home/shoarma
Archived
2
0
Fork 0
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity

move hedgedoc to nfs

Browse source 
fix database user passwords
This commit is contained in:
Pim Kunis 2023-06-15 13:15:10 +02:00
parent 932b930567
commit aba119e127
4 changed files with 29 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
ansible/inventory/group_vars/all.yml
View file

@ -14,6 +14,8 @@ nfs_shares:
path: /mnt/data/pihole/data
- name: pihole_dnsmasq
path: /mnt/data/pihole/dnsmasq
- name: hedgedoc_uploads
path: /mnt/data/hedgedoc/uploads
database_passwords:
nextcloud: !vault |
@ -24,3 +26,11 @@ database_passwords:
3466343563353162320a376437353933656166323364323166376663323531373338656563653463
33346263626430616164613937363836343430383233393061643231346661656539623938333631
3632373964346139316637663364646132636636373461613534
hedgedoc: !vault |
$ANSIBLE_VAULT;1.1;AES256
63363464666633663762393135333362613966636338623533393132376338343339653431396465
6634643863623163366235393434343662313735363438610a373065363361326565633766633835
38383637343230363031636634623930666365333739323162313937656239646166613738393965
3533666462303563360a313233306335396234393932396331313238376464363964363839396164
66366662356135343035363935616664613831626131376330643133313530636431613266636165
6265613666616164373637356235396165383662333561393939

8
ansible/roles/database/tasks/main.yml
View file

@ -1,6 +1,6 @@
- name: Create database user
postgresql_user:
name: swarm
name: "{{ database_name }}"
password: "{{ database_password }}"
become: true
become_user: postgres
@ -8,7 +8,7 @@
- name: Create database
postgresql_db:
name: "{{ database_name }}"
owner: swarm
owner: "{{ database_name }}"
become: true
become_user: postgres
@ -16,7 +16,7 @@
postgresql_privs:
type: database
database: "{{ database_name }}"
role: swarm
role: "{{ database_name }}"
grant_option: no
privs: all
become: true
@ -28,7 +28,7 @@
dest: /etc/postgresql/15/main/pg_hba.conf
contype: host
databases: "{{ database_name }}"
users: swarm
users: "{{ database_name }}"
address: all
create: true
become: true

41
ansible/roles/hedgedoc/docker-stack.yml.j2
View file

@ -4,32 +4,19 @@ version: '3'
networks:
traefik:
external: true
hedgedoc:
volumes:
uploads:
driver_opts:
type: "nfs"
o: "addr=192.168.30.10,nolock,soft,rw"
device: ":/mnt/data/hedgedoc/uploads"
services:
hedgedoc-db:
image: postgres:13.4-alpine
environment:
- POSTGRES_USER=hedgedoc
- POSTGRES_PASSWORD=password
- POSTGRES_DB=hedgedoc
volumes:
- type: bind
source: /mnt/data/hedgedoc/database
target: /var/lib/postgresql/data
networks:
hedgedoc:
aliases:
- database
deploy:
placement:
constraints:
- "node.labels.hedgedoc == true"
hedgedoc-app:
image: quay.io/hedgedoc/hedgedoc:1.9.7
environment:
- CMD_DB_URL=postgres://hedgedoc:password@database:5432/hedgedoc
- CMD_DB_URL=postgres://hedgedoc:{{ database_passwords.hedgedoc }}@192.168.30.10:5432/hedgedoc
- CMD_DOMAIN=md.pim.kunis.nl
- CMD_PORT=3000
- CMD_URL_ADDPORT=false
@ -38,18 +25,14 @@ services:
- CMD_PROTOCOL_USESSL=true
- CMD_SESSION_SECRET={{ session_secret }}
volumes:
- type: bind
source: /mnt/data/hedgedoc/uploads
- type: volume
source: uploads
target: /hedgedoc/public/uploads
depends_on:
- hedgedoc-db
volume:
nocopy: true
networks:
- traefik
- hedgedoc
deploy:
placement:
constraints:
- "node.labels.hedgedoc == true"
labels:
- traefik.enable=true
- traefik.http.routers.hedgedoc.entrypoints=websecure

3
ansible/roles/hedgedoc/tasks/main.yml
View file

@ -1,3 +1,6 @@
- name: asdfasdf
debug:
msg: "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}"
- name: Deploy Docker stack
docker_stack:
name: hedgedoc