diff --git a/hosts/tahani/default.nix b/hosts/tahani/default.nix
index 634698d..d2b0d61 100644
--- a/hosts/tahani/default.nix
+++ b/hosts/tahani/default.nix
@@ -129,6 +129,10 @@
 			owner = user;
 			path = "/home/${user}/.config/syncthing/key.pem";
 		};
+		tahani-paperless-password = {
+			sopsFile = ../../secrets/tahani-paperless-password;
+			format = "binary";
+		};
 	};
 
 	services.syncthing.settings.folders = {
@@ -141,4 +145,29 @@
 			devices = ["tahani" "chidi"];
 		};
 	};
+
+	services.redis.servers.paperless = {
+		enable = true;
+		port = 6379;
+		bind = "127.0.0.1";
+		settings = {
+			maxmemory = "256mb";
+			maxmemory-policy = "allkeys-lru";
+		};
+	};
+
+	services.paperless = {
+		enable = true;
+		address = "0.0.0.0";
+		passwordFile = config.sops.secrets.tahani-paperless-password.path;
+		settings = {
+			PAPERLESS_DBENGINE = "sqlite";
+			PAPERLESS_REDIS = "redis://127.0.0.1:6379";
+			PAPERLESS_CONSUMER_IGNORE_PATTERN = [
+				".DS_STORE/*"
+				"desktop.ini"
+			];
+			PAPERLESS_OCR_LANGUAGE = "deu+eng";
+		};
+	};
 }
diff --git a/secrets/tahani-paperless-password b/secrets/tahani-paperless-password
new file mode 100644
index 0000000..3232770
--- /dev/null
+++ b/secrets/tahani-paperless-password
@@ -0,0 +1,30 @@
+{
+	"data": "ENC[AES256_GCM,data:w1+tiWkOFY8BYUcu5UjS4YmQbkxZC2LA2uBP,iv:kX8gWrABHeYKHkkqihidB/dx42TPGB+vxB+6N8Vse/c=,tag:z5vxVu0PuYfDUwTX4mwvEg==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "age1njjegjjdqzfnrr54f536yl4lduqgna3wuv7ef6vtl9jw5cju0grsgy62tm",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhbWZmSjFCRWFaWVVVeGx6\nMlhuT2hZOUdFN0E3MDBSUVNlUVFVRWNmNDJBCkVFSGlHdnVPVUY0VEdrLzZYbDBW\na3ZuQlJiOSs2N1RpRTMwR3ZuaG1aRjQKLS0tIGo2RmxFd0JleEZ3NjhWaTJES1hP\nZEtGUk1KUEhnWW44ajA2eW4wUlUzWUkKTJemTSLHVRi54LQetmzvAGm4V02laedc\n8WnphqOGIkIDIt/pwI7kUsbA/4fW8J0DxWi7OMDHIEx8Mxyt6Uzr+A==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age187jl7e4k9n4guygkmpuqzeh0wenefwrfkpvuyhvwjrjwxqpzassqq3x67j",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsTy9zUEY4Y1dlcFowZDNS\nVlprUXNQS3RwWmRvRGFScjlCK1FYSVM1VUJJCnlWZzRMZUV1RnJJQk9CNmNUbURh\nODdkUjZUanJJcU1OMDIyaEUycXdZR2cKLS0tIEh0ZzUxRmJMejFLWkdab0NKQlNz\nbC9OMmIvZEtNcG1ZRFJHa1V5a0x4SHcKgNv/ANu7HCgMBECFpGxRRPB3F+BPVo7p\n6Nb6wGxXHKIuxBU/3N4FXFYBvuI8rdfyOY9IThk031CDJ+BNnnaRxw==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1dqt3znmzcgghsjjzzax0pf0eyu95h0p7kaf5v988ysjv7fl7lumsatl048",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3VjdHSDBPWlNpUklEUEFq\nMUo5Qk5YaHFJNDNUeUUzQjhkMGwwc2ZNZW5FClFHUG5MLzYrTlVZdzE3VlNRaWhv\nMmIwSmxFZzJEUkVNck9UUStrVkE1UHcKLS0tIDF3RkVPOXlTZkRDQXFKZmQyQnl3\nQkdIbm5meW82VTNSZmdIWEFDTUF3SnMKfG7t8fdn5+LqojTAs8LAS1e4exQXKxwf\nbobGHEwgUZOwCE16yNNDZNysFsejZuZBpnCYekozq6HnaiM6K17Fqw==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1ez6j3r5wdp0tjy7n5qzv5vfakdc2nh2zeu388zu7a80l0thv052syxq5e2",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwT0lQQ29KeDVub2tCVXZ0\nK0sxWU1QcDY3SEtBWkU3aExETFJ5cjA2a0Z3CnVnUEg2YkdQa1VSV0ZscmxOaDFP\nYTNjQmtlcExhL2VZR21Sb3FNbU05TEUKLS0tIFp3N3lsZitZMkduMFlISllwWnpC\naVFBNmhpVVhyL1RpYmxCK0tWVlF5Q0kKWKOJ1w98Gy54slamOg7DpuItgNLj2cxW\nX8QUb51DhFwDl5tSOp7QqaggcXgdyhytwWdd6lHYhp0LKyhELbJnnw==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1tlymdmaukhwupzrhszspp26lgd8s64rw4vu9lwc7gsgrjm78095s9fe9l3",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXL1VLZ1ZXRGM3amo3UFNt\nd3IxR1FXWDgzRWFBUlNYR242NVBBTzgzWUI0CjNzMjJDNk1CaEE2dmdMVzNvNVVK\nTzJsc25DNXh1NnlGRUtKVzdNVEhqemcKLS0tIG5GTE5rZnV1ZWFXZElIVzBLb1RB\nejVPZmRnR1ZHRDFaL2tpZzE1SzRQSmMKiqIZ9ZNqDt+Gn/oEm/qY+lE5Ej/S52SE\ntZ+ew0obHabv4pmtjkJmVvlGYKzmMpZlI9T+rCsKViXSvUP4E0IUWg==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2025-12-20T21:46:17Z",
+		"mac": "ENC[AES256_GCM,data:j7G9ZsXE3Wrqhq4jIBKa6M+uO+OuKssdMzaQNCIKbhn5sE56Cwg2E396FFx+rrZD5ahYKxATr/pXcgH1DlsMGWKtMK+zPQRGrahknSIDbYD/BWBoeGFfaTddW2OohxWoRjl96ODZ29xd72nQewxMhIjG8S848C5fxjeaqraPxiM=,iv:evDbKdSIMdwbZp2Ld8wfVtAedw3y3Leru4CxDC57NhI=,tag:DRsRWYbcehJjpAWJVrAy0A==,type:str]",
+		"version": "3.11.0"
+	}
+}