computer-playbook/group_vars/all/07_applications.yml

# Docker Applications

## Docker Role Specific Parameters
docker_restart_policy:        "unless-stopped"

##############################################
## Private Helper variables                ### 
##############################################

# By default don't expose openldap to the internet, just if explicit configured
_ldap_openldap_expose_to_internet:       "{{ applications.ldap.openldap.expose_to_internet | default(False) if applications.ldap is defined and applications.ldap.openldap is defined else false}}"

defaults_applications:

  ## Akaunting
  akaunting:
    version:              "latest"
    company_name:         "{{primary_domain}}"
    company_email:        "{{administrator_email}}"
    setup_admin_email:    "{{administrator_email}}"

  ## Attendize 
  attendize:
    version:              "latest"

  ## Baserow 
  baserow:
    version:              "latest"

  ## Big Blue Button
  bigbluebutton:
    enable_greenlight:    "true"

  ## Bluesky
  bluesky:
    administrator_email:    "{{administrator_email}}"
    pds:
      version:              "latest"
      #jwt_secret:                            # Needs to be defined in inventory file - Use: openssl rand -base64 64 | tr -d '\n'
      #plc_rotation_key_k256_private_key_hex: # Needs to be defined in inventory file - Use: openssl rand -hex 32 
      #admin_password:                        # Needs to be defined in inventory file - Use: openssl rand -base64 16

  ## Friendica
  friendica:
    version:              "latest"

  ## Funkwhale
  funkwhale:
    version:              "1.4.0"

  ## Gitea
  gitea:
    version:              "latest"

  ## Gitlab
  gitlab:
    version:              "latest"

  ## Joomla
  joomla:
    version:              "latest"

  ## Keycloak
  keycloak:
    version:              "latest"
    administrator_username:  "{{administrator_username}}"  # Administrator Username for Keycloak

  ## LDAP
  ldap:
    lam:
      version:                        "latest"
      administrator_password:         "{{user_administrator_initial_password}}" # CHANGE for security reasons
    openldap:
      version:                        "latest"
      expose_to_internet:             "{{_ldap_openldap_expose_to_internet}}"   # Set to true if you want to expose the LDAP port to the internet
      domain:                         "{{domains.ldap if _ldap_openldap_expose_to_internet else 'openldap'}}" # Mapping for public or locale access
      modify:                         False                                     # When false entries will just be added, when true existing entries will be modified during import procedure
    phpldapadmin:
      version:                        "2.0.0-dev"                               # @todo Attention: Change this as fast as released to latest
    webinterface:                     "lam"                                     # The webinterface which should be used. Possible: lam and phpldapadmin
    administrator_username:           "{{administrator_username}}"
    administrator_password:           "{{user_administrator_initial_password}}" # CHANGE for security reasons
    administrator_database_password:  "{{user_administrator_initial_password}}" # CHANGE for security reasons         

  ## Listmonk
  listmonk:
    administrator_username:           "{{administrator_username}}"
    public_api_activated:             False # Security hole. Can be used for spaming
    version:                          "latest"

  ## MariaDB
  mariadb:
    version:                          "latest"

  ## Matomo
  matomo:
    version:                          "latest"

  ## Mastodon
  mastodon:
    version:                          "latest"
    single_user_mode:                 false

  ## Matrix
  matrix:
    administrator_username:           "{{administrator_username}}"  # Accountname of the matrix admin
    playbook_tags:                    "setup-all,start"             # For the initial update use: install-all,ensure-matrix-users-created,start
    role:                             "compose"                     # Role to setup Matrix. Valid values: ansible, compose
    server_name:                      "{{primary_domain}}"          # Adress for the account names etc.
    synapse:
      version:                        "latest"
    element:
      version:                        "latest"

  ## Mailu
  mailu:
    version:                  "2024.06"
    domain:                   "{{primary_domain}}"
    subnet:                   "192.168.203.0/24"

  ## Moodle
  moodle:
    site_titel:              "Global Learning Academy on {{primary_domain}}"
    administrator_name:      "{{administrator_username}}"
    administrator_email:     "{{administrator_email}}"
    version:                 "latest"

  ## MyBB
  mybb:
    version:                   "latest"

  ## Nextcloud
  nextcloud:
    version:              "production"  # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/

  ## OAuth2 Proxy
  oauth2_proxy:
    configuration_file: "oauth2-proxy-keycloak.cfg"                                                                 # Needs to be set true in the roles which use it
    version:            "latest"
    redirect_url:       "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth"  # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
    allowed_roles:      admin                                                                                       # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups  
    cookie_secret:      "{{applications.oauth2_proxy.cookie_secret}}"                                               # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16

  ## Open Project
  openproject:
    version:            "13" # Update when available. Sadly no rolling release implemented

  ## Peertube
  peertube:
    version:              "bookworm"

  ## PHPMyAdmin
  phpmyadmin:
    version:         "latest"
    autologin:       false     # This is a high security risk. Just activate this option if you know what you're doing

  ## Pixelfed
  pixelfed:
    titel:          "Pictures on {{primary_domain}}"
    version:           "latest"

  ## Postgres
  # Please set an version in your inventory file - Rolling release for postgres isn't recommended
  postgres:
    database.version:  "latest"

  # Snipe-IT
  snipe_it:
    version:           "latest"

  ## Taiga
  taiga:
    version:              "latest"

  ## YOURLS
  yourls:
    administrator_username:  "{{administrator_username}}"
    version:                 "latest"
Big code and variable refactoring 2025-01-29 14:20:34 +01:00			`# Docker Applications`

			`## Docker Role Specific Parameters`
			`docker_restart_policy: "unless-stopped"`

solved locale network bugs of ldap 2025-02-06 16:27:00 +01:00			`##############################################`
			`## Private Helper variables ###`
			`##############################################`

			`# By default don't expose openldap to the internet, just if explicit configured`
Added ldap ldif import draft 2025-02-11 18:09:26 +01:00			`_ldap_openldap_expose_to_internet: "{{ applications.ldap.openldap.expose_to_internet \| default(False) if applications.ldap is defined and applications.ldap.openldap is defined else false}}"`
solved locale network bugs of ldap 2025-02-06 16:27:00 +01:00
Refactored application variables 2025-02-03 11:44:13 +01:00			`defaults_applications:`

			`## Akaunting`
			`akaunting:`
			`version: "latest"`
			`company_name: "{{primary_domain}}"`
			`company_email: "{{administrator_email}}"`
			`setup_admin_email: "{{administrator_email}}"`

			`## Attendize`
			`attendize:`
			`version: "latest"`

			`## Baserow`
			`baserow:`
			`version: "latest"`

			`## Big Blue Button`
			`bigbluebutton:`
			`enable_greenlight: "true"`

			`## Bluesky`
			`bluesky:`
			`administrator_email: "{{administrator_email}}"`
			`pds:`
			`version: "latest"`
Updated bluesky variables 2025-02-07 00:32:54 +01:00			`#jwt_secret: # Needs to be defined in inventory file - Use: openssl rand -base64 64 \| tr -d '\n'`
			`#plc_rotation_key_k256_private_key_hex: # Needs to be defined in inventory file - Use: openssl rand -hex 32`
			`#admin_password: # Needs to be defined in inventory file - Use: openssl rand -base64 16`
Refactored application variables 2025-02-03 11:44:13 +01:00
			`## Friendica`
			`friendica:`
			`version: "latest"`

			`## Funkwhale`
			`funkwhale:`
			`version: "1.4.0"`

			`## Gitea`
			`gitea:`
			`version: "latest"`

			`## Gitlab`
			`gitlab:`
			`version: "latest"`

			`## Joomla`
			`joomla:`
			`version: "latest"`

			`## Keycloak`
			`keycloak:`
			`version: "latest"`
			`administrator_username: "{{administrator_username}}" # Administrator Username for Keycloak`

			`## LDAP`
			`ldap:`
			`lam:`
			`version: "latest"`
			`administrator_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons`
			`openldap:`
			`version: "latest"`
solved locale network bugs of ldap 2025-02-06 16:27:00 +01:00			`expose_to_internet: "{{_ldap_openldap_expose_to_internet}}" # Set to true if you want to expose the LDAP port to the internet`
			`domain: "{{domains.ldap if _ldap_openldap_expose_to_internet else 'openldap'}}" # Mapping for public or locale access`
Added ldap ldif import draft 2025-02-11 18:09:26 +01:00			`modify: False # When false entries will just be added, when true existing entries will be modified during import procedure`
Refactored application variables 2025-02-03 11:44:13 +01:00			`phpldapadmin:`
			`version: "2.0.0-dev" # @todo Attention: Change this as fast as released to latest`
			`webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin`
			`administrator_username: "{{administrator_username}}"`
			`administrator_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons`
solved locale network bugs of ldap 2025-02-06 16:27:00 +01:00			`administrator_database_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons`
Refactored application variables 2025-02-03 11:44:13 +01:00
			`## Listmonk`
			`listmonk:`
			`administrator_username: "{{administrator_username}}"`
			`public_api_activated: False # Security hole. Can be used for spaming`
			`version: "latest"`

			`## MariaDB`
			`mariadb:`
			`version: "latest"`

			`## Matomo`
			`matomo:`
			`version: "latest"`

			`## Mastodon`
			`mastodon:`
			`version: "latest"`
			`single_user_mode: false`

			`## Matrix`
			`matrix:`
			`administrator_username: "{{administrator_username}}" # Accountname of the matrix admin`
			`playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start`
			`role: "compose" # Role to setup Matrix. Valid values: ansible, compose`
			`server_name: "{{primary_domain}}" # Adress for the account names etc.`
			`synapse:`
			`version: "latest"`
			`element:`
			`version: "latest"`

			`## Mailu`
			`mailu:`
			`version: "2024.06"`
			`domain: "{{primary_domain}}"`
			`subnet: "192.168.203.0/24"`

			`## Moodle`
			`moodle:`
			`site_titel: "Global Learning Academy on {{primary_domain}}"`
			`administrator_name: "{{administrator_username}}"`
			`administrator_email: "{{administrator_email}}"`
			`version: "latest"`

			`## MyBB`
			`mybb:`
			`version: "latest"`

			`## Nextcloud`
			`nextcloud:`
			`version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/`

			`## OAuth2 Proxy`
			`oauth2_proxy:`
Implemented a new docker compose structure which seperates between docker compose files and environment variable file to protect credentials better. Also did recatoring. Changes not fully tested 2025-02-04 22:37:07 +01:00			`configuration_file: "oauth2-proxy-keycloak.cfg" # Needs to be set true in the roles which use it`
Refactored application variables 2025-02-03 11:44:13 +01:00			`version: "latest"`
			`redirect_url: "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.`
Implemented a new docker compose structure which seperates between docker compose files and environment variable file to protect credentials better. Also did recatoring. Changes not fully tested 2025-02-04 22:37:07 +01:00			`allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups`
			`cookie_secret: "{{applications.oauth2_proxy.cookie_secret}}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16`

			`## Open Project`
			`openproject:`
			`version: "13" # Update when available. Sadly no rolling release implemented`
Refactored application variables 2025-02-03 11:44:13 +01:00
			`## Peertube`
			`peertube:`
			`version: "bookworm"`

			`## PHPMyAdmin`
			`phpmyadmin:`
			`version: "latest"`
			`autologin: false # This is a high security risk. Just activate this option if you know what you're doing`

			`## Pixelfed`
			`pixelfed:`
			`titel: "Pictures on {{primary_domain}}"`
			`version: "latest"`

			`## Postgres`
			`# Please set an version in your inventory file - Rolling release for postgres isn't recommended`
			`postgres:`
			`database.version: "latest"`

Optimized locales and networks variable 2025-02-03 14:56:12 +01:00			`# Snipe-IT`
Implemented pre-defined subnets for docker due to network clashes 2025-02-04 16:43:34 +01:00			`snipe_it:`
Optimized locales and networks variable 2025-02-03 14:56:12 +01:00			`version: "latest"`

Refactored application variables 2025-02-03 11:44:13 +01:00			`## Taiga`
			`taiga:`
			`version: "latest"`

			`## YOURLS`
			`yourls:`
			`administrator_username: "{{administrator_username}}"`
			`version: "latest"`