Add Paperless config

2025-12-06 09:07:21 +01:00 · 2024-02-05 10:22:57 +01:00 · 2024-02-05 10:22:57 +01:00 · df55bfa58d
commit df55bfa58d
parent 18a104027d
7 changed files with 265 additions and 0 deletions
--- a/Nix.org
+++ b/Nix.org
@ -431,6 +431,14 @@ This is where the theme for the whole OS is defined. This noweb-ref section cann
    ];
  };

+  paperless = nixpkgs.lib.nixosSystem {
+    specialArgs = {inherit inputs pkgs; };
+    modules = [
+      sops-nix.nixosModules.sops
+      ./profiles/server1/paperless/nixos.nix
+    ];
+  };
+
  #ovm
  sync = nixpkgs.lib.nixosSystem {
    specialArgs = {inherit inputs pkgs; };
@ -1585,6 +1593,20 @@ In the long run, I am thinking about a transition to kubernetes or using just a
            };
          };

+          "scan.swarsel.win" = {
+            enableACME = true;
+            forceSSL = true;
+            acmeRoot = null;
+            locations = {
+              "/" = {
+                proxyPass = "http://192.168.2.24:28981";
+                extraConfig = ''
+                  client_max_body_size 0;
+                '';
+              };
+            };
+          };
+
          "screen.swarsel.win" = {
            enableACME = true;
            forceSSL = true;
@ -2862,6 +2884,59 @@ Make sure to also do this for doublepuppet.yaml

 #+end_src

+*** Paperless
+**** NixOS
+
+#+begin_src nix :noweb yes :tangle profiles/server1/paperless/nixos.nix
+
+  { config, pkgs, modulesPath, ... }:
+
+  {
+    <<vminit>>
+
+    users.groups.lxc_shares = {
+      gid = 10000;
+      members = [
+        "paperless"
+        "root"
+      ];
+    };
+
+    environment.systemPackages = with pkgs; [
+      git
+      gnupg
+      ssh-to-age
+    ];
+
+    networking.hostName = "paperless"; # Define your hostname.
+    networking.firewall.enable = false;
+
+    sops.age.sshKeyPaths = [ "/etc/ssh/sops" ];
+    sops.defaultSopsFile = "/root/.dotfiles/secrets/paperless/secrets.yaml";
+    sops.validateSopsFiles = false;
+    sops.secrets.admin = { owner = "paperless";};
+
+    services.paperless = {
+      enable = true;
+      mediaDir = "/media";
+      user = "paperless";
+      port = 28981;
+      passwordFile = config.sops.secrets.admin.path;
+      address = "0.0.0.0";
+      extraConfig = {
+        PAPERLESS_OCR_LANGUAGE = "deu+eng";
+        PAPERLESS_URL = "scan.swarsel.win";
+        PAPERLESS_OCR_USER_ARGS = builtins.toJSON {
+          optimize = 1;
+          pdfa_image_compression = "lossless";
+        };
+      };
+    };
+
+  }
+
+#+end_src
+
 * Common NixOS

 These are system-level settings specific to NixOS machines. All settings that are required on all machines go here.