From d2e0b9d2d302b32eef838f6d6ec2ddbdf93c1c94 Mon Sep 17 00:00:00 2001
From: "Lennart J. Kurzweg (Nx2)" <git@nx2.site>
Date: Sun, 15 Dec 2024 15:14:52 +0100
Subject: [PATCH 1/3] paperless

---
 configuration.nix                    |   1 +
 git-crypt/secrets.nix                | Bin 3129 -> 3230 bytes
 sops-secrets.yaml                    |   6 +-
 system-modules/nx2site/paperless.nix | 197 +++++++++++++++++++++++++++
 system-modules/nx2site/proxy.nix     |   6 +-
 5 files changed, 206 insertions(+), 4 deletions(-)
 create mode 100644 system-modules/nx2site/paperless.nix

diff --git a/configuration.nix b/configuration.nix
index 9e989cb..7d8de92 100755
--- a/configuration.nix
+++ b/configuration.nix
@@ -44,6 +44,7 @@
     ./system-modules/nx2site/proxy.nix
     ./system-modules/nx2site/gitea.nix
     ./system-modules/nx2site/vaultwarden.nix
+    ./system-modules/nx2site/paperless.nix
   ] else []);
 
   # Set your time zone.
diff --git a/git-crypt/secrets.nix b/git-crypt/secrets.nix
index 7f066b13a1e712156ab46843331e2fd5162c2ad2..4b96c7378353318d5accbc903d78441b8a1f3194 100755
GIT binary patch
literal 3230
zcmZQ@_Y83kiVO&0Si4JwFa6nnj|5ZW?8z@h*41TRH@W(4)tRn-6H{J(x7@ZJBIl3E
zJ$@BbV>MgB@zrDg)$#{f8Eh^YF2BhjIDhJnkGcXOu^NjKxr!#)f8lcN2o9UY^sQ>9
za_NcG9TvKb_J7i2+#1dJB$J+3f2b2u^W?tpP2t69-Ck?mLQA)j{Fl}bjT3jK@G$u{
zFUj3)#c*v~F`trc<hRhaOHUqEw5k3wyTFvUZc$Rf483J{RPUTo`Ssacs`|d~zA&ro
z<2HsyUHfKBU6PeOJoC?e(M4MPbG^FdclRz`w6N5>GG^Ygo^~lsuM^i)?GMhZD8A(z
zY!a_2m5`&~6S=^kOL)nZQoWN4+Z;Kn6n$*(NW?MUDO?(`v6SsPA48n{EW4Vso0>{@
z87P|fDcWYu?OB+AW>-VArQ`eJ_Y#YqTS^s%|9;89`PjGiQ;6fW;u(?`@=u(Y_~Kj?
z!_NE<$6tN?uUnHhW0~XZ;5YHtJ&*QQ2c7b7s%m>7^V7$=;lP_MN3!`3@Tn|x-<f|(
z^qUEPV%i2KyYq&Nm!1^aF<ou(=NiMc?RUMmT-=oTYoAR&zvT8EQ(_a_&hCv{#(z{Q
zCHnog-AXs}O>WOl_PYCDaYAp+-zz?m@()`CXUGe-TQ2+Q%{rs(Hg~{w_t@L99j_wF
z1GxBGSaK6KxhQqT1(XJ?{(APrR{6D0Rl>LaKbGe6;YVG@Tj|%lVH!S;j0N+Vza}o5
z*w@<D>sPWY^}*KoV>>iBPIgK!?yFcG$((uZqlQ)=tDRBPT6dns>_Uedq#LdW@AJHP
z;KJGL#HsRKDO}8ai_Mp9IhnYwGPyW5^as-lDTURdz8R6Nj*7dh9^3l)9KJByn)z^>
z$6}d+o@J}WK4(TTsJZ^*dbROYS4d>g#<%YePx>SOKj_ct@|I1RE~UjgAGmTHE2*&2
zEce;@#X!(zN>x^Wu()7jZ*}q9z@keWtxKQl{$VYC%HeQSSXlIm;SDyg;&|`EBUN|b
z7?htE-g9ozZN9JPmF(|c@sH2DP}6eb@9Trb;f@!LZ=dse<e0XyZhA-hPnGz0TjY;(
zopt>?x8#eMSxarO&h-368}_(Q|GlZio~<K{DWrUR?3{I_lC$ssJ6CMT9lb5gq}THM
z%|nkxOMX3lH~&h3w9C3o0e?5!E$q{Zy`*<4*93NLO*zl^#_XW}#go++e{HT>Uv~Rc
zyK1%S=l#YmcQV@x8_qpf+U9p!-6!v#+~e@u5;<A3y=H0giazpx$jp+^V1CF)t1~*J
z_1r~I%gJs=+*wxPysK`lP?}>LSH9@sbC;MUM>ril{Y!T~mkn)6_>-R@s(w~Zj-_B@
z^v9Z&mn+^ccKjy#EO5>9Upyyf><s(ok)h@m`cFmeDAT_z5tr1*@xh-~Mmc()IaRh#
zKHK)!r+dC}{k4azC;zaKKKR>(ElNbygVnz57XO_cr}ouL_I|5XYx_TC*0ujGv5&bg
zC}-q!mc==it~vG4=tMe4E5|*?#^{a(ykbnn$vh9Pom-UHdg_Y;d&HsNoi!_Ryfjp6
zKfld6$jNH?^YrJEf_r?fno<9c9SoPh*V$%&$3i)1)z1BM`84}wm7em=wD*lGQ}}V3
zneF$_glQiOl}-nhKV0NI?QFrt-a_w!dG3>5Zn1t9<p0~-GkWm_UI*?6nG?&Gp7SzR
zSo+E6`x@oVtmaGfK8s#@^WpC69^vFQk1b<ecRxukOOEi!&v+SPbz@=KA>mDFxwA@c
z>a#DpvfMjtVb0s6Yje%^efZ_vZ!08j=DYRYqMaLOnz4GuXXqHtyY8>He#t)NnwNbG
z?tcw7o#G)>{_*lt?HSLr4Wxef_E<jA{6B;B%ctI1ud`)0R~hm;ZjxEbek^WNMLdUq
zc~8G_>%Z)YL06BS_IleOd$Z%Fzwm0t3kfs1ZtR}^ech5%c?X|(PJABdXtQ2o#=WC&
zCog!!-&0{JKD)+;^U2R%RrW6{-rRWq@K@xW@D<Jc0;XEQYh^lguY|t(*kkV4HD#7j
z&gKy5e;ej>->^<u?dx;zvEmiAcRsgO7+ep<uHn3P`Ta{%TlcIk<)CjTUCJx}^vCjV
z5UkrL&~o?MnYV&^-|QBAox!<@^;gvjm(qoY&T*{TsWn01pjV3G-Q0K21hQjiJ`56R
z`aZvR>w}Y}iVR_1OLlg=4xLbA8Jols7!c{*wm?qvY|o46X2p)=UEDchN&HSty{{&G
zbzJNw;qowHqqy-?`vdmZr^&u(_)w*LNZff=R}I^&WvSBlRz*9qEPItGaOm-!rGDIx
zdsK2=WqH@R3lwumt?XxicIQf#afRU%i3ft~#U(XPO{+I?OSt^~>wgdPUs-pB)~;F-
zq9`rjcdlltLG%CT%b5FfKNax*w?Dn;^{Eumj_((XH=We@TY8VDhF^XEN5&{s@sk_%
zCslo55B8I{sx^sZ`D~Jvz{r}Ra(=2-2rFBW#m_9y_x6=7v24#6e0`RyuJ;RfI=FtG
z@cX*=2cFhA+j=Ih_Bx(+WsSepr7y--SCg6pwzYnGY?E@iq(_^n|F?#Q1?QiaMV(fM
z%bbNae%b!+{O&D(BEO!WT-4t=HApEfu>N}HYx!8t&z!Fm95?t1>u2;tx=U@;dfz)o
zG~jNOV($4}>Q+xmKRmFTETnd4)3%x2wpw-C`@1i{dfX7c?(5|i9qZb!_e@?c_*teK
zs(Z_8@AS~J-FCe{A}oHyz1n-QD@605gUC(Yo4akaqrE0pf4iMJ$G`UXN;Yk_NB@lD
znm(Sc-M3&(tjVk{=_iYFcKn>YUdgAb>fEJ8H;$x-J((49EKu(EROjlo?>DqCB}`Ra
z#UL5KPdzd4k+6Of;~D`@UV{raR~8$0zdxo~Ej~4H*B6cOwEWVpy;?aMmdD<R_?J!Z
zzqsVPjOe`^Tk_K9p4h)+e%_AVw#6L#KbZQRUVmq@_Io*wmk(zycCF^^;!C?^eQr&d
zijn=*{kHvTvtur4pHs=-c}hcQ#>5g$<>%EL*Cu&-mWs)?v|MApFX!|6%F@JTf!_A5
z{maZB_8Gp|muIMYb>;N*N0wKPZD`$T82HS<YTmBb-e&Wr_ODv?a?Yn@t)e@^T$vHO
z*Zp3(V*OG{kL~F{nm;VsnJ&>4cv8XrUq`L-0_T0z0-3LylXaF)(_0)gH_S}T+R^ZO
zbL-8OY2_Kq|D@lSijD5vc13oURhVmajN)16i#~aVRy;AkE=L~N9=M&`uQyJ*@YmTN
zhrjK$-xjN18{>3pcm363$%7Fk4!ahzoK;!1z)7MlZtvGMZ0pS?&CN9{e_8WSC5HcZ
zpkD`DgvRN$d2KJAeXUn<)N*DKP|bg(u9&tky4+;l<Chr)ufG<r>SMC=N%$lY`YPzg
zcCS}Q)Zb6~Im1U;NYG|&M(m#u&B*FKvzGs~$qKZ5db4uwwcUr4Uddd&F8D{OZHClr
zmaobxvsI6zZ}D5yRai0Sif+UMmyB(Cr#ru$iq&VI%q_C;3IAP>?2TReZz3W$I(#kO
zdW&)6{8{$Lysz3DsW|<qe<A($Gw0d|Hg(6-R3~?zShrsy&@rX)yXG3>a0WNu8sD_Q
z1)G`KZ5TRND&Fq0E?H|PdeFT&_F-DwrgZJE=Q&DN*9s)gk+fH_lYDhs`S1L!byM$O
zb-g_;TdPy*sqosChlN3hX2$RPC%2Gep<Q{Ez#^NNH_LT-o@A82FBI7Ay`^pcnr)Rg
z9>&KtonO?HShsA-Q;%;I+VjGs<X%m<>39Fy@8A>5D}^N)rI<8ttjjyV84<>I<@T%n
zeZrSL&*uv3?bWVWWi7S))Qml;ik}^XXMEgP*E0F^rO6X+zpgnF#N^<$R#UUmbfME}
zt?NH8^X``4*!$x0m!}5r?^|Xt2=|{c%Z-SNn<|(k`#wHrL$S`=?gI&D+!hPn`eNt5
z`wq*Cv-MB+>w9j>-n@(@x$xjEhkC8UO6oIydpuj4RdKGowQhO%BZ+s%7hDU<_MQ0S
z`>~Xh%A2Pqrn0WuBJ_^`&kxS(PQB%s7IQzb9NY11>-TytQR@rZ*Z-IVnv1g>T;gf<
z?sc&0!V^#Bzlw$){;w*{e<;%@&S3FcpJ^?tTi$Sn=Gje~_2FP~v-LS~R-MMPfwStg
zY}i{aYizk_b=t~x6W5^)FBn!X>Z?AdKjXp0_|^?~W`}Na%a?li;EM8=pkOf{g?zbN
z><=W37$>N`aB6FPVb7Gf#jIl||Brh@$G>W_+njQGW-7+tc0$nL+|G%6Z#g@q-P-ef
z?rcNhi|1ov*x0H*3W>ecoc~An=faz8x8gabulHj89{4A5bMVuI_I)XWhu$o?ZP1h9
z!{^=oY0G-Er>U_zJEPOyE46?2y|G?x_sY}%<Q|=w>HMMd@lJlno!5>s#7x<(CO+Z7
ZiUw;p)2X>XmUdNrnRlbbU2Jcv2LOH;FU|k}

literal 3129
zcmZQ@_Y83kiVO&0aQS#eNwO(#$)5u&ZMOwJT;5f#^v~7gxZcJ;3}3H#91o1mJALOw
zIp=kgDZK8+pXNQEKJ%Ttfs|Iq`-88!ufJ9gjefhx`Kt6j0~z+e2hOt_K60^skv*G*
z@$0WGbxD=n8*C(6moR>O-lp&O<G7<ELz;cghtrR)`>&s1(UTMsceqt2hDG;?%#tbl
zsuh?EwrCvCWcGS|EBsp+$8E8zLN^mW<jg5rsx@2c3AfwFs2OgnZY(ijn4RdkL;CMO
zKeccdHk%haA1yK$l8niA`#<%6<;ITBGc5KlN*Ak2d!FsE^XabHad%Tcym))t{*Kf`
z2|;0|&DY-*#quTJUv+V2iBWvY(ivZ-^-8@vz9aRkZHO;t;-O{_5i5sjg}GmHZZUYN
z7AgmqCOxce)t~lOW-7;3=G=8|M`r(6bRfiL?SoT-uV?*u^JV?Kxu*)JKUq4<C7`b&
zK;l>2I>oPzzLQs7)BSwfG}q~^WAdXtB_$amSK^vy92MeXlvDHL3l!exvrOQ@k&eQ-
zoGp`?FRj@Xu=eZSlo>zfv}fKl$W^ro+cd?U$KuKnTP2ISY3!z&x*dMuzveuCocj3e
zN<))~`|SMOuh}^RAM_Rr2?=l55)`6(XXc_uy&o*o{$E=!{M+gKqKCeB*H4&xvXS}n
zzu?=sap#lYm#JvPy+2=YP30ToLzR`yzRjV9eol{LSN1RN(QWylyNdVCW3RNm=bfSy
zi%Ku2seK4obo-{^HLvdsMF$G&Osjb&d1+r@PiBhBo#>$SLLt?P{qFOL^FCV_c%Jh%
zF>+Zh=#y{r?7-={)n|T73I}|;yN~1R=6UYECi2Cid2#Pm_pQ!qw>?-g`ISVN?74~~
zxz7Vub+u%K7=HTx`_mU6wMA;1j>R(<gtN=1#N{k#*>KjqXKtuw(!O(Vr<R#iNSitb
zb~SAN-5T$>^0LQiQOhpLMG;pGwI^=8zUi93pi|@bsq*cAgEi|9U7WN%uld%_HYT^5
z8(Q?M1TD_(51;P)K)Uz-wkvllxBNNy^<2sNEnD0eA7uDlO-s4nnD=qlr%=~(r^0S3
ztu|v$3|+ok%P>A(AW@C4T$g`^Lw9msLqdw~(Ro&n&QI1Ajk(2{sB)$4@s|+8z6LJM
zi_Xs;OzjjDw<x*yTVk&ZTWgO0ins!k%UTU30)5?OJcpaFuS$<-*6DB6cAYwdC6%GF
zDP{ZV4RN#Q^e$Q>XWMwMR`iag$q!xMt?D^@mo9m}+T&xS%|Gp^y|d%i=zPw6_VT`H
zwUupG!k$YpI~%zTn{0n-N7!*j<g+mgdboYQx`8*4qyK=7-f8{gjQkVhKG-_+ZR6=Z
zxk>M)@3)7(S7hQh^Vf*1+qRyIvplb+IhJX**nG3#nyVojGwt@L_!^3RU$XvX>}JnJ
zg%SyeI!@JCOcLsrRql&2vn|b;q}g)p&b0HwiGfK|>?`D%pHvkz&2Nx%EUkaKeZ9?`
z)duHp@C&`mct1VZKweVM{wnkGV(AqZB+l}dOe-|`vt229k>aW?Tc)j9!o2ubVcd$$
zsjrlh(^T)i^ew#I(7)%uc)P&#s-;VHr;BWg{oq}rm8thGopHkxg}<vME5G=Z&E4@u
z_dQ?mFOi%XxeLGD=AG()`qH*N!ND#rpMUPle%@B)v;OXtv});llPpaa-#im<dfxbR
zzs+l&l*HxbdM^vCEB-%v`PJGlQ}#^VDs}riE5&tN^?$UVYK$;?Y$sr?s>1S3#oobY
ziAVXV!}1pbxu>Zg?>TyJS87wkxyF8%85YvP3|sDK7pqzwRh+bLvv2yMujf1WFm2r$
zw|j*%W0;-dI-?nj?|WzYO%wU2#Je$(o$H<Amg_Y_W~|NUW<2owTUyF=@KTxWA}1MF
zHz^5;gOS$%0(MQ0T^;}EY<<JB9HyyGSslLCiwkz%`y+1>5n`1wVV0R?n^B0V&YJ8~
z(`Pg1<%yc{T+EeP<bQ4*UwTJ;n^z^9Osa#@)(IY6HVcgM*g1L6s2bn9lg@rv`vAjz
z^Q+gVJH9oQTvB`JsL8`?50t(=JNbfTV(i+`%bCJkg)U@B=eOyy#s%eWd32BUkMPX*
zJMNr2x4KWS{pR00*2erHFLa;jy!i0$)W4R(u$jj%e+ka$+~m9_cAi?{wdYL}V&!Js
zxV~-nYM%^_up6Idn(vZdnLF(x&-IG8*Yt(IUU`2jIPkenS^K;M=b2smvwjCx{4((I
zSt+uWdr9j47*o%+o44dny0}}CyG203XxF4>iPGJF)Qw(?KDTgw?JWA^{rT5x%a>X%
zTXXD)+?%*S^KDl9U4CmB|IbVB7puI?wPel#Pp3bO3GuN9gH~SUo~ttXK!uR~W!Hue
zFHSp2wb~hdi<V2CzG8<}yn{xT`(x&rOJ)D3rEnP>Qhjt)lPy}eEqsULatpB=&$gH?
zx^Jtkf3WZ9+4DvGE-M@#n5cZ(eyHnR>ayQ0+?NgA_ls;Rww_ePvtnkSlfIO&#ay+T
z*owU>mc~b~ac^B5;kwxO(jkYtJ5)D|?mQ4M&+|&{iO9q2xZii5ICJ3VyceGzc5msq
zbYR9_<>zNFvul_AJoPO1XUXb`#g9LwZqw(ERd`?gIVCmdpZg8n<FmwWTFbV@FwMz%
zamcyFZzYRFh3*a4vXfa)Y*P5*nr3ReeqH`zX<1>a!i#6?$~5aISnZqtYnQ;Qm>{1S
zS5!h~Y^<}0Psq<-nV@)S_7Tr1nP0tb7lxm>_v)4LsukD7ia3jO9OfigzY%WTAbp}g
zVr9kO(;pN{&u=u>nYH1zsezeFhor^4Bfk%d#BX@Wa!Ap6v2w9=$Sy6H()oWBjTYL<
zeVO}Rtb|R_pGA3^u!Q51#EM7vQ!nmFnWC{vapSVb7fUmKYM!^e$$xZ$<K{od+T)ka
zdw%M`MxFVdOZlqaRCmW1#`I1S$Z_zuTCHu^=4qF*e47JL)hyXvwVWK2QZ}8FKN7e+
zu&?;;+gi6r``>-?&A5MZCj0!jxOsmze40Ej-LSyLN#5M)?wJV(`6}gp?XF#}8Pk3)
zeewQ}T0eF8E1ssatA>7h9b5lnqF7Cc=+kUH-#WFT4U<3iEPP-l`2PUI9n*4&pt*up
zn>ZKT`hJu3DBIDybEd4Fa)9eE`<Au8y>10g34gZBWq0+@Ee?M()34ur#cF$&ao?nG
zUspKITrAYA@q>+Jj~#2)vmFI3XPf`8*coU%!TjgZ@)NPM_~Y4_QY|ky%(1>(tv>T*
z>u&ag7lL~)`i3YrWqw?D^5MDO4KKC^2Rm$C``NRA!&38oI)mk(9T%&vZvR!yJ!PY$
zk$_KUlZC_`zk0Q!^{%<|)3&_V`Dzx&7QFreXUFx~*WSJL;(el)@<L}y%cpDhn_N`4
z+_7@me&1l>5yo}Cu6yqvK77BdFt2%Ho`vf2dEz?T0+=0Lby-W9B!B<xx#OP7Xj>4f
zw40}NZANawF_(m0myUj1G2ii??*>;R8O9A8s=oOx>;HQ)Y3&@@&GY8QJ!TIu4p?72
zoqLwtUhBeZ;+BTz&)TMkHNAc`FaFW2zf0FSXfE12_xDoQ%T9}TZ~A6?sA<8b9U?K^
z8(8L_=0Epf+l84zpPj7NYIMwA_5GOE#80O;a_wyM=MCHS_1)a9Vq%L#t8_M8es{@K
zYSQBGM!PGX`^~jlZZ#_)%i+w)|4;kFb3Z;?|Ep<(m<#v(1IluJFVd#?+N{kuUgRfo
z{8kA&&*PoTx_I*TTRz`kH*K-Qm-$-Z?N|NwuQk&<zvPp$zh5&)CG+Qf{r~Kk!`?R4
zCDu$djH-Q*v+U_#_T5EFO4$OhKdw<XUeoOoS*Xypp}$@B`=z~UVQV;Sl5XBylf1#F
zaqZ<7GZtH&-ca&?^#ew^9UON$_XSu9idesMdLQXxfAh0v%C@%>bN|e1VRzH}`SH+d
zlhUYv8!v9q-c(RJrRQW^r&Vn6ni(-pfolT!Zd(}tKeukvj^*bXlP9uHFk5zU<$Z;J
z(#P7LU+Fix5*!pVdw!WI>w!b<|7S<+*rQW_xo_4FkAv#Tr<w2Gy(lGJll0)e+>;|e
zZ|+VK<a(tL%FO&nbb+4BzQ2Z37Jc<~vu}x8xp&9(S+3m1=O+tJW556K?Q}a`z1@eD
z);@{I*LKxlRJt?&h*nR1=d+YWi>L1Ox&2A<-BzE{ptI^BzZia;bC^>RX!u%nk?;KY
zz^PNcil0uYFHRA!<ugCGV`U+;a-i?#nU7oJq|{hdPF=iu%I(N>PKC?U7kl%bdADHh
ghm+l*%*VG!Ilb`T?&|w%6>G-a%J91~%zZ+60JxtIApigX

diff --git a/sops-secrets.yaml b/sops-secrets.yaml
index 3499e89..46983dd 100644
--- a/sops-secrets.yaml
+++ b/sops-secrets.yaml
@@ -20,7 +20,6 @@ syncthing:
 weechat:
     passphrase: ENC[AES256_GCM,data:3NVhMouf3wwMJTZCvIjbi5fjHJHxe25Q+wRo,iv:W8cShdM3iUyEiRCPNupMin3gfF+cqGxslD18CAvUW4c=,tag:DXBATGEhHjhXqy+J9BNVwg==,type:str]
 nx2site:
-    namecheap.pw: ENC[AES256_GCM,data:tN6ArfQu+YfVkPPN00raPZWmghDKVFmmGgwACVQQSHs=,iv:TlUl0L3+Ea9vt43lwDlM0SE1+CLvWJdryt1lFhQ+75I=,tag:pia2ORsm66AQUOE/ZiO8yA==,type:str]
     cloudflare:
         api-token-dns-edit: ENC[AES256_GCM,data:fR4fH6NqwtHI8aebEwjUn5JMoy3q3GXgu/dREe8JK7yRBIOhJ8BKuw==,iv:fQqLRYCN/7zhpHzYxMcn8q1aA7x4qd3qWGgrFWn2E/U=,tag:GJ1muJG755ch/84Sgcf2Vw==,type:str]
         global-api-key: ENC[AES256_GCM,data:7WBmyEYFG0jEkxeiF9H4isfrCrn7Uv21hEJgX5i2/fOu3+evZA==,iv:IicsZo7qMG3xOKVr8lHzsOu2pTaDKUSx+85SyehDe20=,tag:nQ+CWX2kEmk3vIH4pi6Vlw==,type:str]
@@ -28,6 +27,7 @@ nx2site:
     sslCertificateKey.pem: ENC[AES256_GCM,data:Wzmi17UA4mpCr4VaUolfKwZJEZ5K9Ybp2/K3noC/D/QYlgJfwWnQEoXDfLj3lVVnz0V/m71NAtZ9p3/jhiQCyIwt0cOmsAmd1isHf0KQwGagc8cHttwDeZT7AzLW4axqevpZM8bjVk/TJ/k+uGbArqSwgu2W7C77uCltSS8AydWzD2D7eQciDZzQ4yyHShW9f0SH8Q/wumuY4ksjLs4roYtQgtr1ezUb1U329xA1y81apd47RHviJ/moOBQYY2Y8fbNryUmfqvGYtsfXxmNElJpGAStqjBCo0bncOetP+bfj90CJlbkIn1JzcPOa5ZJjDg==,iv:28PcaWyOsQ8gN6qvZYDS3H4lKKlU7ihxxLUXMYgHPEY=,tag:6t+jvoAZkYlqg/2d8V5Emw==,type:str]
     dhparams.pem: ENC[AES256_GCM,data:wGIUlT8QHruxHvrlaUdEDU3aKkB5hvQLZXic1ryKr1hIFw9uOv1hOCOPY+QUDBzfm+DXv62hTFAeq4siAoZ0wWvQ0uBuSZZBGrfuY1ZTsTJmpgTphdHi+S4/kl/Vt7nuBlvdW8VbwU+mzmSK4UuIjuvAl0RI+q9C/BAu0tsXvKfaCkrbYwSi6pdPjToEoATPWfuCdkZUulENBIdBkTLZ6F97fgNgsXub2xOEIRxqFAzg3G2nO3Mn7rSRRJraZNIsHgBTYpSNcijDBwZpgYKjcKsochYUNzVrCuLOu5xJPUU87pmd+Rup2hpMfWyK0xtUjncvHyfctEZANqfo+RdEBg81n1WHkFb1WnWUsRh8RmcVZuA9skI5S7Xhp4L2B5IKn0XGnKLG3og9iYb9tDVQys4o5/68+jjxdm51fmRYo3FvghnyFCYkQ/tm+ClCcRSPocYDrfSf0Rvg2v9nPmMj0IrEHlzVnafiJgp3VjI9cYLNW2wKiwf0Z8dWkrtnS8G7p072+w0fklmvLrdvlLZduAwrY6gS2nMbPUz1AwjAoMmQi7sFmbkP6M/PmkVV+hNP7T9ntmC4BQr2k5/3gKZPOEPO/xeMLlla68QpDVxU06NhC0Z3d5t3YY0wIVISNZXi4fgQO0G5nvFpPyyWCvvg39gulyAwUJfFQ3erNNFTjJe7X9RjqoJvjTgFm4IaYcL64Cr49KDu6Za01g492rBCEL842o3lVmZSqOYCG3UEEsSwOxn2iROZKgorZ5dyd1n1WevM+pKTUAaucy52iLJGLISRAVv82ZkmbS5L4zMHkYxVjUnqrYIZsk6+7sRHIQ31E0YtUFdMjRYUcOwfR1u+Ox+zV1NawpKjsuhKl+DRN+Q1TXUdEumUU1pDHT/RXtNHsyYOgeCBbTs93kdhFcHgO0dh5Ou/2N8EcTzWwAYd/qyE3wMZZTggTb44xwu6h0XhaLtnAk2lZ4vXwSaozf+Vq/uxAvYLxrhx6ujKVyX/O053YsKqOPKerYoN17uO8PrKoA==,iv:e0RPF9ZtzSRBRzMtWTWY3AVGsMXxvldA2HjiW9hf97Q=,tag:eb9ACnuGR+8eqncWoKQ/pw==,type:str]
     vaultwarden.env: ENC[AES256_GCM,data:9LcB2B/IJ2xQCTNKtRr9bBbtFqZMGSi/9jPozmGUtMvgeVqlljpbtVgCzH62oeUQMLeKQ0SxHsQ7GDgU25X6wVZ8qMT4hzVzNYJnXljs1/ePPN+NfCsPtnBjo+jQLvhVPb8gIGpmT/ZqNMXBLNpLWu2U3RQVzwlJS2wQsP4kbR+z2nuEL/bs52qI9cNmsRTA/C8gIQHCHJby+PTh6BbXp0Wvy0xI+KHKx2qSYiVXsjowid+0h56/Ma1cqUcZlxUiDSUYmTvmgYPzigFD9jOkg1mhHRIi8iste6EDVWB0jHcKMMihd7dMZ64/UUY2y5/ardIP9jUA,iv:/EQv/PYTIHANDjbjMe/BmY6dwjok9YsYj5iKLWyu0eI=,tag:IMcJ3nle9wJANuogrJBUuQ==,type:str]
+    paperless.pw: ENC[AES256_GCM,data:zuKVsJdnCSltaX9KpB5iTFAh70s4dkQo,iv:w6hyl8ueZY5MAw25IejdMdUhs90i7aPo2U+bWBwQuKY=,tag:jJPQ/vL0gtgrv3w64Y+Eqw==,type:str]
 USERTrust:
     ECC: ENC[AES256_GCM,data:yVSxTKRhXXPwfY7STz4YOWjgBSINYG4zjISQ/9Q9Zn1gZl/wbDQjSk7prN5fSn9aVH46TbT2mPlRDt7jcfbEZ5JmUnIfDZ7JqrAukOxy7wLAF+m4R7/KdLmdM3xJ6cnH6Tm3KQjRPL26zN4BD3T1oqNw/NPxlfqWeMrjMYZSktmoNAwAjntIqrnoXIuEPKvAsqIbg+SLvrSo05DhDy48c16jSi5zzfQ9M4fEgsugw8y7BWF/eAooLsvnpinc3Ek0XpSy2QJoD9plaW0z1lUT/UFmVVZsLDejb5hbzOnklhjSgE8S7wO4Zmvnu3It5M1YATSR5PsaG7QqaP1w6dd2DdvSnfeVeS28AdgVnOUM2MwJsgTWlvtol6ErIxaUf3n3+PAXTubhH37auOoMDeFeu1lAAe2lKiQcCtpE9gy1dkZ3vSZO6eHq7REo1qauao2LrrgBfPS0p0nhMBjOiORDI06JkNwDFBktjBI9JFHBNfd/CMrgXhfsxujbVxFSD6VD7DxBb3TDgOAm5GS6YJVC5bxQx038GnHorBsUBeR6BzpxG/lrNcBdNaHKqjngBbQmYR/skbLlrJblDyXdI4Xyh55Eogz28rwT5HhjoWOGjAk9P2qk9QAqKcWuRXsS77jRIeD59cqq9EKDRzixEJntCvxxsS1LLYBG4vmzXk4qgb1vGUgNKUaVXPNjXX2ueaLtkEMkx9sMmKcyKLzLoD3/yPYEiUTwCoXaNf3o4OUrvli7mW7qzGrqXTQtQfOd7fMGupgjtR68dEQxP2M/J1725phvSUQNx8SuERMOwzHwd7Yt/Z5TKJ+B/m7uxYyVeo9QYlkHrjVAVLmHc6qnKGVZrSGSkdVVr4dksOc7gyB28MP7JZRADCnHq7+1jhRMCiOT51I/ZyrqWtTqDNBFATCeDDWF7qZcrzWq4GrWm2dmWwQlUm5lW7+MsVgrFowjnbbjwcWy2ROIPiiC3cQ7ztxqXMZZjHUVDa4OC19d4vsDETphTuFQtNHTWGnps/phrV5X5QfIC5nmrHqeyJR2YRNb1M/IZMD1nWFvDJG0B46ES03YaIrQYt46HK3Pd25arssGS+Gzx8p65NTriRBp+KAkGf8dN9+/bECHI8coWKXpi31Uu1GoN4tf0f3OoQtpq2mCF9wz9B/cl/j7jBVKN1/OPqmd/IWr737eYQLeJ/XOKs3W5+5bdnl5I0ewaipPYelUY/ZNWCMN91U8PInGrThnASRdCkNMPOzU56MIBj3gFWn/DIq/kaFpf5CFq3Zvniy5HIf/+ZyLhMH4v7O4GSgMCcomEXLlQJZ9K4ZPHo1IYfHJqi0OEfmZageDkRrD9434ByYibg1wJRVvZfUbh4HJjgIrf1yZhTAe4DVBpYnf7wuJIw0HkNRu4piiNw8LIh2ga+f36iDs5Nl0qaZtMR3gLUBiMxrLS3Yakuof+xcglzfVMo8YBD90qBFKke7OUi7CQCZw6orE/EJ8pxDTWL4sedcv/OowKo4xqh5PtUBAOljs7i1z/zHtr4Cr64SH6DW/2vp7gYA62+BPrbhSRJbW6wkWR2hWn4pYJLirKwUBasO1Iewpj6ps3if5IKVrv6kfFoFYfLF8cEpIDjek61OU15tjXRMZENR0vSQRAm9D92VGCXcD3gnW34jF+i6HnArPF8hJ8vDIAb7LYf0xuCZ0JU8QNIUqSdHIcH/GAZGNHAP2EBV+Xbffw9rIycPM4JUIPvbUNVnXsR4+Hc1URd1FkTDlvQEE3lWlPVtcbChbg/221OdKVewi4YwXFWQV45fbwsZX05FGunVBr+/G0SEGeJ25kud9YbP/C2K1i/GQeGw5ItOmThpkXr2X/OyonnFSXnYQjy6fwEBnAX2KPVTqY7T8OxgAj7UT63Niv+w68uoay/pgyuAUBKOQ3t4HmfXPaKm0bYNQNt0r8CTLIxqFxJZxJ1syTqnMXLOdowWpDpDszFHQChiFAOuBwK61dYjUC/OHFlxDkLKkKe38EuWdBCyGqHPfj7m23+h/E09u1WzwksUk9jm6DfyTAoz/MZGsbm9pSQl22qzC3og2SwUi+smgCSrcojp4q0W92onAAxe3siPAPIPpt1Gj8GRvkImHQ/rNQkgiJ4jJfN3epiJgBJ+YCGIByivV0XFLB/9UVu7Vw554/nG9BlfKJ9h0G7VPQgd5MJGvkLqJzCrPh6QyK9uOjbJLO4dWkmaL3oZr4IVbwGk3NXZ7oef7A4RFOHDDevJintMLz1ZOkaaJKWe6YoijmAC2tQNGMIoRw6YcLjcmVPJz12W+6MEPH3YOdUl3b/NnfScuTVYBSP0cFXlDwg/rphUD7oykohsLtPOWhYW/GWvAdV4iwZpzQ0yFHasYGiERPytDKmRffoILDoTOn4HGVVCQaGnm/o7pl5BU4hFQOzvUC4C4LYRwpsz7EaRp0Y3Qqt4S2Xc/k0E0W3XU+sVNSvoBgweNhDlKaefjjSSjDNza6l9fTS3XPTprrEhMU7CvDjpsC8vfd5QTiNDxC7XGJEa0FTiCr2Xyz3YM5c8jWOk1hNOcSvJ1GvZhUWw0pX/HaihI49WQqA4/4GtLfG9f5TkCsLanj0wzVLM7XntN5ol0H5R69nJ5mPLIGXsErG9A/Xai9ol9joVUIJVRwLx8iJEyGx8m1pyOENjOkudgnKFryoWsNGbQo6G+0JEvEAjUuApkYNJvqKNRKrw+GSjxRZtewo8V9rC5a6nsUOPK/U5WaF5UMxu/L4fk8jQltcBRhQpuPZboEo6KNmUzMsK3aweMrQdHnLDlOIoJiDqj9ySPv2C3aeVoKWiscQ==,iv:GS5GMpbxeweqwjUvOzqg59xBOzNZqrL5t7RjsFjpucM=,tag:j0MaMw71fnRHxeydlqAaww==,type:str]
     RSA: ENC[AES256_GCM,data:pgCzxri1wLZbl5e/KeVvtHRRe0XkdB8GLp2UbQOlJ9hRvRerJ6r8VhSSDh5vfySL6ow4urXzTG5oZwOcXeZgb+DgT3ZFS+npPvbzcc8T/hU8C5tVXYdqdLJHLXAmVG2nbkuIE6z7Bu8SngBZx1jXNBBl2W4vO6GcL0naNj2IyT+1nGhwuNdn4iMMTIjZhlF81PwYRY/TzcljyST4FZc4u/55oSUNrb8Z7KmhkrmaHNPFACTXiXli/zrPKfisztRvZZLfRZ57067/fiOTdwxXyiSxsh+oKRG8JlvdLQvjZ9tMGagzAafEyWVYyrVJIRBme9Uy4HtG/uOZ39gXVE+D8sh1GWftrmvjXPO2OdD/tIa6kskfZNWWFoEOtiRcKH+fuBTe7/ezjzqJA0qZvfwduXqkfVbNcS3YRNRM3jpLwGHDEv2hnVqn4bjB5We/1KBMCtbrHtAc26M3AepeAUy+ka1xW5WO9LsZ5ck1gnFrV5bkFWDr+evBRUuiId5QuAifkDsKlqLsWAeWFpgc7DdjUrpRG0yry8PFEOZP7w7D2/AEeoGc1dMDgX95mvs+0EmA4lutmt2fF14QZJwzhH39/TLGrRmjrohqJ0kD+h8XykBt1JbOPg91dnxmEJuESPNAxhotrj8xuuklvyLKAcfWWRJ1NIvbG6rmlL+m1x+2hUVw9gVGzyGaaSLOqG/6kHwIV2v+ZvCm+n3JBle+ooSi9mxgefVvJc28hSdC5SvNN0KyDvAY32NgOqYFPrvwx4QHxdm6D5jHXOoFEAkN4duSmDwmVGUq9fL5ds4v815a2Fgn2IZB1l82mLFgy4xaBPlbjrqRnuhgpRRbKu+eSNh13lTEwbrEKJfL89cX1Q9N4Y9aK/I7nq9lfybZ+XYXfoLU+7yXZ6gmm2hw6EkwvmAg1zPnoec5hCOZxotPYByvROOK4TyBCWoF2w+5vmSatZdodLwyoNWSsqtpowWHImCH/UZZ5NkBs0pWOnLBSuP32nFN5GN+0y1EKq+4AxL3pwutpo2iMAFlXI5lu5S4fP6nreZUsYqpp9QpwQtmSbU3iMC4bMSHA4LrhLSCfa3AClVirB4xabCnDWDa8tD5j40Zy0gqk289/qbcmmNC9RpTzrI3aag/hZx4eKjb92Ma5s4E2FZL0BQVrdQ8vD0yuhIaU0qp0ahU1D0/H+HS6Gsi1mfWsfNhsSBBDW0IVC/+8zFxvWYysbVPJJj7m7JY0IwW1yKzPvPnMdkWVS8OcJoODa97V15TaXt7yAstmCVYGZS9qc6VurF5MqQM6c4PluJXPyMlZAwQojrnaCuGuljXpmot5M62MvNMdh4psfa0Y1YiCWjer8XtmYhVvzQPepD/YhsouMrCRGD5pxaXozhoS1bUVD9ReBQb9Gg2sQr8MEQ8oNB/a6fLmNwqY7IWmk9pAhBmk5ng120LS5q+3vjj/hw9+Dz6Ojp6BAVNGs1us5YW86GSSlqVmLew4p+HBiYQyhFCmi9p1WIjrNyT/oHUDYGreL2A6NEo6aePPYeVtbNEYi0UahEscGUrqu953MV+PpbanJI7WHKpHek3Nsdgwyel4V9wjgxSpLWvfwj7QqXL8Xngoyd/4FL+G9MvLc3cDYhIFAryBvqRgXrwRk3CkAijzpk/2hui0qlhmDza8KRpfo/4bwz0i4d/wRyWe3+24WY1CjPkDzclc3VZVQDiSg6KsUQvGnc6Wv1+awjE2kA18j3NR4RYBXgxEflj5Ft2BLG6rq+RakLguXDCAMQA4hcx1L+ThDCdn09c58H9Uc/GRLE5uuFRgLB5UtsQimGXuXzxsA3YIN3CijT6NJTKH9WCvQ4tZnk0Jq73rq4oynTCbZBVPgQi5SrfD1Zr0eXgmirLQZFCEV4EqNrtheZ+vqTkWf7rrvG04C6QqLIHWttdsL3ejfB6ddfwM/sou1JmmgTzEo52CCYf1otKNQwD+shx7Xcrm17vu+v57q6bOQrbeBNb/MDPm8qH4/J89NgSKHO8kzvfAm2qWxmr+90Of0cxVT5l7IdnOBCuYSHgTLIALgTmLmKvPm9l/pOjfIQZmvJ7Alo/eqKfcPw6uwoSDn/5+Pj1c9p2ub1CwRZKZlnULQLI0uyw5eQGceOsuivjO6iQjsk4iGecvlGYwZtlqidz359zCysMSuKrXS+XNGT1xy7fmnyct72HJvSeyq8bSNSAEc/iW+ia9n1GJDj4vW84v/zwi0dm1s/qKnq5M2m/pUvZembcOK/1vY0tsD2McTqIjgKPDS0UO3lgEr8vHFok5kJrU3rVV8iJeLHv3oCzKvjgR9jjqdlceRjSJarVFz1lSxenzoVq0JcH2cde2yQ3vdPusEd2LZC2tVYgqPprp/zOSbWsJPq57eiUl/UX2vOuNAV28HXVIuDqs27q2BOlUvBLCirIurjlONXpdRybN3dtevk/lIel0aRU5L5g9Mr1zhtHsoo6WI0In+RzFsD63AsBNDoufVmXgHr0G/bZLwPCdk1xCeEKv1Bq4fpappx8iEQv5GtwZBkPh8N8D0+ngbccx5N0pMcL2BM/HqeRDXR1Tw72EVEG8Bx4Twue5NBi6rtlfDnDvAj524fylSMSPgab8zq3tY9DnIci3ajnRYpIO3uDgH5cbMxqEb6gnpQNkzVUk0yJXR8nvS8qT6TbryX94howqnrID/8HQZ13ja2d8pW4Sro4+xI9WFFSx8bFSeBjhj4nzyvsyam9nJGDJnuYtNEod/CBMjkRPbBq1doske2twYLudoEObY3FXdZJ5VfiD/zGKXPHjL+pd9L8V2QFicazwE4CcIDoSaOr44VADVwh/Iu6Wr1fVZvmSRPmorlRS4DnUDXEC4dl+C2Z9JhxuL9CEoin+k6yILXsBcRrp2LrRs0U6IW2rVrrtD9MzBosjOGflVABVGhCA4q0LOWF+/5NonHaeB3E0mntFyTvuGTEN2fhnrpW86UERIXOySKTm6nN6BcgmvozgGKQ49jdzuzqVjfWGI9isL9UBNmkamrqbYmdqpoIiWycS7Aeyfh6XWMR+zEjeImqvdF8RQs7Ro9MJWj5Bm5bXs+gaLV4vzNj9/ZzzHZs/UmkBWEPtYs/5KO89Xj9lHBSVfE1c/sM6iDaGLOeO1v2MAIecOoMvIjBJ/YilYJmyywuILjxGN25jlyPVEy5DWnUOSIln6G9eyDjs3VLNsITXFH1co+M2KhDr9sQqJ5lKBitpZUsl/4KI2uiAXm7+kuQOn/27NDBZ0PdW8cwyVg2tirGJDvkmDH1umCas5/OhDEfu7+N9oW6wMpZCeR2lJwS0nTSEkk2Gis7WisgB7j9yY0evOeSecaKaq9RFxg2T3qJ9QR+ZssCXacezSZm/PTa2BByHeHJJ/P6p/f+rg+hziMkESOqx6C4BgGeEZKTAdwTyRfNmsp4bdg9XcqZAgnhtSHb24qAf7Upd/ttwS496H8HdS5bTrmSr8/JvwIKy+rs+id7CzcKYc2HEq0FSUt473Vb3s7kS2YDiqnGW7BRLIPDMApLuCDYeFfHExZhdtbX7O415herG52VffHfAoVfr+DQfipqkDUqno7+coZxthnBY1e8V4bJTcul36CO/sB2vP2/4yfzv/HSuviVVRLY58cGBVk9lSiTBQao3+N/f8a23k1wqEFy60uL4jW4X9swgFed8Q48kAUq9SSfxnKHeQrKrvo9rPHGcetrCC2GQP1u0gHD1TV4F1JGloN8MhMlBGtwBGhOIFcQvUomiTqNrDCobqOqcLUJuVL7jZ+Saw6CiH1QJrSQZ5QuCW9XHoOOgvZzdPqEGuSb6nky2OQ1EjLMQtp7SsrwYp32lkWJ9RY3OUk3LLvTM8Exxg56nDqiOopg0GaWAhf4H4MTrAlssM69epH+5SaJyUEhweg5BZP3mY9FnnkdhG7W9JeDQXu1JOhSm7Td0ForDAoznBcID3SacOCbeSAqtGRBZGxnXFN01MTmUnA7Sy+Sm1WoN+o9u28ttG372sVavQlDZvM+9qXr15hcXt/IYscnbpgw0L7DrcZ4RWb8ATtOov8zhtlwB7QvDQ1LX2g2+5Ag2QcuQJmAYH731XnctUsrCmPKfCVh3CzdNS7DH90bli3cC4t+fpAuAXVNh5wPrCEb9Xco/WUKYe6XNS0Z/xi7PbGBH0s6ThYNzCFbwH4e4CDwD8uP7UA6iL+Uuts5Cz5Fcm7WMqPDFYFAdcA38fOWpXqVRYo6Dan8x/RNAPVNko6MnwXeq061jz7XTk6zEpNymxgjNPJRgcvhItfDHtrGpUqSIJxkQv0g3wppXnWlNX6zGIelUJmLkWuJUJfbznXTdkCr+oF5vwuauwO8iCx/h+7AZBD61w47BmRQLLdDP5I2ptdbrIN4ygouDUVE6bwiw2nhBZuR9ufzcO+WyWNHt5h/N5IuErH/5QcfJOBVRcJYuyFgEWrFax7fiwMCzgKhxN0x1WHa7F8gxGNTIGG9QVNf/6tpYVCAao4pQGErxKVqfVQ1374zbsFSy5PF0oyW5ueEQOVJ82RBjwYtLjX2gXY56nfdLy+D22S3XEHeHLLLg16Vtkf4Twmvzkxjc/YfN2vxu8d5tFbHnyanicj3SBgiiZLvg5iDwjtfONFQ6oX0vfoJ7B5xBsnxiLptx+HPN2onwsF/e7pCl0cTRTLO8Jt7Z8Ob0FYcmd31R2d8paemcIRzfgsqS2JWtJBckAqeQit+Gn+U82aKGew+1FVjlGUrwTO6Q6ztXh75B71V3urA65MaLRX5/7t3nGE8FKip+KfG+yTCHu0F411obb8TME+YwBfz8M4kDUBVtmFUrXEEF9aYD/atxxF02yB/ABPybB6Zcyo5r/U6P0G6jVUGXn3hgQkl1OzkQt06aH/J/LwMN271gc8whsV3pfZC3YfQ3212BAviAshfPyNtHPkShpu6fx5iVDoaL5LHS/A1K7kQ5yya4ECCndpTpF1rYamNVw9a5m64Tma3AGFORy6ZQfaHcV2w0RUs3P3ZXGPcuE2VKeTLLGG43W/FbqGAvxjax2j3qGtZ99Ox85ZAVu5O6PvZSvGSpUW6ebGTCsAgSz5h8V8TfWpaQtR0RrjuzGWoWiW5R2VqfmmIQcn34+t2GgfkZB5QH/o7S5z86UL05dLzdyXXyxIn5sWi0Q1B3yAjFCOVstaAr92fGfx+JHOrMFFKu+bLBpez8lE6f+h4HHzTDVnIB1Zb7d3wNwLVk7PmFy6NeByj0kmjY3Ts5pWctWAAQkI+nOtuM4o101AwCMdMfj3M/mr1J7OWy3Rxgaj58IknfPJpeoMhgkvu66WrkgS3XZE6e/n55sPkGHSDMcHTm2364+oJOSMzDUAJgGjDt9Jvalo1wruDA5pPF4F6y/F/8njO8qkoXnuWRG5BpzO66LwDTDOcUCCFzym6eRBnLo9sGbGZxlvRRSHwIRMa80tcqZqbAuVeW+2/PiSMN7zhzLTNdzhaC4cIOuilcdat1+//+qI3OWC5y9sti3qGuHO1U8rhSOw8Laac7JgOGCo3FkekHe8PaFF8jSDliQnodO8rGCY36xHTQkUsQjb+5ginp/dBIAUIR3QxXsMaxP/yBLpRbvFhD3DeOJRQXWdLijTcxAxLhTIPav2WC1mwyve+Jd0djTajSBgSzPzHW5ajUBaol+dVJeCD9HqiOrUMEmcMQFZZcA+RCJdIOvkKlt/sAnhQ4RuwPmzck2RMXCQfiYn0pqpJDXmF7xWgvGDBtQKP7xLE1Hj5No2q85KjLsWu8xK99Y+j2ixfBsgdc53CR4rNplnPsFzBHOucqd+Ve0/gqZgF81RbGFV1T9Wn1XFrE0e7+EkNejKj7deRmy31PnVLcBp2NwtIkhrJ06J8hmGquwUm,iv:NJkjWL5kMHET68oR5Xp22kvkThXIp7WxRVajmTfsB5M=,tag:NSXeRItMKlOQYP4QtzMKIg==,type:str]
@@ -81,8 +81,8 @@ sops:
             SHJLR3lvdlFiRmJuU25RUHFFTmpjamMKbzycdDvQBAuOiRROTZEQSnaXoPapz73L
             yVS9EUP25FSx/sGqRqaCefbeaybuM1aso6LDnlomv4Bib7zjugWKSw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-11-12T11:43:15Z"
-    mac: ENC[AES256_GCM,data:pTPpth9Yx8YqCBhdoj5zwMNWVICwl2YIweEoqujainoizgTr4SIWE1dF+NUpYOYk/csZMvEImo9lJe6ywF5Yd9p+x4NyWAVIwGR5ylFT574u59ow/y2lTGWoiPS4oKjUFhdM2APk8Mfgk2/yP+ZyW0X2tiYz9CYp16v0xW8mtRk=,iv:kqRR/YMJDNLws4FtvCrE7JVVanXZ2zzYiC+Z6m6g/tk=,tag:OOGSofEVs+ms52dJ3WJmQQ==,type:str]
+    lastmodified: "2024-11-20T11:35:45Z"
+    mac: ENC[AES256_GCM,data:bbPyFazq9FUIbMIgSnimtbnPe+ZLEiZ4zvQUc24RQsHJn5H5jqisGBjMaUNWBnB1eB1+2mSE26b+nEe4VsEiSn7rlehDTk+FOvnK7rk/MhLPuDo1XT0YA4KX3ymnb3mxjlMfhYQM3soTnvqOJ1FePjJG8b8uI82x1CJsTm516UY=,iv:v/oX5mOjZWk4/v93WsyA29HjDqKQ2JDHZ/BKSCSeXN8=,tag:zpasMBmWS/1YNiTeSKKJ6w==,type:str]
     pgp:
         - created_at: "2024-06-09T19:44:41Z"
           enc: |-
diff --git a/system-modules/nx2site/paperless.nix b/system-modules/nx2site/paperless.nix
new file mode 100644
index 0000000..a5e45c9
--- /dev/null
+++ b/system-modules/nx2site/paperless.nix
@@ -0,0 +1,197 @@
+{ config, pkgs, secrets, user, domain, ... }:
+let paperless-user = "paperless"; in
+{
+  sops.secrets = {
+    "nx2site/paperless.pw" = {
+      owner = paperless-user;
+    };
+  };
+
+  users.users."${user}".extraGroups = [ paperless-user ];
+
+  services = {
+    postgresql = {
+			ensureDatabases = [ paperless-user ];
+			ensureUsers = [{
+				name = paperless-user; 
+				ensureDBOwnership = true;
+			}];
+    };
+    paperless = {
+      enable = true;
+      address = "127.0.0.1";
+      port = 8441;
+      user = paperless-user;
+      consumptionDirIsPublic = true;
+      # package = pkgs.paperless-ngx;
+      # dataDir = "/var/lib/paperless"; # default
+      # address = "127.0.0.1";
+      # mediaDir = "${dataDir}/media";
+      passwordFile = config.sops.secrets."nx2site/paperless.pw".path;
+      # consumptionDir = "${dataDir}/consume";
+      # consumptionDirIsPublic = false;
+      # openMPThreadingWorkaround = true;
+      settings = {
+        # PAPERLESS_REDIS = "redis://localhost:6379";
+        # PAPERLESS_REDIS_PREFIX=""
+
+      PAPERLESS_DBENGINE = "postgresql";
+      # PAPERLESS_DBHOST = "/run/postgresql"; # config.services.postgresql.settings.listen_addresses;
+      # PAPERLESS_DBPORT = config.services.postgresql.settings.port;
+      PAPERLESS_DBNAME = paperless-user;
+      PAPERLESS_DBUSER = paperless-user;
+      PAPERLESS_DBPASS = secrets.nx2site.paperless.PAPERLESS_DBPASS;
+        # PAPERLESS_DBSSLMODE=
+        # PAPERLESS_DBSSLROOTCERT=null; # unset, using the documented path in the home directory.
+        # PAPERLESS_DBSSLCERT=null; # unset, using the documented path in the home directory.
+        # PAPERLESS_DBSSLKEY=null; # unset, using the documented path in the home directory.
+        # PAPERLESS_DB_TIMEOUT=null; # unset, keeping the Django defaults.
+        # PAPERLESS_TIKA_ENABLED=false
+        # PAPERLESS_TIKA_ENDPOINT="http://localhost:9998".
+        # PAPERLESS_TIKA_GOTENBERG_ENDPOINT="http://localhost:3000".
+      PAPERLESS_CONSUMPTION_DIR = "${config.services.paperless.dataDir}/consume/";  
+      # PAPERLESS_DATA_DIR = "${config.services.paperless.dataDir}/data/"; 
+      PAPERLESS_EMPTY_TRASH_DIR ="${config.services.paperless.dataDir}/trash/"; # null = really delete files
+      # PAPERLESS_MEDIA_ROOT = "${config.services.paperless.dataDir}/media/"; 
+      # PAPERLESS_STATICDIR = "${config.services.paperless.dataDir}/static/"; 
+        # PAPERLESS_FILENAME_FORMAT=
+        # PAPERLESS_FILENAME_FORMAT_REMOVE_NONE=
+      # PAPERLESS_LOGGING_DIR = "${config.services.paperless.dataDir}/log/";
+        # PAPERLESS_NLTK_DIR =
+        # PAPERLESS_MODEL_FILE= PAPERLESS_DATA_DIR/classification_model.pickle.
+        # PAPERLESS_LOGROTATE_MAX_SIZE= 1 MiB.
+        # PAPERLESS_LOGROTATE_MAX_BACKUPS= 20.
+        # PAPERLESS_SECRET_KEY=
+        # PAPERLESS_URL="" # empty string, leaving the other settings unaffected.
+        # PAPERLESS_CSRF_TRUSTED_ORIGINS=
+        # PAPERLESS_ALLOWED_HOSTS=
+        # PAPERLESS_CORS_ALLOWED_HOSTS=
+        # PAPERLESS_TRUSTED_PROXIES=
+        # PAPERLESS_FORCE_SCRIPT_NAME=
+        # PAPERLESS_STATIC_URL= "/static/".
+        # PAPERLESS_AUTO_LOGIN_USERNAME=null;
+      PAPERLESS_ADMIN_USER="${user}";
+      PAPERLESS_ADMIN_MAIL=secrets.email.gmail-online.mail;
+      # PAPERLESS_ADMIN_PASSWORD=;
+        # PAPERLESS_COOKIE_PREFIX=
+        # PAPERLESS_ENABLE_HTTP_REMOTE_USER=
+        # PAPERLESS_ENABLE_HTTP_REMOTE_USER_API=
+        # PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME=
+      # PAPERLESS_LOGOUT_REDIRECT_URL="https://youtu.be/dMN-pjcchrE?si=EcFYvAnbXFkounYR";
+        # PAPERLESS_USE_X_FORWARD_HOST= false
+        # PAPERLESS_USE_X_FORWARD_PORT= false
+        # PAPERLESS_PROXY_SSL_HEADER= null
+        # PAPERLESS_EMAIL_CERTIFICATE_LOCATION = null;
+        # PAPERLESS_SOCIALACCOUNT_PROVIDERS=;
+        # PAPERLESS_SOCIAL_AUTO_SIGNUP = false;
+        # PAPERLESS_SOCIALACCOUNT_ALLOW_SIGNUPS= True
+        # PAPERLESS_ACCOUNT_ALLOW_SIGNUPS= False
+        # PAPERLESS_ACCOUNT_DEFAULT_HTTP_PROTOCOL= 'https'
+        # PAPERLESS_ACCOUNT_EMAIL_VERIFICATION= 'optional'
+        # PAPERLESS_DISABLE_REGULAR_LOGIN= False
+        # PAPERLESS_REDIRECT_LOGIN_TO_SSO= False
+        # PAPERLESS_ACCOUNT_SESSION_REMEMBER= True
+        # PAPERLESS_SESSION_COOKIE_AGE= 1209600; # (2 weeks)
+        PAPERLESS_OCR_LANGUAGE = "eng+deu";
+        # PAPERLESS_OCR_MODE= "skip";
+        # PAPERLESS_OCR_SKIP_ARCHIVE_FILE=
+        # PAPERLESS_OCR_CLEAN= clean.
+        # PAPERLESS_OCR_DESKEW = true; # which enables this feature.
+        # PAPERLESS_OCR_ROTATE_PAGES = true; # which enables this feature.
+        # PAPERLESS_OCR_ROTATE_PAGES_THRESHOLD = "12";
+        # PAPERLESS_OCR_OUTPUT_TYPE = "pdfa";
+        # PAPERLESS_OCR_PAGES = null;
+        # PAPERLESS_OCR_IMAGE_DPI = null;
+        # PAPERLESS_OCR_MAX_IMAGE_PIXELS=
+        # PAPERLESS_OCR_COLOR_CONVERSION_STRATEGY=
+        PAPERLESS_OCR_USER_ARGS = {
+          optimize = 1;
+          pdfa_image_compression = "lossless";
+        };
+        # PAPERLESS_TASK_WORKERS= 1
+        # PAPERLESS_THREADS_PER_WORKER=
+        # PAPERLESS_WORKER_TIMEOUT=
+        PAPERLESS_TIME_ZONE = "CET";
+        # PAPERLESS_ENABLE_NLTK=1;
+        # PAPERLESS_EMAIL_TASK_CRON= */10 * * * * or every ten minutes.
+        # PAPERLESS_TRAIN_TASK_CRON= 5 */1 * * * or every hour at 5 minutes past the hour.
+        # PAPERLESS_INDEX_TASK_CRON= 0 0 * * * or daily at midnight.
+        # PAPERLESS_SANITY_TASK_CRON= 30 0 * * sun or Sunday at 30 minutes past midnight.
+        # PAPERLESS_ENABLE_COMPRESSION = 1; # enabling compression.
+        # PAPERLESS_CONVERT_MEMORY_LIMIT = 0; # which disables the limit.
+        # PAPERLESS_CONVERT_TMPDIR =
+        # PAPERLESS_APPS = null;
+        # PAPERLESS_MAX_IMAGE_PIXELS = null;
+        # PAPERLESS_CONSUMER_DELETE_DUPLICATES= false.
+        # PAPERLESS_CONSUMER_RECURSIVE= false.
+        # PAPERLESS_CONSUMER_SUBDIRS_AS_TAGS= false.
+        PAPERLESS_CONSUMER_IGNORE_PATTERNS = [
+          ".DS_Store"
+          ".DS_STORE"
+          "._*"
+          ".stfolder/*"
+          ".stversions/*"
+          ".localized/*"
+          "desktop.ini"
+          "@eaDir/*"
+          "Thumbs.db"
+        ];
+        # PAPERLESS_CONSUMER_BARCODE_SCANNER=
+        # PAPERLESS_PRE_CONSUME_SCRIPT=
+        # PAPERLESS_POST_CONSUME_SCRIPT=
+        # PAPERLESS_FILENAME_DATE_ORDER= none, which disables this feature.
+        # PAPERLESS_NUMBER_OF_SUGGESTED_DATES= 3. Set to 0 to disable this feature.
+        # PAPERLESS_THUMBNAIL_FONT_NAME= /usr/share/fonts/liberation/LiberationSerif-Regular.ttf.
+        # PAPERLESS_IGNORE_DATES="";
+        # PAPERLESS_DATE_ORDER = "DMY";
+        # PAPERLESS_ENABLE_GPG_DECRYPTOR = false;
+        # PAPERLESS_CONSUMER_POLLING = 0; # which disables polling and uses filesystem notifications.
+        # PAPERLESS_CONSUMER_POLLING_RETRY_COUNT = 5;
+        # PAPERLESS_CONSUMER_POLLING_DELAY = 5;
+        # PAPERLESS_CONSUMER_INOTIFY_DELAY= 0.5; # seconds.
+        # PAPERLESS_OAUTH_CALLBACK_BASE_URL = null;
+        # PAPERLESS_GMAIL_OAUTH_CLIENT_ID = null;
+        # PAPERLESS_GMAIL_OAUTH_CLIENT_SECRET = null;
+        # PAPERLESS_OUTLOOK_OAUTH_CLIENT_ID = null;
+        # PAPERLESS_OUTLOOK_OAUTH_CLIENT_SECRET = null;
+        # PAPERLESS_EMAIL_GNUPG_HOME=
+        # PAPERLESS_CONSUMER_ENABLE_BARCODES=
+        # PAPERLESS_CONSUMER_BARCODE_TIFF_SUPPORT= false.
+        # PAPERLESS_CONSUMER_BARCODE_STRING= "PATCHT"
+        # PAPERLESS_CONSUMER_BARCODE_RETAIN_SPLIT_PAGES= false.
+        # PAPERLESS_CONSUMER_ENABLE_ASN_BARCODE= false.
+        # PAPERLESS_CONSUMER_ASN_BARCODE_PREFIX= "ASN"
+        # PAPERLESS_CONSUMER_BARCODE_UPSCALE= 0.0
+        # PAPERLESS_CONSUMER_BARCODE_DPI= "300"
+        # PAPERLESS_CONSUMER_BARCODE_MAX_PAGES= "0"
+        # PAPERLESS_CONSUMER_ENABLE_TAG_BARCODE= false.
+        # PAPERLESS_CONSUMER_TAG_BARCODE_MAPPING=
+        # PAPERLESS_AUDIT_LOG_ENABLED= true.
+        # PAPERLESS_CONSUMER_ENABLE_COLLATE_DOUBLE_SIDED= false.
+        # PAPERLESS_CONSUMER_COLLATE_DOUBLE_SIDED_SUBDIR_NAME= "double-sided".
+        # PAPERLESS_CONSUMER_COLLATE_DOUBLE_SIDED_TIFF_SUPPORT= false.
+      # PAPERLESS_EMPTY_TRASH_DELAY = 30; # days, minimum of 1 day.
+        # PAPERLESS_EMPTY_TRASH_TASK_CRON= 0 1 * * *, once per day.
+        # PAPERLESS_CONVERT_BINARY = "convert".
+      # PAPERLESS_GS_BINARY = "${pkgs.ghostscript}/bin/gs";
+        # PAPERLESS_WEBSERVER_WORKERS= 1;
+        # PAPERLESS_BIND_ADDR= [::], meaning all interfaces, including IPv6.
+        # PAPERLESS_PORT = config.services.paperless.port;
+        # PAPERLESS_OCR_LANGUAGES=
+        # PAPERLESS_ENABLE_FLOWER=
+        # PAPERLESS_SUPERVISORD_WORKING_DIR=
+      # PAPERLESS_APP_TITLE = "NxPPL";
+        # PAPERLESS_APP_LOGO =
+        # PAPERLESS_ENABLE_UPDATE_CHECK=false;
+        # PAPERLESS_EMAIL_HOST = "localhost";
+        # PAPERLESS_EMAIL_PORT= 25.
+        # PAPERLESS_EMAIL_HOST_USER= "";
+        # PAPERLESS_EMAIL_FROM=
+        # PAPERLESS_EMAIL_HOST_PASSWORD = "".
+        # PAPERLESS_EMAIL_USE_TLS = false.
+        # PAPERLESS_EMAIL_USE_SSL = false. 
+
+      };
+    };
+  };
+}
diff --git a/system-modules/nx2site/proxy.nix b/system-modules/nx2site/proxy.nix
index d22f510..348d6cc 100644
--- a/system-modules/nx2site/proxy.nix
+++ b/system-modules/nx2site/proxy.nix
@@ -72,7 +72,7 @@
         http3 = true;
         http3_hq = true;
         quic = true;
-        addSSL = true;
+        forceSSL = true;
         enableACME = true;
       };
     in {
@@ -132,6 +132,10 @@
         listen = dl;
         locations = { "/" = { proxyPass = "http://127.0.0.1:3000"; }; }; 
       };
+      "doc.${domain}" = vh // {
+        listen = dl;
+        locations = { "/" = { proxyPass = "http://127.0.0.1:8441"; }; }; 
+      };
       "~^(.*).${domain}$" = {
         listen = dl;
         root = "/var/nginx/webroot";

From d9822a7a91fa9269ebadc256d3176db5ed766a8b Mon Sep 17 00:00:00 2001
From: "Lennart J. Kurzweg (Nx2)" <git@nx2.site>
Date: Sun, 15 Dec 2024 15:31:43 +0100
Subject: [PATCH 2/3] gitea (theme&++)

---
 system-modules/nx2site/gitea.nix | 36 +++++++++++++++++++++++++-------
 system-modules/postgres.nix      |  2 +-
 2 files changed, 30 insertions(+), 8 deletions(-)

diff --git a/system-modules/nx2site/gitea.nix b/system-modules/nx2site/gitea.nix
index df41284..9226f4f 100644
--- a/system-modules/nx2site/gitea.nix
+++ b/system-modules/nx2site/gitea.nix
@@ -5,9 +5,6 @@ let git-user = "git"; in
     "postgres-pw" = { owner = config.services.gitea.user; };
   };
 
-  environment.systemPackages = with pkgs; [
-    gitea
-  ];
   users = {
     users = {
       "${user}".extraGroups = [ git-user ];
@@ -33,8 +30,8 @@ let git-user = "git"; in
     # camoHmacKeyFile = ;
     database = {
       createDatabase = false; # default
-      host = "127.0.0.1"; # default
-      port = 5432;
+      host = config.services.postgresql.settings.listen_addresses;
+      port = config.services.postgresql.settings.port;
       passwordFile = config.sops.secrets."postgres-pw".path;
       socket = null;
       type = "postgres";
@@ -66,12 +63,12 @@ let git-user = "git"; in
         START_SSH_SERVER = false; # default
         SSH_LISTEN_HOST = "0.0.0.0";
         SSH_PORT = secrets.ssh.port;
-        DOMAIN = "pw.${domain}";
+        DOMAIN = "git.${domain}";
         SSH_DOMAIN = "ssh.${domain}";
         # HTTP_ADDR = "${config.services.gitea.settings.server.DOMAIN}";
         # HTTP_PORT = 3000; # default
         # PROTOCOL = "http"; # default
-        # ROOT_URL = "https:pw.${domain}/"; # default
+        ROOT_URL = "https://git.${domain}/"; # default
       };
       session = {
         COOKIE_SECURE = true;
@@ -79,6 +76,31 @@ let git-user = "git"; in
       service = {
         DISABLE_REGISTRATION = true;
       };
+      ui = {
+        DEFAULT_THEME = "pitchblack";
+        THEMES = "gitea,arc-green,pitchblack";
+      };
     };
   };
+  system.activationScripts = let
+    # theme = pkgs.fetchFromGitHub {
+    #   owner = "unixtensor";
+    #   repo = "Gitea-Pitch-Black";
+    #   rev = "v1.15.X.2";
+    #   hash = "sha256-Eibgoc3BJUXWdq8irgXea09fAvfKx2eQrJotp3P5DTg=";
+    # };
+    theme = pkgs.fetchFromGitea {
+      domain = "git.${domain}";
+      owner = "nx2";
+      repo = "Gitea-Pitch-Black";
+      rev = "0.1.0";
+      hash = "sha256-pU4YhgcPOT3PTcmBTjNE3FcyJgl39JGP41ckhRUKN7Y=";
+    };
+  in {
+    "gitea-theme" = /* bash */ ''
+      mkdir -p ${config.services.gitea.stateDir}/custom/public/assets/css/
+      ln -s ${theme}/theme-pitchblack.css ${config.services.gitea.stateDir}/custom/public/assets/css/theme-pitchblack.css
+      chown -R ${git-user}:${git-user} ${config.services.gitea.stateDir}/custom/ 
+    '';
+  };
 }
diff --git a/system-modules/postgres.nix b/system-modules/postgres.nix
index b86a5cf..48aac0c 100644
--- a/system-modules/postgres.nix
+++ b/system-modules/postgres.nix
@@ -27,7 +27,7 @@
 			];
 			settings = {
 				port = 5432; # default
-				listen_addresses = "localhost";
+				listen_addresses = lib.mkForce "127.0.0.1";
 				log_line_prefix = "[%p] "; # default
 				shared_preload_libraries = [ ]; # default
 			};

From 2040ce3ea018d045466872d4fc737c1462fb4ea1 Mon Sep 17 00:00:00 2001
From: "Lennart J. Kurzweg (Nx2)" <git@nx2.site>
Date: Sun, 15 Dec 2024 15:33:39 +0100
Subject: [PATCH 3/3] fixup

---
 system-modules/boot.nix | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/system-modules/boot.nix b/system-modules/boot.nix
index 3b4fa99..aed51f5 100755
--- a/system-modules/boot.nix
+++ b/system-modules/boot.nix
@@ -1,11 +1,11 @@
 { config, pkgs, pkgs-unstable, lib, host, domain, inputs, ... }: 
 let 
   grub-theme-ascii-diana = (pkgs.fetchFromGitea {
-     domain = "git.${domain}";
-     owner = "nx2";
-     repo = "grub-theme-ascii-diana";
-     rev = "0.5.0";
-     hash = "sha256-e+55NYsSsWY6GPbYUtdVEB9krueuCAWT3Ce/Ghops1g=";
+    domain = "git.${domain}";
+    owner = "nx2";
+    repo = "grub-theme-ascii-diana";
+    rev = "0.5.0";
+    hash = "sha256-e+55NYsSsWY6GPbYUtdVEB9krueuCAWT3Ce/Ghops1g=";
    });
 in 
 {