servius/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat(services): enable and configure Paperless service with Authelia
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m28s
Details

Browse Source
This commit is contained in:
uttarayan21
2025-08-22 02:19:41 +05:30
parent d7fdc3bebf
commit 3c4389900a
3 changed files with 41 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
nixos/mirai/services/default.nix
View File

@@ -13,6 +13,7 @@
./minecraft.nix ./minecraft.nix
./nextcloud.nix ./nextcloud.nix
./paperless.nix
./prowlarr.nix ./prowlarr.nix
./resolved.nix ./resolved.nix
./searxng.nix ./searxng.nix

41
nixos/mirai/services/paperless.nix
View File

@@ -5,22 +5,49 @@
}: { }: {
sops = { sops = {
secrets."paperless/adminpass".owner = config.users.users.paperless.name; secrets."paperless/adminpass".owner = config.users.users.paperless.name;
}; secrets."paperless/secret_key".owner = config.users.users.paperless.name;
services = { templates = {
paperless = { "PAPERLESS.env".content = ''
enable = false; PAPERLESS_APPS="allauth.socialaccount.providers.github"
passwordFile = config.sops.secrets."paperless/adminpass".path; PAPERLESS_SOCIALACCOUNT_PROVIDERS='{"authelia": {"APPS": [{"provider_id": "authelia","name": "Authelia","client_id": "${config.sops.placeholder."authelia/oidc/paperless/client_id"}","secret": "${config.sops.placeholder."authelia/oidc/paperless/client_secret"}"}]}}'
environmentFile = pkgs.writeText "paperless.env" '' # PAPERLESS_ENABLE_HTTP_REMOTE_USER=true
PAPERLESS_ENABLE_HTTP_REMOTE_USER=true
PAPERLESS_URL=https://paperless.darksailor.dev PAPERLESS_URL=https://paperless.darksailor.dev
PAPERLESS_SECRET_KEY=${config.sops.placeholder."paperless/secret_key"} PAPERLESS_SECRET_KEY=${config.sops.placeholder."paperless/secret_key"}
''; '';
}; };
};
services = {
paperless = {
enable = true;
passwordFile = config.sops.secrets."paperless/adminpass".path;
environmentFile = "${config.sops.templates."PAPERLESS.env".path}";
};
caddy = { caddy = {
virtualHosts."paperless.darksailor.dev".extraConfig = '' virtualHosts."paperless.darksailor.dev".extraConfig = ''
import auth import auth
reverse_proxy localhost:28981 reverse_proxy localhost:28981
''; '';
}; };
authelia = {
instances.darksailor = {
settings = {
access_control = {
rules = [
{
domain = "paperless.darksailor.dev";
policy = "bypass";
resources = [
"^/api([/?].*)?$"
];
}
{
domain = "paperless.darksailor.dev";
policy = "one_factor";
}
];
};
};
};
};
}; };
} }

8
secrets/secrets.yaml
View File

@@ -29,6 +29,7 @@ authelia:
client_id: ENC[AES256_GCM,data:LpB+nR7SGI2EV4YK0VptF5zJ6Ai/LDfikUpoAnFWnT8krMOQ/voqjS6jhqaFz9IKhtPQL9TNZOONr5JjkDZR7sI63Ohv4Lnx,iv:J96CL8EHHj88YbQW7rdQK9C6MxXaHnMt+mgL3iL5Heg=,tag:aXD/HdWXO/e6aKGnay0W+g==,type:str] client_id: ENC[AES256_GCM,data:LpB+nR7SGI2EV4YK0VptF5zJ6Ai/LDfikUpoAnFWnT8krMOQ/voqjS6jhqaFz9IKhtPQL9TNZOONr5JjkDZR7sI63Ohv4Lnx,iv:J96CL8EHHj88YbQW7rdQK9C6MxXaHnMt+mgL3iL5Heg=,tag:aXD/HdWXO/e6aKGnay0W+g==,type:str]
client_secret: ENC[AES256_GCM,data:aQylVYsqDExbavjGsVAXPlf/rxileM3xLM0EXCKHfiNYxwzXck/f/bvwZl7ChQZ/AHDvZ8mkMkZHyTdyap25Hg==,iv:swSrM8MvhLcq7Gw/lV36j//8fnTzBcs5wU8aj+n9obE=,tag:neaHG+UCVhmZ2HLqVa/jGA==,type:str] client_secret: ENC[AES256_GCM,data:aQylVYsqDExbavjGsVAXPlf/rxileM3xLM0EXCKHfiNYxwzXck/f/bvwZl7ChQZ/AHDvZ8mkMkZHyTdyap25Hg==,iv:swSrM8MvhLcq7Gw/lV36j//8fnTzBcs5wU8aj+n9obE=,tag:neaHG+UCVhmZ2HLqVa/jGA==,type:str]
nextcloud: nextcloud:
client_id: ENC[AES256_GCM,data:Y2yNCJNt/eV8eLscwoVqFo1X5Lq+c1f6aSl4PhrvnKU=,iv:++nJeUvjs/XWZ3BicPnXBhqeaXabayp5IMwFVjpKT98=,tag:XMlpj1y5hSdG8NeF2imBjA==,type:str]
client_secret: ENC[AES256_GCM,data:5SZ0A0OVK3emOobuI4KYv4E3l0Q/LwVWExCg1gPoG8AKcf4Pd04SnZE7aDoFnWTv1YhEY4sRaYQW/dn2pl4zsg==,iv:p0qmeYXTqqqX0NI2YK4fpGOK8NArFCMzoSGb/lc3L4w=,tag:Ob6/FyJP1LOkvBcOh6GOJA==,type:str] client_secret: ENC[AES256_GCM,data:5SZ0A0OVK3emOobuI4KYv4E3l0Q/LwVWExCg1gPoG8AKcf4Pd04SnZE7aDoFnWTv1YhEY4sRaYQW/dn2pl4zsg==,iv:p0qmeYXTqqqX0NI2YK4fpGOK8NArFCMzoSGb/lc3L4w=,tag:Ob6/FyJP1LOkvBcOh6GOJA==,type:str]
gitea: gitea:
client_id: ENC[AES256_GCM,data:wxC4eYM=,iv:Opd7H7B5SiEiL7O8bXuy1u/mGRRMRPpxKu9aPZVK62U=,tag:SY2nwph8whqqdVnAh/vOGg==,type:str] client_id: ENC[AES256_GCM,data:wxC4eYM=,iv:Opd7H7B5SiEiL7O8bXuy1u/mGRRMRPpxKu9aPZVK62U=,tag:SY2nwph8whqqdVnAh/vOGg==,type:str]
@@ -36,6 +37,9 @@ authelia:
grafana: grafana:
client_id: ENC[AES256_GCM,data:oYnyH2Zc7ioIZxImnxf3558zLKGhN5SsIcBgMAxgZYA=,iv:zqSbcI8ZNbL+Pxv+dUCL0kwwVBb3fAsZGbqO5rZDDUE=,tag:KQqusXx27z0jvdCa5tluIA==,type:str] client_id: ENC[AES256_GCM,data:oYnyH2Zc7ioIZxImnxf3558zLKGhN5SsIcBgMAxgZYA=,iv:zqSbcI8ZNbL+Pxv+dUCL0kwwVBb3fAsZGbqO5rZDDUE=,tag:KQqusXx27z0jvdCa5tluIA==,type:str]
client_secret: ENC[AES256_GCM,data:k5tm5H1JZp+jXq+4BcEH7XscgwABdwXpmvfStMqfRHwFL1Ztb3U1LfswrZ8i+VWl+jJJ38AKwbOPkgljekX7SA==,iv:ziRDKWVayx19SHu2qg123v2r3KdjfYH7mJJy3Ve1Iz0=,tag:M7ISr1uYVQhjDiMEfv4c4w==,type:str] client_secret: ENC[AES256_GCM,data:k5tm5H1JZp+jXq+4BcEH7XscgwABdwXpmvfStMqfRHwFL1Ztb3U1LfswrZ8i+VWl+jJJ38AKwbOPkgljekX7SA==,iv:ziRDKWVayx19SHu2qg123v2r3KdjfYH7mJJy3Ve1Iz0=,tag:M7ISr1uYVQhjDiMEfv4c4w==,type:str]
paperless:
client_id: ENC[AES256_GCM,data:ylcFTwK5/b7MUzCai644KOIUags2nWi+z1NPNDaZqcs=,iv:/aMM8854X4leMsk4GwAu887MymGTjLMIR8/xK75BznY=,tag:GKcXLmYjqCzqK9MEy/otxQ==,type:str]
client_secret: ENC[AES256_GCM,data:OXJRgxW9opIQ99sGjEcXui6ulXEuakqQ5N8KHrTqZ/hf4sZC58H939x1lqMxqgkEWZOvkqrPKZi7g5IUxsC5Fw==,iv:wDSweutoIJFRkqm4o9CiqlpCqWYO5dciSkbaL4DNYY0=,tag:9r75SDt1ycbrz8hT4qNvnQ==,type:str]
jwks: ENC[AES256_GCM,data:1efhdlYmiD/y4kzK0hFfLAmY6rXK0hvZez/tu1cb2hfUhIM/DzNNthKQjH8Cu2TlZwDQpUIrCO7Tr0BbkiREC+VNK4vYgi+GWswnG7VCZS40xRAZhSArNO2uQ4dpf/KAHRSSJa3i7gGOqSG/Pnrl3TRhzkhkfWSRk+7koPWKpYJOKLem+ZLN75yssCsEbYIOHjcXyizNHt6SE2ylqqCjyWnlhlnRQStYaFPWAAABcm96MkSThSyRd6hTAifC/aZiM1IMlLw7wJJk01uwjJytlxBxDiFrdr4Grg0PzOsOAocex9Siw5fzcr7dFpVBoaS7e7nD/sccGSyEysw/t+wvkMou1Ewr5U2Pnew8lPjSrEiiGxuPwmK9kHxD3L6cADxF6xs4bn+Iqa/yy9FWbtGZfBYOxJiRvXgxBPiO7CH4tJyVIbnLfi8K/zCJC9u5vO+WFXiVIzXxAPVUL7VKQQZGxV7989LMdcjzck+B1zFHVQz25siwbpu0FxMxiJsVtBxu1U+QBRfQrwLacX2NAJvqYNZxr+9l43Fh0x8dS5CBheVEy39sXge9jLyS7kIW0FfvgJaHuLL2/GhDGsvfi7zFPOc8Thg+8LP58L8wzPT+LvVoidq/j3K2Ct6udn9JsOnbZT3Gs1RiY+E77H09GbdwIrP0sGVi4ZJe++w+sKNjyzLzceEYGkfa1EiMQhYPHzqUAwqtgmJZo9tY+2jOBJb9ZU+Kj0xtqZsjFpHaGWsRj8XGkPrAFEh6Z6/Ak9/BpYaapPeAO3Wa6tzNVlTCtaX786nSTjfGC7v9O4Uz8XQr0HV3A7wj36Fw3dqERZFKea7BJbiiAiEZtnOsbWVqQXpIUVfCvPhfwuFcOU/ClyM1fGyZXaCIeB62Tkqa+ZlqRQgzzf3bSFUK0PgxE3Ny5pIPzNEINqse+6DeFuF91uY1dLQB4Vizyzv1H+X/OecO9K8kECM1wUy3Fbbyh4tYYxt4VvqFQZ1o4A7Jd04WCIf3hdAHmwvOQW+/8dfnyLa8kqTcQYeI3jfjtRvD6TaZl21K9kFY2VJAexdno9bbozDOus1Ep92ublwonVjfvzbyDURHGF6Cw2OL7xcbHQIMz/ZmkVHMra49NHgWlI6X0slgYDxKKDszHhZ9SHkEXF8pJf+uogbwSwz1glRkEdn1oprbs8GsFoc7HGVvSHRgOWKHwvhZD2tMiSE4cEFZ9/2nSPISQMNGuS7wgnVkalKPW+gF1EWVXczanzKsrpcDtpMdFufMRVusaJBV5Jw62I++cx1AMW2dRTseQyWLchRWtOba6dd9gbNzGi39+njHClHIEUxaxXzxIQLhSgCA9loXRc26ZA6DpwHQR+gtH2OybeFEiH390YoSfFeZuU+f0E2awMdpiEsBL/AniUcboDaBEaDQYpwUawNL+II7rmSn4rTJM64n5z3B88U/vAQh9BQFhf7SDKb05n/ArCibkdy3gbo8rTVH1gGbmW53DTxzuW+AEpFcuueiP3yz1vGzEwKSX+LMkCwFwk6Y/VcqHXW+PdZ88SFUr5WELGPkZxT3AvmduBCifE0KDzKWrN3yy1xwEQDGrYiqeHqeqHpEuk/KpxeAwepqWayGMq6iT4BWUBojNo6quoXkPPodSsotbBFLjyRHoDGm0NZSbgluOUyERrN6M+ELdHqQjeNTS046KB6QnG5s+uTA+uxyonvmPCPBgFAd0q0qfq4T/SISHrPe13Y7nHnATxoMBszvIfKznqFthTBsc3V9C5+g/kcOzcEQpAC6baGe+eq23m/Go3uDa7O84Euxhj9C5NBcidvgmYmRZuY6l2ehnxf1oGoGwHBJEaYEuCk7sc3Wac6u2OvqCIKPxRdi2tUiZ9FwCGLqd8qcLEPtsSaBNk2CVlK9ZkgPzSYH794qpNQDWkyv5SJ4V9zy2LL+s9MHtHNQu6QxALZ8c0GfQetTI5ArkC3cBz/3mRdDMy9k7HpO7b6USoxqGAZ+H4kzJhus9QwjaqJnnB+fJI5O2ek5TVLY9RWXo+W2pCBDjt925BVoChkvkUEg4GtvR+8/yChgYEgYWUPqRV4vMEwQiRoaJamL/E+lRaUx+c0f9ga8+k0JdfxfzoIPUA3/rBGcfO8Y12RF8Ool4hreP409KjdPP0PeeOVKg58MPYNO5O0BdT62nyL+fSvJkw7uPGcOwtOtcxjcBsNhoFv0twrCp8S3cLX45GTNaTw+JHcxsTzG9ibL3bFtVkAAiZHZGMisEjTSGElSGIDk+MoPt68hq4BRioab,iv:gGKyTUigpnqg3Fgd76INrESRT27hJRzYQ3xk8heNkWk=,tag:fVc8rg1Or63X/14neG+8Cw==,type:str] jwks: ENC[AES256_GCM,data:1efhdlYmiD/y4kzK0hFfLAmY6rXK0hvZez/tu1cb2hfUhIM/DzNNthKQjH8Cu2TlZwDQpUIrCO7Tr0BbkiREC+VNK4vYgi+GWswnG7VCZS40xRAZhSArNO2uQ4dpf/KAHRSSJa3i7gGOqSG/Pnrl3TRhzkhkfWSRk+7koPWKpYJOKLem+ZLN75yssCsEbYIOHjcXyizNHt6SE2ylqqCjyWnlhlnRQStYaFPWAAABcm96MkSThSyRd6hTAifC/aZiM1IMlLw7wJJk01uwjJytlxBxDiFrdr4Grg0PzOsOAocex9Siw5fzcr7dFpVBoaS7e7nD/sccGSyEysw/t+wvkMou1Ewr5U2Pnew8lPjSrEiiGxuPwmK9kHxD3L6cADxF6xs4bn+Iqa/yy9FWbtGZfBYOxJiRvXgxBPiO7CH4tJyVIbnLfi8K/zCJC9u5vO+WFXiVIzXxAPVUL7VKQQZGxV7989LMdcjzck+B1zFHVQz25siwbpu0FxMxiJsVtBxu1U+QBRfQrwLacX2NAJvqYNZxr+9l43Fh0x8dS5CBheVEy39sXge9jLyS7kIW0FfvgJaHuLL2/GhDGsvfi7zFPOc8Thg+8LP58L8wzPT+LvVoidq/j3K2Ct6udn9JsOnbZT3Gs1RiY+E77H09GbdwIrP0sGVi4ZJe++w+sKNjyzLzceEYGkfa1EiMQhYPHzqUAwqtgmJZo9tY+2jOBJb9ZU+Kj0xtqZsjFpHaGWsRj8XGkPrAFEh6Z6/Ak9/BpYaapPeAO3Wa6tzNVlTCtaX786nSTjfGC7v9O4Uz8XQr0HV3A7wj36Fw3dqERZFKea7BJbiiAiEZtnOsbWVqQXpIUVfCvPhfwuFcOU/ClyM1fGyZXaCIeB62Tkqa+ZlqRQgzzf3bSFUK0PgxE3Ny5pIPzNEINqse+6DeFuF91uY1dLQB4Vizyzv1H+X/OecO9K8kECM1wUy3Fbbyh4tYYxt4VvqFQZ1o4A7Jd04WCIf3hdAHmwvOQW+/8dfnyLa8kqTcQYeI3jfjtRvD6TaZl21K9kFY2VJAexdno9bbozDOus1Ep92ublwonVjfvzbyDURHGF6Cw2OL7xcbHQIMz/ZmkVHMra49NHgWlI6X0slgYDxKKDszHhZ9SHkEXF8pJf+uogbwSwz1glRkEdn1oprbs8GsFoc7HGVvSHRgOWKHwvhZD2tMiSE4cEFZ9/2nSPISQMNGuS7wgnVkalKPW+gF1EWVXczanzKsrpcDtpMdFufMRVusaJBV5Jw62I++cx1AMW2dRTseQyWLchRWtOba6dd9gbNzGi39+njHClHIEUxaxXzxIQLhSgCA9loXRc26ZA6DpwHQR+gtH2OybeFEiH390YoSfFeZuU+f0E2awMdpiEsBL/AniUcboDaBEaDQYpwUawNL+II7rmSn4rTJM64n5z3B88U/vAQh9BQFhf7SDKb05n/ArCibkdy3gbo8rTVH1gGbmW53DTxzuW+AEpFcuueiP3yz1vGzEwKSX+LMkCwFwk6Y/VcqHXW+PdZ88SFUr5WELGPkZxT3AvmduBCifE0KDzKWrN3yy1xwEQDGrYiqeHqeqHpEuk/KpxeAwepqWayGMq6iT4BWUBojNo6quoXkPPodSsotbBFLjyRHoDGm0NZSbgluOUyERrN6M+ELdHqQjeNTS046KB6QnG5s+uTA+uxyonvmPCPBgFAd0q0qfq4T/SISHrPe13Y7nHnATxoMBszvIfKznqFthTBsc3V9C5+g/kcOzcEQpAC6baGe+eq23m/Go3uDa7O84Euxhj9C5NBcidvgmYmRZuY6l2ehnxf1oGoGwHBJEaYEuCk7sc3Wac6u2OvqCIKPxRdi2tUiZ9FwCGLqd8qcLEPtsSaBNk2CVlK9ZkgPzSYH794qpNQDWkyv5SJ4V9zy2LL+s9MHtHNQu6QxALZ8c0GfQetTI5ArkC3cBz/3mRdDMy9k7HpO7b6USoxqGAZ+H4kzJhus9QwjaqJnnB+fJI5O2ek5TVLY9RWXo+W2pCBDjt925BVoChkvkUEg4GtvR+8/yChgYEgYWUPqRV4vMEwQiRoaJamL/E+lRaUx+c0f9ga8+k0JdfxfzoIPUA3/rBGcfO8Y12RF8Ool4hreP409KjdPP0PeeOVKg58MPYNO5O0BdT62nyL+fSvJkw7uPGcOwtOtcxjcBsNhoFv0twrCp8S3cLX45GTNaTw+JHcxsTzG9ibL3bFtVkAAiZHZGMisEjTSGElSGIDk+MoPt68hq4BRioab,iv:gGKyTUigpnqg3Fgd76INrESRT27hJRzYQ3xk8heNkWk=,tag:fVc8rg1Or63X/14neG+8Cw==,type:str]
lldap: lldap:
jwt: ENC[AES256_GCM,data:61dwC1ElOOGaf0CmalzXZnxImEyufKjUUWcNaEcOuv3TEODhQyHK7g==,iv:CVEJVuaCc2gDmSYWHS3fPL8FjbvblF6IladAzGoGb0o=,tag:OMm/OdKjliHjsGqJripLbg==,type:str] jwt: ENC[AES256_GCM,data:61dwC1ElOOGaf0CmalzXZnxImEyufKjUUWcNaEcOuv3TEODhQyHK7g==,iv:CVEJVuaCc2gDmSYWHS3fPL8FjbvblF6IladAzGoGb0o=,tag:OMm/OdKjliHjsGqJripLbg==,type:str]
@@ -70,7 +74,7 @@ sops:
VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK
ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q== ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-16T20:44:40Z" lastmodified: "2025-08-21T20:44:51Z"
mac: ENC[AES256_GCM,data:0gc+ETJSGoiHpOQ28GhEkXRS8x/SaX7HphQVnfNcRkH4r8SaIBuxh1QltlBH1lo6yKbzf3ZRRgG/bEoxkL8fvpcAjjv/N0xfINafWjdfYehoVvAN3GBJwrEOKJH99GjE8WJ0NHINnjZL6XUK/1FrhDnuZ8km0Lk5BcdvI2Syjw0=,iv:kYPNAOQnbZ43H7oEsxE95pE5rWynB3ZbVZT5EKHVAY8=,tag:uqqK1SanYGjJgAFXNwPDMQ==,type:str] mac: ENC[AES256_GCM,data:ijXIVQHCDhKvCA7no5/3zYTdW1RGcwDpDMGXmiedNZN3XlaMnbcCEWfHKuqvJJiTsjSVWbvsO8fQCabXwMoQSPeF/ymOGo1NIiTgsBfstUA1dT/5qw2ChsswyjHuTy9/jtsXsN/o2x6OKuZCm4iD2FAQf+al4r4Kcx0HAfJFhQA=,iv:oetw6XMfRzrSOwXrPrrYagCCQ2yujEvhhuXhRtimAxc=,tag:sPldkLWoLeYe7eYZDhM4zw==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.10.2