From fea0566b7aa77dfb6ee2a3b0ad7186c83ae60db4 Mon Sep 17 00:00:00 2001
From: Abhishek Dasgupta <abhishek.dasgupta@dtc.ox.ac.uk>
Date: Tue, 3 Dec 2024 16:16:24 +0000
Subject: [PATCH] feat: add new service hedgedoc

---
 installer/hedgedoc-config.json | 11 ++++++++++
 installer/hedgedoc.service     | 39 ++++++++++++++++++++++++++++++++++
 installer/install.sh           |  4 ++++
 installer/setup_hedgedoc.sh    | 31 +++++++++++++++++++++++++++
 4 files changed, 85 insertions(+)
 create mode 100644 installer/hedgedoc-config.json
 create mode 100644 installer/hedgedoc.service
 create mode 100755 installer/setup_hedgedoc.sh

diff --git a/installer/hedgedoc-config.json b/installer/hedgedoc-config.json
new file mode 100644
index 0000000..fbb0e79
--- /dev/null
+++ b/installer/hedgedoc-config.json
@@ -0,0 +1,11 @@
+{
+  "production": {
+    "db": {
+      "dialect": "sqlite",
+      "storage": "./db.hedgedoc.sqlite"
+   },
+    "urlAddPort": true,
+    "domain": "carpentriesoffline.org",
+    "port": "4000"
+  }
+}
diff --git a/installer/hedgedoc.service b/installer/hedgedoc.service
new file mode 100644
index 0000000..e4bcd8a
--- /dev/null
+++ b/installer/hedgedoc.service
@@ -0,0 +1,39 @@
+[Unit]
+Description=HedgeDoc - The best platform to write and share markdown.
+Documentation=https://docs.hedgedoc.org/
+After=network.target
+
+[Service]
+Type=exec
+Environment=NODE_ENV=production
+Restart=always
+RestartSec=2s
+ExecStart=yarn start
+CapabilityBoundingSet=
+NoNewPrivileges=true
+PrivateDevices=true
+RemoveIPC=true
+LockPersonality=true
+ProtectControlGroups=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectClock=true
+ProtectHostname=true
+ProtectProc=noaccess
+RestrictRealtime=true
+RestrictSUIDSGID=true
+RestrictNamespaces=true
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+ProtectSystem=strict
+ProtectHome=true
+PrivateTmp=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+
+User=hedgedoc
+Group=hedgedoc
+WorkingDirectory="/home/hedgedoc/hedgedoc/"
+
+[Install]
+WantedBy=multi-user.target
diff --git a/installer/install.sh b/installer/install.sh
index c5703b3..acbe956 100755
--- a/installer/install.sh
+++ b/installer/install.sh
@@ -36,6 +36,10 @@ echo "Setting up Gitea"
 sudo ./setup_gitea.sh
 clear
 
+echo "Setting up Hedgedoc"
+sudo ./setup_hedgedoc.sh
+clear
+
 echo "Setting up Access Point"
 sudo ./setup_accesspoint.sh
 clear
diff --git a/installer/setup_hedgedoc.sh b/installer/setup_hedgedoc.sh
new file mode 100755
index 0000000..a87eb6c
--- /dev/null
+++ b/installer/setup_hedgedoc.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+HEDGEDOC_VERSION=1.10.0
+HEDGEDOC_URL="https://github.com/hedgedoc/hedgedoc/releases/download/${HEDGEDOC_VERSION}/hedgedoc-${HEDGEDOC_VERSION}.tar.gz"
+
+apt install -y npm
+npm install -g corepack
+corepack use yarn@4
+
+adduser \
+   --system \
+   --shell /bin/bash \
+   --gecos 'HedgeDoc user' \
+   --group \
+   --disabled-password \
+   --home /home/hedgedoc \
+   hedgedoc
+
+dir="$(mktemp -d)"
+
+pushd "$dir"
+    wget "$HEDGEDOC_URL"
+    tar zxvf hedgedoc_${HEDGEDOC_VERSION}.tar.gz -C /home/hedgedoc
+    chown -R hedgedoc:hedgedoc /home/hedgedoc
+popd
+
+# copy configuration and service
+cp ./hedgedoc-config.json /home/hedgedoc/hedgedoc/config.json
+cp ./hedgedoc.service /etc/systemd/system/
+systemctl enable hedgedoc
+systemctl start hedgedoc