From 39c6d0e8197a1776a1afe1c529c6b41b0409aaef Mon Sep 17 00:00:00 2001
From: rfl <rfl@flipdot.org>
Date: Tue, 1 Oct 2024 21:07:18 +0200
Subject: [PATCH 1/2] Fix ip

---
 paperless/init.sls | 2 +-
 pillar.example     | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/paperless/init.sls b/paperless/init.sls
index 7d80aa6..3c193e7 100644
--- a/paperless/init.sls
+++ b/paperless/init.sls
@@ -80,4 +80,4 @@ paperless-docker-container-running:
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
     - port_bindings:
-      - "{{ salt['pillar.get']('paperless:webserver:port', "127.0.0.1:8000") }}:8000"
+      - {{ salt['pillar.get']('paperless:webserver:ip', '127.0.0.1') }}:{{ salt['pillar.get']('paperless:webserver:port', '8000') }}:8000
diff --git a/pillar.example b/pillar.example
index 977b3f1..ea278a4 100644
--- a/pillar.example
+++ b/pillar.example
@@ -5,8 +5,9 @@ paperless:
       version: 7
   webserver:
     image:
-      path: github.com/paperless-ngx/paperless-ngx
-      version: v2.11.6
+      path: ghcr.io/paperless-ngx/paperless-ngx
+      version: 2.12
+    ip: 127.0.0.1
     port: 8000
     environment:
       redis: redis://broker:6379

From 4cf8c5c7d41f21766e50ec31f39d5499e6280d07 Mon Sep 17 00:00:00 2001
From: rfl <rfl@flipdot.org>
Date: Wed, 2 Oct 2024 13:02:56 +0200
Subject: [PATCH 2/2] WIP: Use keycloak for sso

---
 paperless/init.sls | 3 +++
 pillar.example     | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/paperless/init.sls b/paperless/init.sls
index 3c193e7..6d9b64a 100644
--- a/paperless/init.sls
+++ b/paperless/init.sls
@@ -67,6 +67,9 @@ paperless-docker-container-running:
       # - PAPERLESS_ENABLE_HTTP_REMOTE_USER_API={{ salt['pillar.get']('', 'false') }}
       # - PAPERLESS_SECRET_KEY={{ salt['pillar.get']('paperless:webserver:environment:secret_key', 'change-me') }}
       # - PAPERLESS_URL={{ salt['pillar.get']('paperless:webserver:environment:url', 'https://paperless.flipdot.org') }}
+
+      - PAPERLESS_APPS="allauth.socialaccount.providers.openid_connect"
+      - PAPERLESS_SOCIALACCOUNT_PROVIDERS='{"openid_connect": {"APPS": [{"provider_id": "keycloak", "name": "Keycloak", "client_id": "paperless", "secret": {{ salt['pillar.get']('paperless:webserver:keycloak:client_secret', '<CLIENT_SECRET>') }}, "settings": {"server_url": {{ salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https://<KEYCLOAK_SERVER>/realms/<REALM>/.well-known/openid-configuration') }} }}]}}'
     - restart: always
     - networks:
       - paperless-network
diff --git a/pillar.example b/pillar.example
index ea278a4..16311d4 100644
--- a/pillar.example
+++ b/pillar.example
@@ -36,6 +36,9 @@ paperless:
       # (if doing so please consider security measures such as reverse proxy)
       # url=https://paperless.flipdot.org
 
+    keycloak:
+      client_secret: <CLIENT_SECRET>
+      server_url: https://<KEYCLOAK_SERVER>/realms/<REALM>/.well-known/openid-configuration
   gotenberg:
     image:
       path: docker.io/gotenberg/gotenberg