From 0746fbe04e191471973b6fc8dcc8aa71ec950517 Mon Sep 17 00:00:00 2001
From: Gabriel Augendre <gabriel@augendre.info>
Date: Wed, 6 Nov 2024 16:31:28 +0100
Subject: [PATCH] add paperless config

---
 playbooks/apps/all.yaml                       |   1 +
 playbooks/apps/files/Caddyfile                |   5 +
 playbooks/apps/files/paperless-ngx/.env       |   1 +
 .../files/paperless-ngx/docker-compose.yaml   | 102 ++++++++++++++++++
 playbooks/apps/paperless-ngx.yaml             |  27 +++++
 .../paperless-ngx/docker-compose.env.j2       |  48 +++++++++
 .../apps/templates/paperless-ngx/ftp.env.j2   |   2 +
 roles/docker/defaults/main.yaml               |   3 +
 roles/docker/handlers/main.yaml               |   2 +
 roles/docker/tasks/main.yaml                  |   4 +
 10 files changed, 195 insertions(+)
 create mode 100644 playbooks/apps/files/paperless-ngx/.env
 create mode 100644 playbooks/apps/files/paperless-ngx/docker-compose.yaml
 create mode 100644 playbooks/apps/paperless-ngx.yaml
 create mode 100644 playbooks/apps/templates/paperless-ngx/docker-compose.env.j2
 create mode 100644 playbooks/apps/templates/paperless-ngx/ftp.env.j2

diff --git a/playbooks/apps/all.yaml b/playbooks/apps/all.yaml
index b6cd1c3..cc05890 100644
--- a/playbooks/apps/all.yaml
+++ b/playbooks/apps/all.yaml
@@ -14,6 +14,7 @@
 - import_playbook: media.yaml # noqa: name[play]
 - import_playbook: miniflux.yaml # noqa: name[play]
 - import_playbook: nextcloud-aio.yaml # noqa: name[play]
+- import_playbook: paperless-ngx.yaml # noqa: name[play]
 - import_playbook: portainer.yaml # noqa: name[play]
 - import_playbook: privatebin.yaml # noqa: name[play]
 - import_playbook: shortener.yaml # noqa: name[play]
diff --git a/playbooks/apps/files/Caddyfile b/playbooks/apps/files/Caddyfile
index 95acb25..caf78fe 100644
--- a/playbooks/apps/files/Caddyfile
+++ b/playbooks/apps/files/Caddyfile
@@ -121,6 +121,11 @@ tcl.augendre.info {
 	reverse_proxy localhost:8013
 }
 
+paperless.augendre.info {
+	import common_headers
+	reverse_proxy localhost:8014
+}
+
 ## Ghost blogs (ports >=2368)
 #########################################################
 
diff --git a/playbooks/apps/files/paperless-ngx/.env b/playbooks/apps/files/paperless-ngx/.env
new file mode 100644
index 0000000..0bd5be6
--- /dev/null
+++ b/playbooks/apps/files/paperless-ngx/.env
@@ -0,0 +1 @@
+COMPOSE_PROJECT_NAME=paperless
diff --git a/playbooks/apps/files/paperless-ngx/docker-compose.yaml b/playbooks/apps/files/paperless-ngx/docker-compose.yaml
new file mode 100644
index 0000000..d5877c9
--- /dev/null
+++ b/playbooks/apps/files/paperless-ngx/docker-compose.yaml
@@ -0,0 +1,102 @@
+# Docker Compose file for running paperless from the docker container registry.
+# This file contains everything paperless needs to run.
+# Paperless supports amd64, arm and arm64 hardware.
+#
+# All compose files of paperless configure paperless in the following way:
+#
+# - Paperless is (re)started on system boot, if it was running before shutdown.
+# - Docker volumes for storing data are managed by Docker.
+# - Folders for importing and exporting files are created in the same directory
+#   as this file and mounted to the correct folders inside the container.
+# - Paperless listens on port 8000.
+#
+# In addition to that, this Docker Compose file adds the following optional
+# configurations:
+#
+# - Instead of SQLite (default), PostgreSQL is used as the database server.
+# - Apache Tika and Gotenberg servers are started with paperless and paperless
+#   is configured to use these services. These provide support for consuming
+#   Office documents (Word, Excel, Power Point and their LibreOffice counter-
+#   parts.
+#
+# To install and update paperless with this file, do the following:
+#
+# - Copy this file as 'docker-compose.yml' and the files 'docker-compose.env'
+#   and '.env' into a folder.
+# - Run 'docker compose pull'.
+# - Run 'docker compose run --rm webserver createsuperuser' to create a user.
+# - Run 'docker compose up -d'.
+#
+# For more extensive installation and update instructions, refer to the
+# documentation.
+
+services:
+  broker:
+    image: docker.io/library/redis:7
+    restart: unless-stopped
+    volumes:
+      - redisdata:/data
+
+  db:
+    image: docker.io/library/postgres:16
+    restart: unless-stopped
+    volumes:
+      - pgdata:/var/lib/postgresql/data
+    environment:
+      POSTGRES_DB: paperless
+      POSTGRES_USER: paperless
+      POSTGRES_PASSWORD: paperless
+
+  webserver:
+    image: ghcr.io/paperless-ngx/paperless-ngx:latest
+    restart: unless-stopped
+    depends_on:
+      - db
+      - broker
+      - gotenberg
+      - tika
+    ports:
+      - "127.0.0.1:8014:8000"
+    volumes:
+      - data:/usr/src/paperless/data
+      - media:/usr/src/paperless/media
+      - ./export:/usr/src/paperless/export
+      - ./consume:/usr/src/paperless/consume
+    env_file: docker-compose.env
+    environment:
+      PAPERLESS_REDIS: redis://broker:6379
+      PAPERLESS_DBHOST: db
+      PAPERLESS_TIKA_ENABLED: 1
+      PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000
+      PAPERLESS_TIKA_ENDPOINT: http://tika:9998
+
+  gotenberg:
+    image: docker.io/gotenberg/gotenberg:8.7
+    restart: unless-stopped
+
+    # The gotenberg chromium route is used to convert .eml files. We do not
+    # want to allow external content like tracking pixels or even javascript.
+    command:
+      - "gotenberg"
+      - "--chromium-disable-javascript=true"
+      - "--chromium-allow-list=file:///tmp/.*"
+
+  tika:
+    image: docker.io/apache/tika:latest
+    restart: unless-stopped
+
+  ftp:
+    restart: unless-stopped
+    env_file: ftp.env
+    image: garethflowers/ftp-server
+    ports:
+      - '7020-7021:20-21/tcp'
+#      - '40000-40009:40000-40009/tcp' # Only needed for passive mode
+    volumes:
+      - './consume:/home/ftpuser'
+
+volumes:
+  data:
+  media:
+  pgdata:
+  redisdata:
diff --git a/playbooks/apps/paperless-ngx.yaml b/playbooks/apps/paperless-ngx.yaml
new file mode 100644
index 0000000..8b08197
--- /dev/null
+++ b/playbooks/apps/paperless-ngx.yaml
@@ -0,0 +1,27 @@
+---
+- name: Paperless-ngx
+  hosts: servers
+  gather_facts: false
+  tasks:
+    - name: Docker
+      ansible.builtin.include_role:
+        name: docker
+
+  vars:
+    docker_app_name: paperless-ngx
+    secret_key: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      64383236316239323137333136366331663735383465303031383539306566623164653437613132
+      3033333364333132373565396465356462663364383366610a346164636466653266646233383231
+      35323132663235303363643134396137373333646463313566333831663434383966643762353964
+      6134653635366430370a653838313833333735396435646361396430303666303932323630393033
+      64626665616363366631336265393932396636363339343738326635383530666531396134306438
+      61363935626533643464333865316462373465336130633235323233336638303435353766643366
+      363166393131373937626335323139323338
+    ftp_password: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      31363638353237396439363930303064613564636636386664653832353839363235366435303532
+      3734356563663531363065633664313063646537336339640a386139646238663431343034616438
+      30333564313630346661333931623266313465333665343930383438353961376437343637646364
+      6532666134663636660a656537363262646437366135353661656264356337643039363439353731
+      3930
diff --git a/playbooks/apps/templates/paperless-ngx/docker-compose.env.j2 b/playbooks/apps/templates/paperless-ngx/docker-compose.env.j2
new file mode 100644
index 0000000..99bbcfb
--- /dev/null
+++ b/playbooks/apps/templates/paperless-ngx/docker-compose.env.j2
@@ -0,0 +1,48 @@
+# The UID and GID of the user used to run paperless in the container. Set this
+# to your UID and GID on the host so that you have write access to the
+# consumption directory.
+USERMAP_UID=1000
+USERMAP_GID=1000
+
+# Additional languages to install for text recognition, separated by a
+# whitespace. Note that this is
+# different from PAPERLESS_OCR_LANGUAGE (default=eng), which defines the
+# language used for OCR.
+# The container installs English, German, Italian, Spanish and French by
+# default.
+# See https://packages.debian.org/search?keywords=tesseract-ocr-&searchon=names&suite=buster
+# for available languages.
+#PAPERLESS_OCR_LANGUAGES=tur ces
+
+###############################################################################
+# Paperless-specific settings                                                 #
+###############################################################################
+
+# All settings defined in the paperless.conf.example can be used here. The
+# Docker setup does not use the configuration file.
+# A few commonly adjusted settings are provided below.
+
+# This is required if you will be exposing Paperless-ngx on a public domain
+# (if doing so please consider security measures such as reverse proxy)
+PAPERLESS_URL=https://paperless.augendre.info
+
+# Adjust this key if you plan to make paperless available publicly. It should
+# be a very long sequence of random characters. You don't need to remember it.
+PAPERLESS_SECRET_KEY={{ secret_key }}
+
+# Use this variable to set a timezone for the Paperless Docker containers. If not specified, defaults to UTC.
+PAPERLESS_TIME_ZONE=Europe/Paris
+
+# The default language to use for OCR. Set this to the language most of your
+# documents are written in.
+PAPERLESS_OCR_LANGUAGE=fra
+
+# Set if accessing paperless via a domain subpath e.g. https://domain.com/PATHPREFIX and using a reverse-proxy like traefik or nginx
+#PAPERLESS_FORCE_SCRIPT_NAME=/PATHPREFIX
+#PAPERLESS_STATIC_URL=/PATHPREFIX/static/ # trailing slash required
+
+PAPERLESS_USE_X_FORWARD_HOST=true
+PAPERLESS_USE_X_FORWARD_PORT=true
+
+PAPERLESS_CONSUMER_ENABLE_BARCODES=true
+PAPERLESS_CONSUMER_BARCODE_STRING=PATCHT
diff --git a/playbooks/apps/templates/paperless-ngx/ftp.env.j2 b/playbooks/apps/templates/paperless-ngx/ftp.env.j2
new file mode 100644
index 0000000..78c3f36
--- /dev/null
+++ b/playbooks/apps/templates/paperless-ngx/ftp.env.j2
@@ -0,0 +1,2 @@
+FTP_USER=ftpuser
+FTP_PASS={{ ftp_password }}
diff --git a/roles/docker/defaults/main.yaml b/roles/docker/defaults/main.yaml
index a61d425..08daf3b 100644
--- a/roles/docker/defaults/main.yaml
+++ b/roles/docker/defaults/main.yaml
@@ -3,3 +3,6 @@ docker_app_name: some-app
 docker_dir: /mnt/data/{{ docker_app_name }}
 docker_build: policy
 docker_remove_orphans: true
+docker_create_dir: true
+docker_write_files: true
+docker_start_service: true
diff --git a/roles/docker/handlers/main.yaml b/roles/docker/handlers/main.yaml
index ec319f0..2fe87e9 100644
--- a/roles/docker/handlers/main.yaml
+++ b/roles/docker/handlers/main.yaml
@@ -4,6 +4,7 @@
   community.docker.docker_compose_v2:
     project_src: "{{ docker_dir }}"
     state: stopped
+  when: docker_start_service
 - name: Start service {{ docker_app_name }}
   listen: Restart service
   community.docker.docker_compose_v2:
@@ -11,3 +12,4 @@
     state: present
     build: "{{ docker_build }}"
     remove_orphans: "{{ docker_remove_orphans }}"
+  when: docker_start_service
diff --git a/roles/docker/tasks/main.yaml b/roles/docker/tasks/main.yaml
index 6ea4bf8..d5be50a 100644
--- a/roles/docker/tasks/main.yaml
+++ b/roles/docker/tasks/main.yaml
@@ -4,6 +4,7 @@
     path: "{{ docker_dir }}"
     state: directory
     mode: "0775"
+  when: docker_create_dir
 - name: Write files for {{ docker_app_name }}
   ansible.builtin.copy:
     src: "{{ item }}"
@@ -16,6 +17,7 @@
     label: "{{ item | basename }}"
   notify:
     - Restart service
+  when: docker_write_files
 - name: Write templates for {{ docker_app_name }}
   ansible.builtin.template:
     src: "{{ item }}"
@@ -28,6 +30,7 @@
     label: "{{ item | basename }}"
   notify:
     - Restart service
+  when: docker_write_files
 - name: Flush handlers
   ansible.builtin.meta: flush_handlers
 - name: Ensure service is started {{ docker_app_name }}
@@ -35,3 +38,4 @@
     project_src: "{{ docker_dir }}"
     state: present
     remove_orphans: "{{ docker_remove_orphans }}"
+  when: docker_start_service