depot/ops/nixos/bvm-paperless/default.nix

54 lines
1.4 KiB
Nix
Raw Normal View History

2022-04-04 19:11:22 +00:00
# SPDX-FileCopyrightText: 2022 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0
{ depot, pkgs, config, lib, ... }:
2022-04-04 19:11:22 +00:00
let
inherit (depot.ops) secrets;
in {
imports = [
../lib/bvm.nix
];
# Networking!
networking = {
hostName = "bvm-paperless";
hostId = "c8d6f81f";
interfaces.enp1s0 = {
ipv4.addresses = [{ address = "10.100.0.211"; prefixLength = 23; }];
};
};
my.ip.tailscale = "100.85.236.121";
2022-04-15 22:33:53 +00:00
services.paperless = {
2022-04-05 23:57:22 +00:00
enable = true;
address = config.my.ip.tailscale;
extraConfig = {
PAPERLESS_ALLOWED_HOSTS = "paperless.int.lukegb.com,bvm-paperless.int.as205479.net:28981,bvm-paperless.int.as205479.net";
PAPERLESS_CORS_ALLOWED_HOSTS = "https://paperless.int.lukegb.com,http://bvm-paperless.int.as205479.net:28981";
2022-04-05 23:57:22 +00:00
PAPERLESS_ENABLE_HTTP_REMOTE_USER = "true";
PAPERLESS_DBHOST = "/run/postgresql";
PAPERLESS_DBPASS = "";
2022-04-05 23:57:22 +00:00
};
};
2022-04-15 22:33:53 +00:00
systemd.services.paperless-scheduler.serviceConfig = {
RestrictAddressFamilies = lib.mkForce [];
SystemCallFilter = lib.mkForce [];
PrivateNetwork = lib.mkForce false;
};
services.postgresql = {
enable = true;
ensureUsers = [{
name = "paperless";
ensurePermissions = {
"DATABASE paperless" = "ALL PRIVILEGES";
};
}];
ensureDatabases = [ "paperless" ];
};
2022-04-05 23:57:22 +00:00
2022-04-04 19:11:22 +00:00
system.stateVersion = "22.05";
}