mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-08-29 15:06:26 +02:00
Optimized LDAP integration, keycloak realm import and health checks for docker images
This commit is contained in:
@@ -54,7 +54,8 @@ defaults_applications:
|
||||
|
||||
## Funkwhale
|
||||
funkwhale:
|
||||
version: "1.4.0"
|
||||
version: "1.4.0"
|
||||
ldap_enabled: True # Enables LDAP by default
|
||||
|
||||
## Gitea
|
||||
gitea:
|
||||
@@ -70,11 +71,11 @@ defaults_applications:
|
||||
|
||||
## Keycloak
|
||||
keycloak:
|
||||
version: "latest"
|
||||
administrator_username: "{{administrator_username}}" # Administrator Username for Keycloak
|
||||
# database_password: # Needs to be defined in inventory file
|
||||
# administrator_password: # Needs to be defined in inventory file
|
||||
|
||||
version: "latest"
|
||||
administrator_username: "{{administrator_username}}" # Administrator Username for Keycloak
|
||||
ldap_enabled: True # Enables LDAP by default
|
||||
# database_password: # Needs to be defined in inventory file
|
||||
# administrator_password: # Needs to be defined in inventory file
|
||||
|
||||
## LDAP
|
||||
ldap:
|
||||
@@ -92,15 +93,17 @@ defaults_applications:
|
||||
version: "2.0.0-dev" # @todo Attention: Change this as fast as released to latest
|
||||
webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin
|
||||
administrator_username: "{{administrator_username}}"
|
||||
# administrator_password: # CHANGE for security reasons in inventory file
|
||||
# administrator_database_password: # CHANGE for security reasons in inventory file
|
||||
ldap_enabled: True # Should have the same value as applications.ldap.openldap.network.local.
|
||||
# Both need to be set to True to load the ldap_network in the docker compose file
|
||||
# administrator_password: # CHANGE for security reasons in inventory file
|
||||
# administrator_database_password: # CHANGE for security reasons in inventory file
|
||||
|
||||
## Listmonk
|
||||
listmonk:
|
||||
administrator_username: "{{administrator_username}}"
|
||||
public_api_activated: False # Security hole. Can be used for spaming
|
||||
version: "latest"
|
||||
setup: false # Set true in inventory file to execute the setup and initializing procedures
|
||||
public_api_activated: False # Security hole. Can be used for spaming
|
||||
version: "latest" # Docker Image version
|
||||
setup: false # Set true in inventory file to execute the setup and initializing procedures
|
||||
|
||||
## MariaDB
|
||||
mariadb:
|
||||
@@ -148,19 +151,21 @@ defaults_applications:
|
||||
## Nextcloud
|
||||
nextcloud:
|
||||
version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
|
||||
ldap_enabled: True # Enables LDAP by default
|
||||
|
||||
## OAuth2 Proxy
|
||||
oauth2_proxy:
|
||||
configuration_file: "oauth2-proxy-keycloak.cfg" # Needs to be set true in the roles which use it
|
||||
version: "latest"
|
||||
redirect_url: "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
|
||||
allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups
|
||||
cookie_secret: "{{ applications.oauth2_proxy.cookie_secret if applications.oauth2_proxy is defined else '' }}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16
|
||||
configuration_file: "oauth2-proxy-keycloak.cfg" # Needs to be set true in the roles which use it
|
||||
version: "latest" # Docker Image version
|
||||
redirect_url: "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
|
||||
allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups
|
||||
cookie_secret: "{{ applications.oauth2_proxy.cookie_secret if applications.oauth2_proxy is defined else '' }}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16
|
||||
|
||||
## Open Project
|
||||
openproject:
|
||||
version: "13" # Update when available. Sadly no rolling release implemented
|
||||
version: "13" # Update when available. Sadly no rolling release implemented
|
||||
oauth2_proxy_active: true
|
||||
ldap_enabled: True # Enables LDAP by default
|
||||
|
||||
## Peertube
|
||||
peertube:
|
||||
@@ -174,8 +179,8 @@ defaults_applications:
|
||||
|
||||
## Pixelfed
|
||||
pixelfed:
|
||||
titel: "Pictures on {{primary_domain}}"
|
||||
version: "latest"
|
||||
titel: "Pictures on {{primary_domain}}"
|
||||
version: "latest"
|
||||
|
||||
## Postgres
|
||||
# Please set an version in your inventory file - Rolling release for postgres isn't recommended
|
||||
@@ -188,7 +193,7 @@ defaults_applications:
|
||||
|
||||
## Taiga
|
||||
taiga:
|
||||
version: "latest"
|
||||
version: "latest"
|
||||
|
||||
## YOURLS
|
||||
yourls:
|
||||
|
||||
@@ -39,10 +39,6 @@ oauth2_proxy_active: false
|
||||
# Helper variables
|
||||
_ldap_dn_base: "dc={{primary_domain_sld}},dc={{primary_domain_tld}}"
|
||||
|
||||
|
||||
# This leads to that the role gets configured to use ldap
|
||||
ldap_enabled: false
|
||||
|
||||
ldap:
|
||||
# Enables LDAP for all roles in play if true
|
||||
enabled: true
|
||||
|
||||
Reference in New Issue
Block a user