Merge branch 'main' of https://git.coopcloud.tech/coop-cloud/hedgedoc

Add in hedgedoc documents

.env.sample

@@ -8,7 +8,7 @@ DOMAIN=hedgedoc.example.com
 LETS_ENCRYPT_ENV=production
 
 SECRET_DB_PASSWORD_VERSION=v1
-
+SECRET_CMD_SESSION_SECRET=v1
 COMPOSE_FILE="compose.yml"
 
 # OAuth, see https://docs.hedgedoc.org/guides/auth/keycloak/
@@ -42,6 +42,7 @@ COMPOSE_FILE="compose.yml"
 # CMD_CSP_REPORTURI=undefined
 # CMD_DEFAULT_PERMISSION=editable
 # CMD_EMAIL=true
+# CMD_REQUIRE_FREEURL_AUTHENTICATION=false
 # CMD_SESSION_LIFE=1209600000
 # Only present in config.json (no equivalent env var):
 # DOCUMENT_MAX_LENGTH=100000

README.md

@@ -25,8 +25,8 @@
 5. `abra app deploy YOURAPPDOMAIN`
 6. Create initial user:
 	```
-	abra app YOURAPPDOMAIN run app bash
-	. /docker-entrypoint2.sh -e
+	abra app run YOURAPPDOMAIN app bash
+	. /docker-entrypoint.sh -e
 	bin/manage_users
 
 [hedegedoc]: https://github.com/hedgedoc/hedgedoc

abra.sh

@@ -1,13 +1 @@
-export ENTRYPOINT_CONF_VERSION=v8
-
-abra_backup_app() {
-  _abra_backup_dir "app:/home/hackmd/app/public/uploads/"
-}
-
-abra_backup_db() {
-  _abra_backup_postgres "db" "codimd" "codimd" "db_password"
-}
-
-abra_backup() {
-  abra_backup_app && abra_backup_db
-}
+export ENTRYPOINT_CONF_VERSION=v9

alaconnect.yml

@@ -1,15 +0,0 @@
-authentik:
-    env:
-        CMD_OAUTH2_USER_PROFILE_URL: https://authentik.example.com/application/o/userinfo/
-        CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR: preferred_username
-        CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR: name
-        CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR: email
-        CMD_OAUTH2_TOKEN_URL: https://authentik.example.com/application/o/token/
-        CMD_OAUTH2_AUTHORIZATION_URL: https://authentik.example.com/application/o/authorize/
-        CMD_OAUTH2_CLIENT_ID: hedgedoc
-        CMD_OAUTH2_PROVIDERNAME: Authentik
-    uncomment: 
-        - compose.oauth.yml
-        - SECRET_OAUTH_KEY_VERSION
-    shared_secrets:
-        hedgedoc_secret: oauth_key

compose.yml

@@ -25,6 +25,7 @@ services:
       - CMD_CSP_REPORTURI
       - CMD_DEFAULT_PERMISSION
       - CMD_EMAIL
+      - CMD_REQUIRE_FREEURL_AUTHENTICATION
       - CMD_SESSION_LIFE
       - DOCUMENT_MAX_LENGTH
     depends_on:
@@ -33,7 +34,7 @@ services:
       - proxy
       - internal
     volumes:
-      - codimd_uploads:/home/hackmd/app/public/uploads
+      - codimd_uploads:/hedgedoc/public/uploads
     secrets:
       - db_password
     entrypoint: /docker-entrypoint.sh
@@ -43,7 +44,6 @@ services:
         mode: 0555
       - source: config_json
         target: /files/config.json
-        mode: 0555
     deploy:
       restart_policy:
         condition: on-failure
@@ -57,8 +57,10 @@ services:
         - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
-        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
-        - "coop-cloud.${STACK_NAME}.version=1.0.1+1.9.9"
+        - "backupbot.backup=true"
+        - "backupbot.backup.path=/hedgedoc/public/uploads"
+        - coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}
+        - coop-cloud.${STACK_NAME}.version=0.6.0+1.9.9
     healthcheck:
       test: "nodejs -e \"http.get('http://localhost:3000', (res) => { console.log('status: ', res.statusCode); if (res.statusCode == 200) { process.exit(0); } else { process.exit(1); } });\""
       interval: 30s
@@ -66,7 +68,7 @@ services:
       retries: 10
       start_period: 1m
   db:
-    image: postgres:16.1-alpine
+    image: postgres:11.20-alpine
     environment:
       - POSTGRES_USER=codimd
       - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
@@ -79,12 +81,18 @@ services:
       - internal
     deploy:
       labels:
-          backupbot.backup: "true"
-          backupbot.backup.pre-hook: "PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql"
-          backupbot.backup.post-hook: "rm -f /var/lib/postgresql/data/backup.sql"
-          backupbot.backup.path: "/var/lib/postgresql/data/backup.sql"
-          backupbot.restore: "true"
-          backupbot.restore.post-hook: "sh -c 'psql -U $${POSTGRES_USER} -d $${POSTGRES_DB} < /var/lib/postgresql/data/backup.sql && rm -f /var/lib/postgresql/data/backup.sql'"
+        backupbot.backup: "true"
+        backupbot.backup.pre-hook: "mkdir -p /tmp/backup/ && PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /tmp/backup/backup.sql"
+        backupbot.backup.post-hook: "rm -rf /tmp/backup"
+        backupbot.backup.path: "/tmp/backup/"
+        backupbot.restore: "true"
+        backupbot.restore.post-hook: "sh -c 'psql -U $${POSTGRES_USER} -d $${POSTGRES_DB} < ./backup.sql && rm -f ./backup.sql'"
+    healthcheck:
+      test: "pg_isready"
+      interval: 30s
+      timeout: 10s
+      retries: 5
+      start_period: 1m
 volumes:
   postgres:
   codimd_uploads:

release/1.0.0+1.9

@@ -1,7 +0,0 @@
-WARNING WARNING WARNING 🚨
-
-This release includes a major Postgres database upgrade, but does not yet include tools to automatically upgrade from older Postgres releases.
-
-PLEASE DO NOT UPGRADE EXISTING INSTANCES TO THIS VERSION.
-
-This should be fixed soon.