# vim: ft=yaml.ansible
---
- name: create hedgedoc volume folders
  file:
    name: "{{ services.hedgedoc.volume_folder }}/{{ volume }}"
    state: directory
  loop:
    - "db"
    - "hedgedoc/uploads"
  loop_control:
    loop_var: volume

- name: copy sso public certificate
  copy:
    src: "files/sso/sso.data.coop.pem"
    dest: "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem"
    mode: "0644"

- name: setup hedgedoc
  docker_compose:
    project_name: "hedgedoc"
    pull: "yes"
    definition:
      services:
        database:
          image: "postgres:{{ services.hedgedoc.postgres_version }}"
          environment:
            POSTGRES_USER: "codimd"
            POSTGRES_PASSWORD: "{{ postgres_passwords.hedgedoc }}"
            POSTGRES_DB: "codimd"
          restart: "unless-stopped"
          networks:
            - "hedgedoc"
          volumes:
            - "{{ services.hedgedoc.volume_folder }}/db:/var/lib/postgresql/data"
        
        app:
          image: "quay.io/hedgedoc/hedgedoc:{{ services.hedgedoc.version }}"
          environment:
            CMD_DB_URL: "postgres://codimd:{{ postgres_passwords.hedgedoc }}@hedgedoc_database_1:5432/codimd"
            CMD_DOMAIN: "{{ services.hedgedoc.domain }}"
            CMD_ALLOW_EMAIL_REGISTER: "False"
            CMD_IMAGE_UPLOAD_TYPE: "filesystem"
            CMD_EMAIL: "False"
            CMD_SAML_IDPCERT: "/sso.data.coop.pem"
            CMD_SAML_IDPSSOURL: "https://sso.data.coop/auth/realms/datacoop/protocol/saml"
            CMD_SAML_ISSUER: "hedgedoc"
            CMD_SAML_IDENTIFIERFORMAT: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
            CMD_USECDN: "false"
            CMD_PROTOCOL_USESSL: "true"
            VIRTUAL_HOST: "{{ services.hedgedoc.domain }}"
            LETSENCRYPT_HOST: "{{ services.hedgedoc.domain }}"
            LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
          volumes:
            - "{{ services.hedgedoc.volume_folder }}/hedgedoc/uploads:/hedgedoc/public/uploads"
            - "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem:/sso.data.coop.pem"
          restart: "unless-stopped"
          networks: 
            - "hedgedoc"
            - "external_services"
          depends_on:
            - database

      networks: 
        hedgedoc:
        external_services:
          external: true