Paperless auf Testserver

site.yml

@@ -82,6 +82,12 @@
         basedir: "/srv/{{ servicename }}",
         domain: "verwaltung.test-warpzone.de" 
       }
+    - { 
+        role: testserver/docker_paperless, tags: [ test_paperless, docker_services ],
+        servicename: "paperless",
+        basedir: "/srv/{{ servicename }}",
+        domain: "docs.test-warpzone.de" 
+      }
     - { 
         role: testserver/docker_tandoor, tags: [ test_tandoor, docker_services ],
         servicename: "tandoor",

testserver/docker_paperless/tasks/main.yml

+---
+- include_tasks: ../functions/get_secret.yml
+  with_items:
+   - { path: "{{ basedir }}/postgres_user_pass",   type: create, length: 12 }
+   - { path: "{{ basedir }}/paperless_admin_pass", type: create, length: 24 }
+   - { path: "{{ basedir }}/paperless_secret_key", type: create, length: 24 }
+   - { path: "{{ basedir }}/openid_client_secret", type: create, length: 64 }
+
+
+- name: Setup OAuth Client Info 
+  ansible.builtin.debug:
+    msg: "Client ID: {{ servicename }} // Client Secret: {{ openid_client_secret }} // Redirect-URI: https://{{ domain }}/accounts/oidc/uffd/login/callback/" 
+
+
+- name: "create folder struct for {{ servicename }}"
+  file:
+    path: "{{ item }}"
+    state: "directory"
+  with_items:
+    - "{{ basedir }}/db"
+    - "{{ basedir }}/data"
+    - "{{ basedir }}/media"
+    - "{{ basedir }}/consume"
+    - "{{ basedir }}/export"
+
+
+# Copy config files
+- name: deploy {{ servicename }} config
+  template:
+    dest:  "{{ basedir }}/{{ item }}"
+    src: "{{ item }}"
+    mode: 0644
+  with_items:
+    - docker-compose.yml
+  register: config
+
+
+# Start containers
+- name: "stop {{ servicename }} docker"
+  community.docker.docker_compose_v2:
+    project_src: "{{ basedir }}"
+    state: absent
+  when: config.changed
+
+
+- name: "start {{ servicename }} docker"
+  community.docker.docker_compose_v2:
+    project_src: "{{ basedir }}"
+    state: present
+

testserver/docker_paperless/templates/docker-compose.yml

+
+
+services:
+
+  broker:
+    image: redis:7-alpine
+    restart: always
+    networks:
+      - default
+
+
+  db:
+    image: postgres:13
+    restart: always
+    volumes:
+      - "{{ basedir }}/db:/var/lib/postgresql/data"
+    environment:
+      POSTGRES_DB: paperless
+      POSTGRES_USER: paperless
+      POSTGRES_PASSWORD: {{ postgres_user_pass }}
+    networks:
+      - default
+
+
+  app:
+    image: ghcr.io/paperless-ngx/paperless-ngx:latest
+    restart: always
+    depends_on:
+      - db
+      - broker
+    volumes:
+      - "{{ basedir }}/data:/usr/src/paperless/data"
+      - "{{ basedir }}/media:/usr/src/paperless/media:z"
+      - "{{ basedir }}/consume:/usr/src/paperless/consume"
+      - "{{ basedir }}/export:/usr/src/paperless/export"
+    environment:
+      USERMAP_UID: 1000
+      USERMAP_GID: 1000
+      PAPERLESS_DEBUG: 0
+      PAPERLESS_REDIS: redis://broker:6379
+      PAPERLESS_DBENGINE: postgress
+      PAPERLESS_DBHOST: db
+      PAPERLESS_DBNAME: paperless
+      PAPERLESS_DBUSER: paperless
+      PAPERLESS_DBPASS: {{ postgres_user_pass }}
+      PAPERLESS_URL: "https://{{ domain }}"
+      PAPERLESS_OCR_MODE: skip
+      PAPERLESS_OCR_OUTPUT_TYPE: pdfa
+      PAPERLESS_OCR_LANGUAGES: deu eng
+      PAPERLESS_OCR_LANGUAGE: deu
+      PAPERLESS_OCR_SKIP_ARCHIVE_FILE: with_text
+      PAPERLESS_TIME_ZONE: Europe/Berlin
+      PAPERLESS_SECRET_KEY: {{ paperless_secret_key }}
+      PAPERLESS_TASK_WORKERS: 2
+      PAPERLESS_OPTIMIZE_THUMBNAILS: 1
+      PAPERLESS_FILENAME_FORMAT: "{correspondent}/{created_year}/{created_year}-{created_month}-{created_day}_{correspondent}_{document_type}_{title}"
+      PAPERLESS_ADMIN_USER: paperlessadmin
+      PAPERLESS_ADMIN_PASSWORD: {{ paperless_admin_pass }}
+      PAPERLESS_APPS: "allauth.socialaccount.providers.openid_connect"
+      PAPERLESS_SOCIALACCOUNT_PROVIDERS: '{"openid_connect": {"APPS": [{"provider_id": "uffd","name": "uffd","client_id": "{{ servicename }}","secret": "{{ openid_client_secret }}","settings": { "server_url": "{{ oidc_global.provider_url }}/.well-known/openid-configuration"}}]}}'      
+      PAPERLESS_SOCIAL_AUTO_SIGNUP: True
+      PAPERLESS_SOCIAL_AUTO_SIGNUPS: True
+      PAPERLESS_ACCOUNT_ALLOW_SIGNUPS: False
+      PAPERLESS_ACCOUNT_DEFAULT_HTTP_PROTOCOL: https
+      PAPERLESS_ACCOUNT_EMAIL_VERIFICATION: optional
+      PAPERLESS_DISABLE_REGULAR_LOGIN: True
+      PAPERLESS_REDIRECT_LOGIN_TO_SSO: True
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8000"]
+      interval: 30s
+      timeout: 10s
+      retries: 5
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
+      - traefik.http.routers.{{ servicename }}.entrypoints=websecure
+      - traefik.http.services.{{ servicename }}.loadbalancer.server.port=8000
+      - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5368709120
+    networks:
+      - default
+      - web
+
+
+networks:
+  web:
+    external: true