Add Paperless config

profiles/server1/nginx/nixos.nix

@@ -163,6 +163,20 @@
           };
         };
 
+        "scan.swarsel.win" = {
+          enableACME = true;
+          forceSSL = true;
+          acmeRoot = null;
+          locations = {
+            "/" = {
+              proxyPass = "http://192.168.2.24:28981";
+              extraConfig = ''
+                client_max_body_size 0;
+              '';
+            };
+          };
+        };
+
         "screen.swarsel.win" = {
           enableACME = true;
           forceSSL = true;

profiles/server1/paperless/hardware-configuration.nix

@@ -0,0 +1,29 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [ ];
+
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/mapper/pve-vm--117--disk--0";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eth0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

profiles/server1/paperless/nixos.nix

@@ -0,0 +1,80 @@
+{ config, pkgs, modulesPath, ... }:
+
+{
+  
+  imports = [
+    (modulesPath + "/virtualisation/proxmox-lxc.nix")
+    ./hardware-configuration.nix
+  ];
+  
+  
+  
+  services.xserver = {
+    layout = "us";
+    xkbVariant = "altgr-intl";
+  };
+  nix.settings.experimental-features = ["nix-command" "flakes"];
+  proxmoxLXC.manageNetwork = true; # manage network myself
+  proxmoxLXC.manageHostName = false; # manage hostname myself
+  networking.useDHCP = true;
+  networking.enableIPv6 = false;
+  services.openssh = {
+    enable = true;
+    settings.PermitRootLogin = "yes";
+    listenAddresses = [{
+      port = 22;
+      addr = "0.0.0.0";
+    }];
+  };
+  users.users.root.openssh.authorizedKeys.keyFiles = [
+    ../../../secrets/keys/authorized_keys
+  ];
+  
+  system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
+  
+  environment.shellAliases = {
+    nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
+  };
+  
+  
+
+  users.groups.lxc_shares = {
+    gid = 10000;
+    members = [
+      "paperless"
+      "root"
+    ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    git
+    gnupg
+    ssh-to-age
+  ];
+
+  networking.hostName = "paperless"; # Define your hostname.
+  networking.firewall.enable = false;
+
+  sops.age.sshKeyPaths = [ "/etc/ssh/sops" ];
+  sops.defaultSopsFile = "/root/.dotfiles/secrets/paperless/secrets.yaml";
+  sops.validateSopsFiles = false;
+  sops.secrets.admin = { owner = "paperless";};
+
+  services.paperless = {
+    enable = true;
+    mediaDir = "/media";
+    user = "paperless";
+    port = 28981;
+    passwordFile = config.sops.secrets.admin.path;
+    address = "0.0.0.0";
+    extraConfig = {
+      PAPERLESS_OCR_LANGUAGE = "deu+eng";
+      PAPERLESS_URL = "scan.swarsel.win";
+      PAPERLESS_OCR_USER_ARGS = builtins.toJSON {
+        optimize = 1;
+        pdfa_image_compression = "lossless";
+      };
+    };
+  };
+
+}