diff --git a/site.yml b/site.yml
index 2debb6fa8102508ed92730f40f402d886d8b112e..8f05a79dcef5b7b86d0cf42237bf7d8410e7d65e 100644
--- a/site.yml
+++ b/site.yml
@@ -82,6 +82,12 @@
basedir: "/srv/{{ servicename }}",
domain: "verwaltung.test-warpzone.de"
}
+ - {
+ role: testserver/docker_paperless, tags: [ test_paperless, docker_services ],
+ servicename: "paperless",
+ basedir: "/srv/{{ servicename }}",
+ domain: "docs.test-warpzone.de"
+ }
- {
role: testserver/docker_tandoor, tags: [ test_tandoor, docker_services ],
servicename: "tandoor",
diff --git a/testserver/docker_paperless/tasks/main.yml b/testserver/docker_paperless/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c45ac0658c53d1193f7ff19fd9a62606311d7dc0
--- /dev/null
+++ b/testserver/docker_paperless/tasks/main.yml
@@ -0,0 +1,50 @@
+---
+- include_tasks: ../functions/get_secret.yml
+ with_items:
+ - { path: "{{ basedir }}/postgres_user_pass", type: create, length: 12 }
+ - { path: "{{ basedir }}/paperless_admin_pass", type: create, length: 24 }
+ - { path: "{{ basedir }}/paperless_secret_key", type: create, length: 24 }
+ - { path: "{{ basedir }}/openid_client_secret", type: create, length: 64 }
+
+
+- name: Setup OAuth Client Info
+ ansible.builtin.debug:
+ msg: "Client ID: {{ servicename }} // Client Secret: {{ openid_client_secret }} // Redirect-URI: https://{{ domain }}/accounts/oidc/uffd/login/callback/"
+
+
+- name: "create folder struct for {{ servicename }}"
+ file:
+ path: "{{ item }}"
+ state: "directory"
+ with_items:
+ - "{{ basedir }}/db"
+ - "{{ basedir }}/data"
+ - "{{ basedir }}/media"
+ - "{{ basedir }}/consume"
+ - "{{ basedir }}/export"
+
+
+# Copy config files
+- name: deploy {{ servicename }} config
+ template:
+ dest: "{{ basedir }}/{{ item }}"
+ src: "{{ item }}"
+ mode: 0644
+ with_items:
+ - docker-compose.yml
+ register: config
+
+
+# Start containers
+- name: "stop {{ servicename }} docker"
+ community.docker.docker_compose_v2:
+ project_src: "{{ basedir }}"
+ state: absent
+ when: config.changed
+
+
+- name: "start {{ servicename }} docker"
+ community.docker.docker_compose_v2:
+ project_src: "{{ basedir }}"
+ state: present
+
diff --git a/testserver/docker_paperless/templates/docker-compose.yml b/testserver/docker_paperless/templates/docker-compose.yml
new file mode 100644
index 0000000000000000000000000000000000000000..162ba5317aa31984d0f70353d872ce7ab830ec4b
--- /dev/null
+++ b/testserver/docker_paperless/templates/docker-compose.yml
@@ -0,0 +1,86 @@
+
+
+services:
+
+ broker:
+ image: redis:7-alpine
+ restart: always
+ networks:
+ - default
+
+
+ db:
+ image: postgres:13
+ restart: always
+ volumes:
+ - "{{ basedir }}/db:/var/lib/postgresql/data"
+ environment:
+ POSTGRES_DB: paperless
+ POSTGRES_USER: paperless
+ POSTGRES_PASSWORD: {{ postgres_user_pass }}
+ networks:
+ - default
+
+
+ app:
+ image: ghcr.io/paperless-ngx/paperless-ngx:latest
+ restart: always
+ depends_on:
+ - db
+ - broker
+ volumes:
+ - "{{ basedir }}/data:/usr/src/paperless/data"
+ - "{{ basedir }}/media:/usr/src/paperless/media:z"
+ - "{{ basedir }}/consume:/usr/src/paperless/consume"
+ - "{{ basedir }}/export:/usr/src/paperless/export"
+ environment:
+ USERMAP_UID: 1000
+ USERMAP_GID: 1000
+ PAPERLESS_DEBUG: 0
+ PAPERLESS_REDIS: redis://broker:6379
+ PAPERLESS_DBENGINE: postgress
+ PAPERLESS_DBHOST: db
+ PAPERLESS_DBNAME: paperless
+ PAPERLESS_DBUSER: paperless
+ PAPERLESS_DBPASS: {{ postgres_user_pass }}
+ PAPERLESS_URL: "https://{{ domain }}"
+ PAPERLESS_OCR_MODE: skip
+ PAPERLESS_OCR_OUTPUT_TYPE: pdfa
+ PAPERLESS_OCR_LANGUAGES: deu eng
+ PAPERLESS_OCR_LANGUAGE: deu
+ PAPERLESS_OCR_SKIP_ARCHIVE_FILE: with_text
+ PAPERLESS_TIME_ZONE: Europe/Berlin
+ PAPERLESS_SECRET_KEY: {{ paperless_secret_key }}
+ PAPERLESS_TASK_WORKERS: 2
+ PAPERLESS_OPTIMIZE_THUMBNAILS: 1
+ PAPERLESS_FILENAME_FORMAT: "{correspondent}/{created_year}/{created_year}-{created_month}-{created_day}_{correspondent}_{document_type}_{title}"
+ PAPERLESS_ADMIN_USER: paperlessadmin
+ PAPERLESS_ADMIN_PASSWORD: {{ paperless_admin_pass }}
+ PAPERLESS_APPS: "allauth.socialaccount.providers.openid_connect"
+ PAPERLESS_SOCIALACCOUNT_PROVIDERS: '{"openid_connect": {"APPS": [{"provider_id": "uffd","name": "uffd","client_id": "{{ servicename }}","secret": "{{ openid_client_secret }}","settings": { "server_url": "{{ oidc_global.provider_url }}/.well-known/openid-configuration"}}]}}'
+ PAPERLESS_SOCIAL_AUTO_SIGNUP: True
+ PAPERLESS_SOCIAL_AUTO_SIGNUPS: True
+ PAPERLESS_ACCOUNT_ALLOW_SIGNUPS: False
+ PAPERLESS_ACCOUNT_DEFAULT_HTTP_PROTOCOL: https
+ PAPERLESS_ACCOUNT_EMAIL_VERIFICATION: optional
+ PAPERLESS_DISABLE_REGULAR_LOGIN: True
+ PAPERLESS_REDIRECT_LOGIN_TO_SSO: True
+ healthcheck:
+ test: ["CMD", "curl", "-f", "http://localhost:8000"]
+ interval: 30s
+ timeout: 10s
+ retries: 5
+ labels:
+ - traefik.enable=true
+ - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
+ - traefik.http.routers.{{ servicename }}.entrypoints=websecure
+ - traefik.http.services.{{ servicename }}.loadbalancer.server.port=8000
+ - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5368709120
+ networks:
+ - default
+ - web
+
+
+networks:
+ web:
+ external: true