From ad7868091d467a44e97b06997551eb386a36c3e8 Mon Sep 17 00:00:00 2001 From: TheWanderingCrow Date: Mon, 1 Dec 2025 15:00:49 -0500 Subject: [PATCH] add paperless --- flake.lock | 8 ++--- hosts/nixos/HandlerOne/backup.nix | 1 + hosts/nixos/HandlerOne/default.nix | 2 +- modules/services/paperless/default.nix | 42 ++++++++++++++++++++++++++ 4 files changed, 48 insertions(+), 5 deletions(-) create mode 100644 modules/services/paperless/default.nix diff --git a/flake.lock b/flake.lock index 14c0586..344b599 100644 --- a/flake.lock +++ b/flake.lock @@ -188,11 +188,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1763998918, - "narHash": "sha256-Vdg2RCNaAaywYFqPMYACHLnI80xCWkVFzg0SPr2Ud18=", + "lastModified": 1764617867, + "narHash": "sha256-iigvIg3I5B4yNCuTshSZ13lpN6Y973n9QRxqFGLq2Yo=", "ref": "refs/heads/master", - "rev": "f8625c1ebf9a1a300a976297ff51c776b52896af", - "revCount": 155, + "rev": "ea12e57e4185cb3673e3dcb7e7dbc0ef386a3ec3", + "revCount": 156, "type": "git", "url": "ssh://git@github.com/TheWanderingCrow/nix-secrets" }, diff --git a/hosts/nixos/HandlerOne/backup.nix b/hosts/nixos/HandlerOne/backup.nix index f178b66..e0b68b4 100644 --- a/hosts/nixos/HandlerOne/backup.nix +++ b/hosts/nixos/HandlerOne/backup.nix @@ -24,6 +24,7 @@ let "${volumePath}/actualbudget" "/var/lib/tuwunel" + "/var/lib/paperless/export" # flamesites "${volumePath}/flamesites/swgalaxyproject" diff --git a/hosts/nixos/HandlerOne/default.nix b/hosts/nixos/HandlerOne/default.nix index c3f5ea6..325abaf 100644 --- a/hosts/nixos/HandlerOne/default.nix +++ b/hosts/nixos/HandlerOne/default.nix @@ -53,7 +53,7 @@ "modules/services/ntfy-sh" "modules/services/mesh/client.nix" "modules/services/auth-provider" - "modules/services/ollama/proxy.nix" # Just host the proxy path back to Parzival + "modules/services/paperless" "modules/services/netbox" "modules/services/matrix" "modules/services/freshrss" diff --git a/modules/services/paperless/default.nix b/modules/services/paperless/default.nix new file mode 100644 index 0000000..adf0ecb --- /dev/null +++ b/modules/services/paperless/default.nix @@ -0,0 +1,42 @@ +{ inputs, config, ... }: +let + cfg = config.services.paperless; + sopsFolder = inputs.nix-secrets + "/sops"; +in +{ + services.caddy.virtualHosts."paperless.wanderingcrow.net".extraConfig = '' + reverse_proxy http://${cfg.address}:${builtins.toString cfg.port} + ''; + + sops = { + secrets."paperless/oidc/client" = { + sopsFile = "${sopsFolder}/services.yaml"; + }; + secrets."paperless/oidc/secret" = { + sopsFile = "${sopsFolder}/services.yaml"; + }; + + templates."paperless-env".content = '' + PAPERLESS_SOCIALACCOUNT_PROVIDERS={"openid_connect":{"SCOPE":["openid","profile","email"],"OAUTH_PKCE_ENABLED":true,"APPS":[{"provider_id":"pocket-id","name":"Pocket-ID","client_id":"${ + config.sops.placeholder."paperless/oidc/client" + }","secret":"${ + config.sops.placeholder."paperless/oidc/secret" + }","settings":{"server_url":"https://auth.wanderingcrow.net"}}]}} + ''; + }; + + services.paperless = { + enable = true; + domain = "paperless.wanderingcrow.net"; + database.createLocally = true; + address = "127.0.0.1"; + port = 28981; + exporter.enable = true; + settings = { + PAPERLESS_APPS = "allauth.socialaccount.providers.openid_connect"; + PAPERLESS_DISABLE_REGULAR_LOGIN = true; + PAPERLESS_REDIRECT_LOGIN_TO_SSO = true; + }; + environmentFile = config.sops.templates."paperless-env".path; + }; +}