try paperless and run nextcloud in postgres

server/flake.nix

@@ -19,6 +19,7 @@
 	./modules/static-ip-server.nix
         ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
         ./configuration.nix 
+	./modules/postgres.nix
 	./modules/fail2ban.nix
         ./modules/nix-settings.nix
         ./modules/adguard.nix
@@ -39,6 +40,7 @@
         ./modules/docker.nix
 	./modules/wireguard.nix
 	./modules/cron.nix
+	./modules/paperless.nix
         #./modules/dyndns.nix i think ddclient is deprecated
         #./modules/home-assistant.nix idk dont like this
         agenix.nixosModules.default

server/modules/nextcloud.nix

@@ -1,6 +1,5 @@
 { config, pkgs, lib, inputs, ... }:
 {
-
     age.secrets.nextcloud-cert = {
         file = ../secrets/nextcloud-cert.age;
         owner = "nginx";
@@ -30,9 +29,12 @@
 		serverAliases = [ "192.168.2.1" ];
                 ## Force HTTP redirect to HTTPS
                 forceSSL = true;
-		        #sslTrustedCertificate = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
-		        sslCertificate = config.age.secrets.nextcloud-cert.path;
-		        sslCertificateKey = config.age.secrets.nextcloud-key.path;
+		locations."~ ^\\/(?:index|remote|public|cron|core\\/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|oc[s]-provider\\/.+|.+\\/richdocumentscode\\/proxy)\\.php(?:$|\\/)".extraConfig = ''
+			client_max_body_size 5G;
+		'';
+	        #sslTrustedCertificate = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+	        sslCertificate = config.age.secrets.nextcloud-cert.path;
+	        sslCertificateKey = config.age.secrets.nextcloud-key.path;
                 ## LetsEncrypt
                 #enableACME = true;
             };
@@ -50,6 +52,8 @@
 	https = true;
         hostName = "nextcloud.local";
         config.adminpassFile = config.age.secrets.nextcloud-admin.path;
+	config.dbtype = "pgsql";
+	database.createLocally = true;
 	config.extraTrustedDomains = [ "192.168.2.1" ];
         home = "/mnt/250ssd/nextcloud";
 
@@ -59,6 +63,11 @@
                 sha256 = "sha256-LaUG0maatc2YtWQjff7J54vadQ2RE4X6FcW8vFefBh8=";
             };
         };
+
+  	phpOptions = {
+    		upload_max_filesize = "5G";
+    		post_max_size = "5G";
+  	};
         extraAppsEnable = true;
         extraOptions.enabledPreviewProviders = [
             "OC\\Preview\\BMP"

server/modules/paperless.nix

@@ -0,0 +1,16 @@
+{ config, pkgs, lib, inputs, ... }:
+{
+    networking.firewall.allowedTCPPorts = [ 28981 ];
+    age.secrets.paperless = {
+        file = ../secrets/paperless.age;
+        owner = "paperless";
+        group = "paperless";
+    };
+    services.paperless = {
+	enable = true;
+	port = 28981;
+	passwordFile = config.age.secrets.paperless.path;
+	address = "192.168.2.1";
+	mediaDir = "/mnt/250ssd/paperless";
+    };
+}

server/modules/postgres.nix

@@ -0,0 +1,17 @@
+{ pkgs, ... }:
+{
+    services.postgresql = {
+        enable = true;
+  	authentication = pkgs.lib.mkOverride 10 ''
+    		#type database  DBuser  auth-method optional_ident_map
+    		local sameuser  all     peer        map=superuser_map
+  	'';
+        identMap = ''
+                # ArbitraryMapName systemUser DBUser
+                superuser_map      root      postgres
+                superuser_map      postgres  postgres
+                # Let other names login as themselves
+                superuser_map      /^(.*)$   \1
+        '';
+    };
+}

server/secrets/secrets.nix

@@ -15,4 +15,5 @@ in
   "wireguard-private.age".publicKeys = [ nix-test-vm server ];
   "coturn-secret.age".publicKeys = [ nix-test-vm server ];
   "matrix-registration.age".publicKeys = [ nix-test-vm server ];
+  "paperless.age".publicKeys = [ nix-test-vm server ];
 }