From cc73db93746661f5805c993966fb65fcb5e15377 Mon Sep 17 00:00:00 2001 From: auricom <27022259+auricom@users.noreply.github.com> Date: Wed, 23 Nov 2022 13:49:01 +0100 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20paperless?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../external-backup/helm-release.yaml | 2 +- .../apps/web-tools/kustomization.yaml | 1 + .../web-tools/paperless/helm-release.yaml | 104 ++++++++++++++++++ .../web-tools/paperless/kustomization.yaml | 8 ++ .../web-tools/paperless/patches/postgres.yaml | 31 ++++++ .../paperless/redis/helm-release.yaml | 37 +++++++ .../paperless/redis/kustomization.yaml | 4 + .../apps/web-tools/paperless/secret.sops.yaml | 33 ++++++ 8 files changed, 219 insertions(+), 1 deletion(-) create mode 100644 kubernetes/cluster-0/apps/web-tools/paperless/helm-release.yaml create mode 100644 kubernetes/cluster-0/apps/web-tools/paperless/kustomization.yaml create mode 100644 kubernetes/cluster-0/apps/web-tools/paperless/patches/postgres.yaml create mode 100644 kubernetes/cluster-0/apps/web-tools/paperless/redis/helm-release.yaml create mode 100644 kubernetes/cluster-0/apps/web-tools/paperless/redis/kustomization.yaml create mode 100644 kubernetes/cluster-0/apps/web-tools/paperless/secret.sops.yaml diff --git a/kubernetes/cluster-0/apps/databases/postgres/external-backup/helm-release.yaml b/kubernetes/cluster-0/apps/databases/postgres/external-backup/helm-release.yaml index 067a05493..03d531852 100644 --- a/kubernetes/cluster-0/apps/databases/postgres/external-backup/helm-release.yaml +++ b/kubernetes/cluster-0/apps/databases/postgres/external-backup/helm-release.yaml @@ -47,7 +47,7 @@ spec: - name: POSTGRES_HOST value: postgres-rw.default.svc.cluster.local. - name: POSTGRES_DB - value: "authelia,drone,freshrss,gitea,invidious,joplin,lychee,recipes,sharry,outline,vaultwarden,vikunja,wallabag" + value: "authelia,drone,freshrss,gitea,invidious,joplin,lychee,paperless,recipes,sharry,outline,vaultwarden,vikunja,wallabag" - name: POSTGRES_USER valueFrom: secretKeyRef: diff --git a/kubernetes/cluster-0/apps/web-tools/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/kustomization.yaml index 0f85843fa..cd13263f8 100644 --- a/kubernetes/cluster-0/apps/web-tools/kustomization.yaml +++ b/kubernetes/cluster-0/apps/web-tools/kustomization.yaml @@ -10,6 +10,7 @@ resources: - joplin - libreddit - nitter + - paperless - sharry - tandoor - theme-park diff --git a/kubernetes/cluster-0/apps/web-tools/paperless/helm-release.yaml b/kubernetes/cluster-0/apps/web-tools/paperless/helm-release.yaml new file mode 100644 index 000000000..272549740 --- /dev/null +++ b/kubernetes/cluster-0/apps/web-tools/paperless/helm-release.yaml @@ -0,0 +1,104 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: &app paperless + namespace: default +spec: + interval: 15m + chart: + spec: + chart: app-template + version: 1.1.3 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + install: + createNamespace: true + remediation: + retries: 5 + upgrade: + remediation: + retries: 5 + dependsOn: + - name: paperless-redis + namespace: default + values: + global: + nameOverride: *app + image: + repository: ghcr.io/paperless-ngx/paperless-ngx + tag: 1.9.2 + env: + COMPOSE_PROJECT_NAME: paperless + PAPERLESS_CONSUMER_POLLING: "60" + PAPERLESS_CONSUMER_RECURSIVE: "true" + PAPERLESS_CONSUMER_SUBDIRS_AS_TAGS: "true" + PAPERLESS_ENABLE_HTTP_REMOTE_USER: "true" + PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME: HTTP_X_AUTH_REQUEST_EMAIL + PAPERLESS_OCR_LANGUAGES: fra + PAPERLESS_OCR_LANGUAGE: fra + PAPERLESS_PORT: 8000 + PAPERLESS_DBHOST: postgres-rw.default.svc.cluster.local. + PAPERLESS_DBPORT: 5432 + PAPERLESS_DBNAME: paperless + PAPERLESS_REDIS: redis://paperless-redis.default.svc.cluster.local:6379 + PAPERLESS_TASK_WORKERS: 2 + PAPERLESS_TIME_ZONE: "Europe/Paris" + PAPERLESS_URL: https://paperless.${SECRET_CLUSTER_DOMAIN} + envFrom: + - secretRef: + name: *app + podAnnotations: + secret.reloader.stakater.com/reload: *app + service: + main: + ports: + http: + port: 8000 + ingress: + main: + enabled: true + ingressClassName: "nginx" + annotations: + external-dns.home.arpa/enabled: "true" + hosts: + - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - *host + persistence: + data: + enabled: true + mountPath: /usr/src/paperless/data + type: nfs + server: "${LOCAL_LAN_TRUENAS}" + path: /mnt/storage/shared-documents/paperless/data + media: + enabled: true + mountPath: /usr/src/paperless/media + type: nfs + server: "${LOCAL_LAN_TRUENAS}" + path: /mnt/storage/shared-documents/paperless/media + consume: + enabled: true + mountPath: /usr/src/paperless/consume + type: nfs + server: "${LOCAL_LAN_TRUENAS}" + path: /mnt/storage/shared-documents/paperless/watch + export: + enabled: true + mountPath: /usr/src/paperless/export + type: nfs + server: "${LOCAL_LAN_TRUENAS}" + path: /mnt/storage/shared-documents/paperless/export + resources: + requests: + cpu: 25m + memory: 3Gi + limits: + memory: 7Gi diff --git a/kubernetes/cluster-0/apps/web-tools/paperless/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/paperless/kustomization.yaml new file mode 100644 index 000000000..d4aefdaf0 --- /dev/null +++ b/kubernetes/cluster-0/apps/web-tools/paperless/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - helm-release.yaml + - redis + - secret.sops.yaml +patchesStrategicMerge: + - patches/postgres.yaml diff --git a/kubernetes/cluster-0/apps/web-tools/paperless/patches/postgres.yaml b/kubernetes/cluster-0/apps/web-tools/paperless/patches/postgres.yaml new file mode 100644 index 000000000..1f78aef4d --- /dev/null +++ b/kubernetes/cluster-0/apps/web-tools/paperless/patches/postgres.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: &app paperless + namespace: default +spec: + values: + initContainers: + init-db: + image: ghcr.io/onedr0p/postgres-initdb:14.5 + env: + - name: POSTGRES_HOST + value: postgres-rw.default.svc.cluster.local. + - name: POSTGRES_DB + value: *app + - name: POSTGRES_SUPER_PASS + valueFrom: + secretKeyRef: + name: postgres-superuser + key: password + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: *app + key: PAPERLESS_DBUSER + - name: POSTGRES_PASS + valueFrom: + secretKeyRef: + name: *app + key: PAPERLESS_DBPASS diff --git a/kubernetes/cluster-0/apps/web-tools/paperless/redis/helm-release.yaml b/kubernetes/cluster-0/apps/web-tools/paperless/redis/helm-release.yaml new file mode 100644 index 000000000..1e1363237 --- /dev/null +++ b/kubernetes/cluster-0/apps/web-tools/paperless/redis/helm-release.yaml @@ -0,0 +1,37 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: &app paperless-redis + namespace: default +spec: + interval: 15m + chart: + spec: + chart: app-template + version: 1.1.3 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + install: + createNamespace: true + remediation: + retries: 5 + upgrade: + remediation: + retries: 5 + values: + global: + nameOverride: *app + image: + repository: docker.io/library/redis + tag: 7.0.5 + service: + main: + ports: + http: + enabled: false + redis: + enabled: true + port: 6379 diff --git a/kubernetes/cluster-0/apps/web-tools/paperless/redis/kustomization.yaml b/kubernetes/cluster-0/apps/web-tools/paperless/redis/kustomization.yaml new file mode 100644 index 000000000..34a8531ce --- /dev/null +++ b/kubernetes/cluster-0/apps/web-tools/paperless/redis/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - helm-release.yaml diff --git a/kubernetes/cluster-0/apps/web-tools/paperless/secret.sops.yaml b/kubernetes/cluster-0/apps/web-tools/paperless/secret.sops.yaml new file mode 100644 index 000000000..f19e5f026 --- /dev/null +++ b/kubernetes/cluster-0/apps/web-tools/paperless/secret.sops.yaml @@ -0,0 +1,33 @@ +# yamllint disable +apiVersion: v1 +kind: Secret +metadata: + name: paperless + namespace: default +type: Opaque +stringData: + PAPERLESS_ADMIN_USER: ENC[AES256_GCM,data:UMBtTvyE,iv:vZhUUErw66/8mRPcLh1H348ft7ItC9IOI3Gk1hi5w9E=,tag:3IX5RxMb6m87EOKIOqyPNQ==,type:str] + PAPERLESS_ADMIN_PASSWORD: ENC[AES256_GCM,data:3ce/of7nVeVGM0L6PeN21PdnlR8=,iv:WMt1Hagka1Q94XHyKtYOL/2TCHK534VHyPCIdf7m9p4=,tag:7ABSbgLNY+BqTUqQbr6gOg==,type:str] + PAPERLESS_SECRET_KEY: ENC[AES256_GCM,data:ABb6LpEmd7+fsN7U6RNGsj3EY8qOnwGfirljaQ==,iv:ZY+n28JYDGP0zj9DRo/E8hjLF996Hlvfj9Pl/cBv4qw=,tag:BCB3Y8PmeYt7kbnhBu/+PQ==,type:str] + PAPERLESS_DBUSER: ENC[AES256_GCM,data:QJJuRZa5Q2RA,iv:AMdb2Cq7RpJq58y11Y1wZ5DjKItjiIgXuWZw+BDw4kE=,tag:tUhEzpUZtJwwsezJ27sEmQ==,type:str] + PAPERLESS_DBPASS: ENC[AES256_GCM,data:SmOYMCIKVdb055LndV4=,iv:v+fvsgcnxFyITBhNT5Le3Oj4dgJmuuOINSQPe92NQpo=,tag:ATnfIcpuiGXKGaGHzAvRHA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaU16anJNV2pBZmxPR3h2 + bWREUnpjcTFvd05ZQ2E4VVBDdm1FL2k4WEYwCkdQSStTNWtpdjNkUW51WS9MekdC + VkpTUUFjSjY2a1JMOUtqOVh5M0JRR2sKLS0tIDRmcWpJSEVvaUp4U1lsaTZYZGNw + OGVKWU0zNUZJSFh4aFJxQWFsYm1VeFkKaDeI/hl7z0Qh8t5W39Kxu9ert1dt4xo+ + LX+MjpVqxiZNcfwROD4bkWeQSN+VsxoGOOyj4L15BlggNnlg+L7Hww== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-11-23T12:47:16Z" + mac: ENC[AES256_GCM,data:dK2hiLaWxTdeeesw6TuZdP2x572ipTJNser/wEFGwTkxn6ABcT6hQTnoo0TybM7xMNaIaf02DnwBZSOBSqo8LL5n+5d93CR4SE2gd2a3ogBf68r34mQVZ3kWYSZ/1K0L6eOJOjxPK5SoLwplW8JY1J1NhxMO3/zPsBqsFiXOnBw=,iv:5JV8DdNIyRPblCOxGXvAVePRPG038KgBGJh95F67O98=,tag:HITSMQZWEHi4dvD5cf1zOw==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.7.3