Refactor

coreos-config/plays/services/hedgedoc/.env

@@ -0,0 +1 @@
+COMPOSE_PROJECT_NAME=hedgedoc

coreos-config/plays/services/hedgedoc/docker-compose.yaml

@@ -0,0 +1,79 @@
+---
+version: '3'
+services:
+  database:
+    image: postgres:13-alpine
+    environment:
+      - POSTGRES_USER={{ hedgedoc.db.user }}
+      - POSTGRES_PASSWORD={{ hedgedoc.db.password }}
+      - POSTGRES_DB={{ hedgedoc.db.name }}
+    volumes:
+      - database:/var/lib/postgresql/data
+    restart: always
+    networks:
+      - backend
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+  app:
+    # Make sure to use the latest release from https://hedgedoc.org/latest-release
+    image: quay.io/hedgedoc/hedgedoc:1.9.3
+    environment:
+      - CMD_DB_URL=postgres://{{ hedgedoc.db.user }}:{{ hedgedoc.db.password }}@database:5432/{{ hedgedoc.db.name }}
+      - CMD_DOMAIN=doc.tobiasmanske.de
+      - CMD_ALLOW_ORIGIN=doc.tobiasmanske.de,localhost
+      - CMD_CSP_ENABLE=true
+      - CMD_PROTOCOL_USESSL=true
+      - CMD_PROTOCOL_USE_SSL=true
+      - CMD_ALLOW_EMAIL_REGISTER=false
+      - CMD_ALLOW_ANONYMOUS=false
+      - CMD_ALLOW_ANONYMOUS_EDITS=true
+      - CMD_ALLOW_FREEURL=true
+      - CMD_DEFAULT_PERMISSION=private
+      - CMD_SESSION_SECRET={{ hedgedoc.cmd.session_secret }}
+      - CMD_OAUTH2_CLIENT_ID={{ hedgedoc.cmd.client_id }}
+      - CMD_OAUTH2_CLIENT_SECRET={{ hedgedoc.cmd.client_secret }}
+      - CMD_OAUTH2_AUTHORIZATION_URL={{ hedgedoc.cmd.authorization_url }}
+      - CMD_OAUTH2_SCOPE=openid email profile
+      - CMD_OAUTH2_TOKEN_URL={{ hedgedoc.cmd.token_url }}
+      - CMD_OAUTH2_USER_PROFILE_URL={{ hedgedoc.cmd.user_profile_url }}
+      - CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username
+      - CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name
+      - CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email
+      - CMD_OAUTH2_PROVIDERNAME=Keycloak
+      - CMD_IMAGE_UPLOAD_TYPE=minio
+      - CMD_MINIO_ACCESS_KEY={{ hedgedoc.cmd.s3.access_key }}
+      - CMD_MINIO_SECRET_KEY={{ hedgedoc.cmd.s3.secret_key }}
+      - CMD_MINIO_ENDPOINT={{ hedgedoc.cmd.s3.endpoint }}
+      - CMD_MINIO_PORT={{ hedgedoc.cmd.s3.port }}
+      - CMD_MINIO_SECURE={{ hedgedoc.cmd.s3.secure }}
+      - CMD_S3_BUCKET=hedgedoc
+      - CMD_S3_FOLDER=uploads
+    restart: always
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.hedgedoc.rule=Host(`doc.tobiasmanske.de`)"
+      - "traefik.http.routers.hedgedoc.middlewares=deny-metrics@file"
+      - "traefik.http.routers.hedgedoc.entryPoints=websecure"
+      - "traefik.http.services.hedgedoc.loadbalancer.server.port=3000"
+      - "prometheus-scrape.enabled=true"
+      - "prometheus-scrape.port=3000"
+    depends_on:
+      database:
+        condition: service_healthy
+    networks:
+      - backend
+      - gateway
+
+volumes:
+  database:
+
+networks:
+  gateway:
+    external: true
+  backend:
+    internal: true
+...