From d59a64c36d51741dbc9ce2a1ce875b5fa6305fef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?= <frass@greenscale.de>
Date: Sat, 16 Dec 2023 15:13:01 +0100
Subject: [PATCH] [mod] role:hedgedoc

---
 ansible/roles/hedgedoc/defaults/main.json     | 10 +-
 ansible/roles/hedgedoc/info.md                |  8 +-
 ansible/roles/hedgedoc/tasks/main.json        | 91 +++++++++++++++++++
 .../roles/hedgedoc/templates/config.json.j2   | 45 +++++----
 .../roles/hedgedoc/templates/systemd-unit.j2  | 13 +++
 5 files changed, 149 insertions(+), 18 deletions(-)
 create mode 100644 ansible/roles/hedgedoc/templates/systemd-unit.j2

diff --git a/ansible/roles/hedgedoc/defaults/main.json b/ansible/roles/hedgedoc/defaults/main.json
index c79099c..b7e9a3c 100644
--- a/ansible/roles/hedgedoc/defaults/main.json
+++ b/ansible/roles/hedgedoc/defaults/main.json
@@ -1,5 +1,13 @@
 {
+	"var_hedgedoc_version": "1.9.9",
 	"var_hedgedoc_session_secret": "session_secret",
 	"var_hedgedoc_database_path": "/var/hedgedoc/data.sqlite",
-	"var_hedgedoc_oauth2_provider_name": "external auth"
+	"var_hedgedoc_domain": "hedgedoc.example.org",
+	"var_hedgedoc_oauth2_enable": false,
+	"var_hedgedoc_oauth2_provider_name": "external auth",
+	"var_hedgedoc_oauth2_client_id": "hedgedoc",
+	"var_hedgedoc_oauth2_client_secret": "REPLACE_ME",
+	"var_hedgedoc_oauth2_user_profile_url": "https://auth.example.org/profile",
+	"var_hedgedoc_oauth2_token_url": "https://auth.example.org/token",
+	"var_hedgedoc_oauth2_authorization_url": "https://auth.example.org/authorization"
 }
diff --git a/ansible/roles/hedgedoc/info.md b/ansible/roles/hedgedoc/info.md
index e2c1fa2..7f5ab1a 100644
--- a/ansible/roles/hedgedoc/info.md
+++ b/ansible/roles/hedgedoc/info.md
@@ -1,3 +1,9 @@
+## Beschreibung
+
+Kollaborativer Editor [Hedgedoc](https://docs.hedgedoc.org/)
+
+
 ## Verweise
 
-- [Projekt-Website](https://docs.hedgedoc.org/)
+- [Dokumentation | Manual Installation](https://docs.hedgedoc.org/setup/manual-setup/)
+- [Dokumentation | Configuration](https://docs.hedgedoc.org/configuration/)
diff --git a/ansible/roles/hedgedoc/tasks/main.json b/ansible/roles/hedgedoc/tasks/main.json
index 0d4f101..0285ae7 100644
--- a/ansible/roles/hedgedoc/tasks/main.json
+++ b/ansible/roles/hedgedoc/tasks/main.json
@@ -1,2 +1,93 @@
 [
+	{
+		"name": "packages",
+		"become": true,
+		"ansible.builtin.apt": {
+			"pkg": [
+				"acl",
+				"git",
+				"nodejs",
+				"npm",
+				"yarnpkg"
+			]
+		}
+	},
+	{
+		"name": "link yarn",
+		"become": true,
+		"ansible.builtin.file": {
+			"state": "link",
+			"src": "/usr/bin/yarnpkg",
+			"dest": "/usr/bin/yarn"
+		}
+	},
+	{
+		"name": "user",
+		"become": true,
+		"ansible.builtin.user": {
+			"name": "hedgedoc",
+			"create_home": true
+		}
+	},
+	{
+		"name": "download",
+		"become": false,
+		"ansible.builtin.get_url": {
+			"url": "https://github.com/hedgedoc/hedgedoc/releases/download/{{var_hedgedoc_version}}/hedgedoc-{{var_hedgedoc_version}}.tar.gz",
+			"dest": "/tmp/hedgedoc.tar.gz"
+		}
+	},
+	{
+		"name": "extract",
+		"become": true,
+		"ansible.builtin.unarchive": {
+			"remote_src": true,
+			"src": "/tmp/hedgedoc.tar.gz",
+			"dest": "/opt",
+			"owner": "hedgedoc"
+		}
+	},
+	{
+		"name": "setup",
+		"become": true,
+		"become_user": "hedgedoc",
+		"ansible.builtin.command": {
+			"chdir": "/opt/hedgedoc",
+			"cmd": "bin/setup"
+		}
+	},
+	{
+		"name": "database",
+		"become": true,
+		"ansible.builtin.file": {
+			"state": "touch",
+			"path": "{{var_hedgedoc_database_path}}",
+			"owner": "hedgedoc"
+		}
+	},
+	{
+		"name": "configuration",
+		"become": true,
+		"ansible.builtin.template": {
+			"src": "config.json.j2",
+			"dest": "/opt/hedgedoc/config.json"
+		}
+	},
+	{
+		"name": "systemd",
+		"become": true,
+		"ansible.builtin.template": {
+			"src": "systemd-unit.j2",
+			"dest": "/etc/systemd/system/hedgedoc.service"
+		}
+	},
+	{
+		"name": "apply",
+		"become": true,
+		"ansible.builtin.systemd_service": {
+			"enabled": true,
+			"state": "started",
+			"name": "hedgedoc"
+		}
+	}
 ]
diff --git a/ansible/roles/hedgedoc/templates/config.json.j2 b/ansible/roles/hedgedoc/templates/config.json.j2
index d5f04cc..a1b9b2d 100644
--- a/ansible/roles/hedgedoc/templates/config.json.j2
+++ b/ansible/roles/hedgedoc/templates/config.json.j2
@@ -1,28 +1,41 @@
 {
-	"development": {
-		"domain": "localhost:3000",
-		"url": {
-			"addport": true
-		},
-		"loglevel": "debug",
-		"sessionSecret": "{{var_hedgedoc_session_secret}}",
+	"production": {
+		"loglevel": "error",
 		"db": {
 			"dialect": "sqlite",
-			"storage": "./db.hedgedoc.sqlite"
+			"storage": "{{var_hedgedoc_database_path}}"
 		},
+		"sessionSecret": "{{var_hedgedoc_session_secret}}",
+		"host": "localhost",
+		"allowOrigin": [
+			"localhost"
+		],
+		"domain": "{{var_hedgedoc_domain}}",
 		"urlAddPort": false,
-		"protocolUseSSL": false,
+		"protocolUseSSL": true,
+{% if var_hedgedoc_oauth2_enable %}
 		"oauth2": {
-			"providerName": "authelia",
-			"clientId": "b45421efcb7b1e5672d9b2bc55b3fdb2b6c62f3a72668110bd38f77fa1242ece",
-			"clientSecret": "e8493098b9a280610a2ba9fa0b49f14035a9f048e8505cf4981f0555a2885655",
+			"providerName": "{{var_hedgedoc_oauth2_provider_name}}",
+			"clientID": "{{var_hedgedoc_oauth2_client_id}}",
+			"clientSecret": "{{var_hedgedoc_oauth2_client_secret}}",
 			"scope": "openid email profile",
 			"userProfileUsernameAttr": "sub",
 			"userProfileDisplayNameAttr": "name",
 			"userProfileEmailAttr": "email",
-			"userProfileUrl": "http://authelia.local:9091/api/oidc/userinfo",
-			"tokenUrl": "http://authelia.local:9091/api/oidc/token",
-			"authorizationUrl": "http://authelia.local:9091/api/oidc/authorize"
-		}
+			"userProfileURL": "{{var_hedgedoc_oauth2_user_profile_url}}",
+			"tokenURL": "{{var_hedgedoc_oauth2_token_url}}",
+			"authorizationURL": "{{var_hedgedoc_oauth2_authorization_url}}"
+		},
+		"email": false,
+		"allowEmailRegister": false,
+{% else %}
+		"email": true,
+		"allowEmailRegister": true,
+{% endif %}
+		"allowAnonymous": false,
+		"allowAnonymousEdits": true,
+		"allowFreeURL": true,
+		"requireFreeURLAuthentication": true,
+		"defaultPermission": "editable"
 	}
 }
diff --git a/ansible/roles/hedgedoc/templates/systemd-unit.j2 b/ansible/roles/hedgedoc/templates/systemd-unit.j2
new file mode 100644
index 0000000..f2574df
--- /dev/null
+++ b/ansible/roles/hedgedoc/templates/systemd-unit.j2
@@ -0,0 +1,13 @@
+[Unit]
+Description=Hedgedoc
+After=multi-user.target
+
+[Service]
+WorkingDirectory=/opt/hedgedoc
+Environment=NODE_ENV=production
+ExecStart=yarn start
+SyslogIdentifier=hedgedoc
+
+[Install]
+WantedBy=multi-user.target
+