From 2a19385f1db4800b841bbe72791b7c0602bc676e Mon Sep 17 00:00:00 2001 From: Lino Silva Date: Fri, 21 Apr 2023 21:16:40 +0100 Subject: [PATCH] feat: Add paperless --- inventory/my-cluster/group_vars/all.yml | 10 ++++ inventory/my-cluster/host_vars/paperless | 6 ++ inventory/my-cluster/hosts.ini | 1 + playbook-paperless.yml | 23 ++++++++ roles/arr/install-app/templates/.env | 4 +- roles/paperless/enable-ssh/tasks/main.yml | 8 +++ roles/paperless/install-app/tasks/main.yml | 20 +++++++ .../install-app/templates/docker-compose.yml | 57 +++++++++++++++++++ roles/paperless/install-docker/tasks/main.yml | 27 +++++++++ .../paperless/provision/create/tasks/main.yml | 30 ++++++++++ .../paperless/provision/delete/tasks/main.yml | 26 +++++++++ .../paperless/provision/start/tasks/main.yml | 8 +++ roles/paperless/update/tasks/main.yml | 6 ++ .../templates/paperless.subdomain.conf | 2 +- 14 files changed, 225 insertions(+), 3 deletions(-) create mode 100644 inventory/my-cluster/host_vars/paperless create mode 100644 playbook-paperless.yml create mode 100644 roles/paperless/enable-ssh/tasks/main.yml create mode 100644 roles/paperless/install-app/tasks/main.yml create mode 100644 roles/paperless/install-app/templates/docker-compose.yml create mode 100644 roles/paperless/install-docker/tasks/main.yml create mode 100644 roles/paperless/provision/create/tasks/main.yml create mode 100644 roles/paperless/provision/delete/tasks/main.yml create mode 100644 roles/paperless/provision/start/tasks/main.yml create mode 100644 roles/paperless/update/tasks/main.yml diff --git a/inventory/my-cluster/group_vars/all.yml b/inventory/my-cluster/group_vars/all.yml index 5e3138e..113f34e 100644 --- a/inventory/my-cluster/group_vars/all.yml +++ b/inventory/my-cluster/group_vars/all.yml @@ -233,3 +233,13 @@ gitea_db_pwd: !vault | 30616533336461396330353364656565633933613031643764343562383734373263633333346662 61383736386164366233386235336636613830313231336461636137643361383931363166336238 613733336339326564303964353238386264 + +paperless_pwd: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 39623333316332626237313865646462313963303336323537613932626636333636393965646434 + 3664613735376537306339353537313534376566336433320a383565643833653935373132306461 + 66366333653839313863653632303531363039363265623365636532383732323837653464666465 + 3531346366376337630a393664636332343038303530666531663539616632313332626631363831 + 61356263303563656235623866653065633063313038326432636161316339663030313439646537 + 63333032353133373633353463613861643933353038323231646461386330623038343262343763 + 663836323538623836346337303834313139 diff --git a/inventory/my-cluster/host_vars/paperless b/inventory/my-cluster/host_vars/paperless new file mode 100644 index 0000000..6b43572 --- /dev/null +++ b/inventory/my-cluster/host_vars/paperless @@ -0,0 +1,6 @@ +--- + +ansible_user: root +ansible_host: 10.0.2.29 +ansible_ssh_pass: "{{ proxmox_api_password }}" +vmid: 620 diff --git a/inventory/my-cluster/hosts.ini b/inventory/my-cluster/hosts.ini index dea55ae..0d64ae0 100644 --- a/inventory/my-cluster/hosts.ini +++ b/inventory/my-cluster/hosts.ini @@ -14,6 +14,7 @@ arr mealie vaultwarden gitea +paperless [baremetal] mipha diff --git a/playbook-paperless.yml b/playbook-paperless.yml new file mode 100644 index 0000000..59965f3 --- /dev/null +++ b/playbook-paperless.yml @@ -0,0 +1,23 @@ +--- +- hosts: localhost + become: yes + roles: + - role: paperless/provision/delete + - role: paperless/provision/create + - role: paperless/provision/start + vars: + vmid: 620 + +- hosts: impa + become: yes + roles: + - role: paperless/enable-ssh + vars: + vmid: 620 + +- hosts: paperless + become: yes + roles: + - role: paperless/update + - role: paperless/install-docker + - role: paperless/install-app diff --git a/roles/arr/install-app/templates/.env b/roles/arr/install-app/templates/.env index 75c65ed..021b9a3 100644 --- a/roles/arr/install-app/templates/.env +++ b/roles/arr/install-app/templates/.env @@ -1,3 +1,3 @@ -PUID=1000 -PGID=1000 +PUID=0 +PGID=0 TZ=Europe/Lisbon \ No newline at end of file diff --git a/roles/paperless/enable-ssh/tasks/main.yml b/roles/paperless/enable-ssh/tasks/main.yml new file mode 100644 index 0000000..2dd64ef --- /dev/null +++ b/roles/paperless/enable-ssh/tasks/main.yml @@ -0,0 +1,8 @@ +--- +# Unable to use ansible.builtin.lineinfile, because we need to run this through the proxmox host (because SSH is not enabled duh) + +- name: Allow SSH into LXC + ansible.builtin.command: lxc-attach -n 620 -- sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config + +- name: Restart SSH Service + ansible.builtin.command: lxc-attach -n 620 service ssh restart diff --git a/roles/paperless/install-app/tasks/main.yml b/roles/paperless/install-app/tasks/main.yml new file mode 100644 index 0000000..3aa3110 --- /dev/null +++ b/roles/paperless/install-app/tasks/main.yml @@ -0,0 +1,20 @@ +--- +- name: Create directory for docker-compose + ansible.builtin.file: + path: /root/docker/ + state: directory + mode: "0755" + +- name: Copy docker-compose file + template: + src: "docker-compose.yml" + dest: /root/docker/docker-compose.yml + owner: root + group: root + mode: 0755 + +- name: Run docker-compose + ansible.builtin.shell: + args: + cmd: docker compose up -d + chdir: /root/docker/ diff --git a/roles/paperless/install-app/templates/docker-compose.yml b/roles/paperless/install-app/templates/docker-compose.yml new file mode 100644 index 0000000..891ecb2 --- /dev/null +++ b/roles/paperless/install-app/templates/docker-compose.yml @@ -0,0 +1,57 @@ +version: "3.4" + +services: + broker: + image: redis:6.0 + container_name: paperless-broker + restart: unless-stopped + + db: + image: postgres:13 + container_name: paperless-db + restart: unless-stopped + volumes: + - /data/paperless/db:/var/lib/postgresql/data + environment: + POSTGRES_DB: paperless + POSTGRES_USER: paperless + POSTGRES_PASSWORD: paperless + + webserver: + image: ghcr.io/paperless-ngx/paperless-ngx:latest + container_name: paperless-app + restart: unless-stopped + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8000"] + interval: 30s + timeout: 10s + retries: 5 + ports: + - 8003:8000 + volumes: + - /data/paperless/data:/usr/src/paperless/data + - /data/paperless/media:/usr/src/paperless/media + - /data/paperless/export:/usr/src/paperless/export + - /data/paperless/consume:/usr/src/paperless/consume + environment: + PAPERLESS_URL: https://paperless.lino.cooking + PAPERLESS_REDIS: redis://paperless-broker:6379 + PAPERLESS_DBHOST: paperless-db +# The UID and GID of the user used to run paperless in the container. Set this +# to your UID and GID on the host so that you have write access to the +# consumption directory. + USERMAP_UID: 0 + USERMAP_GID: 0 +# Additional languages to install for text recognition, separated by a +# whitespace. Note that this is +# different from PAPERLESS_OCR_LANGUAGE (default=eng), which defines the +# language used for OCR. +# The container installs English, German, Italian, Spanish and French by +# default. +# See https://packages.debian.org/search?keywords=tesseract-ocr-&searchon=names&suite=buster +# for available languages. + PAPERLESS_OCR_LANGUAGES: eng por +# Adjust this key if you plan to make paperless available publicly. It should +# be a very long sequence of random characters. You don't need to remember it. + PAPERLESS_SECRET_KEY: '{{ paperless_pwd }}' + PAPERLESS_TIME_ZONE: Europe/Lisbon diff --git a/roles/paperless/install-docker/tasks/main.yml b/roles/paperless/install-docker/tasks/main.yml new file mode 100644 index 0000000..d5baba9 --- /dev/null +++ b/roles/paperless/install-docker/tasks/main.yml @@ -0,0 +1,27 @@ +--- +- name: Get convenience script + uri: + url: "https://get.docker.com" + method: GET + dest: /tmp/get-docker.sh + mode: a+x + creates: /tmp/get-docker.sh + +- name: Execute script + ansible.builtin.shell: /tmp/get-docker.sh + +- name: Ensure group "docker" exists + ansible.builtin.group: + name: docker + state: present + +- name: Add root user to docker group + ansible.builtin.user: + name: root + groups: docker + append: yes + +- name: Enable docker on startup + ansible.builtin.shell: | + systemctl enable docker.service + systemctl enable containerd.service diff --git a/roles/paperless/provision/create/tasks/main.yml b/roles/paperless/provision/create/tasks/main.yml new file mode 100644 index 0000000..c44ebf4 --- /dev/null +++ b/roles/paperless/provision/create/tasks/main.yml @@ -0,0 +1,30 @@ +--- +- name: Create container + community.general.proxmox: + vmid: 620 + node: impa + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + password: "{{ lxc_password }}" + hostname: paperless + ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst" + netif: "{'net0':'name=eth0,\ + gw=10.0.0.1,\ + ip=10.0.2.29/21,\ + hwaddr=cc:c6:cf:de:17:89,\ + bridge=vmbr0'}" + cores: 1 + memory: 1024 + unprivileged: no + swap: 0 + searchdomain: "home" + onboot: 1 + features: + - nesting=1 + - keyctl=1 + mounts: '{ + "mp0":"nvme:40,mp=/data,backup=1" + }' + disk: nvme:10 + force: yes diff --git a/roles/paperless/provision/delete/tasks/main.yml b/roles/paperless/provision/delete/tasks/main.yml new file mode 100644 index 0000000..7cd283f --- /dev/null +++ b/roles/paperless/provision/delete/tasks/main.yml @@ -0,0 +1,26 @@ +--- +- name: Stop container + community.general.proxmox: + vmid: "{{ vmid }}" + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + state: stopped + ignore_errors: true + timeout: 90 + +- name: Remove containers + community.general.proxmox: + vmid: "{{ vmid }}" + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + state: absent + ignore_errors: true + timeout: 90 + +- name: Remove .ssh/known_hosts lines + ansible.builtin.lineinfile: + path: /Users/lino.silva/.ssh/known_hosts + state: absent + regexp: "^10.0.2.29" diff --git a/roles/paperless/provision/start/tasks/main.yml b/roles/paperless/provision/start/tasks/main.yml new file mode 100644 index 0000000..de86b9b --- /dev/null +++ b/roles/paperless/provision/start/tasks/main.yml @@ -0,0 +1,8 @@ +--- +- name: Start deployments + community.general.proxmox: + vmid: "{{ vmid }}" + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + state: started diff --git a/roles/paperless/update/tasks/main.yml b/roles/paperless/update/tasks/main.yml new file mode 100644 index 0000000..8227bf4 --- /dev/null +++ b/roles/paperless/update/tasks/main.yml @@ -0,0 +1,6 @@ +--- +- name: Update all packages to their latest version + become: true + ansible.builtin.apt: + update_cache: yes + upgrade: full diff --git a/roles/swag/install-app/templates/paperless.subdomain.conf b/roles/swag/install-app/templates/paperless.subdomain.conf index a6b45ee..b76382b 100644 --- a/roles/swag/install-app/templates/paperless.subdomain.conf +++ b/roles/swag/install-app/templates/paperless.subdomain.conf @@ -36,7 +36,7 @@ server { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; - set $upstream_app 10.0.2.1; + set $upstream_app 10.0.2.29; set $upstream_port 8003; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port;