diff --git a/paperless/docker-compose-version-fix.patch b/paperless/docker-compose-version-fix.patch deleted file mode 100644 index aa16057..0000000 --- a/paperless/docker-compose-version-fix.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- /usr/local/lib/python3.11/dist-packages/docker/utils/utils.py 2024-10-08 22:38:19.859988188 +0200 -+++ utils.py 2024-10-27 17:06:27.445617219 +0100 -@@ -350,7 +350,8 @@ - return device_list - - --def kwargs_from_env(environment=None): -+def kwargs_from_env(environment=None, ssl_version=None): -+ # https://stackoverflow.com/a/77642303 - if not environment: - environment = os.environ - host = environment.get('DOCKER_HOST') diff --git a/paperless/docker-compose.env.jinja b/paperless/docker-compose.env.jinja deleted file mode 100644 index cf34f59..0000000 --- a/paperless/docker-compose.env.jinja +++ /dev/null @@ -1,21 +0,0 @@ -USER_UID=1000 -USER_GID=1000 - -PAPERLESS_REDIS={{ salt['pillar.get']('paperless:webserver:environment:redis', 'redis://broker:6379') }} -PAPERLESS_TIKA_ENABLED={{ salt['pillar.get']('paperless:webserver:environment:tika_enabled', '1') }} -PAPERLESS_TIKA_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_endpoint', 'http://tika:9998') }} -PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }} - -PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect -PAPERLESS_CLIENT_SECRET={{ salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') }} -PAPERLESS_SERVER_URL={{ salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') }} -PAPERLESS_SOCIALACCOUNT_PROVIDERS="{\"openid_connect\":{\"APPS\":[{\"provider_id\": \"keycloak\", \"name\": \"Keycloak\", \"client_id\": \"paperless\", \"secret\": \"${PAPERLESS_CLIENT_SECRET}\", \"settings\":{\"server_url\": \"${PAPERLESS_SERVER_URL}\"}}]}}" -PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} -PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} -PAPERLESS_SOCIAL_AUTO_SIGNUP={{ salt['pillar.get']('paperless:webserver:environment:social_auto_signup', 'true') }} -PAPERLESS_ACCOUNT_EMAIL_VERIFICATION={{ salt['pillar.get']('paperless:webserver:environment:account_email_verification', 'none') }} - -PAPERLESS_ADMIN_USER={{ salt['pillar.get']('paperless:webserver:environment:admin_user', 'admin') }} -PAPERLESS_ADMIN_PASSWORD={{ salt['pillar.get']('paperless:webserver:environment:admin_password', 'change-me') }} - -PAPERLESS_URL={{ salt['pillar.get']('paperless:webserver:environment:url', 'https://paperless.flipdot.space') }} diff --git a/paperless/docker-compose.yml.jinja b/paperless/docker-compose.yml.jinja deleted file mode 100644 index 961ac1d..0000000 --- a/paperless/docker-compose.yml.jinja +++ /dev/null @@ -1,22 +0,0 @@ -services: - paperless: - image: {{ salt['pillar.get']('paperless:webserver:image:path', 'ghcr.io/paperless-ngx/paperless-ngx') }}:{{ salt['pillar.get']('paperless:webserver:image:version', '2.12') }} - container_name: paperless - env_file: docker-compose.env - restart: always - networks: - - paperless-network - volumes: - - /opt/paperless/webserver/data:/usr/src/paperless/data - - /opt/paperless/webserver/media:/usr/src/paperless/media - - /opt/paperless/webserver/export:/usr/src/paperless/export - - /opt/paperless/webserver/consume:/usr/src/paperless/consume - - /etc/timezone:/etc/timezone:ro - - /etc/localtime:/etc/localtime:ro - ports: - - {{ salt['pillar.get']('paperless:webserver:ip', '127.0.0.1') }}:{{ salt['pillar.get']('paperless:webserver:port', '8000') }}:8000 - -networks: - paperless-network: - external: - name: paperless-network diff --git a/paperless/init.sls b/paperless/init.sls index 355cb12..3c193e7 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -8,65 +8,10 @@ paperless-data-directory-exists: - name: /opt/paperless/webserver - makedirs: True -python3-pip: - pkg.installed - -# https://github.com/saltstack/salt/issues/61004 -python-pip-uptodate: - pip.installed: - - require: - - pkg: python3-pip - - pkgs: - - pip - - upgrade: True - -# https://bugs.launchpad.net/ubuntu/+source/python-docker/+bug/2066926 -# https://packages.debian.org/source/sid/python-docker -# does not work -# python-docker-package: -# pkg.installed: -# - name: python3-docker - -# https://stackoverflow.com/a/78224409 -# https://github.com/docker/docker-py/issues/3113 -# https://github.com/saltstack/salt/issues/62689 -docker-requirements: - pip.installed: - - require: - - pkg: python3-pip - - pkgs: - - pyyaml==5.3.1 - # - docker==6.1.3 - # - docker==7.0.0 - - docker==7.1.0 - # - docker==5.0.3 - # - docker-py==1.10.5 - # - requests<2.29.0 - # - urllib3<2.0 - - docker-compose>=1.5.0 - -# other errors that were encountered -# keyerror http+docker -# https://github.com/geerlingguy/ansible-role-docker/issues/462 -# https://github.com/docker/docker-py/issues/3279 -# unexpected keyword argument 'chunked' -# https://github.com/saltstack/salt/issues/65526 -# 'docker.version' is not available -# https://github.com/saltstack/salt/issues/53836 -# https://github.com/saltstack/salt/issues/54449 -# https://github.com/saltstack/salt/issues/62602 -# network is always recreated -# https://github.com/saltstack/salt/issues/66408 - -# otherwise it complains about scope attribute, similar to -# https://github.com/saltstack/salt/issues/50194 -# https://github.com/saltstack/salt/issues/51009 -# but it should be possible according to docs -# https://docs.saltproject.io/en/latest/ref/states/all/salt.states.docker_network.html#salt.states.docker_network.present docker-network-paperless-exists: docker_network.present: - name: paperless-network - # - scope: local + - scope: local broker-docker-container-running: docker_container.running: @@ -102,25 +47,37 @@ tika-docker-container-running: - networks: - paperless-network -# https://stackoverflow.com/a/77642303 -docker-compose-version-fix: - file.patch: - - name: /usr/local/lib/python3.11/dist-packages/docker/utils/utils.py - - source: salt://paperless/docker-compose-version-fix.patch +paperless-docker-container-running: + docker_container.running: + # The Docker setup does not use the configuration file. + # So we have to set everything through environment variables. + # see https://github.com/paperless-ngx/paperless-ngx/blob/main/docker/compose/docker-compose.env + - name: paperless + - image: {{ salt['pillar.get']('paperless:webserver:image:path', 'ghcr.io/paperless-ngx/paperless-ngx') }}:{{ salt['pillar.get']('paperless:webserver:image:version', '2.12') }} + - container_name: paperless + - environment: + - USER_UID=1000 + - USER_GID=1000 + - PAPERLESS_REDIS={{ salt['pillar.get']('paperless:webserver:environment:redis', 'redis://broker:6379') }} + - PAPERLESS_TIKA_ENABLED={{ salt['pillar.get']('paperless:webserver:environment:tika_enabled', '1') }} + - PAPERLESS_TIKA_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_endpoint', 'http://tika:9998') }} + - PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }} -paperless-docker-compose-env-file-present: - file.managed: - - name: /opt/paperless/docker-compose.env - - template: jinja - - source: salt://paperless/docker-compose.env.jinja - -paperless-docker-compose-file-present: - file.managed: - - name: /opt/paperless/docker-compose.yml - - template: jinja - - source: salt://paperless/docker-compose.yml.jinja - -paperless-docker-compose-up: - module.run: - - dockercompose.up: - - path: /opt/paperless/docker-compose.yml + # - PAPERLESS_ENABLE_HTTP_REMOTE_USER={{ salt['pillar.get']('', 'false') }} + # - PAPERLESS_ENABLE_HTTP_REMOTE_USER_API={{ salt['pillar.get']('', 'false') }} + # - PAPERLESS_SECRET_KEY={{ salt['pillar.get']('paperless:webserver:environment:secret_key', 'change-me') }} + # - PAPERLESS_URL={{ salt['pillar.get']('paperless:webserver:environment:url', 'https://paperless.flipdot.org') }} + - restart: always + - networks: + - paperless-network + - extra_hosts: + - ldap.flipdot.space:192.168.3.233 + - binds: + - /opt/paperless/webserver/data:/usr/src/paperless/data + - /opt/paperless/webserver/media:/usr/src/paperless/media + - /opt/paperless/webserver/export:/usr/src/paperless/export + - /opt/paperless/webserver/consume:/usr/src/paperless/consume + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + - port_bindings: + - {{ salt['pillar.get']('paperless:webserver:ip', '127.0.0.1') }}:{{ salt['pillar.get']('paperless:webserver:port', '8000') }}:8000 diff --git a/pillar.example b/pillar.example index 77f096f..ea278a4 100644 --- a/pillar.example +++ b/pillar.example @@ -15,20 +15,27 @@ paperless: tika_endpoint: http://tika:9998 tika_gotenberg_endpoint: http://gotenberg:3000 + # following is included here for later, uncomment in init.sls as well + + # https://docs.paperless-ngx.com/advanced_usage/#sso-and-third-party-authentication-with-paperless-ngx + # https://github.com/paperless-ngx/paperless-ngx/discussions?discussions_q=ldap + # https://github.com/paperless-ngx/paperless-ngx/discussions/498 + # https://github.com/paperless-ngx/paperless-ngx/discussions/3228 + + # Allows authentication via HTTP_REMOTE_USER which is used by some SSO applications. + # enable_http_remote_user=true + + # Allows authentication via HTTP_REMOTE_USER directly against the API + # enable_http_remote_user_api=true + # Adjust this key if you plan to make paperless available publicly. It should # be a very long sequence of random characters. You don't need to remember it. # secret_key=change-me + + # This is required if you will be exposing Paperless-ngx on a public domain + # (if doing so please consider security measures such as reverse proxy) + # url=https://paperless.flipdot.org - disable_regular_login: True - redirect_login_to_sso: True - social_auto_signup: True - account_email_verification: none - admin_user: admin - admin_password: change-me - url: https://paperless.flipdot.space - keycloak: - client_secret: - server_url: https:///realms//.well-known/openid-configuration gotenberg: image: path: docker.io/gotenberg/gotenberg