Setup paperless

peterablehmann · May 22, 2024 · 515707f · 515707f
1 parent 61ae628
commit 515707f
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 2 deletions.
diff --git a/flake.nix b/flake.nix
@@ -111,6 +111,7 @@
         common = ./modules/common;
         monitoring = ./modules/monitoring;
         kanidm = ./modules/kanidm.nix;
+        paperless = ./modules/paperless.nix;
       };
 
       dns = (nixos-dns.utils.generate nixpkgs.legacyPackages.x86_64-linux).octodnsConfig {

diff --git a/modules/paperless.nix b/modules/paperless.nix
@@ -0,0 +1,32 @@
+{ config
+, inputs
+, ...
+}:
+let
+  domain = "paperless.xnee.net";
+in
+{
+  networking.domains.subDomains.${domain} = { };
+  security.acme.certs.${domain} = { };
+  services.nginx.virtualHosts."${domain}" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://${config.services.paperless.address}:${config.services.paperless.port}";
+    };
+  };
+
+  sops.secrets."paperless/password" = {
+    sopsFile = "${inputs.self}/secrets/ymir.yaml";
+  };
+
+  services.paperless = {
+    enable = true;
+    passwordFile = config.sops.secrets."paperless/password".path;
+    extraConfig = {
+      PAPERLESS_ADMIN_USER = "peter";
+    };
+  };
+
+  backup.paths = [ config.services.paperless.dataDir ];
+}
diff --git a/nodes/ymir/default.nix b/nodes/ymir/default.nix
@@ -8,5 +8,6 @@
     ./networking.nix
     inputs.self.nixosModules.monitoring
     inputs.self.nixosModules.kanidm
+    inputs.self.nixosModules.paperless
   ];
 }
diff --git a/secrets/ymir.yaml b/secrets/ymir.yaml
@@ -1,5 +1,7 @@
 prometheus:
     basic_auth: ENC[AES256_GCM,data:3HTaN8JcunSJDMrLzQMttGGX7XkJrpVSy/a1q+lC6UjuiOatY0ElXY2wbYY=,iv:so7hAr8ySngj9RI45m+WCqpfElX1MSv/Hr1Qb/4W4eM=,tag:D8KGSwUk6kSonBTpdWwQ5g==,type:str]
+paperless:
+    password: ENC[AES256_GCM,data:EWKtGhO3+7cwgHWOp4CvSifasVSqbmx6DHtVGBUVfgi0alK0CbpNEshlmVgsLS/ZX72TNliyiTerHWKbZz3RMw==,iv:JkdXFXTqFGbJJ2HA76KABbzSI4uGIZL0s2zNeoTOjls=,tag:A/GKvCgELrKd0bJNfv55zA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -24,8 +26,8 @@ sops:
             eWNmS0VjS0FSblM1N0x1TDBUcGQ2TEkKSXOoVWsEavX6TIv2mC+JL6kuwdQzH4BV
             Hz+X1rApE0F0oRO+0C4vMxi1aBOYqp6BzmaMUAJeiyOyQfcCyUndfQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-05-15T19:48:22Z"
-    mac: ENC[AES256_GCM,data:vdj2GsEKgX9H3kw36GAeHTpY4Ix7NE6+XviMIwZTDhDEkIbFEmOmxYiBPixEHaVseltoyvGmqLI+MQWc3YFOz/NB1BbVu0rz4df/0T5HLcNI3UA1B6/tOSLuyExlshyaaalyn4JZxiXb1rvk7JgAsz0duLnB/7c66hBW0NlIeJM=,iv:tRMrJI74CxAAjWdW8Vv4LigID9lW2gfwIb9GUoBu5ro=,tag:Js3LGFx3JOW5VCZ7kcf+7g==,type:str]
+    lastmodified: "2024-05-22T20:14:08Z"
+    mac: ENC[AES256_GCM,data:6XelrGZANvkVVa43rcArq5KgFqh9jNShOFD4tcT1QHZpvWKIg63XQA/EBgPHlvUs6JGcSO6QGLekfG7ML0vBdzoVdfcH0fVAB0P5ZiEo1FkV3UImLCPYtOimRhqhggnNHYG2dZnVTre1sVzCxtdF+tKUaZtE1fMZK2733/AZreY=,iv:1uJ+A6U8tP9UTvjQ2UHKQDZK8BcIEWrSIRYnOjK60+M=,tag:tiELhnBzPusr1wIBySeQoQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1