ansible/roles/docker/tasks/services/hedgedoc.yml

66 lines
2.2 KiB
YAML

---
- name: create hedgedoc volume folders
ansible.builtin.file:
name: '{{ services.hedgedoc.volume_folder }}/{{ volume }}'
state: directory
loop:
- db
- hedgedoc/uploads
loop_control:
loop_var: volume
- name: copy sso public certificate
ansible.builtin.copy:
src: files/sso/sso.data.coop.pem
dest: '{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem'
mode: '0644'
- name: setup hedgedoc
community.docker.docker_compose:
project_name: hedgedoc
pull: true
definition:
services:
database:
image: postgres:10-alpine
environment:
POSTGRES_USER: codimd
POSTGRES_PASSWORD: '{{ postgres_passwords.hedgedoc }}'
POSTGRES_DB: codimd
restart: unless-stopped
networks:
- hedgedoc
volumes:
- '{{ services.hedgedoc.volume_folder }}/db:/var/lib/postgresql/data'
app:
image: quay.io/hedgedoc/hedgedoc:{{ services.hedgedoc.version }}
environment:
CMD_DB_URL: postgres://codimd:{{ postgres_passwords.hedgedoc }}@hedgedoc_database_1:5432/codimd
CMD_DOMAIN: '{{ services.hedgedoc.domain }}'
CMD_ALLOW_EMAIL_REGISTER: 'False'
CMD_IMAGE_UPLOAD_TYPE: filesystem
CMD_EMAIL: 'False'
CMD_SAML_IDPCERT: /sso.data.coop.pem
CMD_SAML_IDPSSOURL: https://sso.data.coop/auth/realms/datacoop/protocol/saml
CMD_SAML_ISSUER: hedgedoc
CMD_SAML_IDENTIFIERFORMAT: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
CMD_USECDN: 'false'
CMD_PROTOCOL_USESSL: 'true'
VIRTUAL_HOST: '{{ services.hedgedoc.domain }}'
LETSENCRYPT_HOST: '{{ services.hedgedoc.domain }}'
LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'
volumes:
- '{{ services.hedgedoc.volume_folder }}/hedgedoc/uploads:/hedgedoc/public/uploads'
- '{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem:/sso.data.coop.pem'
restart: unless-stopped
networks:
- hedgedoc
- external_services
depends_on:
- database
networks:
hedgedoc:
external_services:
external: true