paperless-ngx

JamesTurland · Feb 19, 2024 · 68323a0 · 68323a0
1 parent b49f5dc
commit 68323a0
Show file tree

Hide file tree

Showing 3 changed files with 236 additions and 0 deletions.
diff --git a/Ansible/k8s.yml b/Ansible/k8s.yml
@@ -0,0 +1,106 @@
+- hosts: masters
+  gather_facts: false
+  become: true
+  ignore_unreachable: true
+  ignore_errors: false
+  serial: 1
+    tasks:
+
+##################################
+
+# Required to avoid the following bug:
+# https://github.com/ansible/ansible/issues/48352
+    - name: Allow release info change
+      lineinfile:
+        path: /etc/apt/apt.conf.d/99releaseinfochange
+        state: present
+        create: true
+        line: Acquire::AllowReleaseInfoChange::Suite "true";
+
+    - name: Run the equivalent of "apt-get update" as a separate step
+      apt:
+        update_cache: yes
+      become: true
+      register: apt
+
+    - name: Upgrade all packages to the latest version
+      become: true
+      apt:
+        name: "*"
+        state: latest
+        update_cache: false
+      register: appsupdated
+
+    - name: Remove useless packages from the cache
+      apt:
+        autoclean: yes
+      become: true
+
+    - name: Remove dependencies that are no longer required
+      apt:
+        autoremove: yes
+      become: true
+
+    - name: check for reboot file
+      stat:
+        path: /var/run/reboot-required
+      register: reboot_file
+
+
+  ##################################
+
+    - name: drain node
+      become: false
+      kubernetes.core.k8s_drain:
+        state: drain
+        name: "{{ inventory_hostname }}"
+        delete_options:
+          ignore_daemonsets: true
+          delete_emptydir_data: true
+      delegate_to: localhost
+      when:
+        - appsupdated.changed
+        - reboot_file.stat.exists
+      register: nodedrained
+
+    - name: Pause for 1 minutes
+      ansible.builtin.pause:
+        minutes: 1
+      when: nodedrained.changed
+
+    - name: Reboot system if required
+      shell: ( /bin/sleep 5 ; shutdown -r now "Ansible updates triggered" ) &
+              removes=/var/run/reboot-required
+      ignore_errors: true
+      async: 30
+      poll: 0
+      notify:
+        - waiting for reboot
+      when: reboot_file.stat.exists
+
+    - name: Flush handlers
+      meta: flush_handlers
+
+    - name: Pause for 1 minutes
+      ansible.builtin.pause:
+        minutes: 1
+      when: nodedrained.changed
+
+    - name: uncordon node
+      become: false
+      kubernetes.core.k8s_drain:
+        state: uncordon
+        name: "{{ inventory_hostname }}"
+        delete_options:
+          ignore_daemonsets: true
+          delete_emptydir_data: true
+      delegate_to: localhost
+      when: nodedrained.changed| default(omit)
+
+    handlers:
+    - name: waiting for reboot
+      local_action: wait_for
+        host="{{ inventory_hostname }}"
+        port=2222
+        delay=10
+        timeout=120
diff --git a/Paperless-ngx/.env b/Paperless-ngx/.env
@@ -0,0 +1 @@
+COMPOSE_PROJECT_NAME=paperless
diff --git a/Paperless-ngx/docker-compose.yaml b/Paperless-ngx/docker-compose.yaml
@@ -0,0 +1,129 @@
+# Docker Compose file for running paperless from the docker container registry.
+# This file contains everything paperless needs to run.
+# Paperless supports amd64, arm and arm64 hardware.
+#
+# All compose files of paperless configure paperless in the following way:
+#
+# - Paperless is (re)started on system boot, if it was running before shutdown.
+# - Docker volumes for storing data are managed by Docker.
+# - Folders for importing and exporting files are created in the same directory
+#   as this file and mounted to the correct folders inside the container.
+# - Paperless listens on port 8000.
+#
+# In addition to that, this Docker Compose file adds the following optional
+# configurations:
+#
+# - Instead of SQLite (default), PostgreSQL is used as the database server.
+# - Apache Tika and Gotenberg servers are started with paperless and paperless
+#   is configured to use these services. These provide support for consuming
+#   Office documents (Word, Excel, Power Point and their LibreOffice counter-
+#   parts.
+#
+# To install and update paperless with this file, do the following:
+#
+# - Copy this file as 'docker-compose.yml' and the files 'docker-compose.env'
+#   and '.env' into a folder.
+# - Run 'docker compose pull'.
+# - Run 'docker compose run --rm webserver createsuperuser' to create a user.
+# - Run 'docker compose up -d'.
+#
+# For more extensive installation and update instructions, refer to the
+# documentation.
+
+version: "3.4"
+services:
+  broker:
+    image: docker.io/library/redis:7
+    restart: unless-stopped
+    volumes:
+      - redisdata:/data
+    networks:
+      paperless:
+
+  db:
+    image: docker.io/library/postgres:15
+    restart: unless-stopped
+    volumes:
+      - pgdata:/var/lib/postgresql/data
+    environment:
+      POSTGRES_DB: paperless
+      POSTGRES_USER: paperless
+      POSTGRES_PASSWORD: paperless
+    networks:
+      paperless:
+
+  webserver:
+    image: ghcr.io/paperless-ngx/paperless-ngx:latest
+    restart: unless-stopped
+    depends_on:
+      - db
+      - broker
+      - gotenberg
+      - tika
+    # Not needed as we're using Traefik
+    #ports:
+    #  - "8005:8000"
+    volumes:
+      - data:/usr/src/paperless/data
+      - media:/usr/src/paperless/media
+      - ./export:/usr/src/paperless/export
+      - ./consume:/usr/src/paperless/consume
+    env_file: .env
+    environment:
+      PAPERLESS_REDIS: redis://broker:6379
+      PAPERLESS_DBHOST: db
+      PAPERLESS_TIKA_ENABLED: 1
+      PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000
+      PAPERLESS_TIKA_ENDPOINT: http://tika:9998
+      PAPERLESS_URL: https://paperless.jimsgarage.co.uk
+      PAPERLESS_ADMIN_USER: paperless
+      PAPERLESS_ADMIN_PASSWORD: paperless
+      PAPERLESS_APPS: "allauth.socialaccount.providers.openid_connect"
+      # Find out how to configure Authentik: https://youtu.be/enwFWELCYJo
+      PAPERLESS_SOCIALACCOUNT_PROVIDERS: '{"openid_connect": {"APPS": [{"provider_id": "authentik","name": "Authentik SSO","client_id": "BnxpFXvscduU2PdAdPaCelphhDYpAXo9upbAUS3F","secret": "0JcyunvA0Ra25i49zULTbro0jdbH9gHrdnSDExT9Ze2TNoB8so9B8AbdB7riYjYHPZfwuWtAeTCpwPAi2Sct7M8w3y8VTPPxwgFG1JzdoWdxLgUz0NO6l3L2UFBmzQ5m","settings": { "server_url": "https://authentik.jimsgarage.co.uk/application/o/paperless-ngx/.well-known/openid-configuration"}}]}}'
+    networks:
+      paperless:
+      proxy:
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.paperless.entrypoints=http"
+      - "traefik.http.routers.paperless.rule=Host(`paperless.jimsgarage.co.uk`)"
+      - "traefik.http.middlewares.paperless-https-redirect.redirectscheme.scheme=https"
+      - "traefik.http.routers.paperless.middlewares=paperless-https-redirect"
+      - "traefik.http.routers.paperless-secure.entrypoints=https"
+      - "traefik.http.routers.paperless-secure.rule=Host(`paperless.jimsgarage.co.uk`)"
+      - "traefik.http.routers.paperless-secure.tls=true"
+      - "traefik.http.routers.paperless-secure.tls.certresolver=cloudflare" # change this to your cert resolver
+      - "traefik.http.routers.paperless-secure.service=paperless" 
+      - "traefik.http.services.paperless.loadbalancer.server.port=8000"
+      - "traefik.docker.network=proxy"
+
+  gotenberg:
+    image: docker.io/gotenberg/gotenberg:7.10
+    restart: unless-stopped
+
+    # The gotenberg chromium route is used to convert .eml files. We do not
+    # want to allow external content like tracking pixels or even javascript.
+    command:
+      - "gotenberg"
+      - "--chromium-disable-javascript=true"
+      - "--chromium-allow-list=file:///tmp/.*"
+    networks:
+      paperless:
+
+  tika:
+    image: ghcr.io/paperless-ngx/tika:latest
+    restart: unless-stopped
+    networks:
+      paperless:
+
+volumes:
+  data:
+  media:
+  pgdata:
+  redisdata:
+
+networks:
+  paperless:
+  proxy:
+    external: true