diff --git a/roles/nginx/tasks/nginx.yml b/roles/nginx/tasks/nginx.yml index a6e564d..f8357c5 100644 --- a/roles/nginx/tasks/nginx.yml +++ b/roles/nginx/tasks/nginx.yml @@ -86,6 +86,7 @@ - nginx-conf - authelia-nginx - well-known + - nginx-well-known - gitea-nginx notify: reload nginx diff --git a/roles/nginx/templates/00-default.j2 b/roles/nginx/templates/00-default.j2 index b01c46f..6289d39 100644 --- a/roles/nginx/templates/00-default.j2 +++ b/roles/nginx/templates/00-default.j2 @@ -14,20 +14,20 @@ server { server_name {{ inventory_hostname }}; include /etc/nginx/authelia_internal.conf; - location = /server_status { - stub_status; + location = /server_status { + stub_status; - access_log off; + access_log off; - allow 127.0.0.1; - {% if 'address' in ansible_default_ipv4 -%} - allow {{ ansible_default_ipv4.address }}; - {% endif -%} - {% if ansible_default_ipv6 is defined and 'address' in ansible_default_ipv6 -%} - allow {{ ansible_default_ipv6.address }}; - {% endif -%} - allow {{ bridgewithdns_cidr }}; - deny all; + allow 127.0.0.1; + {% if 'address' in ansible_default_ipv4 -%} + allow {{ ansible_default_ipv4.address }}; + {% endif -%} + {% if ansible_default_ipv6 is defined and 'address' in ansible_default_ipv6 -%} + allow {{ ansible_default_ipv6.address }}; + {% endif -%} + allow {{ bridgewithdns_cidr }}; + deny all; } diff --git a/roles/nginx/templates/nginx.conf.j2 b/roles/nginx/templates/nginx.conf.j2 index 0230d49..204f999 100644 --- a/roles/nginx/templates/nginx.conf.j2 +++ b/roles/nginx/templates/nginx.conf.j2 @@ -18,6 +18,15 @@ http { # nginx hack # if $authelia_user doesnt exist, set it to empty string # if $authelia_user does exist, do nothing + # map $host $authelia_user { + # "" ""; + # default $authelia_user; + + # } + # map $host $authelia_groups { + # "" ""; + # default $authelia_groups; + # } map $host $authelia_user { default ""; } @@ -33,6 +42,9 @@ http { ' "request": "$request", ' ' "request_method": "$request_method", ' ' "request_uri": "$request_uri", ' + ' "uri": "$uri", ' + ' "http_connection": "$http_connection", ' + ' "http_upgrade": "$http_upgrade", ' ' "server_name": "$server_name", ' ' "server_port": "$server_port", ' ' "status": "$status", ' diff --git a/roles/nginx/templates/sudo-known.conf.j2 b/roles/nginx/templates/sudo-known.conf.j2 index a4f40ce..09fa18c 100644 --- a/roles/nginx/templates/sudo-known.conf.j2 +++ b/roles/nginx/templates/sudo-known.conf.j2 @@ -23,3 +23,12 @@ location = /.sudo-known/info.html { default_type text/html; return 200 '\n\n '; } + +location = /.sudo-known/header.html { + default_type text/html; + alias /var/www/shared/header.html; +} +location = /.sudo-known/footer.html { + default_type text/html; + alias /var/www/shared/footer.html; +} diff --git a/roles/paperless-ngx/defaults/main.yml b/roles/paperless-ngx/defaults/main.yml new file mode 100644 index 0000000..868d459 --- /dev/null +++ b/roles/paperless-ngx/defaults/main.yml @@ -0,0 +1,3 @@ +--- + +paperless_user_specific_urls: true diff --git a/roles/paperless-ngx/files/common_consume.py b/roles/paperless-ngx/files/common_consume.py new file mode 100644 index 0000000..6e3209a --- /dev/null +++ b/roles/paperless-ngx/files/common_consume.py @@ -0,0 +1,28 @@ +#!/usr/bin/env python3 + +import json +from os import environ, path +from datetime import datetime + +DATA_DIR = environ.get("PAPERLESS_DATA_DIR", "../data/") +LOGGING_DIR = environ.get("PAPERLESS_LOGGING_DIR", path.join(DATA_DIR, "log/")) + + +def logger(env_vars, consume_stage): + # paperless-ngx has a hardcoded log file name anyay + log_path = path.join(LOGGING_DIR, "consume.log") + + log_item = {k.lower(): environ.get(k) for k in env_vars} + log_item.update({ + "timestamp": datetime.now().isoformat(), + "paperless_user": environ.get("PAPERLESS_USER"), + "log_path": log_path, + "paperless_consume_stage": consume_stage + + }) + + with open(log_path, 'a') as f: + #j = json.dumps(log_item, indent=2) + j = json.dumps(log_item) + f.write(j) + f.write("\n") diff --git a/roles/paperless-ngx/files/favicon.ico b/roles/paperless-ngx/files/favicon.ico new file mode 100644 index 0000000..cb57d8b Binary files /dev/null and b/roles/paperless-ngx/files/favicon.ico differ diff --git a/roles/paperless-ngx/files/post-consume.py b/roles/paperless-ngx/files/post-consume.py new file mode 100755 index 0000000..8c5cecf --- /dev/null +++ b/roles/paperless-ngx/files/post-consume.py @@ -0,0 +1,26 @@ +#!/usr/bin/env python3 + +from common_consume import logger + + +def main(): + post_consume_vars = [ + "DOCUMENT_ID", + "DOCUMENT_FILE_NAME", + "DOCUMENT_CREATED", + "DOCUMENT_MODIFIED", + "DOCUMENT_ADDED", + "DOCUMENT_SOURCE_PATH", + "DOCUMENT_ARCHIVE_PATH", + "DOCUMENT_THUMBNAIL_PATH", + "DOCUMENT_DOWNLOAD_URL", + "DOCUMENT_THUMBNAIL_URL", + "DOCUMENT_CORRESPONDENT", + "DOCUMENT_TAGS", + "DOCUMENT_ORIGINAL_FILENAME" + ] + logger(post_consume_vars, "post") + + +if __name__ == "__main__": + main() diff --git a/roles/paperless-ngx/files/pre-consume.py b/roles/paperless-ngx/files/pre-consume.py new file mode 100755 index 0000000..5b4a76b --- /dev/null +++ b/roles/paperless-ngx/files/pre-consume.py @@ -0,0 +1,14 @@ +#!/usr/bin/env python3 + +from common_consume import logger + + +def main(): + pre_consume_vars = [ + "DOCUMENT_SOURCE_PATH" + ] + logger(pre_consume_vars, "pre") + + +if __name__ == "__main__": + main() diff --git a/roles/paperless-ngx/handlers/main.yml b/roles/paperless-ngx/handlers/main.yml index edde81c..96a1772 100644 --- a/roles/paperless-ngx/handlers/main.yml +++ b/roles/paperless-ngx/handlers/main.yml @@ -4,3 +4,14 @@ service: name: nginx state: reloaded + +- name: restart filebeat + service: + name: filebeat + state: restarted + +- name: restart paperless-ngx + docker_container: + name: paperless-ngx-user-{{ paperless_user }} + state: started + restart: true diff --git a/roles/paperless-ngx/tasks/main.yml b/roles/paperless-ngx/tasks/main.yml index 552b485..fe6d10d 100644 --- a/roles/paperless-ngx/tasks/main.yml +++ b/roles/paperless-ngx/tasks/main.yml @@ -1,3 +1,5 @@ --- - import_tasks: paperless-ngx.yml - tags: paperless-ngx + tags: + - paperless-ngx + - paperless diff --git a/roles/paperless-ngx/tasks/paperless-ngx.yml b/roles/paperless-ngx/tasks/paperless-ngx.yml index 78d8843..cd38c92 100644 --- a/roles/paperless-ngx/tasks/paperless-ngx.yml +++ b/roles/paperless-ngx/tasks/paperless-ngx.yml @@ -39,30 +39,83 @@ tags: - mariadb-users -- name: create dir structure +- name: create dir structure for paperless-ngx file: path: "{{ systemuserlist.paperless.home }}/{{ item.name }}" state: directory mode: 0775 owner: "{{ item.owner|default('paperless') }}" group: "{{ item.group|default('paperless') }}" + tags: + - paperless-dirs with_items: # checked dockerfile: https://github.com/docker-library/redis/blob/master/7.0/Dockerfile - name: redis owner: 999 group: 999 - - name: redis/data + - name: redis/data-{{ paperless_user }} owner: 999 group: 999 - name: paperless-ngx + - name: paperless-ngx/bin - name: paperless-ngx/data - - name: paperless-ngx/media - - name: paperless-ngx/export - - name: paperless-ngx/consume + - name: paperless-ngx/data/{{ paperless_user }} + owner: "{{ paperless_user }}" + group: "{{ paperless_user }}" -- name: redis container for paperless-nx +- name: ensure {{ paperless_users_path }} exists + file: + path: "{{ paperless_users_path }}" + state: directory + mode: 0755 + owner: paperless + group: paperless + tags: + - paperless-dirs + +- name: ensure {{ paperless_users_path }}/{{ paperless_user }} exists + file: + path: "{{ paperless_users_path }}/{{ paperless_user }}" + state: directory + mode: 0750 + owner: "{{ paperless_user }}" + group: "{{ paperless_user }}" + tags: + - paperless-dirs + +- name: create dir structure for user in {{ paperless_users_path }}/{{ paperless_user }}} + file: + path: "{{ paperless_users_path }}/{{ paperless_user }}/{{ item }}" + state: directory + mode: 0750 + owner: "{{ paperless_user }}" + group: "{{ paperless_user }}" + tags: + - paperless-dirs + with_items: + - media + - media/trash + - export + - consume + +- name: paperless scripts + copy: + src: "{{ item }}" + dest: "{{ systemuserlist.paperless.home }}/paperless-ngx/bin/{{ item }}" + owner: paperless + group: paperless + mode: 0775 + with_items: + - common_consume.py + - post-consume.py + - pre-consume.py + tags: + - paperless-scripts + - paperless-bin + +- name: redis container for paperless-ngx user {{ paperless_user }} docker_container: - name: paperless-ngx-redis + name: paperless-ngx-redis-{{ paperless_user }} image: "redis:latest" restart_policy: "unless-stopped" auto_remove: false @@ -71,7 +124,7 @@ state: started container_default_behavior: compatibility env: - REDIS_HOST: paperless-ngx-redis + REDIS_HOST: paperless-ngx-redis-{{ paperless_user }} networks_cli_compatible: false networks: - name: bridgewithdns @@ -82,7 +135,7 @@ test: "redis-cli --raw incr ping" mounts: - type: bind - source: "{{ systemuserlist.paperless.home }}/redis/data" + source: "{{ systemuserlist.paperless.home }}/redis/data-{{ paperless_user }}" target: /data tags: - paperless-containers @@ -91,6 +144,62 @@ - paperless-ngx-redis - redis + # https://tika.apache.org/ + # used to convert office documents +- name: tika container for paperless-ngx + docker_container: + name: paperless-ngx-tika + image: "ghcr.io/paperless-ngx/tika:latest" + restart_policy: "unless-stopped" + auto_remove: false + detach: true + pull: true + state: started + container_default_behavior: compatibility + networks_cli_compatible: false + networks: + - name: bridgewithdns + tags: + - paperless-containers + - paperless-ngx-containers + - docker-containers + - paperless-ngx-tika + - tika-container + + # https://gotenberg.dev/ + # also used for office documents, converting them +- name: gotenberg container for paperless-ngx + docker_container: + name: paperless-ngx-gotenberg + image: "docker.io/gotenberg/gotenberg:7" + restart_policy: "unless-stopped" + auto_remove: false + detach: true + pull: true + state: started + container_default_behavior: compatibility + networks_cli_compatible: false + networks: + - name: bridgewithdns + env: + CHROMIUM_DISABLE_ROUTES: "1" + tags: + - paperless-containers + - paperless-ngx-containers + - docker-containers + - paperless-ngx-gotenberg + - gotenberg-container + +- name: template {{ paperless_user }}.env + template: + src: paperless-ngx.env.j2 + dest: "{{ systemuserlist.paperless.home }}/paperless-ngx/{{ paperless_user }}.env" + owner: root + group: root + mode: 0750 + tags: + - paperless-config + # https://github.com/paperless-ngx/paperless-ngx/blob/main/Dockerfile # uid stuff docs: https://paperless-ngx.readthedocs.io/en/latest/setup.html?highlight=usermap # uid stuff source: https://github.com/paperless-ngx/paperless-ngx/blob/main/docker/docker-entrypoint.sh#L37 @@ -106,9 +215,10 @@ # tika: metadata extracter # # proxy auth for authelia: https://paperless-ngx.readthedocs.io/en/latest/configuration.html?highlight=auth#hosting-security + - name: start paperless-ngx-webserver container docker_container: - name: paperless-ngx-webserver + name: paperless-ngx-user-{{ paperless_user }} image: ghcr.io/paperless-ngx/paperless-ngx:latest restart_policy: "unless-stopped" auto_remove: false @@ -124,38 +234,21 @@ ipv4_address: "{{ bridgewithdns['paperless-ngx-webserver'] }}" mounts: - type: bind - source: "{{ systemuserlist.paperless.home }}/paperless-ngx/data" + source: "{{ systemuserlist.paperless.home }}/paperless-ngx/data/{{ paperless_user }}" target: /usr/src/paperless/data - type: bind - source: "{{ systemuserlist.paperless.home }}/paperless-ngx/media" + source: "{{ paperless_users_path }}/{{ paperless_user }}/media" target: /usr/src/paperless/media - type: bind - source: "{{ systemuserlist.paperless.home }}/paperless-ngx/export" + source: "{{ paperless_users_path }}/{{ paperless_user }}/export" target: /usr/src/paperless/export - type: bind - source: "{{ systemuserlist.paperless.home }}/paperless-ngx/consume" + source: "{{ paperless_users_path }}/{{ paperless_user }}/consume" target: /usr/src/paperless/consume - env: - USERMAP_UID: "{{ systemuserlist.paperless.uid }}" - USERMAP_GID: "{{ systemuserlist.paperless.gid }}" - PAPERLESS_URL: "https://{{ paperless_url }}" - PAPERLESS_SECRET_KEY: "{{ paperless_secret_key }}" - PAPERLESS_OCR_LANGUAGES: "{{ paperless_ocr_langs }}" - PAPERLESS_OCR_LANGUAGE: "{{ paperless_ocr_default_lang }}" - PAPERLESS_REDIS: redis://paperless-ngx-redis:6379 - PAPERLESS_DBENGINE: mariadb - PAPERLESS_DBHOST: "{{ mariadb_host }}" - PAPERLESS_DBNAME: "{{ mariadb_db }}" - PAPERLESS_DBUSER: "{{ systemuserlist.paperless.username }}" - PAPERLESS_DBPASS: "{{ systemuserlist.paperless.mariadb_pass }}" - PAPERLESS_DBPORT: "3306" - PAPERLESS_TIME_ZONE: UTC - PAPERLESS_ADMIN_USER: "{{ paperless_admin_user }}" - PAPERLESS_ADMIN_MAIL: "{{ paperless_admin_email }}" - PAPERLESS_ADMIN_PASSWORD: "{{ paperless_admin_passwd }}" - # AUTH - PAPERLESS_ENABLE_HTTP_REMOTE_USER: "true" - PAPERLESS_LOGOUT_REDIRECT_URL: "https://{{ authelia_login_url }}/logout" + - type: bind + source: "{{ systemuserlist.paperless.home }}/paperless-ngx/bin" + target: /usr/src/paperless/bin/ + env_file: "{{ systemuserlist.paperless.home }}/paperless-ngx/{{ paperless_user }}.env" healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8000"] interval: 30s @@ -163,6 +256,8 @@ retries: 5 tags: - paperless-containers + - paperless-container + - paperless-config - paperless-ngx-containers - paperless-ngx-container - docker-containers @@ -182,10 +277,69 @@ with_items: - "{{ paperless_url }}" +- name: make www dirs + file: + state: directory + path: /var/www/{{ item }} + owner: www-data + group: www-data + mode: 0755 + loop_control: + label: /var/www/{{ item }} + with_items: + - "{{ paperless_url }}" + # helper dir for try_file + - "{{ paperless_url }}/{{ paperless_user }}" + tags: + - paperless-nginx + +- name: template index file for user if user specific urls + template: + src: paperless_user.html.j2 + dest: /var/www/{{ paperless_url }}/{{ paperless_user }}.html + owner: www-data + group: www-data + mode: 0755 + tags: + - paperless-nginx + when: + - paperless_user_specific_urls + +- name: remove index files for user if not user specific urls + file: + state: absent + dest: /var/www/{{ paperless_url }}/{{ paperless_user }}.html + tags: + - paperless-nginx + when: + - not paperless_user_specific_urls + +- name: template whoami.json + template: + src: "{{ item }}.j2" + dest: /var/www/{{ paperless_url }}/{{ item }} + owner: www-data + group: www-data + mode: 0644 + with_items: + - whoami.json + tags: + - paperless-nginx + +- name: add favicon + copy: + src: favicon.ico + dest: /var/www/{{ paperless_url }}/favicon.ico + owner: www-data + group: www-data + mode: 0755 + tags: + - paperless-nginx + - name: template nginx vhost for paperless template: src: 01-paperless.j2 - dest: /etc/nginx/sites-enabled/01-paperless + dest: /etc/nginx/sites-enabled/01-{{ paperless_url }} owner: root group: root mode: 0644 @@ -193,3 +347,15 @@ - nginx - paperless-nginx notify: reload nginx + +- name: template filebeat config + template: + src: filebeat-paperless.yml.j2 + dest: "/etc/filebeat/inputs.d/paperless-{{ paperless_user }}.yml" + owner: root + group: root + mode: 0644 + tags: + - filebeat + - filebeat-paperless-ngx + notify: restart filebeat diff --git a/roles/paperless-ngx/templates/01-paperless-same-urls.j2 b/roles/paperless-ngx/templates/01-paperless-same-urls.j2 new file mode 100644 index 0000000..ff37370 --- /dev/null +++ b/roles/paperless-ngx/templates/01-paperless-same-urls.j2 @@ -0,0 +1,80 @@ +map $authelia_user $paperless_upstream { + ben {{ bridgewithdns['paperless-ngx-webserver'] }}:8000; + #default localhost:8000; +} + +# cant use variables in the regex of a map +map $uri $paperless_uri { + '/$authelia_user' '/$authelia_user/'; +} + +server { + listen 443 ssl http2; + {% if inventory_hostname in wg_clients -%} + listen {{ wg_clients[inventory_hostname].ip }}:443 ssl http2; + {% endif -%} + + root /var/www/{{ paperless_url }}; + server_name {{ paperless_url }}; + + include listen-proxy-protocol.conf; + include /etc/nginx/authelia_internal.conf; + include /etc/nginx/sudo-known.conf; + + resolver {{ pihole_dns }} ipv6=off; + + # set_real_ip_from 10.0.0.0/8; + # set_real_ip_from 172.16.0.0/12; + # set_real_ip_from 192.168.0.0/16; + # set_real_ip_from fc00::/7; + # real_ip_header X-Forwarded-For; + # real_ip_recursive on; + + + include /etc/nginx/require_auth.conf; + if ($paperless_uri) + { + rewrite ^/(\w+)$ $1/ last; + } + + location / { + include /etc/nginx/require_auth_proxy.conf; + + # both work! + set $paperless_user $authelia_user; + #set $paperless_user $1; + + # this also works! (but not if you use return) + #add_header "paperless-authelia-user" $authelia_user always; + + set $paperless_user $authelia_user; + add_header "paperless-user" $authelia_user always; + add_header "paperless-uri" $uri always; + add_header "paperless-proxy" "true" always; + add_header "paperless-location-root" "true" always; + add_header "paperless-upstream" $paperless_upstream always; + + # rewrite ^ $request_uri; + #rewrite '^/\w*(/ws/.*)$' $1 break; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + + proxy_pass http://$paperless_upstream; + } + + access_log /var/log/nginx/access_{{ paperless_url }}.log main; + error_log /var/log/nginx/error_{{ paperless_url }}.log warn; + + ssl_session_timeout 5m; + ssl_certificate /usr/local/etc/certs/{{ paperless_url }}/fullchain.pem; + ssl_certificate_key /usr/local/etc/certs/{{ paperless_url }}/privkey.pem; + + fastcgi_hide_header X-Powered-By; +} diff --git a/roles/paperless-ngx/templates/01-paperless.j2 b/roles/paperless-ngx/templates/01-paperless.j2 index 6974354..90b1cbd 100644 --- a/roles/paperless-ngx/templates/01-paperless.j2 +++ b/roles/paperless-ngx/templates/01-paperless.j2 @@ -1,16 +1,21 @@ +map $authelia_user $paperless_upstream { + {{ paperless_user }} {{ bridgewithdns['paperless-ngx-webserver'] }}:8000; +} + server { listen 443 ssl http2; {% if inventory_hostname in wg_clients -%} listen {{ wg_clients[inventory_hostname].ip }}:443 ssl http2; {% endif -%} - include /etc/nginx/authelia_internal.conf; - - include listen-proxy-protocol.conf; - include /etc/nginx/sudo-known.conf; - + root /var/www/{{ paperless_url }}; server_name {{ paperless_url }}; + include listen-proxy-protocol.conf; + include /etc/nginx/authelia_internal.conf; + include /etc/nginx/sudo-known.conf; + + resolver {{ pihole_dns }} ipv6=off; # set_real_ip_from 10.0.0.0/8; # set_real_ip_from 172.16.0.0/12; @@ -19,11 +24,56 @@ server { # real_ip_header X-Forwarded-For; # real_ip_recursive on; + include /etc/nginx/require_auth.conf; + + location = / { + add_before_body /.sudo-known/header.html; + add_after_body /.sudo-known/footer.html; + + add_header "paperless-user" $authelia_user always; + add_header "paperless-uri" $uri always; + add_header "paperless-proxy" "false" always; + add_header "paperless-location-root" "true" always; + + # if there is no file '$authelia_user.html', nginx issues + # a redirect to /$authelia_user/ instead (via an internal + # location) + try_files /$authelia_user.html /_redirect?user=$authelia_user; + + } location / { - include /etc/nginx/require_auth.conf; + # this block serves files from the www root (/whoami, mostly), unless + # there is a directory with the same name as $uri is looking for (without + # the leading /, then it gets caught by the regexp location), then it will + # redirect to $uri/ which should be caught by the regexp block, otherwise + # a 404 is returned. + # theres no logic in the nginx config for this, it just depends on try_files + # finding a dir with the matching name, then nginx will issue a redirect, and + # is probably expecting to serve up files from that dir next. + + add_header "paperless-user" $authelia_user always; + add_header "paperless-uri" $uri always; + add_header "paperless-proxy" "false" always; + add_header "paperless-location-root" "false" always; + + try_files $uri $uri/ =404; + } + + location /_redirect { + internal; + } + + location ~* ^/(?\w+)/(.*)$ { include /etc/nginx/require_auth_proxy.conf; - proxy_pass http://{{ bridgewithdns['paperless-ngx-webserver'] }}:8000; + # both work! + #set $paperless_user $authelia_user; + #set $paperless_user $1; + # this also works! (but not if you use return) + #add_header "paperless-authelia-user" $authelia_user always; + + # rewrite ^ $request_uri; + rewrite '^/\w*(/ws/.*)$' $1 break; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; @@ -34,6 +84,13 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; + + add_header "paperless-user" $authelia_user always; + add_header "paperless-uri" $uri always; + add_header "paperless-proxy" "true" always; + add_header "paperless-upstream" $paperless_upstream always; + + proxy_pass http://$paperless_upstream; } access_log /var/log/nginx/access_{{ paperless_url }}.log main; diff --git a/roles/paperless-ngx/templates/filebeat-paperless.yml.j2 b/roles/paperless-ngx/templates/filebeat-paperless.yml.j2 new file mode 100644 index 0000000..2dee0be --- /dev/null +++ b/roles/paperless-ngx/templates/filebeat-paperless.yml.j2 @@ -0,0 +1,38 @@ +- type: filestream + paths: + - "{{ systemuserlist.paperless.home }}/paperless-ngx/data/{{ paperless_user }}/log/consume.log" + + scan_frequency: 10s + enabled: true + + parsers: + - ndjson: + keys_under_root: true + add_error_key: true + + fields_under_root: true + fields: + service.type: paperless + consume: true + #paperless_user: "{{ paperless_user }}" + + tags: + - paperless + - consumer + + +- type: filestream + paths: + - "{{ systemuserlist.paperless.home }}/paperless-ngx/data/{{ paperless_user }}/log/paperless.log" + - "{{ systemuserlist.paperless.home }}/paperless-ngx/data/{{ paperless_user }}/log/mail.log" + + scan_frequency: 10s + enabled: true + + fields_under_root: true + fields: + service.type: paperless + paperless_user: "{{ paperless_user }}" + + tags: + - paperless diff --git a/roles/paperless-ngx/templates/paperless-ngx.env.j2 b/roles/paperless-ngx/templates/paperless-ngx.env.j2 new file mode 100644 index 0000000..8422d0b --- /dev/null +++ b/roles/paperless-ngx/templates/paperless-ngx.env.j2 @@ -0,0 +1,52 @@ +PAPERLESS_URL=https://{{ paperless_url }} +PAPERLESS_SECRET_KEY={{ paperless_secret_key }} +PAPERLESS_DBENGINE=mariadb +PAPERLESS_DBHOST={{ mariadb_host }} +PAPERLESS_DBNAME={{ mariadb_db }} +PAPERLESS_DBUSER={{ systemuserlist.paperless.username }} +PAPERLESS_DBPASS={{ systemuserlist.paperless.mariadb_pass }} +PAPERLESS_DBPORT=3306 +PAPERLESS_TIME_ZONE=UTC +# USER +USERMAP_UID={{ userlist[paperless_user]['uid'] }} +USERMAP_GID={{ userlist[paperless_user]['gid'] }} +{% if paperless_user_specific_urls -%} +PAPERLESS_FORCE_SCRIPT_NAME=/{{ paperless_user }} +PAPERLESS_STATIC_URL=/{{ paperless_user }}/static/ +{% endif %} +# FILES +PAPERLESS_FILENAME_FORMAT_REMOVE_NONE=true +PAPERLESS_TRASH_DIR=../media/trash +#PAPERLESS_FILENAME_FORMAT={{ paperless_filename_format }} +# OCR +# see=https://ocrmypdf.readthedocs.io/en/latest/api.html#reference +# PAPERLESS_OCR_USER_ARGS= +PAPERLESS_OCR_CLEAN=clean +PAPERLESS_OCR_MODE={{ paperless_ocr_mode }} +# lang codes=https://www.loc.gov/standards/iso639-2/php/code_list.php +PAPERLESS_OCR_LANGUAGES={{ paperless_ocr_langs|join(' ') }} +PAPERLESS_OCR_LANGUAGE={{ paperless_ocr_langs|join('+') }} +# INITIAL ADMIN USER +PAPERLESS_ADMIN_USER={{ paperless_admin_user }} +PAPERLESS_ADMIN_MAIL={{ paperless_admin_email }} +PAPERLESS_ADMIN_PASSWORD={{ paperless_admin_passwd }} +# DATES +PAPERLESS_IGNORE_DATES={{ userlist[paperless_user]['birthday'] }},1970-01-01 +PAPERLESS_NUMBER_OF_SUGGESTED_DATES=5 +# AUTH +PAPERLESS_ENABLE_HTTP_REMOTE_USER=true +PAPERLESS_LOGOUT_REDIRECT_URL=https://{{ authelia_login_url }}/logout +# CONSUMER +PAPERLESS_POST_CONSUME_SCRIPT=/usr/src/paperless/bin/post-consume.py +PAPERLESS_PRE_CONSUME_SCRIPT=/usr/src/paperless/bin/pre-consume.py +PAPERLESS_CONSUMER_RECURSIVE=true +PAPERLESS_CONSUMER_SUBDIRS_AS_TAG=true +# (default) leave duplicates +PAPERLESS_CONSUMER_DELETE_DUPLICATES=false +# REDIS, TIKA, GOTENBERG +PAPERLESS_REDIS=redis://paperless-ngx-redis-{{ paperless_user }}:6379 +PAPERLESS_TIKA_ENABLED=true +PAPERLESS_TIKA_ENDPOINT=http://paperless-ngx-tika:9998 +PAPERLESS_TIKA_GOTENBERG_ENDPOINT=http://paperless-ngx-gotenberg:3000 +# CUSTOM +PAPERLESS_USER={{ paperless_user }} diff --git a/roles/paperless-ngx/templates/paperless_user.html.j2 b/roles/paperless-ngx/templates/paperless_user.html.j2 new file mode 100644 index 0000000..0e28fd5 --- /dev/null +++ b/roles/paperless-ngx/templates/paperless_user.html.j2 @@ -0,0 +1,41 @@ + +
+
{{ paperless_url }} | {{ paperless_user }}
+ + +
+ +
+
> shared
+ +
+ +{{ inventory_hostname }} + + diff --git a/roles/paperless-ngx/templates/whoami.json.j2 b/roles/paperless-ngx/templates/whoami.json.j2 new file mode 100644 index 0000000..c744123 --- /dev/null +++ b/roles/paperless-ngx/templates/whoami.json.j2 @@ -0,0 +1 @@ +{{ {} | to_nice_json() }}