nixos/paperless: add configureNginx option

2025-02-27 21:26:58 +01:00
parent b696175572
commit 4de77741a5
2 changed files with 61 additions and 24 deletions
--- a/nixos/modules/services/misc/paperless.nix
+++ b/nixos/modules/services/misc/paperless.nix
@@ -323,6 +323,16 @@ in
      };
    };

+    configureNginx = lib.mkEnableOption "" // {
+      description = "Whether to configure nginx as a reverse proxy.";
+    };
+
+    domain = lib.mkOption {
+      type = lib.types.str;
+      example = "paperless.example.com";
+      description = "Domain under which paperless will be available.";
+    };
+
    exporter = {
      enable = lib.mkEnableOption "regular automatic document exports";

@@ -380,6 +390,27 @@ in
        services.paperless.manage = manage;
        environment.systemPackages = [ manage ];

+        services.nginx = lib.mkIf cfg.configureNginx {
+          enable = true;
+          upstreams.paperless.servers."${cfg.address}:${toString cfg.port}" = { };
+          virtualHosts.${cfg.domain} = {
+            forceSSL = lib.mkDefault true;
+            locations = {
+              "/".proxyPass = "http://paperless";
+              "/static/" = {
+                root = config.services.paperless.package;
+                extraConfig = ''
+                  rewrite ^/(.*)$ /lib/paperless-ngx/$1 break;
+                '';
+              };
+              "/ws/status" = {
+                proxyPass = "http://paperless";
+                proxyWebsockets = true;
+              };
+            };
+          };
+        };
+
        services.redis.servers.paperless.enable = lib.mkIf enableRedis true;

        services.postgresql = lib.mkIf cfg.database.createLocally {
@@ -394,6 +425,9 @@ in
        };

        services.paperless.settings = lib.mkMerge [
+          (lib.mkIf (cfg.domain != "") {
+            PAPERLESS_URL = "https://${cfg.domain}";
+          })
          (lib.mkIf cfg.database.createLocally {
            PAPERLESS_DBENGINE = "postgresql";
            PAPERLESS_DBHOST = "/run/postgresql";
--- a/nixos/tests/paperless.nix
+++ b/nixos/tests/paperless.nix
@@ -17,8 +17,12 @@
              imagemagick
              jq
            ];
-            services.paperless = {
+            services = {
+              nginx.virtualHosts."localhost".forceSSL = false;
+              paperless = {
                enable = true;
+                configureNginx = true;
+                domain = "localhost";
                passwordFile = builtins.toFile "password" "admin";

                exporter = {
@@ -31,9 +35,8 @@
                };
              };
            };
-        postgres =
-          { config, pkgs, ... }:
-          {
+          };
+        postgres = {
          imports = [ self.simple ];
          services.paperless.database.createLocally = true;
          services.paperless.settings = {
@@ -59,7 +62,7 @@
      with subtest("Web interface gets ready"):
        node.wait_for_unit("paperless-web.service")
        # Wait until server accepts connections
-        node.wait_until_succeeds("curl -fs localhost:28981")
+        node.wait_until_succeeds("curl -fs localhost")

      # Required for consuming documents via the web interface
      with subtest("Task-queue gets ready"):
@@ -70,32 +73,32 @@
          "convert -size 400x40 xc:white -font 'DejaVu-Sans' -pointsize 20 -fill black "
          "-annotate +5+20 'hello web 16-10-2005' /tmp/webdoc.png"
        )
-        node.wait_until_succeeds("curl -u admin:admin -F document=@/tmp/webdoc.png -fs localhost:28981/api/documents/post_document/")
+        node.wait_until_succeeds("curl -u admin:admin -F document=@/tmp/webdoc.png -fs localhost/api/documents/post_document/")

      with subtest("Add a txt document via the web interface"):
        node.succeed(
          "echo 'hello web 16-10-2005' > /tmp/webdoc.txt"
        )
-        node.wait_until_succeeds("curl -u admin:admin -F document=@/tmp/webdoc.txt -fs localhost:28981/api/documents/post_document/")
+        node.wait_until_succeeds("curl -u admin:admin -F document=@/tmp/webdoc.txt -fs localhost/api/documents/post_document/")

      with subtest("Documents are consumed"):
        node.wait_until_succeeds(
-          "(($(curl -u admin:admin -fs localhost:28981/api/documents/ | jq .count) == 3))"
+          "(($(curl -u admin:admin -fs localhost/api/documents/ | jq .count) == 3))"
        )
-        docs = json.loads(node.succeed("curl -u admin:admin -fs localhost:28981/api/documents/"))['results']
+        docs = json.loads(node.succeed("curl -u admin:admin -fs localhost/api/documents/"))['results']
        assert "2005-10-16" in docs[0]['created']
        assert "2005-10-16" in docs[1]['created']
        assert "2005-10-16" in docs[2]['created']

      # Detects gunicorn issues, see PR #190888
      with subtest("Document metadata can be accessed"):
-        metadata = json.loads(node.succeed("curl -u admin:admin -fs localhost:28981/api/documents/1/metadata/"))
+        metadata = json.loads(node.succeed("curl -u admin:admin -fs localhost/api/documents/1/metadata/"))
        assert "original_checksum" in metadata

-        metadata = json.loads(node.succeed("curl -u admin:admin -fs localhost:28981/api/documents/2/metadata/"))
+        metadata = json.loads(node.succeed("curl -u admin:admin -fs localhost/api/documents/2/metadata/"))
        assert "original_checksum" in metadata

-        metadata = json.loads(node.succeed("curl -u admin:admin -fs localhost:28981/api/documents/3/metadata/"))
+        metadata = json.loads(node.succeed("curl -u admin:admin -fs localhost/api/documents/3/metadata/"))
        assert "original_checksum" in metadata

      with subtest("Exporter"):