diff --git a/hedgedoc/defaults/main.yml b/hedgedoc/defaults/main.yml
index 160642c750ae45b9d192846cbe2196262ec0b6f1..05607dbae9ce0c08505b2f9c3c83a43f3113d2bf 100644
--- a/hedgedoc/defaults/main.yml
+++ b/hedgedoc/defaults/main.yml
@@ -3,14 +3,19 @@
hedgedoc_data_root: /var/lib/hedgedoc
hedgedoc_install_root: /opt/hedgedoc
hedgedoc_version: "1.8.2"
+
+# https://docs.hedgedoc.org/configuration
hedgedoc_db:
dialect: sqlite
storage: "{{ hedgedoc_data_root }}/db.sqlite"
+hedgedoc_domain: hedgedoc.example.org
+hedgedoc_urlPath: null
+hedgedoc_allowGravatar: false
+# hedgedoc_csp
+# hedgedoc_cookiePolicy
+# hedgedoc_extra_config
# hedgedoc_db:
# dialect: postgres
# host: /run/postgresql
-# username: ""
-# password: ""
# database: hedgedoc
-# port: "5432"
diff --git a/hedgedoc/tasks/main.yml b/hedgedoc/tasks/main.yml
index aafb0d4166f0e658a2377672b389ddb2f589a6f4..619c75f2e929e96703da8219913ae4cae2082d36 100644
--- a/hedgedoc/tasks/main.yml
+++ b/hedgedoc/tasks/main.yml
@@ -35,21 +35,18 @@
- name: Install config
template:
- src: "{{ item }}.j2"
- dest: "{{ hedgedoc_install_root }}/{{ item }}"
- loop:
- - config.json
- - .sequelizerc
+ src: "config.json.j2"
+ dest: "{{ hedgedoc_install_root }}/config.json"
when:
- not installed_package_json.failed
- - installed_package_json.content|b64decode|json_query('version')|trim ==
+ - installed_package_json.content|b64decode|from_json|json_query('version')|trim ==
hedgedoc_version
notify:
- Restart hedgedoc
- when: >-
installed_package_json.failed or
- installed_package_json.content|b64decode|json_query('version')|trim !=
+ installed_package_json.content|b64decode|from_json|json_query('version')|trim !=
hedgedoc_version
block:
- name: Stop service for upgrade
@@ -79,15 +76,12 @@
- name: Install config
template:
- src: "{{ item }}.j2"
- dest: "{{ hedgedoc_install_root }}-{{ hedgedoc_version }}/{{ item }}"
- loop:
- - config.json
- - .sequelizerc
+ src: "config.json.j2"
+ dest: "{{ hedgedoc_install_root }}-{{ hedgedoc_version }}/config.json"
- name: yarn install
command:
- cmd: yarn install --production=true --pure-lockfile
+ cmd: yarnpkg install --production=true --pure-lockfile
chdir: "{{ hedgedoc_install_root }}-{{ hedgedoc_version }}"
- name: Get old install target
diff --git a/hedgedoc/templates/config.json.j2 b/hedgedoc/templates/config.json.j2
new file mode 100644
index 0000000000000000000000000000000000000000..9266c33970bd2af041464f09a0c23fbd8fb6f356
--- /dev/null
+++ b/hedgedoc/templates/config.json.j2
@@ -0,0 +1,22 @@
+{
+ "production": {
+ "domain": "{{ hedgedoc_domain }}",
+ "urlPath": {{ hedgedoc_urlPath|to_json }},
+ "path": "/run/hedgedoc/hedgedoc.sock",
+ "loglevel": "info",
+ "uploadsPath": "{{ hedgedoc_data_root }}/uploads",
+ "allowGravatar": {{ hedgedoc_allowGravatar|to_json }},
+{% if hedgedoc_csp is defined %}
+ "csp": {{ hedgedoc_csp|to_json }},
+{% endif %}
+{% if hedgedoc_cookiePolicy is defined %}
+ "cookiePolicy": "{{ hedgedoc_cookiePolicy }}",
+{% endif %}
+ "db": {{ hedgedoc_db|to_json }}
+{% if hedgedoc_extra_config is defined -%}
+{% for k, v in hedgedoc_extra_config.items() %}
+ , "{{ k }}": {{ v|to_json }}
+{% endfor %}
+{%- endif %}
+ }
+}
diff --git a/hedgedoc/templates/hedgedoc.service.j2 b/hedgedoc/templates/hedgedoc.service.j2
new file mode 100644
index 0000000000000000000000000000000000000000..53d676bc46ccf8d7124d68a93049cb3cdecc8c20
--- /dev/null
+++ b/hedgedoc/templates/hedgedoc.service.j2
@@ -0,0 +1,48 @@
+[Unit]
+Description=HedgeDoc - The best platform to write and share markdown.
+Documentation=https://docs.hedgedoc.org/
+After=network.target
+{% if hedgedoc_db.dialect == "postgres" %}
+After=postgresql.service
+{% elif hedgedoc_db.dialect == "mariadb" %}
+After=mariadb.service
+{% endif %}
+
+[Service]
+Type=exec
+Environment=NODE_ENV=production
+Restart=always
+RestartSec=2s
+ExecStart=/usr/bin/yarnpkg start --production
+CapabilityBoundingSet=
+NoNewPrivileges=true
+PrivateDevices=true
+RemoveIPC=true
+LockPersonality=true
+ProtectControlGroups=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectClock=true
+ProtectHostname=true
+ProtectProc=noaccess
+RestrictRealtime=true
+RestrictSUIDSGID=true
+RestrictNamespaces=true
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+ProtectSystem=strict
+ProtectHome=true
+PrivateTmp=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+RuntimeDirectory=hedgedoc
+
+# You may have to adjust these settings
+User=hedgedoc
+Group=hedgedoc
+WorkingDirectory={{ hedgedoc_install_root }}
+
+ReadWritePaths={{ hedgedoc_data_root }}
+
+[Install]
+WantedBy=multi-user.target