diff --git a/paperless/docker-compose-version-fix.patch b/paperless/docker-compose-version-fix.patch new file mode 100644 index 0000000..aa16057 --- /dev/null +++ b/paperless/docker-compose-version-fix.patch @@ -0,0 +1,12 @@ +--- /usr/local/lib/python3.11/dist-packages/docker/utils/utils.py 2024-10-08 22:38:19.859988188 +0200 ++++ utils.py 2024-10-27 17:06:27.445617219 +0100 +@@ -350,7 +350,8 @@ + return device_list + + +-def kwargs_from_env(environment=None): ++def kwargs_from_env(environment=None, ssl_version=None): ++ # https://stackoverflow.com/a/77642303 + if not environment: + environment = os.environ + host = environment.get('DOCKER_HOST') diff --git a/paperless/docker-compose.env.jinja b/paperless/docker-compose.env.jinja new file mode 100644 index 0000000..cf34f59 --- /dev/null +++ b/paperless/docker-compose.env.jinja @@ -0,0 +1,21 @@ +USER_UID=1000 +USER_GID=1000 + +PAPERLESS_REDIS={{ salt['pillar.get']('paperless:webserver:environment:redis', 'redis://broker:6379') }} +PAPERLESS_TIKA_ENABLED={{ salt['pillar.get']('paperless:webserver:environment:tika_enabled', '1') }} +PAPERLESS_TIKA_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_endpoint', 'http://tika:9998') }} +PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }} + +PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect +PAPERLESS_CLIENT_SECRET={{ salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') }} +PAPERLESS_SERVER_URL={{ salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') }} +PAPERLESS_SOCIALACCOUNT_PROVIDERS="{\"openid_connect\":{\"APPS\":[{\"provider_id\": \"keycloak\", \"name\": \"Keycloak\", \"client_id\": \"paperless\", \"secret\": \"${PAPERLESS_CLIENT_SECRET}\", \"settings\":{\"server_url\": \"${PAPERLESS_SERVER_URL}\"}}]}}" +PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} +PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} +PAPERLESS_SOCIAL_AUTO_SIGNUP={{ salt['pillar.get']('paperless:webserver:environment:social_auto_signup', 'true') }} +PAPERLESS_ACCOUNT_EMAIL_VERIFICATION={{ salt['pillar.get']('paperless:webserver:environment:account_email_verification', 'none') }} + +PAPERLESS_ADMIN_USER={{ salt['pillar.get']('paperless:webserver:environment:admin_user', 'admin') }} +PAPERLESS_ADMIN_PASSWORD={{ salt['pillar.get']('paperless:webserver:environment:admin_password', 'change-me') }} + +PAPERLESS_URL={{ salt['pillar.get']('paperless:webserver:environment:url', 'https://paperless.flipdot.space') }} diff --git a/paperless/docker-compose.yml.jinja b/paperless/docker-compose.yml.jinja new file mode 100644 index 0000000..961ac1d --- /dev/null +++ b/paperless/docker-compose.yml.jinja @@ -0,0 +1,22 @@ +services: + paperless: + image: {{ salt['pillar.get']('paperless:webserver:image:path', 'ghcr.io/paperless-ngx/paperless-ngx') }}:{{ salt['pillar.get']('paperless:webserver:image:version', '2.12') }} + container_name: paperless + env_file: docker-compose.env + restart: always + networks: + - paperless-network + volumes: + - /opt/paperless/webserver/data:/usr/src/paperless/data + - /opt/paperless/webserver/media:/usr/src/paperless/media + - /opt/paperless/webserver/export:/usr/src/paperless/export + - /opt/paperless/webserver/consume:/usr/src/paperless/consume + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + ports: + - {{ salt['pillar.get']('paperless:webserver:ip', '127.0.0.1') }}:{{ salt['pillar.get']('paperless:webserver:port', '8000') }}:8000 + +networks: + paperless-network: + external: + name: paperless-network diff --git a/paperless/init.sls b/paperless/init.sls index ee34835..355cb12 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -1,8 +1,3 @@ -# Attempt to fix json with pillar variables in variable -{% set client_secret = salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') %} -{% set oauth_server = salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') %} -{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS_ = {'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': client_secret, 'settings':{'server_url': oauth_server}}]}}|tojson%} - broker-data-directory-exists: file.directory: - name: /opt/paperless/broker @@ -40,6 +35,7 @@ docker-requirements: - require: - pkg: python3-pip - pkgs: + - pyyaml==5.3.1 # - docker==6.1.3 # - docker==7.0.0 - docker==7.1.0 @@ -47,6 +43,7 @@ docker-requirements: # - docker-py==1.10.5 # - requests<2.29.0 # - urllib3<2.0 + - docker-compose>=1.5.0 # other errors that were encountered # keyerror http+docker @@ -105,38 +102,25 @@ tika-docker-container-running: - networks: - paperless-network -paperless-docker-container-running: - docker_container.running: - # The Docker setup does not use the configuration file. - # So we have to set everything through environment variables. - # see https://github.com/paperless-ngx/paperless-ngx/blob/main/docker/compose/docker-compose.env - - name: paperless - - image: {{ salt['pillar.get']('paperless:webserver:image:path', 'ghcr.io/paperless-ngx/paperless-ngx') }}:{{ salt['pillar.get']('paperless:webserver:image:version', '2.12') }} - - container_name: paperless - - environment: - - USER_UID=1000 - - USER_GID=1000 - - PAPERLESS_REDIS={{ salt['pillar.get']('paperless:webserver:environment:redis', 'redis://broker:6379') }} - - PAPERLESS_TIKA_ENABLED={{ salt['pillar.get']('paperless:webserver:environment:tika_enabled', '1') }} - - PAPERLESS_TIKA_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_endpoint', 'http://tika:9998') }} - - PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }} +# https://stackoverflow.com/a/77642303 +docker-compose-version-fix: + file.patch: + - name: /usr/local/lib/python3.11/dist-packages/docker/utils/utils.py + - source: salt://paperless/docker-compose-version-fix.patch - - PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect - - PAPERLESS_SOCIALACCOUNT_PROVIDERS={{ PAPERLESS_SOCIALACCOUNT_PROVIDERS_ }} - - PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} - - PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} +paperless-docker-compose-env-file-present: + file.managed: + - name: /opt/paperless/docker-compose.env + - template: jinja + - source: salt://paperless/docker-compose.env.jinja - - PAPERLESS_ADMIN_USER={{ salt['pillar.get']('paperless:webserver:environment:admin_user', 'admin') }} - - PAPERLESS_ADMIN_PASSWORD={{ salt['pillar.get']('paperless:webserver:environment:admin_password', 'change-me') }} - - restart: always - - networks: - - paperless-network - - binds: - - /opt/paperless/webserver/data:/usr/src/paperless/data - - /opt/paperless/webserver/media:/usr/src/paperless/media - - /opt/paperless/webserver/export:/usr/src/paperless/export - - /opt/paperless/webserver/consume:/usr/src/paperless/consume - - /etc/timezone:/etc/timezone:ro - - /etc/localtime:/etc/localtime:ro - - port_bindings: - - {{ salt['pillar.get']('paperless:webserver:ip', '127.0.0.1') }}:{{ salt['pillar.get']('paperless:webserver:port', '8000') }}:8000 +paperless-docker-compose-file-present: + file.managed: + - name: /opt/paperless/docker-compose.yml + - template: jinja + - source: salt://paperless/docker-compose.yml.jinja + +paperless-docker-compose-up: + module.run: + - dockercompose.up: + - path: /opt/paperless/docker-compose.yml diff --git a/pillar.example b/pillar.example index 4e1c7af..77f096f 100644 --- a/pillar.example +++ b/pillar.example @@ -15,30 +15,17 @@ paperless: tika_endpoint: http://tika:9998 tika_gotenberg_endpoint: http://gotenberg:3000 - # following is included here for later, uncomment in init.sls as well - - # https://docs.paperless-ngx.com/advanced_usage/#sso-and-third-party-authentication-with-paperless-ngx - # https://github.com/paperless-ngx/paperless-ngx/discussions?discussions_q=ldap - # https://github.com/paperless-ngx/paperless-ngx/discussions/498 - # https://github.com/paperless-ngx/paperless-ngx/discussions/3228 - - # Allows authentication via HTTP_REMOTE_USER which is used by some SSO applications. - # enable_http_remote_user=true - - # Allows authentication via HTTP_REMOTE_USER directly against the API - # enable_http_remote_user_api=true - # Adjust this key if you plan to make paperless available publicly. It should # be a very long sequence of random characters. You don't need to remember it. # secret_key=change-me - - # This is required if you will be exposing Paperless-ngx on a public domain - # (if doing so please consider security measures such as reverse proxy) - # url=https://paperless.flipdot.org + disable_regular_login: True + redirect_login_to_sso: True + social_auto_signup: True + account_email_verification: none admin_user: admin admin_password: change-me - + url: https://paperless.flipdot.space keycloak: client_secret: server_url: https:///realms//.well-known/openid-configuration