paperless-launcher

command module

v0.0.0-...-d00d202 Latest Latest Go to latest Published: Mar 18, 2022 License: MIT Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/drosocode/paperless-launcher

Links

Open Source Insights

README ¶

Paperless-launcher

A docker container used to mount/unmount an encypted veracrypt volume and start paperless on demand.

Usage

Edit the volume line in the docker-compose.yml file to map your folder with your veracrypt volumes, and the traefik-related settings. Then run docker-compose up -d to start the container.

CLI flag	Env var	Default	Description
serve	PLL_SERVE	0.0.0.0:3000	the bind address of the server
user-header	PLL_USER_HEADER	Remote-User	the header used to authenticate the user
email-header	PLL_EMAIL_HEADER	Remote-Email	the header that contains the user's email address
registration	PLL_REGISTRATION	false	Enable auto creation of volumes for new users
size	PLL_SIZE	2G	The default size of a veracrypt volume for the auto creation
mount-path	PLL_MOUNT_PATH	/app/mount/%user%	the path where the veracrypt volume will be mounted, `%user%` will be repaced by the username
volume-path	PLL_VOLUME_PATH	/data/%user%.hc	the path to the veracrypt volume for a specific user, this can be overwritten in the `mappings.json` file with `"youruser": "yourpath"`
mapping	PLL_MAPPING	mapping.json	Path to the user to path mapping file
timeout	PLL_TIMEOUT	1	Inactivity timeout before unmounting the volume (in minutes)
startPort	PLL_START_PORT	10000	First port to be used to bind the paperless container
redis-image	PLL_REDIS_IMAGE	redis:latest	the redis docker image to use
paperless-image	PLL_PAPERLESS_IMAGE	ghcr.io/paperless-ngx/paperless-ngx:latest	the paperless docker image to use

How it works

This is a simple container running dind (docker-in-docker) with veracrypt.

Each user have his own veracrypt volume that stores his documents and the paperless database (sqlite).

When the user wants to login, the request is handled by the forward-auth of the reverse-proxy (here, authelia) that adds a Remote-User header which is used to authenticate the user.

Then this application will ask the user for the password of the veracrypt volume to decrypt it, if it is not mounted and will mount the volume, start a paperless container and redirect the user to his paperless instance.

When the user have finished, he can click on logout or wait for the inactivity timeout, after this, the application will stop the paperless container and unmount the volume.

Note that this is not a 100% secure since the files remains unencrypted when you are accessing paperless, but one you are finished, the volume is unmounted, and the files cannot be accessed without the volume password. It is of course strongly recommanded to use https to connect to this application, as the volume password could be intercepted if only using http.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL