TheAnachronism/docspell
1
0
Fork 0
mirror of https://github.com/TheAnachronism/docspell.git synced 2025-03-31 05:15:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update nixos modules with new config options

Browse Source
This commit is contained in:
Eike Kettner 2020-05-25 15:32:03 +02:00
parent 56624515a5
commit b4da523347
2 changed files with 233 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
nix/module-joex.nix
View File

@ -16,6 +16,7 @@ let
address = "localhost";
port = 7878;
};
mail-debug = false;
jdbc = {
url = "jdbc:h2:///tmp/docspell-demo.db;MODE=PostgreSQL;DATABASE_TO_LOWER=TRUE;AUTO_SERVER=TRUE";
user = "sa";
@ -24,6 +25,13 @@ let
send-mail = {
list-id = "";
};
user-tasks = {
scan-mailbox = {
max-folders = 50;
mail-chunk-size = 50;
max-mails = 500;
};
};
scheduler = {
pool-size = 2;
counting-scheme = "4,1";
@ -121,6 +129,10 @@ let
working-dir = "/tmp/docspell-convert";
};
};
files = {
chunk-size = 524288;
valid-mime-types = [];
};
};
in {
@ -171,6 +183,16 @@ in {
default = defaults.bind;
description = "Address and port bind the rest server.";
};
mail-debug = mkOption {
type = types.bool;
default = defaults.mail-debug;
description = ''
Enable or disable debugging for e-mail related functionality. This
applies to both sending and receiving mails. For security reasons
logging is not very extensive on authentication failures. Setting
this to true, results in a lot of data printed to stdout.
'';
};
jdbc = mkOption {
type = types.submodule ({
@ -306,6 +328,54 @@ in {
'';
};
user-tasks = mkOption {
type = types.submodule({
options = {
scan-mailbox = mkOption {
type = types.submodule({
options = {
max-folders = mkOption {
type = types.int;
default = defaults.user-tasks.scan-mailbox.max-folders;
description = ''
A limit of how many folders to scan through. If a user
configures more than this, only upto this limit folders are
scanned and a warning is logged.
'';
};
mail-chunk-size = mkOption {
type = types.int;
default = defaults.user-tasks.scan-mailbox.mail-chunk-size;
description = ''
How many mails (headers only) to retrieve in one chunk.
If this is greater than `max-mails' it is set automatically to
the value of `max-mails'.
'';
};
max-mails = mkOption {
type = types.int;
default = defaults.user-tasks.scan-mailbox.max-mails;
description = ''
A limit on how many mails to process in one job run. This is
meant to avoid too heavy resource allocation to one
user/collective.
If more than this number of mails is encountered, a warning is
logged.
'';
};
};
});
default = defaults.user-tasks.scan-mailbox;
description = "Allows to import e-mails by scanning a mailbox.";
};
};
});
default = defaults.user-tasks;
description = "Configuration for the user tasks.";
};
house-keeping = mkOption {
type = types.submodule({
options = {
@ -758,6 +828,38 @@ in {
path below via the `program` key.
'';
};
files = mkOption {
type = types.submodule({
options = {
chunk-size = mkOption {
type = types.int;
default = defaults.files.chunk-size;
description = ''
Defines the chunk size (in bytes) used to store the files.
This will affect the memory footprint when uploading and
downloading files. At most this amount is loaded into RAM for
down- and uploading.
It also defines the chunk size used for the blobs inside the
database.
'';
};
valid-mime-types = mkOption {
type = types.listOf types.str;
default = defaults.files.valid-mime-types;
description = ''
The file content types that are considered valid. Docspell
will only pass these files to processing. The processing code
itself has also checks for which files are supported and which
not. This affects the uploading part and is a first check to
avoid that 'bad' files get into the system.
'';
};
};
});
default = defaults.files;
description= "Settings for how files are stored.";
};
};
};

131
nix/module-server.nix
View File

@ -17,6 +17,25 @@ let
address = "localhost";
port = 7880;
};
integration-endpoint = {
enabled = false;
priority = "low";
allowed-ips = {
enabled = true;
ips = [ "127.0.0.1" ];
};
http-basic = {
enabled = false;
realm = "Docspell Integration";
user = "docspell-int";
password = "docspell-int";
};
http-header = {
enabled = false;
header-name = "Docspell-Integration";
header-value = "some-secret";
};
};
auth = {
server-secret = "hex:caffee";
session-valid = "5 minutes";
@ -126,6 +145,118 @@ in {
description = "Authentication";
};
integration-endpoint = mkOption {
type = types.submodule({
options = {
enabled = mkOption {
type = types.bool;
default = defaults.integration-endpoint.enabled;
description = "Whether the endpoint is globally enabled or disabled.";
};
priority = mkOption {
type = types.str;
default = defaults.integration-endpoint.priority;
description = "The priority to use when submitting files through this endpoint.";
};
allowed-ips = mkOption {
type = types.submodule({
options = {
enabled = mkOption {
type = types.bool;
default = defaults.integration-endpoint.allowed-ips.enabled;
description = "Enable/Disable this protection";
};
ips = mkOption {
type = types.listOf types.str;
default = defaults.integration-endpoint.allowed-ips.ips;
description = "The ips/ip patterns to allow";
};
};
});
default = defaults.integration-endpoint.allowed-ips;
description = ''
IPv4 addresses to allow access. An empty list, if enabled,
prohibits all requests. IP addresses may be specified as simple
globs: a part marked as `*' matches any octet, like in
`192.168.*.*`. The `127.0.0.1' (the default) matches the
loopback address.
'';
};
http-basic = mkOption {
type = types.submodule({
options = {
enabled = mkOption {
type = types.bool;
default = defaults.integration-endpoint.http-basic.enabled;
description = "Enable/Disable this protection";
};
realm = mkOption {
type = types.str;
default = defaults.integration-endpoint.http-basic.realm;
description = "The realm name to provide to the client.";
};
user = mkOption {
type = types.str;
default = defaults.integration-endpoint.http-basic.user;
description = "The user name to check.";
};
password = mkOption {
type = types.str;
default = defaults.integration-endpoint.http-basic.password;
description = "The password to check.";
};
};
});
default = defaults.integration-endpoint.http-basic;
description = ''
Requests are expected to use http basic auth when uploading files.
'';
};
http-header = mkOption {
type = types.submodule({
options = {
enabled = mkOption {
type = types.bool;
default = defaults.integration-endpoint.http-header.enabled;
description = "Enable/Disable this protection";
};
header-name = mkOption {
type = types.str;
default = defaults.integration-endpoint.http-header.header-name;
description = "The header to extract from the request.";
};
header-value = mkOption {
type = types.str;
default = defaults.integration-endpoint.http-basic.header-value;
description = "The value of the header to check.";
};
};
});
default = defaults.integration-endpoint.http-header;
description = ''
Requests are expected to supply some specific header when
uploading files.
'';
};
};
});
default = defaults.integration-endpoint;
description = ''
This endpoint allows to upload files to any collective. The
intention is that local software integrates with docspell more
easily. Therefore the endpoint is not protected by the usual
means.
For security reasons, this endpoint is disabled by default. If
enabled, you can choose from some ways to protect it. It may be a
good idea to further protect this endpoint using a firewall, such
that outside traffic is not routed.
NOTE: If all protection methods are disabled, the endpoint is not
protected at all!
'';
};
backend = mkOption {
type = types.submodule({
options = {