paradizelost/paperless-ngx
1
0
Fork 0
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2025-04-02 13:45:10 -05:00
Code Issues Packages Projects Releases Wiki Activity

Drop all permissions to paperlessng user

Browse Source 
Also make role idempotent
This commit is contained in:
Fabian Koller 2020-12-28 09:47:17 +01:00
parent 227934a7f0
commit ef9631ae24
No known key found for this signature in database
GPG Key ID: 4EFE4C946404B82A
1 changed files with 68 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
ansible/tasks/main.yml
View File

@ -81,11 +81,11 @@
state: started state: started
when: paperlessng_redis_host == 'localhost' or paperlessng_redis_host == '127.0.0.1' when: paperlessng_redis_host == 'localhost' or paperlessng_redis_host == '127.0.0.1'
- name: create paperless group - name: create paperless system group
group: group:
name: "{{ paperlessng_system_group }}" name: "{{ paperlessng_system_group }}"
- name: create paperless user - name: create paperless system user
user: user:
name: "{{ paperlessng_system_user }}" name: "{{ paperlessng_system_user }}"
groups: groups:
@ -105,31 +105,10 @@
- name: backup current paperless-ng installation - name: backup current paperless-ng installation
copy: copy:
src: "{{ paperlessng_directory }}" src: "{{ paperlessng_directory }}"
dest: "{{ paperlessng_directory }}-{{ ansible_date_time.iso8601 }}/"
remote_src: yes remote_src: yes
dest: "{{ paperlessng_directory }}-{{ ansible_date_time.iso8601 }}/"
when: '"No such file or directory" not in paperlessng_current_version.stderr and paperlessng_current_version.stdout != paperlessng_version | string' when: '"No such file or directory" not in paperlessng_current_version.stderr and paperlessng_current_version.stdout != paperlessng_version | string'
- name: download paperless-ng
get_url:
url: "https://github.com/jonaswinkler/paperless-ng/releases/download/ng-{{ paperlessng_version }}/paperless-ng-{{ paperlessng_version }}.tar.xz"
dest: /opt/paperless-ng-{{ paperlessng_version }}.tar.xz
when: '"No such file or directory" in paperlessng_current_version.stderr or paperlessng_current_version.stdout != paperlessng_version | string'
- name: create paperless-ng directories
file:
path: "{{ item }}"
state: directory
owner: "{{ paperlessng_system_user }}"
group: "{{ paperlessng_system_group }}"
mode: 0750
recurse: yes
with_items:
- "{{ paperlessng_directory }}"
- "{{ paperlessng_consumption_dir }}"
- "{{ paperlessng_data_dir }}"
- "{{ paperlessng_media_root }}"
- "{{ paperlessng_static_dir }}"
- name: create temporary directory - name: create temporary directory
tempfile: tempfile:
state: directory state: directory
@ -138,16 +117,28 @@
- name: extract paperless-ng - name: extract paperless-ng
unarchive: unarchive:
src: /opt/paperless-ng-{{ paperlessng_version }}.tar.xz src: "https://github.com/jonaswinkler/paperless-ng/releases/download/ng-{{ paperlessng_version }}/paperless-ng-{{ paperlessng_version }}.tar.xz"
dest: "{{ tempdir.path }}"
remote_src: yes remote_src: yes
dest: "{{ tempdir.path }}"
when: '"No such file or directory" in paperlessng_current_version.stderr or paperlessng_current_version.stdout != paperlessng_version | string'
- name: change permissions of paperless-ng
command:
cmd: "{{ item }}"
with_items:
- "find {{ tempdir.path }} -type d -exec chmod 0750 {} ;"
- "find {{ tempdir.path }} -type f -exec chmod 0640 {} ;"
when: '"No such file or directory" in paperlessng_current_version.stderr or paperlessng_current_version.stdout != paperlessng_version | string' when: '"No such file or directory" in paperlessng_current_version.stderr or paperlessng_current_version.stdout != paperlessng_version | string'
- name: move paperless-ng - name: move paperless-ng
command: copy:
cmd: "cp -R {{ tempdir.path }}/paperless-ng/. {{ paperlessng_directory }}" src: "{{ tempdir.path }}/paperless-ng/"
args: remote_src: yes
warn: false dest: "{{ paperlessng_directory }}"
owner: "{{ paperlessng_system_user }}"
group: "{{ paperlessng_system_group }}"
mode: preserve
directory_mode: preserve
when: '"No such file or directory" in paperlessng_current_version.stderr or paperlessng_current_version.stdout != paperlessng_version | string' when: '"No such file or directory" in paperlessng_current_version.stderr or paperlessng_current_version.stdout != paperlessng_version | string'
- name: remove temporary directory - name: remove temporary directory
@ -156,6 +147,20 @@
state: absent state: absent
when: '"No such file or directory" in paperlessng_current_version.stderr or paperlessng_current_version.stdout != paperlessng_version | string' when: '"No such file or directory" in paperlessng_current_version.stderr or paperlessng_current_version.stdout != paperlessng_version | string'
- name: create paperless-ng directories and set permissions
file:
path: "{{ item }}"
state: directory
owner: "{{ paperlessng_system_user }}"
group: "{{ paperlessng_system_group }}"
mode: "750"
with_items:
- "{{ paperlessng_directory }}" # ansible `copy:` does not set correct permissions on `dest:` for recursive copies
- "{{ paperlessng_consumption_dir }}"
- "{{ paperlessng_data_dir }}"
- "{{ paperlessng_media_root }}"
- "{{ paperlessng_static_dir }}"
- name: configure paperless-ng - name: configure paperless-ng
lineinfile: lineinfile:
path: "{{ paperlessng_directory }}/paperless.conf" path: "{{ paperlessng_directory }}/paperless.conf"
@ -176,10 +181,10 @@
line: "PAPERLESS_FILENAME_FORMAT={{ paperlessng_filename_format }}" line: "PAPERLESS_FILENAME_FORMAT={{ paperlessng_filename_format }}"
- regexp: "^#?PAPERLESS_OCR_LANGUAGE=" - regexp: "^#?PAPERLESS_OCR_LANGUAGE="
line: "PAPERLESS_OCR_LANGUAGE={{ paperlessng_ocr_languages | join('+') }}" line: "PAPERLESS_OCR_LANGUAGE={{ paperlessng_ocr_languages | join('+') }}"
- regexp: "^#PAPERLESS_OCR_USER_ARG=" # - regexp: "^#PAPERLESS_OCR_USER_ARG="
# TODO JSON dict required in conf? # # TODO JSON dict required in conf
# https://paperless-ng.readthedocs.io/en/latest/configuration.html#ocr-settings # # https://paperless-ng.readthedocs.io/en/latest/configuration.html#ocr-settings
line: "PAPERLESS_OCR_USER_ARG=\"{{ paperlessng_ocrmypdf_args }}{{ ' --jbig2-lossy' if paperlessng_use_jbig2enc else '' }}\"" # line: "PAPERLESS_OCR_USER_ARG=\"{{ paperlessng_ocrmypdf_args }}{{ ' --jbig2-lossy' if paperlessng_use_jbig2enc else '' }}\""
- regexp: "^#?PAPERLESS_TIME_ZONE=" - regexp: "^#?PAPERLESS_TIME_ZONE="
line: "PAPERLESS_TIME_ZONE={{ paperlessng_time_zone }}" line: "PAPERLESS_TIME_ZONE={{ paperlessng_time_zone }}"
no_log: true no_log: true
@ -211,29 +216,45 @@
no_log: true no_log: true
- name: create paperlessng venv - name: create paperlessng venv
become: yes
become_user: "{{ paperlessng_system_user }}"
command: command:
cmd: "python3 -m virtualenv {{ paperlessng_virtualenv }} -p /usr/bin/python3" cmd: "python3 -m virtualenv {{ paperlessng_virtualenv }} -p /usr/bin/python3"
creates: "{{ paperlessng_virtualenv }}" creates: "{{ paperlessng_virtualenv }}"
register: venv
- name: install paperlessng requirements - name: install paperlessng requirements
become: yes
become_user: "{{ paperlessng_system_user }}"
pip: pip:
requirements: "{{ paperlessng_directory }}/requirements.txt" requirements: "{{ paperlessng_directory }}/requirements.txt"
virtualenv: "{{ paperlessng_virtualenv }}" executable: "{{ paperlessng_virtualenv }}/bin/pip3"
extra_args: --upgrade extra_args: --upgrade
when: paperlessng_current_version.stdout != paperlessng_version | string
- name: collect static files - name: collect static files
become: yes
become_user: "{{ paperlessng_system_user }}"
command: "{{ paperlessng_virtualenv }}/bin/python3 manage.py collectstatic --no-input" command: "{{ paperlessng_virtualenv }}/bin/python3 manage.py collectstatic --no-input"
args: args:
chdir: "{{ paperlessng_directory }}/src" chdir: "{{ paperlessng_directory }}/src"
when: paperlessng_current_version.stdout != paperlessng_version | string
register: static_files
changed_when: "'188 unmodified' not in static_files.stdout"
- name: create database schema - name: create database schema
become: yes
become_user: "{{ paperlessng_system_user }}"
command: "{{ paperlessng_virtualenv }}/bin/python3 manage.py migrate" command: "{{ paperlessng_virtualenv }}/bin/python3 manage.py migrate"
args: args:
chdir: "{{ paperlessng_directory }}/src" chdir: "{{ paperlessng_directory }}/src"
when: paperlessng_current_version.stdout != paperlessng_version | string
register: database_schema register: database_schema
changed_when: '"No migrations to apply." not in database_schema.stdout' changed_when: '"No migrations to apply." not in database_schema.stdout'
- name: create first paperless user - name: configure paperless superuser
become: yes
become_user: "{{ paperlessng_system_user }}"
# "manage.py createsuperuser" only works on interactive TTYs # "manage.py createsuperuser" only works on interactive TTYs
command: | command: |
{{ paperlessng_virtualenv }}/bin/python3 manage.py shell -c " {{ paperlessng_virtualenv }}/bin/python3 manage.py shell -c "
@ -265,6 +286,16 @@
changed_when: superuser.stdout == 'changed' changed_when: superuser.stdout == 'changed'
no_log: true no_log: true
- name: set ownership and permissions on paperlessng venv
file:
path: "{{ paperlessng_virtualenv }}"
state: directory
recurse: yes
owner: "{{ paperlessng_system_user }}"
group: "{{ paperlessng_system_group }}"
mode: g-w,o-rwx
when: venv.changed or paperlessng_current_version.stdout != paperlessng_version | string
- name: configure ghostscript for PDF - name: configure ghostscript for PDF
lineinfile: lineinfile:
path: "/etc/ImageMagick-6/policy.xml" path: "/etc/ImageMagick-6/policy.xml"
@ -325,8 +356,8 @@
- name: copy systemd services - name: copy systemd services
copy: copy:
src: "{{ paperlessng_directory }}/scripts/{{ item }}" src: "{{ paperlessng_directory }}/scripts/{{ item }}"
dest: "/etc/systemd/system/{{ item }}"
remote_src: yes remote_src: yes
dest: "/etc/systemd/system/{{ item }}"
with_items: with_items:
- paperless-consumer.service - paperless-consumer.service
- paperless-scheduler.service - paperless-scheduler.service