More optimation of domain bugs

2025-02-22 12:29:39 +01:00 · 2025-02-21 08:04:52 +01:00 · 2025-02-21 08:04:52 +01:00 · 10b2ead705
commit 10b2ead705
parent c4b622ccdb
9 changed files with 48 additions and 16 deletions
--- a/group_vars/all/07_applications.yml
+++ b/group_vars/all/07_applications.yml
@ -153,6 +153,7 @@ defaults_applications:
 #     secret_key:                                                               # Set to a randomly generated 16 bytes string
 #     database_password:                                                        # Needs to be set in inventory file
 #     api_token:                                                                # Configures the authentication token. The minimum length is 3 characters. This is a mandatory setting for using the RESTful API.
+#     initial_administrator_password:                                           # Initial administrator password for setup 

  ## MariaDB
  mariadb:
@ -280,6 +281,10 @@ defaults_applications:
  postgres:
    database.version:  "latest"

+  portfolio:
+    database:
+      central_storage:  False # Portfolio doesn't use any database
+
  # Snipe-IT
  snipe_it:
    version:           "latest"
--- a/roles/docker-mailu/tasks/main.yml
+++ b/roles/docker-mailu/tasks/main.yml
@ -21,11 +21,9 @@

 - name: flush docker service
  meta: flush_handlers
-  when: applications.mailu.setup |bool 

 - name: execute database migration
  command:
-    cmd: "docker compose -p mailu exec admin flask mailu admin admin {{primary_domain}} {{mailu_initial_root_password}}"
+    cmd: "docker compose -p mailu exec admin flask mailu admin admin {{primary_domain}} {{applications.mailu.initial_administrator_password}}"
    chdir: "{{docker_compose.directories.instance}}"
  ignore_errors: true
-  when: applications.mailu.setup |bool 
--- a/roles/docker-mailu/vars/main.yml
+++ b/roles/docker-mailu/vars/main.yml
@ -7,3 +7,6 @@ enable_wildcard_certificate:  false
 # Use dedicated source for oidc if activated  
 # @see https://github.com/heviat/Mailu-OIDC/tree/2024.06
 docker_source:                "{{ 'ghcr.io/heviat' if applications[application_id].oidc.enabled | bool else 'ghcr.io/mailu' }}"
+
+domain:     "{{ domains[application_id] }}"
+http_port: 	"{{ ports.localhost.http[application_id] }}"
--- a/roles/docker-nextcloud/README.md
+++ b/roles/docker-nextcloud/README.md
@ -84,11 +84,6 @@ docker-compose exec -it database mysql -u nextcloud -D nextcloud -p
 docker-compose run --detach --name database --env MYSQL_USER="nextcloud" --env MYSQL_PASSWORD=PASSWORD --env MYSQL_ROOT_PASSWORD=PASSWORD --env MYSQL_DATABASE="nextcloud" -v nextcloud_database:/var/lib/mysql
 ```

-Check the process with:
-```sql
-show processlist;
-```
-
 ---

 ## OCC (Nextcloud Command Line) 🔧
@ -125,6 +120,12 @@ docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mo

 OIDC is supported in this role—for example, via **Keycloak**. OIDC-specific tasks are included when enabled, allowing integration of external authentication providers seamlessly.

+### Verify OIDC Configuration
+
+```bash
+docker compose exec -u www-data application /var/www/html/occ config:app:get sociallogin custom_providers
+```
+
 ## LDAP 

 More information: https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html
--- a/roles/docker-nextcloud/tasks/main.yml
+++ b/roles/docker-nextcloud/tasks/main.yml
@ -14,6 +14,9 @@
    src:  "proxy-nginx.conf.j2" 
    dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
  notify: restart nginx
+  vars:
+    domain:    "{{domains[application_id]}}"
+    http_port: "{{ports.localhost.http[application_id]}}"

 - name: create internal nextcloud nginx configuration
  template: 
--- a/roles/docker-nextcloud/tasks/oidc.yml
+++ b/roles/docker-nextcloud/tasks/oidc.yml
@ -14,6 +14,13 @@
  # This configuration allows users to connect multiple accounts to their Nextcloud profile
  # using the sociallogin app.

+- name: install sociallogin plugin
+  command: "docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ app:install sociallogin"
+  ignore_errors: true
+
+- name: enable sociallogin plugin
+  command: "docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ app:enable sociallogin"
+
 - name: Set custom_providers
  command: >
    docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ
--- a/roles/nginx-domain-setup/tasks/main.yml
+++ b/roles/nginx-domain-setup/tasks/main.yml
@ -2,17 +2,20 @@
  include_role: 
    name: nginx-modifier-all

- name: "include role nginx-https-recieve-certificate for {{domain}}"
-  include_role: 
-    name: nginx-https-recieve-certificate
-
 - name: "Relevant variables for role: {{ role_path | basename }}"
  debug:
    msg:
+      domain:       "{{domain}}"
      domains:      "{{domains}}"
      applications: "{{applications}}"
  when: enable_debug | bool

+- name: "include role nginx-https-recieve-certificate for {{domain}}"
+  include_role: 
+    name: nginx-https-recieve-certificate
+  vars:
+    domain: "{{domain}}"
+
 - name: "copy nginx domain configuration to {{configuration_destination}}"
  template: 
    src:  "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2" 
--- a/roles/user/tasks/main.yml
+++ b/roles/user/tasks/main.yml
@ -4,3 +4,10 @@
    dest: "{{ '/root/.bashrc' if user_name == 'root' else '/home/' ~ user_name ~ '/.bashrc' }}"
    owner: "{{user_name}}"
    group: "{{user_name}}"
+
+- name: create .bash_profile
+  template:
+    src: "bash_profile.j2"
+    dest: "{{ '/root/.bash_profile' if user_name == 'root' else '/home/' ~ user_name ~ '/.bash_profile' }}"
+    owner: "{{user_name}}"
+    group: "{{user_name}}"
--- a/roles/user/templates/bash_profile.j2
+++ b/roles/user/templates/bash_profile.j2
@ -0,0 +1,5 @@
+#
+# ~/.bash_profile
+#
+
+[[ -f ~/.bashrc ]] && . ~/.bashrc