reorganize (config) files and templates into one "resources" dir

This groups the files and templates for each host together and therefore makes it easier to see all the (config) files for a host. Also clean up incorrect, unused docker_compose config for mumble and clean up unused engelsystem configs.
2024-12-05 22:18:27 +01:00 · 2024-12-05 22:18:27 +01:00 · d0a28589c6
commit d0a28589c6
parent af4abdc50b
83 changed files with 62 additions and 121 deletions
--- a/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
+++ b/resources/chaosknoten/pad/docker_compose/compose.yaml.j2
@ -0,0 +1,67 @@
+---
+# see https://github.com/hedgedoc/container/blob/master/docker-compose.yml
+
+services:
+  database:
+    image: docker.io/library/postgres:15-alpine
+    environment:
+      - "POSTGRES_USER=hedgedoc"
+      - "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/DB_PASSWORD", create=false, missing="error") }}"
+      - "POSTGRES_DB=hedgedoc"
+    volumes:
+      - database:/var/lib/postgresql/data
+    restart: unless-stopped
+
+  app:
+    #image: quay.io/hedgedoc/hedgedoc:1.9.9
+    image: quay.io/hedgedoc/hedgedoc:latest
+    environment:
+      - "CMD_DB_URL=postgres://hedgedoc:{{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/DB_PASSWORD", create=false, missing="error") }}@database:5432/hedgedoc"
+      - "CMD_DOMAIN=pad.hamburg.ccc.de"
+      - "CMD_PROTOCOL_USESSL=true"
+      - "CMD_HSTS_ENABLE=false"
+      - "CMD_URL_ADDPORT=false"
+      - "CMD_ALLOW_FREEURL=true"
+      - "CMD_ALLOW_EMAIL_REGISTER=false"
+      - "CMD_ALLOW_ANONYMOUS=false"
+      - "CMD_ALLOW_ANONYMOUS_EDITS=true"
+      - "CMD_ALLOW_ANONYMOUS_VIEWS=true"
+      - "CMD_DEFAULT_PERMISSION=limited"
+      - "CMD_EMAIL=false"
+      - "CMD_OAUTH2_USER_PROFILE_URL=https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/userinfo"
+      - "CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username"
+      - "CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name"
+      - "CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email"
+      - "CMD_OAUTH2_TOKEN_URL=https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token"
+      - "CMD_OAUTH2_AUTHORIZATION_URL=https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth"
+      - "CMD_OAUTH2_CLIENT_ID=pad"
+      - "CMD_OAUTH2_CLIENT_SECRET={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/KC_SECRET", create=false, missing="error") }}"
+      - "CMD_OAUTH2_PROVIDERNAME=Keycloak"
+      - "CMD_OAUTH2_SCOPE=openid email profile"
+    volumes:
+      - uploads:/hedgedoc/public/uploads
+    ports:
+      - "127.0.0.1:3000:3000"
+    restart: unless-stopped
+    depends_on:
+      - database
+
+  hedgedoc-expire:
+    image: git.hamburg.ccc.de/ccchh/hedgedoc-expire/hedgedoc-expire:latest
+    # command: "emailcheck"
+    command: "cron"
+    environment:
+      - "POSTGRES_HOSTNAME=database"
+      - "POSTGRES_USERNAME=hedgedoc"
+      - "POSTGRES_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/DB_PASSWORD", create=false, missing="error") }}"
+      - "SMTP_FROM=pad@hamburg.ccc.de"
+      - "SMTP_HOSTNAME=cow.hamburg.ccc.de"
+      - "SMTP_USERNAME=pad@hamburg.ccc.de"
+      - "SMTP_PASSWORD={{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/pad/smtp_password", create=false, missing="error") }}"
+      - "URL=https://pad.hamburg.ccc.de"
+    depends_on:
+      - database
+
+volumes:
+  database: {}
+  uploads: {}