nix-infra/configs/containers/paperless_container.nix

{ lib, pkgs, config, ... }:
let paperless_dir = "/mnt/paperless_dir";
in {

  deployment = {
    targetHost = "192.168.178.93";
    targetPort = 22;
    targetUser = "root";
  };
  networking.hostName = "paperless";
  networking.interfaces.wgbr.ipv4.addresses = [
    {
      address = "10.8.1.7";
      prefixLength = 24;
    }
  ];
  imports = [
    ../container_config.nix
    ../services/paperless.nix
  ];


  # set up secret key
  sops = {
    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
    secrets = {
      smb_uname.sopsFile = ../../secrets/paperless/secrets.yaml;
      smb_pass.sopsFile = ../../secrets/paperless/secrets.yaml;
    };

    templates."cifs-credentials".content = ''
      username=${config.sops.placeholder.smb_uname}
      password=${config.sops.placeholder.smb_pass}
    '';
  };

  # Mount paperless directory
  environment.systemPackages = [ pkgs.cifs-utils ];
  systemd.tmpfiles.rules = [
    "d ${paperless_dir} 0755 paperless paperless 99999y"
  ];
  fileSystems.${paperless_dir} = {
    device = "//10.8.1.5/mnt/main_zfs/milo_paperless";
    fsType = "cifs";
    options =
      let
        # this line prevents hanging on network split
        automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";

      in
      [
        "${automount_opts}"
        "credentials=${config.sops.templates."cifs-credentials".path}"
        "uid=315,gid=315"
      ];
  };
}