pazpi/nix
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions
nix/hosts/paperless/default.nix
pazpi 0b0ddfc2f9 New service: Paperless-ngx
2025-05-05 22:42:35 +02:00

96 lines
2.7 KiB
Nix
Raw Blame History

{
config,
pkgs,
lib,
...
}:
let
p = import ../parameters.nix;
in
{
age.secrets = {
paperless-admin = {
file = ../../secrets/paperless-admin.age;
mode = "770";
owner = config.services.paperless.user;
group = config.services.paperless.user;
};
paperless-oauth2-client-secret = {
file = ../../secrets/paperless-oauth2-client-secret.age;
mode = "770";
owner = config.services.paperless.user;
group = config.services.paperless.user;
};
};
my = {
utils = {
commons.enable = true;
lxc-standard.enable = true;
};
services.paperless = {
enable = true;
passwordFile = config.age.secrets.paperless-admin.path;
mediaDir = "/mnt/nas01/documents/paperless";
settings = {
PAPERLESS_APPS = "allauth.socialaccount.providers.openid_connect";
# PAPERLESS_SOCIALACCOUNT_PROVIDERS_FILE = config.age.secrets.paperless-oicd.path;
PAPERLESS_SOCIALACCOUNT_PROVIDERS = builtins.toJSON ({
openid_connect = {
OAUTH_PKCE_ENABLED = true;
APPS = [
{
provider_id = "authentik";
name = "authentik";
client_id = "MxETd4SMhYqRX6rhFvr8I4k6hCc6HDKvojVD2PQh";
settings = {
server_url = "https://auth.pasetto.me/application/o/paperless/.well-known/openid-configuration";
oauth_pkce_enabled = true;
};
}
];
};
});
PAPERLESS_SOCIAL_AUTO_SIGNUP = true;
PAPERLESS_SOCIALACCOUNT_ALLOW_SIGNUPS = true;
PAPERLESS_ACCOUNT_ALLOW_SIGNUPS = false;
PAPERLESS_ACCOUNT_EMAIL_VERIFICATION = "none";
PAPERLESS_DISABLE_REGULAR_LOGIN = false;
PAPERLESS_REDIRECT_LOGIN_TO_SSO = false;
PAPERLESS_ACCOUNT_SESSION_REMEMBER = true;
PAPERLESS_SOCIAL_ACCOUNT_SYNC_GROUPS = true;
PAPERLESS_FILENAME_FORMAT = "{{ created_year }}/{{ correspondent }}/{{ title }}";
};
proxy = {
domain = p.domains.public;
};
};
networking.nas-samba-share = {
enable = true;
allowUsers = [ config.services.paperless.user ];
};
virtualisation.proxmox.enable = true;
};
# Add secret to PAPERLESS_SOCIALACCOUNT_PROVIDERS
systemd.services.paperless-web.script = lib.mkBefore ''
oidcSecret=$(< ${config.age.secrets.paperless-oauth2-client-secret.path})
export PAPERLESS_SOCIALACCOUNT_PROVIDERS=$(
${pkgs.jq}/bin/jq <<< "$PAPERLESS_SOCIALACCOUNT_PROVIDERS" \
--compact-output \
--arg oidcSecret "$oidcSecret" '.openid_connect.APPS.[0].secret = $oidcSecret'
)
'';
# Extra packages
environment.systemPackages = with pkgs; [ ];
system.stateVersion = "24.11";
}
Reference in a new issue View git blame Copy permalink