diff --git a/roles/hedgedoc/cfg.schema.json b/roles/hedgedoc/cfg.schema.json new file mode 100644 index 0000000..d2dc549 --- /dev/null +++ b/roles/hedgedoc/cfg.schema.json @@ -0,0 +1,248 @@ +{ + "nullable": false, + "type": "object", + "properties": { + "user_name": { + "nullable": false, + "type": "string", + "default": "hedgedoc" + }, + "directory": { + "nullable": false, + "type": "string", + "default": "/opt/hedgedoc" + }, + "version": { + "nullable": false, + "type": "string", + "default": "1.10.3" + }, + "domain": { + "nullable": false, + "type": "string" + }, + "session_secret": { + "nullable": false, + "type": "string" + }, + "database": { + "anyOf": [ + { + "nullable": false, + "type": "object", + "properties": { + "kind": { + "nullable": false, + "type": "string", + "enum": ["sqlite"], + "default": "sqlite" + }, + "data": { + "nullable": false, + "type": "object", + "properties": { + "path": { + "nullable": false, + "type": "string", + "default": "/var/hedgedoc/data.sqlite" + } + }, + "additionalProperties": false, + "required": [ + "path" + ], + "default": { + } + } + }, + "additionalProperties": false, + "required": [ + "kind", + "data" + ] + }, + { + "nullable": false, + "type": "object", + "properties": { + "kind": { + "nullable": false, + "type": "string", + "enum": ["postgresql"], + "default": "postgresql" + }, + "data": { + "nullable": false, + "type": "object", + "properties": { + "host": { + "nullable": false, + "type": "string", + "default": "localhost" + }, + "port": { + "nullable": false, + "type": "integer", + "default": 5432 + }, + "username": { + "nullable": false, + "type": "string", + "default": "hedgedoc_user" + }, + "password": { + "nullable": false, + "type": "string" + }, + "schema": { + "nullable": false, + "type": "string", + "default": "hedgedoc" + } + }, + "additionalProperties": false, + "required": [ + "host", + "port", + "username", + "password", + "schema" + ] + } + }, + "additionalProperties": false, + "required": [ + "kind", + "data" + ] + } + ] + }, + "authentication": { + "anyOf": [ + { + "nullable": false, + "type": "object", + "properties": { + "kind": { + "nullable": false, + "type": "string", + "enum": ["internal"], + "default": "internal" + }, + "data": { + "nullable": false, + "type": "object", + "properties": { + }, + "additionalProperties": false, + "required": [ + ], + "default": { + } + } + }, + "additionalProperties": false, + "required": [ + "kind", + "data" + ] + }, + { + "nullable": false, + "type": "object", + "properties": { + "kind": { + "nullable": false, + "type": "string", + "enum": ["authelia"], + "default": "authelia" + }, + "data": { + "nullable": false, + "type": "object", + "properties": { + "url_base": { + "nullable": false, + "type": "string" + }, + "client_id": { + "nullable": false, + "type": "string", + "default": "hedgedoc" + }, + "client_secret": { + "nullable": false, + "type": "string" + }, + "provider_name": { + "nullable": false, + "type": "string", + "default": "Authelia" + } + }, + "additionalProperties": false, + "required": [ + "url_base", + "client_id", + "client_secret", + "provider_name" + ] + } + }, + "additionalProperties": false, + "required": [ + "kind", + "data" + ] + } + ] + }, + "guest_allow_create": { + "nullable": false, + "type": "boolean", + "default": false + }, + "guest_allow_change": { + "nullable": false, + "type": "boolean", + "default": false + }, + "free_names_mode": { + "nullable": false, + "type": "string", + "enum": [ + "never", + "authed", + "always" + ], + "default": "authed" + }, + "log_level": { + "nullable": false, + "type": "string", + "enum": [ + "debug", + "verbose", + "info", + "warn", + "error" + ], + "default": "error" + } + }, + "additionalProperties": false, + "required": [ + "user_name", + "directory", + "version", + "domain", + "session_secret", + "database", + "authentication", + "guest_allow_create", + "guest_allow_change", + "free_names_mode", + "log_level" + ] +} diff --git a/roles/hedgedoc/defaults/main.json b/roles/hedgedoc/defaults/main.json index 5dc2820..9f2da1f 100644 --- a/roles/hedgedoc/defaults/main.json +++ b/roles/hedgedoc/defaults/main.json @@ -1,21 +1,22 @@ { - "var_hedgedoc_user_name": "hedgedoc", - "var_hedgedoc_directory": "/opt/hedgedoc", - "var_hedgedoc_version": "1.9.9", - "var_hedgedoc_session_secret": "REPLACE_ME", - "var_hedgedoc_database_kind": "sqlite", - "var_hedgedoc_database_data_sqlite_path": "/var/hedgedoc/data.sqlite", - "var_hedgedoc_database_data_postgresql_host": "localhost", - "var_hedgedoc_database_data_postgresql_port": 5432, - "var_hedgedoc_database_data_postgresql_username": "hedgedoc_user", - "var_hedgedoc_database_data_postgresql_password": "REPLACE_ME", - "var_hedgedoc_database_data_postgresql_schema": "hedgedoc", - "var_hedgedoc_domain": "hedgedoc.example.org", - "var_hedgedoc_authentication_kind": "internal", - "var_hedgedoc_authentication_data_authelia_client_id": "hedgedoc", - "var_hedgedoc_authentication_data_authelia_client_secret": "REPLACE_ME", - "var_hedgedoc_authentication_data_authelia_url_base": "https://authelia.example.org", - "var_hedgedoc_guest_allow_create": false, - "var_hedgedoc_guest_allow_change": false, - "var_hedgedoc_free_names_mode": "authed" + "cfg_hedgedoc_defaults": { + "user_name": "hedgedoc", + "directory": "/opt/hedgedoc", + "version": "1.10.3", + "database": { + "kind": "sqlite", + "data": { + "path": "/var/hedgedoc/data.sqlite" + } + }, + "authentication": { + "kind": "internal", + "data": { + } + }, + "guest_allow_create": false, + "guest_allow_change": false, + "free_names_mode": "authed", + "log_level": "error" + } } diff --git a/roles/hedgedoc/tasks/main.json b/roles/hedgedoc/tasks/main.json index 5347cc1..6b03c33 100644 --- a/roles/hedgedoc/tasks/main.json +++ b/roles/hedgedoc/tasks/main.json @@ -1,4 +1,11 @@ [ + { + "name": "show vars", + "when": "switch_show_vars", + "ansible.builtin.debug": { + "var": "vars.cfg_hedgedoc" + } + }, { "name": "packages", "become": true, @@ -26,16 +33,41 @@ "name": "user", "become": true, "ansible.builtin.user": { - "name": "{{var_hedgedoc_user_name}}", + "name": "{{cfg_hedgedoc.user_name}}", "create_home": true, - "home": "{{var_hedgedoc_directory}}" + "home": "{{cfg_hedgedoc.directory}}" } }, + { + "name": "database", + "when": "cfg_hedgedoc.database.kind == 'sqlite'", + "block": [ + { + "name": "database | directory", + "become": true, + "ansible.builtin.file": { + "state": "directory", + "path": "{{cfg_hedgedoc.database.data.sqlite.path | dirname}}", + "owner": "{{cfg_hedgedoc.user_name}}" + } + }, + { + "name": "database | file", + "become": true, + "ansible.builtin.file": { + "state": "touch", + "path": "{{cfg_hedgedoc.database.data.sqlite.path}}", + "owner": "{{cfg_hedgedoc.user_name}}" + } + } + ] + + }, { "name": "download", "become": false, "ansible.builtin.get_url": { - "url": "https://github.com/hedgedoc/hedgedoc/releases/download/{{var_hedgedoc_version}}/hedgedoc-{{var_hedgedoc_version}}.tar.gz", + "url": "https://github.com/hedgedoc/hedgedoc/releases/download/{{cfg_hedgedoc.version}}/hedgedoc-{{cfg_hedgedoc.version}}.tar.gz", "dest": "/tmp/hedgedoc.tar.gz" } }, @@ -45,8 +77,8 @@ "ansible.builtin.unarchive": { "remote_src": true, "src": "/tmp/hedgedoc.tar.gz", - "dest": "{{var_hedgedoc_directory | dirname}}", - "owner": "{{var_hedgedoc_user_name}}" + "dest": "{{cfg_hedgedoc.directory | dirname}}", + "owner": "{{cfg_hedgedoc.user_name}}" } }, { @@ -54,7 +86,7 @@ "become": true, "become_user": "hedgedoc", "ansible.builtin.command": { - "chdir": "{{var_hedgedoc_directory}}", + "chdir": "{{cfg_hedgedoc.directory}}", "cmd": "bin/setup" } }, @@ -63,7 +95,7 @@ "become": true, "ansible.builtin.template": { "src": "config.json.j2", - "dest": "{{var_hedgedoc_directory}}/config.json" + "dest": "{{cfg_hedgedoc.directory}}/config.json" } }, { diff --git a/roles/hedgedoc/templates/config.json.j2 b/roles/hedgedoc/templates/config.json.j2 index 509e4b6..2dc3b76 100644 --- a/roles/hedgedoc/templates/config.json.j2 +++ b/roles/hedgedoc/templates/config.json.j2 @@ -1,61 +1,61 @@ { "production": { - "loglevel": "error", -{% if var_hedgedoc_database_kind == 'sqlite' %} + "loglevel": "{{cfg_hedgedoc.log_level}}", +{% if cfg_hedgedoc.database.kind == 'sqlite' %} "db": { "dialect": "sqlite", - "storage": "{{var_hedgedoc_database_data_sqlite_path}}" + "storage": "{{cfg_hedgedoc.database.data.sqlite.path}}" }, {% endif %} -{% if var_hedgedoc_database_kind == 'postgresql' %} +{% if cfg_hedgedoc.database.kind == 'postgresql' %} "db": { "dialect": "postgres", - "host": "{{var_hedgedoc_database_data_postgresql_host}}", - "port": {{var_hedgedoc_database_data_postgresql_port | to_json}}, - "username": "{{var_hedgedoc_database_data_postgresql_username}}", - "password": "{{var_hedgedoc_database_data_postgresql_password}}", - "database": "{{var_hedgedoc_database_data_postgresql_schema}}" + "host": "{{cfg_hedgedoc.database.data.postgresql.host}}", + "port": {{cfg_hedgedoc.database.data.postgresql.port | to_json}}, + "username": "{{cfg_hedgedoc.database.data.postgresql.username}}", + "password": "{{cfg_hedgedoc.database.data.postgresql.password}}", + "database": "{{cfg_hedgedoc.database.data.postgresql.schema}}" }, {% endif %} - "sessionSecret": "{{var_hedgedoc_session_secret}}", + "sessionSecret": "{{cfg_hedgedoc.session_secret}}", "host": "localhost", "allowOrigin": [ "localhost" ], - "domain": "{{var_hedgedoc_domain}}", + "domain": "{{cfg_hedgedoc.domain}}", "urlAddPort": false, "protocolUseSSL": true, -{% if var_hedgedoc_authentication_kind == 'internal' %} +{% if cfg_hedgedoc.authentication.kind == 'internal' %} "email": true, "allowEmailRegister": true, {% endif %} -{% if var_hedgedoc_authentication_kind == 'authelia' %} +{% if cfg_hedgedoc.authentication.kind == 'authelia' %} "oauth2": { - "providerName": "{{var_hedgedoc_authentication_data_authelia_provider_name}}", - "clientID": "{{var_hedgedoc_authentication_data_authelia_client_id}}", - "clientSecret": "{{var_hedgedoc_authentication_data_authelia_client_secret}}", + "providerName": "{{cfg_hedgedoc.authentication.data.authelia.provider_name}}", + "clientID": "{{cfg_hedgedoc.authentication.data.authelia.client_id}}", + "clientSecret": "{{cfg_hedgedoc.authentication.data.authelia.client_secret}}", "scope": "openid email profile", "userProfileUsernameAttr": "sub", "userProfileDisplayNameAttr": "name", "userProfileEmailAttr": "email", - "userProfileURL": "{{var_hedgedoc_authentication_data_authelia_url_base}}/api/oidc/userinfo", - "tokenURL": "{{var_hedgedoc_authentication_data_authelia_url_base}}/api/oidc/token", - "authorizationURL": "{{var_hedgedoc_authentication_data_authelia_url_base}}/api/oidc/authorization" + "userProfileURL": "{{cfg_hedgedoc.authentication.data.authelia.url_base}}/api/oidc/userinfo", + "tokenURL": "{{cfg_hedgedoc.authentication.data.authelia.url_base}}/api/oidc/token", + "authorizationURL": "{{cfg_hedgedoc.authentication.data.authelia.url_base}}/api/oidc/authorization" }, "email": false, "allowEmailRegister": false, {% endif %} - "allowAnonymous": {{var_hedgedoc_guest_allow_create | to_json}}, - "allowAnonymousEdits": {{var_hedgedoc_guest_allow_change | to_json}}, -{% if var_hedgedoc_free_names_mode == 'never' %} + "allowAnonymous": {{cfg_hedgedoc.guest_allow_create | to_json}}, + "allowAnonymousEdits": {{cfg_hedgedoc.guest_allow_change | to_json}}, +{% if cfg_hedgedoc.free_names_mode == 'never' %} "allowFreeURL": false, "requireFreeURLAuthentication": false, {% endif %} -{% if var_hedgedoc_free_names_mode == 'authed' %} +{% if cfg_hedgedoc.free_names_mode == 'authed' %} "allowFreeURL": true, "requireFreeURLAuthentication": true, {% endif %} -{% if var_hedgedoc_free_names_mode == 'always' %} +{% if cfg_hedgedoc.free_names_mode == 'always' %} "allowFreeURL": true, "requireFreeURLAuthentication": false, {% endif %} diff --git a/roles/hedgedoc/templates/systemd-unit.j2 b/roles/hedgedoc/templates/systemd-unit.j2 index 000bd6e..7a1d54f 100644 --- a/roles/hedgedoc/templates/systemd-unit.j2 +++ b/roles/hedgedoc/templates/systemd-unit.j2 @@ -3,8 +3,8 @@ Description=Hedgedoc After=multi-user.target [Service] -WorkingDirectory={{var_hedgedoc_directory}} -User={{var_hedgedoc_user_name}} +WorkingDirectory={{cfg_hedgedoc.directory}} +User={{cfg_hedgedoc.user_name}} Environment="NODE_ENV=production" ExecStart=yarn start SyslogIdentifier=hedgedoc diff --git a/roles/hedgedoc/vardef.json b/roles/hedgedoc/vardef.json deleted file mode 100644 index cb6e8d6..0000000 --- a/roles/hedgedoc/vardef.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "user_name": { - "type": "string", - "mandatory": false - }, - "directory": { - "type": "string", - "mandatory": false - }, - "version": { - "type": "string", - "mandatory": false - }, - "session_secret": { - "type": "string", - "mandatory": true - }, - "database_kind": { - "type": "string", - "mandatory": false, - "options": [ - "sqlite", - "postgresql", - "mariadb" - ] - }, - "database_data_sqlite_path": { - "type": "string", - "mandatory": false - }, - "database_data_postgresql_host": { - "type": "string", - "mandatory": false - }, - "database_data_postgresql_port": { - "type": "integer", - "mandatory": false - }, - "database_data_postgresql_username": { - "type": "string", - "mandatory": false - }, - "database_data_postgresql_password": { - "type": "string", - "mandatory": false - }, - "database_data_postgresql_schema": { - "type": "string", - "mandatory": false - }, - "domain": { - "type": "string", - "mandatory": false - }, - "authentication_kind": { - "type": "string", - "mandatory": false, - "options": [ - "internal", - "authelia" - ] - }, - "authentication_data_authelia_client_id": { - "type": "string", - "mandatory": false - }, - "authentication_data_authelia_client_secret": { - "type": "string", - "mandatory": false - }, - "authentication_data_authelia_url_base": { - "type": "string", - "mandatory": false - }, - "guest_allow_create": { - "type": "boolean", - "mandatory": false - }, - "guest_allow_change": { - "type": "boolean", - "mandatory": false - }, - "free_names_mode": { - "type": "string", - "mandatory": false - } -}