add(paperless): enable restic backup of /data

We also disabled immich for now, since the version is currently incompatible to migrate from my docker services.
2025-06-20 15:46:13 +02:00 · 2025-06-20 15:46:13 +02:00 · 0377154a3c
commit 0377154a3c
parent a9ec420b9e
3 changed files with 83 additions and 2 deletions
--- a/modules/nixos/services/paperless/default.nix
+++ b/modules/nixos/services/paperless/default.nix
@ -0,0 +1,79 @@
+{
+  lib,
+  pkgs,
+  config,
+  namespace,
+  ...
+}:
+with lib;
+with lib.${namespace};
+let
+  cfg = config.${namespace}.services.paperless;
+in
+{
+  options.${namespace}.services.paperless = {
+    enable = mkEnableOption "Paperless";
+    nginx = {
+      enable = mkEnableOption "Enable nginx for this service." // {
+        default = true;
+      };
+    };
+
+    package = mkOption {
+      description = "The package of Paperless to use.";
+      type = types.package;
+      default = pkgs.paperless-ngx;
+    };
+
+    port = mkOption {
+      description = "The port to serve Paperless on.";
+      type = types.nullOr types.int;
+      default = 28981;
+    };
+
+    domain = mkOption {
+      description = "The domain to serve Paperless on.";
+      type = types.nullOr types.str;
+      default = "paperless.stahl.sh";
+    };
+
+  };
+  config = mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [
+      80
+      443
+    ];
+
+    services.paperless = {
+      enable = true;
+      port = cfg.port;
+      package = cfg.package;
+      dataDir = "/data/paperless";
+      consumptionDirIsPublic = true;
+      settings = {
+        PAPERLESS_OCR_LANGUAGE = "deu+eng";
+        PAPERLESS_OCR_USER_ARGS = {
+          optimize = 1;
+          pdfa_image_compression = "lossless";
+        };
+        PAPERLESS_DBHOST = ""; # Ensure sqlite database
+        PAPERLESS_URL = "https://${cfg.domain}";
+      };
+    };
+
+    awesome-flake.services.acme.enable = mkIf cfg.nginx.enable true;
+
+    services.nginx = mkIf cfg.nginx.enable {
+      enable = true;
+
+      virtualHosts."${cfg.domain}" = {
+        forceSSL = true;
+        useACMEHost = "stahl.sh";
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:${builtins.toString cfg.port}";
+          recommendedProxySettings = true;
+        };
+      };
+    };
+  };
+}
--- a/modules/nixos/services/restic/default.nix
+++ b/modules/nixos/services/restic/default.nix
@ -36,7 +36,8 @@ in
        repositoryFile = "/run/secrets/restic_url";
        paths = [
          "/home"
-          "/var/lib/caddy"
+          "/var/lib"
+          "/data"
        ];
        timerConfig = {
          OnCalendar = "00:10";
--- a/systems/x86_64-linux/blarm/default.nix
+++ b/systems/x86_64-linux/blarm/default.nix
@ -59,7 +59,8 @@ with lib.${namespace};
      linkwarden = enabled;
      forgejo = enabled;
      searxng = enabled;
-      immich = enabled;
+      #immich = enabled; # We wait for the proper version to be in nixpkgs
+      paperless = enabled;
    };

    #container.invidious = enabled;