# Attempt to fix json with pillar variables in variable {% set client_secret = salt['pillar.get']('paperless:webserver:keycloak:client_secret', '') %} {% set oauth_server = salt['pillar.get']('paperless:webserver:keycloak:server_url', 'https:///realms//.well-known/openid-configuration') %} {% set PAPERLESS_SOCIALACCOUNT_PROVIDERS_ = "{'openid_connect': {'APPS': [{'provider_id': 'keycloak', 'name': 'Keycloak', 'client_id': 'paperless', 'secret': client_secret, 'settings': {'server_url': oauth_server} }]} }"|tojson %} broker-data-directory-exists: file.directory: - name: /opt/paperless/broker - makedirs: True paperless-data-directory-exists: file.directory: - name: /opt/paperless/webserver - makedirs: True python3-pip: pkg.installed # https://github.com/saltstack/salt/issues/61004 python-pip-uptodate: pip.installed: - require: - pkg: python3-pip - pkgs: - pip - upgrade: True # https://bugs.launchpad.net/ubuntu/+source/python-docker/+bug/2066926 # https://packages.debian.org/source/sid/python-docker # does not work # python-docker-package: # pkg.installed: # - name: python3-docker # https://stackoverflow.com/a/78224409 # https://github.com/docker/docker-py/issues/3113 # https://github.com/saltstack/salt/issues/62689 docker-requirements: pip.installed: - require: - pkg: python3-pip - pkgs: # - docker==6.1.3 # - docker==7.0.0 - docker==7.1.0 # - docker==5.0.3 # - docker-py==1.10.5 # - requests<2.29.0 # - urllib3<2.0 # other errors that were encountered # keyerror http+docker # https://github.com/geerlingguy/ansible-role-docker/issues/462 # https://github.com/docker/docker-py/issues/3279 # unexpected keyword argument 'chunked' # https://github.com/saltstack/salt/issues/65526 # 'docker.version' is not available # https://github.com/saltstack/salt/issues/53836 # https://github.com/saltstack/salt/issues/54449 # https://github.com/saltstack/salt/issues/62602 # network is always recreated # https://github.com/saltstack/salt/issues/66408 # otherwise it complains about scope attribute, similar to # https://github.com/saltstack/salt/issues/50194 # https://github.com/saltstack/salt/issues/51009 # but it should be possible according to docs # https://docs.saltproject.io/en/latest/ref/states/all/salt.states.docker_network.html#salt.states.docker_network.present docker-network-paperless-exists: docker_network.present: - name: paperless-network # - scope: local broker-docker-container-running: docker_container.running: - name: broker - image: {{ salt['pillar.get']('paperless:broker:image:path', 'docker.io/library/redis') }}:{{ salt['pillar.get']('paperless:broker:image:version', '7') }} - container_name: broker - restart: unless-stopped - binds: /opt/paperless/broker:/data - networks: - paperless-network gotenberg-docker-container-running: docker_container.running: - name: gotenberg - image: {{ salt['pillar.get']('paperless:gotenberg:image:path', 'docker.io/gotenberg/gotenberg') }}:{{ salt['pillar.get']('paperless:gotenberg:image:version', '8.9.1') }} - container_name: gotenberg - restart: unless-stopped # The gotenberg chromium route is used to convert .eml files. We do not # want to allow external content like tracking pixels or even javascript. - command: - "gotenberg" - "--chromium-disable-javascript=true" - "--chromium-allow-list=file:///tmp/.*" - networks: - paperless-network tika-docker-container-running: docker_container.running: - name: tika - image: {{ salt['pillar.get']('paperless:tika:image:path', 'docker.io/apache/tika') }}:{{ salt['pillar.get']('paperless:tika:image:version', '2.9.2.1') }} - container_name: tika - restart: unless-stopped - networks: - paperless-network paperless-docker-container-running: docker_container.running: # The Docker setup does not use the configuration file. # So we have to set everything through environment variables. # see https://github.com/paperless-ngx/paperless-ngx/blob/main/docker/compose/docker-compose.env - name: paperless - image: {{ salt['pillar.get']('paperless:webserver:image:path', 'ghcr.io/paperless-ngx/paperless-ngx') }}:{{ salt['pillar.get']('paperless:webserver:image:version', '2.12') }} - container_name: paperless - environment: - USER_UID=1000 - USER_GID=1000 - PAPERLESS_REDIS={{ salt['pillar.get']('paperless:webserver:environment:redis', 'redis://broker:6379') }} - PAPERLESS_TIKA_ENABLED={{ salt['pillar.get']('paperless:webserver:environment:tika_enabled', '1') }} - PAPERLESS_TIKA_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_endpoint', 'http://tika:9998') }} - PAPERLESS_TIKA_GOTENBERG_ENDPOINT={{ salt['pillar.get']('paperless:webserver:environment:tika_gotenberg_endpoint', 'http://gotenberg:3000') }} - PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect - PAPERLESS_SOCIALACCOUNT_PROVIDERS="{{ PAPERLESS_SOCIALACCOUNT_PROVIDERS_ }}" - PAPERLESS_DISABLE_REGULAR_LOGIN={{ salt['pillar.get']('paperless:webserver:environment:disable_regular_login', 'true') }} - PAPERLESS_REDIRECT_LOGIN_TO_SSO={{ salt['pillar.get']('paperless:webserver:environment:redirect_login_to_sso', 'true') }} - PAPERLESS_ADMIN_USER={{ salt['pillar.get']('paperless:webserver:environment:admin_user', 'admin') }} - PAPERLESS_ADMIN_PASSWORD={{ salt['pillar.get']('paperless:webserver:environment:admin_password', 'change-me') }} - restart: always - networks: - paperless-network - binds: - /opt/paperless/webserver/data:/usr/src/paperless/data - /opt/paperless/webserver/media:/usr/src/paperless/media - /opt/paperless/webserver/export:/usr/src/paperless/export - /opt/paperless/webserver/consume:/usr/src/paperless/consume - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro - port_bindings: - {{ salt['pillar.get']('paperless:webserver:ip', '127.0.0.1') }}:{{ salt['pillar.get']('paperless:webserver:port', '8000') }}:8000