diff --git a/docker_swarm/playbooks/stacks.yml b/docker_swarm/playbooks/stacks.yml index beafc57..ec6a498 100644 --- a/docker_swarm/playbooks/stacks.yml +++ b/docker_swarm/playbooks/stacks.yml @@ -6,5 +6,4 @@ - {role: forgejo, tags: forgejo} - {role: swarm_dashboard, tags: swarm_dashboard} - {role: kitchenowl, tags: kitchenowl} - - {role: paperless-ngx, tags: paperless-ngx} - {role: media, tags: media} diff --git a/docker_swarm/roles/traefik/docker-stack.yml.j2 b/docker_swarm/roles/traefik/docker-stack.yml.j2 index 182c35c..3441eb1 100644 --- a/docker_swarm/roles/traefik/docker-stack.yml.j2 +++ b/docker_swarm/roles/traefik/docker-stack.yml.j2 @@ -102,6 +102,12 @@ services: - traefik.http.routers.nextcloud.rule=Host(`cloud.kun.is`) - traefik.http.routers.nextcloud.tls=true - traefik.http.routers.nextcloud.tls.certresolver=letsencrypt + + - traefik.http.routers.paperless-ngx.entrypoints=websecure + - traefik.http.routers.paperless-ngx.service=k3s@file + - traefik.http.routers.paperless-ngx.rule=Host(`paperless.kun.is`) + - traefik.http.routers.paperless-ngx.tls=true + - traefik.http.routers.paperless-ngx.tls.certresolver=letsencrypt volumes: - type: bind source: /var/run/docker.sock diff --git a/nix/flake/kubenix/default.nix b/nix/flake/kubenix/default.nix index a3745cd..182a659 100644 --- a/nix/flake/kubenix/default.nix +++ b/nix/flake/kubenix/default.nix @@ -16,6 +16,7 @@ ./nextcloud.nix ./pihole.nix # ./hedgedoc.nix + ./paperless-ngx.nix ]; kubernetes.kubeconfig = "~/.kube/config"; kubenix.project = "home"; diff --git a/nix/flake/kubenix/paperless-ngx.nix b/nix/flake/kubenix/paperless-ngx.nix new file mode 100644 index 0000000..f6dc6e3 --- /dev/null +++ b/nix/flake/kubenix/paperless-ngx.nix @@ -0,0 +1,153 @@ +{ + kubernetes.resources = { + configMaps.paperless-ngx.data = { + PAPERLESS_REDIS = "redis://localhost:6379"; + PAPERLESS_DBENGINE = "postgresql"; + PAPERLESS_DBHOST = "lewis.dmz"; + PAPERLESS_DBNAME = "paperless"; + PAPERLESS_DBUSER = "paperless"; + # PAPERLESS_DBPASS = "{{ paperless_db_password }}"; + # PAPERLESS_CONSUMPTION_DIR = "/nextcloud/data/pim/files/paperless-ngx/consumption/"; + PAPERLESS_DATA_DIR = "/data/"; + PAPERLESS_MEDIA_ROOT = "/data/"; + # PAPERLESS_CONSUMER_POLLING = "10"; + PAPERLESS_OCR_LANGUAGES = "nld eng"; + PAPERLESS_URL = "https://paperless.kun.is"; + PAPERLESS_TIME_ZONE = "Europe/Amsterdam"; + PAPERLESS_OCR_LANGUAGE = "nld"; + # PAPERLESS_SECRET_KEY = "{{ paperless_secret_key }}"; + USERMAP_UID = "33"; + USERMAP_GID = "33"; + }; + + secrets.paperless-ngx.stringData = { + databasePassword = "ref+file:///home/pim/.config/home/vals.yaml#/paperless-ngx/databasePassword"; + secretKey = "ref+file:///home/pim/.config/home/vals.yaml#/paperless-ngx/secretKey"; + }; + + deployments.paperless-ngx = { + metadata.labels.app = "paperless-ngx"; + + spec = { + selector.matchLabels.app = "paperless-ngx"; + + template = { + metadata.labels.app = "paperless-ngx"; + + spec = { + containers = { + redis = { + image = "docker.io/library/redis:7"; + + volumeMounts = [{ + name = "redisdata"; + mountPath = "/data"; + }]; + }; + + paperless-ngx = { + image = "ghcr.io/paperless-ngx/paperless-ngx:2.3"; + envFrom = [{ configMapRef.name = "paperless-ngx"; }]; + + ports = [{ + containerPort = 8000; + protocol = "TCP"; + }]; + + env = [ + { + name = "PAPERLESS_DBPASS"; + + valueFrom.secretKeyRef = { + name = "paperless-ngx"; + key = "databasePassword"; + }; + } + { + name = "PAPERLESS_SECRET_KEY"; + + valueFrom.secretKeyRef = { + name = "paperless-ngx"; + key = "secretKey"; + }; + } + ]; + }; + }; + + volumes = [{ + name = "redisdata"; + persistentVolumeClaim.claimName = "paperless-ngx-redisdata"; + }]; + }; + }; + }; + }; + + persistentVolumes = { + paperless-ngx-redisdata.spec = { + capacity.storage = "1Mi"; + accessModes = [ "ReadWriteMany" ]; + + nfs = { + server = "lewis.hyp"; + path = "/mnt/data/nfs/paperless-ngx/redisdata"; + }; + }; + + paperless-ngx-data.spec = { + capacity.storage = "1Mi"; + accessModes = [ "ReadWriteMany" ]; + + nfs = { + server = "lewis.hyp"; + path = "/mnt/data/nfs/paperless-ngx/data"; + }; + }; + }; + + persistentVolumeClaims = { + paperless-ngx-redisdata.spec = { + accessModes = [ "ReadWriteMany" ]; + storageClassName = ""; + resources.requests.storage = "1Mi"; + volumeName = "paperless-ngx-redisdata"; + }; + + paperless-data.spec = { + accessModes = [ "ReadWriteMany" ]; + storageClassName = ""; + resources.requests.storage = "1Mi"; + volumeName = "paperless-ngx-data"; + }; + }; + + services.paperless-ngx.spec = { + selector.app = "paperless-ngx"; + + ports = [{ + protocol = "TCP"; + port = 80; + targetPort = 8000; + }]; + }; + + ingresses.paperless-ngx.spec = { + ingressClassName = "traefik"; + + rules = [{ + host = "paperless.kun.is"; + + http.paths = [{ + path = "/"; + pathType = "Prefix"; + + backend.service = { + name = "paperless-ngx"; + port.number = 80; + }; + }]; + }]; + }; + }; +}