From 10b2ead705a8fa40ae74cf8bc987fa7c21a80241 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Fri, 21 Feb 2025 08:04:52 +0100 Subject: [PATCH] More optimation of domain bugs --- group_vars/all/07_applications.yml | 5 +++++ roles/docker-mailu/tasks/main.yml | 6 ++---- roles/docker-mailu/vars/main.yml | 5 ++++- roles/docker-nextcloud/README.md | 11 ++++++----- roles/docker-nextcloud/tasks/main.yml | 3 +++ roles/docker-nextcloud/tasks/oidc.yml | 7 +++++++ roles/nginx-domain-setup/tasks/main.yml | 15 +++++++++------ roles/user/tasks/main.yml | 7 +++++++ roles/user/templates/bash_profile.j2 | 5 +++++ 9 files changed, 48 insertions(+), 16 deletions(-) create mode 100644 roles/user/templates/bash_profile.j2 diff --git a/group_vars/all/07_applications.yml b/group_vars/all/07_applications.yml index eeb4393b..0a36036c 100644 --- a/group_vars/all/07_applications.yml +++ b/group_vars/all/07_applications.yml @@ -153,6 +153,7 @@ defaults_applications: # secret_key: # Set to a randomly generated 16 bytes string # database_password: # Needs to be set in inventory file # api_token: # Configures the authentication token. The minimum length is 3 characters. This is a mandatory setting for using the RESTful API. +# initial_administrator_password: # Initial administrator password for setup ## MariaDB mariadb: @@ -280,6 +281,10 @@ defaults_applications: postgres: database.version: "latest" + portfolio: + database: + central_storage: False # Portfolio doesn't use any database + # Snipe-IT snipe_it: version: "latest" diff --git a/roles/docker-mailu/tasks/main.yml b/roles/docker-mailu/tasks/main.yml index a455f8d2..4a01324c 100644 --- a/roles/docker-mailu/tasks/main.yml +++ b/roles/docker-mailu/tasks/main.yml @@ -21,11 +21,9 @@ - name: flush docker service meta: flush_handlers - when: applications.mailu.setup |bool - name: execute database migration command: - cmd: "docker compose -p mailu exec admin flask mailu admin admin {{primary_domain}} {{mailu_initial_root_password}}" + cmd: "docker compose -p mailu exec admin flask mailu admin admin {{primary_domain}} {{applications.mailu.initial_administrator_password}}" chdir: "{{docker_compose.directories.instance}}" - ignore_errors: true - when: applications.mailu.setup |bool \ No newline at end of file + ignore_errors: true \ No newline at end of file diff --git a/roles/docker-mailu/vars/main.yml b/roles/docker-mailu/vars/main.yml index 21d2b40c..92f2bc78 100644 --- a/roles/docker-mailu/vars/main.yml +++ b/roles/docker-mailu/vars/main.yml @@ -6,4 +6,7 @@ enable_wildcard_certificate: false # Use dedicated source for oidc if activated # @see https://github.com/heviat/Mailu-OIDC/tree/2024.06 -docker_source: "{{ 'ghcr.io/heviat' if applications[application_id].oidc.enabled | bool else 'ghcr.io/mailu' }}" \ No newline at end of file +docker_source: "{{ 'ghcr.io/heviat' if applications[application_id].oidc.enabled | bool else 'ghcr.io/mailu' }}" + +domain: "{{ domains[application_id] }}" +http_port: "{{ ports.localhost.http[application_id] }}" \ No newline at end of file diff --git a/roles/docker-nextcloud/README.md b/roles/docker-nextcloud/README.md index b17add2a..dfe8c4c6 100644 --- a/roles/docker-nextcloud/README.md +++ b/roles/docker-nextcloud/README.md @@ -84,11 +84,6 @@ docker-compose exec -it database mysql -u nextcloud -D nextcloud -p docker-compose run --detach --name database --env MYSQL_USER="nextcloud" --env MYSQL_PASSWORD=PASSWORD --env MYSQL_ROOT_PASSWORD=PASSWORD --env MYSQL_DATABASE="nextcloud" -v nextcloud_database:/var/lib/mysql ``` -Check the process with: -```sql -show processlist; -``` - --- ## OCC (Nextcloud Command Line) 🔧 @@ -125,6 +120,12 @@ docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mo OIDC is supported in this role—for example, via **Keycloak**. OIDC-specific tasks are included when enabled, allowing integration of external authentication providers seamlessly. +### Verify OIDC Configuration + +```bash +docker compose exec -u www-data application /var/www/html/occ config:app:get sociallogin custom_providers +``` + ## LDAP More information: https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html diff --git a/roles/docker-nextcloud/tasks/main.yml b/roles/docker-nextcloud/tasks/main.yml index 7be6c9c4..7ad19ce5 100644 --- a/roles/docker-nextcloud/tasks/main.yml +++ b/roles/docker-nextcloud/tasks/main.yml @@ -14,6 +14,9 @@ src: "proxy-nginx.conf.j2" dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf" notify: restart nginx + vars: + domain: "{{domains[application_id]}}" + http_port: "{{ports.localhost.http[application_id]}}" - name: create internal nextcloud nginx configuration template: diff --git a/roles/docker-nextcloud/tasks/oidc.yml b/roles/docker-nextcloud/tasks/oidc.yml index 83f00c3d..da5113d7 100644 --- a/roles/docker-nextcloud/tasks/oidc.yml +++ b/roles/docker-nextcloud/tasks/oidc.yml @@ -14,6 +14,13 @@ # This configuration allows users to connect multiple accounts to their Nextcloud profile # using the sociallogin app. +- name: install sociallogin plugin + command: "docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ app:install sociallogin" + ignore_errors: true + +- name: enable sociallogin plugin + command: "docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ app:enable sociallogin" + - name: Set custom_providers command: > docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ diff --git a/roles/nginx-domain-setup/tasks/main.yml b/roles/nginx-domain-setup/tasks/main.yml index e7736d82..ea6adef2 100644 --- a/roles/nginx-domain-setup/tasks/main.yml +++ b/roles/nginx-domain-setup/tasks/main.yml @@ -2,17 +2,20 @@ include_role: name: nginx-modifier-all -- name: "include role nginx-https-recieve-certificate for {{domain}}" - include_role: - name: nginx-https-recieve-certificate - - name: "Relevant variables for role: {{ role_path | basename }}" debug: msg: - domains: "{{domains}}" - applications: "{{applications}}" + domain: "{{domain}}" + domains: "{{domains}}" + applications: "{{applications}}" when: enable_debug | bool +- name: "include role nginx-https-recieve-certificate for {{domain}}" + include_role: + name: nginx-https-recieve-certificate + vars: + domain: "{{domain}}" + - name: "copy nginx domain configuration to {{configuration_destination}}" template: src: "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2" diff --git a/roles/user/tasks/main.yml b/roles/user/tasks/main.yml index 75698c34..eb9201bc 100644 --- a/roles/user/tasks/main.yml +++ b/roles/user/tasks/main.yml @@ -3,4 +3,11 @@ src: "bashrc.j2" dest: "{{ '/root/.bashrc' if user_name == 'root' else '/home/' ~ user_name ~ '/.bashrc' }}" owner: "{{user_name}}" + group: "{{user_name}}" + +- name: create .bash_profile + template: + src: "bash_profile.j2" + dest: "{{ '/root/.bash_profile' if user_name == 'root' else '/home/' ~ user_name ~ '/.bash_profile' }}" + owner: "{{user_name}}" group: "{{user_name}}" \ No newline at end of file diff --git a/roles/user/templates/bash_profile.j2 b/roles/user/templates/bash_profile.j2 new file mode 100644 index 00000000..5545f007 --- /dev/null +++ b/roles/user/templates/bash_profile.j2 @@ -0,0 +1,5 @@ +# +# ~/.bash_profile +# + +[[ -f ~/.bashrc ]] && . ~/.bashrc