Merge branch 'master' of github.com:kevinveenbirkenbach/cymais

group_vars/all

@@ -4,11 +4,15 @@ top_domain:           "localhost" # Change this in inventory to your domain
 ip4_address:          "127.0.0.1"   # Change thie in inventory to the ip address of your server
 backups_folder_path:  "/Backups/"   # Path to the backups folder
 
+# Administrator
+administrator_username:   "administrator"                             # Username of the administrator
+administrator_email:      "{{administrator_username}}@{{top_domain}}" # Email of the administrator
+
 # Mode
 
 # The following modes can be combined with each other
 mode_reset:   false # Cleans up all CyMaIS files. It's necessary to run to whole playbook and not particial roles when using this function.
-mode_verbose: false # Prints well formated debug information
+mode_debug:   false # Prints well formated debug information
 mode_test:    false # Executes test routines instead of productive routines
 mode_update:  true  # Executes updates
 mode_backup:  true  # Activates the backup before the update procedure
@@ -17,8 +21,8 @@ mode_setup:   false # Execute the setup and initializing procedures
 
 # Server Tact Variables 
 
-## Ours in which the server is 100% working. Rest of the time is reserved for maintanance
-hours_server_awake: "0..1,9..23"
+## Ours in which the server is "awake" (100% working). Rest of the time is reserved for maintanance
+hours_server_awake: "0..23"
 
 ## Random delay for systemd timers to avoid peak loads.
 randomized_delay_sec:                         "5min" 
@@ -111,17 +115,10 @@ nginx_upstreams_directory:      "{{nginx_configuration_directory}}upstreams/"
 nginx_well_known_root:          "/usr/share/nginx/well-known/"                   # Path where well-known files are stored
 nginx_homepage_root:            "/usr/share/nginx/homepage/"                     # Path where the static homepage files are stored
 
-## Docker Applications
+## Domains
 
-### Enable Central MariaDB
-enable_central_database: true
-enable_central_database_mailu: "{{enable_central_database}}"
-
-### Enable Storage Optimizer for Docker Volumes
-enable_system_storage_optimizer: true
-
-### Domain Names for Various Services
-domain_akaunting:               "akaunting.{{top_domain}}"
+### Service Domains
+domain_akaunting:               "accounting.{{top_domain}}"
 domain_baserow:                 "baserow.{{top_domain}}"
 domain_bigbluebutton:           "meet.{{top_domain}}"
 domain_elk:                     "elk.{{top_domain}}"
@@ -132,10 +129,11 @@ domain_gitlab:                  "gitlab.{{top_domain}}"
 domain_listmonk:                "newsletter.{{top_domain}}"
 domain_mailu:                   "mail.{{top_domain}}"
 domain_mastodon:                "microblog.{{top_domain}}"
-domains_mastodon_alternates:    []
+domains_mastodon_alternates:    ["mastodon.{{top_domain}}"]
 domain_matomo:                  "matomo.{{top_domain}}"
 domain_matrix_synapse:          "matrix.{{top_domain}}"
 domain_matrix_element:          "element.{{top_domain}}"
+domain_moodle:                  "academy.{{top_domain}}"
 domain_mediawiki:               "wiki.{{top_domain}}"
 domain_nextcloud:               "cloud.{{top_domain}}"
 domain_pixelfed:                "picture.{{top_domain}}"
@@ -147,6 +145,32 @@ domain_yourls:                  "s.{{top_domain}}"
 domain_openproject:             "project.{{top_domain}}"
 domains_wordpress:              ["wordpress.{{top_domain}}","blog.{{top_domain}}"]
 
+### Domain Redirects
+redirect_domain_mappings:
+- { source: "akaunting.{{top_domain}}",   target: "{{domain_akaunting}}" }
+- { source: "bbb.{{top_domain}}",         target: "{{domain_bigbluebutton}}" }
+- { source: "discourse.{{top_domain}}",   target: "{{domain_discourse}}" }
+- { source: "funkwhale.{{top_domain}}",   target: "{{domain_funkwhale}}" }
+- { source: "gitea.{{top_domain}}",       target: "{{domain_gitea}}" }
+- { source: "listmonk.{{top_domain}}",    target: "{{domain_listmonk}}" }
+- { source: "moodle.{{top_domain}}",      target: "{{domain_moodle}}" }
+- { source: "nextcloud.{{top_domain}}",   target: "{{domain_nextcloud}}" }
+- { source: "openproject.{{top_domain}}", target: "{{domain_openproject}}" }
+- { source: "peertube.{{top_domain}}",    target: "{{domain_peertube}}" }
+- { source: "pictures.{{top_domain}}",    target: "{{domain_pixelfed}}" }
+- { source: "pixelfed.{{top_domain}}",    target: "{{domain_pixelfed}}" }
+- { source: "short.{{top_domain}}",       target: "{{domain_yourls}}" }
+- { source: "videos.{{top_domain}}",      target: "{{domain_peertube}}" }
+
+## Docker Applications
+
+### Enable Central MariaDB
+enable_central_database: true
+enable_central_database_mailu: "{{enable_central_database}}"
+
+### Enable Storage Optimizer for Docker Volumes
+enable_system_storage_optimizer: true
+
 ### Common Configurations
 postgres_default_version:       "16"
 
@@ -154,10 +178,10 @@ postgres_default_version:       "16"
 docker_restart_policy:        "unless-stopped"
 
 #### Akaunting
-version_akaunting:            "latest"
-akaunting_company_name:       "DUMMY_VALUE_NEEDS_TO_BE_CHANGED"
-akaunting_company_email:      "DUMMY_VALUE_NEEDS_TO_BE_CHANGED"
-akaunting_setup_admin_email:  "DUMMY_VALUE_NEEDS_TO_BE_CHANGED"
+akaunting_version:            "latest"
+akaunting_company_name:       "{{top_domain}}"
+akaunting_company_email:      "{{administrator_email}}"
+akaunting_setup_admin_email:  "{{administrator_email}}"
 
 #### Big Blue Button
 bigbluebutton_enable_greenlight:  "true"
@@ -166,42 +190,30 @@ bigbluebutton_enable_greenlight:  "true"
 listmonk_admin_username:          "admin"
 
 #### Mastodon
-version_mastodon:                 "latest"
+mastodon_version:                 "latest"
 mastodon_single_user_mode:        false
 
 #### Matrix
-matrix_admin_name:      "admin"           # Accountname of the matrix admin
+matrix_admin_name:      "{{administrator_username}}"  # Accountname of the matrix admin
 matrix_playbook_tags:   "setup-all,start"             # For the initial update use: install-all,ensure-matrix-users-created,start
 matrix_role:            "compose"                     # Role to setup Matrix. Valid values: ansible, compose
 matrix_server_name:     "{{top_domain}}"              # Adress for the account names etc.
 
 #### Mailu
-version_mailu:                    "2.0"
+mailu_version:          "2.0"
 mailu_domain:           "{{top_domain}}"
 mailu_subnet:           "192.168.203.0/24"
 
+#### Moodle
+moodle_site_name:       "Global Learning Academy on {{top_domain}}"
+moodle_user_name:       "{{administrator_username}}"
+moodle_user_email:      "{{administrator_email}}"
+
 #### Nextcloud
-version_nextcloud:      "production"  # Danger: Nextcloud can't skipp major version updates.
+nextcloud_version:      "production"  # Danger: Nextcloud can't skipp major version updates.
 
 #### Pixelfed
-pixelfed_app_name:      "Pictures"
+pixelfed_app_name:      "Pictures on {{top_domain}}"
 
 #### YOURLS
-yourls_user:            "admin"
-
-
-# Routing Configurations for Domain Redirections
-redirect_domain_mappings:
-- { source: "bbb.{{top_domain}}",         target: "{{domain_bigbluebutton}}" }
-- { source: "discourse.{{top_domain}}",   target: "{{domain_discourse}}" }
-- { source: "funkwhale.{{top_domain}}",   target: "{{domain_funkwhale}}" }
-- { source: "gitea.{{top_domain}}",       target: "{{domain_gitea}}" }
-- { source: "listmonk.{{top_domain}}",    target: "{{domain_listmonk}}" }
-- { source: "mastodon.{{top_domain}}",    target: "{{domain_mastodon}}" }
-- { source: "nextcloud.{{top_domain}}",   target: "{{domain_nextcloud}}" }
-- { source: "openproject.{{top_domain}}", target: "{{domain_openproject}}" }
-- { source: "peertube.{{top_domain}}",    target: "{{domain_peertube}}" }
-- { source: "pictures.{{top_domain}}",    target: "{{domain_pixelfed}}" }
-- { source: "pixelfed.{{top_domain}}",    target: "{{domain_pixelfed}}" }
-- { source: "short.{{top_domain}}",       target: "{{domain_yourls}}" }
-- { source: "videos.{{top_domain}}",      target: "{{domain_peertube}}" }
+yourls_user:            "{{administrator_username}}"

playbook.servers.yml

@@ -248,6 +248,15 @@
         domain:     "{{domain_akaunting}}"
         http_port:  8025
 
+- name: setup moodle instance
+  hosts: moodle
+  become: true
+  roles:
+   -  role: docker-moodle
+      vars:
+        domain:     "{{domain_moodle}}"
+        http_port:  8026
+
 # Native Webserver Roles
 - name: setup nginx-homepages
   hosts: homepage

roles/backup-data-to-usb/templates/backup-data-to-usb.service.j2

@@ -4,6 +4,7 @@ Wants={{systemctl_mount_service_name}}
 OnFailure=systemd-notifier.cymais@%n.service
 
 [Service]
+Type=oneshot
 ExecStart=/bin/python {{ backup_to_usb_script_path }} {{backup_to_usb_source}} {{backup_to_usb_destination}}
 ExecStartPost=/bin/systemctl start cleanup-backups.cymais.service
 

roles/backup-directory-validator/tasks/main.yml

@@ -0,0 +1,12 @@
+- name: pull directory-validator.git
+  git:
+    repo: "https://github.com/kevinveenbirkenbach/directory-validator.git"
+    dest: "{{backup_directory_validator_folder}}"
+    update: yes
+  ignore_errors: true
+  when: run_once_backup_directory_validator is not defined
+
+- name: run the backup_directory_validator tasks once
+  set_fact:
+    run_once_backup_directory_validator: true
+  when: run_once_backup_directory_validator is not defined

roles/backup-directory-validator/vars/main.yml

@@ -0,0 +1 @@
+backup_directory_validator_folder: "{{path_administrator_scripts}}directory-validator/"

roles/backup-docker-to-local/handlers/main.yml

@@ -1,3 +1,8 @@
+- name: "reload backup-docker-to-local-everything.cymais.service"
+  systemd:
+    name: backup-docker-to-local-everything.cymais.service
+    daemon_reload: yes
+
 - name: "reload backup-docker-to-local.cymais.service"
   systemd:
     name: backup-docker-to-local.cymais.service

roles/backup-docker-to-local/meta/main.yml

@@ -4,3 +4,4 @@ dependencies:
   - systemd-notifier
   - cleanup-failed-docker-backups
   - system-maintenance-lock
+  - backup-directory-validator

roles/backup-docker-to-local/templates/backup-docker-to-local-everything.service.j2

@@ -6,3 +6,4 @@ OnFailure=systemd-notifier.cymais@%n.service cleanup-failed-docker-backups.cymai
 Type=oneshot
 ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_lock_script }} {{ system_maintenance_services | join(' ')  }} --ignore {{ system_maintenance_backup_services | reject('equalto', 'backup-docker-to-local') | join(' ') }} --timeout "{{sytem_maintenance_lock_timeout_backup_services}}"'
 ExecStart=/bin/sh -c '/usr/bin/python {{backup_docker_to_local_folder}}backup-docker-to-local.py --everything'
+ExecStartPost=/bin/sh -c '/bin/systemctl start heal-docker.cymais.service &'

roles/backup-docker-to-local/templates/backup-docker-to-local.service.j2

@@ -6,3 +6,4 @@ OnFailure=systemd-notifier.cymais@%n.service cleanup-failed-docker-backups.cymai
 Type=oneshot
 ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_lock_script }} {{ system_maintenance_services | join(' ')  }} --ignore {{ system_maintenance_backup_services | reject('equalto', 'backup-docker-to-local-everything') | join(' ') }} --timeout "{{sytem_maintenance_lock_timeout_backup_services}}"'
 ExecStart=/bin/sh -c '/usr/bin/python {{backup_docker_to_local_folder}}backup-docker-to-local.py'
+ExecStartPost=/bin/sh -c '/bin/systemctl start heal-docker.cymais.service &'

roles/cleanup-failed-docker-backups/meta/main.yml

@@ -2,3 +2,4 @@ dependencies:
   - git
   - systemd-notifier
   - system-maintenance-lock
+  - backup-directory-validator

roles/docker-akaunting/README.md

@@ -87,7 +87,7 @@ Detailed steps for backing up your Akaunting instance, including setting manual
 Variables are crucial in configuring your Akaunting setup. Ensure you set the following variables correctly in your environment:
 
 - `docker_compose_instance_directory`: Set this variable to the path where your Docker Compose files for Akaunting are located.
-- `akaunting_db_password`, `version_akaunting`, `akaunting_company_name`, `akaunting_company_email`, `akaunting_setup_admin_email`, and `akaunting_setup_admin_password`: These should be set in your `.env` files as per your requirements.
+- `akaunting_db_password`, `akaunting_version`, `akaunting_company_name`, `akaunting_company_email`, `akaunting_setup_admin_email`, and `akaunting_setup_admin_password`: These should be set in your `.env` files as per your requirements.
 
 ### Additional Configuration
 - **SSL Certificate**: The guide includes steps to receive a certificate for your domain.

roles/docker-akaunting/templates/docker-compose.yml.j2

@@ -5,7 +5,7 @@ services:
 {% include 'templates/docker/services/' + database_type + '.yml.j2' %}
 
   application:
-    image: docker.io/akaunting/akaunting:{{version_akaunting}}
+    image: docker.io/akaunting/akaunting:{{akaunting_version}}
     build:
       context: .
     ports:

roles/docker-mailu/templates/docker-compose.yml.j2

@@ -8,7 +8,7 @@ services:
 
   # Core services
   resolver:
-    image: ghcr.io/mailu/unbound:{{version_mailu}}
+    image: ghcr.io/mailu/unbound:{{mailu_version}}
     env_file: mailu.env
     restart: {{docker_restart_policy}}
 {% include 'templates/docker/container/networks.yml.j2' %}
@@ -17,7 +17,7 @@ services:
       driver: journald
 
   front:
-    image: ghcr.io/mailu/nginx:{{version_mailu}}
+    image: ghcr.io/mailu/nginx:{{mailu_version}}
     restart: {{docker_restart_policy}}
     env_file: mailu.env
     logging:
@@ -44,7 +44,7 @@ services:
       - 192.168.203.254
       
   admin:
-    image: ghcr.io/mailu/admin:{{version_mailu}}
+    image: ghcr.io/mailu/admin:{{mailu_version}}
     restart: {{docker_restart_policy}}
     env_file: mailu.env
     volumes:
@@ -62,7 +62,7 @@ services:
 {% include 'templates/docker/container/networks.yml.j2' %}
 
   imap:
-    image: ghcr.io/mailu/dovecot:{{version_mailu}}
+    image: ghcr.io/mailu/dovecot:{{mailu_version}}
     restart: {{docker_restart_policy}}
     env_file: mailu.env
     volumes:
@@ -78,7 +78,7 @@ services:
 {% include 'templates/docker/container/networks.yml.j2' %}
 
   smtp:
-    image: ghcr.io/mailu/postfix:{{version_mailu}}
+    image: ghcr.io/mailu/postfix:{{mailu_version}}
     restart: {{docker_restart_policy}}
     env_file: mailu.env
     volumes:
@@ -94,7 +94,7 @@ services:
 {% include 'templates/docker/container/networks.yml.j2' %}
 
   oletools:
-    image: ghcr.io/mailu/oletools:{{version_mailu}}
+    image: ghcr.io/mailu/oletools:{{mailu_version}}
     hostname: oletools
     restart: {{docker_restart_policy}}
     depends_on:
@@ -105,7 +105,7 @@ services:
       noinet:
 
   antispam:
-    image: ghcr.io/mailu/rspamd:{{version_mailu}}
+    image: ghcr.io/mailu/rspamd:{{mailu_version}}
     restart: {{docker_restart_policy}}
     env_file: mailu.env
     volumes:
@@ -127,7 +127,7 @@ services:
 
   # Optional services
   antivirus:
-    image: ghcr.io/mailu/clamav:{{version_mailu}}
+    image: ghcr.io/mailu/clamav:{{mailu_version}}
     restart: {{docker_restart_policy}}
     env_file: mailu.env
     volumes:
@@ -141,7 +141,7 @@ services:
 {% include 'templates/docker/container/networks.yml.j2' %}
 
   webdav:
-    image: ghcr.io/mailu/radicale:{{version_mailu}}
+    image: ghcr.io/mailu/radicale:{{mailu_version}}
     restart: {{docker_restart_policy}}
     env_file: mailu.env
     volumes:
@@ -156,7 +156,7 @@ services:
       radicale:
 
   fetchmail:
-    image: ghcr.io/mailu/fetchmail:{{version_mailu}}
+    image: ghcr.io/mailu/fetchmail:{{mailu_version}}
     volumes:
       - "admin_data:/data"
     restart: {{docker_restart_policy}}
@@ -173,7 +173,7 @@ services:
 {% include 'templates/docker/container/networks.yml.j2' %}
 
   webmail:
-    image: ghcr.io/mailu/webmail:{{version_mailu}}
+    image: ghcr.io/mailu/webmail:{{mailu_version}}
     restart: {{docker_restart_policy}}
     env_file: mailu.env
     volumes:

roles/docker-mastodon/templates/docker-compose.yml.j2

@@ -6,7 +6,7 @@ services:
 {% include 'templates/docker/services/' + database_type + '.yml.j2' %}
 
   web:
-    image: ghcr.io/mastodon/mastodon:{{version_mastodon}}
+    image: ghcr.io/mastodon/mastodon:{{mastodon_version}}
     restart: {{docker_restart_policy}}
     env_file: .env.production
     command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
@@ -22,7 +22,7 @@ services:
 {% include 'templates/docker/container/networks.yml.j2' %}
 
   streaming:
-    image: ghcr.io/mastodon/mastodon:{{version_mastodon}}
+    image: ghcr.io/mastodon/mastodon:{{mastodon_version}}
     restart: {{docker_restart_policy}}
     env_file: .env.production
     command: node ./streaming
@@ -36,7 +36,7 @@ services:
 {% include 'templates/docker/container/networks.yml.j2' %}
 
   sidekiq:
-    image: ghcr.io/mastodon/mastodon:{{version_mastodon}}
+    image: ghcr.io/mastodon/mastodon:{{mastodon_version}}
     restart: {{docker_restart_policy}}
     env_file: .env.production
     command: bundle exec sidekiq

roles/docker-matrix-ansible/tasks/main.yml

@@ -68,7 +68,7 @@
 - name: show variable information
   debug:
     msg: "hosts_path: {{hosts_path}}\nmatrix_inventory_tmp_dir:{{ matrix_inventory_tmp_dir }}"
-  when: mode_verbose | bool
+  when: mode_debug | bool
 
 - name: install requirements
   local_action: command just roles

roles/docker-matrix-compose/templates/docker-compose.yml.j2

@@ -90,7 +90,7 @@ services:
       KEYV_URL: ''
       KEYV_BOT_ENCRYPTION: 'false'
       KEYV_BOT_STORAGE: 'true'
-      MATRIX_HOMESERVER_URL: 'http://synapse'
+      MATRIX_HOMESERVER_URL: 'https://{{synapse_domain}}'
       MATRIX_BOT_USERNAME: '@chatgptbot:{{matrix_server_name}}'
       MATRIX_ACCESS_TOKEN: '{{ matrix_chatgpt_bridge_access_token | default('') }}'
       MATRIX_BOT_PASSWORD: '{{matrix_chatgpt_bridge_user_password}}'

roles/docker-moodle/README.md

@@ -0,0 +1,4 @@
+# role docker-moodle
+
+## further information
+- https://github.com/bitnami/containers/tree/main/bitnami/moodle

roles/docker-moodle/templates/docker-compose.yml.j2

@@ -4,14 +4,21 @@ services:
   moodle:
     image: docker.io/bitnami/moodle:latest
     ports:
-      - '80:8080'
-      - '443:8443'
+      - 127.0.0.1:{{http_port}}:8080
     environment:
       - MOODLE_DATABASE_HOST={{database_host}}
       - MOODLE_DATABASE_PORT_NUMBER=3306
       - MOODLE_DATABASE_USER={{database_username}}
       - MOODLE_DATABASE_NAME={{database_name}}
+      - MOODLE_DATABASE_PASSWORD={{database_password}}
       - ALLOW_EMPTY_PASSWORD=no
+      - MOODLE_SITE_NAME="{{moodle_site_name}}"
+      - MOODLE_SSLPROXY=yes
+      - MOODLE_REVERSE_PROXY=yes
+      - MOODLE_USERNAME={{moodle_user_name}}
+      - MOODLE_PASSWORD={{moodle_user_password}}
+      - MOODLE_EMAIL={{moodle_user_email}}
+      - BITNAMI_DEBUG={% if mode_debug | bool %}true{% else %}false{% endif %} 
     volumes:
       - 'moodle:/bitnami/moodle'
       - 'data:/bitnami/moodledata'

roles/docker-nextcloud/README.md

@@ -21,7 +21,7 @@ To update the nextcloud container execute the following commands on the server:
   docker-compose down
 ```
 
-Afterwards update the ***version_nextcloud*** variable to the next version and run the this repository with this ansible role.
+Afterwards update the ***nextcloud_version*** variable to the next version and run the this repository with this ansible role.
 
 It is only possible to update from one to the next major version at a time
 

roles/docker-nextcloud/templates/docker-compose.yml.j2

@@ -7,7 +7,7 @@ services:
 {% include 'templates/docker/services/' + database_type + '.yml.j2' %}
 
   application:
-    image: "nextcloud:{{version_nextcloud}}-fpm-alpine"
+    image: "nextcloud:{{nextcloud_version}}-fpm-alpine"
     container_name: nextcloud-application
     restart: {{docker_restart_policy}}
     logging:
@@ -43,7 +43,7 @@ services:
 
   cron:
     container_name: nextcloud-cron
-    image: "nextcloud:{{version_nextcloud}}-fpm-alpine"
+    image: "nextcloud:{{nextcloud_version}}-fpm-alpine"
     restart: {{docker_restart_policy}}
     logging:
       driver: journald

tasks/seed-database-to-backup.yml

@@ -5,7 +5,7 @@
       database_name: "{{ database_name | default('undefined') }}"
       database_username: "{{ database_username | default('undefined') }}"
       database_password: "{{ database_password | default('undefined') }}"
-  when: mode_verbose | bool
+  when: mode_debug | bool
 
 - name: seed database values
   command: