diff --git a/roles/docker-bigbluebutton/vars/main.yml b/roles/docker-bigbluebutton/vars/main.yml index 72c46f71..425e461d 100644 --- a/roles/docker-bigbluebutton/vars/main.yml +++ b/roles/docker-bigbluebutton/vars/main.yml @@ -2,10 +2,13 @@ application_id: "bigbluebutton" bbb_repository_directory: "{{ docker_compose.directories.services }}" docker_compose_file_origine: "{{ docker_compose.directories.services }}docker-compose.yml" docker_compose_file_final: "{{ docker_compose.directories.instance }}docker-compose.yml" + +# Database configuration database_instance: "bigbluebutton" database_name: "multiple_databases" database_username: "postgres" database_password: "{{ applications.bigbluebutton.credentials.postgresql_secret }}" + domain: "{{ domains[application_id] }}" http_port: "{{ ports.localhost.http[application_id] }}" bbb_env_file_link: "{{ docker_compose.directories.instance }}.env" diff --git a/roles/docker-listmonk/tasks/main.yml b/roles/docker-listmonk/tasks/main.yml index 38d62797..08840935 100644 --- a/roles/docker-listmonk/tasks/main.yml +++ b/roles/docker-listmonk/tasks/main.yml @@ -19,21 +19,17 @@ domain: "{{ domains[application_id] }}" http_port: "{{ ports.localhost.http[application_id] }}" -- name: "copy docker-compose.yml and env file" - include_tasks: copy-docker-compose-and-env.yml - - name: add config.toml template: src: "config.toml.j2" dest: "{{docker_compose.directories.config}}config.toml" notify: docker compose project setup -- name: flush docker service - meta: flush_handlers - when: applications.listmonk.setup |bool +- name: "copy docker-compose.yml and env file" + include_tasks: copy-docker-compose-and-env.yml - name: setup routine for listmonk command: cmd: docker compose run -T --rm application sh -c "yes | ./listmonk --install" chdir: "{{docker_compose.directories.instance}}" - when: applications.listmonk.setup |bool \ No newline at end of file + ignore_errors: true # Ignore errors if already setup \ No newline at end of file diff --git a/roles/docker-listmonk/templates/config.toml.j2 b/roles/docker-listmonk/templates/config.toml.j2 index 3b1ee437..21ce8ad5 100644 --- a/roles/docker-listmonk/templates/config.toml.j2 +++ b/roles/docker-listmonk/templates/config.toml.j2 @@ -5,14 +5,6 @@ # port, use port 80 (this will require running with elevated permissions). address = "0.0.0.0:9000" -# BasicAuth authentication for the admin dashboard. This will eventually -# be replaced with a better multi-user, role-based authentication system. -# IMPORTANT: Leave both values empty to disable authentication on admin -# only where an external authentication is already setup. -# admin_username = "{{applications.listmonk.users.administrator.username}}" -# admin_password = "{{listmonk_admin_password}}" -# Deactivated for newer versions - # Database. [db] host = "{{database_host}}" diff --git a/roles/docker-listmonk/templates/env.j2 b/roles/docker-listmonk/templates/env.j2 index f0a6ff69..acba7672 100644 --- a/roles/docker-listmonk/templates/env.j2 +++ b/roles/docker-listmonk/templates/env.j2 @@ -2,8 +2,8 @@ TZ=Etc/UTC # Administrator setup -LISTMONK_ADMIN_USER={{users.administrator.username}} -LISTMONK_ADMIN_PASSWORD={{users.administrator.password}} +LISTMONK_ADMIN_USER={{ applications[application_id].users.administrator.username }} +LISTMONK_ADMIN_PASSWORD={{ applications[application_id].users.administrator.password }} {% if applications[application_id].features.oidc | bool %} ################################### diff --git a/roles/docker-listmonk/vars/main.yml b/roles/docker-listmonk/vars/main.yml index 9f3ed81e..8fe12191 100644 --- a/roles/docker-listmonk/vars/main.yml +++ b/roles/docker-listmonk/vars/main.yml @@ -1,3 +1,3 @@ application_id: "listmonk" -database_password: "{{listmonk_database_password}}" +database_password: "{{applications[application_id].credentials.database.password}}" database_type: "postgres" \ No newline at end of file diff --git a/roles/docker-mailu/vars/main.yml b/roles/docker-mailu/vars/main.yml index 3132dbd0..cfd87410 100644 --- a/roles/docker-mailu/vars/main.yml +++ b/roles/docker-mailu/vars/main.yml @@ -1,6 +1,9 @@ application_id: "mailu" + +# Database Configuration database_password: "{{applications.mailu.credentials.database.password}}" database_type: "mariadb" + cert_mount_directory: "{{docker_compose.directories.volumes}}certs/" enable_wildcard_certificate: false @@ -8,5 +11,5 @@ enable_wildcard_certificate: false # @see https://github.com/heviat/Mailu-OIDC/tree/2024.06 docker_source: "{{ 'ghcr.io/heviat' if applications[application_id].features.oidc | bool else 'ghcr.io/mailu' }}" -domain: "{{ domains[application_id] }}" -http_port: "{{ ports.localhost.http[application_id] }}" \ No newline at end of file +domain: "{{ domains[application_id] }}" +http_port: "{{ ports.localhost.http[application_id] }}" \ No newline at end of file diff --git a/roles/docker-mastodon/vars/main.yml b/roles/docker-mastodon/vars/main.yml index 6529cf48..9e226ad7 100644 --- a/roles/docker-mastodon/vars/main.yml +++ b/roles/docker-mastodon/vars/main.yml @@ -1,3 +1,3 @@ application_id: "mastodon" -database_password: "{{applications.mastodon.credentials.database.password}}" +database_password: "{{applications[application_id].credentials.database.password}}" database_type: "postgres" \ No newline at end of file diff --git a/roles/docker-wordpress/tasks/discourse/README.md b/roles/docker-wordpress/tasks/discourse/README.md deleted file mode 100644 index 07c1a811..00000000 --- a/roles/docker-wordpress/tasks/discourse/README.md +++ /dev/null @@ -1,4 +0,0 @@ -# Wordpress with Discourse Support - -This folder contains the files to setup Discourse support for Wordpress. -IT's realized with the [WP Discourse Plugin](https://de.wordpress.org/plugins/wp-discourse/) \ No newline at end of file diff --git a/roles/docker-wordpress/tasks/discourse/generate-api-key.yml b/roles/docker-wordpress/tasks/discourse/generate-api-key.yml deleted file mode 100644 index 84463409..00000000 --- a/roles/docker-wordpress/tasks/discourse/generate-api-key.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -- name: Add /var/www/discourse to Git safe.directory - command: > - docker exec {{ applications.discourse.container }} \ - git config --global --add safe.directory /var/www/discourse - args: - chdir: "{{ docker_compose.directories.instance }}" - changed_when: false - -- name: Revoke old WP Discourse API keys via Rails - command: > - docker exec {{ applications.discourse.container }} bash -lc "\ - cd /var/www/discourse && \ - script/rails runner \"\ - ApiKey.where(\ - user_id: User.find_by_username('system').id,\ - description: 'WP Discourse Integration',\ - revoked_at: nil\ - ).update_all(revoked_at: Time.current)\ - \"" - args: - chdir: "{{ docker_compose.directories.instance }}" - changed_when: false - failed_when: false - -- name: Generate new WP Discourse API key via Rake task - command: > - docker exec {{ applications.discourse.container }} bash -lc "\ - cd /var/www/discourse && \ - bin/rake api_key:create_master['WP Discourse Integration']\ - " - args: - chdir: "{{ docker_compose.directories.instance }}" - register: discourse_generated_api_key - -- name: Store the new WP Discourse API key in a fact - set_fact: - vault_discourse_api_key: "{{ discourse_generated_api_key.stdout | trim }}" diff --git a/roles/docker-wordpress/tasks/main.yml b/roles/docker-wordpress/tasks/main.yml index c0061fda..bb220323 100644 --- a/roles/docker-wordpress/tasks/main.yml +++ b/roles/docker-wordpress/tasks/main.yml @@ -37,10 +37,15 @@ - name: "Install wordpress" include_tasks: install.yml -- name: "Activating OIDC when enabled." - include_tasks: oidc/install.yml - when: applications[application_id].features.oidc | bool - -- name: "Activating WP Discourse when enabled" - include_tasks: discourse/install.yml - when: applications[application_id].plugins.discourse | bool \ No newline at end of file +- name: "Install and activate WordPress plugins from application config" + block: + - name: "Iterate through WordPress plugins" + include_tasks: plugin.yml + loop: "{{ applications[application_id].plugins | dict2items }}" + loop_control: + label: "{{ item.key }}" + vars: + plugin_name: "{{ item.key }}" + plugin_enabled: "{{ item.value.enabled | bool }}" + plugin_task_path: "{{ role_path }}/tasks/plugins/{{ plugin_name }}/install.yml" + when: plugin_enabled diff --git a/roles/docker-wordpress/tasks/oidc/README.md b/roles/docker-wordpress/tasks/oidc/README.md deleted file mode 100644 index 3de942ea..00000000 --- a/roles/docker-wordpress/tasks/oidc/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# Wordpress with OIDC -This folder contains the files to setup Wordpress with OIDC. \ No newline at end of file diff --git a/roles/docker-wordpress/tasks/oidc/install.yml b/roles/docker-wordpress/tasks/oidc/install.yml deleted file mode 100644 index 691ac31d..00000000 --- a/roles/docker-wordpress/tasks/oidc/install.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: "Install OpenID Connect Generic Plugin via WP CLI" - command: > - docker-compose exec -u www-data -T application - wp plugin install daggerhart-openid-connect-generic - --path={{ wordpress_docker_html_path }} - args: - chdir: "{{ docker_compose.directories.instance }}" - -- name: "Activate OpenID Connect Generic Plugin" - command: > - docker-compose exec -u www-data -T application - wp plugin activate daggerhart-openid-connect-generic - --path={{ wordpress_docker_html_path }} - args: - chdir: "{{ docker_compose.directories.instance }}" - -- name: "Setup OIDC settings" - include_tasks: "settings.yml" \ No newline at end of file diff --git a/roles/docker-wordpress/tasks/plugin.yml b/roles/docker-wordpress/tasks/plugin.yml new file mode 100644 index 00000000..9f78bb2f --- /dev/null +++ b/roles/docker-wordpress/tasks/plugin.yml @@ -0,0 +1,18 @@ +--- +- name: "Check if plugin has a dedicated install task" + stat: + path: "{{ plugin_task_path }}" + register: plugin_task_file + +- name: "Include plugin-specific install task if it exists" + include_tasks: "{{ plugin_task_path }}" + when: plugin_task_file.stat.exists + +- name: "Install and activate WordPress plugin via WP CLI" + command: > + docker-compose exec -u www-data -T application + wp plugin install {{ plugin_name }} --activate + --path={{ wordpress_docker_html_path }} + args: + chdir: "{{ docker_compose.directories.instance }}" + when: not plugin_task_file.stat.exists diff --git a/roles/docker-wordpress/tasks/plugins/README.md b/roles/docker-wordpress/tasks/plugins/README.md new file mode 100644 index 00000000..92e0853a --- /dev/null +++ b/roles/docker-wordpress/tasks/plugins/README.md @@ -0,0 +1,15 @@ +# WordPress Plugins + +This WordPress setup integrates several powerful plugins to extend functionality with authentication, federation, and external discussion platforms: + +## 🔐 OpenID Connect Generic Client +Enables secure login via OpenID Connect (OIDC). +Plugin used: [daggerhart-openid-connect-generic](https://wordpress.org/plugins/daggerhart-openid-connect-generic/) + +## 💬 WP Discourse +Seamlessly connects WordPress with a Discourse forum for comments, discussions, and single sign-on (SSO). +Plugin used: [wp-discourse](https://wordpress.org/plugins/wp-discourse/) + +## 🌍 ActivityPub +Federates your blog with the Fediverse, making it accessible on platforms like Mastodon and Friendica. +Plugin used: [activitypub](https://wordpress.org/plugins/activitypub/) diff --git a/roles/docker-wordpress/tasks/oidc/settings.yml b/roles/docker-wordpress/tasks/plugins/daggerhart-openid-connect-generic.yml similarity index 100% rename from roles/docker-wordpress/tasks/oidc/settings.yml rename to roles/docker-wordpress/tasks/plugins/daggerhart-openid-connect-generic.yml diff --git a/roles/docker-wordpress/tasks/discourse/install.yml b/roles/docker-wordpress/tasks/plugins/wp-discourse.yml similarity index 53% rename from roles/docker-wordpress/tasks/discourse/install.yml rename to roles/docker-wordpress/tasks/plugins/wp-discourse.yml index 366942d9..579f2658 100644 --- a/roles/docker-wordpress/tasks/discourse/install.yml +++ b/roles/docker-wordpress/tasks/plugins/wp-discourse.yml @@ -10,8 +10,43 @@ delay: 5 timeout: 600 -- name: "Generate Discourse API Key when WP Discourse is enabled" - include_tasks: generate-api-key.yml +- name: Add /var/www/discourse to Git safe.directory + command: > + docker exec {{ applications.discourse.container }} \ + git config --global --add safe.directory /var/www/discourse + args: + chdir: "{{ docker_compose.directories.instance }}" + changed_when: false + +- name: Revoke old WP Discourse API keys via Rails + command: > + docker exec {{ applications.discourse.container }} bash -lc "\ + cd /var/www/discourse && \ + script/rails runner \"\ + ApiKey.where(\ + user_id: User.find_by_username('system').id,\ + description: 'WP Discourse Integration',\ + revoked_at: nil\ + ).update_all(revoked_at: Time.current)\ + \"" + args: + chdir: "{{ docker_compose.directories.instance }}" + changed_when: false + failed_when: false + +- name: Generate new WP Discourse API key via Rake task + command: > + docker exec {{ applications.discourse.container }} bash -lc "\ + cd /var/www/discourse && \ + bin/rake api_key:create_master['WP Discourse Integration']\ + " + args: + chdir: "{{ docker_compose.directories.instance }}" + register: discourse_generated_api_key + +- name: Store the new WP Discourse API key in a fact + set_fact: + vault_discourse_api_key: "{{ discourse_generated_api_key.stdout | trim }}" - name: "Load WP Discourse settings" include_vars: diff --git a/templates/vars/applications.yml.j2 b/templates/vars/applications.yml.j2 index ccb5574b..9c13d305 100644 --- a/templates/vars/applications.yml.j2 +++ b/templates/vars/applications.yml.j2 @@ -273,6 +273,9 @@ defaults_applications: administrator: username: "{{users.administrator.username}}" # Listmonk administrator account username # password: "{{users.administrator.password}}" # Password to initialized Listmonk administrator with + credentials: + database: +# password: "" # Database password public_api_activated: False # Security hole. Can be used for spaming version: "latest" # Docker Image version setup: false # Set true in inventory file to execute the setup and initializing procedures @@ -817,8 +820,13 @@ defaults_applications: # password: # Password of the wordpress administrator email: "{{users.administrator.email}}" # Email of the wordpress adminsitrator plugins: - discourse: "{{ 'discourse' in group_names | lower }}" - oidc: true + wp-discourse: + enabled: "{{ 'discourse' in group_names | lower }}" + daggerhart-openid-connect-generic: + enabled: true + activitypub: + enabled: true + {% endraw %}{{ features.render_features({ 'matomo': true, 'css': false,