add hedgedoc stack

ansible/inventory/host_vars/manager.yml

@@ -10,6 +10,8 @@ docker_node_labels:
       radicale: "true"
       mastodon: "true"
       freshrss: "true"
+      hedgedoc: "true"
+      overleaf: "true"
 
 data_directories:
   - 'traefik'

ansible/playbooks/stacks.yml

@@ -9,3 +9,4 @@
     - {role: radicale, tags: radicale}
     - {role: mastodon, tags: mastodon}
     - {role: freshrss, tags: freshrss}
+    - {role: hedgedoc, tags: hedgedoc}

ansible/roles/hedgedoc/docker-stack.yml.j2

@@ -0,0 +1,61 @@
+# vi: ft=yaml
+version: '3'
+
+networks:
+  traefik:
+    external: true
+  hedgedoc:
+
+services:
+  hedgedoc-db:
+    image: postgres:13.4-alpine
+    environment:
+      - POSTGRES_USER=hedgedoc
+      - POSTGRES_PASSWORD=password
+      - POSTGRES_DB=hedgedoc
+    volumes:
+      - type: bind
+        source: /mnt/data/hedgedoc/database
+        target: /var/lib/postgresql/data
+    networks:
+      hedgedoc:
+        aliases:
+          - database
+    deploy:
+      placement:
+        constraints:
+          - "node.labels.hedgedoc == true"
+
+  hedgedoc-app:
+    image: quay.io/hedgedoc/hedgedoc:1.9.7
+    environment:
+      - CMD_DB_URL=postgres://hedgedoc:password@database:5432/hedgedoc
+      - CMD_DOMAIN=md.pim.kunis.nl
+      - CMD_PORT=3000
+      - CMD_URL_ADDPORT=false
+      - CMD_ALLOW_ANONYMOUS=true
+      - CMD_ALLOW_EMAIL_REGISTER=false
+      - CMD_PROTOCOL_USESSL=true
+      - CMD_SESSION_SECRET={{ session_secret }}
+    volumes:
+      - type: bind
+        source: /mnt/data/hedgedoc/uploads
+        target: /hedgedoc/public/uploads
+    depends_on:
+      - hedgedoc-db
+    networks:
+      - traefik
+      - hedgedoc
+    deploy:
+      placement:
+        constraints:
+          - "node.labels.hedgedoc == true"
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.hedgedoc.entrypoints=websecure
+        - traefik.http.routers.hedgedoc.rule=Host(`md.pim.kunis.nl`)
+        - traefik.http.routers.hedgedoc.tls=true
+        - traefik.http.routers.hedgedoc.tls.certresolver=letsencrypt
+        - traefik.http.routers.hedgedoc.service=hedgedoc
+        - traefik.http.services.hedgedoc.loadbalancer.server.port=3000
+        - traefik.docker.network=traefik

ansible/roles/hedgedoc/tasks/main.yml

@@ -0,0 +1,15 @@
+- name: Create working directory
+  file:
+    path: /srv/hedgedoc
+    state: directory
+
+- name: Copy Docker stack file
+  template:
+    src: "{{ role_path }}/docker-stack.yml.j2"
+    dest: /srv/hedgedoc/docker-stack.yml
+
+- name: Deploy Docker stack
+  docker_stack:
+    name: hedgedoc
+    compose:
+      - /srv/hedgedoc/docker-stack.yml

ansible/roles/hedgedoc/vars/main.yml

@@ -0,0 +1,10 @@
+session_secret: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  30633835386265643561343033326536653166343630396139303137613138383233666565666330
+  3032613865333836656566626435383165396539323837350a376331306464643766373839386638
+  65653865343539633636323833343964636332636461386434386432306230343833343431363134
+  6563373138626637650a633932313862326231666330343662343765666166373961376237396434
+  33396131353830323063326266623862353731653665626466653335656434303033353333353164
+  61613535373037646565386131383631366338616565373261396136616433393462313537313861
+  35313661616365373231373963323865393635626132343138363230313431636333363130346239
+  32656335333635613736