From b80d5c0acfa82708bf1ff16c69ad17f7eb0067f2 Mon Sep 17 00:00:00 2001
From: BhasherBEL <git.it@bhasher.com>
Date: Sun, 30 Jun 2024 11:41:41 +0200
Subject: [PATCH] Paperless SSO

---
 bxl-shp/apps/docker-compose.paperless.yaml     |  6 +++---
 bxl-shp/config/idp/authelia.configuration.yaml | 15 ++++++++++++++-
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/bxl-shp/apps/docker-compose.paperless.yaml b/bxl-shp/apps/docker-compose.paperless.yaml
index 13d29db..9abf072 100644
--- a/bxl-shp/apps/docker-compose.paperless.yaml
+++ b/bxl-shp/apps/docker-compose.paperless.yaml
@@ -23,12 +23,13 @@ services:
     - PAPERLESS_SECRET_KEY=${PAPERLESS_SECRET_KEY}
     - PAPERLESS_TIME_ZONE=Europe/Paris
     - PAPERLESS_OCR_LANGUAGE=fra
-    - PAPERLESS_ENABLE_HTTP_REMOTE_USER=true
     - PAPERLESS_USE_X_FORWARD_HOST=true
     - PAPERLESS_USE_X_FORWARD_PORT=true
     - PAPERLESS_PROXY_SSL_HEADER=["HTTP_X_FORWARDED_PROTO", "https"]
     - PAPERLESS_TASK_WORKERS=4
-
+    - PAPERLESS_SOCIALACCOUNT_PROVIDERS=${PAPERLESS_PROVIDERS}
+    - PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect
+    - PAPERLESS_DISABLE_REGULAR_LOGIN=true
     labels:
     - "traefik.enable=true"
     - "traefik.http.routers.paperless.rule=Host(`paperless.bhasher.com`)"
@@ -36,7 +37,6 @@ services:
     - "traefik.http.services.paperless.loadbalancer.server.port=8000"
     - "traefik.http.routers.paperless.tls=true"
     - "traefik.http.routers.paperless.tls.certresolver=http"
-    - "traefik.http.routers.paperless.middlewares=authelia@docker"
     networks:
     - auth
     - storage
diff --git a/bxl-shp/config/idp/authelia.configuration.yaml b/bxl-shp/config/idp/authelia.configuration.yaml
index b7760d9..ae0bfb2 100644
--- a/bxl-shp/config/idp/authelia.configuration.yaml
+++ b/bxl-shp/config/idp/authelia.configuration.yaml
@@ -261,7 +261,6 @@ identity_providers:
         - email
         - groups
       userinfo_signing_algorithm: none
-
     - id: mealie
       description: Mealie
       public: true
@@ -276,4 +275,18 @@ identity_providers:
         - email
         - groups
       userinfo_signing_algorithm: none
+    - id: paperless-ngx
+      description: Paperless NGX
+      secret: '$argon2id$v=19$m=65536,t=3,p=4$kujFSqxNtfP0neWECtdwoQ$bmEqT9v47rXXKEDtLWiZO10VH7yGgNPRjflM/UWwCXg'
+      public: false
+      authorization_policy: two_factor
+      redirect_uris:
+        - https://paperless.bhasher.com/accounts/oidc/authelia/login/callback/
+      consent_mode: implicit
+      scopes:
+        - openid
+        - profile
+        - email
+        - groups
+      userinfo_signing_algorithm: none