diff --git a/README.md b/README.md
index 225dd44b9fc5b3abff7e9c68ff9e91d505cdd5f0..cceba71c3692e97b7c31c12375798758cdda0489 100644
--- a/README.md
+++ b/README.md
@@ -1,31 +1,42 @@
-Role Name
+HedgeDocs Role
=========
-A brief description of the role goes here.
+Un rôle pour installer le servide de Pad HedgeDocs
Requirements
------------
-Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+Voir : https://github.com/hedgedoc/hedgedoc/blob/master/docs/setup/manual-setup.md
+
+
+- Node.js 10.13 or up
+- Database (PostgreSQL, MySQL, MariaDB, SQLite, MSSQL) The database must use charset utf8. This is typically the default in PostgreSQL and SQLite. In MySQL and MariaDB UTF-8 might need to be set with alter database <DBNAME> character set utf8 collate utf8_bin; Be aware of older MySQL and MariaDB versions which sometimes use shorter representations of UTF-8 than 4 bytes. This can break if symbols with more bytes are used. You can use alter database <DBNAME> character set utf8mb4 COLLATE utf8mb4_unicode_ci to be on the safe side.
+- NPM (and its dependencies, node-gyp)
+- Yarn
+- Bash (for the setup script)
+- For building the HedgeDoc frontend you need a machine with at least 2 GB RAM. Starting with release 1.7 the release tarball includes the frontend, so building it yourself is not necessary.
+
Role Variables
--------------
-A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+Voir les variables dans `vars/main.yml`
Dependencies
------------
-A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+Nécessite le module https://docs.ansible.com/ansible/latest/collections/community/postgresql
Example Playbook
----------------
-Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- - hosts: servers
+ - hosts: hedgedocs-server
roles:
- - { role: username.rolename, x: 42 }
+ - { role: hedgedocs-pad-lqdn,
+ hedgedoc-version: "1.7.0-rc2",
+ hedgedoc-sql-password : "default password ITtHlXfTEBwcCypWPX07"
+ }
License
-------
@@ -35,4 +46,4 @@ BSD
Author Information
------------------
-An optional section for the role authors to include contact information, or a website (HTML is not allowed).
+Utilisation chez LQDN ( lqdn.fr )
diff --git a/files/config.json.j2 b/files/config.json.j2
new file mode 100644
index 0000000000000000000000000000000000000000..b7139fa0fec1e0b48e7677d5ba2185bc27537452
--- /dev/null
+++ b/files/config.json.j2
@@ -0,0 +1,51 @@
+{
+ "test": {
+ "db": {
+ "dialect": "sqlite",
+ "storage": ":memory:"
+ },
+ "linkifyHeaderStyle": "gfm"
+ },
+ "development": {
+ "loglevel": "debug",
+ "hsts": {
+ "enable": false
+ },
+ "db": {
+ "dialect": "sqlite",
+ "storage": "./db.hedgedoc.sqlite"
+ },
+ "linkifyHeaderStyle": "gfm"
+ },
+ "production": {
+ "domain" : {{hedgedocs-domain}},
+ "host" : "localhost",
+ "port" : 3000,
+ "protocolUseSSL" : true,
+ "useSSL" : false,
+ "urlAddPort" : false,
+ "loglevel": "info",
+ "csp": {
+ "enable": true,
+ "directives": {
+ },
+ "upgradeInsecureRequests": "auto",
+ "addDefaults": true,
+ "addDisqus": false,
+ "addGoogleAnalytics": false
+ },
+ "cookiePolicy": "strict",
+ "db": {
+ "username": "hedgedocs-user",
+ "password": "{{hedgedocs-sql-password}}",
+ "database": "hedgedoc",
+ "host": "localhost",
+ "port": "5432",
+ "dialect": "postgres"
+ },
+ "linkifyHeaderStyle": "gfm",
+ "allowAnonymous" : false,
+ "sessionSecret" : ,
+ "allowEmailRegister" : false
+ }
+}
diff --git a/files/hedgedocs.service b/files/hedgedocs.service
new file mode 100644
index 0000000000000000000000000000000000000000..0cb5ea8bf35577584e42606be0f645d3c3115a3c
--- /dev/null
+++ b/files/hedgedocs.service
@@ -0,0 +1,21 @@
+[Unit]
+Description=HedgeDocs collaborative markdown notes
+Documentation=https://github.com/hedgedoc/hedgedoc/
+After=network.target
+After=postgresql.service
+
+
+[Service]
+Type=exec
+RestartSec=2s
+User=hedgedocs
+Group=www-data
+# the location you cloned CodiMD to.
+WorkingDirectory=/home/hedgedocs
+ExecStart=/usr/bin/npm start --production
+Restart=always
+PrivateTmp=true
+PrivateDevices=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/files/nginx/hedgedocs-nginx.conf.j2 b/files/nginx/hedgedocs-nginx.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..445ab40a8e5fbeb3e7482f1e9c75b632a76707a0
--- /dev/null
+++ b/files/nginx/hedgedocs-nginx.conf.j2
@@ -0,0 +1,32 @@
+map $http_upgrade $connection_upgrade {
+ default upgrade;
+ '' close;
+}
+server {
+ server_name {{hedgedoc-domain}};
+
+ location / {
+ proxy_pass http://127.0.0.1:3000;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ }
+
+ location /socket.io/ {
+ proxy_pass http://127.0.0.1:3000;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+ }
+
+ listen [::]:443 ssl http2;
+ listen 443 ssl http2;
+ ssl_certificate {{hedgedocs-ssl-fullchain}};
+ ssl_certificate_key {{hedgedocs-ssl-privkey}};
+ include options-ssl-nginx.conf;
+ ssl_dhparam {{ hedgedocs-ssl-dhparams}};
+}
diff --git a/tasks/configuration.yml b/tasks/configuration.yml
new file mode 100644
index 0000000000000000000000000000000000000000..3318c7c894d9b3c44a9712e0fd1508f99f5e7648
--- /dev/null
+++ b/tasks/configuration.yml
@@ -0,0 +1,31 @@
+----
+
+# Voir : https://github.com/hedgedoc/hedgedoc/blob/master/docs/configuration.md
+# et : https://github.com/hedgedoc/hedgedoc/blob/880af8d4f80b9e1dcaa30014d4ed5c41e351b564/docs/setup/reverse-proxy.md
+- name: Configuration du service HedgeDocs
+ template:
+ src: ../files/config.json.j2
+ dest: /home/hedgedocs/config.json
+ owner: hedgedocs
+ groupe: www-data
+ mode: 0644
+
+- name: Configuration du fichier SystemD
+ template:
+ src: ../files/hedgedocs.service
+ dest: /etc/systemd/system/hedgedocs.service
+ owner: hedgedocs
+ groupe: www-data
+ mode: 0644
+ handlers:
+ - Reload systemd
+
+- name: Activation de la configuration systemd
+ systemd:
+ state: started
+ name: hedgedocs
+ enabled: yes
+
+- name: Reload systemd
+ systemd:
+ daemon_reload: yes
diff --git a/tasks/install-database.yml b/tasks/install-database.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9f84abe3e41d7e72746c32953045a95aba64b653
--- /dev/null
+++ b/tasks/install-database.yml
@@ -0,0 +1,7 @@
+---
+
+- name: Creation de l'utilisateur pour pSQL
+ community.postgresql.postgresql_user:
+ name: hedgedocs-user
+ password: {{ hedgedoc-sql-password }}
+ priv: "ALL" # NB: Est-ce que ce niveau de privilège est nécessire ?
diff --git a/tasks/install-requirements.yml b/tasks/install-requirements.yml
new file mode 100644
index 0000000000000000000000000000000000000000..7885f33529d6aa1c67bfb5b5781075fc25ef2418
--- /dev/null
+++ b/tasks/install-requirements.yml
@@ -0,0 +1,15 @@
+---
+
+name: Installation des dépendances pour HedgeDoc
+ apt:
+ name: "{{ packages }}"
+ state: present
+ update_cache: yes
+ vars:
+ packages:
+ - postgresql
+ - nodejs
+ - git
+ - npm
+ - yarn
+ - bash
diff --git a/tasks/install-service.yml b/tasks/install-service.yml
new file mode 100644
index 0000000000000000000000000000000000000000..fb3b07538fb97a29e079e75cce8ba4d491f46b1d
--- /dev/null
+++ b/tasks/install-service.yml
@@ -0,0 +1,15 @@
+---
+
+# Basé sur https://github.com/hedgedoc/hedgedoc/blob/2338a98731bd38717e43403f8eb2ab831e5bdd81/docs/setup/manual-setup.md
+# Décembre 2020
+
+- name: Téléchargement de l'archive
+ get_url:
+ url: https://github.com/hedgedoc/hedgedoc/releases/download/{{hedgedoc-version}}/hedgedoc-{{hedgedocs-version}}.tar.gz
+ dest: /home/hedgedocs/hedgedoc-source.tar.gz
+
+- name: Extraction de l'archive
+ unarchive:
+ src: /home/hedgedocs/hedgedoc-source.tar.gz
+ dest: /home/hedgedocs/
+ remote_src: yes
diff --git a/tasks/install-users.yml b/tasks/install-users.yml
new file mode 100644
index 0000000000000000000000000000000000000000..02b43b1a3ab0ccc4265cf83d3e8510920d975cfd
--- /dev/null
+++ b/tasks/install-users.yml
@@ -0,0 +1,19 @@
+---
+
+- name: Creation du groupe hedgedocs
+ group:
+ name: hedgedocs
+ state: present
+
+- name: Mise en place de l'utilisateur hedgedocs
+ user:
+ name: hedgedocs
+ groups:
+ - hedgedocs
+ - www-data
+ password: '!' # Utilisateur disabled
+ state: present
+ shell: /usr/sbin/nologin
+ system: yes
+ createhome: yes
+ home: /home/hedgedocs
diff --git a/tasks/install-webserver.yml b/tasks/install-webserver.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5c6c562106fdf7453e658d08b84617ec2db73689
--- /dev/null
+++ b/tasks/install-webserver.yml
@@ -0,0 +1,18 @@
+---
+
+- name: Configuration du fichier de configuration de HedgeDocs
+ template:
+ src: ../files/etc/nginx/hedgedocs-nginx.conf.j2
+ dest: /etc/nginx/sites-available/hedgedocs-nginx.conf
+ owner: www-data
+ groupe: www-data
+ mode: 0644
+
+- name: Activation de la configuration nginx pour HedgeDocs
+ file:
+ src: /etc/nginx/sites-available/hedgedocs-nginx.conf
+ dest: /etc/nginx/sites-enabled/
+ owner: www-data
+ group: www-data
+ state: link
+ remote_src: yes
diff --git a/tasks/main.yml b/tasks/main.yml
index dea5cc692883caad4df44fa66bcd00ad5fce30dc..cc31c8e6023540ea52e3d3457981648ddc643ab2 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,2 +1,17 @@
---
# tasks file for hedgedocs-pad-lqdn_
+
+- name: Installation de HedgeDocs
+ include_tasks:
+ # Installation des dépendances
+ - install-requirements.yml
+ # Mise en place de l'utilisateur pour le service
+ - install-users.yml
+ # Mise en place de la base de donnée
+ - install-database.yml
+ # Mise en place de la configuration Nginx
+ - install-webserver.yml
+ # Mise en place du service
+ - install-service.yml
+ # Configuration
+ - configuration.yml
diff --git a/vars/main.yml b/vars/main.yml
index 30cbd864e4f31deb074444568627cab9996bd868..6ac6e8f7c29b82a1ccdee8670e5ce8c6b55a9d20 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1,2 +1,14 @@
---
# vars file for hedgedocs-pad-lqdn_
+
+hedgedoc-version: "1.7.0-rc2"
+hedgedoc-sql-password : "default password ITtHlXfTEBwcCypWPX07"
+hedgedocs-domain: "hedgedoc.example.com"
+
+# Variables pour la configuration du fichier
+
+
+# Configuration SSL
+hedgedocs-ssl-fullchain: "/path/to/ssl"
+hedgedocs-ssl-privkey: "/path/to/ssl"
+hedgedocs-ssl-dhparams: "/path/to/ssl"