DerGrumpf/cyper-nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7ecef1d17a1c9e14f4ce9dee7ad2c80122f0db6f
cyper-nix/nixos/roles/paperless-ngx.nix
T
DerGrumpf d824b42a2b Hardened Paperless
2026-04-28 23:22:41 +02:00

50 lines
1.4 KiB
Nix
Raw Blame History

{ config, ... }:
{
sops.secrets.paperless_admin = {
owner = "paperless";
};
services.paperless = {
enable = true;
address = "0.0.0.0";
port = 28101;
domain = "ngx.cyperpunk.de";
consumptionDir = "/var/lib/paperless/consume";
dataDir = "/storage/fast/paperless";
configureTika = true;
passwordFile = config.sops.secrets.paperless_admin.path;
settings = {
PAPERLESS_USE_X_FORWARDED_HOST = true;
PAPERLESS_USE_X_FORWARDED_PORT = true;
PAPERLESS_ALLOWED_HOSTS = "ngx.cyperpunk.de,100.109.179.25,localhost";
PAPERLESS_CSRF_TRUSTED_ORIGINS = [
"https://ngx.cyperpunk.de"
"http://100.109.179.25:28101"
];
PAPERLESS_OCR_LANGUAGE = "deu+eng";
};
exporter = {
enable = true;
directory = "/storage/backup/paperless";
};
};
users.users.paperless.extraGroups = [ "users" ];
systemd = {
tmpfiles.rules = [
"d /storage/fast/paperless 0775 paperless paperless -"
"d /storage/fast/paperless/media 0775 paperless paperless -"
"d /storage/fast/paperless/consume 0775 paperless paperless -"
"d /storage/backup/paperless 0775 root users -"
];
services.paperless-scheduler = {
after = [ "systemd-tmpfiles-setup.service" ];
requires = [ "systemd-tmpfiles-setup.service" ];
};
};
networking.firewall.allowedTCPPorts = [ 28101 ];
}
Reference in New Issue View Git Blame Copy Permalink