diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index 27e0673..c44a4a1 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -87,6 +87,13 @@ in { adminpassFile = config.age.secrets."nextcloud/admin-pass".path; }; + paperless = { + enable = true; + port = 8085; + passwordFile = config.age.secrets."paperless/admin-password".path; + secretKeyFile = config.age.secrets."paperless/secret-key".path; + }; + photoprism = { enable = true; port = 8084; diff --git a/hosts/hades/secrets.nix b/hosts/hades/secrets.nix index 7215825..28b5d07 100644 --- a/hosts/hades/secrets.nix +++ b/hosts/hades/secrets.nix @@ -25,6 +25,9 @@ owner = "nextcloud"; }; + "paperless/admin-password" = {}; + "paperless/secret-key" = {}; + "restic-backup/hades-credentials" = {}; "restic-backup/hades-password" = {}; diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index d3c263f..037db1e 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -81,13 +81,6 @@ in { port = 8083; }; - paperless = { - enable = true; - port = 8085; - passwordFile = config.age.secrets."paperless/admin-password".path; - secretKeyFile = config.age.secrets."paperless/secret-key".path; - }; - tailscale = { enable = true; exitNode = true; diff --git a/hosts/poseidon/secrets.nix b/hosts/poseidon/secrets.nix index 1d87c3c..238e7ea 100644 --- a/hosts/poseidon/secrets.nix +++ b/hosts/poseidon/secrets.nix @@ -17,9 +17,6 @@ "lohr/shared-secret" = {}; - "paperless/admin-password" = {}; - "paperless/secret-key" = {}; - "restic-backup/poseidon-credentials" = {}; "restic-backup/poseidon-password" = {}; diff --git a/modules/secrets/paperless/admin-password.age b/modules/secrets/paperless/admin-password.age index 4735d29..62639ad 100644 Binary files a/modules/secrets/paperless/admin-password.age and b/modules/secrets/paperless/admin-password.age differ diff --git a/modules/secrets/paperless/secret-key.age b/modules/secrets/paperless/secret-key.age index 63e99fc..7870c7a 100644 --- a/modules/secrets/paperless/secret-key.age +++ b/modules/secrets/paperless/secret-key.age @@ -1,12 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 k2gHjw hTWIhs//PCC1vsJrn+UL42FtqRzIKAzfQaVF8gU9iAo -B+BnsXp6J/NLViCMTd6vqj+JbTkkahjqabVvPIU5q9g --> ssh-ed25519 z6Eu8Q YMS3Ht3/97IcTJ31XsmnHhKIo41ewzuGAbnhWJA/qWg -8oiUduRgbcjz3EaP0VEUewVirgdoc7XVogscdceE4Ew --> --grease zku kAX26^8 N0 -Z/CvenJrdHzvk/YZq06fR25xnn2plwbUW3WX86yWv1e7IBYSqnKm9snd5VRRK/R3 -1EWv55qpuPBr ---- BRKnk4UzqUkM4po7qwV3omMv2KSEl5RzujwUSIQgQOg -"Be |!ۃʤWH5wL(v]A,lN14kY1 HZP:n+p)Yq/]i5'=؆OF -E -Ξ8"=ŏs(Xr ۀ \ No newline at end of file +-> ssh-ed25519 k2gHjw CoGvifgWo1JvHjx3PKJa3jR3lKrvgvKnTTui1w6UR0I +gcadr6WbTzyrPD3h3oDifFj/pMZKIzUfDXL6e6610Is +-> ssh-ed25519 pX8y2g MBFa4xDU6CaH6amzlGTmFXIcAXLq2xykRd0WkeUEkQo +91jV5LUuhvOVKSg2cz3TMKI2SaZvCTzXL/xyUWbYJAg +-> lkH}'\W;-grease nZ K\MP7 HUsh +vWwsKxuBXKwpTBkYERd7kPo +--- xohFX48WGxRFVYQzdbSl7l2Go90FSUPH5ml6OalKJwQ +sƀh!,(QlkV~U !B0 ~A!2np`L&{}3%{[)t/njb^{1G[G0  mo :naQ\mfG;(S \ No newline at end of file diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 81d7372..c5e3a36 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -21,8 +21,8 @@ in { "nextcloud/admin-pass.age".publicKeys = [alarsyo hades]; - "paperless/admin-password.age".publicKeys = [alarsyo poseidon]; - "paperless/secret-key.age".publicKeys = [alarsyo poseidon]; + "paperless/admin-password.age".publicKeys = [alarsyo hades]; + "paperless/secret-key.age".publicKeys = [alarsyo hades]; "restic-backup/boreal-password.age".publicKeys = [alarsyo boreal]; "restic-backup/boreal-credentials.age".publicKeys = [alarsyo boreal]; diff --git a/services/paperless.nix b/services/paperless.nix index 415d35e..8a4bd15 100644 --- a/services/paperless.nix +++ b/services/paperless.nix @@ -106,12 +106,12 @@ in { listen = [ # FIXME: hardcoded tailscale IP { - addr = "100.80.61.67"; + addr = "100.115.172.44"; port = 443; ssl = true; } { - addr = "100.80.61.67"; + addr = "100.115.172.44"; port = 80; ssl = false; }