about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--nixos/kanata/configuration.nix10
-rw-r--r--nixos/kanata/secrets/secrets.yaml5
2 files changed, 13 insertions, 2 deletions
diff --git a/nixos/kanata/configuration.nix b/nixos/kanata/configuration.nix
index b927a86..dbf7c29 100644
--- a/nixos/kanata/configuration.nix
+++ b/nixos/kanata/configuration.nix
@@ -104,6 +104,7 @@ in
   # TODO: insecure?
   sops.secrets.invidious-hmac = { mode = "0444"; };
   sops.secrets.transmission-extra-config = { owner = "transmission"; };
+  sops.secrets.paperless-superuser-password = { owner = "paperless"; };
 
   boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
   boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
@@ -158,6 +159,7 @@ in
         "hydra.kusanari.network".to = "http://localhost:4004";
         "cache.kusanari.network".to = "http://localhost:4005";
         "torrent.kusanari.network".to = "http://localhost:4006";
+        "paperless.kusanari.network".to = "http://localhost:4007";
 
         # Nginx pre-configured routes
         "nextcloud.kusanari.network" = {
@@ -195,6 +197,7 @@ in
             "hydra"
             "cache"
             "torrent"
+            "paperless"
           ];
         };
       };
@@ -272,6 +275,13 @@ in
 
       secrets.transmission-extra-config = config.sops.secrets.transmission-extra-config.path;
     };
+
+    services.paperless = {
+      enable = true;
+
+      realHost = "paperless.kusanari.network";
+      secrets.paperless-superuser-password = config.sops.secrets.paperless-superuser-password.path;
+    };
   };
 
   containers.v-interlink = {
diff --git a/nixos/kanata/secrets/secrets.yaml b/nixos/kanata/secrets/secrets.yaml
index 790e962..3bac365 100644
--- a/nixos/kanata/secrets/secrets.yaml
+++ b/nixos/kanata/secrets/secrets.yaml
@@ -14,6 +14,7 @@ interlink-ovpn: ENC[AES256_GCM,data:eCcze1jErXzqSy60D37kJQ28ictd/8k1lyVASHTHwiYc
 proton-private-key: ENC[AES256_GCM,data:OnZGYf/203XOLXyDRIqrRKwLe0cN2c0RF+CkwwNtttP+ACD3AJCY0rNgKoc=,iv:IWFF95Z3r+OuSu+GfJWJjwRv5b9KZSKGMuxSnkRGqlg=,tag:QvDBvSzzGxwawhaio47MEQ==,type:str]
 attic-credentials: ENC[AES256_GCM,data:S25D1E4kTp2Nre1uu1WWVV1jrEpQtPz5+5XQ/W0pr0CF5pFm0UEyGn2XdJKQzyM5CYSCo581JeJNMtTKIwEKm8lYY9X5e8Jgwe2o5f5YRwmHSfvK1UAJoUdM7Q0FaAcVTU3bNis1dClqDvB0QbNjF1xsYCKCgZRe8TSenmJgPjA=,iv:m+UzkoVsEfUtKIYaGZIej4efhVuWN4EKCqMamlQwWaI=,tag:vBPq0JkRDbKmyw9qLbh1gg==,type:str]
 transmission-extra-config: ENC[AES256_GCM,data:lyZ8Nkjp0Mjm4HFDqRN1G6iyBksHT6dKKQDSO8Br1DpXxKLDBclQ4L2F1FqQJ3OB/7o4EqWFX8J1ZjVYDCQkQnhr6v13glvFciICQ99hPsypUS349936vDCgEF/WP0RAHOsaRq81JnMDegZvEg==,iv:bfN2oEfQ3uk4i6hwHp2ZdYCf3l7Kb0EoXSEGyOSB8CM=,tag:fZkMayEJiXzifTCiVLJq6w==,type:str]
+paperless-superuser-password: ENC[AES256_GCM,data:YneS5djuKQ77xxBjGz8lHOfqDjhMrDuEiqGC12SQlHRGrw==,iv:GbVZUi++2hEOwHIzphEkDiFyKS4Uk5hiYywntbURPNc=,tag:PbTj0V6zQpMqi5dF3wct/A==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -38,8 +39,8 @@ sops:
             YkRGS2ZBbm1keWpUQUFOWDRtTWZVa0EKc+lKEP0L/yoFLx6p1zbWfifPWc7Y9Qqh
             qccODSyHqzwdriHLxXuw9SCnF+SeA721te6+pDVhJj8vqv2UqHiATw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-02-24T19:35:52Z"
-    mac: ENC[AES256_GCM,data:4L+MQUbimb6JIcJrQhLig0qs3Z9iKbD2BQ/nEGXwAfYc4ikPK8M+aR0tWls/SePSJL5XnZ5dKUZQpIrhWE9gBYsZSogI/ECj59Q3IqahWF+RCecqTzCKQ7njDIyZbpQ+lLf6iZ/EcCU+ZawTaXlZAfpDyAmrHXd5CsXJMzRYfEk=,iv:NOKH3m+KGpSWgQIX4owd/jYbA9NKH4TgpEsn2ZpUx5k=,tag:bHrZCIs7xdlh+hiS/CRENg==,type:str]
+    lastmodified: "2024-03-06T14:06:46Z"
+    mac: ENC[AES256_GCM,data:27ze/GyfM8wB3/5ZE61Uv1y+3GE9rL5j3qGdOZA3tPLlmsaT6Lnuob6f0iECu62saeg+KCBSUHBoXvjxWccXdB6Kxxg3WS9kCOHfDYxcTvX7h1yMNvOpq60M0Man47hqiGc1cDbDj7NMlah1oNr8FjMDkH+7LFiHOKPen3KOZ6M=,iv:hxEkykRSr6F5Rb3AsDoARC5Rn6pRBFlw7LedklTlE7I=,tag:Ee9Fl55wR1WjfVsBPV2vSw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1