Initial commit.

.gitignore

@@ -0,0 +1,7 @@
+*.retry
+*/__pycache__
+*.pyc
+.cache
+.venv
+.env.yml
+docker-compose.yml

.travis.yml

@@ -0,0 +1,29 @@
+---
+language: python
+python: "2.7"
+
+# Use the new container infrastructure
+sudo: false
+
+# Install ansible
+addons:
+  apt:
+    packages:
+    - python-pip
+
+install:
+  # Install ansible
+  - pip install ansible
+
+  # Check ansible version
+  - ansible --version
+
+  # Create ansible.cfg with correct roles_path
+  - printf '[defaults]\nroles_path=../' >ansible.cfg
+
+script:
+  # Basic role syntax check
+  - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/

.yamllint

@@ -0,0 +1,33 @@
+---
+# Based on ansible-lint config
+extends: default
+
+rules:
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
+  colons:
+    max-spaces-after: -1
+    level: error
+  commas:
+    max-spaces-after: -1
+    level: error
+  comments: disable
+  comments-indentation: disable
+  document-start: disable
+  empty-lines:
+    max: 3
+    level: error
+  hyphens:
+    level: error
+  indentation: disable
+  key-duplicates: enable
+  line-length: disable
+  new-line-at-end-of-file: disable
+  new-lines:
+    type: unix
+  trailing-spaces: disable
+  truthy: disable

LICENSE

@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2022 Laur Ivan
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

TODO.md

@@ -0,0 +1,3 @@
+# Roadmap
+
+- [ ] Allow external postgres instance

defaults/main.yml

@@ -0,0 +1,33 @@
+---
+# defaults file for paperless
+
+paperless_admin_user: "admin"
+paperless_admin_password: "changeme"
+
+paperless_image_version_redis: "7"
+paperless_image_version_gotenberg: "7.4"
+paperless_image_version_tika: "latest"
+paperless_image_version_paperless: "latest"
+
+paperless_setup_path: "~/paperless"
+
+paperless_consumer_path: "/mnt/documents-consume"
+paperless_volume_consume: "{{ paperless_consumer_path }}/consume"
+paperless_volume_export: "{{ paperless_consumer_path }}/export"
+
+paperless_volume_base: "/mnt/documents"
+paperless_volume_media: "{{ paperless_volume_base }}/media"
+paperless_volume_metadata: "{{ paperless_volume_base }}/data"
+paperless_volume_redis: "{{ paperless_volume_base }}/redis"
+paperless_volume_db: "{{ paperless_volume_base }}/db"
+
+paperless_uid:
+paperless_gid:
+
+paperless_port: 38000
+
+paperless_image_version_db: "13-alpine"
+paperless_db_host: "postgres"
+paperless_db_port: 5432
+paperless_db_user: "paperless"
+paperless_db_password: "changeme"

handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for paperless

meta/main.yml

@@ -0,0 +1,34 @@
+galaxy_info:
+  author: Laur Ivan
+  namespace: laurivan
+  role_name: paperless
+  description: Paperless NGX installation via docker
+  license: MIT
+
+  min_ansible_version: "2.4"
+  min_ansible_container_version: "2.4"
+
+  platforms:
+    - name: Debian
+      versions:
+        - buster
+        - bullseye
+    - name: Ubuntu
+      versions:
+        - bionic
+        - focal
+        - jammy
+    - name: Alpine
+      version:
+        - all
+    - name: ArchLinux
+      versions:
+        - all
+
+  galaxy_tags: 
+    - docker
+    - authentik
+    - sso
+    - authentication
+
+dependencies: []

molecule/default/INSTALL.rst

@@ -0,0 +1,15 @@
+***********************************
+Delegated driver installation guide
+***********************************
+
+Requirements
+============
+
+This driver is delegated to the developer.  Up to the developer to implement
+requirements.
+
+Install
+=======
+
+This driver is delegated to the developer.  Up to the developer to implement
+requirements.

molecule/default/cleanup.yml

@@ -0,0 +1,23 @@
+---
+- name: Clean up
+  hosts: all
+  gather_facts: true
+  tasks:
+    - name: Check if the docker-compose file exists.
+      ansible.builtin.stat:
+        path: "~/paperless/docker-compose.yml"
+      register: docker_compose_file
+
+    - name: Remove docker-compose.
+      community.docker.docker_compose:
+        project_src: ~/paperless/
+        build: false
+        state: absent
+      when: docker_compose_file.stat.exists
+      become: false
+      
+    - name: Remove the docker-compose file
+      ansible.builtin.file:
+        path: "~/paperless/docker-compose.yml"
+        state: absent
+      when: docker_compose_file.stat.exists

molecule/default/converge.yml

@@ -0,0 +1,11 @@
+---
+- name: Converge
+  hosts: all
+  # gather_facts: false
+  pre_tasks:
+    - name: "Include necessary variables"
+      ansible.builtin.include_vars:
+        file: "../../.env.yml"
+      
+  roles:
+    - role: laurivan.paperless

molecule/default/destroy.yml

@@ -0,0 +1,28 @@
+---
+- name: Destroy
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  no_log: "{{ molecule_no_log }}"
+  tasks:
+    # Developer must implement.
+    - name: Remove the docker image
+      community.docker.docker_container:
+        name: instance-paperless
+        state: absent
+
+    # Mandatory configuration for Molecule to function.
+
+    - name: Populate instance config
+      ansible.builtin.set_fact:
+        instance_conf: {}
+
+    - name: Dump instance config
+      ansible.builtin.copy:
+        content: |
+          # Molecule managed
+
+          {{ instance_conf | to_json | from_json | to_yaml }}
+        dest: "{{ molecule_instance_config }}"
+        mode: 0600
+      when: server.changed | default(false) | bool

molecule/default/molecule.yml

@@ -0,0 +1,30 @@
+---
+role_name_check: 1
+dependency:
+  name: galaxy
+  options:
+    ignore-certs: true
+    ignore-errors: true
+    role-file: molecule/requirements.yml
+    requirements-file: molecule/requirements.yml
+driver:
+  name: docker
+platforms:
+  - name: instance-paperless
+    image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos8}-ansible:latest"
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+      - /var/run/docker.sock:/tmp/docker_mounted.sock
+    privileged: true
+    pre_build_image: true
+provisioner:
+  name: ansible
+  playbooks:
+    converge: ${MOLECULE_PLAYBOOK:-converge.yml}
+verifier:
+  name: ansible
+lint: |
+  set -e
+  yamllint .
+  ansible-lint .

molecule/default/prepare.yml

@@ -0,0 +1,35 @@
+---
+- name: Setup the test machine
+  hosts: instance-paperless
+  tasks:
+    - name: Check if /var/run/docker.sock already exists
+      ansible.builtin.stat:
+        path: "/var/run/docker.sock"
+      register: docker_sock_stat
+
+    - name: Create docker.sock
+      raw: touch /var/run/docker.sock
+      become: true
+      changed_when: false
+      when: not docker_sock_stat.stat.exists
+
+    - name: Move docker.sock from tmp
+      raw: mount --move /tmp/docker_mounted.sock /var/run/docker.sock
+      become: true
+      changed_when: false
+      when: not docker_sock_stat.stat.exists
+      
+    - name: Update apt cache.
+      apt: update_cache=yes cache_valid_time=600
+      when: ansible_os_family == 'Debian'
+    - name: Install python requests
+      pip:
+        name: 
+          - requests
+          - docker
+          - docker-compose
+    - name: Install docker
+      vars:
+        docker_service_manage: false
+      include_role:
+        name: geerlingguy.docker

molecule/default/verify.yml

@@ -0,0 +1,10 @@
+---
+# This is an example playbook to execute Ansible tests.
+
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+  - name: Example assertion
+    ansible.builtin.assert:
+      that: true

molecule/requirements.yml

@@ -0,0 +1,4 @@
+---
+roles:
+  - geerlingguy.docker
+collections: []

tasks/main.yml

@@ -0,0 +1,49 @@
+---
+# tasks file for paperless
+- name: Set up main directory
+  ansible.builtin.file:
+    state: directory
+    path: "{{ item }}"
+    owner: "{{ ansible_effective_user_id }}"
+    group: "{{ ansible_effective_group_id }}"
+    mode: "0750"
+  with_items:
+    - "{{ paperless_setup_path | expanduser }}"
+  tags:
+    - configuration
+  become: true
+
+- name: Set up data directories
+  ansible.builtin.file:
+    state: directory
+    path: "{{ item }}"
+    owner: "{% if paperless_uid %}{{ paperless_uid }}{% else %}{{ ansible_effective_user_id }}{% endif %}"
+    group: "{% if paperless_gid %}{{ paperless_gid }}{% else %}{{ ansible_effective_group_id }}{% endif %}"
+    mode: "0750"
+  with_items:
+    - "{{ paperless_volume_db }}"
+    - "{{ paperless_volume_media }}"
+    - "{{ paperless_volume_metadata }}"
+    - "{{ paperless_volume_consume }}"
+    - "{{ paperless_volume_export }}"
+  tags:
+    - configuration
+  become: true
+
+- name: Write configuration files
+  ansible.builtin.template:
+    src: "{{ item }}.j2"
+    dest: "{{ paperless_setup_path  | expanduser }}/{{ item }}"
+    mode: '0640'
+  loop:
+    - "docker-compose.yml"
+    - "env.paperless.conf"
+    - "env.db.conf"
+  tags:
+    - configuration
+
+- name: Ensure all requested components are running.
+  community.docker.docker_compose:
+    project_src: "{{ paperless_setup_path | expanduser }}"
+    build: false
+  become: false

templates/docker-compose.yml.j2

@@ -0,0 +1,101 @@
+version: "3.3"
+services:
+  # Redis 
+  #
+  broker:
+    image: docker.io/library/redis:{{ paperless_image_version_redis }}
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 3s
+    networks:
+      - paperless
+    volumes:
+      - {{ paperless_volume_redis }}:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+
+{% if paperless_db_host == 'postgres' %}  
+  # Postgres 
+  #
+  postgres:
+    image: docker.io/library/postgres:{{ paperless_image_version_db }}
+    env_file:
+      - "{{ paperless_setup_path | expanduser }}/env.db.conf"
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 5s
+    networks:
+      - paperless
+{% if paperless_db_port %}
+    ports:
+      - {{ paperless_db_port }}:5432
+{% endif %}
+    volumes:
+      - {{ paperless_volume_db }}:/var/lib/postgresql/data
+{% else %}
+  #
+  # External database at "{{ paperless_db_schema }}:{{ paperless_db_host }}: {{ paperless_db_port }}"
+  # 
+{% endif %}
+
+  # Gotenberg 
+  # 
+  gotenberg:
+    image: "gotenberg/gotenberg:{{ paperless_image_version_gotenberg }}"
+    command:
+      - "gotenberg"
+      - "--chromium-disable-routes=true"
+    restart: unless-stopped
+    networks:
+      - paperless
+
+  # Apache TIKA 
+  #
+  tika:
+    image: "ghcr.io/paperless-ngx/tika:{{ paperless_image_version_tika }}"
+    command:
+      - "gotenberg"
+      # - "--chromium-disable-routes=true"
+    restart: unless-stopped
+    networks:
+      - paperless
+
+  # The paperless image
+  #
+  paperless:
+    image: "ghcr.io/paperless-ngx/paperless-ngx:{{ paperless_image_version_paperless }}"
+    env_file:
+      - "{{ paperless_setup_path | expanduser }}/env.paperless.conf"
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "curl", "-fs", "-S", "--max-time", "2", "http://localhost:{{ paperless_port }}"]
+      interval: 30s
+      timeout: 10s
+      retries: 5
+    depends_on:
+      - broker
+      - gotenberg
+      - tika
+{% if paperless_db_host == 'postgres' %}  
+      - postgres   
+{% endif %}   
+    ports:
+      - "{{ paperless_port }}:8000"
+    volumes:
+      - "{{ paperless_volume_media }}:/usr/src/paperless/media"
+      - "{{ paperless_volume_metadata }}:/usr/src/paperless/data"
+      - "{{ paperless_volume_consume }}:/usr/src/paperless/consume"
+      - "{{ paperless_volume_export }}:/usr/src/paperless/export"
+    networks:
+      - paperless
+
+networks:
+  paperless: {}

templates/env.db.conf.j2

@@ -0,0 +1,3 @@
+POSTGRES_DB=paperless
+POSTGRES_USER={{ paperless_db_user }}
+POSTGRES_PASSWORD={{ paperless_db_password }}

templates/env.paperless.conf.j2

@@ -0,0 +1,29 @@
+PAPERLESS_DBHOST={{ paperless_db_host }}
+PAPERLESS_DBSCHEMA={{ paperless_db_host }}
+PAPERLESS_DBPORT={{ paperless_db_port }}
+PAPERLESS_DBUSER={{ paperless_db_user }}
+PAPERLESS_DBPASS={{ paperless_db_password }}
+
+PAPERLESS_TIKA_ENABLED=1
+PAPERLESS_TIKA_GOTENBERG_ENDPOINT=http://gotenberg:3000
+PAPERLESS_TIKA_ENDPOINT=http://tika:9998
+PAPERLESS_REDIS=redis://broker:6379
+
+{% if paperless_uid %}
+USERMAP_UID={{ paperless_uid }}
+PUID={{ paperless_uid }}
+{% else %}
+USERMAP_UID={{ ansible_effective_user_id }}
+PUID={{ ansible_effective_user_id }}
+{% endif %}
+
+{% if paperless_gid %}
+USERMAP_GID={{ paperless_gid }}
+PGID={{ paperless_gid }}
+{% else %}
+USERMAP_GID={{ ansible_effective_group_id }}
+PGID={{ ansible_effective_group_id }}
+{% endif %}
+
+PAPERLESS_ADMIN_USER={{ paperless_admin_user }}
+PAPERLESS_ADMIN_PASSWORD={{ paperless_admin_password }}

tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - paperless

vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for paperless