Compare commits
No commits in common. "7140ebb516b770f512573c9b88b693072648898a" and "71306a2cd14e8affd914568e0472a006b6fc523c" have entirely different histories.
7140ebb516
...
71306a2cd1
5 changed files with 56 additions and 82 deletions
|
@ -1,12 +0,0 @@
|
|||
--- /usr/local/lib/python3.11/dist-packages/docker/utils/utils.py 2024-10-08 22:38:19.859988188 +0200
|
||||
+++ utils.py 2024-10-27 17:06:27.445617219 +0100
|
||||
@@ -350,7 +350,8 @@
|
||||
return device_list
|
||||
|
||||
|
||||
-def kwargs_from_env(environment=None):
|
||||
+def kwargs_from_env(environment=None, ssl_version=None):
|
||||
+ # https://stackoverflow.com/a/77642303
|
||||
if not environment:
|
||||
environment = os.environ
|
||||
host = environment.get('DOCKER_HOST')
|
|
@ -1,21 +0,0 @@
|
|||
USER_UID=1000
|
||||
USER_GID=1000
|
||||
|
||||
PAPERLESS_REDIS={{ salt['pillar.get']('paperless:webserver:environment:redis', 'redis://broker:6379') }}
|
||||
PAPERLESS_TIKA_ENABLED={{ salt['pillar.get']('paperless:webserver:environment:tika_enabled', '1') }}
|
||||
PAPERLESS_TIKA_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_endpoint', 'http://tika:9998') }}
|
||||
PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }}
|
||||
|
||||
PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect
|
||||
PAPERLESS_CLIENT_SECRET={{ salt['pillar.get']('paperless:webserver:keycloak:client_secret', '<CLIENT_SECRET>') }}
|
||||
PAPERLESS_SERVER_URL={{ salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https://<KEYCLOAK_SERVER>/realms/<REALM>/.well-known/openid-configuration') }}
|
||||
PAPERLESS_SOCIALACCOUNT_PROVIDERS="{\"openid_connect\":{\"APPS\":[{\"provider_id\": \"keycloak\", \"name\": \"Keycloak\", \"client_id\": \"paperless\", \"secret\": \"${PAPERLESS_CLIENT_SECRET}\", \"settings\":{\"server_url\": \"${PAPERLESS_SERVER_URL}\"}}]}}"
|
||||
PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }}
|
||||
PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }}
|
||||
PAPERLESS_SOCIAL_AUTO_SIGNUP={{ salt['pillar.get']('paperless:webserver:environment:social_auto_signup', 'true') }}
|
||||
PAPERLESS_ACCOUNT_EMAIL_VERIFICATION={{ salt['pillar.get']('paperless:webserver:environment:account_email_verification', 'none') }}
|
||||
|
||||
PAPERLESS_ADMIN_USER={{ salt['pillar.get']('paperless:webserver:environment:admin_user', 'admin') }}
|
||||
PAPERLESS_ADMIN_PASSWORD={{ salt['pillar.get']('paperless:webserver:environment:admin_password', 'change-me') }}
|
||||
|
||||
PAPERLESS_URL={{ salt['pillar.get']('paperless:webserver:environment:url', 'https://paperless.flipdot.space') }}
|
|
@ -1,22 +0,0 @@
|
|||
services:
|
||||
paperless:
|
||||
image: {{ salt['pillar.get']('paperless:webserver:image:path', 'ghcr.io/paperless-ngx/paperless-ngx') }}:{{ salt['pillar.get']('paperless:webserver:image:version', '2.12') }}
|
||||
container_name: paperless
|
||||
env_file: docker-compose.env
|
||||
restart: always
|
||||
networks:
|
||||
- paperless-network
|
||||
volumes:
|
||||
- /opt/paperless/webserver/data:/usr/src/paperless/data
|
||||
- /opt/paperless/webserver/media:/usr/src/paperless/media
|
||||
- /opt/paperless/webserver/export:/usr/src/paperless/export
|
||||
- /opt/paperless/webserver/consume:/usr/src/paperless/consume
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
ports:
|
||||
- {{ salt['pillar.get']('paperless:webserver:ip', '127.0.0.1') }}:{{ salt['pillar.get']('paperless:webserver:port', '8000') }}:8000
|
||||
|
||||
networks:
|
||||
paperless-network:
|
||||
external:
|
||||
name: paperless-network
|
|
@ -1,3 +1,8 @@
|
|||
# Attempt to fix json with pillar variables in variable
|
||||
{% set client_secret = salt['pillar.get']('paperless:webserver:keycloak:client_secret', '<CLIENT_SECRET>') %}
|
||||
{% set oauth_server = salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https://<KEYCLOAK_SERVER>/realms/<REALM>/.well-known/openid-configuration') %}
|
||||
{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS_ = {'openid_connect':{'APPS':[{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': client_secret, 'settings':{'server_url': oauth_server}}]}}|tojson%}
|
||||
|
||||
broker-data-directory-exists:
|
||||
file.directory:
|
||||
- name: /opt/paperless/broker
|
||||
|
@ -35,7 +40,6 @@ docker-requirements:
|
|||
- require:
|
||||
- pkg: python3-pip
|
||||
- pkgs:
|
||||
- pyyaml==5.3.1
|
||||
# - docker==6.1.3
|
||||
# - docker==7.0.0
|
||||
- docker==7.1.0
|
||||
|
@ -43,7 +47,6 @@ docker-requirements:
|
|||
# - docker-py==1.10.5
|
||||
# - requests<2.29.0
|
||||
# - urllib3<2.0
|
||||
- docker-compose>=1.5.0
|
||||
|
||||
# other errors that were encountered
|
||||
# keyerror http+docker
|
||||
|
@ -102,25 +105,38 @@ tika-docker-container-running:
|
|||
- networks:
|
||||
- paperless-network
|
||||
|
||||
# https://stackoverflow.com/a/77642303
|
||||
docker-compose-version-fix:
|
||||
file.patch:
|
||||
- name: /usr/local/lib/python3.11/dist-packages/docker/utils/utils.py
|
||||
- source: salt://paperless/docker-compose-version-fix.patch
|
||||
paperless-docker-container-running:
|
||||
docker_container.running:
|
||||
# The Docker setup does not use the configuration file.
|
||||
# So we have to set everything through environment variables.
|
||||
# see https://github.com/paperless-ngx/paperless-ngx/blob/main/docker/compose/docker-compose.env
|
||||
- name: paperless
|
||||
- image: {{ salt['pillar.get']('paperless:webserver:image:path', 'ghcr.io/paperless-ngx/paperless-ngx') }}:{{ salt['pillar.get']('paperless:webserver:image:version', '2.12') }}
|
||||
- container_name: paperless
|
||||
- environment:
|
||||
- USER_UID=1000
|
||||
- USER_GID=1000
|
||||
- PAPERLESS_REDIS={{ salt['pillar.get']('paperless:webserver:environment:redis', 'redis://broker:6379') }}
|
||||
- PAPERLESS_TIKA_ENABLED={{ salt['pillar.get']('paperless:webserver:environment:tika_enabled', '1') }}
|
||||
- PAPERLESS_TIKA_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_endpoint', 'http://tika:9998') }}
|
||||
- PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }}
|
||||
|
||||
paperless-docker-compose-env-file-present:
|
||||
file.managed:
|
||||
- name: /opt/paperless/docker-compose.env
|
||||
- template: jinja
|
||||
- source: salt://paperless/docker-compose.env.jinja
|
||||
- PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect
|
||||
- PAPERLESS_SOCIALACCOUNT_PROVIDERS={{ PAPERLESS_SOCIALACCOUNT_PROVIDERS_ }}
|
||||
- PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }}
|
||||
- PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }}
|
||||
|
||||
paperless-docker-compose-file-present:
|
||||
file.managed:
|
||||
- name: /opt/paperless/docker-compose.yml
|
||||
- template: jinja
|
||||
- source: salt://paperless/docker-compose.yml.jinja
|
||||
|
||||
paperless-docker-compose-up:
|
||||
module.run:
|
||||
- dockercompose.up:
|
||||
- path: /opt/paperless/docker-compose.yml
|
||||
- PAPERLESS_ADMIN_USER={{ salt['pillar.get']('paperless:webserver:environment:admin_user', 'admin') }}
|
||||
- PAPERLESS_ADMIN_PASSWORD={{ salt['pillar.get']('paperless:webserver:environment:admin_password', 'change-me') }}
|
||||
- restart: always
|
||||
- networks:
|
||||
- paperless-network
|
||||
- binds:
|
||||
- /opt/paperless/webserver/data:/usr/src/paperless/data
|
||||
- /opt/paperless/webserver/media:/usr/src/paperless/media
|
||||
- /opt/paperless/webserver/export:/usr/src/paperless/export
|
||||
- /opt/paperless/webserver/consume:/usr/src/paperless/consume
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
- port_bindings:
|
||||
- {{ salt['pillar.get']('paperless:webserver:ip', '127.0.0.1') }}:{{ salt['pillar.get']('paperless:webserver:port', '8000') }}:8000
|
||||
|
|
|
@ -15,17 +15,30 @@ paperless:
|
|||
tika_endpoint: http://tika:9998
|
||||
tika_gotenberg_endpoint: http://gotenberg:3000
|
||||
|
||||
# following is included here for later, uncomment in init.sls as well
|
||||
|
||||
# https://docs.paperless-ngx.com/advanced_usage/#sso-and-third-party-authentication-with-paperless-ngx
|
||||
# https://github.com/paperless-ngx/paperless-ngx/discussions?discussions_q=ldap
|
||||
# https://github.com/paperless-ngx/paperless-ngx/discussions/498
|
||||
# https://github.com/paperless-ngx/paperless-ngx/discussions/3228
|
||||
|
||||
# Allows authentication via HTTP_REMOTE_USER which is used by some SSO applications.
|
||||
# enable_http_remote_user=true
|
||||
|
||||
# Allows authentication via HTTP_REMOTE_USER directly against the API
|
||||
# enable_http_remote_user_api=true
|
||||
|
||||
# Adjust this key if you plan to make paperless available publicly. It should
|
||||
# be a very long sequence of random characters. You don't need to remember it.
|
||||
# secret_key=change-me
|
||||
|
||||
# This is required if you will be exposing Paperless-ngx on a public domain
|
||||
# (if doing so please consider security measures such as reverse proxy)
|
||||
# url=https://paperless.flipdot.org
|
||||
|
||||
disable_regular_login: True
|
||||
redirect_login_to_sso: True
|
||||
social_auto_signup: True
|
||||
account_email_verification: none
|
||||
admin_user: admin
|
||||
admin_password: change-me
|
||||
url: https://paperless.flipdot.space
|
||||
|
||||
keycloak:
|
||||
client_secret: <CLIENT_SECRET>
|
||||
server_url: https://<KEYCLOAK_SERVER>/realms/<REALM>/.well-known/openid-configuration
|
||||
|
|
Loading…
Reference in a new issue