feat: add paperless samba share and per-user consume folder

2024-01-19 02:03:29 +01:00 · 2024-01-19 02:03:29 +01:00 · b466f8ab65
commit b466f8ab65
parent 8446b8fa13
8 changed files with 245 additions and 97 deletions
--- a/hosts/sire/guests/paperless.nix
+++ b/hosts/sire/guests/paperless.nix
@ -6,19 +6,8 @@
  sentinelCfg = nodes.sentinel.config;
  paperlessDomain = "paperless.${sentinelCfg.repo.secrets.local.personalDomain}";
 in {
-  # XXX: remove microvm.mem = 1024 * 12;
-  # XXX: remove microvm.vcpu = 4;
-
-  meta.wireguard-proxy.sentinel.allowedTCPPorts = [
-    config.services.paperless.port
-  ];
-
-  age.secrets.paperless-admin-password = {
-    rekeyFile = config.node.secretsDir + "/paperless-admin-password.age";
-    generator.script = "alnum";
-    mode = "440";
-    group = "paperless";
-  };
+  microvm.mem = 1024 * 6;
+  microvm.vcpu = 8;

  nodes.sentinel = {
    networking.providedDomains.paperless = paperlessDomain;
@ -46,27 +35,49 @@ in {
    };
  };

-  # TODO environment.persistence."/persist".directories = [
-  # TODO   {
-  # TODO     directory = "/var/lib/???";
-  # TODO     user = "???";
-  # TODO     group = "???";
-  # TODO     mode = "0700";
-  # TODO   }
-  # TODO ];
+  meta.wireguard-proxy.sentinel.allowedTCPPorts = [
+    config.services.paperless.port
+  ];
+
+  age.secrets.paperless-admin-password = {
+    rekeyFile = config.node.secretsDir + "/paperless-admin-password.age";
+    generator.script = "alnum";
+    mode = "440";
+    group = "paperless";
+  };
+
+  environment.persistence."/persist".directories = [
+    {
+      directory = "/var/lib/paperless";
+      user = "paperless";
+      group = "paperless";
+      mode = "0750";
+    }
+  ];

  services.paperless = {
    enable = true;
    address = "0.0.0.0";
    passwordFile = config.age.secrets.paperless-admin-password.path;
+    consumptionDir = "/paperless/consume";
+    mediaDir = "/paperless/media";
    settings = {
      PAPERLESS_URL = "https://${paperlessDomain}";
+      PAPERLESS_ALLOWED_HOSTS = paperlessDomain;
+      PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}";
+      PAPERLESS_TRUSTED_PROXIES = sentinelCfg.meta.wireguard.proxy-sentinel.ipv4;
+
      PAPERLESS_CONSUMER_ENABLE_BARCODES = true;
      PAPERLESS_CONSUMER_ENABLE_ASN_BARCODE = true;
      PAPERLESS_CONSUMER_BARCODE_SCANNER = "ZXING";
-      PAPERLESS_FILENAME_FORMAT = "{created_year}-{created_month}-{created_day}_{asn}_{title}";
+      PAPERLESS_CONSUMER_RECURSIVE = true;
+      PAPERLESS_FILENAME_FORMAT = "{owner_username}/{created_year}-{created_month}-{created_day}_{asn}_{title}";
+
+      # Nginx does that better.
+      PAPERLESS_ENABLE_COMPRESSION = false;
+
      #PAPERLESS_IGNORE_DATES = concatStringsSep "," ignoreDates;
-      PAPERLESS_NUMBER_OF_SUGGESTED_DATES = 4;
+      PAPERLESS_NUMBER_OF_SUGGESTED_DATES = 8;
      PAPERLESS_OCR_LANGUAGE = "deu+eng";
      PAPERLESS_TASK_WORKERS = 4;
      PAPERLESS_WEBSERVER_WORKERS = 4;