add oidc auth to paperless

roles/docker/templates/paperlessngx-compose.yml.j2

@@ -18,6 +18,8 @@ services:
       - ./export:/usr/src/paperless/export
       - ./consume:/usr/src/paperless/consume
     env_file: docker-compose.env
+    extra_hosts:
+      - 'auth.thesatelliteoflove.com:172.20.0.5'
     environment:
       PAPERLESS_REDIS: redis://broker:6379
       PAPERLESS_TIKA_ENABLED: 1

roles/docker/templates/paperlessngx.env.j2

@@ -40,3 +40,7 @@ PAPERLESS_TIME_ZONE=America/Denver
 # Set if accessing paperless via a domain subpath e.g. https://domain.com/PATHPREFIX and using a reverse-proxy like traefik or nginx
 #PAPERLESS_FORCE_SCRIPT_NAME=/PATHPREFIX
 #PAPERLESS_STATIC_URL=/PATHPREFIX/static/ # trailing slash required
+
+# authentik
+PAPERLESS_APPS: "allauth.socialaccount.providers.openid_connect"
+PAPERLESS_SOCIALACCOUNT_PROVIDERS: '{"openid_connect": {"APPS": [{"provider_id": "authentik","name": "Authentik SSO","client_id": "{{ paperless_oauth_client_id }}","secret": "{{ paperless_oauth_client_secret }}","settings": { "server_url": "https://auth.thesatelliteoflove.com/application/o/paperlessngx/.well-known/openid-configuration"}}]}}'