paperless: allow websockets, set up postgres

This commit is contained in:
Luke Granger-Brown 2022-04-06 11:49:52 +01:00
parent d56f44df06
commit 157629a402
2 changed files with 28 additions and 6 deletions

View file

@ -2,7 +2,7 @@
# #
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
{ depot, pkgs, config, ... }: { depot, pkgs, config, lib, ... }:
let let
inherit (depot.ops) secrets; inherit (depot.ops) secrets;
in { in {
@ -26,11 +26,28 @@ in {
package = pkgs.paperless-ngx; package = pkgs.paperless-ngx;
address = config.my.ip.tailscale; address = config.my.ip.tailscale;
extraConfig = { extraConfig = {
PAPERLESS_ALLOWED_HOSTS = "paperless.int.lukegb.com"; PAPERLESS_ALLOWED_HOSTS = "paperless.int.lukegb.com,bvm-paperless.int.as205479.net:28981,bvm-paperless.int.as205479.net";
PAPERLESS_CORS_ALLOWED_HOSTS = "https://paperless.int.lukegb.com"; PAPERLESS_CORS_ALLOWED_HOSTS = "https://paperless.int.lukegb.com,http://bvm-paperless.int.as205479.net:28981";
PAPERLESS_ENABLE_HTTP_REMOTE_USER = "true"; PAPERLESS_ENABLE_HTTP_REMOTE_USER = "true";
PAPERLESS_DBHOST = "localhost";
}; };
}; };
systemd.services.paperless-ng-server.serviceConfig = {
RestrictAddressFamilies = lib.mkForce [];
SystemCallFilter = lib.mkForce [];
PrivateNetwork = lib.mkForce false;
};
services.postgresql = {
enable = true;
ensureUsers = [{
name = "paperless";
ensurePermissions = {
"DATABASE paperless" = "ALL PRIVILEGES";
};
}];
ensureDatabases = [ "paperless" ];
};
system.stateVersion = "22.05"; system.stateVersion = "22.05";
} }

View file

@ -343,10 +343,15 @@ in {
(service "bvm-netbox.int.as205479.net:80" "netbox.int.lukegb.com" {}) (service "bvm-netbox.int.as205479.net:80" "netbox.int.lukegb.com" {})
(service "localhost:9901" "envoy-debug.int.lukegb.com" {}) (service "localhost:9901" "envoy-debug.int.lukegb.com" {})
(service "bvm-paperless.int.as205479.net:28981" "paperless.int.lukegb.com" { (service "bvm-paperless.int.as205479.net:28981" "paperless.int.lukegb.com" {
jwt_claims_headers = { regex = "^/ws/.*";
Remote-User = "email"; allow_websockets = true;
}; timeout = "0";
}) })
(service "bvm-paperless.int.as205479.net:28981" "paperless.int.lukegb.com" {
regex = "^/api/.*";
timeout = "0";
})
(service "bvm-paperless.int.as205479.net:28981" "paperless.int.lukegb.com" {})
]; ];
}; };
}; };