[fix] role:hedgedoc

2024-03-20 00:07:58 +01:00 · 2024-03-20 00:07:58 +01:00 · 6fc1f26af2
commit 6fc1f26af2
parent 1849d6b7a1
4 changed files with 105 additions and 37 deletions
--- a/ansible/roles/hedgedoc/defaults/main.json
+++ b/ansible/roles/hedgedoc/defaults/main.json
@ -11,13 +11,10 @@
 	"var_hedgedoc_database_data_postgresql_password": "REPLACE_ME",
 	"var_hedgedoc_database_data_postgresql_schema": "hedgedoc",
 	"var_hedgedoc_domain": "hedgedoc.example.org",
-	"var_hedgedoc_oauth2_enable": false,
+	"var_hedgedoc_authentication_kind": "authelia",
-	"var_hedgedoc_oauth2_provider_name": "external auth",
+	"var_hedgedoc_authentication_data_authelia_client_id": "hedgedoc",
-	"var_hedgedoc_oauth2_client_id": "hedgedoc",
+	"var_hedgedoc_authentication_data_authelia_client_secret": "REPLACE_ME",
-	"var_hedgedoc_oauth2_client_secret": "REPLACE_ME",
+	"var_hedgedoc_authentication_data_authelia_url_base": "https://authelia.linke.sx",
 	"var_hedgedoc_oauth2_user_profile_url": "https://auth.example.org/profile",
 	"var_hedgedoc_oauth2_token_url": "https://auth.example.org/token",
 	"var_hedgedoc_oauth2_authorization_url": "https://auth.example.org/authorization",
 	"var_hedgedoc_guest_allow_create": false,
 	"var_hedgedoc_guest_allow_change": false,
 	"var_hedgedoc_free_names_mode": "authed"
--- a/ansible/roles/hedgedoc/tasks/main.json
+++ b/ansible/roles/hedgedoc/tasks/main.json
@ -3,6 +3,7 @@
 		"name": "packages",
 		"become": true,
 		"ansible.builtin.apt": {
 			"update_cache": true,
 			"pkg": [
 				"acl",
 				"git",
@ -56,24 +57,6 @@
 			"cmd": "bin/setup"
 		}
 	},
 	{
 		"name": "var directory",
 		"become": true,
 		"ansible.builtin.file": {
 			"state": "directory",
 			"path": "{{var_hedgedoc_database_path | dirname}}",
 			"owner": "{{var_hedgedoc_user_name}}"
 		}
 	},
 	{
 		"name": "database",
 		"become": true,
 		"ansible.builtin.file": {
 			"state": "touch",
 			"path": "{{var_hedgedoc_database_path}}",
 			"owner": "{{var_hedgedoc_user_name}}"
 		}
 	},
 	{
 		"name": "configuration",
 		"become": true,
--- a/ansible/roles/hedgedoc/templates/config.json.j2
+++ b/ansible/roles/hedgedoc/templates/config.json.j2
@ -4,7 +4,7 @@
 {% if var_hedgedoc_database_kind == 'sqlite' %}
 		"db": {
 			"dialect": "sqlite",
-			"storage": "{{var_hedgedoc_database_path}}"
+			"storage": "{{var_hedgedoc_database_data_sqlite_path}}"
 		},
 {% endif %}
 {% if var_hedgedoc_database_kind == 'postgresql' %}
@ -25,27 +25,28 @@
 		"domain": "{{var_hedgedoc_domain}}",
 		"urlAddPort": false,
 		"protocolUseSSL": true,
-{% if var_hedgedoc_oauth2_enable %}
+{% if var_hedgedoc_authentication_kind == 'internal' %}
 		"email": true,
 		"allowEmailRegister": true,
 {% endif %}
 {% if var_hedgedoc_authentication_kind == 'authelia' %}
 		"oauth2": {
-			"providerName": "{{var_hedgedoc_oauth2_provider_name}}",
+			"providerName": "{{var_hedgedoc_authentication_data_authelia_provider_name}}",
-			"clientID": "{{var_hedgedoc_oauth2_client_id}}",
+			"clientID": "{{var_hedgedoc_authentication_data_authelia_client_id}}",
-			"clientSecret": "{{var_hedgedoc_oauth2_client_secret}}",
+			"clientSecret": "{{var_hedgedoc_authentication_data_authelia_client_secret}}",
 			"scope": "openid email profile",
 			"userProfileUsernameAttr": "sub",
 			"userProfileDisplayNameAttr": "name",
 			"userProfileEmailAttr": "email",
-			"userProfileURL": "{{var_hedgedoc_oauth2_user_profile_url}}",
+			"userProfileURL": "{{var_hedgedoc_authentication_data_authelia_url_base}}/profile",
-			"tokenURL": "{{var_hedgedoc_oauth2_token_url}}",
+			"tokenURL": "{{var_hedgedoc_authentication_data_authelia_url_base}}/token",
-			"authorizationURL": "{{var_hedgedoc_oauth2_authorization_url}}"
+			"authorizationURL": "{{var_hedgedoc_authentication_data_authelia_url_base}}/authorization"
 		},
 		"email": false,
 		"allowEmailRegister": false,
 {% else %}
 		"email": true,
 		"allowEmailRegister": true,
 {% endif %}
 		"allowAnonymous": {{var_hedgedoc_guest_allow_create | to_json}},
-		"allowAnonymousEdits": {{var_hedgedoc_guest_allow_edit | to_json}},
+		"allowAnonymousEdits": {{var_hedgedoc_guest_allow_change | to_json}},
 {% if var_hedgedoc_free_names_mode == 'never' %}
 		"allowFreeURL": false,
 		"requireFreeURLAuthentication": false,
--- a/ansible/roles/hedgedoc/vardef.json
+++ b/ansible/roles/hedgedoc/vardef.json
@ -0,0 +1,87 @@
 {
 	"user_name": {
 		"type": "string",
 		"mandatory": false
 	},
 	"directory": {
 		"type": "string",
 		"mandatory": false
 	},
 	"version": {
 		"type": "string",
 		"mandatory": false
 	},
 	"session_secret": {
 		"type": "string",
 		"mandatory": true
 	},
 	"database_kind": {
 		"type": "string",
 		"mandatory": false,
 		"options": [
 			"sqlite",
 			"postgresql",
 			"mariadb"
 		]
 	},
 	"database_data_sqlite_path": {
 		"type": "string",
 		"mandatory": false
 	},
 	"database_data_postgresql_host": {
 		"type": "string",
 		"mandatory": false
 	},
 	"database_data_postgresql_port": {
 		"type": "integer",
 		"mandatory": false
 	},
 	"database_data_postgresql_username": {
 		"type": "string",
 		"mandatory": false
 	},
 	"database_data_postgresql_password": {
 		"type": "string",
 		"mandatory": false
 	},
 	"database_data_postgresql_schema": {
 		"type": "string",
 		"mandatory": false
 	},
 	"domain": {
 		"type": "string",
 		"mandatory": false
 	},
 	"authentication_kind": {
 		"type": "string",
 		"mandatory": false,
 		"options": [
 			"internal",
 			"authelia"
 		]
 	},
 	"authentication_data_authelia_client_id": {
 		"type": "string",
 		"mandatory": false
 	},
 	"authentication_data_authelia_client_secret": {
 		"type": "string",
 		"mandatory": false
 	},
 	"authentication_data_authelia_url_base": {
 		"type": "string",
 		"mandatory": false
 	},
 	"guest_allow_create": {
 		"type": "boolean",
 		"mandatory": false
 	},
 	"guest_allow_change": {
 		"type": "boolean",
 		"mandatory": false
 	},
 	"free_names_mode": {
 		"type": "string",
 		"mandatory": false
 	}
 }