c8h4/nixos-config
1
0
Fork 0
Code Issues Actions Activity

machines: serv: Add paperless-ngx service

Browse source 
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
This commit is contained in:
Christoph Heiss 2023-05-10 21:40:32 +02:00
parent 9f757e1a0b
commit fdfcd536ab
Signed by: c8h4
GPG key ID: 6817E9C75C0785D7
3 changed files with 51 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
machines/serv.nix
View file

@ -18,6 +18,7 @@ in {
../secrets/morph/acme.nix
../secrets/morph/sourcehut
../services/nginx.nix
../services/paperless.nix
../services/postgresql.nix
../services/sourcehut.nix
../system/lxc.nix

BIN
secrets/paperless.nix Normal file
View file

Binary file not shown.

50
services/paperless.nix Normal file
View file

@ -0,0 +1,50 @@
{ config, ... }:
let
paperlessEnv = config.services.paperless.extraConfig;
redisSocketPath = config.services.redis.servers.paperless.unixSocket;
in {
services.paperless = {
enable = true;
address = "[::]";
extraConfig = {
PAPERLESS_OCR_LANGUAGE = "deu+eng";
PAPERLESS_REDIS = "unix://${redisSocketPath}";
PAPERLESS_DBHOST = "/run/postgresql";
PAPERLESS_DBNAME = "paperless";
PAPERLESS_DBUSER = "paperless";
PAPERLESS_SSLMODE = "disable";
};
};
services.redis.vmOverCommit = true;
services.redis.servers.paperless = {
enable = true;
databases = 16;
maxclients = 128;
user = "paperless";
port = 0; # disable TCP
settings = {
maxmemory = "128MB";
maxmemory-policy = "volatile-ttl";
};
};
services.postgresql = {
ensureDatabases = [ paperlessEnv.PAPERLESS_DBNAME ];
ensureUsers = [{
name = paperlessEnv.PAPERLESS_DBUSER;
ensurePermissions = {
"DATABASE ${paperlessEnv.PAPERLESS_DBNAME}" = "ALL PRIVILEGES";
};
ensureClauses.login = true;
}];
};
# Binds the redis socket into services that need it
systemd.services = let services = [ "scheduler" "task-queue" "web" ];
in builtins.listToAttrs (map (name: {
name = "paperless-${name}";
value.serviceConfig.BindReadOnlyPaths = [ redisSocketPath ];
}) services);
}