kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-04-28 10:26:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Further optimisation of system user creation

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-04-24 19:25:39 +02:00
parent 59e985eb3b
commit 36606b5594
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
29 changed files with 208 additions and 167 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
group_vars/all/00_general.yml
View File

@ -20,13 +20,13 @@ primary_domain: "{{primary_domain_sld}}.{{primary_domain_tld}}" # Primar
_users_administrator_username: "{{ users.administrator.username | default('administrator') }}"
_users_administrator_email: "{{ users.administrator.email | default(_users_administrator_username ~ '@' ~ primary_domain) }}"
# Helper Variables for bouncer
_users_bouncer_username: "{{ users.bouncer.username | default('bouncer') }}"
_users_bouncer_email: "{{ users.bouncer.email | default(_users_bouncer_username ~ '@' ~ primary_domain) }}"
# Helper Variables for bounce
_users_bounce_username: "{{ users.bounce.username | default('bounce') }}"
_users_bounce_email: "{{ users.bounce.email | default(_users_bounce_username ~ '@' ~ primary_domain) }}"
# Helper Variables for no-reply
_users_no_reply_username: "{{ users.no-reply.username | default('no-reply') }}"
_users_no_reply_email: "{{ users.no-reply.email | default(_users_no_reply_username ~ '@' ~ primary_domain) }}"
_users_no_reply_username: "{{ users['no-reply'].username | default('no-reply') }}"
_users_no_reply_email: "{{ users['no-reply'].email | default(_users_no_reply_username ~ '@' ~ primary_domain) }}"
# Administrator
default_users:
@ -38,12 +38,12 @@ default_users:
gid: 1001 # Posix Group ID
is_admin: true # Define as admin user
bouncer:
username: "{{ _users_bouncer_username }}" # Bounce-handler account username
email: "{{ _users_bouncer_email }}" # Email address for handling bounces
bounce:
username: "{{ _users_bounce_username }}" # Bounce-handler account username
email: "{{ _users_bounce_email }}" # Email address for handling bounces
password: "{{ansible_become_password}}" # Example initialisation password needs to be set in inventory file
uid: 1002 # Posix User ID for bouncer
gid: 1002 # Posix Group ID for bouncer
uid: 1002 # Posix User ID for bounce
gid: 1002 # Posix Group ID for bounce
no-reply:
username: "{{ _users_no_reply_username }}" # No-reply account username

3
group_vars/all/02_system_email.yml
View File

@ -1,12 +1,9 @@
# Email Configuration
default_system_email:
local: no-reply
domain: "{{primary_domain}}"
username: "no-reply@{{primary_domain}}"
host: "mail.{{primary_domain}}"
port: 465
tls: true
start_tls: false
from: "no-reply@{{primary_domain}}"
smtp: true
# password: # Needs to be defined in inventory file

4
roles/docker-baserow/templates/env.j2
View File

@ -5,8 +5,8 @@ BASEROW_PUBLIC_URL=https://{{ domain }}
EMAIL_SMTP={{ system_email.smtp | upper }}
EMAIL_SMTP_HOST={{ system_email.host }}
EMAIL_SMTP_PORT={{ system_email.port }}
EMAIL_SMTP_USER={{system_email.username}}
EMAIL_SMTP_PASSWORD={{ system_email.password }}
EMAIL_SMTP_USER={{ users['no-reply'].email }}
EMAIL_SMTP_PASSWORD={{ users['no-reply'].mailu_token }}
EMAIL_SMTP_USE_TLS={{ system_email.tls | upper }}
DATABASE_USER={{ database_username }}

10
roles/docker-bigbluebutton/tasks/main.yml
View File

@ -43,10 +43,12 @@
- name: flush docker service
meta: flush_handlers
- name: wait for database
pause:
seconds: "{{pause_duration}}"
when: applications.bigbluebutton.setup | bool
- name: Wait for BigBlueButton
wait_for:
host: "{{ domains.bigbluebutton }}"
port: 80
delay: 5
timeout: 600
- name: create admin
command:

8
roles/docker-bigbluebutton/templates/env.j2
View File

@ -209,16 +209,16 @@ ALLOW_GREENLIGHT_ACCOUNTS=true
SMTP_SERVER={{system_email.host}}
SMTP_DOMAIN={{system_email.domain}}
SMTP_PORT={{system_email.port}}
SMTP_USERNAME={{system_email.username}}
SMTP_PASSWORD={{system_email.password}}
SMTP_USERNAME={{ users['no-reply'].email }}
SMTP_PASSWORD={{ users['no-reply'].mailu_token }}
SMTP_AUTH=plain
SMTP_OPENSSL_VERIFY_MODE=none
SMTP_STARTTLS_AUTO={{system_email.start_tls | lower}}
SMTP_STARTTLS={{system_email.start_tls | lower}}
SMTP_TLS={{system_email.tls | lower}}
SMTP_SSL_VERIFY=true
SMTP_SENDER={{system_email.from}}
SMTP_SENDER_EMAIL={{system_email.from}}
SMTP_SENDER={{ users['no-reply'].email }}
SMTP_SENDER_EMAIL={{ users['no-reply'].email }}
# Prefix for the applications root URL.
# Useful for deploying the application to a subdirectory, which is highly recommended

4
roles/docker-bluesky/templates/env.j2
View File

@ -8,8 +8,8 @@ PDS_JWT_SECRET="{{applications.bluesky.pds.jwt_secret}}"
PDS_ADMIN_PASSWORD="{{applications.bluesky.pds.admin_password}}"
PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX="{{applications.bluesky.pds.plc_rotation_key_k256_private_key_hex}}"
PDS_CRAWLERS=https://bsky.network
PDS_EMAIL_SMTP_URL=smtps://{{system_email.username}}:{{system_email.password}}@{{system_email.host}}:{{system_email.port}}/
PDS_EMAIL_FROM_ADDRESS={{system_email.from}}
PDS_EMAIL_SMTP_URL=smtps://{{ users['no-reply'].email }}:{{ users['no-reply'].mailu_token }}@{{system_email.host}}:{{system_email.port}}/
PDS_EMAIL_FROM_ADDRESS={{ users['no-reply'].email }}
LOG_ENABLED=true
PDS_BLOBSTORE_DISK_LOCATION=/opt/pds/blocks
PDS_DATA_DIRECTORY: /opt/pds

6
roles/docker-discourse/templates/discourse_application.yml.j2
View File

@ -58,11 +58,11 @@ env:
# WARNING the char '#' in SMTP password can cause problems!
DISCOURSE_SMTP_ADDRESS: {{ system_email.host }}
DISCOURSE_SMTP_PORT: {{ system_email.port }}
DISCOURSE_SMTP_USER_NAME: {{ system_email.username }}
DISCOURSE_SMTP_PASSWORD: {{ system_email.password }}
DISCOURSE_SMTP_USER_NAME: {{ users['no-reply'].email }}
DISCOURSE_SMTP_PASSWORD: {{ users['no-reply'].mailu_token }}
DISCOURSE_SMTP_ENABLE_START_TLS: {{ system_email.start_tls | upper }}
DISCOURSE_SMTP_DOMAIN: {{ system_email.domain }}
DISCOURSE_NOTIFICATION_EMAIL: {{ system_email.from }}
DISCOURSE_NOTIFICATION_EMAIL: {{ users['no-reply'].email }}
# Database Configuration
DISCOURSE_DB_USERNAME: {{ database_username }}

6
roles/docker-friendica/templates/env.j2
View File

@ -20,11 +20,11 @@ MYSQL_PASSWORD= {{database_password}}
SMTP= {{system_email.host}}
SMTP_DOMAIN= {{system_email.domain}}
SMTP_PORT= {{system_email.port}}
SMTP_AUTH_USER= {{system_email.username}}
SMTP_AUTH_PASS= {{system_email.password}}
SMTP_AUTH_USER= {{ users['no-reply'].email }}
SMTP_AUTH_PASS= {{ users['no-reply'].mailu_token }}
SMTP_TLS= {{ 'on' if system_email.tls else 'off' }}
SMTP_STARTTLS= {{ 'on' if system_email.start_tls else 'off' }}
SMTP_FROM= {{system_email.local}}
SMTP_FROM= no-reply
# Administrator Credentials
FRIENDICA_ADMIN_MAIL= {{users.administrator.email}}

4
roles/docker-funkwhale/templates/env.j2
View File

@ -60,14 +60,14 @@ LOGLEVEL={% if enable_debug | bool %}debug{% else %}error{% endif %}
# (returns `noreply%40youremail.host`)
# EMAIL_CONFIG=smtp://user:password@youremail.host:25
# EMAIL_CONFIG=smtp+ssl://user:password@youremail.host:465
EMAIL_CONFIG=smtp+tls://{{system_email.local}}:{{system_email.password}}@{{system_email.host}}:{{system_email.port}}
EMAIL_CONFIG=smtp+tls://no-reply:{{ users['no-reply'].mailu_token }}@{{system_email.host}}:{{system_email.port}}
# Make e-mail verification mandatory before using the service
# Doesn't apply to admins.
# ACCOUNT_EMAIL_VERIFICATION_ENFORCE=false
# The e-mail address to use to send system e-mails.
DEFAULT_FROM_EMAIL={{system_email.from}}
DEFAULT_FROM_EMAIL={{ users['no-reply'].email }}
# Depending on the reverse proxy used in front of your funkwhale instance,
# the API will use different kind of headers to serve audio files

6
roles/docker-gitea/templates/env.j2
View File

@ -19,12 +19,12 @@ ROOT_URL="{{ web_protocol }}://{{domains[application_id]}}/"
# @see https://docs.gitea.com/next/installation/install-with-docker#managing-deployments-with-environment-variables
# @todo test
GITEA__mailer__ENABLED=true
GITEA__mailer__FROM={{ system_email.from }}
GITEA__mailer__FROM={{ users['no-reply'].email }}
GITEA__mailer__PROTOCOL=smtps
GITEA__mailer__SMTP_ADDR={{ system_email.host }}
GITEA__mailer__SMTP_PORT={{ system_email.port }}
GITEA__mailer__USER={{system_email.username}}
GITEA__mailer__PASSWD={{ system_email.password }}
GITEA__mailer__USER={{ users['no-reply'].email }}
GITEA__mailer__PASSWD={{ users['no-reply'].mailu_token }}
# Allow push creation
# @see https://github.com/go-gitea/gitea/issues/17619

6
roles/docker-keycloak/templates/import/realm.json.j2
View File

@ -1655,18 +1655,18 @@
"strictTransportSecurity": "max-age=31536000; includeSubDomains"
},
"smtpServer": {
"password": "{{system_email.password}}",
"password": "{{ users['no-reply'].mailu_token }}",
"replyToDisplayName": "",
"starttls": "{{system_email.start_tls | lower}}",
"auth": "true",
"port": "{{system_email.port}}",
"replyTo": "",
"host": "{{system_email.host}}",
"from": "{{system_email.from}}",
"from": "{{ users['no-reply'].email }}",
"fromDisplayName": "Keycloak Authentification System - {{domains.keycloak}}",
"envelopeFrom": "",
"ssl": "true",
"user": "{{system_email.username}}"
"user": "{{ users['no-reply'].email }}"
},
"eventsEnabled": false,
"eventsListeners": [

18
roles/docker-ldap/templates/ldif/data/02_users.ldif.j2
View File

@ -11,31 +11,31 @@ objectClass: organizationalUnit
ou: roles
description: Container for application access profiles
{% for user in users %}
{% for username, user in users.items() %}
#######################################################################
# Create User {{ user.username }}
# Create User {{ username }}
#######################################################################
dn: {{ ldap.attributes.user_id }}={{ user.username }},{{ ldap.dn.users }}
dn: {{ ldap.attributes.user_id }}={{ username }},{{ ldap.dn.users }}
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
{{ ldap.attributes.user_id }}: {{ user.username }}
sn: {{ user.username }}
cn: {{ user.username }}
{{ ldap.attributes.user_id }}: {{ username }}
sn: {{ username }}
cn: {{ username }}
userPassword: {{ user.password }}
loginShell: /bin/bash
homeDirectory: /home/{{ user.username }}
homeDirectory: /home/{{ username }}
uidNumber: {{ user.uid }}
gidNumber: {{ user.gid }}
#######################################################################
# Assign {{ user.username }} to application user roles
# Assign {{ username }} to application user roles
#######################################################################
{% for app, config in defaults_applications.items() %}
dn: cn={{ app }}-user,{{ ldap.dn.application_roles }}
changetype: modify
add: roleOccupant
roleOccupant: {{ ldap.attributes.user_id }}={{ user.username }},{{ ldap.dn.users }}
roleOccupant: {{ ldap.attributes.user_id }}={{ username }},{{ ldap.dn.users }}
{% endfor %}
{% endfor %}

44
roles/docker-listmonk/vars/main.yml
View File

@ -38,8 +38,8 @@ listmonk_settings:
"host": system_email.host,
"port": system_email.port,
"enabled": system_email.smtp,
"username": system_email.username,
"password": system_email.password,
"username": "no-reply",
"password": users['no-reply'].email,
"tls_type": (
system_email.tls
| ternary("TLS",
@ -72,8 +72,30 @@ listmonk_settings:
- key: "app.site_name"
value: '"{{ service_provider.company.titel }} Mailing list"'
# - key: "bounce.enabled"
# value: 'false'
# Enable the bounce module
- key: "bounce.enabled"
value: 'true'
# Configure POP3 mailbox for processing bounces
- key: "bounce.mailboxes"
value: >-
{{ [
{
"host": system_email.host,
"port": system_email.port,
"type": "pop",
"uuid": "471fd0e9-8c33-4e4a-9183-c4679699faca",
"enabled": true,
"username": users.bounce.email,
"password": users.bounce.mailu_token,
"return_path": users.bounce.email,
"tls_enabled": system_email.tls,
"auth_protocol": "userpass",
"scan_interval": "15m",
"tls_skip_verify": false
}
] | to_json }}
#
# - key: "upload.max_file_size"
# value: '5000'
@ -85,14 +107,14 @@ listmonk_settings:
# value: '1000'
- key: "app.from_email"
value: '"{{ service_provider.company.titel }} Newsletter <{{ system_email.from }}>"'
value: '"{{ service_provider.company.titel }} Newsletter <{{ users["no-reply"].email }}>"'
- key: "bounce.actions"
value: >-
{"hard": {"count": 1, "action": "blocklist"}, "soft": {"count": 2, "action": "none"}, "complaint": {"count": 1, "action": "blocklist"}}
- key: "app.concurrency"
value: '10'
# - key: "bounce.actions"
# value: >-
# {"hard": {"count": 1, "action": "blocklist"}, "soft": {"count": 2, "action": "none"}, "complaint": {"count": 1, "action": "blocklist"}}
#
# - key: "app.concurrency"
# value: '10'
- key: "app.favicon_url"
value: '"{{ service_provider.platform.favicon }}"'

2
roles/docker-mailu/tasks/TODO.md
View File

@ -1,2 +0,0 @@
# Todo
- Implement create-mailu-user-and-token.yml for no-reply and bounce

121
roles/docker-mailu/tasks/create-mailu-user-and-token.yml
View File

@ -1,72 +1,75 @@
---
# tasks/create-mailu-user-and-token.yml
#
# Ensures a Mailu user exists and idempotently creates an API token for them,
# storing tokens in a dictionary for targeted access.
#
# Required variables:
# mailu_compose_dir: Path to your docker-compose.yml directory
# mailu_user: Local part of the user (e.g., "alice")
# mailu_domain: Domain for the user (e.g., "example.com")
# mailu_password: Password for the new user
# mailu_api_base_url: Base URL of the Mailu API (e.g., "https://mail.example.com/api/v1")
# mailu_global_api_token: Global API token (from API_TOKEN environment variable)
#
# Optional variable:
# mailu_user_tokens: Dictionary of existing tokens, e.g. { "alice": "secret" }
- name: "Ensure Mailu user {{ mailu_user }}@{{ mailu_domain }} exists"
command: >
docker compose exec admin flask mailu {{ mailu_action }} {{ mailu_user }} {{ mailu_domain }} '{{ mailu_password }}'
docker compose exec admin flask mailu {{ mailu_action }}
{{ mailu_user }} {{ mailu_domain }} '{{ mailu_password }}'
args:
chdir: "{{ mailu_compose_dir }}"
register: mailu_user_creation
failed_when: false
changed_when: mailu_user_creation.rc == 0 and 'User added' in mailu_user_creation.stdout
register: mailu_user_result
failed_when: >
mailu_user_result.rc != 0 and
(
"exists, not created" not in mailu_user_result.stderr and
"Duplicate entry" not in mailu_user_result.stderr
)
changed_when: mailu_user_result.rc == 0
- name: "Fetch existing API tokens"
uri:
url: "{{ mailu_api_base_url }}/tokens"
method: GET
headers:
Authorization: "Bearer {{ mailu_global_api_token }}"
return_content: yes
register: mailu_tokens_response
failed_when: mailu_tokens_response.status not in [200]
- name: "Change password for user {{ mailu_user }}@{{ mailu_domain }}"
command: >
docker compose exec admin flask mailu password
{{ mailu_user }} {{ mailu_domain }} '{{ mailu_password }}'
args:
chdir: "{{ mailu_compose_dir }}"
- name: "Fetch existing API tokens via curl inside admin container"
command: >-
docker compose exec -T admin \
curl -s -X GET http://127.0.0.1:8080/api/v1/token \
-H "Authorization: Bearer {{ mailu_global_api_token }}"
args:
chdir: "{{ mailu_compose_dir }}"
register: mailu_tokens_cli
changed_when: false
- name: "Extract existing token info for {{ mailu_user }}"
set_fact:
mailu_user_existing_token: >
{{ mailu_tokens_response.json
| selectattr('comment', 'equalto', mailu_user)
| list
| first }}
mailu_user_existing_token: >-
{{ (
mailu_tokens_cli.stdout
| default('[]')
| from_json
| selectattr('comment','equalto', mailu_user ~ " - ansible.cymais")
| list
).0 | default(None) }}
- name: "Create API token for {{ mailu_user }} if none exists"
uri:
url: "{{ mailu_api_base_url }}/tokens"
method: POST
headers:
Authorization: "Bearer {{ mailu_global_api_token }}"
Content-Type: "application/json"
body_format: json
body:
comment: "{{ mailu_user }}"
ip: "{{ mailu_token_ip }}"
status_code: 201
command: >-
docker compose exec -T admin \
curl -s -X POST http://127.0.0.1:8080/api/v1/token \
-H "Authorization: Bearer {{ mailu_global_api_token }}" \
-H "Content-Type: application/json" \
-d '{{ {
"comment": mailu_user ~ " - ansible.cymais",
"email": users[mailu_user].email,
"ip": mailu_token_ip
} | to_json }}'
args:
chdir: "{{ mailu_compose_dir }}"
register: mailu_token_creation
when: mailu_user_existing_token is not defined
when: (mailu_user_existing_token | default('') | length) == 0
- name: "Set mailu_user_tokens dictionary"
- name: "Add mailu_token to users dict if created"
set_fact:
mailu_user_tokens: >
{{ (mailu_user_tokens | default({}))
| combine({ mailu_user: ((mailu_token_creation is defined)
| ternary(mailu_token_creation.json.secret,
mailu_user_existing_token.secret)) }) }}
# Note:
# - GET /tokens returns only metadata (id, comment, ip, created), not the secret itself.
# - The secret is returned only by the POST request and must be captured when created.
# - Tokens are stored in the mailu_user_tokens dictionary for targeted access.
# - Persist mailu_user_tokens securely (e.g., in Ansible Vault) for future use.
users: >-
{{ users
| combine({
mailu_user: (
users[mailu_user]
| combine({
'mailu_token': (mailu_token_creation.stdout | from_json).token
})
)
}, recursive=True)
}}
when:
- mailu_token_creation is defined
- (mailu_user_existing_token | default('') | length) == 0

2
roles/docker-mailu/tasks/main.yml
View File

@ -30,7 +30,7 @@
include_tasks: create-mailu-user-and-token.yml
vars:
mailu_compose_dir: "{{ docker_compose.directories.instance }}"
mailu_domain: "{{ domain }}"
mailu_domain: "{{ primary_domain }}"
mailu_api_base_url: "{{ web_protocol }}://{{ domain }}/api/v1"
mailu_global_api_token: "{{ applications.mailu.credentials.api_token }}"
mailu_action: "{{ item.value.is_admin | default(false) | ternary('admin','user') }}"

7
roles/docker-mailu/templates/env.j2
View File

@ -144,9 +144,16 @@ LOG_LEVEL=WARNING
SQLALCHEMY_DATABASE_URI_ROUNDCUBE=mysql://{{database_username}}:{{database_password}}@{{database_host}}/{{database_name}}?collation=utf8mb4_unicode_ci
SQLALCHEMY_DATABASE_URI=mysql+mysqlconnector://{{database_username}}:{{database_password}}@{{database_host}}/{{database_name}}?collation=utf8mb4_unicode_ci
###################################
# API Settings
###################################
API=true
WEB_API=/api
# Configures the authentication token. The minimum length is 3 characters. This token must be passed as request header to the API as authentication token. This is a mandatory setting for using the RESTful API.
API_TOKEN={{applications.mailu.credentials.api_token}}
# Activated https://mailu.io/master/configuration.html#advanced-settings
AUTH_REQUIRE_TOKENS=True

14
roles/docker-mariadb/tasks/main.yml
View File

@ -36,10 +36,16 @@
state: present
when: run_once_docker_mariadb is not defined
- name: wait for database
pause:
seconds: "{{pause_duration}}"
when: setup_mariadb_container_result.changed and run_once_docker_mariadb is not defined
- name: Wait for MariaDB inside the container to respond
shell: docker exec central-mariadb mysqladmin ping -h localhost --silent
register: mysql_ping
until: mysql_ping.rc == 0
retries: 30
delay: 5
when:
- setup_mariadb_container_result is defined
- setup_mariadb_container_result.changed
- run_once_docker_mariadb is not defined
- name: "Create database: {{ database_name }}"
mysql_db:

6
roles/docker-mastodon/templates/env.j2
View File

@ -45,12 +45,12 @@ REDIS_PASSWORD=
SMTP_SERVER={{system_email.host}}
SMTP_PORT={{system_email.port}}
SMTP_LOGIN={{system_email.username}}
SMTP_PASSWORD={{system_email.password}}
SMTP_LOGIN={{ users['no-reply'].email }}
SMTP_PASSWORD={{ users['no-reply'].mailu_token }}
SMTP_AUTH_METHOD=plain
SMTP_OPENSSL_VERIFY_MODE=none
SMTP_ENABLE_STARTTLS=auto
SMTP_FROM_ADDRESS=Mastodon <{{system_email.from}}>
SMTP_FROM_ADDRESS=Mastodon <{{ users['no-reply'].email }}>
{% if applications[application_id].features.oidc | bool %}
###################################

16
roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2
View File

@ -33,12 +33,12 @@ admin_contact: 'mailto:{{users.administrator.email}}'
email:
smtp_host: "{{system_email.host}}"
smtp_port: "{{system_email.port}}"
smtp_user: "{{system_email.from}}"
smtp_pass: "{{system_email.password}}"
smtp_user: "{{ users['no-reply'].email }}"
smtp_pass: "{{ users['no-reply'].mailu_token }}"
#force_tls: true
#require_transport_security: true
enable_tls: "{{ system_email.tls | upper }}"
notif_from: "Your Friendly %(app)s homeserver <{{system_email.from}}>"
notif_from: "Your Friendly %(app)s homeserver <{{ users['no-reply'].email }}>"
app_name: "Matrix on {{domains.matrix_synapse}}"
enable_notifs: true
notif_for_new_users: false
@ -49,14 +49,14 @@ email:
# @See https://matrix-org.github.io/synapse/latest/openid.html
oidc_providers:
- idp_id: keycloak
idp_name: "{{oidc.button_text}}"
issuer: "{{oidc.client.issuer_url}}"
client_id: "{{oidc.client.id}}"
client_secret: "{{oidc.client.secret}}"
idp_name: "{{oidc.button_text}}"
issuer: "{{oidc.client.issuer_url}}"
client_id: "{{oidc.client.id}}"
client_secret: "{{oidc.client.secret}}"
scopes: ["openid", "profile"]
user_mapping_provider:
config:
localpart_template: "{% raw %}{{ user.{% endraw %}{{oidc.attributes.username}} {% raw %}}}{% endraw %}"
localpart_template: "{% raw %}{{ user.{% endraw %}{{oidc.attributes.username}}{% raw %}}}{% endraw %}"
display_name_template: "{% raw %}{{ user.name }}{% endraw %}"
backchannel_logout_enabled: true
{% endif %}

6
roles/docker-nextcloud/templates/env.j2
View File

@ -16,11 +16,11 @@ PHP_OPCACHE_MEMORY_CONSUMPTION= "{{applications[application_id].performance.php.
SMTP_HOST= {{system_email.host}}
SMTP_SECURE= {{ 'ssl' if system_email.tls else '' }}
SMTP_PORT= {{system_email.port}}
SMTP_NAME= {{system_email.username}}
SMTP_PASSWORD= {{system_email.password}}
SMTP_NAME= {{ users['no-reply'].email }}
SMTP_PASSWORD= {{ users['no-reply'].mailu_token }}
# Email from configuration
MAIL_FROM_ADDRESS= "{{system_email.local}}"
MAIL_FROM_ADDRESS= "no-reply"
MAIL_DOMAIN= "{{system_email.domain}}"
# Initial Admin Data

4
roles/docker-openproject/vars/main.yml
View File

@ -13,8 +13,8 @@ openproject_rails_settings:
email_delivery_method: "smtp"
smtp_address: "{{ system_email.host }}"
smtp_domain: "{{ system_email.domain }}"
smtp_user_name: "{{ system_email.username }}"
smtp_password: "{{ system_email.password }}"
smtp_user_name: "{{ users['no-reply'].email }}"
smtp_password: "{{ users['no-reply'].mailu_token }}"
smtp_ssl: false
openproject_filters:

8
roles/docker-peertube/templates/env.j2
View File

@ -14,11 +14,11 @@ PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback"]
PEERTUBE_SECRET={{peertube_secret}}
# E-mail configuration
PEERTUBE_SMTP_USERNAME={{system_email.username}}
PEERTUBE_SMTP_PASSWORD={{system_email.password}}
PEERTUBE_SMTP_USERNAME={{ users['no-reply'].email }}
PEERTUBE_SMTP_PASSWORD={{ users['no-reply'].mailu_token }}
PEERTUBE_SMTP_HOSTNAME={{system_email.host}}
PEERTUBE_SMTP_PORT={{system_email.port}}
PEERTUBE_SMTP_FROM={{system_email.from}}
PEERTUBE_SMTP_FROM={{ users['no-reply'].email }}
PEERTUBE_SMTP_TLS={{ system_email.tls | lower }}
PEERTUBE_SMTP_DISABLE_STARTTLS={{ 'false' if system_email.start_tls else 'true' }}
PEERTUBE_ADMIN_EMAIL={{system_email.from}}
PEERTUBE_ADMIN_EMAIL={{ users['no-reply'].email }}

6
roles/docker-pixelfed/templates/env.j2
View File

@ -48,10 +48,10 @@ RESTRICTED_INSTANCE=false
MAIL_DRIVER=log
MAIL_HOST={{system_email.host}}
MAIL_PORT={{system_email.port}}
MAIL_FROM_ADDRESS="{{system_email.from}}"
MAIL_FROM_ADDRESS="{{ users['no-reply'].email }}"
MAIL_FROM_NAME="Pixelfed"
MAIL_USERNAME={{system_email.username}}
MAIL_PASSWORD={{system_email.password}}
MAIL_USERNAME={{ users['no-reply'].email }}
MAIL_PASSWORD={{ users['no-reply'].mailu_token }}
# Not sure if the following is correct
# Checkout: https://github.com/pixelfed/pixelfed/blob/dev/.env.docker
MAIL_ENCRYPTION={{ 'ssl' if system_email.start_tls else 'tls' }}

14
roles/docker-postgres/tasks/main.yml
View File

@ -30,10 +30,16 @@
register: setup_postgres_container_result
when: run_once_docker_postgres is not defined
- name: wait for database
pause:
seconds: "{{pause_duration}}"
when: setup_postgres_container_result.changed and run_once_docker_postgres is not defined
- name: Wait for Postgres inside the container
shell: docker exec central-postgres pg_isready -U postgres
register: pg_ready
until: pg_ready.rc == 0
retries: 30
delay: 5
when:
- setup_postgres_container_result is defined
- setup_postgres_container_result.changed
- run_once_docker_postgres is not defined
- name: install python-psycopg2
pacman:

8
roles/docker-snipe_it/templates/env.j2
View File

@ -51,12 +51,12 @@ DB_SSL_VERIFY_SERVER=null
MAIL_MAILER = smtp
MAIL_HOST = {{system_email.host}} # SMTP server address
MAIL_PORT = {{system_email.port}} # SMTP server address
MAIL_USERNAME = {{system_email.username}} # user to connect the SMTP server
MAIL_PASSWORD = {{system_email.password}} # SMTP user's password
MAIL_USERNAME = {{ users['no-reply'].email }} # user to connect the SMTP server
MAIL_PASSWORD = {{ users['no-reply'].mailu_token }} # SMTP user's password
MAIL_TLS_VERIFY_PEER = {{ system_email.tls | capitalize }} # use TLS (secure) connection with the SMTP server
MAIL_FROM_ADDR = {{system_email.from}} # default email address for the automated emails
MAIL_FROM_ADDR = {{ users['no-reply'].email }} # default email address for the automated emails
MAIL_FROM_NAME = 'Snipe-IT'
MAIL_REPLYTO_ADDR = {{system_email.from}} # default email address for the automated emails
MAIL_REPLYTO_ADDR = {{ users['no-reply'].email }} # default email address for the automated emails
MAIL_REPLYTO_NAME = 'Snipe-IT'
MAIL_AUTO_EMBED_METHOD = 'attachment'

8
roles/docker-taiga/templates/env.j2
View File

@ -19,11 +19,11 @@ POSTGRES_HOST = "{{database_host}}"
EMAIL_BACKEND = "{{email_backend}}" # use an SMTP server or display the emails in the console (either "smtp" or "console")
EMAIL_HOST = "{{system_email.host}}" # SMTP server address
EMAIL_PORT = "{{system_email.port}}" # default SMTP port
EMAIL_HOST_USER = "{{system_email.username}}" # user to connect the SMTP server
EMAIL_HOST_PASSWORD = "{{system_email.password}}" # SMTP user's password
EMAIL_DEFAULT_FROM = "{{system_email.from}}" # default email address for the automated emails
EMAIL_HOST_USER = "{{ users['no-reply'].email }}" # user to connect the SMTP server
EMAIL_HOST_PASSWORD = "{{ users['no-reply'].mailu_token }}" # SMTP user's password
EMAIL_DEFAULT_FROM = "{{ users['no-reply'].email }}" # default email address for the automated emails
EMAIL_BACKEND: = "django.core.mail.backends.{{email_backend}}.EmailBackend"
DEFAULT_FROM_EMAIL = "{{system_email.from}}"
DEFAULT_FROM_EMAIL = "{{ users['no-reply'].email }}"
# EMAIL_USE_TLS/EMAIL_USE_SSL are mutually exclusive (only set one of those to True)
EMAIL_USE_TLS = "{{ system_email.tls | capitalize }}" # use TLS (secure) connection with the SMTP server

12
roles/msmtp/templates/msmtprc.conf.j2
View File

@ -11,10 +11,10 @@ tls off
{% endif %}
account system_email
host {{system_email.host}}
port {{system_email.port}}
from {{system_email.from}}
user {{system_email.username}}
password {{system_email.password}}
host {{ system_email.host }}
port {{ system_email.port }}
from {{ users['no-reply'].email }}
user {{ users['no-reply'].email }}
password {{ users['no-reply'].mailu_token }}
account default : system_email
account default : system_email

2
roles/systemd-notifier-email/templates/systemd-notifier-email.sh.j2
View File

@ -2,7 +2,7 @@
/usr/bin/sendmail -t <<ERRMAIL
To: {{users.administrator.email}}
From: systemd <{{system_email.from}}>
From: systemd <{{ users['no-reply'].email }}>
Subject: $1
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8