Raw refactoring of roles

2025-08-29 15:06:26 +02:00 · 2025-05-09 17:47:33 +02:00
parent 82f442f40e
commit 5b47333955
177 changed files with 1483 additions and 1041 deletions
--- a/roles/docker-mailu/meta/schema.yml
+++ b/roles/docker-mailu/meta/schema.yml
@@ -0,0 +1,25 @@
+credentials:
+  secret_key:
+    description: "Secret key for cryptographic operations in Mailu (must be a 16-byte random string, hex-encoded)"
+    algorithm: "sha256"
+    validation: "^[a-f0-9]{32}$"
+
+  database_password:
+    description: "Password for the Mailu PostgreSQL or MariaDB database user"
+    algorithm: "bcrypt"
+    validation: "^\\$2[aby]\\$.{56}$"
+
+  api_token:
+    description: "Authentication token for accessing the Mailu RESTful API (minimum 3 characters)"
+    algorithm: "plain"
+    validation: "^.{3,}$"
+
+  initial_administrator_password:
+    description: "Initial password for the Mailu administrator account (used during setup)"
+    algorithm: "sha256"
+    validation: "^[a-f0-9]{64}$"
+
+  dkim_public_key:
+    description: "Public DKIM key for DNS configuration (TXT record)"
+    algorithm: "plain"
+    validation: "^.{64,}$"
--- a/roles/docker-mailu/vars/configuration.yml
+++ b/roles/docker-mailu/vars/configuration.yml
@@ -0,0 +1,20 @@
+version:                  "2024.06"                         # Docker Image Version
+users:
+  administrator:
+    email:                "{{users.administrator.email}}"   # Administrator Email for DNS Records
+oidc:
+  email_by_username:      true                              # If true, then the mail is set by the username. If wrong then the OIDC user email is used
+  enable_user_creation:   true                              # Users will be created if not existing
+domain:                   "{{primary_domain}}"              # The main domain from which mails will be send \ email suffix behind @
+credentials:                                     
+# secret_key:                                               # Set to a randomly generated 16 bytes string
+# database_password:                                        # Needs to be set in inventory file
+# api_token:                                                # Configures the authentication token. The minimum length is 3 characters. This is a mandatory setting for using the RESTful API.
+# initial_administrator_password:                           # Initial administrator password for setup 
+# dkim_public_key:                                          # Must be set in inventory file
+features:
+  matomo:                 true
+  css:                    true
+  landingpage_iframe:     false                             # Deactivated mailu iframe loading until keycloak supports it
+  oidc:                   true
+  central_database:       false                             # Deactivate central database for mailu, I don't know why the database deactivation is necessary
--- a/roles/docker-mailu/vars/main.yml
+++ b/roles/docker-mailu/vars/main.yml
@@ -1,7 +1,7 @@
 application_id:               "mailu"

 # Database Configuration
-database_password:  	        "{{applications.mailu.credentials.database.password}}"
+database_password:  	        "{{applications.mailu.credentials.database_password}}"
 database_type:                "mariadb"

 cert_mount_directory:         "{{docker_compose.directories.volumes}}certs/"