computer-playbook/group_vars/all/07_applications.yml

# Docker Applications

## Docker Role Specific Parameters
docker_restart_policy:        "unless-stopped"

##############################################
## Applications Configuration              
##############################################

# Keep in mind, that this configuration should in general just apply to the roles which set the applications up.
# If other applications depend on this variables, propably it makes sense to define it in e.g. IMA or other variable files.

defaults_applications:

  ## Akaunting
  akaunting:
    version:              "latest"
    company_name:         "{{primary_domain}}"
    company_email:        "{{administrator_email}}"
    setup_admin_email:    "{{administrator_email}}"
    database:
      central_storage:                True

  ## Attendize 
  attendize:
    version:              "latest"
    database:
      central_storage:                True

  ## Baserow 
  baserow:
    version:              "latest"
    database:
      central_storage:                True

  ## Big Blue Button
  bigbluebutton:
    enable_greenlight:    "true"
    setup:                false                           # Set to true in inventory file for initial setup
    oidc:
      enabled:               true                         # Activate OIDC
    database:
      central_storage:                True

  ## Bluesky
  bluesky:
    administrator_email:    "{{administrator_email}}"
    pds:
      version:              "latest"
      #jwt_secret:                            # Needs to be defined in inventory file - Use: openssl rand -base64 64 | tr -d '\n'
      #plc_rotation_key_k256_private_key_hex: # Needs to be defined in inventory file - Use: openssl rand -hex 32 
      #admin_password:                        # Needs to be defined in inventory file - Use: openssl rand -base64 16
    database:
      central_storage:                True

  ## Discourse:
  discourse:
    network:    "discourse_default"           # Name of the docker network
    container:  "discourse_application"       # Name of the container application
    repository: "discourse_repository"        # Name of the repository folder
    # database_password:                      # Needs to be defined in inventory file
    oidc:
      enabled:               true             # Activate OIDC
    database:
      central_storage:                True

  ## Friendica
  friendica:
    version:              "latest"
    oidc:
      enabled:               true             # Activate OIDC. Plugin is not working yet
    database:
      central_storage:                True

  ## Funkwhale
  funkwhale:
    version:              "1.4.0"
    ldap_enabled:         True                # Enables LDAP by default
    database:
      central_storage:                True

  ## Gitea
  gitea:
    version:              "latest"
    database:
      central_storage:                True

  ## Gitlab
  gitlab:
    version:              "latest"
    database:
      central_storage:                True

  ## Joomla
  joomla:
    version:              "latest"

  ## Keycloak
  keycloak:
    version:                  "latest"
    administrator_username:   "{{administrator_username}}"  # Administrator Username for Keycloak
    ldap_enabled:             True                          # Enables LDAP by default
    database:
      central_storage:                True
#   database_password:                                      # Needs to be defined in inventory file   
#   administrator_password:                                 # Needs to be defined in inventory file      

  ## LDAP
  ldap:
    lam:
      version:                        "latest"
      administrator_password:         "{{administrator_initial_password}}" # CHANGE for security reasons
    openldap:
      version:                        "latest"
      network:
        local:                        True                                      # Activates local network to allow other docker containers to connect
        public:                       False                                     # Set to true in inventory file if you want to expose the LDAP port to the internet
      hostname:                       "openldap"                                # Hostname of the LDAP Server in the central_ldap network
    phpldapadmin:
      version:                        "2.0.0-dev"                               # @todo Attention: Change this as fast as released to latest
    webinterface:                     "lam"                                     # The webinterface which should be used. Possible: lam and phpldapadmin
    administrator_username:           "{{administrator_username}}"
    ldap_enabled:                     True                                      # Should have the same value as applications.ldap.openldap.network.local.
    force_import:                     false                                     # Forces the import of the LDIF files when set to true
    oauth2_proxy:
      enabled:                        true                                      # Activate the OAuth2 Proxy for the LDAP Webinterface
      application:                    lam                                       # Needs to be the same as webinterface
      port:                           80                                        # If you use phpldapadmin set it to 8080
    database:
      central_storage:                false                                     # LDAP doesn't use an database in the current configuration. Propably a good idea to implement one later. 
    # administrator_password:                                                   # CHANGE for security reasons in inventory file
    # administrator_database_password:                                          # CHANGE for security reasons in inventory file

  ## Listmonk
  listmonk:
    administrator_username:           "{{administrator_username}}"              # Listmonk administrator account username
    public_api_activated:             False                                     # Security hole. Can be used for spaming
    version:                          "latest"                                  # Docker Image version
    setup:                            false                                     # Set true in inventory file to execute the setup and initializing procedures
    database:
      central_storage:                True

  mailu:
    version:                          "2024.06"                                 # Docker Image Version
    setup:                            false                                     # Set true in inventory file to execute the setup and initializing procedures
    oidc:
      enabled:                        true                                      # Activate OIDC for Mailu
    domain:                           "{{primary_domain}}"                      # The main domain from which mails will be send \ email suffix behind @
    # I don't know why the database deactivation is necessary
    database:
      central_storage:                False                                     # Deactivate central database for mailu
    credentials:                                     
#     secret_key:                                                               # Set to a randomly generated 16 bytes string
#     database_password:                                                        # Needs to be set in inventory file
#     api_token:                                                                # Configures the authentication token. The minimum length is 3 characters. This is a mandatory setting for using the RESTful API.
#     initial_administrator_password:                                           # Initial administrator password for setup 

  ## MariaDB
  mariadb:
    version:                          "latest"

  ## Matomo
  matomo:
    version:                          "latest"
    oauth2_proxy:
      enabled:                        false                         # Deactivated atm. @todo implement 
#   database_password:                Null                          # Needs to be set in inventory file
#   auth_token:                       Null                          # Needs to be set in inventory file
    css:
      enabled:                        false                         # The css isn't optimized yet for Matomo
    database:
      central_storage:                True

  ## Mastodon
  mastodon:
    version:                          "latest"
    single_user_mode:                 false                         # Set true for initial setup
    setup:                            false                         # Set true in inventory file to execute the setup and initializing procedures
    database:
      central_storage:                True
    oidc:
        enabled:                        true                          # Activate OIDC for Mastodon
    credentials:
# Check out the README.md of the docker-mastodon role to get detailled instructions about how to setup the credentials
#     database_password:                              
#     secret_key_base:                                
#     otp_secret:                                     
#     vapid:
#       private_key:                                  
#       public_key:                                   
#     active_record_encryption:
#       deterministic_key:                            
#       key_derivation_salt:                          
#       primary_key:                                  

  ## Matrix
  matrix:
    administrator_username:           "{{administrator_username}}"  # Accountname of the matrix admin
    playbook_tags:                    "setup-all,start"             # For the initial update use: install-all,ensure-matrix-users-created,start
    role:                             "compose"                     # Role to setup Matrix. Valid values: ansible, compose
    server_name:                      "{{primary_domain}}"          # Adress for the account names etc.
    synapse:
      version:                        "latest"
    element:
      version:                        "latest"
    setup:                            false                         # Set true in inventory file to execute the setup and initializing procedures
    database:
      central_storage:                True

  ## Moodle
  moodle:
    site_titel:                       "Global Learning Academy on {{primary_domain}}"
    administrator_name:               "{{administrator_username}}"
    administrator_email:              "{{administrator_email}}"
    version:                          "latest"
    database:
      central_storage:                True

  ## MyBB
  mybb:
    version:                   "latest"
    database:
      central_storage:                True

  ## Nextcloud
  nextcloud:
    version:              "production"  # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
    ldap_enabled:         True          # Enables LDAP by default, missing ansible setup tasks @todo setup
    oidc:
      enabled:            true          # Activate OIDC for Nextcloud
    force_import:         False         # Forces the import of the LDIF files
    database:
      central_storage:    True
    credentials:
#     database_password:  Null          # Needs to be set in inventory file
      administrator_username:           "{{administrator_username}}"
      administrator_initial_password:   "{{administrator_initial_password}}"


  ## OAuth2 Proxy
  oauth2_proxy:
    configuration_file: "oauth2-proxy-keycloak.cfg"                                                                     # Needs to be set true in the roles which use it
    version:            "latest"                                                                                        # Docker Image version
    redirect_url:       "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth"      # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
    allowed_roles:      admin                                                                                           # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups  
    cookie_secret:      "{{ applications.oauth2_proxy.cookie_secret if applications.oauth2_proxy is defined else '' }}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16

  ## Open Project
  openproject:
    version:              "13"    # Update when available. Sadly no rolling release implemented
    oauth2_proxy:  
      enabled:            true    # OpenProject doesn't support OIDC, so this procy in combination with LDAP is needed
      application:        "proxy"
      port:               "80"
    ldap_enabled:         True    # Enables LDAP by default
    database:
      central_storage:    True 

  ## Peertube
  peertube:
    version:              "bookworm"
    database:
      central_storage:    True 

  ## PHPMyAdmin
  phpmyadmin:
    version:              "latest"
    autologin:            false     # This is a high security risk. Just activate this option if you know what you're doing
    oauth2_proxy:  
      enabled:            true
      port:               "80"
      application:        "application"
    database:
      central_storage:    True

  ## Pixelfed
  pixelfed:
    titel:                "Pictures on {{primary_domain}}"
    version:              "latest"
    database:
      central_storage:    True

  ## Postgres
  # Please set an version in your inventory file - Rolling release for postgres isn't recommended
  postgres:
    database.version:  "latest"

  portfolio:
    database:
      central_storage:  False # Portfolio doesn't use any database

  # Snipe-IT
  snipe_it:
    version:           "latest"
    database:
      central_storage:  True

  ## Taiga
  taiga:
    version:           "latest"
    database:
      central_storage:  True

  ## YOURLS
  yourls:
    administrator_username:  "{{administrator_username}}"
    version:                 "latest"
    oauth2_proxy:  
      enabled:                true
      application:            "application"
      port:                   "80"
      location:               "/admin/"                       # Protects the admin area
    database:
      central_storage:        True

  wordpress:
# Deactivate Global theming for wordpress role
# due to the reason that wordpress has to much different themes
# and one styling for all is not possible.
#
# May a solution could be to generate a template or css file dedicated
# for wordpress based on the theming values and import it. 
    css:
      enabled:          false
    database:
      central_storage:  True
Big code and variable refactoring 2025-01-29 14:20:34 +01:00			`# Docker Applications`

			`## Docker Role Specific Parameters`
			`docker_restart_policy: "unless-stopped"`

solved locale network bugs of ldap 2025-02-06 16:27:00 +01:00			`##############################################`
Added LDAP Draft for Funkwhale 2025-02-12 12:41:13 +01:00			`## Applications Configuration`
solved locale network bugs of ldap 2025-02-06 16:27:00 +01:00			`##############################################`

Added LDAP Draft for Funkwhale 2025-02-12 12:41:13 +01:00			`# Keep in mind, that this configuration should in general just apply to the roles which set the applications up.`
			`# If other applications depend on this variables, propably it makes sense to define it in e.g. IMA or other variable files.`
solved locale network bugs of ldap 2025-02-06 16:27:00 +01:00
Refactored application variables 2025-02-03 11:44:13 +01:00			`defaults_applications:`

			`## Akaunting`
			`akaunting:`
			`version: "latest"`
			`company_name: "{{primary_domain}}"`
			`company_email: "{{administrator_email}}"`
			`setup_admin_email: "{{administrator_email}}"`
Replaced enable_central_database by configuration in application 2025-02-21 05:06:39 +01:00			`database:`
			`central_storage: True`
Refactored application variables 2025-02-03 11:44:13 +01:00
			`## Attendize`
			`attendize:`
			`version: "latest"`
Replaced enable_central_database by configuration in application 2025-02-21 05:06:39 +01:00			`database:`
			`central_storage: True`
Refactored application variables 2025-02-03 11:44:13 +01:00
			`## Baserow`
			`baserow:`
			`version: "latest"`
Replaced enable_central_database by configuration in application 2025-02-21 05:06:39 +01:00			`database:`
			`central_storage: True`
Refactored application variables 2025-02-03 11:44:13 +01:00
			`## Big Blue Button`
			`bigbluebutton:`
			`enable_greenlight: "true"`
Refactored oidc, solved network bugs and refactored 2025-02-20 11:44:50 +01:00			`setup: false # Set to true in inventory file for initial setup`
			`oidc:`
			`enabled: true # Activate OIDC`
Replaced enable_central_database by configuration in application 2025-02-21 05:06:39 +01:00			`database:`
			`central_storage: True`
Refactored application variables 2025-02-03 11:44:13 +01:00
			`## Bluesky`
			`bluesky:`
			`administrator_email: "{{administrator_email}}"`
			`pds:`
			`version: "latest"`
Updated bluesky variables 2025-02-07 00:32:54 +01:00			`#jwt_secret: # Needs to be defined in inventory file - Use: openssl rand -base64 64 \| tr -d '\n'`
			`#plc_rotation_key_k256_private_key_hex: # Needs to be defined in inventory file - Use: openssl rand -hex 32`
			`#admin_password: # Needs to be defined in inventory file - Use: openssl rand -base64 16`
Replaced enable_central_database by configuration in application 2025-02-21 05:06:39 +01:00			`database:`
			`central_storage: True`
Refactored application variables 2025-02-03 11:44:13 +01:00
Updated discourse for docker-update role 2025-02-13 14:11:06 +01:00			`## Discourse:`
			`discourse:`
Solved discourse update bug 2025-02-14 09:37:22 +01:00			`network: "discourse_default" # Name of the docker network`
Updated discourse for docker-update role 2025-02-13 14:11:06 +01:00			`container: "discourse_application" # Name of the container application`
			`repository: "discourse_repository" # Name of the repository folder`
			`# database_password: # Needs to be defined in inventory file`
Refactored oidc, solved network bugs and refactored 2025-02-20 11:44:50 +01:00			`oidc:`
			`enabled: true # Activate OIDC`
Replaced enable_central_database by configuration in application 2025-02-21 05:06:39 +01:00			`database:`
			`central_storage: True`
Updated discourse for docker-update role 2025-02-13 14:11:06 +01:00
Refactored application variables 2025-02-03 11:44:13 +01:00			`## Friendica`
			`friendica:`
			`version: "latest"`
Refactored oidc, solved network bugs and refactored 2025-02-20 11:44:50 +01:00			`oidc:`
			`enabled: true # Activate OIDC. Plugin is not working yet`
Replaced enable_central_database by configuration in application 2025-02-21 05:06:39 +01:00			`database:`
			`central_storage: True`
Refactored application variables 2025-02-03 11:44:13 +01:00
			`## Funkwhale`
			`funkwhale:`
Solved multiple bugs and propably produced 100 more.... Usual Nightshift... 2025-02-21 03:53:27 +01:00			`version: "1.4.0"`
Replaced enable_central_database by configuration in application 2025-02-21 05:06:39 +01:00			`ldap_enabled: True # Enables LDAP by default`
			`database:`
			`central_storage: True`
Refactored application variables 2025-02-03 11:44:13 +01:00
			`## Gitea`
			`gitea:`
			`version: "latest"`
Replaced enable_central_database by configuration in application 2025-02-21 05:06:39 +01:00			`database:`
			`central_storage: True`
Refactored application variables 2025-02-03 11:44:13 +01:00
			`## Gitlab`
			`gitlab:`
			`version: "latest"`
Replaced enable_central_database by configuration in application 2025-02-21 05:06:39 +01:00			`database:`
			`central_storage: True`
Refactored application variables 2025-02-03 11:44:13 +01:00
			`## Joomla`
			`joomla:`
			`version: "latest"`

			`## Keycloak`
			`keycloak:`
Optimized LDAP integration, keycloak realm import and health checks for docker images 2025-02-18 21:00:14 +01:00			`version: "latest"`
			`administrator_username: "{{administrator_username}}" # Administrator Username for Keycloak`
Replaced enable_central_database by configuration in application 2025-02-21 05:06:39 +01:00			`ldap_enabled: True # Enables LDAP by default`
			`database:`
			`central_storage: True`
Optimized LDAP integration, keycloak realm import and health checks for docker images 2025-02-18 21:00:14 +01:00			`# database_password: # Needs to be defined in inventory file`
			`# administrator_password: # Needs to be defined in inventory file`
Refactored application variables 2025-02-03 11:44:13 +01:00
			`## LDAP`
			`ldap:`
			`lam:`
			`version: "latest"`
Solved Matomo, Peertube, Nextcloud Bugs 2025-02-21 08:59:07 +01:00			`administrator_password: "{{administrator_initial_password}}" # CHANGE for security reasons`
Refactored application variables 2025-02-03 11:44:13 +01:00			`openldap:`
			`version: "latest"`
Added LDAP Draft for Funkwhale 2025-02-12 12:41:13 +01:00			`network:`
			`local: True # Activates local network to allow other docker containers to connect`
			`public: False # Set to true in inventory file if you want to expose the LDAP port to the internet`
			`hostname: "openldap" # Hostname of the LDAP Server in the central_ldap network`
Refactored application variables 2025-02-03 11:44:13 +01:00			`phpldapadmin:`
			`version: "2.0.0-dev" # @todo Attention: Change this as fast as released to latest`
			`webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin`
			`administrator_username: "{{administrator_username}}"`
Optimized LDAP integration, keycloak realm import and health checks for docker images 2025-02-18 21:00:14 +01:00			`ldap_enabled: True # Should have the same value as applications.ldap.openldap.network.local.`
Solved multiple bugs and propably produced 100 more.... Usual Nightshift... 2025-02-21 03:53:27 +01:00			`force_import: false # Forces the import of the LDIF files when set to true`
Implemented location dedicated OAuth2 Proxy and solved other bugs 2025-02-19 05:53:00 +01:00			`oauth2_proxy:`
			`enabled: true # Activate the OAuth2 Proxy for the LDAP Webinterface`
			`application: lam # Needs to be the same as webinterface`
			`port: 80 # If you use phpldapadmin set it to 8080`
Replaced http_port by dedicated application port -> Result of previous bugs 2025-02-21 05:20:18 +01:00			`database:`
			`central_storage: false # LDAP doesn't use an database in the current configuration. Propably a good idea to implement one later.`
Optimized LDAP integration, keycloak realm import and health checks for docker images 2025-02-18 21:00:14 +01:00			`# administrator_password: # CHANGE for security reasons in inventory file`
			`# administrator_database_password: # CHANGE for security reasons in inventory file`
Refactored application variables 2025-02-03 11:44:13 +01:00
			`## Listmonk`
			`listmonk:`
Solved more matomo bugs 2025-02-19 03:20:34 +01:00			`administrator_username: "{{administrator_username}}" # Listmonk administrator account username`
			`public_api_activated: False # Security hole. Can be used for spaming`
			`version: "latest" # Docker Image version`
			`setup: false # Set true in inventory file to execute the setup and initializing procedures`
Replaced enable_central_database by configuration in application 2025-02-21 05:06:39 +01:00			`database:`
			`central_storage: True`
Refactored application variables 2025-02-03 11:44:13 +01:00
Refactored oidc, solved network bugs and refactored 2025-02-20 11:44:50 +01:00			`mailu:`
Solved multiple bugs like networking, variables etc. which occured on veen.world server 2025-02-20 15:09:36 +01:00			`version: "2024.06" # Docker Image Version`
			`setup: false # Set true in inventory file to execute the setup and initializing procedures`
Refactored oidc, solved network bugs and refactored 2025-02-20 11:44:50 +01:00			`oidc:`
			`enabled: true # Activate OIDC for Mailu`
			`domain: "{{primary_domain}}" # The main domain from which mails will be send \ email suffix behind @`
			`# I don't know why the database deactivation is necessary`
Replaced enable_central_database by configuration in application 2025-02-21 05:06:39 +01:00			`database:`
			`central_storage: False # Deactivate central database for mailu`
Solved multiple bugs like networking, variables etc. which occured on veen.world server 2025-02-20 15:09:36 +01:00			`credentials:`
Solved multiple bugs and propably produced 100 more.... Usual Nightshift... 2025-02-21 03:53:27 +01:00			`# secret_key: # Set to a randomly generated 16 bytes string`
Solved multiple bugs like networking, variables etc. which occured on veen.world server 2025-02-20 15:09:36 +01:00			`# database_password: # Needs to be set in inventory file`
Solved multiple bugs and propably produced 100 more.... Usual Nightshift... 2025-02-21 03:53:27 +01:00			`# api_token: # Configures the authentication token. The minimum length is 3 characters. This is a mandatory setting for using the RESTful API.`
More optimation of domain bugs 2025-02-21 08:04:52 +01:00			`# initial_administrator_password: # Initial administrator password for setup`
Refactored oidc, solved network bugs and refactored 2025-02-20 11:44:50 +01:00
Refactored application variables 2025-02-03 11:44:13 +01:00			`## MariaDB`
			`mariadb:`
			`version: "latest"`

			`## Matomo`
			`matomo:`
			`version: "latest"`
Implemented location dedicated OAuth2 Proxy and solved other bugs 2025-02-19 05:53:00 +01:00			`oauth2_proxy:`
Optimized Mastodon, Discourse etc. for Flock.Town 2025-02-20 01:19:25 +01:00			`enabled: false # Deactivated atm. @todo implement`
			`# database_password: Null # Needs to be set in inventory file`
			`# auth_token: Null # Needs to be set in inventory file`
Optimized design 2025-02-20 10:21:52 +01:00			`css:`
Replaced enable_central_database by configuration in application 2025-02-21 05:06:39 +01:00			`enabled: false # The css isn't optimized yet for Matomo`
			`database:`
			`central_storage: True`
Refactored application variables 2025-02-03 11:44:13 +01:00
			`## Mastodon`
			`mastodon:`
			`version: "latest"`
Optimized setup procedure in preparation for automatic keycloak realm import 2025-02-18 15:07:09 +01:00			`single_user_mode: false # Set true for initial setup`
			`setup: false # Set true in inventory file to execute the setup and initializing procedures`
Replaced enable_central_database by configuration in application 2025-02-21 05:06:39 +01:00			`database:`
			`central_storage: True`
Refactored oidc, solved network bugs and refactored 2025-02-20 11:44:50 +01:00			`oidc:`
Solved multiple bugs like networking, variables etc. which occured on veen.world server 2025-02-20 15:09:36 +01:00			`enabled: true # Activate OIDC for Mastodon`
			`credentials:`
Optimized Mastodon for flock.town 2025-02-20 00:31:47 +01:00			`# Check out the README.md of the docker-mastodon role to get detailled instructions about how to setup the credentials`
Solved multiple bugs like networking, variables etc. which occured on veen.world server 2025-02-20 15:09:36 +01:00			`# database_password:`
			`# secret_key_base:`
			`# otp_secret:`
			`# vapid:`
			`# private_key:`
			`# public_key:`
			`# active_record_encryption:`
			`# deterministic_key:`
			`# key_derivation_salt:`
			`# primary_key:`
Refactored application variables 2025-02-03 11:44:13 +01:00
			`## Matrix`
			`matrix:`
			`administrator_username: "{{administrator_username}}" # Accountname of the matrix admin`
			`playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start`
			`role: "compose" # Role to setup Matrix. Valid values: ansible, compose`
			`server_name: "{{primary_domain}}" # Adress for the account names etc.`
			`synapse:`
			`version: "latest"`
			`element:`
			`version: "latest"`
Optimized setup procedure in preparation for automatic keycloak realm import 2025-02-18 15:07:09 +01:00			`setup: false # Set true in inventory file to execute the setup and initializing procedures`
Replaced enable_central_database by configuration in application 2025-02-21 05:06:39 +01:00			`database:`
			`central_storage: True`
Refactored application variables 2025-02-03 11:44:13 +01:00
			`## Moodle`
			`moodle:`
Solved more matomo bugs 2025-02-19 03:20:34 +01:00			`site_titel: "Global Learning Academy on {{primary_domain}}"`
			`administrator_name: "{{administrator_username}}"`
			`administrator_email: "{{administrator_email}}"`
			`version: "latest"`
Replaced enable_central_database by configuration in application 2025-02-21 05:06:39 +01:00			`database:`
			`central_storage: True`
Refactored application variables 2025-02-03 11:44:13 +01:00
			`## MyBB`
			`mybb:`
			`version: "latest"`
Replaced enable_central_database by configuration in application 2025-02-21 05:06:39 +01:00			`database:`
			`central_storage: True`
Refactored application variables 2025-02-03 11:44:13 +01:00
			`## Nextcloud`
			`nextcloud:`
			`version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/`
Refactored oidc, solved network bugs and refactored 2025-02-20 11:44:50 +01:00			`ldap_enabled: True # Enables LDAP by default, missing ansible setup tasks @todo setup`
			`oidc:`
			`enabled: true # Activate OIDC for Nextcloud`
Optimized peertube css 2025-02-20 22:16:02 +01:00			`force_import: False # Forces the import of the LDIF files`
Replaced enable_central_database by configuration in application 2025-02-21 05:06:39 +01:00			`database:`
Solved Matomo, Peertube, Nextcloud Bugs 2025-02-21 08:59:07 +01:00			`central_storage: True`
			`credentials:`
			`# database_password: Null # Needs to be set in inventory file`
			`administrator_username: "{{administrator_username}}"`
Solved some bugs and optimized nextcloud 2025-02-21 10:53:19 +01:00			`administrator_initial_password: "{{administrator_initial_password}}"`
Solved Matomo, Peertube, Nextcloud Bugs 2025-02-21 08:59:07 +01:00
Refactored application variables 2025-02-03 11:44:13 +01:00
			`## OAuth2 Proxy`
			`oauth2_proxy:`
Optimized LDAP integration, keycloak realm import and health checks for docker images 2025-02-18 21:00:14 +01:00			`configuration_file: "oauth2-proxy-keycloak.cfg" # Needs to be set true in the roles which use it`
			`version: "latest" # Docker Image version`
			`redirect_url: "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.`
			`allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups`
			`cookie_secret: "{{ applications.oauth2_proxy.cookie_secret if applications.oauth2_proxy is defined else '' }}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16`
Implemented a new docker compose structure which seperates between docker compose files and environment variable file to protect credentials better. Also did recatoring. Changes not fully tested 2025-02-04 22:37:07 +01:00
			`## Open Project`
			`openproject:`
Implemented location dedicated OAuth2 Proxy and solved other bugs 2025-02-19 05:53:00 +01:00			`version: "13" # Update when available. Sadly no rolling release implemented`
			`oauth2_proxy:`
			`enabled: true # OpenProject doesn't support OIDC, so this procy in combination with LDAP is needed`
			`application: "proxy"`
			`port: "80"`
Replaced enable_central_database by configuration in application 2025-02-21 05:06:39 +01:00			`ldap_enabled: True # Enables LDAP by default`
			`database:`
			`central_storage: True`
Refactored application variables 2025-02-03 11:44:13 +01:00
			`## Peertube`
			`peertube:`
			`version: "bookworm"`
Solved more domain related bugs 2025-02-21 06:32:12 +01:00			`database:`
			`central_storage: True`
Refactored application variables 2025-02-03 11:44:13 +01:00
			`## PHPMyAdmin`
			`phpmyadmin:`
Added more scalable oauth2_proxy_active configuration 2025-02-17 16:07:26 +01:00			`version: "latest"`
			`autologin: false # This is a high security risk. Just activate this option if you know what you're doing`
Implemented location dedicated OAuth2 Proxy and solved other bugs 2025-02-19 05:53:00 +01:00			`oauth2_proxy:`
			`enabled: true`
			`port: "80"`
			`application: "application"`
Replaced enable_central_database by configuration in application 2025-02-21 05:06:39 +01:00			`database:`
			`central_storage: True`
Refactored application variables 2025-02-03 11:44:13 +01:00
			`## Pixelfed`
			`pixelfed:`
Replaced enable_central_database by configuration in application 2025-02-21 05:06:39 +01:00			`titel: "Pictures on {{primary_domain}}"`
			`version: "latest"`
			`database:`
			`central_storage: True`
Refactored application variables 2025-02-03 11:44:13 +01:00
			`## Postgres`
			`# Please set an version in your inventory file - Rolling release for postgres isn't recommended`
			`postgres:`
			`database.version: "latest"`

More optimation of domain bugs 2025-02-21 08:04:52 +01:00			`portfolio:`
			`database:`
			`central_storage: False # Portfolio doesn't use any database`

Optimized locales and networks variable 2025-02-03 14:56:12 +01:00			`# Snipe-IT`
Implemented pre-defined subnets for docker due to network clashes 2025-02-04 16:43:34 +01:00			`snipe_it:`
Optimized locales and networks variable 2025-02-03 14:56:12 +01:00			`version: "latest"`
Replaced enable_central_database by configuration in application 2025-02-21 05:06:39 +01:00			`database:`
			`central_storage: True`
Optimized locales and networks variable 2025-02-03 14:56:12 +01:00
Refactored application variables 2025-02-03 11:44:13 +01:00			`## Taiga`
			`taiga:`
Optimized LDAP integration, keycloak realm import and health checks for docker images 2025-02-18 21:00:14 +01:00			`version: "latest"`
Replaced enable_central_database by configuration in application 2025-02-21 05:06:39 +01:00			`database:`
			`central_storage: True`
Refactored application variables 2025-02-03 11:44:13 +01:00
			`## YOURLS`
			`yourls:`
			`administrator_username: "{{administrator_username}}"`
Implemented location dedicated OAuth2 Proxy and solved other bugs 2025-02-19 05:53:00 +01:00			`version: "latest"`
			`oauth2_proxy:`
			`enabled: true`
			`application: "application"`
			`port: "80"`
Added configuration_filters 2025-02-19 13:46:45 +01:00			`location: "/admin/" # Protects the admin area`
Replaced enable_central_database by configuration in application 2025-02-21 05:06:39 +01:00			`database:`
			`central_storage: True`
Added configuration_filters 2025-02-19 13:46:45 +01:00
			`wordpress:`
			`# Deactivate Global theming for wordpress role`
			`# due to the reason that wordpress has to much different themes`
			`# and one styling for all is not possible.`
			`#`
			`# May a solution could be to generate a template or css file dedicated`
			`# for wordpress based on the theming values and import it.`
			`css:`
Replaced enable_central_database by configuration in application 2025-02-21 05:06:39 +01:00			`enabled: false`
			`database:`
			`central_storage: True`