diff --git a/nixos/modules/services/misc/paperless.nix b/nixos/modules/services/misc/paperless.nix index 667f16d98f82..4199e7713304 100644 --- a/nixos/modules/services/misc/paperless.nix +++ b/nixos/modules/services/misc/paperless.nix @@ -6,6 +6,7 @@ let pkg = cfg.package; defaultUser = "paperless"; + nltkDir = "/var/cache/paperless/nltk"; # Don't start a redis instance if the user sets a custom redis connection enableRedis = !hasAttr "PAPERLESS_REDIS" cfg.extraConfig; @@ -15,6 +16,7 @@ let PAPERLESS_DATA_DIR = cfg.dataDir; PAPERLESS_MEDIA_ROOT = cfg.mediaDir; PAPERLESS_CONSUMPTION_DIR = cfg.consumptionDir; + PAPERLESS_NLTK_DIR = nltkDir; GUNICORN_CMD_ARGS = "--bind=${cfg.address}:${toString cfg.port}"; } // optionalAttrs (config.time.timeZone != null) { PAPERLESS_TIME_ZONE = config.time.timeZone; @@ -24,12 +26,14 @@ let lib.mapAttrs (_: toString) cfg.extraConfig ); - manage = let - setupEnv = lib.concatStringsSep "\n" (mapAttrsToList (name: val: "export ${name}=\"${val}\"") env); - in pkgs.writeShellScript "manage" '' - ${setupEnv} - exec ${pkg}/bin/paperless-ngx "$@" - ''; + manage = + let + setupEnv = lib.concatStringsSep "\n" (mapAttrsToList (name: val: "export ${name}=\"${val}\"") env); + in + pkgs.writeShellScript "manage" '' + ${setupEnv} + exec ${pkg}/bin/paperless-ngx "$@" + ''; # Secure the services defaultServiceConfig = { @@ -47,6 +51,7 @@ let cfg.dataDir cfg.mediaDir ]; + CacheDirectory = "paperless"; CapabilityBoundingSet = ""; # ProtectClock adds DeviceAllow=char-rtc r DeviceAllow = ""; @@ -170,7 +175,7 @@ in extraConfig = mkOption { type = types.attrs; - default = {}; + default = { }; description = lib.mdDoc '' Extra paperless config options. @@ -291,6 +296,33 @@ in }; }; + # Download NLTK corpus data + systemd.services.paperless-download-nltk-data = { + wantedBy = [ "paperless-scheduler.service" ]; + before = [ "paperless-scheduler.service" ]; + after = [ "network-online.target" ]; + serviceConfig = defaultServiceConfig // { + User = cfg.user; + Type = "oneshot"; + # Enable internet access + PrivateNetwork = false; + # Restrict write access + BindPaths = []; + BindReadOnlyPaths = [ + "/nix/store" + "-/etc/resolv.conf" + "-/etc/nsswitch.conf" + "-/etc/ssl/certs" + "-/etc/static/ssl/certs" + "-/etc/hosts" + "-/etc/localtime" + ]; + ExecStart = let pythonWithNltk = pkg.python.withPackages (ps: [ ps.nltk ]); in '' + ${pythonWithNltk}/bin/python -m nltk.downloader -d '${nltkDir}' punkt snowball_data stopwords + ''; + }; + }; + systemd.services.paperless-consumer = { description = "Paperless document consumer"; # Bind to `paperless-scheduler` so that the consumer never runs diff --git a/pkgs/applications/office/paperless-ngx/default.nix b/pkgs/applications/office/paperless-ngx/default.nix index f4535b59cf89..e2a977cb5407 100644 --- a/pkgs/applications/office/paperless-ngx/default.nix +++ b/pkgs/applications/office/paperless-ngx/default.nix @@ -318,7 +318,7 @@ python.pkgs.buildPythonApplication rec { meta = with lib; { description = "Tool to scan, index, and archive all of your physical documents"; - homepage = "https://paperless-ngx.readthedocs.io/"; + homepage = "https://docs.paperless-ngx.com/"; changelog = "https://github.com/paperless-ngx/paperless-ngx/releases/tag/v${version}"; license = licenses.gpl3Only; maintainers = with maintainers; [ lukegb gador erikarvstedt ];