From 4cf8c5c7d41f21766e50ec31f39d5499e6280d07 Mon Sep 17 00:00:00 2001 From: rfl Date: Wed, 2 Oct 2024 13:02:56 +0200 Subject: [PATCH 01/33] WIP: Use keycloak for sso --- paperless/init.sls | 3 +++ pillar.example | 3 +++ 2 files changed, 6 insertions(+) diff --git a/paperless/init.sls b/paperless/init.sls index 3c193e7..6d9b64a 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -67,6 +67,9 @@ paperless-docker-container-running: # - PAPERLESS_ENABLE_HTTP_REMOTE_USER_API={{ salt['pillar.get']('', 'false') }} # - PAPERLESS_SECRET_KEY={{ salt['pillar.get']('paperless:webserver:environment:secret_key', 'change-me') }} # - PAPERLESS_URL={{ salt['pillar.get']('paperless:webserver:environment:url', 'https://paperless.flipdot.org') }} + + - PAPERLESS_APPS="allauth.socialaccount.providers.openid_connect" + - PAPERLESS_SOCIALACCOUNT_PROVIDERS='{"openid_connect": {"APPS": [{"provider_id": "keycloak", "name": "Keycloak", "client_id": "paperless", "secret": {{ salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') }}, "settings": {"server_url": {{ salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') }} }}]}}' - restart: always - networks: - paperless-network diff --git a/pillar.example b/pillar.example index ea278a4..16311d4 100644 --- a/pillar.example +++ b/pillar.example @@ -36,6 +36,9 @@ paperless: # (if doing so please consider security measures such as reverse proxy) # url=https://paperless.flipdot.org + keycloak: + client_secret: + server_url: https:///realms//.well-known/openid-configuration gotenberg: image: path: docker.io/gotenberg/gotenberg From f942614e99a8f3ccfe1b61444179134fad7770ac Mon Sep 17 00:00:00 2001 From: Bltzz Date: Sun, 20 Oct 2024 17:19:05 +0200 Subject: [PATCH 02/33] [FIX] Attempt to fix broken json variable parsing --- paperless/init.sls | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/paperless/init.sls b/paperless/init.sls index 6d9b64a..6a07a87 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -1,3 +1,25 @@ +# Attempt to fix json with pillar variables in variable +{% set client_secret = salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') %} +{% set oauth_server = salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') %} + +{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS = + { + 'openid_connect': { + 'APPS': [ + { + 'provider_id': 'keycloak', + 'name': 'Keycloak', + 'client_id': 'paperless', + 'secret': client_secret, + 'settings': { + 'server_url': oauth_server + } + } + ] + } + } +%} + broker-data-directory-exists: file.directory: - name: /opt/paperless/broker @@ -69,7 +91,7 @@ paperless-docker-container-running: # - PAPERLESS_URL={{ salt['pillar.get']('paperless:webserver:environment:url', 'https://paperless.flipdot.org') }} - PAPERLESS_APPS="allauth.socialaccount.providers.openid_connect" - - PAPERLESS_SOCIALACCOUNT_PROVIDERS='{"openid_connect": {"APPS": [{"provider_id": "keycloak", "name": "Keycloak", "client_id": "paperless", "secret": {{ salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') }}, "settings": {"server_url": {{ salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') }} }}]}}' + #- PAPERLESS_SOCIALACCOUNT_PROVIDERS='{"openid_connect": {"APPS": [{"provider_id": "keycloak", "name": "Keycloak", "client_id": "paperless", "secret": {{ salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') }}, "settings": {"server_url": {{ salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') }} }}]}}' - restart: always - networks: - paperless-network From cef3f9a5e443a34fd8fd1300d02ab2e533a4ca5b Mon Sep 17 00:00:00 2001 From: rfl Date: Fri, 4 Oct 2024 22:02:38 +0200 Subject: [PATCH 03/33] FFS this environment variable --- paperless/init.sls | 91 +++++++++++++++++++++++++++++++++++++++++----- pillar.example | 3 ++ 2 files changed, 85 insertions(+), 9 deletions(-) diff --git a/paperless/init.sls b/paperless/init.sls index 6d9b64a..761f020 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -8,10 +8,63 @@ paperless-data-directory-exists: - name: /opt/paperless/webserver - makedirs: True +python3-pip: + pkg.installed + +# https://github.com/saltstack/salt/issues/61004 +python-pip-uptodate: + pip.installed: + - require: + - pkg: python3-pip + - pkgs: + - pip + - upgrade: True + +# https://bugs.launchpad.net/ubuntu/+source/python-docker/+bug/2066926 +# https://packages.debian.org/source/sid/python-docker +# does not work +# python-docker-package: +# pkg.installed: +# - name: python3-docker + +# https://stackoverflow.com/a/78224409 +# https://github.com/docker/docker-py/issues/3113 +# https://github.com/saltstack/salt/issues/62689 +docker-requirements: + pip.installed: + - require: + - pkg: python3-pip + - pkgs: + # - docker==6.1.3 + # - docker==7.0.0 + - docker==7.1.0 + # - docker==5.0.3 + # - docker-py==1.10.5 + # - requests<2.29.0 + # - urllib3<2.0 + +# other errors that were encountered +# keyerror http+docker +# https://github.com/geerlingguy/ansible-role-docker/issues/462 +# https://github.com/docker/docker-py/issues/3279 +# unexpected keyword argument 'chunked' +# https://github.com/saltstack/salt/issues/65526 +# 'docker.version' is not available +# https://github.com/saltstack/salt/issues/53836 +# https://github.com/saltstack/salt/issues/54449 +# https://github.com/saltstack/salt/issues/62602 +# network is always recreated +# https://github.com/saltstack/salt/issues/66408 + +# otherwise it complains about scope attribute, similar to +# https://github.com/saltstack/salt/issues/50194 +# https://github.com/saltstack/salt/issues/51009 +# but it should be possible according to docs +# https://docs.saltproject.io/en/latest/ref/states/all/salt.states.docker_network.html#salt.states.docker_network.present docker-network-paperless-exists: docker_network.present: - name: paperless-network - - scope: local + # - scope: local broker-docker-container-running: docker_container.running: @@ -47,6 +100,28 @@ tika-docker-container-running: - networks: - paperless-network +# Attempt to fix json with pillar variables in variable +{% set client_secret = salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') %} +{% set oauth_server = salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') %} + +{% set PAPERLESS_SOCIALACCOUNT_PROVIDER = + { + 'openid_connect': { + 'APPS': [ + { + 'provider_id': 'keycloak', + 'name': 'Keycloak', + 'client_id': 'paperless', + 'secret': client_secret, + 'settings': { + 'server_url': oauth_server + } + } + ] + } + } +%} + paperless-docker-container-running: docker_container.running: # The Docker setup does not use the configuration file. @@ -63,18 +138,16 @@ paperless-docker-container-running: - PAPERLESS_TIKA_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_endpoint', 'http://tika:9998') }} - PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }} - # - PAPERLESS_ENABLE_HTTP_REMOTE_USER={{ salt['pillar.get']('', 'false') }} - # - PAPERLESS_ENABLE_HTTP_REMOTE_USER_API={{ salt['pillar.get']('', 'false') }} - # - PAPERLESS_SECRET_KEY={{ salt['pillar.get']('paperless:webserver:environment:secret_key', 'change-me') }} - # - PAPERLESS_URL={{ salt['pillar.get']('paperless:webserver:environment:url', 'https://paperless.flipdot.org') }} + - PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect + - PAPERLESS_SOCIALACCOUNT_PROVIDER="{{ PAPERLESS_SOCIALACCOUNT_PROVIDER }}" + - PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} + - PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} - - PAPERLESS_APPS="allauth.socialaccount.providers.openid_connect" - - PAPERLESS_SOCIALACCOUNT_PROVIDERS='{"openid_connect": {"APPS": [{"provider_id": "keycloak", "name": "Keycloak", "client_id": "paperless", "secret": {{ salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') }}, "settings": {"server_url": {{ salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') }} }}]}}' + - PAPERLESS_ADMIN_USER={{ salt['pillar.get']('paperless:webserver:environment:admin_user', 'admin') }} + - PAPERLESS_ADMIN_PASSWORD={{ salt['pillar.get']('paperless:webserver:environment:admin_password', 'change-me') }} - restart: always - networks: - paperless-network - - extra_hosts: - - ldap.flipdot.space:192.168.3.233 - binds: - /opt/paperless/webserver/data:/usr/src/paperless/data - /opt/paperless/webserver/media:/usr/src/paperless/media diff --git a/pillar.example b/pillar.example index 16311d4..4e1c7af 100644 --- a/pillar.example +++ b/pillar.example @@ -36,6 +36,9 @@ paperless: # (if doing so please consider security measures such as reverse proxy) # url=https://paperless.flipdot.org + admin_user: admin + admin_password: change-me + keycloak: client_secret: server_url: https:///realms//.well-known/openid-configuration From 36f9d091e4994d8ab8cc2f17f2b808d1631f0812 Mon Sep 17 00:00:00 2001 From: Bltzz Date: Tue, 22 Oct 2024 22:39:28 +0200 Subject: [PATCH 04/33] ffs --- paperless/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/paperless/init.sls b/paperless/init.sls index 2077575..08baff3 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -122,7 +122,7 @@ paperless-docker-container-running: - PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }} - PAPERLESS_APPS="allauth.socialaccount.providers.openid_connect" - - PAPERLESS_SOCIALACCOUNT_PROVIDERS="{{ PAPERLESS_SOCIALACCOUNT_PROVIDERS_ }}" + #- PAPERLESS_SOCIALACCOUNT_PROVIDERS="{{ PAPERLESS_SOCIALACCOUNT_PROVIDERS_ }}" - PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} - PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} From 1d495e1798d3121a08ddcad8a029135f3c5be1f3 Mon Sep 17 00:00:00 2001 From: Bltzz Date: Tue, 22 Oct 2024 22:45:35 +0200 Subject: [PATCH 05/33] ffs --- paperless/init.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/paperless/init.sls b/paperless/init.sls index 08baff3..f361227 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -1,7 +1,7 @@ # Attempt to fix json with pillar variables in variable {% set client_secret = salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') %} {% set oauth_server = salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') %} -{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS_ = {'openid_connect': {'APPS': [{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': client_secret, 'settings': {'server_url': oauth_server} }]} }%} +{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS_ = {'openid_connect': {'APPS': [{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': client_secret, 'settings': {'server_url': oauth_server} }]} }|loadjson %} broker-data-directory-exists: file.directory: @@ -121,7 +121,7 @@ paperless-docker-container-running: - PAPERLESS_TIKA_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_endpoint', 'http://tika:9998') }} - PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }} - - PAPERLESS_APPS="allauth.socialaccount.providers.openid_connect" + - PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect #- PAPERLESS_SOCIALACCOUNT_PROVIDERS="{{ PAPERLESS_SOCIALACCOUNT_PROVIDERS_ }}" - PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} - PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} From bfbaf515c228a30900db73df845f92c389663e80 Mon Sep 17 00:00:00 2001 From: Bltzz Date: Tue, 22 Oct 2024 22:46:57 +0200 Subject: [PATCH 06/33] ffs --- paperless/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/paperless/init.sls b/paperless/init.sls index f361227..22294d3 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -1,7 +1,7 @@ # Attempt to fix json with pillar variables in variable {% set client_secret = salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') %} {% set oauth_server = salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') %} -{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS_ = {'openid_connect': {'APPS': [{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': client_secret, 'settings': {'server_url': oauth_server} }]} }|loadjson %} +{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS_ = {'openid_connect': {'APPS': [{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': client_secret, 'settings': {'server_url': oauth_server} }]} }|tojson %} broker-data-directory-exists: file.directory: From 372260220306b3e9e5a34a7e97df20773b2f5490 Mon Sep 17 00:00:00 2001 From: Bltzz Date: Tue, 22 Oct 2024 22:47:31 +0200 Subject: [PATCH 07/33] ffs --- paperless/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/paperless/init.sls b/paperless/init.sls index 22294d3..e91ee48 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -122,7 +122,7 @@ paperless-docker-container-running: - PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }} - PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect - #- PAPERLESS_SOCIALACCOUNT_PROVIDERS="{{ PAPERLESS_SOCIALACCOUNT_PROVIDERS_ }}" + - PAPERLESS_SOCIALACCOUNT_PROVIDERS="{{ PAPERLESS_SOCIALACCOUNT_PROVIDERS_ }}" - PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} - PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} From 3a9f812be1b53eb72ed3f8f4d95b14d923eb4b7b Mon Sep 17 00:00:00 2001 From: Bltzz Date: Tue, 22 Oct 2024 22:48:59 +0200 Subject: [PATCH 08/33] ffs --- paperless/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/paperless/init.sls b/paperless/init.sls index e91ee48..edf7524 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -1,7 +1,7 @@ # Attempt to fix json with pillar variables in variable {% set client_secret = salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') %} {% set oauth_server = salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') %} -{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS_ = {'openid_connect': {'APPS': [{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': client_secret, 'settings': {'server_url': oauth_server} }]} }|tojson %} +{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS_ = "{'openid_connect': {'APPS': [{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': client_secret, 'settings': {'server_url': oauth_server} }]} }"|tojson %} broker-data-directory-exists: file.directory: From 1d43361c72c5383a62f4d20c8f7debc242943d3d Mon Sep 17 00:00:00 2001 From: Bltzz Date: Tue, 22 Oct 2024 22:54:06 +0200 Subject: [PATCH 09/33] ffs --- paperless/init.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/paperless/init.sls b/paperless/init.sls index edf7524..b3d25e4 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -1,7 +1,7 @@ # Attempt to fix json with pillar variables in variable {% set client_secret = salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') %} {% set oauth_server = salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') %} -{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS_ = "{'openid_connect': {'APPS': [{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': client_secret, 'settings': {'server_url': oauth_server} }]} }"|tojson %} +{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS_ = {'openid_connect': {'APPS': [{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': client_secret, 'settings': {'server_url': oauth_server} }]} }|tojson %} broker-data-directory-exists: file.directory: @@ -122,7 +122,7 @@ paperless-docker-container-running: - PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }} - PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect - - PAPERLESS_SOCIALACCOUNT_PROVIDERS="{{ PAPERLESS_SOCIALACCOUNT_PROVIDERS_ }}" + - PAPERLESS_SOCIALACCOUNT_PROVIDERS={{ PAPERLESS_SOCIALACCOUNT_PROVIDERS_ }} - PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} - PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} From 71306a2cd14e8affd914568e0472a006b6fc523c Mon Sep 17 00:00:00 2001 From: Bltzz Date: Tue, 22 Oct 2024 23:00:59 +0200 Subject: [PATCH 10/33] ffs --- paperless/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/paperless/init.sls b/paperless/init.sls index b3d25e4..ee34835 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -1,7 +1,7 @@ # Attempt to fix json with pillar variables in variable {% set client_secret = salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') %} {% set oauth_server = salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') %} -{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS_ = {'openid_connect': {'APPS': [{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': client_secret, 'settings': {'server_url': oauth_server} }]} }|tojson %} +{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS_ = {'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': client_secret, 'settings':{'server_url': oauth_server}}]}}|tojson%} broker-data-directory-exists: file.directory: From 2d6092cc4d2f7c48a428a443863d896f76983af0 Mon Sep 17 00:00:00 2001 From: rfl Date: Fri, 25 Oct 2024 17:56:17 +0200 Subject: [PATCH 11/33] ffs --- paperless/init.sls | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/paperless/init.sls b/paperless/init.sls index ee34835..b02e1ee 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -1,7 +1,11 @@ # Attempt to fix json with pillar variables in variable {% set client_secret = salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') %} {% set oauth_server = salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') %} -{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS_ = {'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': client_secret, 'settings':{'server_url': oauth_server}}]}}|tojson%} +{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS_ = {'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', + 'secret': client_secret, + 'settings':{'server_url': + oauth_server}}]}} | +tojson %} broker-data-directory-exists: file.directory: From 0ae52b462a62450675deff6fd571e1a89e145313 Mon Sep 17 00:00:00 2001 From: rfl Date: Fri, 25 Oct 2024 17:57:21 +0200 Subject: [PATCH 12/33] ffs --- paperless/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/paperless/init.sls b/paperless/init.sls index b02e1ee..3c18919 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -126,7 +126,7 @@ paperless-docker-container-running: - PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }} - PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect - - PAPERLESS_SOCIALACCOUNT_PROVIDERS={{ PAPERLESS_SOCIALACCOUNT_PROVIDERS_ }} + - PAPERLESS_SOCIALACCOUNT_PROVIDERS={"key": {"value": 3}} - PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} - PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} From 55f55722883ab899cf1ea97be9c35915d3a8ecdc Mon Sep 17 00:00:00 2001 From: rfl Date: Fri, 25 Oct 2024 19:48:03 +0200 Subject: [PATCH 13/33] Trying out docker-compose state --- paperless/init.sls | 57 ++++++++++++---------------------------------- 1 file changed, 15 insertions(+), 42 deletions(-) diff --git a/paperless/init.sls b/paperless/init.sls index 3c18919..f99e17b 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -1,12 +1,3 @@ -# Attempt to fix json with pillar variables in variable -{% set client_secret = salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') %} -{% set oauth_server = salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') %} -{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS_ = {'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', - 'secret': client_secret, - 'settings':{'server_url': - oauth_server}}]}} | -tojson %} - broker-data-directory-exists: file.directory: - name: /opt/paperless/broker @@ -51,6 +42,7 @@ docker-requirements: # - docker-py==1.10.5 # - requests<2.29.0 # - urllib3<2.0 + - docker-compose>=1.5.0 # other errors that were encountered # keyerror http+docker @@ -109,38 +101,19 @@ tika-docker-container-running: - networks: - paperless-network -paperless-docker-container-running: - docker_container.running: - # The Docker setup does not use the configuration file. - # So we have to set everything through environment variables. - # see https://github.com/paperless-ngx/paperless-ngx/blob/main/docker/compose/docker-compose.env - - name: paperless - - image: {{ salt['pillar.get']('paperless:webserver:image:path', 'ghcr.io/paperless-ngx/paperless-ngx') }}:{{ salt['pillar.get']('paperless:webserver:image:version', '2.12') }} - - container_name: paperless - - environment: - - USER_UID=1000 - - USER_GID=1000 - - PAPERLESS_REDIS={{ salt['pillar.get']('paperless:webserver:environment:redis', 'redis://broker:6379') }} - - PAPERLESS_TIKA_ENABLED={{ salt['pillar.get']('paperless:webserver:environment:tika_enabled', '1') }} - - PAPERLESS_TIKA_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_endpoint', 'http://tika:9998') }} - - PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }} +paperless-docker-compose-env-file-present: + file.managed: + - name: /opt/docker-compose.env + - template: jinja + - source: salt://docker-compose.env - - PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect - - PAPERLESS_SOCIALACCOUNT_PROVIDERS={"key": {"value": 3}} - - PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} - - PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} +paperless-docker-compose-file-present: + file.managed: + - name: /opt/docker-compose.yml + - template: jinja + - source: salt://docker-compose.yml - - PAPERLESS_ADMIN_USER={{ salt['pillar.get']('paperless:webserver:environment:admin_user', 'admin') }} - - PAPERLESS_ADMIN_PASSWORD={{ salt['pillar.get']('paperless:webserver:environment:admin_password', 'change-me') }} - - restart: always - - networks: - - paperless-network - - binds: - - /opt/paperless/webserver/data:/usr/src/paperless/data - - /opt/paperless/webserver/media:/usr/src/paperless/media - - /opt/paperless/webserver/export:/usr/src/paperless/export - - /opt/paperless/webserver/consume:/usr/src/paperless/consume - - /etc/timezone:/etc/timezone:ro - - /etc/localtime:/etc/localtime:ro - - port_bindings: - - {{ salt['pillar.get']('paperless:webserver:ip', '127.0.0.1') }}:{{ salt['pillar.get']('paperless:webserver:port', '8000') }}:8000 +paperless-docker-compose-up: + module.run: + - dockercompose.up: + - path: /opt/docker-compose.yml From 6ce5615675edee40e7e05b8ef3d03fccb72c5909 Mon Sep 17 00:00:00 2001 From: rfl Date: Fri, 25 Oct 2024 19:52:20 +0200 Subject: [PATCH 14/33] Trying more --- paperless/init.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/paperless/init.sls b/paperless/init.sls index f99e17b..7ed21a4 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -35,6 +35,7 @@ docker-requirements: - require: - pkg: python3-pip - pkgs: + - cython<3.0.0 # - docker==6.1.3 # - docker==7.0.0 - docker==7.1.0 From f7f212c2482e87f5f77650c3000fe462fdf9d92e Mon Sep 17 00:00:00 2001 From: rfl Date: Fri, 25 Oct 2024 19:54:13 +0200 Subject: [PATCH 15/33] Trying more --- paperless/init.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/paperless/init.sls b/paperless/init.sls index 7ed21a4..b12122e 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -36,6 +36,7 @@ docker-requirements: - pkg: python3-pip - pkgs: - cython<3.0.0 + - pyyaml==6.0 # - docker==6.1.3 # - docker==7.0.0 - docker==7.1.0 From 554ce3fd3e60a8563c4cdcbe0fe7fb36f253a8eb Mon Sep 17 00:00:00 2001 From: rfl Date: Fri, 25 Oct 2024 19:58:00 +0200 Subject: [PATCH 16/33] Trying more --- paperless/init.sls | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/paperless/init.sls b/paperless/init.sls index b12122e..9322f27 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -35,8 +35,7 @@ docker-requirements: - require: - pkg: python3-pip - pkgs: - - cython<3.0.0 - - pyyaml==6.0 + - pyyaml==5.3.1 # - docker==6.1.3 # - docker==7.0.0 - docker==7.1.0 From 69ec63e19987c9497b95024900e2cddf1c49b727 Mon Sep 17 00:00:00 2001 From: rfl Date: Fri, 25 Oct 2024 20:06:53 +0200 Subject: [PATCH 17/33] Track files --- paperless/docker-compose.env | 23 +++++++++++++++++++++++ paperless/docker-compose.yml | 17 +++++++++++++++++ paperless/init.sls | 4 ++-- 3 files changed, 42 insertions(+), 2 deletions(-) create mode 100644 paperless/docker-compose.env create mode 100644 paperless/docker-compose.yml diff --git a/paperless/docker-compose.env b/paperless/docker-compose.env new file mode 100644 index 0000000..2b48bf5 --- /dev/null +++ b/paperless/docker-compose.env @@ -0,0 +1,23 @@ +USER_UID=1000 +USER_GID=1000 + +PAPERLESS_REDIS={{ salt['pillar.get']('paperless:webserver:environment:redis', 'redis://broker:6379') }} +PAPERLESS_TIKA_ENABLED={{ salt['pillar.get']('paperless:webserver:environment:tika_enabled', '1') }} +PAPERLESS_TIKA_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_endpoint', 'http://tika:9998') }} +PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }} + +PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect +PAPERLESS_SOCIALACCOUNT_PROVIDERS={"key": {"value": 3}} + +{% client_secret = salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') %} +{% set oauth_server = salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') %} +{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS_ = +{'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', +'client_id': 'paperless', 'secret': client_secret, 'settings':{'server_url': +oauth_server}}]}} | tojson %} + +PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} +PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} + +PAPERLESS_ADMIN_USER={{ salt['pillar.get']('paperless:webserver:environment:admin_user', 'admin') }} +PAPERLESS_ADMIN_PASSWORD={{ salt['pillar.get']('paperless:webserver:environment:admin_password', 'change-me') }} diff --git a/paperless/docker-compose.yml b/paperless/docker-compose.yml new file mode 100644 index 0000000..707cb15 --- /dev/null +++ b/paperless/docker-compose.yml @@ -0,0 +1,17 @@ +services: + paperless: + - image: {{ salt['pillar.get']('paperless:webserver:image:path', 'ghcr.io/paperless-ngx/paperless-ngx') }}:{{ salt['pillar.get']('paperless:webserver:image:version', '2.12') }} + - container_name: paperless + - env_file: docker-compose.env + - restart: always + - networks: + - paperless-network + - binds: + - /opt/paperless/webserver/data:/usr/src/paperless/data + - /opt/paperless/webserver/media:/usr/src/paperless/media + - /opt/paperless/webserver/export:/usr/src/paperless/export + - /opt/paperless/webserver/consume:/usr/src/paperless/consume + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + - port_bindings: + - {{ salt['pillar.get']('paperless:webserver:ip', '127.0.0.1') }}:{{ salt['pillar.get']('paperless:webserver:port', '8000') }}:8000 diff --git a/paperless/init.sls b/paperless/init.sls index 9322f27..f9ffd2c 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -106,13 +106,13 @@ paperless-docker-compose-env-file-present: file.managed: - name: /opt/docker-compose.env - template: jinja - - source: salt://docker-compose.env + - source: ./docker-compose.env paperless-docker-compose-file-present: file.managed: - name: /opt/docker-compose.yml - template: jinja - - source: salt://docker-compose.yml + - source: ./docker-compose.yml paperless-docker-compose-up: module.run: From 18590b737553b2a42f85c58e6f8854cf5bef95bc Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 16:35:17 +0100 Subject: [PATCH 18/33] Fix template file names --- paperless/{docker-compose.env => docker-compose.env.jinja} | 0 paperless/{docker-compose.yml => docker-compose.yml.jinja} | 0 paperless/init.sls | 4 ++-- 3 files changed, 2 insertions(+), 2 deletions(-) rename paperless/{docker-compose.env => docker-compose.env.jinja} (100%) rename paperless/{docker-compose.yml => docker-compose.yml.jinja} (100%) diff --git a/paperless/docker-compose.env b/paperless/docker-compose.env.jinja similarity index 100% rename from paperless/docker-compose.env rename to paperless/docker-compose.env.jinja diff --git a/paperless/docker-compose.yml b/paperless/docker-compose.yml.jinja similarity index 100% rename from paperless/docker-compose.yml rename to paperless/docker-compose.yml.jinja diff --git a/paperless/init.sls b/paperless/init.sls index f9ffd2c..9dfbc04 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -106,13 +106,13 @@ paperless-docker-compose-env-file-present: file.managed: - name: /opt/docker-compose.env - template: jinja - - source: ./docker-compose.env + - source: salt://paperless/docker-compose.env.jinja paperless-docker-compose-file-present: file.managed: - name: /opt/docker-compose.yml - template: jinja - - source: ./docker-compose.yml + - source: salt://docker-compose.yml.jinja paperless-docker-compose-up: module.run: From 6502e193fa8569a3410c9751b0f2b2f4a7800247 Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 16:49:20 +0100 Subject: [PATCH 19/33] Fix template file paths --- paperless/docker-compose.env.jinja | 10 ++++------ paperless/init.sls | 8 ++++---- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/paperless/docker-compose.env.jinja b/paperless/docker-compose.env.jinja index 2b48bf5..1929b72 100644 --- a/paperless/docker-compose.env.jinja +++ b/paperless/docker-compose.env.jinja @@ -9,12 +9,10 @@ PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:env PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect PAPERLESS_SOCIALACCOUNT_PROVIDERS={"key": {"value": 3}} -{% client_secret = salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') %} -{% set oauth_server = salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') %} -{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS_ = -{'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', -'client_id': 'paperless', 'secret': client_secret, 'settings':{'server_url': -oauth_server}}]}} | tojson %} +PAPERLESS_CLIENT_SECRET=salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') +PAPERLESS_SERVER_URL=salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') + +# PAPERLESS_SOCIALACCOUNT_PROVIDERS_={'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': $PAPERLESS_CLIENT_SECRET, 'settings':{'server_url': $PAPERLESS_SERVER_URL}}]}} PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} diff --git a/paperless/init.sls b/paperless/init.sls index 9dfbc04..20e34e9 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -104,17 +104,17 @@ tika-docker-container-running: paperless-docker-compose-env-file-present: file.managed: - - name: /opt/docker-compose.env + - name: /opt/paperless/docker-compose.env - template: jinja - source: salt://paperless/docker-compose.env.jinja paperless-docker-compose-file-present: file.managed: - - name: /opt/docker-compose.yml + - name: /opt/paperless/docker-compose.yml - template: jinja - - source: salt://docker-compose.yml.jinja + - source: salt://paperless/docker-compose.yml.jinja paperless-docker-compose-up: module.run: - dockercompose.up: - - path: /opt/docker-compose.yml + - path: /opt/paperless/docker-compose.yml From 6a9507ad101e09c38e23e778780187a28db1f173 Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 16:50:48 +0100 Subject: [PATCH 20/33] Fix jinja expression --- paperless/docker-compose.env.jinja | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/paperless/docker-compose.env.jinja b/paperless/docker-compose.env.jinja index 1929b72..73ca963 100644 --- a/paperless/docker-compose.env.jinja +++ b/paperless/docker-compose.env.jinja @@ -9,8 +9,8 @@ PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:env PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect PAPERLESS_SOCIALACCOUNT_PROVIDERS={"key": {"value": 3}} -PAPERLESS_CLIENT_SECRET=salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') -PAPERLESS_SERVER_URL=salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') +PAPERLESS_CLIENT_SECRET={{ salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') }} +PAPERLESS_SERVER_URL={{ salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') }} # PAPERLESS_SOCIALACCOUNT_PROVIDERS_={'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': $PAPERLESS_CLIENT_SECRET, 'settings':{'server_url': $PAPERLESS_SERVER_URL}}]}} From af9d01bdb96143d742e17600fbcbfce3124335a7 Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 16:55:09 +0100 Subject: [PATCH 21/33] Fix compose template file --- paperless/docker-compose.yml.jinja | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/paperless/docker-compose.yml.jinja b/paperless/docker-compose.yml.jinja index 707cb15..7853978 100644 --- a/paperless/docker-compose.yml.jinja +++ b/paperless/docker-compose.yml.jinja @@ -1,17 +1,17 @@ services: paperless: - - image: {{ salt['pillar.get']('paperless:webserver:image:path', 'ghcr.io/paperless-ngx/paperless-ngx') }}:{{ salt['pillar.get']('paperless:webserver:image:version', '2.12') }} - - container_name: paperless - - env_file: docker-compose.env - - restart: always - - networks: + image: {{ salt['pillar.get']('paperless:webserver:image:path', 'ghcr.io/paperless-ngx/paperless-ngx') }}:{{ salt['pillar.get']('paperless:webserver:image:version', '2.12') }} + container_name: paperless + env_file: docker-compose.env + restart: always + networks: - paperless-network - - binds: + binds: - /opt/paperless/webserver/data:/usr/src/paperless/data - /opt/paperless/webserver/media:/usr/src/paperless/media - /opt/paperless/webserver/export:/usr/src/paperless/export - /opt/paperless/webserver/consume:/usr/src/paperless/consume - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro - - port_bindings: + port_bindings: - {{ salt['pillar.get']('paperless:webserver:ip', '127.0.0.1') }}:{{ salt['pillar.get']('paperless:webserver:port', '8000') }}:8000 From 6be4363d7e76f16e51ed52465a793ebb49e19662 Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 16:58:23 +0100 Subject: [PATCH 22/33] Fix compose template file --- paperless/docker-compose.yml.jinja | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/paperless/docker-compose.yml.jinja b/paperless/docker-compose.yml.jinja index 7853978..87503bc 100644 --- a/paperless/docker-compose.yml.jinja +++ b/paperless/docker-compose.yml.jinja @@ -6,12 +6,12 @@ services: restart: always networks: - paperless-network - binds: + volumes: - /opt/paperless/webserver/data:/usr/src/paperless/data - /opt/paperless/webserver/media:/usr/src/paperless/media - /opt/paperless/webserver/export:/usr/src/paperless/export - /opt/paperless/webserver/consume:/usr/src/paperless/consume - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro - port_bindings: + ports: - {{ salt['pillar.get']('paperless:webserver:ip', '127.0.0.1') }}:{{ salt['pillar.get']('paperless:webserver:port', '8000') }}:8000 From c36620551d5f590289d125e9a4f5518d77774deb Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 17:15:08 +0100 Subject: [PATCH 23/33] Patch docker compose version --- paperless/docker-compose-version-fix.patch | 12 ++++++++++++ paperless/init.sls | 6 ++++++ 2 files changed, 18 insertions(+) create mode 100644 paperless/docker-compose-version-fix.patch diff --git a/paperless/docker-compose-version-fix.patch b/paperless/docker-compose-version-fix.patch new file mode 100644 index 0000000..aa16057 --- /dev/null +++ b/paperless/docker-compose-version-fix.patch @@ -0,0 +1,12 @@ +--- /usr/local/lib/python3.11/dist-packages/docker/utils/utils.py 2024-10-08 22:38:19.859988188 +0200 ++++ utils.py 2024-10-27 17:06:27.445617219 +0100 +@@ -350,7 +350,8 @@ + return device_list + + +-def kwargs_from_env(environment=None): ++def kwargs_from_env(environment=None, ssl_version=None): ++ # https://stackoverflow.com/a/77642303 + if not environment: + environment = os.environ + host = environment.get('DOCKER_HOST') diff --git a/paperless/init.sls b/paperless/init.sls index 20e34e9..355cb12 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -102,6 +102,12 @@ tika-docker-container-running: - networks: - paperless-network +# https://stackoverflow.com/a/77642303 +docker-compose-version-fix: + file.patch: + - name: /usr/local/lib/python3.11/dist-packages/docker/utils/utils.py + - source: salt://paperless/docker-compose-version-fix.patch + paperless-docker-compose-env-file-present: file.managed: - name: /opt/paperless/docker-compose.env From 280ba5cba76f076d041329722ef634dccf73f381 Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 17:32:15 +0100 Subject: [PATCH 24/33] Add docker network --- paperless/docker-compose.yml.jinja | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/paperless/docker-compose.yml.jinja b/paperless/docker-compose.yml.jinja index 87503bc..961ac1d 100644 --- a/paperless/docker-compose.yml.jinja +++ b/paperless/docker-compose.yml.jinja @@ -15,3 +15,8 @@ services: - /etc/localtime:/etc/localtime:ro ports: - {{ salt['pillar.get']('paperless:webserver:ip', '127.0.0.1') }}:{{ salt['pillar.get']('paperless:webserver:port', '8000') }}:8000 + +networks: + paperless-network: + external: + name: paperless-network From 189f80c2348ad7e37647abd934ec82ad7e108eba Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 17:43:03 +0100 Subject: [PATCH 25/33] Set env variable --- paperless/docker-compose.env.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/paperless/docker-compose.env.jinja b/paperless/docker-compose.env.jinja index 73ca963..b2429f9 100644 --- a/paperless/docker-compose.env.jinja +++ b/paperless/docker-compose.env.jinja @@ -12,7 +12,7 @@ PAPERLESS_SOCIALACCOUNT_PROVIDERS={"key": {"value": 3}} PAPERLESS_CLIENT_SECRET={{ salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') }} PAPERLESS_SERVER_URL={{ salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') }} -# PAPERLESS_SOCIALACCOUNT_PROVIDERS_={'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': $PAPERLESS_CLIENT_SECRET, 'settings':{'server_url': $PAPERLESS_SERVER_URL}}]}} +PAPERLESS_SOCIALACCOUNT_PROVIDERS_="{'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': $PAPERLESS_CLIENT_SECRET, 'settings':{'server_url': $PAPERLESS_SERVER_URL}}]}}" PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} From 3fb6d592e40ccc1a11c0e58b6fca681b54ab653d Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 17:53:21 +0100 Subject: [PATCH 26/33] Fix env variable syntax --- paperless/docker-compose.env.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/paperless/docker-compose.env.jinja b/paperless/docker-compose.env.jinja index b2429f9..4ef00ab 100644 --- a/paperless/docker-compose.env.jinja +++ b/paperless/docker-compose.env.jinja @@ -12,7 +12,7 @@ PAPERLESS_SOCIALACCOUNT_PROVIDERS={"key": {"value": 3}} PAPERLESS_CLIENT_SECRET={{ salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') }} PAPERLESS_SERVER_URL={{ salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') }} -PAPERLESS_SOCIALACCOUNT_PROVIDERS_="{'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': $PAPERLESS_CLIENT_SECRET, 'settings':{'server_url': $PAPERLESS_SERVER_URL}}]}}" +PAPERLESS_SOCIALACCOUNT_PROVIDERS_="{'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': ${PAPERLESS_CLIENT_SECRET}, 'settings':{'server_url': ${PAPERLESS_SERVER_URL}}}]}}" PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} From 8fe2695baf1ed098d8aaf532446cbd3e895d8663 Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 17:56:48 +0100 Subject: [PATCH 27/33] Use correct env variable keys --- paperless/docker-compose.env.jinja | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/paperless/docker-compose.env.jinja b/paperless/docker-compose.env.jinja index 4ef00ab..24f6156 100644 --- a/paperless/docker-compose.env.jinja +++ b/paperless/docker-compose.env.jinja @@ -7,12 +7,9 @@ PAPERLESS_TIKA_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:t PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }} PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect -PAPERLESS_SOCIALACCOUNT_PROVIDERS={"key": {"value": 3}} - PAPERLESS_CLIENT_SECRET={{ salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') }} PAPERLESS_SERVER_URL={{ salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') }} - -PAPERLESS_SOCIALACCOUNT_PROVIDERS_="{'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': ${PAPERLESS_CLIENT_SECRET}, 'settings':{'server_url': ${PAPERLESS_SERVER_URL}}}]}}" +PAPERLESS_SOCIALACCOUNT_PROVIDERS="{'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': ${PAPERLESS_CLIENT_SECRET}, 'settings':{'server_url': ${PAPERLESS_SERVER_URL}}}]}}" PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} From 3fac8ddcb2a31dbe9a913c404d3f15256442bca9 Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 18:04:12 +0100 Subject: [PATCH 28/33] Add quotes --- paperless/docker-compose.env.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/paperless/docker-compose.env.jinja b/paperless/docker-compose.env.jinja index 24f6156..adc6dc7 100644 --- a/paperless/docker-compose.env.jinja +++ b/paperless/docker-compose.env.jinja @@ -9,7 +9,7 @@ PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:env PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect PAPERLESS_CLIENT_SECRET={{ salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') }} PAPERLESS_SERVER_URL={{ salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') }} -PAPERLESS_SOCIALACCOUNT_PROVIDERS="{'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': ${PAPERLESS_CLIENT_SECRET}, 'settings':{'server_url': ${PAPERLESS_SERVER_URL}}}]}}" +PAPERLESS_SOCIALACCOUNT_PROVIDERS="{'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': '${PAPERLESS_CLIENT_SECRET}', 'settings':{'server_url': '${PAPERLESS_SERVER_URL}'}}]}}" PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} From f3cde83121d68b511fdf5565442b6cc0ced5f1d0 Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 18:08:24 +0100 Subject: [PATCH 29/33] Switch to double quotes --- paperless/docker-compose.env.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/paperless/docker-compose.env.jinja b/paperless/docker-compose.env.jinja index adc6dc7..7cc3a7f 100644 --- a/paperless/docker-compose.env.jinja +++ b/paperless/docker-compose.env.jinja @@ -9,7 +9,7 @@ PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:env PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect PAPERLESS_CLIENT_SECRET={{ salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') }} PAPERLESS_SERVER_URL={{ salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') }} -PAPERLESS_SOCIALACCOUNT_PROVIDERS="{'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': '${PAPERLESS_CLIENT_SECRET}', 'settings':{'server_url': '${PAPERLESS_SERVER_URL}'}}]}}" +PAPERLESS_SOCIALACCOUNT_PROVIDERS="{\"openid_connect\":{\"APPS\":[{\"provider_id\": \"keycloak\", \"name\": \"Keycloak\", \"client_id\": \"paperless\", \"secret\": \"${PAPERLESS_CLIENT_SECRET}\", \"settings\":{\"server_url\": \"${PAPERLESS_SERVER_URL}\"}}]}}" PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} From e0ec215239b41dcfe5e1f27dc9b596310a1918c0 Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 19:35:29 +0100 Subject: [PATCH 30/33] Set paperless url --- paperless/docker-compose.env.jinja | 2 ++ 1 file changed, 2 insertions(+) diff --git a/paperless/docker-compose.env.jinja b/paperless/docker-compose.env.jinja index 7cc3a7f..ec9a133 100644 --- a/paperless/docker-compose.env.jinja +++ b/paperless/docker-compose.env.jinja @@ -16,3 +16,5 @@ PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:envir PAPERLESS_ADMIN_USER={{ salt['pillar.get']('paperless:webserver:environment:admin_user', 'admin') }} PAPERLESS_ADMIN_PASSWORD={{ salt['pillar.get']('paperless:webserver:environment:admin_password', 'change-me') }} + +PAPERLESS_URL={{ salt['pillar.get']('paperless:webserver:environment:url', 'https://paperless.flipdot.space') }} \ No newline at end of file From 4b407777421e189f3b9015086762bcaaf4ed0b8c Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 19:46:14 +0100 Subject: [PATCH 31/33] Include social auto signup config --- paperless/docker-compose.env.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/paperless/docker-compose.env.jinja b/paperless/docker-compose.env.jinja index ec9a133..f4f15e4 100644 --- a/paperless/docker-compose.env.jinja +++ b/paperless/docker-compose.env.jinja @@ -10,9 +10,9 @@ PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect PAPERLESS_CLIENT_SECRET={{ salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') }} PAPERLESS_SERVER_URL={{ salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') }} PAPERLESS_SOCIALACCOUNT_PROVIDERS="{\"openid_connect\":{\"APPS\":[{\"provider_id\": \"keycloak\", \"name\": \"Keycloak\", \"client_id\": \"paperless\", \"secret\": \"${PAPERLESS_CLIENT_SECRET}\", \"settings\":{\"server_url\": \"${PAPERLESS_SERVER_URL}\"}}]}}" - PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} +PAPERLESS_SOCIAL_AUTO_SIGNUP={{ salt['pillar.get']('paperless:webserver:environment:social_auto_signup', 'true') }} PAPERLESS_ADMIN_USER={{ salt['pillar.get']('paperless:webserver:environment:admin_user', 'admin') }} PAPERLESS_ADMIN_PASSWORD={{ salt['pillar.get']('paperless:webserver:environment:admin_password', 'change-me') }} From 7e0c9d5399cb0cdf4d1630faecf3138fb977d0b0 Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 19:57:37 +0100 Subject: [PATCH 32/33] Include account email verification config --- paperless/docker-compose.env.jinja | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/paperless/docker-compose.env.jinja b/paperless/docker-compose.env.jinja index f4f15e4..cf34f59 100644 --- a/paperless/docker-compose.env.jinja +++ b/paperless/docker-compose.env.jinja @@ -13,8 +13,9 @@ PAPERLESS_SOCIALACCOUNT_PROVIDERS="{\"openid_connect\":{\"APPS\":[{\"provider_id PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} PAPERLESS_SOCIAL_AUTO_SIGNUP={{ salt['pillar.get']('paperless:webserver:environment:social_auto_signup', 'true') }} +PAPERLESS_ACCOUNT_EMAIL_VERIFICATION={{ salt['pillar.get']('paperless:webserver:environment:account_email_verification', 'none') }} PAPERLESS_ADMIN_USER={{ salt['pillar.get']('paperless:webserver:environment:admin_user', 'admin') }} PAPERLESS_ADMIN_PASSWORD={{ salt['pillar.get']('paperless:webserver:environment:admin_password', 'change-me') }} -PAPERLESS_URL={{ salt['pillar.get']('paperless:webserver:environment:url', 'https://paperless.flipdot.space') }} \ No newline at end of file +PAPERLESS_URL={{ salt['pillar.get']('paperless:webserver:environment:url', 'https://paperless.flipdot.space') }} From 7140ebb516b770f512573c9b88b693072648898a Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 21:18:05 +0100 Subject: [PATCH 33/33] Update configs --- pillar.example | 23 +++++------------------ 1 file changed, 5 insertions(+), 18 deletions(-) diff --git a/pillar.example b/pillar.example index 4e1c7af..77f096f 100644 --- a/pillar.example +++ b/pillar.example @@ -15,30 +15,17 @@ paperless: tika_endpoint: http://tika:9998 tika_gotenberg_endpoint: http://gotenberg:3000 - # following is included here for later, uncomment in init.sls as well - - # https://docs.paperless-ngx.com/advanced_usage/#sso-and-third-party-authentication-with-paperless-ngx - # https://github.com/paperless-ngx/paperless-ngx/discussions?discussions_q=ldap - # https://github.com/paperless-ngx/paperless-ngx/discussions/498 - # https://github.com/paperless-ngx/paperless-ngx/discussions/3228 - - # Allows authentication via HTTP_REMOTE_USER which is used by some SSO applications. - # enable_http_remote_user=true - - # Allows authentication via HTTP_REMOTE_USER directly against the API - # enable_http_remote_user_api=true - # Adjust this key if you plan to make paperless available publicly. It should # be a very long sequence of random characters. You don't need to remember it. # secret_key=change-me - - # This is required if you will be exposing Paperless-ngx on a public domain - # (if doing so please consider security measures such as reverse proxy) - # url=https://paperless.flipdot.org + disable_regular_login: True + redirect_login_to_sso: True + social_auto_signup: True + account_email_verification: none admin_user: admin admin_password: change-me - + url: https://paperless.flipdot.space keycloak: client_secret: server_url: https:///realms//.well-known/openid-configuration