diff --git a/paperless/docker-compose-version-fix.patch b/paperless/docker-compose-version-fix.patch deleted file mode 100644 index aa16057..0000000 --- a/paperless/docker-compose-version-fix.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- /usr/local/lib/python3.11/dist-packages/docker/utils/utils.py 2024-10-08 22:38:19.859988188 +0200 -+++ utils.py 2024-10-27 17:06:27.445617219 +0100 -@@ -350,7 +350,8 @@ - return device_list - - --def kwargs_from_env(environment=None): -+def kwargs_from_env(environment=None, ssl_version=None): -+ # https://stackoverflow.com/a/77642303 - if not environment: - environment = os.environ - host = environment.get('DOCKER_HOST') diff --git a/paperless/docker-compose.env.jinja b/paperless/docker-compose.env.jinja deleted file mode 100644 index cf34f59..0000000 --- a/paperless/docker-compose.env.jinja +++ /dev/null @@ -1,21 +0,0 @@ -USER_UID=1000 -USER_GID=1000 - -PAPERLESS_REDIS={{ salt['pillar.get']('paperless:webserver:environment:redis', 'redis://broker:6379') }} -PAPERLESS_TIKA_ENABLED={{ salt['pillar.get']('paperless:webserver:environment:tika_enabled', '1') }} -PAPERLESS_TIKA_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_endpoint', 'http://tika:9998') }} -PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }} - -PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect -PAPERLESS_CLIENT_SECRET={{ salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') }} -PAPERLESS_SERVER_URL={{ salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') }} -PAPERLESS_SOCIALACCOUNT_PROVIDERS="{\"openid_connect\":{\"APPS\":[{\"provider_id\": \"keycloak\", \"name\": \"Keycloak\", \"client_id\": \"paperless\", \"secret\": \"${PAPERLESS_CLIENT_SECRET}\", \"settings\":{\"server_url\": \"${PAPERLESS_SERVER_URL}\"}}]}}" -PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} -PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} -PAPERLESS_SOCIAL_AUTO_SIGNUP={{ salt['pillar.get']('paperless:webserver:environment:social_auto_signup', 'true') }} -PAPERLESS_ACCOUNT_EMAIL_VERIFICATION={{ salt['pillar.get']('paperless:webserver:environment:account_email_verification', 'none') }} - -PAPERLESS_ADMIN_USER={{ salt['pillar.get']('paperless:webserver:environment:admin_user', 'admin') }} -PAPERLESS_ADMIN_PASSWORD={{ salt['pillar.get']('paperless:webserver:environment:admin_password', 'change-me') }} - -PAPERLESS_URL={{ salt['pillar.get']('paperless:webserver:environment:url', 'https://paperless.flipdot.space') }} diff --git a/paperless/docker-compose.yml.jinja b/paperless/docker-compose.yml.jinja deleted file mode 100644 index 961ac1d..0000000 --- a/paperless/docker-compose.yml.jinja +++ /dev/null @@ -1,22 +0,0 @@ -services: - paperless: - image: {{ salt['pillar.get']('paperless:webserver:image:path', 'ghcr.io/paperless-ngx/paperless-ngx') }}:{{ salt['pillar.get']('paperless:webserver:image:version', '2.12') }} - container_name: paperless - env_file: docker-compose.env - restart: always - networks: - - paperless-network - volumes: - - /opt/paperless/webserver/data:/usr/src/paperless/data - - /opt/paperless/webserver/media:/usr/src/paperless/media - - /opt/paperless/webserver/export:/usr/src/paperless/export - - /opt/paperless/webserver/consume:/usr/src/paperless/consume - - /etc/timezone:/etc/timezone:ro - - /etc/localtime:/etc/localtime:ro - ports: - - {{ salt['pillar.get']('paperless:webserver:ip', '127.0.0.1') }}:{{ salt['pillar.get']('paperless:webserver:port', '8000') }}:8000 - -networks: - paperless-network: - external: - name: paperless-network diff --git a/paperless/init.sls b/paperless/init.sls index 355cb12..ee34835 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -1,3 +1,8 @@ +# Attempt to fix json with pillar variables in variable +{% set client_secret = salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') %} +{% set oauth_server = salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') %} +{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS_ = {'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': client_secret, 'settings':{'server_url': oauth_server}}]}}|tojson%} + broker-data-directory-exists: file.directory: - name: /opt/paperless/broker @@ -35,7 +40,6 @@ docker-requirements: - require: - pkg: python3-pip - pkgs: - - pyyaml==5.3.1 # - docker==6.1.3 # - docker==7.0.0 - docker==7.1.0 @@ -43,7 +47,6 @@ docker-requirements: # - docker-py==1.10.5 # - requests<2.29.0 # - urllib3<2.0 - - docker-compose>=1.5.0 # other errors that were encountered # keyerror http+docker @@ -102,25 +105,38 @@ tika-docker-container-running: - networks: - paperless-network -# https://stackoverflow.com/a/77642303 -docker-compose-version-fix: - file.patch: - - name: /usr/local/lib/python3.11/dist-packages/docker/utils/utils.py - - source: salt://paperless/docker-compose-version-fix.patch +paperless-docker-container-running: + docker_container.running: + # The Docker setup does not use the configuration file. + # So we have to set everything through environment variables. + # see https://github.com/paperless-ngx/paperless-ngx/blob/main/docker/compose/docker-compose.env + - name: paperless + - image: {{ salt['pillar.get']('paperless:webserver:image:path', 'ghcr.io/paperless-ngx/paperless-ngx') }}:{{ salt['pillar.get']('paperless:webserver:image:version', '2.12') }} + - container_name: paperless + - environment: + - USER_UID=1000 + - USER_GID=1000 + - PAPERLESS_REDIS={{ salt['pillar.get']('paperless:webserver:environment:redis', 'redis://broker:6379') }} + - PAPERLESS_TIKA_ENABLED={{ salt['pillar.get']('paperless:webserver:environment:tika_enabled', '1') }} + - PAPERLESS_TIKA_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_endpoint', 'http://tika:9998') }} + - PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }} -paperless-docker-compose-env-file-present: - file.managed: - - name: /opt/paperless/docker-compose.env - - template: jinja - - source: salt://paperless/docker-compose.env.jinja + - PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect + - PAPERLESS_SOCIALACCOUNT_PROVIDERS={{ PAPERLESS_SOCIALACCOUNT_PROVIDERS_ }} + - PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} + - PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} -paperless-docker-compose-file-present: - file.managed: - - name: /opt/paperless/docker-compose.yml - - template: jinja - - source: salt://paperless/docker-compose.yml.jinja - -paperless-docker-compose-up: - module.run: - - dockercompose.up: - - path: /opt/paperless/docker-compose.yml + - PAPERLESS_ADMIN_USER={{ salt['pillar.get']('paperless:webserver:environment:admin_user', 'admin') }} + - PAPERLESS_ADMIN_PASSWORD={{ salt['pillar.get']('paperless:webserver:environment:admin_password', 'change-me') }} + - restart: always + - networks: + - paperless-network + - binds: + - /opt/paperless/webserver/data:/usr/src/paperless/data + - /opt/paperless/webserver/media:/usr/src/paperless/media + - /opt/paperless/webserver/export:/usr/src/paperless/export + - /opt/paperless/webserver/consume:/usr/src/paperless/consume + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + - port_bindings: + - {{ salt['pillar.get']('paperless:webserver:ip', '127.0.0.1') }}:{{ salt['pillar.get']('paperless:webserver:port', '8000') }}:8000 diff --git a/pillar.example b/pillar.example index 77f096f..4e1c7af 100644 --- a/pillar.example +++ b/pillar.example @@ -15,17 +15,30 @@ paperless: tika_endpoint: http://tika:9998 tika_gotenberg_endpoint: http://gotenberg:3000 + # following is included here for later, uncomment in init.sls as well + + # https://docs.paperless-ngx.com/advanced_usage/#sso-and-third-party-authentication-with-paperless-ngx + # https://github.com/paperless-ngx/paperless-ngx/discussions?discussions_q=ldap + # https://github.com/paperless-ngx/paperless-ngx/discussions/498 + # https://github.com/paperless-ngx/paperless-ngx/discussions/3228 + + # Allows authentication via HTTP_REMOTE_USER which is used by some SSO applications. + # enable_http_remote_user=true + + # Allows authentication via HTTP_REMOTE_USER directly against the API + # enable_http_remote_user_api=true + # Adjust this key if you plan to make paperless available publicly. It should # be a very long sequence of random characters. You don't need to remember it. # secret_key=change-me + + # This is required if you will be exposing Paperless-ngx on a public domain + # (if doing so please consider security measures such as reverse proxy) + # url=https://paperless.flipdot.org - disable_regular_login: True - redirect_login_to_sso: True - social_auto_signup: True - account_email_verification: none admin_user: admin admin_password: change-me - url: https://paperless.flipdot.space + keycloak: client_secret: server_url: https:///realms//.well-known/openid-configuration