paperless: allow websockets, set up postgres
This commit is contained in:
parent
d56f44df06
commit
157629a402
2 changed files with 28 additions and 6 deletions
|
@ -2,7 +2,7 @@
|
||||||
#
|
#
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
{ depot, pkgs, config, ... }:
|
{ depot, pkgs, config, lib, ... }:
|
||||||
let
|
let
|
||||||
inherit (depot.ops) secrets;
|
inherit (depot.ops) secrets;
|
||||||
in {
|
in {
|
||||||
|
@ -26,11 +26,28 @@ in {
|
||||||
package = pkgs.paperless-ngx;
|
package = pkgs.paperless-ngx;
|
||||||
address = config.my.ip.tailscale;
|
address = config.my.ip.tailscale;
|
||||||
extraConfig = {
|
extraConfig = {
|
||||||
PAPERLESS_ALLOWED_HOSTS = "paperless.int.lukegb.com";
|
PAPERLESS_ALLOWED_HOSTS = "paperless.int.lukegb.com,bvm-paperless.int.as205479.net:28981,bvm-paperless.int.as205479.net";
|
||||||
PAPERLESS_CORS_ALLOWED_HOSTS = "https://paperless.int.lukegb.com";
|
PAPERLESS_CORS_ALLOWED_HOSTS = "https://paperless.int.lukegb.com,http://bvm-paperless.int.as205479.net:28981";
|
||||||
PAPERLESS_ENABLE_HTTP_REMOTE_USER = "true";
|
PAPERLESS_ENABLE_HTTP_REMOTE_USER = "true";
|
||||||
|
PAPERLESS_DBHOST = "localhost";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
systemd.services.paperless-ng-server.serviceConfig = {
|
||||||
|
RestrictAddressFamilies = lib.mkForce [];
|
||||||
|
SystemCallFilter = lib.mkForce [];
|
||||||
|
PrivateNetwork = lib.mkForce false;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.postgresql = {
|
||||||
|
enable = true;
|
||||||
|
ensureUsers = [{
|
||||||
|
name = "paperless";
|
||||||
|
ensurePermissions = {
|
||||||
|
"DATABASE paperless" = "ALL PRIVILEGES";
|
||||||
|
};
|
||||||
|
}];
|
||||||
|
ensureDatabases = [ "paperless" ];
|
||||||
|
};
|
||||||
|
|
||||||
system.stateVersion = "22.05";
|
system.stateVersion = "22.05";
|
||||||
}
|
}
|
||||||
|
|
|
@ -343,10 +343,15 @@ in {
|
||||||
(service "bvm-netbox.int.as205479.net:80" "netbox.int.lukegb.com" {})
|
(service "bvm-netbox.int.as205479.net:80" "netbox.int.lukegb.com" {})
|
||||||
(service "localhost:9901" "envoy-debug.int.lukegb.com" {})
|
(service "localhost:9901" "envoy-debug.int.lukegb.com" {})
|
||||||
(service "bvm-paperless.int.as205479.net:28981" "paperless.int.lukegb.com" {
|
(service "bvm-paperless.int.as205479.net:28981" "paperless.int.lukegb.com" {
|
||||||
jwt_claims_headers = {
|
regex = "^/ws/.*";
|
||||||
Remote-User = "email";
|
allow_websockets = true;
|
||||||
};
|
timeout = "0";
|
||||||
})
|
})
|
||||||
|
(service "bvm-paperless.int.as205479.net:28981" "paperless.int.lukegb.com" {
|
||||||
|
regex = "^/api/.*";
|
||||||
|
timeout = "0";
|
||||||
|
})
|
||||||
|
(service "bvm-paperless.int.as205479.net:28981" "paperless.int.lukegb.com" {})
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue