paperless-formula/paperless/init.sls

# Attempt to fix json with pillar variables in variable
{% set client_secret = salt['pillar.get']('paperless:webserver:keycloak:client_secret', '<CLIENT_SECRET>') %}
{% set oauth_server = salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https://<KEYCLOAK_SERVER>/realms/<REALM>/.well-known/openid-configuration') %}

{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS =
  {
    'openid_connect': {
        'APPS': [
            {
              'provider_id': 'keycloak',
              'name': 'Keycloak',
              'client_id': 'paperless',
              'secret': client_secret,
              'settings': {
                'server_url': oauth_server
              }
            }
        ]
    }
  } 
%}

broker-data-directory-exists:
  file.directory:
    - name: /opt/paperless/broker
    - makedirs: True

paperless-data-directory-exists:
  file.directory:
    - name: /opt/paperless/webserver
    - makedirs: True

python3-pip:
  pkg.installed

# https://github.com/saltstack/salt/issues/61004
python-pip-uptodate:
  pip.installed:
    - require:
      - pkg: python3-pip
    - pkgs:
      - pip
    - upgrade: True

# https://bugs.launchpad.net/ubuntu/+source/python-docker/+bug/2066926
# https://packages.debian.org/source/sid/python-docker
# does not work
# python-docker-package:
#   pkg.installed:
#   - name: python3-docker

# https://stackoverflow.com/a/78224409
# https://github.com/docker/docker-py/issues/3113
# https://github.com/saltstack/salt/issues/62689
docker-requirements:
  pip.installed:
    - require:
      - pkg: python3-pip
    - pkgs:
      # - docker==6.1.3
      # - docker==7.0.0
      - docker==7.1.0
      # - docker==5.0.3
      # - docker-py==1.10.5
      # - requests<2.29.0
      # - urllib3<2.0

# other errors that were encountered
# keyerror http+docker
# https://github.com/geerlingguy/ansible-role-docker/issues/462
# https://github.com/docker/docker-py/issues/3279
# unexpected keyword argument 'chunked'
# https://github.com/saltstack/salt/issues/65526
# 'docker.version' is not available
# https://github.com/saltstack/salt/issues/53836
# https://github.com/saltstack/salt/issues/54449
# https://github.com/saltstack/salt/issues/62602
# network is always recreated
# https://github.com/saltstack/salt/issues/66408

# otherwise it complains about scope attribute, similar to
# https://github.com/saltstack/salt/issues/50194
# https://github.com/saltstack/salt/issues/51009
# but it should be possible according to docs
# https://docs.saltproject.io/en/latest/ref/states/all/salt.states.docker_network.html#salt.states.docker_network.present
docker-network-paperless-exists:
  docker_network.present:
    - name: paperless-network
    # - scope: local

broker-docker-container-running:
  docker_container.running:
    - name: broker
    - image: {{ salt['pillar.get']('paperless:broker:image:path', 'docker.io/library/redis') }}:{{ salt['pillar.get']('paperless:broker:image:version', '7') }}
    - container_name: broker
    - restart: unless-stopped
    - binds: /opt/paperless/broker:/data
    - networks:
      - paperless-network

gotenberg-docker-container-running:
  docker_container.running:
    - name: gotenberg
    - image: {{ salt['pillar.get']('paperless:gotenberg:image:path', 'docker.io/gotenberg/gotenberg') }}:{{ salt['pillar.get']('paperless:gotenberg:image:version', '8.9.1') }}
    - container_name: gotenberg
    - restart: unless-stopped
    # The gotenberg chromium route is used to convert .eml files. We do not
    # want to allow external content like tracking pixels or even javascript.
    - command:
      - "gotenberg"
      - "--chromium-disable-javascript=true"
      - "--chromium-allow-list=file:///tmp/.*"
    - networks:
      - paperless-network

tika-docker-container-running:
  docker_container.running:
    - name: tika
    - image: {{ salt['pillar.get']('paperless:tika:image:path', 'docker.io/apache/tika') }}:{{ salt['pillar.get']('paperless:tika:image:version', '2.9.2.1') }}
    - container_name: tika
    - restart: unless-stopped
    - networks:
      - paperless-network

# Attempt to fix json with pillar variables in variable
{% set client_secret = salt['pillar.get']('paperless:webserver:keycloak:client_secret', '<CLIENT_SECRET>') %}
{% set oauth_server = salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https://<KEYCLOAK_SERVER>/realms/<REALM>/.well-known/openid-configuration') %}

{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS_ =
  {
    'openid_connect': {
        'APPS': [
            {
              'provider_id': 'keycloak',
              'name': 'Keycloak',
              'client_id': 'paperless',
              'secret': client_secret,
              'settings': {
                'server_url': oauth_server
              }
            }
        ]
    }
  }
%}

paperless-docker-container-running:
  docker_container.running:
    # The Docker setup does not use the configuration file.
    # So we have to set everything through environment variables.
    # see https://github.com/paperless-ngx/paperless-ngx/blob/main/docker/compose/docker-compose.env
    - name: paperless
    - image: {{ salt['pillar.get']('paperless:webserver:image:path', 'ghcr.io/paperless-ngx/paperless-ngx') }}:{{ salt['pillar.get']('paperless:webserver:image:version', '2.12') }}
    - container_name: paperless
    - environment:
      - USER_UID=1000
      - USER_GID=1000
      - PAPERLESS_REDIS={{ salt['pillar.get']('paperless:webserver:environment:redis', 'redis://broker:6379') }}
      - PAPERLESS_TIKA_ENABLED={{ salt['pillar.get']('paperless:webserver:environment:tika_enabled', '1') }}
      - PAPERLESS_TIKA_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_endpoint', 'http://tika:9998') }}
      - PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }}

      - PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect
      - PAPERLESS_SOCIALACCOUNT_PROVIDERS="{{ PAPERLESS_SOCIALACCOUNT_PROVIDERS_ }}"
      - PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }}
      - PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }}

      - PAPERLESS_ADMIN_USER={{ salt['pillar.get']('paperless:webserver:environment:admin_user', 'admin') }}
      - PAPERLESS_ADMIN_PASSWORD={{ salt['pillar.get']('paperless:webserver:environment:admin_password', 'change-me') }}
    - restart: always
    - networks:
      - paperless-network
    - binds:
      - /opt/paperless/webserver/data:/usr/src/paperless/data
      - /opt/paperless/webserver/media:/usr/src/paperless/media
      - /opt/paperless/webserver/export:/usr/src/paperless/export
      - /opt/paperless/webserver/consume:/usr/src/paperless/consume
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    - port_bindings:
      - {{ salt['pillar.get']('paperless:webserver:ip', '127.0.0.1') }}:{{ salt['pillar.get']('paperless:webserver:port', '8000') }}:8000
[FIX] Attempt to fix broken json variable parsing 2024-10-20 17:19:05 +02:00			`# Attempt to fix json with pillar variables in variable`
			`{% set client_secret = salt['pillar.get']('paperless:webserver:keycloak:client_secret', '<CLIENT_SECRET>') %}`
			`{% set oauth_server = salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https://<KEYCLOAK_SERVER>/realms/<REALM>/.well-known/openid-configuration') %}`

			`{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS =`
			`{`
			`'openid_connect': {`
			`'APPS': [`
			`{`
			`'provider_id': 'keycloak',`
			`'name': 'Keycloak',`
			`'client_id': 'paperless',`
			`'secret': client_secret,`
			`'settings': {`
			`'server_url': oauth_server`
			`}`
			`}`
			`]`
			`}`
			`}`
			`%}`

Track first draft 2024-08-28 09:49:43 +02:00			`broker-data-directory-exists:`
			`file.directory:`
			`- name: /opt/paperless/broker`
			`- makedirs: True`

			`paperless-data-directory-exists:`
			`file.directory:`
			`- name: /opt/paperless/webserver`
			`- makedirs: True`

FFS this environment variable 2024-10-04 22:02:38 +02:00			`python3-pip:`
			`pkg.installed`

			`# https://github.com/saltstack/salt/issues/61004`
			`python-pip-uptodate:`
			`pip.installed:`
			`- require:`
			`- pkg: python3-pip`
			`- pkgs:`
			`- pip`
			`- upgrade: True`

			`# https://bugs.launchpad.net/ubuntu/+source/python-docker/+bug/2066926`
			`# https://packages.debian.org/source/sid/python-docker`
			`# does not work`
			`# python-docker-package:`
			`# pkg.installed:`
			`# - name: python3-docker`

			`# https://stackoverflow.com/a/78224409`
			`# https://github.com/docker/docker-py/issues/3113`
			`# https://github.com/saltstack/salt/issues/62689`
			`docker-requirements:`
			`pip.installed:`
			`- require:`
			`- pkg: python3-pip`
			`- pkgs:`
			`# - docker==6.1.3`
			`# - docker==7.0.0`
			`- docker==7.1.0`
			`# - docker==5.0.3`
			`# - docker-py==1.10.5`
			`# - requests<2.29.0`
			`# - urllib3<2.0`

			`# other errors that were encountered`
			`# keyerror http+docker`
			`# https://github.com/geerlingguy/ansible-role-docker/issues/462`
			`# https://github.com/docker/docker-py/issues/3279`
			`# unexpected keyword argument 'chunked'`
			`# https://github.com/saltstack/salt/issues/65526`
			`# 'docker.version' is not available`
			`# https://github.com/saltstack/salt/issues/53836`
			`# https://github.com/saltstack/salt/issues/54449`
			`# https://github.com/saltstack/salt/issues/62602`
			`# network is always recreated`
			`# https://github.com/saltstack/salt/issues/66408`

			`# otherwise it complains about scope attribute, similar to`
			`# https://github.com/saltstack/salt/issues/50194`
			`# https://github.com/saltstack/salt/issues/51009`
			`# but it should be possible according to docs`
			`# https://docs.saltproject.io/en/latest/ref/states/all/salt.states.docker_network.html#salt.states.docker_network.present`
Fix config Fix typos, url and network 2024-09-20 17:35:44 +02:00			`docker-network-paperless-exists:`
			`docker_network.present:`
			`- name: paperless-network`
FFS this environment variable 2024-10-04 22:02:38 +02:00			`# - scope: local`
Fix config Fix typos, url and network 2024-09-20 17:35:44 +02:00
Track first draft 2024-08-28 09:49:43 +02:00			`broker-docker-container-running:`
			`docker_container.running:`
			`- name: broker`
			`- image: {{ salt['pillar.get']('paperless:broker:image:path', 'docker.io/library/redis') }}:{{ salt['pillar.get']('paperless:broker:image:version', '7') }}`
			`- container_name: broker`
			`- restart: unless-stopped`
			`- binds: /opt/paperless/broker:/data`
			`- networks:`
Fix config Fix typos, url and network 2024-09-20 17:35:44 +02:00			`- paperless-network`
Track first draft 2024-08-28 09:49:43 +02:00
			`gotenberg-docker-container-running:`
Fix config Fix typos, url and network 2024-09-20 17:35:44 +02:00			`docker_container.running:`
Track first draft 2024-08-28 09:49:43 +02:00			`- name: gotenberg`
			`- image: {{ salt['pillar.get']('paperless:gotenberg:image:path', 'docker.io/gotenberg/gotenberg') }}:{{ salt['pillar.get']('paperless:gotenberg:image:version', '8.9.1') }}`
			`- container_name: gotenberg`
			`- restart: unless-stopped`
			`# The gotenberg chromium route is used to convert .eml files. We do not`
			`# want to allow external content like tracking pixels or even javascript.`
			`- command:`
			`- "gotenberg"`
			`- "--chromium-disable-javascript=true"`
			`- "--chromium-allow-list=file:///tmp/.*"`
			`- networks:`
Fix config Fix typos, url and network 2024-09-20 17:35:44 +02:00			`- paperless-network`
Track first draft 2024-08-28 09:49:43 +02:00
			`tika-docker-container-running:`
Fix config Fix typos, url and network 2024-09-20 17:35:44 +02:00			`docker_container.running:`
Track first draft 2024-08-28 09:49:43 +02:00			`- name: tika`
			`- image: {{ salt['pillar.get']('paperless:tika:image:path', 'docker.io/apache/tika') }}:{{ salt['pillar.get']('paperless:tika:image:version', '2.9.2.1') }}`
			`- container_name: tika`
			`- restart: unless-stopped`
			`- networks:`
Fix config Fix typos, url and network 2024-09-20 17:35:44 +02:00			`- paperless-network`
Track first draft 2024-08-28 09:49:43 +02:00
FFS this environment variable 2024-10-04 22:02:38 +02:00			`# Attempt to fix json with pillar variables in variable`
			`{% set client_secret = salt['pillar.get']('paperless:webserver:keycloak:client_secret', '<CLIENT_SECRET>') %}`
			`{% set oauth_server = salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https://<KEYCLOAK_SERVER>/realms/<REALM>/.well-known/openid-configuration') %}`

Merge branch 'dev' into dev-json-fix 2024-10-22 20:13:16 +02:00			`{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS_ =`
FFS this environment variable 2024-10-04 22:02:38 +02:00			`{`
			`'openid_connect': {`
			`'APPS': [`
			`{`
			`'provider_id': 'keycloak',`
			`'name': 'Keycloak',`
			`'client_id': 'paperless',`
			`'secret': client_secret,`
			`'settings': {`
			`'server_url': oauth_server`
			`}`
			`}`
			`]`
			`}`
			`}`
			`%}`

Track first draft 2024-08-28 09:49:43 +02:00			`paperless-docker-container-running:`
			`docker_container.running:`
			`# The Docker setup does not use the configuration file.`
			`# So we have to set everything through environment variables.`
			`# see https://github.com/paperless-ngx/paperless-ngx/blob/main/docker/compose/docker-compose.env`
			`- name: paperless`
Fix config Fix typos, url and network 2024-09-20 17:35:44 +02:00			`- image: {{ salt['pillar.get']('paperless:webserver:image:path', 'ghcr.io/paperless-ngx/paperless-ngx') }}:{{ salt['pillar.get']('paperless:webserver:image:version', '2.12') }}`
Track first draft 2024-08-28 09:49:43 +02:00			`- container_name: paperless`
			`- environment:`
			`- USER_UID=1000`
			`- USER_GID=1000`
			`- PAPERLESS_REDIS={{ salt['pillar.get']('paperless:webserver:environment:redis', 'redis://broker:6379') }}`
			`- PAPERLESS_TIKA_ENABLED={{ salt['pillar.get']('paperless:webserver:environment:tika_enabled', '1') }}`
			`- PAPERLESS_TIKA_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_endpoint', 'http://tika:9998') }}`
			`- PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }}`

FFS this environment variable 2024-10-04 22:02:38 +02:00			`- PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect`
Merge branch 'dev' into dev-json-fix 2024-10-22 20:13:16 +02:00			`- PAPERLESS_SOCIALACCOUNT_PROVIDERS="{{ PAPERLESS_SOCIALACCOUNT_PROVIDERS_ }}"`
FFS this environment variable 2024-10-04 22:02:38 +02:00			`- PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }}`
			`- PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }}`
WIP: Use keycloak for sso 2024-10-02 13:02:56 +02:00
FFS this environment variable 2024-10-04 22:02:38 +02:00			`- PAPERLESS_ADMIN_USER={{ salt['pillar.get']('paperless:webserver:environment:admin_user', 'admin') }}`
			`- PAPERLESS_ADMIN_PASSWORD={{ salt['pillar.get']('paperless:webserver:environment:admin_password', 'change-me') }}`
Track first draft 2024-08-28 09:49:43 +02:00			`- restart: always`
			`- networks:`
Fix config Fix typos, url and network 2024-09-20 17:35:44 +02:00			`- paperless-network`
Track first draft 2024-08-28 09:49:43 +02:00			`- binds:`
			`- /opt/paperless/webserver/data:/usr/src/paperless/data`
			`- /opt/paperless/webserver/media:/usr/src/paperless/media`
			`- /opt/paperless/webserver/export:/usr/src/paperless/export`
			`- /opt/paperless/webserver/consume:/usr/src/paperless/consume`
			`- /etc/timezone:/etc/timezone:ro`
			`- /etc/localtime:/etc/localtime:ro`
			`- port_bindings:`
Fix ip 2024-10-01 21:07:18 +02:00			`- {{ salt['pillar.get']('paperless:webserver:ip', '127.0.0.1') }}:{{ salt['pillar.get']('paperless:webserver:port', '8000') }}:8000`