Simon Bruder
f0a5cef516
For some reason, my brother DCP-L2660DW always fails uploading the file (but can log in via TLS flawlessly).
104 lines
2.5 KiB
Nix
104 lines
2.5 KiB
Nix
# SPDX-FileCopyrightText: 2021-2024 Simon Bruder <simon@sbruder.de>
|
||
#
|
||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||
|
||
{ config, lib, ... }:
|
||
|
||
{
|
||
services.postgresql = {
|
||
enable = true;
|
||
ensureDatabases = [ "paperless" ];
|
||
ensureUsers = lib.singleton {
|
||
name = "paperless";
|
||
ensureDBOwnership = true;
|
||
};
|
||
};
|
||
|
||
services.paperless = {
|
||
enable = true;
|
||
settings = {
|
||
PAPERLESS_DBHOST = "/run/postgresql";
|
||
PAPERLESS_URL = "https://paperless.sbruder.de";
|
||
PAPERLESS_OCR_LANGUAGE = "deu+eng";
|
||
PAPERLESS_TASK_WORKERS = 4;
|
||
PAPERLESS_TIME_ZONE = "Europe/Berlin";
|
||
PAPERLESS_FILENAME_FORMAT = "{correspondent}/{document_type}/{created}_{title}_{doc_pk}";
|
||
PAPERLESS_CONSUMER_RECURSIVE = true;
|
||
PAPERLESS_OCR_USER_ARGS = builtins.toJSON {
|
||
invalidate_digital_signatures = true;
|
||
};
|
||
};
|
||
};
|
||
|
||
systemd.services.paperless-task-queue.serviceConfig = {
|
||
ReadWritePaths = [ "/var/lib/scans/paperless" ];
|
||
};
|
||
|
||
services.nginx = {
|
||
enable = true;
|
||
|
||
virtualHosts."paperless.sbruder.de" = {
|
||
enableACME = true;
|
||
forceSSL = true;
|
||
|
||
locations = {
|
||
"/" = {
|
||
proxyPass = with config.services.paperless; "http://${address}:${toString port}";
|
||
proxyWebsockets = true;
|
||
extraConfig = ''
|
||
client_max_body_size 500M;
|
||
'';
|
||
};
|
||
"/static".root = "${config.services.paperless.package}/lib/paperless-ngx";
|
||
};
|
||
};
|
||
|
||
virtualHosts."fuuko.lan.shinonome-lab.de" = {
|
||
enableACME = true;
|
||
forceSSL = true;
|
||
};
|
||
};
|
||
|
||
users.users.scan = {
|
||
home = "/var/lib/scans";
|
||
isSystemUser = true;
|
||
group = "scan";
|
||
hashedPassword = "$y$jCT$5kP87kZLYQs4SRtB5oDYT0$TbcyiO.HuFZ.5e9LPu4vqGAjGXbmfOTJefPvTlsVzm3";
|
||
};
|
||
users.groups.scan = { };
|
||
|
||
systemd.tmpfiles.rules = [
|
||
"d /var/lib/scans 0555 scan root -"
|
||
"d /var/lib/scans/paperless 0775 scan paperless -"
|
||
"L /var/lib/paperless/consume/ftp - - - - /var/lib/scans/paperless"
|
||
];
|
||
|
||
sbruder.restic.backups.system.extraExcludes = [ "/var/lib/scans" ];
|
||
|
||
services.vsftpd = {
|
||
enable = true;
|
||
writeEnable = true;
|
||
localUsers = true;
|
||
chrootlocalUser = true;
|
||
userlist = [ "scan" ];
|
||
|
||
extraConfig = ''
|
||
listen_ipv6=YES
|
||
|
||
# user’s shell is nologin
|
||
check_shell=NO
|
||
|
||
# scans should be readable
|
||
local_umask=022
|
||
|
||
pasv_min_port=30000
|
||
pasv_max_port=30009
|
||
'';
|
||
};
|
||
|
||
networking.firewall = {
|
||
allowedTCPPorts = [ 21 ];
|
||
allowedTCPPortRanges = [{ from = 30000; to = 30009; }];
|
||
};
|
||
}
|