From c4cca4716af486fef4dd98e101433849f413a5f6 Mon Sep 17 00:00:00 2001 From: sefidel Date: Wed, 6 Mar 2024 23:29:25 +0900 Subject: feat(nixos/kanata): configure paperless --- nixos/kanata/configuration.nix | 10 ++++++++++ nixos/kanata/secrets/secrets.yaml | 5 +++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/nixos/kanata/configuration.nix b/nixos/kanata/configuration.nix index b927a86..dbf7c29 100644 --- a/nixos/kanata/configuration.nix +++ b/nixos/kanata/configuration.nix @@ -104,6 +104,7 @@ in # TODO: insecure? sops.secrets.invidious-hmac = { mode = "0444"; }; sops.secrets.transmission-extra-config = { owner = "transmission"; }; + sops.secrets.paperless-superuser-password = { owner = "paperless"; }; boot.kernel.sysctl."net.ipv4.ip_forward" = 1; boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1; @@ -158,6 +159,7 @@ in "hydra.kusanari.network".to = "http://localhost:4004"; "cache.kusanari.network".to = "http://localhost:4005"; "torrent.kusanari.network".to = "http://localhost:4006"; + "paperless.kusanari.network".to = "http://localhost:4007"; # Nginx pre-configured routes "nextcloud.kusanari.network" = { @@ -195,6 +197,7 @@ in "hydra" "cache" "torrent" + "paperless" ]; }; }; @@ -272,6 +275,13 @@ in secrets.transmission-extra-config = config.sops.secrets.transmission-extra-config.path; }; + + services.paperless = { + enable = true; + + realHost = "paperless.kusanari.network"; + secrets.paperless-superuser-password = config.sops.secrets.paperless-superuser-password.path; + }; }; containers.v-interlink = { diff --git a/nixos/kanata/secrets/secrets.yaml b/nixos/kanata/secrets/secrets.yaml index 790e962..3bac365 100644 --- a/nixos/kanata/secrets/secrets.yaml +++ b/nixos/kanata/secrets/secrets.yaml @@ -14,6 +14,7 @@ interlink-ovpn: ENC[AES256_GCM,data:eCcze1jErXzqSy60D37kJQ28ictd/8k1lyVASHTHwiYc proton-private-key: ENC[AES256_GCM,data:OnZGYf/203XOLXyDRIqrRKwLe0cN2c0RF+CkwwNtttP+ACD3AJCY0rNgKoc=,iv:IWFF95Z3r+OuSu+GfJWJjwRv5b9KZSKGMuxSnkRGqlg=,tag:QvDBvSzzGxwawhaio47MEQ==,type:str] attic-credentials: ENC[AES256_GCM,data:S25D1E4kTp2Nre1uu1WWVV1jrEpQtPz5+5XQ/W0pr0CF5pFm0UEyGn2XdJKQzyM5CYSCo581JeJNMtTKIwEKm8lYY9X5e8Jgwe2o5f5YRwmHSfvK1UAJoUdM7Q0FaAcVTU3bNis1dClqDvB0QbNjF1xsYCKCgZRe8TSenmJgPjA=,iv:m+UzkoVsEfUtKIYaGZIej4efhVuWN4EKCqMamlQwWaI=,tag:vBPq0JkRDbKmyw9qLbh1gg==,type:str] transmission-extra-config: ENC[AES256_GCM,data:lyZ8Nkjp0Mjm4HFDqRN1G6iyBksHT6dKKQDSO8Br1DpXxKLDBclQ4L2F1FqQJ3OB/7o4EqWFX8J1ZjVYDCQkQnhr6v13glvFciICQ99hPsypUS349936vDCgEF/WP0RAHOsaRq81JnMDegZvEg==,iv:bfN2oEfQ3uk4i6hwHp2ZdYCf3l7Kb0EoXSEGyOSB8CM=,tag:fZkMayEJiXzifTCiVLJq6w==,type:str] +paperless-superuser-password: ENC[AES256_GCM,data:YneS5djuKQ77xxBjGz8lHOfqDjhMrDuEiqGC12SQlHRGrw==,iv:GbVZUi++2hEOwHIzphEkDiFyKS4Uk5hiYywntbURPNc=,tag:PbTj0V6zQpMqi5dF3wct/A==,type:str] sops: kms: [] gcp_kms: [] @@ -38,8 +39,8 @@ sops: YkRGS2ZBbm1keWpUQUFOWDRtTWZVa0EKc+lKEP0L/yoFLx6p1zbWfifPWc7Y9Qqh qccODSyHqzwdriHLxXuw9SCnF+SeA721te6+pDVhJj8vqv2UqHiATw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-24T19:35:52Z" - mac: ENC[AES256_GCM,data:4L+MQUbimb6JIcJrQhLig0qs3Z9iKbD2BQ/nEGXwAfYc4ikPK8M+aR0tWls/SePSJL5XnZ5dKUZQpIrhWE9gBYsZSogI/ECj59Q3IqahWF+RCecqTzCKQ7njDIyZbpQ+lLf6iZ/EcCU+ZawTaXlZAfpDyAmrHXd5CsXJMzRYfEk=,iv:NOKH3m+KGpSWgQIX4owd/jYbA9NKH4TgpEsn2ZpUx5k=,tag:bHrZCIs7xdlh+hiS/CRENg==,type:str] + lastmodified: "2024-03-06T14:06:46Z" + mac: ENC[AES256_GCM,data:27ze/GyfM8wB3/5ZE61Uv1y+3GE9rL5j3qGdOZA3tPLlmsaT6Lnuob6f0iECu62saeg+KCBSUHBoXvjxWccXdB6Kxxg3WS9kCOHfDYxcTvX7h1yMNvOpq60M0Man47hqiGc1cDbDj7NMlah1oNr8FjMDkH+7LFiHOKPen3KOZ6M=,iv:hxEkykRSr6F5Rb3AsDoARC5Rn6pRBFlw7LedklTlE7I=,tag:Ee9Fl55wR1WjfVsBPV2vSw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 -- cgit 1.4.1