SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 21:01:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add paperless-ngx container

Browse source
This commit is contained in:
SebastianStork 2024-08-31 18:39:10 +02:00
parent 65bd45bfac
commit 2c347bab77
8 changed files with 125 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

15
hosts/stratus/containers/default.nix Normal file
View file

@ -0,0 +1,15 @@
{
networking.useNetworkd = true;
systemd.network = {
enable = true;
networks."40-eno1" = {
matchConfig.Name = "eno1";
networkConfig.DHCP = "yes";
};
};
imports = [
./nextcloud
./paperless
];
}

17
hosts/stratus/containers/nextcloud/default.nix
View file

@ -7,26 +7,21 @@
};
systemd.tmpfiles.rules = [
"d /var/lib/tailscale-nextcloud - - -"
"d /data/nextcloud - - -"
"d /var/lib/tailscale-nextcloud - - -"
];
networking.useNetworkd = true;
systemd.network = {
enable = true;
networks."40-eno1" = {
matchConfig.Name = "eno1";
networkConfig.DHCP = "yes";
};
};
containers.nextcloud = {
autoStart = true;
ephemeral = true;
macvlans = [ "eno1" ];
bindMounts = {
# Secrets
"/run/secrets/nextcloud".isReadOnly = false;
"/run/secrets/tailscale-auth-key" = { };
# State
"/data/nextcloud".isReadOnly = false;
"/var/lib/tailscale" = {
hostPath = "/var/lib/tailscale-nextcloud";
@ -41,7 +36,7 @@
{ domain, ... }:
{
system.stateVersion = "24.05";
networking = {
inherit domain;
useNetworkd = true;

1
hosts/stratus/containers/nextcloud/tailscale.nix
View file

@ -9,6 +9,7 @@
enable = true;
authKeyFile = "/run/secrets/tailscale-auth-key";
useRoutingFeatures = "server";
openFirewall = true;
interfaceName = "userspace-networking";
extraUpFlags = [ "--ssh" ];
};

60
hosts/stratus/containers/paperless/default.nix Normal file
View file

@ -0,0 +1,60 @@
{ config, ... }:
{
sops.secrets = {
"paperless-admin-password" = { };
tailscale-auth-key = { };
};
systemd.tmpfiles.rules = [
"d /data/paperless - - -"
"d /var/lib/tailscale-paperless - - -"
];
containers.paperless = {
autoStart = true;
ephemeral = true;
macvlans = [ "eno1" ];
bindMounts = {
# Secrets
"/run/secrets/paperless-admin-password" = { };
"/run/secrets/tailscale-auth-key" = { };
# State
"/data/paperless".isReadOnly = false;
"/var/lib/tailscale" = {
hostPath = "/var/lib/tailscale-paperless";
isReadOnly = false;
};
};
specialArgs = {
inherit (config.networking) domain;
};
config =
{ domain, ... }:
{
system.stateVersion = "24.05";
networking = {
inherit domain;
useNetworkd = true;
useHostResolvConf = false;
};
systemd.network = {
enable = true;
networks."40-mv-eno1" = {
matchConfig.Name = "mv-eno1";
address = [ "192.168.2.253/24" ];
networkConfig.DHCP = "yes";
dhcpV4Config.ClientIdentifier = "mac";
};
};
imports = [
./paperless.nix
./tailscale.nix
];
};
};
}

8
hosts/stratus/containers/paperless/paperless.nix Normal file
View file

@ -0,0 +1,8 @@
{
services.paperless = {
enable = true;
dataDir = "/data/paperless";
passwordFile = "/run/secrets/paperless-admin-password";
settings.PAPERLESS_OCR_LANGUAGE = "deu+eng";
};
}

31
hosts/stratus/containers/paperless/tailscale.nix Normal file
View file

@ -0,0 +1,31 @@
{
config,
pkgs,
lib,
...
}:
{
services.tailscale = {
enable = true;
authKeyFile = "/run/secrets/tailscale-auth-key";
useRoutingFeatures = "server";
openFirewall = true;
interfaceName = "userspace-networking";
extraUpFlags = [ "--ssh" ];
};
systemd.services.nextcloud-serve = {
after = [
"tailscaled.service"
"tailscaled-autoconnect.service"
];
wants = [ "tailscaled.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot";
script = ''
${lib.getExe pkgs.tailscale} cert ${config.networking.fqdn}
${lib.getExe pkgs.tailscale} serve reset
${lib.getExe pkgs.tailscale} serve --bg 28981
'';
};
}