diff --git a/paperless/init.sls b/paperless/init.sls index 3e4f85c..6a07a87 100644 --- a/paperless/init.sls +++ b/paperless/init.sls @@ -30,63 +30,10 @@ paperless-data-directory-exists: - name: /opt/paperless/webserver - makedirs: True -python3-pip: - pkg.installed - -# https://github.com/saltstack/salt/issues/61004 -python-pip-uptodate: - pip.installed: - - require: - - pkg: python3-pip - - pkgs: - - pip - - upgrade: True - -# https://bugs.launchpad.net/ubuntu/+source/python-docker/+bug/2066926 -# https://packages.debian.org/source/sid/python-docker -# does not work -# python-docker-package: -# pkg.installed: -# - name: python3-docker - -# https://stackoverflow.com/a/78224409 -# https://github.com/docker/docker-py/issues/3113 -# https://github.com/saltstack/salt/issues/62689 -docker-requirements: - pip.installed: - - require: - - pkg: python3-pip - - pkgs: - # - docker==6.1.3 - # - docker==7.0.0 - - docker==7.1.0 - # - docker==5.0.3 - # - docker-py==1.10.5 - # - requests<2.29.0 - # - urllib3<2.0 - -# other errors that were encountered -# keyerror http+docker -# https://github.com/geerlingguy/ansible-role-docker/issues/462 -# https://github.com/docker/docker-py/issues/3279 -# unexpected keyword argument 'chunked' -# https://github.com/saltstack/salt/issues/65526 -# 'docker.version' is not available -# https://github.com/saltstack/salt/issues/53836 -# https://github.com/saltstack/salt/issues/54449 -# https://github.com/saltstack/salt/issues/62602 -# network is always recreated -# https://github.com/saltstack/salt/issues/66408 - -# otherwise it complains about scope attribute, similar to -# https://github.com/saltstack/salt/issues/50194 -# https://github.com/saltstack/salt/issues/51009 -# but it should be possible according to docs -# https://docs.saltproject.io/en/latest/ref/states/all/salt.states.docker_network.html#salt.states.docker_network.present docker-network-paperless-exists: docker_network.present: - name: paperless-network - # - scope: local + - scope: local broker-docker-container-running: docker_container.running: @@ -122,28 +69,6 @@ tika-docker-container-running: - networks: - paperless-network -# Attempt to fix json with pillar variables in variable -{% set client_secret = salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') %} -{% set oauth_server = salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') %} - -{% set PAPERLESS_SOCIALACCOUNT_PROVIDERS_ = - { - 'openid_connect': { - 'APPS': [ - { - 'provider_id': 'keycloak', - 'name': 'Keycloak', - 'client_id': 'paperless', - 'secret': client_secret, - 'settings': { - 'server_url': oauth_server - } - } - ] - } - } -%} - paperless-docker-container-running: docker_container.running: # The Docker setup does not use the configuration file. @@ -160,16 +85,18 @@ paperless-docker-container-running: - PAPERLESS_TIKA_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_endpoint', 'http://tika:9998') }} - PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }} - - PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect - - PAPERLESS_SOCIALACCOUNT_PROVIDERS="{{ PAPERLESS_SOCIALACCOUNT_PROVIDERS_ }}" - - PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} - - PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} + # - PAPERLESS_ENABLE_HTTP_REMOTE_USER={{ salt['pillar.get']('', 'false') }} + # - PAPERLESS_ENABLE_HTTP_REMOTE_USER_API={{ salt['pillar.get']('', 'false') }} + # - PAPERLESS_SECRET_KEY={{ salt['pillar.get']('paperless:webserver:environment:secret_key', 'change-me') }} + # - PAPERLESS_URL={{ salt['pillar.get']('paperless:webserver:environment:url', 'https://paperless.flipdot.org') }} - - PAPERLESS_ADMIN_USER={{ salt['pillar.get']('paperless:webserver:environment:admin_user', 'admin') }} - - PAPERLESS_ADMIN_PASSWORD={{ salt['pillar.get']('paperless:webserver:environment:admin_password', 'change-me') }} + - PAPERLESS_APPS="allauth.socialaccount.providers.openid_connect" + #- PAPERLESS_SOCIALACCOUNT_PROVIDERS='{"openid_connect": {"APPS": [{"provider_id": "keycloak", "name": "Keycloak", "client_id": "paperless", "secret": {{ salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') }}, "settings": {"server_url": {{ salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') }} }}]}}' - restart: always - networks: - paperless-network + - extra_hosts: + - ldap.flipdot.space:192.168.3.233 - binds: - /opt/paperless/webserver/data:/usr/src/paperless/data - /opt/paperless/webserver/media:/usr/src/paperless/media diff --git a/pillar.example b/pillar.example index 4e1c7af..16311d4 100644 --- a/pillar.example +++ b/pillar.example @@ -36,9 +36,6 @@ paperless: # (if doing so please consider security measures such as reverse proxy) # url=https://paperless.flipdot.org - admin_user: admin - admin_password: change-me - keycloak: client_secret: server_url: https:///realms//.well-known/openid-configuration