Compare commits

..

No commits in common. "1c1c7c22df082a9a3a8ed5775173858c3eae2f1d" and "51d9c9ec601cd3bf44471b2b18d5b5efb20d0bf5" have entirely different histories.

9 changed files with 82 additions and 39 deletions

View file

@ -70,6 +70,7 @@ projects_to_backup:
borg_repodir: "{{ cifs_mounts['backups']['path'] }}/borg" borg_repodir: "{{ cifs_mounts['backups']['path'] }}/borg"
borg_passphrase_file: /etc/borg-passphrase.txt borg_passphrase_file: /etc/borg-passphrase.txt
hedgedoc_mysql_root_password_file: "/etc/hedgedoc-mysql-root-password.txt"
borg_prune_options: | borg_prune_options: |
--keep-within=1d --keep-within=1d
--keep-daily=7 --keep-daily=7
@ -113,6 +114,7 @@ users:
coturn: 666 coturn: 666
etebase: 373 etebase: 373
hedgedoc: 1004 hedgedoc: 1004
hedgedoc_mysql: 1005
homepage: 8686 homepage: 8686
lldap: 1007 lldap: 1007
mailserver: 8 mailserver: 8
@ -131,7 +133,8 @@ volumes:
coturn_tls_certificate_file: "/etc/letsencrypt/live/turn.{{ domain }}/fullchain.pem" coturn_tls_certificate_file: "/etc/letsencrypt/live/turn.{{ domain }}/fullchain.pem"
coturn_tls_certificate_key_file: "/etc/letsencrypt/live/turn.{{ domain }}/privkey.pem" coturn_tls_certificate_key_file: "/etc/letsencrypt/live/turn.{{ domain }}/privkey.pem"
etebase_datadir: /mnt/etebasedata etebase_datadir: /mnt/etebasedata
hedgedoc_uploadsdir: /mnt/hedgedocuploads hedgedoc_mysql_datadir: /mnt/hedgedoc/mysql-data
hedgedoc_configdir: /mnt/hedgedoc/config
lldap_datadir: /mnt/lldapdata lldap_datadir: /mnt/lldapdata
mailserver_datadir: /mnt/mailserverdata mailserver_datadir: /mnt/mailserverdata
mailserver_tls_certificate_file: "/etc/letsencrypt/live/mail.{{ domain }}/fullchain.pem" mailserver_tls_certificate_file: "/etc/letsencrypt/live/mail.{{ domain }}/fullchain.pem"

View file

@ -22,6 +22,20 @@
mode: '600' mode: '600'
when: not borg_stat_passphrase_file_result.stat.exists or borg_update_passphrase | default(false) | bool when: not borg_stat_passphrase_file_result.stat.exists or borg_update_passphrase | default(false) | bool
- name: Get Hedgedoc MySQL root password file stat
stat:
path: "{{ hedgedoc_mysql_root_password_file }}"
register: hedgedoc_mysql_root_password_file_result
- name: "Template hedgedoc-mysql-root-password.txt to {{ hedgedoc_mysql_root_password_file }}"
template:
src: hedgedoc-mysql-root-password.txt
dest: "{{ hedgedoc_mysql_root_password_file }}"
owner: root
group: root
mode: '600'
when: not hedgedoc_mysql_root_password_file_result.stat.exists or hedgedoc_update_mysql_root_password | default(false) | bool
- name: Get borg repository stat - name: Get borg repository stat
stat: stat:
path: "{{ borg_repodir }}" path: "{{ borg_repodir }}"

View file

@ -0,0 +1 @@
{{ hedgedoc_secrets['mysql_root_password'] }}

View file

@ -1,15 +1,22 @@
- name: "Backup PostgreSQL hedgedoc database & {{ volumes['hedgedoc_uploadsdir'] }} directory" - name: Backup MySQL database
shell: > community.docker.docker_container_exec:
docker exec postgres container: hedgedoc-mysql
pg_dump -c {{ role_name }} | docker_host: "{{ docker_host }}"
borg create argv:
--compression lzma - /bin/bash
"{{ borg_repodir }}::{{ role_name }}-{now:%Y-%m-%d_%H-%M-%S}" - "-c"
"{{ volumes['hedgedoc_uploadsdir'] }}" - "mysqldump hedgedoc > /var/lib/mysql/hedgedoc-dump.sql"
- env:
--stdin-name dump_{{ role_name }}.sql MYSQL_PWD: "{{ hedgedoc_secrets['mysql_root_password'] if hedgedoc_secrets['mysql_root_password'] is defined else lookup('ansible.builtin.file', hedgedoc_mysql_root_password_file) }}"
- name: Create borg backup
command:
cmd: |
borg create
--compression=lzma
"{{ borg_repodir }}::{{ role_name }}-{now:%Y-%m-%d_%H-%M-%S}"
{{ volumes['hedgedoc_mysql_datadir'] }}/hedgedoc-dump.sql
environment: environment:
DOCKER_HOST: "{{ docker_host }}"
BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}" BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
become: true become: true

View file

@ -1,26 +1,32 @@
- name: "Create {{ project_dir }} directory" - name: "Create {{ project_dir }} project directory"
file: file:
path: "{{ project_dir }}" path: "{{ project_dir }}"
state: directory state: directory
- name: Template docker-compose.yaml & .env to project directory - name: Template docker-compose.yaml to project directory
template: template:
src: "{{ item }}" src: docker-compose.yaml
dest: "{{ project_dir }}/{{ item }}" dest: "{{ project_dir }}/docker-compose.yaml"
owner: "{{ host_uid }}" owner: "{{ host_uid }}"
group: "{{ host_uid }}" group: "{{ host_uid }}"
mode: '600' mode: '640'
loop:
- docker-compose.yaml
- .env
- name: "Create (if not exists) directory {{ volumes['hedgedoc_uploadsdir'] }} & set permissions" - name: "Create directory {{ volumes['hedgedoc_configdir'] }} with correct permissions"
file: file:
path: "{{ volumes['hedgedoc_uploadsdir'] }}" path: "{{ volumes['hedgedoc_configdir'] }}"
state: directory state: directory
owner: "{{ users['hedgedoc'] + uid_shift }}" owner: "{{ users['hedgedoc'] + uid_shift }}"
group: "{{ users['hedgedoc'] + uid_shift }}" group: "{{ users['hedgedoc'] + uid_shift }}"
mode: '700' mode: '770'
become: true
- name: "Create directory {{ volumes['hedgedoc_mysql_datadir'] }} with correct permissions"
file:
path: "{{ volumes['hedgedoc_mysql_datadir'] }}"
state: directory
owner: "{{ users['hedgedoc_mysql'] + uid_shift }}"
group: "{{ users['hedgedoc_mysql'] + uid_shift }}"
mode: '770'
become: true become: true
- name: Pull project services - name: Pull project services

View file

@ -1,8 +0,0 @@
CMD_DB_DIALECT=postgres
CMD_DB_HOST='postgres.{{ domain }}'
CMD_DB_DATABASE=hedgedoc
CMD_DB_USERNAME='{{ hedgedoc_secrets["postgres_user"] }}'
CMD_DB_PASSWORD='{{ hedgedoc_secrets["postgres_password"] }}'
CMD_DOMAIN='hedgedoc.{{ domain }}'
CMD_PROTOCOL_USESSL=true
CMD_SESSION_SECRET='{{ hedgedoc_secrets["session_secret"] }}'

View file

@ -1,11 +1,33 @@
services: services:
hedgedoc: hedgedoc:
container_name: hedgedoc container_name: hedgedoc
image: quay.io/hedgedoc/hedgedoc:1.9.9 image: lscr.io/linuxserver/hedgedoc:latest
restart: always restart: always
user: {{ users['hedgedoc'] }}:{{ users['hedgedoc'] }} environment:
env_file: .env - PUID={{ users['hedgedoc'] }}
- PGID={{ users['hedgedoc'] }}
- TZ={{ timezone }}
- DB_HOST=hedgedoc-mysql
- DB_PORT=3306
- DB_USER=root
- DB_PASS={{ hedgedoc_secrets['mysql_root_password'] }}
- DB_NAME=hedgedoc
- CMD_DOMAIN=hedgedoc.{{ domain }}
- CMD_PROTOCOL_USESSL=true
ports: ports:
- 127.0.0.1:{{ ports['hedgedoc'] }}:3000 - 127.0.0.1:{{ ports['hedgedoc'] }}:3000
volumes: volumes:
- {{ volumes['hedgedoc_uploadsdir'] }}:/hedgedoc/public/uploads - {{ volumes['hedgedoc_configdir'] }}:/config
mysql:
container_name: hedgedoc-mysql
image: docker.io/library/mysql:latest
restart: always
user: {{ users['hedgedoc_mysql'] }}:{{ users['hedgedoc_mysql'] }}
environment:
MYSQL_DATABASE: hedgedoc
MYSQL_ROOT_PASSWORD: "{{ hedgedoc_secrets['mysql_root_password'] }}"
volumes:
- {{ volumes['hedgedoc_mysql_datadir'] }}:/var/lib/mysql

View file

@ -1,5 +1,5 @@
- name: Create borg backup from PostgreSQL dumpall - name: Create borg backup from PostgreSQL dumpall
shell: > shell: |
docker exec postgres docker exec postgres
pg_dumpall | pg_dumpall |
borg create borg create

View file

@ -25,9 +25,7 @@ coturn_secrets:
static_auth_secret: static_auth_secret:
hedgedoc_secrets: hedgedoc_secrets:
postgres_user: mysql_root_password:
postgres_password:
session_secret:
lldap_secrets: lldap_secrets:
jwt_secret: jwt_secret: