From 2d6092cc4d2f7c48a428a443863d896f76983af0 Mon Sep 17 00:00:00 2001 From: rfl Date: Fri, 25 Oct 2024 17:56:17 +0200 Subject: [PATCH 01/23] ffs --- paperless/init.sls | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/paperless/init.sls b/paperless/init.sls index ee34835..b02e1ee 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -1,7 +1,11 @@ # Attempt to fix json with pillar variables in variable {% set client_secret = salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') %} {% set oauth_server = salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') %} -{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS_ = {'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': client_secret, 'settings':{'server_url': oauth_server}}]}}|tojson%} +{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS_ = {'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', + 'secret': client_secret, + 'settings':{'server_url': + oauth_server}}]}} | +tojson %} broker-data-directory-exists: file.directory: From 0ae52b462a62450675deff6fd571e1a89e145313 Mon Sep 17 00:00:00 2001 From: rfl Date: Fri, 25 Oct 2024 17:57:21 +0200 Subject: [PATCH 02/23] ffs --- paperless/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/paperless/init.sls b/paperless/init.sls index b02e1ee..3c18919 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -126,7 +126,7 @@ paperless-docker-container-running: - PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }} - PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect - - PAPERLESS_SOCIALACCOUNT_PROVIDERS={{ PAPERLESS_SOCIALACCOUNT_PROVIDERS_ }} + - PAPERLESS_SOCIALACCOUNT_PROVIDERS={"key": {"value": 3}} - PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} - PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} From 55f55722883ab899cf1ea97be9c35915d3a8ecdc Mon Sep 17 00:00:00 2001 From: rfl Date: Fri, 25 Oct 2024 19:48:03 +0200 Subject: [PATCH 03/23] Trying out docker-compose state --- paperless/init.sls | 57 ++++++++++++---------------------------------- 1 file changed, 15 insertions(+), 42 deletions(-) diff --git a/paperless/init.sls b/paperless/init.sls index 3c18919..f99e17b 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -1,12 +1,3 @@ -# Attempt to fix json with pillar variables in variable -{% set client_secret = salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') %} -{% set oauth_server = salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') %} -{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS_ = {'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', - 'secret': client_secret, - 'settings':{'server_url': - oauth_server}}]}} | -tojson %} - broker-data-directory-exists: file.directory: - name: /opt/paperless/broker @@ -51,6 +42,7 @@ docker-requirements: # - docker-py==1.10.5 # - requests<2.29.0 # - urllib3<2.0 + - docker-compose>=1.5.0 # other errors that were encountered # keyerror http+docker @@ -109,38 +101,19 @@ tika-docker-container-running: - networks: - paperless-network -paperless-docker-container-running: - docker_container.running: - # The Docker setup does not use the configuration file. - # So we have to set everything through environment variables. - # see https://github.com/paperless-ngx/paperless-ngx/blob/main/docker/compose/docker-compose.env - - name: paperless - - image: {{ salt['pillar.get']('paperless:webserver:image:path', 'ghcr.io/paperless-ngx/paperless-ngx') }}:{{ salt['pillar.get']('paperless:webserver:image:version', '2.12') }} - - container_name: paperless - - environment: - - USER_UID=1000 - - USER_GID=1000 - - PAPERLESS_REDIS={{ salt['pillar.get']('paperless:webserver:environment:redis', 'redis://broker:6379') }} - - PAPERLESS_TIKA_ENABLED={{ salt['pillar.get']('paperless:webserver:environment:tika_enabled', '1') }} - - PAPERLESS_TIKA_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_endpoint', 'http://tika:9998') }} - - PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }} +paperless-docker-compose-env-file-present: + file.managed: + - name: /opt/docker-compose.env + - template: jinja + - source: salt://docker-compose.env - - PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect - - PAPERLESS_SOCIALACCOUNT_PROVIDERS={"key": {"value": 3}} - - PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} - - PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} +paperless-docker-compose-file-present: + file.managed: + - name: /opt/docker-compose.yml + - template: jinja + - source: salt://docker-compose.yml - - PAPERLESS_ADMIN_USER={{ salt['pillar.get']('paperless:webserver:environment:admin_user', 'admin') }} - - PAPERLESS_ADMIN_PASSWORD={{ salt['pillar.get']('paperless:webserver:environment:admin_password', 'change-me') }} - - restart: always - - networks: - - paperless-network - - binds: - - /opt/paperless/webserver/data:/usr/src/paperless/data - - /opt/paperless/webserver/media:/usr/src/paperless/media - - /opt/paperless/webserver/export:/usr/src/paperless/export - - /opt/paperless/webserver/consume:/usr/src/paperless/consume - - /etc/timezone:/etc/timezone:ro - - /etc/localtime:/etc/localtime:ro - - port_bindings: - - {{ salt['pillar.get']('paperless:webserver:ip', '127.0.0.1') }}:{{ salt['pillar.get']('paperless:webserver:port', '8000') }}:8000 +paperless-docker-compose-up: + module.run: + - dockercompose.up: + - path: /opt/docker-compose.yml From 6ce5615675edee40e7e05b8ef3d03fccb72c5909 Mon Sep 17 00:00:00 2001 From: rfl Date: Fri, 25 Oct 2024 19:52:20 +0200 Subject: [PATCH 04/23] Trying more --- paperless/init.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/paperless/init.sls b/paperless/init.sls index f99e17b..7ed21a4 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -35,6 +35,7 @@ docker-requirements: - require: - pkg: python3-pip - pkgs: + - cython<3.0.0 # - docker==6.1.3 # - docker==7.0.0 - docker==7.1.0 From f7f212c2482e87f5f77650c3000fe462fdf9d92e Mon Sep 17 00:00:00 2001 From: rfl Date: Fri, 25 Oct 2024 19:54:13 +0200 Subject: [PATCH 05/23] Trying more --- paperless/init.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/paperless/init.sls b/paperless/init.sls index 7ed21a4..b12122e 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -36,6 +36,7 @@ docker-requirements: - pkg: python3-pip - pkgs: - cython<3.0.0 + - pyyaml==6.0 # - docker==6.1.3 # - docker==7.0.0 - docker==7.1.0 From 554ce3fd3e60a8563c4cdcbe0fe7fb36f253a8eb Mon Sep 17 00:00:00 2001 From: rfl Date: Fri, 25 Oct 2024 19:58:00 +0200 Subject: [PATCH 06/23] Trying more --- paperless/init.sls | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/paperless/init.sls b/paperless/init.sls index b12122e..9322f27 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -35,8 +35,7 @@ docker-requirements: - require: - pkg: python3-pip - pkgs: - - cython<3.0.0 - - pyyaml==6.0 + - pyyaml==5.3.1 # - docker==6.1.3 # - docker==7.0.0 - docker==7.1.0 From 69ec63e19987c9497b95024900e2cddf1c49b727 Mon Sep 17 00:00:00 2001 From: rfl Date: Fri, 25 Oct 2024 20:06:53 +0200 Subject: [PATCH 07/23] Track files --- paperless/docker-compose.env | 23 +++++++++++++++++++++++ paperless/docker-compose.yml | 17 +++++++++++++++++ paperless/init.sls | 4 ++-- 3 files changed, 42 insertions(+), 2 deletions(-) create mode 100644 paperless/docker-compose.env create mode 100644 paperless/docker-compose.yml diff --git a/paperless/docker-compose.env b/paperless/docker-compose.env new file mode 100644 index 0000000..2b48bf5 --- /dev/null +++ b/paperless/docker-compose.env @@ -0,0 +1,23 @@ +USER_UID=1000 +USER_GID=1000 + +PAPERLESS_REDIS={{ salt['pillar.get']('paperless:webserver:environment:redis', 'redis://broker:6379') }} +PAPERLESS_TIKA_ENABLED={{ salt['pillar.get']('paperless:webserver:environment:tika_enabled', '1') }} +PAPERLESS_TIKA_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_endpoint', 'http://tika:9998') }} +PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }} + +PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect +PAPERLESS_SOCIALACCOUNT_PROVIDERS={"key": {"value": 3}} + +{% client_secret = salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') %} +{% set oauth_server = salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') %} +{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS_ = +{'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', +'client_id': 'paperless', 'secret': client_secret, 'settings':{'server_url': +oauth_server}}]}} | tojson %} + +PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} +PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} + +PAPERLESS_ADMIN_USER={{ salt['pillar.get']('paperless:webserver:environment:admin_user', 'admin') }} +PAPERLESS_ADMIN_PASSWORD={{ salt['pillar.get']('paperless:webserver:environment:admin_password', 'change-me') }} diff --git a/paperless/docker-compose.yml b/paperless/docker-compose.yml new file mode 100644 index 0000000..707cb15 --- /dev/null +++ b/paperless/docker-compose.yml @@ -0,0 +1,17 @@ +services: + paperless: + - image: {{ salt['pillar.get']('paperless:webserver:image:path', 'ghcr.io/paperless-ngx/paperless-ngx') }}:{{ salt['pillar.get']('paperless:webserver:image:version', '2.12') }} + - container_name: paperless + - env_file: docker-compose.env + - restart: always + - networks: + - paperless-network + - binds: + - /opt/paperless/webserver/data:/usr/src/paperless/data + - /opt/paperless/webserver/media:/usr/src/paperless/media + - /opt/paperless/webserver/export:/usr/src/paperless/export + - /opt/paperless/webserver/consume:/usr/src/paperless/consume + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + - port_bindings: + - {{ salt['pillar.get']('paperless:webserver:ip', '127.0.0.1') }}:{{ salt['pillar.get']('paperless:webserver:port', '8000') }}:8000 diff --git a/paperless/init.sls b/paperless/init.sls index 9322f27..f9ffd2c 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -106,13 +106,13 @@ paperless-docker-compose-env-file-present: file.managed: - name: /opt/docker-compose.env - template: jinja - - source: salt://docker-compose.env + - source: ./docker-compose.env paperless-docker-compose-file-present: file.managed: - name: /opt/docker-compose.yml - template: jinja - - source: salt://docker-compose.yml + - source: ./docker-compose.yml paperless-docker-compose-up: module.run: From 18590b737553b2a42f85c58e6f8854cf5bef95bc Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 16:35:17 +0100 Subject: [PATCH 08/23] Fix template file names --- paperless/{docker-compose.env => docker-compose.env.jinja} | 0 paperless/{docker-compose.yml => docker-compose.yml.jinja} | 0 paperless/init.sls | 4 ++-- 3 files changed, 2 insertions(+), 2 deletions(-) rename paperless/{docker-compose.env => docker-compose.env.jinja} (100%) rename paperless/{docker-compose.yml => docker-compose.yml.jinja} (100%) diff --git a/paperless/docker-compose.env b/paperless/docker-compose.env.jinja similarity index 100% rename from paperless/docker-compose.env rename to paperless/docker-compose.env.jinja diff --git a/paperless/docker-compose.yml b/paperless/docker-compose.yml.jinja similarity index 100% rename from paperless/docker-compose.yml rename to paperless/docker-compose.yml.jinja diff --git a/paperless/init.sls b/paperless/init.sls index f9ffd2c..9dfbc04 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -106,13 +106,13 @@ paperless-docker-compose-env-file-present: file.managed: - name: /opt/docker-compose.env - template: jinja - - source: ./docker-compose.env + - source: salt://paperless/docker-compose.env.jinja paperless-docker-compose-file-present: file.managed: - name: /opt/docker-compose.yml - template: jinja - - source: ./docker-compose.yml + - source: salt://docker-compose.yml.jinja paperless-docker-compose-up: module.run: From 6502e193fa8569a3410c9751b0f2b2f4a7800247 Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 16:49:20 +0100 Subject: [PATCH 09/23] Fix template file paths --- paperless/docker-compose.env.jinja | 10 ++++------ paperless/init.sls | 8 ++++---- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/paperless/docker-compose.env.jinja b/paperless/docker-compose.env.jinja index 2b48bf5..1929b72 100644 --- a/paperless/docker-compose.env.jinja +++ b/paperless/docker-compose.env.jinja @@ -9,12 +9,10 @@ PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:env PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect PAPERLESS_SOCIALACCOUNT_PROVIDERS={"key": {"value": 3}} -{% client_secret = salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') %} -{% set oauth_server = salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') %} -{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS_ = -{'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', -'client_id': 'paperless', 'secret': client_secret, 'settings':{'server_url': -oauth_server}}]}} | tojson %} +PAPERLESS_CLIENT_SECRET=salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') +PAPERLESS_SERVER_URL=salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') + +# PAPERLESS_SOCIALACCOUNT_PROVIDERS_={'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': $PAPERLESS_CLIENT_SECRET, 'settings':{'server_url': $PAPERLESS_SERVER_URL}}]}} PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} diff --git a/paperless/init.sls b/paperless/init.sls index 9dfbc04..20e34e9 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -104,17 +104,17 @@ tika-docker-container-running: paperless-docker-compose-env-file-present: file.managed: - - name: /opt/docker-compose.env + - name: /opt/paperless/docker-compose.env - template: jinja - source: salt://paperless/docker-compose.env.jinja paperless-docker-compose-file-present: file.managed: - - name: /opt/docker-compose.yml + - name: /opt/paperless/docker-compose.yml - template: jinja - - source: salt://docker-compose.yml.jinja + - source: salt://paperless/docker-compose.yml.jinja paperless-docker-compose-up: module.run: - dockercompose.up: - - path: /opt/docker-compose.yml + - path: /opt/paperless/docker-compose.yml From 6a9507ad101e09c38e23e778780187a28db1f173 Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 16:50:48 +0100 Subject: [PATCH 10/23] Fix jinja expression --- paperless/docker-compose.env.jinja | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/paperless/docker-compose.env.jinja b/paperless/docker-compose.env.jinja index 1929b72..73ca963 100644 --- a/paperless/docker-compose.env.jinja +++ b/paperless/docker-compose.env.jinja @@ -9,8 +9,8 @@ PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:env PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect PAPERLESS_SOCIALACCOUNT_PROVIDERS={"key": {"value": 3}} -PAPERLESS_CLIENT_SECRET=salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') -PAPERLESS_SERVER_URL=salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') +PAPERLESS_CLIENT_SECRET={{ salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') }} +PAPERLESS_SERVER_URL={{ salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') }} # PAPERLESS_SOCIALACCOUNT_PROVIDERS_={'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': $PAPERLESS_CLIENT_SECRET, 'settings':{'server_url': $PAPERLESS_SERVER_URL}}]}} From af9d01bdb96143d742e17600fbcbfce3124335a7 Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 16:55:09 +0100 Subject: [PATCH 11/23] Fix compose template file --- paperless/docker-compose.yml.jinja | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/paperless/docker-compose.yml.jinja b/paperless/docker-compose.yml.jinja index 707cb15..7853978 100644 --- a/paperless/docker-compose.yml.jinja +++ b/paperless/docker-compose.yml.jinja @@ -1,17 +1,17 @@ services: paperless: - - image: {{ salt['pillar.get']('paperless:webserver:image:path', 'ghcr.io/paperless-ngx/paperless-ngx') }}:{{ salt['pillar.get']('paperless:webserver:image:version', '2.12') }} - - container_name: paperless - - env_file: docker-compose.env - - restart: always - - networks: + image: {{ salt['pillar.get']('paperless:webserver:image:path', 'ghcr.io/paperless-ngx/paperless-ngx') }}:{{ salt['pillar.get']('paperless:webserver:image:version', '2.12') }} + container_name: paperless + env_file: docker-compose.env + restart: always + networks: - paperless-network - - binds: + binds: - /opt/paperless/webserver/data:/usr/src/paperless/data - /opt/paperless/webserver/media:/usr/src/paperless/media - /opt/paperless/webserver/export:/usr/src/paperless/export - /opt/paperless/webserver/consume:/usr/src/paperless/consume - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro - - port_bindings: + port_bindings: - {{ salt['pillar.get']('paperless:webserver:ip', '127.0.0.1') }}:{{ salt['pillar.get']('paperless:webserver:port', '8000') }}:8000 From 6be4363d7e76f16e51ed52465a793ebb49e19662 Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 16:58:23 +0100 Subject: [PATCH 12/23] Fix compose template file --- paperless/docker-compose.yml.jinja | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/paperless/docker-compose.yml.jinja b/paperless/docker-compose.yml.jinja index 7853978..87503bc 100644 --- a/paperless/docker-compose.yml.jinja +++ b/paperless/docker-compose.yml.jinja @@ -6,12 +6,12 @@ services: restart: always networks: - paperless-network - binds: + volumes: - /opt/paperless/webserver/data:/usr/src/paperless/data - /opt/paperless/webserver/media:/usr/src/paperless/media - /opt/paperless/webserver/export:/usr/src/paperless/export - /opt/paperless/webserver/consume:/usr/src/paperless/consume - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro - port_bindings: + ports: - {{ salt['pillar.get']('paperless:webserver:ip', '127.0.0.1') }}:{{ salt['pillar.get']('paperless:webserver:port', '8000') }}:8000 From c36620551d5f590289d125e9a4f5518d77774deb Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 17:15:08 +0100 Subject: [PATCH 13/23] Patch docker compose version --- paperless/docker-compose-version-fix.patch | 12 ++++++++++++ paperless/init.sls | 6 ++++++ 2 files changed, 18 insertions(+) create mode 100644 paperless/docker-compose-version-fix.patch diff --git a/paperless/docker-compose-version-fix.patch b/paperless/docker-compose-version-fix.patch new file mode 100644 index 0000000..aa16057 --- /dev/null +++ b/paperless/docker-compose-version-fix.patch @@ -0,0 +1,12 @@ +--- /usr/local/lib/python3.11/dist-packages/docker/utils/utils.py 2024-10-08 22:38:19.859988188 +0200 ++++ utils.py 2024-10-27 17:06:27.445617219 +0100 +@@ -350,7 +350,8 @@ + return device_list + + +-def kwargs_from_env(environment=None): ++def kwargs_from_env(environment=None, ssl_version=None): ++ # https://stackoverflow.com/a/77642303 + if not environment: + environment = os.environ + host = environment.get('DOCKER_HOST') diff --git a/paperless/init.sls b/paperless/init.sls index 20e34e9..355cb12 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -102,6 +102,12 @@ tika-docker-container-running: - networks: - paperless-network +# https://stackoverflow.com/a/77642303 +docker-compose-version-fix: + file.patch: + - name: /usr/local/lib/python3.11/dist-packages/docker/utils/utils.py + - source: salt://paperless/docker-compose-version-fix.patch + paperless-docker-compose-env-file-present: file.managed: - name: /opt/paperless/docker-compose.env From 280ba5cba76f076d041329722ef634dccf73f381 Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 17:32:15 +0100 Subject: [PATCH 14/23] Add docker network --- paperless/docker-compose.yml.jinja | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/paperless/docker-compose.yml.jinja b/paperless/docker-compose.yml.jinja index 87503bc..961ac1d 100644 --- a/paperless/docker-compose.yml.jinja +++ b/paperless/docker-compose.yml.jinja @@ -15,3 +15,8 @@ services: - /etc/localtime:/etc/localtime:ro ports: - {{ salt['pillar.get']('paperless:webserver:ip', '127.0.0.1') }}:{{ salt['pillar.get']('paperless:webserver:port', '8000') }}:8000 + +networks: + paperless-network: + external: + name: paperless-network From 189f80c2348ad7e37647abd934ec82ad7e108eba Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 17:43:03 +0100 Subject: [PATCH 15/23] Set env variable --- paperless/docker-compose.env.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/paperless/docker-compose.env.jinja b/paperless/docker-compose.env.jinja index 73ca963..b2429f9 100644 --- a/paperless/docker-compose.env.jinja +++ b/paperless/docker-compose.env.jinja @@ -12,7 +12,7 @@ PAPERLESS_SOCIALACCOUNT_PROVIDERS={"key": {"value": 3}} PAPERLESS_CLIENT_SECRET={{ salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') }} PAPERLESS_SERVER_URL={{ salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') }} -# PAPERLESS_SOCIALACCOUNT_PROVIDERS_={'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': $PAPERLESS_CLIENT_SECRET, 'settings':{'server_url': $PAPERLESS_SERVER_URL}}]}} +PAPERLESS_SOCIALACCOUNT_PROVIDERS_="{'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': $PAPERLESS_CLIENT_SECRET, 'settings':{'server_url': $PAPERLESS_SERVER_URL}}]}}" PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} From 3fb6d592e40ccc1a11c0e58b6fca681b54ab653d Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 17:53:21 +0100 Subject: [PATCH 16/23] Fix env variable syntax --- paperless/docker-compose.env.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/paperless/docker-compose.env.jinja b/paperless/docker-compose.env.jinja index b2429f9..4ef00ab 100644 --- a/paperless/docker-compose.env.jinja +++ b/paperless/docker-compose.env.jinja @@ -12,7 +12,7 @@ PAPERLESS_SOCIALACCOUNT_PROVIDERS={"key": {"value": 3}} PAPERLESS_CLIENT_SECRET={{ salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') }} PAPERLESS_SERVER_URL={{ salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') }} -PAPERLESS_SOCIALACCOUNT_PROVIDERS_="{'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': $PAPERLESS_CLIENT_SECRET, 'settings':{'server_url': $PAPERLESS_SERVER_URL}}]}}" +PAPERLESS_SOCIALACCOUNT_PROVIDERS_="{'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': ${PAPERLESS_CLIENT_SECRET}, 'settings':{'server_url': ${PAPERLESS_SERVER_URL}}}]}}" PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} From 8fe2695baf1ed098d8aaf532446cbd3e895d8663 Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 17:56:48 +0100 Subject: [PATCH 17/23] Use correct env variable keys --- paperless/docker-compose.env.jinja | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/paperless/docker-compose.env.jinja b/paperless/docker-compose.env.jinja index 4ef00ab..24f6156 100644 --- a/paperless/docker-compose.env.jinja +++ b/paperless/docker-compose.env.jinja @@ -7,12 +7,9 @@ PAPERLESS_TIKA_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:t PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }} PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect -PAPERLESS_SOCIALACCOUNT_PROVIDERS={"key": {"value": 3}} - PAPERLESS_CLIENT_SECRET={{ salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') }} PAPERLESS_SERVER_URL={{ salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') }} - -PAPERLESS_SOCIALACCOUNT_PROVIDERS_="{'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': ${PAPERLESS_CLIENT_SECRET}, 'settings':{'server_url': ${PAPERLESS_SERVER_URL}}}]}}" +PAPERLESS_SOCIALACCOUNT_PROVIDERS="{'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': ${PAPERLESS_CLIENT_SECRET}, 'settings':{'server_url': ${PAPERLESS_SERVER_URL}}}]}}" PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} From 3fac8ddcb2a31dbe9a913c404d3f15256442bca9 Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 18:04:12 +0100 Subject: [PATCH 18/23] Add quotes --- paperless/docker-compose.env.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/paperless/docker-compose.env.jinja b/paperless/docker-compose.env.jinja index 24f6156..adc6dc7 100644 --- a/paperless/docker-compose.env.jinja +++ b/paperless/docker-compose.env.jinja @@ -9,7 +9,7 @@ PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:env PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect PAPERLESS_CLIENT_SECRET={{ salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') }} PAPERLESS_SERVER_URL={{ salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') }} -PAPERLESS_SOCIALACCOUNT_PROVIDERS="{'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': ${PAPERLESS_CLIENT_SECRET}, 'settings':{'server_url': ${PAPERLESS_SERVER_URL}}}]}}" +PAPERLESS_SOCIALACCOUNT_PROVIDERS="{'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': '${PAPERLESS_CLIENT_SECRET}', 'settings':{'server_url': '${PAPERLESS_SERVER_URL}'}}]}}" PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} From f3cde83121d68b511fdf5565442b6cc0ced5f1d0 Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 18:08:24 +0100 Subject: [PATCH 19/23] Switch to double quotes --- paperless/docker-compose.env.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/paperless/docker-compose.env.jinja b/paperless/docker-compose.env.jinja index adc6dc7..7cc3a7f 100644 --- a/paperless/docker-compose.env.jinja +++ b/paperless/docker-compose.env.jinja @@ -9,7 +9,7 @@ PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:env PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect PAPERLESS_CLIENT_SECRET={{ salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') }} PAPERLESS_SERVER_URL={{ salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') }} -PAPERLESS_SOCIALACCOUNT_PROVIDERS="{'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': '${PAPERLESS_CLIENT_SECRET}', 'settings':{'server_url': '${PAPERLESS_SERVER_URL}'}}]}}" +PAPERLESS_SOCIALACCOUNT_PROVIDERS="{\"openid_connect\":{\"APPS\":[{\"provider_id\": \"keycloak\", \"name\": \"Keycloak\", \"client_id\": \"paperless\", \"secret\": \"${PAPERLESS_CLIENT_SECRET}\", \"settings\":{\"server_url\": \"${PAPERLESS_SERVER_URL}\"}}]}}" PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} From e0ec215239b41dcfe5e1f27dc9b596310a1918c0 Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 19:35:29 +0100 Subject: [PATCH 20/23] Set paperless url --- paperless/docker-compose.env.jinja | 2 ++ 1 file changed, 2 insertions(+) diff --git a/paperless/docker-compose.env.jinja b/paperless/docker-compose.env.jinja index 7cc3a7f..ec9a133 100644 --- a/paperless/docker-compose.env.jinja +++ b/paperless/docker-compose.env.jinja @@ -16,3 +16,5 @@ PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:envir PAPERLESS_ADMIN_USER={{ salt['pillar.get']('paperless:webserver:environment:admin_user', 'admin') }} PAPERLESS_ADMIN_PASSWORD={{ salt['pillar.get']('paperless:webserver:environment:admin_password', 'change-me') }} + +PAPERLESS_URL={{ salt['pillar.get']('paperless:webserver:environment:url', 'https://paperless.flipdot.space') }} \ No newline at end of file From 4b407777421e189f3b9015086762bcaaf4ed0b8c Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 19:46:14 +0100 Subject: [PATCH 21/23] Include social auto signup config --- paperless/docker-compose.env.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/paperless/docker-compose.env.jinja b/paperless/docker-compose.env.jinja index ec9a133..f4f15e4 100644 --- a/paperless/docker-compose.env.jinja +++ b/paperless/docker-compose.env.jinja @@ -10,9 +10,9 @@ PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect PAPERLESS_CLIENT_SECRET={{ salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') }} PAPERLESS_SERVER_URL={{ salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') }} PAPERLESS_SOCIALACCOUNT_PROVIDERS="{\"openid_connect\":{\"APPS\":[{\"provider_id\": \"keycloak\", \"name\": \"Keycloak\", \"client_id\": \"paperless\", \"secret\": \"${PAPERLESS_CLIENT_SECRET}\", \"settings\":{\"server_url\": \"${PAPERLESS_SERVER_URL}\"}}]}}" - PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} +PAPERLESS_SOCIAL_AUTO_SIGNUP={{ salt['pillar.get']('paperless:webserver:environment:social_auto_signup', 'true') }} PAPERLESS_ADMIN_USER={{ salt['pillar.get']('paperless:webserver:environment:admin_user', 'admin') }} PAPERLESS_ADMIN_PASSWORD={{ salt['pillar.get']('paperless:webserver:environment:admin_password', 'change-me') }} From 7e0c9d5399cb0cdf4d1630faecf3138fb977d0b0 Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 19:57:37 +0100 Subject: [PATCH 22/23] Include account email verification config --- paperless/docker-compose.env.jinja | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/paperless/docker-compose.env.jinja b/paperless/docker-compose.env.jinja index f4f15e4..cf34f59 100644 --- a/paperless/docker-compose.env.jinja +++ b/paperless/docker-compose.env.jinja @@ -13,8 +13,9 @@ PAPERLESS_SOCIALACCOUNT_PROVIDERS="{\"openid_connect\":{\"APPS\":[{\"provider_id PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} PAPERLESS_SOCIAL_AUTO_SIGNUP={{ salt['pillar.get']('paperless:webserver:environment:social_auto_signup', 'true') }} +PAPERLESS_ACCOUNT_EMAIL_VERIFICATION={{ salt['pillar.get']('paperless:webserver:environment:account_email_verification', 'none') }} PAPERLESS_ADMIN_USER={{ salt['pillar.get']('paperless:webserver:environment:admin_user', 'admin') }} PAPERLESS_ADMIN_PASSWORD={{ salt['pillar.get']('paperless:webserver:environment:admin_password', 'change-me') }} -PAPERLESS_URL={{ salt['pillar.get']('paperless:webserver:environment:url', 'https://paperless.flipdot.space') }} \ No newline at end of file +PAPERLESS_URL={{ salt['pillar.get']('paperless:webserver:environment:url', 'https://paperless.flipdot.space') }} From 7140ebb516b770f512573c9b88b693072648898a Mon Sep 17 00:00:00 2001 From: rfl Date: Sun, 27 Oct 2024 21:18:05 +0100 Subject: [PATCH 23/23] Update configs --- pillar.example | 23 +++++------------------ 1 file changed, 5 insertions(+), 18 deletions(-) diff --git a/pillar.example b/pillar.example index 4e1c7af..77f096f 100644 --- a/pillar.example +++ b/pillar.example @@ -15,30 +15,17 @@ paperless: tika_endpoint: http://tika:9998 tika_gotenberg_endpoint: http://gotenberg:3000 - # following is included here for later, uncomment in init.sls as well - - # https://docs.paperless-ngx.com/advanced_usage/#sso-and-third-party-authentication-with-paperless-ngx - # https://github.com/paperless-ngx/paperless-ngx/discussions?discussions_q=ldap - # https://github.com/paperless-ngx/paperless-ngx/discussions/498 - # https://github.com/paperless-ngx/paperless-ngx/discussions/3228 - - # Allows authentication via HTTP_REMOTE_USER which is used by some SSO applications. - # enable_http_remote_user=true - - # Allows authentication via HTTP_REMOTE_USER directly against the API - # enable_http_remote_user_api=true - # Adjust this key if you plan to make paperless available publicly. It should # be a very long sequence of random characters. You don't need to remember it. # secret_key=change-me - - # This is required if you will be exposing Paperless-ngx on a public domain - # (if doing so please consider security measures such as reverse proxy) - # url=https://paperless.flipdot.org + disable_regular_login: True + redirect_login_to_sso: True + social_auto_signup: True + account_email_verification: none admin_user: admin admin_password: change-me - + url: https://paperless.flipdot.space keycloak: client_secret: server_url: https:///realms//.well-known/openid-configuration