add(paperless): enable restic backup of /data

We also disabled immich for now, since the version is currently
incompatible to migrate from my docker services.

modules/nixos/services/paperless/default.nix

@@ -0,0 +1,79 @@
+{
+  lib,
+  pkgs,
+  config,
+  namespace,
+  ...
+}:
+with lib;
+with lib.${namespace};
+let
+  cfg = config.${namespace}.services.paperless;
+in
+{
+  options.${namespace}.services.paperless = {
+    enable = mkEnableOption "Paperless";
+    nginx = {
+      enable = mkEnableOption "Enable nginx for this service." // {
+        default = true;
+      };
+    };
+
+    package = mkOption {
+      description = "The package of Paperless to use.";
+      type = types.package;
+      default = pkgs.paperless-ngx;
+    };
+
+    port = mkOption {
+      description = "The port to serve Paperless on.";
+      type = types.nullOr types.int;
+      default = 28981;
+    };
+
+    domain = mkOption {
+      description = "The domain to serve Paperless on.";
+      type = types.nullOr types.str;
+      default = "paperless.stahl.sh";
+    };
+
+  };
+  config = mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [
+      80
+      443
+    ];
+
+    services.paperless = {
+      enable = true;
+      port = cfg.port;
+      package = cfg.package;
+      dataDir = "/data/paperless";
+      consumptionDirIsPublic = true;
+      settings = {
+        PAPERLESS_OCR_LANGUAGE = "deu+eng";
+        PAPERLESS_OCR_USER_ARGS = {
+          optimize = 1;
+          pdfa_image_compression = "lossless";
+        };
+        PAPERLESS_DBHOST = ""; # Ensure sqlite database
+        PAPERLESS_URL = "https://${cfg.domain}";
+      };
+    };
+
+    awesome-flake.services.acme.enable = mkIf cfg.nginx.enable true;
+
+    services.nginx = mkIf cfg.nginx.enable {
+      enable = true;
+
+      virtualHosts."${cfg.domain}" = {
+        forceSSL = true;
+        useACMEHost = "stahl.sh";
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:${builtins.toString cfg.port}";
+          recommendedProxySettings = true;
+        };
+      };
+    };
+  };
+}

modules/nixos/services/restic/default.nix

@@ -36,7 +36,8 @@ in
         repositoryFile = "/run/secrets/restic_url";
         paths = [
           "/home"
-          "/var/lib/caddy"
+          "/var/lib"
+          "/data"
         ];
         timerConfig = {
           OnCalendar = "00:10";

systems/x86_64-linux/blarm/default.nix

@@ -59,7 +59,8 @@ with lib.${namespace};
       linkwarden = enabled;
       forgejo = enabled;
       searxng = enabled;
-      immich = enabled;
+      #immich = enabled; # We wait for the proper version to be in nixpkgs
+      paperless = enabled;
     };
 
     #container.invidious = enabled;