Compare commits
No commits in common. "1c1c7c22df082a9a3a8ed5775173858c3eae2f1d" and "51d9c9ec601cd3bf44471b2b18d5b5efb20d0bf5" have entirely different histories.
1c1c7c22df
...
51d9c9ec60
9 changed files with 82 additions and 39 deletions
5
env.yml
5
env.yml
|
@ -70,6 +70,7 @@ projects_to_backup:
|
|||
|
||||
borg_repodir: "{{ cifs_mounts['backups']['path'] }}/borg"
|
||||
borg_passphrase_file: /etc/borg-passphrase.txt
|
||||
hedgedoc_mysql_root_password_file: "/etc/hedgedoc-mysql-root-password.txt"
|
||||
borg_prune_options: |
|
||||
--keep-within=1d
|
||||
--keep-daily=7
|
||||
|
@ -113,6 +114,7 @@ users:
|
|||
coturn: 666
|
||||
etebase: 373
|
||||
hedgedoc: 1004
|
||||
hedgedoc_mysql: 1005
|
||||
homepage: 8686
|
||||
lldap: 1007
|
||||
mailserver: 8
|
||||
|
@ -131,7 +133,8 @@ volumes:
|
|||
coturn_tls_certificate_file: "/etc/letsencrypt/live/turn.{{ domain }}/fullchain.pem"
|
||||
coturn_tls_certificate_key_file: "/etc/letsencrypt/live/turn.{{ domain }}/privkey.pem"
|
||||
etebase_datadir: /mnt/etebasedata
|
||||
hedgedoc_uploadsdir: /mnt/hedgedocuploads
|
||||
hedgedoc_mysql_datadir: /mnt/hedgedoc/mysql-data
|
||||
hedgedoc_configdir: /mnt/hedgedoc/config
|
||||
lldap_datadir: /mnt/lldapdata
|
||||
mailserver_datadir: /mnt/mailserverdata
|
||||
mailserver_tls_certificate_file: "/etc/letsencrypt/live/mail.{{ domain }}/fullchain.pem"
|
||||
|
|
|
@ -22,6 +22,20 @@
|
|||
mode: '600'
|
||||
when: not borg_stat_passphrase_file_result.stat.exists or borg_update_passphrase | default(false) | bool
|
||||
|
||||
- name: Get Hedgedoc MySQL root password file stat
|
||||
stat:
|
||||
path: "{{ hedgedoc_mysql_root_password_file }}"
|
||||
register: hedgedoc_mysql_root_password_file_result
|
||||
|
||||
- name: "Template hedgedoc-mysql-root-password.txt to {{ hedgedoc_mysql_root_password_file }}"
|
||||
template:
|
||||
src: hedgedoc-mysql-root-password.txt
|
||||
dest: "{{ hedgedoc_mysql_root_password_file }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '600'
|
||||
when: not hedgedoc_mysql_root_password_file_result.stat.exists or hedgedoc_update_mysql_root_password | default(false) | bool
|
||||
|
||||
- name: Get borg repository stat
|
||||
stat:
|
||||
path: "{{ borg_repodir }}"
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
{{ hedgedoc_secrets['mysql_root_password'] }}
|
|
@ -1,15 +1,22 @@
|
|||
- name: "Backup PostgreSQL hedgedoc database & {{ volumes['hedgedoc_uploadsdir'] }} directory"
|
||||
shell: >
|
||||
docker exec postgres
|
||||
pg_dump -c {{ role_name }} |
|
||||
- name: Backup MySQL database
|
||||
community.docker.docker_container_exec:
|
||||
container: hedgedoc-mysql
|
||||
docker_host: "{{ docker_host }}"
|
||||
argv:
|
||||
- /bin/bash
|
||||
- "-c"
|
||||
- "mysqldump hedgedoc > /var/lib/mysql/hedgedoc-dump.sql"
|
||||
env:
|
||||
MYSQL_PWD: "{{ hedgedoc_secrets['mysql_root_password'] if hedgedoc_secrets['mysql_root_password'] is defined else lookup('ansible.builtin.file', hedgedoc_mysql_root_password_file) }}"
|
||||
|
||||
- name: Create borg backup
|
||||
command:
|
||||
cmd: |
|
||||
borg create
|
||||
--compression lzma
|
||||
--compression=lzma
|
||||
"{{ borg_repodir }}::{{ role_name }}-{now:%Y-%m-%d_%H-%M-%S}"
|
||||
"{{ volumes['hedgedoc_uploadsdir'] }}"
|
||||
-
|
||||
--stdin-name dump_{{ role_name }}.sql
|
||||
{{ volumes['hedgedoc_mysql_datadir'] }}/hedgedoc-dump.sql
|
||||
environment:
|
||||
DOCKER_HOST: "{{ docker_host }}"
|
||||
BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
|
||||
become: true
|
||||
|
||||
|
|
|
@ -1,26 +1,32 @@
|
|||
- name: "Create {{ project_dir }} directory"
|
||||
- name: "Create {{ project_dir }} project directory"
|
||||
file:
|
||||
path: "{{ project_dir }}"
|
||||
state: directory
|
||||
|
||||
- name: Template docker-compose.yaml & .env to project directory
|
||||
- name: Template docker-compose.yaml to project directory
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ project_dir }}/{{ item }}"
|
||||
src: docker-compose.yaml
|
||||
dest: "{{ project_dir }}/docker-compose.yaml"
|
||||
owner: "{{ host_uid }}"
|
||||
group: "{{ host_uid }}"
|
||||
mode: '600'
|
||||
loop:
|
||||
- docker-compose.yaml
|
||||
- .env
|
||||
mode: '640'
|
||||
|
||||
- name: "Create (if not exists) directory {{ volumes['hedgedoc_uploadsdir'] }} & set permissions"
|
||||
- name: "Create directory {{ volumes['hedgedoc_configdir'] }} with correct permissions"
|
||||
file:
|
||||
path: "{{ volumes['hedgedoc_uploadsdir'] }}"
|
||||
path: "{{ volumes['hedgedoc_configdir'] }}"
|
||||
state: directory
|
||||
owner: "{{ users['hedgedoc'] + uid_shift }}"
|
||||
group: "{{ users['hedgedoc'] + uid_shift }}"
|
||||
mode: '700'
|
||||
mode: '770'
|
||||
become: true
|
||||
|
||||
- name: "Create directory {{ volumes['hedgedoc_mysql_datadir'] }} with correct permissions"
|
||||
file:
|
||||
path: "{{ volumes['hedgedoc_mysql_datadir'] }}"
|
||||
state: directory
|
||||
owner: "{{ users['hedgedoc_mysql'] + uid_shift }}"
|
||||
group: "{{ users['hedgedoc_mysql'] + uid_shift }}"
|
||||
mode: '770'
|
||||
become: true
|
||||
|
||||
- name: Pull project services
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
CMD_DB_DIALECT=postgres
|
||||
CMD_DB_HOST='postgres.{{ domain }}'
|
||||
CMD_DB_DATABASE=hedgedoc
|
||||
CMD_DB_USERNAME='{{ hedgedoc_secrets["postgres_user"] }}'
|
||||
CMD_DB_PASSWORD='{{ hedgedoc_secrets["postgres_password"] }}'
|
||||
CMD_DOMAIN='hedgedoc.{{ domain }}'
|
||||
CMD_PROTOCOL_USESSL=true
|
||||
CMD_SESSION_SECRET='{{ hedgedoc_secrets["session_secret"] }}'
|
|
@ -1,11 +1,33 @@
|
|||
services:
|
||||
hedgedoc:
|
||||
container_name: hedgedoc
|
||||
image: quay.io/hedgedoc/hedgedoc:1.9.9
|
||||
image: lscr.io/linuxserver/hedgedoc:latest
|
||||
restart: always
|
||||
user: {{ users['hedgedoc'] }}:{{ users['hedgedoc'] }}
|
||||
env_file: .env
|
||||
environment:
|
||||
- PUID={{ users['hedgedoc'] }}
|
||||
- PGID={{ users['hedgedoc'] }}
|
||||
- TZ={{ timezone }}
|
||||
- DB_HOST=hedgedoc-mysql
|
||||
- DB_PORT=3306
|
||||
- DB_USER=root
|
||||
- DB_PASS={{ hedgedoc_secrets['mysql_root_password'] }}
|
||||
- DB_NAME=hedgedoc
|
||||
- CMD_DOMAIN=hedgedoc.{{ domain }}
|
||||
- CMD_PROTOCOL_USESSL=true
|
||||
ports:
|
||||
- 127.0.0.1:{{ ports['hedgedoc'] }}:3000
|
||||
volumes:
|
||||
- {{ volumes['hedgedoc_uploadsdir'] }}:/hedgedoc/public/uploads
|
||||
- {{ volumes['hedgedoc_configdir'] }}:/config
|
||||
|
||||
mysql:
|
||||
container_name: hedgedoc-mysql
|
||||
image: docker.io/library/mysql:latest
|
||||
restart: always
|
||||
user: {{ users['hedgedoc_mysql'] }}:{{ users['hedgedoc_mysql'] }}
|
||||
environment:
|
||||
MYSQL_DATABASE: hedgedoc
|
||||
MYSQL_ROOT_PASSWORD: "{{ hedgedoc_secrets['mysql_root_password'] }}"
|
||||
volumes:
|
||||
- {{ volumes['hedgedoc_mysql_datadir'] }}:/var/lib/mysql
|
||||
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
- name: Create borg backup from PostgreSQL dumpall
|
||||
shell: >
|
||||
shell: |
|
||||
docker exec postgres
|
||||
pg_dumpall |
|
||||
borg create
|
||||
|
|
|
@ -25,9 +25,7 @@ coturn_secrets:
|
|||
static_auth_secret:
|
||||
|
||||
hedgedoc_secrets:
|
||||
postgres_user:
|
||||
postgres_password:
|
||||
session_secret:
|
||||
mysql_root_password:
|
||||
|
||||
lldap_secrets:
|
||||
jwt_secret:
|
||||
|
|
Loading…
Reference in a new issue