move hedgedoc to nfs
fix database user passwords
This commit is contained in:
parent
932b930567
commit
aba119e127
4 changed files with 29 additions and 33 deletions
|
@ -14,6 +14,8 @@ nfs_shares:
|
||||||
path: /mnt/data/pihole/data
|
path: /mnt/data/pihole/data
|
||||||
- name: pihole_dnsmasq
|
- name: pihole_dnsmasq
|
||||||
path: /mnt/data/pihole/dnsmasq
|
path: /mnt/data/pihole/dnsmasq
|
||||||
|
- name: hedgedoc_uploads
|
||||||
|
path: /mnt/data/hedgedoc/uploads
|
||||||
|
|
||||||
database_passwords:
|
database_passwords:
|
||||||
nextcloud: !vault |
|
nextcloud: !vault |
|
||||||
|
@ -24,3 +26,11 @@ database_passwords:
|
||||||
3466343563353162320a376437353933656166323364323166376663323531373338656563653463
|
3466343563353162320a376437353933656166323364323166376663323531373338656563653463
|
||||||
33346263626430616164613937363836343430383233393061643231346661656539623938333631
|
33346263626430616164613937363836343430383233393061643231346661656539623938333631
|
||||||
3632373964346139316637663364646132636636373461613534
|
3632373964346139316637663364646132636636373461613534
|
||||||
|
hedgedoc: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
63363464666633663762393135333362613966636338623533393132376338343339653431396465
|
||||||
|
6634643863623163366235393434343662313735363438610a373065363361326565633766633835
|
||||||
|
38383637343230363031636634623930666365333739323162313937656239646166613738393965
|
||||||
|
3533666462303563360a313233306335396234393932396331313238376464363964363839396164
|
||||||
|
66366662356135343035363935616664613831626131376330643133313530636431613266636165
|
||||||
|
6265613666616164373637356235396165383662333561393939
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
- name: Create database user
|
- name: Create database user
|
||||||
postgresql_user:
|
postgresql_user:
|
||||||
name: swarm
|
name: "{{ database_name }}"
|
||||||
password: "{{ database_password }}"
|
password: "{{ database_password }}"
|
||||||
become: true
|
become: true
|
||||||
become_user: postgres
|
become_user: postgres
|
||||||
|
@ -8,7 +8,7 @@
|
||||||
- name: Create database
|
- name: Create database
|
||||||
postgresql_db:
|
postgresql_db:
|
||||||
name: "{{ database_name }}"
|
name: "{{ database_name }}"
|
||||||
owner: swarm
|
owner: "{{ database_name }}"
|
||||||
become: true
|
become: true
|
||||||
become_user: postgres
|
become_user: postgres
|
||||||
|
|
||||||
|
@ -16,7 +16,7 @@
|
||||||
postgresql_privs:
|
postgresql_privs:
|
||||||
type: database
|
type: database
|
||||||
database: "{{ database_name }}"
|
database: "{{ database_name }}"
|
||||||
role: swarm
|
role: "{{ database_name }}"
|
||||||
grant_option: no
|
grant_option: no
|
||||||
privs: all
|
privs: all
|
||||||
become: true
|
become: true
|
||||||
|
@ -28,7 +28,7 @@
|
||||||
dest: /etc/postgresql/15/main/pg_hba.conf
|
dest: /etc/postgresql/15/main/pg_hba.conf
|
||||||
contype: host
|
contype: host
|
||||||
databases: "{{ database_name }}"
|
databases: "{{ database_name }}"
|
||||||
users: swarm
|
users: "{{ database_name }}"
|
||||||
address: all
|
address: all
|
||||||
create: true
|
create: true
|
||||||
become: true
|
become: true
|
||||||
|
|
|
@ -4,32 +4,19 @@ version: '3'
|
||||||
networks:
|
networks:
|
||||||
traefik:
|
traefik:
|
||||||
external: true
|
external: true
|
||||||
hedgedoc:
|
|
||||||
|
volumes:
|
||||||
|
uploads:
|
||||||
|
driver_opts:
|
||||||
|
type: "nfs"
|
||||||
|
o: "addr=192.168.30.10,nolock,soft,rw"
|
||||||
|
device: ":/mnt/data/hedgedoc/uploads"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
hedgedoc-db:
|
|
||||||
image: postgres:13.4-alpine
|
|
||||||
environment:
|
|
||||||
- POSTGRES_USER=hedgedoc
|
|
||||||
- POSTGRES_PASSWORD=password
|
|
||||||
- POSTGRES_DB=hedgedoc
|
|
||||||
volumes:
|
|
||||||
- type: bind
|
|
||||||
source: /mnt/data/hedgedoc/database
|
|
||||||
target: /var/lib/postgresql/data
|
|
||||||
networks:
|
|
||||||
hedgedoc:
|
|
||||||
aliases:
|
|
||||||
- database
|
|
||||||
deploy:
|
|
||||||
placement:
|
|
||||||
constraints:
|
|
||||||
- "node.labels.hedgedoc == true"
|
|
||||||
|
|
||||||
hedgedoc-app:
|
hedgedoc-app:
|
||||||
image: quay.io/hedgedoc/hedgedoc:1.9.7
|
image: quay.io/hedgedoc/hedgedoc:1.9.7
|
||||||
environment:
|
environment:
|
||||||
- CMD_DB_URL=postgres://hedgedoc:password@database:5432/hedgedoc
|
- CMD_DB_URL=postgres://hedgedoc:{{ database_passwords.hedgedoc }}@192.168.30.10:5432/hedgedoc
|
||||||
- CMD_DOMAIN=md.pim.kunis.nl
|
- CMD_DOMAIN=md.pim.kunis.nl
|
||||||
- CMD_PORT=3000
|
- CMD_PORT=3000
|
||||||
- CMD_URL_ADDPORT=false
|
- CMD_URL_ADDPORT=false
|
||||||
|
@ -38,18 +25,14 @@ services:
|
||||||
- CMD_PROTOCOL_USESSL=true
|
- CMD_PROTOCOL_USESSL=true
|
||||||
- CMD_SESSION_SECRET={{ session_secret }}
|
- CMD_SESSION_SECRET={{ session_secret }}
|
||||||
volumes:
|
volumes:
|
||||||
- type: bind
|
- type: volume
|
||||||
source: /mnt/data/hedgedoc/uploads
|
source: uploads
|
||||||
target: /hedgedoc/public/uploads
|
target: /hedgedoc/public/uploads
|
||||||
depends_on:
|
volume:
|
||||||
- hedgedoc-db
|
nocopy: true
|
||||||
networks:
|
networks:
|
||||||
- traefik
|
- traefik
|
||||||
- hedgedoc
|
|
||||||
deploy:
|
deploy:
|
||||||
placement:
|
|
||||||
constraints:
|
|
||||||
- "node.labels.hedgedoc == true"
|
|
||||||
labels:
|
labels:
|
||||||
- traefik.enable=true
|
- traefik.enable=true
|
||||||
- traefik.http.routers.hedgedoc.entrypoints=websecure
|
- traefik.http.routers.hedgedoc.entrypoints=websecure
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
- name: asdfasdf
|
||||||
|
debug:
|
||||||
|
msg: "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}"
|
||||||
- name: Deploy Docker stack
|
- name: Deploy Docker stack
|
||||||
docker_stack:
|
docker_stack:
|
||||||
name: hedgedoc
|
name: hedgedoc
|
||||||
|
|
Reference in a new issue