refactor: moved modules to legacy-modules

2026-04-06 19:32:37 -05:00 · 2026-04-06 19:32:37 -05:00 · db7ac35613
commit db7ac35613
parent d646b954ac
233 changed files with 5 additions and 5 deletions
--- a/legacy-modules/nixos-modules/server/paperless/database.nix
+++ b/legacy-modules/nixos-modules/server/paperless/database.nix
@ -0,0 +1,30 @@
+{
+  config,
+  lib,
+  ...
+}: {
+  config = lib.mkIf config.services.paperless.enable {
+    assertions = [
+      {
+        assertion = !config.services.paperless.database.createLocally || config.services.postgresql.enable;
+        message = "PostgreSQL must be enabled when using local postgres database for Paperless";
+      }
+      {
+        assertion = !config.services.paperless.database.createLocally || (builtins.any (db: db == "paperless") config.services.postgresql.ensureDatabases);
+        message = "Paperless built-in database creation failed - expected 'paperless' in ensureDatabases but got: ${builtins.toString config.services.postgresql.ensureDatabases}";
+      }
+      {
+        assertion = !config.services.paperless.database.createLocally || (builtins.any (user: user.name == "paperless") config.services.postgresql.ensureUsers);
+        message = "Paperless built-in user creation failed - expected user 'paperless' in ensureUsers but got: ${builtins.toString (builtins.map (u: u.name) config.services.postgresql.ensureUsers)}";
+      }
+    ];
+
+    services.paperless.database.createLocally = lib.mkDefault true;
+
+    systemd.services.paperless-scheduler = lib.mkIf config.services.paperless.database.createLocally {
+      requires = [
+        config.systemd.services.postgresql.name
+      ];
+    };
+  };
+}
--- a/legacy-modules/nixos-modules/server/paperless/default.nix
+++ b/legacy-modules/nixos-modules/server/paperless/default.nix
@ -0,0 +1,9 @@
+{
+  imports = [
+    ./paperless.nix
+    ./proxy.nix
+    ./database.nix
+    ./fail2ban.nix
+    ./storage.nix
+  ];
+}
--- a/legacy-modules/nixos-modules/server/paperless/fail2ban.nix
+++ b/legacy-modules/nixos-modules/server/paperless/fail2ban.nix
@ -0,0 +1,34 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  config = lib.mkIf (config.services.paperless.enable && config.services.fail2ban.enable) {
+    environment.etc = {
+      "fail2ban/filter.d/paperless.local".text = (
+        pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
+          [Definition]
+          failregex = Login failed for user `.*` from (?:IP|private IP) `<HOST>`\.$
+          ignoreregex =
+
+        '')
+      );
+    };
+
+    services.fail2ban = {
+      jails = {
+        paperless.settings = {
+          enabled = true;
+          filter = "paperless";
+          action = ''iptables-multiport[name=HTTP, port="http,https"]'';
+          logpath = "${config.services.paperless.dataDir}/log/*.log";
+          backend = "auto";
+          findtime = 600;
+          bantime = 600;
+          maxretry = 5;
+        };
+      };
+    };
+  };
+}
--- a/legacy-modules/nixos-modules/server/paperless/paperless.nix
+++ b/legacy-modules/nixos-modules/server/paperless/paperless.nix
@ -0,0 +1,27 @@
+{
+  config,
+  lib,
+  ...
+}: {
+  options.services.paperless = {
+    database = {
+      user = lib.mkOption {
+        type = lib.types.str;
+        description = "what is the user and database that we are going to use for paperless";
+        default = "paperless";
+      };
+    };
+  };
+
+  config = lib.mkIf config.services.paperless.enable {
+    services.paperless = {
+      configureTika = true;
+      settings = {
+        PAPERLESS_DBENGINE = "postgresql";
+        PAPERLESS_DBHOST = "/run/postgresql";
+        PAPERLESS_DBNAME = config.services.paperless.database.user;
+        PAPERLESS_DBUSER = config.services.paperless.database.user;
+      };
+    };
+  };
+}
--- a/legacy-modules/nixos-modules/server/paperless/proxy.nix
+++ b/legacy-modules/nixos-modules/server/paperless/proxy.nix
@ -0,0 +1,33 @@
+{
+  config,
+  lib,
+  ...
+}: {
+  options.services.paperless = {
+    extraDomains = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      description = "extra domains that should be configured for paperless";
+      default = [];
+    };
+    reverseProxy = {
+      enable = lib.mkOption {
+        type = lib.types.bool;
+        default = config.services.paperless.enable && config.services.reverseProxy.enable;
+      };
+    };
+  };
+
+  config = lib.mkIf config.services.paperless.reverseProxy.enable {
+    services.reverseProxy.services.paperless = {
+      target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}";
+      domain = config.services.paperless.domain;
+      extraDomains = config.services.paperless.extraDomains;
+
+      settings = {
+        proxyWebsockets.enable = true;
+        forwardHeaders.enable = true;
+        maxBodySize = 50000;
+      };
+    };
+  };
+}
--- a/legacy-modules/nixos-modules/server/paperless/storage.nix
+++ b/legacy-modules/nixos-modules/server/paperless/storage.nix
@ -0,0 +1,21 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  dataDir = "/var/lib/paperless";
+in {
+  options.services.paperless.impermanence.enable = lib.mkOption {
+    type = lib.types.bool;
+    default = config.services.paperless.enable && config.storage.impermanence.enable;
+  };
+
+  config = lib.mkIf config.services.paperless.enable {
+    storage.datasets.replicate."system/root" = {
+      directories."${dataDir}" = lib.mkIf config.services.paperless.impermanence.enable {
+        owner.name = "paperless";
+        group.name = "paperless";
+      };
+    };
+  };
+}