automatic downloader # Podcast automatic downloader

1
modules/services/default.nix
View file

@ -18,6 +18,7 @@
./navidrome.nix ./navidrome.nix
./nextcloud.nix ./nextcloud.nix
./nginx.nix ./nginx.nix
./paperless.nix
./pirate.nix ./pirate.nix
./podgrab.nix ./podgrab.nix
./postgresql-backup.nix ./postgresql-backup.nix

127
modules/services/paperless.nix Normal file
View file

@ -0,0 +1,127 @@
{ config, lib, pkgs, ... }:
let
cfg = config.my.services.paperless;
in
{
options.my.services.paperless = with lib; {
enable = mkEnableOption "Paperless service";
port = mkOption {
type = types.port;
default = 4535;
example = 8080;
description = "Internal port for webui";
};
secretKey = mkOption {
type = types.str;
example = "e11fl1oa-*ytql8p)(06fbj4ukrlo+n7k&q5+$1md7i+mge=ee";
description = "Secret key used for sessions tokens";
};
documentPath = mkOption {
type = with types; nullOr str;
default = null;
example = "/mnt/paperless";
description = ''
Path to the directory to store the documents. Use default if null
'';
};
username = mkOption {
type = types.str;
default = "ambroisie";
example = "username";
description = "Name of the administrator";
};
passwordFile = mkOption {
type = types.str;
example = "/var/lib/paperless/password.txt";
description = "Read the administrator's password from this path";
};
};
config = lib.mkIf cfg.enable {
services.paperless-ng = {
enable = true;
port = cfg.port;
mediaDir = lib.mkIf (cfg.documentPath != null) cfg.documentPath;
extraConfig =
let
paperlessDomain = "paperless.${config.networking.domain}";
in
{
# Use SSO
PAPERLESS_ENABLE_HTTP_REMOTE_USER = true;
PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER";
# Use PostgreSQL
PAPERLESS_DBHOST = "/run/postgresql";
PAPERLESS_DBUSER = "paperless";
PAPERLESS_DBNAME = "paperless";
# Security settings
PAPERLESS_SECRET_KEY = cfg.secretKey; # Insecure, I don't care
PAPERLESS_ALLOWED_HOSTS = paperlessDomain;
PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}";
# OCR settings
PAPERLESS_OCR_LANGUAGE = "fra+eng";
# Misc
PAPERLESS_TIME_ZONE = config.time.timeZone;
PAPERLESS_ADMIN_USER = cfg.username;
};
# Admin password
passwordFile = cfg.passwordFile;
};
# Set-up database
services.postgresql = {
enable = true;
ensureDatabases = [ "paperless" ];
ensureUsers = [
{
name = "paperless";
ensurePermissions."DATABASE paperless" = "ALL PRIVILEGES";
}
];
};
systemd.services.paperless-ng-server = {
# Make sure the DB is available
after = [ "postgresql.service" ];
};
users.users.${config.services.paperless-ng.user} = {
extraGroups = [ "media" ];
};
my.services.nginx.virtualHosts = [
{
subdomain = "paperless";
inherit (cfg) port;
sso = {
enable = true;
};
# Enable websockets on root
extraConfig = {
locations."/".proxyWebsockets = true;
};
}
];
my.services.backup = {
paths = [
config.services.paperless-ng.mediaDir
];
};
};
}

1
modules/system/media.nix
View file

@ -5,6 +5,7 @@ let
mediaServices = with config.my.services; [ mediaServices = with config.my.services; [
calibre-web calibre-web
jellyfin jellyfin
paperless
pirate pirate
sabnzbd sabnzbd
transmission transmission

5
secrets/default.nix
View file

@ -56,6 +56,11 @@ throwOnCanary {
nextcloud.password = fileContents ./nextcloud/password.txt; nextcloud.password = fileContents ./nextcloud/password.txt;
paperless = {
password = fileContents ./paperless/password.txt;
secretKey = fileContents ./paperless/secretKey.txt;
};
podgrab.password = fileContents ./podgrab/password.txt; podgrab.password = fileContents ./podgrab/password.txt;
sso = import ./sso { inherit lib; }; sso = import ./sso { inherit lib; };

BIN
secrets/paperless/password.txt Normal file
View file

Binary file not shown.

BIN
secrets/paperless/secretKey.txt Normal file
View file

Binary file not shown.