bob/roles/paperless/templates/compose.yaml.jinja

services:
  paperless:
    container_name: paperless
    image: ghcr.io/paperless-ngx/paperless-ngx:latest
    restart: unless-stopped
    networks:
      - caddy
      - backend
    security_opt:
      - no-new-privileges:true
    depends_on:
      - paperless-redis
      - paperless-postgres
    volumes:
      - "{{ stack_paperless_env_dir }}/data/paperless:/usr/src/paperless/data" # container data
      - "{{ stack_paperless_env_dir }}/data/paperless_export:/usr/src/paperless/export" # backup location
      - "{{ stack_paperless_serve_dir }}/documents:/usr/src/paperless/media" # document location
      - "{{ stack_paperless_serve_dir }}/consume:/usr/src/paperless/consume" # watch folder
    environment:
      - "PAPERLESS_TIME_ZONE={{ stack_paperless_tz }}"
      - "USERMAP_UID={{ stack_paperless_puid }}"
      - "USERMAP_GID={{ stack_paperless_pgid }}"
      - "PAPERLESS_OCR_LANGUAGE={{ stack_paperless_ocr_language }}"
      - "PAPERLESS_OCR_LANGUAGES={{ stack_paperless_ocr_languages }}"
      - "PAPERLESS_OCR_SKIP_ARCHIVE_FILE={{ stack_paperless_ocr_skip_archive_file }}"
      - "PAPERLESS_ENABLE_UPDATE_CHECK={{ stack_paperless_enable_update_check }}"
      - "PAPERLESS_REDIS=redis://paperless-redis:6379"
      - "PAPERLESS_DBHOST=paperless-postgres"
      - "PAPERLESS_DBNAME={{ stack_paperless_dbname }}"
      - "PAPERLESS_DBUSER={{ stack_paperless_dbuser }}"
      - "PAPERLESS_DBPASS={{ stack_paperless_dbpass }}"
      - "PAPERLESS_SECRET_KEY={{ stack_paperless_secret_key }}"
      - "PAPERLESS_FILENAME_FORMAT={{ stack_paperless_filename_format }}"
      - "PAPERLESS_ADMIN_USER={{ stack_paperless_admin_user }}"
      - "PAPERLESS_ADMIN_PASSWORD={{ stack_paperless_admin_password }}"
    labels:
      caddy: "{{ stack_paperless_subdomain }}"
      caddy.reverse_proxy: "{{ '{{' }}upstreams 8000{{ '}}'}}"

  paperless-postgres:
    container_name: paperless-postgres
    image: postgres:16.0-alpine #fixedVersion
    restart: unless-stopped
    networks:
      - backend
    security_opt:
      - no-new-privileges:true
    volumes:
      - "{{ stack_paperless_env_dir }}/data/postgres:/var/lib/postgresql/data"
    environment:
      POSTGRES_DB: "{{ stack_paperless_dbname }}"
      POSTGRES_USER: "{{ stack_paperless_dbuser }}"
      POSTGRES_PASSWORD: "{{ stack_paperless_dbpass }}"

  paperless-redis:
    container_name: paperless-redis
    image: redis:7.2-alpine #fixedVersion
    restart: unless-stopped
    networks:
      - backend
    security_opt:
      - no-new-privileges:true
    volumes:
      - "{{ stack_paperless_env_dir }}/data/redis:/data"
    environment:
      REDIS_ARGS: "--save 60 10"

{% if restic_enable|d(False) == True and stack_paperless_restic_enable|d(False) == True %}
  backup:
    image: mazzolino/restic
    hostname: "{{ ansible_hostname | default() }}"
    environment:
      TZ: "{{ restic_tz }}"
      BACKUP_CRON: "{{ stack_paperless_restic_cron }}"
      SKIP_INIT: true
      RESTIC_REPOSITORY: "{{ restic_repo }}"
      RESTIC_PASSWORD: "{{ restic_pass }}"
      AWS_ACCESS_KEY_ID: "{{ restic_s3_key }}"
      AWS_SECRET_ACCESS_KEY: "{{ restic_s3_secret }}"
      RESTIC_BACKUP_ARGS: >-
        --tag paperless
      RESTIC_BACKUP_SOURCES: "/backup"
    volumes:
{% if restic_repo is regex('^/.+') %}
      - "{{ restic_repo }}:{{ restic_repo }}"
{% endif %}
      - "{{ stack_paperless_env_dir }}:/backup/{{ stack_paperless_env_dir }}"
      - "{{ stack_paperless_serve_dir }}/documents:/backup/{{ stack_paperless_serve_dir }}/documents"
{% endif %}

networks:
  caddy:
    external: true
  backend:
    name: backend
    driver: bridge

# secrets:
#   paperless_db_paperless_passwd:
#     file: ./secrets/paperless_db_paperless_passwd
#   paperless_secret_key:
#     file: ./secrets/paperless_secret_key
#