kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-04-28 18:30:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added wordpress disourse draft

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-04-22 12:50:48 +02:00
parent e1df746346
commit 3653b3111a
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
14 changed files with 110 additions and 833 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

788
group_vars/all/07_applications.yml
View File

@ -1,788 +0,0 @@
# Docker Applications
## Docker Role Specific Parameters
docker_restart_policy: "unless-stopped"
##############################################
## Applications Configuration
##############################################
# Keep in mind, that this configuration should in general just apply to the roles which set the applications up.
# If other applications depend on this variables, propably it makes sense to define it in e.g. IMA or other variable files.
# helper
_applications_nextcloud_oidc_flavor: "{{ applications.nextcloud.oidc.flavor | default('oidc_login' if applications.nextcloud.features.ldap | default(true) else 'sociallogin') }}"
# applications
defaults_applications:
## Akaunting
akaunting:
version: "latest"
company_name: "{{primary_domain}}"
company_email: "{{users.administrator.email}}"
setup_admin_email: "{{users.administrator.email}}"
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
database: True # Enables use of central database
## Assets Server
assets_server:
source_directory: "{{ playbook_dir }}/assets" # Directory from which the assets will be copied
url: "https://{{domains.file_server}}/assets" # Public address of the assets directory
## Attendize
attendize:
version: "latest"
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
database: True # Enables use of central database
## Baserow
baserow:
version: "latest"
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: True # Allows embedding via iframe on landing page
database: True # Enables use of central database
## Big Blue Button
bigbluebutton:
enable_greenlight: "true"
setup: false # Set to true in inventory file for initial setup
# @todo LDAP needs to get propper implemented and tested, just set values during refactoring
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: True # Allows embedding via iframe on landing page
ldap: False # Enables LDAP integration and networking
oidc: True # Enables OpenID Connect (OIDC) authentication
database: True # Enables use of central database
credentials:
# shared_secret: # Needs to be defined in inventory file
# etherpad_api_key: # Needs to be defined in inventory file
# rails_secret: # Needs to be defined in inventory file
# postgresql_secret: # Needs to be defined in inventory file
# fsesl_password: # Needs to be defined in inventory file
# turn_secret: # Needs to be defined in inventory file
urls:
api: "https://{{domains.bigbluebutton}}/bigbluebutton/" # API Address used by Nextcloud Integration
## Bluesky
bluesky:
users:
administrator:
email: "{{users.administrator.email}}"
pds:
version: "latest"
#jwt_secret: # Needs to be defined in inventory file - Use: openssl rand -base64 64 | tr -d '\n'
#plc_rotation_key_k256_private_key_hex: # Needs to be defined in inventory file - Use: openssl rand -hex 32
#admin_password: # Needs to be defined in inventory file - Use: openssl rand -base64 16
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: True # Allows embedding via iframe on landing page
database: True # Enables use of central database
# Chromium Browser
chromium:
plugins: # Plugins to be installed in Chromium
- "cjpalhdlnbpafiamejdnhcphjbkeiagm;https://clients2.google.com/service/update2/crx" # U-Block Origine Plugin
- "oboonakemofpalcgghocfoadofidjkkk;https://clients2.google.com/service/update2/crx" # KeepassXC Plugin
coturn: # @todo implement
credentials:
user: turnuser
# password: # Need to be defined in invetory file
# secret: # Need to be defined in invetory file
## Discourse:
discourse:
network: "discourse_default" # Name of the docker network
container: "discourse_application" # Name of the container application
repository: "discourse_repository" # Name of the repository folder
credentials:
database:
# password: # Needs to be defined in inventory file
master_api:
# key: # Needs to be defined in inventory file
username: "{{ users.administrator.username }}" # Username for the Master API
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: True # Allows embedding via iframe on landing page
oidc: True # Enables OpenID Connect (OIDC) authentication
database: True # Enables use of central database
## File Server
file_server:
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: True # Allows embedding via iframe on landing page
# Firefox Browser
firefox:
plugins: # Plugins to be installed in Firefox
- "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi" # U-Block Origine Plugin
- "https://addons.mozilla.org/firefox/downloads/latest/keepassxc-browser/latest.xpi" # KeepassXC Plugin
## Friendica
friendica:
version: "latest"
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: True # Allows embedding via iframe on landing page
oidc: True # Enables OpenID Connect (OIDC) authentication
database: True # Enables use of central database
## Funkwhale
funkwhale:
version: "1.4.0"
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: True # Allows embedding via iframe on landing page
ldap: True # Enables LDAP integration and networking
database: True # Enables use of central database
## Gitea
gitea:
version: "latest" # Use latest docker image
configuration:
repository:
enable_push_create_user: True # Allow users to push local repositories to Gitea and have them automatically created for a user.
default_private: last # Default private when creating a new repository: last, private, public
default_push_create_private: True # Default private when creating a new repository with push-to-create.
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: True # Allows embedding via iframe on landing page
database: True # Enables use of central database
## Gitlab
gitlab:
version: "latest"
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: True # Allows embedding via iframe on landing page
database: True # Enables use of central database
## Gnome
gnome:
plugins:
- [enable,nasa_apod@elinvention.ovh,https://github.com/Elinvention/gnome-shell-extension-nasa-apod.git]
- [disable,dash-to-dock@micxgx.gmail.com,'']
- [enable, dash-to-panel@jderose9.github.com,'']
## Joomla
joomla:
version: "latest"
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: True # Allows embedding via iframe on landing page
## HTML Server
html_server:
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
## Keycloak
keycloak:
version: "latest"
users:
administrator:
username: "{{users.administrator.username}}" # Administrator Username for Keycloak
import_realm: True # If True realm will be imported. If false skip.
# database_password: # Needs to be defined in inventory file
# administrator_password: # Needs to be defined in inventory file
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: True # Allows embedding via iframe on landing page
ldap: True # Enables LDAP integration and networking
database: True # Enables use of central database
# LDAP Account Manager
lam:
version: "latest"
# administrator_password: "{{users.administrator.initial_password}}" # CHANGE for security reasons
oauth2_proxy:
application: application # Needs to be the same as webinterface
port: 80 # application port
# cookie_secret: None # Set via openssl rand -hex 16
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: True # Allows embedding via iframe on landing page
ldap: True # Enables LDAP integration and networking
oauth2: False # Enables OAuth2 proxy integration
database: False # Enables use of central database
## LDAP
ldap:
version: "latest"
network:
local: True # Activates local network to allow other docker containers to connect
public: False # Set to true in inventory file if you want to expose the LDAP port to the internet
hostname: "ldap" # Hostname of the LDAP Server in the central_ldap network
webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin
users:
administrator:
username: "{{users.administrator.username}}" # Administrator username
# administrator_password: # CHANGE for security reasons in inventory file
# administrator_database_password: # CHANGE for security reasons in inventory file
force_import: False # Forces the import of the LDIF files
features:
ldap: True # Enables LDAP integration and networking
## Libre Office
libreoffice:
flavor: "fresh" # Libre Office flavor, fresh for new, still for stable
## Listmonk
listmonk:
users:
administrator:
username: "{{users.administrator.username}}" # Listmonk administrator account username
public_api_activated: False # Security hole. Can be used for spaming
version: "latest" # Docker Image version
setup: false # Set true in inventory file to execute the setup and initializing procedures
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: True # Allows embedding via iframe on landing page
database: True # Enables use of central database
mailu:
version: "2024.06" # Docker Image Version
setup: false # Set true in inventory file to execute the setup and initializing procedures
oidc:
email_by_username: true # If true, then the mail is set by the username. If wrong then the OIDC user email is used
enable_user_creation: true # Users will be created if not existing
domain: "{{primary_domain}}" # The main domain from which mails will be send \ email suffix behind @
credentials:
# secret_key: # Set to a randomly generated 16 bytes string
# database_password: # Needs to be set in inventory file
# api_token: # Configures the authentication token. The minimum length is 3 characters. This is a mandatory setting for using the RESTful API.
# initial_administrator_password: # Initial administrator password for setup
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: True # Allows embedding via iframe on landing page
oidc: True # Enables OpenID Connect (OIDC) authentication
database: False # Enables use of central database
# Deactivate central database for mailu, I don't know why the database deactivation is necessary
## MariaDB
mariadb:
version: "latest"
## Matomo
matomo:
version: "latest"
oauth2_proxy:
# cookie_secret: None # Set via openssl rand -hex 16
# database_password: Null # Needs to be set in inventory file
# auth_token: Null # Needs to be set in inventory file
features:
matomo: False # Enables Matomo tracking
css: False # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
oauth2: False # Enables OAuth2 proxy integration
database: True # Enables use of central database
## Mastodon
mastodon:
version: "latest"
single_user_mode: false # Set true for initial setup
setup: false # Set true in inventory file to execute the setup and initializing procedures
credentials:
# Check out the README.md of the docker-mastodon role to get detailled instructions about how to setup the credentials
# database_password:
# secret_key_base:
# otp_secret:
# vapid:
# private_key:
# public_key:
# active_record_encryption:
# deterministic_key:
# key_derivation_salt:
# primary_key:
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
oidc: True # Enables OpenID Connect (OIDC) authentication
database: True # Enables use of central database
## Matrix
matrix:
users:
administrator:
username: "{{users.administrator.username}}" # Accountname of the matrix admin
playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start
role: "compose" # Role to setup Matrix. Valid values: ansible, compose
server_name: "{{primary_domain}}" # Adress for the account names etc.
synapse:
version: "latest"
element:
version: "latest"
setup: false # Set true in inventory file to execute the setup and initializing procedures
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
oidc: False # Enables OpenID Connect (OIDC) authentication
database: True # Enables use of central database
# Deactivated OIDC due to this issue https://github.com/matrix-org/synapse/issues/10492
## Moodle
moodle:
site_titel: "Global Learning Academy on {{primary_domain}}"
users:
administrator:
username: "{{users.administrator.username}}"
email: "{{users.administrator.email}}"
version: "latest"
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
database: True # Enables use of central database
## MyBB
mybb:
version: "latest"
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
database: True # Enables use of central database
## Nextcloud
nextcloud:
version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
ldap:
enabled: True # Enables LDAP by default
oidc:
enabled: "{{ applications.nextcloud.features.oidc | default(true) }}" # Activate OIDC for Nextcloud
# floavor decides which OICD plugin should be used.
# Available options: oidc_login, sociallogin
# @see https://apps.nextcloud.com/apps/oidc_login
# @see https://apps.nextcloud.com/apps/sociallogin
flavor: "oidc_login" # Keeping on sociallogin because the other option is not implemented yet
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
ldap: True # Enables LDAP integration and networking
oidc: True # Enables OpenID Connect (OIDC) authentication
database: True # Enables use of central database
credentials:
# database_password: Null # Needs to be set in inventory file
users:
administrator:
username: "{{users.administrator.username}}"
initial_password: "{{users.administrator.initial_password}}" # Keep in mind to change the password fast after creation and activate 2FA
default_quota: '1000000000' # Quota to assign if no quota is specified in the OIDC response (bytes)
legacy_login_mask:
enabled: False # If true, then legacy login mask is shown. Otherwise just SSO
container:
application: "nextcloud-application" # Nextcloud application container name
proxy: "nextcloud-web" # Nextcloud Proxy Container Name
performance:
php:
memory_limit: "{{ ((ansible_memtotal_mb | int) / 30)|int }}M" # Dynamic set memory limit
upload_limit: "5G" # Set upload limit to 5GB for big media files
opcache_memory_consumption: "{{ ((ansible_memtotal_mb | int) / 30)|int }}M" # Dynamic set memory consumption
plugins:
# List for Nextcloud Plugin Routine
# Decides if plugins should be activated or deactivated
appointments:
# Nextcloud appointments: handles scheduling and appointment management (https://apps.nextcloud.com/apps/appointments)
enabled: true
bbb:
# Nextcloud BigBlueButton integration: enables video conferencing using BigBlueButton (https://apps.nextcloud.com/apps/bbb)
enabled: "{{ 'bigbluebutton' in group_names | lower }}"
#- bookmarks
# # Nextcloud Bookmarks: manage and share your bookmarks easily (https://apps.nextcloud.com/apps/bookmarks)
# enabled: false
calendar:
# Nextcloud calendar: manages calendar events and scheduling (https://apps.nextcloud.com/apps/calendar)
enabled: true
cfg_share_links:
# Nextcloud share links configuration: customizes sharing settings and link options (https://apps.nextcloud.com/apps/cfg_share_links)
enabled: true
collectives:
# Nextcloud collectives: supports collaborative group management and sharing (https://apps.nextcloud.com/apps/collectives)
enabled: true
contacts:
# Nextcloud contacts: manages address book and contact information (https://apps.nextcloud.com/apps/contacts)
enabled: true
cospend:
# Nextcloud cospend: manages shared expenses and spending tracking (https://apps.nextcloud.com/apps/cospend)
enabled: true
deck:
# Nextcloud Deck: organizes tasks and projects using Kanban boards (https://apps.nextcloud.com/apps/deck)
# When Taiga is activated, this plugin is deactivated, because Taiga is the prefered application.
enabled: "{{ 'taiga' not in group_names | lower }}"
drawio:
# Nextcloud draw.io: integrates diagram creation and editing tools (https://apps.nextcloud.com/apps/drawio)
enabled: true
duplicatefinder:
# Nextcloud duplicate finder: scans and identifies duplicate files (https://apps.nextcloud.com/apps/duplicatefinder)
enabled: true
emlviewer:
# Nextcloud EML Viewer: previews and manages EML email files (https://apps.nextcloud.com/apps/emlviewer)
enabled: true
event_update_notification:
# Nextcloud event update notification: sends alerts when events are updated (https://apps.nextcloud.com/apps/event_update_notification)
enabled: true
epubviewer:
# Nextcloud EPUB Viewer: enables reading and previewing EPUB e-books (https://apps.nextcloud.com/apps/epubviewer)
enabled: true
external:
# Nextcloud External: Adds links to external services (https://apps.nextcloud.com/apps/external)
enabled: true
#files_accesscontrol
# # Nextcloud Files Access Control: restricts file access based on defined rules (https://apps.nextcloud.com/apps/files_accesscontrol)
# enabled: false
#files_archive
# # Nextcloud Files Archive: compresses and archives files for efficient storage (https://apps.nextcloud.com/apps/files_archive)
# enabled: false
#files_automatedtagging
# # Nextcloud Files Automated Tagging: automatically tags files to improve organization (https://apps.nextcloud.com/apps/files_automatedtagging)
# enabled: false
files_bpm:
# Nextcloud Files BPM: integrates business process management for file workflows (https://apps.nextcloud.com/apps/files_bpm)
enabled: true
files_downloadactivity:
# Nextcloud Files Download Activity: tracks and logs file download events (https://apps.nextcloud.com/apps/files_downloadactivity)
enabled: true
files_linkeditor:
# Nextcloud files link editor: allows customization of shared file links (https://apps.nextcloud.com/apps/files_linkeditor)
enabled: true
files_mindmap:
# Nextcloud Files Mindmap: visualizes file relationships as mind maps (https://apps.nextcloud.com/apps/files_mindmap)
enabled: true
files_texteditor:
# Nextcloud Files Text Editor: provides an online editor for text files (https://apps.nextcloud.com/apps/files_texteditor)
# Not available for Nextcloud < 27
enabled: false
fileslibreofficeedit:
# Nextcloud LibreOffice integration: allows online editing of documents with LibreOffice (https://apps.nextcloud.com/apps/fileslibreofficeedit)
enabled: true
forms:
# Nextcloud forms: facilitates creation of forms and surveys (https://apps.nextcloud.com/apps/forms)
enabled: true
gestion:
# Nextcloud Gestion: manages administrative tasks and workflows (https://apps.nextcloud.com/apps/gestion)
enabled: true
groupfolders:
# Nextcloud Group Folders: centralizes shared folders for group collaboration (https://apps.nextcloud.com/apps/groupfolders)
enabled: true
gpxpod:
# Nextcloud GPX pod: visualizes GPS tracks and GPX data (https://apps.nextcloud.com/apps/gpxpod)
enabled: true
integration_discourse:
# Nextcloud Integration Discourse: connects Nextcloud with Discourse forums (https://apps.nextcloud.com/apps/integration_discourse)
enabled: false
integration_gitlab:
# Nextcloud Integration GitLab: connects Nextcloud with GitLab repositories (https://apps.nextcloud.com/apps/integration_gitlab)
enabled: "{{ 'gitlab' in group_names | lower }}"
integration_github:
# Nextcloud Integration GitHub: integrates GitHub repositories with Nextcloud (https://apps.nextcloud.com/apps/integration_github)
enabled: false
integration_google:
# Nextcloud Integration Google: connects Google services with Nextcloud (https://apps.nextcloud.com/apps/integration_google)
enabled: true
integration_mastodon:
# Nextcloud Integration Mastodon: connects Nextcloud with the Mastodon social network (https://apps.nextcloud.com/apps/integration_mastodon)
enabled: "{{ 'mastodon' in group_names | lower }}"
integration_openai:
# Nextcloud Integration OpenAI: brings OpenAI functionalities into Nextcloud (https://apps.nextcloud.com/apps/integration_openai)
enabled: false
integration_openproject:
# Nextcloud Integration OpenProject: integrates project management features from OpenProject (https://apps.nextcloud.com/apps/integration_openproject)
enabled: "{{ 'openproject' in group_names | lower }}"
integration_peertube:
# Nextcloud Integration PeerTube: connects to PeerTube for video sharing (https://apps.nextcloud.com/apps/integration_peertube)
enabled: "{{ 'peertube' in group_names | lower }}"
#keeweb
# # Nextcloud KeeWeb: integrates the KeeWeb password manager within Nextcloud (https://apps.nextcloud.com/apps/keeweb)
# # This isn't maintained anymore. The alternatives don't support keepass files
# enabled: false
keeporsweep:
# Nextcloud keep or sweep: helps manage and clean up files and data (https://apps.nextcloud.com/apps/keeporsweep)
enabled: true
mail:
# Nextcloud mail: integrated email client for managing mail accounts (https://apps.nextcloud.com/apps/mail)
enabled: true
maps:
# Nextcloud maps: provides mapping and location services integration (https://apps.nextcloud.com/apps/maps)
enabled: true
metadata:
# Nextcloud Metadata: manages and displays file metadata for enhanced organization (https://apps.nextcloud.com/apps/metadata)
enabled: true
news:
# Nextcloud News: aggregates and displays news feeds directly in Nextcloud (https://apps.nextcloud.com/apps/news)
enabled: true
oidc_login:
# Nextcloud User OIDC: integrates OpenID Connect for user authentication (https://apps.nextcloud.com/apps/oidc_login)
enabled: "{{ _applications_nextcloud_oidc_flavor=='oidc_login' | lower }}"
incompatible_plugins:
- user_oidc # Will be disabled
- sociallogin # Will be disabled
phonetrack:
# Nextcloud phone track: tracks and monitors mobile device usage (https://apps.nextcloud.com/apps/phonetrack)
enabled: true
polls:
# Nextcloud polls: facilitates creation and management of user polls (https://apps.nextcloud.com/apps/polls)
enabled: true
quota_warning:
# Nextcloud quota warning: notifies users when storage limits are reached (https://apps.nextcloud.com/apps/quota_warning)
enabled: true
recognize:
# Nextcloud recognize: performs image recognition tasks (https://apps.nextcloud.com/apps/recognize)
enabled: false # Deactivated because it let to bugs
richdocuments:
# Nextcloud Rich Documents: provides collaborative document editing capabilities (https://apps.nextcloud.com/apps/richdocuments)
enabled: false # @todo To set it default to true activate https://hub.docker.com/r/collabora/code before
sociallogin:
# Nextcloud social login: allows authentication using social networks (https://apps.nextcloud.com/apps/sociallogin)
enabled: "{{ _applications_nextcloud_oidc_flavor=='sociallogin' | lower }}"
incompatible_plugins:
- user_oidc # Will be disabled
- oidc_login # Will be disabled
spreed:
# Nextcloud Spreed: offers video conferencing and chat functionalities (https://apps.nextcloud.com/apps/spreed)
enabled: false # @todo to activate it first implement docker-coturn and activate it
tables:
# Nextcloud tables: allows creation and editing of tables within the interface (https://apps.nextcloud.com/apps/tables)
enabled: true
tasks:
# Nextcloud tasks: manages personal or group tasks and to-do lists (https://apps.nextcloud.com/apps/tasks)
enabled: true
#terms_of_service
# # Nextcloud Terms of Service: manages user acceptance of terms and conditions (https://apps.nextcloud.com/apps/terms_of_service)
# enabled: false
twofactor_nextcloud_notification:
# Nextcloud two-factor notification: sends notifications for two-factor authentication events (https://apps.nextcloud.com/apps/twofactor_nextcloud_notification)
enabled: "{{ not applications.nextcloud.features.oidc | default(true) }}" # Deactivate 2FA if oidc is active
twofactor_totp:
# Nextcloud two-factor TOTP: provides time-based one-time password authentication (https://apps.nextcloud.com/apps/twofactor_totp)
enabled: "{{ not applications.nextcloud.features.oidc | default(true) }}" # Deactivate 2FA if oidc is active
user_ldap:
# Nextcloud user LDAP: integrates LDAP for user management and authentication (https://apps.nextcloud.com/apps/user_ldap)
enabled: "{{ applications.nextcloud.features.ldap | default(true) }}"
user_oidc:
# Nextcloud User OIDC: integrates OpenID Connect for user authentication (https://apps.nextcloud.com/apps/user_oidc)
enabled: "{{ _applications_nextcloud_oidc_flavor=='user_oidc' | lower }}"
incompatible_plugins:
- oidc_login
- sociallogin
whiteboard:
# Nextcloud Whiteboard: provides a collaborative drawing and brainstorming tool (https://apps.nextcloud.com/apps/whiteboard)
enabled: true
## OAuth2 Proxy
oauth2_proxy:
configuration_file: "oauth2-proxy-keycloak.cfg" # Needs to be set true in the roles which use it
version: "latest" # Docker Image version
redirect_url: "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
## Open Project
openproject:
version: "13" # Update when available. Sadly no rolling release implemented
oauth2_proxy:
application: "proxy"
port: "80"
# cookie_secret: None # Set via openssl rand -hex 16
ldap:
filters:
administrators: True # Set true to filter administrators
users: False # Set true to filter users
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
ldap: True # Enables LDAP integration and networking
oauth2: True # Enables OAuth2 proxy integration
database: True # Enables use of central database
## Peertube
peertube:
version: "bookworm"
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
database: True # Enables use of central database
## PgAdmin
pgadmin:
version: "latest"
server_mode: False # If true then the preconfigured database file is loaded. Recommended False. True is a security risk.
master_password_required: True # Master password is required. Recommended True. False is a security risk.
users:
administrator:
email: "{{ users.administrator.email }}" # Initial login email address
password: "{{ users.administrator.initial_password }}" # Initial login password should be overridden in inventory for security
oauth2_proxy:
application: "application"
port: "80"
# cookie_secret: None # Set via: openssl rand -hex 16
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
oauth2: True # Enables OAuth2 proxy integration
database: True # Enables use of central database
## phpLDAPadmin
phpldapadmin:
version: "2.0.0-dev" # @todo Attention: Change this as fast as released to latest
oauth2_proxy:
application: application # Needs to be the same as webinterface
port: 8080 # application port
# cookie_secret: None # Set via openssl rand -hex 16
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
ldap: True # Enables LDAP integration and networking
oauth2: True # Enables OAuth2 proxy integration
## PHPMyAdmin
phpmyadmin:
version: "latest" # Use the latest phpmyadmin version
autologin: false # This is a high security risk. Just activate this option if you know what you're doing
oauth2_proxy:
port: "80"
application: "application"
# cookie_secret: None # Set via openssl rand -hex 16
features:
matomo: True # Enables Matomo tracking
css: False # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
oauth2: True # Enables OAuth2 proxy integration
database: True # Enables use of central database
## Pixelfed
pixelfed:
titel: "Pictures on {{primary_domain}}"
version: "latest"
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
database: True # Enables use of central database
## Postgres
# Please set an version in your inventory file - Rolling release for postgres isn't recommended
postgres:
version: "latest"
portfolio:
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
## Presentation
presentation:
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: True # Allows embedding via iframe on landing page
# Snipe-IT
snipe_it:
version: "latest"
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
database: True # Enables use of central database
## Sphinx
sphinx:
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
## Taiga
taiga:
version: "latest"
oidc:
# Taiga doesn't have a functioning oidc support at the moment
# See
# - https://community.taiga.io/t/taiga-and-oidc-plugin/4866
#
# Due to this reason this plutin is deactivated atm
flavor: 'taigaio' # Potential flavors: robrotheram, taigaio
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
oidc: False # Enables OpenID Connect (OIDC) authentication
database: True # Enables use of central database
## YOURLS
yourls:
users:
administrator:
username: "{{users.administrator.username}}"
version: "latest"
oauth2_proxy:
application: "application"
port: "80"
location: "/admin/" # Protects the admin area
# cookie_secret: None # Set via openssl rand -hex 16
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
oauth2: True # Enables OAuth2 proxy integration
database: True # Enables use of central database
wordpress:
# Deactivate Global theming for wordpress role
# due to the reason that wordpress has to much different themes
# and one styling for all is not possible.
#
# May a solution could be to generate a template or css file dedicated
# for wordpress based on the theming values and import it.
title: "Blog" # Wordpress titel
credentials: # Credentials
administrator: # Wordpress administrator
username: "{{users.administrator.username}}" # Username of the wordpress administrator
# password: # Password of the wordpress administrator
email: "{{users.administrator.email}}" # Email of the wordpress adminsitrator
plugins:
discourse: false
oidc: true
features:
matomo: True # Enables Matomo tracking
css: False # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
oidc: True # Enables OpenID Connect (OIDC) authentication
database: True # Enables use of central database

33
roles/docker-discourse/tasks/main.yml
View File

@ -5,10 +5,12 @@
pacman: pacman:
name: which name: which
state: present state: present
when: run_once_docker_discourse is not defined
- name: "include docker-central-database" - name: "include docker-central-database"
include_role: include_role:
name: docker-central-database name: docker-central-database
when: run_once_docker_discourse is not defined
- name: "include role nginx-domain-setup for {{application_id}}" - name: "include role nginx-domain-setup for {{application_id}}"
include_role: include_role:
@ -16,21 +18,27 @@
vars: vars:
domain: "{{ domains[application_id] }}" domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}" http_port: "{{ ports.localhost.http[application_id] }}"
when: run_once_docker_discourse is not defined
- name: "cleanup central database from {{application_id}}_default network" - name: "cleanup central database from {{application_id}}_default network"
command: command:
cmd: "docker network disconnect {{applications.discourse.network}} central-{{ database_type }}" cmd: "docker network disconnect {{applications.discourse.network}} central-{{ database_type }}"
ignore_errors: true ignore_errors: true
when: mode_reset | bool when:
- mode_reset | bool
- run_once_docker_discourse is not defined
- name: add docker-compose.yml - name: add docker-compose.yml
template: template:
src: docker-compose.yml.j2 src: docker-compose.yml.j2
dest: "{{docker_compose.directories.instance}}docker-compose.yml" dest: "{{docker_compose.directories.instance}}docker-compose.yml"
notify: docker compose project setup notify:
- docker compose project setup
- run_once_docker_discourse is not defined
- name: flush, to recreate discourse docker compose - name: flush, to recreate discourse docker compose
meta: flush_handlers meta: flush_handlers
when: run_once_docker_discourse is not defined
- name: pull docker repository - name: pull docker repository
git: git:
@ -40,18 +48,21 @@
notify: recreate discourse notify: recreate discourse
become: true become: true
ignore_errors: true ignore_errors: true
when: run_once_docker_discourse is not defined
- name: set chmod 700 for {{docker_repository_directory }}containers - name: set chmod 700 for {{docker_repository_directory }}containers
ansible.builtin.file: ansible.builtin.file:
path: "{{docker_repository_directory }}/containers" path: "{{docker_repository_directory }}/containers"
mode: '700' mode: '700'
state: directory state: directory
when: run_once_docker_discourse is not defined
- name: "copy configuration to {{discourse_application_yml_destination}}" - name: "copy configuration to {{discourse_application_yml_destination}}"
template: template:
src: discourse_application.yml.j2 src: discourse_application.yml.j2
dest: "{{discourse_application_yml_destination}}" dest: "{{discourse_application_yml_destination}}"
notify: recreate discourse notify: recreate discourse
when: run_once_docker_discourse is not defined
- name: "destroy container discourse_application" - name: "destroy container discourse_application"
command: command:
@ -59,19 +70,31 @@
chdir: "{{docker_repository_directory }}" chdir: "{{docker_repository_directory }}"
ignore_errors: true ignore_errors: true
notify: recreate discourse notify: recreate discourse
when: mode_reset | bool when:
- mode_reset | bool
- run_once_docker_discourse is not defined
- name: flush, to recreate discourse app - name: flush, to recreate discourse app
meta: flush_handlers meta: flush_handlers
when: run_once_docker_discourse is not defined
- name: "add {{applications.discourse.container}} to network central_postgres" - name: "add {{applications.discourse.container}} to network central_postgres"
command: command:
cmd: "docker network connect central_postgres {{applications.discourse.container}}" cmd: "docker network connect central_postgres {{applications.discourse.container}}"
ignore_errors: true ignore_errors: true
when: applications[application_id].features.database | bool when:
- applications[application_id].features.database | bool
- run_once_docker_discourse is not defined
- name: "remove central database from {{application_id}}_default" - name: "remove central database from {{application_id}}_default"
command: command:
cmd: "docker network disconnect {{applications.discourse.network}} central-{{ database_type }}" cmd: "docker network disconnect {{applications.discourse.network}} central-{{ database_type }}"
ignore_errors: true ignore_errors: true
when: applications[application_id].features.database | bool when:
- applications[application_id].features.database | bool
- run_once_docker_discourse is not defined
- name: run the docker_discourse tasks once
set_fact:
run_once_docker_discourse: true
when: run_once_docker_discourse is not defined

5
roles/docker-wordpress/README.md
View File

@ -2,7 +2,7 @@
## Description ## Description
WordPress is a versatile and widely used content management system (CMS) that powers millions of websites—from blogs and portfolios to e-commerce and corporate sites. This deployment provides a containerized WordPress instance optimized for multisite operation, advanced media management, and extensive plugin support, allowing you to fully leverage the rich features of the WordPress software. [WordPress](https://en.wordpress.org/) is a versatile and widely used [content management system (CMS)](https://en.wikipedia.org/wiki/Content_management_system) that powers millions of websites—from blogs and portfolios to e-commerce and corporate sites. This deployment provides a containerized WordPress instance optimized for multisite operation, advanced media management, and extensive plugin support, allowing you to fully leverage the rich features of the WordPress software.
## Overview ## Overview
@ -31,6 +31,8 @@ WordPress offers an extensive array of features that make it a robust platform f
This automated Docker Compose deployment streamlines the process by building a custom WordPress image (which includes tools like msmtp for email delivery) and configuring the necessary PHP settings. In doing so, it ensures that your WordPress site is secure, scalable, and always uptodate. This automated Docker Compose deployment streamlines the process by building a custom WordPress image (which includes tools like msmtp for email delivery) and configuring the necessary PHP settings. In doing so, it ensures that your WordPress site is secure, scalable, and always uptodate.
This deployment provides a containerized WordPress instance optimized for multisite operation, advanced media management, and extensive plugin support—including optional integration with Discourse forums.
## Purpose ## Purpose
The goal of this deployment is to provide a productionready, scalable WordPress instance with multisite capabilities and enhanced performance. By automating the custom image build and configuration processes via Docker Compose and Ansible, it minimizes manual intervention, reduces errors, and allows you to concentrate on building great content. The goal of this deployment is to provide a productionready, scalable WordPress instance with multisite capabilities and enhanced performance. By automating the custom image build and configuration processes via Docker Compose and Ansible, it minimizes manual intervention, reduces errors, and allows you to concentrate on building great content.
@ -40,6 +42,7 @@ The goal of this deployment is to provide a productionready, scalable WordPre
- [WordPress Official Website](https://wordpress.org/) - [WordPress Official Website](https://wordpress.org/)
- [WordPress Multisite Documentation](https://wordpress.org/support/article/create-a-network/) - [WordPress Multisite Documentation](https://wordpress.org/support/article/create-a-network/)
- [WordPress Plugin Repository](https://wordpress.org/plugins/) - [WordPress Plugin Repository](https://wordpress.org/plugins/)
- [WP Discourse Plugin](https://wordpress.org/plugins/wp-discourse/)
## Credits ## Credits

4
roles/docker-wordpress/tasks/discourse/README.md Normal file
View File

@ -0,0 +1,4 @@
# Wordpress with Discourse Support
This folder contains the files to setup Discourse support for Wordpress.
IT's realized with the [WP Discourse Plugin](https://de.wordpress.org/plugins/wp-discourse/)

37
roles/docker-wordpress/tasks/discourse/generate-api-key.yml Normal file
View File

@ -0,0 +1,37 @@
- name: "Revoke old WP Discourse API keys via Rails"
command: >
docker exec {{ applications.discourse.container }}
rails runner "
user = User.find_by_username('system')
ApiKey
.where(
user_id: user.id,
description: 'WP Discourse Integration',
revoked_at: nil
)
.update_all(revoked_at: Time.current)
"
args:
chdir: "{{ docker_compose.directories.instance }}"
failed_when: false
- name: "Generate new WP Discourse API key via Rails"
command: >
docker exec {{ applications.discourse.container }}
rails runner "
user = User.find_by_username('system')
ak = ApiKey.create!(
user_id: user.id,
token: SecureRandom.hex,
description: 'WP Discourse Integration'
)
puts ak.token
"
args:
chdir: "{{ docker_compose.directories.instance }}"
register: discourse_generated_api_key
failed_when: false
- name: "Set fact for new WP Discourse API key"
set_fact:
vault_discourse_api_key: "{{ discourse_generated_api_key.stdout_lines[0] }}"

13
roles/docker-wordpress/tasks/wp_discourse.yml → roles/docker-wordpress/tasks/discourse/install.yml
View File

@ -1,4 +1,17 @@
--- ---
- name: "Include docker-discourse"
include_role:
name: docker-discourse
- name: "Generate Discourse API Key when WP Discourse is enabled"
include_tasks: generate-api-key.yml
# Load after api key generation, so that it can be used
- name: "Include WP Discourse vars"
include_vars:
file: "{{ role_path }}/vars/discourse.yml"
name: discourse_settings
- name: "Install WP Discourse plugin" - name: "Install WP Discourse plugin"
command: > command: >
docker-compose exec -u www-data -T application docker-compose exec -u www-data -T application

8
roles/docker-wordpress/tasks/main.yml
View File

@ -38,9 +38,9 @@
include_tasks: install.yml include_tasks: install.yml
- name: "Activating OIDC when enabled." - name: "Activating OIDC when enabled."
include_tasks: oidc.yml include_tasks: oidc/install.yml
when: applications[application_id].features.oidc | bool when: applications[application_id].features.oidc | bool
#- name: "Activating WP Discourse when enabled" - name: "Activating WP Discourse when enabled"
# include_tasks: wp_discourse.yml include_tasks: discourse/install.yml
# when: applications[application_id].wp_discourse.enabled | bool when: applications[application_id].plugins.discourse | bool

2
roles/docker-wordpress/tasks/oidc/README.md Normal file
View File

@ -0,0 +1,2 @@
# Wordpress with OIDC
This folder contains the files to setup Wordpress with OIDC.

9
roles/docker-wordpress/tasks/oidc.yml → roles/docker-wordpress/tasks/oidc/install.yml
View File

@ -7,6 +7,13 @@
args: args:
chdir: "{{ docker_compose.directories.instance }}" chdir: "{{ docker_compose.directories.instance }}"
- name: Wait for Discourse API
wait_for:
host: "{{ domains.discourse }}"
port: 80
delay: 5
timeout: 600
- name: "Activate OpenID Connect Generic Plugin" - name: "Activate OpenID Connect Generic Plugin"
command: > command: >
docker-compose exec -u www-data -T application docker-compose exec -u www-data -T application
@ -16,4 +23,4 @@
chdir: "{{ docker_compose.directories.instance }}" chdir: "{{ docker_compose.directories.instance }}"
- name: "Setup OIDC settings" - name: "Setup OIDC settings"
include_tasks: "oidc_settings.yml" include_tasks: "settings.yml"

0
roles/docker-wordpress/tasks/oidc_settings.yml → roles/docker-wordpress/tasks/oidc/settings.yml
View File

23
roles/docker-wordpress/tasks/setup-discourse-api-key.yml
View File

@ -1,23 +0,0 @@
---
- name: "Create Discourse API key for WordPress integration"
uri:
url: "https://{{ domains.discourse }}/admin/api/keys"
method: POST
headers:
Content-Type: "application/json"
Api-Key: "{{ applications.discourse.master_api_key }}"
Api-Username: "{{ applications.discourse.master_api_username | default('admin') }}"
body_format: json
body:
key:
description: "WP Discourse Integration"
username: "system"
return_content: true
status_code: 200
register: discourse_api_key_response
when: applications.discourse.master_api_key is defined
- name: "Set fact for vault_discourse_api_key"
set_fact:
vault_discourse_api_key: "{{ discourse_api_key_response.json.key.key }}"
when: discourse_api_key_response is defined and discourse_api_key_response.json.key is defined

9
roles/docker-wordpress/vars/discourse.yml Normal file
View File

@ -0,0 +1,9 @@
# Defines WP Discourse plugin settings
# @see https://github.com/discourse/wp-discourse
discourse_settings:
publish_discourse_posts: true
discourse_url: "https://{{ domains.discourse }}"
discourse_api_key: "{{ vault_discourse_api_key }}"
discourse_username: "system"
discourse_use_sso: false

10
roles/docker-wordpress/vars/wp_discourse.yml
View File

@ -1,10 +0,0 @@
# Defines WP Discourse plugin settings
# @see https://github.com/discourse/wp-discourse
discourse_settings:
publish_discourse_posts: true
discourse_url: "https://{{ domains.discourse }}"
discourse_api_key: "{{ applications.discourse.api_key }}"
discourse_username: "system"
discourse_use_sso: false # You can change this depending on your integration style
discourse_sso_secret: "{{ applications.wordpress.credentials.discourse_sso_secret | default('') }}"

2
templates/vars/applications.yml.j2
View File

@ -815,7 +815,7 @@ defaults_applications:
# password: # Password of the wordpress administrator # password: # Password of the wordpress administrator
email: "{{users.administrator.email}}" # Email of the wordpress adminsitrator email: "{{users.administrator.email}}" # Email of the wordpress adminsitrator
plugins: plugins:
discourse: false discourse: "{{ 'discourse' in group_names | lower }}"
oidc: true oidc: true
{% endraw %}{{ features.render_features({ {% endraw %}{{ features.render_features({
'matomo': true, 'matomo': true,