From 4c46c0b825c257b06b8fd0d497baea6d92e49c27 Mon Sep 17 00:00:00 2001
From: Gabriel Simmer <g@gmem.ca>
Date: Sat, 20 Apr 2024 19:37:58 +0100
Subject: [PATCH] paperless-ngx on vancouver

---
 nix/nas/configuration.nix | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/nix/nas/configuration.nix b/nix/nas/configuration.nix
index d9ddc79..34aaedf 100644
--- a/nix/nas/configuration.nix
+++ b/nix/nas/configuration.nix
@@ -49,6 +49,15 @@
   };
 
   services = {
+    paperless = {
+      enable = true;
+      dataDir = "/tank/documents";
+      settings = {
+        PAPERLESS_OCR_USER_ARGS = {
+          invalidate_digital_signatures = true;
+        };
+      };
+    };
     fwupd.enable = true;
     promtail = {
       enable = true;
@@ -154,6 +163,7 @@
           paths = [
             "/tank/k3scluster"
             "/tank/forgejo"
+            "/tank/documents"
           ];
           timerConfig = {
             OnCalendar = "daily";
@@ -303,6 +313,22 @@
           proxyPass = "http://127.0.0.1:8973/";
         };
       };
+      virtualHosts."docs.gmem.ca" = {
+        enableACME = true;
+        addSSL = true;
+        acmeRoot = null;
+        locations."/" = {
+          extraConfig = ''
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+
+            client_max_body_size 500M;
+          '';
+          proxyPass = "http://127.0.0.1:${toString config.services.paperless.port}/";
+        };
+      };
     };
     gitea = {
       enable = true;
@@ -512,6 +538,11 @@
     dnsProvider = "cloudflare";
     credentialsFile = config.age.secrets.cloudflare-dns.path;
   };
+  security.acme.certs."docs.gmem.ca" = {
+    domain = "*.gmem.ca";
+    dnsProvider = "cloudflare";
+    credentialsFile = config.age.secrets.cloudflare-dns.path;
+  };
 
   system.stateVersion = "23.05";
 }