Migrate Hedgedoc from MySQL to PostgreSQL.

env.yml

@@ -70,7 +70,6 @@ projects_to_backup:
 
 borg_repodir: "{{ cifs_mounts['backups']['path'] }}/borg"
 borg_passphrase_file: /etc/borg-passphrase.txt
-hedgedoc_mysql_root_password_file: "/etc/hedgedoc-mysql-root-password.txt"
 borg_prune_options: |
   --keep-within=1d
   --keep-daily=7
@@ -114,7 +113,6 @@ users:
   coturn: 666
   etebase: 373
   hedgedoc: 1004
-  hedgedoc_mysql: 1005
   homepage: 8686
   lldap: 1007
   mailserver: 8
@@ -133,8 +131,7 @@ volumes:
   coturn_tls_certificate_file: "/etc/letsencrypt/live/turn.{{ domain }}/fullchain.pem"
   coturn_tls_certificate_key_file: "/etc/letsencrypt/live/turn.{{ domain }}/privkey.pem"
   etebase_datadir: /mnt/etebasedata
-  hedgedoc_mysql_datadir: /mnt/hedgedoc/mysql-data
+  hedgedoc_uploadsdir: /mnt/hedgedocuploads
-  hedgedoc_configdir: /mnt/hedgedoc/config
   lldap_datadir: /mnt/lldapdata
   mailserver_datadir: /mnt/mailserverdata
   mailserver_tls_certificate_file: "/etc/letsencrypt/live/mail.{{ domain }}/fullchain.pem"

roles/borg-init/tasks/main.yml

@@ -22,20 +22,6 @@
         mode: '600'
       when: not borg_stat_passphrase_file_result.stat.exists or borg_update_passphrase | default(false) | bool
  
-    - name: Get Hedgedoc MySQL root password file stat
-      stat:
-        path: "{{ hedgedoc_mysql_root_password_file }}"
-      register: hedgedoc_mysql_root_password_file_result
-
-    - name: "Template hedgedoc-mysql-root-password.txt to {{ hedgedoc_mysql_root_password_file }}"
-      template:
-        src: hedgedoc-mysql-root-password.txt
-        dest: "{{ hedgedoc_mysql_root_password_file }}"
-        owner: root
-        group: root
-        mode: '600'
-      when: not hedgedoc_mysql_root_password_file_result.stat.exists or hedgedoc_update_mysql_root_password | default(false) | bool
-
     - name: Get borg repository stat
       stat:
         path: "{{ borg_repodir }}"

roles/borg-init/templates/hedgedoc-mysql-root-password.txt

@@ -1 +0,0 @@
-{{ hedgedoc_secrets['mysql_root_password'] }}

roles/hedgedoc/tasks/backup.yml

@@ -1,22 +1,15 @@
-- name: Backup MySQL database
+- name: "Backup PostgreSQL hedgedoc database & {{ volumes['hedgedoc_uploadsdir'] }} directory"
-  community.docker.docker_container_exec:
+  shell: >
-    container: hedgedoc-mysql
+    docker exec postgres
-    docker_host: "{{ docker_host }}"
+    pg_dump -c {{ role_name }} |
-    argv:
-      - /bin/bash
-      - "-c"
-      - "mysqldump hedgedoc > /var/lib/mysql/hedgedoc-dump.sql"
-    env:
-      MYSQL_PWD: "{{ hedgedoc_secrets['mysql_root_password'] if hedgedoc_secrets['mysql_root_password'] is defined else lookup('ansible.builtin.file', hedgedoc_mysql_root_password_file) }}"
-
-- name: Create borg backup
-  command:
-    cmd: |
     borg create
-      --compression=lzma
+    --compression lzma
     "{{ borg_repodir }}::{{ role_name }}-{now:%Y-%m-%d_%H-%M-%S}"
-      {{ volumes['hedgedoc_mysql_datadir'] }}/hedgedoc-dump.sql
+    "{{ volumes['hedgedoc_uploadsdir'] }}"
+    -
+    --stdin-name dump_{{ role_name }}.sql    
   environment:
+    DOCKER_HOST: "{{ docker_host }}"
     BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
   become: true
 

roles/hedgedoc/tasks/update.yml

@@ -1,32 +1,26 @@
-- name: "Create {{ project_dir }} project directory"
+- name: "Create {{ project_dir }} directory"
   file:
     path: "{{ project_dir }}"
     state: directory
 
-- name: Template docker-compose.yaml to project directory
+- name: Template docker-compose.yaml & .env to project directory
   template:
-    src: docker-compose.yaml
+    src: "{{ item }}"
-    dest: "{{ project_dir }}/docker-compose.yaml"
+    dest: "{{ project_dir }}/{{ item }}"
     owner: "{{ host_uid }}"
     group: "{{ host_uid }}"
-    mode: '640'
+    mode: '600'
+  loop:
+    - docker-compose.yaml
+    - .env
 
-- name: "Create directory {{ volumes['hedgedoc_configdir'] }} with correct permissions"
+- name: "Create (if not exists) directory {{ volumes['hedgedoc_uploadsdir'] }} & set permissions"
   file:
-    path: "{{ volumes['hedgedoc_configdir'] }}"
+    path: "{{ volumes['hedgedoc_uploadsdir'] }}"
     state: directory
     owner: "{{ users['hedgedoc'] + uid_shift }}"
     group: "{{ users['hedgedoc'] + uid_shift }}"
-    mode: '770'
+    mode: '700'
-  become: true
-
-- name: "Create directory {{ volumes['hedgedoc_mysql_datadir'] }} with correct permissions"
-  file:
-    path: "{{ volumes['hedgedoc_mysql_datadir'] }}"
-    state: directory
-    owner: "{{ users['hedgedoc_mysql'] + uid_shift }}"
-    group: "{{ users['hedgedoc_mysql'] + uid_shift }}"
-    mode: '770'
   become: true
 
 - name: Pull project services

roles/hedgedoc/templates/.env

@@ -0,0 +1,8 @@
+CMD_DB_DIALECT=postgres
+CMD_DB_HOST='postgres.{{ domain }}'
+CMD_DB_DATABASE=hedgedoc
+CMD_DB_USERNAME='{{ hedgedoc_secrets["postgres_user"] }}'
+CMD_DB_PASSWORD='{{ hedgedoc_secrets["postgres_password"] }}'
+CMD_DOMAIN='hedgedoc.{{ domain }}'
+CMD_PROTOCOL_USESSL=true
+CMD_SESSION_SECRET='{{ hedgedoc_secrets["session_secret"] }}'

roles/hedgedoc/templates/docker-compose.yaml

@@ -1,33 +1,11 @@
 services:
   hedgedoc:
     container_name: hedgedoc
-    image: lscr.io/linuxserver/hedgedoc:latest
+    image: quay.io/hedgedoc/hedgedoc:1.9.9
     restart: always
-    environment:
+    user: {{ users['hedgedoc'] }}:{{ users['hedgedoc'] }}
-      - PUID={{ users['hedgedoc'] }}
+    env_file: .env
-      - PGID={{ users['hedgedoc'] }}
-      - TZ={{ timezone }}
-      - DB_HOST=hedgedoc-mysql
-      - DB_PORT=3306
-      - DB_USER=root
-      - DB_PASS={{ hedgedoc_secrets['mysql_root_password'] }}
-      - DB_NAME=hedgedoc
-      - CMD_DOMAIN=hedgedoc.{{ domain }}
-      - CMD_PROTOCOL_USESSL=true
     ports:
       - 127.0.0.1:{{ ports['hedgedoc'] }}:3000
     volumes:
-      - {{ volumes['hedgedoc_configdir'] }}:/config
+      - {{ volumes['hedgedoc_uploadsdir'] }}:/hedgedoc/public/uploads
-
-  mysql:
-    container_name: hedgedoc-mysql
-    image: docker.io/library/mysql:latest
-    restart: always
-    user: {{ users['hedgedoc_mysql'] }}:{{ users['hedgedoc_mysql'] }}
-    environment:
-      MYSQL_DATABASE: hedgedoc
-      MYSQL_ROOT_PASSWORD: "{{ hedgedoc_secrets['mysql_root_password'] }}"
-    volumes:
-      - {{ volumes['hedgedoc_mysql_datadir'] }}:/var/lib/mysql
-
-

roles/postgres/tasks/backup.yml

@@ -1,5 +1,5 @@
 - name: Create borg backup from PostgreSQL dumpall
-  shell: |
+  shell: >
     docker exec postgres
     pg_dumpall |
     borg create

secrets.yml.example

@@ -25,7 +25,9 @@ coturn_secrets:
   static_auth_secret:
 
 hedgedoc_secrets:
-  mysql_root_password:
+  postgres_user:
+  postgres_password:
+  session_secret:
 
 lldap_secrets:
   jwt_secret: