Solved multiple bugs like networking, variables etc. which occured on veen.world server

2025-02-22 12:29:39 +01:00 · 2025-02-20 15:09:36 +01:00 · 2025-02-20 15:09:36 +01:00 · 2f76ba32ec
commit 2f76ba32ec
parent 19aa38ac5d
13 changed files with 92 additions and 64 deletions
--- a/group_vars/all/07_applications.yml
+++ b/group_vars/all/07_applications.yml
@ -114,14 +114,17 @@ defaults_applications:
    setup:                            false                                     # Set true in inventory file to execute the setup and initializing procedures
  mailu:
    version:                          "2024.06"                                 # Docker Image Version
    setup:                            false                                     # Set true in inventory file to execute the setup and initializing procedures
    oidc:
      enabled:                        true                                      # Activate OIDC for Mailu
    domain:                           "{{primary_domain}}"                      # The main domain from which mails will be send \ email suffix behind @
    # I don't know why the database deactivation is necessary
    enable_central_database:          False                                     # Deactivate central database for mailu
-#    secret_key:                                                                # Needs to be set in inventory file
+    credentials:                                     
-#    database_password:                                                         # Needs to be set in inventory file
+#     secret_key:                                                               # Needs to be set in inventory file
-#    api_token:                                                                 # Needs to be set in inventory file
+#     database_password:                                                        # Needs to be set in inventory file
 #     api_token:                                                                # Needs to be set in inventory file
  ## MariaDB
  mariadb:
@ -143,21 +146,19 @@ defaults_applications:
    single_user_mode:                 false                         # Set true for initial setup
    setup:                            false                         # Set true in inventory file to execute the setup and initializing procedures
    oidc:
-      enabled:               true                                   # Activate OIDC for Mailu
+        enabled:                        true                          # Activate OIDC for Mastodon
-#
+    credentials:
 # Check out the README.md of the docker-mastodon role to get detailled instructions about how to setup the credentials
-#
+#     database_password:                              
-#    credentials:
+#     secret_key_base:                                
-#      database_password:                              
+#     otp_secret:                                     
-#      secret_key_base:                                
+#     vapid:
-#      otp_secret:                                     
+#       private_key:                                  
-#      vapid:
+#       public_key:                                   
-#        private_key:                                  
+#     active_record_encryption:
-#        public_key:                                   
+#       deterministic_key:                            
-#      active_record_encryption:
+#       key_derivation_salt:                          
-#        deterministic_key:                            
+#       primary_key:                                  
 #        key_derivation_salt:                          
 #        primary_key:                                  
  ## Matrix
  matrix:
@ -171,12 +172,6 @@ defaults_applications:
      version:                        "latest"
    setup:                            false                         # Set true in inventory file to execute the setup and initializing procedures
  ## Mailu
  mailu:
    version:                          "2024.06"
    domain:                           "{{primary_domain}}"
    setup:                            false                         # Set true in inventory file to execute the setup and initializing procedures
  ## Moodle
  moodle:
    site_titel:                       "Global Learning Academy on {{primary_domain}}"
--- a/group_vars/all/10_networks.yml
+++ b/group_vars/all/10_networks.yml
@ -6,6 +6,8 @@ defaults_networks:
    # The default docker subnetworking does lead to overlapping and to huge networks.
    # Due to this reason networks with 16 ips are created.
    # This should be sufficient for the most cases
    # /28 Networks, 14 Usable Ip Addresses
    akaunting:
      subnet: 192.168.101.0/28
    attendize:
@ -32,8 +34,8 @@ defaults_networks:
      subnet: 192.168.101.176/28
    listmonk:
      subnet: 192.168.101.192/28
-    mariadb:
+    # Free:
-      subnet: 192.168.101.208/28
+    #  subnet: 192.168.101.208/28
    matomo:
      subnet: 192.168.101.224/28
    mastodon:
@ -58,8 +60,8 @@ defaults_networks:
      subnet: 192.168.102.112/28
    pixelfed:
      subnet: 192.168.102.128/28
-    postgres:
+    # Free :
-      subnet: 192.168.102.144/28
+    #  subnet: 192.168.102.144/28
    snipe_it:
      subnet: 192.168.102.160/28
    taiga:
@ -68,7 +70,14 @@ defaults_networks:
      subnet: 192.168.102.192/28
    discourse:
      subnet: 192.168.102.208/28
    # /24 Networks / 254 Usable Clients
    bigbluebutton:
-      subnet: 10.7.7.0/24 # This variable does not have an impact. It's just there for documentation reasons.
+      subnet: 10.7.7.0/24 # This variable does not have an impact. It's just there for documentation reasons, because this network is used in bbb
    postgres:
      subnet: 192.168.200.0/24
    mariadb:
      subnet: 192.168.201.0/24
    central_ldap:
      subnet: 192.168.202.0/24
--- a/roles/docker-central-database/tasks/main.yml
+++ b/roles/docker-central-database/tasks/main.yml
@ -18,5 +18,5 @@
 - name: create central database
  include_role:
-    name: docker-{{database_type}}
+    name: "docker-{{database_type}}"
  when: enable_central_database | bool
--- a/roles/docker-keycloak/templates/import/realm.json.j2
+++ b/roles/docker-keycloak/templates/import/realm.json.j2
@ -834,19 +834,17 @@
      "clientAuthenticatorType": "client-secret",
      "secret": "{{oidc.client.secret}}",
      "redirectUris": [
        {%- set redirect_uris = [] -%}
        {%- for application, domain in domains.items() -%}
          {%- if applications[application_id] is defined and applications | get_oauth2_enabled(application_id) -%}
            {%- if domain is string -%}
-              {%- set _ = redirect_uris.append("https://" ~ domain ~ "/*") -%}
+                "https://" {{ domain }} "/*",
            {%- else -%}
              {%- for d in domain -%}
-                {%- set _ = redirect_uris.append("https://" ~ domain ~ "/*") -%}
+                "https://" {{ domain }} "/*",
              {%- endfor -%}
            {%- endif -%}
          {%- endif -%}
        {%- endfor -%}
        {{ redirect_uris | map('tojson') | join(",\n") }}
      ],
      "webOrigins": [
--- a/roles/docker-ldap/tasks/main.yml
+++ b/roles/docker-ldap/tasks/main.yml
@ -24,6 +24,8 @@
  docker_network:
    name: central_ldap
    state: present
    ipam_config:
      - subnet: "{{ networks.local.central_ldap.subnet }}"
 - name: "copy docker-compose.yml and env file"
  include_tasks: copy-docker-compose-and-env.yml
--- a/roles/docker-mailu/templates/env.j2
+++ b/roles/docker-mailu/templates/env.j2
@ -12,7 +12,7 @@
 LD_PRELOAD=/usr/lib/libhardened_malloc.so 
 # Set to a randomly generated 16 bytes string
-SECRET_KEY={{applications.mailu.secret_key}}
+SECRET_KEY={{applications.mailu.credentials.secret_key}}
 # Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
 SUBNET={{networks.local.mailu.subnet}}
@ -145,7 +145,7 @@ LOG_LEVEL=WARNING
 SQLALCHEMY_DATABASE_URI_ROUNDCUBE=mysql://{{database_username}}:{{database_password}}@{{database_host}}/{{database_name}}?collation=utf8mb4_unicode_ci
 SQLALCHEMY_DATABASE_URI=mysql+mysqlconnector://{{database_username}}:{{database_password}}@{{database_host}}/{{database_name}}?collation=utf8mb4_unicode_ci
-API_TOKEN={{applications.mailu.api_token}}
+API_TOKEN={{applications.mailu.credentials.api_token}}
 # Activated https://mailu.io/master/configuration.html#advanced-settings
 AUTH_REQUIRE_TOKENS=True
--- a/roles/docker-mailu/vars/main.yml
+++ b/roles/docker-mailu/vars/main.yml
@ -1,5 +1,5 @@
 application_id:               "mailu"
-database_password:  	        "{{applications.mailu.database_password}}"
+database_password:  	        "{{applications.mailu.credentials.database_password}}"
 database_type:                "mariadb"
 cert_mount_directory:         "{{docker_compose.directories.volumes}}certs/"
 enable_wildcard_certificate:  false
--- a/roles/docker-mariadb/tasks/main.yml
+++ b/roles/docker-mariadb/tasks/main.yml
@ -2,6 +2,8 @@
  docker_network:
    name: central_mariadb
    state: present
    ipam_config:
      - subnet: "{{ networks.local.mariadb.subnet }}"
  when: run_once_docker_mariadb is not defined
 - name: install MariaDB
--- a/roles/docker-postgres/README.md
+++ b/roles/docker-postgres/README.md
@ -31,4 +31,6 @@ docker exec -it central-postgres psql -U postgres
 ## Notes
 - The PostgreSQL server is bound to `127.0.0.1:5432` on the host machine, making it accessible only from localhost.
- Ensure that the provided passwords are secure and stored securely, preferably using Ansible Vault or another encryption method.
+
 ## Author
 This role was created by [Kevin Veen-Birkenbach](https://www.veen.world).
--- a/roles/docker-postgres/tasks/main.yml
+++ b/roles/docker-postgres/tasks/main.yml
@ -2,6 +2,8 @@
  docker_network:
    name: central_postgres
    state: present
    ipam_config:
      - subnet: "{{ networks.local.postgres.subnet }}"
  when: run_once_docker_postgres is not defined
 - name: Install PostgreSQL
--- a/roles/user/tasks/main.yml
+++ b/roles/user/tasks/main.yml
@ -1,6 +1,6 @@
 - name: create .bashrc
  template:
    src: "bashrc.j2"
-    dest: "/home/{{user_name}}/.bashrc"
+    dest: "{{ '/root/.bashrc' if user_name == 'root' else '/home/' ~ user_name ~ '/.bashrc' }}"
    owner: "{{user_name}}"
    group: "{{user_name}}"
--- a/roles/user/templates/bashrc.j2
+++ b/roles/user/templates/bashrc.j2
@ -1,10 +1,6 @@
  GNU nano 8.3                                                                                                                                                                              .bashrc                                                                                                                                                                                         
 #!/bin/bash
-# If not running interactively, don't do anything
+# Set color variables for the welcome text based on the current user
 [[ $- != *i* ]] && return
 # Set color variables based on the current user
 if [ "$USER" = "root" ]; then
    HEADER_COLOR="\033[1;31m"      # Bold red for root
 elif [ "$USER" = "administrator" ]; then
@ -14,8 +10,12 @@ else
 fi
 RESET_COLOR="\033[0m"
-# Welcome message
+# Color code for the hostname (set to green, bold, underlined, and blinking)
-echo -e "${HEADER_COLOR}Welcome, $USER on $HOSTNAME!${RESET_COLOR}"
+HOSTNAME_COLOR="\[\033[1;4;5;32m\]"
 # Print welcome message
 echo -e "${HEADER_COLOR}Welcome, $USER on ${HOSTNAME_COLOR}$HOSTNAME!${RESET_COLOR}"
 echo ""
 echo -e "${HEADER_COLOR}Today is $(date +"%A, %d.%m.%Y %T")${RESET_COLOR}"
 echo ""
@ -44,16 +44,23 @@ echo -e "${HEADER_COLOR}Top 5 Processes by CPU Usage:${RESET_COLOR}"
 ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%cpu | head -n 6
 echo ""
 # Set aliases for colored output for ls and grep
 alias ls='ls --color=auto'
 alias grep='grep --color=auto'
-PS1="\$(if [ \"\$USER\" = \"administrator\" ]; then \
+
-    echo \"\[\033[4;38;5;208m\]$USER\"; \
+# --- Prompt Configuration ---
-  elif [ \"\$USER\" = \"root\" ]; then \
+
-    echo \"\[\033[4;5;1;31m\]$USER\"; \
+# Define color codes for the username in the prompt based on the current user
-  else \
+if [ "$USER" = "root" ]; then
-    echo \"\[\033[4;33m\]\$USER\"; \
+    PROMPT_USER_COLOR="\[\033[4;5;1;31m\]"        # Underlined, bold red for root
-  fi)@\$(if [ \"\$USER\" = \"root\" ]; then \
+elif [ "$USER" = "administrator" ]; then
-    echo \"\[\033[1;4;5;32m\]\h\"; \
+    PROMPT_USER_COLOR="\[\033[4;38;5;208m\]"      # Underlined, bold orange for administrator
-  else \
+else
-    echo \"\[\033[1;4;32m\]\h\"; \
+    PROMPT_USER_COLOR="\[\033[33m\]"              # yellow for other users
-  fi) \[\033[90m\]\$(date +%H:%M:%S)\[\033[0m\]:\[\033[38;5;13m\]\w \[\033[0m\]\$ "
+fi
 # Reset code for the prompt (must be wrapped in \[ \])
 PROMPT_RESET="\[\033[0m\]"
 # Configure PS1: username, hostname in green, time and current directory
 PS1="${PROMPT_USER_COLOR}\u${PROMPT_RESET}@${HOSTNAME_COLOR}\h${PROMPT_RESET} \[\033[90m\]\$(date +%H:%M:%S)\[\033[0m\]:\[\033[38;5;13m\]\w ${PROMPT_RESET}\$ "
--- a/tasks/copy-docker-compose-and-env.yml
+++ b/tasks/copy-docker-compose-and-env.yml
@ -1,13 +1,24 @@
- name: "create {{docker_compose.files.docker_compose}}"
+- name: "create {{ docker_compose.files.docker_compose }}"
  template:
-    src:	"docker-compose.yml.j2"
+    src: "docker-compose.yml.j2"
-    dest:	"{{docker_compose.files.docker_compose}}"
+    dest: "{{ docker_compose.files.docker_compose }}"
  notify: docker compose project setup
  register: docker_compose_template
- name: "create {{docker_compose.files.env}}"
+- name: "create {{ docker_compose.files.env }}"
  template:
-    src:  "env.j2" 
+    src: "env.j2"
-    dest: "{{docker_compose.files.env}}"
+    dest: "{{ docker_compose.files.env }}"
    mode: '770'
    force: yes
  notify: docker compose project setup
  register: env_template
 - name: Check if docker compose has any running container and trigger setup if needed
  command: docker compose ps -q --filter status=running
  args:
    chdir: "{{ docker_compose.directories.instance }}"
  register: docker_ps
  changed_when: (docker_ps.stdout | trim) == ""
  notify: docker compose project setup
  when: not (docker_compose_template.changed or env_template.changed)