Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation

2025-08-29 15:06:26 +02:00 · 2025-07-08 23:43:13 +02:00
parent 6b87a049d4
commit 563d5fd528
1242 changed files with 2301 additions and 1355 deletions
--- a/roles/web-app-pgadmin/README.md
+++ b/roles/web-app-pgadmin/README.md
@@ -0,0 +1,37 @@
+# pgAdmin
+
+## Description
+
+pgAdmin is the most popular and feature‑rich open source administration and development platform for PostgreSQL. This deployment provides a secure, containerized pgAdmin instance complete with optional OAuth2 proxy support for enhanced authentication. It is built for both developers and database administrators who want an easy‐to‐use web interface to manage multiple PostgreSQL servers.
+
+## Overview
+
+This Docker Compose deployment uses Ansible automation to launch pgAdmin together with necessary network and volume configurations. It enables you to centrally manage your PostgreSQL databases with the following core software features:
+
+- **Intuitive Web UI:**  
+  Access a modern, responsive, and highly customizable dashboard to manage your PostgreSQL servers.
+  
+- **Multi‑Server Management:**  
+  Connect to and administer multiple PostgreSQL instances from a single interface.
+  
+- **Optional OAuth2 Integration:**  
+  Secure your pgAdmin access by integrating an external OAuth2 provider.
+  
+- **Robust Connectivity:**  
+  Easily manage database configurations, user accounts, and monitor query activity with built‑in health checks.
+
+- **Flexible Configuration:**  
+  Adjust settings such as SSL options, port numbers, and server credentials through environment variables and templated configuration files.
+
+## Other Resources
+
+- [pgAdmin Official Homepage](https://www.pgadmin.org/)
+- [pgAdmin Documentation](https://www.pgadmin.org/docs/)
+
+## Credits 📝
+
+Developed and maintained by **Kevin Veen-Birkenbach**.  
+Learn more at [www.veen.world](https://www.veen.world)
+
+Part of the [CyMaIS Project](https://github.com/kevinveenbirkenbach/cymais)  
+License: [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl)
--- a/roles/web-app-pgadmin/meta/main.yml
+++ b/roles/web-app-pgadmin/meta/main.yml
@@ -0,0 +1,29 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Take control of your PostgreSQL databases with pgAdmin — a powerful, open source, web-app-based administration tool offering an intuitive user interface, multi‑server management, robust configuration options, and optional OAuth2 integration for enhanced security."
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: |
+    Kevin Veen-Birkenbach  
+    Consulting & Coaching Solutions  
+    https://www.veen.world
+  min_ansible_version: "2.9"
+  platforms:
+    - name: Archlinux
+      versions:
+        - rolling
+  galaxy_tags:
+    - pgadmin
+    - docker
+    - webui
+    - oauth2
+    - postgresql
+  repository: "https://s.veen.world/cymais"
+  issue_tracker_url: "https://s.veen.world/cymaisissues"
+  documentation: "https://s.veen.world/cymais"
+  logo:
+    class: "fa-solid fa-database"
+  run_after:
+    - web-app-matomo
+    - web-app-keycloak
--- a/roles/web-app-pgadmin/meta/schema.yml
+++ b/roles/web-app-pgadmin/meta/schema.yml
@@ -0,0 +1,6 @@
+credentials:
+
+  administrator_password:
+    description: "Initial password for the pgAdmin administrator login"
+    algorithm: "sha256"
+    validation: "^[a-f0-9]{64}$"
--- a/roles/web-app-pgadmin/meta/users.yml
+++ b/roles/web-app-pgadmin/meta/users.yml
@@ -0,0 +1,3 @@
+users:
+  administrator:
+    email:                "administrator@{{ primary_domain }}"
--- a/roles/web-app-pgadmin/tasks/configuration.yml
+++ b/roles/web-app-pgadmin/tasks/configuration.yml
@@ -0,0 +1,22 @@
+- name: "load variables from {{ database_var_file }}"
+  include_vars: "{{ database_var_file }}"
+
+- name: "loading database configuration variables"
+  include_vars:
+    file: "{{ role_path }}/vars/db_config.yml"
+
+- name: "Render servers.json file"
+  template:
+    src: servers.json.j2
+    dest: "{{ pgadmin_host_server_file }}"
+    mode: "0644"
+  notify: docker compose up
+
+- name: "Render .pgpass file"
+  template:
+    src: pgpass.j2
+    dest: "{{ pgadmin_host_password_file }}"
+    owner: "{{ pgadmin_user }}"
+    group: "{{ pgadmin_group }}"
+    mode: "0600"
+  notify: docker compose up
--- a/roles/web-app-pgadmin/tasks/main.yml
+++ b/roles/web-app-pgadmin/tasks/main.yml
@@ -0,0 +1,15 @@
+---
+- name: "include docker-compose role"
+  include_role:
+    name: docker-compose
+
+- name: "include role webserver-proxy-domain for {{application_id}}"
+  include_role:
+    name: webserver-proxy-domain
+  vars:
+    domain:     "{{ domains | get_domain(application_id) }}"
+    http_port:  "{{ ports.localhost.http[application_id] }}"
+
+- name: "configure pgadmin servers"
+  include_tasks: configuration.yml
+  when: applications[application_id].server_mode | bool
--- a/roles/web-app-pgadmin/templates/docker-compose.yml.j2
+++ b/roles/web-app-pgadmin/templates/docker-compose.yml.j2
@@ -0,0 +1,23 @@
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
+
+  application:
+{% set container_port = 80 %}
+    image: dpage/pgadmin4:{{applications[application_id].version}}
+    container_name: pgadmin
+{% include 'roles/docker-container/templates/base.yml.j2' %}
+    ports:
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
+{% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/healthcheck/wget.yml.j2' %}
+    volumes:
+      - "data:/var/lib/pgadmin"
+{% if applications[application_id].server_mode | bool %}
+      - "{{ pgadmin_host_server_file }}:{{ pgadmin_docker_server_file }}"
+      - "{{ pgadmin_host_password_file }}:{{ pgadmin_docker_password_file }}"
+{% endif %}
+
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
+  data:
+
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/web-app-pgadmin/templates/env.j2
+++ b/roles/web-app-pgadmin/templates/env.j2
@@ -0,0 +1,21 @@
+# Configuration @see https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html
+
+# Disable postfix integration (not needed in containerized environments)
+PGADMIN_DISABLE_POSTFIX=True
+
+# Default login email for server mode
+PGADMIN_DEFAULT_EMAIL={{ applications[application_id].users.administrator.email }}
+
+# Default login password for server mode
+PGADMIN_DEFAULT_PASSWORD={{ applications[application_id].credentials.administrator_password }}
+
+{% if applications[application_id].server_mode | bool %}
+# Load server connection settings from this JSON file
+PGADMIN_SERVER_JSON_FILE={{ pgadmin_docker_server_file }}
+
+# Enable desktop (single-user) mode
+PGADMIN_CONFIG_SERVER_MODE=False
+
+# Disable master password prompt for stored credentials
+PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED={{ applications[application_id].master_password_required | capitalize }}
+{% endif %}
--- a/roles/web-app-pgadmin/templates/pgpass.j2
+++ b/roles/web-app-pgadmin/templates/pgpass.j2
@@ -0,0 +1,3 @@
+{% for server in pgadmin_servers %}
+{{ server.host }}:{{ server.port }}:*:{{ server.username }}:{{ server.password }}
+{% endfor %}
--- a/roles/web-app-pgadmin/templates/servers.json.j2
+++ b/roles/web-app-pgadmin/templates/servers.json.j2
@@ -0,0 +1,16 @@
+{
+  "Servers": {
+    {% for server in pgadmin_servers %}
+    "{{ loop.index }}": {
+      "Name": "{{ server.name }}",
+      "Group": "Servers",
+      "Host": "{{ server.host }}",
+      "Port": {{ server.port }},
+      "MaintenanceDB": "{{ server.maintenance_db }}",
+      "Username": "{{ server.username }}",
+      "SSLMode": "prefer",
+      "PassFile": "/pgpass"
+    }{% if not loop.last %},{% endif %}
+    {% endfor %}
+  }
+}
--- a/roles/web-app-pgadmin/vars/configuration.yml
+++ b/roles/web-app-pgadmin/vars/configuration.yml
@@ -0,0 +1,25 @@
+version:                  "latest"
+server_mode:              False                             # If true then the preconfigured database file is loaded. Recommended False. True is a security risk.
+master_password_required: True                              # Master password is required. Recommended True. False is a security risk.
+oauth2_proxy:
+  application:            "application"
+  port:                   "80"
+features:
+  matomo:                 true
+  css:                    true
+  portfolio_iframe:       true
+  central_database:       true
+  oauth2:                 true
+csp:
+  flags:
+    style-src:
+      unsafe-inline: true
+    script-src-elem:
+      unsafe-inline: true
+  whitelist:
+    font-src:
+      - "data:"
+docker:
+  services:
+    database:
+      enabled: true
--- a/roles/web-app-pgadmin/vars/db_config.yml
+++ b/roles/web-app-pgadmin/vars/db_config.yml
@@ -0,0 +1,14 @@
+pgadmin_host_server_file:     "{{docker_compose.directories.volumes}}servers.json"
+pgadmin_docker_server_file:   "/pgadmin4/servers.json"
+pgadmin_host_password_file:   "{{docker_compose.directories.volumes}}.pgpass"
+pgadmin_docker_password_file: "/pgpass"
+
+pgadmin_servers:
+  - name:           "Central Postgres Database"
+    host:           "{{ database_host }}"
+    port:           "{{ database_port }}"
+    username:       "postgres"
+    maintenance_db: "postgres"
+    password:       "{{ applications.postgres.credentials.postgres_password }}"
+
+# Here you can add more databases 
--- a/roles/web-app-pgadmin/vars/main.yml
+++ b/roles/web-app-pgadmin/vars/main.yml
@@ -0,0 +1,5 @@
+application_id:               "pgadmin"
+database_type:                "postgres"
+database_host:                "{{ 'central-' + database_type if applications | is_feature_enabled('central_database',application_id) }}"
+pgadmin_user:                 5050
+pgadmin_group:                "{{pgadmin_user}}"