From 2c964cfbee213a0a1f4cc96a552008f9b2ac1826 Mon Sep 17 00:00:00 2001
From: Kevin Veen-Birkenbach <kevin@veen.world>
Date: Fri, 4 Apr 2025 07:35:32 +0200
Subject: [PATCH] Added pgadmin draft and optimized phpadmin

---
 group_vars/all/03_domains.yml                 |  1 +
 group_vars/all/07_applications.yml            | 16 +++++++++
 group_vars/all/09_ports.yml                   |  2 +-
 group_vars/all/10_networks.yml                |  4 +--
 roles/docker-pgadmin/README.md                | 29 ++++++++++++++++
 roles/docker-pgadmin/meta/main.yml            | 25 ++++++++++++++
 roles/docker-pgadmin/tasks/main.yml           | 14 ++++++++
 .../templates/docker-compose.yml.j2           | 19 +++++++++++
 roles/docker-pgadmin/templates/env.j2         |  5 +++
 roles/docker-pgadmin/vars/main.yml            |  3 ++
 roles/docker-phpmyadmin/README.md             | 34 +++++++++++--------
 roles/docker-phpmyadmin/meta/main.yml         | 26 ++++++++++++++
 tasks/server.yml                              |  5 +++
 13 files changed, 166 insertions(+), 17 deletions(-)
 create mode 100644 roles/docker-pgadmin/README.md
 create mode 100644 roles/docker-pgadmin/meta/main.yml
 create mode 100644 roles/docker-pgadmin/tasks/main.yml
 create mode 100644 roles/docker-pgadmin/templates/docker-compose.yml.j2
 create mode 100644 roles/docker-pgadmin/templates/env.j2
 create mode 100644 roles/docker-pgadmin/vars/main.yml
 create mode 100644 roles/docker-phpmyadmin/meta/main.yml

diff --git a/group_vars/all/03_domains.yml b/group_vars/all/03_domains.yml
index d08b43e0..c0dc1729 100644
--- a/group_vars/all/03_domains.yml
+++ b/group_vars/all/03_domains.yml
@@ -33,6 +33,7 @@ defaults_domains:
   peertube:                "video.{{primary_domain}}"
   # ATTENTION: Will be owerwritten by the values in domains. Not merged.
   peertube_alternates:     []
+  pgadmin:                 "pgadmin.{{primary_domain}}"
   phpmyadmin:              "phpmyadmin.{{primary_domain}}"
   pixelfed:                "picture.{{primary_domain}}"
   portfolio:               "{{primary_domain}}"
diff --git a/group_vars/all/07_applications.yml b/group_vars/all/07_applications.yml
index 8359d80b..875af748 100644
--- a/group_vars/all/07_applications.yml
+++ b/group_vars/all/07_applications.yml
@@ -621,6 +621,22 @@ defaults_applications:
     css_enabled:                  "{{css_enabled_default}}"                 # Enables\Disables Global CSS Style
     landingpage_iframe_enabled:   "{{landingpage_iframe_enabled_default}}"  # Enables\Disables the possibility to embed this on landing page via iframe
 
+  ## PgAdmin
+  pgadmin:
+    version:                      "latest"
+    default_email:               "{{ users.administrator.email }}"              # Initial login email address
+    default_password:            "{{ users.administrator.initial_password }}"   # Initial login password – should be overridden in inventory for security
+    oauth2_proxy:
+      enabled:                    true                                           # Enable OAuth2 proxy for authentication
+      application:                "application"
+      port:                       "80"
+#     cookie_secret:              None                                           # Set via: openssl rand -hex 16
+    database:
+      central_storage:            True                                          # Uses central PostgreSQL database
+    matomo_tracking_enabled:      "{{ matomo_tracking_enabled_default }}"       # Enables/Disables Matomo Tracking
+    css_enabled:                  "{{ css_enabled_default }}"                   # Enables/Disables global CSS styling
+    landingpage_iframe_enabled:   "{{ landingpage_iframe_enabled_default }}"    # Enables/Disables embedding via iframe
+
   ## PHPMyAdmin
   phpmyadmin:
     version:                      "latest"
diff --git a/group_vars/all/09_ports.yml b/group_vars/all/09_ports.yml
index 593b467c..8560abc6 100644
--- a/group_vars/all/09_ports.yml
+++ b/group_vars/all/09_ports.yml
@@ -26,7 +26,7 @@ ports:
       roulette-wheel: 8013
       joomla:         8014
       attendize:      8015
-      #matrix:        8016 Not used anymore
+      pgadmin:        8016
       baserow:        8017
       matomo:         8018
       listmonk:       8019
diff --git a/group_vars/all/10_networks.yml b/group_vars/all/10_networks.yml
index 0b6b80c3..13e4e546 100644
--- a/group_vars/all/10_networks.yml
+++ b/group_vars/all/10_networks.yml
@@ -60,8 +60,8 @@ defaults_networks:
       subnet: 192.168.102.112/28
     pixelfed:
       subnet: 192.168.102.128/28
-    # Free :
-    #  subnet: 192.168.102.144/28
+    pgadmin:
+      subnet: 192.168.102.144/28
     snipe_it:
       subnet: 192.168.102.160/28
     taiga:
diff --git a/roles/docker-pgadmin/README.md b/roles/docker-pgadmin/README.md
new file mode 100644
index 00000000..c49cfd79
--- /dev/null
+++ b/roles/docker-pgadmin/README.md
@@ -0,0 +1,29 @@
+# PgAdmin 🐳
+
+## Description
+
+This Ansible role deploys [pgAdmin](https://www.pgadmin.org/) in a secure Docker environment, with optional OAuth2 proxy support. It provides a full-featured web UI to manage PostgreSQL databases, making it ideal for both development and production use.
+
+## Overview
+
+The role provisions a containerized pgAdmin instance using Docker Compose. It allows integration with central PostgreSQL servers, and supports environment-specific settings via Ansible variables.
+
+## Purpose
+
+The purpose of this role is to offer a quick and configurable way to deploy pgAdmin with Docker, while keeping it secure through optional OAuth2 integration. It's built to fit seamlessly into CyMaIS-managed environments.
+
+## Features
+
+- **Docker Compose Integration:** Deploy pgAdmin with a templated Compose file.
+- **OAuth2 Proxy Support:** Add authentication via an external OAuth2 provider.
+- **Central DB Integration:** Easily connect to central PostgreSQL instances.
+- **Customizable Settings:** Adjust container configuration via Ansible variables.
+- **Healthchecks & Networking:** Includes built-in Docker healthchecks and Compose networks.
+
+## Credits 📝
+
+Developed and maintained by **Kevin Veen-Birkenbach**.  
+Learn more at [www.veen.world](https://www.veen.world)
+
+Part of the [CyMaIS Project](https://github.com/kevinveenbirkenbach/cymais)  
+License: [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl)
diff --git a/roles/docker-pgadmin/meta/main.yml b/roles/docker-pgadmin/meta/main.yml
new file mode 100644
index 00000000..5b5764d0
--- /dev/null
+++ b/roles/docker-pgadmin/meta/main.yml
@@ -0,0 +1,25 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "pgAdmin with optional OAuth2 proxy integration."
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: |
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  min_ansible_version: "2.9"
+  platforms:
+    - name: Archlinux
+      versions:
+        - rolling
+  galaxy_tags:
+    - pgadmin
+    - docker
+    - webui
+    - oauth2
+    - postgresql
+  repository: https://s.veen.world/cymais
+  issue_tracker_url: https://s.veen.world/cymaisissues
+  documentation: https://s.veen.world/cymais
+dependencies: []
diff --git a/roles/docker-pgadmin/tasks/main.yml b/roles/docker-pgadmin/tasks/main.yml
new file mode 100644
index 00000000..fb1c833c
--- /dev/null
+++ b/roles/docker-pgadmin/tasks/main.yml
@@ -0,0 +1,14 @@
+---
+- name: "include docker-compose role"
+  include_role:
+    name: docker-compose
+
+- name: "include role nginx-domain-setup for {{application_id}}"
+  include_role:
+    name: nginx-domain-setup
+  vars:
+    domain:     "{{ domains[application_id] }}"
+    http_port:  "{{ ports.localhost.http[application_id] }}"
+
+- name: "copy docker-compose.yml and env file"
+  include_tasks: copy-docker-compose-and-env.yml
\ No newline at end of file
diff --git a/roles/docker-pgadmin/templates/docker-compose.yml.j2 b/roles/docker-pgadmin/templates/docker-compose.yml.j2
new file mode 100644
index 00000000..c5511217
--- /dev/null
+++ b/roles/docker-pgadmin/templates/docker-compose.yml.j2
@@ -0,0 +1,19 @@
+services:
+
+{% include 'roles/docker-oauth2-proxy/templates/container.yml.j2' %}
+
+  application:
+    image: dpage/pgadmin4:{{applications.pgadmin.version}}
+    container_name: pgadmin
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+    ports:
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
+{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
+{% include 'templates/docker/container/networks.yml.j2' %}
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+
+{% include 'templates/docker/compose/networks.yml.j2' %}
\ No newline at end of file
diff --git a/roles/docker-pgadmin/templates/env.j2 b/roles/docker-pgadmin/templates/env.j2
new file mode 100644
index 00000000..c1e116eb
--- /dev/null
+++ b/roles/docker-pgadmin/templates/env.j2
@@ -0,0 +1,5 @@
+# Configuration @see https://hub.docker.com/r/dpage/pgadmin4
+
+PGADMIN_DEFAULT_EMAIL={{ applications.pgadmin.default_email }}
+PGADMIN_DEFAULT_PASSWORD={{ applications.pgadmin.default_password }}
+PGADMIN_DISABLE_POSTFIX=True
\ No newline at end of file
diff --git a/roles/docker-pgadmin/vars/main.yml b/roles/docker-pgadmin/vars/main.yml
new file mode 100644
index 00000000..eaf271b1
--- /dev/null
+++ b/roles/docker-pgadmin/vars/main.yml
@@ -0,0 +1,3 @@
+application_id:       "pgadmin"
+database_type:        "postgresql"
+database_host:        "{{ 'central-' + database_type if applications[application_id].database.central_storage }}"
\ No newline at end of file
diff --git a/roles/docker-phpmyadmin/README.md b/roles/docker-phpmyadmin/README.md
index 987824ed..d58643b6 100644
--- a/roles/docker-phpmyadmin/README.md
+++ b/roles/docker-phpmyadmin/README.md
@@ -1,23 +1,29 @@
-# Docker PhpMyAdmin Role
+# PhpMyAdmin 🐳
 
-Welcome to the **Docker PhpMyAdmin Role**! 🎉 This role simplifies the deployment of PhpMyAdmin in a Docker environment, including optional OAuth2 proxy support for enhanced security.
+## Description
 
-## Features ✨
+This Ansible role deploys [PhpMyAdmin](https://www.phpmyadmin.net/) in a secure Docker environment, complete with optional OAuth2 proxy support. It enables seamless management of MariaDB/MySQL databases via a web-based interface.
 
-- 🚀 **Automated Deployment:** Effortlessly deploy PhpMyAdmin with Docker Compose.
-- 🔐 **OAuth2 Proxy Support:** Secure access with OAuth2 authentication.
-- 🛠️ **Configurable Settings:** Fully customizable via Ansible variables.
-- 🌐 **Support for Central Databases:** Seamlessly integrates with a central MariaDB database.
-- 🐳 **Docker Compose Integration:** Generates `docker-compose.yml` tailored to your environment.
+## Overview
 
-## Learn More 📖
+The role configures and deploys a containerized PhpMyAdmin instance using Docker Compose. It optionally integrates with a central database and uses dynamic Ansible variables to support flexible deployments in both production and homelab environments.
 
-- Official PhpMyAdmin Website: [https://www.phpmyadmin.net/](https://www.phpmyadmin.net/)
+## Purpose
 
-## Contributing 🤝
+The purpose of this role is to provide a reliable, configurable, and secure PhpMyAdmin deployment out-of-the-box. It minimizes the need for manual setup, and integrates smoothly with other CyMaIS infrastructure roles.
 
-Contributions are welcome! Feel free to fork this repository, submit issues, or create pull requests to improve this role.
+## Features
 
----
+- **Docker Compose Integration:** Deploy PhpMyAdmin via a templated Compose setup.
+- **OAuth2 Proxy Support:** Secure your admin interface with modern authentication.
+- **Central DB Integration:** Connects to shared MariaDB instances for multi-role environments.
+- **Custom Configuration:** Leverage Ansible variables to fine-tune your deployment.
+- **Healthchecks & Networking:** Includes Docker healthchecks and network setup logic.
 
-Made with ❤️ by [Kevin Veen-Birkenbach](https://www.veen.world).
\ No newline at end of file
+## Credits 📝
+
+Developed and maintained by **Kevin Veen-Birkenbach**.  
+Learn more at [www.veen.world](https://www.veen.world)
+
+Part of the [CyMaIS Project](https://github.com/kevinveenbirkenbach/cymais)  
+License: [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl)
\ No newline at end of file
diff --git a/roles/docker-phpmyadmin/meta/main.yml b/roles/docker-phpmyadmin/meta/main.yml
new file mode 100644
index 00000000..9f45e4d4
--- /dev/null
+++ b/roles/docker-phpmyadmin/meta/main.yml
@@ -0,0 +1,26 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Dockerized PhpMyAdmin deployment with optional OAuth2 proxy integration."
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: |
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  min_ansible_version: "2.9"
+  platforms:
+    - name: Archlinux
+      versions:
+        - rolling
+  galaxy_tags:
+    - phpmyadmin
+    - docker
+    - webui
+    - oauth2
+    - mariadb
+    - postgresql
+  repository: https://s.veen.world/cymais
+  issue_tracker_url: https://s.veen.world/cymaisissues
+  documentation: https://s.veen.world/cymais
+dependencies: []
diff --git a/tasks/server.yml b/tasks/server.yml
index b94675c8..27e08950 100644
--- a/tasks/server.yml
+++ b/tasks/server.yml
@@ -196,6 +196,11 @@
   include_role:
     name: docker-sphinx
 
+- name: setup pgadmin
+  when: ("pgadmin" in group_names)
+  include_role:
+    name: docker-pgadmin
+
 # Native Webserver Roles
 - name: setup nginx-serve-htmls
   when: ("nginx-serve-htmls" in group_names)