hedgedoc formula

hedgedoc/init.sls

@@ -0,0 +1,57 @@
+hedgedoc data directory exists:
+  file.directory:
+    - name: /opt/hedgedoc/pg_data
+    - makedirs: True
+
+hedgedoc_docker_net_present:
+  docker_network.present:
+    - name: hedgedoc
+
+hedgedoc_docker_present:
+  docker_volume.present:
+    - name: hedgedoc
+    - image: {{ salt['pillar.get']('hedgedoc:image:path', 'quay.io/hedgedoc/hedgedoc') }}:{{ salt['pillar.get']('hedgedoc:image:version', '1.10.0') }}
+    - container: hedgedoc
+    - environment:
+       - CMD_DB_URL: "postgres://codimd:password@database:5432/codimd"
+       - CMD_USECDN: "false"
+       - CMD_DOMAIN: "pad.flipdot.org"
+       - CMD_URL_ADDPORT: "false"
+       - CMD_EMAIL: "false"
+       - CMD_ALLOW_EMAIL_REGISTER: "false"
+       - # following two keys disable creation of anonymous notes, but enable editing of existing notes
+       - CMD_ALLOW_ANONYMOUS: "true"
+       - CMD_ALLOW_ANONYMOUS_EDITS: "true"
+       - CMD_DEFAULT_PERMISSION: "freely"
+       - CMD_PROTOCOL_USESSL: "true"
+       - CMD_OAUTH2_USER_PROFILE_URL: {{ salt['pillar.get']('hedgedoc:oauth2:user_profile_url', 'https://login.example.com/realms/example/protocol/openid-connect/userinfo') }}
+       - CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR: "preferred_username"
+       - CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR: "preferred_username"
+       - CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR: "email"
+       - CMD_OAUTH2_TOKEN_URL: {{ salt['pillar.get']('hedgedoc:oauth2:token_url', 'https://login.example.com/realms/example/protocol/openid-connect/token') }}
+       - CMD_OAUTH2_AUTHORIZATION_URL: {{ salt['pillar.get']('hedgedoc:oauth2:authorization_url', 'https://login.example.com/realms/example/protocol/openid-connect/auth') }}
+       - CMD_OAUTH2_CLIENT_ID: {{ salt['pillar.get']('hedgedoc:oauth2:client_id', 'hedgedoc') }}
+       - CMD_OAUTH2_CLIENT_SECRET: {{ salt['pillar.get']('hedgedoc:oauth2:client_secret') }}
+       - CMD_OAUTH2_PROVIDERNAME: {{ salt['pillar.get']('hedgedoc:oauth2:providername', 'login.example.com') }}
+       - CMD_OAUTH2_SCOPE: "openid email profile"
+    - networks:
+       - hedgedoc
+    - volumes:
+       - /opt/hedgedoc/uploads:/hedgedoc/public/uploads
+    - ports:
+       - "127.0.0.0:3000:3000"
+    - restart: always
+
+hedgedoc_database_present:
+  docker_container.running:
+    - name: database
+    - image: postgres:{{ salt['pillar.get']('hedgedoc:postgres:version', '16-alpine') }}
+    - environment:
+       - POSTGRES_USER: codimd
+       - POSTGRES_PASSWORD: password
+       - POSTGRES_DB: codimd
+    - networks:
+       - hedgedoc
+    - volumes:
+       - /opt/hedgedoc/pg_data:/var/lib/postgresql/data
+    - restart: always

pillar.example

@@ -0,0 +1,11 @@
+hedgedoc:
+  image:
+    path: quay.io/hedgedoc/hedgedoc
+    version: 1.10.0
+  oauth2:
+    user_profile_url: https://login.example.com/realms/example/protocol/openid-connect/userinfo
+    token_url: https://login.example.com/realms/example/protocol/openid-connect/token
+    authorization_url: https://login.example.com/realms/example/protocol/openid-connect/auth
+    client_id: hedgedoc
+    client_secret: secret_token
+    providername: login.example.com