rpi4: enable paperless

2025-01-26 01:52:00 -05:00 · 2025-01-26 01:52:00 -05:00 · 16724406df
commit 16724406df
parent e32de47778
2 changed files with 34 additions and 0 deletions
--- a/hosts/rpi4/backup.nix
+++ b/hosts/rpi4/backup.nix
@ -25,6 +25,7 @@ in
        "/var/lib/tailscale"
        "/var/lib/private/anki-sync-server"
        "/var/lib/thelounge"
+        "/var/lib/paperless"
        "/etc"
      ];
      dynamicFilesFrom = ''
--- a/hosts/rpi4/services.nix
+++ b/hosts/rpi4/services.nix
@ -1,6 +1,7 @@
 { config, lib, pkgs, ... }:
 let
  inherit (config.age) secrets;
+  inherit (builtins) toString;
 in
 {
  imports = [
@ -57,6 +58,10 @@ in
      file = ../../secrets/homepage.age;
    };

+    age.secrets.paperless-admin = {
+      file = ../../secrets/paperless-admin.age;
+    };
+
    users.groups.secrets = {};
    users.users.acme.extraGroups = [ "secrets" ];

@ -229,6 +234,7 @@ in
        "redlib.protogen.io" = mkAuthProxy 8087;
        "rss.protogen.io" = mkReverseProxy 8082;
        "blahaj.protogen.io" = mkReverseProxy 8086;
+        "paper.protogen.io" = mkReverseProxy config.services.paperless.port;

        # octoprint (proxy_addr is 10.10.1.8)
        "print.protogen.io" = lib.mkMerge [ (mkProxy { authelia = true; upstream = "http://10.10.1.8:80"; })
@ -463,6 +469,33 @@ in
      enable = true;
    };

+    services.redis.servers.paperless.enable = true;
+    services.paperless = {
+      enable = true;
+      # default is "localhost", binding should not rely on DNS (even if
+      # localhost is hard-coded 99.999% of the time)
+      address = "127.0.0.1";
+      passwordFile = secrets.paperless-admin.path;
+      settings = {
+        PAPERLESS_ADMIN_USER = "nullbite";
+        PAPERLESS_REDIS = "unix://${config.services.redis.servers.paperless.unixSocket}";
+        PAPERLESS_URL = "https://paper.protogen.io";
+        PAPERLESS_TIKA_ENABLED = true;
+        PAPERLESS_TIKA_ENDPOINT = "http://localhost:${toString config.services.tika.port}";
+        PAPERLESS_TIKA_GOTENBERG_ENDPOINT =
+          "http://localhost:${toString config.services.gotenberg.port}";
+      };
+    };
+    users.users."${config.services.paperless.user}".extraGroups = let
+      name = config.services.redis.servers.paperless.group;
+    in [ name ];
+
+    services.gotenberg = {
+      enable = true;
+      port = 3002;
+    };
+    services.tika.enable = true;
+
    services.anki-sync-server = {
      enable = true;
      address = "127.0.0.1";