From 9e27894ff0f6c5235e88dc9224138851259b6be7 Mon Sep 17 00:00:00 2001
From: BhasherBEL <git.it@bhasher.com>
Date: Tue, 18 Jun 2024 23:00:03 +0200
Subject: [PATCH] Paperless

---
 bxl-shp/apps/docker-compose.paperless.yaml    | 43 +++++++++++++++++++
 .../config/idp/authelia.configuration.yaml    |  5 +++
 2 files changed, 48 insertions(+)
 create mode 100644 bxl-shp/apps/docker-compose.paperless.yaml

diff --git a/bxl-shp/apps/docker-compose.paperless.yaml b/bxl-shp/apps/docker-compose.paperless.yaml
new file mode 100644
index 0000000..13d29db
--- /dev/null
+++ b/bxl-shp/apps/docker-compose.paperless.yaml
@@ -0,0 +1,43 @@
+services:
+  paperless:
+    container_name: paperless
+    image: ghcr.io/paperless-ngx/paperless-ngx:latest
+    restart: unless-stopped
+    depends_on:
+    - traefik
+    - postgres
+    - redis
+    volumes:
+    - $DATA/paperless/data:/usr/src/paperless/data
+    - $DATA/paperless/media:/usr/src/paperless/media
+    - $DATA/paperless/export:/usr/src/paperless/export
+    - $DATA/paperless/consume:/usr/src/paperless/consume
+    environment:
+    - PAPERLESS_REDIS=redis://redis:6379
+    - PAPERLESS_DBENGINE=postgresql
+    - PAPERLESS_DBHOST=postgres
+    - PAPERLESS_DBNAME=paperless
+    - PAPERLESS_DBUSER=postgres
+    - PAPERLESS_DBPASS=${POSTGRES_PASSWORD}
+    - PAPERLESS_URL=https://paperless.bhasher.com
+    - PAPERLESS_SECRET_KEY=${PAPERLESS_SECRET_KEY}
+    - PAPERLESS_TIME_ZONE=Europe/Paris
+    - PAPERLESS_OCR_LANGUAGE=fra
+    - PAPERLESS_ENABLE_HTTP_REMOTE_USER=true
+    - PAPERLESS_USE_X_FORWARD_HOST=true
+    - PAPERLESS_USE_X_FORWARD_PORT=true
+    - PAPERLESS_PROXY_SSL_HEADER=["HTTP_X_FORWARDED_PROTO", "https"]
+    - PAPERLESS_TASK_WORKERS=4
+
+    labels:
+    - "traefik.enable=true"
+    - "traefik.http.routers.paperless.rule=Host(`paperless.bhasher.com`)"
+    - "traefik.http.routers.paperless.entrypoints=internalsecure"
+    - "traefik.http.services.paperless.loadbalancer.server.port=8000"
+    - "traefik.http.routers.paperless.tls=true"
+    - "traefik.http.routers.paperless.tls.certresolver=http"
+    - "traefik.http.routers.paperless.middlewares=authelia@docker"
+    networks:
+    - auth
+    - storage
+    - external
diff --git a/bxl-shp/config/idp/authelia.configuration.yaml b/bxl-shp/config/idp/authelia.configuration.yaml
index 7b6ce8b..b7760d9 100644
--- a/bxl-shp/config/idp/authelia.configuration.yaml
+++ b/bxl-shp/config/idp/authelia.configuration.yaml
@@ -62,6 +62,11 @@ access_control:
     policy: two_factor
     subject:
     - "group:admin"
+  - domain: 'paperless.bhasher.com'
+    policy: two_factor
+    subject:
+    - "group:family"
+    - "group:admin"
   - domain: 'mealie.bhasher.com'
     policy: one_factor
     subject: