🔧 make paperless oci-container rootless

2025-05-01 02:51:23 +02:00 · 2025-05-01 02:51:23 +02:00 · d5d28b701d
commit d5d28b701d
parent f58d688ad9
1 changed files with 17 additions and 0 deletions
--- a/machines/chungus/service-paperless-tika.nix
+++ b/machines/chungus/service-paperless-tika.nix
@ -14,16 +14,30 @@
    };
  };

+  # to make podman run rootless as paperless user
+  users.users.paperless.autoSubUidGidRange = true;
+
  imports = [
+    {
+      virtualisation.oci-containers.backend = "podman";
+    }
+
+    # tika
    {
      services.tika.port = 9998;
      virtualisation.oci-containers = {
+        backend = "podman";
        containers.tika = {
          image = "apache/tika:latest"; # Warning: if the tag does not change, the image will not be updated
          ports = [ "127.0.0.1:${toString config.services.tika.port}:9998" ];
+          podman = {
+            user = "paperless";
+          };
        };
      };
    }
+
+    # gotenberg
    {
      services.gotenberg.port = 3214;
      virtualisation.oci-containers = {
@ -35,6 +49,9 @@
            "--chromium-disable-javascript=true"
            "--chromium-allow-list=file:///tmp/.*"
          ];
+          podman = {
+            user = "paperless";
+          };
        };
      };
    }