nixos-config/machines/chungus/service-paperless.nix

{
  config,
  pkgs,
  lib,
  nixos-artwork,
  ...
}:
{

  services.paperless = {
    enable = true;
    address = "0.0.0.0";
    settings = {
      PAPERLESS_OCR_LANGUAGE = "deu+eng";
      PAPERLESS_APP_TITLE = "paperless.chungus.private";
      PAPERLESS_CONSUMER_IGNORE_PATTERN = builtins.toJSON [
        ".DS_STORE/*"
        "desktop.ini"
      ];
      PAPERLESS_EMAIL_TASK_CRON = "0 */8 * * *"; # “At minute 0 past every 8th hour.”
      #PAPERLESS_CONSUMER_DELETE_DUPLICATES = false;
    };
  };

  services.permown."/var/lib/paperless/consume" = {
    owner = "paperless";
    group = "paperless";
    directory-mode = "755";
    file-mode = "640";
  };

  networking.firewall.interfaces.wg0.allowedTCPPorts = [ config.services.paperless.port ];
  verify.localCommands.paperless =
    let
      domain = "http://paperless.ingolf-wagner.de/accounts/login/?next=/";
      curl = lib.getExe pkgs.curl;
      grep = lib.getExe pkgs.gnugrep;
      grepString = "paperless.chungus.private";
    in
    ''
      if ${curl} -s -o /dev/null -w "%{http_code}" ${domain} | ${grep} -q "200"; then
        if ${curl} -s ${domain} | ${grep} -q "${grepString}"; then
          echo "[ OK ] Die Seite hat Statuscode 200 und enthält den String '${grepString}'."
        else
          echo "[Fail] Der Statuscode ist 200, aber die Seite enthält den String '${grepString}' nicht."
        fi
      else
        echo "[Fail] Die Seite hat keinen Statuscode 200."
      fi
    '';

  services.nginx.virtualHosts."paperless.${config.networking.hostName}.private" = {
    serverAliases = [ "paperless.ingolf-wagner.de" ];
    extraConfig = ''
      allow ${config.tinc.private.subnet};
      allow ${config.wireguard.wg0.subnet};
      deny all;
    '';
    locations."/" = {
      extraConfig = ''
        client_max_body_size 500M;
      '';
      proxyPass = "http://localhost:${toString config.services.paperless.port}";
      proxyWebsockets = true;
    };
  };
}
nix fmt 2024-08-29 03:26:04 +02:00			`{`
			`config,`
			`pkgs,`
:white_check_mark: add some more smoke tests. 2024-09-15 04:11:25 +02:00			`lib,`
nix fmt 2024-08-29 03:26:04 +02:00			`nixos-artwork,`
			`...`
			`}:`
			`{`
paperless accessible via wireguard 2024-03-06 13:22:22 +01:00
add paperless.nix 2024-03-04 19:05:30 +01:00			`services.paperless = {`
			`enable = true;`
paperless accessible via wireguard 2024-03-09 16:50:33 +01:00			`address = "0.0.0.0";`
nix flake check 2024-05-27 19:10:54 +02:00			`settings = {`
update paperless 2024-03-18 21:00:48 +01:00			`PAPERLESS_OCR_LANGUAGE = "deu+eng";`
			`PAPERLESS_APP_TITLE = "paperless.chungus.private";`
nix fmt 2024-08-29 03:26:04 +02:00			`PAPERLESS_CONSUMER_IGNORE_PATTERN = builtins.toJSON [`
			`".DS_STORE/*"`
			`"desktop.ini"`
			`];`
make loki, promtail better (better indices and so on) 2024-05-15 22:54:12 +02:00			`PAPERLESS_EMAIL_TASK_CRON = "0 /8 * *"; # “At minute 0 past every 8th hour.”`
update 2024-05-22 20:54:36 +02:00			`#PAPERLESS_CONSUMER_DELETE_DUPLICATES = false;`
update paperless 2024-03-18 21:00:48 +01:00			`};`
add paperless.nix 2024-03-04 19:05:30 +01:00			`};`
paperless accessible via wireguard 2024-03-06 13:22:22 +01:00
update paperless 2024-05-12 09:32:04 +02:00			`services.permown."/var/lib/paperless/consume" = {`
			`owner = "paperless";`
			`group = "paperless";`
			`directory-mode = "755";`
			`file-mode = "640";`
			`};`

paperless accessible via wireguard 2024-03-06 13:22:22 +01:00			`networking.firewall.interfaces.wg0.allowedTCPPorts = [ config.services.paperless.port ];`
:white_check_mark: add some more smoke tests. 2024-09-15 04:11:25 +02:00			`verify.localCommands.paperless =`
			`let`
			`domain = "http://paperless.ingolf-wagner.de/accounts/login/?next=/";`
			`curl = lib.getExe pkgs.curl;`
			`grep = lib.getExe pkgs.gnugrep;`
			`grepString = "paperless.chungus.private";`
			`in`
			`''`
			`if ${curl} -s -o /dev/null -w "%{http_code}" ${domain} \| ${grep} -q "200"; then`
			`if ${curl} -s ${domain} \| ${grep} -q "${grepString}"; then`
			`echo "[ OK ] Die Seite hat Statuscode 200 und enthält den String '${grepString}'."`
			`else`
			`echo "[Fail] Der Statuscode ist 200, aber die Seite enthält den String '${grepString}' nicht."`
			`fi`
			`else`
			`echo "[Fail] Die Seite hat keinen Statuscode 200."`
			`fi`
			`'';`
paperless accessible via wireguard 2024-03-06 13:22:22 +01:00
add paperless.nix 2024-03-04 19:05:30 +01:00			`services.nginx.virtualHosts."paperless.${config.networking.hostName}.private" = {`
add paperless to wireguard 2024-05-22 09:28:11 +02:00			`serverAliases = [ "paperless.ingolf-wagner.de" ];`
add paperless.nix 2024-03-04 19:05:30 +01:00			`extraConfig = ''`
			`allow ${config.tinc.private.subnet};`
add paperless to wireguard 2024-05-22 09:28:11 +02:00			`allow ${config.wireguard.wg0.subnet};`
add paperless.nix 2024-03-04 19:05:30 +01:00			`deny all;`
			`'';`
			`locations."/" = {`
update paperless 2024-05-12 09:32:04 +02:00			`extraConfig = ''`
			`client_max_body_size 500M;`
			`'';`
add paperless.nix 2024-03-04 19:05:30 +01:00			`proxyPass = "http://localhost:${toString config.services.paperless.port}";`
			`proxyWebsockets = true;`
			`};`
			`};`
			`}`