@ -2,13 +2,13 @@
with lib ;
let
cfg = config . services . paperless-ng ;
cfg = config . services . paperless ;
defaultUser = " p a p e r l e s s " ;
# Don't start a redis instance if the user sets a custom redis connection
enableRedis = ! hasAttr " P A P E R L E S S _ R E D I S " cfg . extraConfig ;
redisServer = config . services . redis . servers . paperless-ng ;
redisServer = config . services . redis . servers . paperless ;
env = {
PAPERLESS_DATA_DIR = cfg . dataDir ;
@ -25,7 +25,7 @@ let
setupEnv = lib . concatStringsSep " \n " ( mapAttrsToList ( name : val : " e x p o r t ${ name } = \" ${ val } \" " ) env ) ;
in pkgs . writeShellScript " m a n a g e " ''
$ { setupEnv }
exec $ { cfg . package } /bin/paperless-ng " $ @ "
exec $ { cfg . package } /bin/paperless-ngx " $ @ "
'' ;
# Secure the services
@ -86,26 +86,22 @@ in
meta . maintainers = with maintainers ; [ earvstedt Flakebi ] ;
imports = [
( mkRemovedOptionModule [ " s e r v i c e s " " p a p e r l e s s " ] ''
The paperless module has been removed as the upstream project died .
Users should migrate to the paperless-ng module ( services . paperless-ng ) .
More information can be found in the NixOS 21 .11 release notes .
'' )
( mkRenamedOptionModule [ " s e r v i c e s " " p a p e r l e s s - n g " ] [ " s e r v i c e s " " p a p e r l e s s " ] )
] ;
options . services . paperless-ng = {
options . services . paperless = {
enable = mkOption {
type = lib . types . bool ;
default = false ;
description = ''
Enable Paperless-ng .
Enable Paperless .
When started , the Paperless database is automatically created if it doesn't
exist and updated if the Paperless package has changed .
Both tasks are achieved by running a Django migration .
A script to manage the Paperless instance ( by wrapping Django's manage . py ) is linked to
<literal> '' ${ dataDir } / p a p e r l e s s - n g - ma n a g e < / l i t e r a l > .
<literal> '' ${ dataDir } / p a p e r l e s s - m a n a g e < / l i t e r a l > .
'' ;
} ;
@ -138,13 +134,13 @@ in
passwordFile = mkOption {
type = types . nullOr types . path ;
default = null ;
example = " / r u n / k e y s / p a p e r l e s s - n g - pa s s w o r d " ;
example = " / r u n / k e y s / p a p e r l e s s - p a s s w o r d " ;
description = ''
A file containing the superuser password .
A superuser is required to access the web interface .
If unset , you can create a superuser manually by running
<literal> '' ${ dataDir } / p a p e r l e s s - n g - ma n a g e c r e a t e s u p e r u s e r < / l i t e r a l > .
<literal> '' ${ dataDir } / p a p e r l e s s - m a n a g e c r e a t e s u p e r u s e r < / l i t e r a l > .
The default superuser name is <literal> admin < /literal > . To change it , set
option <option> extraConfig . PAPERLESS_ADMIN_USER < /option > .
@ -173,9 +169,9 @@ in
type = types . attrs ;
default = { } ;
description = ''
Extra paperless-ng config options .
Extra paperless config options .
See < link xlink:href= " h t t p s : / / p a p e r l e s s - n g . r e a d t h e d o c s . i o / e n / l a t e s t / c o n f i g u r a t i o n . h t m l " > the documentation < /link >
See < link xlink:href= " h t t p s : / / p a p e r l e s s - n g x .r e a d t h e d o c s . i o / e n / l a t e s t / c o n f i g u r a t i o n . h t m l " > the documentation < /link >
for available options .
'' ;
example = literalExpression ''
@ -193,14 +189,14 @@ in
package = mkOption {
type = types . package ;
default = pkgs . paperless-ng ;
defaultText = literalExpression " p k g s . p a p e r l e s s - n g " ;
default = pkgs . paperless-ngx ;
defaultText = literalExpression " p k g s . p a p e r l e s s - n g x ";
description = " T h e P a p e r l e s s p a c k a g e t o u s e . " ;
} ;
} ;
config = mkIf cfg . enable {
services . redis . servers . paperless-ng . enable = mkIf enableRedis true ;
services . redis . servers . paperless . enable = mkIf enableRedis true ;
systemd . tmpfiles . rules = [
" d ' ${ cfg . dataDir } ' - ${ cfg . user } ${ config . users . users . ${ cfg . user } . group } - - "
@ -212,11 +208,11 @@ in
)
] ;
systemd . services . paperless-ng-serv er = {
description = " P a p e r l e s s d o c u m e n t s e r v e r " ;
systemd . services . paperless-schedul er = {
description = " P a p e r l e s s s c h e d u l e r " ;
serviceConfig = defaultServiceConfig // {
User = cfg . user ;
ExecStart = " ${ cfg . package } / b i n / p a p e r l e s s - n g q c l u s t e r " ;
ExecStart = " ${ cfg . package } / b i n / p a p e r l e s s - n g x q c l u s t e r " ;
Restart = " o n - f a i l u r e " ;
# The `mbind` syscall is needed for running the classifier.
SystemCallFilter = defaultServiceConfig . SystemCallFilter ++ [ " m b i n d " ] ;
@ -225,15 +221,15 @@ in
} ;
environment = env ;
wantedBy = [ " m u l t i - u s e r . t a r g e t " ] ;
wants = [ " p a p e r l e s s - n g - co n s u m e r . s e r v i c e " " p a p e r l e s s - n g - w e b . s e r v i c e " ] ;
wants = [ " p a p e r l e s s - c o n s u m e r . s e r v i c e " " p a p e r l e s s - w e b . s e r v i c e " ] ;
preStart = ''
ln - sf $ { manage } $ { cfg . dataDir } /paperless-ng- manage
ln - sf $ { manage } $ { cfg . dataDir } /paperless-manage
# Auto-migrate on first run or if the package has changed
versionFile = " ${ cfg . dataDir } / s r c - v e r s i o n "
if [ [ $ ( cat " $ v e r s i o n F i l e " 2 > /dev/null ) != $ { cfg . package } ] ] ; then
$ { cfg . package } /bin/paperless-ng migrate
$ { cfg . package } /bin/paperless-ngx migrate
echo $ { cfg . package } > " $ v e r s i o n F i l e "
fi
''
@ -244,18 +240,18 @@ in
superuserStateFile = " ${ cfg . dataDir } / s u p e r u s e r - s t a t e "
if [ [ $ ( cat " $ s u p e r u s e r S t a t e F i l e " 2 > /dev/null ) != $ superuserState ] ] ; then
$ { cfg . package } /bin/paperless-ng manage_superuser
$ { cfg . package } /bin/paperless-ngx manage_superuser
echo " $ s u p e r u s e r S t a t e " > " $ s u p e r u s e r S t a t e F i l e "
fi
'' ;
} // optionalAttrs enableRedis {
after = [ " r e d i s - p a p e r l e s s - n g .s e r v i c e " ] ;
after = [ " r e d i s - p a p e r l e s s . s e r v i c e " ] ;
} ;
# Reading the user-provided password file requires root access
systemd . services . paperless-ng- copy-password = mkIf ( cfg . passwordFile != null ) {
requiredBy = [ " p a p e r l e s s - n g - s e r v e r . s e r v i c e " ] ;
before = [ " p a p e r l e s s - n g - s e r v e r . s e r v i c e " ] ;
systemd . services . paperless-copy-password = mkIf ( cfg . passwordFile != null ) {
requiredBy = [ " p a p e r l e s s - s c h e d u l e r . s e r v i c e " ] ;
before = [ " p a p e r l e s s - s c h e d u l e r . s e r v i c e " ] ;
serviceConfig = {
ExecStart = ''
$ { pkgs . coreutils } /bin/install - - mode 600 - - owner ' $ { cfg . user } ' - - compare \
@ -265,27 +261,27 @@ in
} ;
} ;
systemd . services . paperless-ng- consumer = {
systemd . services . paperless-consumer = {
description = " P a p e r l e s s d o c u m e n t c o n s u m e r " ;
serviceConfig = defaultServiceConfig // {
User = cfg . user ;
ExecStart = " ${ cfg . package } / b i n / p a p e r l e s s - n g d o c u m e n t _ c o n s u m e r " ;
ExecStart = " ${ cfg . package } / b i n / p a p e r l e s s - n g x d o c u m e n t _ c o n s u m e r " ;
Restart = " o n - f a i l u r e " ;
} ;
environment = env ;
# Bind to `paperless-ng-serv er` so that the consumer never runs
# Bind to `paperless-schedul er` so that the consumer never runs
# during migrations
bindsTo = [ " p a p e r l e s s - n g - s e r v e r . s e r v i c e " ] ;
after = [ " p a p e r l e s s - n g - s e r v e r . s e r v i c e " ] ;
bindsTo = [ " p a p e r l e s s - s c h e d u l e r . s e r v i c e " ] ;
after = [ " p a p e r l e s s - s c h e d u l e r . s e r v i c e " ] ;
} ;
systemd . services . paperless-ng- web = {
systemd . services . paperless-web = {
description = " P a p e r l e s s w e b s e r v e r " ;
serviceConfig = defaultServiceConfig // {
User = cfg . user ;
ExecStart = ''
$ { pkgs . python3Packages . gunicorn } /bin/gunicorn \
- c $ { cfg . package } /lib/paperless-ng/gunicorn.conf.py paperless.asgi:application
- c $ { cfg . package } /lib/paperless-ngx /gunicorn.conf.py paperless.asgi:application
'' ;
Restart = " o n - f a i l u r e " ;
@ -298,15 +294,15 @@ in
} ;
environment = env // {
PATH = mkForce cfg . package . path ;
PYTHONPATH = " ${ cfg . package . pythonPath } : ${ cfg . package } / l i b / p a p e r l e s s - n g / s r c " ;
PYTHONPATH = " ${ cfg . package . pythonPath } : ${ cfg . package } / l i b / p a p e r l e s s - n g x /s r c " ;
} ;
# Allow the web interface to access the private /tmp directory of the server.
# This is required to support uploading files via the web interface.
unitConfig . JoinsNamespaceOf = " p a p e r l e s s - n g - s e r v e r . s e r v i c e " ;
# Bind to `paperless-ng-serv er` so that the web server never runs
unitConfig . JoinsNamespaceOf = " p a p e r l e s s - s c h e d u l e r . s e r v i c e " ;
# Bind to `paperless-schedul er` so that the web server never runs
# during migrations
bindsTo = [ " p a p e r l e s s - n g - s e r v e r . s e r v i c e " ] ;
after = [ " p a p e r l e s s - n g - s e r v e r . s e r v i c e " ] ;
bindsTo = [ " p a p e r l e s s - s c h e d u l e r . s e r v i c e " ] ;
after = [ " p a p e r l e s s - s c h e d u l e r . s e r v i c e " ] ;
} ;
users = optionalAttrs ( cfg . user == defaultUser ) {