nydragon/nix-da
1
Fork 0
Code Issues Pull requests Activity Actions 1

WIP feat: add a paperless container module

Browse source
This commit is contained in:
Nydragon 2024-10-01 20:03:44 +02:00
parent 89e6039dd6
commit dcb1e3e58a
Signed by: nydragon
SSH key fingerprint: SHA256:iQnIC12spf4QjWSbarmkD2No1cLMlu6TWoV7K6cYF5g
6 changed files with 410 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
hosts/shan/configuration.nix
View file

@ -11,13 +11,21 @@
./disk-config.nix ./disk-config.nix
../../modules/nix ../../modules/nix
../../modules/users/ny.nix ../../modules/users/ny.nix
./test.nix
]; ];
age.secrets.navidrome.file = ../../secrets/navidrome.age;
boot.loader.grub = { boot.loader.grub = {
efiSupport = true; efiSupport = true;
efiInstallAsRemovable = true; efiInstallAsRemovable = true;
}; };
# modules.container.paperless-ngx = {
#enable = true;
#openPort = true;
#};
modules.server.navidrome = { modules.server.navidrome = {
enable = true; enable = true;
library = { library = {

153
hosts/shan/test.nix Normal file
View file

@ -0,0 +1,153 @@
# Auto-generated using compose2nix v0.2.2.
{ pkgs, lib, ... }:
{
# Runtime
virtualisation.podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
defaultNetwork.settings = {
# Required for container networking to be able to use names.
dns_enabled = true;
};
};
virtualisation.oci-containers.backend = "podman";
# Containers
virtualisation.oci-containers.containers."paperless-broker" = {
image = "docker.io/library/redis:7";
volumes = [
"paperless_redisdata:/data:rw"
];
log-driver = "journald";
extraOptions = [
"--network-alias=broker"
"--network=paperless_default"
];
};
systemd.services."podman-paperless-broker" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
after = [
"podman-network-paperless_default.service"
"podman-volume-paperless_redisdata.service"
];
requires = [
"podman-network-paperless_default.service"
"podman-volume-paperless_redisdata.service"
];
partOf = [
"podman-compose-paperless-root.target"
];
wantedBy = [
"podman-compose-paperless-root.target"
];
};
virtualisation.oci-containers.containers."paperless-webserver" = {
image = "ghcr.io/paperless-ngx/paperless-ngx:latest";
environment = {
"PAPERLESS_REDIS" = "redis://broker:6379";
};
volumes = [
"paperless_data:/usr/src/paperless/data:rw"
"paperless_media:/usr/src/paperless/media:rw"
];
ports = [
"8000:8000/tcp"
];
dependsOn = [
"paperless-broker"
];
log-driver = "journald";
extraOptions = [
"--network-alias=webserver"
"--network=paperless_default"
];
};
systemd.services."podman-paperless-webserver" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
after = [
"podman-network-paperless_default.service"
"podman-volume-paperless_data.service"
"podman-volume-paperless_media.service"
];
requires = [
"podman-network-paperless_default.service"
"podman-volume-paperless_data.service"
"podman-volume-paperless_media.service"
];
partOf = [
"podman-compose-paperless-root.target"
];
wantedBy = [
"podman-compose-paperless-root.target"
];
};
# Networks
systemd.services."podman-network-paperless_default" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "podman network rm -f paperless_default";
};
script = ''
podman network inspect paperless_default || podman network create paperless_default
'';
partOf = [ "podman-compose-paperless-root.target" ];
wantedBy = [ "podman-compose-paperless-root.target" ];
};
# Volumes
systemd.services."podman-volume-paperless_data" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
podman volume inspect paperless_data || podman volume create paperless_data
'';
partOf = [ "podman-compose-paperless-root.target" ];
wantedBy = [ "podman-compose-paperless-root.target" ];
};
systemd.services."podman-volume-paperless_media" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
podman volume inspect paperless_media || podman volume create paperless_media
'';
partOf = [ "podman-compose-paperless-root.target" ];
wantedBy = [ "podman-compose-paperless-root.target" ];
};
systemd.services."podman-volume-paperless_redisdata" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
podman volume inspect paperless_redisdata || podman volume create paperless_redisdata
'';
partOf = [ "podman-compose-paperless-root.target" ];
wantedBy = [ "podman-compose-paperless-root.target" ];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."podman-compose-paperless-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
}

25
options/container/default.nix Normal file
View file

@ -0,0 +1,25 @@
{ config, lib, ... }:
let
cfg = config.modules.container;
inherit (lib) mkIf mkEnableOption;
in
{
imports = [ ./paperless-ngx ];
options.modules.container = {
enable = mkEnableOption "container support";
};
config = mkIf cfg.enable {
virtualisation.podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
defaultNetwork.settings = {
# Required for container networking to be able to use names.
dns_enabled = true;
};
};
virtualisation.oci-containers.backend = "podman";
};
}

45
options/container/paperless-ngx/.env Normal file
View file

@ -0,0 +1,45 @@
# The UID and GID of the user used to run paperless in the container. Set this
# to your UID and GID on the host so that you have write access to the
# consumption directory.
#USERMAP_UID=1000
#USERMAP_GID=1000
# Additional languages to install for text recognition, separated by a
# whitespace. Note that this is
# different from PAPERLESS_OCR_LANGUAGE (default=eng), which defines the
# language used for OCR.
# The container installs English, German, Italian, Spanish and French by
# default.
# See https://packages.debian.org/search?keywords=tesseract-ocr-&searchon=names&suite=buster
# for available languages.
#PAPERLESS_OCR_LANGUAGES=tur ces
PAPERLESS_ADMIN_USER="admin"
PAPERLESS_ADMIN_PASSWORD="password"
###############################################################################
# Paperless-specific settings #
###############################################################################
# All settings defined in the paperless.conf.example can be used here. The
# Docker setup does not use the configuration file.
# A few commonly adjusted settings are provided below.
# This is required if you will be exposing Paperless-ngx on a public domain
# (if doing so please consider security measures such as reverse proxy)
#PAPERLESS_URL=https://paperless.example.com
# Adjust this key if you plan to make paperless available publicly. It should
# be a very long sequence of random characters. You don't need to remember it.
#PAPERLESS_SECRET_KEY=change-me
# Use this variable to set a timezone for the Paperless Docker containers. If not specified, defaults to UTC.
#PAPERLESS_TIME_ZONE=America/Los_Angeles
# The default language to use for OCR. Set this to the language most of your
# documents are written in.
#PAPERLESS_OCR_LANGUAGE=eng
# Set if accessing paperless via a domain subpath e.g. https://domain.com/PATHPREFIX and using a reverse-proxy like traefik or nginx
#PAPERLESS_FORCE_SCRIPT_NAME=/PATHPREFIX
#PAPERLESS_STATIC_URL=/PATHPREFIX/static/ # trailing slash required

178
options/container/paperless-ngx/default.nix Normal file
View file

@ -0,0 +1,178 @@
# vim:fileencoding=utf-8:foldmethod=marker
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkIf mkOption mkEnableOption;
inherit (lib.types) port bool;
cfg = config.modules.container.paperless-ngx;
in
{
options.modules.container.paperless-ngx = {
enable = mkEnableOption "paperless-ngx container";
port = mkOption {
default = 8000;
description = "The port on which the paperless service will be reachable.";
type = port;
};
openPort = mkOption {
default = false;
description = "Wether the port should be publicly accessible.";
type = bool;
};
};
config = mkIf cfg.enable {
modules.container.enable = true;
networking.firewall.allowedTCPPorts = mkIf cfg.openPort [ cfg.port ];
#: {{{ Webserver
virtualisation.oci-containers.containers."paperless-webserver" = {
image = "ghcr.io/paperless-ngx/paperless-ngx:latest";
environment = {
"PAPERLESS_REDIS" = "redis://broker:6379";
"PAPERLESS_ADMIN_USER" = "admin";
"PAPERLESS_ADMIN_PASSWORD" = "password";
};
volumes = [
"paperless_data:/usr/src/paperless/data:rw"
"paperless_media:/usr/src/paperless/media:rw"
];
ports = [
"8000:8000/tcp"
];
dependsOn = [
"paperless-broker"
];
log-driver = "journald";
extraOptions = [
"--network-alias=webserver"
"--network=paperless_default"
];
};
systemd.services."podman-paperless-webserver" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
after = [
"podman-network-paperless_default.service"
"podman-volume-paperless_data.service"
"podman-volume-paperless_media.service"
];
requires = [
"podman-network-paperless_default.service"
"podman-volume-paperless_data.service"
"podman-volume-paperless_media.service"
];
partOf = [
"podman-compose-paperless-root.target"
];
wantedBy = [
"podman-compose-paperless-root.target"
];
};
#: }}}
#: {{{ Redis Broker
virtualisation.oci-containers.containers."paperless-broker" = {
image = "docker.io/library/redis:7";
volumes = [
"paperless_redisdata:/data:rw"
];
log-driver = "journald";
extraOptions = [
"--network-alias=broker"
"--network=paperless_default"
];
};
systemd.services."podman-paperless-broker" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
after = [
"podman-network-paperless_default.service"
"podman-volume-paperless_redisdata.service"
];
requires = [
"podman-network-paperless_default.service"
"podman-volume-paperless_redisdata.service"
];
partOf = [
"podman-compose-paperless-root.target"
];
wantedBy = [
"podman-compose-paperless-root.target"
];
};
#: }}}
#: {{{ Network
systemd.services."podman-network-paperless_default" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "podman network rm -f paperless_default";
};
script = ''
podman network inspect paperless_default || podman network create paperless_default
'';
partOf = [ "podman-compose-paperless-root.target" ];
wantedBy = [ "podman-compose-paperless-root.target" ];
};
#: }}}
#: {{{ Volumes
systemd.services."podman-volume-paperless_data" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
podman volume inspect paperless_data || podman volume create paperless_data
'';
partOf = [ "podman-compose-paperless-root.target" ];
wantedBy = [ "podman-compose-paperless-root.target" ];
};
systemd.services."podman-volume-paperless_media" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
podman volume inspect paperless_media || podman volume create paperless_media
'';
partOf = [ "podman-compose-paperless-root.target" ];
wantedBy = [ "podman-compose-paperless-root.target" ];
};
systemd.services."podman-volume-paperless_redisdata" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
podman volume inspect paperless_redisdata || podman volume create paperless_redisdata
'';
partOf = [ "podman-compose-paperless-root.target" ];
wantedBy = [ "podman-compose-paperless-root.target" ];
};
#: }}}
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."podman-compose-paperless-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
};
}

1
options/default.nix
View file

@ -3,5 +3,6 @@
./media.nix ./media.nix
./system.nix ./system.nix
./navidrome.nix ./navidrome.nix
./container
]; ];
} }