mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-08-29 15:06:26 +02:00
Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation
This commit is contained in:
34
roles/web-app-openproject/vars/configuration.yml
Normal file
34
roles/web-app-openproject/vars/configuration.yml
Normal file
@@ -0,0 +1,34 @@
|
||||
version: "13" # Update when available. Sadly no rolling release implemented
|
||||
oauth2_proxy:
|
||||
application: "proxy"
|
||||
port: "80"
|
||||
acl:
|
||||
whitelist:
|
||||
- "/users/me" # Necessary for Nextcloud Plugin to work
|
||||
- "/api/" # Necessary for Nextcloud Plugin to work
|
||||
- "/oauth/token" # Necessary for Nextcloud Plugin to work
|
||||
ldap:
|
||||
filters:
|
||||
administrators: True # Set true to filter administrators
|
||||
users: False # Set true to filter users
|
||||
features:
|
||||
matomo: true
|
||||
css: false # Temporary deactivated. Needs to be optimized for production use.
|
||||
portfolio_iframe: true
|
||||
ldap: true
|
||||
central_database: true
|
||||
oauth2: true
|
||||
csp:
|
||||
flags:
|
||||
script-src-elem:
|
||||
unsafe-inline: true
|
||||
style-src:
|
||||
unsafe-inline: true
|
||||
domains:
|
||||
canonical:
|
||||
- "project.{{ primary_domain }}"
|
||||
|
||||
docker:
|
||||
services:
|
||||
database:
|
||||
enabled: true
|
17
roles/web-app-openproject/vars/ldap.yml
Normal file
17
roles/web-app-openproject/vars/ldap.yml
Normal file
@@ -0,0 +1,17 @@
|
||||
openproject_ldap:
|
||||
name: "{{ primary_domain }}" # Display name for the LDAP connection in OpenProject
|
||||
host: "{{ ldap.server.domain }}" # LDAP server address
|
||||
port: "{{ ldap.server.port }}" # LDAP server port (typically 389 or 636)
|
||||
account: "{{ ldap.dn.administrator.data }}" # Bind DN (used for authentication)
|
||||
account_password: "{{ ldap.bind_credential }}" # Bind password
|
||||
base_dn: "{{ ldap.dn.ou.users }}" # Base DN for user search
|
||||
attr_login: "{{ ldap.user.attributes.id }}" # LDAP attribute used for login
|
||||
attr_firstname: "givenName" # LDAP attribute for first name
|
||||
attr_lastname: "{{ ldap.user.attributes.surname }}" # LDAP attribute for last name
|
||||
attr_mail: "{{ ldap.user.attributes.mail }}" # LDAP attribute for email
|
||||
attr_admin: "{{ openproject_filters.administrators }}" # Optional: LDAP attribute for admin group (leave empty if unused)
|
||||
onthefly_register: true # Automatically create users on first login
|
||||
tls_mode: 0 # 0 = No TLS, 1 = TLS, 2 = STARTTLS
|
||||
verify_peer: false # Whether to verify the SSL certificate
|
||||
filter_string: "{{ openproject_filters.users }}" # Optional: Custom filter for users (e.g., "(objectClass=person)")
|
||||
tls_certificate_string: "" # Optional: Client certificate string for TLS (usually left empty)
|
28
roles/web-app-openproject/vars/main.yml
Normal file
28
roles/web-app-openproject/vars/main.yml
Normal file
@@ -0,0 +1,28 @@
|
||||
application_id: "openproject"
|
||||
docker_repository_address: "https://github.com/opf/openproject-deploy"
|
||||
database_type: "postgres"
|
||||
docker_repository: true
|
||||
|
||||
openproject_plugins_folder: "{{docker_compose.directories.volumes}}plugins/"
|
||||
|
||||
custom_openproject_image: "custom_openproject"
|
||||
|
||||
# The following volume doesn't have a practcical function. It just exist to prevent the creation of unnecessary anonymous volumes
|
||||
dummy_volume: "{{docker_compose.directories.volumes}}dummy_volume"
|
||||
|
||||
openproject_rails_settings:
|
||||
email_delivery_method: "smtp"
|
||||
smtp_address: "{{ system_email.host }}"
|
||||
smtp_domain: "{{ system_email.domain }}"
|
||||
smtp_user_name: "{{ users['no-reply'].email }}"
|
||||
smtp_password: "{{ users['no-reply'].mailu_token }}"
|
||||
smtp_ssl: false
|
||||
|
||||
openproject_filters:
|
||||
administrators: >-
|
||||
{{ '(memberOf=cn=openproject-admins,' ~ ldap.dn.ou.roles ~ ')'
|
||||
if applications[application_id].ldap.filters.administrators else '' }}
|
||||
|
||||
users: >-
|
||||
{{ '(memberOf=cn=openproject-users,' ~ ldap.dn.ou.roles ~ ')'
|
||||
if applications[application_id].ldap.filters.users else '' }}
|
Reference in New Issue
Block a user