Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation

roles/web-app-funkwhale/Administration.md

@@ -0,0 +1,64 @@
+# Administration
+
+## cleanup
+
+```bash
+docker-compose down && docker volume rm funkwhale_data
+```
+
+## create admin account
+```bash
+docker compose exec -T api funkwhale-manage fw users create --superuser
+```
+
+## ldap debugging
+```bash
+docker compose exec -T api funkwhale-manage shell
+
+import logging
+logging.basicConfig(level=logging.DEBUG)
+
+
+from django.contrib.auth import authenticate
+user = authenticate(username="kevinveenbirkenbach", password="DEINPASSWORT")
+print(user)
+
+
+#######
+from django_auth_ldap.backend import LDAPBackend
+from django_auth_ldap.config import LDAPSearch
+from ldap import initialize
+
+# Zugriff auf deine Funkwhale-Einstellungen
+import django.conf
+settings = django.conf.settings
+
+# Verbindung aufbauen
+conn = initialize(settings.AUTH_LDAP_SERVER_URI)
+conn.simple_bind_s(settings.AUTH_LDAP_BIND_DN, settings.AUTH_LDAP_BIND_PASSWORD)
+
+# Benutzername einsetzen
+username = "kevinveenbirkenbach"
+
+# Search-Filter einsetzen
+search_filter = settings.AUTH_LDAP_USER_SEARCH.search_filter.format(username)
+base_dn = settings.AUTH_LDAP_USER_SEARCH.base_dn
+scope = settings.AUTH_LDAP_USER_SEARCH.scope
+
+# Suche durchführen
+results = conn.search_s(base_dn, scope, search_filter)
+
+print(results)
+
+##########
+
+from django.conf import settings
+
+print("LDAP Server URI:", settings.AUTH_LDAP_SERVER_URI)
+print("Bind DN:", settings.AUTH_LDAP_BIND_DN)
+print("Bind Password:", settings.AUTH_LDAP_BIND_PASSWORD)
+print("Search Base:", settings.AUTH_LDAP_USER_SEARCH.base_dn)
+print("Search Filter:", settings.AUTH_LDAP_USER_SEARCH.search_filter)
+print("User Attr Map:", settings.AUTH_LDAP_USER_ATTR_MAP)
+
+```

roles/web-app-funkwhale/README.md

@@ -0,0 +1,27 @@
+# Funkwhale
+
+## Description
+
+Dive into a world of rhythm and sound with [Funkwhale](https://www.funkwhale.audio/), an innovative self-hosted music sharing platform that celebrates creativity and community. Experience an energetic soundscape and seamless music streaming that amplifies your passion for tunes.
+
+## Overview
+
+This role deploys Funkwhale using Docker. It orchestrates multiple services—including the API, Frontend, Celery Worker, Celery Beat, and Typesense—integrating with centralized PostgreSQL and Redis services for a fully containerized music sharing experience.
+
+For detailed usage and configuration, please refer to the [Administration.md](./Administration.md) file.
+
+## Features
+
+- **Self-hosted Music Sharing:** Enjoy a secure and private platform to share and stream your favorite tunes.
+- **Scalable Service Architecture:** Leverage the robust orchestration of multiple services to power your Funkwhale instance.
+- **Centralized Data Management:** Benefit from integrated PostgreSQL and Redis, ensuring smooth and efficient operation.
+- **Customizable Media Handling:** Configure media roots, static assets, and music directories tailored to your deployment.
+- **User-Friendly Configuration:** Manage your instance effortlessly using environment variables and Docker Compose templates.
+
+## Credits
+
+Developed and maintained by **Kevin Veen-Birkenbach**.  
+Learn more at [veen.world](https://www.veen.world).
+
+Part of the [CyMaIS Project](https://github.com/kevinveenbirkenbach/cymais)  
+Licensed under [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl).

roles/web-app-funkwhale/meta/main.yml

@@ -0,0 +1,25 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Dive into a world of rhythm and sound with Funkwhale, an innovative self-hosted music sharing platform that celebrates creativity and community. Enjoy an energetic soundscape and seamless music streaming that amplifies your passion for tunes."
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: |
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  galaxy_tags:
+    - funkwhale
+    - docker
+    - music
+    - self-hosted
+  repository: https://s.veen.world/cymais
+  issue_tracker_url: https://s.veen.world/cymaisissues
+  documentation: https://s.veen.world/cymais
+  logo:
+    class: "fa-solid fa-music"
+  run_after:
+    - web-app-matomo
+    - web-app-keycloak
+    - web-app-mailu
+    - service-openldap

roles/web-app-funkwhale/meta/schema.yml

@@ -0,0 +1,5 @@
+credentials:
+  django_secret:
+    description: "Django SECRET_KEY used for cryptographic signing"
+    algorithm: "sha256"
+    validation: "^[a-f0-9]{64}$"

roles/web-app-funkwhale/tasks/main.yml

@@ -0,0 +1,13 @@
+---
+- name: "include service-rdbms-central"
+  include_role: 
+    name: service-rdbms-central
+
+- name: "include role webserver-proxy-domain for {{application_id}}"
+  include_role:
+    name: webserver-proxy-domain
+  vars:
+    domain:   "{{ domains | get_domain(application_id) }}"
+    http_port:   "{{ ports.localhost.http[application_id] }}"
+
+

roles/web-app-funkwhale/templates/docker-compose.yml.j2

@@ -0,0 +1,69 @@
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
+  celeryworker:
+    # Celery workers handle background tasks (such file imports or federation
+    # messaging). The more processes a worker gets, the more tasks
+    # can be processed in parallel. However, more processes also means
+    # a bigger memory footprint.
+    # By default, a worker will span a number of process equal to your number
+    # of CPUs. You can adjust this, by explicitly setting the --concurrency
+    # flag:
+    #   celery -A funkwhale_api.taskapp worker -l INFO --concurrency=4
+{% include 'roles/docker-container/templates/base.yml.j2' %}
+    image: "{{ applications | get_docker_image(application_id,'api') }}"
+    command: celery -A funkwhale_api.taskapp worker -l INFO --concurrency={{celeryd_concurrency}}
+    environment:
+      - C_FORCE_ROOT=true
+    volumes:
+      - "data:{{funkwhale_media_root}}"
+      - "music:{{funkwhale_music_directory_path}}:ro"
+{% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+
+  celerybeat:
+{% include 'roles/docker-container/templates/base.yml.j2' %}
+    image: "{{ applications | get_docker_image(application_id,'api') }}"
+    command: celery -A funkwhale_api.taskapp beat --pidfile= -l INFO
+{% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+
+  api:
+{% include 'roles/docker-container/templates/base.yml.j2' %}
+    image: "{{ applications | get_docker_image(application_id,'api') }}"
+    volumes:
+      - "music:{{funkwhale_music_directory_path}}:ro"
+      - "data:{{funkwhale_media_root}}"
+      - "funkwhale_static_root:{{funkwhale_static_root}}"
+    ports:
+      - "{{ funkwhale_docker_api_port }}"
+{% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+
+  front:
+{% include 'roles/docker-container/templates/base.yml.j2' %}
+    image: "{{ applications | get_docker_image(application_id,'front') }}"
+    depends_on:
+      - api
+    environment:
+      - "NGINX_MAX_BODY_SIZE=100M"
+    volumes:
+      - "data:{{funkwhale_media_root}}:ro"
+      #- "{{funkwhale_static_root}}:{{funkwhale_static_root}}:ro"
+    ports:
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
+  
+  typesense:
+{% include 'roles/docker-container/templates/base.yml.j2' %}
+    image: "{{ applications[application_id].docker.images.typesense }}"
+    volumes:
+      - ./typesense/data:/data
+    command: --data-dir /data --enable-cors
+    profiles:
+      - typesense
+
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
+  data:
+  funkwhale_static_root:
+  redis:
+  music:
+
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}

roles/web-app-funkwhale/templates/env.j2

@@ -0,0 +1,123 @@
+# If you have any doubts about what a setting does,
+# @see https://docs.funkwhale.audio/configuration.html#configuration-reference
+# @see https://docs.funkwhale.audio/administrator/configuration/env-file.html
+
+# If you're tweaking this file from the template, ensure you edit at least the
+# following variables:
+# - EMAIL_CONFIG and DEFAULT_FROM_EMAIL if you plan to send e-mails)
+# On non-docker setup **only**, you'll also have to tweak/uncomment those variables:
+# - DATABASE_URL
+# - CACHE_URL
+#
+# You **don't** need to update those variables on pure docker setups.
+#
+# Additional options you may want to check:
+# - MUSIC_DIRECTORY_PATH and MUSIC_DIRECTORY_SERVE_PATH if you plan to use
+#   in-place import
+#
+# Docker only
+# -----------
+MUSIC_DIRECTORY_PATH={{funkwhale_music_directory_path}}
+
+# End of web-app-only configuration
+
+# General configuration
+# ---------------------
+# Assuming that the following variable isn't used anymore. 
+# @todo remove it if this is true
+FUNKWHALE_API_IP=127.0.0.1
+# Assuming that the following variable isn't used anymore. 
+# @todo remove it if this is true
+FUNKWHALE_API_PORT={{ funkwhale_docker_api_port }}
+
+# The number of web workers to start in parallel. Higher means you can handle
+# more concurrent requests, but also leads to higher CPU/Memory usage
+FUNKWHALE_WEB_WORKERS=4
+# Replace this by the definitive, public domain you will use for
+# your instance. It cannot be changed after initial deployment
+# without breaking your instance.
+FUNKWHALE_HOSTNAME={{domains | get_domain(application_id)}}
+FUNKWHALE_PROTOCOL={{ web_protocol }}
+
+# Log level (debug, info, warning, error, critical)
+LOGLEVEL={% if enable_debug | bool %}debug{% else %}error{% endif %}
+
+# Could be that this is redundant
+DJANGO_LOGLEVEL={% if enable_debug | bool %}debug{% else %}error{% endif %}
+
+# Configure e-mail sending using this variale
+# By default, funkwhale will output e-mails sent to stdout
+# here are a few examples for this setting
+# EMAIL_CONFIG=consolemail://         # output e-mails to console (the default)
+# EMAIL_CONFIG=dummymail://          # disable e-mail sending completely
+# On a production instance, you'll usually want to use an external SMTP server:
+# If `user` or `password` contain special characters (eg.
+# `noreply@youremail.host` as `user`), be sure to urlencode them, using
+# for example the command:
+# `python3 -c 'import urllib.parse; print(urllib.parse.quote_plus
+# ("noreply@youremail.host"))'`
+# (returns `noreply%40youremail.host`)
+# EMAIL_CONFIG=smtp://user:password@youremail.host:25
+# EMAIL_CONFIG=smtp+ssl://user:password@youremail.host:465
+EMAIL_CONFIG=smtp+tls://{{ users['no-reply'].username }}:{{ users['no-reply'].mailu_token }}@{{system_email.host}}:{{system_email.port}}
+
+# Make e-mail verification mandatory before using the service
+# Doesn't apply to admins.
+# ACCOUNT_EMAIL_VERIFICATION_ENFORCE=false
+
+# The e-mail address to use to send system e-mails.
+DEFAULT_FROM_EMAIL={{ users['no-reply'].email }}
+
+# Depending on the reverse proxy used in front of your funkwhale instance,
+# the API will use different kind of headers to serve audio files
+# Allowed values: nginx, apache2
+REVERSE_PROXY_TYPE=nginx
+
+# API/Django configuration
+
+# Number of worker processes to execute. Defaults to 0, in which case it uses your number of CPUs
+# Celery workers handle background tasks (such file imports or federation
+# messaging). The more processes a worker gets, the more tasks
+# can be processed in parallel. However, more processes also means
+# a bigger memory footprint.
+CELERYD_CONCURRENCY={{celeryd_concurrency}}
+
+# Where media files (such as album covers or audio tracks) should be stored
+# on your system?
+# (Ensure this directory actually exists)
+MEDIA_ROOT={{funkwhale_media_root}}
+
+# Where static files (such as API css or icons) should be compiled
+# on your system?
+# (Ensure this directory actually exists)
+STATIC_ROOT={{funkwhale_static_root}}
+
+# which settings module should django use?
+# You don't have to touch this unless you really know what you're doing
+DJANGO_SETTINGS_MODULE=config.settings.production
+
+# Generate one using `openssl rand -base64 45`, for example
+DJANGO_SECRET_KEY={{applications[application_id].credentials.django_secret}}
+
+{% if applications | is_feature_enabled('ldap',application_id) %}
+# LDAP settings
+# Use the following options to allow authentication on your Funkwhale instance
+# using a LDAP directory.
+# Have a look at https://docs.funkwhale.audio/installation/ldap.html for
+# detailed instructions.
+# Commit: https://gitea.fudaoyuan.icu/Github/funkwhale/commit/4ce46ff2a000646a3dbab80f0ca9fd8d7f8ae24c
+
+LDAP_ENABLED                     =  True
+LDAP_SERVER_URI                  =  "{{ ldap.server.uri }}"
+LDAP_BIND_DN                     =  "{{ ldap.dn.administrator.data }}"
+LDAP_BIND_PASSWORD               =  "{{ ldap.bind_credential }}"
+#LDAP_SEARCH_FILTER               =  "{{ ldap.filters.users.login | replace('%' ~ ldap.user.attributes.id, '{0}') }}"
+LDAP_START_TLS                   =  False
+LDAP_ROOT_DN                     =  "{{ldap.dn.root}}"
+#LDAP_USER_ATTR_MAP               = "first_name:{{ ldap.user.attributes.firstname }}, last_name:{{ ldap.user.attributes.surname }}, username:{{ ldap.user.attributes.id }}, email:{{ ldap.user.attributes.mail }}"
+
+{% endif %}
+
+FUNKWHALE_FRONTEND_PATH=/srv/funkwhale/front/dist
+
+DATABASE_URL = {{ database_url_full }}

roles/web-app-funkwhale/vars/configuration.yml

@@ -0,0 +1,40 @@
+docker:
+  versions:               
+    api:        "1.4.0"
+    front:      "1.4.0"
+    typesense:  "typesense/typesense"
+  images:               
+    api:        "funkwhale/api"
+    front:      "funkwhale/front"
+    typesense:  "typesense/typesense"
+  services:
+    redis:
+      enabled: true
+    database:
+      enabled: true
+features:
+  matomo:             true
+  css:                false
+  portfolio_iframe:   true
+  ldap:               true
+  central_database:   true
+  oauth2:             false # Doesn't make sense to activate it atm, because login is possible on homepage
+domains:
+  canonical:
+    - "audio.{{ primary_domain }}"
+  aliases:
+    - "music.{{ primary_domain }}"
+    - "sound.{{ primary_domain }}"
+csp:  
+  flags:
+    style-src:
+      unsafe-inline:  true
+  whitelist:
+    font-src:
+      -  "data:"
+oauth2_proxy:  
+  application:        "front"
+  port:               "80"
+  acl:
+    blacklist:
+      - "/login"

roles/web-app-funkwhale/vars/main.yml

@@ -0,0 +1,8 @@
+application_id:                                 "funkwhale"
+nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size 512M;"
+database_type:                                  "postgres"
+funkwhale_media_root:                           "/srv/funkwhale/data/"
+funkwhale_static_root:                          "{{funkwhale_media_root}}static"
+celeryd_concurrency:                            1
+funkwhale_music_directory_path:                 "/music"
+funkwhale_docker_api_port:                      5000