From 16724406df1eb16cfc9f3b085ec748028b3d1d1a Mon Sep 17 00:00:00 2001
From: NullBite <me@nullbite.com>
Date: Sun, 26 Jan 2025 01:52:00 -0500
Subject: [PATCH] rpi4: enable paperless

---
 hosts/rpi4/backup.nix   |  1 +
 hosts/rpi4/services.nix | 33 +++++++++++++++++++++++++++++++++
 2 files changed, 34 insertions(+)

diff --git a/hosts/rpi4/backup.nix b/hosts/rpi4/backup.nix
index 68ee31c..9937a81 100644
--- a/hosts/rpi4/backup.nix
+++ b/hosts/rpi4/backup.nix
@@ -25,6 +25,7 @@ in
         "/var/lib/tailscale"
         "/var/lib/private/anki-sync-server"
         "/var/lib/thelounge"
+        "/var/lib/paperless"
         "/etc"
       ];
       dynamicFilesFrom = ''
diff --git a/hosts/rpi4/services.nix b/hosts/rpi4/services.nix
index 0cf2000..3f4f560 100644
--- a/hosts/rpi4/services.nix
+++ b/hosts/rpi4/services.nix
@@ -1,6 +1,7 @@
 { config, lib, pkgs, ... }:
 let
   inherit (config.age) secrets;
+  inherit (builtins) toString;
 in
 {
   imports = [
@@ -57,6 +58,10 @@ in
       file = ../../secrets/homepage.age;
     };
 
+    age.secrets.paperless-admin = {
+      file = ../../secrets/paperless-admin.age;
+    };
+
     users.groups.secrets = {};
     users.users.acme.extraGroups = [ "secrets" ];
 
@@ -229,6 +234,7 @@ in
         "redlib.protogen.io" = mkAuthProxy 8087;
         "rss.protogen.io" = mkReverseProxy 8082;
         "blahaj.protogen.io" = mkReverseProxy 8086;
+        "paper.protogen.io" = mkReverseProxy config.services.paperless.port;
 
         # octoprint (proxy_addr is 10.10.1.8)
         "print.protogen.io" = lib.mkMerge [ (mkProxy { authelia = true; upstream = "http://10.10.1.8:80"; })
@@ -463,6 +469,33 @@ in
       enable = true;
     };
 
+    services.redis.servers.paperless.enable = true;
+    services.paperless = {
+      enable = true;
+      # default is "localhost", binding should not rely on DNS (even if
+      # localhost is hard-coded 99.999% of the time)
+      address = "127.0.0.1";
+      passwordFile = secrets.paperless-admin.path;
+      settings = {
+        PAPERLESS_ADMIN_USER = "nullbite";
+        PAPERLESS_REDIS = "unix://${config.services.redis.servers.paperless.unixSocket}";
+        PAPERLESS_URL = "https://paper.protogen.io";
+        PAPERLESS_TIKA_ENABLED = true;
+        PAPERLESS_TIKA_ENDPOINT = "http://localhost:${toString config.services.tika.port}";
+        PAPERLESS_TIKA_GOTENBERG_ENDPOINT =
+          "http://localhost:${toString config.services.gotenberg.port}";
+      };
+    };
+    users.users."${config.services.paperless.user}".extraGroups = let
+      name = config.services.redis.servers.paperless.group;
+    in [ name ];
+
+    services.gotenberg = {
+      enable = true;
+      port = 3002;
+    };
+    services.tika.enable = true;
+
     services.anki-sync-server = {
       enable = true;
       address = "127.0.0.1";