{ container, pkgs, util, lib, ... } @args: let cfg = container.config.paper; in { systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ]; containers.paper = container.mkContainer cfg { bindMounts = { "/var/lib/paperless" = { hostPath = "${cfg.storage}/data"; isReadOnly = false; }; "/var/lib/paperless/media" = { hostPath = "${lib.elemAt cfg.paper 0}"; isReadOnly = false; }; }; config = { lib, pkgs, ... }: container.mkContainerConfig cfg { environment.systemPackages = with pkgs; [ postgresql inetutils ]; services.paperless = { enable = true; dataDir = "/var/lib/paperless"; # address = cfg.domain; address = "0.0.0.0"; port = cfg.port; passwordFile = pkgs.writeText "PaperlessPassword" "root"; settings = { PAPERLESS_URL = "https://${cfg.domain}"; PAPERLESS_ADMIN_USER = "root"; PAPERLESS_DBHOST = container.config.postgres.address; PAPERLESS_DBENGINE = "postgresql"; PAPERLESS_DBNAME = "paperless"; PAPERLESS_DBPASS = "paperless"; PAPERLESS_DBPORT = container.config.postgres.port; PAPERLESS_DBUSER = "paperless"; PAPERLESS_OCR_LANGUAGE = "rus"; PAPERLESS_REDIS = "redis://${container.config.redis.address}:${toString container.config.redis.port}"; }; }; # HACK: This is required for TCP postgres connection. systemd.services.paperless-scheduler.serviceConfig = { PrivateNetwork = lib.mkForce false; }; systemd.services.paperless-consumer.serviceConfig = { PrivateNetwork = lib.mkForce false; }; }; }; }