mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

update secrets, cleanup

Browse Source
This commit is contained in:
mjallen18
2025-01-22 17:52:48 -06:00
parent fe0916e255
commit a6ec7beff9
8 changed files with 51 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
hosts/nas/apps/paperless/default.nix
View File

@@ -1,14 +1,15 @@
{
config,
pkgs,
lib,
...
}:
let
paperlessPort = 28981;
paperlessUserId = config.users.users.nix-apps.uid;
paperlessGroupId = config.users.groups.jallen-nas.gid;
passwordFile = config.sops.secrets."jallen-nas/admin_password".path;
paperlessSecret = config.sops.templates."paperless-secret".content;
clientId = config.sops.templates."paperless-client-id".content;
clientSecret = config.sops.templates."paperless-client-secret".content;
paperlessPkg = pkgs.stable.paperless-ngx;
in
{
@@ -22,8 +23,6 @@ in
config =
{
config,
pkgs,
lib,
...
}:
@@ -38,10 +37,10 @@ in
passwordFile = "/var/lib/paperless/paperless-password";
settings = {
PAPERLESS_URL = "https://paperless.jallen.dev";
PAPERLESS_SECRET = "Luciferthecat03092024";
PAPERLESS_SECRET = paperlessSecret;
PAPERLESS_ENABLE_ALLAUTH = true;
PAPERLESS_APPS = "allauth.socialaccount.providers.openid_connect";
PAPERLESS_SOCIALACCOUNT_PROVIDERS = ''{"openid_connect":{"OAUTH_PKCE_ENABLED":true,"APPS":[{"provider_id":"authentik","name":"authentik","client_id":"OZhMnBUxwJvpjkUhs4ISgA0iAWA7etgTXaohLCED","secret":"UrwdWObeyoEI1AogXcjV8SwYsJ585Wkh5YxDH5wFPXZxp8IVV9QNsn32PIAv6h9BdjaiiMrOFayaW3uXyZYg71olG5OQ1qGaD6WYn0EijYBwxoEuvp7LIdMJ4lImhVR1","settings":{"server_url":"https://authentik.mjallen.dev/application/o/paperless/.well-known/openid-configuration"}}]}}'';
PAPERLESS_SOCIALACCOUNT_PROVIDERS = ''{"openid_connect":{"OAUTH_PKCE_ENABLED":true,"APPS":[{"provider_id":"authentik","name":"authentik","client_id":"${clientId}","secret":"${clientSecret}","settings":{"server_url":"https://authentik.mjallen.dev/application/o/paperless/.well-known/openid-configuration"}}]}}'';
};
};
@@ -88,10 +87,6 @@ in
hostPath = "/media/nas/ssd/nix-app-data/paperless";
isReadOnly = false;
};
# "/run/keys/paperless-password" = {
# hostPath = passwordFile;
# isReadOnly = true;
# };
};
};