infrastructure/ansible/plays/services/hedgedoc/docker-compose.yaml

69 lines
2.5 KiB
YAML
Raw Normal View History

2024-02-05 18:44:13 +01:00
{% import 'macro/postgres.j2' as pg with context %}
---
version: '3'
services:
app:
# Make sure to use the latest release from https://hedgedoc.org/latest-release
image: quay.io/hedgedoc/hedgedoc:1.9.3
environment:
2024-02-08 20:09:05 +01:00
- CMD_DB_URL=postgres://{{ hedgedoc.db.user }}:{{ hedgedoc.db.password }}@db:5432/{{ hedgedoc.db.name }}
- CMD_DOMAIN=doc.tobiasmanske.de
- CMD_ALLOW_ORIGIN=doc.tobiasmanske.de,localhost
- CMD_CSP_ENABLE=true
- CMD_PROTOCOL_USESSL=true
- CMD_PROTOCOL_USE_SSL=true
- CMD_ALLOW_EMAIL_REGISTER=false
- CMD_ALLOW_ANONYMOUS=false
- CMD_ALLOW_ANONYMOUS_EDITS=true
2022-07-04 02:08:58 +02:00
- CMD_ALLOW_FREEURL=true
- CMD_DEFAULT_PERMISSION=private
- CMD_SESSION_SECRET={{ hedgedoc.cmd.session_secret }}
- CMD_OAUTH2_CLIENT_ID={{ hedgedoc.cmd.client_id }}
- CMD_OAUTH2_CLIENT_SECRET={{ hedgedoc.cmd.client_secret }}
- CMD_OAUTH2_AUTHORIZATION_URL={{ hedgedoc.cmd.authorization_url }}
2023-04-06 19:53:28 +02:00
- CMD_OAUTH2_SCOPE=openid email profile
- CMD_OAUTH2_TOKEN_URL={{ hedgedoc.cmd.token_url }}
- CMD_OAUTH2_USER_PROFILE_URL={{ hedgedoc.cmd.user_profile_url }}
2022-09-25 14:05:14 +02:00
- CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username
- CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name
- CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email
- CMD_OAUTH2_PROVIDERNAME=Keycloak
2023-01-11 03:31:03 +01:00
- CMD_IMAGE_UPLOAD_TYPE=minio
- CMD_MINIO_ACCESS_KEY={{ hedgedoc.cmd.s3.access_key }}
- CMD_MINIO_SECRET_KEY={{ hedgedoc.cmd.s3.secret_key }}
- CMD_MINIO_ENDPOINT={{ hedgedoc.cmd.s3.endpoint }}
- CMD_MINIO_PORT={{ hedgedoc.cmd.s3.port }}
- CMD_MINIO_SECURE={{ hedgedoc.cmd.s3.secure }}
- CMD_S3_BUCKET=hedgedoc
- CMD_S3_FOLDER=uploads
restart: always
labels:
- "traefik.enable=true"
2024-01-22 18:56:17 +01:00
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.hedgedoc.rule=Host(`doc.tobiasmanske.de`)"
2023-04-16 16:10:44 +02:00
- "traefik.http.routers.hedgedoc.middlewares=deny-metrics@file"
- "traefik.http.routers.hedgedoc.entryPoints=websecure"
- "traefik.http.services.hedgedoc.loadbalancer.server.port=3000"
2023-04-16 16:10:44 +02:00
- "prometheus-scrape.enabled=true"
- "prometheus-scrape.port=3000"
depends_on:
2024-02-05 18:44:13 +01:00
db:
2022-10-27 00:55:39 +02:00
condition: service_healthy
networks:
- backend
2023-08-10 16:29:52 +02:00
- metrics
- default # oauth
2024-02-05 18:44:13 +01:00
{{ pg.postgres("db", hedgedoc.db.user, hedgedoc.db.password, hedgedoc.db.name, ["backend"], version="13-alpine") }}
volumes:
2024-02-05 18:44:13 +01:00
db_data:
networks:
backend:
internal: true
2023-08-10 16:29:52 +02:00
metrics:
external: true
2024-02-05 18:44:13 +01:00
postgres:
internal: true
...