paperless-ngx: multiple users/setups, script+filebeat to log file consumption, .env file(s), and more #22
|
|
@ -86,6 +86,7 @@
|
||||||
- nginx-conf
|
- nginx-conf
|
||||||
- authelia-nginx
|
- authelia-nginx
|
||||||
- well-known
|
- well-known
|
||||||
|
- nginx-well-known
|
||||||
- gitea-nginx
|
- gitea-nginx
|
||||||
notify: reload nginx
|
notify: reload nginx
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -14,20 +14,20 @@ server {
|
||||||
server_name {{ inventory_hostname }};
|
server_name {{ inventory_hostname }};
|
||||||
include /etc/nginx/authelia_internal.conf;
|
include /etc/nginx/authelia_internal.conf;
|
||||||
|
|
||||||
location = /server_status {
|
location = /server_status {
|
||||||
stub_status;
|
stub_status;
|
||||||
|
|
||||||
access_log off;
|
access_log off;
|
||||||
|
|
||||||
allow 127.0.0.1;
|
allow 127.0.0.1;
|
||||||
{% if 'address' in ansible_default_ipv4 -%}
|
{% if 'address' in ansible_default_ipv4 -%}
|
||||||
allow {{ ansible_default_ipv4.address }};
|
allow {{ ansible_default_ipv4.address }};
|
||||||
{% endif -%}
|
{% endif -%}
|
||||||
{% if ansible_default_ipv6 is defined and 'address' in ansible_default_ipv6 -%}
|
{% if ansible_default_ipv6 is defined and 'address' in ansible_default_ipv6 -%}
|
||||||
allow {{ ansible_default_ipv6.address }};
|
allow {{ ansible_default_ipv6.address }};
|
||||||
{% endif -%}
|
{% endif -%}
|
||||||
allow {{ bridgewithdns_cidr }};
|
allow {{ bridgewithdns_cidr }};
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,15 @@ http {
|
||||||
# nginx hack
|
# nginx hack
|
||||||
# if $authelia_user doesnt exist, set it to empty string
|
# if $authelia_user doesnt exist, set it to empty string
|
||||||
# if $authelia_user does exist, do nothing
|
# if $authelia_user does exist, do nothing
|
||||||
|
# map $host $authelia_user {
|
||||||
|
# "" "";
|
||||||
|
# default $authelia_user;
|
||||||
|
|
||||||
|
# }
|
||||||
|
# map $host $authelia_groups {
|
||||||
|
# "" "";
|
||||||
|
# default $authelia_groups;
|
||||||
|
# }
|
||||||
map $host $authelia_user {
|
map $host $authelia_user {
|
||||||
default "";
|
default "";
|
||||||
}
|
}
|
||||||
|
|
@ -33,6 +42,9 @@ http {
|
||||||
' "request": "$request", '
|
' "request": "$request", '
|
||||||
' "request_method": "$request_method", '
|
' "request_method": "$request_method", '
|
||||||
' "request_uri": "$request_uri", '
|
' "request_uri": "$request_uri", '
|
||||||
|
' "uri": "$uri", '
|
||||||
|
' "http_connection": "$http_connection", '
|
||||||
|
' "http_upgrade": "$http_upgrade", '
|
||||||
' "server_name": "$server_name", '
|
' "server_name": "$server_name", '
|
||||||
' "server_port": "$server_port", '
|
' "server_port": "$server_port", '
|
||||||
' "status": "$status", '
|
' "status": "$status", '
|
||||||
|
|
|
||||||
|
|
@ -23,3 +23,12 @@ location = /.sudo-known/info.html {
|
||||||
default_type text/html;
|
default_type text/html;
|
||||||
return 200 '<!--\n hostname: {{ inventory_hostname }}\n server_name: $server_name\n-->\n\n ';
|
return 200 '<!--\n hostname: {{ inventory_hostname }}\n server_name: $server_name\n-->\n\n ';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
location = /.sudo-known/header.html {
|
||||||
|
default_type text/html;
|
||||||
|
alias /var/www/shared/header.html;
|
||||||
|
}
|
||||||
|
location = /.sudo-known/footer.html {
|
||||||
|
default_type text/html;
|
||||||
|
alias /var/www/shared/footer.html;
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
paperless_user_specific_urls: true
|
||||||
|
|
@ -0,0 +1,28 @@
|
||||||
|
#!/usr/bin/env python3
|
||||||
|
|
||||||
|
import json
|
||||||
|
from os import environ, path
|
||||||
|
from datetime import datetime
|
||||||
|
|
||||||
|
DATA_DIR = environ.get("PAPERLESS_DATA_DIR", "../data/")
|
||||||
|
LOGGING_DIR = environ.get("PAPERLESS_LOGGING_DIR", path.join(DATA_DIR, "log/"))
|
||||||
|
|
||||||
|
|
||||||
|
def logger(env_vars, consume_stage):
|
||||||
|
# paperless-ngx has a hardcoded log file name anyay
|
||||||
|
log_path = path.join(LOGGING_DIR, "consume.log")
|
||||||
|
|
||||||
|
log_item = {k.lower(): environ.get(k) for k in env_vars}
|
||||||
|
log_item.update({
|
||||||
|
"timestamp": datetime.now().isoformat(),
|
||||||
|
"paperless_user": environ.get("PAPERLESS_USER"),
|
||||||
|
"log_path": log_path,
|
||||||
|
"paperless_consume_stage": consume_stage
|
||||||
|
|
||||||
|
})
|
||||||
|
|
||||||
|
with open(log_path, 'a') as f:
|
||||||
|
#j = json.dumps(log_item, indent=2)
|
||||||
|
j = json.dumps(log_item)
|
||||||
|
f.write(j)
|
||||||
|
f.write("\n")
|
||||||
Binary file not shown.
|
After Width: | Height: | Size: 108 KiB |
|
|
@ -0,0 +1,26 @@
|
||||||
|
#!/usr/bin/env python3
|
||||||
|
|
||||||
|
from common_consume import logger
|
||||||
|
|
||||||
|
|
||||||
|
def main():
|
||||||
|
post_consume_vars = [
|
||||||
|
"DOCUMENT_ID",
|
||||||
|
"DOCUMENT_FILE_NAME",
|
||||||
|
"DOCUMENT_CREATED",
|
||||||
|
"DOCUMENT_MODIFIED",
|
||||||
|
"DOCUMENT_ADDED",
|
||||||
|
"DOCUMENT_SOURCE_PATH",
|
||||||
|
"DOCUMENT_ARCHIVE_PATH",
|
||||||
|
"DOCUMENT_THUMBNAIL_PATH",
|
||||||
|
"DOCUMENT_DOWNLOAD_URL",
|
||||||
|
"DOCUMENT_THUMBNAIL_URL",
|
||||||
|
"DOCUMENT_CORRESPONDENT",
|
||||||
|
"DOCUMENT_TAGS",
|
||||||
|
"DOCUMENT_ORIGINAL_FILENAME"
|
||||||
|
]
|
||||||
|
logger(post_consume_vars, "post")
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
main()
|
||||||
|
|
@ -0,0 +1,14 @@
|
||||||
|
#!/usr/bin/env python3
|
||||||
|
|
||||||
|
from common_consume import logger
|
||||||
|
|
||||||
|
|
||||||
|
def main():
|
||||||
|
pre_consume_vars = [
|
||||||
|
"DOCUMENT_SOURCE_PATH"
|
||||||
|
]
|
||||||
|
logger(pre_consume_vars, "pre")
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
main()
|
||||||
|
|
@ -4,3 +4,14 @@
|
||||||
service:
|
service:
|
||||||
name: nginx
|
name: nginx
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
|
||||||
|
- name: restart filebeat
|
||||||
|
service:
|
||||||
|
name: filebeat
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
- name: restart paperless-ngx
|
||||||
|
docker_container:
|
||||||
|
name: paperless-ngx-user-{{ paperless_user }}
|
||||||
|
state: started
|
||||||
|
restart: true
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,5 @@
|
||||||
---
|
---
|
||||||
- import_tasks: paperless-ngx.yml
|
- import_tasks: paperless-ngx.yml
|
||||||
tags: paperless-ngx
|
tags:
|
||||||
|
- paperless-ngx
|
||||||
|
- paperless
|
||||||
|
|
|
||||||
|
|
@ -39,30 +39,83 @@
|
||||||
tags:
|
tags:
|
||||||
- mariadb-users
|
- mariadb-users
|
||||||
|
|
||||||
- name: create dir structure
|
- name: create dir structure for paperless-ngx
|
||||||
file:
|
file:
|
||||||
path: "{{ systemuserlist.paperless.home }}/{{ item.name }}"
|
path: "{{ systemuserlist.paperless.home }}/{{ item.name }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0775
|
mode: 0775
|
||||||
owner: "{{ item.owner|default('paperless') }}"
|
owner: "{{ item.owner|default('paperless') }}"
|
||||||
group: "{{ item.group|default('paperless') }}"
|
group: "{{ item.group|default('paperless') }}"
|
||||||
|
tags:
|
||||||
|
- paperless-dirs
|
||||||
with_items:
|
with_items:
|
||||||
# checked dockerfile: https://github.com/docker-library/redis/blob/master/7.0/Dockerfile
|
# checked dockerfile: https://github.com/docker-library/redis/blob/master/7.0/Dockerfile
|
||||||
- name: redis
|
- name: redis
|
||||||
owner: 999
|
owner: 999
|
||||||
group: 999
|
group: 999
|
||||||
- name: redis/data
|
- name: redis/data-{{ paperless_user }}
|
||||||
owner: 999
|
owner: 999
|
||||||
group: 999
|
group: 999
|
||||||
- name: paperless-ngx
|
- name: paperless-ngx
|
||||||
|
- name: paperless-ngx/bin
|
||||||
- name: paperless-ngx/data
|
- name: paperless-ngx/data
|
||||||
- name: paperless-ngx/media
|
- name: paperless-ngx/data/{{ paperless_user }}
|
||||||
- name: paperless-ngx/export
|
owner: "{{ paperless_user }}"
|
||||||
- name: paperless-ngx/consume
|
group: "{{ paperless_user }}"
|
||||||
|
|
||||||
- name: redis container for paperless-nx
|
- name: ensure {{ paperless_users_path }} exists
|
||||||
|
file:
|
||||||
|
path: "{{ paperless_users_path }}"
|
||||||
|
state: directory
|
||||||
|
mode: 0755
|
||||||
|
owner: paperless
|
||||||
|
group: paperless
|
||||||
|
tags:
|
||||||
|
- paperless-dirs
|
||||||
|
|
||||||
|
- name: ensure {{ paperless_users_path }}/{{ paperless_user }} exists
|
||||||
|
file:
|
||||||
|
path: "{{ paperless_users_path }}/{{ paperless_user }}"
|
||||||
|
state: directory
|
||||||
|
mode: 0750
|
||||||
|
owner: "{{ paperless_user }}"
|
||||||
|
group: "{{ paperless_user }}"
|
||||||
|
tags:
|
||||||
|
- paperless-dirs
|
||||||
|
|
||||||
|
- name: create dir structure for user in {{ paperless_users_path }}/{{ paperless_user }}}
|
||||||
|
file:
|
||||||
|
path: "{{ paperless_users_path }}/{{ paperless_user }}/{{ item }}"
|
||||||
|
state: directory
|
||||||
|
mode: 0750
|
||||||
|
owner: "{{ paperless_user }}"
|
||||||
|
group: "{{ paperless_user }}"
|
||||||
|
tags:
|
||||||
|
- paperless-dirs
|
||||||
|
with_items:
|
||||||
|
- media
|
||||||
|
- media/trash
|
||||||
|
- export
|
||||||
|
- consume
|
||||||
|
|
||||||
|
- name: paperless scripts
|
||||||
|
copy:
|
||||||
|
src: "{{ item }}"
|
||||||
|
dest: "{{ systemuserlist.paperless.home }}/paperless-ngx/bin/{{ item }}"
|
||||||
|
owner: paperless
|
||||||
|
group: paperless
|
||||||
|
mode: 0775
|
||||||
|
with_items:
|
||||||
|
- common_consume.py
|
||||||
|
- post-consume.py
|
||||||
|
- pre-consume.py
|
||||||
|
tags:
|
||||||
|
- paperless-scripts
|
||||||
|
- paperless-bin
|
||||||
|
|
||||||
|
- name: redis container for paperless-ngx user {{ paperless_user }}
|
||||||
docker_container:
|
docker_container:
|
||||||
name: paperless-ngx-redis
|
name: paperless-ngx-redis-{{ paperless_user }}
|
||||||
image: "redis:latest"
|
image: "redis:latest"
|
||||||
restart_policy: "unless-stopped"
|
restart_policy: "unless-stopped"
|
||||||
auto_remove: false
|
auto_remove: false
|
||||||
|
|
@ -71,7 +124,7 @@
|
||||||
state: started
|
state: started
|
||||||
container_default_behavior: compatibility
|
container_default_behavior: compatibility
|
||||||
env:
|
env:
|
||||||
REDIS_HOST: paperless-ngx-redis
|
REDIS_HOST: paperless-ngx-redis-{{ paperless_user }}
|
||||||
networks_cli_compatible: false
|
networks_cli_compatible: false
|
||||||
networks:
|
networks:
|
||||||
- name: bridgewithdns
|
- name: bridgewithdns
|
||||||
|
|
@ -82,7 +135,7 @@
|
||||||
test: "redis-cli --raw incr ping"
|
test: "redis-cli --raw incr ping"
|
||||||
mounts:
|
mounts:
|
||||||
- type: bind
|
- type: bind
|
||||||
source: "{{ systemuserlist.paperless.home }}/redis/data"
|
source: "{{ systemuserlist.paperless.home }}/redis/data-{{ paperless_user }}"
|
||||||
target: /data
|
target: /data
|
||||||
tags:
|
tags:
|
||||||
- paperless-containers
|
- paperless-containers
|
||||||
|
|
@ -91,6 +144,62 @@
|
||||||
- paperless-ngx-redis
|
- paperless-ngx-redis
|
||||||
- redis
|
- redis
|
||||||
|
|
||||||
|
# https://tika.apache.org/
|
||||||
|
# used to convert office documents
|
||||||
|
- name: tika container for paperless-ngx
|
||||||
|
docker_container:
|
||||||
|
name: paperless-ngx-tika
|
||||||
|
image: "ghcr.io/paperless-ngx/tika:latest"
|
||||||
|
restart_policy: "unless-stopped"
|
||||||
|
auto_remove: false
|
||||||
|
detach: true
|
||||||
|
pull: true
|
||||||
|
state: started
|
||||||
|
container_default_behavior: compatibility
|
||||||
|
networks_cli_compatible: false
|
||||||
|
networks:
|
||||||
|
- name: bridgewithdns
|
||||||
|
tags:
|
||||||
|
- paperless-containers
|
||||||
|
- paperless-ngx-containers
|
||||||
|
- docker-containers
|
||||||
|
- paperless-ngx-tika
|
||||||
|
- tika-container
|
||||||
|
|
||||||
|
# https://gotenberg.dev/
|
||||||
|
# also used for office documents, converting them
|
||||||
|
- name: gotenberg container for paperless-ngx
|
||||||
|
docker_container:
|
||||||
|
name: paperless-ngx-gotenberg
|
||||||
|
image: "docker.io/gotenberg/gotenberg:7"
|
||||||
|
restart_policy: "unless-stopped"
|
||||||
|
auto_remove: false
|
||||||
|
detach: true
|
||||||
|
pull: true
|
||||||
|
state: started
|
||||||
|
container_default_behavior: compatibility
|
||||||
|
networks_cli_compatible: false
|
||||||
|
networks:
|
||||||
|
- name: bridgewithdns
|
||||||
|
env:
|
||||||
|
CHROMIUM_DISABLE_ROUTES: "1"
|
||||||
|
tags:
|
||||||
|
- paperless-containers
|
||||||
|
- paperless-ngx-containers
|
||||||
|
- docker-containers
|
||||||
|
- paperless-ngx-gotenberg
|
||||||
|
- gotenberg-container
|
||||||
|
|
||||||
|
- name: template {{ paperless_user }}.env
|
||||||
|
template:
|
||||||
|
src: paperless-ngx.env.j2
|
||||||
|
dest: "{{ systemuserlist.paperless.home }}/paperless-ngx/{{ paperless_user }}.env"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0750
|
||||||
|
tags:
|
||||||
|
- paperless-config
|
||||||
|
|
||||||
# https://github.com/paperless-ngx/paperless-ngx/blob/main/Dockerfile
|
# https://github.com/paperless-ngx/paperless-ngx/blob/main/Dockerfile
|
||||||
# uid stuff docs: https://paperless-ngx.readthedocs.io/en/latest/setup.html?highlight=usermap
|
# uid stuff docs: https://paperless-ngx.readthedocs.io/en/latest/setup.html?highlight=usermap
|
||||||
# uid stuff source: https://github.com/paperless-ngx/paperless-ngx/blob/main/docker/docker-entrypoint.sh#L37
|
# uid stuff source: https://github.com/paperless-ngx/paperless-ngx/blob/main/docker/docker-entrypoint.sh#L37
|
||||||
|
|
@ -106,9 +215,10 @@
|
||||||
# tika: metadata extracter
|
# tika: metadata extracter
|
||||||
#
|
#
|
||||||
# proxy auth for authelia: https://paperless-ngx.readthedocs.io/en/latest/configuration.html?highlight=auth#hosting-security
|
# proxy auth for authelia: https://paperless-ngx.readthedocs.io/en/latest/configuration.html?highlight=auth#hosting-security
|
||||||
|
|
||||||
- name: start paperless-ngx-webserver container
|
- name: start paperless-ngx-webserver container
|
||||||
docker_container:
|
docker_container:
|
||||||
name: paperless-ngx-webserver
|
name: paperless-ngx-user-{{ paperless_user }}
|
||||||
image: ghcr.io/paperless-ngx/paperless-ngx:latest
|
image: ghcr.io/paperless-ngx/paperless-ngx:latest
|
||||||
restart_policy: "unless-stopped"
|
restart_policy: "unless-stopped"
|
||||||
auto_remove: false
|
auto_remove: false
|
||||||
|
|
@ -124,38 +234,21 @@
|
||||||
ipv4_address: "{{ bridgewithdns['paperless-ngx-webserver'] }}"
|
ipv4_address: "{{ bridgewithdns['paperless-ngx-webserver'] }}"
|
||||||
mounts:
|
mounts:
|
||||||
- type: bind
|
- type: bind
|
||||||
source: "{{ systemuserlist.paperless.home }}/paperless-ngx/data"
|
source: "{{ systemuserlist.paperless.home }}/paperless-ngx/data/{{ paperless_user }}"
|
||||||
target: /usr/src/paperless/data
|
target: /usr/src/paperless/data
|
||||||
- type: bind
|
- type: bind
|
||||||
source: "{{ systemuserlist.paperless.home }}/paperless-ngx/media"
|
source: "{{ paperless_users_path }}/{{ paperless_user }}/media"
|
||||||
target: /usr/src/paperless/media
|
target: /usr/src/paperless/media
|
||||||
- type: bind
|
- type: bind
|
||||||
source: "{{ systemuserlist.paperless.home }}/paperless-ngx/export"
|
source: "{{ paperless_users_path }}/{{ paperless_user }}/export"
|
||||||
target: /usr/src/paperless/export
|
target: /usr/src/paperless/export
|
||||||
- type: bind
|
- type: bind
|
||||||
source: "{{ systemuserlist.paperless.home }}/paperless-ngx/consume"
|
source: "{{ paperless_users_path }}/{{ paperless_user }}/consume"
|
||||||
target: /usr/src/paperless/consume
|
target: /usr/src/paperless/consume
|
||||||
env:
|
- type: bind
|
||||||
USERMAP_UID: "{{ systemuserlist.paperless.uid }}"
|
source: "{{ systemuserlist.paperless.home }}/paperless-ngx/bin"
|
||||||
USERMAP_GID: "{{ systemuserlist.paperless.gid }}"
|
target: /usr/src/paperless/bin/
|
||||||
PAPERLESS_URL: "https://{{ paperless_url }}"
|
env_file: "{{ systemuserlist.paperless.home }}/paperless-ngx/{{ paperless_user }}.env"
|
||||||
PAPERLESS_SECRET_KEY: "{{ paperless_secret_key }}"
|
|
||||||
PAPERLESS_OCR_LANGUAGES: "{{ paperless_ocr_langs }}"
|
|
||||||
PAPERLESS_OCR_LANGUAGE: "{{ paperless_ocr_default_lang }}"
|
|
||||||
PAPERLESS_REDIS: redis://paperless-ngx-redis:6379
|
|
||||||
PAPERLESS_DBENGINE: mariadb
|
|
||||||
PAPERLESS_DBHOST: "{{ mariadb_host }}"
|
|
||||||
PAPERLESS_DBNAME: "{{ mariadb_db }}"
|
|
||||||
PAPERLESS_DBUSER: "{{ systemuserlist.paperless.username }}"
|
|
||||||
PAPERLESS_DBPASS: "{{ systemuserlist.paperless.mariadb_pass }}"
|
|
||||||
PAPERLESS_DBPORT: "3306"
|
|
||||||
PAPERLESS_TIME_ZONE: UTC
|
|
||||||
PAPERLESS_ADMIN_USER: "{{ paperless_admin_user }}"
|
|
||||||
PAPERLESS_ADMIN_MAIL: "{{ paperless_admin_email }}"
|
|
||||||
PAPERLESS_ADMIN_PASSWORD: "{{ paperless_admin_passwd }}"
|
|
||||||
# AUTH
|
|
||||||
PAPERLESS_ENABLE_HTTP_REMOTE_USER: "true"
|
|
||||||
PAPERLESS_LOGOUT_REDIRECT_URL: "https://{{ authelia_login_url }}/logout"
|
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ["CMD", "curl", "-f", "http://localhost:8000"]
|
test: ["CMD", "curl", "-f", "http://localhost:8000"]
|
||||||
interval: 30s
|
interval: 30s
|
||||||
|
|
@ -163,6 +256,8 @@
|
||||||
retries: 5
|
retries: 5
|
||||||
tags:
|
tags:
|
||||||
- paperless-containers
|
- paperless-containers
|
||||||
|
- paperless-container
|
||||||
|
- paperless-config
|
||||||
- paperless-ngx-containers
|
- paperless-ngx-containers
|
||||||
- paperless-ngx-container
|
- paperless-ngx-container
|
||||||
- docker-containers
|
- docker-containers
|
||||||
|
|
@ -182,10 +277,69 @@
|
||||||
with_items:
|
with_items:
|
||||||
- "{{ paperless_url }}"
|
- "{{ paperless_url }}"
|
||||||
|
|
||||||
|
- name: make www dirs
|
||||||
|
file:
|
||||||
|
state: directory
|
||||||
|
path: /var/www/{{ item }}
|
||||||
|
owner: www-data
|
||||||
|
group: www-data
|
||||||
|
mode: 0755
|
||||||
|
loop_control:
|
||||||
|
label: /var/www/{{ item }}
|
||||||
|
with_items:
|
||||||
|
- "{{ paperless_url }}"
|
||||||
|
# helper dir for try_file
|
||||||
|
- "{{ paperless_url }}/{{ paperless_user }}"
|
||||||
|
tags:
|
||||||
|
- paperless-nginx
|
||||||
|
|
||||||
|
- name: template index file for user if user specific urls
|
||||||
|
template:
|
||||||
|
src: paperless_user.html.j2
|
||||||
|
dest: /var/www/{{ paperless_url }}/{{ paperless_user }}.html
|
||||||
|
owner: www-data
|
||||||
|
group: www-data
|
||||||
|
mode: 0755
|
||||||
|
tags:
|
||||||
|
- paperless-nginx
|
||||||
|
when:
|
||||||
|
- paperless_user_specific_urls
|
||||||
|
|
||||||
|
- name: remove index files for user if not user specific urls
|
||||||
|
file:
|
||||||
|
state: absent
|
||||||
|
dest: /var/www/{{ paperless_url }}/{{ paperless_user }}.html
|
||||||
|
tags:
|
||||||
|
- paperless-nginx
|
||||||
|
when:
|
||||||
|
- not paperless_user_specific_urls
|
||||||
|
|
||||||
|
- name: template whoami.json
|
||||||
|
template:
|
||||||
|
src: "{{ item }}.j2"
|
||||||
|
dest: /var/www/{{ paperless_url }}/{{ item }}
|
||||||
|
owner: www-data
|
||||||
|
group: www-data
|
||||||
|
mode: 0644
|
||||||
|
with_items:
|
||||||
|
- whoami.json
|
||||||
|
tags:
|
||||||
|
- paperless-nginx
|
||||||
|
|
||||||
|
- name: add favicon
|
||||||
|
copy:
|
||||||
|
src: favicon.ico
|
||||||
|
dest: /var/www/{{ paperless_url }}/favicon.ico
|
||||||
|
owner: www-data
|
||||||
|
group: www-data
|
||||||
|
mode: 0755
|
||||||
|
tags:
|
||||||
|
- paperless-nginx
|
||||||
|
|
||||||
- name: template nginx vhost for paperless
|
- name: template nginx vhost for paperless
|
||||||
template:
|
template:
|
||||||
src: 01-paperless.j2
|
src: 01-paperless.j2
|
||||||
dest: /etc/nginx/sites-enabled/01-paperless
|
dest: /etc/nginx/sites-enabled/01-{{ paperless_url }}
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
|
@ -193,3 +347,15 @@
|
||||||
- nginx
|
- nginx
|
||||||
- paperless-nginx
|
- paperless-nginx
|
||||||
notify: reload nginx
|
notify: reload nginx
|
||||||
|
|
||||||
|
- name: template filebeat config
|
||||||
|
template:
|
||||||
|
src: filebeat-paperless.yml.j2
|
||||||
|
dest: "/etc/filebeat/inputs.d/paperless-{{ paperless_user }}.yml"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
tags:
|
||||||
|
- filebeat
|
||||||
|
- filebeat-paperless-ngx
|
||||||
|
notify: restart filebeat
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,80 @@
|
||||||
|
map $authelia_user $paperless_upstream {
|
||||||
|
ben {{ bridgewithdns['paperless-ngx-webserver'] }}:8000;
|
||||||
|
#default localhost:8000;
|
||||||
|
}
|
||||||
|
|
||||||
|
# cant use variables in the regex of a map
|
||||||
|
map $uri $paperless_uri {
|
||||||
|
'/$authelia_user' '/$authelia_user/';
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
{% if inventory_hostname in wg_clients -%}
|
||||||
|
listen {{ wg_clients[inventory_hostname].ip }}:443 ssl http2;
|
||||||
|
{% endif -%}
|
||||||
|
|
||||||
|
root /var/www/{{ paperless_url }};
|
||||||
|
server_name {{ paperless_url }};
|
||||||
|
|
||||||
|
include listen-proxy-protocol.conf;
|
||||||
|
include /etc/nginx/authelia_internal.conf;
|
||||||
|
include /etc/nginx/sudo-known.conf;
|
||||||
|
|
||||||
|
resolver {{ pihole_dns }} ipv6=off;
|
||||||
|
|
||||||
|
# set_real_ip_from 10.0.0.0/8;
|
||||||
|
# set_real_ip_from 172.16.0.0/12;
|
||||||
|
# set_real_ip_from 192.168.0.0/16;
|
||||||
|
# set_real_ip_from fc00::/7;
|
||||||
|
# real_ip_header X-Forwarded-For;
|
||||||
|
# real_ip_recursive on;
|
||||||
|
|
||||||
|
|
||||||
|
include /etc/nginx/require_auth.conf;
|
||||||
|
if ($paperless_uri)
|
||||||
|
{
|
||||||
|
rewrite ^/(\w+)$ $1/ last;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
include /etc/nginx/require_auth_proxy.conf;
|
||||||
|
|
||||||
|
# both work!
|
||||||
|
set $paperless_user $authelia_user;
|
||||||
|
#set $paperless_user $1;
|
||||||
|
|
||||||
|
# this also works! (but not if you use return)
|
||||||
|
#add_header "paperless-authelia-user" $authelia_user always;
|
||||||
|
|
||||||
|
set $paperless_user $authelia_user;
|
||||||
|
add_header "paperless-user" $authelia_user always;
|
||||||
|
add_header "paperless-uri" $uri always;
|
||||||
|
add_header "paperless-proxy" "true" always;
|
||||||
|
add_header "paperless-location-root" "true" always;
|
||||||
|
add_header "paperless-upstream" $paperless_upstream always;
|
||||||
|
|
||||||
|
# rewrite ^ $request_uri;
|
||||||
|
#rewrite '^/\w*(/ws/.*)$' $1 break;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
|
||||||
|
proxy_redirect off;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Host $server_name;
|
||||||
|
|
||||||
|
proxy_pass http://$paperless_upstream;
|
||||||
|
}
|
||||||
|
|
||||||
|
access_log /var/log/nginx/access_{{ paperless_url }}.log main;
|
||||||
|
error_log /var/log/nginx/error_{{ paperless_url }}.log warn;
|
||||||
|
|
||||||
|
ssl_session_timeout 5m;
|
||||||
|
ssl_certificate /usr/local/etc/certs/{{ paperless_url }}/fullchain.pem;
|
||||||
|
ssl_certificate_key /usr/local/etc/certs/{{ paperless_url }}/privkey.pem;
|
||||||
|
|
||||||
|
fastcgi_hide_header X-Powered-By;
|
||||||
|
}
|
||||||
|
|
@ -1,16 +1,21 @@
|
||||||
|
map $authelia_user $paperless_upstream {
|
||||||
|
{{ paperless_user }} {{ bridgewithdns['paperless-ngx-webserver'] }}:8000;
|
||||||
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl http2;
|
listen 443 ssl http2;
|
||||||
{% if inventory_hostname in wg_clients -%}
|
{% if inventory_hostname in wg_clients -%}
|
||||||
listen {{ wg_clients[inventory_hostname].ip }}:443 ssl http2;
|
listen {{ wg_clients[inventory_hostname].ip }}:443 ssl http2;
|
||||||
{% endif -%}
|
{% endif -%}
|
||||||
|
|
||||||
include /etc/nginx/authelia_internal.conf;
|
root /var/www/{{ paperless_url }};
|
||||||
|
|
||||||
include listen-proxy-protocol.conf;
|
|
||||||
include /etc/nginx/sudo-known.conf;
|
|
||||||
|
|
||||||
server_name {{ paperless_url }};
|
server_name {{ paperless_url }};
|
||||||
|
|
||||||
|
include listen-proxy-protocol.conf;
|
||||||
|
include /etc/nginx/authelia_internal.conf;
|
||||||
|
include /etc/nginx/sudo-known.conf;
|
||||||
|
|
||||||
|
resolver {{ pihole_dns }} ipv6=off;
|
||||||
|
|
||||||
# set_real_ip_from 10.0.0.0/8;
|
# set_real_ip_from 10.0.0.0/8;
|
||||||
# set_real_ip_from 172.16.0.0/12;
|
# set_real_ip_from 172.16.0.0/12;
|
||||||
|
|
@ -19,11 +24,56 @@ server {
|
||||||
# real_ip_header X-Forwarded-For;
|
# real_ip_header X-Forwarded-For;
|
||||||
# real_ip_recursive on;
|
# real_ip_recursive on;
|
||||||
|
|
||||||
|
include /etc/nginx/require_auth.conf;
|
||||||
|
|
||||||
|
location = / {
|
||||||
|
add_before_body /.sudo-known/header.html;
|
||||||
|
add_after_body /.sudo-known/footer.html;
|
||||||
|
|
||||||
|
add_header "paperless-user" $authelia_user always;
|
||||||
|
add_header "paperless-uri" $uri always;
|
||||||
|
add_header "paperless-proxy" "false" always;
|
||||||
|
add_header "paperless-location-root" "true" always;
|
||||||
|
|
||||||
|
# if there is no file '$authelia_user.html', nginx issues
|
||||||
|
# a redirect to /$authelia_user/ instead (via an internal
|
||||||
|
# location)
|
||||||
|
try_files /$authelia_user.html /_redirect?user=$authelia_user;
|
||||||
|
|
||||||
|
}
|
||||||
location / {
|
location / {
|
||||||
include /etc/nginx/require_auth.conf;
|
# this block serves files from the www root (/whoami, mostly), unless
|
||||||
|
# there is a directory with the same name as $uri is looking for (without
|
||||||
|
# the leading /, then it gets caught by the regexp location), then it will
|
||||||
|
# redirect to $uri/ which should be caught by the regexp block, otherwise
|
||||||
|
# a 404 is returned.
|
||||||
|
# theres no logic in the nginx config for this, it just depends on try_files
|
||||||
|
# finding a dir with the matching name, then nginx will issue a redirect, and
|
||||||
|
# is probably expecting to serve up files from that dir next.
|
||||||
|
|
||||||
|
add_header "paperless-user" $authelia_user always;
|
||||||
|
add_header "paperless-uri" $uri always;
|
||||||
|
add_header "paperless-proxy" "false" always;
|
||||||
|
add_header "paperless-location-root" "false" always;
|
||||||
|
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /_redirect {
|
||||||
|
internal;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~* ^/(?<paperless_user>\w+)/(.*)$ {
|
||||||
include /etc/nginx/require_auth_proxy.conf;
|
include /etc/nginx/require_auth_proxy.conf;
|
||||||
|
|
||||||
proxy_pass http://{{ bridgewithdns['paperless-ngx-webserver'] }}:8000;
|
# both work!
|
||||||
|
#set $paperless_user $authelia_user;
|
||||||
|
#set $paperless_user $1;
|
||||||
|
# this also works! (but not if you use return)
|
||||||
|
#add_header "paperless-authelia-user" $authelia_user always;
|
||||||
|
|
||||||
|
# rewrite ^ $request_uri;
|
||||||
|
rewrite '^/\w*(/ws/.*)$' $1 break;
|
||||||
|
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
|
@ -34,6 +84,13 @@ server {
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header X-Forwarded-Host $server_name;
|
proxy_set_header X-Forwarded-Host $server_name;
|
||||||
|
|
||||||
|
add_header "paperless-user" $authelia_user always;
|
||||||
|
add_header "paperless-uri" $uri always;
|
||||||
|
add_header "paperless-proxy" "true" always;
|
||||||
|
add_header "paperless-upstream" $paperless_upstream always;
|
||||||
|
|
||||||
|
proxy_pass http://$paperless_upstream;
|
||||||
}
|
}
|
||||||
|
|
||||||
access_log /var/log/nginx/access_{{ paperless_url }}.log main;
|
access_log /var/log/nginx/access_{{ paperless_url }}.log main;
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,38 @@
|
||||||
|
- type: filestream
|
||||||
|
paths:
|
||||||
|
- "{{ systemuserlist.paperless.home }}/paperless-ngx/data/{{ paperless_user }}/log/consume.log"
|
||||||
|
|
||||||
|
scan_frequency: 10s
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
parsers:
|
||||||
|
- ndjson:
|
||||||
|
keys_under_root: true
|
||||||
|
add_error_key: true
|
||||||
|
|
||||||
|
fields_under_root: true
|
||||||
|
fields:
|
||||||
|
service.type: paperless
|
||||||
|
consume: true
|
||||||
|
#paperless_user: "{{ paperless_user }}"
|
||||||
|
|
||||||
|
tags:
|
||||||
|
- paperless
|
||||||
|
- consumer
|
||||||
|
|
||||||
|
|
||||||
|
- type: filestream
|
||||||
|
paths:
|
||||||
|
- "{{ systemuserlist.paperless.home }}/paperless-ngx/data/{{ paperless_user }}/log/paperless.log"
|
||||||
|
- "{{ systemuserlist.paperless.home }}/paperless-ngx/data/{{ paperless_user }}/log/mail.log"
|
||||||
|
|
||||||
|
scan_frequency: 10s
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
fields_under_root: true
|
||||||
|
fields:
|
||||||
|
service.type: paperless
|
||||||
|
paperless_user: "{{ paperless_user }}"
|
||||||
|
|
||||||
|
tags:
|
||||||
|
- paperless
|
||||||
|
|
@ -0,0 +1,52 @@
|
||||||
|
PAPERLESS_URL=https://{{ paperless_url }}
|
||||||
|
PAPERLESS_SECRET_KEY={{ paperless_secret_key }}
|
||||||
|
PAPERLESS_DBENGINE=mariadb
|
||||||
|
PAPERLESS_DBHOST={{ mariadb_host }}
|
||||||
|
PAPERLESS_DBNAME={{ mariadb_db }}
|
||||||
|
PAPERLESS_DBUSER={{ systemuserlist.paperless.username }}
|
||||||
|
PAPERLESS_DBPASS={{ systemuserlist.paperless.mariadb_pass }}
|
||||||
|
PAPERLESS_DBPORT=3306
|
||||||
|
PAPERLESS_TIME_ZONE=UTC
|
||||||
|
# USER
|
||||||
|
USERMAP_UID={{ userlist[paperless_user]['uid'] }}
|
||||||
|
USERMAP_GID={{ userlist[paperless_user]['gid'] }}
|
||||||
|
{% if paperless_user_specific_urls -%}
|
||||||
|
PAPERLESS_FORCE_SCRIPT_NAME=/{{ paperless_user }}
|
||||||
|
PAPERLESS_STATIC_URL=/{{ paperless_user }}/static/
|
||||||
|
{% endif %}
|
||||||
|
# FILES
|
||||||
|
PAPERLESS_FILENAME_FORMAT_REMOVE_NONE=true
|
||||||
|
PAPERLESS_TRASH_DIR=../media/trash
|
||||||
|
#PAPERLESS_FILENAME_FORMAT={{ paperless_filename_format }}
|
||||||
|
# OCR
|
||||||
|
# see=https://ocrmypdf.readthedocs.io/en/latest/api.html#reference
|
||||||
|
# PAPERLESS_OCR_USER_ARGS=<json>
|
||||||
|
PAPERLESS_OCR_CLEAN=clean
|
||||||
|
PAPERLESS_OCR_MODE={{ paperless_ocr_mode }}
|
||||||
|
# lang codes=https://www.loc.gov/standards/iso639-2/php/code_list.php
|
||||||
|
PAPERLESS_OCR_LANGUAGES={{ paperless_ocr_langs|join(' ') }}
|
||||||
|
PAPERLESS_OCR_LANGUAGE={{ paperless_ocr_langs|join('+') }}
|
||||||
|
# INITIAL ADMIN USER
|
||||||
|
PAPERLESS_ADMIN_USER={{ paperless_admin_user }}
|
||||||
|
PAPERLESS_ADMIN_MAIL={{ paperless_admin_email }}
|
||||||
|
PAPERLESS_ADMIN_PASSWORD={{ paperless_admin_passwd }}
|
||||||
|
# DATES
|
||||||
|
PAPERLESS_IGNORE_DATES={{ userlist[paperless_user]['birthday'] }},1970-01-01
|
||||||
|
PAPERLESS_NUMBER_OF_SUGGESTED_DATES=5
|
||||||
|
# AUTH
|
||||||
|
PAPERLESS_ENABLE_HTTP_REMOTE_USER=true
|
||||||
|
PAPERLESS_LOGOUT_REDIRECT_URL=https://{{ authelia_login_url }}/logout
|
||||||
|
# CONSUMER
|
||||||
|
PAPERLESS_POST_CONSUME_SCRIPT=/usr/src/paperless/bin/post-consume.py
|
||||||
|
PAPERLESS_PRE_CONSUME_SCRIPT=/usr/src/paperless/bin/pre-consume.py
|
||||||
|
PAPERLESS_CONSUMER_RECURSIVE=true
|
||||||
|
PAPERLESS_CONSUMER_SUBDIRS_AS_TAG=true
|
||||||
|
# (default) leave duplicates
|
||||||
|
PAPERLESS_CONSUMER_DELETE_DUPLICATES=false
|
||||||
|
# REDIS, TIKA, GOTENBERG
|
||||||
|
PAPERLESS_REDIS=redis://paperless-ngx-redis-{{ paperless_user }}:6379
|
||||||
|
PAPERLESS_TIKA_ENABLED=true
|
||||||
|
PAPERLESS_TIKA_ENDPOINT=http://paperless-ngx-tika:9998
|
||||||
|
PAPERLESS_TIKA_GOTENBERG_ENDPOINT=http://paperless-ngx-gotenberg:3000
|
||||||
|
# CUSTOM
|
||||||
|
PAPERLESS_USER={{ paperless_user }}
|
||||||
|
|
@ -0,0 +1,41 @@
|
||||||
|
|
||||||
|
<div class="terminal">
|
||||||
|
<div class="pagetitle">{{ paperless_url }} | {{ paperless_user }}</div>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li class="icon">
|
||||||
|
<a href="/ben">/ben</a>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="terminal">
|
||||||
|
<div class="subpagetitle">> shared</div>
|
||||||
|
<ul>
|
||||||
|
<li class="icon">
|
||||||
|
<a href="/petstore">/petstore</a>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
{{ inventory_hostname }}
|
||||||
|
|
||||||
|
<script>
|
||||||
|
window.onload = function() {
|
||||||
|
console.log(document.location);
|
||||||
|
if (document.location == "https://{{ paperless_url }}/") {
|
||||||
|
var xhr = new XMLHttpRequest();
|
||||||
|
xhr.addEventListener("load", function() {
|
||||||
|
paperless_user = xhr.getResponseHeader("Paperless-User").toLowerCase();
|
||||||
|
redirect = "https://{{ paperless_url }}/" + paperless_user + "/";
|
||||||
|
console.log(redirect)
|
||||||
|
setTimeout(function() {
|
||||||
|
window.location.replace(redirect);
|
||||||
|
}, 10000);
|
||||||
|
}, false);
|
||||||
|
xhr.open('GET', "/whoami.json");
|
||||||
|
xhr.send();
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
</script>
|
||||||
|
|
@ -0,0 +1 @@
|
||||||
|
{{ {} | to_nice_json() }}
|
||||||
Loading…
Reference in New Issue