diff --git a/Ansible/k8s.yml b/Ansible/k8s.yml new file mode 100644 index 0000000..60d5d88 --- /dev/null +++ b/Ansible/k8s.yml @@ -0,0 +1,106 @@ +- hosts: masters + gather_facts: false + become: true + ignore_unreachable: true + ignore_errors: false + serial: 1 + tasks: + +################################## + +# Required to avoid the following bug: +# https://github.com/ansible/ansible/issues/48352 + - name: Allow release info change + lineinfile: + path: /etc/apt/apt.conf.d/99releaseinfochange + state: present + create: true + line: Acquire::AllowReleaseInfoChange::Suite "true"; + + - name: Run the equivalent of "apt-get update" as a separate step + apt: + update_cache: yes + become: true + register: apt + + - name: Upgrade all packages to the latest version + become: true + apt: + name: "*" + state: latest + update_cache: false + register: appsupdated + + - name: Remove useless packages from the cache + apt: + autoclean: yes + become: true + + - name: Remove dependencies that are no longer required + apt: + autoremove: yes + become: true + + - name: check for reboot file + stat: + path: /var/run/reboot-required + register: reboot_file + + + ################################## + + - name: drain node + become: false + kubernetes.core.k8s_drain: + state: drain + name: "{{ inventory_hostname }}" + delete_options: + ignore_daemonsets: true + delete_emptydir_data: true + delegate_to: localhost + when: + - appsupdated.changed + - reboot_file.stat.exists + register: nodedrained + + - name: Pause for 1 minutes + ansible.builtin.pause: + minutes: 1 + when: nodedrained.changed + + - name: Reboot system if required + shell: ( /bin/sleep 5 ; shutdown -r now "Ansible updates triggered" ) & + removes=/var/run/reboot-required + ignore_errors: true + async: 30 + poll: 0 + notify: + - waiting for reboot + when: reboot_file.stat.exists + + - name: Flush handlers + meta: flush_handlers + + - name: Pause for 1 minutes + ansible.builtin.pause: + minutes: 1 + when: nodedrained.changed + + - name: uncordon node + become: false + kubernetes.core.k8s_drain: + state: uncordon + name: "{{ inventory_hostname }}" + delete_options: + ignore_daemonsets: true + delete_emptydir_data: true + delegate_to: localhost + when: nodedrained.changed| default(omit) + + handlers: + - name: waiting for reboot + local_action: wait_for + host="{{ inventory_hostname }}" + port=2222 + delay=10 + timeout=120 \ No newline at end of file diff --git a/Paperless-ngx/.env b/Paperless-ngx/.env new file mode 100644 index 0000000..511a138 --- /dev/null +++ b/Paperless-ngx/.env @@ -0,0 +1 @@ +COMPOSE_PROJECT_NAME=paperless \ No newline at end of file diff --git a/Paperless-ngx/docker-compose.yaml b/Paperless-ngx/docker-compose.yaml new file mode 100644 index 0000000..6cf3e4b --- /dev/null +++ b/Paperless-ngx/docker-compose.yaml @@ -0,0 +1,129 @@ +# Docker Compose file for running paperless from the docker container registry. +# This file contains everything paperless needs to run. +# Paperless supports amd64, arm and arm64 hardware. +# +# All compose files of paperless configure paperless in the following way: +# +# - Paperless is (re)started on system boot, if it was running before shutdown. +# - Docker volumes for storing data are managed by Docker. +# - Folders for importing and exporting files are created in the same directory +# as this file and mounted to the correct folders inside the container. +# - Paperless listens on port 8000. +# +# In addition to that, this Docker Compose file adds the following optional +# configurations: +# +# - Instead of SQLite (default), PostgreSQL is used as the database server. +# - Apache Tika and Gotenberg servers are started with paperless and paperless +# is configured to use these services. These provide support for consuming +# Office documents (Word, Excel, Power Point and their LibreOffice counter- +# parts. +# +# To install and update paperless with this file, do the following: +# +# - Copy this file as 'docker-compose.yml' and the files 'docker-compose.env' +# and '.env' into a folder. +# - Run 'docker compose pull'. +# - Run 'docker compose run --rm webserver createsuperuser' to create a user. +# - Run 'docker compose up -d'. +# +# For more extensive installation and update instructions, refer to the +# documentation. + +version: "3.4" +services: + broker: + image: docker.io/library/redis:7 + restart: unless-stopped + volumes: + - redisdata:/data + networks: + paperless: + + db: + image: docker.io/library/postgres:15 + restart: unless-stopped + volumes: + - pgdata:/var/lib/postgresql/data + environment: + POSTGRES_DB: paperless + POSTGRES_USER: paperless + POSTGRES_PASSWORD: paperless + networks: + paperless: + + webserver: + image: ghcr.io/paperless-ngx/paperless-ngx:latest + restart: unless-stopped + depends_on: + - db + - broker + - gotenberg + - tika + # Not needed as we're using Traefik + #ports: + # - "8005:8000" + volumes: + - data:/usr/src/paperless/data + - media:/usr/src/paperless/media + - ./export:/usr/src/paperless/export + - ./consume:/usr/src/paperless/consume + env_file: .env + environment: + PAPERLESS_REDIS: redis://broker:6379 + PAPERLESS_DBHOST: db + PAPERLESS_TIKA_ENABLED: 1 + PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000 + PAPERLESS_TIKA_ENDPOINT: http://tika:9998 + PAPERLESS_URL: https://paperless.jimsgarage.co.uk + PAPERLESS_ADMIN_USER: paperless + PAPERLESS_ADMIN_PASSWORD: paperless + PAPERLESS_APPS: "allauth.socialaccount.providers.openid_connect" + # Find out how to configure Authentik: https://youtu.be/enwFWELCYJo + PAPERLESS_SOCIALACCOUNT_PROVIDERS: '{"openid_connect": {"APPS": [{"provider_id": "authentik","name": "Authentik SSO","client_id": "BnxpFXvscduU2PdAdPaCelphhDYpAXo9upbAUS3F","secret": "0JcyunvA0Ra25i49zULTbro0jdbH9gHrdnSDExT9Ze2TNoB8so9B8AbdB7riYjYHPZfwuWtAeTCpwPAi2Sct7M8w3y8VTPPxwgFG1JzdoWdxLgUz0NO6l3L2UFBmzQ5m","settings": { "server_url": "https://authentik.jimsgarage.co.uk/application/o/paperless-ngx/.well-known/openid-configuration"}}]}}' + networks: + paperless: + proxy: + labels: + - "traefik.enable=true" + - "traefik.http.routers.paperless.entrypoints=http" + - "traefik.http.routers.paperless.rule=Host(`paperless.jimsgarage.co.uk`)" + - "traefik.http.middlewares.paperless-https-redirect.redirectscheme.scheme=https" + - "traefik.http.routers.paperless.middlewares=paperless-https-redirect" + - "traefik.http.routers.paperless-secure.entrypoints=https" + - "traefik.http.routers.paperless-secure.rule=Host(`paperless.jimsgarage.co.uk`)" + - "traefik.http.routers.paperless-secure.tls=true" + - "traefik.http.routers.paperless-secure.tls.certresolver=cloudflare" # change this to your cert resolver + - "traefik.http.routers.paperless-secure.service=paperless" + - "traefik.http.services.paperless.loadbalancer.server.port=8000" + - "traefik.docker.network=proxy" + + gotenberg: + image: docker.io/gotenberg/gotenberg:7.10 + restart: unless-stopped + + # The gotenberg chromium route is used to convert .eml files. We do not + # want to allow external content like tracking pixels or even javascript. + command: + - "gotenberg" + - "--chromium-disable-javascript=true" + - "--chromium-allow-list=file:///tmp/.*" + networks: + paperless: + + tika: + image: ghcr.io/paperless-ngx/tika:latest + restart: unless-stopped + networks: + paperless: + +volumes: + data: + media: + pgdata: + redisdata: + +networks: + paperless: + proxy: + external: true \ No newline at end of file