forked from data.coop/ansible
67 lines
2.2 KiB
YAML
67 lines
2.2 KiB
YAML
---
|
|
- name: create hedgedoc volume folders
|
|
file:
|
|
name: "{{ services.hedgedoc.volume_folder }}/{{ volume }}"
|
|
state: directory
|
|
loop:
|
|
- "db"
|
|
- "hedgedoc/uploads"
|
|
loop_control:
|
|
loop_var: volume
|
|
|
|
- name: copy sso public certificate
|
|
copy:
|
|
src: "files/sso/sso.data.coop.pem"
|
|
dest: "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem"
|
|
mode: "0644"
|
|
|
|
- name: setup hedgedoc
|
|
docker_compose:
|
|
project_name: "hedgedoc"
|
|
pull: "yes"
|
|
definition:
|
|
services:
|
|
database:
|
|
image: "postgres:10-alpine"
|
|
environment:
|
|
POSTGRES_USER: "codimd"
|
|
POSTGRES_PASSWORD: "{{ postgres_passwords.hedgedoc }}"
|
|
POSTGRES_DB: "codimd"
|
|
restart: "unless-stopped"
|
|
networks:
|
|
- "hedgedoc"
|
|
volumes:
|
|
- "{{ services.hedgedoc.volume_folder }}/db:/var/lib/postgresql/data"
|
|
|
|
app:
|
|
image: quay.io/hedgedoc/hedgedoc:{{ services.hedgedoc.version }}
|
|
environment:
|
|
CMD_DB_URL: "postgres://codimd:{{ postgres_passwords.hedgedoc }}@hedgedoc_database_1:5432/codimd"
|
|
CMD_DOMAIN: "{{ services.hedgedoc.domain }}"
|
|
CMD_ALLOW_EMAIL_REGISTER: "False"
|
|
CMD_IMAGE_UPLOAD_TYPE: "filesystem"
|
|
CMD_EMAIL: "False"
|
|
CMD_SAML_IDPCERT: "/sso.data.coop.pem"
|
|
CMD_SAML_IDPSSOURL: "https://sso.data.coop/auth/realms/datacoop/protocol/saml"
|
|
CMD_SAML_ISSUER: "hedgedoc"
|
|
CMD_SAML_IDENTIFIERFORMAT: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
|
CMD_USECDN: "false"
|
|
CMD_PROTOCOL_USESSL: "true"
|
|
VIRTUAL_HOST: "{{ services.hedgedoc.domain }}"
|
|
LETSENCRYPT_HOST: "{{ services.hedgedoc.domain }}"
|
|
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
|
|
volumes:
|
|
- "{{ services.hedgedoc.volume_folder }}/hedgedoc/uploads:/hedgedoc/public/uploads"
|
|
- "{{ services.hedgedoc.volume_folder }}/sso.data.coop.pem:/sso.data.coop.pem"
|
|
restart: "unless-stopped"
|
|
networks:
|
|
- "hedgedoc"
|
|
- "external_services"
|
|
depends_on:
|
|
- database
|
|
|
|
networks:
|
|
hedgedoc:
|
|
external_services:
|
|
external: true
|