forked from infra/ansible
hackmd: use docker instead of native setup
This commit is contained in:
parent
cc35e0da6c
commit
db8e6f2576
@ -35,8 +35,8 @@ gitea_secret: "{{ vault_gitea_secret }}"
|
|||||||
gitea_jwt_secret: "{{ vault_gitea_jwt_secret }}"
|
gitea_jwt_secret: "{{ vault_gitea_jwt_secret }}"
|
||||||
|
|
||||||
hedgedoc_domain: pad.binary-kitchen.de
|
hedgedoc_domain: pad.binary-kitchen.de
|
||||||
hedgedoc_dbname: hackmd
|
hedgedoc_dbname: hedgedoc
|
||||||
hedgedoc_dbuser: hackmd
|
hedgedoc_dbuser: hedgedoc
|
||||||
hedgedoc_dbpass: "{{ vault_hedgedoc_dbpass }}"
|
hedgedoc_dbpass: "{{ vault_hedgedoc_dbpass }}"
|
||||||
hedgedoc_secret: "{{ vault_hedgedoc_secret }}"
|
hedgedoc_secret: "{{ vault_hedgedoc_secret }}"
|
||||||
|
|
||||||
|
@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
hedgedoc_version: 1.9.3
|
|
||||||
hedgedoc_archive: https://github.com/hedgedoc/hedgedoc/archive/{{ hedgedoc_version }}.tar.gz
|
|
@ -1,84 +1,25 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
- name: Create user
|
|
||||||
user: name=hackmd
|
|
||||||
|
|
||||||
- name: Enable nodesource apt-key
|
|
||||||
apt_key: url="https://deb.nodesource.com/gpgkey/nodesource.gpg.key"
|
|
||||||
|
|
||||||
- name: Enable nodesource repository
|
|
||||||
apt_repository: repo="deb https://deb.nodesource.com/node_14.x/ {{ ansible_distribution_release }} main"
|
|
||||||
|
|
||||||
- name: Enable yarnpkg apt-key
|
|
||||||
apt_key: url="https://dl.yarnpkg.com/debian/pubkey.gpg"
|
|
||||||
|
|
||||||
- name: Enable yarnpkg repository
|
|
||||||
apt_repository: repo="deb https://dl.yarnpkg.com/debian/ stable main"
|
|
||||||
|
|
||||||
- name: Pin nodejs repository
|
|
||||||
blockinfile:
|
|
||||||
path: /etc/apt/preferences.d/nodejs
|
|
||||||
create: yes
|
|
||||||
block: |
|
|
||||||
Package: *
|
|
||||||
Pin: origin deb.nodesource.com
|
|
||||||
Pin-Priority: 600
|
|
||||||
|
|
||||||
- name: Install packages
|
- name: Install packages
|
||||||
apt:
|
apt:
|
||||||
name:
|
name:
|
||||||
- build-essential
|
- docker-compose
|
||||||
- git
|
|
||||||
- nodejs
|
|
||||||
- postgresql
|
|
||||||
- python3-psycopg2
|
|
||||||
- yarn
|
|
||||||
|
|
||||||
- name: Unpack hedgedoc
|
- name: Create hedgedoc group
|
||||||
unarchive: src={{ hedgedoc_archive }} dest=/opt owner=hackmd group=hackmd remote_src=yes creates=/opt/hedgedoc-{{ hedgedoc_version }}
|
group: name=hedgedoc
|
||||||
register: hedgedoc_unarchive
|
|
||||||
|
|
||||||
- name: Create hedgedoc upload path
|
- name: Create hedgedoc user
|
||||||
file: path=/opt/hedgedoc/uploads state=directory recurse=yes owner=hackmd group=hackmd
|
user:
|
||||||
|
name: hedgedoc
|
||||||
|
home: /opt/hedgedoc
|
||||||
|
shell: /bin/bash
|
||||||
|
group: hedgedoc
|
||||||
|
groups: docker
|
||||||
|
|
||||||
- name: Remove old hedgedoc upload path
|
- name: Configure hedgedoc container
|
||||||
file: path=/opt/hedgedoc-{{ hedgedoc_version }}/public/uploads state=absent force=yes
|
template: src=docker-compose.yml.j2 dest=/opt/hedgedoc/docker-compose.yml
|
||||||
|
|
||||||
- name: Link hedgedoc upload path
|
|
||||||
file: path=/opt/hedgedoc-{{ hedgedoc_version }}/public/uploads src=/opt/hedgedoc/uploads state=link owner=hackmd group=hackmd
|
|
||||||
|
|
||||||
- name: Setup hedgedoc
|
|
||||||
command: bin/setup chdir=/opt/hedgedoc-{{ hedgedoc_version }} creates=/opt/hedgedoc-{{ hedgedoc_version }}/config.json
|
|
||||||
become: true
|
|
||||||
become_user: hackmd
|
|
||||||
|
|
||||||
- name: Configure hedgedoc
|
|
||||||
template: src=config.json.j2 dest=/opt/hedgedoc-{{ hedgedoc_version }}/config.json owner=hackmd
|
|
||||||
register: hedgedoc_config
|
|
||||||
notify: Restart hedgedoc
|
notify: Restart hedgedoc
|
||||||
|
|
||||||
- name: Install hedgedoc frontend deps
|
|
||||||
command: /usr/bin/yarn install chdir=/opt/hedgedoc-{{ hedgedoc_version }}
|
|
||||||
become: true
|
|
||||||
become_user: hackmd
|
|
||||||
when: hedgedoc_unarchive.changed or hedgedoc_config.changed
|
|
||||||
|
|
||||||
- name: Build hedgedoc frontend
|
|
||||||
command: /usr/bin/yarn build chdir=/opt/hedgedoc-{{ hedgedoc_version }}
|
|
||||||
become: true
|
|
||||||
become_user: hackmd
|
|
||||||
when: hedgedoc_unarchive.changed or hedgedoc_config.changed
|
|
||||||
|
|
||||||
- name: Configure PostgreSQL database
|
|
||||||
postgresql_db: name={{ hedgedoc_dbname }}
|
|
||||||
become: true
|
|
||||||
become_user: postgres
|
|
||||||
|
|
||||||
- name: Configure PostgreSQL user
|
|
||||||
postgresql_user: db={{ hedgedoc_dbname }} name={{ hedgedoc_dbuser }} password={{ hedgedoc_dbpass }} priv=ALL state=present
|
|
||||||
become: true
|
|
||||||
become_user: postgres
|
|
||||||
|
|
||||||
- name: Ensure certificates are available
|
- name: Ensure certificates are available
|
||||||
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ hedgedoc_domain }}.key -out /etc/nginx/ssl/{{ hedgedoc_domain }}.crt -days 730 -subj "/CN={{ hedgedoc_domain }}" creates=/etc/nginx/ssl/{{ hedgedoc_domain }}.crt
|
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ hedgedoc_domain }}.key -out /etc/nginx/ssl/{{ hedgedoc_domain }}.crt -days 730 -subj "/CN={{ hedgedoc_domain }}" creates=/etc/nginx/ssl/{{ hedgedoc_domain }}.crt
|
||||||
notify: Restart nginx
|
notify: Restart nginx
|
||||||
|
@ -1,45 +0,0 @@
|
|||||||
{
|
|
||||||
"production": {
|
|
||||||
"domain": "{{ hedgedoc_domain }}",
|
|
||||||
"protocolUseSSL": true,
|
|
||||||
"allowAnonymous": false,
|
|
||||||
"allowAnonymousEdits": true,
|
|
||||||
"allowFreeURL": true,
|
|
||||||
"sessionSecret": "{{ hedgedoc_secret }}",
|
|
||||||
"hsts": {
|
|
||||||
"enable": true,
|
|
||||||
"maxAgeSeconds": 2592000,
|
|
||||||
"includeSubdomains": true,
|
|
||||||
"preload": true
|
|
||||||
},
|
|
||||||
"csp": {
|
|
||||||
"enable": true,
|
|
||||||
"directives": {
|
|
||||||
},
|
|
||||||
"upgradeInsecureRequests": "auto",
|
|
||||||
"addDefaults": true,
|
|
||||||
"addDisqus": true,
|
|
||||||
"addGoogleAnalytics": true
|
|
||||||
},
|
|
||||||
"db": {
|
|
||||||
"username": "{{ hedgedoc_dbuser }}",
|
|
||||||
"password": "{{ hedgedoc_dbpass }}",
|
|
||||||
"database": "{{ hedgedoc_dbname }}",
|
|
||||||
"host": "localhost",
|
|
||||||
"port": "5432",
|
|
||||||
"dialect": "postgres"
|
|
||||||
},
|
|
||||||
"ldap": {
|
|
||||||
"url": "{{ ldap_uri }}",
|
|
||||||
"bindDn": "{{ ldap_binddn }}",
|
|
||||||
"bindCredentials": "{{ ldap_bindpw }}",
|
|
||||||
"searchBase": "{{ ldap_base }}",
|
|
||||||
"searchFilter": "(uid={{ '{{' }}username{{ '}}' }})",
|
|
||||||
"searchAttributes": ["cn", "uid"],
|
|
||||||
"usernameField": "cn",
|
|
||||||
"useridField": "uid",
|
|
||||||
"tlsca": "/etc/ssl/certs/ca-certificates.crt"
|
|
||||||
},
|
|
||||||
"email": false
|
|
||||||
}
|
|
||||||
}
|
|
45
roles/hackmd/templates/docker-compose.yml.j2
Normal file
45
roles/hackmd/templates/docker-compose.yml.j2
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
version: "3"
|
||||||
|
services:
|
||||||
|
database:
|
||||||
|
image: postgres:13.4-alpine
|
||||||
|
environment:
|
||||||
|
- POSTGRES_USER={{ hedgedoc_dbuser }}
|
||||||
|
- POSTGRES_PASSWORD={{ hedgedoc_dbpass }}
|
||||||
|
- POSTGRES_DB={{ hedgedoc_dbname }}
|
||||||
|
volumes:
|
||||||
|
- ./database:/var/lib/postgresql/data
|
||||||
|
restart: unless-stopped
|
||||||
|
app:
|
||||||
|
image: quay.io/hedgedoc/hedgedoc:1.9.3
|
||||||
|
environment:
|
||||||
|
- CMD_DOMAIN={{ hedgedoc_domain }}
|
||||||
|
- CMD_PROTOCOL_USESSL=true
|
||||||
|
- CMD_ALLOW_ANONYMOUS=false
|
||||||
|
- CMD_ALLOW_ANONYMOUS_EDITS=true
|
||||||
|
- CMD_ALLOW_FREEURL=true
|
||||||
|
- CMD_SESSION_SECRET={{ hedgedoc_secret }}
|
||||||
|
- CMD_HSTS_ENABLE=true
|
||||||
|
- CMD_HSTS_MAX_AGE=2592000
|
||||||
|
- CMD_HSTS_INCLUDE_SUBDOMAINS=true
|
||||||
|
- CMD_HSTS_PRELOAD=true
|
||||||
|
- CMD_CSP_ENABLE=true
|
||||||
|
- CMD_DB_URL=postgres://{{ hedgedoc_dbuser }}:{{ hedgedoc_dbpass }}@database:5432/{{ hedgedoc_dbname }}
|
||||||
|
- CMD_LDAP_URL={{ ldap_uri }}
|
||||||
|
- CMD_LDAP_BINDDN={{ ldap_binddn }}
|
||||||
|
- CMD_LDAP_BINDCREDENTIALS={{ ldap_bindpw }}
|
||||||
|
- CMD_LDAP_SEARCHBASE={{ ldap_base }}
|
||||||
|
- CMD_LDAP_SEARCHFILTER=(uid={{ '{{' }}username{{ '}}' }})
|
||||||
|
- CMD_LDAP_SEARCHATTRIBUTES=cn,uid
|
||||||
|
- CMD_LDAP_USERIDFIELD=uid
|
||||||
|
- CMD_LDAP_USERNAMEFIELD=cn
|
||||||
|
- CMD_LDAP_TLS_CA=/etc/ssl/certs/ca-certificates.crt
|
||||||
|
- CMD_EMAIL=false
|
||||||
|
volumes:
|
||||||
|
- /etc/hosts:/etc/hosts:ro
|
||||||
|
- /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
|
||||||
|
- ./uploads:/hedgedoc/public/uploads
|
||||||
|
ports:
|
||||||
|
- "127.0.0.1:3000:3000"
|
||||||
|
restart: unless-stopped
|
||||||
|
depends_on:
|
||||||
|
- database
|
@ -1,14 +1,28 @@
|
|||||||
[Unit]
|
[Unit]
|
||||||
Description=HedgeDoc
|
Description=hedgedoc service using docker compose
|
||||||
After=network.target
|
Requires=docker.service
|
||||||
|
After=docker.service
|
||||||
|
Before=nginx.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Environment=NODE_ENV=production
|
|
||||||
WorkingDirectory=/opt/hedgedoc-{{ hedgedoc_version }}
|
|
||||||
Type=simple
|
Type=simple
|
||||||
User=hackmd
|
|
||||||
ExecStart=/usr/bin/yarn start
|
User=hedgedoc
|
||||||
Restart=on-failure
|
Group=hedgedoc
|
||||||
|
|
||||||
|
Restart=always
|
||||||
|
TimeoutStartSec=1200
|
||||||
|
|
||||||
|
WorkingDirectory=/opt/hedgedoc
|
||||||
|
|
||||||
|
# Make sure no old containers are running
|
||||||
|
ExecStartPre=/usr/bin/docker-compose down -v
|
||||||
|
|
||||||
|
# Compose up
|
||||||
|
ExecStart=/usr/bin/docker-compose up
|
||||||
|
|
||||||
|
# Compose down, remove containers and volumes
|
||||||
|
ExecStop=/usr/bin/docker-compose down -v
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
Loading…
x
Reference in New Issue
Block a user