diff --git a/group_vars/all/00_general.yml b/group_vars/all/00_general.yml index cf8583a7..c0b07b45 100644 --- a/group_vars/all/00_general.yml +++ b/group_vars/all/00_general.yml @@ -10,9 +10,9 @@ primary_domain_sld: "cymais" # Second primary_domain: "{{primary_domain_sld}}.{{primary_domain_tld}}" # Primary Domain of the server # Administrator -administrator_username: "administrator" # Username of the administrator -administrator_email: "{{administrator_username}}@{{primary_domain}}" # Email of the administrator -#user_administrator_initial_password: EXAMPLE_PASSWORD_123456 # Example initialisation password needs to be set in inventory file +administrator_username: "administrator" # Username of the administrator +administrator_email: "{{administrator_username}}@{{primary_domain}}" # Email of the administrator +# administrator_initial_password: Null # Example initialisation password needs to be set in inventory file # Test Email test_email: "test@{{primary_domain}}" diff --git a/group_vars/all/07_applications.yml b/group_vars/all/07_applications.yml index 0a36036c..7615efeb 100644 --- a/group_vars/all/07_applications.yml +++ b/group_vars/all/07_applications.yml @@ -109,7 +109,7 @@ defaults_applications: ldap: lam: version: "latest" - administrator_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons + administrator_password: "{{administrator_initial_password}}" # CHANGE for security reasons openldap: version: "latest" network: @@ -226,12 +226,16 @@ defaults_applications: nextcloud: version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/ ldap_enabled: True # Enables LDAP by default, missing ansible setup tasks @todo setup -# database_password: Null # Needs to be set in inventory file oidc: enabled: true # Activate OIDC for Nextcloud force_import: False # Forces the import of the LDIF files database: - central_storage: True + central_storage: True + credentials: +# database_password: Null # Needs to be set in inventory file + administrator_username: "{{administrator_username}}" + administrator_initial_passwords: "{{administrator_initial_password}}" + ## OAuth2 Proxy oauth2_proxy: diff --git a/roles/docker-mastodon/tasks/create-domains.yml b/roles/docker-mastodon/tasks/create-domains.yml index 37ccc067..18a1e39f 100644 --- a/roles/docker-mastodon/tasks/create-domains.yml +++ b/roles/docker-mastodon/tasks/create-domains.yml @@ -1,11 +1,9 @@ - name: "include role receive certbot certificate" include_role: name: nginx-https-recieve-certificate - vars: - domain: "{{domains[application_id]}}" -- name: configure {{domains[application_id]}}.conf +- name: configure {{domain}}.conf template: src: "mastodon.conf.j2" - dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf" + dest: "{{nginx.directories.http.servers}}{{domain}}.conf" notify: restart nginx \ No newline at end of file diff --git a/roles/docker-mastodon/tasks/main.yml b/roles/docker-mastodon/tasks/main.yml index 7923142f..af01e60f 100644 --- a/roles/docker-mastodon/tasks/main.yml +++ b/roles/docker-mastodon/tasks/main.yml @@ -3,11 +3,13 @@ include_role: name: docker-central-database -- name: "include create-domains.yml" +- name: "include create-domains.yml for mastodon" include_tasks: create-domains.yml - loop: "{{ [domain] + domains.mastodon_alternates }}" + loop: "{{ [domains.mastodon] + domains.mastodon_alternates }}" loop_control: loop_var: domain + vars: + http: "{{ ports.localhost.http[application_id] }}" - name: "copy docker-compose.yml and env file" include_tasks: copy-docker-compose-and-env.yml diff --git a/roles/docker-nextcloud/templates/env.j2 b/roles/docker-nextcloud/templates/env.j2 index 6ca71fed..52dbe782 100644 --- a/roles/docker-nextcloud/templates/env.j2 +++ b/roles/docker-nextcloud/templates/env.j2 @@ -18,5 +18,11 @@ SMTP_NAME= {{system_email.username}} SMTP_PASSWORD= {{system_email.password}} # Email from configuration -MAIL_FROM_ADDRESS=no-reply -MAIL_DOMAIN= {{system_email.domain}} \ No newline at end of file +MAIL_FROM_ADDRESS= {{system_email.local}} +MAIL_DOMAIN= {{system_email.domain}} + +# Initial Admin Data +NEXTCLOUD_ADMIN_USER= {{applications.[application_id].credentials.administrator_username}} +NEXTCLOUD_ADMIN_PASSWORD= {{applications.[application_id].credentials.administrator_initial_password}} + +NEXTCLOUD_TRUSTED_DOMAINS= {{domains[application_id]}} \ No newline at end of file diff --git a/roles/docker-nextcloud/vars/main.yml b/roles/docker-nextcloud/vars/main.yml index 9e75a424..6dd41feb 100644 --- a/roles/docker-nextcloud/vars/main.yml +++ b/roles/docker-nextcloud/vars/main.yml @@ -1,6 +1,6 @@ --- application_id: "nextcloud" -database_password: "{{applications.nextcloud.database_password}}" +database_password: "{{applications.nextcloud.credentials.database_password}}" database_type: "mariadb" nextcloud_application_container_name: "nextcloud-application" nextcloud_nginx_container_name: "nextcloud-web" \ No newline at end of file diff --git a/roles/docker-peertube/tasks/create-domains.yml b/roles/docker-peertube/tasks/create-domains.yml index a0460f16..7c2afbc0 100644 --- a/roles/docker-peertube/tasks/create-domains.yml +++ b/roles/docker-peertube/tasks/create-domains.yml @@ -1,11 +1,9 @@ - name: "include role receive certbot certificate" include_role: name: nginx-https-recieve-certificate - vars: - domain: "{{domains[application_id]}}" -- name: configure {{domains[application_id]}}.conf +- name: configure {{domain}}.conf template: src: "templates/peertube.conf.j2" - dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf" + dest: "{{nginx.directories.http.servers}}{{domain}}.conf" notify: restart nginx \ No newline at end of file diff --git a/roles/docker-peertube/tasks/main.yml b/roles/docker-peertube/tasks/main.yml index f03389be..1891ab29 100644 --- a/roles/docker-peertube/tasks/main.yml +++ b/roles/docker-peertube/tasks/main.yml @@ -3,11 +3,13 @@ include_role: name: docker-central-database -- name: "include create-domains.yml" +- name: "include create-domains.yml for peertube" include_tasks: create-domains.yml - loop: "{{ [domain] + domains.peertube_alternates }}" + loop: "{{ [domains.peertube] + domains.peertube_alternates }}" loop_control: loop_var: domain + vars: + http: "{{ ports.localhost.http[application_id] }}" - name: "copy docker-compose.yml and env file" include_tasks: copy-docker-compose-and-env.yml diff --git a/roles/nginx-domain-setup/tasks/main.yml b/roles/nginx-domain-setup/tasks/main.yml index ea6adef2..b43ae2dc 100644 --- a/roles/nginx-domain-setup/tasks/main.yml +++ b/roles/nginx-domain-setup/tasks/main.yml @@ -13,8 +13,6 @@ - name: "include role nginx-https-recieve-certificate for {{domain}}" include_role: name: nginx-https-recieve-certificate - vars: - domain: "{{domain}}" - name: "copy nginx domain configuration to {{configuration_destination}}" template: diff --git a/roles/nginx-modifier-matomo/meta/main.yml b/roles/nginx-modifier-matomo/meta/main.yml index 2cddab86..df03f81e 100644 --- a/roles/nginx-modifier-matomo/meta/main.yml +++ b/roles/nginx-modifier-matomo/meta/main.yml @@ -1,3 +1,3 @@ dependencies: - - docker-matomo + # - docker-matomo Don't activate this otherwise the plays take super long - nginx \ No newline at end of file diff --git a/roles/user-administrator/tasks/main.yml b/roles/user-administrator/tasks/main.yml index 5cd877e0..10195251 100644 --- a/roles/user-administrator/tasks/main.yml +++ b/roles/user-administrator/tasks/main.yml @@ -2,7 +2,7 @@ user: name: administrator update_password: on_create - password: "{{ user_administrator_initial_password | password_hash('sha512') }}" + password: "{{ administrator_initial_password | password_hash('sha512') }}" create_home: yes generate_ssh_key: yes ssh_key_type: rsa