SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 15:11:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add paperless-ngx container

Browse source
This commit is contained in:
SebastianStork 2024-08-31 18:39:10 +02:00
parent 65bd45bfac
commit 2c347bab77
8 changed files with 125 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

15
hosts/stratus/containers/default.nix Normal file
View file

@ -0,0 +1,15 @@
{
networking.useNetworkd = true;
systemd.network = {
enable = true;
networks."40-eno1" = {
matchConfig.Name = "eno1";
networkConfig.DHCP = "yes";
};
};
imports = [
./nextcloud
./paperless
];
}

17
hosts/stratus/containers/nextcloud/default.nix
View file

@ -7,26 +7,21 @@
};
systemd.tmpfiles.rules = [
"d /var/lib/tailscale-nextcloud - - -"
"d /data/nextcloud - - -"
"d /var/lib/tailscale-nextcloud - - -"
];
networking.useNetworkd = true;
systemd.network = {
enable = true;
networks."40-eno1" = {
matchConfig.Name = "eno1";
networkConfig.DHCP = "yes";
};
};
containers.nextcloud = {
autoStart = true;
ephemeral = true;
macvlans = [ "eno1" ];
bindMounts = {
# Secrets
"/run/secrets/nextcloud".isReadOnly = false;
"/run/secrets/tailscale-auth-key" = { };
# State
"/data/nextcloud".isReadOnly = false;
"/var/lib/tailscale" = {
hostPath = "/var/lib/tailscale-nextcloud";
@ -41,7 +36,7 @@
{ domain, ... }:
{
system.stateVersion = "24.05";
networking = {
inherit domain;
useNetworkd = true;

1
hosts/stratus/containers/nextcloud/tailscale.nix
View file

@ -9,6 +9,7 @@
enable = true;
authKeyFile = "/run/secrets/tailscale-auth-key";
useRoutingFeatures = "server";
openFirewall = true;
interfaceName = "userspace-networking";
extraUpFlags = [ "--ssh" ];
};

60
hosts/stratus/containers/paperless/default.nix Normal file
View file

@ -0,0 +1,60 @@
{ config, ... }:
{
sops.secrets = {
"paperless-admin-password" = { };
tailscale-auth-key = { };
};
systemd.tmpfiles.rules = [
"d /data/paperless - - -"
"d /var/lib/tailscale-paperless - - -"
];
containers.paperless = {
autoStart = true;
ephemeral = true;
macvlans = [ "eno1" ];
bindMounts = {
# Secrets
"/run/secrets/paperless-admin-password" = { };
"/run/secrets/tailscale-auth-key" = { };
# State
"/data/paperless".isReadOnly = false;
"/var/lib/tailscale" = {
hostPath = "/var/lib/tailscale-paperless";
isReadOnly = false;
};
};
specialArgs = {
inherit (config.networking) domain;
};
config =
{ domain, ... }:
{
system.stateVersion = "24.05";
networking = {
inherit domain;
useNetworkd = true;
useHostResolvConf = false;
};
systemd.network = {
enable = true;
networks."40-mv-eno1" = {
matchConfig.Name = "mv-eno1";
address = [ "192.168.2.253/24" ];
networkConfig.DHCP = "yes";
dhcpV4Config.ClientIdentifier = "mac";
};
};
imports = [
./paperless.nix
./tailscale.nix
];
};
};
}

8
hosts/stratus/containers/paperless/paperless.nix Normal file
View file

@ -0,0 +1,8 @@
{
services.paperless = {
enable = true;
dataDir = "/data/paperless";
passwordFile = "/run/secrets/paperless-admin-password";
settings.PAPERLESS_OCR_LANGUAGE = "deu+eng";
};
}

31
hosts/stratus/containers/paperless/tailscale.nix Normal file
View file

@ -0,0 +1,31 @@
{
config,
pkgs,
lib,
...
}:
{
services.tailscale = {
enable = true;
authKeyFile = "/run/secrets/tailscale-auth-key";
useRoutingFeatures = "server";
openFirewall = true;
interfaceName = "userspace-networking";
extraUpFlags = [ "--ssh" ];
};
systemd.services.nextcloud-serve = {
after = [
"tailscaled.service"
"tailscaled-autoconnect.service"
];
wants = [ "tailscaled.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot";
script = ''
${lib.getExe pkgs.tailscale} cert ${config.networking.fqdn}
${lib.getExe pkgs.tailscale} serve reset
${lib.getExe pkgs.tailscale} serve --bg 28981
'';
};
}

3
hosts/stratus/default.nix
View file

@ -3,8 +3,7 @@
../common.nix
./hardware.nix
./disko.nix
./containers/nextcloud
./containers
];
system.stateVersion = "24.05";

5
hosts/stratus/secrets.yaml
View file

@ -3,6 +3,7 @@ tailscale-auth-key: ENC[AES256_GCM,data:zKjJsG23GYrAIAoTe9pRI/b9w6JPB/0EDrdtspQq
nextcloud:
admin-password: ENC[AES256_GCM,data:+gNp7oDzLk2gxalEtj8R0FWW3Jwvr1PzWo7+iZj0,iv:zZjwG+Z1KyrZN/i/rSg5LZ0lnQGBhxlAaREgKUCxco8=,tag:kBQjz1ISX5Gh9LeUfO4KdQ==,type:str]
gmail-password: ENC[AES256_GCM,data:lbdSZPEmXx1zU0fdaXHle9by9rk=,iv:SSN379SVvonVQjEpopFe8O6tY30k1l9YxKPB6a+xo6U=,tag:jiWy3b16i0zXTyaOhY+5Vw==,type:str]
paperless-admin-password: ENC[AES256_GCM,data:xBk3n5czMwuf0I7kU2WkTExJnw8=,iv:4Fegh3sogB1ga+zdBBlWdpsAgQmqmhZoun/ShfHISGk=,tag:s7U4gQK3E5mh3Rd0DAMEqA==,type:str]
sops:
kms: []
gcp_kms: []
@ -27,8 +28,8 @@ sops:
aW00MUpGdXpYam5LYVFUenh2VndzcE0KT6Hfx1CYJFseFaEZxwi4Fds4v1HEFzBo
FdSC6pzpZkfXso8EtSftq0lPx10GfJ6GZXYb+bCB2S9ROvUMPYDH3A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-29T13:58:05Z"
mac: ENC[AES256_GCM,data:E1zrsHL+mVaX6mVuPVw793e5/epoRV06nMguU7CT3v9yeDJ4ftO3dwqBChsR2xcISeIuTMc7W72GS57UMhrY08q/jwAKnR7WiPt6/6iK3TLyAKdOj9q/B8FYVuRu+T5cN5CY7cNE0EK+KAVXUcfNi6KAzt1Mow39cgjfddTMdA4=,iv:+GaMKNQaI4mtg0E5b0Ua0c7+K66/9cIUNkWFTxG6gzY=,tag:NnmL6HKv9J3RuqwH01UyNA==,type:str]
lastmodified: "2024-08-31T15:16:37Z"
mac: ENC[AES256_GCM,data:moMeG8RCInTiMVBHca3Z4XxDT1p/51E/PEUDwTDk7skOYasAfse2VAGAI5c8TlwudrzNICDoKP7ks8KUfruv8WVSd+omUxjmSiO5ZuS7KdW9nu/vvTPwSOfk7wS39+Wt8B+/LNlkECOJeCOKIqiPeShDt0rf0shEOgmtj2jJXD8=,iv:P6hPnhpdr46FHfzZinPwZzDcjaRteSrCQwzGqk6iKc4=,tag:t8qYGxObcLuGIYtFdc3SLw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0