55 lines
1.5 KiB
Nix
55 lines
1.5 KiB
Nix
# SPDX-FileCopyrightText: 2022 Luke Granger-Brown <depot@lukegb.com>
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
{ depot, pkgs, config, lib, ... }:
|
|
let
|
|
inherit (depot.ops) secrets;
|
|
in {
|
|
imports = [
|
|
../lib/bvm.nix
|
|
];
|
|
|
|
# Networking!
|
|
networking = {
|
|
hostName = "bvm-paperless";
|
|
hostId = "c8d6f81f";
|
|
|
|
interfaces.enp1s0 = {
|
|
ipv4.addresses = [{ address = "10.100.0.211"; prefixLength = 23; }];
|
|
};
|
|
};
|
|
my.ip.tailscale = "100.85.236.121";
|
|
|
|
services.paperless = {
|
|
enable = true;
|
|
address = config.my.ip.tailscale;
|
|
extraConfig = {
|
|
PAPERLESS_URL = "https://paperless.int.lukegb.com";
|
|
PAPERLESS_ALLOWED_HOSTS = "paperless.int.lukegb.com,bvm-paperless.int.as205479.net:28981,bvm-paperless.int.as205479.net";
|
|
PAPERLESS_CORS_ALLOWED_HOSTS = "https://paperless.int.lukegb.com,http://bvm-paperless.int.as205479.net:28981";
|
|
PAPERLESS_CSRF_TRUSTED_ORIGINS = "https://paperless.int.lukegb.com,http://bvm-paperless.int.as205479.net:28981";
|
|
PAPERLESS_ENABLE_HTTP_REMOTE_USER = "true";
|
|
PAPERLESS_DBHOST = "/run/postgresql";
|
|
PAPERLESS_DBPASS = "";
|
|
};
|
|
};
|
|
systemd.services.paperless-scheduler.serviceConfig = {
|
|
RestrictAddressFamilies = lib.mkForce [];
|
|
SystemCallFilter = lib.mkForce [];
|
|
PrivateNetwork = lib.mkForce false;
|
|
};
|
|
|
|
services.postgresql = {
|
|
enable = true;
|
|
ensureUsers = [{
|
|
name = "paperless";
|
|
ensurePermissions = {
|
|
"DATABASE paperless" = "ALL PRIVILEGES";
|
|
};
|
|
}];
|
|
ensureDatabases = [ "paperless" ];
|
|
};
|
|
|
|
system.stateVersion = "22.05";
|
|
}
|