home/shoarma
Archived
2
0
Fork 0
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity

move hedgedoc to nfs

Browse source 
fix database user passwords
This commit is contained in:
Pim Kunis 2023-06-15 13:15:10 +02:00
parent 932b930567
commit aba119e127
4 changed files with 29 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
ansible/inventory/group_vars/all.yml
View file

@ -14,6 +14,8 @@ nfs_shares:
path: /mnt/data/pihole/data path: /mnt/data/pihole/data
- name: pihole_dnsmasq - name: pihole_dnsmasq
path: /mnt/data/pihole/dnsmasq path: /mnt/data/pihole/dnsmasq
- name: hedgedoc_uploads
path: /mnt/data/hedgedoc/uploads
database_passwords: database_passwords:
nextcloud: !vault | nextcloud: !vault |
@ -24,3 +26,11 @@ database_passwords:
3466343563353162320a376437353933656166323364323166376663323531373338656563653463 3466343563353162320a376437353933656166323364323166376663323531373338656563653463
33346263626430616164613937363836343430383233393061643231346661656539623938333631 33346263626430616164613937363836343430383233393061643231346661656539623938333631
3632373964346139316637663364646132636636373461613534 3632373964346139316637663364646132636636373461613534
hedgedoc: !vault |
$ANSIBLE_VAULT;1.1;AES256
63363464666633663762393135333362613966636338623533393132376338343339653431396465
6634643863623163366235393434343662313735363438610a373065363361326565633766633835
38383637343230363031636634623930666365333739323162313937656239646166613738393965
3533666462303563360a313233306335396234393932396331313238376464363964363839396164
66366662356135343035363935616664613831626131376330643133313530636431613266636165
6265613666616164373637356235396165383662333561393939

8
ansible/roles/database/tasks/main.yml
View file

@ -1,6 +1,6 @@
- name: Create database user - name: Create database user
postgresql_user: postgresql_user:
name: swarm name: "{{ database_name }}"
password: "{{ database_password }}" password: "{{ database_password }}"
become: true become: true
become_user: postgres become_user: postgres
@ -8,7 +8,7 @@
- name: Create database - name: Create database
postgresql_db: postgresql_db:
name: "{{ database_name }}" name: "{{ database_name }}"
owner: swarm owner: "{{ database_name }}"
become: true become: true
become_user: postgres become_user: postgres
@ -16,7 +16,7 @@
postgresql_privs: postgresql_privs:
type: database type: database
database: "{{ database_name }}" database: "{{ database_name }}"
role: swarm role: "{{ database_name }}"
grant_option: no grant_option: no
privs: all privs: all
become: true become: true
@ -28,7 +28,7 @@
dest: /etc/postgresql/15/main/pg_hba.conf dest: /etc/postgresql/15/main/pg_hba.conf
contype: host contype: host
databases: "{{ database_name }}" databases: "{{ database_name }}"
users: swarm users: "{{ database_name }}"
address: all address: all
create: true create: true
become: true become: true

41
ansible/roles/hedgedoc/docker-stack.yml.j2
View file

@ -4,32 +4,19 @@ version: '3'
networks: networks:
traefik: traefik:
external: true external: true
hedgedoc:
volumes:
uploads:
driver_opts:
type: "nfs"
o: "addr=192.168.30.10,nolock,soft,rw"
device: ":/mnt/data/hedgedoc/uploads"
services: services:
hedgedoc-db:
image: postgres:13.4-alpine
environment:
- POSTGRES_USER=hedgedoc
- POSTGRES_PASSWORD=password
- POSTGRES_DB=hedgedoc
volumes:
- type: bind
source: /mnt/data/hedgedoc/database
target: /var/lib/postgresql/data
networks:
hedgedoc:
aliases:
- database
deploy:
placement:
constraints:
- "node.labels.hedgedoc == true"
hedgedoc-app: hedgedoc-app:
image: quay.io/hedgedoc/hedgedoc:1.9.7 image: quay.io/hedgedoc/hedgedoc:1.9.7
environment: environment:
- CMD_DB_URL=postgres://hedgedoc:password@database:5432/hedgedoc - CMD_DB_URL=postgres://hedgedoc:{{ database_passwords.hedgedoc }}@192.168.30.10:5432/hedgedoc
- CMD_DOMAIN=md.pim.kunis.nl - CMD_DOMAIN=md.pim.kunis.nl
- CMD_PORT=3000 - CMD_PORT=3000
- CMD_URL_ADDPORT=false - CMD_URL_ADDPORT=false
@ -38,18 +25,14 @@ services:
- CMD_PROTOCOL_USESSL=true - CMD_PROTOCOL_USESSL=true
- CMD_SESSION_SECRET={{ session_secret }} - CMD_SESSION_SECRET={{ session_secret }}
volumes: volumes:
- type: bind - type: volume
source: /mnt/data/hedgedoc/uploads source: uploads
target: /hedgedoc/public/uploads target: /hedgedoc/public/uploads
depends_on: volume:
- hedgedoc-db nocopy: true
networks: networks:
- traefik - traefik
- hedgedoc
deploy: deploy:
placement:
constraints:
- "node.labels.hedgedoc == true"
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.hedgedoc.entrypoints=websecure - traefik.http.routers.hedgedoc.entrypoints=websecure

3
ansible/roles/hedgedoc/tasks/main.yml
View file

@ -1,3 +1,6 @@
- name: asdfasdf
debug:
msg: "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}"
- name: Deploy Docker stack - name: Deploy Docker stack
docker_stack: docker_stack:
name: hedgedoc name: hedgedoc