diff --git a/ansible/roles/hedgedoc/defaults/main.json b/ansible/roles/hedgedoc/defaults/main.json index 438eb14..e2a58c4 100644 --- a/ansible/roles/hedgedoc/defaults/main.json +++ b/ansible/roles/hedgedoc/defaults/main.json @@ -11,13 +11,10 @@ "var_hedgedoc_database_data_postgresql_password": "REPLACE_ME", "var_hedgedoc_database_data_postgresql_schema": "hedgedoc", "var_hedgedoc_domain": "hedgedoc.example.org", - "var_hedgedoc_oauth2_enable": false, - "var_hedgedoc_oauth2_provider_name": "external auth", - "var_hedgedoc_oauth2_client_id": "hedgedoc", - "var_hedgedoc_oauth2_client_secret": "REPLACE_ME", - "var_hedgedoc_oauth2_user_profile_url": "https://auth.example.org/profile", - "var_hedgedoc_oauth2_token_url": "https://auth.example.org/token", - "var_hedgedoc_oauth2_authorization_url": "https://auth.example.org/authorization", + "var_hedgedoc_authentication_kind": "authelia", + "var_hedgedoc_authentication_data_authelia_client_id": "hedgedoc", + "var_hedgedoc_authentication_data_authelia_client_secret": "REPLACE_ME", + "var_hedgedoc_authentication_data_authelia_url_base": "https://authelia.linke.sx", "var_hedgedoc_guest_allow_create": false, "var_hedgedoc_guest_allow_change": false, "var_hedgedoc_free_names_mode": "authed" diff --git a/ansible/roles/hedgedoc/tasks/main.json b/ansible/roles/hedgedoc/tasks/main.json index 984e44d..b4fd779 100644 --- a/ansible/roles/hedgedoc/tasks/main.json +++ b/ansible/roles/hedgedoc/tasks/main.json @@ -3,6 +3,7 @@ "name": "packages", "become": true, "ansible.builtin.apt": { + "update_cache": true, "pkg": [ "acl", "git", @@ -56,24 +57,6 @@ "cmd": "bin/setup" } }, - { - "name": "var directory", - "become": true, - "ansible.builtin.file": { - "state": "directory", - "path": "{{var_hedgedoc_database_path | dirname}}", - "owner": "{{var_hedgedoc_user_name}}" - } - }, - { - "name": "database", - "become": true, - "ansible.builtin.file": { - "state": "touch", - "path": "{{var_hedgedoc_database_path}}", - "owner": "{{var_hedgedoc_user_name}}" - } - }, { "name": "configuration", "become": true, diff --git a/ansible/roles/hedgedoc/templates/config.json.j2 b/ansible/roles/hedgedoc/templates/config.json.j2 index 6c953c5..a5d3184 100644 --- a/ansible/roles/hedgedoc/templates/config.json.j2 +++ b/ansible/roles/hedgedoc/templates/config.json.j2 @@ -4,7 +4,7 @@ {% if var_hedgedoc_database_kind == 'sqlite' %} "db": { "dialect": "sqlite", - "storage": "{{var_hedgedoc_database_path}}" + "storage": "{{var_hedgedoc_database_data_sqlite_path}}" }, {% endif %} {% if var_hedgedoc_database_kind == 'postgresql' %} @@ -25,27 +25,28 @@ "domain": "{{var_hedgedoc_domain}}", "urlAddPort": false, "protocolUseSSL": true, -{% if var_hedgedoc_oauth2_enable %} +{% if var_hedgedoc_authentication_kind == 'internal' %} + "email": true, + "allowEmailRegister": true, +{% endif %} +{% if var_hedgedoc_authentication_kind == 'authelia' %} "oauth2": { - "providerName": "{{var_hedgedoc_oauth2_provider_name}}", - "clientID": "{{var_hedgedoc_oauth2_client_id}}", - "clientSecret": "{{var_hedgedoc_oauth2_client_secret}}", + "providerName": "{{var_hedgedoc_authentication_data_authelia_provider_name}}", + "clientID": "{{var_hedgedoc_authentication_data_authelia_client_id}}", + "clientSecret": "{{var_hedgedoc_authentication_data_authelia_client_secret}}", "scope": "openid email profile", "userProfileUsernameAttr": "sub", "userProfileDisplayNameAttr": "name", "userProfileEmailAttr": "email", - "userProfileURL": "{{var_hedgedoc_oauth2_user_profile_url}}", - "tokenURL": "{{var_hedgedoc_oauth2_token_url}}", - "authorizationURL": "{{var_hedgedoc_oauth2_authorization_url}}" + "userProfileURL": "{{var_hedgedoc_authentication_data_authelia_url_base}}/profile", + "tokenURL": "{{var_hedgedoc_authentication_data_authelia_url_base}}/token", + "authorizationURL": "{{var_hedgedoc_authentication_data_authelia_url_base}}/authorization" }, "email": false, "allowEmailRegister": false, -{% else %} - "email": true, - "allowEmailRegister": true, {% endif %} "allowAnonymous": {{var_hedgedoc_guest_allow_create | to_json}}, - "allowAnonymousEdits": {{var_hedgedoc_guest_allow_edit | to_json}}, + "allowAnonymousEdits": {{var_hedgedoc_guest_allow_change | to_json}}, {% if var_hedgedoc_free_names_mode == 'never' %} "allowFreeURL": false, "requireFreeURLAuthentication": false, diff --git a/ansible/roles/hedgedoc/vardef.json b/ansible/roles/hedgedoc/vardef.json new file mode 100644 index 0000000..cb6e8d6 --- /dev/null +++ b/ansible/roles/hedgedoc/vardef.json @@ -0,0 +1,87 @@ +{ + "user_name": { + "type": "string", + "mandatory": false + }, + "directory": { + "type": "string", + "mandatory": false + }, + "version": { + "type": "string", + "mandatory": false + }, + "session_secret": { + "type": "string", + "mandatory": true + }, + "database_kind": { + "type": "string", + "mandatory": false, + "options": [ + "sqlite", + "postgresql", + "mariadb" + ] + }, + "database_data_sqlite_path": { + "type": "string", + "mandatory": false + }, + "database_data_postgresql_host": { + "type": "string", + "mandatory": false + }, + "database_data_postgresql_port": { + "type": "integer", + "mandatory": false + }, + "database_data_postgresql_username": { + "type": "string", + "mandatory": false + }, + "database_data_postgresql_password": { + "type": "string", + "mandatory": false + }, + "database_data_postgresql_schema": { + "type": "string", + "mandatory": false + }, + "domain": { + "type": "string", + "mandatory": false + }, + "authentication_kind": { + "type": "string", + "mandatory": false, + "options": [ + "internal", + "authelia" + ] + }, + "authentication_data_authelia_client_id": { + "type": "string", + "mandatory": false + }, + "authentication_data_authelia_client_secret": { + "type": "string", + "mandatory": false + }, + "authentication_data_authelia_url_base": { + "type": "string", + "mandatory": false + }, + "guest_allow_create": { + "type": "boolean", + "mandatory": false + }, + "guest_allow_change": { + "type": "boolean", + "mandatory": false + }, + "free_names_mode": { + "type": "string", + "mandatory": false + } +}