diff --git a/modules/nixos/programs/sops/secrets/secrets.yaml b/modules/nixos/programs/sops/secrets/secrets.yaml index fe8a98b..30a5ade 100644 --- a/modules/nixos/programs/sops/secrets/secrets.yaml +++ b/modules/nixos/programs/sops/secrets/secrets.yaml @@ -6,6 +6,7 @@ duckdns: ENC[AES256_GCM,data:QslHkm7T0PIx3WbYDi1wILL1ap1R/vRdjTu448DxQxdHdxOX,iv services: conduwuit: ENC[AES256_GCM,data:1shEq67QJTkeqrfYSr/eYG7gYWH//5ey6XQ=,iv:hy5wQmue8qU4ALfn9BrNQLnsTk8BsVVXY/8bDj18mXk=,tag:h6+hL0HjgSzd15Kc7Zg4ng==,type:str] nextcloud: ENC[AES256_GCM,data:YLRMhChTu/UQI+HIcUjNFFK+CfSCl2+0kfSkSfauAftRO2A1VHhyCjP5,iv:DLfhSvNRWXVU5XE3SwV4vZmAQI2ZVa+ak/g5Nu+Fgcg=,tag:K3nWfJRNxodeMkxGG3ljmg==,type:str] + paperless: ENC[AES256_GCM,data:VjbEtwfY4T0Bpb+iutN7kDMqgcRy4ThQJiVyCHHT,iv:rlWB0ZfFYuKkpAfIzxryySH+Zl8hLf6c9UTjv1hVDVI=,tag:gHFoJZoKFOVupmE2VSJOoA==,type:str] gitlab: dbPassword: ENC[AES256_GCM,data:itn9xyNZO+xkSk0GKvLzjLRzM0uZ+TalqLtj6tyjKXM=,iv:U8bX/On89wz6Lz4R2/fZ+FWRObehlnjFhUQdAhmxb60=,tag:oEbee14jCGfRs8i5bJZ5FA==,type:str] rootPassword: ENC[AES256_GCM,data:lXq+GIn6ooTzZL4iMYFzx3kn8gdcdsNaLQ/zVCr75Nw=,iv:mGp9gxL9uABpbod/ZNNyEllBbcfrQuFG4pQgs0v/xbk=,tag:CZzj4hauh/Qi8fvtmaZ/KQ==,type:str] @@ -54,7 +55,7 @@ sops: MU43ZWEwMXEwdGx5d0hUNlhiaGdjWU0K9UoNQOnMxTy0KdfiYOgm0TxH5qFUV3gi f7z2RzR44ndf0nHwIzr8e1bmF9q5mc685Wq9qyM7aLCE+yUU/vUO7Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-09-27T10:21:51Z" - mac: ENC[AES256_GCM,data:v6ILZvhNZQpUK/thuVUQpqFnIjt5ysydQf290Y4yoZU2auQUzXdYQYHl/aREqR08bGOBSNzD+dcVvgYcKJ84MjTDuRjs60NeSSoz3/x6345TSk7EhhNr/cNlnL/AxnSkWnuq17AZxC4HfDQZW85m1o4QpFoyK0ZLoraVbIuikdg=,iv:a4F0KyATjqP9zeVPusRho6IWP4qOgLkmIQsaRTBIqKw=,tag:rRJmdtgCCa41G5E2JdlHGw==,type:str] + lastmodified: "2025-09-27T15:04:27Z" + mac: ENC[AES256_GCM,data:rc46drO7xZKo9ibkbOn88PXr+80zPFmnfxhFItWccg76vQWXSwUqVhz2dpwb5HUpkk1kxw0MBStNzSTXkOufvSq2LJeDSVb4SGAhxe4FuXqIfam/nGiviS9UKJkNw8fZe7a9hH7mf5SviD3rR60LYo0xaxAk89qWDVChF09L8MY=,iv:s/+ZBQM/4AV6TbNJVDU4xmovK6iz1HBugsCST7tQA04=,tag:YsaQBg/IQFqsL/uEg8fCpw==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 diff --git a/systems/x86_64-linux/stargate/services/nginx.nix b/systems/x86_64-linux/stargate/services/nginx.nix index d9e2c30..d8039db 100644 --- a/systems/x86_64-linux/stargate/services/nginx.nix +++ b/systems/x86_64-linux/stargate/services/nginx.nix @@ -76,6 +76,15 @@ in { proxyPass = "http://[::1]${config.services.ntfy-sh.settings.listen-http}"; }; }; + "paperless.kylekrein.com" = { + enableACME = true; + forceSSL = true; + locations."/" = let + cfg = config.services.paperless; + in { + proxyPass = "http://${cfg.address}:${cfg.port}"; + }; + }; }; }; diff --git a/systems/x86_64-linux/stargate/services/paperless.nix b/systems/x86_64-linux/stargate/services/paperless.nix new file mode 100644 index 0000000..85f138a --- /dev/null +++ b/systems/x86_64-linux/stargate/services/paperless.nix @@ -0,0 +1,35 @@ +{ + lib, + pkgs, + inputs, + namespace, + system, + target, + format, + virtual, + systems, + config, + ... +}: +with lib; +with lib.custom; { + sops.secrets."services/paperless" = {owner = config.services.paperless.user;}; + services.paperless = { + enable = true; + passwordFile = config.sops.secrets."services/paperless".path; + consumptionDirIsPublic = false; + database.createLocally = true; + settings = { + PAPERLESS_CONSUMER_IGNORE_PATTERN = [ + ".DS_STORE/*" + "desktop.ini" + ]; + PAPERLESS_OCR_LANGUAGE = "deu+eng+rus"; + PAPERLESS_OCR_USER_ARGS = { + optimize = 1; + pdfa_image_compression = "lossless"; + }; + PAPERLESS_URL = "https://paperless.kylekrein.com"; + }; + }; +}