mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

mkModule various + fixes

Browse Source
This commit is contained in:
mjallen18
2025-12-18 16:47:12 -06:00
parent 63bd725d64
commit e0b1e72431
10 changed files with 185 additions and 297 deletions
Download Patch File Download Diff File Expand all files Collapse all files

142
modules/nixos/services/paperless/default.nix
View File

@@ -1,110 +1,62 @@
{
config,
lib,
pkgs,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.paperless;
name = "paperless";
cfg = config.${namespace}.services.${name};
paperlessPort = 28981;
paperlessUserId = config.users.users.nix-apps.uid;
paperlessGroupId = config.users.groups.jallen-nas.gid;
paperlessPkg = pkgs.paperless-ngx;
in
{
imports = [ ./options.nix ];
paperlessConfig = lib.${namespace}.mkModule {
inherit config name;
description = "paperless";
options = { };
moduleConfig = {
# Enable paperless service
services.paperless = {
enable = true;
package = pkgs.paperless-ngx;
port = cfg.port;
# user = "nix-apps";
address = cfg.listenAddress;
dataDir = "${cfg.configDir}/paperless";
passwordFile = "${cfg.configDir}/paperless/paperless-password";
# environmentFile = paperlessEnv;
domain = "paperless.mjallen.dev";
database.createLocally = true;
};
};
};
config = mkIf cfg.enable {
containers.paperless = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.0.1.3";
localAddress = "10.0.1.20";
hostAddress6 = "fc00::1";
localAddress6 = "fc00::20";
config =
{
lib,
...
}:
{
# Enable paperless service
services.paperless = {
enable = false;
package = paperlessPkg;
port = paperlessPort;
user = "paperless";
address = "0.0.0.0";
# passwordFile = "/var/lib/paperless/paperless-password";
environmentFile = paperlessEnv;
};
# Create required users and groups
users.groups = {
documents = {
gid = lib.mkForce paperlessGroupId;
};
};
users.users.paperless = {
isSystemUser = true;
uid = lib.mkForce paperlessUserId;
group = lib.mkForce "documents";
};
# Create and set permissions for required directories
system.activationScripts.paperless-dirs = ''
mkdir -p /var/lib/paperless
chown -R paperless:documents /var/lib/paperless
chmod -R 775 /var/lib/paperless
'';
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ paperlessPort ];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
system.stateVersion = "23.11";
};
# Bind mount directories from host
bindMounts = {
"/var/lib/paperless" = {
hostPath = "/media/nas/main/nix-app-data/paperless";
isReadOnly = false;
};
secrets = {
hostPath = "/run/secrets/jallen-nas/paperless";
isReadOnly = true;
mountPoint = "/run/secrets/jallen-nas/paperless";
};
secret-env = {
hostPath = "/run/secrets/rendered/paperless.env";
isReadOnly = true;
mountPoint = "/run/secrets/rendered/paperless.env";
aiCfg = config.${namespace}.services."paperless-ai";
paperlessAiConfig = lib.${namespace}.mkModule {
inherit config;
name = "paperless-ai";
description = "paperless-ai";
options = { };
moduleConfig = {
virtualisation.oci-containers.containers."paperless-ai" = {
autoStart = true;
image = "clusterzx/paperless-ai";
ports = [
"${toString aiCfg.port}:3000"
];
volumes = [ "${aiCfg.configDir}/paperless-ai:/app/data" ];
environment = {
PUID = aiCfg.puid;
PGID = aiCfg.pgid;
TZ = aiCfg.timeZone;
};
};
};
networking.nat = {
forwardPorts = [
{
destination = "10.0.1.20:28981";
sourcePort = paperlessPort;
}
];
};
};
in
{
imports = [
paperlessConfig
paperlessAiConfig
];
}