diff --git a/hosts/shan/configuration.nix b/hosts/shan/configuration.nix index a1f97ff..d14a0da 100644 --- a/hosts/shan/configuration.nix +++ b/hosts/shan/configuration.nix @@ -11,13 +11,21 @@ ./disk-config.nix ../../modules/nix ../../modules/users/ny.nix + ./test.nix ]; + age.secrets.navidrome.file = ../../secrets/navidrome.age; + boot.loader.grub = { efiSupport = true; efiInstallAsRemovable = true; }; + # modules.container.paperless-ngx = { + #enable = true; + #openPort = true; + #}; + modules.server.navidrome = { enable = true; library = { diff --git a/hosts/shan/test.nix b/hosts/shan/test.nix new file mode 100644 index 0000000..881d04b --- /dev/null +++ b/hosts/shan/test.nix @@ -0,0 +1,153 @@ +# Auto-generated using compose2nix v0.2.2. +{ pkgs, lib, ... }: + +{ + # Runtime + virtualisation.podman = { + enable = true; + autoPrune.enable = true; + dockerCompat = true; + defaultNetwork.settings = { + # Required for container networking to be able to use names. + dns_enabled = true; + }; + }; + virtualisation.oci-containers.backend = "podman"; + + # Containers + virtualisation.oci-containers.containers."paperless-broker" = { + image = "docker.io/library/redis:7"; + volumes = [ + "paperless_redisdata:/data:rw" + ]; + log-driver = "journald"; + extraOptions = [ + "--network-alias=broker" + "--network=paperless_default" + ]; + }; + systemd.services."podman-paperless-broker" = { + serviceConfig = { + Restart = lib.mkOverride 500 "always"; + }; + after = [ + "podman-network-paperless_default.service" + "podman-volume-paperless_redisdata.service" + ]; + requires = [ + "podman-network-paperless_default.service" + "podman-volume-paperless_redisdata.service" + ]; + partOf = [ + "podman-compose-paperless-root.target" + ]; + wantedBy = [ + "podman-compose-paperless-root.target" + ]; + }; + virtualisation.oci-containers.containers."paperless-webserver" = { + image = "ghcr.io/paperless-ngx/paperless-ngx:latest"; + environment = { + "PAPERLESS_REDIS" = "redis://broker:6379"; + }; + volumes = [ + "paperless_data:/usr/src/paperless/data:rw" + "paperless_media:/usr/src/paperless/media:rw" + ]; + ports = [ + "8000:8000/tcp" + ]; + dependsOn = [ + "paperless-broker" + ]; + log-driver = "journald"; + extraOptions = [ + "--network-alias=webserver" + "--network=paperless_default" + ]; + }; + systemd.services."podman-paperless-webserver" = { + serviceConfig = { + Restart = lib.mkOverride 500 "always"; + }; + after = [ + "podman-network-paperless_default.service" + "podman-volume-paperless_data.service" + "podman-volume-paperless_media.service" + ]; + requires = [ + "podman-network-paperless_default.service" + "podman-volume-paperless_data.service" + "podman-volume-paperless_media.service" + ]; + partOf = [ + "podman-compose-paperless-root.target" + ]; + wantedBy = [ + "podman-compose-paperless-root.target" + ]; + }; + + # Networks + systemd.services."podman-network-paperless_default" = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStop = "podman network rm -f paperless_default"; + }; + script = '' + podman network inspect paperless_default || podman network create paperless_default + ''; + partOf = [ "podman-compose-paperless-root.target" ]; + wantedBy = [ "podman-compose-paperless-root.target" ]; + }; + + # Volumes + systemd.services."podman-volume-paperless_data" = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + podman volume inspect paperless_data || podman volume create paperless_data + ''; + partOf = [ "podman-compose-paperless-root.target" ]; + wantedBy = [ "podman-compose-paperless-root.target" ]; + }; + systemd.services."podman-volume-paperless_media" = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + podman volume inspect paperless_media || podman volume create paperless_media + ''; + partOf = [ "podman-compose-paperless-root.target" ]; + wantedBy = [ "podman-compose-paperless-root.target" ]; + }; + systemd.services."podman-volume-paperless_redisdata" = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + podman volume inspect paperless_redisdata || podman volume create paperless_redisdata + ''; + partOf = [ "podman-compose-paperless-root.target" ]; + wantedBy = [ "podman-compose-paperless-root.target" ]; + }; + + # Root service + # When started, this will automatically create all resources and start + # the containers. When stopped, this will teardown all resources. + systemd.targets."podman-compose-paperless-root" = { + unitConfig = { + Description = "Root target generated by compose2nix."; + }; + wantedBy = [ "multi-user.target" ]; + }; +} diff --git a/options/container/default.nix b/options/container/default.nix new file mode 100644 index 0000000..2c783fa --- /dev/null +++ b/options/container/default.nix @@ -0,0 +1,25 @@ +{ config, lib, ... }: +let + cfg = config.modules.container; + inherit (lib) mkIf mkEnableOption; +in +{ + imports = [ ./paperless-ngx ]; + + options.modules.container = { + enable = mkEnableOption "container support"; + }; + + config = mkIf cfg.enable { + virtualisation.podman = { + enable = true; + autoPrune.enable = true; + dockerCompat = true; + defaultNetwork.settings = { + # Required for container networking to be able to use names. + dns_enabled = true; + }; + }; + virtualisation.oci-containers.backend = "podman"; + }; +} diff --git a/options/container/paperless-ngx/.env b/options/container/paperless-ngx/.env new file mode 100644 index 0000000..f53e72e --- /dev/null +++ b/options/container/paperless-ngx/.env @@ -0,0 +1,45 @@ +# The UID and GID of the user used to run paperless in the container. Set this +# to your UID and GID on the host so that you have write access to the +# consumption directory. +#USERMAP_UID=1000 +#USERMAP_GID=1000 + +# Additional languages to install for text recognition, separated by a +# whitespace. Note that this is +# different from PAPERLESS_OCR_LANGUAGE (default=eng), which defines the +# language used for OCR. +# The container installs English, German, Italian, Spanish and French by +# default. +# See https://packages.debian.org/search?keywords=tesseract-ocr-&searchon=names&suite=buster +# for available languages. +#PAPERLESS_OCR_LANGUAGES=tur ces + +PAPERLESS_ADMIN_USER="admin" +PAPERLESS_ADMIN_PASSWORD="password" + +############################################################################### +# Paperless-specific settings # +############################################################################### + +# All settings defined in the paperless.conf.example can be used here. The +# Docker setup does not use the configuration file. +# A few commonly adjusted settings are provided below. + +# This is required if you will be exposing Paperless-ngx on a public domain +# (if doing so please consider security measures such as reverse proxy) +#PAPERLESS_URL=https://paperless.example.com + +# Adjust this key if you plan to make paperless available publicly. It should +# be a very long sequence of random characters. You don't need to remember it. +#PAPERLESS_SECRET_KEY=change-me + +# Use this variable to set a timezone for the Paperless Docker containers. If not specified, defaults to UTC. +#PAPERLESS_TIME_ZONE=America/Los_Angeles + +# The default language to use for OCR. Set this to the language most of your +# documents are written in. +#PAPERLESS_OCR_LANGUAGE=eng + +# Set if accessing paperless via a domain subpath e.g. https://domain.com/PATHPREFIX and using a reverse-proxy like traefik or nginx +#PAPERLESS_FORCE_SCRIPT_NAME=/PATHPREFIX +#PAPERLESS_STATIC_URL=/PATHPREFIX/static/ # trailing slash required diff --git a/options/container/paperless-ngx/default.nix b/options/container/paperless-ngx/default.nix new file mode 100644 index 0000000..cb18c17 --- /dev/null +++ b/options/container/paperless-ngx/default.nix @@ -0,0 +1,178 @@ +# vim:fileencoding=utf-8:foldmethod=marker +{ + config, + lib, + pkgs, + ... +}: +let + inherit (lib) mkIf mkOption mkEnableOption; + inherit (lib.types) port bool; + cfg = config.modules.container.paperless-ngx; +in +{ + options.modules.container.paperless-ngx = { + enable = mkEnableOption "paperless-ngx container"; + port = mkOption { + default = 8000; + description = "The port on which the paperless service will be reachable."; + type = port; + }; + openPort = mkOption { + default = false; + description = "Wether the port should be publicly accessible."; + type = bool; + }; + }; + + config = mkIf cfg.enable { + modules.container.enable = true; + + networking.firewall.allowedTCPPorts = mkIf cfg.openPort [ cfg.port ]; + + #: {{{ Webserver + virtualisation.oci-containers.containers."paperless-webserver" = { + image = "ghcr.io/paperless-ngx/paperless-ngx:latest"; + environment = { + "PAPERLESS_REDIS" = "redis://broker:6379"; + "PAPERLESS_ADMIN_USER" = "admin"; + "PAPERLESS_ADMIN_PASSWORD" = "password"; + }; + volumes = [ + "paperless_data:/usr/src/paperless/data:rw" + "paperless_media:/usr/src/paperless/media:rw" + ]; + ports = [ + "8000:8000/tcp" + ]; + dependsOn = [ + "paperless-broker" + ]; + log-driver = "journald"; + extraOptions = [ + "--network-alias=webserver" + "--network=paperless_default" + ]; + }; + systemd.services."podman-paperless-webserver" = { + serviceConfig = { + Restart = lib.mkOverride 500 "always"; + }; + after = [ + "podman-network-paperless_default.service" + "podman-volume-paperless_data.service" + "podman-volume-paperless_media.service" + ]; + requires = [ + "podman-network-paperless_default.service" + "podman-volume-paperless_data.service" + "podman-volume-paperless_media.service" + ]; + partOf = [ + "podman-compose-paperless-root.target" + ]; + wantedBy = [ + "podman-compose-paperless-root.target" + ]; + }; + #: }}} + + #: {{{ Redis Broker + virtualisation.oci-containers.containers."paperless-broker" = { + image = "docker.io/library/redis:7"; + volumes = [ + "paperless_redisdata:/data:rw" + ]; + log-driver = "journald"; + extraOptions = [ + "--network-alias=broker" + "--network=paperless_default" + ]; + }; + systemd.services."podman-paperless-broker" = { + serviceConfig = { + Restart = lib.mkOverride 500 "always"; + }; + after = [ + "podman-network-paperless_default.service" + "podman-volume-paperless_redisdata.service" + ]; + requires = [ + "podman-network-paperless_default.service" + "podman-volume-paperless_redisdata.service" + ]; + partOf = [ + "podman-compose-paperless-root.target" + ]; + wantedBy = [ + "podman-compose-paperless-root.target" + ]; + }; + #: }}} + + #: {{{ Network + systemd.services."podman-network-paperless_default" = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStop = "podman network rm -f paperless_default"; + }; + script = '' + podman network inspect paperless_default || podman network create paperless_default + ''; + partOf = [ "podman-compose-paperless-root.target" ]; + wantedBy = [ "podman-compose-paperless-root.target" ]; + }; + #: }}} + + #: {{{ Volumes + systemd.services."podman-volume-paperless_data" = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + podman volume inspect paperless_data || podman volume create paperless_data + ''; + partOf = [ "podman-compose-paperless-root.target" ]; + wantedBy = [ "podman-compose-paperless-root.target" ]; + }; + systemd.services."podman-volume-paperless_media" = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + podman volume inspect paperless_media || podman volume create paperless_media + ''; + partOf = [ "podman-compose-paperless-root.target" ]; + wantedBy = [ "podman-compose-paperless-root.target" ]; + }; + systemd.services."podman-volume-paperless_redisdata" = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + podman volume inspect paperless_redisdata || podman volume create paperless_redisdata + ''; + partOf = [ "podman-compose-paperless-root.target" ]; + wantedBy = [ "podman-compose-paperless-root.target" ]; + }; + #: }}} + + # Root service + # When started, this will automatically create all resources and start + # the containers. When stopped, this will teardown all resources. + systemd.targets."podman-compose-paperless-root" = { + unitConfig = { + Description = "Root target generated by compose2nix."; + }; + wantedBy = [ "multi-user.target" ]; + }; + }; +} diff --git a/options/default.nix b/options/default.nix index 855a218..775f114 100644 --- a/options/default.nix +++ b/options/default.nix @@ -3,5 +3,6 @@ ./media.nix ./system.nix ./navidrome.nix + ./container ]; }