Install paperless
This commit is contained in:
parent
85b8479e44
commit
dd4a80e034
5 changed files with 119 additions and 0 deletions
73
nixos/arion-paperless/arion-compose.nix
Normal file
73
nixos/arion-paperless/arion-compose.nix
Normal file
|
|
@ -0,0 +1,73 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
|
project.name = "paperless";
|
||||||
|
|
||||||
|
networks.paperless.external = false;
|
||||||
|
|
||||||
|
services = {
|
||||||
|
redis = {
|
||||||
|
service = {
|
||||||
|
image = "redis:7";
|
||||||
|
container_name = "paperless-redis";
|
||||||
|
restart = "unless-stopped";
|
||||||
|
networks = [ "paperless" ];
|
||||||
|
volumes = [
|
||||||
|
"/var/paperless/redis:/data"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
db = {
|
||||||
|
service = {
|
||||||
|
image = "postgres:16";
|
||||||
|
container_name = "paperless-db";
|
||||||
|
restart = "unless-stopped";
|
||||||
|
networks = [ "paperless" ];
|
||||||
|
volumes = [
|
||||||
|
"/var/paperless/postgres:/var/lib/postgresql/data"
|
||||||
|
];
|
||||||
|
environment = {
|
||||||
|
POSTGRES_DB = "paperless";
|
||||||
|
POSTGRES_USER = "paperless";
|
||||||
|
POSTGRES_PASSWORD = "paperless";
|
||||||
|
};
|
||||||
|
healthcheck = {
|
||||||
|
test = [ "CMD-SHELL" "pg_isready -U paperless -d paperless" ];
|
||||||
|
interval = "5s";
|
||||||
|
timeout = "5s";
|
||||||
|
retries = 20;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
webserver = {
|
||||||
|
service = {
|
||||||
|
image = "ghcr.io/paperless-ngx/paperless-ngx:latest";
|
||||||
|
container_name = "paperless-ngx";
|
||||||
|
restart = "unless-stopped";
|
||||||
|
networks = [ "paperless" ];
|
||||||
|
depends_on = [ "db" "redis" ];
|
||||||
|
ports = [ "127.0.0.1:8000:8000" ];
|
||||||
|
volumes = [
|
||||||
|
"/var/paperless/data:/usr/src/paperless/data"
|
||||||
|
"/var/paperless/media:/usr/src/paperless/media"
|
||||||
|
"/var/paperless/export:/usr/src/paperless/export"
|
||||||
|
"/var/paperless/consume:/usr/src/paperless/consume"
|
||||||
|
];
|
||||||
|
environment = {
|
||||||
|
PAPERLESS_REDIS = "redis://redis:6379";
|
||||||
|
PAPERLESS_DBHOST = "db";
|
||||||
|
PAPERLESS_DBNAME = "paperless";
|
||||||
|
PAPERLESS_DBUSER = "paperless";
|
||||||
|
PAPERLESS_DBPASS = "paperless";
|
||||||
|
PAPERLESS_URL = "https://paperless.philippeterson.com";
|
||||||
|
PAPERLESS_TIME_ZONE = "America/Anchorage";
|
||||||
|
PAPERLESS_OCR_LANGUAGE = "eng";
|
||||||
|
USERMAP_UID = "1000";
|
||||||
|
USERMAP_GID = "1000";
|
||||||
|
};
|
||||||
|
env_file = [ "/run/agenix/paperless" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
3
nixos/arion-paperless/arion-pkgs.nix
Normal file
3
nixos/arion-paperless/arion-pkgs.nix
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
import <nixpkgs> {
|
||||||
|
system = "x86_64-linux";
|
||||||
|
}
|
||||||
|
|
@ -78,6 +78,11 @@ in {
|
||||||
file = ./secrets/vnc-htpasswd.age;
|
file = ./secrets/vnc-htpasswd.age;
|
||||||
owner = "nginx";
|
owner = "nginx";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
paperless = {
|
||||||
|
file = ./secrets/paperless.age;
|
||||||
|
owner = "root";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
|
|
@ -164,6 +169,7 @@ in {
|
||||||
projects.forgejo.settings = import ./arion/arion-compose.nix;
|
projects.forgejo.settings = import ./arion/arion-compose.nix;
|
||||||
projects.riverside.settings = import ./arion-riverside/arion-compose.nix;
|
projects.riverside.settings = import ./arion-riverside/arion-compose.nix;
|
||||||
projects.pluto.settings = import ./arion-pluto/arion-compose.nix;
|
projects.pluto.settings = import ./arion-pluto/arion-compose.nix;
|
||||||
|
projects.paperless.settings = import ./arion-paperless/arion-compose.nix;
|
||||||
};
|
};
|
||||||
|
|
||||||
# The arion NixOS module sets backend = "podman-socket" but doesn't inject
|
# The arion NixOS module sets backend = "podman-socket" but doesn't inject
|
||||||
|
|
@ -172,6 +178,7 @@ in {
|
||||||
systemd.services.arion-forgejo.environment.DOCKER_HOST = "unix:///run/podman/podman.sock";
|
systemd.services.arion-forgejo.environment.DOCKER_HOST = "unix:///run/podman/podman.sock";
|
||||||
systemd.services.arion-riverside.environment.DOCKER_HOST = "unix:///run/podman/podman.sock";
|
systemd.services.arion-riverside.environment.DOCKER_HOST = "unix:///run/podman/podman.sock";
|
||||||
systemd.services.arion-pluto.environment.DOCKER_HOST = "unix:///run/podman/podman.sock";
|
systemd.services.arion-pluto.environment.DOCKER_HOST = "unix:///run/podman/podman.sock";
|
||||||
|
systemd.services.arion-paperless.environment.DOCKER_HOST = "unix:///run/podman/podman.sock";
|
||||||
|
|
||||||
# Build the VNC desktop image locally from the Dockerfile — no registry push/pull needed.
|
# Build the VNC desktop image locally from the Dockerfile — no registry push/pull needed.
|
||||||
# vncContext is a Nix store path that changes whenever any file under vnc-desktop/ changes,
|
# vncContext is a Nix store path that changes whenever any file under vnc-desktop/ changes,
|
||||||
|
|
@ -241,6 +248,12 @@ in {
|
||||||
"d /root/.config 0755 ${username} users"
|
"d /root/.config 0755 ${username} users"
|
||||||
"d /var/pluto/notebooks 0755 root root"
|
"d /var/pluto/notebooks 0755 root root"
|
||||||
"d /var/pluto/julia-depot 0755 root root"
|
"d /var/pluto/julia-depot 0755 root root"
|
||||||
|
"d /var/paperless/data 0755 root root"
|
||||||
|
"d /var/paperless/media 0755 root root"
|
||||||
|
"d /var/paperless/export 0755 root root"
|
||||||
|
"d /var/paperless/consume 0755 root root"
|
||||||
|
"d /var/paperless/postgres 0755 root root"
|
||||||
|
"d /var/paperless/redis 0755 root root"
|
||||||
"d /var/riverside/files 0755 root root"
|
"d /var/riverside/files 0755 root root"
|
||||||
"d /var/riverside/postgres 0755 root root"
|
"d /var/riverside/postgres 0755 root root"
|
||||||
"d /var/lib/gitea-runner/ubuntu 0755 gitea-runner gitea-runner"
|
"d /var/lib/gitea-runner/ubuntu 0755 gitea-runner gitea-runner"
|
||||||
|
|
@ -431,6 +444,13 @@ in {
|
||||||
webroot = null;
|
webroot = null;
|
||||||
group = config.services.nginx.group;
|
group = config.services.nginx.group;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
certs."paperless.philippeterson.com" = {
|
||||||
|
dnsProvider = "nearlyfreespeech";
|
||||||
|
environmentFile = config.age.secrets."nearlyfreespeech".path;
|
||||||
|
webroot = null;
|
||||||
|
group = config.services.nginx.group;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Break the systemd ordering cycle that deadlocks nixos-rebuild switch.
|
# Break the systemd ordering cycle that deadlocks nixos-rebuild switch.
|
||||||
|
|
@ -454,5 +474,6 @@ in {
|
||||||
"acme-selfsigned-vnc.quinefoundation.com.service"
|
"acme-selfsigned-vnc.quinefoundation.com.service"
|
||||||
"acme-selfsigned-webdav.philippeterson.com.service"
|
"acme-selfsigned-webdav.philippeterson.com.service"
|
||||||
"acme-selfsigned-pluto.philippeterson.com.service"
|
"acme-selfsigned-pluto.philippeterson.com.service"
|
||||||
|
"acme-selfsigned-paperless.philippeterson.com.service"
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -114,6 +114,22 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
"paperless.philippeterson.com" = {
|
||||||
|
useACMEHost = "paperless.philippeterson.com";
|
||||||
|
onlySSL = true;
|
||||||
|
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://127.0.0.1:8000/";
|
||||||
|
extraConfig = ''
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
client_max_body_size 100M;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
"pluto.philippeterson.com" = {
|
"pluto.philippeterson.com" = {
|
||||||
useACMEHost = "pluto.philippeterson.com";
|
useACMEHost = "pluto.philippeterson.com";
|
||||||
onlySSL = true;
|
onlySSL = true;
|
||||||
|
|
|
||||||
|
|
@ -24,4 +24,10 @@ in {
|
||||||
# htpasswd-format credentials for nginx basic auth on vnc.quinefoundation.com
|
# htpasswd-format credentials for nginx basic auth on vnc.quinefoundation.com
|
||||||
# Generate with: htpasswd -n <username>
|
# Generate with: htpasswd -n <username>
|
||||||
"./vnc-htpasswd.age".publicKeys = [mainframePublicKey];
|
"./vnc-htpasswd.age".publicKeys = [mainframePublicKey];
|
||||||
|
|
||||||
|
# PAPERLESS_SECRET_KEY=<long random string>
|
||||||
|
# PAPERLESS_ADMIN_USER=admin
|
||||||
|
# PAPERLESS_ADMIN_PASSWORD=<password>
|
||||||
|
# PAPERLESS_ADMIN_EMAIL=peterson@sent.com
|
||||||
|
"./paperless.age".publicKeys = [mainframePublicKey];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue