paperless-gpt

2026-03-13 16:56:20 +00:00
parent b24065bf5c
commit b21a150452
4 changed files with 50 additions and 13 deletions
--- a/modules/_hosts/tahani/networking.nix
+++ b/modules/_hosts/tahani/networking.nix
@@ -13,7 +13,7 @@
 		nameservers = ["1.1.1.1"];
 		firewall = {
 			enable = true;
-			trustedInterfaces = ["eno1" "tailscale0"];
+			trustedInterfaces = ["eno1" "tailscale0" "docker0"];
 			allowedUDPPorts = [
 				53
 				config.services.tailscale.port
--- a/modules/_hosts/tahani/paperless.nix
+++ b/modules/_hosts/tahani/paperless.nix
@@ -18,30 +18,35 @@
 				tls {
 					get_certificate tailscale
 				}
-				reverse_proxy localhost:3000
+				reverse_proxy localhost:8080
 			'';
 		};
 	};

 	virtualisation.oci-containers = {
 		backend = "docker";
-		containers.paperless-ai = {
-			image = "clusterzx/paperless-ai:3.0.9";
+		containers.paperless-gpt = {
+			image = "icereed/paperless-gpt:latest";
 			autoStart = true;
 			ports = [
-				"127.0.0.1:3000:3000"
+				"127.0.0.1:8080:8080"
 			];
 			volumes = [
-				"paperless-ai-data:/app/data"
+				"paperless-gpt-data:/app/data"
+				"paperless-gpt-prompts:/app/prompts"
 			];
 			environment = {
-				PUID = "1000";
-				PGID = "1000";
-				PAPERLESS_AI_PORT = "3000";
-				# Initial setup wizard will configure the rest
-				PAPERLESS_AI_INITIAL_SETUP = "yes";
-				PAPERLESS_API_URL = "http://host.docker.internal:${toString config.services.paperless.port}/api";
+				PAPERLESS_BASE_URL = "http://host.docker.internal:${toString config.services.paperless.port}";
+				LLM_PROVIDER = "openai";
+				LLM_MODEL = "gpt-5.4";
+				LLM_LANGUAGE = "German";
+				VISION_LLM_PROVIDER = "openai";
+				VISION_LLM_MODEL = "gpt-5.4";
+				LOG_LEVEL = "info";
 			};
+			environmentFiles = [
+				config.sops.secrets.tahani-paperless-gpt-env.path
+			];
 			extraOptions = [
 				"--add-host=host.docker.internal:host-gateway"
 			];
@@ -60,7 +65,7 @@

 	services.paperless = {
 		enable = true;
-		address = "127.0.0.1";
+		address = "0.0.0.0";
 		consumptionDir = "/var/lib/paperless/consume";
 		passwordFile = config.sops.secrets.tahani-paperless-password.path;
 		settings = {
--- a/modules/tahani.nix
+++ b/modules/tahani.nix
@@ -12,6 +12,7 @@
 		den.aspects.ai-tools
 		den.aspects.zellij
 		den.aspects.zk
+		den.aspects.secrets
 	];

 	den.aspects.tahani.nixos = {...}: {
@@ -30,6 +31,11 @@
 				format = "binary";
 				path = "/run/secrets/tahani-paperless-password";
 			};
+			tahani-paperless-gpt-env = {
+				sopsFile = ../secrets/tahani-paperless-gpt-env;
+				format = "binary";
+				path = "/run/secrets/tahani-paperless-gpt-env";
+			};
 			tahani-email-password = {
 				sopsFile = ../secrets/tahani-email-password;
 				format = "binary";
--- a/secrets/tahani-paperless-gpt-env
+++ b/secrets/tahani-paperless-gpt-env
@@ -0,0 +1,26 @@
+{
+	"data": "ENC[AES256_GCM,data:0VWwVEBsCRhTzkF+ee9sEvmPBaMOrC00NgWx6qAj5DchVlulQPQzCHHSMQoNhKSKq3bP2wwZ2XTYEWmJDhQwDaz+zbLKk8Suc7RBFZ8b3iRhn2dTf+Cv9gltnPK24Xqe8XZywO/u7gxWlxSNAY8leLa5U7F7iZ5jweqCls/KjSySFS4XKMsWQrV19frzHEyh2KiAXnkdq3YLrm1aYPTltXuZQR/sCaH6KTnB87mYtRJQU4UsaHBhvVCvAb3/dk65uXDT79fl6+tOKb6PrAOiAwBWvY83C6XTufAFeM7UUh/evbBvYvDfuFsLyOgRQY4xV7s=,iv:EsR+SHYm7na2XIVvcTwmxwMOLy5W/Mtxc9FhbYVmo9I=,tag:HO5pXRFvXM323+uO2PRTGQ==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "age1njjegjjdqzfnrr54f536yl4lduqgna3wuv7ef6vtl9jw5cju0grsgy62tm",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0ZEFOb3FBdWVlWCtHZy95\nM0dlbU0wdk5MQkwvR2poa2FMNmowSkxFNlV3CjZ0SENCUXk1ZU9HL252bGpOU1FW\nZEpOejdsa29KVy9yejVrODFMQzBENWsKLS0tIGVKYXNPZ2dkMUR4c29ONG95UWVC\nQWdzcW1QZWltK0JaSDRPa3BtR0NOZGcKkzny9HFJeLR8l7ohnqyGSFKoMgl2SR8p\nTxxkQ6hpwu6TmxH3Bbx2nbZ7i+JBjrqNQqZSHO5i3URsDwjpRLxm6w==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age187jl7e4k9n4guygkmpuqzeh0wenefwrfkpvuyhvwjrjwxqpzassqq3x67j",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSM2o3V2NPWWtQamJNRitI\nb3RsVTV6SG9weXl2eE5SRmlKL0pQZUF3blM4CmV5Nm1IZFZyQkE2WXJETTVmTlcx\nZG5RbGYyZTJTbmIzWllnWEs3RCtlNmcKLS0tICsrWHdwVlYwRXc3TUJ4eEw0a0V4\nRTRlSjNLRDMwaUhIQ01uckRqSE5IcUkKO+yVAhRWZ5nT2JMxdm/8CBwXK0kONXVD\n58lfNVcRsl+GsA7qg3UL4afEi18XiKMZFAxQUxeY3dzG49W3fMjiMg==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1ez6j3r5wdp0tjy7n5qzv5vfakdc2nh2zeu388zu7a80l0thv052syxq5e2",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkKzN5UHg1YTlyTlBTVmxa\ncTZjM0NpN0J3MWRmUFJ3RmR2VTAxUkQ0N0djCkY2aUtGSkRZKzhoOUNSTHpoS3ZT\nRHdsdzkvcm5hOVpOd0JhdDhxVTg2OHcKLS0tIG1ITExXQXR6c2svdWlLM05RTWxq\ndG5KQy9GdWg3VlJkNEIvSExhOTB2eEkK47OqnTj8vX00b7E0+d2KgVGbhI1yyay3\nZN4+HdZwf3BLz4L03bUp96D4O06QejeANHT0xmjc8xOGsPjznqSkSQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1tlymdmaukhwupzrhszspp26lgd8s64rw4vu9lwc7gsgrjm78095s9fe9l3",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnQkhwckJueGt6dVNRRDFQ\nL3VKTy9ucFVLN1RnM05LV3kzR3RsK0NaY0VRCko1NmxQbE10OWgyRHFhZ0F3QTRM\nUmdnMElqWmlneFJUL01SQ2R1TGtRbTQKLS0tIHR3RjFxS0RsNFJGZmM1SmV5aTlK\nM1prTmxWNVFRM3Z1b3RLYzl2RDByWHcK/My/c/sQADZmbPOYhoEXpiG2FQ41Cbih\nthHGvRyF3lk9vcN/9cWQeiayzlgrwLsiEe1naOxpSuS+gvl3BySLzw==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2026-03-13T16:55:58Z",
+		"mac": "ENC[AES256_GCM,data:cVPUe+6fb3Kw2sbjG7cOIi/4aIZHuZHcnaZtfCw6VyQpLCfJScNmVJ64050S2Sk0032MYNCJGwYYritK22HBoPioELhYP6hyDSHKMBo+kxrkOcAiNd/I841hEKwZk8nvhAbu4mMdhpJGdTMCKqwYS1LIMIeiL/KRMFdgf0QGmvU=,iv:HUuMaA7c11gOQi4Co8XYiATUTX+be73ua+D7SwBAtL0=,tag:J6VkolgwqkgglWHWwGAEXQ==,type:str]",
+		"version": "3.12.1"
+	}
+}