c8h4/nixos-config
1
0
Fork 0
Code Issues Activity Actions
nixos-config/services/paperless.nix
Christoph Heiss e2826bdfd3
services: add restic backup job notifications 
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
2023-12-03 21:42:58 +01:00

83 lines
2.6 KiB
Nix
Raw Blame History

{ config, lib, my, pkgs, ... }:
let
paperlessEnv = config.services.paperless.extraConfig;
redisSocketPath = config.services.redis.servers.paperless.unixSocket;
in {
services.paperless = {
enable = true;
address = "[::]";
extraConfig = {
PAPERLESS_OCR_LANGUAGE = "deu+eng";
PAPERLESS_REDIS = "unix://${redisSocketPath}";
PAPERLESS_DBHOST = "/run/postgresql";
PAPERLESS_DBNAME = "paperless";
PAPERLESS_DBUSER = "paperless";
PAPERLESS_SSLMODE = "disable";
PAPERLESS_URL = "https://${my.homelab.fqdn}";
PAPERLESS_FORCE_SCRIPT_NAME = "/paperless";
PAPERLESS_SECRET_KEY = my.homelab.services.paperless.secretKey;
};
};
services.redis.vmOverCommit = true;
services.redis.servers.paperless = {
enable = true;
databases = 16;
maxclients = 128;
user = "paperless";
port = 0; # disable TCP
settings = {
maxmemory = "128MB";
maxmemory-policy = "volatile-ttl";
};
};
services.postgresql = {
ensureDatabases = [ paperlessEnv.PAPERLESS_DBNAME ];
ensureUsers = [{
name = paperlessEnv.PAPERLESS_DBUSER;
ensureDBOwnership =
assert paperlessEnv.PAPERLESS_DBNAME == paperlessEnv.PAPERLESS_DBNAME;
true;
ensureClauses.login = true;
}];
};
systemd.services = lib.mkMerge [
# Binds the redis socket into services that need it
(let services = [ "scheduler" "task-queue" "web" ];
in builtins.listToAttrs (map (name: {
name = "paperless-${name}";
value.serviceConfig.BindReadOnlyPaths = [ redisSocketPath ];
}) services))
{
# Ensure that redis is available before it starts
paperless-download-nltk-data = {
requires = [ "redis-paperless.service" ];
after = [ "redis-paperless.service" "network-online.target" ];
wants = [ "network-online.target" ];
preStart = "${pkgs.coreutils-full}/bin/sleep 10";
};
}
];
users.users.paperless.extraGroups = [ "restic-backup" ];
services.restic.backups.paperless-media =
let resticCfg = my.homelab.services.restic;
in {
inherit (resticCfg) environmentFile;
initialize = true;
repository = "${resticCfg.repositoryBase}/${config.networking.hostName}";
passwordFile = "/var/secrets/restic/repo/${config.networking.hostName}";
user = "paperless";
paths = [ "/var/lib/paperless/media/documents" ];
timerConfig.OnCalendar = "*-*-* 4:00:00"; # daily at 04:00
backupCleanupCommand = my.mkResticBackupNotificationCmd {
name = "paperless-media";
inherit pkgs;
inherit (my.notifications.backup-bot) environmentFile;
};
};
}
Reference in a new issue View git blame Copy permalink