From 4cb283ebbedfc59688b0d78a517ac24e3425f894 Mon Sep 17 00:00:00 2001
From: transcaffeine <transcaffeine@finally.coffee>
Date: Sun, 6 Oct 2024 13:00:06 +0200
Subject: [PATCH] feat(hedgedoc): add ansible role for deployment

---
 roles/hedgedoc/README.md                   |  0
 roles/hedgedoc/defaults/main/config.yml    | 38 +++++++++++++++++
 roles/hedgedoc/defaults/main/container.yml | 49 ++++++++++++++++++++++
 roles/hedgedoc/defaults/main/main.yml      |  9 ++++
 roles/hedgedoc/defaults/main/user.yml      |  5 +++
 roles/hedgedoc/meta/main.yml               | 12 ++++++
 roles/hedgedoc/tasks/deploy-docker.yml     | 24 +++++++++++
 roles/hedgedoc/tasks/main.yml              | 32 ++++++++++++++
 roles/hedgedoc/vars/main.yml               | 10 +++++
 9 files changed, 179 insertions(+)
 create mode 100644 roles/hedgedoc/README.md
 create mode 100644 roles/hedgedoc/defaults/main/config.yml
 create mode 100644 roles/hedgedoc/defaults/main/container.yml
 create mode 100644 roles/hedgedoc/defaults/main/main.yml
 create mode 100644 roles/hedgedoc/defaults/main/user.yml
 create mode 100644 roles/hedgedoc/meta/main.yml
 create mode 100644 roles/hedgedoc/tasks/deploy-docker.yml
 create mode 100644 roles/hedgedoc/tasks/main.yml
 create mode 100644 roles/hedgedoc/vars/main.yml

diff --git a/roles/hedgedoc/README.md b/roles/hedgedoc/README.md
new file mode 100644
index 0000000..e69de29
diff --git a/roles/hedgedoc/defaults/main/config.yml b/roles/hedgedoc/defaults/main/config.yml
new file mode 100644
index 0000000..bcb3eb0
--- /dev/null
+++ b/roles/hedgedoc/defaults/main/config.yml
@@ -0,0 +1,38 @@
+---
+hedgedoc_config_domain: ~
+hedgedoc_config_log_level: "info"
+hedgedoc_config_session_secret: ~
+hedgedoc_config_protocol_use_ssl: true
+hedgedoc_config_hsts_enable: true
+hedgedoc_config_csp_enable: true
+hedgedoc_config_cookie_policy: 'lax'
+
+hedgedoc_config_db_username: hedgedoc
+hedgedoc_config_db_password: ~
+hedgedoc_config_db_database: hedgedoc
+hedgedoc_config_db_host: localhost
+hedgedoc_config_db_port: 5432
+hedgedoc_config_db_dialect: postgres
+
+hedgedoc_config_database:
+  username: "{{ hedgedoc_config_db_username }}"
+  password: "{{ hedgedoc_config_db_password }}"
+  database: "{{ hedgedoc_config_db_database }}"
+  host: "{{ hedgedoc_config_db_host }}"
+  port: "{{ hedgedoc_config_db_port | int }}"
+  dialect: "{{ hedgedoc_config_db_dialect }}"
+hedgedoc_config_base:
+  domain: "{{ hedgedoc_config_domain }}"
+  loglevel: "{{ hedgedoc_config_log_level }}"
+  sessionSecret: "{{ hedgedoc_config_session_secret }}"
+  protocolUseSSL: "{{ hedgedoc_config_protocol_use_ssl }}"
+  cookiePolicy: "{{ hedgedoc_config_cookie_policy }}"
+  hsts:
+    enable: "{{ hedgedoc_config_hsts_enable }}"
+  csp:
+    enable: "{{ hedgedoc_config_csp_enable }}"
+  db: "{{ hedgedoc_config_database }}"
+hedgedoc_config: ~
+hedgedoc_full_config: >-2
+  {{ hedgedoc_config_base | default({}, true)
+    | combine(hedgedoc_config | default({}, true)) }}
diff --git a/roles/hedgedoc/defaults/main/container.yml b/roles/hedgedoc/defaults/main/container.yml
new file mode 100644
index 0000000..3ebf168
--- /dev/null
+++ b/roles/hedgedoc/defaults/main/container.yml
@@ -0,0 +1,49 @@
+---
+hedgedoc_container_image_registry: quay.io
+hedgedoc_container_image_namespace: hedgedoc
+hedgedoc_container_image_name: hedgedoc
+hedgedoc_container_image_flavour: alpine
+hedgedoc_container_image_tag: ~
+hedgedoc_container_image: >-2
+  {{
+    ([
+      hedgedoc_container_image_registry,
+      hedgedoc_container_image_namespace | default([], true),
+      hedgedoc_container_image_name,
+    ] | flatten | join('/'))
+    + ':'
+    + hedgedoc_container_image_tag | default(
+      hedgedoc_version + (
+        (hedgedoc_container_image_flavour | default(false, true) | bool)
+        | ternary('-' + hedgedoc_container_image_flavour, '')
+      ),
+      true
+    )
+  }}
+hedgedoc_container_name: hedgedoc
+hedgedoc_container_state: >-2
+  {{ (hedgedoc_state == 'present') | ternary('started', 'absent') }}
+
+hedgedoc_container_config_file: "/hedgedoc/config.json"
+hedgedoc_container_upload_path: "/hedgedoc/public/uploads"
+
+hedgedoc_container_env: ~
+hedgedoc_container_user: >-2
+  {{ hedgedoc_run_user_id }}:{{ hedgedoc_run_group_id }}
+hedgedoc_container_ports: ~
+hedgedoc_container_networks: ~
+hedgedoc_container_etc_hosts: ~
+hedgedoc_container_base_volumes:
+  - "{{ hedgedoc_config_file }}:{{ hedgedoc_container_config_file }}:ro"
+  - "{{ hedgedoc_uploads_path }}:{{ hedgedoc_container_upload_path }}:z"
+hedgedoc_container_volumes: ~
+hedgedoc_container_all_volumes: >-2
+  {{ hedgedoc_container_base_volumes | default([], true)
+    + hedgedoc_container_volumes | default([], true) }}
+hedgedoc_container_base_labels:
+  version: "{{ hedgedoc_container_tag | default(hedgedoc_version, true) }}"
+hedgedoc_container_labels: ~
+hedgedoc_container_all_labels: >-2
+  {{ hedgedoc_container_base_labels | default({}, true)
+    | combine(hedgedoc_container_labels | default({}, true)) }}
+hedgedoc_container_restart_policy: "unless-stopped"
diff --git a/roles/hedgedoc/defaults/main/main.yml b/roles/hedgedoc/defaults/main/main.yml
new file mode 100644
index 0000000..e9a69aa
--- /dev/null
+++ b/roles/hedgedoc/defaults/main/main.yml
@@ -0,0 +1,9 @@
+---
+hedgedoc_user: hedgedoc
+hedgedoc_version: 1.9.9
+
+hedgedoc_state: present
+hedgedoc_deployment_method: docker
+
+hedgedoc_config_file: "/etc/hedgedoc/config.json"
+hedgedoc_uploads_path: "/var/lib/hedgedoc-uploads"
diff --git a/roles/hedgedoc/defaults/main/user.yml b/roles/hedgedoc/defaults/main/user.yml
new file mode 100644
index 0000000..0452fb7
--- /dev/null
+++ b/roles/hedgedoc/defaults/main/user.yml
@@ -0,0 +1,5 @@
+---
+hedgedoc_run_user_id: >-2
+  {{ hedgedoc_user_info.uid | default(hedgedoc_user }}
+hedgedoc_run_group_id: >-2
+  {{ hedgedoc_user_info.group | default(hedgedoc_user }}
diff --git a/roles/hedgedoc/meta/main.yml b/roles/hedgedoc/meta/main.yml
new file mode 100644
index 0000000..e0af646
--- /dev/null
+++ b/roles/hedgedoc/meta/main.yml
@@ -0,0 +1,12 @@
+---
+allow_duplicates: true
+dependencies: []
+galaxy_info:
+  role_name: hedgedoc
+  description: >-2
+    Deploy hedgedoc, a collaborative markdown editor, using docker
+  galaxy_tags:
+    - hedgedoc
+    - markdown
+    - collaboration
+    - docker
diff --git a/roles/hedgedoc/tasks/deploy-docker.yml b/roles/hedgedoc/tasks/deploy-docker.yml
new file mode 100644
index 0000000..9d11fdc
--- /dev/null
+++ b/roles/hedgedoc/tasks/deploy-docker.yml
@@ -0,0 +1,24 @@
+---
+- name: Ensure container image '{{ hedgedoc_container_image }}' is {{ hedgedoc_state }}
+  community.docker.docker_image:
+    name: "{{ hedgedoc_container_image }}"
+    state: "{{ hedgedoc_state }}"
+    source: "{{ hedgedoc_container_source }}"
+    force_source: >-2
+      {{ hedgedoc_container_force_source | default(
+        hedgedoc_container_image_tag | default(false, true), true) }}
+  register: hedgedoc_container_image_info
+  until: hedgedoc_container_image_info is success
+  retries: 5
+  delay: 3
+
+- name: Ensure container '{{ hedgedoc_container }}' is {{ hedgedoc_container_state }}
+  community.docker.docker_container:
+    name: "{{ hedgedoc_container_name }}"
+    image: "{{ hedgedoc_container_image }}"
+    env: "{{ hedgedoc_container_env | default(omit, true) }}"
+    labels: "{{ hedgedoc_container_all_labels }}"
+    volumes: "{{ hedgedoc_container_all_volumes }}"
+    etc_hosts: "{{ hedgedoc_container_etc_hosts | default(omit, true) }}"
+    restart_policy: "{{ hedgedoc_container_restart_policy | default(omit, true) }}"
+    state: "{{ hedgedoc_container_state }}"
diff --git a/roles/hedgedoc/tasks/main.yml b/roles/hedgedoc/tasks/main.yml
new file mode 100644
index 0000000..1102cc4
--- /dev/null
+++ b/roles/hedgedoc/tasks/main.yml
@@ -0,0 +1,32 @@
+---
+- name: Check for valid state
+  ansible.builtin.fail:
+    msg: >-2
+      Unsupported state '{{ hedgedoc_state }}'. Supported
+      states are {{ hedgedoc_states | join(', ') }}.
+  when: hedgedoc_state not in hedgedoc_states
+
+- name: Check for valid deployment method
+  ansible.builtin.fail:
+    msg: >-2
+      Deployment method '{{ hedgedoc_deployment_method }}'
+      is not supported. Supported are:
+      {{ hedgedoc_deployment_methods | join(', ') }}
+  when: hedgedoc_deployment_method not in hedgedoc_deployment_methods
+
+- name: Ensure user '{{ hedgedoc_user }}' is {{ hedgedoc_state }}
+  ansible.builtin.user:
+    name: "{{ hedgedoc_user }}"
+    state: "{{ hedgedoc_state }}"
+    system: "{{ hedgedoc_user_system | default(true, false) }}"
+  register: hedgedoc_user_info
+
+- name: Ensure configuration file '{{ hedgedoc_config_file }}' is {{ hedgedoc_state }}
+  ansible.builtin.copy:
+    dest: "{{ hedgedoc_config_file }}"
+    content: "{{ hedgedoc_full_config }}"
+  when: hedgedoc_state == 'present'
+
+- name: Ensure hedgedoc is deployed using {{ hedgedoc_deployment_method }}
+  ansible.builtin.include_tasks:
+    file: "deploy-{{ hedgedoc_deployment_method }}.yml"
diff --git a/roles/hedgedoc/vars/main.yml b/roles/hedgedoc/vars/main.yml
new file mode 100644
index 0000000..288a1cf
--- /dev/null
+++ b/roles/hedgedoc/vars/main.yml
@@ -0,0 +1,10 @@
+---
+hedgedoc_states:
+  - present
+  - absent
+hedgedoc_deployment_methods:
+  - docker
+
+hedgedoc_required_arguments:
+  - hedgedoc_domain
+  - hedgedoc_config_session_secret