diff options
Diffstat (limited to 'tw/system')
| -rw-r--r-- | tw/system/files/paperless-secret-key.enc | 8 | ||||
| -rw-r--r-- | tw/system/files/restic/lud-paperless.enc | 7 | ||||
| -rw-r--r-- | tw/system/lud.scm | 22 |
3 files changed, 35 insertions, 2 deletions
diff --git a/tw/system/files/paperless-secret-key.enc b/tw/system/files/paperless-secret-key.enc new file mode 100644 index 00000000..ab11cf0c --- /dev/null +++ b/tw/system/files/paperless-secret-key.enc @@ -0,0 +1,8 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHBESlBiZyBUdkVy +OXBIRHVKZ01McXVkU1IzbDRCeDRMcU95TnRqSEJ0VHNWOEJGbTEwCkZnME1wR2Vn +TVVNSldva0dFdDFJcFNxVG9rSHdQYi9aUWQ5U1hsbnRVdmMKLS0tIEV5d21GcGVI +aHROU0IxdGFwRXlEVlNQV1NNdzRHQnlTcWF1YnNsM0ZuUlkKZiNsYpphMWqTzUFO +8zfIk3cmPuuoSUh8D+xlNzhzX/7gu0rM1iFabIqj7ucmwf1wSoNr/29jcsSP9RC2 +/zF3JiSKqTM/5A== +-----END AGE ENCRYPTED FILE----- diff --git a/tw/system/files/restic/lud-paperless.enc b/tw/system/files/restic/lud-paperless.enc new file mode 100644 index 00000000..135e0cef --- /dev/null +++ b/tw/system/files/restic/lud-paperless.enc @@ -0,0 +1,7 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHBESlBiZyA5Zk11 +aVNZQ28zaldNZXYrOXVsd290aGRUcDFXQmdoaU8xV3dNa2Ivb0c4CnM3c2VUdDRK +MlBqMndKQ24vcUE4TFNubExJWGE1MU5FWDdjSnp5bm5sMWsKLS0tIGZaWWp0NjNj +cm5zMGVnNkpOL3pmTVhnU1Z2di9tOXd2SWhuUTZucHVQVmcK7sCThALV4gOc08rT +oFB2deLCs1tcp2bOEhWSGtYwTqm+KGIVuS0MeJ4b9aV9OtyLWw== +-----END AGE ENCRYPTED FILE----- diff --git a/tw/system/lud.scm b/tw/system/lud.scm index dd0d39a9..d6d60be6 100644 --- a/tw/system/lud.scm +++ b/tw/system/lud.scm @@ -9,6 +9,7 @@ #:use-module (tw services nextcloud) #:use-module (tw services matrix) #:use-module (tw services media) + #:use-module (tw services paperless) #:use-module (tw services restic) #:use-module (tw services secrets) #:use-module (tw services web) @@ -17,8 +18,9 @@ (use-package-modules acl admin bash certs databases guile-xyz linux man php python python-xyz rsync shells tls tor version-control video) -(use-service-modules certbot cgit databases file-sharing mcron monitoring - networking pm ssh syncthing version-control vpn web) +(use-service-modules certbot cgit databases dbus desktop docker file-sharing + mcron monitoring networking pm ssh syncthing + version-control vpn web) (define efi-system-partition ; /dev/sda1 (uuid "51F3-FB71" 'fat32)) @@ -82,6 +84,16 @@ (host-name host-name) (ipv6? #f))) ; currently broken + (service dbus-root-service-type) ; for Docker + (service elogind-service-type) ; for Docker + (service docker-service-type) ; for Paperless + (service redis-service-type) ; for Paperless + (service paperless-service-type + (paperless-configuration + (domain "paper.wilkenfamily.de") + (data-path "/var/data/paperless") + (secret-key-file "/etc/paperless/secret-key"))) + ;; Allow anonymous git access via Wireguard, e.g. to this channel's git repo. ;; Repos are only published if they contain a `git-daemon-export-ok' file. (service git-daemon-service-type @@ -278,6 +290,12 @@ innodb_io_capacity = 4000 (secrets (list (secret + (encrypted-file (local-file "files/paperless-secret-key.enc")) + (destination "/etc/paperless/secret-key")) + (secret + (encrypted-file (local-file "files/restic/lud-paperless.enc")) + (destination "/etc/restic/lud-paperless")) + (secret (encrypted-file (local-file "files/mythic-dns.scm.enc")) (destination "/etc/mythic-dns.scm")) (secret |