paperless-formula/paperless/init.sls

109 lines
4.9 KiB
Text
Raw Normal View History

# Attempt to fix json with pillar variables in variable
{% set client_secret = salt['pillar.get']('paperless:webserver:keycloak:client_secret', '<CLIENT_SECRET>') %}
{% set oauth_server = salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https://<KEYCLOAK_SERVER>/realms/<REALM>/.well-known/openid-configuration') %}
{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS =
{
'openid_connect': {
'APPS': [
{
'provider_id': 'keycloak',
'name': 'Keycloak',
'client_id': 'paperless',
'secret': client_secret,
'settings': {
'server_url': oauth_server
}
}
]
}
}
%}
2024-08-28 09:49:43 +02:00
broker-data-directory-exists:
file.directory:
- name: /opt/paperless/broker
- makedirs: True
paperless-data-directory-exists:
file.directory:
- name: /opt/paperless/webserver
- makedirs: True
2024-09-20 17:35:44 +02:00
docker-network-paperless-exists:
docker_network.present:
- name: paperless-network
- scope: local
2024-08-28 09:49:43 +02:00
broker-docker-container-running:
docker_container.running:
- name: broker
- image: {{ salt['pillar.get']('paperless:broker:image:path', 'docker.io/library/redis') }}:{{ salt['pillar.get']('paperless:broker:image:version', '7') }}
- container_name: broker
- restart: unless-stopped
- binds: /opt/paperless/broker:/data
- networks:
2024-09-20 17:35:44 +02:00
- paperless-network
2024-08-28 09:49:43 +02:00
gotenberg-docker-container-running:
2024-09-20 17:35:44 +02:00
docker_container.running:
2024-08-28 09:49:43 +02:00
- name: gotenberg
- image: {{ salt['pillar.get']('paperless:gotenberg:image:path', 'docker.io/gotenberg/gotenberg') }}:{{ salt['pillar.get']('paperless:gotenberg:image:version', '8.9.1') }}
- container_name: gotenberg
- restart: unless-stopped
# The gotenberg chromium route is used to convert .eml files. We do not
# want to allow external content like tracking pixels or even javascript.
- command:
- "gotenberg"
- "--chromium-disable-javascript=true"
- "--chromium-allow-list=file:///tmp/.*"
- networks:
2024-09-20 17:35:44 +02:00
- paperless-network
2024-08-28 09:49:43 +02:00
tika-docker-container-running:
2024-09-20 17:35:44 +02:00
docker_container.running:
2024-08-28 09:49:43 +02:00
- name: tika
- image: {{ salt['pillar.get']('paperless:tika:image:path', 'docker.io/apache/tika') }}:{{ salt['pillar.get']('paperless:tika:image:version', '2.9.2.1') }}
- container_name: tika
- restart: unless-stopped
- networks:
2024-09-20 17:35:44 +02:00
- paperless-network
2024-08-28 09:49:43 +02:00
paperless-docker-container-running:
docker_container.running:
# The Docker setup does not use the configuration file.
# So we have to set everything through environment variables.
# see https://github.com/paperless-ngx/paperless-ngx/blob/main/docker/compose/docker-compose.env
- name: paperless
2024-09-20 17:35:44 +02:00
- image: {{ salt['pillar.get']('paperless:webserver:image:path', 'ghcr.io/paperless-ngx/paperless-ngx') }}:{{ salt['pillar.get']('paperless:webserver:image:version', '2.12') }}
2024-08-28 09:49:43 +02:00
- container_name: paperless
- environment:
- USER_UID=1000
- USER_GID=1000
- PAPERLESS_REDIS={{ salt['pillar.get']('paperless:webserver:environment:redis', 'redis://broker:6379') }}
- PAPERLESS_TIKA_ENABLED={{ salt['pillar.get']('paperless:webserver:environment:tika_enabled', '1') }}
- PAPERLESS_TIKA_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_endpoint', 'http://tika:9998') }}
- PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }}
# - PAPERLESS_ENABLE_HTTP_REMOTE_USER={{ salt['pillar.get']('', 'false') }}
# - PAPERLESS_ENABLE_HTTP_REMOTE_USER_API={{ salt['pillar.get']('', 'false') }}
# - PAPERLESS_SECRET_KEY={{ salt['pillar.get']('paperless:webserver:environment:secret_key', 'change-me') }}
# - PAPERLESS_URL={{ salt['pillar.get']('paperless:webserver:environment:url', 'https://paperless.flipdot.org') }}
2024-10-02 13:02:56 +02:00
- PAPERLESS_APPS="allauth.socialaccount.providers.openid_connect"
#- PAPERLESS_SOCIALACCOUNT_PROVIDERS='{"openid_connect": {"APPS": [{"provider_id": "keycloak", "name": "Keycloak", "client_id": "paperless", "secret": {{ salt['pillar.get']('paperless:webserver:keycloak:client_secret', '<CLIENT_SECRET>') }}, "settings": {"server_url": {{ salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https://<KEYCLOAK_SERVER>/realms/<REALM>/.well-known/openid-configuration') }} }}]}}'
2024-08-28 09:49:43 +02:00
- restart: always
- networks:
2024-09-20 17:35:44 +02:00
- paperless-network
2024-08-28 09:49:43 +02:00
- extra_hosts:
- ldap.flipdot.space:192.168.3.233
- binds:
- /opt/paperless/webserver/data:/usr/src/paperless/data
- /opt/paperless/webserver/media:/usr/src/paperless/media
- /opt/paperless/webserver/export:/usr/src/paperless/export
- /opt/paperless/webserver/consume:/usr/src/paperless/consume
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
- port_bindings:
2024-10-01 21:07:18 +02:00
- {{ salt['pillar.get']('paperless:webserver:ip', '127.0.0.1') }}:{{ salt['pillar.get']('paperless:webserver:port', '8000') }}:8000