1
0
forked from infra/ansible
infra/roles/hedgedoc/templates/docker-compose.yml.j2

46 lines
1.5 KiB
Django/Jinja

version: "3"
services:
database:
image: postgres:13.4-alpine
environment:
- POSTGRES_USER={{ hedgedoc_dbuser }}
- POSTGRES_PASSWORD={{ hedgedoc_dbpass }}
- POSTGRES_DB={{ hedgedoc_dbname }}
volumes:
- ./database:/var/lib/postgresql/data
restart: unless-stopped
app:
image: quay.io/hedgedoc/hedgedoc:1.9.3
environment:
- CMD_DOMAIN={{ hedgedoc_domain }}
- CMD_PROTOCOL_USESSL=true
- CMD_ALLOW_ANONYMOUS=false
- CMD_ALLOW_ANONYMOUS_EDITS=true
- CMD_ALLOW_FREEURL=true
- CMD_SESSION_SECRET={{ hedgedoc_secret }}
- CMD_HSTS_ENABLE=true
- CMD_HSTS_MAX_AGE=2592000
- CMD_HSTS_INCLUDE_SUBDOMAINS=true
- CMD_HSTS_PRELOAD=true
- CMD_CSP_ENABLE=true
- CMD_DB_URL=postgres://{{ hedgedoc_dbuser }}:{{ hedgedoc_dbpass }}@database:5432/{{ hedgedoc_dbname }}
- CMD_LDAP_URL={{ ldap_uri }}
- CMD_LDAP_BINDDN={{ ldap_binddn }}
- CMD_LDAP_BINDCREDENTIALS={{ ldap_bindpw }}
- CMD_LDAP_SEARCHBASE={{ ldap_base }}
- CMD_LDAP_SEARCHFILTER=(uid={{ '{{' }}username{{ '}}' }})
- CMD_LDAP_SEARCHATTRIBUTES=cn,uid
- CMD_LDAP_USERIDFIELD=uid
- CMD_LDAP_USERNAMEFIELD=cn
- CMD_LDAP_TLS_CA=/etc/ssl/certs/ca-certificates.crt
- CMD_EMAIL=false
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
- ./uploads:/hedgedoc/public/uploads
ports:
- "127.0.0.1:3000:3000"
restart: unless-stopped
depends_on:
- database