kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 15:06:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

In between commit domain restruturing

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-05-19 17:17:57 +02:00
parent cc3f5d75ea
commit 37dcc5f74e
63 changed files with 771 additions and 242 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
roles/docker-akaunting/vars/configuration.yml
View File

@@ -9,4 +9,8 @@ features:
central_database: true
credentials:
# database_password: Needs to be defined in inventory file
# setup_admin_password: Needs to be defined in inventory file
# setup_admin_password: Needs to be defined in inventory file
domains:
canonical:
- "accounting.{{ primary_domain }}"

4
roles/docker-attendize/vars/configuration.yml
View File

@@ -7,3 +7,7 @@ features:
css: true
portfolio_iframe: false
central_database: true
domains:
canonical:
- "tickets.{{ primary_domain }}"

2
roles/docker-baserow/vars/configuration.yml
View File

@@ -2,5 +2,5 @@ version: "latest"
features:
matomo: true
css: true
portfolio_iframe: true
portfolio_iframe: true
central_database: true

22
roles/docker-bigbluebutton/vars/configuration.yml
View File

@@ -1,21 +1,17 @@
enable_greenlight: "true"
setup: false # Set to true in inventory file for initial setup
setup: false
credentials:
# shared_secret: # Needs to be defined in inventory file
# etherpad_api_key: # Needs to be defined in inventory file
# rails_secret: # Needs to be defined in inventory file
# postgresql_secret: # Needs to be defined in inventory file
# fsesl_password: # Needs to be defined in inventory file
# turn_secret: # Needs to be defined in inventory file
database:
name: "multiple_databases"
username: "postgres2"
urls:
api: "{{ web_protocol }}://{{domains | get_domain('bigbluebutton')}}/bigbluebutton/" # API Address used by Nextcloud Integration
name: "multiple_databases"
username: "postgres2"
api_suffix: "/bigbluebutton/"
features:
matomo: true
css: true
portfolio_iframe: false
portfolio_iframe: false
ldap: false
oidc: true
central_database: false
central_database: false
domains:
canonical:
- "meet.{{ primary_domain }}"

19
roles/docker-bluesky/vars/configuration.yml
View File

@@ -1,14 +1,15 @@
users:
administrator:
email: "{{users.administrator.email}}"
email: "{{users.administrator.email}}"
pds:
version: "latest"
credentials:
#jwt_secret: # Needs to be defined in inventory file - Use: openssl rand -base64 64 | tr -d '\n'
#plc_rotation_key_k256_private_key_hex: # Needs to be defined in inventory file - Use: openssl rand -hex 32
#admin_password: # Needs to be defined in inventory file - Use: openssl rand -base64 16
version: "latest"
credentials:
features:
matomo: true
css: true
matomo: true
css: true
portfolio_iframe: true
central_database: true
central_database: true
domains:
canonical:
web: "bskyweb.{{ primary_domain }}"
api: "bluesky.{{ primary_domain }}"

5
roles/docker-discourse/vars/configuration.yml
View File

@@ -16,4 +16,7 @@ csp:
unsafe-inline: true
whitelist:
font-src:
- "http://*.{{primary_domain}}"
- "http://*.{{primary_domain}}"
domains:
canonical:
- "forum.{{ primary_domain }}"

3
roles/docker-elk/templates/configuration.yml.j2
View File

@@ -1,3 +0,0 @@
# Jinja2 configuration template
# Define your variables here

1
roles/docker-elk/vars/configuration.yml Normal file
View File

@@ -0,0 +1 @@

15
roles/docker-espocrm/vars/configuration.yml
View File

@@ -1,19 +1,22 @@
version: "latest"
version: "latest"
users:
administrator:
username: "{{ users.administrator.username }}"
email: "{{ users.administrator.email }}"
username: "{{ users.administrator.username }}"
email: "{{ users.administrator.email }}"
credentials:
features:
matomo: true
css: false
portfolio_iframe: false
portfolio_iframe: false
ldap: false
oidc: true
central_database: true
csp:
flags:
script-src:
unsafe-inline: true
unsafe-eval: true
unsafe-inline: true
unsafe-eval: true
domains:
aliases:
- "crm.{{ primary_domain }}"

7
roles/docker-friendica/vars/configuration.yml
View File

@@ -2,6 +2,9 @@ version: "latest"
features:
matomo: true
css: true
portfolio_iframe: true
portfolio_iframe: true
oidc: true
central_database: true
central_database: true
domains:
aliases:
- "social.{{ primary_domain }}"

8
roles/docker-funkwhale/vars/configuration.yml
View File

@@ -6,5 +6,9 @@ features:
ldap: true
central_database: true
credentials:
# database_password: # Needs to be defined in inventory file
# django_secret: # Needs to be defined in inventory file
domains:
canonical:
- "audio.{{ primary_domain }}"
aliases:
- "music.{{ primary_domain }}"
- "sound.{{ primary_domain }}"

5
roles/docker-gitea/vars/configuration.yml
View File

@@ -22,4 +22,7 @@ csp:
worker-src:
- "blob:"
manifest-src:
- "data:"
- "data:"
domains:
aliases:
- "git.{{ primary_domain }}"

2
roles/docker-gitlab/vars/configuration.yml
View File

@@ -2,5 +2,5 @@ version: "latest"
features:
matomo: true
css: true
portfolio_iframe: true
portfolio_iframe: true
central_database: true

3
roles/docker-jenkins/vars/configuration.yml
View File

@@ -1,3 +0,0 @@
# Jinja2 configuration template
# Define your variables here

5
roles/docker-joomla/vars/configuration.yml
View File

@@ -2,4 +2,7 @@ version: "latest"
features:
matomo: true
css: true
portfolio_iframe: true
portfolio_iframe: true
domains:
canonical:
- "cms.{{ primary_domain }}"

5
roles/docker-keycloak/vars/configuration.yml
View File

@@ -16,4 +16,7 @@ csp:
script-src:
unsafe-inline: true
style-src:
unsafe-inline: true
unsafe-inline: true
domains:
canonical:
- "auth.{{ primary_domain }}"

18
roles/docker-lam/vars/configuration.yml
View File

@@ -1,21 +1,23 @@
version: "latest"
oauth2_proxy:
application: application # Needs to be the same as webinterface
port: 80 # application port
application: application
port: 80
credentials:
# oauth2_proxy_cookie_secret: None # Set via openssl rand -hex 16
# administrator_password: "None" # CHANGE for security reasons
features:
matomo: true
css: true
portfolio_iframe: true
portfolio_iframe: true
ldap: true
central_database: false
oauth2: false
csp:
flags:
style-src:
unsafe-inline: true
unsafe-inline: true
script-src:
unsafe-inline: true
unsafe-eval: true
unsafe-inline: true
unsafe-eval: true
domains:
aliases:
- "ldap.{{primary_domain}}"

16
roles/docker-ldap/vars/configuration.yml
View File

@@ -1,13 +1,13 @@
version: "latest"
version: "latest"
network:
local: True # Activates local network. Necessary for LDIF import routines
docker: True # Activates docker network to allow other docker containers to connect
public: False # Set to true in inventory file if you want to expose the LDAP port to the internet
hostname: "ldap" # Hostname of the LDAP Server in the central_ldap network
webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin
local: True # Activates local network. Necessary for LDIF import routines
docker: True # Activates docker network to allow other docker containers to connect
public: False # Set to true in inventory file if you want to expose the LDAP port to the internet
hostname: "ldap" # Hostname of the LDAP Server in the central_ldap network
webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin
users:
administrator:
username: "{{users.administrator.username}}" # Administrator username
username: "{{users.administrator.username}}" # Administrator username
credentials:
features:
ldap: true
ldap: true

7
roles/docker-listmonk/vars/configuration.yml
View File

@@ -6,6 +6,9 @@ version: "latest" # Docker Image
features:
matomo: true
css: true
portfolio_iframe: true
portfolio_iframe: true
central_database: true
oidc: true
oidc: true
domains:
canonical:
- "newsletter.{{ primary_domain }}"

12
roles/docker-mailu/vars/configuration.yml
View File

@@ -7,14 +7,12 @@ oidc:
enable_user_creation: true # Users will be created if not existing
domain: "{{primary_domain}}" # The main domain from which mails will be send \ email suffix behind @
credentials:
# secret_key: # Set to a randomly generated 16 bytes string
# database_password: # Needs to be set in inventory file
# api_token: # Configures the authentication token. The minimum length is 3 characters. This is a mandatory setting for using the RESTful API.
# initial_administrator_password: # Initial administrator password for setup
# dkim_public_key: # Must be set in inventory file
features:
matomo: true
css: true
portfolio_iframe: false # Deactivated mailu iframe loading until keycloak supports it
portfolio_iframe: false # Deactivated mailu iframe loading until keycloak supports it
oidc: true
central_database: false # Deactivate central database for mailu, I don't know why the database deactivation is necessary
central_database: false # Deactivate central database for mailu, I don't know why the database deactivation is necessary
domains:
canonical:
- "mail.{{ primary_domain }}"

14
roles/docker-mailu/vars/main.yml
View File

@@ -1,14 +1,14 @@
application_id: "mailu"
application_id: "mailu"
# Database Configuration
database_password: "{{applications.mailu.credentials.database_password}}"
database_type: "mariadb"
database_password: "{{applications.mailu.credentials.database_password}}"
database_type: "mariadb"
cert_mount_directory: "{{docker_compose.directories.volumes}}certs/"
cert_mount_directory: "{{docker_compose.directories.volumes}}certs/"
# Use dedicated source for oidc if activated
# @see https://github.com/heviat/Mailu-OIDC/tree/2024.06
docker_source: "{{ 'ghcr.io/heviat' if applications[application_id].features.oidc | bool else 'ghcr.io/mailu' }}"
docker_source: "{{ 'ghcr.io/heviat' if applications[application_id].features.oidc | bool else 'ghcr.io/mailu' }}"
domain: "{{ domains | get_domain(application_id) }}"
http_port: "{{ ports.localhost.http[application_id] }}"
domain: "{{ domains | get_domain(application_id) }}"
http_port: "{{ ports.localhost.http[application_id] }}"

30
roles/docker-mastodon/vars/configuration.yml
View File

@@ -1,19 +1,13 @@
version: "latest"
single_user_mode: false # Set true for initial setup
setup: false # Set true in inventory file to execute the setup and initializing procedures
credentials:
# Check out the README.md of the docker-mastodon role to get detailled instructions about how to setup the credentials
# database_password:
# secret_key_base:
# otp_secret:
# vapid_private_key:
# vapid_public_key:
# active_record_encryption_deterministic_key:
# active_record_encryption_key_derivation_salt:
# active_record_encryption_primary_key:
version: "latest"
single_user_mode: false # Set true for initial setup
setup: false # Set true in inventory file to execute the setup and initializing procedures
credentials:
features:
matomo: true
css: true
portfolio_iframe: false
oidc: true
central_database: true
matomo: true
css: true
portfolio_iframe: false
oidc: true
central_database: true
domains:
canonical:
- "microblog.{{ primary_domain }}"

7
roles/docker-matomo/vars/configuration.yml
View File

@@ -2,7 +2,7 @@ version: "latest"
features:
matomo: true
css: false
portfolio_iframe: false
portfolio_iframe: false
central_database: true
oauth2: false
csp:
@@ -16,4 +16,7 @@ csp:
unsafe-inline: true
unsafe-eval: true
style-src:
unsafe-inline: true
unsafe-inline: true
domains:
aliases:
- "analytics.{{ primary_domain }}"

9
roles/docker-matrix/vars/configuration.yml
View File

@@ -25,9 +25,9 @@ csp:
whitelist:
connect-src:
- "{{ primary_domain }}"
- "{{ domains.matrix.synapse | safe_var }}"
- "matrix.{{ primary_domain }}"
script-src:
- "{{ domains.matrix.synapse | safe_var }}"
- "element.{{ primary_domain }}"
- "https://cdn.jsdelivr.net"
plugins:
# You need to enable them in the inventory file
@@ -39,3 +39,8 @@ plugins:
slack: false
telegram: false
whatsapp: false
domains:
canonical:
synapse: "matrix.{{ primary_domain }}"
element: "element.{{ primary_domain }}"

3
roles/docker-mediawiki/vars/configuration.yml Normal file
View File

@@ -0,0 +1,3 @@
domains:
canonical:
- "wiki.{{ primary_domain }}"

5
roles/docker-moodle/vars/configuration.yml
View File

@@ -22,4 +22,7 @@ csp:
- "data:"
- "blob:"
script-src:
- "https://cdn.jsdelivr.net"
- "https://cdn.jsdelivr.net"
domains:
canonical:
- "academy.{{ primary_domain }}"

4
roles/docker-mybb/vars/configuration.yml
View File

@@ -3,5 +3,5 @@ version: "latest"
features:
matomo: true
css: true
portfolio_iframe: false
central_database: true
portfolio_iframe: false
central_database: true

8
roles/docker-nextcloud/vars/configuration.yml
View File

@@ -1,6 +1,4 @@
version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
ldap:
enabled: True # Enables LDAP by default
csp:
flags:
style-src:
@@ -10,6 +8,10 @@ csp:
whitelist:
font-src:
- "data:"
domains:
canonical:
- "cloud.{{ primary_domain }}"
oidc:
enabled: "{{ applications.nextcloud.features.oidc | default(true) }}" # Activate OIDC for Nextcloud
# floavor decides which OICD plugin should be used.
@@ -23,7 +25,7 @@ credentials:
features:
matomo: true
css: true
portfolio_iframe: false
portfolio_iframe: false
ldap: true
oidc: true
central_database: true

2
roles/docker-nextcloud/vars/plugins/bbb.yml
View File

@@ -4,4 +4,4 @@ plugin_configuration:
configvalue: "{{ applications.bigbluebutton.credentials.shared_secret }}"
- appid: "bbb"
configkey: "api.url"
configvalue: "{{ applications.bigbluebutton.urls.api }}"
configvalue: "{{ web_protocol }}://{{domains | get_domain(''bigbluebutton'')}}{{applications.bigbluebutton.api_suffix}}"

7
roles/docker-oauth2-proxy/vars/configuration.yml
View File

@@ -1,7 +1,6 @@
configuration_file: "oauth2-proxy-keycloak.cfg" # Needs to be set true in the roles which use it
version: "latest" # Docker Image version
redirect_url: "{{ web_protocol }}://{{domains | get_domain('keycloak')}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups
configuration_file: "oauth2-proxy-keycloak.cfg" # Needs to be set true in the roles which use it
version: "latest" # Docker Image version
allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups
features:
matomo: true
css: true

5
roles/docker-openproject/vars/configuration.yml
View File

@@ -16,4 +16,7 @@ features:
csp:
flags:
script-src:
unsafe-inline: true
unsafe-inline: true
domains:
canonical:
- "project.{{ primary_domain }}"

7
roles/docker-peertube/vars/configuration.yml
View File

@@ -9,4 +9,9 @@ csp:
script-src:
unsafe-inline: true
style-src:
unsafe-inline: true
unsafe-inline: true
domains:
canonical:
- "video.{{ primary_domain }}"
aliases:
- "videos.{{ primary_domain }}"

2
roles/docker-phpldapadmin/vars/configuration.yml
View File

@@ -5,6 +5,6 @@ oauth2_proxy:
features:
matomo: true
css: true
portfolio_iframe: false
portfolio_iframe: false
ldap: true
oauth2: true

8
roles/docker-phpmyadmin/vars/configuration.yml
View File

@@ -6,7 +6,7 @@ oauth2_proxy:
features:
matomo: true
css: false
portfolio_iframe: false
portfolio_iframe: false
central_database: true
oauth2: true
hostname: central-mariadb
@@ -15,4 +15,8 @@ csp:
style-src:
unsafe-inline: true
script-src:
unsafe-inline: true
unsafe-inline: true
domains:
aliases:
- "mysql.{{ primary_domain }}"
- "mariadb.{{ primary_domain }}"

9
roles/docker-pixelfed/vars/configuration.yml
View File

@@ -3,7 +3,7 @@ version: "latest"
features:
matomo: true
css: true
portfolio_iframe: false
portfolio_iframe: false
central_database: true
csp:
flags:
@@ -11,4 +11,9 @@ csp:
unsafe-inline: true
unsafe-eval: true
style-src:
unsafe-inline: true
unsafe-inline: true
domains:
canonical:
- "picture.{{ primary_domain }}"
aliases:
- "pictures.{{ primary_domain }}"

8
roles/docker-portfolio/vars/configuration.yml
View File

@@ -1,6 +1,6 @@
features:
matomo: true
css: true
matomo: true
css: true
portfolio_iframe: false
csp:
whitelist:
@@ -19,3 +19,7 @@ csp:
flags:
style-src:
unsafe-inline: true
domains:
canonical:
- "{{ primary_domain }}"

7
roles/docker-presentation/vars/configuration.yml
View File

@@ -1,7 +1,7 @@
features:
matomo: true
css: true
portfolio_iframe: true
portfolio_iframe: true
csp:
whitelist:
@@ -18,4 +18,7 @@ csp:
style-src:
unsafe-inline: true
script-src:
unsafe-eval: true
unsafe-eval: true
domains:
canonical:
- "slides.{{ primary_domain }}"

3
roles/docker-roulette-wheel/vars/configuration.yml Normal file
View File

@@ -0,0 +1,3 @@
domains:
canonical:
- "wheel.{{ primary_domain }}"

7
roles/docker-snipe_it/vars/configuration.yml
View File

@@ -2,5 +2,8 @@ version: "latest"
features:
matomo: true
css: true
portfolio_iframe: false
central_database: true
portfolio_iframe: false
central_database: true
domains:
canonical:
- "inventory.{{ primary_domain }}"

9
roles/docker-sphinx/vars/configuration.yml
View File

@@ -1,6 +1,6 @@
features:
matomo: true
css: true
matomo: true
css: true
portfolio_iframe: false
csp:
flags:
@@ -8,4 +8,7 @@ csp:
unsafe-inline: true
unsafe-eval: true
style-src:
unsafe-inline: true
unsafe-inline: true
domains:
canonical:
- "docs.{{ primary_domain }}"

5
roles/docker-taiga/vars/configuration.yml
View File

@@ -19,4 +19,7 @@ csp:
unsafe-inline: true
unsafe-eval: true
style-src:
unsafe-inline: true
unsafe-inline: true
domains:
canonical:
- "kanban.{{ primary_domain }}"

7
roles/docker-wordpress/vars/configuration.yml
View File

@@ -31,6 +31,9 @@ csp:
- "https://fonts.bunny.net"
script-src:
- "https://cdn.gtranslate.net"
- "{{ domains | get_domain('wordpress') }}"
- "blog.{{ primary_domain }}"
style-src:
- "https://fonts.bunny.net"
- "https://fonts.bunny.net"
domains:
canonical:
- "blog.{{ primary_domain }}"

0
roles/docker-xmpp/vars/configuration.yml Normal file
View File

9
roles/docker-yourls/vars/configuration.yml
View File

@@ -9,6 +9,11 @@ oauth2_proxy:
features:
matomo: true
css: true
portfolio_iframe: false
portfolio_iframe: false
central_database: true
oauth2: true
oauth2: true
domains:
canonical:
- "s.{{ primary_domain }}"
aliases:
- "short.{{ primary_domain }}"

5
roles/nginx-serve-files/vars/configuration.yml
View File

@@ -1,4 +1,7 @@
features:
matomo: true
css: true
portfolio_iframe: true
portfolio_iframe: true
domains:
canonical:
- "files.{{ primary_domain }}"

9
roles/nginx-serve-html/vars/configuration.yml
View File

@@ -1,4 +1,7 @@
features:
matomo: true
css: true
portfolio_iframe: false
matomo: true
css: true
portfolio_iframe: false
domains:
canonical:
- "html.{{ primary_domain }}"