From 4de77741a55e0fa5d661226464db5f4c3f22ced3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Thu, 27 Feb 2025 21:26:58 +0100 Subject: [PATCH] nixos/paperless: add configureNginx option --- nixos/modules/services/misc/paperless.nix | 34 +++++++++++++++ nixos/tests/paperless.nix | 51 ++++++++++++----------- 2 files changed, 61 insertions(+), 24 deletions(-) diff --git a/nixos/modules/services/misc/paperless.nix b/nixos/modules/services/misc/paperless.nix index 4a54e637507a..906fc8d54f1a 100644 --- a/nixos/modules/services/misc/paperless.nix +++ b/nixos/modules/services/misc/paperless.nix @@ -323,6 +323,16 @@ in }; }; + configureNginx = lib.mkEnableOption "" // { + description = "Whether to configure nginx as a reverse proxy."; + }; + + domain = lib.mkOption { + type = lib.types.str; + example = "paperless.example.com"; + description = "Domain under which paperless will be available."; + }; + exporter = { enable = lib.mkEnableOption "regular automatic document exports"; @@ -380,6 +390,27 @@ in services.paperless.manage = manage; environment.systemPackages = [ manage ]; + services.nginx = lib.mkIf cfg.configureNginx { + enable = true; + upstreams.paperless.servers."${cfg.address}:${toString cfg.port}" = { }; + virtualHosts.${cfg.domain} = { + forceSSL = lib.mkDefault true; + locations = { + "/".proxyPass = "http://paperless"; + "/static/" = { + root = config.services.paperless.package; + extraConfig = '' + rewrite ^/(.*)$ /lib/paperless-ngx/$1 break; + ''; + }; + "/ws/status" = { + proxyPass = "http://paperless"; + proxyWebsockets = true; + }; + }; + }; + }; + services.redis.servers.paperless.enable = lib.mkIf enableRedis true; services.postgresql = lib.mkIf cfg.database.createLocally { @@ -394,6 +425,9 @@ in }; services.paperless.settings = lib.mkMerge [ + (lib.mkIf (cfg.domain != "") { + PAPERLESS_URL = "https://${cfg.domain}"; + }) (lib.mkIf cfg.database.createLocally { PAPERLESS_DBENGINE = "postgresql"; PAPERLESS_DBHOST = "/run/postgresql"; diff --git a/nixos/tests/paperless.nix b/nixos/tests/paperless.nix index d35d909e690f..3f215febda7c 100644 --- a/nixos/tests/paperless.nix +++ b/nixos/tests/paperless.nix @@ -17,29 +17,32 @@ imagemagick jq ]; - services.paperless = { - enable = true; - passwordFile = builtins.toFile "password" "admin"; - - exporter = { + services = { + nginx.virtualHosts."localhost".forceSSL = false; + paperless = { enable = true; + configureNginx = true; + domain = "localhost"; + passwordFile = builtins.toFile "password" "admin"; - settings = { - "no-color" = lib.mkForce false; # override a default option - "no-thumbnail" = true; # add a new option + exporter = { + enable = true; + + settings = { + "no-color" = lib.mkForce false; # override a default option + "no-thumbnail" = true; # add a new option + }; }; }; }; }; - postgres = - { config, pkgs, ... }: - { - imports = [ self.simple ]; - services.paperless.database.createLocally = true; - services.paperless.settings = { - PAPERLESS_OCR_LANGUAGE = "deu"; - }; + postgres = { + imports = [ self.simple ]; + services.paperless.database.createLocally = true; + services.paperless.settings = { + PAPERLESS_OCR_LANGUAGE = "deu"; }; + }; }; in self; @@ -59,7 +62,7 @@ with subtest("Web interface gets ready"): node.wait_for_unit("paperless-web.service") # Wait until server accepts connections - node.wait_until_succeeds("curl -fs localhost:28981") + node.wait_until_succeeds("curl -fs localhost") # Required for consuming documents via the web interface with subtest("Task-queue gets ready"): @@ -70,32 +73,32 @@ "convert -size 400x40 xc:white -font 'DejaVu-Sans' -pointsize 20 -fill black " "-annotate +5+20 'hello web 16-10-2005' /tmp/webdoc.png" ) - node.wait_until_succeeds("curl -u admin:admin -F document=@/tmp/webdoc.png -fs localhost:28981/api/documents/post_document/") + node.wait_until_succeeds("curl -u admin:admin -F document=@/tmp/webdoc.png -fs localhost/api/documents/post_document/") with subtest("Add a txt document via the web interface"): node.succeed( "echo 'hello web 16-10-2005' > /tmp/webdoc.txt" ) - node.wait_until_succeeds("curl -u admin:admin -F document=@/tmp/webdoc.txt -fs localhost:28981/api/documents/post_document/") + node.wait_until_succeeds("curl -u admin:admin -F document=@/tmp/webdoc.txt -fs localhost/api/documents/post_document/") with subtest("Documents are consumed"): node.wait_until_succeeds( - "(($(curl -u admin:admin -fs localhost:28981/api/documents/ | jq .count) == 3))" + "(($(curl -u admin:admin -fs localhost/api/documents/ | jq .count) == 3))" ) - docs = json.loads(node.succeed("curl -u admin:admin -fs localhost:28981/api/documents/"))['results'] + docs = json.loads(node.succeed("curl -u admin:admin -fs localhost/api/documents/"))['results'] assert "2005-10-16" in docs[0]['created'] assert "2005-10-16" in docs[1]['created'] assert "2005-10-16" in docs[2]['created'] # Detects gunicorn issues, see PR #190888 with subtest("Document metadata can be accessed"): - metadata = json.loads(node.succeed("curl -u admin:admin -fs localhost:28981/api/documents/1/metadata/")) + metadata = json.loads(node.succeed("curl -u admin:admin -fs localhost/api/documents/1/metadata/")) assert "original_checksum" in metadata - metadata = json.loads(node.succeed("curl -u admin:admin -fs localhost:28981/api/documents/2/metadata/")) + metadata = json.loads(node.succeed("curl -u admin:admin -fs localhost/api/documents/2/metadata/")) assert "original_checksum" in metadata - metadata = json.loads(node.succeed("curl -u admin:admin -fs localhost:28981/api/documents/3/metadata/")) + metadata = json.loads(node.succeed("curl -u admin:admin -fs localhost/api/documents/3/metadata/")) assert "original_checksum" in metadata with subtest("Exporter"):