forked from coop-cloud/hedgedoc
Compare commits
86 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 828c7c1300 | |||
f0c6a3c19c
|
|||
|
94f238c4af
|
|||
|
1dfdd90845
|
|||
|
660a5fee21 | ||
| 8d23542076 | |||
|
|
29968706fc | ||
|
|
1db30e2cda | ||
|
|
ec1735a005 | ||
|
|
29a7d585dc | ||
|
|
d0191f1c49 | ||
|
|
58bfa65b8a | ||
| 98c0268b72 | |||
| 73c8b662d4 | |||
| 674cbd0431 | |||
|
|
4972af78e8 | ||
| aa2afc2270 | |||
|
|
6fbaeb7af0 | ||
|
|
aa70a53ef1 | ||
|
|
3efbfec419 | ||
|
|
93e5604fcb | ||
| 917766023b | |||
| 6feab6a99e | |||
|
|
24c3349074 | ||
|
|
6429b2720f | ||
|
|
ca5a95bea6 | ||
|
|
45986d1af4 | ||
|
|
35e78f4834 | ||
|
|
3a98857b5c | ||
|
|
2310cb9378 | ||
|
|
6a036c4c82 | ||
|
|
d19f286c11 | ||
| 635eee710b | |||
| 49f06173e9 | |||
| 9194256835 | |||
| 081f2139fa | |||
| 6f15d5f2c7 | |||
| 8bc03406a1 | |||
| bc8996f558 | |||
| fcf5bade21 | |||
| 3fc480b82b | |||
| f71534e396 | |||
| 5e815e63a5 | |||
| ec98bab9d5 | |||
| 65ec56ac08 | |||
1ed15423c3
|
|||
|
0443ffc984
|
|||
|
c727320a31
|
|||
| e8f1186965 | |||
| 66c5160812 | |||
| c656afb176 | |||
| 97f2d94079 | |||
| 4846a09169 | |||
| 210a37cd0c | |||
| 914ef6b026 | |||
| 5f205c149f | |||
| d2c8993fcc | |||
| 1c93adcf21 | |||
| 7970e7c61e | |||
| e14f050ede | |||
| 5fd556d358 | |||
| 4c2417901e | |||
| 6bc2679dee | |||
| d2d5b8ceb1 | |||
| afd3b03b21 | |||
| b43724ecba | |||
| 8e973cbed1 | |||
|
7780eb9f13 | ||
|
|
9e88945b9b | ||
|
|
6139cff626 | ||
|
|
0c96d5a45f | ||
| a896d27542 | |||
| 90d5d3fc18 | |||
| b282386419 | |||
| 980cac71d8 | |||
| d277bd9ac1 | |||
| 5343ebb076 | |||
| f6827630d8 | |||
| 29448933fc | |||
| 399f1f718b | |||
| 92e554fb5c | |||
| ccb340b7ff | |||
| 1f1cd735d1 | |||
| fd2c333a54 | |||
a781e47fe2
|
|||
|
f81b91db99
|
28
.drone.yml
28
.drone.yml
@ -3,30 +3,40 @@ kind: pipeline
|
||||
name: deploy to swarm-test.autonomic.zone
|
||||
steps:
|
||||
- name: deployment
|
||||
image: decentral1se/stack-ssh-deploy:latest
|
||||
image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
|
||||
settings:
|
||||
host: swarm-test.autonomic.zone
|
||||
stack: codimd
|
||||
stack: hedgedoc
|
||||
networks:
|
||||
- proxy
|
||||
deploy_key:
|
||||
from_secret: drone_ssh_swarm_test
|
||||
generate_secrets: true
|
||||
purge: true
|
||||
environment:
|
||||
DOMAIN: codimd.swarm-test.autonomic.zone
|
||||
STACK_NAME: codimd
|
||||
DOMAIN: hedgedoc.swarm-test.autonomic.zone
|
||||
STACK_NAME: hedgedoc
|
||||
LETS_ENCRYPT_ENV: production
|
||||
SECRET_DB_PASSWORD_VERSION: v1
|
||||
SECRET_SESSION_SECRET_VERSION: v1
|
||||
ENTRYPOINT_CONF_VERSION: v1
|
||||
PG_BACKUP_VERSION: v1
|
||||
trigger:
|
||||
branch:
|
||||
- main
|
||||
---
|
||||
kind: pipeline
|
||||
name: recipe release
|
||||
name: generate recipe catalogue
|
||||
steps:
|
||||
- name: release a new version
|
||||
image: thecoopcloud/drone-abra:latest
|
||||
image: plugins/downstream
|
||||
settings:
|
||||
command: recipe codimd release
|
||||
deploy_key:
|
||||
from_secret: abra_bot_deploy_key
|
||||
server: https://build.coopcloud.tech
|
||||
token:
|
||||
from_secret: drone_abra-bot_token
|
||||
fork: true
|
||||
repositories:
|
||||
- toolshed/auto-recipes-catalogue-json
|
||||
|
||||
trigger:
|
||||
event: tag
|
||||
|
||||
50
.env.sample
50
.env.sample
@ -1,20 +1,54 @@
|
||||
TYPE=codimd
|
||||
TYPE=hedgedoc
|
||||
TIMEOUT=300
|
||||
ENABLE_AUTO_UPDATE=true
|
||||
ENABLE_BACKUPS=true
|
||||
|
||||
DOMAIN=codimd.example.com
|
||||
DOMAIN=hedgedoc.example.com
|
||||
## Domain aliases
|
||||
#EXTRA_DOMAINS=', `www.codimd.example.com`'
|
||||
#EXTRA_DOMAINS=', `www.hedgedoc.example.com`'
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
||||
SECRET_DB_PASSWORD_VERSION=v1
|
||||
SECRET_SESSION_SECRET_VERSION=v1
|
||||
|
||||
# OAuth, see https://hackmd.io/@codimd/codimd-generic-oauth-2
|
||||
COMPOSE_FILE="compose.yml"
|
||||
|
||||
#COMPOSE_FILE="compose.yml:compose.oauth.yml"
|
||||
# PostgreSQL
|
||||
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.postgresql.yml"
|
||||
#SECRET_DB_PASSWORD_VERSION=v1
|
||||
|
||||
# OAuth, see https://docs.hedgedoc.org/guides/auth/keycloak/
|
||||
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.oauth.yml"
|
||||
#CMD_OAUTH2_PROVIDERNAME="Keycloak"
|
||||
#CMD_OAUTH2_BASEURL="https://keycloak.example.com/realms/realmname/protocol/openid-connect/"
|
||||
#CMD_OAUTH2_CLIENT_ID="codimd"
|
||||
#CMD_OAUTH2_CLIENT_ID="hedgedoc"
|
||||
#CMD_OAUTH2_AUTHORIZATION_URL="https://keycloak.example.com/auth/realms/realmname/protocol/openid-connect/auth"
|
||||
#CMD_OAUTH2_TOKEN_URL="https://keycloak.example.com/auth/realms/realmname/protocol/openid-connect/token"
|
||||
#CMD_OAUTH2_USER_PROFILE_URL="https://keycloak.example.com/auth/realms/realmname/protocol/openid-connect/userinfo"
|
||||
#CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=ocs.data.id
|
||||
#CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=ocs.data.display-name
|
||||
#CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=ocs.data.email
|
||||
#CMD_OAUTH2_PROVIDERNAME=Keycloak
|
||||
#CMD_OAUTH2_SCOPE="openid email profile"
|
||||
#
|
||||
#SECRET_OAUTH_KEY_VERSION=v1
|
||||
|
||||
# Options, see https://docs.hedgedoc.org/configuration/
|
||||
|
||||
# CMD_ALLOW_ANONYMOUS=true
|
||||
# CMD_ALLOW_ANONYMOUS_EDITS=false
|
||||
# CMD_ALLOW_EMAIL_REGISTER=true
|
||||
# CMD_ALLOW_FREEURL=false
|
||||
# CMD_REQUIRE_FREEURL_AUTHENTICATION=true
|
||||
# CMD_ALLOW_GRAVATAR=true
|
||||
# CMD_ALLOW_ORIGIN=localhost
|
||||
# CMD_COOKIE_POLICY=lax
|
||||
# CMD_CSP_ADD_DISQUS=false
|
||||
# CMD_CSP_ADD_GOOGLE_ANALYTICS=false
|
||||
# CMD_CSP_ENABLE=true
|
||||
# CMD_CSP_REPORTURI=undefined
|
||||
# CMD_DEFAULT_PERMISSION=editable
|
||||
# CMD_EMAIL=true
|
||||
# CMD_SESSION_LIFE=1209600000
|
||||
# Only present in config.json (no equivalent env var):
|
||||
# DOCUMENT_MAX_LENGTH=100000
|
||||
|
||||
29
README.md
29
README.md
@ -1,35 +1,34 @@
|
||||
# CodiMD
|
||||
# Hedgedoc
|
||||
|
||||
[](https://drone.autonomic.zone/coop-cloud/codimd)
|
||||
[](https://drone.autonomic.zone/coop-cloud/hedegedoc)
|
||||
|
||||
[CodiMD][codimd] using Coöp Cloud ♥
|
||||
[Hedgedoc][hedegedoc] using Coöp Cloud ♥
|
||||
|
||||
<!-- metadata -->
|
||||
* **Category**: Apps
|
||||
* **Status**: ❷💛
|
||||
* **Image**: [`hackmdio/hackmd`](https://hub.docker.com/r/hackmdio/hackmd/), ❶💚, upstream
|
||||
* **Status**: 2, beta
|
||||
* **Image**: [`quay.io/hedgedoc/hedgedoc`](https://quay.io/hedgedoc/hedgedoc), 4, upstream
|
||||
* **Healthcheck**: Yes
|
||||
* **Backups**: No
|
||||
* **Backups**: Yes
|
||||
* **Email**: No
|
||||
* **Tests**: ❷💛
|
||||
* **SSO**: ❶💚 (OAuth)
|
||||
* **Tests**: 2
|
||||
* **SSO**: 3 (OAuth)
|
||||
<!-- endmetadata -->
|
||||
|
||||
## Basic usage
|
||||
|
||||
1. Set up Docker Swarm and [`abra`][abra]
|
||||
2. Deploy [`coop-cloud/traefik`][compose-traefik]
|
||||
3. `abra app new codimd`
|
||||
4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to
|
||||
3. `abra app new hedgedoc`
|
||||
4. `abra app config YOURAPPDOMAIN` - be sure to change `$DOMAIN` to something that resolves to
|
||||
your Docker swarm box
|
||||
5. `abra app YOURAPPDOMAIN deploy`
|
||||
5. `abra app deploy YOURAPPDOMAIN`
|
||||
6. Create initial user:
|
||||
```
|
||||
abra run YOURAPPDOMAIN app bash
|
||||
. /docker-entrypoint2.sh -e
|
||||
abra app run YOURAPPDOMAIN app bash
|
||||
. /docker-entrypoint.sh -e
|
||||
bin/manage_users
|
||||
```
|
||||
|
||||
[codimd]: https://github.com/hackmdio/codimd
|
||||
[hedegedoc]: https://github.com/hedgedoc/hedgedoc
|
||||
[abra]: https://git.autonomic.zone/autonomic-cooperative/abra
|
||||
[compose-traefik]: https://git.autonomic.zone/coop-cloud/traefik
|
||||
|
||||
15
abra.sh
15
abra.sh
@ -1,13 +1,2 @@
|
||||
export ENTRYPOINT_CONF_VERSION=v1
|
||||
|
||||
abra_backup_app() {
|
||||
_abra_backup_dir "app:/home/hackmd/app/public/uploads/"
|
||||
}
|
||||
|
||||
abra_backup_db() {
|
||||
_abra_backup_postgres "db" "codimd" "codimd" "db_password"
|
||||
}
|
||||
|
||||
abra_backup() {
|
||||
abra_backup_app && abra_backup_db
|
||||
}
|
||||
export ENTRYPOINT_CONF_VERSION=v13
|
||||
export PG_BACKUP_VERSION=v1
|
||||
|
||||
15
alaconnect.yml
Normal file
15
alaconnect.yml
Normal file
@ -0,0 +1,15 @@
|
||||
authentik:
|
||||
env:
|
||||
CMD_OAUTH2_USER_PROFILE_URL: https://authentik.example.com/application/o/userinfo/
|
||||
CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR: preferred_username
|
||||
CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR: name
|
||||
CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR: email
|
||||
CMD_OAUTH2_TOKEN_URL: https://authentik.example.com/application/o/token/
|
||||
CMD_OAUTH2_AUTHORIZATION_URL: https://authentik.example.com/application/o/authorize/
|
||||
CMD_OAUTH2_CLIENT_ID: hedgedoc
|
||||
CMD_OAUTH2_PROVIDERNAME: Authentik
|
||||
uncomment:
|
||||
- compose.oauth.yml
|
||||
- SECRET_OAUTH_KEY_VERSION
|
||||
shared_secrets:
|
||||
hedgedoc_secret: oauth_key
|
||||
@ -5,13 +5,15 @@ services:
|
||||
app:
|
||||
environment:
|
||||
- CMD_OAUTH2_PROVIDERNAME
|
||||
- CMD_OAUTH2_BASEURL
|
||||
- CMD_OAUTH2_CLIENT_ID
|
||||
- CMD_OAUTH2_CLIENT_SECRET_FILE=/run/secrets/oauth_key
|
||||
- CMD_OAUTH2_AUTHORIZATION_URL
|
||||
- CMD_OAUTH2_TOKEN_URL
|
||||
- CMD_OAUTH2_USER_PROFILE_URL
|
||||
- CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR
|
||||
- CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR
|
||||
- CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR
|
||||
- CMD_OAUTH2_SCOPE
|
||||
secrets:
|
||||
- oauth_key
|
||||
|
||||
|
||||
55
compose.postgresql.yml
Normal file
55
compose.postgresql.yml
Normal file
@ -0,0 +1,55 @@
|
||||
version: "3.8"
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- CMD_DB_TYPE=postgres
|
||||
- CMD_DB_NAME=codimd
|
||||
- CMD_DB_USER=codimd
|
||||
- CMD_DB_HOST=db
|
||||
- CMD_DB_PASSWORD_FILE=/run/secrets/db_password
|
||||
depends_on:
|
||||
- db
|
||||
networks:
|
||||
- internal
|
||||
secrets:
|
||||
- db_password
|
||||
db:
|
||||
image: pgautoupgrade/pgautoupgrade:16-alpine
|
||||
environment:
|
||||
- POSTGRES_USER=codimd
|
||||
- POSTGRES_PASSWORD_FILE=/run/secrets/db_password
|
||||
- POSTGRES_DB=codimd
|
||||
volumes:
|
||||
- "postgres:/var/lib/postgresql/data"
|
||||
secrets:
|
||||
- db_password
|
||||
networks:
|
||||
- internal
|
||||
deploy:
|
||||
labels:
|
||||
backupbot.backup: "${ENABLE_BACKUPS:-true}"
|
||||
backupbot.backup.pre-hook: "/pg_backup.sh backup"
|
||||
backupbot.backup.volumes.postgres.path: "backup.sql"
|
||||
backupbot.restore.post-hook: '/pg_backup.sh restore'
|
||||
healthcheck:
|
||||
test: "pg_isready"
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 5
|
||||
start_period: 1m
|
||||
configs:
|
||||
- source: pg_backup
|
||||
target: /pg_backup.sh
|
||||
mode: 0555
|
||||
volumes:
|
||||
postgres:
|
||||
secrets:
|
||||
db_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
||||
networks:
|
||||
internal:
|
||||
configs:
|
||||
pg_backup:
|
||||
name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
|
||||
file: pg_backup.sh
|
||||
70
compose.yml
70
compose.yml
@ -1,28 +1,45 @@
|
||||
version: "3.8"
|
||||
services:
|
||||
app:
|
||||
image: hackmdio/hackmd:2.4.1
|
||||
image: quay.io/hedgedoc/hedgedoc:1.10.3
|
||||
environment:
|
||||
- CMD_USECDN=false
|
||||
- CMD_DB_NAME=codimd
|
||||
- CMD_DB_USER=codimd
|
||||
- CMD_DB_HOST=db
|
||||
- CMD_DB_PASSWORD_FILE=/run/secrets/db_password
|
||||
- CMD_EMAIL # Email login enabled?
|
||||
depends_on:
|
||||
- db
|
||||
- CMD_URL_ADDPORT=false
|
||||
- CMD_DOMAIN=$DOMAIN
|
||||
- CMD_PROTOCOL_USESSL=true
|
||||
- CMD_HSTS_ENABLE=false
|
||||
- CMD_DB_URL=sqlite:/database/db.sqlite3
|
||||
- CMD_ALLOW_ANONYMOUS
|
||||
- CMD_ALLOW_ANONYMOUS_EDITS
|
||||
- CMD_ALLOW_EMAIL_REGISTER
|
||||
- CMD_ALLOW_FREEURL
|
||||
- CMD_REQUIRE_FREEURL_AUTHENTICATION
|
||||
- CMD_ALLOW_GRAVATAR
|
||||
- CMD_ALLOW_ORIGIN
|
||||
- CMD_COOKIE_POLICY
|
||||
- CMD_CSP_ADD_DISQUS
|
||||
- CMD_CSP_ADD_GOOGLE_ANALYTICS
|
||||
- CMD_CSP_ENABLE
|
||||
- CMD_CSP_REPORTURI
|
||||
- CMD_DEFAULT_PERMISSION
|
||||
- CMD_EMAIL
|
||||
- CMD_SESSION_LIFE
|
||||
- CMD_SESSION_SECRET_FILE=/run/secrets/session_secret
|
||||
- DOCUMENT_MAX_LENGTH
|
||||
networks:
|
||||
- proxy
|
||||
- internal
|
||||
volumes:
|
||||
- codimd_uploads:/home/hackmd/app/public/uploads
|
||||
- codimd_uploads:/hedgedoc/public/uploads
|
||||
- codimd_database:/database
|
||||
secrets:
|
||||
- db_password
|
||||
- session_secret
|
||||
entrypoint: /docker-entrypoint.sh
|
||||
configs:
|
||||
- source: entrypoint_conf
|
||||
target: /docker-entrypoint.sh
|
||||
mode: 0555
|
||||
- source: config_json
|
||||
target: /files/config.json
|
||||
deploy:
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
@ -36,39 +53,30 @@ services:
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
- coop-cloud.${STACK_NAME}.app.version=2.4.1-e93929f3
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
- "coop-cloud.${STACK_NAME}.version=3.0.2+1.10.3"
|
||||
- "backupbot.backup=${ENABLE_BACKUPS:-true}"
|
||||
healthcheck:
|
||||
test: ["CMD", "wget", "-qO", "-", "http://localhost:3000"]
|
||||
test: "nodejs -e \"http.get('http://localhost:3000', (res) => { console.log('status: ', res.statusCode); if (res.statusCode == 200) { process.exit(0); } else { process.exit(1); } });\""
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
start_period: 1m
|
||||
db:
|
||||
image: postgres:11.12-alpine
|
||||
environment:
|
||||
- POSTGRES_USER=codimd
|
||||
- POSTGRES_PASSWORD_FILE=/run/secrets/db_password
|
||||
- POSTGRES_DB=codimd
|
||||
volumes:
|
||||
- "postgres:/var/lib/postgresql/data"
|
||||
secrets:
|
||||
- db_password
|
||||
networks:
|
||||
- internal
|
||||
deploy:
|
||||
labels: ['coop-cloud.${STACK_NAME}.db.version=11.12-alpine-09c7c402']
|
||||
volumes:
|
||||
postgres:
|
||||
codimd_uploads:
|
||||
codimd_database:
|
||||
secrets:
|
||||
db_password:
|
||||
session_secret:
|
||||
external: true
|
||||
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
||||
name: ${STACK_NAME}_session_secret_${SECRET_SESSION_SECRET_VERSION}
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
internal:
|
||||
configs:
|
||||
config_json:
|
||||
name: ${STACK_NAME}_config_${ENTRYPOINT_CONF_VERSION}
|
||||
file: config.json.tmpl
|
||||
template_driver: golang
|
||||
entrypoint_conf:
|
||||
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_CONF_VERSION}
|
||||
file: entrypoint.sh.tmpl
|
||||
|
||||
7
config.json.tmpl
Normal file
7
config.json.tmpl
Normal file
@ -0,0 +1,7 @@
|
||||
{
|
||||
{{ if (env "DOCUMENT_MAX_LENGTH") }}
|
||||
"production": {
|
||||
"documentMaxLength": {{ env "DOCUMENT_MAX_LENGTH" }}
|
||||
}
|
||||
{{ end }}
|
||||
}
|
||||
@ -1,46 +1,57 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
file_env() {
|
||||
# 3wc: Load $VAR_FILE into $VAR - useful for secrets. See
|
||||
# https://medium.com/@adrian.gheorghe.dev/using-docker-secrets-in-your-environment-variables-7a0609659aab
|
||||
local var="$1"
|
||||
local fileVar="${var}_FILE"
|
||||
local def="${2:-}"
|
||||
# 3wc: Load $VAR_FILE into $VAR - useful for secrets. See
|
||||
# https://medium.com/@adrian.gheorghe.dev/using-docker-secrets-in-your-environment-variables-7a0609659aab
|
||||
local var="$1"
|
||||
local fileVar="${var}_FILE"
|
||||
local def="${2:-}"
|
||||
|
||||
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
||||
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
local val="$def"
|
||||
if [ "${!var:-}" ]; then
|
||||
val="${!var}"
|
||||
elif [ "${!fileVar:-}" ]; then
|
||||
val="$(< "${!fileVar}")"
|
||||
fi
|
||||
export "$var"="$val"
|
||||
unset "$fileVar"
|
||||
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
||||
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
local val="$def"
|
||||
if [ "${!var:-}" ]; then
|
||||
val="${!var}"
|
||||
elif [ "${!fileVar:-}" ]; then
|
||||
val="$(< "${!fileVar}")"
|
||||
fi
|
||||
export "$var"="$val"
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
load_vars() {
|
||||
file_env "CMD_DB_PASSWORD"
|
||||
file_env "CMD_OAUTH2_CLIENT_SECRET"
|
||||
if [ -n "${CMD_DB_PASSWORD_FILE:-""}" ] ; then
|
||||
file_env "CMD_DB_PASSWORD"
|
||||
fi
|
||||
file_env "CMD_OAUTH2_CLIENT_SECRET"
|
||||
file_env "CMD_SESSION_SECRET"
|
||||
}
|
||||
|
||||
main() {
|
||||
set -eu
|
||||
set -eu
|
||||
|
||||
load_vars
|
||||
load_vars
|
||||
mkdir -p "/hedgedoc/.npm" && \
|
||||
chown -R 10000:65534 "/hedgedoc/.npm" && \
|
||||
chmod "u+rwx" "/hedgedoc/.npm"
|
||||
|
||||
chown -R 10000:65534 /database
|
||||
}
|
||||
|
||||
main
|
||||
|
||||
export CMD_DB_URL=postgres://$CMD_DB_USER:$CMD_DB_PASSWORD@$CMD_DB_HOST/$CMD_DB_NAME
|
||||
if [ -n "${CMD_DB_PASSWORD:-""}" ] ; then
|
||||
export CMD_DB_URL="${CMD_DB_TYPE}://$CMD_DB_USER:$CMD_DB_PASSWORD@$CMD_DB_HOST:5432/$CMD_DB_NAME"
|
||||
fi
|
||||
|
||||
# 3wc: `source /docker-entrypoint2.sh -e` to load CMD_DB_URL for CLI scripts
|
||||
# 3wc: `source /docker-entrypoint.sh -e` to load CMD_DB_URL for CLI scripts
|
||||
if [ ! "${1-}" == "-e" ]; then
|
||||
# 3wc: upstream ENTRYPOINT
|
||||
# https://github.com/hackmdio/codimd/blob/develop/deployments/Dockerfile
|
||||
/home/hackmd/app/docker-entrypoint.sh
|
||||
# 3wc: upstream ENTRYPOINT
|
||||
# https://github.com/hedgedoc/container/blob/master/alpine/Dockerfile
|
||||
mkdir -p "/hedgedoc/.npm" && chown -R 10000:65534 "/hedgedoc/.npm"
|
||||
/usr/local/bin/docker-entrypoint.sh npm start
|
||||
fi
|
||||
|
||||
set +eu
|
||||
|
||||
34
pg_backup.sh
Normal file
34
pg_backup.sh
Normal file
@ -0,0 +1,34 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
BACKUP_FILE='/var/lib/postgresql/data/backup.sql'
|
||||
|
||||
function backup {
|
||||
export PGPASSWORD=$(cat /run/secrets/db_password)
|
||||
pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} > $BACKUP_FILE
|
||||
}
|
||||
|
||||
function restore {
|
||||
cd /var/lib/postgresql/data/
|
||||
restore_config(){
|
||||
# Restore allowed connections
|
||||
cat pg_hba.conf.bak > pg_hba.conf
|
||||
su postgres -c 'pg_ctl reload'
|
||||
}
|
||||
# Don't allow any other connections than local
|
||||
cp pg_hba.conf pg_hba.conf.bak
|
||||
echo "local all all trust" > pg_hba.conf
|
||||
su postgres -c 'pg_ctl reload'
|
||||
trap restore_config EXIT INT TERM
|
||||
|
||||
# Recreate Database
|
||||
psql -U ${POSTGRES_USER} -d postgres -c "DROP DATABASE ${POSTGRES_DB} WITH (FORCE);"
|
||||
createdb -U ${POSTGRES_USER} ${POSTGRES_DB}
|
||||
psql -U ${POSTGRES_USER} -d ${POSTGRES_DB} -1 -f $BACKUP_FILE
|
||||
|
||||
trap - EXIT INT TERM
|
||||
restore_config
|
||||
}
|
||||
|
||||
$@
|
||||
7
release/1.0.0+1.9
Normal file
7
release/1.0.0+1.9
Normal file
@ -0,0 +1,7 @@
|
||||
WARNING WARNING WARNING 🚨
|
||||
|
||||
This release includes a major Postgres database upgrade, but does not yet include tools to automatically upgrade from older Postgres releases.
|
||||
|
||||
PLEASE DO NOT UPGRADE EXISTING INSTANCES TO THIS VERSION.
|
||||
|
||||
This should be fixed soon.
|
||||
1
release/1.2.0+1.10.0
Normal file
1
release/1.2.0+1.10.0
Normal file
@ -0,0 +1 @@
|
||||
Fixes security issue: https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-pjf2-269h-cx7p
|
||||
5
release/1.2.2+1.10.1
Normal file
5
release/1.2.2+1.10.1
Normal file
@ -0,0 +1,5 @@
|
||||
Upgrade to fix GHSA-6w39-x2c6-6mpf
|
||||
|
||||
BREAKING CHANGE!! new secret "session_secret" added, run:
|
||||
|
||||
abra app secret generate <app_domain> session_secret v1
|
||||
1
release/1.3.0+1.10.1
Normal file
1
release/1.3.0+1.10.1
Normal file
@ -0,0 +1 @@
|
||||
This release adds SQLite support by default, if you were using PostgreSQL make sure to update the env file!
|
||||
1
release/3.0.0+1.10.1
Normal file
1
release/3.0.0+1.10.1
Normal file
@ -0,0 +1 @@
|
||||
This release switches to `pgaautoupgrade` for easier Postgresql upgrades. If you are using Postgres, please take extra care to take a backup before upgrading.
|
||||
1
release/3.0.1+1.10.3
Normal file
1
release/3.0.1+1.10.3
Normal file
@ -0,0 +1 @@
|
||||
Security upgrade for GHSA-3983-rrqh-mvx5
|
||||
1
release/3.0.2+1.10.3
Normal file
1
release/3.0.2+1.10.3
Normal file
@ -0,0 +1 @@
|
||||
CRITICAL FIX: since version 3 this recipe uses always sqlite as database. This patch fixes instances running postgres
|
||||
Loading…
x
Reference in New Issue
Block a user