hedgedoc: WIP

hedgedoc/defaults/main.yml

@@ -3,14 +3,19 @@
 hedgedoc_data_root: /var/lib/hedgedoc
 hedgedoc_install_root: /opt/hedgedoc
 hedgedoc_version: "1.8.2"
+
+# https://docs.hedgedoc.org/configuration
 hedgedoc_db:
   dialect: sqlite
   storage: "{{ hedgedoc_data_root }}/db.sqlite"
+hedgedoc_domain: hedgedoc.example.org
+hedgedoc_urlPath: null
+hedgedoc_allowGravatar: false
+# hedgedoc_csp
+# hedgedoc_cookiePolicy
+# hedgedoc_extra_config
 
 # hedgedoc_db:
 #   dialect: postgres
 #   host: /run/postgresql
-#   username: ""
-#   password: ""
 #   database: hedgedoc
-#   port: "5432"

hedgedoc/tasks/main.yml

@@ -35,21 +35,18 @@
 
 - name: Install config
   template:
-    src: "{{ item }}.j2"
-    dest: "{{ hedgedoc_install_root }}/{{ item }}"
-  loop:
-    - config.json
-    - .sequelizerc
+    src: "config.json.j2"
+    dest: "{{ hedgedoc_install_root }}/config.json"
   when:
     - not installed_package_json.failed
-    - installed_package_json.content|b64decode|json_query('version')|trim ==
+    - installed_package_json.content|b64decode|from_json|json_query('version')|trim ==
       hedgedoc_version
   notify:
     - Restart hedgedoc
 
 - when: >-
     installed_package_json.failed or
-    installed_package_json.content|b64decode|json_query('version')|trim !=
+    installed_package_json.content|b64decode|from_json|json_query('version')|trim !=
     hedgedoc_version
   block:
     - name: Stop service for upgrade
@@ -79,15 +76,12 @@
 
     - name: Install config
       template:
-        src: "{{ item }}.j2"
-        dest: "{{ hedgedoc_install_root }}-{{ hedgedoc_version }}/{{ item }}"
-      loop:
-        - config.json
-        - .sequelizerc
+        src: "config.json.j2"
+        dest: "{{ hedgedoc_install_root }}-{{ hedgedoc_version }}/config.json"
 
     - name: yarn install
       command:
-        cmd: yarn install --production=true --pure-lockfile
+        cmd: yarnpkg install --production=true --pure-lockfile
         chdir: "{{ hedgedoc_install_root }}-{{ hedgedoc_version }}"
 
     - name: Get old install target

hedgedoc/templates/config.json.j2

+{
+    "production": {
+        "domain": "{{ hedgedoc_domain }}",
+        "urlPath": {{ hedgedoc_urlPath|to_json }},
+        "path": "/run/hedgedoc/hedgedoc.sock",
+        "loglevel": "info",
+        "uploadsPath": "{{ hedgedoc_data_root }}/uploads",
+        "allowGravatar": {{ hedgedoc_allowGravatar|to_json }},
+{% if hedgedoc_csp is defined %}
+        "csp": {{ hedgedoc_csp|to_json }},
+{% endif %}
+{% if hedgedoc_cookiePolicy is defined %}
+        "cookiePolicy": "{{ hedgedoc_cookiePolicy }}",
+{% endif %}
+        "db": {{ hedgedoc_db|to_json }}
+{% if hedgedoc_extra_config is defined -%}
+{% for k, v in hedgedoc_extra_config.items() %}
+        , "{{ k }}": {{ v|to_json }}
+{% endfor %}
+{%- endif %}
+    }
+}

hedgedoc/templates/hedgedoc.service.j2

+[Unit]
+Description=HedgeDoc - The best platform to write and share markdown.
+Documentation=https://docs.hedgedoc.org/
+After=network.target
+{% if hedgedoc_db.dialect == "postgres" %}
+After=postgresql.service
+{% elif hedgedoc_db.dialect == "mariadb" %}
+After=mariadb.service
+{% endif %}
+
+[Service]
+Type=exec
+Environment=NODE_ENV=production
+Restart=always
+RestartSec=2s
+ExecStart=/usr/bin/yarnpkg start --production
+CapabilityBoundingSet=
+NoNewPrivileges=true
+PrivateDevices=true
+RemoveIPC=true
+LockPersonality=true
+ProtectControlGroups=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectClock=true
+ProtectHostname=true
+ProtectProc=noaccess
+RestrictRealtime=true
+RestrictSUIDSGID=true
+RestrictNamespaces=true
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+ProtectSystem=strict
+ProtectHome=true
+PrivateTmp=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+RuntimeDirectory=hedgedoc
+
+# You may have to adjust these settings
+User=hedgedoc
+Group=hedgedoc
+WorkingDirectory={{ hedgedoc_install_root }}
+
+ReadWritePaths={{ hedgedoc_data_root }}
+
+[Install]
+WantedBy=multi-user.target