add paperless

2026-01-11 01:34:08 -05:00 · 2025-12-01 15:00:49 -05:00 · 2025-12-01 15:00:49 -05:00 · ad7868091d
commit ad7868091d
parent 5718c8ca6d
4 changed files with 48 additions and 5 deletions
--- a/modules/services/paperless/default.nix
+++ b/modules/services/paperless/default.nix
@ -0,0 +1,42 @@
+{ inputs, config, ... }:
+let
+  cfg = config.services.paperless;
+  sopsFolder = inputs.nix-secrets + "/sops";
+in
+{
+  services.caddy.virtualHosts."paperless.wanderingcrow.net".extraConfig = ''
+    reverse_proxy http://${cfg.address}:${builtins.toString cfg.port}
+  '';
+
+  sops = {
+    secrets."paperless/oidc/client" = {
+      sopsFile = "${sopsFolder}/services.yaml";
+    };
+    secrets."paperless/oidc/secret" = {
+      sopsFile = "${sopsFolder}/services.yaml";
+    };
+
+    templates."paperless-env".content = ''
+      PAPERLESS_SOCIALACCOUNT_PROVIDERS={"openid_connect":{"SCOPE":["openid","profile","email"],"OAUTH_PKCE_ENABLED":true,"APPS":[{"provider_id":"pocket-id","name":"Pocket-ID","client_id":"${
+        config.sops.placeholder."paperless/oidc/client"
+      }","secret":"${
+        config.sops.placeholder."paperless/oidc/secret"
+      }","settings":{"server_url":"https://auth.wanderingcrow.net"}}]}}
+    '';
+  };
+
+  services.paperless = {
+    enable = true;
+    domain = "paperless.wanderingcrow.net";
+    database.createLocally = true;
+    address = "127.0.0.1";
+    port = 28981;
+    exporter.enable = true;
+    settings = {
+      PAPERLESS_APPS = "allauth.socialaccount.providers.openid_connect";
+      PAPERLESS_DISABLE_REGULAR_LOGIN = true;
+      PAPERLESS_REDIRECT_LOGIN_TO_SSO = true;
+    };
+    environmentFile = config.sops.templates."paperless-env".path;
+  };
+}