From 4c0aba2eeacf6bd3da4a0ab1fb312e3479135b07 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Thu, 30 Jan 2025 15:04:23 +0100 Subject: [PATCH] HUGE REFACTORING; Implementing ldap networks, new port mappings, heal script optimizing etc. --- group_vars/all/07_applications.yml | 3 +- group_vars/all/09_ports.yml | 53 +++++++++ playbook.servers.yml | 107 +----------------- roles/docker-akaunting/vars/main.yml | 8 +- roles/docker-attendize/tasks/main.yml | 2 +- .../templates/docker-compose.yml.j2 | 7 -- roles/docker-attendize/vars/main.yml | 9 +- roles/docker-baserow/vars/main.yml | 6 +- roles/docker-bigbluebutton/tasks/main.yml | 20 ++-- .../templates/nginx-proxy.conf.j2 | 3 +- roles/docker-bigbluebutton/vars/main.yml | 12 +- roles/docker-bluesky/vars/main.yml | 10 +- roles/docker-compose/handlers/main.yml | 6 +- roles/docker-compose/tasks/main.yml | 12 +- roles/docker-discourse/handlers/main.yml | 2 +- roles/docker-discourse/tasks/main.yml | 4 +- .../templates/discourse_application.yml.j2 | 4 +- roles/docker-discourse/vars/main.yml | 4 +- roles/docker-friendica/vars/main.yml | 6 +- roles/docker-funkwhale/vars/main.yml | 3 +- .../templates/docker-compose.yml.j2 | 4 +- roles/docker-gitea/vars/main.yml | 6 +- roles/docker-gitlab/README.md | 2 +- .../templates/docker-compose.yml.j2 | 4 +- roles/docker-gitlab/vars/main.yml | 6 +- roles/docker-jenkins/tasks/main.yml | 2 +- roles/docker-joomla/vars/main.yml | 6 +- roles/docker-keycloak/README.md | 2 +- roles/docker-keycloak/vars/main.yml | 6 +- roles/docker-ldap/README.md | 4 +- roles/docker-ldap/vars/main.yml | 2 +- roles/docker-listmonk/vars/main.yml | 6 +- roles/docker-mailu/vars/main.yml | 2 +- roles/docker-mastodon/tasks/main.yml | 2 +- .../templates/docker-compose.yml.j2 | 2 +- .../templates/mastodon.conf.j2 | 2 +- roles/docker-mastodon/vars/main.yml | 6 +- roles/docker-matomo/vars/main.yml | 6 +- roles/docker-matrix-ansible/tasks/main.yml | 8 +- .../templates/vars.yml.j2 | 2 +- roles/docker-matrix-compose/tasks/main.yml | 26 ++--- .../templates/docker-compose.yml.j2 | 10 +- .../templates/mautrix/facebook.config.yml.j2 | 2 +- .../templates/mautrix/instagram.config.yml.j2 | 2 +- .../templates/mautrix/signal.config.yml.j2 | 2 +- .../templates/mautrix/slack.config.yml.j2 | 2 +- .../templates/mautrix/telegram.config.yml.j2 | 2 +- .../templates/mautrix/whatsapp.config.yml.j2 | 2 +- .../templates/synapse/homeserver.yaml.j2 | 6 +- .../templates/synapse/log.config.j2 | 2 +- .../templates/well-known.j2 | 2 +- roles/docker-matrix-compose/vars/main.yml | 10 +- roles/docker-mediawiki/vars/main.yml | 6 +- roles/docker-moodle/vars/main.yml | 6 +- roles/docker-mybb/README.md | 6 +- roles/docker-mybb/vars/main.yml | 2 +- roles/docker-nextcloud/vars/main.yml | 2 +- .../templates/container.yml.j2 | 2 +- roles/docker-openproject/vars/main.yml | 4 +- roles/docker-peertube/tasks/main.yml | 2 +- roles/docker-peertube/vars/main.yml | 6 +- roles/docker-phpmyadmin/vars/main.yml | 8 +- roles/docker-pixelfed/vars/main.yml | 2 +- roles/docker-portfolio/vars/main.yml | 4 +- roles/docker-roulette-wheel/vars/main.yml | 4 +- roles/docker-taiga/vars/main.yml | 8 +- roles/docker-wordpress/tasks/main.yml | 2 +- roles/docker-wordpress/vars/main.yml | 8 +- roles/docker-yourls/vars/main.yml | 6 +- roles/heal-docker/files/heal-docker.py | 94 +++++++-------- .../templates/heal-docker.service.j2 | 2 +- .../handlers/main.yml | 2 +- roles/nginx-docker-cert-deploy/tasks/main.yml | 4 +- .../templates/domain.conf.j2 | 2 +- tasks/update-repository-with-files.yml | 6 +- templates/docker/services/mariadb.yml.j2 | 2 +- templates/docker/services/postgres.yml.j2 | 2 +- templates/docker/services/redis.yml.j2 | 2 +- vars/docker-database.yml.j2 | 6 +- 79 files changed, 294 insertions(+), 335 deletions(-) create mode 100644 group_vars/all/09_ports.yml diff --git a/group_vars/all/07_applications.yml b/group_vars/all/07_applications.yml index e47458fd..ac7a91e4 100644 --- a/group_vars/all/07_applications.yml +++ b/group_vars/all/07_applications.yml @@ -69,7 +69,8 @@ ldap_administrator_username: "{{administrator_username}}" ldap_administrator_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons ldap_administrator_database_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons ldap_lam_administrator_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons -ldap_expose_to_internet: false # Set to true if you want to expose the LDAP port to the internet. Keep in mind to +ldap_expose_to_internet: false # Set to true if you want to expose the LDAP port to the internet. Keep in mind to +ldap_network_enabled: false # Activate LDAP network for insecure communitation on localhot between different container instances. Set in vars/main.yml ## Listmonk listmonk_admin_username: "{{administrator_username}}" diff --git a/group_vars/all/09_ports.yml b/group_vars/all/09_ports.yml new file mode 100644 index 00000000..3f98b7ea --- /dev/null +++ b/group_vars/all/09_ports.yml @@ -0,0 +1,53 @@ +ports: + # Ports which are exposed to localhost + localhost: + web_socket: + mastodon: 4001 + oauth2_proxy_ports: + phpmyadmin: 4181 + ldap: 4182 + openproject: 4183 + ldap_ports: + openldap: + http_ports: + nextcloud: 8001 + gitea: 8002 + wordpress: 8003 + mediawiki: 8004 + mybb: 8005 + yourls: 8006 + mailu: 8007 + elk: 8008 + mastodon: 8009 + pixelfed: 8010 + peertube: 8011 + funkwhale: 8012 + roulette-wheel: 8013 + joomla: 8014 + attendize: 8015 + matrix: 8016 + baserow: 8017 + matomo: 8018 + listmonk: 8019 + discourse: 8020 + matrix_synapse: 8021 + matrix_element: 8022 + openproject: 8023 + gitlab: 8024 + akaunting: 8025 + moodle: 8026 + taiga: 8027 + friendica: 8028 + portfolio: 8029 + bluesky_api: 8030 + bluesky_web: 8031 + keycloak: 8032 + ldap: 8033 + phpmyadmin: 8034 + bigbluebutton: 48087 # This port is predefined by bbb. @todo Try to change this to a 8XXX port + # Ports which are exposed to the World Wide Web + public: + # The following ports should be changed to 22 on the subdomain via stream mapping + ssh_ports: + gitea: 2201 + gitlab: 2202 diff --git a/playbook.servers.yml b/playbook.servers.yml index 586ce2ad..f14ede88 100644 --- a/playbook.servers.yml +++ b/playbook.servers.yml @@ -13,16 +13,12 @@ - health-btrfs - system-btrfs-auto-balancer - # Docker Roles - name: setup nextcloud hosts hosts: nextcloud_server become: true roles: - role: docker-nextcloud - vars: - domain: "{{domains.nextcloud}}" - http_port: 8001 - name: setup gitea hosts hosts: gitea @@ -30,9 +26,6 @@ roles: - role: docker-gitea vars: - domain: "{{domains.gitea}}" - http_port: 8002 - ssh_port: 2201 run_mode: prod - name: setup wordpress hosts @@ -40,18 +33,12 @@ become: true roles: - role: docker-wordpress - vars: - wordpress_domains: "{{domains.wordpress}}" - http_port: 8003 - name: setup mediawiki hosts hosts: mediawiki become: true roles: - role: docker-mediawiki - vars: - domain: "{{domains.mediawiki}}" - http_port: 8004 - name: setup mybb hosts hosts: mybb @@ -60,16 +47,12 @@ - role: docker-mybb vars: mybb_domains: "{{domains.mybb}}" - http_port: 8005 - name: setup yourls hosts hosts: yourls become: true roles: - role: docker-yourls - vars: - domain: "{{domains.yourls}}" - http_port: 8006 - name: setup mailu hosts hosts: mailu @@ -77,8 +60,6 @@ roles: - role: docker-mailu vars: - domain: "{{domains.mailu}}" - http_port: 8007 enable_central_database: "{{enable_central_database_mailu}}" - name: setup elk hosts @@ -86,39 +67,24 @@ become: true roles: - role: docker-elk - vars: - domain: "{{domains.elk}}" - http_port: 8008 - name: setup mastodon hosts hosts: mastodon become: true roles: - role: docker-mastodon - vars: - domain: "{{domains.mastodon}}" - mastodon_domains: "{{ [domain] + domains.mastodon_alternates }}" - http_port: 8009 - stream_port: 4001 - name: setup pixelfed hosts hosts: pixelfed become: true roles: - role: docker-pixelfed - vars: - domain: "{{domains.pixelfed}}" - http_port: 8010 - name: setup peertube hosts hosts: peertube become: true roles: - role: docker-peertube - vars: - domain: "{{domains.peertube}}" - peertube_domains: "{{ [domain] + domains.peertube_alternates }}" - http_port: 8011 - name: setup bigbluebutton hosts hosts: bigbluebutton @@ -133,73 +99,48 @@ become: true roles: - role: docker-funkwhale - vars: - domain: "{{domains.funkwhale}}" - http_port: 8012 - name: setup roulette-wheel hosts - hosts: roulette_wheel + hosts: roulette-wheel become: true roles: - role: docker-roulette-wheel - vars: - domain: "{{domains.roulette}}" - http_port: 8013 - name: setup joomla hosts hosts: joomla become: true roles: - role: docker-joomla - vars: - domain: "{{joomla_domains}}" - http_port: 8014 - name: setup attendize hosts: attendize become: true roles: - role: docker-attendize - vars: - domain: "{{domains.attendize}}" - http_port: 8015 - mail_interface_http_port: 8016 - name: setup baserow hosts hosts: baserow become: true roles: - role: docker-baserow - vars: - domain: "{{domains.baserow}}" - http_port: 8017 - name: setup matomo hosts hosts: matomo become: true roles: - role: docker-matomo - vars: - domain: "{{domains.matomo}}" - http_port: 8018 - name: setup listmonk hosts: listmonk become: true roles: - role: docker-listmonk - vars: - domain: "{{domains.listmonk}}" - http_port: 8019 - name: setup discourse hosts: discourse become: true roles: - role: docker-discourse - vars: - domain: "{{domains.discourse}}" - http_port: 8020 - name: setup matrix hosts: matrix @@ -207,85 +148,50 @@ roles: - role: docker-matrix-ansible when: matrix_role == 'ansible' - vars: - matrix_domains: - - "{{domains.matrix_element}}" - - "{{domains.matrix_synapse}}" - element_domain: "{{domains.matrix_element}}" - synapse_domain: "{{domains.matrix_synapse}}" - http_port: 8021 - role: docker-matrix-compose when: matrix_role == 'compose' - vars: - element_domain: "{{domains.matrix_element}}" - synapse_domain: "{{domains.matrix_synapse}}" - synapse_http_port: 8021 - element_http_port: 8022 - name: setup open project instances hosts: openproject become: true roles: - role: docker-openproject - vars: - domain: "{{domains.openproject}}" - http_port: 8023 - oauth2_proxy_port: 4180 - name: setup gitlab hosts hosts: gitlab become: true roles: - role: docker-gitlab - vars: - domain: "{{domains.gitlab}}" - http_port: 8024 - ssh_port: 2202 - name: setup akaunting hosts hosts: akaunting become: true roles: - role: docker-akaunting - vars: - domain: "{{domains.akaunting}}" - http_port: 8025 - name: setup moodle instance hosts: moodle become: true roles: - role: docker-moodle - vars: - domain: "{{domains.moodle}}" - http_port: 8026 - name: setup taiga instance hosts: taiga become: true roles: - role: docker-taiga - vars: - domain: "{{domains.taiga}}" - http_port: 8027 - name: setup friendica hosts hosts: friendica become: true roles: - role: docker-friendica - vars: - domain: "{{domains.friendica}}" - http_port: 8028 - name: setup portfolio hosts: portfolio become: true roles: - role: docker-portfolio - vars: - domain: "{{domains.portfolio}}" - http_port: 8029 - name: setup bluesky hosts: bluesky @@ -303,29 +209,18 @@ become: true roles: - role: docker-keycloak - vars: - domain: "{{domains.keycloak}}" - http_port: 8032 - name: setup ldap hosts: ldap become: true roles: - role: docker-ldap - vars: - domain: "{{domains.ldap}}" - http_port: 8033 - oauth2_proxy_port: 4182 - name: setup PHPMyAdmin hosts: phpmyadmin become: true roles: - role: docker-phpmyadmin - vars: - domain: "{{domains.phpmyadmin}}" - http_port: 8034 - oauth2_proxy_port: 4181 # Native Webserver Roles - name: setup nginx-static-repositorys diff --git a/roles/docker-akaunting/vars/main.yml b/roles/docker-akaunting/vars/main.yml index 93c204cd..de2efe17 100644 --- a/roles/docker-akaunting/vars/main.yml +++ b/roles/docker-akaunting/vars/main.yml @@ -1,4 +1,4 @@ -docker_compose_project_name: "akaunting" -database_type: "mariadb" -database_password: "{{akaunting_database_password}}" -repository_address: "https://github.com/akaunting/docker.git" +application_id: "akaunting" +database_type: "mariadb" +database_password: "{{akaunting_database_password}}" +repository_address: "https://github.com/akaunting/docker.git" diff --git a/roles/docker-attendize/tasks/main.yml b/roles/docker-attendize/tasks/main.yml index 2069131e..a6650a39 100644 --- a/roles/docker-attendize/tasks/main.yml +++ b/roles/docker-attendize/tasks/main.yml @@ -7,7 +7,7 @@ vars: domain: "{{ item }}" loop: - - "{{ mail_interface_domain }}" + - "{{ domains.mailu }}" - "{{ domain }}" - name: configure {{domain}}.conf diff --git a/roles/docker-attendize/templates/docker-compose.yml.j2 b/roles/docker-attendize/templates/docker-compose.yml.j2 index fe5b39e3..61f55c6d 100644 --- a/roles/docker-attendize/templates/docker-compose.yml.j2 +++ b/roles/docker-attendize/templates/docker-compose.yml.j2 @@ -27,13 +27,6 @@ services: - .:/usr/share/nginx/html - .:/var/www - maildev: - image: maildev/maildev - ports: - - "{{ mail_interface_http_port }}:1080" -{% include 'templates/docker/container/networks.yml.j2' %} -{% include 'templates/docker/container/depends-on-just-database.yml.j2' %} - {% include 'templates/docker/compose/volumes.yml.j2' %} redis: diff --git a/roles/docker-attendize/vars/main.yml b/roles/docker-attendize/vars/main.yml index 91472087..99ede1f3 100644 --- a/roles/docker-attendize/vars/main.yml +++ b/roles/docker-attendize/vars/main.yml @@ -1,6 +1,5 @@ --- -docker_compose_project_name: "attendize" -mail_interface_domain: "mail.{{domain}}" -database_type: "mariadb" -database_password: "{{attendize_database_password}}" -repository_address: "https://github.com/Attendize/Attendize.git" \ No newline at end of file +application_id: "attendize" +database_type: "mariadb" +database_password: "{{attendize_database_password}}" +repository_address: "https://github.com/Attendize/Attendize.git" \ No newline at end of file diff --git a/roles/docker-baserow/vars/main.yml b/roles/docker-baserow/vars/main.yml index 456857cf..b59afb70 100644 --- a/roles/docker-baserow/vars/main.yml +++ b/roles/docker-baserow/vars/main.yml @@ -1,3 +1,3 @@ -docker_compose_project_name: "baserow" -database_password: "{{ baserow_database_password }}" -database_type: "postgres" \ No newline at end of file +application_id: "baserow" +database_password: "{{ baserow_database_password }}" +database_type: "postgres" \ No newline at end of file diff --git a/roles/docker-bigbluebutton/tasks/main.yml b/roles/docker-bigbluebutton/tasks/main.yml index deeb4cbd..f743287b 100644 --- a/roles/docker-bigbluebutton/tasks/main.yml +++ b/roles/docker-bigbluebutton/tasks/main.yml @@ -3,14 +3,20 @@ include_role: name: docker-compose -- name: "include task certbot-matomo.yml" - include_tasks: certbot-matomo.yml +# Leave this in the code until big blue button was working for a while. +# This is necessary due to the reason that big blue button wasn't fully tested after refactoring +# +#- name: "include task certbot-matomo.yml" +# include_tasks: certbot-matomo.yml +# +#- name: configure {{domain}}.conf +# template: +# src: "nginx-proxy.conf.j2" +# dest: "{{nginx_servers_directory}}{{domain}}.conf" +# notify: restart nginx -- name: configure {{domain}}.conf - template: - src: "nginx-proxy.conf.j2" - dest: "{{nginx_servers_directory}}{{domain}}.conf" - notify: restart nginx +- name: "include tasks nginx-docker-proxy-domain.yml" + include_tasks: nginx-docker-proxy-domain.yml - name: configure websocket_upgrade.conf copy: diff --git a/roles/docker-bigbluebutton/templates/nginx-proxy.conf.j2 b/roles/docker-bigbluebutton/templates/nginx-proxy.conf.j2 index 6c915c69..c4461be9 100644 --- a/roles/docker-bigbluebutton/templates/nginx-proxy.conf.j2 +++ b/roles/docker-bigbluebutton/templates/nginx-proxy.conf.j2 @@ -1,10 +1,11 @@ +# Remove this template when BBB is running successfully server { {% include 'roles/letsencrypt/templates/ssl_header.j2' %} location / { proxy_http_version 1.1; - proxy_pass http://$endpoint_addr:48087; + proxy_pass http://$endpoint_addr:{{ports.localhost.oauth2_proxy_ports[application_id]}}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/roles/docker-bigbluebutton/vars/main.yml b/roles/docker-bigbluebutton/vars/main.yml index 6fa185cd..647b41f6 100644 --- a/roles/docker-bigbluebutton/vars/main.yml +++ b/roles/docker-bigbluebutton/vars/main.yml @@ -1,6 +1,6 @@ -docker_compose_project_name: "bigbluebutton" -docker_compose_file: "{{docker_compose_instance_directory}}docker-compose.yml" -database_instance: "bigbluebutton" -database_name: "greenlight-v3" -database_username: "postgres" -database_password: "{{bigbluebutton_postgresql_secret}}" \ No newline at end of file +application_id: "bigbluebutton" +docker_compose_file: "{{docker_compose_instance_directory}}docker-compose.yml" +database_instance: "bigbluebutton" +database_name: "greenlight-v3" +database_username: "postgres" +database_password: "{{bigbluebutton_postgresql_secret}}" \ No newline at end of file diff --git a/roles/docker-bluesky/vars/main.yml b/roles/docker-bluesky/vars/main.yml index 733c9a82..ea11d80c 100644 --- a/roles/docker-bluesky/vars/main.yml +++ b/roles/docker-bluesky/vars/main.yml @@ -1,8 +1,8 @@ -docker_compose_project_name: "bluesky" -social_app_path: "{{ docker_compose_instance_directory }}/social-app" +application_id: "bluesky" +social_app_path: "{{ docker_compose_instance_directory }}/social-app" # This should be removed when the following issue is closed: # https://github.com/bluesky-social/pds/issues/52 -pdsadmin_folder_path: "{{ docker_compose_instance_directory }}/pdsadmin" -pdsadmin_file_path: "{{pdsadmin_folder_path}}/pdsadmin" -pdsadmin_temporary_tar_path: "/tmp/pdsadmin.tar.gz" \ No newline at end of file +pdsadmin_folder_path: "{{ docker_compose_instance_directory }}/pdsadmin" +pdsadmin_file_path: "{{pdsadmin_folder_path}}/pdsadmin" +pdsadmin_temporary_tar_path: "/tmp/pdsadmin.tar.gz" \ No newline at end of file diff --git a/roles/docker-compose/handlers/main.yml b/roles/docker-compose/handlers/main.yml index 4b4d5f44..92cec58f 100644 --- a/roles/docker-compose/handlers/main.yml +++ b/roles/docker-compose/handlers/main.yml @@ -4,14 +4,14 @@ # https://github.com/ansible/ansible/issues/10244 #- name: shut down docker compose project # command: -# cmd: docker-compose -p "{{docker_compose_project_name}}" down +# cmd: docker-compose -p "{{application_id}}" down # listen: docker compose project setup # when: mode_reset | bool # default setup for docker compose files - name: docker compose project setup command: - cmd: docker-compose -p "{{docker_compose_project_name}}" up -d --force-recreate + cmd: docker-compose -p "{{application_id}}" up -d --force-recreate chdir: "{{docker_compose_instance_directory}}" environment: COMPOSE_HTTP_TIMEOUT: 600 @@ -22,7 +22,7 @@ # for performance reasons it's not recommended to use this if there is no build tag specified - name: docker compose project build and setup command: - cmd: docker-compose -p "{{docker_compose_project_name}}" up -d --force-recreate --build + cmd: docker-compose -p "{{application_id}}" up -d --force-recreate --build chdir: "{{docker_compose_instance_directory}}" environment: COMPOSE_HTTP_TIMEOUT: 600 diff --git a/roles/docker-compose/tasks/main.yml b/roles/docker-compose/tasks/main.yml index f5fd6b28..96f4ce23 100644 --- a/roles/docker-compose/tasks/main.yml +++ b/roles/docker-compose/tasks/main.yml @@ -1,6 +1,14 @@ -- name: "Set global docker_compose_instance_directory: {{ path_docker_compose_instances }}{{ docker_compose_project_name }}/" +- name: "Set global docker_compose_instance_directory: {{ path_docker_compose_instances }}{{ application_id }}/" set_fact: - docker_compose_instance_directory: "{{ path_docker_compose_instances }}{{ docker_compose_project_name }}/" + docker_compose_instance_directory: "{{ path_docker_compose_instances }}{{ application_id }}/" + +- name: "Set global domain to {{ domains[application_id] }}" + set_fact: + domain: "{{ domains[application_id] }}" + +- name: "Set global http_port to {{ ports.localhost.http_ports[application_id] }}" + set_fact: + http_port: "{{ ports.localhost.http_ports[application_id] }}" - name: "remove {{ docker_compose_instance_directory }} and all its contents" file: diff --git a/roles/docker-discourse/handlers/main.yml b/roles/docker-discourse/handlers/main.yml index 4448e5c2..431b2cca 100644 --- a/roles/docker-discourse/handlers/main.yml +++ b/roles/docker-discourse/handlers/main.yml @@ -7,7 +7,7 @@ failed_when: container_action.failed and 'No such container' not in container_action.msg listen: recreate discourse -- name: "add central database temporary to {{docker_compose_project_name}}_default" +- name: "add central database temporary to {{application_id}}_default" command: cmd: "docker network connect discourse_default central-{{ database_type }}" ignore_errors: true diff --git a/roles/docker-discourse/tasks/main.yml b/roles/docker-discourse/tasks/main.yml index c7a80f77..21cf05b6 100644 --- a/roles/docker-discourse/tasks/main.yml +++ b/roles/docker-discourse/tasks/main.yml @@ -12,7 +12,7 @@ - name: "include tasks nginx-docker-proxy-domain.yml" include_tasks: nginx-docker-proxy-domain.yml -- name: "cleanup central database from {{docker_compose_project_name}}_default network" +- name: "cleanup central database from {{application_id}}_default network" command: cmd: "docker network disconnect discourse_default central-{{ database_type }}" ignore_errors: true @@ -65,7 +65,7 @@ ignore_errors: true when: enable_central_database | bool -- name: "remove central database from {{docker_compose_project_name}}_default" +- name: "remove central database from {{application_id}}_default" command: cmd: "docker network disconnect discourse_default central-{{ database_type }}" ignore_errors: true diff --git a/roles/docker-discourse/templates/discourse_application.yml.j2 b/roles/docker-discourse/templates/discourse_application.yml.j2 index 159f6dd9..c93be9f8 100644 --- a/roles/docker-discourse/templates/discourse_application.yml.j2 +++ b/roles/docker-discourse/templates/discourse_application.yml.j2 @@ -67,7 +67,7 @@ env: DISCOURSE_DB_NAME: {{ database_name }} # Redis Configuration - DISCOURSE_REDIS_HOST: {{docker_compose_project_name}}-redis + DISCOURSE_REDIS_HOST: {{application_id}}-redis ## If you added the Lets Encrypt template, uncomment below to get a free SSL certificate #LETSENCRYPT_ACCOUNT_EMAIL: administrator@veen.world @@ -129,5 +129,5 @@ run: - exec: echo "End of custom commands" docker_args: - - --network={{docker_compose_project_name}}_default + - --network={{application_id}}_default - --name={{discourse_application_container}} diff --git a/roles/docker-discourse/vars/main.yml b/roles/docker-discourse/vars/main.yml index b3b4be4a..9318b7f7 100644 --- a/roles/docker-discourse/vars/main.yml +++ b/roles/docker-discourse/vars/main.yml @@ -1,5 +1,5 @@ -docker_compose_project_name: "discourse" +application_id: "discourse" discourse_application_container: "discourse_application" database_password: "{{ baserow_database_password }}" database_type: "postgres" -discourse_repository_directory: "{{ path_docker_compose_instances + docker_compose_project_name + '/repository/' }}" \ No newline at end of file +discourse_repository_directory: "{{ path_docker_compose_instances + application_id + '/repository/' }}" \ No newline at end of file diff --git a/roles/docker-friendica/vars/main.yml b/roles/docker-friendica/vars/main.yml index 0239a880..a57e4ff3 100644 --- a/roles/docker-friendica/vars/main.yml +++ b/roles/docker-friendica/vars/main.yml @@ -1,3 +1,3 @@ -docker_compose_project_name: "friendica" -database_password: "{{friendica_database_password}}" -database_type: "mariadb" \ No newline at end of file +application_id: "friendica" +database_password: "{{friendica_database_password}}" +database_type: "mariadb" \ No newline at end of file diff --git a/roles/docker-funkwhale/vars/main.yml b/roles/docker-funkwhale/vars/main.yml index 9d6b1a71..739dd755 100644 --- a/roles/docker-funkwhale/vars/main.yml +++ b/roles/docker-funkwhale/vars/main.yml @@ -1,6 +1,5 @@ -docker_compose_project_name: "funkwhale" +application_id: "funkwhale" nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size 512M;" database_password: "{{funkwhale_database_password}}" database_type: "postgres" - ldap_network_enabled: true # Activate LDAP network \ No newline at end of file diff --git a/roles/docker-gitea/templates/docker-compose.yml.j2 b/roles/docker-gitea/templates/docker-compose.yml.j2 index 9196fcda..5c4038ee 100644 --- a/roles/docker-gitea/templates/docker-compose.yml.j2 +++ b/roles/docker-gitea/templates/docker-compose.yml.j2 @@ -15,7 +15,7 @@ services: - DB_NAME={{database_name}} - DB_USER={{database_username}} - DB_PASSWD={{database_password}} - - SSH_PORT={{ssh_port}} + - SSH_PORT={{ports.public.ssh_ports[application_id]}} - SSH_LISTEN_PORT=22 - DOMAIN={{domain}} - SSH_DOMAIN={{domain}} @@ -23,7 +23,7 @@ services: - ROOT_URL="https://{{domain}}/" ports: - "127.0.0.1:{{http_port}}:3000" - - "{{ssh_port}}:22" + - "{{ports.public.ssh_ports[application_id]}}:22" volumes: - data:/data - /etc/timezone:/etc/timezone:ro diff --git a/roles/docker-gitea/vars/main.yml b/roles/docker-gitea/vars/main.yml index 2e7014fc..9022a965 100644 --- a/roles/docker-gitea/vars/main.yml +++ b/roles/docker-gitea/vars/main.yml @@ -1,3 +1,3 @@ -docker_compose_project_name: "gitea" -database_password: "{{gitea_database_password}}" -database_type: "mariadb" \ No newline at end of file +application_id: "gitea" +database_password: "{{gitea_database_password}}" +database_type: "mariadb" \ No newline at end of file diff --git a/roles/docker-gitlab/README.md b/roles/docker-gitlab/README.md index b802dd92..3639b4cc 100644 --- a/roles/docker-gitlab/README.md +++ b/roles/docker-gitlab/README.md @@ -16,7 +16,7 @@ This Ansible role is designed for setting up and managing a GitLab server runnin ## Role Variables Variables are defined in `vars/main.yml`. Key variables include: - `docker_compose_instance_directory`: Directory for Docker Compose instances. -- `docker_compose_project_name`, `database_host`, `database_name`, `database_username`, `database_password`: Database configuration variables. +- `application_id`, `database_host`, `database_name`, `database_username`, `database_password`: Database configuration variables. ## Handlers - `recreate gitlab`: Restarts GitLab using Docker Compose when changes are detected. diff --git a/roles/docker-gitlab/templates/docker-compose.yml.j2 b/roles/docker-gitlab/templates/docker-compose.yml.j2 index 62609ae8..ad9ec22e 100644 --- a/roles/docker-gitlab/templates/docker-compose.yml.j2 +++ b/roles/docker-gitlab/templates/docker-compose.yml.j2 @@ -12,7 +12,7 @@ services: GITLAB_OMNIBUS_CONFIG: | external_url 'https://{{domain}}' postgresql['enable'] = false - gitlab_rails['gitlab_shell_ssh_port'] = {{ssh_port}} + gitlab_rails['gitlab_shell_ssh_port'] = {{ports.public.ssh_ports[application_id]}} gitlab_rails['db_adapter'] = 'postgresql' gitlab_rails['db_encoding'] = 'utf8' gitlab_rails['db_host'] = '{{database_host}}' @@ -30,7 +30,7 @@ services: gitlab_rails['redis_port'] = '6379' ports: - "127.0.0.1:{{http_port}}:80" - - "{{ssh_port}}:22" + - "{{ports.public.ssh_ports[application_id]}}:22" volumes: - 'config:/etc/gitlab' - 'logs:/var/log/gitlab' diff --git a/roles/docker-gitlab/vars/main.yml b/roles/docker-gitlab/vars/main.yml index e4c19830..c7e1bd90 100644 --- a/roles/docker-gitlab/vars/main.yml +++ b/roles/docker-gitlab/vars/main.yml @@ -1,3 +1,3 @@ -docker_compose_project_name: "gitlab" -database_password: "{{gitlab_database_password}}" -database_type: "postgres" \ No newline at end of file +application_id: "gitlab" +database_password: "{{gitlab_database_password}}" +database_type: "postgres" \ No newline at end of file diff --git a/roles/docker-jenkins/tasks/main.yml b/roles/docker-jenkins/tasks/main.yml index 10d7ba1d..a32809c8 100644 --- a/roles/docker-jenkins/tasks/main.yml +++ b/roles/docker-jenkins/tasks/main.yml @@ -3,7 +3,7 @@ - name: "docker jenkins" docker_compose: - project_name: jenkins + application_id: jenkins definition: application: image: jenkins/jenkins:lts diff --git a/roles/docker-joomla/vars/main.yml b/roles/docker-joomla/vars/main.yml index 3b0f416e..89f1e55a 100644 --- a/roles/docker-joomla/vars/main.yml +++ b/roles/docker-joomla/vars/main.yml @@ -1,3 +1,3 @@ -docker_compose_project_name: "joomla" -database_password: "{{joomla_database_password}}" -database_type: "postgres" \ No newline at end of file +application_id: "joomla" +database_password: "{{joomla_database_password}}" +database_type: "postgres" \ No newline at end of file diff --git a/roles/docker-keycloak/README.md b/roles/docker-keycloak/README.md index c17c1fc8..1eb17dd1 100644 --- a/roles/docker-keycloak/README.md +++ b/roles/docker-keycloak/README.md @@ -25,7 +25,7 @@ Defined in `vars/main.yml`: | Variable | Description | |---------------------------------|------------------------------------------------------------------| -| `docker_compose_project_name` | Name of the Docker Compose project. Default: `keycloak`. | +| `application_id` | Name of the Docker Compose project. Default: `keycloak`. | | `database_type` | Type of the database. Default: `postgres`. | | `database_password` | Password for the PostgreSQL database user. | diff --git a/roles/docker-keycloak/vars/main.yml b/roles/docker-keycloak/vars/main.yml index 476b12d8..50a9f807 100644 --- a/roles/docker-keycloak/vars/main.yml +++ b/roles/docker-keycloak/vars/main.yml @@ -1,3 +1,3 @@ -docker_compose_project_name: "keycloak" -database_type: "postgres" -database_password: "{{keycloak_database_password}}" \ No newline at end of file +application_id: "keycloak" +database_type: "postgres" +database_password: "{{keycloak_database_password}}" \ No newline at end of file diff --git a/roles/docker-ldap/README.md b/roles/docker-ldap/README.md index 60df3f15..cb312632 100644 --- a/roles/docker-ldap/README.md +++ b/roles/docker-ldap/README.md @@ -32,7 +32,7 @@ This Ansible role provides a streamlined implementation of an LDAP server with T ### Key Variables | Variable | Description | Default Value | |-------------------------------|----------------------------------------------------------|--------------------------------------| -| `docker_compose_project_name` | Name of the Docker Compose project. | `ldap` | +| `application_id` | Name of the Docker Compose project. | `ldap` | | `ldap_root` | Base DN for the LDAP directory. | `dc={{primary_domain_sld}},dc={{primary_domain_tld}}` | | `ldap_admin_dn` | Distinguished Name (DN) for the LDAP administrator. | `cn={{ldap_administrator_username}},{{ldap_root}}` | | `cert_mount_directory` | Directory to mount SSL/TLS certificates. | `{{docker_compose_instance_directory}}/certs/` | @@ -70,7 +70,7 @@ Here’s an example playbook to use this role: roles: - role: docker-ldap vars: - docker_compose_instance_directory: "/home/administrator/docker-compose/ldap/" + docker_compose_instance_directory: "/opt/docker/ldap/" primary_domain_sld: "veen" primary_domain_tld: "world" ldap_administrator_username: "administrator" diff --git a/roles/docker-ldap/vars/main.yml b/roles/docker-ldap/vars/main.yml index 7890118d..57af69bc 100644 --- a/roles/docker-ldap/vars/main.yml +++ b/roles/docker-ldap/vars/main.yml @@ -1,4 +1,4 @@ -docker_compose_project_name: "ldap" +application_id: "ldap" ldap_root: "dc={{primary_domain_sld}},dc={{primary_domain_tld}}" ldap_admin_dn: "cn={{ldap_administrator_username}},{{ldap_root}}" ldap_secure_localhost_port: 1636 diff --git a/roles/docker-listmonk/vars/main.yml b/roles/docker-listmonk/vars/main.yml index 5a499795..9f3ed81e 100644 --- a/roles/docker-listmonk/vars/main.yml +++ b/roles/docker-listmonk/vars/main.yml @@ -1,3 +1,3 @@ -docker_compose_project_name: "listmonk" -database_password: "{{listmonk_database_password}}" -database_type: "postgres" \ No newline at end of file +application_id: "listmonk" +database_password: "{{listmonk_database_password}}" +database_type: "postgres" \ No newline at end of file diff --git a/roles/docker-mailu/vars/main.yml b/roles/docker-mailu/vars/main.yml index 5d02b106..ac928493 100644 --- a/roles/docker-mailu/vars/main.yml +++ b/roles/docker-mailu/vars/main.yml @@ -1,4 +1,4 @@ -docker_compose_project_name: "mailu" +application_id: "mailu" database_password: "{{mailu_database_password}}" database_type: "mariadb" cert_mount_directory: "{{docker_compose_instance_directory}}/certs/" diff --git a/roles/docker-mastodon/tasks/main.yml b/roles/docker-mastodon/tasks/main.yml index b37f8d64..6337215b 100644 --- a/roles/docker-mastodon/tasks/main.yml +++ b/roles/docker-mastodon/tasks/main.yml @@ -4,7 +4,7 @@ - name: "include create-domains.yml" include_tasks: create-domains.yml - loop: "{{ mastodon_domains }}" + loop: "{{ [domain] + domains.mastodon_alternates }}" loop_control: loop_var: domain diff --git a/roles/docker-mastodon/templates/docker-compose.yml.j2 b/roles/docker-mastodon/templates/docker-compose.yml.j2 index 200af752..d36563f6 100644 --- a/roles/docker-mastodon/templates/docker-compose.yml.j2 +++ b/roles/docker-mastodon/templates/docker-compose.yml.j2 @@ -28,7 +28,7 @@ services: healthcheck: test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1'] ports: - - "127.0.0.1:{{stream_port}}:4000" + - "127.0.0.1:{{ports.localhost.web_socket[application_id]}}:4000" {% include 'templates/docker/container/depends-on-database-redis.yml.j2' %} logging: driver: journald diff --git a/roles/docker-mastodon/templates/mastodon.conf.j2 b/roles/docker-mastodon/templates/mastodon.conf.j2 index e983d022..0bb1e11e 100644 --- a/roles/docker-mastodon/templates/mastodon.conf.j2 +++ b/roles/docker-mastodon/templates/mastodon.conf.j2 @@ -37,7 +37,7 @@ server { proxy_set_header X-Forwarded-Proto https; proxy_set_header Proxy ""; - proxy_pass http://127.0.0.1:{{stream_port}}; + proxy_pass http://127.0.0.1:{{ports.localhost.web_socket[application_id]}}; proxy_buffering off; proxy_redirect off; proxy_http_version 1.1; diff --git a/roles/docker-mastodon/vars/main.yml b/roles/docker-mastodon/vars/main.yml index c7a8027b..2bd32d16 100644 --- a/roles/docker-mastodon/vars/main.yml +++ b/roles/docker-mastodon/vars/main.yml @@ -1,3 +1,3 @@ -docker_compose_project_name: "mastodon" -database_password: "{{mastodon_database_password}}" -database_type: "postgres" \ No newline at end of file +application_id: "mastodon" +database_password: "{{mastodon_database_password}}" +database_type: "postgres" \ No newline at end of file diff --git a/roles/docker-matomo/vars/main.yml b/roles/docker-matomo/vars/main.yml index 28fc6e46..f3611954 100644 --- a/roles/docker-matomo/vars/main.yml +++ b/roles/docker-matomo/vars/main.yml @@ -1,4 +1,4 @@ --- -docker_compose_project_name: "matomo" -database_type: "mariadb" -database_password: "{{matomo_database_password}}" \ No newline at end of file +application_id: "matomo" +database_type: "mariadb" +database_password: "{{matomo_database_password}}" \ No newline at end of file diff --git a/roles/docker-matrix-ansible/tasks/main.yml b/roles/docker-matrix-ansible/tasks/main.yml index 63a7b5b3..2c701493 100644 --- a/roles/docker-matrix-ansible/tasks/main.yml +++ b/roles/docker-matrix-ansible/tasks/main.yml @@ -1,7 +1,9 @@ --- - name: "include tasks nginx-docker-proxy-domain.yml" include_tasks: nginx-docker-proxy-domain.yml - loop: "{{ matrix_domains }}" + loop: + - "{{domains.matrix_element}}" + - "{{domains.matrix_synapse}}" loop_control: loop_var: domain @@ -126,13 +128,13 @@ #- name: add log.config # template: # src: "log.config.j2" -# dest: "{{docker_compose_instance_directory}}{{synapse_domain}}.log.config" +# dest: "{{docker_compose_instance_directory}}{{domains.matrix_synapse}}.log.config" # notify: recreate matrix # ## https://github.com/matrix-org/synapse/issues/6303 #- name: set correct folder permissions # command: -# cmd: "docker run --rm --mount type=volume,src=matrix_synapse_data,dst=/data -e SYNAPSE_SERVER_NAME={{synapse_domain}} -e SYNAPSE_REPORT_STATS=no --entrypoint /bin/sh matrixdotorg/synapse:latest -c 'chown -vR 991:991 /data'" +# cmd: "docker run --rm --mount type=volume,src=matrix_synapse_data,dst=/data -e SYNAPSE_SERVER_NAME={{domains.matrix_synapse}} -e SYNAPSE_REPORT_STATS=no --entrypoint /bin/sh matrixdotorg/synapse:latest -c 'chown -vR 991:991 /data'" # #- name: add docker-compose.yml # template: diff --git a/roles/docker-matrix-ansible/templates/vars.yml.j2 b/roles/docker-matrix-ansible/templates/vars.yml.j2 index 6b77a193..1651e20a 100644 --- a/roles/docker-matrix-ansible/templates/vars.yml.j2 +++ b/roles/docker-matrix-ansible/templates/vars.yml.j2 @@ -8,7 +8,7 @@ # because you can't change the Domain after deployment. # # Example value: example.com -matrix_domain: "{{synapse_domain}}" +matrix_domain: "{{domains.matrix_synapse}}" # The Matrix homeserver software to install. # See: diff --git a/roles/docker-matrix-compose/tasks/main.yml b/roles/docker-matrix-compose/tasks/main.yml index 100255ef..57cd7f23 100644 --- a/roles/docker-matrix-compose/tasks/main.yml +++ b/roles/docker-matrix-compose/tasks/main.yml @@ -5,8 +5,8 @@ - name: "include task certbot-matomo.yml" include_tasks: certbot-matomo.yml vars: - domain: "{{synapse_domain}}" - http_port: "{{synapse_http_port}}" + domain: "{{domains.matrix_synapse}}" + http_port: "{{ports.localhost.http_port[matrix_synapse]}}" - name: create {{well_known_directory}} file: @@ -19,20 +19,20 @@ src: "well-known.j2" dest: "{{well_known_directory}}server" -- name: create {{synapse_domain}}.conf +- name: create {{domains.matrix_synapse}}.conf template: src: "templates/nginx.conf.j2" - dest: "{{nginx_servers_directory}}{{synapse_domain}}.conf" + dest: "{{nginx_servers_directory}}{{domains.matrix_synapse}}.conf" vars: - domain: "{{synapse_domain}}" - http_port: "{{synapse_http_port}}" + domain: "{{domains.matrix_synapse}}" + http_port: "{{ports.localhost.http_port[matrix_synapse]}}" notify: restart nginx - name: "include tasks nginx-docker-proxy-domain.yml for element" include_tasks: nginx-docker-proxy-domain.yml vars: - domain: "{{element_domain}}" - http_port: "{{element_http_port}}" + domain: "{{domains.matrix_element}}" + http_port: "{{ports.localhost.http_port[matrix_element]}}" - name: include create-and-seed-database.yml for multiple bridges include_tasks: create-and-seed-database.yml @@ -45,7 +45,7 @@ # The following taks are necessary because a clean setup is necessary - name: shut down docker compose project command: - cmd: docker-compose -p "{{docker_compose_project_name}}" down + cmd: docker-compose -p "{{application_id}}" down chdir: "{{ docker_compose_instance_directory }}" - name: "cleanup project folder" @@ -82,13 +82,13 @@ - name: add synapse log configuration template: src: "synapse/log.config.j2" - dest: "{{docker_compose_instance_directory}}{{synapse_domain}}.log.config" + dest: "{{docker_compose_instance_directory}}{{domains.matrix_synapse}}.log.config" notify: docker compose project setup # https://github.com/matrix-org/synapse/issues/6303 - name: set correct folder permissions command: - cmd: "docker run --rm --mount type=volume,src=matrix_synapse_data,dst=/data -e SYNAPSE_SERVER_NAME={{synapse_domain}} -e SYNAPSE_REPORT_STATS=no --entrypoint /bin/sh matrixdotorg/synapse:latest -c 'chown -vR 991:991 /data'" + cmd: "docker run --rm --mount type=volume,src=matrix_synapse_data,dst=/data -e SYNAPSE_SERVER_NAME={{domains.matrix_synapse}} -e SYNAPSE_REPORT_STATS=no --entrypoint /bin/sh matrixdotorg/synapse:latest -c 'chown -vR 991:991 /data'" - name: add docker-compose.yml template: @@ -100,13 +100,13 @@ # @todo This should be moved to update-docker - name: docker compose pull command: - cmd: docker-compose -p "{{docker_compose_project_name}}" pull + cmd: docker-compose -p "{{application_id}}" pull chdir: "{{docker_compose_instance_directory}}" when: mode_update | bool - name: docker compose project setup command: - cmd: docker-compose -p "{{docker_compose_project_name}}" up -d + cmd: docker-compose -p "{{application_id}}" up -d chdir: "{{docker_compose_instance_directory}}" environment: COMPOSE_HTTP_TIMEOUT: 600 diff --git a/roles/docker-matrix-compose/templates/docker-compose.yml.j2 b/roles/docker-matrix-compose/templates/docker-compose.yml.j2 index 09200a67..0acfe603 100644 --- a/roles/docker-matrix-compose/templates/docker-compose.yml.j2 +++ b/roles/docker-matrix-compose/templates/docker-compose.yml.j2 @@ -11,15 +11,15 @@ services: volumes: - synapse_data:/data - ./homeserver.yaml:/data/homeserver.yaml:ro - - ./{{synapse_domain}}.log.config:/data/{{synapse_domain}}.log.config:ro + - ./{{domains.matrix_synapse}}.log.config:/data/{{domains.matrix_synapse}}.log.config:ro {% for item in bridges %} - {{docker_compose_instance_directory}}mautrix/{{item.bridge_name}}/registration.yaml:{{registration_file_folder}}{{item.bridge_name}}.registration.yaml:ro {% endfor %} environment: - - SYNAPSE_SERVER_NAME={{synapse_domain}} + - SYNAPSE_SERVER_NAME={{domains.matrix_synapse}} - SYNAPSE_REPORT_STATS=no ports: - - "127.0.0.1:{{synapse_http_port}}:8008" + - "127.0.0.1:{{ports.localhost.http_port[matrix_synapse]}}:8008" healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8008/"] interval: 1m @@ -39,7 +39,7 @@ services: volumes: - ./element-config.json:/app/config.json ports: - - "127.0.0.1:{{element_http_port}}:80" + - "127.0.0.1:{{ports.localhost.http_port[matrix_element]}}:80" healthcheck: test: ["CMD", "wget", "--spider", "-q", "http://localhost:80/"] interval: 1m @@ -89,7 +89,7 @@ services: # KEYV_URL: '' # KEYV_BOT_ENCRYPTION: 'false' # KEYV_BOT_STORAGE: 'true' -# MATRIX_HOMESERVER_URL: 'https://{{synapse_domain}}' +# MATRIX_HOMESERVER_URL: 'https://{{domains.matrix_synapse}}' # MATRIX_BOT_USERNAME: '@chatgptbot:{{matrix_server_name}}' # MATRIX_ACCESS_TOKEN: '{{ matrix_chatgpt_bridge_access_token | default('') }}' # MATRIX_BOT_PASSWORD: '{{matrix_chatgpt_bridge_user_password}}' diff --git a/roles/docker-matrix-compose/templates/mautrix/facebook.config.yml.j2 b/roles/docker-matrix-compose/templates/mautrix/facebook.config.yml.j2 index ace7fbca..f3fe27aa 100644 --- a/roles/docker-matrix-compose/templates/mautrix/facebook.config.yml.j2 +++ b/roles/docker-matrix-compose/templates/mautrix/facebook.config.yml.j2 @@ -143,7 +143,7 @@ bridge: sync_direct_chat_list: false # Servers to always allow double puppeting from double_puppet_server_map: - {{matrix_server_name}}: {{synapse_domain}} + {{matrix_server_name}}: {{domains.matrix_synapse}} # Allow using double puppeting from any server with a valid client .well-known file. double_puppet_allow_discovery: false # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth diff --git a/roles/docker-matrix-compose/templates/mautrix/instagram.config.yml.j2 b/roles/docker-matrix-compose/templates/mautrix/instagram.config.yml.j2 index 912f3491..18413e1b 100644 --- a/roles/docker-matrix-compose/templates/mautrix/instagram.config.yml.j2 +++ b/roles/docker-matrix-compose/templates/mautrix/instagram.config.yml.j2 @@ -134,7 +134,7 @@ bridge: double_puppet_allow_discovery: false # Servers to allow double puppeting from, even if double_puppet_allow_discovery is false. double_puppet_server_map: - {{matrix_server_name}}: https://{{synapse_domain}} + {{matrix_server_name}}: https://{{domains.matrix_synapse}} # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth # # If set, custom puppets will be enabled automatically for local users diff --git a/roles/docker-matrix-compose/templates/mautrix/signal.config.yml.j2 b/roles/docker-matrix-compose/templates/mautrix/signal.config.yml.j2 index 35f98059..af921720 100644 --- a/roles/docker-matrix-compose/templates/mautrix/signal.config.yml.j2 +++ b/roles/docker-matrix-compose/templates/mautrix/signal.config.yml.j2 @@ -141,7 +141,7 @@ bridge: federate_rooms: true # Servers to always allow double puppeting from double_puppet_server_map: - {{matrix_server_name}}: https://{{synapse_domain}} + {{matrix_server_name}}: https://{{domains.matrix_synapse}} # Allow using double puppeting from any server with a valid client .well-known file. double_puppet_allow_discovery: false # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth diff --git a/roles/docker-matrix-compose/templates/mautrix/slack.config.yml.j2 b/roles/docker-matrix-compose/templates/mautrix/slack.config.yml.j2 index d4f6e9fd..e10e6151 100644 --- a/roles/docker-matrix-compose/templates/mautrix/slack.config.yml.j2 +++ b/roles/docker-matrix-compose/templates/mautrix/slack.config.yml.j2 @@ -118,7 +118,7 @@ bridge: # Servers to always allow double puppeting from double_puppet_server_map: - {{matrix_server_name}}: https://{{synapse_domain}} + {{matrix_server_name}}: https://{{domains.matrix_synapse}} # Allow using double puppeting from any server with a valid client .well-known file. double_puppet_allow_discovery: false # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth diff --git a/roles/docker-matrix-compose/templates/mautrix/telegram.config.yml.j2 b/roles/docker-matrix-compose/templates/mautrix/telegram.config.yml.j2 index 9b970304..a31bacf3 100644 --- a/roles/docker-matrix-compose/templates/mautrix/telegram.config.yml.j2 +++ b/roles/docker-matrix-compose/templates/mautrix/telegram.config.yml.j2 @@ -198,7 +198,7 @@ bridge: sync_direct_chat_list: false # Servers to always allow double puppeting from double_puppet_server_map: - {{matrix_server_name}}: https://{{synapse_domain}} + {{matrix_server_name}}: https://{{domains.matrix_synapse}} # Allow using double puppeting from any server with a valid client .well-known file. double_puppet_allow_discovery: false # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth diff --git a/roles/docker-matrix-compose/templates/mautrix/whatsapp.config.yml.j2 b/roles/docker-matrix-compose/templates/mautrix/whatsapp.config.yml.j2 index 29d4fe75..8bfb1bba 100644 --- a/roles/docker-matrix-compose/templates/mautrix/whatsapp.config.yml.j2 +++ b/roles/docker-matrix-compose/templates/mautrix/whatsapp.config.yml.j2 @@ -236,7 +236,7 @@ bridge: force_active_delivery_receipts: false # Servers to always allow double puppeting from double_puppet_server_map: - {{matrix_server_name}}: https://{{synapse_domain}} + {{matrix_server_name}}: https://{{domains.matrix_synapse}} # Allow using double puppeting from any server with a valid client .well-known file. double_puppet_allow_discovery: false # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth diff --git a/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2 b/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2 index 9ba72476..50d13eca 100644 --- a/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2 +++ b/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2 @@ -24,8 +24,8 @@ report_stats: true macaroon_secret_key: "{{matrix_macaroon_secret_key}}" form_secret: "{{matrix_form_secret}}" signing_key_path: "/data/{{domains.matrix_synapse}}.signing.key" -web_client_location: "https://{{element_domain}}" -public_baseurl: "https://{{synapse_domain}}" +web_client_location: "https://{{domains.matrix_element}}" +public_baseurl: "https://{{domains.matrix_synapse}}" trusted_key_servers: - server_name: "matrix.org" admin_contact: 'mailto:{{administrator_email}}' @@ -39,7 +39,7 @@ email: #require_transport_security: true enable_tls: "{{ system_email.tls | upper }}" notif_from: "Your Friendly %(app)s homeserver <{{system_email.from}}>" - app_name: "Matrix on {{synapse_domain}}" + app_name: "Matrix on {{domains.matrix_synapse}}" enable_notifs: true notif_for_new_users: false client_base_url: "{{domains.matrix_synapse}}" diff --git a/roles/docker-matrix-compose/templates/synapse/log.config.j2 b/roles/docker-matrix-compose/templates/synapse/log.config.j2 index e8a842b5..7a9db843 100644 --- a/roles/docker-matrix-compose/templates/synapse/log.config.j2 +++ b/roles/docker-matrix-compose/templates/synapse/log.config.j2 @@ -8,7 +8,7 @@ handlers: file: class: logging.handlers.RotatingFileHandler formatter: precise - filename: /data/{{synapse_domain}}.homeserver.log + filename: /data/{{domains.matrix_synapse}}.homeserver.log maxBytes: 10485760 backupCount: 3 console: diff --git a/roles/docker-matrix-compose/templates/well-known.j2 b/roles/docker-matrix-compose/templates/well-known.j2 index 82134905..2deef963 100644 --- a/roles/docker-matrix-compose/templates/well-known.j2 +++ b/roles/docker-matrix-compose/templates/well-known.j2 @@ -1,3 +1,3 @@ { - "m.server": "{{synapse_domain}}:443" + "m.server": "{{domains.matrix_synapse}}:443" } \ No newline at end of file diff --git a/roles/docker-matrix-compose/vars/main.yml b/roles/docker-matrix-compose/vars/main.yml index bef799da..33c767e6 100644 --- a/roles/docker-matrix-compose/vars/main.yml +++ b/roles/docker-matrix-compose/vars/main.yml @@ -1,9 +1,9 @@ --- -docker_compose_project_name: "matrix" -database_password: "{{matrix_database_password}}" -database_type: "postgres" -registration_file_folder: "/data/" -well_known_directory: "{{nginx_well_known_root}}/matrix/" +application_id: "matrix" +database_password: "{{matrix_database_password}}" +database_type: "postgres" +registration_file_folder: "/data/" +well_known_directory: "{{nginx_well_known_root}}/matrix/" bridges: - database_password: "{{ mautrix_whatsapp_bridge_database_password }}" diff --git a/roles/docker-mediawiki/vars/main.yml b/roles/docker-mediawiki/vars/main.yml index 9ab83cf3..113081fc 100644 --- a/roles/docker-mediawiki/vars/main.yml +++ b/roles/docker-mediawiki/vars/main.yml @@ -1,3 +1,3 @@ -docker_compose_project_name: "mediawiki" -database_password: "{{mediawiki_database_password}}" -database_type: "mariadb" \ No newline at end of file +application_id: "mediawiki" +database_password: "{{mediawiki_database_password}}" +database_type: "mariadb" \ No newline at end of file diff --git a/roles/docker-moodle/vars/main.yml b/roles/docker-moodle/vars/main.yml index a030f491..1e2ac917 100644 --- a/roles/docker-moodle/vars/main.yml +++ b/roles/docker-moodle/vars/main.yml @@ -1,4 +1,4 @@ --- -docker_compose_project_name: "moodle" -database_password: "{{moodle_database_password}}" -database_type: "mariadb" \ No newline at end of file +application_id: "moodle" +database_password: "{{moodle_database_password}}" +database_type: "mariadb" \ No newline at end of file diff --git a/roles/docker-mybb/README.md b/roles/docker-mybb/README.md index 95fe672d..27d0bb88 100644 --- a/roles/docker-mybb/README.md +++ b/roles/docker-mybb/README.md @@ -22,12 +22,12 @@ This guide describes the process of manually installing MyBB plugins in your Doc - Download the desired MyBB plugin zip files. 2. **Copy plugin to host:** - - ```bash scp administrator@:/home/administrator/docker-compose/mybb/plugins``` + - ```bash scp administrator@:/opt/docker/mybb/plugins``` 3. **Unzip Plugin Files on the Host:** - Unzip the plugin zip files in the host's plugin directory: ```bash - unzip /home/administrator/docker-compose/mybb/plugins/.zip -d /home/administrator/docker-compose/mybb/plugins/ + unzip /opt/docker/mybb/plugins/.zip -d /opt/docker/mybb/plugins/ ``` - Replace `.zip` with the name of the plugin zip file. - Repeat this step for each plugin. @@ -38,7 +38,7 @@ This guide describes the process of manually installing MyBB plugins in your Doc 5. **Copy Unzipped Plugin Files to the Container:** - Copy the unzipped plugin files from the host directory to the Docker container: ```bash - docker compose cp /home/administrator/docker-compose/mybb/plugins/ application:/var/www/html/inc/plugins/ + docker compose cp /opt/docker/mybb/plugins/ application:/var/www/html/inc/plugins/ ``` - Replace `` with the name of the unzipped plugin folder. diff --git a/roles/docker-mybb/vars/main.yml b/roles/docker-mybb/vars/main.yml index a6e6db9b..09f48d03 100644 --- a/roles/docker-mybb/vars/main.yml +++ b/roles/docker-mybb/vars/main.yml @@ -1,5 +1,5 @@ --- -docker_compose_project_name: "mybb" +application_id: "mybb" docker_compose_instance_confd_directory: "{{docker_compose_instance_directory}}conf.d/" docker_compose_instance_confd_defaultconf_file: "{{docker_compose_instance_confd_directory}}default.conf" target_mount_conf_d_directory: "{{nginx_servers_directory}}" diff --git a/roles/docker-nextcloud/vars/main.yml b/roles/docker-nextcloud/vars/main.yml index ce2499c3..5197aca5 100644 --- a/roles/docker-nextcloud/vars/main.yml +++ b/roles/docker-nextcloud/vars/main.yml @@ -1,5 +1,5 @@ --- -docker_compose_project_name: "nextcloud" +application_id: "nextcloud" database_password: "{{nextcloud_database_password}}" database_type: "mariadb" nextcloud_application_container_name: "nextcloud-application" \ No newline at end of file diff --git a/roles/docker-oauth2-proxy/templates/container.yml.j2 b/roles/docker-oauth2-proxy/templates/container.yml.j2 index 4e3f90bc..ebf5b258 100644 --- a/roles/docker-oauth2-proxy/templates/container.yml.j2 +++ b/roles/docker-oauth2-proxy/templates/container.yml.j2 @@ -4,7 +4,7 @@ command: --config /oauth2-proxy.cfg hostname: oauth2-proxy ports: - - {{oauth2_proxy_port}}:4180/tcp + - {{ports.localhost.oauth2_proxy_ports[application_id]}}:4180/tcp volumes: - "./{{oauth2_configuration_file}}:/oauth2-proxy.cfg" {% include 'templates/docker/container/networks.yml.j2' %} \ No newline at end of file diff --git a/roles/docker-openproject/vars/main.yml b/roles/docker-openproject/vars/main.yml index 1359cf13..092daf48 100644 --- a/roles/docker-openproject/vars/main.yml +++ b/roles/docker-openproject/vars/main.yml @@ -1,5 +1,5 @@ -docker_compose_project_name: "openproject" -repository_directory: "{{ path_docker_compose_instances }}{{docker_compose_project_name}}/" +application_id: "openproject" +repository_directory: "{{ path_docker_compose_instances }}{{application_id}}/" docker_compose_instance_directory: "{{repository_directory}}compose/" repository_address: "https://github.com/opf/openproject-deploy" database_password: "{{openproject_database_password}}" diff --git a/roles/docker-peertube/tasks/main.yml b/roles/docker-peertube/tasks/main.yml index ce9a2556..92b4ae5e 100644 --- a/roles/docker-peertube/tasks/main.yml +++ b/roles/docker-peertube/tasks/main.yml @@ -4,7 +4,7 @@ - name: "include create-domains.yml" include_tasks: create-domains.yml - loop: "{{ peertube_domains }}" + loop: "{{ [domain] + domains.peertube_alternates }}" loop_control: loop_var: domain diff --git a/roles/docker-peertube/vars/main.yml b/roles/docker-peertube/vars/main.yml index eb05bda5..5e741448 100644 --- a/roles/docker-peertube/vars/main.yml +++ b/roles/docker-peertube/vars/main.yml @@ -1,3 +1,3 @@ -docker_compose_project_name: "peertube" -database_type: "postgres" -database_password: "{{peertube_database_password}}" \ No newline at end of file +application_id: "peertube" +database_type: "postgres" +database_password: "{{peertube_database_password}}" \ No newline at end of file diff --git a/roles/docker-phpmyadmin/vars/main.yml b/roles/docker-phpmyadmin/vars/main.yml index 0d7adec5..b92969f3 100644 --- a/roles/docker-phpmyadmin/vars/main.yml +++ b/roles/docker-phpmyadmin/vars/main.yml @@ -1,5 +1,5 @@ -docker_compose_project_name: "phpmyadmin" -database_type: "mariadb" -database_host: "{{ 'central-' + database_type if enable_central_database}}" +application_id: "phpmyadmin" +database_type: "mariadb" +database_host: "{{ 'central-' + database_type if enable_central_database}}" # OAuth2 Proxy Configuration -oauth2_proxy_active: true \ No newline at end of file +oauth2_proxy_active: true \ No newline at end of file diff --git a/roles/docker-pixelfed/vars/main.yml b/roles/docker-pixelfed/vars/main.yml index 0409d38c..0f9129f1 100644 --- a/roles/docker-pixelfed/vars/main.yml +++ b/roles/docker-pixelfed/vars/main.yml @@ -1,4 +1,4 @@ -docker_compose_project_name: "pixelfed" +application_id: "pixelfed" nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size 512M;" database_type: "mariadb" database_password: "{{pixelfed_database_password}}" diff --git a/roles/docker-portfolio/vars/main.yml b/roles/docker-portfolio/vars/main.yml index 2eeb2994..fc2605e4 100644 --- a/roles/docker-portfolio/vars/main.yml +++ b/roles/docker-portfolio/vars/main.yml @@ -1,2 +1,2 @@ -docker_compose_project_name: "portfolio" -repository_address: "https://github.com/kevinveenbirkenbach/portfolio" +application_id: "portfolio" +repository_address: "https://github.com/kevinveenbirkenbach/portfolio" diff --git a/roles/docker-roulette-wheel/vars/main.yml b/roles/docker-roulette-wheel/vars/main.yml index 57f29caa..079fedb7 100644 --- a/roles/docker-roulette-wheel/vars/main.yml +++ b/roles/docker-roulette-wheel/vars/main.yml @@ -1,2 +1,2 @@ -docker_compose_project_name: "roulette-wheel" -app_path: "{{docker_compose_instance_directory}}/app/" \ No newline at end of file +application_id: "roulette-wheel" +app_path: "{{docker_compose_instance_directory}}/app/" \ No newline at end of file diff --git a/roles/docker-taiga/vars/main.yml b/roles/docker-taiga/vars/main.yml index a93122fc..e2b22693 100644 --- a/roles/docker-taiga/vars/main.yml +++ b/roles/docker-taiga/vars/main.yml @@ -1,4 +1,4 @@ -docker_compose_project_name: "taiga" -database_type: "postgres" -database_password: "{{taiga_database_password}}" -repository_address: "https://github.com/taigaio/taiga-docker" +application_id: "taiga" +database_type: "postgres" +database_password: "{{taiga_database_password}}" +repository_address: "https://github.com/taigaio/taiga-docker" diff --git a/roles/docker-wordpress/tasks/main.yml b/roles/docker-wordpress/tasks/main.yml index 3efc9dd5..482ce014 100644 --- a/roles/docker-wordpress/tasks/main.yml +++ b/roles/docker-wordpress/tasks/main.yml @@ -4,7 +4,7 @@ - name: "include tasks nginx-docker-proxy-domain.yml" include_tasks: nginx-docker-proxy-domain.yml - loop: "{{ wordpress_domains }}" + loop: "{{ domains.wordpress }}" loop_control: loop_var: domain vars: diff --git a/roles/docker-wordpress/vars/main.yml b/roles/docker-wordpress/vars/main.yml index d6efe84f..736ce6b9 100644 --- a/roles/docker-wordpress/vars/main.yml +++ b/roles/docker-wordpress/vars/main.yml @@ -1,4 +1,4 @@ -docker_compose_project_name: "wordpress" -wordpress_max_upload_size: "64M" -database_type: "mariadb" -database_password: "{{wordpress_database_password}}" \ No newline at end of file +application_id: "wordpress" +wordpress_max_upload_size: "64M" +database_type: "mariadb" +database_password: "{{wordpress_database_password}}" \ No newline at end of file diff --git a/roles/docker-yourls/vars/main.yml b/roles/docker-yourls/vars/main.yml index d9d168b3..812bb740 100644 --- a/roles/docker-yourls/vars/main.yml +++ b/roles/docker-yourls/vars/main.yml @@ -1,3 +1,3 @@ -docker_compose_project_name: "yourls" -database_type: "mariadb" -database_password: "{{yourls_database_password}}" \ No newline at end of file +application_id: "yourls" +database_type: "mariadb" +database_password: "{{yourls_database_password}}" \ No newline at end of file diff --git a/roles/heal-docker/files/heal-docker.py b/roles/heal-docker/files/heal-docker.py index b11a0374..4d70e49b 100644 --- a/roles/heal-docker/files/heal-docker.py +++ b/roles/heal-docker/files/heal-docker.py @@ -1,28 +1,25 @@ #!/bin/python # -# restart docker-compose configurations who have exited or unhealthy containers +# Restart Docker-Compose configurations with exited or unhealthy containers # import subprocess import time import os - -errors = 0 +import argparse def bash(command): print(command) process = subprocess.Popen([command], stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) out, err = process.communicate() stdout = out.splitlines() - output = [] - for line in stdout: - output.append(line.decode("utf-8")) + output = [line.decode("utf-8") for line in stdout] if process.wait() > bool(0): print(command, out, err) - raise Exception("Exitcode is greater then 0") + raise Exception("Exitcode is greater than 0") return output -def list_to_string(list): - return str(' '.join(list)) +def list_to_string(lst): + return ' '.join(lst) def print_bash(command): output = bash(command) @@ -31,44 +28,49 @@ def print_bash(command): def find_docker_compose_file(directory): for root, _, files in os.walk(directory): - for file in files: - if file == 'docker-compose.yml': - return os.path.join(root, file) + if 'docker-compose.yml' in files: + return os.path.join(root, 'docker-compose.yml') return None -waiting_time=600 -blocker_running=True -while blocker_running: - try: - bash("systemctl is-active --quiet backup-docker-to-local.cymais.service") - bash("systemctl is-active --quiet update-docker.cymais.service") - print("backup is running.") - print("trying again in " + str(waiting_time) + " seconds.") - time.sleep(waiting_time) - except: - blocker_running=False - print("No blocking service is running.") - -unhealthy_container_names=print_bash('docker ps --filter health=unhealthy --format \'{{.Names}}\'') -exited_container_names=print_bash('docker ps --filter status=exited --format \'{{.Names}}\'') -failed_containers=unhealthy_container_names + exited_container_names - -unfiltered_failed_docker_compose_repositories=[] -for failed_container in failed_containers: - unfiltered_failed_docker_compose_repositories.append(failed_container.split('-')[0]) - -filtered_failed_docker_compose_repositories=list(dict.fromkeys(unfiltered_failed_docker_compose_repositories)) - -for filtered_failed_docker_compose_repository in filtered_failed_docker_compose_repositories: - compose_file_path = find_docker_compose_file('/home/administrator/docker-compose/' + filtered_failed_docker_compose_repository) +def main(base_directory): + errors = 0 + waiting_time = 600 + blocker_running = True - if compose_file_path: - print("Restarting unhealthy container in:", compose_file_path) - # Propably the cd is not necessary. But in rare cases it could be. To lazzy to test it now. - print_bash(f'cd {os.path.dirname(compose_file_path)} && docker-compose -p "{filtered_failed_docker_compose_repository}" restart') - else: - print("Error: Docker Compose file not found for:", filtered_failed_docker_compose_repository) - errors += 1 + while blocker_running: + try: + bash("systemctl is-active --quiet backup-docker-to-local.cymais.service") + bash("systemctl is-active --quiet update-docker.cymais.service") + print("Backup is running.") + print(f"Trying again in {waiting_time} seconds.") + time.sleep(waiting_time) + except: + blocker_running = False + print("No blocking service is running.") + + unhealthy_container_names = print_bash("docker ps --filter health=unhealthy --format '{{.Names}}'") + exited_container_names = print_bash("docker ps --filter status=exited --format '{{.Names}}'") + failed_containers = unhealthy_container_names + exited_container_names + + unfiltered_failed_docker_compose_repositories = [container.split('-')[0] for container in failed_containers] + filtered_failed_docker_compose_repositories = list(dict.fromkeys(unfiltered_failed_docker_compose_repositories)) + + for repo in filtered_failed_docker_compose_repositories: + compose_file_path = find_docker_compose_file(os.path.join(base_directory, repo)) + + if compose_file_path: + print("Restarting unhealthy container in:", compose_file_path) + print_bash(f'cd {os.path.dirname(compose_file_path)} && docker-compose -p "{repo}" restart') + else: + print("Error: Docker Compose file not found for:", repo) + errors += 1 + + print("Finished restart procedure.") + exit(errors) -print("finished restart procedure.") -exit(errors) \ No newline at end of file +if __name__ == "__main__": + parser = argparse.ArgumentParser(description="Restart Docker-Compose configurations with exited or unhealthy containers.") + parser.add_argument("base_directory", type=str, help="Base directory where Docker Compose configurations are located.") + args = parser.parse_args() + + main(args.base_directory) \ No newline at end of file diff --git a/roles/heal-docker/templates/heal-docker.service.j2 b/roles/heal-docker/templates/heal-docker.service.j2 index 77d64a41..b50935eb 100644 --- a/roles/heal-docker/templates/heal-docker.service.j2 +++ b/roles/heal-docker/templates/heal-docker.service.j2 @@ -5,4 +5,4 @@ OnFailure=systemd-notifier.cymais@%n.service [Service] Type=oneshot ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_lock_script }} {{ system_maintenance_services | join(' ') }} --ignore {{system_maintenance_cleanup_services| join(' ') }} heal-docker --timeout "{{system_maintenance_lock_timeout_heal_docker}}"' -ExecStart=/bin/sh -c '/bin/python {{heal_docker}}heal-docker.py' \ No newline at end of file +ExecStart=/bin/sh -c '/bin/python {{heal_docker}}heal-docker.py {{path_docker_compose_instances}}' \ No newline at end of file diff --git a/roles/nginx-docker-cert-deploy/handlers/main.yml b/roles/nginx-docker-cert-deploy/handlers/main.yml index bc5f1bdc..05b3cb28 100644 --- a/roles/nginx-docker-cert-deploy/handlers/main.yml +++ b/roles/nginx-docker-cert-deploy/handlers/main.yml @@ -1,7 +1,7 @@ --- - name: "restart nginx-docker-cert-deploy.cymais.service" systemd: - name: nginx-docker-cert-deploy.{{docker_compose_project_name}}.cymais.service + name: nginx-docker-cert-deploy.{{application_id}}.cymais.service state: restarted enabled: yes daemon_reload: yes \ No newline at end of file diff --git a/roles/nginx-docker-cert-deploy/tasks/main.yml b/roles/nginx-docker-cert-deploy/tasks/main.yml index b104de04..3599f9e8 100644 --- a/roles/nginx-docker-cert-deploy/tasks/main.yml +++ b/roles/nginx-docker-cert-deploy/tasks/main.yml @@ -18,7 +18,7 @@ - name: configure nginx-docker-cert-deploy.cymais.service template: src: "nginx-docker-cert-deploy.service.j2" - dest: "/etc/systemd/system/nginx-docker-cert-deploy.{{docker_compose_project_name}}.cymais.service" + dest: "/etc/systemd/system/nginx-docker-cert-deploy.{{application_id}}.cymais.service" notify: restart nginx-docker-cert-deploy.cymais.service - name: "include role for systemd-timer for {{service_name}}" @@ -26,5 +26,5 @@ name: systemd-timer vars: on_calendar: "{{on_calendar_deploy_certificates}}" - service_name: "nginx-docker-cert-deploy.{{docker_compose_project_name}}" + service_name: "nginx-docker-cert-deploy.{{application_id}}" persistent: "true" \ No newline at end of file diff --git a/roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 b/roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 index 56c07ef2..6b261601 100644 --- a/roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 +++ b/roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 @@ -13,7 +13,7 @@ server # OAuth2-Proxy-Endpoint location /oauth2/ { - proxy_pass http://127.0.0.1:{{oauth2_proxy_port}}; + proxy_pass http://127.0.0.1:{{ports.localhost.oauth2_proxy_ports[application_id]}}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/tasks/update-repository-with-files.yml b/tasks/update-repository-with-files.yml index f6ac6c03..8c1575c6 100644 --- a/tasks/update-repository-with-files.yml +++ b/tasks/update-repository-with-files.yml @@ -5,7 +5,7 @@ - name: "backup detached files" command: > - mv "{{docker_compose_instance_directory}}{{ item }}" "/tmp/{{docker_compose_project_name}}-{{ item }}.backup" + mv "{{docker_compose_instance_directory}}{{ item }}" "/tmp/{{application_id}}-{{ item }}.backup" args: removes: "{{docker_compose_instance_directory}}{{ item }}" become: true @@ -28,9 +28,9 @@ - name: "restore detached files" command: > - mv "/tmp/{{docker_compose_project_name}}-{{ item }}.backup" "{{docker_compose_instance_directory}}{{ item }}" + mv "/tmp/{{application_id}}-{{ item }}.backup" "{{docker_compose_instance_directory}}{{ item }}" args: - removes: "/tmp/{{docker_compose_project_name}}-{{ item }}.backup" + removes: "/tmp/{{application_id}}-{{ item }}.backup" become: true loop: "{{ merged_detached_files | default(detached_files) }}" diff --git a/templates/docker/services/mariadb.yml.j2 b/templates/docker/services/mariadb.yml.j2 index a3df665c..2bfc57c0 100644 --- a/templates/docker/services/mariadb.yml.j2 +++ b/templates/docker/services/mariadb.yml.j2 @@ -1,7 +1,7 @@ # This template needs to be included in docker-compose.yml, which depend on a mariadb database {% if not enable_central_database | bool %} database: - container_name: {{docker_compose_project_name}}-database + container_name: {{application_id}}-database logging: driver: journald image: mariadb diff --git a/templates/docker/services/postgres.yml.j2 b/templates/docker/services/postgres.yml.j2 index a20e0078..69c49af8 100644 --- a/templates/docker/services/postgres.yml.j2 +++ b/templates/docker/services/postgres.yml.j2 @@ -2,7 +2,7 @@ {% if not enable_central_database | bool %} database: image: postgres:{{postgres_database_version}}-alpine - container_name: {{docker_compose_project_name}}-database + container_name: {{application_id}}-database environment: - POSTGRES_PASSWORD={{database_password}} - POSTGRES_USER={{database_username}} diff --git a/templates/docker/services/redis.yml.j2 b/templates/docker/services/redis.yml.j2 index 8f4bfeb4..b725d3f5 100644 --- a/templates/docker/services/redis.yml.j2 +++ b/templates/docker/services/redis.yml.j2 @@ -1,7 +1,7 @@ # This template needs to be included in docker-compose.yml, which depend on redis redis: image: redis:alpine - container_name: {{docker_compose_project_name}}-redis + container_name: {{application_id}}-redis restart: {{docker_restart_policy}} logging: driver: journald diff --git a/vars/docker-database.yml.j2 b/vars/docker-database.yml.j2 index e4a5bef2..ddfc48c8 100644 --- a/vars/docker-database.yml.j2 +++ b/vars/docker-database.yml.j2 @@ -1,5 +1,5 @@ -database_instance: "{{ 'central-' + database_type if enable_central_database | bool else docker_compose_project_name }}" +database_instance: "{{ 'central-' + database_type if enable_central_database | bool else application_id }}" database_host: "{{ 'central-' + database_type if enable_central_database | bool else 'database' }}" -database_name: "{{ docker_compose_project_name }}" -database_username: "{{ docker_compose_project_name }}" +database_name: "{{ application_id }}" +database_username: "{{ application_id }}" database_port: "{{ 3306 if database_type == 'mariadb' else 5432 }}" \ No newline at end of file