hackmd: use docker instead of native setup
This commit is contained in:
parent
cc35e0da6c
commit
db8e6f2576
@ -35,8 +35,8 @@ gitea_secret: "{{ vault_gitea_secret }}"
|
||||
gitea_jwt_secret: "{{ vault_gitea_jwt_secret }}"
|
||||
|
||||
hedgedoc_domain: pad.binary-kitchen.de
|
||||
hedgedoc_dbname: hackmd
|
||||
hedgedoc_dbuser: hackmd
|
||||
hedgedoc_dbname: hedgedoc
|
||||
hedgedoc_dbuser: hedgedoc
|
||||
hedgedoc_dbpass: "{{ vault_hedgedoc_dbpass }}"
|
||||
hedgedoc_secret: "{{ vault_hedgedoc_secret }}"
|
||||
|
||||
|
@ -1,4 +0,0 @@
|
||||
---
|
||||
|
||||
hedgedoc_version: 1.9.3
|
||||
hedgedoc_archive: https://github.com/hedgedoc/hedgedoc/archive/{{ hedgedoc_version }}.tar.gz
|
@ -1,84 +1,25 @@
|
||||
---
|
||||
|
||||
- name: Create user
|
||||
user: name=hackmd
|
||||
|
||||
- name: Enable nodesource apt-key
|
||||
apt_key: url="https://deb.nodesource.com/gpgkey/nodesource.gpg.key"
|
||||
|
||||
- name: Enable nodesource repository
|
||||
apt_repository: repo="deb https://deb.nodesource.com/node_14.x/ {{ ansible_distribution_release }} main"
|
||||
|
||||
- name: Enable yarnpkg apt-key
|
||||
apt_key: url="https://dl.yarnpkg.com/debian/pubkey.gpg"
|
||||
|
||||
- name: Enable yarnpkg repository
|
||||
apt_repository: repo="deb https://dl.yarnpkg.com/debian/ stable main"
|
||||
|
||||
- name: Pin nodejs repository
|
||||
blockinfile:
|
||||
path: /etc/apt/preferences.d/nodejs
|
||||
create: yes
|
||||
block: |
|
||||
Package: *
|
||||
Pin: origin deb.nodesource.com
|
||||
Pin-Priority: 600
|
||||
|
||||
- name: Install packages
|
||||
apt:
|
||||
name:
|
||||
- build-essential
|
||||
- git
|
||||
- nodejs
|
||||
- postgresql
|
||||
- python3-psycopg2
|
||||
- yarn
|
||||
- docker-compose
|
||||
|
||||
- name: Unpack hedgedoc
|
||||
unarchive: src={{ hedgedoc_archive }} dest=/opt owner=hackmd group=hackmd remote_src=yes creates=/opt/hedgedoc-{{ hedgedoc_version }}
|
||||
register: hedgedoc_unarchive
|
||||
- name: Create hedgedoc group
|
||||
group: name=hedgedoc
|
||||
|
||||
- name: Create hedgedoc upload path
|
||||
file: path=/opt/hedgedoc/uploads state=directory recurse=yes owner=hackmd group=hackmd
|
||||
- name: Create hedgedoc user
|
||||
user:
|
||||
name: hedgedoc
|
||||
home: /opt/hedgedoc
|
||||
shell: /bin/bash
|
||||
group: hedgedoc
|
||||
groups: docker
|
||||
|
||||
- name: Remove old hedgedoc upload path
|
||||
file: path=/opt/hedgedoc-{{ hedgedoc_version }}/public/uploads state=absent force=yes
|
||||
|
||||
- name: Link hedgedoc upload path
|
||||
file: path=/opt/hedgedoc-{{ hedgedoc_version }}/public/uploads src=/opt/hedgedoc/uploads state=link owner=hackmd group=hackmd
|
||||
|
||||
- name: Setup hedgedoc
|
||||
command: bin/setup chdir=/opt/hedgedoc-{{ hedgedoc_version }} creates=/opt/hedgedoc-{{ hedgedoc_version }}/config.json
|
||||
become: true
|
||||
become_user: hackmd
|
||||
|
||||
- name: Configure hedgedoc
|
||||
template: src=config.json.j2 dest=/opt/hedgedoc-{{ hedgedoc_version }}/config.json owner=hackmd
|
||||
register: hedgedoc_config
|
||||
- name: Configure hedgedoc container
|
||||
template: src=docker-compose.yml.j2 dest=/opt/hedgedoc/docker-compose.yml
|
||||
notify: Restart hedgedoc
|
||||
|
||||
- name: Install hedgedoc frontend deps
|
||||
command: /usr/bin/yarn install chdir=/opt/hedgedoc-{{ hedgedoc_version }}
|
||||
become: true
|
||||
become_user: hackmd
|
||||
when: hedgedoc_unarchive.changed or hedgedoc_config.changed
|
||||
|
||||
- name: Build hedgedoc frontend
|
||||
command: /usr/bin/yarn build chdir=/opt/hedgedoc-{{ hedgedoc_version }}
|
||||
become: true
|
||||
become_user: hackmd
|
||||
when: hedgedoc_unarchive.changed or hedgedoc_config.changed
|
||||
|
||||
- name: Configure PostgreSQL database
|
||||
postgresql_db: name={{ hedgedoc_dbname }}
|
||||
become: true
|
||||
become_user: postgres
|
||||
|
||||
- name: Configure PostgreSQL user
|
||||
postgresql_user: db={{ hedgedoc_dbname }} name={{ hedgedoc_dbuser }} password={{ hedgedoc_dbpass }} priv=ALL state=present
|
||||
become: true
|
||||
become_user: postgres
|
||||
|
||||
- name: Ensure certificates are available
|
||||
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ hedgedoc_domain }}.key -out /etc/nginx/ssl/{{ hedgedoc_domain }}.crt -days 730 -subj "/CN={{ hedgedoc_domain }}" creates=/etc/nginx/ssl/{{ hedgedoc_domain }}.crt
|
||||
notify: Restart nginx
|
||||
|
@ -1,45 +0,0 @@
|
||||
{
|
||||
"production": {
|
||||
"domain": "{{ hedgedoc_domain }}",
|
||||
"protocolUseSSL": true,
|
||||
"allowAnonymous": false,
|
||||
"allowAnonymousEdits": true,
|
||||
"allowFreeURL": true,
|
||||
"sessionSecret": "{{ hedgedoc_secret }}",
|
||||
"hsts": {
|
||||
"enable": true,
|
||||
"maxAgeSeconds": 2592000,
|
||||
"includeSubdomains": true,
|
||||
"preload": true
|
||||
},
|
||||
"csp": {
|
||||
"enable": true,
|
||||
"directives": {
|
||||
},
|
||||
"upgradeInsecureRequests": "auto",
|
||||
"addDefaults": true,
|
||||
"addDisqus": true,
|
||||
"addGoogleAnalytics": true
|
||||
},
|
||||
"db": {
|
||||
"username": "{{ hedgedoc_dbuser }}",
|
||||
"password": "{{ hedgedoc_dbpass }}",
|
||||
"database": "{{ hedgedoc_dbname }}",
|
||||
"host": "localhost",
|
||||
"port": "5432",
|
||||
"dialect": "postgres"
|
||||
},
|
||||
"ldap": {
|
||||
"url": "{{ ldap_uri }}",
|
||||
"bindDn": "{{ ldap_binddn }}",
|
||||
"bindCredentials": "{{ ldap_bindpw }}",
|
||||
"searchBase": "{{ ldap_base }}",
|
||||
"searchFilter": "(uid={{ '{{' }}username{{ '}}' }})",
|
||||
"searchAttributes": ["cn", "uid"],
|
||||
"usernameField": "cn",
|
||||
"useridField": "uid",
|
||||
"tlsca": "/etc/ssl/certs/ca-certificates.crt"
|
||||
},
|
||||
"email": false
|
||||
}
|
||||
}
|
45
roles/hackmd/templates/docker-compose.yml.j2
Normal file
45
roles/hackmd/templates/docker-compose.yml.j2
Normal file
@ -0,0 +1,45 @@
|
||||
version: "3"
|
||||
services:
|
||||
database:
|
||||
image: postgres:13.4-alpine
|
||||
environment:
|
||||
- POSTGRES_USER={{ hedgedoc_dbuser }}
|
||||
- POSTGRES_PASSWORD={{ hedgedoc_dbpass }}
|
||||
- POSTGRES_DB={{ hedgedoc_dbname }}
|
||||
volumes:
|
||||
- ./database:/var/lib/postgresql/data
|
||||
restart: unless-stopped
|
||||
app:
|
||||
image: quay.io/hedgedoc/hedgedoc:1.9.3
|
||||
environment:
|
||||
- CMD_DOMAIN={{ hedgedoc_domain }}
|
||||
- CMD_PROTOCOL_USESSL=true
|
||||
- CMD_ALLOW_ANONYMOUS=false
|
||||
- CMD_ALLOW_ANONYMOUS_EDITS=true
|
||||
- CMD_ALLOW_FREEURL=true
|
||||
- CMD_SESSION_SECRET={{ hedgedoc_secret }}
|
||||
- CMD_HSTS_ENABLE=true
|
||||
- CMD_HSTS_MAX_AGE=2592000
|
||||
- CMD_HSTS_INCLUDE_SUBDOMAINS=true
|
||||
- CMD_HSTS_PRELOAD=true
|
||||
- CMD_CSP_ENABLE=true
|
||||
- CMD_DB_URL=postgres://{{ hedgedoc_dbuser }}:{{ hedgedoc_dbpass }}@database:5432/{{ hedgedoc_dbname }}
|
||||
- CMD_LDAP_URL={{ ldap_uri }}
|
||||
- CMD_LDAP_BINDDN={{ ldap_binddn }}
|
||||
- CMD_LDAP_BINDCREDENTIALS={{ ldap_bindpw }}
|
||||
- CMD_LDAP_SEARCHBASE={{ ldap_base }}
|
||||
- CMD_LDAP_SEARCHFILTER=(uid={{ '{{' }}username{{ '}}' }})
|
||||
- CMD_LDAP_SEARCHATTRIBUTES=cn,uid
|
||||
- CMD_LDAP_USERIDFIELD=uid
|
||||
- CMD_LDAP_USERNAMEFIELD=cn
|
||||
- CMD_LDAP_TLS_CA=/etc/ssl/certs/ca-certificates.crt
|
||||
- CMD_EMAIL=false
|
||||
volumes:
|
||||
- /etc/hosts:/etc/hosts:ro
|
||||
- /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
|
||||
- ./uploads:/hedgedoc/public/uploads
|
||||
ports:
|
||||
- "127.0.0.1:3000:3000"
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- database
|
@ -1,14 +1,28 @@
|
||||
[Unit]
|
||||
Description=HedgeDoc
|
||||
After=network.target
|
||||
Description=hedgedoc service using docker compose
|
||||
Requires=docker.service
|
||||
After=docker.service
|
||||
Before=nginx.service
|
||||
|
||||
[Service]
|
||||
Environment=NODE_ENV=production
|
||||
WorkingDirectory=/opt/hedgedoc-{{ hedgedoc_version }}
|
||||
Type=simple
|
||||
User=hackmd
|
||||
ExecStart=/usr/bin/yarn start
|
||||
Restart=on-failure
|
||||
|
||||
User=hedgedoc
|
||||
Group=hedgedoc
|
||||
|
||||
Restart=always
|
||||
TimeoutStartSec=1200
|
||||
|
||||
WorkingDirectory=/opt/hedgedoc
|
||||
|
||||
# Make sure no old containers are running
|
||||
ExecStartPre=/usr/bin/docker-compose down -v
|
||||
|
||||
# Compose up
|
||||
ExecStart=/usr/bin/docker-compose up
|
||||
|
||||
# Compose down, remove containers and volumes
|
||||
ExecStop=/usr/bin/docker-compose down -v
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
Loading…
Reference in New Issue
Block a user