From 8e104ca100eedb351e8172706a4399aaeb4f0e71 Mon Sep 17 00:00:00 2001
From: Kopatz <7265381+Kropatz@users.noreply.github.com>
Date: Sat, 28 Oct 2023 19:37:58 +0200
Subject: [PATCH] try paperless and run nextcloud in postgres

---
 server/flake.nix             |   2 ++
 server/modules/nextcloud.nix |  17 +++++++++++++----
 server/modules/paperless.nix |  16 ++++++++++++++++
 server/modules/postgres.nix  |  17 +++++++++++++++++
 server/secrets/paperless.age | Bin 0 -> 496 bytes
 server/secrets/secrets.nix   |   1 +
 6 files changed, 49 insertions(+), 4 deletions(-)
 create mode 100644 server/modules/paperless.nix
 create mode 100644 server/modules/postgres.nix
 create mode 100644 server/secrets/paperless.age

diff --git a/server/flake.nix b/server/flake.nix
index 09f4254..fbd1531 100644
--- a/server/flake.nix
+++ b/server/flake.nix
@@ -19,6 +19,7 @@
 	./modules/static-ip-server.nix
         ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
         ./configuration.nix 
+	./modules/postgres.nix
 	./modules/fail2ban.nix
         ./modules/nix-settings.nix
         ./modules/adguard.nix
@@ -39,6 +40,7 @@
         ./modules/docker.nix
 	./modules/wireguard.nix
 	./modules/cron.nix
+	./modules/paperless.nix
         #./modules/dyndns.nix i think ddclient is deprecated
         #./modules/home-assistant.nix idk dont like this
         agenix.nixosModules.default
diff --git a/server/modules/nextcloud.nix b/server/modules/nextcloud.nix
index 2fc7f6d..fc0239d 100644
--- a/server/modules/nextcloud.nix
+++ b/server/modules/nextcloud.nix
@@ -1,6 +1,5 @@
 { config, pkgs, lib, inputs, ... }:
 {
-
     age.secrets.nextcloud-cert = {
         file = ../secrets/nextcloud-cert.age;
         owner = "nginx";
@@ -30,9 +29,12 @@
 		serverAliases = [ "192.168.2.1" ];
                 ## Force HTTP redirect to HTTPS
                 forceSSL = true;
-		        #sslTrustedCertificate = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
-		        sslCertificate = config.age.secrets.nextcloud-cert.path;
-		        sslCertificateKey = config.age.secrets.nextcloud-key.path;
+		locations."~ ^\\/(?:index|remote|public|cron|core\\/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|oc[s]-provider\\/.+|.+\\/richdocumentscode\\/proxy)\\.php(?:$|\\/)".extraConfig = ''
+			client_max_body_size 5G;
+		'';
+	        #sslTrustedCertificate = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+	        sslCertificate = config.age.secrets.nextcloud-cert.path;
+	        sslCertificateKey = config.age.secrets.nextcloud-key.path;
                 ## LetsEncrypt
                 #enableACME = true;
             };
@@ -50,6 +52,8 @@
 	https = true;
         hostName = "nextcloud.local";
         config.adminpassFile = config.age.secrets.nextcloud-admin.path;
+	config.dbtype = "pgsql";
+	database.createLocally = true;
 	config.extraTrustedDomains = [ "192.168.2.1" ];
         home = "/mnt/250ssd/nextcloud";
 
@@ -59,6 +63,11 @@
                 sha256 = "sha256-LaUG0maatc2YtWQjff7J54vadQ2RE4X6FcW8vFefBh8=";
             };
         };
+
+  	phpOptions = {
+    		upload_max_filesize = "5G";
+    		post_max_size = "5G";
+  	};
         extraAppsEnable = true;
         extraOptions.enabledPreviewProviders = [
             "OC\\Preview\\BMP"
diff --git a/server/modules/paperless.nix b/server/modules/paperless.nix
new file mode 100644
index 0000000..a8f7fdd
--- /dev/null
+++ b/server/modules/paperless.nix
@@ -0,0 +1,16 @@
+{ config, pkgs, lib, inputs, ... }:
+{
+    networking.firewall.allowedTCPPorts = [ 28981 ];
+    age.secrets.paperless = {
+        file = ../secrets/paperless.age;
+        owner = "paperless";
+        group = "paperless";
+    };
+    services.paperless = {
+	enable = true;
+	port = 28981;
+	passwordFile = config.age.secrets.paperless.path;
+	address = "192.168.2.1";
+	mediaDir = "/mnt/250ssd/paperless";
+    };
+}
diff --git a/server/modules/postgres.nix b/server/modules/postgres.nix
new file mode 100644
index 0000000..f7581b5
--- /dev/null
+++ b/server/modules/postgres.nix
@@ -0,0 +1,17 @@
+{ pkgs, ... }:
+{
+    services.postgresql = {
+        enable = true;
+  	authentication = pkgs.lib.mkOverride 10 ''
+    		#type database  DBuser  auth-method optional_ident_map
+    		local sameuser  all     peer        map=superuser_map
+  	'';
+        identMap = ''
+                # ArbitraryMapName systemUser DBUser
+                superuser_map      root      postgres
+                superuser_map      postgres  postgres
+                # Let other names login as themselves
+                superuser_map      /^(.*)$   \1
+        '';
+    };
+}
diff --git a/server/secrets/paperless.age b/server/secrets/paperless.age
new file mode 100644
index 0000000000000000000000000000000000000000..3cfd675db52cd3df97b56eeda5c528f0bf0b6d0c
GIT binary patch
literal 496
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCTyOmlYjEmtTj(oU=L
zEXwtD^AGS!&#CmS@+rv*Ow3HRbSx|@D@ZO4tBP<84|a>H%;qYNC``^YwDgFIGAOff
zEc5U*vnUP<_AbxMOv-SyFmUuTP4@RN$TkQG_C&YMGtAf}J5a$eqS83Rpvt1EJT)uL
z!y+ZHxFW?Z#J#F8xw6R9Ah9qrD<z<+yuhN=*n}&?BHKMYD7nJXEifn9$v3;i!YL}*
zJE<VT&(F-Qpgcc2(bCT>AksM{JsV_OT&Zq)QEFmwszR-TZ?2buxpk33eqp4qVYRsp
zmw%*Zdbqw%Wrd-4Wuc>fPOzDNPO(Q$Vrgn>fNzLzZjOJsdw_{{RAhm#OF?0vg=wB?
zu~UjgN~*CzaB)eBKbN74e_)VTYH?PfPoP(rlYc~1ppij3m#(g^f?<A6c}_*TbD>+H
zVW_#KQK3<RaaN#fqFJa*RAhN^evW>Dd1{WCW0I)}m!pEgE!nS~&9hb)r$*?-Bv@KM
ziC7rg$bMo2@4KqDL-v<)qAX^MW&Xcy@%`^IUWNy&zdOgTaxZ`HQtSR@^N$4c7)5X6
XPjA_Kb(FoDH@BA78|QX3FMb996=$y0

literal 0
HcmV?d00001

diff --git a/server/secrets/secrets.nix b/server/secrets/secrets.nix
index 1e47aa8..1c779ca 100644
--- a/server/secrets/secrets.nix
+++ b/server/secrets/secrets.nix
@@ -15,4 +15,5 @@ in
   "wireguard-private.age".publicKeys = [ nix-test-vm server ];
   "coturn-secret.age".publicKeys = [ nix-test-vm server ];
   "matrix-registration.age".publicKeys = [ nix-test-vm server ];
+  "paperless.age".publicKeys = [ nix-test-vm server ];
 }