From 26942a92650ecac3dae6bd06fce81331faa66a71 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Wed, 5 Feb 2025 11:44:11 +0100 Subject: [PATCH] Continued snipe-it implementation --- group_vars/all/02_system_email.yml | 2 +- roles/docker-baserow/templates/env.j2 | 2 +- roles/docker-bigbluebutton/templates/env.j2 | 2 +- .../templates/docker-compose.yml.j2 | 2 +- roles/docker-central-database/tasks/main.yml | 3 ++ .../templates/discourse_application.yml.j2 | 2 +- roles/docker-friendica/templates/env.j2 | 2 +- roles/docker-funkwhale/templates/env.j2 | 2 +- roles/docker-mastodon/templates/env.j2 | 2 +- .../templates/synapse/homeserver.yaml.j2 | 2 +- roles/docker-nextcloud/templates/env.j2 | 2 +- roles/docker-peertube/templates/env.j2 | 2 +- roles/docker-pixelfed/templates/env.j2 | 6 +-- roles/docker-snipe_it/tasks/main.yml | 14 +++++-- roles/docker-snipe_it/templates/env.j2 | 38 ++++++++++--------- roles/docker-snipe_it/vars/main.yml | 11 ++++-- roles/docker-taiga/templates/env.j2 | 2 +- .../templates/msmtprc.conf.j2 | 2 +- 18 files changed, 57 insertions(+), 41 deletions(-) diff --git a/group_vars/all/02_system_email.yml b/group_vars/all/02_system_email.yml index bb027c51..d985511c 100644 --- a/group_vars/all/02_system_email.yml +++ b/group_vars/all/02_system_email.yml @@ -4,7 +4,7 @@ default_system_email: domain: "{{primary_domain}}" username: "no-reply@{{primary_domain}}" host: "mail.{{primary_domain}}" - smtp_port: 465 + port: 465 tls: true start_tls: false from: "no-reply@{{primary_domain}}" diff --git a/roles/docker-baserow/templates/env.j2 b/roles/docker-baserow/templates/env.j2 index 048cec58..3a35cd72 100644 --- a/roles/docker-baserow/templates/env.j2 +++ b/roles/docker-baserow/templates/env.j2 @@ -4,7 +4,7 @@ BASEROW_PUBLIC_URL=https://{{ domain }} # Email Server Configuration EMAIL_SMTP={{ system_email.smtp | upper }} EMAIL_SMTP_HOST={{ system_email.host }} -EMAIL_SMTP_PORT={{ system_email.smtp_port }} +EMAIL_SMTP_PORT={{ system_email.port }} EMAIL_SMTP_USER={{system_email.username}} EMAIL_SMTP_PASSWORD={{ system_email.password }} EMAIL_SMTP_USE_TLS={{ system_email.tls | upper }} diff --git a/roles/docker-bigbluebutton/templates/env.j2 b/roles/docker-bigbluebutton/templates/env.j2 index e05108f4..37264b6f 100644 --- a/roles/docker-bigbluebutton/templates/env.j2 +++ b/roles/docker-bigbluebutton/templates/env.j2 @@ -204,7 +204,7 @@ ALLOW_GREENLIGHT_ACCOUNTS=true SMTP_SERVER={{system_email.host}} SMTP_DOMAIN={{domain}} -SMTP_PORT={{system_email.smtp_port}} +SMTP_PORT={{system_email.port}} SMTP_USERNAME={{system_email.username}} SMTP_PASSWORD={{system_email.password}} SMTP_AUTH=plain diff --git a/roles/docker-bluesky/templates/docker-compose.yml.j2 b/roles/docker-bluesky/templates/docker-compose.yml.j2 index ca4b4752..38e024ff 100644 --- a/roles/docker-bluesky/templates/docker-compose.yml.j2 +++ b/roles/docker-bluesky/templates/docker-compose.yml.j2 @@ -16,7 +16,7 @@ services: PDS_ADMIN_PASSWORD: "{{bluesky_pds_admin_password}}" PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: "{{bluesky_pds_plc_rotation_key_k256_private_key_hex}}" PDS_CRAWLERS: https://bsky.network - PDS_EMAIL_SMTP_URL: smtps://{{system_email.username}}:{{system_email.password}}@{{system_email.host}}:{{system_email.smtp_port}}/ + PDS_EMAIL_SMTP_URL: smtps://{{system_email.username}}:{{system_email.password}}@{{system_email.host}}:{{system_email.port}}/ PDS_EMAIL_FROM_ADDRESS: {{system_email.from}} LOG_ENABLED: true PDS_BLOBSTORE_DISK_LOCATION: /opt/pds/blocks diff --git a/roles/docker-central-database/tasks/main.yml b/roles/docker-central-database/tasks/main.yml index 5d3d59b1..015a5d36 100644 --- a/roles/docker-central-database/tasks/main.yml +++ b/roles/docker-central-database/tasks/main.yml @@ -7,11 +7,14 @@ - name: "load variables from {{ role_path }}/vars/database.yml for whole play" include_vars: "{{ role_path }}/vars/database.yml" +# The following env file will just be used from the dedicated mariadb container +# and not the central-mariadb-database - name: "create {{database_env}}" template: src: "env/{{database_type}}.env.j2" dest: "{{database_env}}" notify: docker compose project build and setup + when: not enable_central_database | bool - name: create central database include_role: diff --git a/roles/docker-discourse/templates/discourse_application.yml.j2 b/roles/docker-discourse/templates/discourse_application.yml.j2 index 47353282..20d0e8f2 100644 --- a/roles/docker-discourse/templates/discourse_application.yml.j2 +++ b/roles/docker-discourse/templates/discourse_application.yml.j2 @@ -53,7 +53,7 @@ env: # SMTP ADDRESS, username, and password are required # WARNING the char '#' in SMTP password can cause problems! DISCOURSE_SMTP_ADDRESS: {{ system_email.host }} - DISCOURSE_SMTP_PORT: {{ system_email.smtp_port }} + DISCOURSE_SMTP_PORT: {{ system_email.port }} DISCOURSE_SMTP_USER_NAME: {{system_email.username}} DISCOURSE_SMTP_PASSWORD: {{ system_email.password }} DISCOURSE_SMTP_ENABLE_START_TLS: {{ system_email.start_tls | upper }} diff --git a/roles/docker-friendica/templates/env.j2 b/roles/docker-friendica/templates/env.j2 index 9c6e09c5..6ac91aa3 100644 --- a/roles/docker-friendica/templates/env.j2 +++ b/roles/docker-friendica/templates/env.j2 @@ -17,7 +17,7 @@ MYSQL_PASSWORD= {{database_password}} # Email Configuration SMTP= {{system_email.host}} SMTP_DOMAIN= {{system_email.domain}} -SMTP_PORT= {{system_email.smtp_port}} +SMTP_PORT= {{system_email.port}} SMTP_AUTH_USER= {{system_email.username}} SMTP_AUTH_PASS= {{system_email.password}} SMTP_TLS= {{ 'on' if system_email.tls else 'off' }} diff --git a/roles/docker-funkwhale/templates/env.j2 b/roles/docker-funkwhale/templates/env.j2 index 76e87a71..6c5f5d25 100644 --- a/roles/docker-funkwhale/templates/env.j2 +++ b/roles/docker-funkwhale/templates/env.j2 @@ -59,7 +59,7 @@ LOGLEVEL=error # (returns `noreply%40youremail.host`) # EMAIL_CONFIG=smtp://user:password@youremail.host:25 # EMAIL_CONFIG=smtp+ssl://user:password@youremail.host:465 -EMAIL_CONFIG=smtp+tls://{{system_email.local}}:{{system_email.password}}@{{system_email.host}}:{{system_email.smtp_port}} +EMAIL_CONFIG=smtp+tls://{{system_email.local}}:{{system_email.password}}@{{system_email.host}}:{{system_email.port}} # Make e-mail verification mandatory before using the service # Doesn't apply to admins. diff --git a/roles/docker-mastodon/templates/env.j2 b/roles/docker-mastodon/templates/env.j2 index 5bc4ed1c..1d4bc431 100644 --- a/roles/docker-mastodon/templates/env.j2 +++ b/roles/docker-mastodon/templates/env.j2 @@ -17,7 +17,7 @@ REDIS_PORT=6379 REDIS_PASSWORD= SMTP_SERVER={{system_email.host}} -SMTP_PORT={{system_email.smtp_port}} +SMTP_PORT={{system_email.port}} SMTP_LOGIN={{system_email.username}} SMTP_PASSWORD={{system_email.password}} SMTP_AUTH_METHOD=plain diff --git a/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2 b/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2 index 254d3c5d..56db6677 100644 --- a/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2 +++ b/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2 @@ -32,7 +32,7 @@ admin_contact: 'mailto:{{administrator_email}}' email: smtp_host: "{{system_email.host}}" - smtp_port: "{{system_email.smtp_port}}" + smtp_port: "{{system_email.port}}" smtp_user: "{{system_email.from}}" smtp_pass: "{{system_email.password}}" #force_tls: true diff --git a/roles/docker-nextcloud/templates/env.j2 b/roles/docker-nextcloud/templates/env.j2 index bb5b971e..798ddab9 100644 --- a/roles/docker-nextcloud/templates/env.j2 +++ b/roles/docker-nextcloud/templates/env.j2 @@ -12,7 +12,7 @@ PHP_MEMORY_LIMIT= 1G # Required for plugin duplicate finder # Email Configuration SMTP_HOST= {{system_email.host}} SMTP_SECURE= {{ 'ssl' if system_email.tls else '' }} -SMTP_PORT= {{system_email.smtp_port}} +SMTP_PORT= {{system_email.port}} SMTP_NAME= {{system_email.username}} SMTP_PASSWORD= {{system_email.password}} diff --git a/roles/docker-peertube/templates/env.j2 b/roles/docker-peertube/templates/env.j2 index f3a617d2..39ce6e45 100644 --- a/roles/docker-peertube/templates/env.j2 +++ b/roles/docker-peertube/templates/env.j2 @@ -17,7 +17,7 @@ PEERTUBE_SECRET={{peertube_secret}} PEERTUBE_SMTP_USERNAME={{system_email.username}} PEERTUBE_SMTP_PASSWORD={{system_email.password}} PEERTUBE_SMTP_HOSTNAME={{system_email.host}} -PEERTUBE_SMTP_PORT={{system_email.smtp_port}} +PEERTUBE_SMTP_PORT={{system_email.port}} PEERTUBE_SMTP_FROM={{system_email.from}} PEERTUBE_SMTP_TLS={{ system_email.tls | lower }} PEERTUBE_SMTP_DISABLE_STARTTLS={{ 'false' if system_email.start_tls else 'true' }} diff --git a/roles/docker-pixelfed/templates/env.j2 b/roles/docker-pixelfed/templates/env.j2 index 5ddb5a30..71d6e719 100644 --- a/roles/docker-pixelfed/templates/env.j2 +++ b/roles/docker-pixelfed/templates/env.j2 @@ -4,7 +4,7 @@ APP_KEY={{pixelfed_app_key}} ## General Settings APP_NAME="{{applications.pixelfed.titel}}" APP_ENV=production -APP_DEBUG=false +APP_DEBUG={{mode_debug | string | lower }} APP_URL=https://{{domain}} APP_DOMAIN="{{domain}}" ADMIN_DOMAIN="{{domain}}" @@ -47,7 +47,7 @@ RESTRICTED_INSTANCE=false ## Mail MAIL_DRIVER=log MAIL_HOST={{system_email.host}} -MAIL_PORT={{system_email.smtp_port}} +MAIL_PORT={{system_email.port}} MAIL_FROM_ADDRESS="{{system_email.from}}" MAIL_FROM_NAME="Pixelfed" MAIL_USERNAME={{system_email.username}} @@ -60,7 +60,7 @@ MAIL_ENCRYPTION={{ 'ssl' if system_email.start_tls else 'tls' }} DB_CONNECTION=mysql DB_DATABASE={{database_name}} DB_HOST={{database_host}} -DB_PASSWORD="{{pixelfed_database_password}}" +DB_PASSWORD="{{database_password}}" DB_PORT="{{database_port}}" DB_USERNAME={{database_username}} diff --git a/roles/docker-snipe_it/tasks/main.yml b/roles/docker-snipe_it/tasks/main.yml index 6d88d3d9..2cb38eae 100644 --- a/roles/docker-snipe_it/tasks/main.yml +++ b/roles/docker-snipe_it/tasks/main.yml @@ -6,10 +6,16 @@ - name: "include tasks nginx-docker-proxy-domain.yml" include_tasks: nginx-docker-proxy-domain.yml -- name: create .env - template: src=env.j2 dest={{docker_compose.directories.instance}}/.env +- name: "create {{docker_compose.files.docker_compose}}" + template: + src: "docker-compose.yml.j2" + dest: "{{docker_compose.files.docker_compose}}" notify: docker compose project setup -- name: add docker-compose.yml - template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml +- name: "create {{docker_compose.files.env}}" + template: + src: "env.j2" + dest: "{{docker_compose.files.env}}" + mode: '770' + force: yes notify: docker compose project setup diff --git a/roles/docker-snipe_it/templates/env.j2 b/roles/docker-snipe_it/templates/env.j2 index 92aa92e1..5b2fb1cb 100644 --- a/roles/docker-snipe_it/templates/env.j2 +++ b/roles/docker-snipe_it/templates/env.j2 @@ -2,10 +2,10 @@ # REQUIRED: BASIC APP SETTINGS # -------------------------------------------- APP_ENV=production -APP_DEBUG=false +APP_DEBUG={{mode_debug | string | lower }} # Please regenerate the APP_KEY value by calling `docker compose run --rm app php artisan key:generate --show`. Copy paste the value here -APP_KEY=base64:3ilviXqB9u6DX1NRcyWGJ+sjySF+H18CPDGb3+IVwMQ= -APP_URL=https://{{domain}} +APP_KEY={{applications.snipe_it.app_key}} +APP_URL=http://{{domain}} # https://en.wikipedia.org/wiki/List_of_tz_database_time_zones - TZ identifier APP_TIMEZONE='{{timezone}}' APP_LOCALE={{locale}} @@ -25,13 +25,15 @@ DB_HOST={{database_host}} DB_PORT={{database_port}} DB_DATABASE={{database_name}} DB_USERNAME={{database_username}} -DB_PASSWORD={{pixelfed_database_password}} -#MYSQL_ROOT_PASSWORD= -#DB_PREFIX=null -#DB_DUMP_PATH='/usr/bin' -#DB_CHARSET=utf8mb4 -#DB_COLLATION=utf8mb4_unicode_ci +DB_PASSWORD={{database_password}} +{% if not enable_central_database | bool %} +MYSQL_ROOT_PASSWORD={{database_password}} +DB_PREFIX=null +DB_DUMP_PATH='/usr/bin' +DB_CHARSET=utf8mb4 +DB_COLLATION=utf8mb4_unicode_ci +{% endif %} # -------------------------------------------- # OPTIONAL: SSL DATABASE SETTINGS # -------------------------------------------- @@ -47,14 +49,14 @@ DB_SSL_VERIFY_SERVER=null # REQUIRED: OUTGOING MAIL SERVER SETTINGS # -------------------------------------------- MAIL_MAILER = smtp -MAIL_HOST = {{system_email.host}} # SMTP server address -MAIL_PORT = {{system_email.host}} # SMTP server address -MAIL_USERNAME = {{system_email.username}} # user to connect the SMTP server -MAIL_PASSWORD = {{system_email.password}} # SMTP user's password -MAIL_TLS_VERIFY_PEER = EMAIL_USE_TLS={{ system_email.tls | lower | capitalize }} # use TLS (secure) connection with the SMTP server -MAIL_FROM_ADDR = {{system_email.from}} # default email address for the automated emails +MAIL_HOST = {{system_email.host}} # SMTP server address +MAIL_PORT = {{system_email.port}} # SMTP server address +MAIL_USERNAME = {{system_email.username}} # user to connect the SMTP server +MAIL_PASSWORD = {{system_email.password}} # SMTP user's password +MAIL_TLS_VERIFY_PEER = {{ system_email.tls | lower | capitalize }} # use TLS (secure) connection with the SMTP server +MAIL_FROM_ADDR = {{system_email.from}} # default email address for the automated emails MAIL_FROM_NAME = 'Snipe-IT' -MAIL_REPLYTO_ADDR = {{system_email.from}} # default email address for the automated emails +MAIL_REPLYTO_ADDR = {{system_email.from}} # default email address for the automated emails MAIL_REPLYTO_NAME = 'Snipe-IT' MAIL_AUTO_EMBED_METHOD = 'attachment' @@ -94,7 +96,7 @@ API_TOKEN_EXPIRATION_YEARS=40 APP_TRUSTED_PROXIES=172.17.0.1 # Docker Gateway ALLOW_IFRAMING=false REFERRER_POLICY=same-origin -ENABLE_CSP=true +ENABLE_CSP=false CORS_ALLOWED_ORIGINS=null ENABLE_HSTS=false # Certificates managed by nginx @@ -160,7 +162,7 @@ LOG_CHANNEL=stderr LOG_MAX_DAYS=10 APP_LOCKED=false APP_CIPHER=AES-256-CBC -APP_FORCE_TLS=false +APP_FORCE_TLS=true GOOGLE_MAPS_API= LDAP_MEM_LIM=500M LDAP_TIME_LIM=600 \ No newline at end of file diff --git a/roles/docker-snipe_it/vars/main.yml b/roles/docker-snipe_it/vars/main.yml index 282f78fd..f26e75ef 100644 --- a/roles/docker-snipe_it/vars/main.yml +++ b/roles/docker-snipe_it/vars/main.yml @@ -1,3 +1,8 @@ -application_id: "snipe_it" -database_password: "{{applications.snipe_it.database_password}}" -database_type: "mariadb" \ No newline at end of file +application_id: "snipe_it" +database_password: "{{applications.snipe_it.database_password}}" +database_type: "mariadb" + +# deactivated due to error +# SQLSTATE[42000]: Syntax error or access violation: 1067 Invalid default value for 'locale' +# alter table `users` add `locale` varchar(5) null default 'locale' +enable_central_database: false \ No newline at end of file diff --git a/roles/docker-taiga/templates/env.j2 b/roles/docker-taiga/templates/env.j2 index 8a388705..4f9ef2f6 100644 --- a/roles/docker-taiga/templates/env.j2 +++ b/roles/docker-taiga/templates/env.j2 @@ -18,7 +18,7 @@ POSTGRES_HOST = "{{database_host}}" # Taiga's SMTP settings - Variables to send Taiga's emails to the users EMAIL_BACKEND = "{{email_backend}}" # use an SMTP server or display the emails in the console (either "smtp" or "console") EMAIL_HOST = "{{system_email.host}}" # SMTP server address -EMAIL_PORT = "{{system_email.smtp_port}}" # default SMTP port +EMAIL_PORT = "{{system_email.port}}" # default SMTP port EMAIL_HOST_USER = "{{system_email.username}}" # user to connect the SMTP server EMAIL_HOST_PASSWORD = "{{system_email.password}}" # SMTP user's password EMAIL_DEFAULT_FROM = "{{system_email.from}}" # default email address for the automated emails diff --git a/roles/systemd-notifier-email/templates/msmtprc.conf.j2 b/roles/systemd-notifier-email/templates/msmtprc.conf.j2 index 99a6b0ef..2e99b087 100644 --- a/roles/systemd-notifier-email/templates/msmtprc.conf.j2 +++ b/roles/systemd-notifier-email/templates/msmtprc.conf.j2 @@ -12,7 +12,7 @@ tls off account system_email host {{system_email.host}} -port {{system_email.smtp_port}} +port {{system_email.port}} from {{system_email.from}} user {{system_email.username}} password {{system_email.password}}