diff --git a/data/hostname/bardo.internal.admin.swh.network.yaml b/data/hostname/bardo.internal.admin.swh.network.yaml
index df94ce11..1b7e40af 100644
--- a/data/hostname/bardo.internal.admin.swh.network.yaml
+++ b/data/hostname/bardo.internal.admin.swh.network.yaml
@@ -1,51 +1,55 @@
groups:
hedgedoc:
gid: 6000
users:
hedgedoc:
uid: 6000
shell: /bin/bash
groups:
- hedgedoc
hedgedoc::db::database: hedgedoc
hedgedoc::db::username: hedgedoc
# hedgedoc::db::password: in private-data
swh::postgresql::version: '12'
swh::postgresql::port: 5433
swh::postgresql::cluster_name: "%{lookup('swh::postgresql::version')}/main"
swh::postgresql::datadir_base: "%{lookup('swh::base_directory')}/postgres"
swh::postgresql::datadir: "%{lookup('swh::postgresql::datadir_base')}/%{lookup('swh::postgresql::cluster_name')}"
swh::postgresql::listen_addresses:
- 0.0.0.0
swh::postgresql::network_accesses:
- 192.168.100.0/24 # Monitoring
- 192.168.130.0/24 # Staging services
postgresql::globals::version: "%{alias('swh::postgresql::version')}"
postgresql::server::config_entries:
shared_buffers: "%{alias('swh::postgresql::shared_buffers')}"
cluster_name: "%{alias('swh::postgresql::cluster_name')}"
swh::dbs:
hedgedoc:
name: "%{alias('hedgedoc::db::db_name')}"
user: "%{alias('hedgedoc::db::username')}"
+hedgedoc::release::version: 1.7.1
+hedgedoc::release::digest: 17e7092430b36c96059309fdd03f9244f6a13611e28ced153d9dbf97e109d5ba
+hedgedoc::release::digest_type: sha256
+
hedgedoc::host: bardo.internal.admin.swh.network
hedgedoc::port: 3000
hedgedoc::user: hedgedoc
hedgedoc::group: hedgedoc
hedgedoc::db::db_name: hedgedoc
hedgedoc::db::username: hedgedoc
hedgedoc::allow_anonymous: true
hedgedoc::allow_anonymous_edits: true
hedgedoc::runtime_environment: production
hedgedoc::log_level: debug
hedgedoc::vhost::letsencrypt_cert: hedgedoc
diff --git a/site-modules/profile/manifests/hedgedoc.pp b/site-modules/profile/manifests/hedgedoc.pp
index 5689c4e9..7fe371bf 100644
--- a/site-modules/profile/manifests/hedgedoc.pp
+++ b/site-modules/profile/manifests/hedgedoc.pp
@@ -1,134 +1,136 @@
# deploy a hedgedoc instance
class profile::hedgedoc {
$packages = [
'npm', 'yarn', 'node-gyp'
]
$keyid = lookup('yarn::apt_config::keyid')
$key = lookup('yarn::apt_config::key')
# ---- configuration
$user = lookup('hedgedoc::user')
$group = lookup('hedgedoc::group')
$host = lookup('hedgedoc::host')
$port = lookup('hedgedoc::port')
$base_url = "${host}:${port}"
$db_name = lookup('hedgedoc::db::db_name')
$db_user = lookup('hedgedoc::db::username')
$db_password = lookup('swh::deploy::hedgedoc::db::password')
$db_port = lookup('swh::postgresql::port')
$db_url = "postgres://${db_user}:${db_password}@${host}:${db_port}/${db_name}"
$allow_anonymous = lookup('hedgedoc::allow_anonymous')
$allow_anonymous_edits = lookup('hedgedoc::allow_anonymous_edits')
$runtime_environment = lookup('hedgedoc::runtime_environment')
$log_level = lookup('hedgedoc::log_level')
# ---- install
- $version = "1.7.0"
+ $version = lookup('hedgedoc::release::version')
$archive_url = "https://github.com/hedgedoc/hedgedoc/releases/download/${version}/hedgedoc-${version}.tar.gz"
+ $archive_digest = lookup('hedgedoc::release::digest')
+ $archive_digest_type = lookup('hedgedoc::release::digest_type')
$archive_path = "/tmp/hedgedoc-${version}.tar.gz"
$root_install_path = "/opt"
$install_path = "${root_install_path}/hedgedoc"
$upgrade_flag_path = "${install_path}/hedgedoc-${version}-upgrade"
$sequelizerc_config_sequelizerc_path = "${install_path}/.sequelizerc"
$sequelizerc_config_json_path = "${install_path}/config.json"
$service_name = "hedgedoc"
$unit_name = "${service_name}.service"
apt::source { 'yarn':
location => "https://dl.yarnpkg.com/debian/",
release => 'stable',
repos => 'main',
key => {
id => $keyid,
content => $key,
},
} ->
package { $packages:
ensure => present,
notify => Archive['hedgedoc'],
}
file { $install_path:
ensure => 'directory',
owner => $user,
group => $group,
mode => '0644',
require => [User[$user], Group[$group]],
}
archive { 'hedgedoc':
path => $archive_path,
extract => true,
source => $archive_url,
extract_path => $root_install_path,
creates => $install_path,
- checksum => 'ab1fc7ddf260ca6caff52f3400fc38815481fe353d0edc08de721765f15071f6',
- checksum_type => 'sha256',
+ checksum => $archive_digest,
+ checksum_type => $archive_digest_type,
cleanup => true,
user => 'root',
group => 'root',
notify => File[$install_path],
} ~>
exec {'active-initialize':
command => "touch ${upgrade_flag_path}",
path => '/usr/bin',
refreshonly => true,
} ~>
exec {'hedgedoc-flag-upgrade':
command => "$install_path/bin/setup",
cwd => $install_path,
require => Postgresql::Server::Db[$db_name],
refreshonly => true,
} ~>
file {$sequelizerc_config_json_path:
ensure => present,
owner => $user,
group => $group,
mode => '0644',
content => template("profile/hedgedoc/config.json.erb"),
} ~>
file {$sequelizerc_config_sequelizerc_path:
ensure => present,
owner => $user,
group => $group,
mode => '0644',
content => template("profile/hedgedoc/sequelizerc.erb"),
} ~>
exec {'yarn-build':
command => "yarn run build",
cwd => $install_path,
path => '/usr/bin',
onlyif => "test -f ${upgrade_flag_path}",
refreshonly => true,
} ~>
exec {'hegdedoc-flag-upgrade-done':
command => "rm ${upgrade_flag_path}",
cwd => $install_path,
path => '/usr/bin',
onlyif => "test -f ${upgrade_flag_path}",
refreshonly => true,
notify => Service[$service_name],
}
systemd::unit_file {$unit_name:
ensure => present,
content => template('profile/hedgedoc/hedgedoc.service.erb'),
}
service {$service_name:
ensure => 'running',
enable => true,
require => [
Systemd::Unit_file[$unit_name],
Package[$packages],
Archive['hedgedoc'],
],
}
}