initial: no secrets

roles/paperless/tasks/main.yaml

@@ -0,0 +1,59 @@
+- name: Install Compose
+  apt:
+    pkg:
+        - docker-compose
+
+- name: Create paperless compose dir
+  file:
+    name: /opt/paperless/
+    state: directory
+
+- name: Create paperless volume root
+  file:
+    name: "/data/paperless"
+    state: directory
+
+- name: Copy paperless files
+  template:
+    src: "{{ item }}"
+    dest: /opt/paperless/
+  with_items:
+    - docker-compose.env
+    - docker-compose.yml
+    - env
+
+- name: Link env file
+  file:
+    state: link
+    src: /opt/paperless/env
+    dest: /opt/paperless/.env
+
+- name: Deploy paperless
+  community.docker.docker_compose:
+    project_src: /opt/paperless/
+    pull: true
+
+- name: OAuth2Proxy directories
+  file:
+    path: "/opt/oauth2proxy/{{ item }}/"
+    state: directory
+    recurse: yes
+  with_items:
+   - paperless
+
+- name: include services ports
+  include_vars: services.yaml
+
+- name: Deploy OAuth2Proxy compose files
+  template:
+    src: oauth-standalone-docker-compose.yaml
+    dest: "/opt/oauth2proxy/{{ item }}/docker-compose.yaml"
+  with_items:
+    - paperless
+
+- name: Deploy OAuth2Proxy
+  community.docker.docker_compose:
+    project_src: /opt/oauth2proxy/{{ item }}/
+    pull: true
+  with_items:
+    - paperless

roles/paperless/templates/docker-compose.env

@@ -0,0 +1,8 @@
+PAPERLESS_URL=https://paperless.atlantishq.de
+PAPERLESS_TIME_ZONE=Europe/Berlin
+PAPERLESS_OCR_LANGUAGE=deu
+PAPERLESS_SECRET_KEY=icKJNMNv9evdr39ZquenbflUDvwQt4B2AgvpDJ5rudmImw3Vn3Y2OOGJvAKgVSns
+PAPERLESS_ADMIN_USER=sheppy
+PAPERLESS_ADMIN_PASSWORD=xu1iegoXuu
+PAPERLESS_ENABLE_HTTP_REMOTE_USER=TRUE
+PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME=X-Forwarded-Preferred-Username

roles/paperless/templates/docker-compose.yml

@@ -0,0 +1,98 @@
+# docker-compose file for running paperless from the docker container registry.
+# This file contains everything paperless needs to run.
+# Paperless supports amd64, arm and arm64 hardware.
+#
+# All compose files of paperless configure paperless in the following way:
+#
+# - Paperless is (re)started on system boot, if it was running before shutdown.
+# - Docker volumes for storing data are managed by Docker.
+# - Folders for importing and exporting files are created in the same directory
+#   as this file and mounted to the correct folders inside the container.
+# - Paperless listens on port 8000.
+#
+# In addition to that, this docker-compose file adds the following optional
+# configurations:
+#
+# - Instead of SQLite (default), PostgreSQL is used as the database server.
+# - Apache Tika and Gotenberg servers are started with paperless and paperless
+#   is configured to use these services. These provide support for consuming
+#   Office documents (Word, Excel, Power Point and their LibreOffice counter-
+#   parts.
+#
+# To install and update paperless with this file, do the following:
+#
+# - Copy this file as 'docker-compose.yml' and the files 'docker-compose.env'
+#   and '.env' into a folder.
+# - Run 'docker-compose pull'.
+# - Run 'docker-compose run --rm webserver createsuperuser' to create a user.
+# - Run 'docker-compose up -d'.
+#
+# For more extensive installation and update instructions, refer to the
+# documentation.
+
+version: "3.4"
+services:
+  broker:
+    image: docker.io/library/redis:7
+    restart: unless-stopped
+    volumes:
+      - redisdata:/data
+
+  db:
+    image: docker.io/library/postgres:13
+    restart: unless-stopped
+    volumes:
+      - pgdata:/var/lib/postgresql/data
+    environment:
+      POSTGRES_DB: paperless
+      POSTGRES_USER: paperless
+      POSTGRES_PASSWORD: paperless
+
+  webserver:
+    image: ghcr.io/paperless-ngx/paperless-ngx:1.5.0
+    restart: unless-stopped
+    depends_on:
+      - db
+      - broker
+      - gotenberg
+      - tika
+    ports:
+      - "9000:8000"
+    healthcheck:
+      test: ["CMD", "curl", "-fs", "-S", "--max-time", "2", "http://localhost:8000"]
+      interval: 30s
+      timeout: 10s
+      retries: 5
+    volumes:
+      - /data/paperless/data:/usr/src/paperless/data
+      - /data/paperless/media:/usr/src/paperless/media
+      - /data/paperless/export:/usr/src/paperless/export
+      - /data/paperless/paperless-ngx/consume:/usr/src/paperless/consume
+    env_file: docker-compose.env
+    environment:
+      PAPERLESS_REDIS: redis://broker:6379
+      PAPERLESS_DBHOST: db
+      PAPERLESS_TIKA_ENABLED: 1
+      PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000
+      PAPERLESS_TIKA_ENDPOINT: http://tika:9998
+
+  gotenberg:
+    image: docker.io/gotenberg/gotenberg:7.8
+    restart: unless-stopped
+
+    # The gotenberg chromium route is used to convert .eml files. We do not
+    # want to allow external content like tracking pixels or even javascript.
+    command:
+      - "gotenberg"
+      - "--chromium-disable-javascript=true"
+      - "--chromium-allow-list=file:///tmp/.*"
+
+  tika:
+    image: ghcr.io/paperless-ngx/tika:latest
+    restart: unless-stopped
+
+volumes:
+  data:
+  media:
+  pgdata:
+  redisdata:

roles/paperless/templates/env

@@ -0,0 +1 @@
+COMPOSE_PROJECT_NAME=paperless