selfhosted/paperless.yml at main · hosaka/selfhosted · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
networks:
  paperless:
  proxy:

volumes:
  paperless-data:
  paperless-database-data:
  paperless-media:
  paperless-redis-data:

services:
  paperless:
    image: ghcr.io/paperless-ngx/paperless-ngx:2.20.9
    depends_on:
      paperless-redis:
        condition: service_healthy
      paperless-database:
        condition: service_healthy
    environment:
      - PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect
      # disable regular login form, leaving SSO as the only option
      - PAPERLESS_DISABLE_REGULAR_LOGIN=True
      # automatically redirect to the first configured SSO instead of the login form
      - PAPERLESS_REDIRECT_LOGIN_TO_SSO=False
      # automatically signup SSO users using retrieved email/username
      - PAPERLESS_SOCIAL_AUTO_SIGNUP=False
      # allow SSO users to signup for a new paperless account with a confirmation form
      - PAPERLESS_SOCIALACCOUNT_ALLOW_SIGNUPS=True
      - PAPERLESS_SOCIALACCOUNT_PROVIDERS={"openid_connect":{"SCOPE":["openid","profile","email"],"OAUTH_PKCE_ENABLED":true,"APPS":[{"provider_id":"authelia","name":"Authelia","client_id":"${AUTH_PAPERLESS_CLIENT_ID}","secret":"${AUTH_PAPERLESS_CLIENT_SECRET}","settings":{"server_url":"https://auth.${PROXY_PUBLIC_DOMAIN}","token_auth_method":"client_secret_basic"}}]}}
      - PAPERLESS_URL=https://paperless.${PROXY_PRIVATE_DOMAIN}
      - PAPERLESS_ADMIN_USER=${PAPERLESS_ADMIN_USER}
      - PAPERLESS_ADMIN_PASSWORD=${PAPERLESS_ADMIN_PASSWORD}
      - PAPERLESS_ALLOWED_HOSTS=localhost,paperless.${PROXY_PUBLIC_DOMAIN}
      - PAPERLESS_CSRF_TRUSTED_ORIGINS=https://paperless.${PROXY_PUBLIC_DOMAIN}
      - PAPERLESS_SECRET_KEY=${PAPERLESS_SECRET_KEY}
      - PAPERLESS_REDIS=redis://paperless-redis:6379
      - PAPERLESS_DBHOST=paperless-database
      - PAPERLESS_DBUSER=${PAPERLESS_DB_USERNAME}
      - PAPERLESS_DBPASS=${PAPERLESS_DB_PASSWORD}
      - PAPERLESS_DBNAME=${PAPERLESS_DB_DATABASE_NAME}
      - PAPERLESS_TIME_ZONE=${TIMEZONE}
      - USERMAP_UID=${MEDIA_PUID}
      - USERMAP_GID=${MEDIA_PGID}
      - TZ=${TIMEZONE}
    expose:
      - 8000 # webui
    extends:
      file: common.yml
      service: log-to-json
    healthcheck:
      test:
        ["CMD", "curl", "-fs", "-S", "--max-time", "2", "http://localhost:8000"]
    networks:
      - proxy
      - paperless
    restart: unless-stopped
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - paperless-data:/usr/src/paperless/data
      - paperless-media:/usr/src/paperless/media
      - ${PAPERLESS_CONSUME_PATH}:/usr/src/paperless/consume
      - ${PAPERLESS_EXPORT_PATH}:/usr/src/paperless/export

  paperless-redis:
    image: docker.io/redis:7-alpine
    expose:
      - 6379 # api
    extends:
      file: common.yml
      service: log-to-json
    healthcheck:
      test: redis-cli ping
    networks:
      - paperless
    restart: unless-stopped
    volumes:
      - paperless-redis-data:/data

  paperless-database:
    image: docker.io/postgres:14-alpine
    environment:
      - POSTGRES_USER=${PAPERLESS_DB_USERNAME}
      - POSTGRES_PASSWORD=${PAPERLESS_DB_PASSWORD}
      - POSTGRES_DB=${PAPERLESS_DB_DATABASE_NAME}
    expose:
      - 5432 # db
    extends:
      file: common.yml
      service: log-to-json
    healthcheck:
      test: pg_isready --dbname='${PAPERLESS_DB_DATABASE_NAME}' --username='${PAPERLESS_DB_USERNAME}'
    networks:
      - paperless
    restart: unless-stopped
    volumes:
      - paperless-database-data:/var/lib/postgresql/data