alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 5 Actions Activity

tmp/paperless (#5302)
Some checks failed
lint-test-helm / lint-helm (push) Successful in 42s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
lint-test-docker / lint-docker-compose (push) Successful in 57s
Details
renovate / renovate (push) Has been cancelled
Details

Browse Source 
Reviewed-on: #5302
This commit was merged in pull request #5302.
This commit is contained in:
Alex Lebens
2026-03-31 01:30:37 +00:00
parent 4c1cfa5fa5
commit 286e43b5de
9 changed files with 348 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -144,6 +144,7 @@ blocky:
objects IN CNAME traefik-cl01tl
ollama IN CNAME traefik-cl01tl
omni-tools IN CNAME traefik-cl01tl
paperless-ngx IN CNAME traefik-cl01tl
photoview IN CNAME traefik-cl01tl
plex IN CNAME traefik-cl01tl
postiz IN CNAME traefik-cl01tl

6
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -164,15 +164,15 @@ gatus:
- name: roundcube
url: https://mail.alexlebens.net
<<: *defaults
- name: paperless-ngx
url: https://paperless-ngx.alexlebens.net
<<: *defaults
- name: kiwix
url: https://kiwix.alexlebens.net
<<: *defaults
- name: excalidraw
url: https://excalidraw.alexlebens.net
<<: *defaults
- name: languagetool
url: https://languagetool.alexlebens.net
<<: *defaults
- name: gitea
url: https://gitea.alexlebens.net
<<: *defaults

6
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -304,6 +304,12 @@ homepage:
href: https://mail.alexlebens.net
siteMonitor: http://roundcube.roundcube:80
statusStyle: dot
- Documents:
icon: sh-paperless-ngx.webp
description: Paperless-ngx
href: https://paperless-ngx.alexlebens.net
siteMonitor: http://paperless-ngx.paperless-ngx:80
statusStyle: dot
- Wiki:
icon: sh-kiwix-light.webp
description: Kiwix

24
clusters/cl01tl/helm/paperless-ngx/Chart.lock Normal file
View File

@@ -0,0 +1,24 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:08acc0818deaede4bb7515be7cbb1253f30036b70af6038caa69e4bd3cc02412
generated: "2026-03-30T20:25:47.995874-05:00"

51
clusters/cl01tl/helm/paperless-ngx/Chart.yaml Normal file
View File

@@ -0,0 +1,51 @@
apiVersion: v2
name: paperless-ngx
version: 1.0.0
description: Paperless-ngx
keywords:
- paperless-ngx
- documents
home: https://docs.alexlebens.dev/applications/paperless-ngx/
sources:
- https://github.com/paperless-ngx/paperless-ngx
- https://github.com/gotenberg/gotenberg
- https://github.com/paperless-ngx/paperless-ngx/pkgs/container/paperless-ngx
- https://hub.docker.com/r/gotenberg/gotenberg
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: paperless-ngx
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-media
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-export
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-consume
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/paperless-ngx.png
# renovate: datasource=github-releases depName=paperless-ngx/paperless-ngx
appVersion: 2.20.13

54
clusters/cl01tl/helm/paperless-ngx/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,54 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: paperless-ngx-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: paperless-ngx-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: secret-key
remoteRef:
key: /cl01tl/paperless-ngx/secret
property: secret-key
- secretKey: admin-user
remoteRef:
key: /cl01tl/paperless-ngx/secret
property: admin-user
- secretKey: admin-password
remoteRef:
key: /cl01tl/paperless-ngx/secret
property: admin-password
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: paperless-ngx-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: paperless-ngx-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: OIDC_CLIENT_ID
remoteRef:
key: /authentik/oidc/headlamp
property: client
- secretKey: OIDC_CLIENT_SECRET
remoteRef:
key: /authentik/oidc/headlamp
property: secret
- secretKey: PAPERLESS_SOCIALACCOUNT_PROVIDERS
remoteRef:
key: /authentik/oidc/headlamp
property: PAPERLESS_SOCIALACCOUNT_PROVIDERS

207
clusters/cl01tl/helm/paperless-ngx/values.yaml Normal file
View File

@@ -0,0 +1,207 @@
paperless-ngx:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
containers:
main:
image:
repository: ghcr.io/paperless-ngx/paperless-ngx
tag: 2.20.13@sha256:4b05bcd28e6923768000b5d247cbf2c66fd49bdc3f3b05955bd4f6790a638b01
env:
- name: PAPERLESS_REDIS
value: redis://paperless-ngx-valkey.paperless-ngx:6379
- name: PAPERLESS_DBHOST
valueFrom:
secretKeyRef:
name: paperless-ngx-postgresql-18-cluster-app
key: host
- name: PAPERLESS_DBPORT
valueFrom:
secretKeyRef:
name: paperless-ngx-postgresql-18-cluster-app
key: port
- name: PAPERLESS_DBUSER
valueFrom:
secretKeyRef:
name: paperless-ngx-postgresql-18-cluster-app
key: user
- name: PAPERLESS_DBPASS
valueFrom:
secretKeyRef:
name: paperless-ngx-postgresql-18-cluster-app
key: password
- name: PAPERLESS_TIKA_ENABLED
value: true
- name: PAPERLESS_TIKA_GOTENBERG_ENDPOINT
value: http://localhost:3000/
- name: PAPERLESS_SECRET_KEY
valueFrom:
secretKeyRef:
name: paperless-ngx-secret
key: secret-key
- name: PAPERLESS_URL
value: https://paperless-ngx.alexlebens.net
- name: PAPERLESS_ALLOWED_HOSTS
value: paperless-ngx.alexlebens.net, paperless-ngx.paperless-ngx
- name: PAPERLESS_ADMIN_USER
valueFrom:
secretKeyRef:
name: paperless-ngx-secret
key: admin-user
- name: PAPERLESS_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: paperless-ngx-secret
key: admin-password
- name: PAPERLESS_ACCOUNT_ALLOW_SIGNUPS
value: true
- name: PAPERLESS_SOCIAL_AUTO_SIGNUP
value: true
- name: PAPERLESS_SOCIALACCOUNT_ALLOW_SIGNUPS
value: true
- name: PAPERLESS_APPS
value: allauth.socialaccount.providers.openid_connect
- name: PAPERLESS_LOGOUT_REDIRECT_URL
value: https://authentik.alexlebens.net/application/o/paperless-ngx/end-session/
- name: PAPERLESS_SOCIALACCOUNT_PROVIDERS
valueFrom:
secretKeyRef:
name: paperless-ngx-oidc-secret
key: PAPERLESS_SOCIALACCOUNT_PROVIDERS
- name: PAPERLESS_TIME_ZONE
value: America/Chicago
resources:
requests:
cpu: 1m
memory: 100Mi
gotenberg:
image:
repository: gotenberg/gotenberg
tag: 8.29.1@sha256:36c925776fa0db0fd1030408d131fde7ac3453027a559883555155b72adb16a7
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 8000
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- paperless-ngx.alexlebens.net
rules:
- backendRefs:
- name: paperless-ngx
port: 80
matches:
- path:
type: PathPrefix
value: /
persistence:
data:
forceRename: paperless-ngx-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 2Gi
advancedMounts:
main:
main:
- path: /usr/src/paperless/data
media:
forceRename: paperless-ngx-media
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
advancedMounts:
main:
main:
- path: /usr/src/paperless/media
export:
forceRename: paperless-ngx-export
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 2Gi
advancedMounts:
main:
main:
- path: /usr/src/paperless/export
consume:
forceRename: paperless-ngx-consume
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 2Gi
advancedMounts:
main:
main:
- path: /usr/src/paperless/consume
postgres-18-cluster:
mode: standalone
recovery:
method: objectStore
objectStore:
index: 1
backup:
objectStore:
- name: garage-local
index: 1
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 15 15 * * *"
backupName: garage-local
volsync-target-data:
pvcTarget: paperless-ngx-data
local:
enabled: true
schedule: 2 8 * * *
remote:
enabled: true
schedule: 2 9 * * *
external:
enabled: true
schedule: 2 10 * * *
volsync-target-media:
pvcTarget: paperless-ngx-metadata
local:
enabled: true
schedule: 4 8 * * *
remote:
enabled: true
schedule: 4 9 * * *
external:
enabled: true
schedule: 4 10 * * *
volsync-target-export:
pvcTarget: paperless-ngx-data
local:
enabled: true
schedule: 2 8 * * *
remote:
enabled: true
schedule: 2 9 * * *
external:
enabled: true
schedule: 2 10 * * *
volsync-target-consume:
pvcTarget: paperless-ngx-metadata
local:
enabled: true
schedule: 4 8 * * *
remote:
enabled: true
schedule: 4 9 * * *
external:
enabled: true
schedule: 4 10 * * *