Raw refactoring of roles

2025-08-29 15:06:26 +02:00 · 2025-05-09 17:47:33 +02:00
parent 82f442f40e
commit 5b47333955
177 changed files with 1483 additions and 1041 deletions
--- a/roles/docker-pgadmin/meta/schema.yml
+++ b/roles/docker-pgadmin/meta/schema.yml
@@ -0,0 +1,10 @@
+credentials:
+  oauth2_proxy_cookie_secret:
+    description: "Secret used by OAuth2 Proxy to encrypt browser cookies (16 bytes hex-encoded)"
+    algorithm: "sha256"
+    validation: "^[a-f0-9]{32}$"
+
+  administrator_password:
+    description: "Initial password for the pgAdmin administrator login"
+    algorithm: "sha256"
+    validation: "^[a-f0-9]{64}$"
--- a/roles/docker-pgadmin/tasks/configuration.yml
+++ b/roles/docker-pgadmin/tasks/configuration.yml
@@ -3,7 +3,7 @@

 - name: "loading database configuration variables"
  include_vars:
-    file: "{{ role_path }}/vars/configuration.yml"
+    file: "{{ role_path }}/vars/db_config.yml"

 - name: "Render servers.json file"
  template:
--- a/roles/docker-pgadmin/templates/env.j2
+++ b/roles/docker-pgadmin/templates/env.j2
@@ -7,7 +7,7 @@ PGADMIN_DISABLE_POSTFIX=True
 PGADMIN_DEFAULT_EMAIL={{ applications[application_id].users.administrator.email }}

 # Default login password for server mode
-PGADMIN_DEFAULT_PASSWORD={{ applications[application_id].users.administrator.password }}
+PGADMIN_DEFAULT_PASSWORD={{ applications[application_id].credentials.administrator_password }}

 {% if applications[application_id].server_mode | bool %}
 # Load server connection settings from this JSON file
--- a/roles/docker-pgadmin/vars/configuration.yml
+++ b/roles/docker-pgadmin/vars/configuration.yml
@@ -1,14 +1,15 @@
-pgadmin_host_server_file:     "{{docker_compose.directories.volumes}}servers.json"
-pgadmin_docker_server_file:   "/pgadmin4/servers.json"
-pgadmin_host_password_file:   "{{docker_compose.directories.volumes}}.pgpass"
-pgadmin_docker_password_file: "/pgpass"
-
-pgadmin_servers:
-  - name:           "Central Postgres Database"
-    host:           "{{ database_host }}"
-    port:           "{{ database_port }}"
-    username:       "postgres"
-    maintenance_db: "postgres"
-    password:       "{{ central_postgres_password }}"
-
-# Here you can add more databases 
+version:                  "latest"
+server_mode:              False                             # If true then the preconfigured database file is loaded. Recommended False. True is a security risk.
+master_password_required: True                              # Master password is required. Recommended True. False is a security risk.
+users:
+  administrator:
+    email:                "{{ users.administrator.email }}" # Initial login email address
+oauth2_proxy:
+  application:            "application"
+  port:                   "80"
+features:
+  matomo:                 true
+  css:                    true
+  landingpage_iframe:     false
+  central_database:       true
+  oauth2:                 true
--- a/roles/docker-pgadmin/vars/db_config.yml
+++ b/roles/docker-pgadmin/vars/db_config.yml
@@ -0,0 +1,14 @@
+pgadmin_host_server_file:     "{{docker_compose.directories.volumes}}servers.json"
+pgadmin_docker_server_file:   "/pgadmin4/servers.json"
+pgadmin_host_password_file:   "{{docker_compose.directories.volumes}}.pgpass"
+pgadmin_docker_password_file: "/pgpass"
+
+pgadmin_servers:
+  - name:           "Central Postgres Database"
+    host:           "{{ database_host }}"
+    port:           "{{ database_port }}"
+    username:       "postgres"
+    maintenance_db: "postgres"
+    password:       "{{ applications.postgres.credentials.postgres_password }}"
+
+# Here you can add more databases