From c3f82875bec926449b4a8ad0e995a88b4373ba56 Mon Sep 17 00:00:00 2001
From: Viyurz <viyurz@viyurz.fr>
Date: Mon, 14 Oct 2024 15:31:36 +0200
Subject: [PATCH] Migrate HedgeDoc to Podman

---
 projects/hedgedoc/.env.mako         | 20 ++++++++++++++++++++
 projects/hedgedoc/compose.yaml.mako | 12 ++++++++++++
 pyenv.yml                           |  5 +++++
 3 files changed, 37 insertions(+)
 create mode 100644 projects/hedgedoc/.env.mako
 create mode 100644 projects/hedgedoc/compose.yaml.mako

diff --git a/projects/hedgedoc/.env.mako b/projects/hedgedoc/.env.mako
new file mode 100644
index 0000000..9d386f7
--- /dev/null
+++ b/projects/hedgedoc/.env.mako
@@ -0,0 +1,20 @@
+CMD_DB_DIALECT=postgres
+CMD_DB_HOST='postgres.${env["domain"]}'
+CMD_DB_DATABASE=hedgedoc
+CMD_DB_USERNAME='${secrets["postgres"]["hedgedoc"]["user"]}'
+CMD_DB_PASSWORD='${secrets["postgres"]["hedgedoc"]["pass"]}'
+CMD_DOMAIN='hedgedoc.${env["domain"]}'
+CMD_PROTOCOL_USESSL=true
+CMD_SESSION_SECRET='${secrets["hedgedoc_session"]}'
+CMD_EMAIL=false
+
+CMD_OAUTH2_PROVIDERNAME=Keycloak
+CMD_OAUTH2_CLIENT_ID='${secrets["keycloak"]["hedgedoc"]["id"]}'
+CMD_OAUTH2_CLIENT_SECRET='${secrets["keycloak"]["hedgedoc"]["secret"]}'
+CMD_OAUTH2_AUTHORIZATION_URL=https://kc.${env["domain"]}/realms/master/protocol/openid-connect/auth
+CMD_OAUTH2_TOKEN_URL=https://kc.${env["domain"]}/realms/master/protocol/openid-connect/token
+CMD_OAUTH2_USER_PROFILE_URL=https://kc.${env["domain"]}/realms/master/protocol/openid-connect/userinfo
+CMD_OAUTH2_SCOPE=openid email profile
+CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username
+CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name
+CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email
diff --git a/projects/hedgedoc/compose.yaml.mako b/projects/hedgedoc/compose.yaml.mako
new file mode 100644
index 0000000..e1ffc00
--- /dev/null
+++ b/projects/hedgedoc/compose.yaml.mako
@@ -0,0 +1,12 @@
+services:
+  hedgedoc:
+    container_name: hedgedoc
+    image: quay.io/hedgedoc/hedgedoc:1.10.0-alpine
+    network_mode: pasta:-a,${env['pasta']['hedgedoc']['ipv4']},-a,${env['pasta']['hedgedoc']['ipv6']}
+    restart: always
+    user: ${env['users']['hedgedoc']}:${env['users']['hedgedoc']}
+    env_file: .env.rendered
+    ports:
+      - 127.0.0.1:${env['ports']['hedgedoc']}:3000
+    volumes:
+      - ${env['volumes']['hedgedoc']['uploadsdir']}:/hedgedoc/public/uploads
diff --git a/pyenv.yml b/pyenv.yml
index dbf274e..58c2ce4 100644
--- a/pyenv.yml
+++ b/pyenv.yml
@@ -23,6 +23,8 @@ socket: "/run/podman/podman.sock"
 backup:
   etebase:
     - /mnt/etebasedata/media
+  hedgedoc:
+    - /mnt/hedgedocuploads
   synapse:
     - /mnt/synapsedata
   vaultwarden:
@@ -53,6 +55,9 @@ pasta:
   etebase:
     ipv4: 10.86.5.1
     ipv6: fc86::5
+  hedgedoc:
+    ipv4: 10.86.8.1
+    ipv6: fc86::8
   synapse:
     ipv4: 10.86.19.1
     ipv6: fc86::19