add: paperless oauthproxy layer

2025-12-06 11:01:36 +01:00 · 2023-06-27 15:03:45 +00:00
parent f2567c5e9f
commit b001af119b
5 changed files with 42 additions and 2 deletions
--- a/group_vars/all.yaml
+++ b/group_vars/all.yaml
@@ -125,7 +125,6 @@ keycloak_clients:
        party_secret : "HISTORY_PURGED_SECRET"
        client_id: z_heimdall
        client_secret: "HISTORY_PURGED_SECRET"
-        client_secret: "HISTORY_PURGED_SECRET"
        redirect_uris:
            - "https://hub.atlantishq.de/*"
        description: "AtlantisHQ Hub"
@@ -133,3 +132,15 @@ keycloak_clients:
        groups:
        master_address: "https://hub.atlantishq.de"
        skips:
+
+    paperless:
+        party_secret : "HISTORY_PURGED_SECRET"
+        client_id: z_paperless
+        client_secret: "HISTORY_PURGED_SECRET"
+        redirect_uris:
+            - "https://paperless.atlantishq.de/*"
+        description: "AtlantisHQ Paperless Archiving"
+        keycloak_id: "00000000-0000-0000-0000-000000000008"
+        groups: "paperless"
+        master_address: "https://paperless.atlantishq.de"
+        skips:
--- a/roles/paperless/tasks/main.yaml
+++ b/roles/paperless/tasks/main.yaml
@@ -32,3 +32,28 @@
  community.docker.docker_compose:
    project_src: /opt/paperless/
    pull: true
+
+- name: OAuth2Proxy directories
+  file:
+    path: "/opt/oauth2proxy/{{ item }}/"
+    state: directory
+    recurse: yes
+  with_items:
+   - paperless
+
+- name: include services ports
+  include_vars: services.yaml
+
+- name: Deploy OAuth2Proxy compose files
+  template:
+    src: oauth-standalone-docker-compose.yaml
+    dest: "/opt/oauth2proxy/{{ item }}/docker-compose.yaml"
+  with_items:
+    - paperless
+
+- name: Deploy OAuth2Proxy
+  community.docker.docker_compose:
+    project_src: /opt/oauth2proxy/{{ item }}/
+    pull: true
+  with_items:
+    - paperless
--- a/roles/paperless/templates/docker-compose.env
+++ b/roles/paperless/templates/docker-compose.env
@@ -4,3 +4,5 @@ PAPERLESS_OCR_LANGUAGE=deu
 PAPERLESS_SECRET_KEY=HISTORY_PURGED_SECRET
 PAPERLESS_ADMIN_USER=sheppy
 PAPERLESS_ADMIN_PASSWORD=HISTORY_PURGED_SECRET
+PAPERLESS_ENABLE_HTTP_REMOTE_USER=TRUE
+PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME=X-Forwarded-Preferred-Username
--- a/roles/paperless/templates/docker-compose.yml
+++ b/roles/paperless/templates/docker-compose.yml
@@ -57,7 +57,7 @@ services:
      - gotenberg
      - tika
    ports:
-      - "8000:8000"
+      - "9000:8000"
    healthcheck:
      test: ["CMD", "curl", "-fs", "-S", "--max-time", "2", "http://localhost:8000"]
      interval: 30s
--- a/vars/services.yaml
+++ b/vars/services.yaml
@@ -13,3 +13,5 @@ services:
        port: 5010
    heimdall:
        port: 5011
+    paperless:
+        port: 8000