kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-02-22 04:29:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

Solved multiple bugs like networking, variables etc. which occured on veen.world server

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-02-20 15:09:36 +01:00
parent 19aa38ac5d
commit 2f76ba32ec
13 changed files with 92 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
group_vars/all/07_applications.yml
View File

@ -114,11 +114,14 @@ defaults_applications:
setup: false # Set true in inventory file to execute the setup and initializing procedures
mailu:
version: "2024.06" # Docker Image Version
setup: false # Set true in inventory file to execute the setup and initializing procedures
oidc:
enabled: true # Activate OIDC for Mailu
domain: "{{primary_domain}}" # The main domain from which mails will be send \ email suffix behind @
# I don't know why the database deactivation is necessary
enable_central_database: False # Deactivate central database for mailu
credentials:
# secret_key: # Needs to be set in inventory file
# database_password: # Needs to be set in inventory file
# api_token: # Needs to be set in inventory file
@ -143,11 +146,9 @@ defaults_applications:
single_user_mode: false # Set true for initial setup
setup: false # Set true in inventory file to execute the setup and initializing procedures
oidc:
enabled: true # Activate OIDC for Mailu
#
enabled: true # Activate OIDC for Mastodon
credentials:
# Check out the README.md of the docker-mastodon role to get detailled instructions about how to setup the credentials
#
# credentials:
# database_password:
# secret_key_base:
# otp_secret:
@ -171,12 +172,6 @@ defaults_applications:
version: "latest"
setup: false # Set true in inventory file to execute the setup and initializing procedures
## Mailu
mailu:
version: "2024.06"
domain: "{{primary_domain}}"
setup: false # Set true in inventory file to execute the setup and initializing procedures
## Moodle
moodle:
site_titel: "Global Learning Academy on {{primary_domain}}"

19
group_vars/all/10_networks.yml
View File

@ -6,6 +6,8 @@ defaults_networks:
# The default docker subnetworking does lead to overlapping and to huge networks.
# Due to this reason networks with 16 ips are created.
# This should be sufficient for the most cases
# /28 Networks, 14 Usable Ip Addresses
akaunting:
subnet: 192.168.101.0/28
attendize:
@ -32,8 +34,8 @@ defaults_networks:
subnet: 192.168.101.176/28
listmonk:
subnet: 192.168.101.192/28
mariadb:
subnet: 192.168.101.208/28
# Free:
# subnet: 192.168.101.208/28
matomo:
subnet: 192.168.101.224/28
mastodon:
@ -58,8 +60,8 @@ defaults_networks:
subnet: 192.168.102.112/28
pixelfed:
subnet: 192.168.102.128/28
postgres:
subnet: 192.168.102.144/28
# Free :
# subnet: 192.168.102.144/28
snipe_it:
subnet: 192.168.102.160/28
taiga:
@ -68,7 +70,14 @@ defaults_networks:
subnet: 192.168.102.192/28
discourse:
subnet: 192.168.102.208/28
# /24 Networks / 254 Usable Clients
bigbluebutton:
subnet: 10.7.7.0/24 # This variable does not have an impact. It's just there for documentation reasons.
subnet: 10.7.7.0/24 # This variable does not have an impact. It's just there for documentation reasons, because this network is used in bbb
postgres:
subnet: 192.168.200.0/24
mariadb:
subnet: 192.168.201.0/24
central_ldap:
subnet: 192.168.202.0/24

2
roles/docker-central-database/tasks/main.yml
View File

@ -18,5 +18,5 @@
- name: create central database
include_role:
name: docker-{{database_type}}
name: "docker-{{database_type}}"
when: enable_central_database | bool

6
roles/docker-keycloak/templates/import/realm.json.j2
View File

@ -834,19 +834,17 @@
"clientAuthenticatorType": "client-secret",
"secret": "{{oidc.client.secret}}",
"redirectUris": [
{%- set redirect_uris = [] -%}
{%- for application, domain in domains.items() -%}
{%- if applications[application_id] is defined and applications | get_oauth2_enabled(application_id) -%}
{%- if domain is string -%}
{%- set _ = redirect_uris.append("https://" ~ domain ~ "/*") -%}
"https://" {{ domain }} "/*",
{%- else -%}
{%- for d in domain -%}
{%- set _ = redirect_uris.append("https://" ~ domain ~ "/*") -%}
"https://" {{ domain }} "/*",
{%- endfor -%}
{%- endif -%}
{%- endif -%}
{%- endfor -%}
{{ redirect_uris | map('tojson') | join(",\n") }}
],
"webOrigins": [

2
roles/docker-ldap/tasks/main.yml
View File

@ -24,6 +24,8 @@
docker_network:
name: central_ldap
state: present
ipam_config:
- subnet: "{{ networks.local.central_ldap.subnet }}"
- name: "copy docker-compose.yml and env file"
include_tasks: copy-docker-compose-and-env.yml

4
roles/docker-mailu/templates/env.j2
View File

@ -12,7 +12,7 @@
LD_PRELOAD=/usr/lib/libhardened_malloc.so
# Set to a randomly generated 16 bytes string
SECRET_KEY={{applications.mailu.secret_key}}
SECRET_KEY={{applications.mailu.credentials.secret_key}}
# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
SUBNET={{networks.local.mailu.subnet}}
@ -145,7 +145,7 @@ LOG_LEVEL=WARNING
SQLALCHEMY_DATABASE_URI_ROUNDCUBE=mysql://{{database_username}}:{{database_password}}@{{database_host}}/{{database_name}}?collation=utf8mb4_unicode_ci
SQLALCHEMY_DATABASE_URI=mysql+mysqlconnector://{{database_username}}:{{database_password}}@{{database_host}}/{{database_name}}?collation=utf8mb4_unicode_ci
API_TOKEN={{applications.mailu.api_token}}
API_TOKEN={{applications.mailu.credentials.api_token}}
# Activated https://mailu.io/master/configuration.html#advanced-settings
AUTH_REQUIRE_TOKENS=True

2
roles/docker-mailu/vars/main.yml
View File

@ -1,5 +1,5 @@
application_id: "mailu"
database_password: "{{applications.mailu.database_password}}"
database_password: "{{applications.mailu.credentials.database_password}}"
database_type: "mariadb"
cert_mount_directory: "{{docker_compose.directories.volumes}}certs/"
enable_wildcard_certificate: false

2
roles/docker-mariadb/tasks/main.yml
View File

@ -2,6 +2,8 @@
docker_network:
name: central_mariadb
state: present
ipam_config:
- subnet: "{{ networks.local.mariadb.subnet }}"
when: run_once_docker_mariadb is not defined
- name: install MariaDB

4
roles/docker-postgres/README.md
View File

@ -31,4 +31,6 @@ docker exec -it central-postgres psql -U postgres
## Notes
- The PostgreSQL server is bound to `127.0.0.1:5432` on the host machine, making it accessible only from localhost.
- Ensure that the provided passwords are secure and stored securely, preferably using Ansible Vault or another encryption method.
## Author
This role was created by [Kevin Veen-Birkenbach](https://www.veen.world).

2
roles/docker-postgres/tasks/main.yml
View File

@ -2,6 +2,8 @@
docker_network:
name: central_postgres
state: present
ipam_config:
- subnet: "{{ networks.local.postgres.subnet }}"
when: run_once_docker_postgres is not defined
- name: Install PostgreSQL

2
roles/user/tasks/main.yml
View File

@ -1,6 +1,6 @@
- name: create .bashrc
template:
src: "bashrc.j2"
dest: "/home/{{user_name}}/.bashrc"
dest: "{{ '/root/.bashrc' if user_name == 'root' else '/home/' ~ user_name ~ '/.bashrc' }}"
owner: "{{user_name}}"
group: "{{user_name}}"

43
roles/user/templates/bashrc.j2
View File

@ -1,10 +1,6 @@
GNU nano 8.3 .bashrc
#!/bin/bash
# If not running interactively, don't do anything
[[ $- != *i* ]] && return
# Set color variables based on the current user
# Set color variables for the welcome text based on the current user
if [ "$USER" = "root" ]; then
HEADER_COLOR="\033[1;31m" # Bold red for root
elif [ "$USER" = "administrator" ]; then
@ -14,8 +10,12 @@ else
fi
RESET_COLOR="\033[0m"
# Welcome message
echo -e "${HEADER_COLOR}Welcome, $USER on $HOSTNAME!${RESET_COLOR}"
# Color code for the hostname (set to green, bold, underlined, and blinking)
HOSTNAME_COLOR="\[\033[1;4;5;32m\]"
# Print welcome message
echo -e "${HEADER_COLOR}Welcome, $USER on ${HOSTNAME_COLOR}$HOSTNAME!${RESET_COLOR}"
echo ""
echo -e "${HEADER_COLOR}Today is $(date +"%A, %d.%m.%Y %T")${RESET_COLOR}"
echo ""
@ -44,16 +44,23 @@ echo -e "${HEADER_COLOR}Top 5 Processes by CPU Usage:${RESET_COLOR}"
ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%cpu | head -n 6
echo ""
# Set aliases for colored output for ls and grep
alias ls='ls --color=auto'
alias grep='grep --color=auto'
PS1="\$(if [ \"\$USER\" = \"administrator\" ]; then \
echo \"\[\033[4;38;5;208m\]$USER\"; \
elif [ \"\$USER\" = \"root\" ]; then \
echo \"\[\033[4;5;1;31m\]$USER\"; \
else \
echo \"\[\033[4;33m\]\$USER\"; \
fi)@\$(if [ \"\$USER\" = \"root\" ]; then \
echo \"\[\033[1;4;5;32m\]\h\"; \
else \
echo \"\[\033[1;4;32m\]\h\"; \
fi) \[\033[90m\]\$(date +%H:%M:%S)\[\033[0m\]:\[\033[38;5;13m\]\w \[\033[0m\]\$ "
# --- Prompt Configuration ---
# Define color codes for the username in the prompt based on the current user
if [ "$USER" = "root" ]; then
PROMPT_USER_COLOR="\[\033[4;5;1;31m\]" # Underlined, bold red for root
elif [ "$USER" = "administrator" ]; then
PROMPT_USER_COLOR="\[\033[4;38;5;208m\]" # Underlined, bold orange for administrator
else
PROMPT_USER_COLOR="\[\033[33m\]" # yellow for other users
fi
# Reset code for the prompt (must be wrapped in \[ \])
PROMPT_RESET="\[\033[0m\]"
# Configure PS1: username, hostname in green, time and current directory
PS1="${PROMPT_USER_COLOR}\u${PROMPT_RESET}@${HOSTNAME_COLOR}\h${PROMPT_RESET} \[\033[90m\]\$(date +%H:%M:%S)\[\033[0m\]:\[\033[38;5;13m\]\w ${PROMPT_RESET}\$ "

11
tasks/copy-docker-compose-and-env.yml
View File

@ -3,6 +3,7 @@
src: "docker-compose.yml.j2"
dest: "{{ docker_compose.files.docker_compose }}"
notify: docker compose project setup
register: docker_compose_template
- name: "create {{ docker_compose.files.env }}"
template:
@ -11,3 +12,13 @@
mode: '770'
force: yes
notify: docker compose project setup
register: env_template
- name: Check if docker compose has any running container and trigger setup if needed
command: docker compose ps -q --filter status=running
args:
chdir: "{{ docker_compose.directories.instance }}"
register: docker_ps
changed_when: (docker_ps.stdout | trim) == ""
notify: docker compose project setup
when: not (docker_compose_template.changed or env_template.changed)