add paperless

2026-01-10 17:34:05 -05:00 · 2025-12-01 15:00:49 -05:00 · 2025-12-01 15:00:49 -05:00 · ad7868091d
commit ad7868091d
parent 5718c8ca6d
4 changed files with 48 additions and 5 deletions
--- a/flake.lock
+++ b/flake.lock
@ -188,11 +188,11 @@
        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
-        "lastModified": 1763998918,
-        "narHash": "sha256-Vdg2RCNaAaywYFqPMYACHLnI80xCWkVFzg0SPr2Ud18=",
+        "lastModified": 1764617867,
+        "narHash": "sha256-iigvIg3I5B4yNCuTshSZ13lpN6Y973n9QRxqFGLq2Yo=",
        "ref": "refs/heads/master",
-        "rev": "f8625c1ebf9a1a300a976297ff51c776b52896af",
-        "revCount": 155,
+        "rev": "ea12e57e4185cb3673e3dcb7e7dbc0ef386a3ec3",
+        "revCount": 156,
        "type": "git",
        "url": "ssh://git@github.com/TheWanderingCrow/nix-secrets"
      },
--- a/hosts/nixos/HandlerOne/backup.nix
+++ b/hosts/nixos/HandlerOne/backup.nix
@ -24,6 +24,7 @@ let
      "${volumePath}/actualbudget"

      "/var/lib/tuwunel"
+      "/var/lib/paperless/export"

      # flamesites
      "${volumePath}/flamesites/swgalaxyproject"
--- a/hosts/nixos/HandlerOne/default.nix
+++ b/hosts/nixos/HandlerOne/default.nix
@ -53,7 +53,7 @@
      "modules/services/ntfy-sh"
      "modules/services/mesh/client.nix"
      "modules/services/auth-provider"
-      "modules/services/ollama/proxy.nix" # Just host the proxy path back to Parzival
+      "modules/services/paperless"
      "modules/services/netbox"
      "modules/services/matrix"
      "modules/services/freshrss"
--- a/modules/services/paperless/default.nix
+++ b/modules/services/paperless/default.nix
@ -0,0 +1,42 @@
+{ inputs, config, ... }:
+let
+  cfg = config.services.paperless;
+  sopsFolder = inputs.nix-secrets + "/sops";
+in
+{
+  services.caddy.virtualHosts."paperless.wanderingcrow.net".extraConfig = ''
+    reverse_proxy http://${cfg.address}:${builtins.toString cfg.port}
+  '';
+
+  sops = {
+    secrets."paperless/oidc/client" = {
+      sopsFile = "${sopsFolder}/services.yaml";
+    };
+    secrets."paperless/oidc/secret" = {
+      sopsFile = "${sopsFolder}/services.yaml";
+    };
+
+    templates."paperless-env".content = ''
+      PAPERLESS_SOCIALACCOUNT_PROVIDERS={"openid_connect":{"SCOPE":["openid","profile","email"],"OAUTH_PKCE_ENABLED":true,"APPS":[{"provider_id":"pocket-id","name":"Pocket-ID","client_id":"${
+        config.sops.placeholder."paperless/oidc/client"
+      }","secret":"${
+        config.sops.placeholder."paperless/oidc/secret"
+      }","settings":{"server_url":"https://auth.wanderingcrow.net"}}]}}
+    '';
+  };
+
+  services.paperless = {
+    enable = true;
+    domain = "paperless.wanderingcrow.net";
+    database.createLocally = true;
+    address = "127.0.0.1";
+    port = 28981;
+    exporter.enable = true;
+    settings = {
+      PAPERLESS_APPS = "allauth.socialaccount.providers.openid_connect";
+      PAPERLESS_DISABLE_REGULAR_LOGIN = true;
+      PAPERLESS_REDIRECT_LOGIN_TO_SSO = true;
+    };
+    environmentFile = config.sops.templates."paperless-env".path;
+  };
+}