servius/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
19ee6368148780f6f11da824788f5ee0448a4506
dotfiles/nixos/tako/services/paperless.nix
uttarayan21 b5399c5cc8 feat: Added tako
2025-11-26 18:15:12 +05:30

103 lines
3.7 KiB
Nix
Raw Blame History

{
pkgs,
config,
lib,
...
}: {
sops = {
secrets."paperless/adminpass".owner = config.users.users.paperless.name;
secrets."paperless/secret_key".owner = config.users.users.paperless.name;
secrets."authelia/oidc/paperless/client_id".owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
secrets."authelia/oidc/paperless/client_secret".owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
templates = {
"PAPERLESS.env" = {
content = ''
PAPERLESS_SOCIALACCOUNT_PROVIDERS='${config.sops.templates."PAPERLESS_SOCIALACCOUNT_PROVIDERS.json".content}'
'';
restartUnits = ["paperless-web.service" "authelia-darksailor.service"];
};
"PAPERLESS_SOCIALACCOUNT_PROVIDERS.json" = {
content =
/*
json
*/
builtins.toJSON
{
authelia = {
OAUTH_PKCE_ENABLED = "True";
APPS = [
{
provider_id = "authelia";
name = "Authelia";
"client_id" = "${config.sops.placeholder."authelia/oidc/paperless/client_id"}";
"secret" = "${config.sops.placeholder."authelia/oidc/paperless/client_secret"}";
"settings" = {
"server_url" = "https://auth.darksailor.dev/.well-known/openid-configuration";
};
}
];
};
};
restartUnits = ["paperless-web.service" "authelia-darksailor.service"];
};
};
};
# systemd.services.paperless-web.script = lib.mkBefore ''
# oidcSecret=$(< ${config.sops.secrets."authelia/oidc/paperless/client_secret".path})
# export PAPERLESS_SOCIALACCOUNT_PROVIDERS=$(
# ${pkgs.jq}/bin/jq <<< "$PAPERLESS_SOCIALACCOUNT_PROVIDERS" \
# --compact-output \
# --arg oidcSecret "$oidcSecret" '.openid_connect.APPS.[0].secret = $oidcSecret'
# )
# '';
services = {
paperless = {
enable = true;
passwordFile = config.sops.secrets."paperless/adminpass".path;
settings = {
PAPERLESS_APPS = "allauth.socialaccount.providers.openid_connect";
PAPERLESS_SOCIAL_AUTO_SIGNUP = "True";
PAPERLESS_DISABLE_REGULAR_LOGIN = "True";
PAPERLESS_SOCIALACCOUNT_ALLOW_SIGNUPS = "True";
PAPERLESS_URL = "https://paperless.darksailor.dev";
};
environmentFile = "${config.sops.templates."PAPERLESS.env".path}";
};
caddy = {
virtualHosts."paperless.darksailor.dev".extraConfig = ''
reverse_proxy localhost:28981
'';
};
authelia = {
instances.darksailor = {
settings = {
identity_providers = {
oidc = {
clients = [
{
client_name = "paperless";
client_id = ''{{ secret "${config.sops.secrets."authelia/oidc/paperless/client_id".path}" }}'';
client_secret = ''{{ secret "${config.sops.secrets."authelia/oidc/paperless/client_secret".path}" }}'';
public = false;
authorization_policy = "one_factor";
require_pkce = false;
redirect_uris = [
"https://paperless.darksailor.dev/auth/login"
];
scopes = ["openid" "profile" "email"];
response_types = ["code"];
grant_types = ["authorization_code"];
# access_token_signed_response_alg = "none";
userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_post";
}
];
};
};
};
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink