paperless

Document management system

• Github
• Website

Example

{config, ...}: {
  nps.stacks.paperless = {
    enable = true;

    adminProvisioning = {
      username = "admin";
      passwordFile = config.sops.secrets."paperless/admin_password".path;
      email = "admin@example.com";
    };
    secretKeyFile = config.sops.secrets."paperless/secret_key".path;
    db.passwordFile = config.sops.secrets."paperless/db_password".path;
    extraEnv = {
      PAPERLESS_OCR_LANGUAGES = "eng deu";
      PAPERLESS_OCR_LANGUAGE = "eng+deu";
    };

    oidc = {
      enable = true;
      clientSecretFile = config.sops.secrets."paperless/authelia_client_secret".path;
      clientSecretHash = "$pbkdf2-sha512$...";
    };
  };
}

Stack Options

nps.stacks.paperless.adminProvisioning.email

Email address for the admin user

Type

string

Declaration

<nps/modules/paperless>

nps.stacks.paperless.adminProvisioning.enable

Whether to automatically create an admin user on the first run. If set to false, an admin user can be manually created using the createsuperuser command.

See https://docs.paperless-ngx.com/administration/#create-superuser

Type

boolean

Default

true

Declaration

<nps/modules/paperless>

nps.stacks.paperless.adminProvisioning.passwordFile

Path to a file containing the admin user password

Type

absolute path

Default

null

Declaration

<nps/modules/paperless>

nps.stacks.paperless.adminProvisioning.username

Username for the admin user

Type

string

Default

"admin"

Declaration

<nps/modules/paperless>

nps.stacks.paperless.containers.paperless

Alias of {option}services.podman.containers.paperless.

Type

submodule

Declaration

<nps/modules/paperless>

nps.stacks.paperless.containers.paperless-broker

Alias of {option}services.podman.containers.paperless-broker.

Type

submodule

Declaration

<nps/modules/paperless>

nps.stacks.paperless.containers.paperless-db

Alias of {option}services.podman.containers.paperless-db.

Type

submodule

Declaration

<nps/modules/paperless>

nps.stacks.paperless.containers.paperless-ftp

Alias of {option}services.podman.containers.paperless-ftp.

Type

submodule

Declaration

<nps/modules/paperless>

nps.stacks.paperless.db.passwordFile

Path to the file containing the database password for Paperless

Type

absolute path

Declaration

<nps/modules/paperless>

nps.stacks.paperless.db.username

Database user name for Paperless

Type

string

Default

"paperless"

Declaration

<nps/modules/paperless>

nps.stacks.paperless.enable

Whether to enable paperless.

Type

boolean

Default

false

Example

true

Declaration

<nps/modules/paperless>

nps.stacks.paperless.enableTika

Whether to enable Tika and Gotenberg to process Office and e-mail files with OCR.

See https://docs.paperless-ngx.com/configuration/#tika

Type

boolean

Default

false

Declaration

<nps/modules/paperless>

nps.stacks.paperless.extraEnv

Extra environment variables to set for the container. Variables can be either set directly or sourced from a file (e.g. for secrets).

See https://docs.paperless-ngx.com/configuration

Type

attribute set of (null or boolean or signed integer or string or absolute path or (submodule))

Default

{ }

Declaration

<nps/modules/paperless>

nps.stacks.paperless.ftp.enable

Whether to enable FTP server.

Type

boolean

Default

false

Example

true

Declaration

<nps/modules/paperless>

nps.stacks.paperless.ftp.passwordFile

Path to the file containing the FTP password

Type

absolute path

Declaration

<nps/modules/paperless>

nps.stacks.paperless.oidc.clientSecretFile

The file containing the client secret for the OIDC client that will be registered in Authelia.

For examples on how to generate a client secret, see

https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#client-secret

Type

string

Example

config.sops.secrets."immich/authelia/client_secret".path"

Declaration

<nps/modules/paperless>

nps.stacks.paperless.oidc.clientSecretHash

The client secret hash. For examples on how to generate a client secret, see https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#client-secret

The value can be passed in multiple ways:

1. As a literal string
2. As an absolute path to a file containing the hash (toFile)
3. As an absolute oath to a file containing the client_secret, in which case the hash will be automatically computed (toHash)
4. As null

If left unset (null), the client secret will be read from the file specified in the clientSecretFile option and hashed automatically before being passed to the Authelia container.

Type

null or string or (submodule)

Default

null

Example

# Literal String:
"$pbkdf2-sha512$310000$cbOAIWbfz3vCVXIPIp6d2A$J0klwULa6TvPRCU1HAfuKua/dMKTl8gbTYJz2N73ejGUu0LUGz/y3kwmJLuKuAYGg3WQOT0q9ZzVHHUvpKpgvQ"

# Client secret hash stored in a file
{ fromFile = config.sops.secrets."immich/client_secret_hash".path; }

# Client secret stored in a file: Hash will be computed dynamically
{ toHash = config.sops.secrets."immich/client_secret".path; }

# Null (default): Hash will be computed automatically based on the clientSecretFile option
# Equivalent to { toHash = cfg.oidc.clientSecretFile; }
null

Declaration

<nps/modules/paperless>

nps.stacks.paperless.oidc.enable

Whether to enable OIDC login with Authelia. This will register an OIDC client in Authelia and setup the necessary configuration for Paperless.

For details, see:

For details, see:

• https://www.authelia.com/integration/openid-connect/clients/paperless/
• https://docs.paperless-ngx.com/advanced_usage/#openid-connect-and-social-authentication

Type

boolean

Default

false

Declaration

<nps/modules/paperless>

nps.stacks.paperless.oidc.userGroup

Users of this group will be able to log in

Type

string

Default

"paperless_user"

Declaration

<nps/modules/paperless>

nps.stacks.paperless.secretKeyFile

Path to the file containing the Paperless secret key

See https://docs.paperless-ngx.com/configuration/#PAPERLESS_SECRET_KEY

Type

absolute path

Declaration

<nps/modules/paperless>