diff --git a/flake.lock b/flake.lock
index 3125d0e..faf9162 100644
--- a/flake.lock
+++ b/flake.lock
@@ -2,11 +2,11 @@
   "nodes": {
     "futils": {
       "locked": {
-        "lastModified": 1629481132,
+        "lastModified": 1629284811,
         "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "997f7efcb746a9c140ce1f13c72263189225f482",
+        "rev": "c5d161cc0af116a2e17f54316f0bf43f0819785c",
         "type": "github"
       },
       "original": {
@@ -23,11 +23,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1630294974,
-        "narHash": "sha256-9e3AKxbCoexrsWFXxQ4QUETNxQlXaffnntEnPOO19oI=",
+        "lastModified": 1629347633,
+        "narHash": "sha256-FGZJ7lmTAMIkjdrh6dIPck5HuB4KMT2GgDV5ZjiCWoc=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "61ca2fc1c00a275b8bd61582b23195d60fe0fa40",
+        "rev": "bf6b85136b47ab1a76df4a90ea4850871147494a",
         "type": "github"
       },
       "original": {
@@ -39,11 +39,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1630248577,
-        "narHash": "sha256-9d/yq96TTrnF7qjA6wPYk+rYjWAXwfUmwk3qewezSeg=",
+        "lastModified": 1629292755,
+        "narHash": "sha256-5xMo32NVLnloY9DveqwJO/Cab1+PbTMPqU4WMmawX5M=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8d8a28b47b7c41aeb4ad01a2bd8b7d26986c3512",
+        "rev": "253aecf69ed7595aaefabde779aa6449195bebb7",
         "type": "github"
       },
       "original": {
@@ -55,11 +55,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1630395220,
-        "narHash": "sha256-Nb5SppZmj+0MH33c2/qdRFqGTo/8g0CTfVtsGZ/sQf0=",
+        "lastModified": 1629359626,
+        "narHash": "sha256-of3obB9km+QnrBpWHm1b1k33qQOqNB0c8grkVcXNP7o=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "607b9cebfdbf57ec864aacf14efa64fac920016d",
+        "rev": "805c0d529efe652fa85f92527bec68ce26a08723",
         "type": "github"
       },
       "original": {
diff --git a/machines/porthos/services.nix b/machines/porthos/services.nix
index d26bb10..28b2494 100644
--- a/machines/porthos/services.nix
+++ b/machines/porthos/services.nix
@@ -93,14 +93,6 @@ in
     nginx = {
       enable = true;
     };
-    paperless = {
-      enable = true;
-      documentPath = "/data/media/paperless";
-      # Insecure, I don't care
-      passwordFile =
-        builtins.toFile "paperless.env" my.secrets.paperless.password;
-      secretKey = my.secrets.paperless.secretKey;
-    };
     # The whole *arr software suite
     pirate.enable = true;
     # Podcast automatic downloader
diff --git a/modules/services/default.nix b/modules/services/default.nix
index 9f132d0..4760ab1 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -18,7 +18,6 @@
     ./navidrome.nix
     ./nextcloud.nix
     ./nginx.nix
-    ./paperless.nix
     ./pirate.nix
     ./podgrab.nix
     ./postgresql-backup.nix
diff --git a/modules/services/paperless.nix b/modules/services/paperless.nix
deleted file mode 100644
index b22628f..0000000
--- a/modules/services/paperless.nix
+++ /dev/null
@@ -1,127 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-  cfg = config.my.services.paperless;
-in
-{
-  options.my.services.paperless = with lib; {
-    enable = mkEnableOption "Paperless service";
-
-    port = mkOption {
-      type = types.port;
-      default = 4535;
-      example = 8080;
-      description = "Internal port for webui";
-    };
-
-    secretKey = mkOption {
-      type = types.str;
-      example = "e11fl1oa-*ytql8p)(06fbj4ukrlo+n7k&q5+$1md7i+mge=ee";
-      description = "Secret key used for sessions tokens";
-    };
-
-    documentPath = mkOption {
-      type = with types; nullOr str;
-      default = null;
-      example = "/mnt/paperless";
-      description = ''
-        Path to the directory to store the documents. Use default if null
-      '';
-    };
-
-    username = mkOption {
-      type = types.str;
-      default = "ambroisie";
-      example = "username";
-      description = "Name of the administrator";
-    };
-
-    passwordFile = mkOption {
-      type = types.str;
-      example = "/var/lib/paperless/password.txt";
-      description = "Read the administrator's password from this path";
-    };
-  };
-
-  config = lib.mkIf cfg.enable {
-    services.paperless-ng = {
-      enable = true;
-
-      port = cfg.port;
-
-      mediaDir = lib.mkIf (cfg.documentPath != null) cfg.documentPath;
-
-      extraConfig =
-        let
-          paperlessDomain = "paperless.${config.networking.domain}";
-        in
-        {
-          # Use SSO
-          PAPERLESS_ENABLE_HTTP_REMOTE_USER = true;
-          PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME = "HTTP_X_USER";
-
-          # Use PostgreSQL
-          PAPERLESS_DBHOST = "/run/postgresql";
-          PAPERLESS_DBUSER = "paperless";
-          PAPERLESS_DBNAME = "paperless";
-
-          # Security settings
-          PAPERLESS_SECRET_KEY = cfg.secretKey; # Insecure, I don't care
-          PAPERLESS_ALLOWED_HOSTS = paperlessDomain;
-          PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}";
-
-          # OCR settings
-          PAPERLESS_OCR_LANGUAGE = "fra+eng";
-
-          # Misc
-          PAPERLESS_TIME_ZONE = config.time.timeZone;
-          PAPERLESS_ADMIN_USER = cfg.username;
-        };
-
-      # Admin password
-      passwordFile = cfg.passwordFile;
-    };
-
-    # Set-up database
-    services.postgresql = {
-      enable = true;
-      ensureDatabases = [ "paperless" ];
-      ensureUsers = [
-        {
-          name = "paperless";
-          ensurePermissions."DATABASE paperless" = "ALL PRIVILEGES";
-        }
-      ];
-    };
-
-    systemd.services.paperless-ng-server = {
-      # Make sure the DB is available
-      after = [ "postgresql.service" ];
-    };
-
-
-    users.users.${config.services.paperless-ng.user} = {
-      extraGroups = [ "media" ];
-    };
-
-    my.services.nginx.virtualHosts = [
-      {
-        subdomain = "paperless";
-        inherit (cfg) port;
-        sso = {
-          enable = true;
-        };
-
-        # Enable websockets on root
-        extraConfig = {
-          locations."/".proxyWebsockets = true;
-        };
-      }
-    ];
-
-    my.services.backup = {
-      paths = [
-        config.services.paperless-ng.mediaDir
-      ];
-    };
-  };
-}
diff --git a/modules/system/media.nix b/modules/system/media.nix
index 630a351..4ad2fee 100644
--- a/modules/system/media.nix
+++ b/modules/system/media.nix
@@ -5,7 +5,6 @@ let
   mediaServices = with config.my.services; [
     calibre-web
     jellyfin
-    paperless
     pirate
     sabnzbd
     transmission
diff --git a/secrets/default.nix b/secrets/default.nix
index fbc1bfa..5b6c94b 100644
--- a/secrets/default.nix
+++ b/secrets/default.nix
@@ -56,11 +56,6 @@ throwOnCanary {
 
     nextcloud.password = fileContents ./nextcloud/password.txt;
 
-    paperless = {
-      password = fileContents ./paperless/password.txt;
-      secretKey = fileContents ./paperless/secretKey.txt;
-    };
-
     podgrab.password = fileContents ./podgrab/password.txt;
 
     sso = import ./sso { inherit lib; };
diff --git a/secrets/paperless/password.txt b/secrets/paperless/password.txt
deleted file mode 100644
index 5e2cb81..0000000
Binary files a/secrets/paperless/password.txt and /dev/null differ
diff --git a/secrets/paperless/secretKey.txt b/secrets/paperless/secretKey.txt
deleted file mode 100644
index fe31bc4..0000000
Binary files a/secrets/paperless/secretKey.txt and /dev/null differ