debian.ansible.paperless.se.../paperless.yml

---
- name: paperless
  hosts: tor-nas.dedyn.io defiant.dedyn.io
  tasks:

    - name: Create /home/docker/paperless.{{inventory_hostname}} dir
      ansible.builtin.file:
        path: /home/docker/paperless.{{inventory_hostname}}
        owner: root
        group: docker
        state: directory
        mode: '0550'

    - name: /home/docker/paperless.{{inventory_hostname}}/genpw.sh (generate Random PW for Nextcloud and DB)
      blockinfile:
        path: /home/docker/paperless.{{inventory_hostname}}/genpw.sh
        create: yes
        mode: 0550
        owner: root
        group: docker
        marker: "# {mark} ANSIBLE MANAGED BLOCK"
        block: |
          cd /home/docker/paperless.{{inventory_hostname}}

          secretkey=$(pwgen -s 64 1)
          
          [ -f docker-compose.env ] || echo "PAPERLESS_SECRET_KEY=$secretkey
          " >docker-compose.env
          
          chmod 440 docker-compose.env
          chown root:docker docker-compose.env
        backup: yes
        validate: /bin/bash -n %s
      notify: run genpw.sh

    - name: /home/docker/paperless.{{inventory_hostname}}/genpw.sh shebang
      lineinfile:
        path: /home/docker/paperless.{{inventory_hostname}}/genpw.sh
        insertbefore: BOF
        line: "#!/bin/bash -e"

    - name: Gen initial passwords if not exists
      ansible.builtin.shell: ./genpw.sh
      args:
        chdir: /home/docker/paperless.{{inventory_hostname}}
        creates: /home/docker/paperless.{{inventory_hostname}}/docker-compose.env

    - name: /home/docker/paperless.{{inventory_hostname}}/docker-compose.yml Container Configuration
      blockinfile:
        path: /home/docker/paperless.{{inventory_hostname}}/docker-compose.yml
        create: yes
        mode: 0440
        owner: root
        group: docker
        marker: "# {mark} ANSIBLE MANAGED BLOCK"
        block: |
          version: '3.6'
          services:
            paperless.{{inventory_hostname}}:
              image: ghcr.io/paperless-ngx/paperless-ngx:latest
              restart: unless-stopped
              volumes:
                - ./data:/usr/src/paperless/data
                - ./media:/usr/src/paperless/media
                - ./export:/usr/src/paperless/export
                - ./consume:/usr/src/paperless/consume
              depends_on:
                - paperless.{{inventory_hostname}}--broker
              env_file: docker-compose.env
              environment:
                - USERMAP_UID=998
                - USERMAP_GID=1003
                - PAPERLESS_REDIS=redis://paperless.{{inventory_hostname}}--broker:6379
                - PAPERLESS_FILENAME_FORMAT={correspondent}/{created}-{title}
                - PAPERLESS_TASK_WORKERS=1
                - PAPERLESS_THREADS_PER_WORKER=1
                - PAPERLESS_OCR_MODE=skip_noarchive
                - PAPERLESS_WEBSERVER_WORKERS=1
                - PAPERLESS_OCR_LANGUAGE=deu
                - PAPERLESS_TIME_ZONE=Europe/Berlin
                - PAPERLESS_URL=https://paperless.{{inventory_hostname}}
                - PAPERLESS_DEBUG=false
              networks:
                - paperless.{{inventory_hostname}}--network
                - traefik
              labels:
                - traefik.enable=true
                # HTTPS
                - traefik.http.routers.paperless-{{ ansible_facts['hostname'] }}.rule=Host(`paperless.{{ ansible_facts['nodename'] }}`)
                - traefik.http.routers.paperless-{{ ansible_facts['hostname'] }}.entrypoints=https
                - traefik.http.routers.paperless-{{ ansible_facts['hostname'] }}.tls=true
                # Proxy to service-port
                - traefik.http.services.paperless-{{ ansible_facts['hostname'] }}.loadbalancer.server.port=8000
                - traefik.http.routers.paperless-{{ ansible_facts['hostname'] }}.service=paperless-{{ ansible_facts['hostname'] }}
                # cert via letsencrypt
                - traefik.http.routers.paperless-{{ ansible_facts['hostname'] }}.tls.certresolver=letsencrypt
                # Traefik network
                - traefik.docker.network=traefik
                # activate secHeaders@file and .well.known
                - traefik.http.routers.paperless-{{ ansible_facts['hostname'] }}.middlewares=secHeaders@file
            
            paperless.{{inventory_hostname}}--broker:
              image: redis:6.0
              restart: unless-stopped
              volumes:
                - ./redisdata:/data
              networks:
                - paperless.{{inventory_hostname}}--network

          networks:
            paperless.{{inventory_hostname}}--network:
              driver: bridge
              driver_opts:
                com.docker.network.bridge.name: br-paperless
            traefik:
              external: true

        backup: yes
      notify: Restart paperless

    - name: Start paperless
      ansible.builtin.shell: docker-compose up -d
      args:
        chdir: /home/docker/paperless.{{inventory_hostname}}
        creates: /home/docker/paperless.{{inventory_hostname}}/data/db.sqlite3

    - name: Create paperless User
      ansible.builtin.user:
        name: paperless
        comment: Paperless User for samba
        uid: 998
        shell: /bin/false
        group: docker

    - name: Samba Share for incoming documents
      blockinfile:
        path: /etc/samba/smb-{{ ansible_facts['hostname'] }}.conf
        mode: "0444"
        owner: root
        group: root
        marker: "# {mark} paperless ANSIBLE MANAGED BLOCK"
        block: |
          [paperless-in]
            valid users = paperless
            path = /home/docker/paperless.{{inventory_hostname}}/consume
            public = no
            writable = yes
            read only = no
            printable = no
            guest ok = no
        backup: yes
      notify:
      - Restart samba

    - name: Give paperless permissions for consume dir
      ansible.builtin.file:
        path: /home/docker/paperless.{{inventory_hostname}}/consume
        owner: paperless
        group: root
        mode: '0770'


  handlers:
    - name: run genpw.sh
      ansible.builtin.shell: ./genpw.sh
      args:
        chdir: /home/docker/paperless.{{inventory_hostname}}
      notify: Restart paperless

    - name: Restart paperless
      ansible.builtin.shell: docker-compose up -d
      args:
        chdir: /home/docker/paperless.{{inventory_hostname}}

    - name: Restart samba
      service:
        name: samba-{{ ansible_facts['hostname'] }}
        state: restarted
first commit 2022-07-10 10:51:04 +02:00			`---`
			`- name: paperless`
			`hosts: tor-nas.dedyn.io defiant.dedyn.io`
			`tasks:`

			`- name: Create /home/docker/paperless.{{inventory_hostname}} dir`
			`ansible.builtin.file:`
			`path: /home/docker/paperless.{{inventory_hostname}}`
			`owner: root`
			`group: docker`
			`state: directory`
			`mode: '0550'`

			`- name: /home/docker/paperless.{{inventory_hostname}}/genpw.sh (generate Random PW for Nextcloud and DB)`
			`blockinfile:`
			`path: /home/docker/paperless.{{inventory_hostname}}/genpw.sh`
			`create: yes`
			`mode: 0550`
			`owner: root`
			`group: docker`
			`marker: "# {mark} ANSIBLE MANAGED BLOCK"`
			`block: \|`
			`cd /home/docker/paperless.{{inventory_hostname}}`

			`secretkey=$(pwgen -s 64 1)`

			`[ -f docker-compose.env ] \|\| echo "PAPERLESS_SECRET_KEY=$secretkey`
			`" >docker-compose.env`

			`chmod 440 docker-compose.env`
			`chown root:docker docker-compose.env`
			`backup: yes`
			`validate: /bin/bash -n %s`
			`notify: run genpw.sh`

			`- name: /home/docker/paperless.{{inventory_hostname}}/genpw.sh shebang`
			`lineinfile:`
			`path: /home/docker/paperless.{{inventory_hostname}}/genpw.sh`
			`insertbefore: BOF`
			`line: "#!/bin/bash -e"`

			`- name: Gen initial passwords if not exists`
			`ansible.builtin.shell: ./genpw.sh`
			`args:`
			`chdir: /home/docker/paperless.{{inventory_hostname}}`
			`creates: /home/docker/paperless.{{inventory_hostname}}/docker-compose.env`

			`- name: /home/docker/paperless.{{inventory_hostname}}/docker-compose.yml Container Configuration`
			`blockinfile:`
			`path: /home/docker/paperless.{{inventory_hostname}}/docker-compose.yml`
			`create: yes`
			`mode: 0440`
			`owner: root`
			`group: docker`
			`marker: "# {mark} ANSIBLE MANAGED BLOCK"`
			`block: \|`
			`version: '3.6'`
			`services:`
			`paperless.{{inventory_hostname}}:`
			`image: ghcr.io/paperless-ngx/paperless-ngx:latest`
			`restart: unless-stopped`
			`volumes:`
			`- ./data:/usr/src/paperless/data`
			`- ./media:/usr/src/paperless/media`
			`- ./export:/usr/src/paperless/export`
			`- ./consume:/usr/src/paperless/consume`
			`depends_on:`
			`- paperless.{{inventory_hostname}}--broker`
			`env_file: docker-compose.env`
			`environment:`
			`- USERMAP_UID=998`
			`- USERMAP_GID=1003`
			`- PAPERLESS_REDIS=redis://paperless.{{inventory_hostname}}--broker:6379`
			`- PAPERLESS_FILENAME_FORMAT={correspondent}/{created}-{title}`
			`- PAPERLESS_TASK_WORKERS=1`
			`- PAPERLESS_THREADS_PER_WORKER=1`
			`- PAPERLESS_OCR_MODE=skip_noarchive`
			`- PAPERLESS_WEBSERVER_WORKERS=1`
			`- PAPERLESS_OCR_LANGUAGE=deu`
			`- PAPERLESS_TIME_ZONE=Europe/Berlin`
			`- PAPERLESS_URL=https://paperless.{{inventory_hostname}}`
			`- PAPERLESS_DEBUG=false`
			`networks:`
			`- paperless.{{inventory_hostname}}--network`
			`- traefik`
			`labels:`
			`- traefik.enable=true`
			`# HTTPS`
			- traefik.http.routers.paperless-{{ ansible_facts['hostname'] }}.rule=Host(`paperless.{{ ansible_facts['nodename'] }}`)
			`- traefik.http.routers.paperless-{{ ansible_facts['hostname'] }}.entrypoints=https`
			`- traefik.http.routers.paperless-{{ ansible_facts['hostname'] }}.tls=true`
			`# Proxy to service-port`
			`- traefik.http.services.paperless-{{ ansible_facts['hostname'] }}.loadbalancer.server.port=8000`
			`- traefik.http.routers.paperless-{{ ansible_facts['hostname'] }}.service=paperless-{{ ansible_facts['hostname'] }}`
			`# cert via letsencrypt`
			`- traefik.http.routers.paperless-{{ ansible_facts['hostname'] }}.tls.certresolver=letsencrypt`
			`# Traefik network`
			`- traefik.docker.network=traefik`
			`# activate secHeaders@file and .well.known`
			`- traefik.http.routers.paperless-{{ ansible_facts['hostname'] }}.middlewares=secHeaders@file`

			`paperless.{{inventory_hostname}}--broker:`
			`image: redis:6.0`
			`restart: unless-stopped`
			`volumes:`
			`- ./redisdata:/data`
			`networks:`
			`- paperless.{{inventory_hostname}}--network`

			`networks:`
			`paperless.{{inventory_hostname}}--network:`
			`driver: bridge`
			`driver_opts:`
			`com.docker.network.bridge.name: br-paperless`
			`traefik:`
			`external: true`

			`backup: yes`
			`notify: Restart paperless`

			`- name: Start paperless`
			`ansible.builtin.shell: docker-compose up -d`
			`args:`
			`chdir: /home/docker/paperless.{{inventory_hostname}}`
			`creates: /home/docker/paperless.{{inventory_hostname}}/data/db.sqlite3`

			`- name: Create paperless User`
			`ansible.builtin.user:`
			`name: paperless`
			`comment: Paperless User for samba`
			`uid: 998`
			`shell: /bin/false`
			`group: docker`

			`- name: Samba Share for incoming documents`
			`blockinfile:`
			`path: /etc/samba/smb-{{ ansible_facts['hostname'] }}.conf`
			`mode: "0444"`
			`owner: root`
			`group: root`
			`marker: "# {mark} paperless ANSIBLE MANAGED BLOCK"`
			`block: \|`
			`[paperless-in]`
			`valid users = paperless`
			`path = /home/docker/paperless.{{inventory_hostname}}/consume`
			`public = no`
			`writable = yes`
			`read only = no`
			`printable = no`
			`guest ok = no`
			`backup: yes`
			`notify:`
			`- Restart samba`

			`- name: Give paperless permissions for consume dir`
			`ansible.builtin.file:`
			`path: /home/docker/paperless.{{inventory_hostname}}/consume`
			`owner: paperless`
			`group: root`
			`mode: '0770'`


			`handlers:`
			`- name: run genpw.sh`
			`ansible.builtin.shell: ./genpw.sh`
			`args:`
			`chdir: /home/docker/paperless.{{inventory_hostname}}`
			`notify: Restart paperless`

			`- name: Restart paperless`
			`ansible.builtin.shell: docker-compose up -d`
			`args:`
			`chdir: /home/docker/paperless.{{inventory_hostname}}`

			`- name: Restart samba`
			`service:`
			`name: samba-{{ ansible_facts['hostname'] }}`
			`state: restarted`