🔧 make paperless accessible via zerotier

machines/chungus/configuration.nix

@@ -46,7 +46,6 @@
     ./service-atuin.nix
     ./service-forgejo.nix
     ./service-paperless-backup.nix
-    ./service-paperless-healthchecks.nix
     ./service-paperless-tika.nix
     ./service-paperless.nix
     ./service-s3.nix

machines/chungus/service-paperless-healthchecks.nix

@@ -1,15 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  factsGenerator,
-  ...
-}:
-{
-
-  healthchecks.http.paperless = {
-    url = "http://paperless.chungus.private/accounts/login/?next=/";
-    expectedContent = "paperless.chungus.private";
-  };
-
-}

machines/chungus/service-paperless.nix

@@ -39,13 +39,28 @@
   networking.firewall.interfaces.wg0.allowedTCPPorts = [ config.services.paperless.port ];
   networking.firewall.interfaces.${zerotierInterface}.allowedTCPPorts = [
     config.services.paperless.port
+    80 # nginx
   ];
 
+  healthchecks.http.paperless-private = {
+    url = "http://paperless.chungus.private/accounts/login/?next=/";
+    expectedContent = "paperless.chungus.private";
+  };
+  healthchecks.http.paperless-port = {
+    url = "http://paperless.ingolf-wagner.de:${toString config.services.paperless.port}/accounts/login/?next=/";
+    expectedContent = "paperless.chungus.private";
+  };
+  healthchecks.http.paperless = {
+    url = "http://paperless.ingolf-wagner.de/accounts/login/?next=/";
+    expectedContent = "paperless.chungus.private";
+  };
+
   services.nginx.virtualHosts."paperless.${config.networking.hostName}.private" = {
     serverAliases = [ "paperless.ingolf-wagner.de" ];
     extraConfig = ''
       allow ${config.tinc.private.subnet};
       allow ${config.wireguard.wg0.subnet};
+      allow ${config.clan.core.networking.zerotier.subnet};
       deny all;
     '';
     locations."/" = {