omo: add paperless

2024-01-14 14:08:27 +01:00 · 2024-01-14 14:08:27 +01:00 · fa04725517
parent 4f6a34af08
commit fa04725517
4 changed files with 67 additions and 0 deletions
--- a/2configs/home/paperless.nix
+++ b/2configs/home/paperless.nix
@ -0,0 +1,41 @@
+{config, ... }:
+{
+  sops.secrets."omo-paperless-admin-pw".owner = "paperless";
+  services.paperless = {
+    enable = true;
+    passwordFile config.sops.secrets."omo-paperless-admin-pw".path;
+    settings = {
+      PAPERLESS_DBHOST = "/run/postgresql";
+      PAPERLESS_REDIS = "redis://localhost:6379";
+      PAPERLESS_TIKA_ENABLED = "1";
+      PAPERLESS_TIKA_GOTENBERG_ENDPOINT = "http://localhost:30300";
+      PAPERLESS_TIKA_ENDPOINT = "http://localhost:9998";
+      PAPERLESS_OCR_LANGUAGES = "de";
+    };
+  };
+
+  services.postgresql = {
+    enable = true;
+    ensureDatabases = [ "paperless" ];
+    ensureUsers = [
+      { name = config.services.paperless.user;
+        ensureDBOwnership = true;
+      }
+    ];
+  };
+
+  services.redis.enable = true;
+
+  virtualisation.oci-containers.containers = {
+    gotenberg = {
+        image = "docker.io/gotenberg/gotenberg:7.4";
+        extraOptions = [ "--network=host" ];
+        entrypoint = "gotenberg";
+        cmd = [ "--api-port=30300" "--chromium-disable-routes=true" ];
+      };
+      tika = {
+        image = "ghcr.io/paperless-ngx/tika:2.5.0-full";
+        extraOptions = [ "--network=host" ];
+      };
+  };
+}
--- a/sops/secrets/omo-paperless-admin-pw/machines/omo
+++ b/sops/secrets/omo-paperless-admin-pw/machines/omo
@ -0,0 +1 @@
+../../../machines/omo
--- a/sops/secrets/omo-paperless-admin-pw/secret
+++ b/sops/secrets/omo-paperless-admin-pw/secret
@ -0,0 +1,24 @@
+{
+	"data": "ENC[AES256_GCM,data:SfWx82CgxWYcszaInBoqRA==,iv:k40W0j/WOMK9Dd+8xnS8u4VRsnwpYYK84sdCKGXYCfA=,tag:Jed8Ra5U6RiFRxkXsQZwxg==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": [
+			{
+				"recipient": "age1g0h4fhgnfr7zvp3mqa32u24k4nlfpqmk4dvl5pwnj7t3m6zl2cfs3mw7ht",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiWkpPb3BzUHRVYnM1c2U0\ncXRTTElFQ2FIRjkxdDFPK2xzakZSZnhYcEZvCmpFeFR0RHROdDJXS1ZXK3BxRW11\naXp3QlFxM0NlMWxacHhqUmJTMG5YL2cKLS0tIEVocjd5R1hFWExqclJwTDdvdnZE\nV29KcjZnM3NvdmIrdTMvcmhJWVpLaG8K8GITEEo4eaA4ydxFifZ+/1n5sSjKVCit\nmm3OXPG6F+C8LXBT8pXZ8g+UjyquKsJ9b+kHWNeobnYCvVaIJGXwdA==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1vh6qdlxzfsy8gquvzwsfz40ezkx9m5m9q8sj4225nh3mr9lrjvrqt079mp",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyb2JWZldnNEFHUDFLczFG\nNjd5cm9ZRWEvTDdLTzVJTGYvNVdDUHJqRFdzCjNmWUxCb0Q1UVU1QktWMnVKMlpD\nMm9DYUh5OHpWQm1PTm9haFBvVm43Y1EKLS0tIHRwTUl0SHh3bnB4K05VcFFoUzlM\ncjlvM21Mekt3Q3hreUZRNGsxYVRIMW8KVd3br5iYCMymIws584sIeK1YThv6/MSu\nEab9MDdy18pVvvA6kQyV1fAR37S9hVF/iNBk7B8obbpX9g0UPjdgpw==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2024-01-14T13:04:33Z",
+		"mac": "ENC[AES256_GCM,data:NHsZEewjgA8+GXdDjAHvsM40Um/B7VO6RYmg2lOW/nVDvMeScUqRNZzkSVXIUonbsfV4WvEkbsASA7i1COt0iJIkewFi9jP2+0jI0Tnosd71quW5EeHJx//yohgqoXMK0ZaPDLJQFK1L3862BdHcrUAxyVvE237nCCxUfUJeO0A=,iv:aeNS3J0LRuFOL4YATgOLA65tubf4V7L2Qz+bXgo9trE=,tag:f5KI/AmOrEASfdbpGd5skg==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.8.1"
+	}
+}
--- a/sops/secrets/omo-paperless-admin-pw/users/makefu
+++ b/sops/secrets/omo-paperless-admin-pw/users/makefu
@ -0,0 +1 @@
+../../../users/makefu