From d5d1a71a2050a92beb65aa4e8ce9e7ca9a50be68 Mon Sep 17 00:00:00 2001
From: Malte <malte@drabesch.de>
Date: Sun, 15 Dec 2024 18:09:46 +0100
Subject: [PATCH] hedgedoc formula

---
 hedgedoc/init.sls | 57 +++++++++++++++++++++++++++++++++++++++++++++++
 pillar.example    | 11 +++++++++
 2 files changed, 68 insertions(+)
 create mode 100644 hedgedoc/init.sls
 create mode 100644 pillar.example

diff --git a/hedgedoc/init.sls b/hedgedoc/init.sls
new file mode 100644
index 0000000..4756ba7
--- /dev/null
+++ b/hedgedoc/init.sls
@@ -0,0 +1,57 @@
+hedgedoc data directory exists:
+  file.directory:
+    - name: /opt/hedgedoc/pg_data
+    - makedirs: True
+
+hedgedoc_docker_net_present:
+  docker_network.present:
+    - name: hedgedoc
+
+hedgedoc_docker_present:
+  docker_volume.present:
+    - name: hedgedoc
+    - image: {{ salt['pillar.get']('hedgedoc:image:path', 'quay.io/hedgedoc/hedgedoc') }}:{{ salt['pillar.get']('hedgedoc:image:version', '1.10.0') }}
+    - container: hedgedoc
+    - environment:
+       - CMD_DB_URL: "postgres://codimd:password@database:5432/codimd"
+       - CMD_USECDN: "false"
+       - CMD_DOMAIN: "pad.flipdot.org"
+       - CMD_URL_ADDPORT: "false"
+       - CMD_EMAIL: "false"
+       - CMD_ALLOW_EMAIL_REGISTER: "false"
+       - # following two keys disable creation of anonymous notes, but enable editing of existing notes
+       - CMD_ALLOW_ANONYMOUS: "true"
+       - CMD_ALLOW_ANONYMOUS_EDITS: "true"
+       - CMD_DEFAULT_PERMISSION: "freely"
+       - CMD_PROTOCOL_USESSL: "true"
+       - CMD_OAUTH2_USER_PROFILE_URL: {{ salt['pillar.get']('hedgedoc:oauth2:user_profile_url', 'https://login.example.com/realms/example/protocol/openid-connect/userinfo') }}
+       - CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR: "preferred_username"
+       - CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR: "preferred_username"
+       - CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR: "email"
+       - CMD_OAUTH2_TOKEN_URL: {{ salt['pillar.get']('hedgedoc:oauth2:token_url', 'https://login.example.com/realms/example/protocol/openid-connect/token') }}
+       - CMD_OAUTH2_AUTHORIZATION_URL: {{ salt['pillar.get']('hedgedoc:oauth2:authorization_url', 'https://login.example.com/realms/example/protocol/openid-connect/auth') }}
+       - CMD_OAUTH2_CLIENT_ID: {{ salt['pillar.get']('hedgedoc:oauth2:client_id', 'hedgedoc') }}
+       - CMD_OAUTH2_CLIENT_SECRET: {{ salt['pillar.get']('hedgedoc:oauth2:client_secret') }}
+       - CMD_OAUTH2_PROVIDERNAME: {{ salt['pillar.get']('hedgedoc:oauth2:providername', 'login.example.com') }}
+       - CMD_OAUTH2_SCOPE: "openid email profile"
+    - networks:
+       - hedgedoc
+    - volumes:
+       - /opt/hedgedoc/uploads:/hedgedoc/public/uploads
+    - ports:
+       - "127.0.0.0:3000:3000"
+    - restart: always
+
+hedgedoc_database_present:
+  docker_container.running:
+    - name: database
+    - image: postgres:{{ salt['pillar.get']('hedgedoc:postgres:version', '16-alpine') }}
+    - environment:
+       - POSTGRES_USER: codimd
+       - POSTGRES_PASSWORD: password
+       - POSTGRES_DB: codimd
+    - networks:
+       - hedgedoc
+    - volumes:
+       - /opt/hedgedoc/pg_data:/var/lib/postgresql/data
+    - restart: always
diff --git a/pillar.example b/pillar.example
new file mode 100644
index 0000000..add2bd7
--- /dev/null
+++ b/pillar.example
@@ -0,0 +1,11 @@
+hedgedoc:
+  image:
+    path: quay.io/hedgedoc/hedgedoc
+    version: 1.10.0
+  oauth2:
+    user_profile_url: https://login.example.com/realms/example/protocol/openid-connect/userinfo
+    token_url: https://login.example.com/realms/example/protocol/openid-connect/token
+    authorization_url: https://login.example.com/realms/example/protocol/openid-connect/auth
+    client_id: hedgedoc
+    client_secret: secret_token
+    providername: login.example.com