set up paperless

configs/containers/paperless_container.nix

@@ -0,0 +1,58 @@
+{ lib, pkgs, config, ... }:
+let paperless_dir = "/mnt/paperless_dir";
+in {
+
+  deployment = {
+    targetHost = "192.168.178.93";
+    targetPort = 22;
+    targetUser = "root";
+  };
+  networking.hostName = "paperless";
+  networking.interfaces.wgbr.ipv4.addresses = [
+    {
+      address = "10.8.1.7";
+      prefixLength = 24;
+    }
+  ];
+  imports = [
+    ../container_config.nix
+    ../services/paperless.nix
+  ];
+
+
+  # set up secret key
+  sops = {
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    secrets = {
+      smb_uname.sopsFile = ../../secrets/paperless/secrets.yaml;
+      smb_pass.sopsFile = ../../secrets/paperless/secrets.yaml;
+    };
+
+    templates."cifs-credentials".content = ''
+      username=${config.sops.placeholder.smb_uname}
+      password=${config.sops.placeholder.smb_pass}
+    '';
+  };
+
+  # Mount paperless directory
+  environment.systemPackages = [ pkgs.cifs-utils ];
+  systemd.tmpfiles.rules = [
+    "d ${paperless_dir} 0755 paperless paperless 99999y"
+  ];
+  fileSystems.${paperless_dir} = {
+    device = "//10.8.1.5/mnt/main_zfs/milo_paperless";
+    fsType = "cifs";
+    options =
+      let
+        # this line prevents hanging on network split
+        automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
+
+      in
+      [
+        "${automount_opts}"
+        "credentials=${config.sops.templates."cifs-credentials".path}"
+        "uid=315,gid=315"
+      ];
+  };
+}
+