From bada2f23a9a204bb2951965443aac092d6fde83e Mon Sep 17 00:00:00 2001
From: Trammell Hudson <hudson@trmm.net>
Date: Tue, 3 May 2022 18:27:00 +0000
Subject: [PATCH] hedgedoc: enforce permissions on anonymous users, only allow
 oidc

---
 hedgedoc/docker-compose.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hedgedoc/docker-compose.yaml b/hedgedoc/docker-compose.yaml
index 43d6c58..e92d973 100644
--- a/hedgedoc/docker-compose.yaml
+++ b/hedgedoc/docker-compose.yaml
@@ -15,9 +15,13 @@ services:
     env_file:
       - ../env.production
       - env.production
+      - env.secrets
     environment:
       - CMD_DB_URL=postgres://hedgedoc:password@database:5432/hedgedoc
       - CMD_PROTOCOL_USESSL=true
+      - CMD_ALLOW_ANONYMOUS=false  # anonymous user's can't create notes
+      - CMD_ALLOW_ANONYMOUS_EDITS=true # but they can be invited to edit notes
+      - CMD_EMAIL=false # only oauth logins
       - CMD_DOMAIN=docs.hackerspace.zone
       - CMD_OAUTH2_AUTHORIZATION_URL=https://login.hackerspace.zone/realms/hackerspace/protocol/openid-connect/auth
       - CMD_OAUTH2_TOKEN_URL=https://login.hackerspace.zone/realms/hackerspace/protocol/openid-connect/token