Update compose.yml

Re: coop-cloud/recipes-catalogue-json#4

.drone.yml

@@ -3,17 +3,19 @@ kind: pipeline
 name: deploy to swarm-test.autonomic.zone
 steps:
   - name: deployment
-    image: decentral1se/stack-ssh-deploy:latest
+    image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
     settings:
       host: swarm-test.autonomic.zone
-      stack: codimd
+      stack: hedgedoc
+      networks:
+       - proxy
       deploy_key:
         from_secret: drone_ssh_swarm_test
       generate_secrets: true
       purge: true
     environment:
-      DOMAIN: codimd.swarm-test.autonomic.zone
-      STACK_NAME: codimd
+      DOMAIN: hedgedoc.swarm-test.autonomic.zone
+      STACK_NAME: hedgedoc
       LETS_ENCRYPT_ENV: production
       SECRET_DB_PASSWORD_VERSION: v1
       ENTRYPOINT_CONF_VERSION: v1
@@ -22,11 +24,17 @@ trigger:
     - main
 ---
 kind: pipeline
-name: recipe release
+name: generate recipe catalogue
 steps:
   - name: release a new version
-    image: thecoopcloud/drone-abra:latest
+    image: plugins/downstream
     settings:
-      command: recipe codimd release
-      deploy_key:
-        from_secret: abra_bot_deploy_key
+      server: https://build.coopcloud.tech
+      token:
+        from_secret: drone_abra-bot_token
+      fork: true
+      repositories:
+        - coop-cloud/auto-recipes-catalogue-json
+
+trigger:
+  event: tag

.env.sample

@@ -1,20 +1,45 @@
-TYPE=codimd
+TYPE=hedgedoc
 
-DOMAIN=codimd.example.com
+DOMAIN=hedgedoc.example.com
 ## Domain aliases
-#EXTRA_DOMAINS=', `www.codimd.example.com`'
+#EXTRA_DOMAINS=', `www.hedgedoc.example.com`'
 LETS_ENCRYPT_ENV=production
 
 SECRET_DB_PASSWORD_VERSION=v1
 
-# OAuth, see https://hackmd.io/@codimd/codimd-generic-oauth-2
+COMPOSE_FILE="compose.yml"
 
-#COMPOSE_FILE="compose.yml:compose.oauth.yml"
+# OAuth, see https://docs.hedgedoc.org/guides/auth/keycloak/
+
+#COMPOSE_FILE="$COMPOSE_FILE:compose.oauth.yml"
 #CMD_OAUTH2_PROVIDERNAME="Keycloak"
-#CMD_OAUTH2_BASEURL="https://keycloak.example.com/realms/realmname/protocol/openid-connect/"
-#CMD_OAUTH2_CLIENT_ID="codimd"
+#CMD_OAUTH2_CLIENT_ID="hedgedoc"
 #CMD_OAUTH2_AUTHORIZATION_URL="https://keycloak.example.com/auth/realms/realmname/protocol/openid-connect/auth"
 #CMD_OAUTH2_TOKEN_URL="https://keycloak.example.com/auth/realms/realmname/protocol/openid-connect/token"
 #CMD_OAUTH2_USER_PROFILE_URL="https://keycloak.example.com/auth/realms/realmname/protocol/openid-connect/userinfo"
+#CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=ocs.data.id
+#CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=ocs.data.display-name
+#CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=ocs.data.email
+#CMD_OAUTH2_PROVIDERNAME=Keycloak
+#CMD_OAUTH2_SCOPE="openid email profile"
 #
 #SECRET_OAUTH_KEY_VERSION=v1
+
+# Options, see https://docs.hedgedoc.org/configuration/
+
+# CMD_ALLOW_ANONYMOUS=true
+# CMD_ALLOW_ANONYMOUS_EDITS=false
+# CMD_ALLOW_EMAIL_REGISTER=true
+# CMD_ALLOW_FREEURL=false
+# CMD_ALLOW_GRAVATAR=true
+# CMD_ALLOW_ORIGIN=localhost
+# CMD_COOKIE_POLICY=lax
+# CMD_CSP_ADD_DISQUS=false
+# CMD_CSP_ADD_GOOGLE_ANALYTICS=false
+# CMD_CSP_ENABLE=true
+# CMD_CSP_REPORTURI=undefined
+# CMD_DEFAULT_PERMISSION=editable
+# CMD_EMAIL=true
+# CMD_SESSION_LIFE=1209600000
+# Only present in config.json (no equivalent env var):
+# DOCUMENT_MAX_LENGTH=100000

README.md

@@ -1,35 +1,34 @@
-# CodiMD
+# Hedgedoc
 
-[![Build Status](https://drone.autonomic.zone/api/badges/coop-cloud/codimd/status.svg)](https://drone.autonomic.zone/coop-cloud/codimd)
+[![Build Status](https://drone.autonomic.zone/api/badges/coop-cloud/hedegedoc/status.svg)](https://drone.autonomic.zone/coop-cloud/hedegedoc)
 
-[CodiMD][codimd] using Coöp Cloud ♥
+[Hedgedoc][hedegedoc] using Coöp Cloud ♥
 
 <!-- metadata -->
 * **Category**: Apps
-* **Status**: ❷💛
-* **Image**: [`hackmdio/hackmd`](https://hub.docker.com/r/hackmdio/hackmd/), ❶💚, upstream
+* **Status**: 2, beta
+* **Image**: [`quay.io/hedgedoc/hedgedoc`](https://quay.io/hedgedoc/hedgedoc), 4, upstream
 * **Healthcheck**: Yes
-* **Backups**: No
+* **Backups**: Yes
 * **Email**: No
-* **Tests**: ❷💛
-* **SSO**: ❶💚 (OAuth)
+* **Tests**: 2
+* **SSO**: 3 (OAuth)
 <!-- endmetadata -->
 
 ## Basic usage
 
 1. Set up Docker Swarm and [`abra`][abra]
 2. Deploy [`coop-cloud/traefik`][compose-traefik]
-3. `abra app new codimd`
-4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to
+3. `abra app new hedgedoc`
+4. `abra app config YOURAPPDOMAIN` - be sure to change `$DOMAIN` to something that resolves to
    your Docker swarm box
-5. `abra app YOURAPPDOMAIN deploy`
+5. `abra app deploy YOURAPPDOMAIN`
 6. Create initial user:
 	```
-	abra run YOURAPPDOMAIN app bash
+	abra app YOURAPPDOMAIN run app bash
 	. /docker-entrypoint2.sh -e
 	bin/manage_users
-	```
 
-[codimd]: https://github.com/hackmdio/codimd
+[hedegedoc]: https://github.com/hedgedoc/hedgedoc
 [abra]: https://git.autonomic.zone/autonomic-cooperative/abra
-[compose-traefik]: https://git.autonomic.zone/coop-cloud/traefik
+[compose-traefik]: https://git.autonomic.zone/coop-cloud/traefik

abra.sh

@@ -1,4 +1,4 @@
-export ENTRYPOINT_CONF_VERSION=v1
+export ENTRYPOINT_CONF_VERSION=v6
 
 abra_backup_app() {
   _abra_backup_dir "app:/home/hackmd/app/public/uploads/"

compose.oauth.yml

@@ -5,13 +5,15 @@ services:
   app:
     environment:
       - CMD_OAUTH2_PROVIDERNAME
-      - CMD_OAUTH2_BASEURL
       - CMD_OAUTH2_CLIENT_ID
       - CMD_OAUTH2_CLIENT_SECRET_FILE=/run/secrets/oauth_key
       - CMD_OAUTH2_AUTHORIZATION_URL
       - CMD_OAUTH2_TOKEN_URL
       - CMD_OAUTH2_USER_PROFILE_URL
       - CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR
+      - CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR
+      - CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR
+      - CMD_OAUTH2_SCOPE
     secrets:
       - oauth_key
 

compose.yml

@@ -1,14 +1,32 @@
 version: "3.8"
 services:
   app:
-    image: hackmdio/hackmd:2.4.1
+    image: quay.io/hedgedoc/hedgedoc:1.9.8
     environment:
       - CMD_USECDN=false
+      - CMD_URL_ADDPORT=false
+      - CMD_DOMAIN=$DOMAIN
+      - CMD_PROTOCOL_USESSL=true
+      - CMD_HSTS_ENABLE=false
       - CMD_DB_NAME=codimd
       - CMD_DB_USER=codimd
       - CMD_DB_HOST=db
       - CMD_DB_PASSWORD_FILE=/run/secrets/db_password
-      - CMD_EMAIL # Email login enabled?
+      - CMD_ALLOW_ANONYMOUS
+      - CMD_ALLOW_ANONYMOUS_EDITS
+      - CMD_ALLOW_EMAIL_REGISTER
+      - CMD_ALLOW_FREEURL
+      - CMD_ALLOW_GRAVATAR
+      - CMD_ALLOW_ORIGIN
+      - CMD_COOKIE_POLICY
+      - CMD_CSP_ADD_DISQUS
+      - CMD_CSP_ADD_GOOGLE_ANALYTICS
+      - CMD_CSP_ENABLE
+      - CMD_CSP_REPORTURI
+      - CMD_DEFAULT_PERMISSION
+      - CMD_EMAIL
+      - CMD_SESSION_LIFE
+      - DOCUMENT_MAX_LENGTH
     depends_on:
       - db
     networks:
@@ -23,6 +41,9 @@ services:
       - source: entrypoint_conf
         target: /docker-entrypoint.sh
         mode: 0555
+      - source: config_json
+        target: /files/config.json
+        mode: 0555
     deploy:
       restart_policy:
         condition: on-failure
@@ -36,15 +57,15 @@ services:
         - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
-        - coop-cloud.${STACK_NAME}.app.version=2.4.1-e93929f3
+        - coop-cloud.${STACK_NAME}.version=0.5.1+1.9.8
     healthcheck:
-      test: ["CMD", "wget", "-qO", "-", "http://localhost:3000"]
+      test: "nodejs -e \"http.get('http://localhost:3000', (res) => { console.log('status: ', res.statusCode); if (res.statusCode == 200) { process.exit(0); } else { process.exit(1); } });\""
       interval: 30s
       timeout: 10s
       retries: 10
       start_period: 1m
   db:
-    image: postgres:11.12-alpine
+    image: postgres:11.20-alpine
     environment:
       - POSTGRES_USER=codimd
       - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
@@ -56,7 +77,13 @@ services:
     networks:
       - internal
     deploy:
-      labels: ['coop-cloud.${STACK_NAME}.db.version=11.12-alpine-09c7c402']
+      labels:
+          backupbot.backup: "true"
+          backupbot.backup.pre-hook: "mkdir -p /tmp/backup/ && PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /tmp/backup/backup.sql"
+          backupbot.backup.post-hook: "rm -rf /tmp/backup"
+          backupbot.backup.path: "/tmp/backup/"
+          backupbot.restore: "true"
+          backupbot.restore.post-hook: "sh -c 'psql -U $${POSTGRES_USER} -d $${POSTGRES_DB} < ./backup.sql && rm -f ./backup.sql'"
 volumes:
   postgres:
   codimd_uploads:
@@ -69,6 +96,10 @@ networks:
     external: true
   internal:
 configs:
+  config_json:
+    name: ${STACK_NAME}_config_${ENTRYPOINT_CONF_VERSION}
+    file: config.json.tmpl
+    template_driver: golang
   entrypoint_conf:
     name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_CONF_VERSION}
     file: entrypoint.sh.tmpl

config.json.tmpl

@@ -0,0 +1,7 @@
+{
+  {{ if (env "DOCUMENT_MAX_LENGTH") }}
+  "production": {
+    "documentMaxLength": {{ env "DOCUMENT_MAX_LENGTH" }}
+    }
+  {{ end }}
+}

entrypoint.sh.tmpl

@@ -34,13 +34,13 @@ main() {
 
 main
 
-export CMD_DB_URL=postgres://$CMD_DB_USER:$CMD_DB_PASSWORD@$CMD_DB_HOST/$CMD_DB_NAME
+export CMD_DB_URL=postgres://$CMD_DB_USER:$CMD_DB_PASSWORD@$CMD_DB_HOST:5432/$CMD_DB_NAME
 
 # 3wc: `source /docker-entrypoint2.sh -e` to load CMD_DB_URL for CLI scripts
 if [ ! "${1-}" == "-e" ]; then
 	# 3wc: upstream ENTRYPOINT
-	# https://github.com/hackmdio/codimd/blob/develop/deployments/Dockerfile
-	/home/hackmd/app/docker-entrypoint.sh
+	# https://github.com/hedgedoc/container/blob/master/alpine/Dockerfile
+	/usr/local/bin/docker-entrypoint.sh npm start
 fi
 
 set +eu