Updates

Add docker compose for paperless
2026-05-26 15:51:33 +02:00
parent c1795eccc8
commit 701b80ed65
9 changed files with 188 additions and 11691 deletions
@@ -24,24 +24,44 @@ provider "registry.opentofu.org/browningluke/opnsense" {
  ]
 }

-provider "registry.opentofu.org/kreuzwerker/docker" {
-  version     = "3.6.2"
-  constraints = "3.6.2"
+provider "registry.opentofu.org/hashicorp/null" {
+  version = "3.3.0"
  hashes = [
-    "h1:1K3j0xUY2D0+E+DBDQc6k1u6Al9MkuNWrIC9rnvwFSM=",
-    "h1:sbdKCURC0XeBU6kPVfj24w7mtZtKbuibaqxtZEZ4bjU=",
-    "zh:22b51a8fb63481d290bdad9a221bc8c9e45d66d1a0cd45beed3f3627bf1debd8",
-    "zh:2b902eb80a1ae033af1135cc165d192668820a7f8ea15beb5472f811c18bea1f",
-    "zh:57815dcea28aedb86ed33924cd186aaee8bd31670bd78437a2a2daf2b00ce2ae",
-    "zh:583af9c6fe7e3bfc04f50aec046a9b4f98b7eddd6d1e143454e5d06a66afcf87",
-    "zh:80f8cba54f639a53c4d7714edb7246064b7f4f48ba93a70f18c914d656d799db",
-    "zh:894709f0c393c4ee91fdb849128e7f0bce688f293cd1643a6d4e39c842367278",
-    "zh:a91b41dbcb203d6dae2bb72b98c4c21c41255026b35df01895882784c4650071",
-    "zh:aec40a8157aae093412a1fb9a71ab2bea370db152e285c2d81e37ed378444b9c",
-    "zh:b87d7def2485dde6e57723c1265158f371440a8a84954c9fdb0580cf89de66bf",
-    "zh:b9dc243200ad9cd00250cb8c793ecea4ee3c57a121faf8efdb289f30008b5778",
-    "zh:dcb103831db6d3ef95468685cd104be3928793996542a1f675dc34a2ce67951d",
-    "zh:e59b4a0f2b5881016896d4417b1ab2fb87f34450663efeb01f3bcf7c3606fbbb",
-    "zh:fbd068c01114f0712578cf02f363b5521338ab1befedddf7090da532298b43d0",
+    "h1:0r7+t8CqzjfBgHgEiJGBCw+McEUdRXliMdF+Hk29d8o=",
+    "zh:083dcc0bec53f8abfa3f2aa2ce9d732a9675338fd60ae7d61162e25db7cb08bf",
+    "zh:19f7456b5a2ad16595860974714bfdb25b87bc16356ea9d5c7453892aaa27864",
+    "zh:222c0ed1fed4e4c677ebe626104dbfdba66763e264de0d9c27c58ce60104ee69",
+    "zh:271711d6caa7dd5a4e9b79fe8c679fab61a840bcf80040a0f5ebb425d1b27d97",
+    "zh:5adcf35f30baaea13f80c2a2c774deb9369892719493049687e23476c9dff40f",
+    "zh:5bcfd19df16e73d7f0ad75bd09e2b3b86cf6700d09822d585d68304b71de1d97",
+    "zh:604edecf263e38674decb35bb4e0e048fdc951f26fa103c33065ff9728f0313b",
+    "zh:782acbfb4fa4807e273e588fe45b4aaea9dd0fd1136f76ec3200f6f4db3af8d6",
+    "zh:84411a596d528fe67294e5c1cfd0c2036b08802497bcc4215ce518924f3c9a4a",
+    "zh:85e79eecf3f5348975cffec3016b0eba3baf605646102d4348796ccd2df2e5f6",
+    "zh:95669535ca17aeefef307ebfd59ce6930953173baae5637e8cbbf0297ec7ad58",
+    "zh:d04d9b177747bfd66b4a45b5d911a2a7822aa8451f5e35621971fb7a4206b530",
+    "zh:e6d9c924475283e90833450a14a732f4deb6d9bb131db8f86ab856e894270836",
+    "zh:ebcab0c8a1334c86ed7cfa53f571a17ad6d27e9901f27a8854ea622a74b54bb6",
+    "zh:ef9c757bb2c83d2103811a3d86b6ec5be06b0ffc337b84db1582d023bce7cdcd",
+  ]
+}
+
+provider "registry.opentofu.org/kreuzwerker/docker" {
+  version     = "4.4.0"
+  constraints = "4.4.0"
+  hashes = [
+    "h1:EJxOr2QM2pYk0vPLXvnOaxolzVOMwVl8+nRDLXULVJw=",
+    "zh:0ae16c1fd4a2d6d8b54791e2fbca20381fb9fc29809ee59d4f422ac636c9b659",
+    "zh:0f92b1d5296d80b90daff0909b8aeb9ed5c3db1436c74016a8ecbf6a57fafe1b",
+    "zh:29fb91dd3e3b6de5ce36f272e527b6efcdbcd83c8eb0679402a1985ab1a3d7fd",
+    "zh:4068cc8ec1a9d964d782798903a9632fdd1c92980b11df7f5800a98a312e4a8b",
+    "zh:5a094282a227eb3f5c9bd34a487a514de4544bf2a735a546dc53bd501addca1b",
+    "zh:705347ab6e39a4a926d9d6c6789a6c23cc09e103bec72209fe9267533c92e200",
+    "zh:74216104006de3252d13790c101415d4ff8f09bbd94055a58e8ad6179fea3b55",
+    "zh:86966e73330cf76c92305fb71ce3d6dd560f66d0ea307a94b34f06dfb1075694",
+    "zh:938bb9e908b484abf4a800faa32476f41a3c20d531a186b65a76f924fda7b9d6",
+    "zh:a9a79377d7635f9cb1972680d005aca00dccf5d484d8486697eacbeb856756f2",
+    "zh:cfc1645a65cf5b66d8d9d62666cd069edcee1a8e16df4f78e57b7ffe71c43778",
+    "zh:f38022ff9a675864ee8f8e53c5121731dd4964703c2f7c35bc702a09c4a727a3",
  ]
 }
@@ -1,5 +1,7 @@
 When updating, don't forget docker compose!

+For now it means changing the .tf file for paperless to something else, running `tofu apply` and then again after renaming the file back.
+

 # Docker Compose IPs:
 192.168.3.55: paperless 
@@ -0,0 +1,31 @@
+# locals {
+#   compose_content = file("${path.module}/paperless-ngx/docker-compose.yml")
+# }
+# 
+# # Force update when content changes
+# resource "null_resource" "paperless_compose_update" {
+#   triggers = {
+#     content_hash = md5(local.compose_content)
+#   }
+# 
+#   # Optional: run docker-compose commands manually if needed
+#   # (only needed if you want full control; otherwise just use for dependency)
+#   provisioner "local-exec" {
+#     interpreter = ["bash", "-c"]
+#     command = <<EOT
+#       cd "${path.module}"
+#       docker compose -f docker-compose.yml down
+#       docker compose -f docker-compose.yml up -d --force-recreate
+#     EOT
+#   }
+# }
+
+resource "docker_compose" "paperless-ngx" {
+  project_name = "paperless-ngx"
+
+  config_paths = [
+    "${path.module}/paperless-ngx/docker-compose.yml",
+  ]
+
+  # depends_on = [null_resource.paperless_compose_update]
+}
@@ -0,0 +1,37 @@
+###############################################################################
+# Paperless-ngx settings                                                      #
+###############################################################################
+
+# See http://docs.paperless-ngx.com/configuration/ for all available options.
+
+# The UID and GID of the user used to run paperless in the container. Set this
+# to your UID and GID on the host so that you have write access to the
+# consumption directory.
+#USERMAP_UID=1000
+#USERMAP_GID=1000
+
+# See the documentation linked above for all options. A few commonly adjusted settings
+# are provided below.
+
+# This is required if you will be exposing Paperless-ngx on a public domain
+# (if doing so please consider security measures such as reverse proxy)
+PAPERLESS_URL=https://paperless.rescla.me
+
+# Adjust this key if you plan to make paperless available publicly. It should
+# be a very long sequence of random characters. You don't need to remember it.
+PAPERLESS_SECRET_KEY=OKgFuJUGeUNajhB5z2GKcoOBNED3ZZ3XWbUqYvZLXJrRvWdnWmvMNClWZ2ZIb3hx
+
+# Use this variable to set a timezone for the Paperless Docker containers. Defaults to UTC.
+PAPERLESS_TIME_ZONE=Europe/Amsterdam
+
+# The default language to use for OCR. Set this to the language most of your
+# documents are written in.
+PAPERLESS_OCR_LANGUAGE=nld
+
+# Additional languages to install for text recognition, separated by a whitespace.
+# Note that this is different from PAPERLESS_OCR_LANGUAGE (default=eng), which defines
+# the language used for OCR.
+# The container installs English, German, Italian, Spanish and French by default.
+# See https://packages.debian.org/search?keywords=tesseract-ocr-&searchon=names
+# for available languages.
+PAPERLESS_OCR_LANGUAGES=nld
@@ -0,0 +1,60 @@
+services:
+  broker:
+    image: docker.io/library/redis:8
+    restart: unless-stopped
+    volumes:
+      - /var/lib/containers/paperless-ng/redis:/data
+  db:
+    image: docker.io/library/postgres:18
+    restart: unless-stopped
+    volumes:
+      - /var/lib/containers/paperless-ng/postgresql:/var/lib/postgresql
+    environment:
+      POSTGRES_DB: paperless
+      POSTGRES_USER: paperless
+      POSTGRES_PASSWORD: paperless
+  webserver:
+    image: ghcr.io/paperless-ngx/paperless-ngx:latest
+    restart: unless-stopped
+    depends_on:
+      - db
+      - broker
+      - gotenberg
+      - tika
+    networks:
+      container-public:
+        ipv4_address:  192.168.3.55
+      default:
+    ports:
+      - "8000:8000"
+    volumes:
+      - /var/lib/containers/paperless-ng/data:/usr/src/paperless/data
+      - /var/lib/containers/paperless-ng/media:/usr/src/paperless/media
+      - /var/lib/containers/paperless-ng/export:/usr/src/paperless/export
+      - /var/lib/containers/paperless-ng/consume:/usr/src/paperless/consume
+    env_file: docker-compose.env
+    environment:
+      PAPERLESS_REDIS: redis://broker:6379
+      PAPERLESS_DBHOST: db
+      PAPERLESS_TIKA_ENABLED: 1
+      PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000
+      PAPERLESS_TIKA_ENDPOINT: http://tika:9998
+      PAPERLESS_APPS: allauth.socialaccount.providers.openid_connect
+      PAPERLESS_REDIRECT_LOGIN_TO_SSO: true
+      PAPERLESS_SOCIALACCOUNT_PROVIDERS: '{ "openid_connect": { "APPS": [ { "provider_id": "authelia","name": "Authelia","client_id": "paperless","secret": "mGSTy5JyQ6MpFqPWvdryz.7Cs2gGGQiJFAGAo4hQ.0kLWBfJF0hHMhLhA8R1yeU9Bt0Tvx5n","settings": { "server_url": "https://auth.rescla.me/.well-known/openid-configuration" } } ] } }'
+  gotenberg:
+    image: docker.io/gotenberg/gotenberg:8.25
+    restart: unless-stopped
+    # The gotenberg chromium route is used to convert .eml files. We do not
+    # want to allow external content like tracking pixels or even javascript.
+    command:
+      - "gotenberg"
+      - "--chromium-disable-javascript=true"
+      - "--chromium-allow-list=file:///tmp/.*"
+  tika:
+    image: docker.io/apache/tika:latest
+    restart: unless-stopped
+networks:
+  container-public:
+    name: container-public
+    external: true
@@ -2,7 +2,7 @@ terraform {
  required_providers {
    docker = {
      source  = "kreuzwerker/docker"
-      version = "3.6.2"
+      version = "4.4.0"
    }

    opnsense = {
@@ -155,4 +155,13 @@ resource "docker_volume" "truenas-keepass" {
    device = "//172.20.0.188/keepass"
    o = "username=dqnap,password=vPKnUmApyQRE5$n,file_mode=0777,dir_mode=0777"
  }
+}
+
+resource "docker_volume" "truenas-marc-joplin" {
+  name = "truenas-marc-joplin"
+  driver_opts = {
+    type = "cifs",
+    device = "//172.20.0.188/marc-joplin",
+    o = "username=dqnap,password=vPKnUmApyQRE5$n,file_mode=0777,dir_mode=0777"
+  }
 }
@@ -18,8 +18,7 @@ resource "docker_container" "sftpgo" {
    "SFTPGO_COMMON__PROXY_PROTOCOL=2",
    "SFTPGO_COMMON__PROXY_ALLOWED=192.168.3.29",
    "SFTPGO_WEBDAVD__BINDINGS__0__PORT=8081",
-    "SFTPGO_WEBDAVD__BINDINGS__0__PREFIX=/dav",
-    "SFTPGO_WEBDAVD__BINDINGS__0__PROXY_MODE=1",
+    "SFTPGO_WEBDAVD__BINDINGS__0__PREFIX=/dav"
  ]

  mounts {
@@ -41,9 +40,14 @@ resource "docker_container" "sftpgo" {
  }


+  # volumes {
+  #   container_path = "/storage/keepass"
+  #   volume_name = docker_volume.truenas-keepass.name
+  # }
+
  volumes {
-    container_path = "/storage/keepass"
-    volume_name = docker_volume.truenas-keepass.name
+    container_path = "/storage/joplin"
+    volume_name = docker_volume.truenas-marc-joplin.name
  }

  lifecycle {