Erich Blume 07f52e9488

Build Container / detect (push) Successful in 2s

Details

Build Container / build-dockerfile (paperless) (push) Successful in 9s

Details

Deploy Paperless-ngx document management (#328 )

## Summary

- Add paperless-ngx (v2.20.13) as a new ArgoCD-managed service on indri
- Dockerfile built from forge mirror (`mirrors/paperless-ngx`), multi-stage with s6-overlay
- PostgreSQL database via `blumeops-pg` CNPG cluster, Redis sidecar for Celery
- NFS document storage on sifaka (`/volume1/paperless`)
- Authentik OIDC SSO via baked JSON blob from 1Password
- Caddy route at `paperless.ops.eblu.me`
- 1Password item "Paperless (blumeops)" created with all secrets

## Files

- `containers/paperless/Dockerfile` — multi-stage build
- `argocd/manifests/paperless/` — full k8s manifest set
- `argocd/apps/paperless.yaml` — ArgoCD application
- `argocd/manifests/databases/` — CNPG role + ExternalSecret
- `ansible/roles/caddy/defaults/main.yml` — Caddy route
- `service-versions.yaml` — version tracking entry
- `docs/reference/services/paperless.md` — reference card

## Remaining deploy steps

1. Build container: `mise run container-build-and-release paperless`
2. Update kustomization.yaml `newTag` with actual image tag
3. Create Authentik application/provider for paperless
4. Create `paperless` database on blumeops-pg
5. Sync ArgoCD apps, then sync paperless from branch
6. Provision Caddy: `mise run provision-indri -- --tags caddy`
7. Verify at https://paperless.ops.eblu.me

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Reviewed-on: #328

2026-04-08 17:54:12 -07:00

2.7 KiB

Raw Blame History

title

modified

ArgoCD Applications

Registry of all applications deployed via argocd.

Application Registry

App	Namespace	Path/Source	Service
`apps`	argocd	`argocd/apps/`	App-of-apps root
`argocd`	argocd	`argocd/manifests/argocd/`	argocd
`tailscale-operator`	tailscale	`argocd/manifests/tailscale-operator/`	tailscale-operator
`1password-connect`	1password	`argocd/manifests/1password-connect/`	1password
`external-secrets`	external-secrets	Helm chart	1password
`external-secrets-config`	external-secrets	`argocd/manifests/external-secrets-config/`	1password
`cloudnative-pg`	cnpg-system	`mirrors/cloudnative-pg` release manifest	PostgreSQL operator
`blumeops-pg`	databases	`argocd/manifests/databases/`	postgresql
`prometheus`	monitoring	`argocd/manifests/prometheus/`	prometheus
`loki`	monitoring	`argocd/manifests/loki/`	loki
`grafana`	monitoring	`argocd/manifests/grafana/`	grafana
`grafana-config`	monitoring	`argocd/manifests/grafana-config/`	grafana
`immich`	immich	`argocd/manifests/immich/`	immich
`tempo`	monitoring	`argocd/manifests/tempo/`	tempo
`alloy-k8s`	alloy	`argocd/manifests/alloy-k8s/`	[[alloy
`alloy-tracing-ringtail`	alloy	`argocd/manifests/alloy-tracing-ringtail/`	[[alloy
`kube-state-metrics`	monitoring	`argocd/manifests/kube-state-metrics/`	K8s metrics
`miniflux`	miniflux	`argocd/manifests/miniflux/`	miniflux
`kiwix`	kiwix	`argocd/manifests/kiwix/`	kiwix
`torrent`	torrent	`argocd/manifests/torrent/`	transmission
`navidrome`	navidrome	`argocd/manifests/navidrome/`	navidrome
`teslamate`	teslamate	`argocd/manifests/teslamate/`	teslamate
`cv`	cv	`argocd/manifests/cv/`	cv
`forgejo-runner`	forgejo-runner	`argocd/manifests/forgejo-runner/`	forgejo CI
`ollama`	ollama	`argocd/manifests/ollama/`	ollama
`mealie`	mealie	`argocd/manifests/mealie/`	mealie
`paperless`	paperless	`argocd/manifests/paperless/`	paperless
`prowler`	prowler	`argocd/manifests/prowler/`	prowler

Sync Policies

Application	Policy	Rationale
`apps`	Automated	Picks up new Application manifests
All others	Manual	Explicit control over deployments

argocd - GitOps platform details
cluster - Kubernetes infrastructure

2.7 KiB Raw Blame History

ArgoCD Applications

Application Registry

Sync Policies

Related

2.7 KiB

Raw Blame History