diff --git a/ansible/inventory/host_vars/manager.yml b/ansible/inventory/host_vars/manager.yml index 3b5ad94..0857056 100644 --- a/ansible/inventory/host_vars/manager.yml +++ b/ansible/inventory/host_vars/manager.yml @@ -10,6 +10,8 @@ docker_node_labels: radicale: "true" mastodon: "true" freshrss: "true" + hedgedoc: "true" + overleaf: "true" data_directories: - 'traefik' diff --git a/ansible/playbooks/stacks.yml b/ansible/playbooks/stacks.yml index 19ff0d2..5680819 100644 --- a/ansible/playbooks/stacks.yml +++ b/ansible/playbooks/stacks.yml @@ -9,3 +9,4 @@ - {role: radicale, tags: radicale} - {role: mastodon, tags: mastodon} - {role: freshrss, tags: freshrss} + - {role: hedgedoc, tags: hedgedoc} diff --git a/ansible/roles/hedgedoc/docker-stack.yml.j2 b/ansible/roles/hedgedoc/docker-stack.yml.j2 new file mode 100644 index 0000000..c5be6d3 --- /dev/null +++ b/ansible/roles/hedgedoc/docker-stack.yml.j2 @@ -0,0 +1,61 @@ +# vi: ft=yaml +version: '3' + +networks: + traefik: + external: true + hedgedoc: + +services: + hedgedoc-db: + image: postgres:13.4-alpine + environment: + - POSTGRES_USER=hedgedoc + - POSTGRES_PASSWORD=password + - POSTGRES_DB=hedgedoc + volumes: + - type: bind + source: /mnt/data/hedgedoc/database + target: /var/lib/postgresql/data + networks: + hedgedoc: + aliases: + - database + deploy: + placement: + constraints: + - "node.labels.hedgedoc == true" + + hedgedoc-app: + image: quay.io/hedgedoc/hedgedoc:1.9.7 + environment: + - CMD_DB_URL=postgres://hedgedoc:password@database:5432/hedgedoc + - CMD_DOMAIN=md.pim.kunis.nl + - CMD_PORT=3000 + - CMD_URL_ADDPORT=false + - CMD_ALLOW_ANONYMOUS=true + - CMD_ALLOW_EMAIL_REGISTER=false + - CMD_PROTOCOL_USESSL=true + - CMD_SESSION_SECRET={{ session_secret }} + volumes: + - type: bind + source: /mnt/data/hedgedoc/uploads + target: /hedgedoc/public/uploads + depends_on: + - hedgedoc-db + networks: + - traefik + - hedgedoc + deploy: + placement: + constraints: + - "node.labels.hedgedoc == true" + labels: + - traefik.enable=true + - traefik.http.routers.hedgedoc.entrypoints=websecure + - traefik.http.routers.hedgedoc.rule=Host(`md.pim.kunis.nl`) + - traefik.http.routers.hedgedoc.tls=true + - traefik.http.routers.hedgedoc.tls.certresolver=letsencrypt + - traefik.http.routers.hedgedoc.service=hedgedoc + - traefik.http.services.hedgedoc.loadbalancer.server.port=3000 + - traefik.docker.network=traefik diff --git a/ansible/roles/hedgedoc/tasks/main.yml b/ansible/roles/hedgedoc/tasks/main.yml new file mode 100644 index 0000000..f6fd535 --- /dev/null +++ b/ansible/roles/hedgedoc/tasks/main.yml @@ -0,0 +1,15 @@ +- name: Create working directory + file: + path: /srv/hedgedoc + state: directory + +- name: Copy Docker stack file + template: + src: "{{ role_path }}/docker-stack.yml.j2" + dest: /srv/hedgedoc/docker-stack.yml + +- name: Deploy Docker stack + docker_stack: + name: hedgedoc + compose: + - /srv/hedgedoc/docker-stack.yml diff --git a/ansible/roles/hedgedoc/vars/main.yml b/ansible/roles/hedgedoc/vars/main.yml new file mode 100644 index 0000000..56fb537 --- /dev/null +++ b/ansible/roles/hedgedoc/vars/main.yml @@ -0,0 +1,10 @@ +session_secret: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 30633835386265643561343033326536653166343630396139303137613138383233666565666330 + 3032613865333836656566626435383165396539323837350a376331306464643766373839386638 + 65653865343539633636323833343964636332636461386434386432306230343833343431363134 + 6563373138626637650a633932313862326231666330343662343765666166373961376237396434 + 33396131353830323063326266623862353731653665626466653335656434303033353333353164 + 61613535373037646565386131383631366338616565373261396136616433393462313537313861 + 35313661616365373231373963323865393635626132343138363230313431636333363130346239 + 32656335333635613736