[fix] role:hedgedoc

2024-03-20 00:07:58 +01:00 · 2024-03-20 00:07:58 +01:00 · 6fc1f26af2
commit 6fc1f26af2
parent 1849d6b7a1
4 changed files with 105 additions and 37 deletions
--- a/ansible/roles/hedgedoc/defaults/main.json
+++ b/ansible/roles/hedgedoc/defaults/main.json
@ -11,13 +11,10 @@
 	"var_hedgedoc_database_data_postgresql_password": "REPLACE_ME",
 	"var_hedgedoc_database_data_postgresql_schema": "hedgedoc",
 	"var_hedgedoc_domain": "hedgedoc.example.org",
-	"var_hedgedoc_oauth2_enable": false,
-	"var_hedgedoc_oauth2_provider_name": "external auth",
-	"var_hedgedoc_oauth2_client_id": "hedgedoc",
-	"var_hedgedoc_oauth2_client_secret": "REPLACE_ME",
-	"var_hedgedoc_oauth2_user_profile_url": "https://auth.example.org/profile",
-	"var_hedgedoc_oauth2_token_url": "https://auth.example.org/token",
-	"var_hedgedoc_oauth2_authorization_url": "https://auth.example.org/authorization",
+	"var_hedgedoc_authentication_kind": "authelia",
+	"var_hedgedoc_authentication_data_authelia_client_id": "hedgedoc",
+	"var_hedgedoc_authentication_data_authelia_client_secret": "REPLACE_ME",
+	"var_hedgedoc_authentication_data_authelia_url_base": "https://authelia.linke.sx",
 	"var_hedgedoc_guest_allow_create": false,
 	"var_hedgedoc_guest_allow_change": false,
 	"var_hedgedoc_free_names_mode": "authed"
--- a/ansible/roles/hedgedoc/tasks/main.json
+++ b/ansible/roles/hedgedoc/tasks/main.json
@ -3,6 +3,7 @@
 		"name": "packages",
 		"become": true,
 		"ansible.builtin.apt": {
+			"update_cache": true,
 			"pkg": [
 				"acl",
 				"git",
@ -56,24 +57,6 @@
 			"cmd": "bin/setup"
 		}
 	},
-	{
-		"name": "var directory",
-		"become": true,
-		"ansible.builtin.file": {
-			"state": "directory",
-			"path": "{{var_hedgedoc_database_path | dirname}}",
-			"owner": "{{var_hedgedoc_user_name}}"
-		}
-	},
-	{
-		"name": "database",
-		"become": true,
-		"ansible.builtin.file": {
-			"state": "touch",
-			"path": "{{var_hedgedoc_database_path}}",
-			"owner": "{{var_hedgedoc_user_name}}"
-		}
-	},
 	{
 		"name": "configuration",
 		"become": true,
--- a/ansible/roles/hedgedoc/templates/config.json.j2
+++ b/ansible/roles/hedgedoc/templates/config.json.j2
@ -4,7 +4,7 @@
 {% if var_hedgedoc_database_kind == 'sqlite' %}
 		"db": {
 			"dialect": "sqlite",
-			"storage": "{{var_hedgedoc_database_path}}"
+			"storage": "{{var_hedgedoc_database_data_sqlite_path}}"
 		},
 {% endif %}
 {% if var_hedgedoc_database_kind == 'postgresql' %}
@ -25,27 +25,28 @@
 		"domain": "{{var_hedgedoc_domain}}",
 		"urlAddPort": false,
 		"protocolUseSSL": true,
-{% if var_hedgedoc_oauth2_enable %}
+{% if var_hedgedoc_authentication_kind == 'internal' %}
+		"email": true,
+		"allowEmailRegister": true,
+{% endif %}
+{% if var_hedgedoc_authentication_kind == 'authelia' %}
 		"oauth2": {
-			"providerName": "{{var_hedgedoc_oauth2_provider_name}}",
-			"clientID": "{{var_hedgedoc_oauth2_client_id}}",
-			"clientSecret": "{{var_hedgedoc_oauth2_client_secret}}",
+			"providerName": "{{var_hedgedoc_authentication_data_authelia_provider_name}}",
+			"clientID": "{{var_hedgedoc_authentication_data_authelia_client_id}}",
+			"clientSecret": "{{var_hedgedoc_authentication_data_authelia_client_secret}}",
 			"scope": "openid email profile",
 			"userProfileUsernameAttr": "sub",
 			"userProfileDisplayNameAttr": "name",
 			"userProfileEmailAttr": "email",
-			"userProfileURL": "{{var_hedgedoc_oauth2_user_profile_url}}",
-			"tokenURL": "{{var_hedgedoc_oauth2_token_url}}",
-			"authorizationURL": "{{var_hedgedoc_oauth2_authorization_url}}"
+			"userProfileURL": "{{var_hedgedoc_authentication_data_authelia_url_base}}/profile",
+			"tokenURL": "{{var_hedgedoc_authentication_data_authelia_url_base}}/token",
+			"authorizationURL": "{{var_hedgedoc_authentication_data_authelia_url_base}}/authorization"
 		},
 		"email": false,
 		"allowEmailRegister": false,
-{% else %}
-		"email": true,
-		"allowEmailRegister": true,
 {% endif %}
 		"allowAnonymous": {{var_hedgedoc_guest_allow_create | to_json}},
-		"allowAnonymousEdits": {{var_hedgedoc_guest_allow_edit | to_json}},
+		"allowAnonymousEdits": {{var_hedgedoc_guest_allow_change | to_json}},
 {% if var_hedgedoc_free_names_mode == 'never' %}
 		"allowFreeURL": false,
 		"requireFreeURLAuthentication": false,
--- a/ansible/roles/hedgedoc/vardef.json
+++ b/ansible/roles/hedgedoc/vardef.json
@ -0,0 +1,87 @@
+{
+	"user_name": {
+		"type": "string",
+		"mandatory": false
+	},
+	"directory": {
+		"type": "string",
+		"mandatory": false
+	},
+	"version": {
+		"type": "string",
+		"mandatory": false
+	},
+	"session_secret": {
+		"type": "string",
+		"mandatory": true
+	},
+	"database_kind": {
+		"type": "string",
+		"mandatory": false,
+		"options": [
+			"sqlite",
+			"postgresql",
+			"mariadb"
+		]
+	},
+	"database_data_sqlite_path": {
+		"type": "string",
+		"mandatory": false
+	},
+	"database_data_postgresql_host": {
+		"type": "string",
+		"mandatory": false
+	},
+	"database_data_postgresql_port": {
+		"type": "integer",
+		"mandatory": false
+	},
+	"database_data_postgresql_username": {
+		"type": "string",
+		"mandatory": false
+	},
+	"database_data_postgresql_password": {
+		"type": "string",
+		"mandatory": false
+	},
+	"database_data_postgresql_schema": {
+		"type": "string",
+		"mandatory": false
+	},
+	"domain": {
+		"type": "string",
+		"mandatory": false
+	},
+	"authentication_kind": {
+		"type": "string",
+		"mandatory": false,
+		"options": [
+			"internal",
+			"authelia"
+		]
+	},
+	"authentication_data_authelia_client_id": {
+		"type": "string",
+		"mandatory": false
+	},
+	"authentication_data_authelia_client_secret": {
+		"type": "string",
+		"mandatory": false
+	},
+	"authentication_data_authelia_url_base": {
+		"type": "string",
+		"mandatory": false
+	},
+	"guest_allow_create": {
+		"type": "boolean",
+		"mandatory": false
+	},
+	"guest_allow_change": {
+		"type": "boolean",
+		"mandatory": false
+	},
+	"free_names_mode": {
+		"type": "string",
+		"mandatory": false
+	}
+}