kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-03-27 03:33:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Implemented more detailed configuration for landing_page, css and matomo and restructured code

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-03-19 20:26:43 +01:00
parent f23850068a
commit 72693e09e2
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
12 changed files with 277 additions and 159 deletions
filter_plugins
configuration_filters.py
group_vars/all
00_general.yml05_nginx.yml07_applications.yml
roles
corporate-identity/vars
main.yml
docker-matomo/vars
main.yml
docker-portfolio/templates
config.yaml.j2
nginx-docker-reverse-proxy/templates
iframe.conf.j2proxy_pass.conf.j2
nginx-modifier-all
tasks
main.yml
templates
global.includes.conf.j2
vars
main.yml

28
filter_plugins/configuration_filters.py

@ -1,25 +1,35 @@
def get_oauth2_enabled(applications, application_id):
import yaml
def get_oauth2_enabled(applications:yaml, application_id:string):
# Retrieve the application dictionary based on the ID
app = applications.get(application_id, {})
# Retrieve the value for oauth2_proxy.enabled, default is False
enabled = app.get('oauth2_proxy', {}).get('enabled', False)
return bool(enabled)
def get_oidc_enabled(applications, application_id):
def get_oidc_enabled(applications:yaml, application_id:string):
# Retrieve the application dictionary based on the ID
app = applications.get(application_id, {})
# Retrieve the value for oidc.enabled, default is False
enabled = app.get('oidc', {}).get('enabled', False)
return bool(enabled)
def get_css_enabled(applications, application_id):
# Retrieve the application dictionary based on the given application_id.
app = applications.get(application_id, {})
# Retrieve the 'enabled' value from the css key, defaulting to True if not present.
enabled = app.get('css', {}).get('enabled', True)
def get_css_enabled(applications:yaml, application_id:string):
app = applications.get(application_id)
enabled = app.get('css_enabled')
return bool(enabled)
def get_database_central_storage(applications, application_id):
def get_landingpage_iframe_enabled(applications:yaml, application_id:string):
app = applications.get(application_id)
enabled = app.get('landingpage_iframe_enabled')
return bool(enabled)
def get_matomo_tracking_enabled(applications:yaml, application_id:string):
app = applications.get(application_id)
enabled = app.get('matomo_tracking_enabled')
return bool(enabled)
def get_database_central_storage(applications:yaml, application_id:string):
"""
Retrieve the type of the database from the application dictionary.
The expected key structure is: applications[application_id]['database']['central_storage'].
@ -36,4 +46,6 @@ class FilterModule(object):
'get_oidc_enabled': get_oidc_enabled,
'get_oauth2_enabled': get_oauth2_enabled,
'get_database_central_storage': get_database_central_storage,
'get_landingpage_iframe_enabled': get_landingpage_iframe_enabled,
'get_matomo_tracking_enabled': get_matomo_tracking_enabled,
}

17
group_vars/all/00_general.yml

@ -52,3 +52,20 @@ enable_wildcard_certificate: false
# This enables debugging in ansible and in the apps
# You SHOULD NOT enable this on production servers
enable_debug: false
#########################
## ENABLED DEFAULTS ##
#########################
# The following defaults are used for the default_applications
# It can be that in a default_applications the value for one application is overwritten.
# You can overwritte it in this case in the applications in your inventory
## Matomo Tracking
matomo_tracking_enabled_default: true # Enables\Disables Matomo tracking on all html pages by default.
## CSS
css_enabled_default: true # Enables\Disables Global CSS on all html pages by default.
## iframe for primary domain
landingpage_iframe_enabled: false # Enables\Disables the possibility to be embedded via iframe by default.

5
group_vars/all/05_nginx.yml

@ -15,7 +15,4 @@ nginx:
files: "/var/www/public_files/" # Path where the web accessable files are stored
global: "/var/www/global/" # Directory containing files which will be globaly accessable
user: "http" # Default nginx user in ArchLinux
iframe: true # Allows applications to be loaded in iframe
## Matomo Tracking
global_matomo_tracking_enabled: false # Activates matomo tracking on all html pages. Change this in inventory.
iframe: true # Allows applications to be loaded in iframe

248
group_vars/all/07_applications.yml

@ -26,29 +26,41 @@ defaults_applications:
setup_admin_email: "{{users.administrator.email}}"
database:
central_storage: True
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## Attendize
attendize:
version: "latest"
database:
central_storage: True
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## Baserow
baserow:
version: "latest"
database:
central_storage: True
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## Big Blue Button
bigbluebutton:
enable_greenlight: "true"
setup: false # Set to true in inventory file for initial setup
setup: false # Set to true in inventory file for initial setup
oidc:
enabled: true # Activate OIDC
enabled: true # Activate OIDC
database:
central_storage: True
ldap:
enabled: False # @todo LDAP needs to get propper implemented and tested, just set values during refactoring
enabled: False # @todo LDAP needs to get propper implemented and tested, just set values during refactoring
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## Bluesky
bluesky:
@ -57,79 +69,103 @@ defaults_applications:
email: "{{users.administrator.email}}"
pds:
version: "latest"
#jwt_secret: # Needs to be defined in inventory file - Use: openssl rand -base64 64 | tr -d '\n'
#plc_rotation_key_k256_private_key_hex: # Needs to be defined in inventory file - Use: openssl rand -hex 32
#admin_password: # Needs to be defined in inventory file - Use: openssl rand -base64 16
#jwt_secret: # Needs to be defined in inventory file - Use: openssl rand -base64 64 | tr -d '\n'
#plc_rotation_key_k256_private_key_hex: # Needs to be defined in inventory file - Use: openssl rand -hex 32
#admin_password: # Needs to be defined in inventory file - Use: openssl rand -base64 16
database:
central_storage: True
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
coturn: # @todo implement
credentials:
user: turnuser
# password: # Need to be defined in invetory file
# secret: # Need to be defined in invetory file
# password: # Need to be defined in invetory file
# secret: # Need to be defined in invetory file
## Discourse:
discourse:
network: "discourse_default" # Name of the docker network
container: "discourse_application" # Name of the container application
repository: "discourse_repository" # Name of the repository folder
# database_password: # Needs to be defined in inventory file
network: "discourse_default" # Name of the docker network
container: "discourse_application" # Name of the container application
repository: "discourse_repository" # Name of the repository folder
# database_password: # Needs to be defined in inventory file
oidc:
enabled: true # Activate OIDC
enabled: true # Activate OIDC
database:
central_storage: True # Activate Central Database Storage
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## Friendica
friendica:
version: "latest"
oidc:
enabled: true # Activate OIDC. Plugin is not working yet
enabled: true # Activate OIDC. Plugin is not working yet
database:
central_storage: True # Activate Central Database Storage
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## Funkwhale
funkwhale:
version: "1.4.0"
ldap:
enabled: True # Enables LDAP by default @todo check implementation
enabled: True # Enables LDAP by default @todo check implementation
database:
central_storage: True # Activate Central Database Storage
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## Gitea
gitea:
version: "latest" # Use latest docker image
version: "latest" # Use latest docker image
database:
central_storage: True # Activate Central Database Storage
central_storage: True # Activate Central Database Storage
configuration:
repository:
enable_push_create_user: True # Allow users to push local repositories to Gitea and have them automatically created for a user.
default_private: last # Default private when creating a new repository: last, private, public
default_push_create_private: True # Default private when creating a new repository with push-to-create.
enable_push_create_user: True # Allow users to push local repositories to Gitea and have them automatically created for a user.
default_private: last # Default private when creating a new repository: last, private, public
default_push_create_private: True # Default private when creating a new repository with push-to-create.
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## Gitlab
gitlab:
version: "latest"
database:
central_storage: True # Activate Central Database Storage
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## Joomla
joomla:
version: "latest"
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## Keycloak
keycloak:
version: "latest"
users:
administrator:
username: "{{users.administrator.username}}" # Administrator Username for Keycloak
username: "{{users.administrator.username}}" # Administrator Username for Keycloak
ldap:
enabled: True # Enables LDAP by default
import_realm: True # If True realm will be imported. If false skip.
enabled: True # Enables LDAP by default
import_realm: True # If True realm will be imported. If false skip.
database:
central_storage: True # Activate Central Database Storage
# database_password: # Needs to be defined in inventory file
# administrator_password: # Needs to be defined in inventory file
central_storage: True # Activate Central Database Storage
# database_password: # Needs to be defined in inventory file
# administrator_password: # Needs to be defined in inventory file
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## LDAP
ldap:
@ -160,32 +196,41 @@ defaults_applications:
central_storage: false # LDAP doesn't use an database in the current configuration. Propably a good idea to implement one later.
# administrator_password: # CHANGE for security reasons in inventory file
# administrator_database_password: # CHANGE for security reasons in inventory file
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## Listmonk
listmonk:
users:
administrator:
username: "{{users.administrator.username}}" # Listmonk administrator account username
public_api_activated: False # Security hole. Can be used for spaming
version: "latest" # Docker Image version
setup: false # Set true in inventory file to execute the setup and initializing procedures
username: "{{users.administrator.username}}" # Listmonk administrator account username
public_api_activated: False # Security hole. Can be used for spaming
version: "latest" # Docker Image version
setup: false # Set true in inventory file to execute the setup and initializing procedures
database:
central_storage: True # Activate Central Database Storage
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
mailu:
version: "2024.06" # Docker Image Version
setup: false # Set true in inventory file to execute the setup and initializing procedures
version: "2024.06" # Docker Image Version
setup: false # Set true in inventory file to execute the setup and initializing procedures
oidc:
enabled: true # Activate OIDC for Mailu
domain: "{{primary_domain}}" # The main domain from which mails will be send \ email suffix behind @
enabled: true # Activate OIDC for Mailu
domain: "{{primary_domain}}" # The main domain from which mails will be send \ email suffix behind @
# I don't know why the database deactivation is necessary
database:
central_storage: False # Deactivate central database for mailu
central_storage: False # Deactivate central database for mailu
credentials:
# secret_key: # Set to a randomly generated 16 bytes string
# database_password: # Needs to be set in inventory file
# api_token: # Configures the authentication token. The minimum length is 3 characters. This is a mandatory setting for using the RESTful API.
# initial_administrator_password: # Initial administrator password for setup
# secret_key: # Set to a randomly generated 16 bytes string
# database_password: # Needs to be set in inventory file
# api_token: # Configures the authentication token. The minimum length is 3 characters. This is a mandatory setting for using the RESTful API.
# initial_administrator_password: # Initial administrator password for setup
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## MariaDB
mariadb:
@ -199,20 +244,21 @@ defaults_applications:
# cookie_secret: None # Set via openssl rand -hex 16
# database_password: Null # Needs to be set in inventory file
# auth_token: Null # Needs to be set in inventory file
css:
enabled: false # The css isn't optimized yet for Matomo
database:
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: false # Activate in inventory file if you want to have the statistics, as soon as matomo is running
css_enabled: false # Not optimized yet for matomo
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## Mastodon
mastodon:
version: "latest"
single_user_mode: false # Set true for initial setup
setup: false # Set true in inventory file to execute the setup and initializing procedures
single_user_mode: false # Set true for initial setup
setup: false # Set true in inventory file to execute the setup and initializing procedures
database:
central_storage: True # Activate Central Database Storage
central_storage: True # Activate Central Database Storage
oidc:
enabled: True # Activate OIDC for Mastodon
enabled: True # Activate OIDC for Mastodon
credentials:
# Check out the README.md of the docker-mastodon role to get detailled instructions about how to setup the credentials
# database_password:
@ -225,24 +271,30 @@ defaults_applications:
# deterministic_key:
# key_derivation_salt:
# primary_key:
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## Matrix
matrix:
users:
administrator:
username: "{{users.administrator.username}}" # Accountname of the matrix admin
playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start
role: "compose" # Role to setup Matrix. Valid values: ansible, compose
server_name: "{{primary_domain}}" # Adress for the account names etc.
username: "{{users.administrator.username}}" # Accountname of the matrix admin
playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start
role: "compose" # Role to setup Matrix. Valid values: ansible, compose
server_name: "{{primary_domain}}" # Adress for the account names etc.
synapse:
version: "latest"
element:
version: "latest"
setup: false # Set true in inventory file to execute the setup and initializing procedures
setup: false # Set true in inventory file to execute the setup and initializing procedures
database:
central_storage: True # Activate Central Database Storage
central_storage: True # Activate Central Database Storage
oidc:
enabled: False # Deactivated OIDC due to this issue https://github.com/matrix-org/synapse/issues/10492
enabled: False # Deactivated OIDC due to this issue https://github.com/matrix-org/synapse/issues/10492
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## Moodle
moodle:
@ -253,13 +305,19 @@ defaults_applications:
email: "{{users.administrator.email}}"
version: "latest"
database:
central_storage: True # Activate Central Database Storage
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## MyBB
mybb:
version: "latest"
database:
central_storage: True # Activate Central Database Storage
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## Nextcloud
nextcloud:
@ -482,56 +540,74 @@ defaults_applications:
whiteboard:
# Nextcloud Whiteboard: provides a collaborative drawing and brainstorming tool (https://apps.nextcloud.com/apps/whiteboard)
enabled: true
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## OAuth2 Proxy
oauth2_proxy:
configuration_file: "oauth2-proxy-keycloak.cfg" # Needs to be set true in the roles which use it
version: "latest" # Docker Image version
redirect_url: "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## Open Project
openproject:
version: "13" # Update when available. Sadly no rolling release implemented
version: "13" # Update when available. Sadly no rolling release implemented
oauth2_proxy:
enabled: true # OpenProject doesn't support OIDC, so this procy in combination with LDAP is needed
enabled: true # OpenProject doesn't support OIDC, so this procy in combination with LDAP is needed
application: "proxy"
port: "80"
# cookie_secret: None # Set via openssl rand -hex 16
# cookie_secret: None # Set via openssl rand -hex 16
ldap:
enabled: True # Enables LDAP by default
enabled: True # Enables LDAP by default
database:
central_storage: True # Activate Central Database Storage
central_storage: True # Activate Central Database Storage
css:
enabled: false # Temporary deactivated due to bugs
# @todo Solve and reactivate
enabled: false # Temporary deactivated due to bugs
# @todo Solve and reactivate
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## Peertube
peertube:
version: "bookworm"
database:
central_storage: True # Activate Central Database Storage
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## PHPMyAdmin
phpmyadmin:
version: "latest"
autologin: false # This is a high security risk. Just activate this option if you know what you're doing
autologin: false # This is a high security risk. Just activate this option if you know what you're doing
oauth2_proxy:
enabled: true
port: "80"
application: "application"
# cookie_secret: None # Set via openssl rand -hex 16
# cookie_secret: None # Set via openssl rand -hex 16
database:
central_storage: True # Activate Central Database Storage
central_storage: True # Activate Central Database Storage
css:
enabled: False # The css needs more optimation for PHPMyAdmin
enabled: False # The css needs more optimation for PHPMyAdmin
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## Pixelfed
pixelfed:
titel: "Pictures on {{primary_domain}}"
version: "latest"
database:
central_storage: True # Activate Central Database Storage
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## Postgres
# Please set an version in your inventory file - Rolling release for postgres isn't recommended
@ -541,18 +617,27 @@ defaults_applications:
portfolio:
database:
central_storage: False # Portfolio doesn't use any database
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: false # Doesn't make sense to load landingpage in landingpage
# Snipe-IT
snipe_it:
version: "latest"
database:
central_storage: True # Activate Central Database Storage
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## Sphinx
sphinx:
version: "3.9-slim" # Use latest docker image
repository_sphinx_source: "https://github.com/kevinveenbirkenbach/cymais.git" # Repository address to pull the source repository from
sphinx_exec_dir_relative: "sphinx/" # The relative path to the sphinx Makefile folder from the source dir
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: true # Makes sense to make the documentary allways in iframe available
## Taiga
@ -560,6 +645,9 @@ defaults_applications:
version: "latest"
database:
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## YOURLS
yourls:
@ -575,6 +663,9 @@ defaults_applications:
# cookie_secret: None # Set via openssl rand -hex 16
database:
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
wordpress:
# Deactivate Global theming for wordpress role
@ -583,7 +674,8 @@ defaults_applications:
#
# May a solution could be to generate a template or css file dedicated
# for wordpress based on the theming values and import it.
css:
enabled: false
database:
central_storage: True # Activate Central Database Storage
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: false # CSS is hard to tweak for wordpress
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe

0
roles/corporate-identity/vars/main.yml Normal file

6
roles/docker-matomo/vars/main.yml

@ -4,8 +4,4 @@ database_type: "mariadb"
database_password: "{{applications.matomo.database_password}}"
# I don't know if this is still necessary
domain: "{{domains.matomo}}"
# Disable matomo tracking, because otherwise recursiv loading technics would be neccessary
# This is the default value and it will be overwritten by set fact in main.yml
global_matomo_tracking_enabled: false
domain: "{{domains.matomo}}"

108
roles/docker-portfolio/templates/config.yaml.j2

@ -25,7 +25,7 @@ accounts:
class: fa-brands fa-mastodon
url: "https://{{ service_provider.contact.mastodon.split('@')[2] }}/@{{ service_provider.contact.mastodon.split('@')[1] }}"
identifier: "{{service_provider.contact.mastodon}}"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('mastodon') }}
{% endif %}
{% if service_provider.contact.bluesky is defined and service_provider.contact.bluesky != "" %}
@ -48,7 +48,7 @@ accounts:
class: fa-solid fa-camera
identifier: "{{service_provider.contact.pixelfed}}"
url: "https://{{ service_provider.contact.pixelfed.split('@')[2] }}/@{{ service_provider.contact.pixelfed.split('@')[1] }}"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('pixelfed') }}
{% endif %}
{% if service_provider.contact.peertube is defined and service_provider.contact.peertube != "" %}
@ -60,7 +60,7 @@ accounts:
class: fa-solid fa-video
identifier: "{{service_provider.contact.peertube}}"
url: "https://{{ service_provider.contact.peertube.split('@')[2] }}/@{{ service_provider.contact.peertube.split('@')[1] }}"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('peertube') }}
{% endif %}
{% if service_provider.contact.wordpress is defined and service_provider.contact.wordpress != "" %}
@ -72,7 +72,7 @@ accounts:
class: fa-solid fa-blog
identifier: "{{service_provider.contact.wordpress}}"
url: "https://{{ service_provider.contact.wordpress.split('@')[2] }}/@{{ service_provider.contact.wordpress.split('@')[1] }}"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('wordpress') }}
{% endif %}
{% if service_provider.contact.source_code is defined and service_provider.contact.source_code != "" %}
@ -94,7 +94,7 @@ accounts:
class: fas fa-network-wired
identifier: "{{service_provider.contact.friendica}}"
url: "https://{{ service_provider.contact.friendica.split('@')[2] }}/@{{ service_provider.contact.friendica.split('@')[1] }}"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('friendica') }}
{% endif %}
@ -110,7 +110,7 @@ cards:
text: "Experience the power of Matomo, an innovative open-source analytics platform that delivers real-time insights, robust visitor tracking, and privacy-first features to elevate your website performance. Dive into actionable data with unmatched precision and clarity!"
url: https://{{domains.matomo}}
link_text: "Discover Matomo Now!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('matomo') }}
{% endif %}
{% if "ldap" in group_names %}
@ -121,7 +121,7 @@ cards:
text: "Unleash the potential of centralized identity management with our vibrant LDAP solution. Enjoy seamless authentication, efficient user management, and enhanced security that empowers your organization to stay connected, agile, and ahead of the curve in digital transformation."
url: https://{{domains.ldap}}
link_text: "Empower Your Network!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('ldap') }}
{% endif %}
{% if "keycloak" in group_names %}
@ -132,7 +132,7 @@ cards:
text: "Step into a secure future with Keycloak! Our dynamic identity and access management solution offers streamlined SSO capabilities, robust security measures, and an intuitive user experience that propels your applications to unprecedented heights of performance and reliability."
url: https://{{domains.keycloak}}
link_text: "Secure Your Future Now!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('keycloak') }}
{% endif %}
{% if "nextcloud" in group_names %}
@ -143,7 +143,7 @@ cards:
text: "Elevate your collaboration with Nextcloud, a vibrant self-hosted cloud solution designed for dynamic file sharing, seamless communication, and effortless teamwork. Embrace unparalleled control, flexibility, and a boosted digital workspace that adapts to your every need."
url: https://{{domains.nextcloud}}
link_text: "Experience Nextcloud Today!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('nextcloud') }}
{% endif %}
{% if "gitea" in group_names %}
@ -154,7 +154,7 @@ cards:
text: "Boost your development journey with Gitea, a lightweight and energetic self-hosted Git service that offers efficient code collaboration, intuitive version control, and an agile environment for your projects. Ignite your coding spirit, innovate faster, and code with confidence!"
url: https://{{domains.gitea}}
link_text: "Ignite Your Code Now!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('gitea') }}
{% endif %}
{% if "wordpress" in group_names %}
@ -165,6 +165,8 @@ cards:
text: "Unleash your creative potential with WordPress, a dynamic platform that empowers you to build, manage, and scale stunning websites and blogs effortlessly. Experience an ever-evolving ecosystem that inspires innovation and drives digital success with every click."
url: https://{{domains.wordpress}}
link_text: "Launch Your Site Today!"
iframe: {{ applications | get_landingpage_iframe_enabled('wordpress') }}
{% endif %}
{% if "mediawiki" in group_names %}
@ -175,7 +177,7 @@ cards:
text: "Empower your knowledge base with MediaWiki, a versatile and collaborative platform designed to build comprehensive, user-driven documentation. Embrace an energetic community and innovative tools that turn information into a vibrant, living resource."
url: https://{{domains.mediawiki}}
link_text: "Explore MediaWiki Now!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('mediawiki') }}
{% endif %}
{% if "mybb" in group_names %}
@ -186,7 +188,7 @@ cards:
text: "Transform your community engagement with MyBB, a feature-rich forum solution that combines modern design with robust functionality. Enjoy dynamic discussions, intuitive moderation, and an energetic user interface that brings people together like never before."
url: https://{{domains.mybb}}
link_text: "Join the Conversation!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('mybb') }}
{% endif %}
{% if "yourls" in group_names %}
@ -197,7 +199,7 @@ cards:
text: "Streamline your online presence with YOURLS, a nimble URL shortening solution that makes sharing links faster, easier, and more engaging. Enjoy the benefits of enhanced tracking and a user-friendly interface that energizes your digital strategy."
url: https://{{domains.yourls}}
link_text: "Shorten Links Instantly!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('yourls') }}
{% endif %}
{% if "mailu" in group_names %}
@ -208,7 +210,7 @@ cards:
text: "Revolutionize your email communications with Mailu, a secure and flexible mail server solution that integrates seamlessly into your workflow. Experience enhanced reliability, robust security, and an energetic approach to managing your digital correspondence."
url: https://{{domains.mailu}}
link_text: "Elevate Your Email Now!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('mailu') }}
{% endif %}
{% if "mastodon" in group_names %}
@ -219,7 +221,7 @@ cards:
text: "Dive into a decentralized social experience with Mastodon, a vibrant platform that redefines online communication with its community-driven approach. Enjoy a refreshing burst of innovation, freedom, and energetic interaction every time you connect."
url: https://{{domains.mastodon}}
link_text: "Join the Social Revolution!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('mastodon') }}
{% endif %}
{% if "pixelfed" in group_names %}
@ -230,7 +232,7 @@ cards:
text: "Showcase your visual story with Pixelfed, an inspiring self-hosted image sharing platform that champions creativity and privacy. Revel in a dynamic, artistic environment where every photo is a window to endless possibilities and vibrant expression."
url: https://{{domains.pixelfed}}
link_text: "Share Your Vision Now!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('pixelfed') }}
{% endif %}
{% if "peertube" in group_names %}
@ -241,7 +243,7 @@ cards:
text: "Embrace a new era of video hosting with PeerTube, a decentralized platform that empowers creators with freedom, innovation, and a community-focused approach. Experience seamless streaming and dynamic sharing that fuels your creative ambitions."
url: https://{{domains.peertube}}
link_text: "Stream with Freedom!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('peertube') }}
{% endif %}
{% if "bigbluebutton" in group_names %}
@ -252,7 +254,7 @@ cards:
text: "Transform online learning and collaboration with BigBlueButton, an interactive web conferencing solution designed to energize virtual classrooms and meetings. Enjoy dynamic tools and an engaging environment that makes every session a powerful learning experience."
url: https://{{domains.bigbluebutton}}
link_text: "Start Your Virtual Session!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('bigbluebutton') }}
{% endif %}
{% if "funkwhale" in group_names %}
@ -263,7 +265,7 @@ cards:
text: "Dive into a world of rhythm and sound with Funkwhale, an innovative self-hosted music sharing platform that celebrates creativity and community. Experience an energetic soundscape and seamless music streaming that amplifies your passion for tunes."
url: https://{{domains.funkwhale}}
link_text: "Jam Out Now!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('funkwhale') }}
{% endif %}
{% if "joomla" in group_names %}
@ -274,7 +276,7 @@ cards:
text: "Elevate your website management with Joomla, a powerful content management system that fuses versatility with dynamic design. Experience a vibrant platform that inspires creativity and drives your digital presence to new, energetic heights."
url: https://{{domains.joomla}}
link_text: "Build with Joomla Today!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('joomla') }}
{% endif %}
{% if "attendize" in group_names %}
@ -285,7 +287,7 @@ cards:
text: "Revolutionize your event management with Attendize, an energetic and intuitive platform designed to streamline ticketing and event planning. Enjoy a feature-rich, user-friendly solution that transforms every event into an unforgettable experience."
url: https://{{domains.attendize}}
link_text: "Plan Your Event Now!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('attendize') }}
{% endif %}
{% if "baserow" in group_names %}
@ -296,7 +298,7 @@ cards:
text: "Empower your data management with Baserow, an innovative platform that makes building and managing databases both fun and efficient. Enjoy a dynamic interface, seamless collaboration, and energetic tools that supercharge your workflow."
url: https://{{domains.baserow}}
link_text: "Manage Data with Ease!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('baserow') }}
{% endif %}
{% if "listmonk" in group_names %}
@ -307,7 +309,7 @@ cards:
text: "Elevate your email marketing with Listmonk, a high-energy, self-hosted solution that offers powerful newsletter management and analytics. Enjoy an intuitive design, robust features, and a spirited approach that takes your campaigns to the next level."
url: https://{{domains.listmonk}}
link_text: "Boost Your Campaigns Now!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('listmonk') }}
{% endif %}
{% if "discourse" in group_names %}
@ -318,7 +320,7 @@ cards:
text: "Ignite community conversations with Discourse, an innovative forum platform that redefines online discussions with its modern, engaging interface. Experience an energetic, user-friendly environment that brings people together and fuels vibrant exchanges."
url: https://{{domains.discourse}}
link_text: "Join the Discussion!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('discourse') }}
{% endif %}
{% if "matrix" in group_names %}
@ -329,7 +331,7 @@ cards:
text: "Step into the future of communication with Matrix, a dynamic and decentralized platform that delivers secure, real-time messaging and collaboration. Enjoy an innovative ecosystem that energizes your digital interactions and connects you globally."
url: https://{{domains.matrix_synapse}}
link_text: "Connect on Matrix Now!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('matrix') }}
{% endif %}
{% if "openproject" in group_names %}
@ -340,7 +342,7 @@ cards:
text: "Transform your project management with OpenProject, a vibrant and collaborative tool that brings clarity and energy to your planning, tracking, and team communication. Experience streamlined workflows and an innovative platform that propels your projects forward."
url: https://{{domains.openproject}}
link_text: "Manage Projects Dynamically!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('openproject') }}
{% endif %}
{% if "gitlab" in group_names %}
@ -351,7 +353,7 @@ cards:
text: "Accelerate your software development with GitLab, an energetic, all-in-one platform for source code management and continuous integration. Experience a robust, collaborative environment that empowers teams to innovate and deliver exceptional results."
url: https://{{domains.gitlab}}
link_text: "Revolutionize Your DevOps!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('gitlab') }}
{% endif %}
{% if "akaunting" in group_names %}
@ -362,7 +364,7 @@ cards:
text: "Empower your financial management with Akaunting, a dynamic and feature-rich accounting platform designed to simplify your bookkeeping and boost your business growth. Enjoy intuitive tools, real-time insights, and an energetic approach to your finances."
url: https://{{domains.akaunting}}
link_text: "Transform Your Finances Today!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('akaunting') }}
{% endif %}
{% if "moodle" in group_names %}
@ -373,7 +375,7 @@ cards:
text: "Ignite the learning experience with Moodle, a powerful and versatile platform for online education that energizes classrooms and fosters interactive learning. Embrace innovative tools, engaging content, and a dynamic community of educators and learners."
url: https://{{domains.moodle}}
link_text: "Start Learning Now!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('moodle') }}
{% endif %}
{% if "taiga" in group_names %}
@ -384,7 +386,7 @@ cards:
text: "Supercharge your project management with Taiga, a dynamic and agile tool designed for teams that thrive on creativity and collaboration. Experience a vibrant interface, robust task tracking, and an energetic platform that drives your projects to success."
url: https://{{domains.taiga}}
link_text: "Boost Your Projects Now!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('taiga') }}
{% endif %}
{% if "friendica" in group_names %}
@ -395,7 +397,7 @@ cards:
text: "Connect and share like never before with Friendica, an innovative social networking platform that celebrates community, freedom, and dynamic interactions. Enjoy a spirited and open environment where every connection is a step toward a more engaging digital world."
url: https://{{domains.friendica}}
link_text: "Join the Social Movement!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('friendica') }}
{% endif %}
{% if "portfolio" in group_names %}
@ -406,7 +408,7 @@ cards:
text: "Showcase your professional journey with Portfolio, a dynamic platform that combines creativity and functionality to highlight your achievements. Experience an energetic design, intuitive features, and a compelling way to present your work to the world."
url: https://{{domains.portfolio}}
link_text: "Elevate Your Profile Now!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('portfolio') }}
{% endif %}
{% if "bluesky" in group_names %}
@ -417,7 +419,7 @@ cards:
text: "Soar to new digital heights with Bluesky, an innovative platform that reimagines social networking with its forward-thinking, community-driven approach. Experience a burst of energy, creativity, and the freedom to connect in a truly inspiring way."
url: https://{{domains.bluesky}}
link_text: "Soar with Bluesky Today!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('bluesky') }}
{% endif %}
@ -429,7 +431,7 @@ cards:
text: "Unlock comprehensive insights with our extensive documentation. Explore guides, tutorials, and support resources designed to help you navigate our software effortlessly."
url: https://{{domains.sphinx}}
link_text: "Explore Documentation Now!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('sphinx') }}
{% endif %}
@ -442,7 +444,7 @@ cards:
text: "Manage your databases with confidence using PHPMyAdmin, a robust and dynamic tool designed to simplify administration and enhance productivity. Enjoy an intuitive interface, powerful features, and an energetic approach that makes database management a breeze."
url: https://{{domains.phpmyadmin}}
link_text: "Optimize Your Database Now!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('phpmyadmin') }}
{% endif %}
{% if "snipe_it" in group_names %}
@ -453,7 +455,7 @@ cards:
text: "Streamline your asset management with SNIPE-IT, a cutting-edge solution that brings efficiency, clarity, and energy to tracking your hardware and software inventory. Experience a user-friendly design and dynamic features that make asset management simple and engaging."
url: https://{{domains.snipe_it}}
link_text: "Manage Assets Effortlessly!"
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('snipe_it') }}
{% endif %}
@ -540,7 +542,7 @@ navigation:
icon:
class: fa-brands fa-discourse
url: https://{{domains.discourse}}/
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('discourse') }}
{% endif %}
{% if "moodle" in group_names %}
@ -550,7 +552,7 @@ navigation:
icon:
class: fa-solid fa-graduation-cap
url: https://{{domains.moodle}}/
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('moodle') }}
{% endif %}
{% if "listmonk" in group_names %}
@ -560,7 +562,7 @@ navigation:
icon:
class: fa-solid fa-envelope-open-text
url: https://{{domains.listmonk}}/subscription/form
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('listmonk') }}
{% endif %}
{% endif %}
@ -579,7 +581,7 @@ navigation:
icon:
class: fa-solid fa-tasks
url: https://{{domains.openproject}}/
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('openproject') }}
{% endif %}
{% if "taiga" in group_names %}
@ -589,7 +591,7 @@ navigation:
icon:
class: bi bi-clipboard2-check-fill
url: https://{{domains.taiga}}/
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('taiga') }}
{% endif %}
{% if "snipe_it" in group_names %}
@ -599,7 +601,7 @@ navigation:
icon:
class: fas fa-box-open
url: https://{{domains.snipe_it}}/
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('snipe_it') }}
{% endif %}
{% endif %}
@ -617,7 +619,7 @@ navigation:
icon:
class: fa-solid fa-comment
url: https://{{domains.matrix_element}}/
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('matrix') }}
{% endif %}
{% if "bigbluebutton" in group_names %}
@ -627,7 +629,7 @@ navigation:
icon:
class: fa-solid fa-video
url: https://{{domains.bigbluebutton}}/
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('bigbluebutton') }}
{% endif %}
{% if "mailu" in group_names %}
@ -637,7 +639,7 @@ navigation:
icon:
class: fa-solid fa-envelope
url: https://{{domains.mailu}}/
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('mailu') }}
{% endif %}
{% endif %}
@ -655,7 +657,7 @@ navigation:
icon:
class: fa-solid fa-chart-simple
url: https://{{domains.matomo}}/
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('matomo') }}
{% endif %}
{% if "phpmyadmin" in group_names %}
@ -665,7 +667,7 @@ navigation:
icon:
class: fas fa-database
url: https://{{domains.phpmyadmin}}/
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('phpmyadmin') }}
{% endif %}
{% if "keycloak" in group_names %}
@ -675,7 +677,7 @@ navigation:
icon:
class: fas fa-user-shield
url: https://{{domains.keycloak}}/admin
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('keycloak') }}
{% endif %}
{% if "ldap" in group_names %}
@ -685,7 +687,7 @@ navigation:
icon:
class: fas fa-key
url: https://{{domains.ldap}}/
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('ldap') }}
{% endif %}
{% endif %}
@ -703,7 +705,7 @@ navigation:
icon:
class: fa-solid fa-table
url: https://{{domains.baserow}}/
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('baserow') }}
{% endif %}
{% if "yourls" in group_names %}
@ -713,7 +715,7 @@ navigation:
icon:
class: bi bi-link
url: https://{{domains.yourls}}/admin/
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('yourls') }}
{% endif %}
{% if "nextcloud" in group_names %}
@ -723,7 +725,7 @@ navigation:
icon:
class: fa-solid fa-cloud
url: https://{{domains.nextcloud}}/
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('nextcloud') }}
{% endif %}
{% endif %}
@ -762,7 +764,7 @@ navigation:
icon:
class: fas fa-book
url: https://{{domains.sphinx}}
iframe: true
iframe: {{ applications | get_landingpage_iframe_enabled('sphinx') }}
{% endif %}

4
roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2 Normal file

@ -0,0 +1,4 @@
{% if landingpage_iframe_enabled | bool %}
add_header X-Frame-Options "SAMEORIGIN" always; # Allow iframe embedding only from the same origin
add_header Content-Security-Policy "frame-ancestors {{primary_domain}};" always; # Restrict embedding to the specified primary domain
{% endif %}

7
roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2

@ -14,12 +14,7 @@ location {{location | default("/")}}
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Accept-Encoding "";
{% if nginx.iframe | bool %}
# activate embedding via iframe
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Content-Security-Policy "frame-ancestors {{primary_domain}} 'self' *.{{primary_domain}};" always;
{% endif %}
{% include 'iframe.conf.j2' %}
# WebSocket specific header
proxy_http_version 1.1;

2
roles/nginx-modifier-all/tasks/main.yml

@ -6,4 +6,4 @@
- name: "Activate Global Matomo Tracking for {{domain}}"
include_role:
name: nginx-modifier-matomo
when: global_matomo_tracking_enabled | bool
when: matomo_tracking_enabled | bool

8
roles/nginx-modifier-all/templates/global.includes.conf.j2

@ -2,16 +2,16 @@
sub_filter_once off;
sub_filter_types text/html;
{% if global_matomo_tracking_enabled | bool %}
{% if matomo_tracking_enabled | bool %}
{# Include Global Matomo Tracking #}
{% include 'roles/nginx-modifier-matomo/templates/matomo-tracking.conf.j2' %}
{% endif %}
{% if applications | get_css_enabled(application_id) or global_matomo_tracking_enabled | bool%}
sub_filter '</head>' '{% if global_matomo_tracking_enabled | bool %}{% include 'roles/nginx-modifier-matomo/templates/script.j2' %}{% endif %}{% if applications | get_css_enabled(application_id) %}{% include 'roles/nginx-modifier-css/templates/link.j2' %}{% endif %}</head>';
{% if css_enabled | bool or matomo_tracking_enabled | bool %}
sub_filter '</head>' '{% if matomo_tracking_enabled | bool %}{% include 'roles/nginx-modifier-matomo/templates/script.j2' %}{% endif %}{% if css_enabled | bool %}{% include 'roles/nginx-modifier-css/templates/link.j2' %}{% endif %}</head>';
{% endif %}
{% if applications | get_css_enabled(application_id) %}
{% if css_enabled | bool %}
{# Include Global CSS Location #}
{% include 'roles/nginx-modifier-css/templates/location.conf.j2' %}
{% endif %}

3
roles/nginx-modifier-all/vars/main.yml Normal file

@ -0,0 +1,3 @@
matomo_tracking_enabled: "{{ matomo_tracking_enabled | default(applications | get_matomo_tracking_enabled(application_id)) }}"
css_enabled: "{{ css_enabled | default (applications | get_css_enabled(application_id)) }}"
landingpage_iframe_enabled: "{{ landingpage_iframe_enabled | default (applications | get_landingpage_iframe_enabled(application_id)) }}"