diff --git a/group_vars/all/07_applications.yml b/group_vars/all/07_applications.yml index 20a1274b..d72929f3 100644 --- a/group_vars/all/07_applications.yml +++ b/group_vars/all/07_applications.yml @@ -114,14 +114,17 @@ defaults_applications: setup: false # Set true in inventory file to execute the setup and initializing procedures mailu: + version: "2024.06" # Docker Image Version + setup: false # Set true in inventory file to execute the setup and initializing procedures oidc: enabled: true # Activate OIDC for Mailu domain: "{{primary_domain}}" # The main domain from which mails will be send \ email suffix behind @ # I don't know why the database deactivation is necessary enable_central_database: False # Deactivate central database for mailu -# secret_key: # Needs to be set in inventory file -# database_password: # Needs to be set in inventory file -# api_token: # Needs to be set in inventory file + credentials: +# secret_key: # Needs to be set in inventory file +# database_password: # Needs to be set in inventory file +# api_token: # Needs to be set in inventory file ## MariaDB mariadb: @@ -143,21 +146,19 @@ defaults_applications: single_user_mode: false # Set true for initial setup setup: false # Set true in inventory file to execute the setup and initializing procedures oidc: - enabled: true # Activate OIDC for Mailu -# + enabled: true # Activate OIDC for Mastodon + credentials: # Check out the README.md of the docker-mastodon role to get detailled instructions about how to setup the credentials -# -# credentials: -# database_password: -# secret_key_base: -# otp_secret: -# vapid: -# private_key: -# public_key: -# active_record_encryption: -# deterministic_key: -# key_derivation_salt: -# primary_key: +# database_password: +# secret_key_base: +# otp_secret: +# vapid: +# private_key: +# public_key: +# active_record_encryption: +# deterministic_key: +# key_derivation_salt: +# primary_key: ## Matrix matrix: @@ -171,12 +172,6 @@ defaults_applications: version: "latest" setup: false # Set true in inventory file to execute the setup and initializing procedures - ## Mailu - mailu: - version: "2024.06" - domain: "{{primary_domain}}" - setup: false # Set true in inventory file to execute the setup and initializing procedures - ## Moodle moodle: site_titel: "Global Learning Academy on {{primary_domain}}" diff --git a/group_vars/all/10_networks.yml b/group_vars/all/10_networks.yml index 129b8b04..33b644e0 100644 --- a/group_vars/all/10_networks.yml +++ b/group_vars/all/10_networks.yml @@ -6,6 +6,8 @@ defaults_networks: # The default docker subnetworking does lead to overlapping and to huge networks. # Due to this reason networks with 16 ips are created. # This should be sufficient for the most cases + + # /28 Networks, 14 Usable Ip Addresses akaunting: subnet: 192.168.101.0/28 attendize: @@ -32,8 +34,8 @@ defaults_networks: subnet: 192.168.101.176/28 listmonk: subnet: 192.168.101.192/28 - mariadb: - subnet: 192.168.101.208/28 + # Free: + # subnet: 192.168.101.208/28 matomo: subnet: 192.168.101.224/28 mastodon: @@ -58,8 +60,8 @@ defaults_networks: subnet: 192.168.102.112/28 pixelfed: subnet: 192.168.102.128/28 - postgres: - subnet: 192.168.102.144/28 + # Free : + # subnet: 192.168.102.144/28 snipe_it: subnet: 192.168.102.160/28 taiga: @@ -68,7 +70,14 @@ defaults_networks: subnet: 192.168.102.192/28 discourse: subnet: 192.168.102.208/28 + # /24 Networks / 254 Usable Clients bigbluebutton: - subnet: 10.7.7.0/24 # This variable does not have an impact. It's just there for documentation reasons. + subnet: 10.7.7.0/24 # This variable does not have an impact. It's just there for documentation reasons, because this network is used in bbb + postgres: + subnet: 192.168.200.0/24 + mariadb: + subnet: 192.168.201.0/24 + central_ldap: + subnet: 192.168.202.0/24 \ No newline at end of file diff --git a/roles/docker-central-database/tasks/main.yml b/roles/docker-central-database/tasks/main.yml index 015a5d36..234e3bcf 100644 --- a/roles/docker-central-database/tasks/main.yml +++ b/roles/docker-central-database/tasks/main.yml @@ -18,5 +18,5 @@ - name: create central database include_role: - name: docker-{{database_type}} + name: "docker-{{database_type}}" when: enable_central_database | bool \ No newline at end of file diff --git a/roles/docker-keycloak/templates/import/realm.json.j2 b/roles/docker-keycloak/templates/import/realm.json.j2 index d81fe9c2..2f09a6c6 100644 --- a/roles/docker-keycloak/templates/import/realm.json.j2 +++ b/roles/docker-keycloak/templates/import/realm.json.j2 @@ -834,19 +834,17 @@ "clientAuthenticatorType": "client-secret", "secret": "{{oidc.client.secret}}", "redirectUris": [ - {%- set redirect_uris = [] -%} {%- for application, domain in domains.items() -%} {%- if applications[application_id] is defined and applications | get_oauth2_enabled(application_id) -%} {%- if domain is string -%} - {%- set _ = redirect_uris.append("https://" ~ domain ~ "/*") -%} + "https://" {{ domain }} "/*", {%- else -%} {%- for d in domain -%} - {%- set _ = redirect_uris.append("https://" ~ domain ~ "/*") -%} + "https://" {{ domain }} "/*", {%- endfor -%} {%- endif -%} {%- endif -%} {%- endfor -%} - {{ redirect_uris | map('tojson') | join(",\n") }} ], "webOrigins": [ diff --git a/roles/docker-ldap/tasks/main.yml b/roles/docker-ldap/tasks/main.yml index 61b35148..62ee9cd1 100644 --- a/roles/docker-ldap/tasks/main.yml +++ b/roles/docker-ldap/tasks/main.yml @@ -24,6 +24,8 @@ docker_network: name: central_ldap state: present + ipam_config: + - subnet: "{{ networks.local.central_ldap.subnet }}" - name: "copy docker-compose.yml and env file" include_tasks: copy-docker-compose-and-env.yml diff --git a/roles/docker-mailu/templates/env.j2 b/roles/docker-mailu/templates/env.j2 index 9bf1e517..f4438176 100644 --- a/roles/docker-mailu/templates/env.j2 +++ b/roles/docker-mailu/templates/env.j2 @@ -12,7 +12,7 @@ LD_PRELOAD=/usr/lib/libhardened_malloc.so # Set to a randomly generated 16 bytes string -SECRET_KEY={{applications.mailu.secret_key}} +SECRET_KEY={{applications.mailu.credentials.secret_key}} # Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!) SUBNET={{networks.local.mailu.subnet}} @@ -145,7 +145,7 @@ LOG_LEVEL=WARNING SQLALCHEMY_DATABASE_URI_ROUNDCUBE=mysql://{{database_username}}:{{database_password}}@{{database_host}}/{{database_name}}?collation=utf8mb4_unicode_ci SQLALCHEMY_DATABASE_URI=mysql+mysqlconnector://{{database_username}}:{{database_password}}@{{database_host}}/{{database_name}}?collation=utf8mb4_unicode_ci -API_TOKEN={{applications.mailu.api_token}} +API_TOKEN={{applications.mailu.credentials.api_token}} # Activated https://mailu.io/master/configuration.html#advanced-settings AUTH_REQUIRE_TOKENS=True diff --git a/roles/docker-mailu/vars/main.yml b/roles/docker-mailu/vars/main.yml index e1c105e6..474c8856 100644 --- a/roles/docker-mailu/vars/main.yml +++ b/roles/docker-mailu/vars/main.yml @@ -1,5 +1,5 @@ application_id: "mailu" -database_password: "{{applications.mailu.database_password}}" +database_password: "{{applications.mailu.credentials.database_password}}" database_type: "mariadb" cert_mount_directory: "{{docker_compose.directories.volumes}}certs/" enable_wildcard_certificate: false diff --git a/roles/docker-mariadb/tasks/main.yml b/roles/docker-mariadb/tasks/main.yml index 9da12252..464788c7 100644 --- a/roles/docker-mariadb/tasks/main.yml +++ b/roles/docker-mariadb/tasks/main.yml @@ -2,6 +2,8 @@ docker_network: name: central_mariadb state: present + ipam_config: + - subnet: "{{ networks.local.mariadb.subnet }}" when: run_once_docker_mariadb is not defined - name: install MariaDB diff --git a/roles/docker-postgres/README.md b/roles/docker-postgres/README.md index 2d6b6a63..a10ce8a8 100644 --- a/roles/docker-postgres/README.md +++ b/roles/docker-postgres/README.md @@ -31,4 +31,6 @@ docker exec -it central-postgres psql -U postgres ## Notes - The PostgreSQL server is bound to `127.0.0.1:5432` on the host machine, making it accessible only from localhost. -- Ensure that the provided passwords are secure and stored securely, preferably using Ansible Vault or another encryption method. \ No newline at end of file + +## Author +This role was created by [Kevin Veen-Birkenbach](https://www.veen.world). \ No newline at end of file diff --git a/roles/docker-postgres/tasks/main.yml b/roles/docker-postgres/tasks/main.yml index 05010090..8ab3d87a 100644 --- a/roles/docker-postgres/tasks/main.yml +++ b/roles/docker-postgres/tasks/main.yml @@ -2,6 +2,8 @@ docker_network: name: central_postgres state: present + ipam_config: + - subnet: "{{ networks.local.postgres.subnet }}" when: run_once_docker_postgres is not defined - name: Install PostgreSQL diff --git a/roles/user/tasks/main.yml b/roles/user/tasks/main.yml index c899538d..75698c34 100644 --- a/roles/user/tasks/main.yml +++ b/roles/user/tasks/main.yml @@ -1,6 +1,6 @@ - name: create .bashrc template: src: "bashrc.j2" - dest: "/home/{{user_name}}/.bashrc" + dest: "{{ '/root/.bashrc' if user_name == 'root' else '/home/' ~ user_name ~ '/.bashrc' }}" owner: "{{user_name}}" group: "{{user_name}}" \ No newline at end of file diff --git a/roles/user/templates/bashrc.j2 b/roles/user/templates/bashrc.j2 index 7c32d25e..5ca8e2fd 100644 --- a/roles/user/templates/bashrc.j2 +++ b/roles/user/templates/bashrc.j2 @@ -1,10 +1,6 @@ - GNU nano 8.3 .bashrc #!/bin/bash -# If not running interactively, don't do anything -[[ $- != *i* ]] && return - -# Set color variables based on the current user +# Set color variables for the welcome text based on the current user if [ "$USER" = "root" ]; then HEADER_COLOR="\033[1;31m" # Bold red for root elif [ "$USER" = "administrator" ]; then @@ -14,8 +10,12 @@ else fi RESET_COLOR="\033[0m" -# Welcome message -echo -e "${HEADER_COLOR}Welcome, $USER on $HOSTNAME!${RESET_COLOR}" +# Color code for the hostname (set to green, bold, underlined, and blinking) +HOSTNAME_COLOR="\[\033[1;4;5;32m\]" + +# Print welcome message +echo -e "${HEADER_COLOR}Welcome, $USER on ${HOSTNAME_COLOR}$HOSTNAME!${RESET_COLOR}" +echo "" echo -e "${HEADER_COLOR}Today is $(date +"%A, %d.%m.%Y %T")${RESET_COLOR}" echo "" @@ -44,16 +44,23 @@ echo -e "${HEADER_COLOR}Top 5 Processes by CPU Usage:${RESET_COLOR}" ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%cpu | head -n 6 echo "" +# Set aliases for colored output for ls and grep alias ls='ls --color=auto' alias grep='grep --color=auto' -PS1="\$(if [ \"\$USER\" = \"administrator\" ]; then \ - echo \"\[\033[4;38;5;208m\]$USER\"; \ - elif [ \"\$USER\" = \"root\" ]; then \ - echo \"\[\033[4;5;1;31m\]$USER\"; \ - else \ - echo \"\[\033[4;33m\]\$USER\"; \ - fi)@\$(if [ \"\$USER\" = \"root\" ]; then \ - echo \"\[\033[1;4;5;32m\]\h\"; \ - else \ - echo \"\[\033[1;4;32m\]\h\"; \ - fi) \[\033[90m\]\$(date +%H:%M:%S)\[\033[0m\]:\[\033[38;5;13m\]\w \[\033[0m\]\$ " \ No newline at end of file + +# --- Prompt Configuration --- + +# Define color codes for the username in the prompt based on the current user +if [ "$USER" = "root" ]; then + PROMPT_USER_COLOR="\[\033[4;5;1;31m\]" # Underlined, bold red for root +elif [ "$USER" = "administrator" ]; then + PROMPT_USER_COLOR="\[\033[4;38;5;208m\]" # Underlined, bold orange for administrator +else + PROMPT_USER_COLOR="\[\033[33m\]" # yellow for other users +fi + +# Reset code for the prompt (must be wrapped in \[ \]) +PROMPT_RESET="\[\033[0m\]" + +# Configure PS1: username, hostname in green, time and current directory +PS1="${PROMPT_USER_COLOR}\u${PROMPT_RESET}@${HOSTNAME_COLOR}\h${PROMPT_RESET} \[\033[90m\]\$(date +%H:%M:%S)\[\033[0m\]:\[\033[38;5;13m\]\w ${PROMPT_RESET}\$ " diff --git a/tasks/copy-docker-compose-and-env.yml b/tasks/copy-docker-compose-and-env.yml index a5a50d1f..e8ac5620 100644 --- a/tasks/copy-docker-compose-and-env.yml +++ b/tasks/copy-docker-compose-and-env.yml @@ -1,13 +1,24 @@ -- name: "create {{docker_compose.files.docker_compose}}" +- name: "create {{ docker_compose.files.docker_compose }}" template: - src: "docker-compose.yml.j2" - dest: "{{docker_compose.files.docker_compose}}" + src: "docker-compose.yml.j2" + dest: "{{ docker_compose.files.docker_compose }}" notify: docker compose project setup + register: docker_compose_template -- name: "create {{docker_compose.files.env}}" - template: - src: "env.j2" - dest: "{{docker_compose.files.env}}" +- name: "create {{ docker_compose.files.env }}" + template: + src: "env.j2" + dest: "{{ docker_compose.files.env }}" mode: '770' force: yes - notify: docker compose project setup \ No newline at end of file + notify: docker compose project setup + register: env_template + +- name: Check if docker compose has any running container and trigger setup if needed + command: docker compose ps -q --filter status=running + args: + chdir: "{{ docker_compose.directories.instance }}" + register: docker_ps + changed_when: (docker_ps.stdout | trim) == "" + notify: docker compose project setup + when: not (docker_compose_template.changed or env_template.changed)