From d963610517d776a51634a7db58d5ba350a825ac6 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Tue, 11 Feb 2025 13:49:25 +0100 Subject: [PATCH] Enable Authentik auth on Paperless-ngx --- modules/paperless.nix | 19 +++++++++++++++++++ secrets.yml | 6 ++++-- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/modules/paperless.nix b/modules/paperless.nix index 5ac3937..e0e4824 100644 --- a/modules/paperless.nix +++ b/modules/paperless.nix @@ -57,6 +57,25 @@ PAPERLESS_OCR_LANGUAGE.value = "nld"; USERMAP_UID.value = "33"; USERMAP_GID.value = "33"; + PAPERLESS_APPS.value = "allauth.socialaccount.providers.openid_connect"; + PAPERLESS_SOCIALACCOUNT_PROVIDERS.value = '' + { + "openid_connect": { + "APPS": [ + { + "provider_id": "authentik", + "name": "Authentik", + "client_id": "z5PlhxTB1eXJ9L39Ix2BfhLV72TbF3vbGJZUtyBJ", + "secret": "ref+sops://secrets.yml#/authentik/oauth2/paperless-ngx/client_secret+", + "settings": { + "server_url": "https://authentik.kun.is/application/o/paperless-ngx/.well-known/openid-configuration" + } + } + ], + "OAUTH_PKCE_ENABLED": "True" + } + } + ''; PAPERLESS_DBPASS.valueFrom.secretKeyRef = { name = "database"; diff --git a/secrets.yml b/secrets.yml index c3bca77..194cd09 100644 --- a/secrets.yml +++ b/secrets.yml @@ -42,6 +42,8 @@ authentik: client_secret: ENC[AES256_GCM,data:e7wdwWRS8KivGkcWaMgSrUEEuOTHzj1oim+qUcLD35/DA/V6itM2XqVPhqIOXHrf6pOyYgprEv14bEx8zUvtT6iXV4fsEUEWeWTgt4NI3YULtx/t0yVDq9Zc8fN9cIqGxGeig1mcQwmm7vByq58mNJEpcfz46swjN2ATf/CPJQs=,iv:xeNgSKd+g4ne8NLw/2KQjTXSvNkqezOhMn5niuWpD38=,tag:ElOUMg0oZ+q15hCgh/Mzug==,type:str] hedgedoc: client_secret: ENC[AES256_GCM,data:hdNQzatO6Pf6mxvfO4h1XrhycKMBUHElEwacGttzByi4JDbIndAwYc2GXdwUmytPMYs/s+lVjcdHhspUFWS01DETWQfnWm/GN73GzW18uj3XyRXqt62HhMf18GvRlOWkGX+jYpUTGGoonYes2xijhD/mNCjxKk5Q+6FVFT2mdJ4=,iv:pScEX6YnoU7HelxmCes8A9vJjPdvFbqbclHYMme8OOE=,tag:FURxphI8IDMvOwB4ahD8hg==,type:str] + paperless-ngx: + client_secret: ENC[AES256_GCM,data:GgF+gQt8olzKUzGMDL6mh6UWDv49OPDH5tB/gboWkFd7Njc1SrSkqf71gQryOcPQ0vpXrh0nK1z6ZjMpmDEA5ohTwWymeLCgwNtJSAMHZ1VlZ2aQZr70r3KtAxKjmTiT5flUYnxS79fCF43BveSMGeAshRCvQmYCdi43sP2E4To=,iv:DzsIRPiMzxaqVrjaHMVKWgOR0asZQzWf8EE1nxRSJmk=,tag:79bo7EzVq9tvL6ap6jfV+Q==,type:str] smtp2go: username: ENC[AES256_GCM,data:BEr7Rq7rlGvfYEpY/ZXnhM2eClnHdqU81A==,iv:dwYD5h+C5bzS9ikUgxQ51+jRQ32TtDy2PhDbd1tpS8Q=,tag:CjjLDz5n4H28qi8jWf9S4w==,type:str] password: ENC[AES256_GCM,data:Yys6qy6DRYo16+X+Uj9oa9otjaKBnHOtIQ==,iv:G7H9mxsODShFoVlNMwuV8O18NBG/7LTFDFdqnH83YkE=,tag:hSlYp27QMoPZwiKBqyOpKA==,type:str] @@ -69,8 +71,8 @@ sops: azR0UkJyL0RwUVk4ZzdkSWptcDlWVjAK5FU9B5TBSnV3azO4eCv13T6i3dGGuI68 UgBrVEb1/Fv+4XTjeSEhpiOaH8sNWYoNa3Aa7uTZYlHDRWga2GC7zw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-02-10T21:46:28Z" - mac: ENC[AES256_GCM,data:NMQNgNKgms8fyK0gLSjvLxVprk5k/zSVdJL07+dnXjbbYA7IjsktQF4Nljg641NVU12F4IHr6vLvihDfCI78Qm9c66osp+vdmsYvGwLdploWwjOLONJL8WNiJI6AJjgnbUP9puca+AeKgl8o3ymNfhro+K8GsbRb5+mk8frasGM=,iv:KUSyiojnjbY3e59Ci40+Vk6+6bAyyuhQ5rUlUmVIDBs=,tag:Cr3eQfO8AIiBihTR1T4jxw==,type:str] + lastmodified: "2025-02-10T22:06:20Z" + mac: ENC[AES256_GCM,data:h0ftLDeqbu/CRzjKJ3XXqFvkIZ3ukUR1nLNnYkqEuZ+91pHgzwY+zrTd17rFtTR6qVWh3i6BNLy7bCG+sHO+V3+573mzOsKkkEsUMp0ldR2MWz/1hpeNKma0gKWFZ8TCyligS6De4eZAStyhmT6sSiV4vYmj5Hh6mzX9DIp5TFI=,iv:353NJukBFAVaAqHzpWxpcmDwAqJVaB26/bXHmyKKzLo=,tag:XtvsmLS7GvRUGeKaTFmmlw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4