cschmatzler/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: cschmatzler:5d9f25747d43201e7b98d20d2d63f4fe412bf700
Branches Tags
cschmatzler:master
cschmatzler:test
..
compare: cschmatzler:4b8e1215a585f5227bd70a20faf5be9082085e0e
Branches Tags
cschmatzler:master
cschmatzler:test

3 Commits
5d9f25747d ... 4b8e1215a5

Author SHA1 Message Date
Christoph Schmatzler
4b8e1215a5 fuck 2026-03-13 17:23:36 +00:00
Christoph Schmatzler
b21a150452 paperless-gpt 2026-03-13 17:23:36 +00:00
Christoph Schmatzler
b24065bf5c ld 2026-03-13 17:23:36 +00:00
9 changed files with 57 additions and 13 deletions
Expand all files Collapse all files

2
.sops.yaml
View File

@@ -1,4 +1,5 @@
keys: keys:
- &user_cschmatzler age1xate984yhl9qk9d4q99pyxmzz48sq56nfhu8weyzkgum4ed5tc5shjmrs7
- &host_tahani age1njjegjjdqzfnrr54f536yl4lduqgna3wuv7ef6vtl9jw5cju0grsgy62tm - &host_tahani age1njjegjjdqzfnrr54f536yl4lduqgna3wuv7ef6vtl9jw5cju0grsgy62tm
- &host_michael age187jl7e4k9n4guygkmpuqzeh0wenefwrfkpvuyhvwjrjwxqpzassqq3x67j - &host_michael age187jl7e4k9n4guygkmpuqzeh0wenefwrfkpvuyhvwjrjwxqpzassqq3x67j
- &host_jason age1ez6j3r5wdp0tjy7n5qzv5vfakdc2nh2zeu388zu7a80l0thv052syxq5e2 - &host_jason age1ez6j3r5wdp0tjy7n5qzv5vfakdc2nh2zeu388zu7a80l0thv052syxq5e2
@@ -7,6 +8,7 @@ creation_rules:
- path_regex: secrets/[^/]+$ - path_regex: secrets/[^/]+$
key_groups: key_groups:
- age: - age:
- *user_cschmatzler
- *host_tahani - *host_tahani
- *host_michael - *host_michael
- *host_jason - *host_jason

2
modules/_hosts/tahani/networking.nix
View File

@@ -13,7 +13,7 @@
nameservers = ["1.1.1.1"]; nameservers = ["1.1.1.1"];
firewall = { firewall = {
enable = true; enable = true;
trustedInterfaces = ["eno1" "tailscale0"]; trustedInterfaces = ["eno1" "tailscale0" "docker0"];
allowedUDPPorts = [ allowedUDPPorts = [
53 53
config.services.tailscale.port config.services.tailscale.port

29
modules/_hosts/tahani/paperless.nix
View File

@@ -18,30 +18,35 @@
tls { tls {
get_certificate tailscale get_certificate tailscale
} }
reverse_proxy localhost:3000 reverse_proxy localhost:8080
''; '';
}; };
}; };
virtualisation.oci-containers = { virtualisation.oci-containers = {
backend = "docker"; backend = "docker";
containers.paperless-ai = { containers.paperless-gpt = {
image = "clusterzx/paperless-ai:3.0.9"; image = "icereed/paperless-gpt:latest";
autoStart = true; autoStart = true;
ports = [ ports = [
"127.0.0.1:3000:3000" "127.0.0.1:8080:8080"
]; ];
volumes = [ volumes = [
"paperless-ai-data:/app/data" "paperless-gpt-data:/app/data"
"paperless-gpt-prompts:/app/prompts"
]; ];
environment = { environment = {
PUID = "1000"; PAPERLESS_BASE_URL = "http://host.docker.internal:${toString config.services.paperless.port}";
PGID = "1000"; LLM_PROVIDER = "openai";
PAPERLESS_AI_PORT = "3000"; LLM_MODEL = "gpt-5.4";
# Initial setup wizard will configure the rest LLM_LANGUAGE = "German";
PAPERLESS_AI_INITIAL_SETUP = "yes"; VISION_LLM_PROVIDER = "openai";
PAPERLESS_API_URL = "http://host.docker.internal:${toString config.services.paperless.port}/api"; VISION_LLM_MODEL = "gpt-5.4";
LOG_LEVEL = "info";
}; };
environmentFiles = [
config.sops.secrets.tahani-paperless-gpt-env.path
];
extraOptions = [ extraOptions = [
"--add-host=host.docker.internal:host-gateway" "--add-host=host.docker.internal:host-gateway"
]; ];
@@ -60,7 +65,7 @@
services.paperless = { services.paperless = {
enable = true; enable = true;
address = "127.0.0.1"; address = "0.0.0.0";
consumptionDir = "/var/lib/paperless/consume"; consumptionDir = "/var/lib/paperless/consume";
passwordFile = config.sops.secrets.tahani-paperless-password.path; passwordFile = config.sops.secrets.tahani-paperless-password.path;
settings = { settings = {

1
modules/chidi.nix
View File

@@ -11,6 +11,7 @@
den.aspects.ai-tools den.aspects.ai-tools
den.aspects.zellij den.aspects.zellij
den.aspects.zk den.aspects.zk
den.aspects.secrets
]; ];
den.aspects.chidi.darwin = {pkgs, ...}: { den.aspects.chidi.darwin = {pkgs, ...}: {

1
modules/dev-tools.nix
View File

@@ -16,6 +16,7 @@
devenv devenv
docker docker
docker-compose docker-compose
lazydocker
gh gh
gnumake gnumake
hyperfine hyperfine

1
modules/jason.nix
View File

@@ -11,6 +11,7 @@
den.aspects.ai-tools den.aspects.ai-tools
den.aspects.zellij den.aspects.zellij
den.aspects.zk den.aspects.zk
den.aspects.secrets
]; ];
den.aspects.jason.darwin = {...}: { den.aspects.jason.darwin = {...}: {

2
modules/secrets.nix
View File

@@ -19,6 +19,8 @@
age age
gnupg gnupg
sops sops
ssh-to-age
]; ];
home.sessionVariables.SOPS_AGE_SSH_PRIVATE_KEY_FILE = "~/.ssh/id_ed25519";
}; };
} }

6
modules/tahani.nix
View File

@@ -12,6 +12,7 @@
den.aspects.ai-tools den.aspects.ai-tools
den.aspects.zellij den.aspects.zellij
den.aspects.zk den.aspects.zk
den.aspects.secrets
]; ];
den.aspects.tahani.nixos = {...}: { den.aspects.tahani.nixos = {...}: {
@@ -30,6 +31,11 @@
format = "binary"; format = "binary";
path = "/run/secrets/tahani-paperless-password"; path = "/run/secrets/tahani-paperless-password";
}; };
tahani-paperless-gpt-env = {
sopsFile = ../secrets/tahani-paperless-gpt-env;
format = "binary";
path = "/run/secrets/tahani-paperless-gpt-env";
};
tahani-email-password = { tahani-email-password = {
sopsFile = ../secrets/tahani-email-password; sopsFile = ../secrets/tahani-email-password;
format = "binary"; format = "binary";

26
secrets/tahani-paperless-gpt-env Normal file
View File

@@ -0,0 +1,26 @@
{
"data": "ENC[AES256_GCM,data:0VWwVEBsCRhTzkF+ee9sEvmPBaMOrC00NgWx6qAj5DchVlulQPQzCHHSMQoNhKSKq3bP2wwZ2XTYEWmJDhQwDaz+zbLKk8Suc7RBFZ8b3iRhn2dTf+Cv9gltnPK24Xqe8XZywO/u7gxWlxSNAY8leLa5U7F7iZ5jweqCls/KjSySFS4XKMsWQrV19frzHEyh2KiAXnkdq3YLrm1aYPTltXuZQR/sCaH6KTnB87mYtRJQU4UsaHBhvVCvAb3/dk65uXDT79fl6+tOKb6PrAOiAwBWvY83C6XTufAFeM7UUh/evbBvYvDfuFsLyOgRQY4xV7s=,iv:EsR+SHYm7na2XIVvcTwmxwMOLy5W/Mtxc9FhbYVmo9I=,tag:HO5pXRFvXM323+uO2PRTGQ==,type:str]",
"sops": {
"age": [
{
"recipient": "age1njjegjjdqzfnrr54f536yl4lduqgna3wuv7ef6vtl9jw5cju0grsgy62tm",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0ZEFOb3FBdWVlWCtHZy95\nM0dlbU0wdk5MQkwvR2poa2FMNmowSkxFNlV3CjZ0SENCUXk1ZU9HL252bGpOU1FW\nZEpOejdsa29KVy9yejVrODFMQzBENWsKLS0tIGVKYXNPZ2dkMUR4c29ONG95UWVC\nQWdzcW1QZWltK0JaSDRPa3BtR0NOZGcKkzny9HFJeLR8l7ohnqyGSFKoMgl2SR8p\nTxxkQ6hpwu6TmxH3Bbx2nbZ7i+JBjrqNQqZSHO5i3URsDwjpRLxm6w==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age187jl7e4k9n4guygkmpuqzeh0wenefwrfkpvuyhvwjrjwxqpzassqq3x67j",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSM2o3V2NPWWtQamJNRitI\nb3RsVTV6SG9weXl2eE5SRmlKL0pQZUF3blM4CmV5Nm1IZFZyQkE2WXJETTVmTlcx\nZG5RbGYyZTJTbmIzWllnWEs3RCtlNmcKLS0tICsrWHdwVlYwRXc3TUJ4eEw0a0V4\nRTRlSjNLRDMwaUhIQ01uckRqSE5IcUkKO+yVAhRWZ5nT2JMxdm/8CBwXK0kONXVD\n58lfNVcRsl+GsA7qg3UL4afEi18XiKMZFAxQUxeY3dzG49W3fMjiMg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1ez6j3r5wdp0tjy7n5qzv5vfakdc2nh2zeu388zu7a80l0thv052syxq5e2",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkKzN5UHg1YTlyTlBTVmxa\ncTZjM0NpN0J3MWRmUFJ3RmR2VTAxUkQ0N0djCkY2aUtGSkRZKzhoOUNSTHpoS3ZT\nRHdsdzkvcm5hOVpOd0JhdDhxVTg2OHcKLS0tIG1ITExXQXR6c2svdWlLM05RTWxq\ndG5KQy9GdWg3VlJkNEIvSExhOTB2eEkK47OqnTj8vX00b7E0+d2KgVGbhI1yyay3\nZN4+HdZwf3BLz4L03bUp96D4O06QejeANHT0xmjc8xOGsPjznqSkSQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1tlymdmaukhwupzrhszspp26lgd8s64rw4vu9lwc7gsgrjm78095s9fe9l3",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnQkhwckJueGt6dVNRRDFQ\nL3VKTy9ucFVLN1RnM05LV3kzR3RsK0NaY0VRCko1NmxQbE10OWgyRHFhZ0F3QTRM\nUmdnMElqWmlneFJUL01SQ2R1TGtRbTQKLS0tIHR3RjFxS0RsNFJGZmM1SmV5aTlK\nM1prTmxWNVFRM3Z1b3RLYzl2RDByWHcK/My/c/sQADZmbPOYhoEXpiG2FQ41Cbih\nthHGvRyF3lk9vcN/9cWQeiayzlgrwLsiEe1naOxpSuS+gvl3BySLzw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-03-13T16:55:58Z",
"mac": "ENC[AES256_GCM,data:cVPUe+6fb3Kw2sbjG7cOIi/4aIZHuZHcnaZtfCw6VyQpLCfJScNmVJ64050S2Sk0032MYNCJGwYYritK22HBoPioELhYP6hyDSHKMBo+kxrkOcAiNd/I841hEKwZk8nvhAbu4mMdhpJGdTMCKqwYS1LIMIeiL/KRMFdgf0QGmvU=,iv:HUuMaA7c11gOQi4Co8XYiATUTX+be73ua+D7SwBAtL0=,tag:J6VkolgwqkgglWHWwGAEXQ==,type:str]",
"version": "3.12.1"
}
}