Commit cb62823c authored by nono's avatar nono 💻
Browse files

Ajout d'une première version

parent 0f3c50b5
Role Name
HedgeDocs Role
=========
A brief description of the role goes here.
Un rôle pour installer le servide de Pad HedgeDocs
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Voir : https://github.com/hedgedoc/hedgedoc/blob/master/docs/setup/manual-setup.md
- Node.js 10.13 or up
- Database (PostgreSQL, MySQL, MariaDB, SQLite, MSSQL) The database must use charset utf8. This is typically the default in PostgreSQL and SQLite. In MySQL and MariaDB UTF-8 might need to be set with alter database <DBNAME> character set utf8 collate utf8_bin; Be aware of older MySQL and MariaDB versions which sometimes use shorter representations of UTF-8 than 4 bytes. This can break if symbols with more bytes are used. You can use alter database <DBNAME> character set utf8mb4 COLLATE utf8mb4_unicode_ci to be on the safe side.
- NPM (and its dependencies, node-gyp)
- Yarn
- Bash (for the setup script)
- For building the HedgeDoc frontend you need a machine with at least 2 GB RAM. Starting with release 1.7 the release tarball includes the frontend, so building it yourself is not necessary.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Voir les variables dans `vars/main.yml`
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Nécessite le module https://docs.ansible.com/ansible/latest/collections/community/postgresql
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
- hosts: hedgedocs-server
roles:
- { role: username.rolename, x: 42 }
- { role: hedgedocs-pad-lqdn,
hedgedoc-version: "1.7.0-rc2",
hedgedoc-sql-password : "default password ITtHlXfTEBwcCypWPX07"
}
License
-------
......@@ -35,4 +46,4 @@ BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
Utilisation chez LQDN ( lqdn.fr )
{
"test": {
"db": {
"dialect": "sqlite",
"storage": ":memory:"
},
"linkifyHeaderStyle": "gfm"
},
"development": {
"loglevel": "debug",
"hsts": {
"enable": false
},
"db": {
"dialect": "sqlite",
"storage": "./db.hedgedoc.sqlite"
},
"linkifyHeaderStyle": "gfm"
},
"production": {
"domain" : {{hedgedocs-domain}},
"host" : "localhost",
"port" : 3000,
"protocolUseSSL" : true,
"useSSL" : false,
"urlAddPort" : false,
"loglevel": "info",
"csp": {
"enable": true,
"directives": {
},
"upgradeInsecureRequests": "auto",
"addDefaults": true,
"addDisqus": false,
"addGoogleAnalytics": false
},
"cookiePolicy": "strict",
"db": {
"username": "hedgedocs-user",
"password": "{{hedgedocs-sql-password}}",
"database": "hedgedoc",
"host": "localhost",
"port": "5432",
"dialect": "postgres"
},
"linkifyHeaderStyle": "gfm",
"allowAnonymous" : false,
"sessionSecret" : ,
"allowEmailRegister" : false
}
}
[Unit]
Description=HedgeDocs collaborative markdown notes
Documentation=https://github.com/hedgedoc/hedgedoc/
After=network.target
After=postgresql.service
[Service]
Type=exec
RestartSec=2s
User=hedgedocs
Group=www-data
# the location you cloned CodiMD to.
WorkingDirectory=/home/hedgedocs
ExecStart=/usr/bin/npm start --production
Restart=always
PrivateTmp=true
PrivateDevices=true
[Install]
WantedBy=multi-user.target
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
server_name {{hedgedoc-domain}};
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /socket.io/ {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
listen [::]:443 ssl http2;
listen 443 ssl http2;
ssl_certificate {{hedgedocs-ssl-fullchain}};
ssl_certificate_key {{hedgedocs-ssl-privkey}};
include options-ssl-nginx.conf;
ssl_dhparam {{ hedgedocs-ssl-dhparams}};
}
----
# Voir : https://github.com/hedgedoc/hedgedoc/blob/master/docs/configuration.md
# et : https://github.com/hedgedoc/hedgedoc/blob/880af8d4f80b9e1dcaa30014d4ed5c41e351b564/docs/setup/reverse-proxy.md
- name: Configuration du service HedgeDocs
template:
src: ../files/config.json.j2
dest: /home/hedgedocs/config.json
owner: hedgedocs
groupe: www-data
mode: 0644
- name: Configuration du fichier SystemD
template:
src: ../files/hedgedocs.service
dest: /etc/systemd/system/hedgedocs.service
owner: hedgedocs
groupe: www-data
mode: 0644
handlers:
- Reload systemd
- name: Activation de la configuration systemd
systemd:
state: started
name: hedgedocs
enabled: yes
- name: Reload systemd
systemd:
daemon_reload: yes
---
- name: Creation de l'utilisateur pour pSQL
community.postgresql.postgresql_user:
name: hedgedocs-user
password: {{ hedgedoc-sql-password }}
priv: "ALL" # NB: Est-ce que ce niveau de privilège est nécessire ?
---
name: Installation des dépendances pour HedgeDoc
apt:
name: "{{ packages }}"
state: present
update_cache: yes
vars:
packages:
- postgresql
- nodejs
- git
- npm
- yarn
- bash
---
# Basé sur https://github.com/hedgedoc/hedgedoc/blob/2338a98731bd38717e43403f8eb2ab831e5bdd81/docs/setup/manual-setup.md
# Décembre 2020
- name: Téléchargement de l'archive
get_url:
url: https://github.com/hedgedoc/hedgedoc/releases/download/{{hedgedoc-version}}/hedgedoc-{{hedgedocs-version}}.tar.gz
dest: /home/hedgedocs/hedgedoc-source.tar.gz
- name: Extraction de l'archive
unarchive:
src: /home/hedgedocs/hedgedoc-source.tar.gz
dest: /home/hedgedocs/
remote_src: yes
---
- name: Creation du groupe hedgedocs
group:
name: hedgedocs
state: present
- name: Mise en place de l'utilisateur hedgedocs
user:
name: hedgedocs
groups:
- hedgedocs
- www-data
password: '!' # Utilisateur disabled
state: present
shell: /usr/sbin/nologin
system: yes
createhome: yes
home: /home/hedgedocs
---
- name: Configuration du fichier de configuration de HedgeDocs
template:
src: ../files/etc/nginx/hedgedocs-nginx.conf.j2
dest: /etc/nginx/sites-available/hedgedocs-nginx.conf
owner: www-data
groupe: www-data
mode: 0644
- name: Activation de la configuration nginx pour HedgeDocs
file:
src: /etc/nginx/sites-available/hedgedocs-nginx.conf
dest: /etc/nginx/sites-enabled/
owner: www-data
group: www-data
state: link
remote_src: yes
---
# tasks file for hedgedocs-pad-lqdn_
- name: Installation de HedgeDocs
include_tasks:
# Installation des dépendances
- install-requirements.yml
# Mise en place de l'utilisateur pour le service
- install-users.yml
# Mise en place de la base de donnée
- install-database.yml
# Mise en place de la configuration Nginx
- install-webserver.yml
# Mise en place du service
- install-service.yml
# Configuration
- configuration.yml
---
# vars file for hedgedocs-pad-lqdn_
hedgedoc-version: "1.7.0-rc2"
hedgedoc-sql-password : "default password ITtHlXfTEBwcCypWPX07"
hedgedocs-domain: "hedgedoc.example.com"
# Variables pour la configuration du fichier
# Configuration SSL
hedgedocs-ssl-fullchain: "/path/to/ssl"
hedgedocs-ssl-privkey: "/path/to/ssl"
hedgedocs-ssl-dhparams: "/path/to/ssl"
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment