Merge pull request #543 from maur/master

lxc installation - small improvements

docs/examples/lxc/lxc-install.sh

@@ -0,0 +1,156 @@
+#!/usr/bin/env bash
+
+# Bash script to install paperless in lxc containter
+# paperless.lan
+#
+# Will set-up paperless, apache2 and proftpd
+#
+# lxc launch ubuntu: paperless
+# lxc exec paperless -- sh -c "sudo apt-get update && sudo apt-get install -y wget"
+# lxc exec paperless -- sh -c "wget https://raw.githubusercontent.com/the-paperless-project/paperless/master/docs/examples/lxc/lxc-install.sh && /bin/bash lxc-install.sh --email "
+#
+#
+set +e
+PASSWORD=$(< /dev/urandom tr -dc _A-Z-a-z-0-9+@%^{} | head -c20;echo;)
+EMAIL=
+
+function displayHelp() {
+    echo "available parameters:
+    -e <email> | --email <email> 
+    -p <password> | --password <password>
+    "
+}
+
+POSITIONAL=()
+while [[ $# -gt 0 ]]
+do
+key="$1"
+i=$key
+
+case $i in
+    -e|--email)
+      EMAIL="${2}"
+      shift
+      shift
+    ;;
+    -p|--password)
+      PASSWORD="${2}"
+      shift
+      shift
+    ;;
+    --default|-h|--help)
+      shift
+      displayHelp
+      exit 0
+    ;;
+    *)
+      echo "argument: $i not recognized"
+      exit 2
+    ;;
+esac
+done
+set -- "${POSITIONAL[@]}" # restore positional parameters
+
+if [ -z $EMAIL ]; then
+  echo "missing email, try running with -h "
+  exit 3
+fi
+if [[ $(/usr/bin/id -u) -ne 0 ]]; then
+    echo "Not running as root"
+    exit
+fi
+
+if [ $(grep -c paperless /etc/passwd) -eq 0 ]; then
+  # Add paperless user with no password
+  adduser --disabled-password --gecos "" paperless
+fi
+
+if [ $(grep -c ftpupload /etc/passwd) -eq 0 ]; then
+  # Add ftpupload
+  adduser --disabled-password --gecos "" ftpupload
+  echo "Set ftpupload password: "
+  #passwd ftpupload
+  #TODO: generate some password and allow parameter 
+  echo "ftpupload:ftpuploadpassword" | chpasswd
+fi
+
+if [ $(id -nG paperless | grep -Fcw ftpupload) -eq 0 ]; then
+  # Allow paperless group to access
+  adduser paperless ftpupload
+  chmod g+w /home/ftpupload 
+fi
+
+# Get apt up to date
+apt-get update
+
+# Needed for plain Paperless
+apt-get -y install unpaper gnupg libpoppler-cpp-dev python3-pyocr tesseract-ocr imagemagick optipng git
+
+# Needed for Apache
+apt-get -y install apache2 libapache2-mod-wsgi-py3
+
+if [ ! -f /etc/proftpd/proftpd.conf -o $(grep -c paperless /etc/proftpd/proftpd.conf) -eq 0 ]; then
+  # Install ftp server and make sure all uplaoded files are owned by paperless
+  apt-get -y install proftpd
+  cat <<EOF >> /etc/proftpd/proftpd.conf
+  <Directory /home/ftpupload/>
+    UserOwner   paperless
+    GroupOwner  paperless
+  </Directory>
+EOF
+  systemctl restart proftpd
+fi
+
+#Get Paperless from git 
+su -c "cd /home/paperless ; git clone https://github.com/the-paperless-project/paperless" paperless
+
+# Install Pip Requirements
+apt-get -y install python3-pip python3-venv
+cd /home/paperless/paperless
+pip3 install -r requirements.txt
+
+# Take paperless.conf.example and set consumuption dir (ftp dir)
+sed  -e '/PAPERLESS_CONSUMPTION_DIR=/s/=.*/=\"\/home\/ftpupload\/\"/' \
+     /home/paperless/paperless/paperless.conf.example  >/etc/paperless.conf
+
+# Update /etc/paperless.conf with PAPERLESS_SECRET_KEY
+SECRET=$(strings /dev/urandom | grep -o '[[:alnum:]]' | head -n 30 | tr -d '\n'; echo)
+sed  -i "s/#PAPERLESS_SECRET_KEY.*/PAPERLESS_SECRET_KEY=$SECRET/" /etc/paperless.conf 
+
+#Initialise the SQLite database 
+su -c "cd /home/paperless/paperless/src/ ; ./manage.py migrate" paperless
+echo "if superuser doesn't exists, create one with login: paperless and password: ${PASSWORD}"
+#Create a user for your Paperless instance
+su -c "cd /home/paperless/paperless/src/ ; echo ./manage.py create_superuser_with_password --username paperless --email ${EMAIL} --password ${PASSWORD} --preserve" paperless
+su -c "cd /home/paperless/paperless/src/ ; ./manage.py create_superuser_with_password --username paperless --email ${EMAIL} --password ${PASSWORD} --preserve" paperless
+
+if [ ! -d /home/paperless/paperless/static ]; then
+  # 167 static files copied to '/home/paperless/paperless/static'.
+  su -c "cd /home/paperless/paperless/src/ ; ./manage.py collectstatic" paperless
+fi
+
+if [ ! -f /etc/apache2/sites-available/paperless.conf ]; then
+  # Set-up apache
+  cp /home/paperless/paperless/docs/examples/lxc/paperless.conf /etc/apache2/sites-available/
+  a2dissite 000-default.conf
+  a2ensite paperless.conf
+  systemctl reload apache2
+fi
+
+sed -e "s:home/paperless/project/virtualenv/bin/python:usr/bin/python3:" \
+     /home/paperless/paperless/scripts/paperless-consumer.service \
+     >/etc/systemd/system/paperless-consumer.service
+
+sed -i "s:/home/paperless/project/src/manage.py:/home/paperless/paperless/src/manage.py:" \
+      /etc/systemd/system/paperless-consumer.service
+
+
+systemctl enable paperless-consumer
+systemctl start paperless-consumer
+
+# convert-im6.q16: not authorized
+# Security risk ?
+# https://stackoverflow.com/questions/42928765/convertnot-authorized-aaaa-error-constitute-c-readimage-453
+if [ -f /etc/ImageMagick-6/policy.xml ]; then
+  mv /etc/ImageMagick-6/policy.xml /etc/ImageMagick-6/policy.xmlout
+fi

docs/examples/lxc/paperless.conf

@@ -0,0 +1,18 @@
+<VirtualHost *:80>
+    ServerName paperless.lan
+
+    Alias /static/ /home/paperless/paperless/static/
+    <Directory /home/paperless/paperless/static>
+        Require all granted
+    </Directory>
+
+    WSGIScriptAlias / /home/paperless/paperless/src/paperless/wsgi.py
+    WSGIDaemonProcess paperless.lan user=paperless group=paperless threads=5 python-path=/home/paperless/paperless/src 
+    WSGIProcessGroup paperless.lan
+
+    <Directory /home/paperless/paperless/src/paperless>
+        <Files wsgi.py>
+            Require all granted
+        </Files>
+    </Directory>
+</VirtualHost>

docs/setup.rst

@@ -43,6 +43,7 @@ You can go multiple routes with setting up and running Paperless:
 
  * The `bare metal route`_
  * The `docker route`_
+ * A suggested `linux containers route`_
 
 
 The `docker route`_ is quick & easy.
@@ -50,10 +51,14 @@ The `docker route`_ is quick & easy.
 The `bare metal route`_ is a bit more complicated to setup but makes it easier
 should you want to contribute some code back.
 
+The `linux containers route`_ is quick, but makes alot of assumptions on the 
+set-up, on the other hand the script could be used to install on a base
+debian or ubuntu server.
+
 .. _docker route: setup-installation-docker_
 .. _bare metal route: setup-installation-bare-metal_
 .. _Docker Machine: https://docs.docker.com/machine/
-
+.. _linux containers route: setup-installation-linux-containers_
 
 .. _setup-installation-bare-metal:
 
@@ -485,3 +490,45 @@ If you're using Docker, you can set a restart-policy_ in the
 Docker daemon.
 
 .. _restart-policy: https://docs.docker.com/engine/reference/commandline/run/#restart-policies-restart
+
+
+.. _setup-installation-linux-containers:
+
+Suggested way for Linux Container Method
+++++++++++++++++++++++++++++++++++++++++
+
+This method uses some rigid assumptions, for the best set-up:-
+
+ * Ubuntu lts as the container
+ * Apache as the webserver
+ * proftpd as ftp server
+ * ftpupload as the ftp user
+ * paperless as the main user for website 
+ * http://paperless.lan is the desired lan url
+ * LXC set to give ip addresses on your lan
+
+This could also be used as an install on a base debain/ubuntu server, 
+if the above assumptions are acceptable.
+
+1. Install lxc
+
+
+2. Lanch paperless container
+
+.. code:: bash
+
+    $ lxc launch ubuntu: paperless
+
+3. Run install script within container
+
+.. code:: bash
+
+    $ lxc exec paperless -- sh -c "wget https://raw.githubusercontent.com/the-paperless-project/paperless/master/docs/examples/lxc/lxc-install.sh && /bin/bash lxc-install.sh --email"
+
+The script will ask you for an ftpupload password.  
+As well as the super-user for paperless web front-end. 
+After around 10 mins, http://paperless.lan is ready and
+ftp://paperless.lan with user: ftpupload
+
+See the `Installation recording <_static/lxc-install.svg>`_.
+

management/commands/create_superuser_with_password.py

@@ -0,0 +1,38 @@
+from django.contrib.auth.management.commands import createsuperuser
+from django.core.management import CommandError
+
+
+class Command(createsuperuser.Command):
+    help = 'Crate a superuser, and allow password to be provided'
+
+    def add_arguments(self, parser):
+        super(Command, self).add_arguments(parser)
+        parser.add_argument(
+            '--password', dest='password', default=None,
+            help='Specifies the password for the superuser.',
+        )
+        parser.add_argument(
+            '--preserve', dest='preserve', default=False, action='store_true',
+            help='Exit normally if the user already exists.',
+        )
+
+    def handle(self, *args, **options):
+        password = options.get('password')
+        username = options.get('username')
+        database = options.get('database')
+
+        if password and not username:
+            raise CommandError("--username is required if specifying --password")
+
+        if username and options.get('preserve'):
+            exists = self.UserModel._default_manager.db_manager(database).filter(username=username).exists()
+            if exists:
+                self.stdout.write("User exists, exiting normally due to --preserve")
+                return
+
+        super(Command, self).handle(*args, **options)
+
+        if password:
+            user = self.UserModel._default_manager.db_manager(database).get(username=username)
+            user.set_password(password)
+            user.save()