Update configs

paperless/docker-compose-version-fix.patch

@@ -0,0 +1,12 @@
+--- /usr/local/lib/python3.11/dist-packages/docker/utils/utils.py	2024-10-08 22:38:19.859988188 +0200
++++ utils.py	2024-10-27 17:06:27.445617219 +0100
+@@ -350,7 +350,8 @@
+     return device_list
+ 
+ 
+-def kwargs_from_env(environment=None):
++def kwargs_from_env(environment=None, ssl_version=None):
++    # https://stackoverflow.com/a/77642303
+     if not environment:
+         environment = os.environ
+     host = environment.get('DOCKER_HOST')

paperless/docker-compose.env.jinja

@@ -0,0 +1,21 @@
+USER_UID=1000
+USER_GID=1000
+
+PAPERLESS_REDIS={{ salt['pillar.get']('paperless:webserver:environment:redis', 'redis://broker:6379') }}
+PAPERLESS_TIKA_ENABLED={{ salt['pillar.get']('paperless:webserver:environment:tika_enabled', '1') }}
+PAPERLESS_TIKA_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_endpoint', 'http://tika:9998') }}
+PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }}
+
+PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect
+PAPERLESS_CLIENT_SECRET={{ salt['pillar.get']('paperless:webserver:keycloak:client_secret', '<CLIENT_SECRET>') }}
+PAPERLESS_SERVER_URL={{ salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https://<KEYCLOAK_SERVER>/realms/<REALM>/.well-known/openid-configuration') }}
+PAPERLESS_SOCIALACCOUNT_PROVIDERS="{\"openid_connect\":{\"APPS\":[{\"provider_id\": \"keycloak\", \"name\": \"Keycloak\", \"client_id\": \"paperless\", \"secret\": \"${PAPERLESS_CLIENT_SECRET}\", \"settings\":{\"server_url\": \"${PAPERLESS_SERVER_URL}\"}}]}}"
+PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }}
+PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }}
+PAPERLESS_SOCIAL_AUTO_SIGNUP={{ salt['pillar.get']('paperless:webserver:environment:social_auto_signup', 'true') }}
+PAPERLESS_ACCOUNT_EMAIL_VERIFICATION={{ salt['pillar.get']('paperless:webserver:environment:account_email_verification', 'none') }}
+
+PAPERLESS_ADMIN_USER={{ salt['pillar.get']('paperless:webserver:environment:admin_user', 'admin') }}
+PAPERLESS_ADMIN_PASSWORD={{ salt['pillar.get']('paperless:webserver:environment:admin_password', 'change-me') }}
+
+PAPERLESS_URL={{ salt['pillar.get']('paperless:webserver:environment:url', 'https://paperless.flipdot.space') }}

paperless/docker-compose.yml.jinja

@@ -0,0 +1,22 @@
+services:
+  paperless:
+    image: {{ salt['pillar.get']('paperless:webserver:image:path', 'ghcr.io/paperless-ngx/paperless-ngx') }}:{{ salt['pillar.get']('paperless:webserver:image:version', '2.12') }}
+    container_name: paperless
+    env_file: docker-compose.env
+    restart: always
+    networks:
+      - paperless-network
+    volumes:
+      - /opt/paperless/webserver/data:/usr/src/paperless/data
+      - /opt/paperless/webserver/media:/usr/src/paperless/media
+      - /opt/paperless/webserver/export:/usr/src/paperless/export
+      - /opt/paperless/webserver/consume:/usr/src/paperless/consume
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - {{ salt['pillar.get']('paperless:webserver:ip', '127.0.0.1') }}:{{ salt['pillar.get']('paperless:webserver:port', '8000') }}:8000
+
+networks:
+  paperless-network:
+    external:
+      name: paperless-network

paperless/init.sls

@@ -8,10 +8,65 @@ paperless-data-directory-exists:
     - name: /opt/paperless/webserver
     - makedirs: True
 
+python3-pip:
+  pkg.installed
+
+# https://github.com/saltstack/salt/issues/61004
+python-pip-uptodate:
+  pip.installed:
+    - require:
+      - pkg: python3-pip
+    - pkgs:
+      - pip
+    - upgrade: True
+
+# https://bugs.launchpad.net/ubuntu/+source/python-docker/+bug/2066926
+# https://packages.debian.org/source/sid/python-docker
+# does not work
+# python-docker-package:
+#   pkg.installed:
+#   - name: python3-docker
+
+# https://stackoverflow.com/a/78224409
+# https://github.com/docker/docker-py/issues/3113
+# https://github.com/saltstack/salt/issues/62689
+docker-requirements:
+  pip.installed:
+    - require:
+      - pkg: python3-pip
+    - pkgs:
+      - pyyaml==5.3.1
+      # - docker==6.1.3
+      # - docker==7.0.0
+      - docker==7.1.0
+      # - docker==5.0.3
+      # - docker-py==1.10.5
+      # - requests<2.29.0
+      # - urllib3<2.0
+      - docker-compose>=1.5.0
+
+# other errors that were encountered
+# keyerror http+docker
+# https://github.com/geerlingguy/ansible-role-docker/issues/462
+# https://github.com/docker/docker-py/issues/3279
+# unexpected keyword argument 'chunked'
+# https://github.com/saltstack/salt/issues/65526
+# 'docker.version' is not available
+# https://github.com/saltstack/salt/issues/53836
+# https://github.com/saltstack/salt/issues/54449
+# https://github.com/saltstack/salt/issues/62602
+# network is always recreated
+# https://github.com/saltstack/salt/issues/66408
+
+# otherwise it complains about scope attribute, similar to
+# https://github.com/saltstack/salt/issues/50194
+# https://github.com/saltstack/salt/issues/51009
+# but it should be possible according to docs
+# https://docs.saltproject.io/en/latest/ref/states/all/salt.states.docker_network.html#salt.states.docker_network.present
 docker-network-paperless-exists:
   docker_network.present:
     - name: paperless-network
-    - scope: local
+    # - scope: local
 
 broker-docker-container-running:
   docker_container.running:
@@ -47,37 +102,25 @@ tika-docker-container-running:
     - networks:
       - paperless-network
 
-paperless-docker-container-running:
-  docker_container.running:
-    # The Docker setup does not use the configuration file.
-    # So we have to set everything through environment variables.
-    # see https://github.com/paperless-ngx/paperless-ngx/blob/main/docker/compose/docker-compose.env
-    - name: paperless
-    - image: {{ salt['pillar.get']('paperless:webserver:image:path', 'ghcr.io/paperless-ngx/paperless-ngx') }}:{{ salt['pillar.get']('paperless:webserver:image:version', '2.12') }}
-    - container_name: paperless
-    - environment:
-      - USER_UID=1000
-      - USER_GID=1000
-      - PAPERLESS_REDIS={{ salt['pillar.get']('paperless:webserver:environment:redis', 'redis://broker:6379') }}
-      - PAPERLESS_TIKA_ENABLED={{ salt['pillar.get']('paperless:webserver:environment:tika_enabled', '1') }}
-      - PAPERLESS_TIKA_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_endpoint', 'http://tika:9998') }}
-      - PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }}
+# https://stackoverflow.com/a/77642303
+docker-compose-version-fix:
+  file.patch:
+    - name: /usr/local/lib/python3.11/dist-packages/docker/utils/utils.py
+    - source: salt://paperless/docker-compose-version-fix.patch
 
-      # - PAPERLESS_ENABLE_HTTP_REMOTE_USER={{ salt['pillar.get']('', 'false') }}
-      # - PAPERLESS_ENABLE_HTTP_REMOTE_USER_API={{ salt['pillar.get']('', 'false') }}
-      # - PAPERLESS_SECRET_KEY={{ salt['pillar.get']('paperless:webserver:environment:secret_key', 'change-me') }}
-      # - PAPERLESS_URL={{ salt['pillar.get']('paperless:webserver:environment:url', 'https://paperless.flipdot.org') }}
-    - restart: always
-    - networks:
-      - paperless-network
-    - extra_hosts:
-      - ldap.flipdot.space:192.168.3.233
-    - binds:
-      - /opt/paperless/webserver/data:/usr/src/paperless/data
-      - /opt/paperless/webserver/media:/usr/src/paperless/media
-      - /opt/paperless/webserver/export:/usr/src/paperless/export
-      - /opt/paperless/webserver/consume:/usr/src/paperless/consume
-      - /etc/timezone:/etc/timezone:ro
-      - /etc/localtime:/etc/localtime:ro
-    - port_bindings:
-      - {{ salt['pillar.get']('paperless:webserver:ip', '127.0.0.1') }}:{{ salt['pillar.get']('paperless:webserver:port', '8000') }}:8000
+paperless-docker-compose-env-file-present:
+  file.managed:
+    - name: /opt/paperless/docker-compose.env
+    - template: jinja
+    - source: salt://paperless/docker-compose.env.jinja
+
+paperless-docker-compose-file-present:
+  file.managed:
+    - name: /opt/paperless/docker-compose.yml
+    - template: jinja
+    - source: salt://paperless/docker-compose.yml.jinja
+
+paperless-docker-compose-up:
+  module.run:
+    - dockercompose.up:
+      - path: /opt/paperless/docker-compose.yml

pillar.example

@@ -15,27 +15,20 @@ paperless:
       tika_endpoint: http://tika:9998
       tika_gotenberg_endpoint: http://gotenberg:3000
 
-      # following is included here for later, uncomment in init.sls as well
-
-      # https://docs.paperless-ngx.com/advanced_usage/#sso-and-third-party-authentication-with-paperless-ngx
-      # https://github.com/paperless-ngx/paperless-ngx/discussions?discussions_q=ldap
-      # https://github.com/paperless-ngx/paperless-ngx/discussions/498
-      # https://github.com/paperless-ngx/paperless-ngx/discussions/3228
-
-      # Allows authentication via HTTP_REMOTE_USER which is used by some SSO applications.
-      # enable_http_remote_user=true
-
-      # Allows authentication via HTTP_REMOTE_USER directly against the API
-      # enable_http_remote_user_api=true
-
       # Adjust this key if you plan to make paperless available publicly. It should
       # be a very long sequence of random characters. You don't need to remember it.
       # secret_key=change-me
 
-      # This is required if you will be exposing Paperless-ngx on a public domain
-      # (if doing so please consider security measures such as reverse proxy)
-      # url=https://paperless.flipdot.org
-
+      disable_regular_login: True
+      redirect_login_to_sso: True
+      social_auto_signup: True
+      account_email_verification: none
+      admin_user: admin
+      admin_password: change-me
+      url: https://paperless.flipdot.space
+    keycloak:
+      client_secret: <CLIENT_SECRET>
+      server_url: https://<KEYCLOAK_SERVER>/realms/<REALM>/.well-known/openid-configuration
   gotenberg:
     image:
       path: docker.io/gotenberg/gotenberg