♻️ service paperless split up

machines/chungus/configuration.nix

@@ -47,6 +47,8 @@
     ./service-atuin.nix
     ./service-forgejo.nix
     ./service-paperless.nix
+    ./service-paperless-backup.nix
+    ./service-paperless-healthchecks.nix
     ./service-s3.nix
     #./service-taskwarrior.nix
     ./service-vault.nix

machines/chungus/service-paperless-backup.nix

@@ -0,0 +1,40 @@
+{
+  config,
+  pkgs,
+  lib,
+  factsGenerator,
+  ...
+}:
+{
+
+  clan.core.facts.services."paperless-ngx.borg" = factsGenerator.password { name = "borgbackup"; };
+  clan.core.facts.services."paperless-ngx.ssh" = factsGenerator.ssh { name = "paperless-ngx"; };
+
+  # backup
+  services.borgbackup.jobs."paperless-ngx" = {
+    paths = [ config.services.paperless.dataDir ];
+    repo = "root@orbi.bear:borg-${config.networking.hostName}-paperless";
+    compression = "auto,lzma";
+    startAt = "daily";
+    encryption = {
+      mode = "keyfile-blake2";
+      passCommand = "cat ${
+        toString config.clan.core.facts.services."paperless-ngx.borg".secret."password.borgbackup".path
+      }";
+    };
+    environment = {
+      BORG_RSH = "ssh -i ${
+        toString
+          config.clan.core.facts.services."paperless-ngx.ssh".secret."ssh.paperless-ngx.id_ed25519".path
+      }";
+      BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes";
+    };
+    prune.keep = {
+      within = "3d"; # Keep all backups in the last 10 days.
+      weekly = 2; # Keep 8 additional end of week archives.
+      monthly = -1; # Keep end of month archive for every month
+    };
+    doInit = true;
+  };
+
+}

machines/chungus/service-paperless-healthchecks.nix

@@ -0,0 +1,16 @@
+{
+  config,
+  pkgs,
+  lib,
+  factsGenerator,
+  ...
+}:
+{
+
+  healthchecks.http.paperless = {
+    url = "http://paperless.ingolf-wagner.de/accounts/login/?next=/";
+    expectedContent = "paperless.chungus.private";
+  };
+  healthchecks.closed.retiolum.ports.paperless = [ config.services.paperless.port ];
+
+}

machines/chungus/service-paperless.nix

@@ -2,8 +2,6 @@
   config,
   pkgs,
   lib,
-  nixos-artwork,
-  factsGenerator,
   ...
 }:
 {
@@ -36,11 +34,6 @@
   };
 
   networking.firewall.interfaces.wg0.allowedTCPPorts = [ config.services.paperless.port ];
-  healthchecks.http.paperless = {
-    url = "http://paperless.ingolf-wagner.de/accounts/login/?next=/";
-    expectedContent = "paperless.chungus.private";
-  };
-  healthchecks.closed.retiolum.ports.paperless = [ config.services.paperless.port ];
 
   services.nginx.virtualHosts."paperless.${config.networking.hostName}.private" = {
     serverAliases = [ "paperless.ingolf-wagner.de" ];
@@ -58,34 +51,4 @@
     };
   };
 
-  clan.core.facts.services."paperless-ngx.borg" = factsGenerator.password { name = "borgbackup"; };
-  clan.core.facts.services."paperless-ngx.ssh" = factsGenerator.ssh { name = "paperless-ngx"; };
-
-  # backup
-  services.borgbackup.jobs."paperless-ngx" = {
-    paths = [ config.services.paperless.dataDir ];
-    repo = "root@orbi.bear:borg-${config.networking.hostName}-paperless";
-    compression = "auto,lzma";
-    startAt = "daily";
-    encryption = {
-      mode = "keyfile-blake2";
-      passCommand = "cat ${
-        toString config.clan.core.facts.services."paperless-ngx.borg".secret."password.borgbackup".path
-      }";
-    };
-    environment = {
-      BORG_RSH = "ssh -i ${
-        toString
-          config.clan.core.facts.services."paperless-ngx.ssh".secret."ssh.paperless-ngx.id_ed25519".path
-      }";
-      BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes";
-    };
-    prune.keep = {
-      within = "3d"; # Keep all backups in the last 10 days.
-      weekly = 2; # Keep 8 additional end of week archives.
-      monthly = -1; # Keep end of month archive for every month
-    };
-    doInit = true;
-  };
-
 }