-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathpaperless.yml
179 lines (156 loc) · 7.64 KB
/
paperless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
---
- hosts: homelab
vars:
application: paperless
paperless_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
37376230653063636435643761613933646533386364653337333531376666333832356535613335
3830346530613065663337633433643737626630353633320a333233643063303532373136613366
33343165396439316630366138336532396630633531396335383931343761333361633865376163
3035303733313362630a626335363735343732666434636336326364326137623161333235346635
66616131623836326339653631663830313063643762356533353433336463373834
paperless_oidc: |
{
"openid_connect": {
"APPS": [
{
"provider_id": "{{ oidc_provider }}",
"name": "{{ oidc_provider | title }}",
"client_id": "{{ application }}",
"secret": "{{ oidc_auth.paperless.secret }}",
"settings": {
"server_url": "{{ oidc_base_url }}"
}
}
]
}
}
docker_network: "{{ networks.iot }}"
tasks:
- name: Create FTP user
ansible.builtin.user:
name: "{{ users.paperless.username }}"
create_home: false
home: "{{ users.paperless.home }}"
password: "{{ users.paperless.password | string | password_hash('sha512') }}"
update_password: on_create
password_expire_max: -1
register: _paperless_user
- name: Create config directory
ansible.builtin.file:
path: "{{ config_directory }}"
state: directory
owner: "{{ _paperless_user.uid }}"
group: "{{ common_group_id }}"
mode: "0750"
- name: Create redis container
ansible.builtin.include_role:
name: redis
vars:
redis_version: 7
redis_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
66616663343636323632653230393236623832323030353239326134343865396537623838636633
3338386137643637363764363536306162313962396436360a383164326261663939323166333065
39383630313465306631303739386466356530326463646139383165343961326439643663616531
6333353632313432390a366336666137353762356134383432653363333530336362626231316231
31393165353662613235636139303464396437383763333731366439383931366236
- name: Create postgres container
ansible.builtin.include_role:
name: postgres
vars:
postgres_version: 17
postgres_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
34646338663564366636613638623633313633396636326562366164663737373764363462666534
3235396632363938646334303163343030366634623565370a346261653364656233663139373530
39363435663432613063353734373765326663343364333333613162666639346431303637393736
3763326637366535650a656530396266386266353038333734346264636531623836356534393338
32316163363863313262333638646363343638373430633864393665373035653930
- name: Create tika container
ansible.builtin.include_role:
name: docker_container
vars:
name: "{{ application }}-tika"
image: apache/tika:3.0.0.0
- name: Create gotenberg container
ansible.builtin.include_role:
name: docker_container
vars:
name: "{{ application }}-gotenberg"
image: gotenberg/gotenberg:8.15.3
- name: Create webserver container
ansible.builtin.include_role:
name: docker_container
register: _paperless_container
vars:
image: ghcr.io/paperless-ngx/paperless-ngx:2.14.4
volumes:
- "{{ config_directory }}/data:/usr/src/paperless/data"
- "{{ config_directory }}/media:/usr/src/paperless/media"
- "{{ config_directory }}/export:/usr/src/paperless/export"
- "{{ config_directory }}/consume:/usr/src/paperless/consume"
env:
USERMAP_UID: "{{ _paperless_user.uid | string }}"
USERMAP_GID: "{{ common_group_id | string }}"
PAPERLESS_REDIS: "{{ _redis_url }}"
PAPERLESS_DBHOST: "{{ _postgres_hostname }}"
PAPERLESS_DBPORT: "{{ _postgres_port | string }}"
PAPERLESS_DBNAME: "{{ _postgres_database }}"
PAPERLESS_DBUSER: "{{ _postgres_username }}"
PAPERLESS_DBPASS: "{{ _postgres_password }}"
PAPERLESS_DBSSLMODE: "prefer"
PAPERLESS_TIKA_ENABLED: "true"
PAPERLESS_TIKA_ENDPOINT: "http://{{ application }}-tika:9998"
PAPERLESS_TIKA_GOTENBERG_ENDPOINT: "http://{{ application }}-gotenberg:3000"
PAPERLESS_LOGROTATE_MAX_BACKUPS: "0"
PAPERLESS_SECRET_KEY: !vault |
$ANSIBLE_VAULT;1.1;AES256
30353865316135366430366535366133663766396663653933623661393862663561353736643031
3335353466353937343333626636636137653734646463640a366136656362653434323630623638
34326136376232613737636661646564666239656166323561366536323530643062306334343664
3333363561316362350a653033366431313335373531633533613838646334306533313566366332
64383064313763323465343030356561666665643936386430306530616461313434
PAPERLESS_URL: "https://{{ application }}.{{ common_tld }}"
PAPERLESS_CSRF_TRUSTED_ORIGINS: "https://{{ application }}.{{ common_tld }}"
PAPERLESS_ALLOWED_HOSTS: "https://{{ application }}.{{ common_tld }}"
PAPERLESS_CORS_ALLOWED_HOSTS: "https://{{ application }}.{{ common_tld }}"
PAPERLESS_SOCIALACCOUNT_PROVIDERS: "{{ paperless_oidc | to_json }}"
PAPERLESS_OCR_LANGUAGE: "eng"
PAPERLESS_TIME_ZONE: "{{ common_timezone }}"
PAPERLESS_APPS: "allauth.socialaccount.providers.openid_connect"
PAPERLESS_EMAIL_HOST: "{{ common_email_server }}"
PAPERLESS_EMAIL_PORT: "{{ common_email_port | string }}"
PAPERLESS_EMAIL_HOST_USER: "{{ common_email_username }}"
PAPERLESS_EMAIL_FROM: "{{ application }}{{ common_email_to }}"
PAPERLESS_EMAIL_HOST_PASSWORD: "{{ common_email_password }}"
PAPERLESS_EMAIL_USE_TLS: "{{ 'true' if common_email_protocol=='tls' else 'false' }}"
PAPERLESS_EMAIL_USE_SSL: "{{ 'false' if common_email_protocol=='tls' else 'true' }}"
traefik:
- port: 8000
homepage:
name: Paperless-ngx
group: Favourites
weight: 130
description: "Scan, index and archive all physical documents"
widget:
type: paperlessngx
url: "https://{{ application }}.{{ common_tld }}"
key: !vault |
$ANSIBLE_VAULT;1.1;AES256
30393937366134366631613137373364316563343438323539343236316433313264663130306339
3738396362303837666166363433303163636234373463380a366238623832383931643665636334
34663330346234373132666266616266376537353834616539663132396334363236643738623138
3538323264623430650a623131333664626437613366383335313336653738393532613034636439
34383066643739636430333836616661306636656436613939353539363332333033313364393930
3032326362396363333032616432633063393162323466316430
- name: Wait for paperless to be ready
ansible.builtin.wait_for:
timeout: 30
- name: Create application user
community.docker.docker_container_exec:
container: "{{ application }}"
command: bash -c "DJANGO_SUPERUSER_PASSWORD={{ paperless_password }} python3 manage.py createsuperuser --username {{ common_user }} --email {{ application }}{{ common_email_to }} --noinput"
register: _command_result
changed_when: "'Superuser created successfully' in _command_result.stdout"
failed_when: ('Superuser created successfully' not in _command_result.stdout) and ('That username is already taken' not in _command_result.stderr)