✨ paperless

kubernetes/cluster-0/apps/databases/postgres/external-backup/helm-release.yaml

@@ -47,7 +47,7 @@ spec:
                         - name: POSTGRES_HOST
                           value: postgres-rw.default.svc.cluster.local.
                         - name: POSTGRES_DB
-                          value: "authelia,drone,freshrss,gitea,invidious,joplin,lychee,recipes,sharry,outline,vaultwarden,vikunja,wallabag"
+                          value: "authelia,drone,freshrss,gitea,invidious,joplin,lychee,paperless,recipes,sharry,outline,vaultwarden,vikunja,wallabag"
                         - name: POSTGRES_USER
                           valueFrom:
                             secretKeyRef:

kubernetes/cluster-0/apps/web-tools/kustomization.yaml

@@ -10,6 +10,7 @@ resources:
   - joplin
   - libreddit
   - nitter
+  - paperless
   - sharry
   - tandoor
   - theme-park

kubernetes/cluster-0/apps/web-tools/paperless/helm-release.yaml

@@ -0,0 +1,104 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: &app paperless
+  namespace: default
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: app-template
+      version: 1.1.3
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    createNamespace: true
+    remediation:
+      retries: 5
+  upgrade:
+    remediation:
+      retries: 5
+  dependsOn:
+    - name: paperless-redis
+      namespace: default
+  values:
+    global:
+      nameOverride: *app
+    image:
+      repository: ghcr.io/paperless-ngx/paperless-ngx
+      tag: 1.9.2
+    env:
+      COMPOSE_PROJECT_NAME: paperless
+      PAPERLESS_CONSUMER_POLLING: "60"
+      PAPERLESS_CONSUMER_RECURSIVE: "true"
+      PAPERLESS_CONSUMER_SUBDIRS_AS_TAGS: "true"
+      PAPERLESS_ENABLE_HTTP_REMOTE_USER: "true"
+      PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME: HTTP_X_AUTH_REQUEST_EMAIL
+      PAPERLESS_OCR_LANGUAGES: fra
+      PAPERLESS_OCR_LANGUAGE: fra
+      PAPERLESS_PORT: 8000
+      PAPERLESS_DBHOST: postgres-rw.default.svc.cluster.local.
+      PAPERLESS_DBPORT: 5432
+      PAPERLESS_DBNAME: paperless
+      PAPERLESS_REDIS: redis://paperless-redis.default.svc.cluster.local:6379
+      PAPERLESS_TASK_WORKERS: 2
+      PAPERLESS_TIME_ZONE: "Europe/Paris"
+      PAPERLESS_URL: https://paperless.${SECRET_CLUSTER_DOMAIN}
+    envFrom:
+      - secretRef:
+          name: *app
+    podAnnotations:
+      secret.reloader.stakater.com/reload: *app
+    service:
+      main:
+        ports:
+          http:
+            port: 8000
+    ingress:
+      main:
+        enabled: true
+        ingressClassName: "nginx"
+        annotations:
+          external-dns.home.arpa/enabled: "true"
+        hosts:
+          - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
+            paths:
+              - path: /
+                pathType: Prefix
+        tls:
+          - hosts:
+              - *host
+    persistence:
+      data:
+        enabled: true
+        mountPath: /usr/src/paperless/data
+        type: nfs
+        server: "${LOCAL_LAN_TRUENAS}"
+        path: /mnt/storage/shared-documents/paperless/data
+      media:
+        enabled: true
+        mountPath: /usr/src/paperless/media
+        type: nfs
+        server: "${LOCAL_LAN_TRUENAS}"
+        path: /mnt/storage/shared-documents/paperless/media
+      consume:
+        enabled: true
+        mountPath: /usr/src/paperless/consume
+        type: nfs
+        server: "${LOCAL_LAN_TRUENAS}"
+        path: /mnt/storage/shared-documents/paperless/watch
+      export:
+        enabled: true
+        mountPath: /usr/src/paperless/export
+        type: nfs
+        server: "${LOCAL_LAN_TRUENAS}"
+        path: /mnt/storage/shared-documents/paperless/export
+    resources:
+      requests:
+        cpu: 25m
+        memory: 3Gi
+      limits:
+        memory: 7Gi

kubernetes/cluster-0/apps/web-tools/paperless/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helm-release.yaml
+  - redis
+  - secret.sops.yaml
+patchesStrategicMerge:
+  - patches/postgres.yaml

kubernetes/cluster-0/apps/web-tools/paperless/patches/postgres.yaml

@@ -0,0 +1,31 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: &app paperless
+  namespace: default
+spec:
+  values:
+    initContainers:
+      init-db:
+        image: ghcr.io/onedr0p/postgres-initdb:14.5
+        env:
+          - name: POSTGRES_HOST
+            value: postgres-rw.default.svc.cluster.local.
+          - name: POSTGRES_DB
+            value: *app
+          - name: POSTGRES_SUPER_PASS
+            valueFrom:
+              secretKeyRef:
+                name: postgres-superuser
+                key: password
+          - name: POSTGRES_USER
+            valueFrom:
+              secretKeyRef:
+                name: *app
+                key: PAPERLESS_DBUSER
+          - name: POSTGRES_PASS
+            valueFrom:
+              secretKeyRef:
+                name: *app
+                key: PAPERLESS_DBPASS

kubernetes/cluster-0/apps/web-tools/paperless/redis/helm-release.yaml

@@ -0,0 +1,37 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: &app paperless-redis
+  namespace: default
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: app-template
+      version: 1.1.3
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    createNamespace: true
+    remediation:
+      retries: 5
+  upgrade:
+    remediation:
+      retries: 5
+  values:
+    global:
+      nameOverride: *app
+    image:
+      repository: docker.io/library/redis
+      tag: 7.0.5
+    service:
+      main:
+        ports:
+          http:
+            enabled: false
+          redis:
+            enabled: true
+            port: 6379

kubernetes/cluster-0/apps/web-tools/paperless/redis/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helm-release.yaml

kubernetes/cluster-0/apps/web-tools/paperless/secret.sops.yaml

@@ -0,0 +1,33 @@
+# yamllint disable
+apiVersion: v1
+kind: Secret
+metadata:
+    name: paperless
+    namespace: default
+type: Opaque
+stringData:
+    PAPERLESS_ADMIN_USER: ENC[AES256_GCM,data:UMBtTvyE,iv:vZhUUErw66/8mRPcLh1H348ft7ItC9IOI3Gk1hi5w9E=,tag:3IX5RxMb6m87EOKIOqyPNQ==,type:str]
+    PAPERLESS_ADMIN_PASSWORD: ENC[AES256_GCM,data:3ce/of7nVeVGM0L6PeN21PdnlR8=,iv:WMt1Hagka1Q94XHyKtYOL/2TCHK534VHyPCIdf7m9p4=,tag:7ABSbgLNY+BqTUqQbr6gOg==,type:str]
+    PAPERLESS_SECRET_KEY: ENC[AES256_GCM,data:ABb6LpEmd7+fsN7U6RNGsj3EY8qOnwGfirljaQ==,iv:ZY+n28JYDGP0zj9DRo/E8hjLF996Hlvfj9Pl/cBv4qw=,tag:BCB3Y8PmeYt7kbnhBu/+PQ==,type:str]
+    PAPERLESS_DBUSER: ENC[AES256_GCM,data:QJJuRZa5Q2RA,iv:AMdb2Cq7RpJq58y11Y1wZ5DjKItjiIgXuWZw+BDw4kE=,tag:tUhEzpUZtJwwsezJ27sEmQ==,type:str]
+    PAPERLESS_DBPASS: ENC[AES256_GCM,data:SmOYMCIKVdb055LndV4=,iv:v+fvsgcnxFyITBhNT5Le3Oj4dgJmuuOINSQPe92NQpo=,tag:ATnfIcpuiGXKGaGHzAvRHA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaU16anJNV2pBZmxPR3h2
+            bWREUnpjcTFvd05ZQ2E4VVBDdm1FL2k4WEYwCkdQSStTNWtpdjNkUW51WS9MekdC
+            VkpTUUFjSjY2a1JMOUtqOVh5M0JRR2sKLS0tIDRmcWpJSEVvaUp4U1lsaTZYZGNw
+            OGVKWU0zNUZJSFh4aFJxQWFsYm1VeFkKaDeI/hl7z0Qh8t5W39Kxu9ert1dt4xo+
+            LX+MjpVqxiZNcfwROD4bkWeQSN+VsxoGOOyj4L15BlggNnlg+L7Hww==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2022-11-23T12:47:16Z"
+    mac: ENC[AES256_GCM,data:dK2hiLaWxTdeeesw6TuZdP2x572ipTJNser/wEFGwTkxn6ABcT6hQTnoo0TybM7xMNaIaf02DnwBZSOBSqo8LL5n+5d93CR4SE2gd2a3ogBf68r34mQVZ3kWYSZ/1K0L6eOJOjxPK5SoLwplW8JY1J1NhxMO3/zPsBqsFiXOnBw=,iv:5JV8DdNIyRPblCOxGXvAVePRPG038KgBGJh95F67O98=,tag:HITSMQZWEHi4dvD5cf1zOw==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.7.3