From e303182a7d30a0ed803f31272644b9de173d6bb3 Mon Sep 17 00:00:00 2001 From: rfl Date: Wed, 28 Aug 2024 09:49:43 +0200 Subject: [PATCH] Track first draft --- README.md | 3 ++ paperless/init.sls | 78 ++++++++++++++++++++++++++++++++++++++++++++++ pillar.example | 45 ++++++++++++++++++++++++++ 3 files changed, 126 insertions(+) create mode 100644 README.md create mode 100644 paperless/init.sls create mode 100644 pillar.example diff --git a/README.md b/README.md new file mode 100644 index 0000000..123aef7 --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +# paperless formula + +Salt formula for deploying paperless-ngx using docker. diff --git a/paperless/init.sls b/paperless/init.sls new file mode 100644 index 0000000..27342fc --- /dev/null +++ b/paperless/init.sls @@ -0,0 +1,78 @@ +broker-data-directory-exists: + file.directory: + - name: /opt/paperless/broker + - makedirs: True + +paperless-data-directory-exists: + file.directory: + - name: /opt/paperless/webserver + - makedirs: True + +broker-docker-container-running: + docker_container.running: + - name: broker + - image: {{ salt['pillar.get']('paperless:broker:image:path', 'docker.io/library/redis') }}:{{ salt['pillar.get']('paperless:broker:image:version', '7') }} + - container_name: broker + - restart: unless-stopped + - binds: /opt/paperless/broker:/data + - networks: + - bridge + +gotenberg-docker-container-running: + docker_container.runnig: + - name: gotenberg + - image: {{ salt['pillar.get']('paperless:gotenberg:image:path', 'docker.io/gotenberg/gotenberg') }}:{{ salt['pillar.get']('paperless:gotenberg:image:version', '8.9.1') }} + - container_name: gotenberg + - restart: unless-stopped + # The gotenberg chromium route is used to convert .eml files. We do not + # want to allow external content like tracking pixels or even javascript. + - command: + - "gotenberg" + - "--chromium-disable-javascript=true" + - "--chromium-allow-list=file:///tmp/.*" + - networks: + - bridge + +tika-docker-container-running: + docker_container.runnig: + - name: tika + - image: {{ salt['pillar.get']('paperless:tika:image:path', 'docker.io/apache/tika') }}:{{ salt['pillar.get']('paperless:tika:image:version', '2.9.2.1') }} + - container_name: tika + - restart: unless-stopped + - networks: + - bridge + +paperless-docker-container-running: + docker_container.running: + # The Docker setup does not use the configuration file. + # So we have to set everything through environment variables. + # see https://github.com/paperless-ngx/paperless-ngx/blob/main/docker/compose/docker-compose.env + - name: paperless + - image: {{ salt['pillar.get']('paperless:webserver:image:path', 'github.com/paperless-ngx/paperless-ngx') }}:{{ salt['pillar.get']('paperless:webserver:image:version', 'v2.11.6') }} + - container_name: paperless + - environment: + - USER_UID=1000 + - USER_GID=1000 + - PAPERLESS_REDIS={{ salt['pillar.get']('paperless:webserver:environment:redis', 'redis://broker:6379') }} + - PAPERLESS_TIKA_ENABLED={{ salt['pillar.get']('paperless:webserver:environment:tika_enabled', '1') }} + - PAPERLESS_TIKA_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_endpoint', 'http://tika:9998') }} + - PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }} + + # - PAPERLESS_ENABLE_HTTP_REMOTE_USER={{ salt['pillar.get']('', 'false') }} + # - PAPERLESS_ENABLE_HTTP_REMOTE_USER_API={{ salt['pillar.get']('', 'false') }} + # - PAPERLESS_SECRET_KEY={{ salt['pillar.get']('paperless:webserver:environment:secret_key', 'change-me') }} + # - PAPERLESS_URL={{ salt['pillar.get']('paperless:webserver:environment:url', 'https://paperless.flipdot.org') }} + - restart: always + - networks: + - bridge + - extra_hosts: + - ldap.flipdot.space:192.168.3.233 + - binds: + - /opt/paperless/webserver/data:/usr/src/paperless/data + - /opt/paperless/webserver/media:/usr/src/paperless/media + - /opt/paperless/webserver/export:/usr/src/paperless/export + - /opt/paperless/webserver/consume:/usr/src/paperless/consume + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + - port_bindings: + - "{{ salt['pillar.get']('paperless:webserver:port', "127.0.0.1:8000") }}:8000" diff --git a/pillar.example b/pillar.example new file mode 100644 index 0000000..977b3f1 --- /dev/null +++ b/pillar.example @@ -0,0 +1,45 @@ +paperless: + broker: + image: + path: docker.io/library/redis + version: 7 + webserver: + image: + path: github.com/paperless-ngx/paperless-ngx + version: v2.11.6 + port: 8000 + environment: + redis: redis://broker:6379 + tika_enabled: 1 + tika_endpoint: http://tika:9998 + tika_gotenberg_endpoint: http://gotenberg:3000 + + # following is included here for later, uncomment in init.sls as well + + # https://docs.paperless-ngx.com/advanced_usage/#sso-and-third-party-authentication-with-paperless-ngx + # https://github.com/paperless-ngx/paperless-ngx/discussions?discussions_q=ldap + # https://github.com/paperless-ngx/paperless-ngx/discussions/498 + # https://github.com/paperless-ngx/paperless-ngx/discussions/3228 + + # Allows authentication via HTTP_REMOTE_USER which is used by some SSO applications. + # enable_http_remote_user=true + + # Allows authentication via HTTP_REMOTE_USER directly against the API + # enable_http_remote_user_api=true + + # Adjust this key if you plan to make paperless available publicly. It should + # be a very long sequence of random characters. You don't need to remember it. + # secret_key=change-me + + # This is required if you will be exposing Paperless-ngx on a public domain + # (if doing so please consider security measures such as reverse proxy) + # url=https://paperless.flipdot.org + + gotenberg: + image: + path: docker.io/gotenberg/gotenberg + version: 8.9.1 + tika: + image: + path: docker.io/apache/tika + version: 2.9.2.1