feat: add paperless ngx service

2025-08-29 16:22:03 +08:00 · 2025-08-29 16:22:03 +08:00 · 1ef3eb3360
commit 1ef3eb3360
parent 9c9acc3494
4 changed files with 44 additions and 2 deletions
--- a/system/dev/dn-server/default.nix
+++ b/system/dev/dn-server/default.nix
@ -29,6 +29,11 @@ in
    ../../modules/bluetooth.nix
    ../../modules/gc.nix
    ../../modules/mail-server
+    ../../modules/stylix.nix
+    (import ../../modules/paperless-ngx.nix {
+      domain = "paperless.net.dn";
+      passwordFile = config.sops.secrets."paperless/adminPassword".path;
+    })
    (import ../../modules/prometheus.nix {
      fqdn = "metrics.net.dn";
      selfMonitor = true;
--- a/system/dev/dn-server/secret.yaml
+++ b/system/dev/dn-server/secret.yaml
@ -26,6 +26,8 @@ prometheus:
    powerdns:
        password: ENC[AES256_GCM,data:pvb/aAvB/F1r0PW4mGJKQEExP88PapnViYpniOedJSf5e89/LwSeqYMd4x36zcGSlCV6myC+Xl/H+QBCw0ezcw==,iv:UI7UuJYJizYCO0ReC4SEPgmdPJNUnNuxgvkrhB1o/EQ=,tag:nUjTP7IQNx1ei8COQCTj+g==,type:str]
        nginxAuth: ENC[AES256_GCM,data:rYwuXHboAe3rf5e3kcJliKKXZ/Kcg60vnPGP+wukpaDdN8yJ00kk9cCNCjcvIyINEtL7TpEDjBX9oRsZT/E/FfWI6s133tDY,iv:Z/IiEi6oZm1Hv3m8c522GK6eYFf0syFn3A0o4S58DUI=,tag:y4n0Fm+l0OgGVHG+yttHfg==,type:str]
+paperless:
+    adminPassword: ENC[AES256_GCM,data:4qeisBDEa4omAk6TrxmZfA==,iv:Mn6GJWzkd72xsvqlG0bD/3pp9YICqov356ZmlTda2eA=,tag:yLp5JE3nZ715QjIYrv5OeA==,type:str]
 sops:
    age:
        - recipient: age1z6f643a6vqm7cqh6fna5dhmxfkgwxgqy8kg9s0vf9uxhaswtngtspmqsjw
@ -37,7 +39,7 @@ sops:
            Qm0wbmNGZDZwZlNTOVl0WVh5RXNxK2cK1Fwbgl5kKAFyrIIhBP+X4ZKFS4Xl39QY
            11qkglNgro/JBFJ/W7Hj5wtEd8QToiJM1RW0lQaI25sneQ2v6L5pDA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-08-01T03:07:16Z"
-    mac: ENC[AES256_GCM,data:VNmb5eOR2fEyBKD/MuHwC7IdN+SM2ybf/qtkvos3pakYFMCQcSQlJSCiassuZUxkEBl/rpMJ5NcObvuOJDAZZ/B7IAVTMJ8DkQy9cdIMLCRASNxd4EeWdZx517As8OslVdXKpPv15+i7buzj3X/QAPTVy2UUtyjWO2eqZ8ute0A=,iv:PpZmtmKsRKguFFkH2aqbLt54Ox7tOQwq1qtoQVN47Cs=,tag:kQ5kG6BODCqxuNl58EMvmQ==,type:str]
+    lastmodified: "2025-08-29T07:40:00Z"
+    mac: ENC[AES256_GCM,data:QeQ5NOrcq3uNmt+MiVF+Jr3JWWBNGPw5A8pSdd1WR426WWqHTRP7NHAaVbS3st9VSmoYY5NI6JKeizuAq/NCvzOZL3Idy9mP+3HD9VZwn1GNSEGfhn+KZT02AY0JHq29KxcZlAYiWZOL4p+blG2aWfGm9+zy1GHoEXoo3OVhaEg=,iv:8uIoOE0ZJZYGZoQaskCXQKr7vl6wjsmJ4iudhvtgqtY=,tag:fRLGalP92dDyF8q+zT97BQ==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.10.2
--- a/system/dev/dn-server/sops-conf.nix
+++ b/system/dev/dn-server/sops-conf.nix
@ -60,6 +60,9 @@ in
        owner = "prometheus";
        group = config.users.users.prometheus.group;
      };
+      "paperless/adminPassword" = mkIf config.services.paperless.enable {
+        owner = config.services.paperless.user;
+      };
    };
  };
 }
--- a/system/modules/paperless-ngx.nix
+++ b/system/modules/paperless-ngx.nix
@ -0,0 +1,32 @@
+{
+  domain ? "localhost",
+  passwordFile,
+}:
+{ config, ... }:
+{
+  services.paperless = {
+    enable = true;
+    passwordFile = passwordFile;
+    consumptionDirIsPublic = true;
+    settings = {
+      PAPERLESS_CONSUMER_IGNORE_PATTERN = [
+        ".DS_STORE/*"
+        "desktop.ini"
+      ];
+      PAPERLESS_OCR_LANGUAGE = "chi_tra+eng";
+      PAPERLESS_OCR_USER_ARGS = {
+        optimize = 1;
+        pdfa_image_compression = "lossless";
+      };
+      PAPERLESS_URL = "https://${domain}";
+    };
+    configureTika = true;
+    database.createLocally = true;
+  };
+
+  services.nginx.virtualHosts."${domain}" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/".proxyPass = "http://localhost:${toString config.services.paperless.port}";
+  };
+}