66 lines
2.2 KiB
YAML
66 lines
2.2 KiB
YAML
---
|
|
- name: create hedgedoc volume folders
|
|
ansible.builtin.file:
|
|
name: '{{ services.hedgedoc.volume_folder }}/{{ volume }}'
|
|
state: directory
|
|
loop:
|
|
- db
|
|
- hedgedoc/uploads
|
|
loop_control:
|
|
loop_var: volume
|
|
|
|
- name: copy sso public certificate
|
|
ansible.builtin.copy:
|
|
src: files/sso/sso.data.coop.pem
|
|
dest: '{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem'
|
|
mode: '0644'
|
|
|
|
- name: setup hedgedoc
|
|
community.docker.docker_compose:
|
|
project_name: hedgedoc
|
|
pull: true
|
|
definition:
|
|
services:
|
|
database:
|
|
image: postgres:10-alpine
|
|
environment:
|
|
POSTGRES_USER: codimd
|
|
POSTGRES_PASSWORD: '{{ postgres_passwords.hedgedoc }}'
|
|
POSTGRES_DB: codimd
|
|
restart: unless-stopped
|
|
networks:
|
|
- hedgedoc
|
|
volumes:
|
|
- '{{ services.hedgedoc.volume_folder }}/db:/var/lib/postgresql/data'
|
|
app:
|
|
image: quay.io/hedgedoc/hedgedoc:{{ services.hedgedoc.version }}
|
|
environment:
|
|
CMD_DB_URL: postgres://codimd:{{ postgres_passwords.hedgedoc }}@hedgedoc_database_1:5432/codimd
|
|
CMD_DOMAIN: '{{ services.hedgedoc.domain }}'
|
|
CMD_ALLOW_EMAIL_REGISTER: 'False'
|
|
CMD_IMAGE_UPLOAD_TYPE: filesystem
|
|
CMD_EMAIL: 'False'
|
|
CMD_SAML_IDPCERT: /sso.data.coop.pem
|
|
CMD_SAML_IDPSSOURL: https://sso.data.coop/auth/realms/datacoop/protocol/saml
|
|
CMD_SAML_ISSUER: hedgedoc
|
|
CMD_SAML_IDENTIFIERFORMAT: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
|
|
CMD_USECDN: 'false'
|
|
CMD_PROTOCOL_USESSL: 'true'
|
|
VIRTUAL_HOST: '{{ services.hedgedoc.domain }}'
|
|
LETSENCRYPT_HOST: '{{ services.hedgedoc.domain }}'
|
|
LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'
|
|
volumes:
|
|
- '{{ services.hedgedoc.volume_folder }}/hedgedoc/uploads:/hedgedoc/public/uploads'
|
|
- '{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem:/sso.data.coop.pem'
|
|
restart: unless-stopped
|
|
networks:
|
|
- hedgedoc
|
|
- external_services
|
|
depends_on:
|
|
- database
|
|
|
|
networks:
|
|
hedgedoc:
|
|
external_services:
|
|
external: true
|