kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-05-09 23:05:43 +02:00
Code Issues Packages Projects Releases Wiki Activity

Raw refactoring of roles

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-05-09 17:47:33 +02:00
parent 82f442f40e
commit 5b47333955
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
177 changed files with 1483 additions and 1041 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Makefile
View File

@ -1,12 +1,13 @@
# Makefile for j2render
TEMPLATE=./templates/vars/applications.yml.j2
ROLES_DIR=./roles
OUTPUT=./group_vars/all/11_applications.yml
SCRIPT=./cli/generate_default_applications.py
build:
@echo "🔧 Building rendered file from $(TEMPLATE)..."
@echo "🔧 Generating $(OUTPUT) from roles in $(ROLES_DIR)..."
@mkdir -p $(dir $(OUTPUT))
j2r $(TEMPLATE) $(OUTPUT)
python3 $(SCRIPT) --roles-dir $(ROLES_DIR) --output-file $(OUTPUT)
@echo "✅ Output written to $(OUTPUT)"
install: build

0
cli/__init__.py Normal file
View File

59
cli/generate_default_applications.py Normal file
View File

@ -0,0 +1,59 @@
#!/usr/bin/env python3
import argparse
import os
import yaml
from pathlib import Path
def load_yaml_file(path):
"""Load a YAML file if it exists, otherwise return an empty dict."""
if not path.exists():
return {}
with path.open("r", encoding="utf-8") as f:
return yaml.safe_load(f) or {}
def main():
parser = argparse.ArgumentParser(description="Generate default_applications YAML from docker roles.")
parser.add_argument("--roles-dir", default="roles", help="Path to the roles directory (default: roles)")
parser.add_argument("--output-file", default="group_vars/all/11_applications.yml", help="Path to output YAML file")
args = parser.parse_args()
cwd = Path.cwd()
roles_dir = (cwd / args.roles_dir).resolve()
output_file = (cwd / args.output_file).resolve()
output_file.parent.mkdir(parents=True, exist_ok=True)
result = {"default_applications": {}}
for role_dir in sorted(roles_dir.glob("docker-*")):
role_name = role_dir.name
vars_main = role_dir / "vars" / "main.yml"
config_file = role_dir / "vars" / "configuration.yml"
if not vars_main.exists():
print(f"[!] Skipping {role_name}: vars/main.yml missing")
continue
vars_data = load_yaml_file(vars_main)
application_id = vars_data.get("application_id")
if not application_id:
print(f"[!] Skipping {role_name}: application_id not defined in vars/main.yml")
continue
if not config_file.exists():
print(f"[!] Skipping {role_name}: vars/configuration.yml missing")
continue
config_data = load_yaml_file(config_file)
if config_data:
result["default_applications"][application_id] = config_data
with output_file.open("w", encoding="utf-8") as f:
yaml.dump(result, f, sort_keys=False)
print(f"✅ Generated: {output_file.relative_to(cwd)}")
if __name__ == "__main__":
main()

23
roles/client-browser-chromium/templates/configuration.yml.j2 Normal file
View File

@ -0,0 +1,23 @@
# Concerning configuration options checkout:
# https://chromeenterprise.google/policies/#ExtensionSettings
chromium:
password_manager_enabled: false
default_installation_mode: allowed
plugins:
# UBlock Origin
- id: "cjpalhdlnbpafiamejdnhcphjbkeiagm"
update_url: "https://clients2.google.com/service/update2/crx"
incognito: true
installation_mode: "force_installed"
# KeepassXC
- id: "ddkjiahejlhfcafbddmgiahcphecmpfh"
update_url: "https://clients2.google.com/service/update2/crx"
incognito: false
installation_mode: "force_installed"
# Dark Mode Extension
- id: "dmghijelimhndkbmpgbldicpogfkceaj"
update_url: "https://clients2.google.com/service/update2/crx"
incognito: true
installation_mode: "force_installed"

18
roles/client-browser-chromium/templates/extensions_policy.json.j2
View File

@ -1,8 +1,20 @@
{
"ExtensionInstallForcelist": [
{% for plugin in applications[application_id].plugins -%}
"{{ plugin }}"{% if not loop.last %},{% endif %}
{% for plugin in applications[application_id].chromium.plugins -%}
"{{ plugin.id }};{{ plugin.update_url }}"{% if not loop.last %},{% endif %}
{% endfor %}
],
"PasswordManagerEnabled": false
"ExtensionSettings": {
"*": {
"installation_mode": "{{ applications[application_id].default_installation_mode }}"
}
{% for plugin in applications[application_id].chromium.plugins -%},
"{{ plugin.id }}": {
"installation_mode": "{{ plugin.installation_mode }}",
"update_url": "{{ plugin.update_url }}",
"incognito_mode": "{{ 'enabled' if plugin.incognito else 'disabled' }}"
}
{% endfor %}
},
"PasswordManagerEnabled": {{ applications[application_id].password_manager_enabled }}
}

3
roles/client-browser-firefox/vars/configuration.yml Normal file
View File

@ -0,0 +1,3 @@
plugins: # Plugins to be installed in Firefox
- "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi" # U-Block Origine Plugin
- "https://addons.mozilla.org/firefox/downloads/latest/keepassxc-browser/latest.xpi" # KeepassXC Plugin

4
roles/client-gnome/vars/configuration.yml Normal file
View File

@ -0,0 +1,4 @@
plugins:
- [enable,nasa_apod@elinvention.ovh,https://github.com/Elinvention/gnome-shell-extension-nasa-apod.git]
- [disable,dash-to-dock@micxgx.gmail.com,'']
- [enable, dash-to-panel@jderose9.github.com,'']

1
roles/client-gnome/vars/main.yml Normal file
View File

@ -0,0 +1 @@
application_id: gnome

1
roles/client-libreoffice/vars/configuration.yml Normal file
View File

@ -0,0 +1 @@
flavor: "fresh" # Libre Office flavor, fresh for new, still for stable

1
roles/client-libreoffice/vars/main.yml Normal file
View File

@ -0,0 +1 @@
application_id: "libreoffice"

9
roles/docker-akaunting/meta/schema.yml Normal file
View File

@ -0,0 +1,9 @@
credentials:
database_password:
description: "Database password for MariaDB"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"
setup_admin_password:
description: "Initial admin user password for Akaunting"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"

6
roles/docker-akaunting/templates/env.j2
View File

@ -14,9 +14,9 @@ DB_PASSWORD={{database_password}}
DB_PREFIX=asd_
# These define the first company to exist on this instance. They are only used during setup.
COMPANY_NAME={{applications.akaunting.company_name}}
COMPANY_EMAIL={{applications.akaunting.company_email}}
COMPANY_NAME={{applications[application_id].company_name}}
COMPANY_EMAIL={{applications[application_id].company_email}}
# This will be the first administrative user created on setup.
ADMIN_EMAIL={{applications.akaunting.setup_admin_email}}
ADMIN_PASSWORD={{akaunting_setup_admin_password}}
ADMIN_PASSWORD={{applications[application_id].credentials.setup_admin_password}}

12
roles/docker-akaunting/vars/configuration.yml Normal file
View File

@ -0,0 +1,12 @@
version: "latest"
company_name: "{{primary_domain}}"
company_email: "{{users.administrator.email}}"
setup_admin_email: "{{users.administrator.email}}"
features:
matomo: true
css: true
landingpage_iframe: false
central_database: true
credentials:
# database_password: Needs to be defined in inventory file
# setup_admin_password: Needs to be defined in inventory file

2
roles/docker-akaunting/vars/main.yml
View File

@ -1,4 +1,4 @@
application_id: "akaunting"
database_type: "mariadb"
database_password: "{{akaunting_database_password}}"
database_password: "{{ applications[application_id]].credentials.database_password }}"
docker_repository_address: "https://github.com/akaunting/docker.git"

5
roles/docker-attendize/meta/schema.yml Normal file
View File

@ -0,0 +1,5 @@
credentials:
database_password:
description: "Database password for MariaDB used by Attendize"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"

9
roles/docker-attendize/vars/configuration.yml Normal file
View File

@ -0,0 +1,9 @@
version: "latest"
credentials:
# database_password: Password for the database
features:
matomo: true
css: true
landingpage_iframe: false
central_database: true

2
roles/docker-attendize/vars/main.yml
View File

@ -1,5 +1,5 @@
---
application_id: "attendize"
database_type: "mariadb"
database_password: "{{attendize_database_password}}"
database_password: "{{applications[application_id].credentials.database_password}}"
docker_repository_address: "https://github.com/Attendize/Attendize.git"

5
roles/docker-baserow/meta/schema.yml Normal file
View File

@ -0,0 +1,5 @@
credentials:
database_password:
description: "Password for the PostgreSQL database used by Baserow"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"

6
roles/docker-baserow/vars/configuration.yml Normal file
View File

@ -0,0 +1,6 @@
version: "latest"
features:
matomo: true
css: true
landingpage_iframe: true
central_database: true

2
roles/docker-bigbluebutton/TODO.md Normal file
View File

@ -0,0 +1,2 @@
# Todo
- Propper implement and test the LDAP integration, the configuration values just had been set during refactoring

25
roles/docker-bigbluebutton/meta/schema.yml Normal file
View File

@ -0,0 +1,25 @@
credentials:
shared_secret:
description: "Shared secret for BigBlueButton API authentication"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"
etherpad_api_key:
description: "API key for Etherpad integration"
algorithm: "plain"
validation: "^[a-zA-Z0-9]{32}$"
rails_secret:
description: "Secret key for Rails backend"
algorithm: "random_hex"
validation: "^[a-f0-9]{128}$"
postgresql_secret:
description: "Password for PostgreSQL user"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"
fsesl_password:
description: "Password for FreeSWITCH ESL connection"
algorithm: "plain"
validation: "^.{8,}$"
turn_secret:
description: "TURN server shared secret"
algorithm: "sha1"
validation: "^[a-f0-9]{40}$"

21
roles/docker-bigbluebutton/vars/configuration.yml Normal file
View File

@ -0,0 +1,21 @@
enable_greenlight: "true"
setup: false # Set to true in inventory file for initial setup
credentials:
# shared_secret: # Needs to be defined in inventory file
# etherpad_api_key: # Needs to be defined in inventory file
# rails_secret: # Needs to be defined in inventory file
# postgresql_secret: # Needs to be defined in inventory file
# fsesl_password: # Needs to be defined in inventory file
# turn_secret: # Needs to be defined in inventory file
database:
name: "multiple_databases"
username: "postgres2"
urls:
api: "{{ web_protocol }}://{{domains.bigbluebutton}}/bigbluebutton/" # API Address used by Nextcloud Integration
features:
matomo: true
css: true
landingpage_iframe: false
ldap: false
oidc: true
central_database: false

13
roles/docker-bluesky/meta/schema.yml Normal file
View File

@ -0,0 +1,13 @@
credentials:
jwt_secret:
description: "Secret used for JWT signing (base64, 64 bytes)"
algorithm: "plain"
validation: "^[A-Za-z0-9+/=]{86,}$" # 64 bytes base64 = ~86 characters without newline
plc_rotation_key_k256_private_key_hex:
description: "PLC rotation key in hex format (32 bytes)"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"
admin_password:
description: "Initial admin password for Bluesky PDS"
algorithm: "plain"
validation: "^.{12,}$"

6
roles/docker-bluesky/templates/env.j2
View File

@ -4,9 +4,9 @@ PDS_SERVICE_DID="did:web:{{domains.bluesky_api}}"
# See https://mattdyson.org/blog/2024/11/self-hosting-bluesky-pds/
PDS_SERVICE_HANDLE_DOMAINS=".{{primary_domain}}"
PDS_JWT_SECRET="{{applications.bluesky.pds.jwt_secret}}"
PDS_ADMIN_PASSWORD="{{applications.bluesky.pds.admin_password}}"
PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX="{{applications.bluesky.pds.plc_rotation_key_k256_private_key_hex}}"
PDS_JWT_SECRET="{{applications.bluesky.credentials.jwt_secret}}"
PDS_ADMIN_PASSWORD="{{applications.bluesky.credentials.admin_password}}"
PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX="{{applications.bluesky.credentials.plc_rotation_key_k256_private_key_hex}}"
PDS_CRAWLERS=https://bsky.network
PDS_EMAIL_SMTP_URL=smtps://{{ users['no-reply'].email }}:{{ users['no-reply'].mailu_token }}@{{system_email.host}}:{{system_email.port}}/
PDS_EMAIL_FROM_ADDRESS={{ users['no-reply'].email }}

14
roles/docker-bluesky/vars/configuration.yml Normal file
View File

@ -0,0 +1,14 @@
users:
administrator:
email: "{{users.administrator.email}}"
pds:
version: "latest"
credentials:
#jwt_secret: # Needs to be defined in inventory file - Use: openssl rand -base64 64 | tr -d '\n'
#plc_rotation_key_k256_private_key_hex: # Needs to be defined in inventory file - Use: openssl rand -hex 32
#admin_password: # Needs to be defined in inventory file - Use: openssl rand -base64 16
features:
matomo: true
css: true
landingpage_iframe: true
central_database: true

2
roles/docker-central-database/tasks/main.yml
View File

@ -10,7 +10,7 @@
name: docker-compose
# The following env file will just be used from the dedicated mariadb container
# and not the central-mariadb-database
# and not the {{capplications.mariadb.hostname }}-database
- name: "Create {{database_env}}"
template:
src: "env/{{database_type}}.env.j2"

3
roles/docker-central-database/templates/configuration.yml.j2 Normal file
View File

@ -0,0 +1,3 @@
# Jinja2 configuration template
# Define your variables here

2
roles/docker-coturn/TODO.md Normal file
View File

@ -0,0 +1,2 @@
# Todo
- Implement this role

4
roles/docker-coturn/vars/configuration.yml.j2 Normal file
View File

@ -0,0 +1,4 @@
user: turnuser
credentials:
# password: # Need to be defined in invetory file
# secret: # Need to be defined in invetory file

2
roles/docker-coturn/vars/main.yml
View File

@ -1,3 +1,3 @@
application_id: "coturn"
#database_password: "{{gitea_database_password}}"
#database_password: "{{applications[application_id].credentials.database_password}}"
#database_type: "mariadb"

5
roles/docker-discourse/meta/schema.yml Normal file
View File

@ -0,0 +1,5 @@
credentials:
database_password:
description: "Password for the Discourse PostgreSQL database"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"

11
roles/docker-discourse/vars/configuration.yml Normal file
View File

@ -0,0 +1,11 @@
network: "discourse_default" # Name of the docker network
container: "discourse_application" # Name of the container application
repository: "discourse_repository" # Name of the repository folder
credentials:
# database_password: # Needs to be defined in inventory file
features:
matomo: true
css: true
landingpage_iframe: false
oidc: true
central_database: true

2
roles/docker-discourse/vars/main.yml
View File

@ -1,5 +1,5 @@
application_id: "discourse"
database_password: "{{ applications.discourse.credentials.database.password }}"
database_password: "{{ applications.discourse.credentials.database_password }}"
database_type: "postgres"
docker_repository_directory : "{{docker_compose.directories.services}}{{applications.discourse.repository}}/"
discourse_application_yml_destination: "{{docker_repository_directory }}containers/{{applications.discourse.container}}.yml"

1
roles/docker-elk/TODO.md
View File

@ -1 +1,2 @@
# Todo
- implement

3
roles/docker-elk/templates/configuration.yml.j2 Normal file
View File

@ -0,0 +1,3 @@
# Jinja2 configuration template
# Define your variables here

9
roles/docker-espocrm/meta/schema.yml Normal file
View File

@ -0,0 +1,9 @@
credentials:
administrator_password:
description: "Initial password for the EspoCRM administrator user"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"
database_password:
description: "Password for the EspoCRM database user"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"

2
roles/docker-espocrm/templates/env.j2
View File

@ -20,7 +20,7 @@ CRON_DISABLED=true
# Initial admin account
# ------------------------------------------------
ESPOCRM_ADMIN_USERNAME={{ applications[application_id].users.administrator.username }}
ESPOCRM_ADMIN_PASSWORD={{ applications[application_id].credentials.administrator.password }}
ESPOCRM_ADMIN_PASSWORD={{ applications[application_id].credentials.administrator_password }}
# Public base URL of the EspoCRM instance
ESPOCRM_SITE_URL={{ web_protocol }}://{{ domains[application_id] }}

17
roles/docker-espocrm/vars/configuration.yml Normal file
View File

@ -0,0 +1,17 @@
version: "latest"
users:
administrator:
username: "{{ users.administrator.username }}"
email: "{{ users.administrator.email }}"
credentials:
# administrator_password: # Set in inventory file
# database_password: # Set in your inventory file
features:
matomo: true
css: false
landingpage_iframe: false
ldap: false
oidc: true
central_database: true

2
roles/docker-espocrm/vars/main.yml
View File

@ -1,5 +1,5 @@
application_id: "espocrm"
# Password for the espocrm DB user (taken from inventory applications dict)
database_password: "{{ applications[application_id].credentials.database.password }}"
database_password: "{{ applications[application_id].credentials.database_password }}"
# EspoCRM uses MySQL/MariaDB
database_type: "mariadb"

6
roles/docker-friendica/Administration.md
View File

@ -8,7 +8,7 @@ The following environment variables need to be defined for successful operation:
To completely reset Friendica, including its database and volumes, run:
```bash
docker exec -i central-mariadb mariadb -u root -p"${DB_ROOT_PASSWORD}" -e "DROP DATABASE IF EXISTS friendica; CREATE DATABASE friendica;"
docker exec -i {{capplications.mariadb.hostname }} mariadb -u root -p"${DB_ROOT_PASSWORD}" -e "DROP DATABASE IF EXISTS friendica; CREATE DATABASE friendica;"
docker compose down
rm -rv /mnt/hdd/data/docker/volumes/friendica_data
docker volume rm friendica_data
@ -19,7 +19,7 @@ docker volume rm friendica_data
## Manual Method:
1. Connect to the MariaDB instance:
```bash
docker exec -it central-mariadb mariadb -u root -p
docker exec -it {{capplications.mariadb.hostname }} mariadb -u root -p
```
2. Run the following commands:
```sql
@ -31,7 +31,7 @@ docker volume rm friendica_data
## Automatic Method:
```bash
DB_ROOT_PASSWORD="your_root_password"
docker exec -i central-mariadb mariadb -u root -p"${DB_ROOT_PASSWORD}" -e "DROP DATABASE IF EXISTS friendica; CREATE DATABASE friendica;"
docker exec -i {{capplications.mariadb.hostname }} mariadb -u root -p"${DB_ROOT_PASSWORD}" -e "DROP DATABASE IF EXISTS friendica; CREATE DATABASE friendica;"
```
## Enter the Application Container 🔍

5
roles/docker-friendica/meta/schema.yml Normal file
View File

@ -0,0 +1,5 @@
credentials:
database_password:
description: "Password for the Friendica database user"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"

7
roles/docker-friendica/vars/configuration.yml Normal file
View File

@ -0,0 +1,7 @@
version: "latest"
features:
matomo: true
css: true
landingpage_iframe: true
oidc: true
central_database: true

4
roles/docker-friendica/vars/main.yml
View File

@ -1,4 +1,4 @@
application_id: "friendica"
database_password: "{{friendica_database_password}}"
database_password: "{{ applications[application_id].credentials.database_password }}"
database_type: "mariadb"
no_validation: "{{applications[application_id].features.oidc}}" # Email validation is not neccessary if OIDC is active
no_validation: "{{ applications[application_id].features.oidc }}" # Email validation is not neccessary if OIDC is active

9
roles/docker-funkwhale/meta/schema.yml Normal file
View File

@ -0,0 +1,9 @@
credentials:
database_password:
description: "Password for the Funkwhale PostgreSQL database"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"
django_secret:
description: "Django SECRET_KEY used for cryptographic signing"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"

2
roles/docker-funkwhale/templates/env.j2
View File

@ -98,7 +98,7 @@ STATIC_ROOT={{static_root}}
DJANGO_SETTINGS_MODULE=config.settings.production
# Generate one using `openssl rand -base64 45`, for example
DJANGO_SECRET_KEY={{funkwhale_django_secret}}
DJANGO_SECRET_KEY={{applications[application_id].credentials.django_secret}}
{% if applications[application_id].features.ldap | bool %}
# LDAP settings

10
roles/docker-funkwhale/vars/configuration.yml Normal file
View File

@ -0,0 +1,10 @@
version: "1.4.0"
features:
matomo: true
css: true
landingpage_iframe: true
ldap: true
central_database: true
credentials:
# database_password: # Needs to be defined in inventory file
# django_secret: # Needs to be defined in inventory file

2
roles/docker-funkwhale/vars/main.yml
View File

@ -1,6 +1,6 @@
application_id: "funkwhale"
nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size 512M;"
database_password: "{{funkwhale_database_password}}"
database_password: "{{applications[application_id].credentials.database_password}}"
database_type: "postgres"
media_root: "/srv/funkwhale/data/"
static_root: "{{media_root}}static"

5
roles/docker-gitea/meta/schema.yml Normal file
View File

@ -0,0 +1,5 @@
credentials:
database_password:
description: "Password for the Gitea database user"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"

11
roles/docker-gitea/vars/configuration.yml Normal file
View File

@ -0,0 +1,11 @@
version: "latest" # Use latest docker image
configuration:
repository:
enable_push_create_user: True # Allow users to push local repositories to Gitea and have them automatically created for a user.
default_private: last # Default private when creating a new repository: last, private, public
default_push_create_private: True # Default private when creating a new repository with push-to-create.
features:
matomo: true
css: true
landingpage_iframe: true
central_database: true

2
roles/docker-gitea/vars/main.yml
View File

@ -1,3 +1,3 @@
application_id: "gitea"
database_password: "{{gitea_database_password}}"
database_password: "{{applications[application_id].credentials.database_password}}"
database_type: "mariadb"

10
roles/docker-gitlab/meta/schema.yml Normal file
View File

@ -0,0 +1,10 @@
credentials:
database_password:
description: "Password for the GitLab PostgreSQL database"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"
initial_root_password:
description: "Initial password for the GitLab root user"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"

6
roles/docker-gitlab/vars/configuration.yml Normal file
View File

@ -0,0 +1,6 @@
version: "latest"
features:
matomo: true
css: true
landingpage_iframe: true
central_database: true

2
roles/docker-gitlab/vars/main.yml
View File

@ -1,3 +1,3 @@
application_id: "gitlab"
database_password: "{{gitlab_database_password}}"
database_password: "{{applications[application_id].credentials.database_password}}"
database_type: "postgres"

2
roles/docker-jenkins/Todo.md Normal file
View File

@ -0,0 +1,2 @@
# Todo
- Implement this role

3
roles/docker-jenkins/vars/configuration.yml Normal file
View File

@ -0,0 +1,3 @@
# Jinja2 configuration template
# Define your variables here

5
roles/docker-joomla/meta/schema.yml Normal file
View File

@ -0,0 +1,5 @@
credentials:
database_password:
description: "Password for the Joomla database user"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"

5
roles/docker-joomla/vars/configuration.yml Normal file
View File

@ -0,0 +1,5 @@
version: "latest"
features:
matomo: true
css: true
landingpage_iframe: true

10
roles/docker-keycloak/meta/schema.yml Normal file
View File

@ -0,0 +1,10 @@
credentials:
database_password:
description: "Password for the Keycloak PostgreSQL database"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"
administrator_password:
description: "Password for the Keycloak administrator user (used in bootstrap and CLI access)"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"

8
roles/docker-keycloak/templates/env.j2
View File

@ -10,13 +10,13 @@ KC_HTTP_ENABLED= true
KC_HEALTH_ENABLED= true
KC_METRICS_ENABLED= true
KEYCLOAK_ADMIN= "{{applications.keycloak.users.administrator.username}}"
KEYCLOAK_ADMIN_PASSWORD= "{{applications.keycloak.administrator_password}}"
KEYCLOAK_ADMIN= "{{applications[application_id].users.administrator.username}}"
KEYCLOAK_ADMIN_PASSWORD= "{{applications[application_id].credentials.administrator_password}}"
KC_DB= postgres
KC_DB_URL= {{database_url_jdbc}}
KC_DB_USERNAME= {{database_username}}
KC_DB_PASSWORD= {{database_password}}
# If the initial administrator already exists and the environment variables are still present at startup, an error message stating the failed creation of the initial administrator is shown in the logs. Keycloak ignores the values and starts up correctly.
KC_BOOTSTRAP_ADMIN_USERNAME= {{users.administrator.username}}
KC_BOOTSTRAP_ADMIN_PASSWORD= {{users.administrator.password}}
KC_BOOTSTRAP_ADMIN_USERNAME= "{{applications[application_id].users.administrator.username}}"
KC_BOOTSTRAP_ADMIN_PASSWORD= "{{applications[application_id].credentials.administrator_password}}"

15
roles/docker-keycloak/vars/configuration.yml Normal file
View File

@ -0,0 +1,15 @@
version: "latest"
users:
administrator:
username: "{{users.administrator.username}}" # Administrator Username for Keycloak
import_realm: True # If True realm will be imported. If false skip.
credentials:
# database_password: # Needs to be defined in inventory file
# administrator_password: # Needs to be defined in inventory file
features:
matomo: true
css: true
landingpage_iframe: true
ldap: true
central_database: true
recaptcha: true

2
roles/docker-keycloak/vars/main.yml
View File

@ -1,6 +1,6 @@
application_id: "keycloak"
database_type: "postgres"
database_password: "{{applications.keycloak.credentials.database.password}}"
database_password: "{{applications[application_id].credentials.database_password}}"
container_name: "{{application_id}}_application"
realm: "{{primary_domain}}" # This is the name of the default realm which is used by the applications
import_directory_host: "{{docker_compose.directories.volumes}}import/" # Directory in which keycloack import files are placed on the host

10
roles/docker-lam/meta/schema.yml Normal file
View File

@ -0,0 +1,10 @@
credentials:
oauth2_proxy_cookie_secret:
description: "Secret used to encrypt OAuth2 proxy cookies (hex-encoded, 16 bytes)"
algorithm: "sha256"
validation: "^[a-f0-9]{32}$"
administrator_password:
description: "Initial password for the LAM administrator"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"

14
roles/docker-lam/vars/configuration.yml Normal file
View File

@ -0,0 +1,14 @@
version: "latest"
oauth2_proxy:
application: application # Needs to be the same as webinterface
port: 80 # application port
credentials:
# oauth2_proxy_cookie_secret: None # Set via openssl rand -hex 16
# administrator_password: "None" # CHANGE for security reasons
features:
matomo: true
css: true
landingpage_iframe: true
ldap: true
central_database: false
oauth2: false

10
roles/docker-ldap/meta/schema.yml Normal file
View File

@ -0,0 +1,10 @@
credentials:
administrator_password:
description: "Initial password for the LDAP administrator (e.g. cn=admin,dc=example,dc=com)"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"
administrator_database_password:
description: "Password used internally for the database-backed directory admin"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"

8
roles/docker-ldap/templates/env.j2
View File

@ -3,8 +3,8 @@
# GENERAL
## Database
LDAP_ADMIN_USERNAME= {{applications.ldap.users.administrator.username}} # LDAP database admin user.
LDAP_ADMIN_PASSWORD= {{applications.ldap.administrator_database_password}} # LDAP database admin password.
LDAP_ADMIN_USERNAME= {{applications[application_id].administrator.username}} # LDAP database admin user.
LDAP_ADMIN_PASSWORD= {{applications[application_id].credentials.administrator_database_password}} # LDAP database admin password.
## Users
LDAP_USERS= ' ' # Comma separated list of LDAP users to create in the default LDAP tree. Default: user01,user02
@ -14,8 +14,8 @@ LDAP_ROOT= {{ldap.dn.root}} # LDAP baseDN (or su
## Admin
LDAP_ADMIN_DN= {{ldap.dn.administrator}}
LDAP_CONFIG_ADMIN_ENABLED= yes
LDAP_CONFIG_ADMIN_USERNAME= {{applications.ldap.users.administrator.username}}
LDAP_CONFIG_ADMIN_PASSWORD= {{applications.ldap.administrator_password}}
LDAP_CONFIG_ADMIN_USERNAME= {{applications[application_id].administrator.username}}
LDAP_CONFIG_ADMIN_PASSWORD= {{applications[application_id].credentials.administrator_password}}
# Network
LDAP_PORT_NUMBER= {{ldap_docker_port}} # Route to default port

15
roles/docker-ldap/vars/configuration.yml Normal file
View File

@ -0,0 +1,15 @@
version: "latest"
network:
local: True # Activates local network. Necessary for LDIF import routines
docker: True # Activates docker network to allow other docker containers to connect
public: False # Set to true in inventory file if you want to expose the LDAP port to the internet
hostname: "ldap" # Hostname of the LDAP Server in the central_ldap network
webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin
users:
administrator:
username: "{{users.administrator.username}}" # Administrator username
credentials:
# administrator_password: # CHANGE for security reasons in inventory file
# administrator_database_password: # CHANGE for security reasons in inventory file
features:
ldap: true

20
roles/docker-listmonk/meta/schema.yml Normal file
View File

@ -0,0 +1,20 @@
credentials:
database_password:
description: "Password for the Listmonk PostgreSQL database user"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"
administrator_password:
description: "Initial password for the Listmonk administrator account"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"
hcaptcha_site_key:
description: "Public site key used by Listmonk to render hCaptcha"
algorithm: "plain"
validation: "^[0-9a-zA-Z_-]{32,}$"
hcaptcha_secret:
description: "Private hCaptcha secret key for server-side verification"
algorithm: "plain"
validation: "^[0-9a-zA-Z_-]{32,}$"

2
roles/docker-listmonk/templates/env.j2
View File

@ -3,4 +3,4 @@ TZ={{ HOST_TIMEZONE }}
# Administrator setup
LISTMONK_ADMIN_USER={{ applications[application_id].users.administrator.username }}
LISTMONK_ADMIN_PASSWORD={{ applications[application_id].users.administrator.password }}
LISTMONK_ADMIN_PASSWORD={{ applications[application_id].credentials.administrator_password }}

11
roles/docker-listmonk/vars/configuration.yml Normal file
View File

@ -0,0 +1,11 @@
users:
administrator:
username: "{{users.administrator.username}}" # Listmonk administrator account username
public_api_activated: False # Security hole. Can be used for spaming
version: "latest" # Docker Image version
features:
matomo: true
css: true
landingpage_iframe: true
central_database: true
oidc: true

6
roles/docker-listmonk/vars/main.yml
View File

@ -1,5 +1,5 @@
application_id: "listmonk"
database_password: "{{applications[application_id].credentials.database.password}}"
database_password: "{{applications[application_id].credentials.database_password}}"
database_type: "postgres"
listmonk_settings:
@ -25,10 +25,10 @@ listmonk_settings:
value: 'true'
- key: "security.captcha_key"
value: '"{{ applications[application_id].credentials.hcaptcha.site_key }}"'
value: '"{{ applications[application_id].credentials.hcaptcha_site_key }}"'
- key: "security.captcha_secret"
value: '"{{ applications[application_id].credentials.hcaptcha.secret }}"'
value: '"{{ applications[application_id].credentials.hcaptcha_secret }}"'
# SMTP servers
- key: "smtp"

25
roles/docker-mailu/meta/schema.yml Normal file
View File

@ -0,0 +1,25 @@
credentials:
secret_key:
description: "Secret key for cryptographic operations in Mailu (must be a 16-byte random string, hex-encoded)"
algorithm: "sha256"
validation: "^[a-f0-9]{32}$"
database_password:
description: "Password for the Mailu PostgreSQL or MariaDB database user"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"
api_token:
description: "Authentication token for accessing the Mailu RESTful API (minimum 3 characters)"
algorithm: "plain"
validation: "^.{3,}$"
initial_administrator_password:
description: "Initial password for the Mailu administrator account (used during setup)"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"
dkim_public_key:
description: "Public DKIM key for DNS configuration (TXT record)"
algorithm: "plain"
validation: "^.{64,}$"

20
roles/docker-mailu/vars/configuration.yml Normal file
View File

@ -0,0 +1,20 @@
version: "2024.06" # Docker Image Version
users:
administrator:
email: "{{users.administrator.email}}" # Administrator Email for DNS Records
oidc:
email_by_username: true # If true, then the mail is set by the username. If wrong then the OIDC user email is used
enable_user_creation: true # Users will be created if not existing
domain: "{{primary_domain}}" # The main domain from which mails will be send \ email suffix behind @
credentials:
# secret_key: # Set to a randomly generated 16 bytes string
# database_password: # Needs to be set in inventory file
# api_token: # Configures the authentication token. The minimum length is 3 characters. This is a mandatory setting for using the RESTful API.
# initial_administrator_password: # Initial administrator password for setup
# dkim_public_key: # Must be set in inventory file
features:
matomo: true
css: true
landingpage_iframe: false # Deactivated mailu iframe loading until keycloak supports it
oidc: true
central_database: false # Deactivate central database for mailu, I don't know why the database deactivation is necessary

2
roles/docker-mailu/vars/main.yml
View File

@ -1,7 +1,7 @@
application_id: "mailu"
# Database Configuration
database_password: "{{applications.mailu.credentials.database.password}}"
database_password: "{{applications.mailu.credentials.database_password}}"
database_type: "mariadb"
cert_mount_directory: "{{docker_compose.directories.volumes}}certs/"

2
roles/docker-mariadb/Administration.md
View File

@ -2,5 +2,5 @@
## Execute SQL commands
```bash
docker exec -it central-mariadb mariadb -u root -p
docker exec -it {{capplications.mariadb.hostname }} mariadb -u root -p
```

26
roles/docker-mariadb/meta/main.yml Normal file
View File

@ -0,0 +1,26 @@
---
galaxy_info:
author: "Kevin Veen-Birkenbach"
description: >-
The Docker MariaDB Role offers an easy and efficient way to deploy a MariaDB server inside a Docker container.
Manage your data securely and effectively, making it ideal for production or local development.
license: "CyMaIS NonCommercial License (CNCL)"
license_url: "https://s.veen.world/cncl"
company: |
Kevin Veen-Birkenbach
Consulting & Coaching Solutions
https://www.veen.world
min_ansible_version: "2.9"
platforms:
- name: Docker
versions:
- "latest"
galaxy_tags:
- mariadb
- docker
- database
- administration
- central-database
repository: "https://s.veen.world/cymais"
issue_tracker_url: "https://s.veen.world/cymaisissues"
documentation: "https://s.veen.world/cymais"

5
roles/docker-mariadb/meta/schema.yml Normal file
View File

@ -0,0 +1,5 @@
credentials:
root_password:
description: "Password for the MariaDB root user"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"

14
roles/docker-mariadb/tasks/main.yml
View File

@ -8,11 +8,11 @@
- name: install MariaDB
docker_container:
name: central-mariadb
name: "{{capplications.mariadb.hostname }}"
image: "mariadb:{{applications.mariadb.version}}" #could lead to problems with nextcloud
detach: yes
env:
MARIADB_ROOT_PASSWORD: "{{central_mariadb_root_password}}"
MARIADB_ROOT_PASSWORD: "{{applications.mariadb.credentials.root_password}}"
MARIADB_AUTO_UPGRADE: "1"
networks:
- name: central_mariadb
@ -23,7 +23,7 @@
command: "--transaction-isolation=READ-COMMITTED --binlog-format=ROW" #for nextcloud
restart_policy: "{{docker_restart_policy}}"
healthcheck:
test: "/usr/bin/mariadb --user=root --password={{central_mariadb_root_password}} --execute \"SHOW DATABASES;\""
test: "/usr/bin/mariadb --user=root --password={{applications.mariadb.credentials.root_password}} --execute \"SHOW DATABASES;\""
interval: 3s
timeout: 1s
retries: 5
@ -38,7 +38,7 @@
- name: Wait until the MariaDB container is healthy
community.docker.docker_container_info:
name: central-mariadb
name: "{{capplications.mariadb.hostname }}"
register: db_info
until: db_info.containers[0].State.Health.Status == "healthy"
retries: 30
@ -53,7 +53,7 @@
name: "{{ database_name }}"
state: present
login_user: root
login_password: "{{ central_mariadb_root_password }}"
login_password: "{{ applications.mariadb.credentials.root_password }}"
login_host: 127.0.0.1
login_port: "{{database_port}}"
@ -65,13 +65,13 @@
priv: '{{database_name}}.*:ALL'
state: present
login_user: root
login_password: "{{central_mariadb_root_password}}"
login_password: "{{applications.mariadb.credentials.root_password}}"
login_host: 127.0.0.1
login_port: "{{database_port}}"
- name: Grant database privileges
ansible.builtin.shell:
cmd: "docker exec central-mariadb mariadb -u root -p{{ central_mariadb_root_password }} -e \"GRANT ALL PRIVILEGES ON {{database_name}}.* TO '{{database_username}}'@'%';\""
cmd: "docker exec {{capplications.mariadb.hostname }} mariadb -u root -p{{ applications.mariadb.credentials.root_password }} -e \"GRANT ALL PRIVILEGES ON {{database_name}}.* TO '{{database_username}}'@'%';\""
args:
executable: /bin/bash

1
roles/docker-mariadb/vars/configuration.yml Normal file
View File

@ -0,0 +1 @@
version: "latest"

40
roles/docker-mastodon/meta/schema.yml Normal file
View File

@ -0,0 +1,40 @@
credentials:
database_password:
description: "Password for the Mastodon PostgreSQL database user"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"
secret_key_base:
description: "Main secret key used to verify the integrity of signed cookies and tokens"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"
otp_secret:
description: "OTP secret used for two-factor authentication"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"
vapid_private_key:
description: "Private VAPID key used for web push notifications"
algorithm: "plain"
validation: "^[-_a-zA-Z0-9]{30,}$"
vapid_public_key:
description: "Public VAPID key used for web push notifications"
algorithm: "plain"
validation: "^[-_a-zA-Z0-9]{30,}$"
active_record_encryption_deterministic_key:
description: "Deterministic encryption key for Active Record encryption"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"
active_record_encryption_key_derivation_salt:
description: "Key derivation salt for Active Record encryption"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"
active_record_encryption_primary_key:
description: "Primary encryption key for Active Record encrypted columns"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"

10
roles/docker-mastodon/templates/env.j2
View File

@ -20,8 +20,8 @@ OTP_SECRET= {{applications.mastodon.credentials.otp_secret}}
# --------
# Generate with `bundle exec rails mastodon:webpush:generate_vapid_key`
# --------
VAPID_PRIVATE_KEY= {{applications.mastodon.credentials.vapid.private_key}}
VAPID_PUBLIC_KEY= {{applications.mastodon.credentials.vapid.public_key}}
VAPID_PRIVATE_KEY= {{applications.mastodon.credentials.vapid_private_key}}
VAPID_PUBLIC_KEY= {{applications.mastodon.credentials.vapid_public_key}}
# Encryption secrets
# ------------------
@ -29,9 +29,9 @@ VAPID_PUBLIC_KEY= {{applications.mastodon.credentials.vapid.public_key}}
# These are private/secret values, do not share outside hosting environment
# Use `bin/rails db:encryption:init` to generate fresh secrets
# Do NOT change these secrets once in use, as this would cause data loss and other issues
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY= {{applications.mastodon.credentials.active_record_encryption.deterministic_key}}
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT= {{applications.mastodon.credentials.active_record_encryption.key_derivation_salt}}
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY= {{applications.mastodon.credentials.active_record_encryption.primary_key}}
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY= {{applications.mastodon.credentials.active_record_encryption_deterministic_key}}
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT= {{applications.mastodon.credentials.active_record_encryption_key_derivation_salt}}
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY= {{applications.mastodon.credentials.active_record_encryption_primary_key}}
DB_HOST={{database_host}}
DB_PORT={{database_port}}

19
roles/docker-mastodon/vars/configuration.yml Normal file
View File

@ -0,0 +1,19 @@
version: "latest"
single_user_mode: false # Set true for initial setup
setup: false # Set true in inventory file to execute the setup and initializing procedures
credentials:
# Check out the README.md of the docker-mastodon role to get detailled instructions about how to setup the credentials
# database_password:
# secret_key_base:
# otp_secret:
# vapid_private_key:
# vapid_public_key:
# active_record_encryption_deterministic_key:
# active_record_encryption_key_derivation_salt:
# active_record_encryption_primary_key:
features:
matomo: true
css: true
landingpage_iframe: false
oidc: true
central_database: true

2
roles/docker-mastodon/vars/main.yml
View File

@ -1,3 +1,3 @@
application_id: "mastodon"
database_password: "{{applications[application_id].credentials.database.password}}"
database_password: "{{applications[application_id].credentials.database_password}}"
database_type: "postgres"

15
roles/docker-matomo/meta/schema.yml Normal file
View File

@ -0,0 +1,15 @@
credentials:
database_password:
description: "Password for the Matomo database user"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"
auth_token:
description: "Authentication token for the Matomo HTTP API (used for automation and integrations)"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"
oauth2_proxy_cookie_secret:
description: "Secret used to encrypt cookies in the OAuth2 Proxy (hex-encoded, 16 bytes)"
algorithm: "sha256"
validation: "^[a-f0-9]{32}$"

7
roles/docker-matomo/vars/configuration.yml Normal file
View File

@ -0,0 +1,7 @@
version: "latest"
features:
matomo: true
css: false
landingpage_iframe: false
central_database: true
oauth2: false

2
roles/docker-matomo/vars/main.yml
View File

@ -1,7 +1,7 @@
---
application_id: "matomo"
database_type: "mariadb"
database_password: "{{applications.matomo.credentials.database.password}}"
database_password: "{{applications.matomo.credentials.database_password}}"
# I don't know if this is still necessary
domain: "{{domains.matomo}}"

2
roles/docker-matrix-ansible/README.md
View File

@ -1,4 +1,4 @@
# Matrix (Ansible)
# Matrix (Ansible - Deprecated)
## Warning
This role is experimental and may not be actively maintained. Use it with caution in production environments. For a more stable deployment, please consider using the Matrix Compose role or another alternative solution.

4
roles/docker-matrix-ansible/templates/vars.yml.j2
View File

@ -18,7 +18,7 @@ matrix_homeserver_implementation: synapse
# A secret used as a base, for generating various other secrets.
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
matrix_homeserver_generic_secret_key: "{{matrix_generic_secret_key}}"
matrix_homeserver_generic_secret_key: "{{applications[application_id].credentials.generic_secret_key}}"
# By default, the playbook manages its own Traefik (https://doc.traefik.io/traefik/) reverse-proxy server.
# It will retrieve SSL certificates for you on-demand and forward requests to all other components.
@ -52,7 +52,7 @@ devture_traefik_config_certificatesResolvers_acme_email: "{{users.administrator.
#
# The playbook creates additional Postgres users and databases (one for each enabled service)
# using this superuser account.
devture_postgres_connection_password: "{{matrix_database_password}}"
devture_postgres_connection_password: "{{applications[application_id].credentials.database_password}}"
# By default, we configure Coturn's external IP address using the value specified for `ansible_host` in your `inventory/hosts` file.
# If this value is an external IP address, you can skip this section.

2
roles/docker-matrix-compose/Administration.md
View File

@ -3,7 +3,7 @@
## Cleanup
```
# Cleanup Database
for db in matrix mautrix_whatsapp_bridge mautrix_telegram_bridge mautrix_signal_bridge mautrix_slack_bridge; do python reset-database-in-central-postgres.py $db; done
for db in matrix applications[application_id].credentials.mautrix_whatsapp_bridge applications[application_id].credentials.mautrix_telegram_bridge applications[application_id].credentials.mautrix_signal_bridge applications[application_id].credentials.mautrix_slack_bridge; do python reset-database-in-central-postgres.py $db; done
# Cleanup Docker and Volumes
docker compose down -v
```

2
roles/docker-matrix-compose/Installation.md
View File

@ -15,7 +15,7 @@ For login with Token checkout [this guide](https://docs.mau.fi/bridges/go/slack/
### ChatGPT
- Create API Token: https://platform.openai.com/api-keys
- Set ``matrix_chatgpt_bridge_access_token``
- Set ``applications[application_id].credentials.chatgpt_bridge_access_token``
## Debug:
- https://federationtester.matrix.org/

90
roles/docker-matrix-compose/meta/schema.yml Normal file
View File

@ -0,0 +1,90 @@
credentials:
administrator_password:
description: "Initial administrator password for the Matrix homeserver"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"
generic_secret_key:
description: "Generic secret used by Synapse for key signing and session management"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"
database_password:
description: "Password for the Matrix PostgreSQL database"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"
registration_shared_secret:
description: "Secret token used to allow shared registration from external sources"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"
macaroon_secret_key:
description: "Secret key used to sign macaroon tokens for authentication"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"
form_secret:
description: "Secret for form token protection (used in web registration flows)"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"
chatgpt_bridge_openai_api_key:
description: "API key for accessing OpenAI via the Matrix ChatGPT bridge"
algorithm: "plain"
validation: "^sk-[a-zA-Z0-9]{40,}$"
chatgpt_bridge_access_token:
description: "Access token used by the ChatGPT bridge for authentication"
algorithm: "plain"
validation: "^[a-zA-Z0-9-_]{20,}$"
chatgpt_bridge_user_password:
description: "Matrix user password used by the ChatGPT bridge"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"
mautrix_facebook_bridge_database_password:
description: "Database password for the mautrix-facebook bridge"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"
mautrix_instagram_bridge_database_password:
description: "Database password for the mautrix-instagram bridge"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"
mautrix_signal_bridge_database_password:
description: "Database password for the mautrix-signal bridge"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"
mautrix_slack_bridge_database_password:
description: "Database password for the mautrix-slack bridge"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"
mautrix_telegram_bridge_database_password:
description: "Database password for the mautrix-telegram bridge"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"
mautrix_telgegram_bridge_api_id:
description: "Telegram API ID for the mautrix-telegram bridge"
algorithm: "plain"
validation: "^\\d{5,}$"
mautrix_telgegram_bridge_api_pin:
description: "Telegram API hash or PIN for the mautrix-telegram bridge"
algorithm: "plain"
validation: "^[a-zA-Z0-9]{10,}$"
mautrix_whatsapp_bridge_database_password:
description: "Database password for the mautrix-whatsapp bridge"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"
mautrix_whatsapp_bridge_provisioning_shared_secret:
description: "Shared secret for the mautrix-whatsapp bridge provisioning endpoint"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"

4
roles/docker-matrix-compose/tasks/main.yml
View File

@ -134,14 +134,14 @@
- name: create admin account
command:
cmd: docker compose exec -it synapse register_new_matrix_user -u {{applications.matrix.users.administrator.username}} -p {{matrix_admin_password}} -a -c /data/homeserver.yaml http://localhost:8008
cmd: docker compose exec -it synapse register_new_matrix_user -u {{applications.matrix.users.administrator.username}} -p {{applications[application_id].credentials.administrator_password}} -a -c /data/homeserver.yaml http://localhost:8008
chdir: "{{ docker_compose.directories.instance }}"
ignore_errors: true
when: applications.matrix.setup | bool
- name: create chatgpt bot
command:
cmd: docker compose exec -it synapse register_new_matrix_user -u chatgptbot -p {{matrix_chatgpt_bridge_user_password}} -a -c /data/homeserver.yaml http://localhost:8008
cmd: docker compose exec -it synapse register_new_matrix_user -u chatgptbot -p {{applications[application_id].credentials.chatgpt_bridge_user_password}} -a -c /data/homeserver.yaml http://localhost:8008
chdir: "{{ docker_compose.directories.instance }}"
ignore_errors: true
when: applications.matrix.setup | bool

6
roles/docker-matrix-compose/templates/docker-compose.yml.j2
View File

@ -70,7 +70,7 @@ services:
# volumes:
# - chatgpt_data:/storage
# environment:
# OPENAI_API_KEY: '{{matrix_chatgpt_bridge_openai_api_key}}'
# OPENAI_API_KEY: '{{applications[application_id].credentials.chatgpt_bridge_openai_api_key}}'
# # Uncomment the next two lines if you are using Azure OpenAI API
# # OPENAI_AZURE: 'false'
# # CHATGPT_REVERSE_PROXY: 'your-completion-endpoint-here'
@ -91,8 +91,8 @@ services:
# KEYV_BOT_STORAGE: 'true'
# MATRIX_HOMESERVER_URL: 'https://{{domains.matrix_synapse}}'
# MATRIX_BOT_USERNAME: '@chatgptbot:{{applications.matrix.server_name}}'
# MATRIX_ACCESS_TOKEN: '{{ matrix_chatgpt_bridge_access_token | default('') }}'
# MATRIX_BOT_PASSWORD: '{{matrix_chatgpt_bridge_user_password}}'
# MATRIX_ACCESS_TOKEN: '{{ applications[application_id].credentials.chatgpt_bridge_access_token | default('') }}'
# MATRIX_BOT_PASSWORD: '{{applications[application_id].credentials.chatgpt_bridge_user_password}}'
# MATRIX_DEFAULT_PREFIX: '!chatgpt'
# MATRIX_DEFAULT_PREFIX_REPLY: 'false'
# #MATRIX_BLACKLIST: ''

4
roles/docker-matrix-compose/templates/mautrix/facebook.config.yml.j2
View File

@ -39,7 +39,7 @@ appservice:
# Format examples:
# SQLite: sqlite:filename.db
# Postgres: postgres://username:password@hostname/dbname
database: postgres://mautrix_facebook_bridge:{{mautrix_facebook_bridge_database_password}}@{{database_host}}/mautrix_facebook_bridge
database: postgres://mautrix_facebook_bridge:{{applications[application_id].credentials.mautrix_facebook_bridge_database_password}}@{{database_host}}/mautrix_facebook_bridge
# Additional arguments for asyncpg.create_pool() or sqlite3.connect()
# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
@ -154,7 +154,7 @@ bridge:
# If using this for other servers than the bridge's server,
# you must also set the URL in the double_puppet_server_map.
login_shared_secret_map:
{{applications.matrix.server_name}}: {{matrix_registration_shared_secret}}
{{applications.matrix.server_name}}: {{applications[application_id].credentials.registration_shared_secret}}
# Should presence from Facebook be bridged? This doesn't use the same API as the Android app,
# so it might be more suspicious to Facebook.
presence_from_facebook: false

4
roles/docker-matrix-compose/templates/mautrix/instagram.config.yml.j2
View File

@ -42,7 +42,7 @@ appservice:
# Format examples:
# SQLite: sqlite:filename.db
# Postgres: postgres://username:password@hostname/dbname
database: postgres://mautrix_instagram_bridge:{{mautrix_instagram_bridge_database_password}}@{{database_host}}/mautrix_instagram_bridge
database: postgres://mautrix_instagram_bridge:{{applications[application_id].credentials.mautrix_instagram_bridge_database_password}}@{{database_host}}/mautrix_instagram_bridge
# Additional arguments for asyncpg.create_pool() or sqlite3.connect()
# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
@ -143,7 +143,7 @@ bridge:
# If using this for other servers than the bridge's server,
# you must also set the URL in the double_puppet_server_map.
login_shared_secret_map:
{{applications.matrix.server_name}}: {{matrix_registration_shared_secret}}
{{applications.matrix.server_name}}: {{applications[application_id].credentials.registration_shared_secret}}
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: true

4
roles/docker-matrix-compose/templates/mautrix/signal.config.yml.j2
View File

@ -43,7 +43,7 @@ appservice:
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: postgres://mautrix_signal_bridge:{{mautrix_signal_bridge_database_password}}@{{database_host}}/mautrix_signal_bridge?sslmode=disable
uri: postgres://mautrix_signal_bridge:{{applications[application_id].credentials.mautrix_signal_bridge_database_password}}@{{database_host}}/mautrix_signal_bridge?sslmode=disable
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
@ -150,7 +150,7 @@ bridge:
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map:
{{applications.matrix.server_name}}: {{matrix_registration_shared_secret}}
{{applications.matrix.server_name}}: {{applications[application_id].credentials.registration_shared_secret}}
# Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration
# Null means there's no enforced timeout.

4
roles/docker-matrix-compose/templates/mautrix/slack.config.yml.j2
View File

@ -43,7 +43,7 @@ appservice:
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: postgres://mautrix_slack_bridge:{{mautrix_slack_bridge_database_password}}@{{database_host}}/mautrix_slack_bridge?sslmode=disable
uri: postgres://mautrix_slack_bridge:{{applications[application_id].credentials.mautrix_slack_bridge_database_password}}@{{database_host}}/mautrix_slack_bridge?sslmode=disable
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
@ -127,7 +127,7 @@ bridge:
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map:
{{applications.matrix.server_name}}: {{matrix_registration_shared_secret}}
{{applications.matrix.server_name}}: {{applications[application_id].credentials.registration_shared_secret}}
message_handling_timeout:
# Send an error message after this timeout, but keep waiting for the response until the deadline.

8
roles/docker-matrix-compose/templates/mautrix/telegram.config.yml.j2
View File

@ -42,7 +42,7 @@ appservice:
# Format examples:
# SQLite: sqlite:filename.db
# Postgres: postgres://username:password@hostname/dbname
database: postgres://mautrix_telegram_bridge:{{mautrix_telegram_bridge_database_password}}@{{database_host}}/mautrix_telegram_bridge
database: postgres://mautrix_telegram_bridge:{{applications[application_id].credentials.mautrix_telegram_bridge_database_password}}@{{database_host}}/mautrix_telegram_bridge
# Additional arguments for asyncpg.create_pool() or sqlite3.connect()
# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
@ -209,7 +209,7 @@ bridge:
# If using this for other servers than the bridge's server,
# you must also set the URL in the double_puppet_server_map.
login_shared_secret_map:
{{applications.matrix.server_name}}: {{matrix_registration_shared_secret}}
{{applications.matrix.server_name}}: {{applications[application_id].credentials.registration_shared_secret}}
# Set to false to disable link previews in messages sent to Telegram.
telegram_link_preview: true
# Whether or not the !tg join command should do a HTTP request
@ -564,8 +564,8 @@ bridge:
# Telegram config
telegram:
# Get your own API keys at https://my.telegram.org/apps
api_id: {{mautrix_telgegram_bridge_api_id}}
api_hash: {{mautrix_telgegram_bridge_api_pin}}
api_id: {{applications[application_id].credentials.mautrix_telgegram_bridge_api_id}}
api_hash: {{applications[application_id].credentials.mautrix_telgegram_bridge_api_pin}}
# (Optional) Create your own bot at https://t.me/BotFather
bot_token: disabled

4
roles/docker-matrix-compose/templates/mautrix/whatsapp.config.yml.j2
View File

@ -42,7 +42,7 @@ appservice:
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: postgres://mautrix_whatsapp_bridge:{{mautrix_whatsapp_bridge_database_password}}@{{database_host}}/mautrix_whatsapp_bridge?sslmode=disable
uri: postgres://mautrix_whatsapp_bridge:{{applications[application_id].credentials.mautrix_whatsapp_bridge_database_password}}@{{database_host}}/mautrix_whatsapp_bridge?sslmode=disable
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
@ -245,7 +245,7 @@ bridge:
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map:
{{applications.matrix.server_name}}: {{matrix_registration_shared_secret}}
{{applications.matrix.server_name}}: {{applications[application_id].credentials.registration_shared_secret}}
# Whether to explicitly set the avatar and room name for private chat portal rooms.
# If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
# If set to `always`, all DM rooms will have explicit names and avatars set.

6
roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2
View File

@ -19,10 +19,10 @@ database:
cp_max: 10
log_config: "/data/{{domains.matrix_synapse}}.log.config"
media_store_path: "/data/media_store"
registration_shared_secret: "{{matrix_registration_shared_secret}}"
registration_shared_secret: "{{applications[application_id].credentials.registration_shared_secret}}"
report_stats: true
macaroon_secret_key: "{{matrix_macaroon_secret_key}}"
form_secret: "{{matrix_form_secret}}"
macaroon_secret_key: "{{applications[application_id].credentials.macaroon_secret_key}}"
form_secret: "{{applications[application_id].credentials.form_secret}}"
signing_key_path: "/data/{{domains.matrix_synapse}}.signing.key"
web_client_location: "{{ web_protocol }}://{{domains.matrix_element}}"
public_baseurl: "{{ web_protocol }}://{{domains.matrix_synapse}}"

18
roles/docker-matrix-compose/vars/configuration.yml Normal file
View File

@ -0,0 +1,18 @@
users:
administrator:
username: "{{users.administrator.username}}" # Accountname of the matrix admin
playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start
role: "compose" # Role to setup Matrix. Valid values: ansible, compose
server_name: "{{primary_domain}}" # Adress for the account names etc.
synapse:
version: "latest"
element:
version: "latest"
setup: false # Set true in inventory file to execute the setup and initializing procedures
features:
matomo: true
css: true
landingpage_iframe: false
oidc: false # Deactivated OIDC due to this issue https://github.com/matrix-org/synapse/issues/10492
central_database: true

Some files were not shown because too many files have changed in this diff Show More