From 821d99f17c9dd5660e5c450e4435616178ae4c73 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Fri, 14 Feb 2025 14:34:33 +0100 Subject: ... --- hosts/vidhar/default.nix | 2 +- hosts/vidhar/network/ruleset.nft | 4 ++++ hosts/vidhar/paperless/default.nix | 25 +++++++++++++++++++++++++ hosts/vidhar/paperless/rootpw | 24 ++++++++++++++++++++++++ 4 files changed, 54 insertions(+), 1 deletion(-) create mode 100644 hosts/vidhar/paperless/default.nix create mode 100644 hosts/vidhar/paperless/rootpw (limited to 'hosts/vidhar') diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix index b0797d8a..9660931d 100644 --- a/hosts/vidhar/default.nix +++ b/hosts/vidhar/default.nix @@ -4,7 +4,7 @@ with lib; { imports = with flake.nixosModules.systemProfiles; [ - ./zfs.nix ./network ./samba.nix ./dns ./prometheus ./borg ./pgbackrest ./postgresql.nix ./immich.nix + ./zfs.nix ./network ./samba.nix ./dns ./prometheus ./borg ./pgbackrest ./postgresql.nix ./immich.nix ./paperless tmpfs-root zfs initrd-all-crypto-modules default-locale openssh rebuild-machines build-server diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft index 10fd4c51..3ead8fac 100644 --- a/hosts/vidhar/network/ruleset.nft +++ b/hosts/vidhar/network/ruleset.nft @@ -92,6 +92,7 @@ table inet filter { counter tftp-rx {} counter pgbackrest-rx {} counter immich-rx {} + counter paperless-rx {} counter established-rx {} @@ -121,6 +122,7 @@ table inet filter { counter tftp-tx {} counter pgbackrest-tx {} counter immich-tx {} + counter paperless-tx {} counter tx {} @@ -197,6 +199,7 @@ table inet filter { tcp dport 8432 counter name pgbackrest-rx accept iifname bifrost tcp dport 2283 ip6 saddr $bifrost_surtr counter name immich-rx accept + iifname bifrost tcp dport 28981 ip6 saddr $bifrost_surtr counter name paperless-rx accept ct state { established, related } counter name established-rx accept @@ -246,6 +249,7 @@ table inet filter { tcp sport 8432 counter name pgbackrest-tx accept iifname bifrost tcp sport 2283 ip6 daddr $bifrost_surtr counter name immich-tx accept + iifname bifrost tcp sport 28981 ip6 daddr $bifrost_surtr counter name paperless-tx accept counter name tx diff --git a/hosts/vidhar/paperless/default.nix b/hosts/vidhar/paperless/default.nix new file mode 100644 index 00000000..34cd18c4 --- /dev/null +++ b/hosts/vidhar/paperless/default.nix @@ -0,0 +1,25 @@ +{ config, ... }: + +{ + config = { + services.paperless = { + enable = true; + address = "[2a03:4000:52:ada:4:1::]"; + passwordFile = config.sops.secrets."paperless-rootpw".path; + settings = { + PAPERLESS_OCR_LANGUAGE = "deu+eng"; + PAPERLESS_URL = "https://paperless.yggdrasil.li"; + PAPERLESS_FILENAME_FORMAT = "{{ created_year }}/{{ document_type }}/{{ correspondent }}/{{ created }}_{{ doc_pk }}_{{ title }}"; + PAPERLESS_FILENAME_FORMAT_REMOVE_NONE = "true"; + PAPERLESS_TASK_WORKERS = "3"; + PAPERLESS_THREADS_PER_WORKER = "4"; + }; + database.createLocally = true; + }; + + sops.secrets."paperless-rootpw" = { + format = "binary"; + sopsFile = ./rootpw; + }; + }; +} diff --git a/hosts/vidhar/paperless/rootpw b/hosts/vidhar/paperless/rootpw new file mode 100644 index 00000000..11f48fcb --- /dev/null +++ b/hosts/vidhar/paperless/rootpw @@ -0,0 +1,24 @@ +{ + "data": "ENC[AES256_GCM,data:Bsns3bLs7aA++eTf2Vh4g2iAXhmrMRTF,iv:zQ6hgXEvgHAloN6UMW54f2nYCvEhHPXQSBVSihHFiC0=,tag:uiGTEs07dpx12PcAjmbr9Q==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlVUJjdEdIZGd6UDJBRXlL\nODFyWDhHOU9oTEVCVlFiUXVXNm9XZmVuampVCkJ0YkFXTlZXVnRldmtlVkJaR3R2\nMFhpaHB5M3pLeDFkUkkzMUFydGNnOFEKLS0tIEJtNWc0V2JaaWYvQlp6TGxVdVZO\neVpzQzB5Um82TUZOeHBHeE50MGlqNWsKj1P54Fc+c5n35+Og9DwBWkvW947hgFsp\ni/G2QcaLHHJMTexTCZYsr1naSVa/cMBAbrZmtjz0HV4Q1kCJtvlrIg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1UG1QSWtXcFZoQVRBOC9D\nT2VnTW9pcTRCMForcHdZVld0c1NmNFZpWUNBCkRkMERKUVliYXRqb25saWxyb2JN\nbC9YL2ZQbytRM0ZjNmlQOTlTZTQrV2sKLS0tIFZyUWtRcXNqZUZxMGN5d0tHUng2\nVXNSdFEwMmtIVEdVRVlWeVU1YmJVSkUKRJa42k551QtiC6S0tmMv7eVN7GRqpXWz\nvzNh+BM9TOJNaTMmVesr4vXNDLOSFS3PxYv95xuOBzVg3zOHuai72g==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-02-13T19:20:33Z", + "mac": "ENC[AES256_GCM,data:mG6AC3L8MMeZ0Ajr7zV1mzPcHviQw2adtGjSbrbPRw1xqN7siu6svoybv8xkahP2Grq/xKAiyfXFOFo7Uyc3ub5fSovAEolNazqybZYsyam5vHpeC23dXcEkZUJSPJ9/CSB5uI9nX3NPC64QUjCxHZ7qfH5gcXT9D12H8LSqKlQ=,iv:4Skdj8l9jlTX9Unc2xE2hCKVawHBnHR8L4kZA6H8xNw=,tag:zJsJ3S//faAn7AGwLefNoA==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.4" + } +} \ No newline at end of file -- cgit v1.2.3