diff --git a/ansible/inventory/group_vars/all.yml b/ansible/inventory/group_vars/all.yml index 7e98154..2513cac 100644 --- a/ansible/inventory/group_vars/all.yml +++ b/ansible/inventory/group_vars/all.yml @@ -14,6 +14,8 @@ nfs_shares: path: /mnt/data/pihole/data - name: pihole_dnsmasq path: /mnt/data/pihole/dnsmasq + - name: hedgedoc_uploads + path: /mnt/data/hedgedoc/uploads database_passwords: nextcloud: !vault | @@ -24,3 +26,11 @@ database_passwords: 3466343563353162320a376437353933656166323364323166376663323531373338656563653463 33346263626430616164613937363836343430383233393061643231346661656539623938333631 3632373964346139316637663364646132636636373461613534 + hedgedoc: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 63363464666633663762393135333362613966636338623533393132376338343339653431396465 + 6634643863623163366235393434343662313735363438610a373065363361326565633766633835 + 38383637343230363031636634623930666365333739323162313937656239646166613738393965 + 3533666462303563360a313233306335396234393932396331313238376464363964363839396164 + 66366662356135343035363935616664613831626131376330643133313530636431613266636165 + 6265613666616164373637356235396165383662333561393939 diff --git a/ansible/roles/database/tasks/main.yml b/ansible/roles/database/tasks/main.yml index e137486..0daddd5 100644 --- a/ansible/roles/database/tasks/main.yml +++ b/ansible/roles/database/tasks/main.yml @@ -1,6 +1,6 @@ - name: Create database user postgresql_user: - name: swarm + name: "{{ database_name }}" password: "{{ database_password }}" become: true become_user: postgres @@ -8,7 +8,7 @@ - name: Create database postgresql_db: name: "{{ database_name }}" - owner: swarm + owner: "{{ database_name }}" become: true become_user: postgres @@ -16,7 +16,7 @@ postgresql_privs: type: database database: "{{ database_name }}" - role: swarm + role: "{{ database_name }}" grant_option: no privs: all become: true @@ -28,7 +28,7 @@ dest: /etc/postgresql/15/main/pg_hba.conf contype: host databases: "{{ database_name }}" - users: swarm + users: "{{ database_name }}" address: all create: true become: true diff --git a/ansible/roles/hedgedoc/docker-stack.yml.j2 b/ansible/roles/hedgedoc/docker-stack.yml.j2 index c5be6d3..6a03c41 100644 --- a/ansible/roles/hedgedoc/docker-stack.yml.j2 +++ b/ansible/roles/hedgedoc/docker-stack.yml.j2 @@ -4,32 +4,19 @@ version: '3' networks: traefik: external: true - hedgedoc: + +volumes: + uploads: + driver_opts: + type: "nfs" + o: "addr=192.168.30.10,nolock,soft,rw" + device: ":/mnt/data/hedgedoc/uploads" services: - hedgedoc-db: - image: postgres:13.4-alpine - environment: - - POSTGRES_USER=hedgedoc - - POSTGRES_PASSWORD=password - - POSTGRES_DB=hedgedoc - volumes: - - type: bind - source: /mnt/data/hedgedoc/database - target: /var/lib/postgresql/data - networks: - hedgedoc: - aliases: - - database - deploy: - placement: - constraints: - - "node.labels.hedgedoc == true" - hedgedoc-app: image: quay.io/hedgedoc/hedgedoc:1.9.7 environment: - - CMD_DB_URL=postgres://hedgedoc:password@database:5432/hedgedoc + - CMD_DB_URL=postgres://hedgedoc:{{ database_passwords.hedgedoc }}@192.168.30.10:5432/hedgedoc - CMD_DOMAIN=md.pim.kunis.nl - CMD_PORT=3000 - CMD_URL_ADDPORT=false @@ -38,18 +25,14 @@ services: - CMD_PROTOCOL_USESSL=true - CMD_SESSION_SECRET={{ session_secret }} volumes: - - type: bind - source: /mnt/data/hedgedoc/uploads + - type: volume + source: uploads target: /hedgedoc/public/uploads - depends_on: - - hedgedoc-db + volume: + nocopy: true networks: - traefik - - hedgedoc deploy: - placement: - constraints: - - "node.labels.hedgedoc == true" labels: - traefik.enable=true - traefik.http.routers.hedgedoc.entrypoints=websecure diff --git a/ansible/roles/hedgedoc/tasks/main.yml b/ansible/roles/hedgedoc/tasks/main.yml index e3ca514..10c8f08 100644 --- a/ansible/roles/hedgedoc/tasks/main.yml +++ b/ansible/roles/hedgedoc/tasks/main.yml @@ -1,3 +1,6 @@ +- name: asdfasdf + debug: + msg: "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}" - name: Deploy Docker stack docker_stack: name: hedgedoc