Compare commits
35 commits
4cf8c5c7d4
...
7140ebb516
Author | SHA1 | Date | |
---|---|---|---|
7140ebb516 | |||
7e0c9d5399 | |||
4b40777742 | |||
e0ec215239 | |||
f3cde83121 | |||
3fac8ddcb2 | |||
8fe2695baf | |||
3fb6d592e4 | |||
189f80c234 | |||
280ba5cba7 | |||
c36620551d | |||
6be4363d7e | |||
af9d01bdb9 | |||
6a9507ad10 | |||
6502e193fa | |||
18590b7375 | |||
69ec63e199 | |||
554ce3fd3e | |||
f7f212c248 | |||
6ce5615675 | |||
55f5572288 | |||
0ae52b462a | |||
2d6092cc4d | |||
|
71306a2cd1 | ||
|
1d43361c72 | ||
|
3a9f812be1 | ||
|
3722602203 | ||
|
bfbaf515c2 | ||
|
1d495e1798 | ||
|
36f9d091e4 | ||
|
a958f1abd7 | ||
0909683e87 | |||
c54c629b5c | |||
cef3f9a5e4 | |||
|
f942614e99 |
5 changed files with 138 additions and 53 deletions
12
paperless/docker-compose-version-fix.patch
Normal file
12
paperless/docker-compose-version-fix.patch
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
--- /usr/local/lib/python3.11/dist-packages/docker/utils/utils.py 2024-10-08 22:38:19.859988188 +0200
|
||||||
|
+++ utils.py 2024-10-27 17:06:27.445617219 +0100
|
||||||
|
@@ -350,7 +350,8 @@
|
||||||
|
return device_list
|
||||||
|
|
||||||
|
|
||||||
|
-def kwargs_from_env(environment=None):
|
||||||
|
+def kwargs_from_env(environment=None, ssl_version=None):
|
||||||
|
+ # https://stackoverflow.com/a/77642303
|
||||||
|
if not environment:
|
||||||
|
environment = os.environ
|
||||||
|
host = environment.get('DOCKER_HOST')
|
21
paperless/docker-compose.env.jinja
Normal file
21
paperless/docker-compose.env.jinja
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
USER_UID=1000
|
||||||
|
USER_GID=1000
|
||||||
|
|
||||||
|
PAPERLESS_REDIS={{ salt['pillar.get']('paperless:webserver:environment:redis', 'redis://broker:6379') }}
|
||||||
|
PAPERLESS_TIKA_ENABLED={{ salt['pillar.get']('paperless:webserver:environment:tika_enabled', '1') }}
|
||||||
|
PAPERLESS_TIKA_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_endpoint', 'http://tika:9998') }}
|
||||||
|
PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }}
|
||||||
|
|
||||||
|
PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect
|
||||||
|
PAPERLESS_CLIENT_SECRET={{ salt['pillar.get']('paperless:webserver:keycloak:client_secret', '<CLIENT_SECRET>') }}
|
||||||
|
PAPERLESS_SERVER_URL={{ salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https://<KEYCLOAK_SERVER>/realms/<REALM>/.well-known/openid-configuration') }}
|
||||||
|
PAPERLESS_SOCIALACCOUNT_PROVIDERS="{\"openid_connect\":{\"APPS\":[{\"provider_id\": \"keycloak\", \"name\": \"Keycloak\", \"client_id\": \"paperless\", \"secret\": \"${PAPERLESS_CLIENT_SECRET}\", \"settings\":{\"server_url\": \"${PAPERLESS_SERVER_URL}\"}}]}}"
|
||||||
|
PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }}
|
||||||
|
PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }}
|
||||||
|
PAPERLESS_SOCIAL_AUTO_SIGNUP={{ salt['pillar.get']('paperless:webserver:environment:social_auto_signup', 'true') }}
|
||||||
|
PAPERLESS_ACCOUNT_EMAIL_VERIFICATION={{ salt['pillar.get']('paperless:webserver:environment:account_email_verification', 'none') }}
|
||||||
|
|
||||||
|
PAPERLESS_ADMIN_USER={{ salt['pillar.get']('paperless:webserver:environment:admin_user', 'admin') }}
|
||||||
|
PAPERLESS_ADMIN_PASSWORD={{ salt['pillar.get']('paperless:webserver:environment:admin_password', 'change-me') }}
|
||||||
|
|
||||||
|
PAPERLESS_URL={{ salt['pillar.get']('paperless:webserver:environment:url', 'https://paperless.flipdot.space') }}
|
22
paperless/docker-compose.yml.jinja
Normal file
22
paperless/docker-compose.yml.jinja
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
services:
|
||||||
|
paperless:
|
||||||
|
image: {{ salt['pillar.get']('paperless:webserver:image:path', 'ghcr.io/paperless-ngx/paperless-ngx') }}:{{ salt['pillar.get']('paperless:webserver:image:version', '2.12') }}
|
||||||
|
container_name: paperless
|
||||||
|
env_file: docker-compose.env
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
- paperless-network
|
||||||
|
volumes:
|
||||||
|
- /opt/paperless/webserver/data:/usr/src/paperless/data
|
||||||
|
- /opt/paperless/webserver/media:/usr/src/paperless/media
|
||||||
|
- /opt/paperless/webserver/export:/usr/src/paperless/export
|
||||||
|
- /opt/paperless/webserver/consume:/usr/src/paperless/consume
|
||||||
|
- /etc/timezone:/etc/timezone:ro
|
||||||
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
ports:
|
||||||
|
- {{ salt['pillar.get']('paperless:webserver:ip', '127.0.0.1') }}:{{ salt['pillar.get']('paperless:webserver:port', '8000') }}:8000
|
||||||
|
|
||||||
|
networks:
|
||||||
|
paperless-network:
|
||||||
|
external:
|
||||||
|
name: paperless-network
|
|
@ -8,10 +8,65 @@ paperless-data-directory-exists:
|
||||||
- name: /opt/paperless/webserver
|
- name: /opt/paperless/webserver
|
||||||
- makedirs: True
|
- makedirs: True
|
||||||
|
|
||||||
|
python3-pip:
|
||||||
|
pkg.installed
|
||||||
|
|
||||||
|
# https://github.com/saltstack/salt/issues/61004
|
||||||
|
python-pip-uptodate:
|
||||||
|
pip.installed:
|
||||||
|
- require:
|
||||||
|
- pkg: python3-pip
|
||||||
|
- pkgs:
|
||||||
|
- pip
|
||||||
|
- upgrade: True
|
||||||
|
|
||||||
|
# https://bugs.launchpad.net/ubuntu/+source/python-docker/+bug/2066926
|
||||||
|
# https://packages.debian.org/source/sid/python-docker
|
||||||
|
# does not work
|
||||||
|
# python-docker-package:
|
||||||
|
# pkg.installed:
|
||||||
|
# - name: python3-docker
|
||||||
|
|
||||||
|
# https://stackoverflow.com/a/78224409
|
||||||
|
# https://github.com/docker/docker-py/issues/3113
|
||||||
|
# https://github.com/saltstack/salt/issues/62689
|
||||||
|
docker-requirements:
|
||||||
|
pip.installed:
|
||||||
|
- require:
|
||||||
|
- pkg: python3-pip
|
||||||
|
- pkgs:
|
||||||
|
- pyyaml==5.3.1
|
||||||
|
# - docker==6.1.3
|
||||||
|
# - docker==7.0.0
|
||||||
|
- docker==7.1.0
|
||||||
|
# - docker==5.0.3
|
||||||
|
# - docker-py==1.10.5
|
||||||
|
# - requests<2.29.0
|
||||||
|
# - urllib3<2.0
|
||||||
|
- docker-compose>=1.5.0
|
||||||
|
|
||||||
|
# other errors that were encountered
|
||||||
|
# keyerror http+docker
|
||||||
|
# https://github.com/geerlingguy/ansible-role-docker/issues/462
|
||||||
|
# https://github.com/docker/docker-py/issues/3279
|
||||||
|
# unexpected keyword argument 'chunked'
|
||||||
|
# https://github.com/saltstack/salt/issues/65526
|
||||||
|
# 'docker.version' is not available
|
||||||
|
# https://github.com/saltstack/salt/issues/53836
|
||||||
|
# https://github.com/saltstack/salt/issues/54449
|
||||||
|
# https://github.com/saltstack/salt/issues/62602
|
||||||
|
# network is always recreated
|
||||||
|
# https://github.com/saltstack/salt/issues/66408
|
||||||
|
|
||||||
|
# otherwise it complains about scope attribute, similar to
|
||||||
|
# https://github.com/saltstack/salt/issues/50194
|
||||||
|
# https://github.com/saltstack/salt/issues/51009
|
||||||
|
# but it should be possible according to docs
|
||||||
|
# https://docs.saltproject.io/en/latest/ref/states/all/salt.states.docker_network.html#salt.states.docker_network.present
|
||||||
docker-network-paperless-exists:
|
docker-network-paperless-exists:
|
||||||
docker_network.present:
|
docker_network.present:
|
||||||
- name: paperless-network
|
- name: paperless-network
|
||||||
- scope: local
|
# - scope: local
|
||||||
|
|
||||||
broker-docker-container-running:
|
broker-docker-container-running:
|
||||||
docker_container.running:
|
docker_container.running:
|
||||||
|
@ -47,40 +102,25 @@ tika-docker-container-running:
|
||||||
- networks:
|
- networks:
|
||||||
- paperless-network
|
- paperless-network
|
||||||
|
|
||||||
paperless-docker-container-running:
|
# https://stackoverflow.com/a/77642303
|
||||||
docker_container.running:
|
docker-compose-version-fix:
|
||||||
# The Docker setup does not use the configuration file.
|
file.patch:
|
||||||
# So we have to set everything through environment variables.
|
- name: /usr/local/lib/python3.11/dist-packages/docker/utils/utils.py
|
||||||
# see https://github.com/paperless-ngx/paperless-ngx/blob/main/docker/compose/docker-compose.env
|
- source: salt://paperless/docker-compose-version-fix.patch
|
||||||
- name: paperless
|
|
||||||
- image: {{ salt['pillar.get']('paperless:webserver:image:path', 'ghcr.io/paperless-ngx/paperless-ngx') }}:{{ salt['pillar.get']('paperless:webserver:image:version', '2.12') }}
|
|
||||||
- container_name: paperless
|
|
||||||
- environment:
|
|
||||||
- USER_UID=1000
|
|
||||||
- USER_GID=1000
|
|
||||||
- PAPERLESS_REDIS={{ salt['pillar.get']('paperless:webserver:environment:redis', 'redis://broker:6379') }}
|
|
||||||
- PAPERLESS_TIKA_ENABLED={{ salt['pillar.get']('paperless:webserver:environment:tika_enabled', '1') }}
|
|
||||||
- PAPERLESS_TIKA_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_endpoint', 'http://tika:9998') }}
|
|
||||||
- PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }}
|
|
||||||
|
|
||||||
# - PAPERLESS_ENABLE_HTTP_REMOTE_USER={{ salt['pillar.get']('', 'false') }}
|
paperless-docker-compose-env-file-present:
|
||||||
# - PAPERLESS_ENABLE_HTTP_REMOTE_USER_API={{ salt['pillar.get']('', 'false') }}
|
file.managed:
|
||||||
# - PAPERLESS_SECRET_KEY={{ salt['pillar.get']('paperless:webserver:environment:secret_key', 'change-me') }}
|
- name: /opt/paperless/docker-compose.env
|
||||||
# - PAPERLESS_URL={{ salt['pillar.get']('paperless:webserver:environment:url', 'https://paperless.flipdot.org') }}
|
- template: jinja
|
||||||
|
- source: salt://paperless/docker-compose.env.jinja
|
||||||
|
|
||||||
- PAPERLESS_APPS="allauth.socialaccount.providers.openid_connect"
|
paperless-docker-compose-file-present:
|
||||||
- PAPERLESS_SOCIALACCOUNT_PROVIDERS='{"openid_connect": {"APPS": [{"provider_id": "keycloak", "name": "Keycloak", "client_id": "paperless", "secret": {{ salt['pillar.get']('paperless:webserver:keycloak:client_secret', '<CLIENT_SECRET>') }}, "settings": {"server_url": {{ salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https://<KEYCLOAK_SERVER>/realms/<REALM>/.well-known/openid-configuration') }} }}]}}'
|
file.managed:
|
||||||
- restart: always
|
- name: /opt/paperless/docker-compose.yml
|
||||||
- networks:
|
- template: jinja
|
||||||
- paperless-network
|
- source: salt://paperless/docker-compose.yml.jinja
|
||||||
- extra_hosts:
|
|
||||||
- ldap.flipdot.space:192.168.3.233
|
paperless-docker-compose-up:
|
||||||
- binds:
|
module.run:
|
||||||
- /opt/paperless/webserver/data:/usr/src/paperless/data
|
- dockercompose.up:
|
||||||
- /opt/paperless/webserver/media:/usr/src/paperless/media
|
- path: /opt/paperless/docker-compose.yml
|
||||||
- /opt/paperless/webserver/export:/usr/src/paperless/export
|
|
||||||
- /opt/paperless/webserver/consume:/usr/src/paperless/consume
|
|
||||||
- /etc/timezone:/etc/timezone:ro
|
|
||||||
- /etc/localtime:/etc/localtime:ro
|
|
||||||
- port_bindings:
|
|
||||||
- {{ salt['pillar.get']('paperless:webserver:ip', '127.0.0.1') }}:{{ salt['pillar.get']('paperless:webserver:port', '8000') }}:8000
|
|
||||||
|
|
|
@ -15,27 +15,17 @@ paperless:
|
||||||
tika_endpoint: http://tika:9998
|
tika_endpoint: http://tika:9998
|
||||||
tika_gotenberg_endpoint: http://gotenberg:3000
|
tika_gotenberg_endpoint: http://gotenberg:3000
|
||||||
|
|
||||||
# following is included here for later, uncomment in init.sls as well
|
|
||||||
|
|
||||||
# https://docs.paperless-ngx.com/advanced_usage/#sso-and-third-party-authentication-with-paperless-ngx
|
|
||||||
# https://github.com/paperless-ngx/paperless-ngx/discussions?discussions_q=ldap
|
|
||||||
# https://github.com/paperless-ngx/paperless-ngx/discussions/498
|
|
||||||
# https://github.com/paperless-ngx/paperless-ngx/discussions/3228
|
|
||||||
|
|
||||||
# Allows authentication via HTTP_REMOTE_USER which is used by some SSO applications.
|
|
||||||
# enable_http_remote_user=true
|
|
||||||
|
|
||||||
# Allows authentication via HTTP_REMOTE_USER directly against the API
|
|
||||||
# enable_http_remote_user_api=true
|
|
||||||
|
|
||||||
# Adjust this key if you plan to make paperless available publicly. It should
|
# Adjust this key if you plan to make paperless available publicly. It should
|
||||||
# be a very long sequence of random characters. You don't need to remember it.
|
# be a very long sequence of random characters. You don't need to remember it.
|
||||||
# secret_key=change-me
|
# secret_key=change-me
|
||||||
|
|
||||||
# This is required if you will be exposing Paperless-ngx on a public domain
|
disable_regular_login: True
|
||||||
# (if doing so please consider security measures such as reverse proxy)
|
redirect_login_to_sso: True
|
||||||
# url=https://paperless.flipdot.org
|
social_auto_signup: True
|
||||||
|
account_email_verification: none
|
||||||
|
admin_user: admin
|
||||||
|
admin_password: change-me
|
||||||
|
url: https://paperless.flipdot.space
|
||||||
keycloak:
|
keycloak:
|
||||||
client_secret: <CLIENT_SECRET>
|
client_secret: <CLIENT_SECRET>
|
||||||
server_url: https://<KEYCLOAK_SERVER>/realms/<REALM>/.well-known/openid-configuration
|
server_url: https://<KEYCLOAK_SERVER>/realms/<REALM>/.well-known/openid-configuration
|
||||||
|
|
Loading…
Reference in a new issue