kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-07-17 05:54:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Semi bsr for applications[] to prevent heavy to debug bugs in j2 - part 1

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-07-13 15:11:38 +02:00
parent 4cc4195fab
commit 756597668c
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
107 changed files with 277 additions and 277 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
cli/fix/replace_by_get_app_config.sh Normal file → Executable file
View File

8
roles/desk-chromium/templates/extensions_policy.json.j2
View File

@ -1,14 +1,14 @@
{
"ExtensionInstallForcelist": [
{% for plugin in applications[application_id].chromium.plugins -%}
{% for plugin in applications | get_app_conf(application_id, 'chromium.plugins', True) -%}
"{{ plugin.id }};{{ plugin.update_url }}"{% if not loop.last %},{% endif %}
{% endfor %}
],
"ExtensionSettings": {
"*": {
"installation_mode": "{{ applications[application_id].default_installation_mode }}"
"installation_mode": "{{ applications | get_app_conf(application_id, 'default_installation_mode', True) }}"
}
{% for plugin in applications[application_id].chromium.plugins -%},
{% for plugin in applications | get_app_conf(application_id, 'chromium.plugins', True) -%},
"{{ plugin.id }}": {
"installation_mode": "{{ plugin.installation_mode }}",
"update_url": "{{ plugin.update_url }}",
@ -16,5 +16,5 @@
}
{% endfor %}
},
"PasswordManagerEnabled": {{ applications[application_id].password_manager_enabled }}
"PasswordManagerEnabled": {{ applications | get_app_conf(application_id, 'password_manager_enabled', True) }}
}

2
roles/desk-firefox/templates/policies.json.j2
View File

@ -2,7 +2,7 @@
"policies": {
"Extensions": {
"Install": [
{% for plugin in applications[application_id].plugins -%}
{% for plugin in applications | get_app_conf(application_id, 'plugins', True) -%}
"{{ plugin }}"{% if not loop.last %},{% endif %}
{% endfor %}
]

2
roles/desk-gnome-extensions/tasks/main.yml
View File

@ -10,5 +10,5 @@
- name: Execute CLI GNOME Extension manager script
ansible.builtin.shell: cli-gnome-extension-manager "{{ item[0] }}" "{{ item[1] }}" "{{ item[2] }}"
loop: "{{ applications[application_id].plugins }}"
loop: "{{ applications | get_app_conf(application_id, 'plugins', True) }}"
become: false

2
roles/srv-proxy-7-4-core/templates/vhost/basic.conf.j2
View File

@ -16,7 +16,7 @@ server
{% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %}
{% if applications | is_feature_enabled('oauth2', application_id) %}
{% set acl = applications[application_id].oauth2_proxy.acl | default({}) %}
{% set acl = applications | get_app_conf(application_id, 'oauth2_proxy.acl', True) | default({}) %}
{% if acl.blacklist is defined %}
{# 1. Expose everything by default, then protect blacklisted paths #}

10
roles/svc-db-openldap/handlers/main.yml
View File

@ -1,6 +1,6 @@
- name: Load memberof module from file in OpenLDAP container
shell: >
docker exec -i {{ applications[application_id].hostname }} ldapmodify -Y EXTERNAL -H ldapi:/// -f {{ldif_docker_path}}configuration/01_member_of_configuration.ldif
docker exec -i {{ applications | get_app_conf(application_id, 'hostname', True) }} ldapmodify -Y EXTERNAL -H ldapi:/// -f {{ldif_docker_path}}configuration/01_member_of_configuration.ldif
listen:
- "Import configuration LDIF files"
- "Import all LDIF files"
@ -10,7 +10,7 @@
- name: Refint Module Activation for OpenLDAP
shell: >
docker exec -i {{ applications[application_id].hostname }} ldapadd -Y EXTERNAL -H ldapi:/// -f {{ldif_docker_path}}configuration/02_member_of_configuration.ldif
docker exec -i {{ applications | get_app_conf(application_id, 'hostname', True) }} ldapadd -Y EXTERNAL -H ldapi:/// -f {{ldif_docker_path}}configuration/02_member_of_configuration.ldif
listen:
- "Import configuration LDIF files"
- "Import all LDIF files"
@ -22,7 +22,7 @@
- name: "Import schemas"
shell: >
docker exec -i {{ applications[application_id].hostname }} ldapadd -Y EXTERNAL -H ldapi:/// -f "{{ldif_docker_path}}schema/{{ item | basename | regex_replace('\.j2$', '') }}"
docker exec -i {{ applications | get_app_conf(application_id, 'hostname', True) }} ldapadd -Y EXTERNAL -H ldapi:/// -f "{{ldif_docker_path}}schema/{{ item | basename | regex_replace('\.j2$', '') }}"
register: ldapadd_result
changed_when: "'adding new entry' in ldapadd_result.stdout"
failed_when: ldapadd_result.rc not in [0, 80]
@ -33,7 +33,7 @@
- name: Refint Overlay Configuration for OpenLDAP
shell: >
docker exec -i {{ applications[application_id].hostname }} ldapmodify -Y EXTERNAL -H ldapi:/// -f {{ldif_docker_path}}configuration/03_member_of_configuration.ldif
docker exec -i {{ applications | get_app_conf(application_id, 'hostname', True) }} ldapmodify -Y EXTERNAL -H ldapi:/// -f {{ldif_docker_path}}configuration/03_member_of_configuration.ldif
listen:
- "Import configuration LDIF files"
- "Import all LDIF files"
@ -45,7 +45,7 @@
- name: "Import users, groups, etc. to LDAP"
shell: >
docker exec -i {{ applications[application_id].hostname }} ldapadd -x -D "{{ldap.dn.administrator.data}}" -w "{{ldap.bind_credential}}" -c -f "{{ldif_docker_path}}data/{{ item | basename | regex_replace('\.j2$', '') }}"
docker exec -i {{ applications | get_app_conf(application_id, 'hostname', True) }} ldapadd -x -D "{{ldap.dn.administrator.data}}" -w "{{ldap.bind_credential}}" -c -f "{{ldif_docker_path}}data/{{ item | basename | regex_replace('\.j2$', '') }}"
register: ldapadd_result
changed_when: "'adding new entry' in ldapadd_result.stdout"
failed_when: ldapadd_result.rc not in [0, 20, 68]

8
roles/svc-db-openldap/tasks/main.yml
View File

@ -9,17 +9,17 @@
src: "nginx.stream.conf.j2"
dest: "{{nginx.directories.streams}}{{domains | get_domain(application_id)}}.conf"
notify: restart nginx
when: applications[application_id].network.public | bool
when: applications | get_app_conf(application_id, 'network.public', True) | bool
- name: Remove {{domains | get_domain(application_id)}}.conf if LDAP is not exposed to internet
file:
path: "{{ nginx.directories.streams }}{{ domains | get_domain(application_id) }}.conf"
state: absent
when: not applications[application_id].network.public | bool
when: not applications | get_app_conf(application_id, 'network.public', True) | bool
- name: create docker network for LDAP, so that other applications can access it
docker_network:
name: "{{ applications[application_id].network.name }}"
name: "{{ applications | get_app_conf(application_id, 'network', True).name }}"
state: present
ipam_config:
- subnet: "{{ networks.local['svc-db-openldap'].subnet }}"
@ -36,7 +36,7 @@
- name: "Reset LDAP admin passwords"
include_tasks: reset_admin_passwords.yml
when: applications[application_id].network.local
when: applications | get_app_conf(application_id, 'network.local', True)
- name: "create directory {{ldif_host_path}}{{item}}"
file:

12
roles/svc-db-openldap/tasks/reset_admin_passwords.yml
View File

@ -3,7 +3,7 @@
- name: "Query available LDAP databases"
shell: |
docker exec {{ applications[application_id].hostname }} \
docker exec {{ applications | get_app_conf(application_id, 'hostname', True) }} \
ldapsearch -Y EXTERNAL -H ldapi:/// -LLL -b cn=config "(olcDatabase=*)" dn
register: ldap_databases
@ -27,13 +27,13 @@
- name: "Generate hash for Database Admin password"
shell: |
docker exec {{ applications[application_id].hostname }} \
docker exec {{ applications | get_app_conf(application_id, 'hostname', True) }} \
slappasswd -s "{{ ldap.bind_credential }}"
register: database_admin_pw_hash
- name: "Reset Database Admin password in LDAP (olcRootPW)"
shell: |
docker exec -i {{ applications[application_id].hostname }} ldapmodify -Y EXTERNAL -H ldapi:/// <<EOF
docker exec -i {{ applications | get_app_conf(application_id, 'hostname', True) }} ldapmodify -Y EXTERNAL -H ldapi:/// <<EOF
dn: {{ data_backend_dn }}
changetype: modify
replace: olcRootPW
@ -42,13 +42,13 @@
- name: "Generate hash for Configuration Admin password"
shell: |
docker exec {{ applications[application_id].hostname }} \
slappasswd -s "{{ applications[application_id].credentials.administrator_password }}"
docker exec {{ applications | get_app_conf(application_id, 'hostname', True) }} \
slappasswd -s "{{ applications | get_app_conf(application_id, 'credentials.administrator_password', True) }}"
register: config_admin_pw_hash
- name: "Reset Configuration Admin password in LDAP (olcRootPW)"
shell: |
docker exec -i {{ applications[application_id].hostname }} ldapmodify -Y EXTERNAL -H ldapi:/// <<EOF
docker exec -i {{ applications | get_app_conf(application_id, 'hostname', True) }} ldapmodify -Y EXTERNAL -H ldapi:/// <<EOF
dn: {{ config_backend_dn }}
changetype: modify
replace: olcRootPW

6
roles/svc-db-openldap/templates/docker-compose.yml.j2
View File

@ -1,10 +1,10 @@
{% include 'roles/docker-compose/templates/base.yml.j2' %}
application:
image: "{{ applications[application_id].images.openldap }}"
container_name: {{ applications[application_id].hostname }}
image: "{{ applications | get_app_conf(application_id, 'images.openldap', True) }}"
container_name: {{ applications | get_app_conf(application_id, 'hostname', True) }}
{% include 'roles/docker-container/templates/base.yml.j2' %}
{% if applications[application_id].network.public | bool or applications[application_id].network.local | bool %}
{% if applications | get_app_conf(application_id, 'network.public', True) | bool or applications | get_app_conf(application_id, 'network.local', True) | bool %}
ports:
- 127.0.0.1:{{ports.localhost.ldap['svc-db-openldap']}}:{{ldap_docker_port}}
{% endif %}

6
roles/svc-db-openldap/templates/env.j2
View File

@ -3,7 +3,7 @@
# GENERAL
## Admin (Data)
LDAP_ADMIN_USERNAME= {{applications[application_id].users.administrator.username}} # LDAP database admin user.
LDAP_ADMIN_USERNAME= {{applications | get_app_conf(application_id, 'users.administrator.username', True)}} # LDAP database admin user.
LDAP_ADMIN_PASSWORD= {{ldap.bind_credential}} # LDAP database admin password.
## Users
@ -14,8 +14,8 @@ LDAP_ROOT= {{ldap.dn.root}} # LDAP baseDN (or su
## Admin (Config)
LDAP_ADMIN_DN= {{ldap.dn.administrator.data}}
LDAP_CONFIG_ADMIN_ENABLED= yes
LDAP_CONFIG_ADMIN_USERNAME= {{applications[application_id].users.administrator.username}}
LDAP_CONFIG_ADMIN_PASSWORD= {{applications[application_id].credentials.administrator_password}}
LDAP_CONFIG_ADMIN_USERNAME= {{applications | get_app_conf(application_id, 'users.administrator.username', True)}}
LDAP_CONFIG_ADMIN_PASSWORD= {{applications | get_app_conf(application_id, 'credentials.administrator_password', True)}}
# Network
LDAP_PORT_NUMBER= {{ldap_docker_port}} # Route to default port

4
roles/svc-db-openldap/vars/main.yml
View File

@ -4,9 +4,9 @@ application_id: "svc-db-openldap"
ldaps_docker_port: 636
ldap_docker_port: 389
ldap_server_uri: "ldap://127.0.0.1:{{ ports.localhost.ldap['svc-db-openldap'] }}"
ldap_hostname: "{{ applications[application_id].hostname }}"
ldap_hostname: "{{ applications | get_app_conf(application_id, 'hostname', True) }}"
ldap_bind_dn: "{{ ldap.dn.administrator.configuration }}"
ldap_bind_pw: "{{ applications[application_id].credentials.administrator_password }}"
ldap_bind_pw: "{{ applications | get_app_conf(application_id, 'credentials.administrator_password', True) }}"
# LDIF Variables
ldif_host_path: "{{docker_compose.directories.volumes}}ldif/"

14
roles/svc-db-postgres/tasks/init_database.yml
View File

@ -13,7 +13,7 @@
name: "{{ database_name }}"
state: present
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
login_host: 127.0.0.1
login_port: "{{ database_port }}"
@ -25,7 +25,7 @@
db: "{{ database_name }}"
state: present
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
login_host: 127.0.0.1
login_port: "{{ database_port }}"
@ -34,7 +34,7 @@
postgresql_query:
db: postgres
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
login_host: 127.0.0.1
login_port: "{{ database_port }}"
query: |
@ -52,7 +52,7 @@
schema: public
state: present
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
login_host: 127.0.0.1
login_port: "{{ database_port }}"
@ -65,7 +65,7 @@
privs: ALL
state: present
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
login_host: 127.0.0.1
login_port: "{{ database_port }}"
@ -74,7 +74,7 @@
postgresql_query:
db: "{{ database_name }}"
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
login_host: 127.0.0.1
login_port: "{{ database_port }}"
query: |
@ -90,7 +90,7 @@
ext: "{{ item }}"
state: present
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
login_host: 127.0.0.1
login_port: "{{ database_port }}"
loop:

12
roles/svc-db-postgres/tasks/main.yml
View File

@ -1,6 +1,6 @@
- name: Create Docker network for PostgreSQL
docker_network:
name: "{{ applications[application_id].network }}"
name: "{{ applications | get_app_conf(application_id, 'network', True) }}"
state: present
ipam_config:
- subnet: "{{ networks.local['svc-db-postgres'].subnet }}"
@ -8,16 +8,16 @@
- name: Install PostgreSQL
docker_container:
name: "{{ applications[application_id].hostname }}"
name: "{{ applications | get_app_conf(application_id, 'hostname', True) }}"
image: "{{ applications | get_docker_image(application_id) }}"
detach: yes
env:
POSTGRES_PASSWORD: "{{ applications[application_id].credentials.postgres_password }}"
POSTGRES_PASSWORD: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
POSTGRES_INITDB_ARGS: "--encoding=UTF8 --locale=C" # Necessary for web-app-matrix
networks:
- name: "{{ applications[application_id].network }}"
- name: "{{ applications | get_app_conf(application_id, 'network', True) }}"
published_ports:
- "127.0.0.1:{{ applications[application_id].port }}:5432"
- "127.0.0.1:{{ applications | get_app_conf(application_id, 'port', True) }}:5432"
volumes:
- "{{ applications['svc-db-postgres'].volume }}:/var/lib/postgresql/data"
restart_policy: "{{ docker_restart_policy }}"
@ -31,7 +31,7 @@
when: run_once_docker_postgres is not defined
- name: Wait for Postgres inside the container
shell: "docker exec {{ applications[application_id].hostname }} pg_isready -U postgres"
shell: "docker exec {{ applications | get_app_conf(application_id, 'hostname', True) }} pg_isready -U postgres"
register: pg_ready
until: pg_ready.rc == 0
retries: 30

2
roles/web-app-akaunting/templates/docker-compose.yml.j2
View File

@ -3,7 +3,7 @@
{% include 'roles/docker-container/templates/base.yml.j2' %}
image: "{{ applications[application_id].images[application_id] }}"
image: "{{ applications | get_app_conf(application_id, 'images.' ~ application_id, True) }}"
build:
context: .
ports:

6
roles/web-app-akaunting/templates/env.j2
View File

@ -14,9 +14,9 @@ DB_PASSWORD={{database_password}}
DB_PREFIX=asd_
# These define the first company to exist on this instance. They are only used during setup.
COMPANY_NAME={{applications[application_id].company_name}}
COMPANY_EMAIL={{applications[application_id].company_email}}
COMPANY_NAME={{applications | get_app_conf(application_id, 'company_name', True)}}
COMPANY_EMAIL={{applications | get_app_conf(application_id, 'company_email', True)}}
# This will be the first administrative user created on setup.
ADMIN_EMAIL={{applications.akaunting.setup_admin_email}}
ADMIN_PASSWORD={{applications[application_id].credentials.setup_admin_password}}
ADMIN_PASSWORD={{applications | get_app_conf(application_id, 'credentials.setup_admin_password', True)}}

4
roles/web-app-attendize/templates/docker-compose.yml.j2
View File

@ -1,7 +1,7 @@
{% include 'roles/docker-compose/templates/base.yml.j2' %}
web:
image: "{{ applications[application_id].images.web }}"
image: "{{ applications | get_app_conf(application_id, 'images.web', True) }}"
ports:
- "{{ports.localhost.http[application_id]}}:80"
volumes:
@ -15,7 +15,7 @@
{% include 'roles/docker-container/templates/networks.yml.j2' %}
worker:
image: "{{ applications[application_id].images.worker }}"
image: "{{ applications | get_app_conf(application_id, 'images.worker', True) }}"
{% include 'roles/docker-container/templates/depends_on/dmbs_incl.yml.j2' %}
maildev:
{% include 'roles/docker-container/templates/networks.yml.j2' %}

2
roles/web-app-baserow/templates/docker-compose.yml.j2
View File

@ -2,7 +2,7 @@
application:
{% include 'roles/docker-container/templates/base.yml.j2' %}
image: "{{ applications[application_id].images.baserow }}"
image: "{{ applications | get_app_conf(application_id, 'images.baserow', True) }}"
container_name: baserow-application
volumes:
- data:/baserow/data

4
roles/web-app-bigbluebutton/tasks/main.yml
View File

@ -5,7 +5,7 @@
name: docker-compose
vars:
database_instance: "{{ application_id }}"
database_password: "{{ applications[application_id].credentials.postgresql_secret }}"
database_password: "{{ applications | get_app_conf(application_id, 'credentials.postgresql_secret', True) }}"
database_username: "postgres"
database_name: "" # Multiple databases
@ -13,7 +13,7 @@
include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-to-local/tasks/seed-database-to-backup.yml"
vars:
database_instance: "{{ application_id }}"
database_password: "{{ applications[application_id].credentials.postgresql_secret }}"
database_password: "{{ applications | get_app_conf(application_id, 'credentials.postgresql_secret', True) }}"
database_username: "postgres"
database_name: "" # Multiple databases

14
roles/web-app-bigbluebutton/templates/env.j2
View File

@ -1,7 +1,7 @@
ENABLE_COTURN=true
COTURN_TLS_CERT_PATH={{ certbot_cert_path }}/{{ ssl_cert_folder }}/fullchain.pem
COTURN_TLS_KEY_PATH={{ certbot_cert_path }}/{{ ssl_cert_folder }}/privkey.pem
ENABLE_GREENLIGHT={{applications[application_id].enable_greenlight}}
ENABLE_GREENLIGHT={{applications | get_app_conf(application_id, 'enable_greenlight', True)}}
# Enable Webhooks
# used by some integrations
@ -27,11 +27,11 @@ RECORDING_MAX_AGE_DAYS=365
# SECRETS
# ====================================
# important! change these to any random values
SHARED_SECRET={{applications[application_id].credentials.shared_secret}}
ETHERPAD_API_KEY={{applications[application_id].credentials.etherpad_api_key}}
RAILS_SECRET={{applications[application_id].credentials.rails_secret}}
POSTGRESQL_SECRET={{applications[application_id].credentials.postgresql_secret}}
FSESL_PASSWORD={{applications[application_id].credentials.fsesl_password}}
SHARED_SECRET={{applications | get_app_conf(application_id, 'credentials.shared_secret', True)}}
ETHERPAD_API_KEY={{applications | get_app_conf(application_id, 'credentials.etherpad_api_key', True)}}
RAILS_SECRET={{applications | get_app_conf(application_id, 'credentials.rails_secret', True)}}
POSTGRESQL_SECRET={{applications | get_app_conf(application_id, 'credentials.postgresql_secret', True)}}
FSESL_PASSWORD={{applications | get_app_conf(application_id, 'credentials.fsesl_password', True)}}
# ====================================
# CONNECTION
@ -51,7 +51,7 @@ STUN_PORT={{ ports.public.stun[application_id] }}
# TURN SERVER
# uncomment and adjust following two lines to add an external TURN server
TURN_SERVER=turns:{{domains | get_domain(application_id)}}:{{ ports.public.turn[application_id] }}?transport=tcp
TURN_SECRET={{applications[application_id].credentials.turn_secret}}
TURN_SECRET={{applications | get_app_conf(application_id, 'credentials.turn_secret', True)}}
# Allowed SIP IPs
# due to high traffic caused by bots, by default the SIP port is blocked.

2
roles/web-app-bluesky/templates/docker-compose.yml.j2
View File

@ -3,7 +3,7 @@
pds:
{% set container_port = 3000 %}
{% set container_healthcheck = 'xrpc/_health' %}
image: "{{ applications[application_id].images.pds }}"
image: "{{ applications | get_app_conf(application_id, 'images.pds', True) }}"
{% include 'roles/docker-container/templates/base.yml.j2' %}
volumes:
- pds_data:/opt/pds

6
roles/web-app-discourse/handlers/main.yml
View File

@ -1,14 +1,14 @@
---
- name: "stop and remove discourse container if it exist"
docker_container:
name: "{{applications[application_id].container}}"
name: "{{applications | get_app_conf(application_id, 'container', True)}}"
state: absent
register: container_action
failed_when: container_action.failed and 'No such container' not in container_action.msg
listen: recreate discourse
- name: "add central database temporary to {{application_id}}_default"
command: docker network connect {{applications[application_id].network}} {{ database_host }}
command: docker network connect {{applications | get_app_conf(application_id, 'network', True)}} {{ database_host }}
failed_when: >
result.rc != 0 and
'already exists in network' not in result.stderr
@ -17,7 +17,7 @@
listen: recreate discourse
- name: rebuild discourse
shell: ./launcher rebuild {{applications[application_id].container}}
shell: ./launcher rebuild {{applications | get_app_conf(application_id, 'container', True)}}
args:
executable: /bin/bash
chdir: "{{docker_repository_directory }}"

12
roles/web-app-discourse/tasks/main.yml
View File

@ -43,26 +43,26 @@
meta: flush_handlers
when: run_once_docker_discourse is not defined
- name: "Connect {{ applications[application_id].container }} to network {{ applications['svc-db-postgres'].network }}"
- name: "Connect {{ applications | get_app_conf(application_id, 'container', True) }} to network {{ applications['svc-db-postgres'].network }}"
command: >
docker network connect {{ applications['svc-db-postgres'].network }} {{ applications[application_id].container }}
docker network connect {{ applications['svc-db-postgres'].network }} {{ applications | get_app_conf(application_id, 'container', True) }}
register: network_connect
failed_when: >
network_connect.rc != 0 and
'Error response from daemon: endpoint with name {{ applications[application_id].container }} already exists in network {{ applications["svc-db-postgres"].network }}'
'Error response from daemon: endpoint with name {{ applications | get_app_conf(application_id, 'container', True) }} already exists in network {{ applications["svc-db-postgres"].network }}'
not in network_connect.stderr
changed_when: network_connect.rc == 0
when:
- applications | is_feature_enabled('central_database', application_id)
- run_once_docker_discourse is not defined
- name: "Remove {{ applications[application_id].network }} from {{ database_host }}"
- name: "Remove {{ applications | get_app_conf(application_id, 'network', True) }} from {{ database_host }}"
command: >
docker network disconnect {{ applications[application_id].network }} {{ database_host }}
docker network disconnect {{ applications | get_app_conf(application_id, 'network', True) }} {{ database_host }}
register: network_disconnect
failed_when: >
network_disconnect.rc != 0 and
'is not connected to network {{ applications[application_id].network }}' not in network_disconnect.stderr
'is not connected to network {{ applications | get_app_conf(application_id, 'network', True) }}' not in network_disconnect.stderr
changed_when: network_disconnect.rc == 0
when:
- applications | is_feature_enabled('central_database', application_id)

2
roles/web-app-discourse/tasks/reset.yml
View File

@ -3,7 +3,7 @@
- name: "cleanup central database from {{application_id}}_default network"
command:
cmd: "docker network disconnect {{applications[application_id].network}} {{ database_host }}"
cmd: "docker network disconnect {{applications | get_app_conf(application_id, 'network', True)}} {{ database_host }}"
ignore_errors: true
- name: "destroy container discourse_application"

2
roles/web-app-discourse/templates/discourse_application.yml.j2
View File

@ -178,4 +178,4 @@ run:
docker_args:
- --network={{application_id}}_default
- --name={{applications[application_id].container}}
- --name={{applications | get_app_conf(application_id, 'container', True)}}

6
roles/web-app-discourse/vars/main.yml
View File

@ -1,6 +1,6 @@
application_id: "discourse"
database_password: "{{ applications[application_id].credentials.database_password }}"
database_password: "{{ applications | get_app_conf(application_id, 'credentials.database_password', True) }}"
database_type: "postgres"
docker_repository_directory : "{{docker_compose.directories.services}}{{applications[application_id].repository}}/"
discourse_application_yml_destination: "{{docker_repository_directory }}containers/{{applications[application_id].container}}.yml"
docker_repository_directory : "{{docker_compose.directories.services}}{{applications | get_app_conf(application_id, 'repository', True)}}/"
discourse_application_yml_destination: "{{docker_repository_directory }}containers/{{applications | get_app_conf(application_id, 'container', True)}}.yml"
docker_compose_flush_handlers: false

6
roles/web-app-espocrm/templates/docker-compose.yml.j2
View File

@ -1,6 +1,6 @@
{% include 'roles/docker-compose/templates/base.yml.j2' %}
web:
image: "{{ applications[application_id].images.espocrm }}"
image: "{{ applications | get_app_conf(application_id, 'images.espocrm', True) }}"
{% include 'roles/docker-container/templates/base.yml.j2' %}
{% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}
ports:
@ -11,7 +11,7 @@
- data:/var/www/html
daemon:
image: "{{ applications[application_id].images.espocrm }}"
image: "{{ applications | get_app_conf(application_id, 'images.espocrm', True) }}"
restart: {{docker_restart_policy}}
logging:
driver: journald
@ -21,7 +21,7 @@
- data:/var/www/html
websocket:
image: "{{ applications[application_id].images.espocrm }}"
image: "{{ applications | get_app_conf(application_id, 'images.espocrm', True) }}"
restart: {{docker_restart_policy}}
logging:
driver: journald

6
roles/web-app-espocrm/templates/env.j2
View File

@ -19,8 +19,8 @@ CRON_DISABLED=true
# ------------------------------------------------
# Initial admin account
# ------------------------------------------------
ESPOCRM_ADMIN_USERNAME={{ applications[application_id].users.administrator.username }}
ESPOCRM_ADMIN_PASSWORD={{ applications[application_id].credentials.administrator_password }}
ESPOCRM_ADMIN_USERNAME={{ applications | get_app_conf(application_id, 'users.administrator.username', True) }}
ESPOCRM_ADMIN_PASSWORD={{ applications | get_app_conf(application_id, 'credentials.administrator_password', True) }}
# Public base URL of the EspoCRM instance
ESPOCRM_SITE_URL={{ domains | get_url(application_id, web_protocol) }}
@ -54,7 +54,7 @@ ESPOCRM_CONFIG_SMTP_SECURITY={{ "TLS" if system_email.start_tls else "SSL"}}
ESPOCRM_CONFIG_SMTP_AUTH=true
ESPOCRM_CONFIG_SMTP_USERNAME={{ users['contact'].email }}
ESPOCRM_CONFIG_SMTP_PASSWORD={{ users['contact'].mailu_token }}
ESPOCRM_CONFIG_OUTBOUND_EMAIL_FROM_NAME={{ applications[application_id].email.from_name}}
ESPOCRM_CONFIG_OUTBOUND_EMAIL_FROM_NAME={{ applications | get_app_conf(application_id, 'email.from_name', True)}}
ESPOCRM_CONFIG_OUTBOUND_EMAIL_FROM_ADDRESS={{ users['contact'].email }}
# ------------------------------------------------

6
roles/web-app-friendica/tasks/main.yml
View File

@ -22,15 +22,15 @@
+ [{
'name': item.key,
'enabled': (
applications[application_id].features.oidc
applications | get_app_conf(application_id, 'features.oidc', True)
if item.key == 'keycloakpassword'
else applications[application_id].features.ldap
else applications | get_app_conf(application_id, 'features.ldap', True)
if item.key == 'ldapauth'
else (item.value.enabled if item.value is mapping and 'enabled' in item.value else False)
)
}]
}}
loop: "{{ applications[application_id].addons | dict2items }}"
loop: "{{ applications | get_app_conf(application_id, 'addons', True) | dict2items }}"
loop_control:
label: "{{ item.key }}"

2
roles/web-app-friendica/templates/docker-compose.yml.j2
View File

@ -1,6 +1,6 @@
{% include 'roles/docker-compose/templates/base.yml.j2' %}
application:
image: "{{ applications[application_id].images.friendica }}"
image: "{{ applications | get_app_conf(application_id, 'images.friendica', True) }}"
{% include 'roles/docker-container/templates/base.yml.j2' %}
volumes:
- html:{{ friendica_application_base }}

2
roles/web-app-friendica/vars/main.yml
View File

@ -1,7 +1,7 @@
application_id: "friendica"
database_type: "mariadb"
friendica_no_validation: "{{ applications[application_id].features.oidc }}" # Email validation is not neccessary if OIDC is active
friendica_no_validation: "{{ applications | get_app_conf(application_id, 'features.oidc', True) }}" # Email validation is not neccessary if OIDC is active
friendica_application_base: "/var/www/html"
friendica_docker_ldap_config: "{{friendica_application_base}}/config/ldapauth.config.php"
friendica_host_ldap_config: "{{ docker_compose.directories.volumes }}ldapauth.config.php"

2
roles/web-app-funkwhale/templates/docker-compose.yml.j2
View File

@ -53,7 +53,7 @@
typesense:
{% include 'roles/docker-container/templates/base.yml.j2' %}
image: "{{ applications[application_id].docker.images.typesense }}"
image: "{{ applications | get_app_conf(application_id, 'docker.images.typesense', True) }}"
volumes:
- ./typesense/data:/data
command: --data-dir /data --enable-cors

2
roles/web-app-funkwhale/templates/env.j2
View File

@ -97,7 +97,7 @@ STATIC_ROOT={{funkwhale_static_root}}
DJANGO_SETTINGS_MODULE=config.settings.production
# Generate one using `openssl rand -base64 45`, for example
DJANGO_SECRET_KEY={{applications[application_id].credentials.django_secret}}
DJANGO_SECRET_KEY={{applications | get_app_conf(application_id, 'credentials.django_secret', True)}}
{% if applications | is_feature_enabled('ldap',application_id) %}
# LDAP settings

2
roles/web-app-fusiondirectory/templates/env.j2
View File

@ -2,7 +2,7 @@
# https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env
# Basic Configuration
LAM_PASSWORD= {{applications[application_id].credentials.administrator_password}} # LAM configuration master password and password for server profile "lam
LAM_PASSWORD= {{applications | get_app_conf(application_id, 'credentials.administrator_password', True)}} # LAM configuration master password and password for server profile "lam
# Database
LAM_CONFIGURATION_DATABASE= files # configuration database (files or mysql) @todo implement mariadb

2
roles/web-app-gitea/templates/docker-compose.yml.j2
View File

@ -2,7 +2,7 @@
application:
{% include 'roles/docker-container/templates/base.yml.j2' %}
image: "{{ applications[application_id].images.gitea }}"
image: "{{ applications | get_app_conf(application_id, 'images.gitea', True) }}"
ports:
- "127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}"
- "{{ports.public.ssh[application_id]}}:22"

8
roles/web-app-gitea/templates/env.j2
View File

@ -5,7 +5,7 @@
DOMAIN={{domains | get_domain(application_id)}}
RUN_MODE="{{ 'dev' if (CYMAIS_ENVIRONMENT | lower) == 'development' else 'prod' }}"
ROOT_URL="{{ domains | get_url(application_id, web_protocol) }}/"
APP_NAME="{{ applications[application_id].title }}"
APP_NAME="{{ applications | get_app_conf(application_id, 'title', True) }}"
USER_UID=1000
USER_GID=1000
@ -38,9 +38,9 @@ GITEA__mailer__PASSWD={{ users['no-reply'].mailu_token }}
# Allow push creation
# @see https://github.com/go-gitea/gitea/issues/17619
GITEA__REPOSITORY__ENABLE_PUSH_CREATE_USER={{ applications[application_id].configuration.repository.enable_push_create_user | lower }}
GITEA__REPOSITORY__DEFAULT_PRIVATE={{ applications[application_id].configuration.repository.default_private | lower }}
GITEA__REPOSITORY__DEFAULT_PUSH_CREATE_PRIVATE={{ applications[application_id].configuration.repository.default_push_create_private | lower }}
GITEA__REPOSITORY__ENABLE_PUSH_CREATE_USER={{ applications | get_app_conf(application_id, 'configuration.repository.enable_push_create_user', True) | lower }}
GITEA__REPOSITORY__DEFAULT_PRIVATE={{ applications | get_app_conf(application_id, 'configuration.repository.default_private', True) | lower }}
GITEA__REPOSITORY__DEFAULT_PUSH_CREATE_PRIVATE={{ applications | get_app_conf(application_id, 'configuration.repository.default_push_create_private', True) | lower }}
GITEA__security__INSTALL_LOCK=true # Locks the installation page

2
roles/web-app-gitlab/templates/docker-compose.yml.j2
View File

@ -1,7 +1,7 @@
{% include 'roles/docker-compose/templates/base.yml.j2' %}
web:
image: "{{ applications[application_id].images.gitlab }}"
image: "{{ applications | get_app_conf(application_id, 'images.gitlab', True) }}"
hostname: '{{domains | get_domain(application_id)}}'
{% include 'roles/docker-container/templates/base.yml.j2' %}
ports:

2
roles/web-app-joomla/templates/docker-compose.yml.j2
View File

@ -1,6 +1,6 @@
{% include 'roles/docker-compose/templates/base.yml.j2' %}
application:
image: "{{ applications[application_id].images.joomla }}"
image: "{{ applications | get_app_conf(application_id, 'images.joomla', True) }}"
{% include 'roles/docker-container/templates/base.yml.j2' %}
volumes:
- data:/var/www/html

4
roles/web-app-keycloak/templates/docker-compose.yml.j2
View File

@ -1,9 +1,9 @@
{% include 'roles/docker-compose/templates/base.yml.j2' %}
application:
image: "{{ applications[application_id].images.keycloak }}"
image: "{{ applications | get_app_conf(application_id, 'images.keycloak', True) }}"
container_name: {{container_name}}
command: start {% if applications[application_id].import_realm | bool %}--import-realm{% endif %}
command: start {% if applications | get_app_conf(application_id, 'import_realm', True) | bool %}--import-realm{% endif %}
{% include 'roles/docker-container/templates/base.yml.j2' %}
ports:
- "{{ keycloak_server_host }}:8080"

8
roles/web-app-keycloak/templates/env.j2
View File

@ -11,8 +11,8 @@ KC_HEALTH_ENABLED= true
KC_METRICS_ENABLED= true
# Administrator
KEYCLOAK_ADMIN= "{{applications[application_id].users.administrator.username}}"
KEYCLOAK_ADMIN_PASSWORD= "{{applications[application_id].credentials.administrator_password}}"
KEYCLOAK_ADMIN= "{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}"
KEYCLOAK_ADMIN_PASSWORD= "{{applications | get_app_conf(application_id, 'credentials.administrator_password', True)}}"
# Database
KC_DB= postgres
@ -21,5 +21,5 @@ KC_DB_USERNAME= {{database_username}}
KC_DB_PASSWORD= {{database_password}}
# If the initial administrator already exists and the environment variables are still present at startup, an error message stating the failed creation of the initial administrator is shown in the logs. Keycloak ignores the values and starts up correctly.
KC_BOOTSTRAP_ADMIN_USERNAME= "{{applications[application_id].users.administrator.username}}"
KC_BOOTSTRAP_ADMIN_PASSWORD= "{{applications[application_id].credentials.administrator_password}}"
KC_BOOTSTRAP_ADMIN_USERNAME= "{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}"
KC_BOOTSTRAP_ADMIN_PASSWORD= "{{applications | get_app_conf(application_id, 'credentials.administrator_password', True)}}"

18
roles/web-app-keycloak/templates/import/realm.json.j2
View File

@ -890,8 +890,8 @@
"organization",
"offline_access",
"microprofile-jwt",
"{{ applications[application_id].scopes.rbac_roles }}",
"{{ applications[application_id].scopes.nextcloud }}"
"{{ applications | get_app_conf(application_id, 'scopes.rbac_roles', True) }}",
"{{ applications | get_app_conf(application_id, 'scopes.nextcloud', True) }}"
]
}
@ -1197,7 +1197,7 @@
},
{
"id": "15dd4961-5b4f-4635-a3f1-a21e1fa7bf3a",
"name": "{{ applications[application_id].scopes.nextcloud }}",
"name": "{{ applications | get_app_conf(application_id, 'scopes.nextcloud', True) }}",
"description": "Optimized mappers for nextcloud oidc_login with ldap.",
"protocol": "openid-connect",
"attributes": {
@ -1249,7 +1249,7 @@
},
{
"id": "59917c48-a7ef-464a-a8b0-ea24316db18e",
"name": "{{ applications[application_id].scopes.rbac_roles }}",
"name": "{{ applications | get_app_conf(application_id, 'scopes.rbac_roles', True) }}",
"description": "RBAC Groups",
"protocol": "openid-connect",
"attributes": {
@ -1675,8 +1675,8 @@
"phone",
"microprofile-jwt",
"organization",
"{{ applications[application_id].scopes.rbac_roles }}",
"{{ applications[application_id].scopes.nextcloud }}"
"{{ applications | get_app_conf(application_id, 'scopes.rbac_roles', True) }}",
"{{ applications | get_app_conf(application_id, 'scopes.nextcloud', True) }}"
],
"browserSecurityHeaders": {
"contentSecurityPolicyReportOnly": "",
@ -1994,7 +1994,7 @@
"false"
],
"groups.path": [
"{{ applications[application_id].rbac_groups }}"
"{{ applications | get_app_conf(application_id, 'rbac_groups', True) }}"
]
}
},
@ -2920,8 +2920,8 @@
"action": "register",
"useRecaptchaNet": "false",
"recaptcha.v3": "true",
"secret.key": "{{ applications[application_id].credentials.recaptcha.secret_key }}",
"site.key": "{{ applications[application_id].credentials.recaptcha.website_key }}"
"secret.key": "{{ applications | get_app_conf(application_id, 'credentials.recaptcha.secret_key', True) }}",
"site.key": "{{ applications | get_app_conf(application_id, 'credentials.recaptcha.website_key', True) }}"
}
},
{%- endif %}

2
roles/web-app-keycloak/vars/main.yml
View File

@ -4,7 +4,7 @@ container_name: "{{application_id}}_application"
import_directory_host: "{{docker_compose.directories.volumes}}import/" # Directory in which keycloack import files are placed on the host
import_directory_docker: "/opt/keycloak/data/import/" # Directory in which keycloack import files are placed in the running docker container
keycloak_realm: "{{ primary_domain}}" # This is the name of the default realm which is used by the applications
keycloak_administrator: "{{ applications[application_id].users.administrator }}" # Master Administrator
keycloak_administrator: "{{ applications | get_app_conf(application_id, 'users.administrator', True) }}" # Master Administrator
keycloak_administrator_username: "{{ keycloak_administrator.username}}" # Master Administrator Username
keycloak_administrator_password: "{{ keycloak_administrator.password}}" # Master Administrator Password
keycloak_kcadm_path: "docker exec -i {{ container_name }} /opt/keycloak/bin/kcadm.sh"

2
roles/web-app-lam/templates/docker-compose.yml.j2
View File

@ -2,7 +2,7 @@
application:
container_name: {{ application_id }}
image: "{{ applications[application_id].images.lam }}"
image: "{{ applications | get_app_conf(application_id, 'images.lam', True) }}"
ports:
- 127.0.0.1:{{ports.localhost.http[application_id]}}:80
{% include 'roles/docker-container/templates/base.yml.j2' %}

2
roles/web-app-lam/templates/env.j2
View File

@ -2,7 +2,7 @@
# https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env
# Basic Configuration
LAM_PASSWORD= {{applications[application_id].credentials.administrator_password}} # LAM configuration master password and password for server profile "lam
LAM_PASSWORD= {{applications | get_app_conf(application_id, 'credentials.administrator_password', True)}} # LAM configuration master password and password for server profile "lam
# Database
LAM_CONFIGURATION_DATABASE= files # configuration database (files or mysql) @todo implement mariadb

2
roles/web-app-libretranslate/templates/docker-compose.yml.j2
View File

@ -3,7 +3,7 @@ services:
{% include 'roles/docker-compose/templates/base.yml.j2' %}
application:
image: "{{ applications[application_id].images[application_id] }}"
image: "{{ applications | get_app_conf(application_id, 'images.' ~ application_id, True) }}"
volumes: []
ports:
- "127.0.0.1:{{ ports.localhost.http[application_id] }}:{{ container_port }}"

6
roles/web-app-listmonk/tasks/main.yml
View File

@ -1,8 +1,8 @@
---
- name: Set proxy_extra_configuration based on applications[application_id].public_api_activated
- name: Set proxy_extra_configuration based on applications | get_app_conf(application_id, 'public_api_activated', True)
set_fact:
proxy_extra_configuration: >-
{% if not applications[application_id].public_api_activated %}
{% if not applications | get_app_conf(application_id, 'public_api_activated', True) %}
{{ lookup('file', '{{ role_path }}/files/deactivate-public-api.conf') }}
{% else %}
""
@ -50,7 +50,7 @@
-d {{ database_name }} << 'EOSQL'
UPDATE users
SET email = '{{ users.administrator.email }}',
password_login = {{ 'false' if applications[application_id].features.oidc else 'true' }}
password_login = {{ 'false' if applications | get_app_conf(application_id, 'features.oidc', True) else 'true' }}
WHERE username = 'administrator';
EOSQL
args:

2
roles/web-app-listmonk/templates/docker-compose.yml.j2
View File

@ -2,7 +2,7 @@
application:
{% set container_healthcheck = 'health' %}
{% include 'roles/docker-container/templates/base.yml.j2' %}
image: "{{ applications[application_id].images.listmonk }}"
image: "{{ applications | get_app_conf(application_id, 'images.listmonk', True) }}"
ports:
- "127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}"
volumes:

4
roles/web-app-listmonk/templates/env.j2
View File

@ -2,5 +2,5 @@ TZ={{ HOST_TIMEZONE }}
# Administrator setup
LISTMONK_ADMIN_USER={{ applications[application_id].users.administrator.username }}
LISTMONK_ADMIN_PASSWORD={{ applications[application_id].credentials.administrator_password }}
LISTMONK_ADMIN_USER={{ applications | get_app_conf(application_id, 'users.administrator.username', True) }}
LISTMONK_ADMIN_PASSWORD={{ applications | get_app_conf(application_id, 'credentials.administrator_password', True) }}

4
roles/web-app-listmonk/vars/main.yml
View File

@ -25,10 +25,10 @@ listmonk_settings:
value: 'true'
- key: "security.captcha_key"
value: '"{{ applications[application_id].credentials.hcaptcha_site_key }}"'
value: '"{{ applications | get_app_conf(application_id, "credentials.hcaptcha_site_key", True) }}"'
- key: "security.captcha_secret"
value: '"{{ applications[application_id].credentials.hcaptcha_secret }}"'
value: '"{{ applications | get_app_conf(application_id, "credentials.hcaptcha_secret", True) }}"'
# SMTP servers
- key: "smtp"

2
roles/web-app-mailu/tasks/generate-and-read-dkim.yml
View File

@ -11,7 +11,7 @@
- name: Generate DKIM key
command: >
docker compose exec -T antispam
rspamadm dkim_keygen -s dkim -d {{ applications[application_id].domain }} -k {{ mailu_dkim_key_path }}
rspamadm dkim_keygen -s dkim -d {{ applications | get_app_conf(application_id, 'domain', True) }} -k {{ mailu_dkim_key_path }}
register: dkim_keygen_output
when: dkim_key_file_stat.rc != 0
args:

4
roles/web-app-mailu/templates/env.j2
View File

@ -189,7 +189,7 @@ OIDC_CHANGE_PASSWORD_REDIRECT_ENABLED=True
# Redirect URL for password change. Defaults to provider issuer url appended by /.well-known/change-password
OIDC_CHANGE_PASSWORD_REDIRECT_URL={{oidc.client.change_credentials}}
{% if applications[application_id].oidc.email_by_username | bool %}
{% if applications | get_app_conf(application_id, 'oidc.email_by_username', True) | bool %}
# The OIDC claim used as the username. If the selected claim contains an email address, it will be used as is. If it is not an email (e.g., sub), the email address will be constructed as <OIDC_USERNAME_CLAIM>@<OIDC_USER_DOMAIN>. Defaults to email.
OIDC_USERNAME_CLAIM={{oidc.attributes.username}}
@ -199,5 +199,5 @@ OIDC_USER_DOMAIN={{primary_domain}}
{% endif %}
# If enabled, users who authenticate successfully but do not yet have an account will have one created for them. If disabled, only existing users can log in, and authentication will fail for users without a pre-existing account. Defaults to True.
OIDC_ENABLE_USER_CREATION={{ applications[application_id].oidc.enable_user_creation | string | capitalize }}
OIDC_ENABLE_USER_CREATION={{ applications | get_app_conf(application_id, 'oidc.enable_user_creation', True) | string | capitalize }}
{% endif %}

6
roles/web-app-mailu/vars/mailu-dns.yml
View File

@ -1,13 +1,13 @@
# vars/mailu-dns.yml
mailu_dns_zone: "{{ applications[application_id].domain }}"
mailu_dns_zone: "{{ applications | get_app_conf(application_id, 'domain', True) }}"
mailu_dns_ip: "{{ networks.internet.ip4 }}"
cloudflare_record_api_token: "{{ certbot_dns_api_token }}"
mailu_dmarc_ruf: "{{ applications[application_id].users.administrator.email }}"
mailu_dmarc_ruf: "{{ applications | get_app_conf(application_id, 'users.administrator.email', True) }}"
mailu_dkim_key_file: "{{ applications[application_id].domain }}.dkim.key"
mailu_dkim_key_file: "{{ applications | get_app_conf(application_id, 'domain', True) }}.dkim.key"
mailu_dkim_key_path: "/dkim/{{ mailu_dkim_key_file }}"
mailu_dns_srv_records:

6
roles/web-app-mastodon/templates/docker-compose.yml.j2
View File

@ -3,7 +3,7 @@
web:
{% set container_port = 3000 %}
{% set container_healthcheck = 'health' %}
image: "{{ applications[application_id].images[application_id] }}"
image: "{{ applications | get_app_conf(application_id, 'images.' ~ application_id, True) }}"
{% include 'roles/docker-container/templates/base.yml.j2' %}
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p {{ container_port }}"
{% include 'roles/docker-container/templates/healthcheck/wget.yml.j2' %}
@ -17,7 +17,7 @@
streaming:
{% set container_port = 4000 %}
{% set container_healthcheck = 'api/v1/streaming/health' %}
image: "{{ applications[application_id].images.streaming }}"
image: "{{ applications | get_app_conf(application_id, 'images.streaming', True) }}"
{% include 'roles/docker-container/templates/base.yml.j2' %}
command: node ./streaming
{% include 'roles/docker-container/templates/healthcheck/wget.yml.j2' %}
@ -27,7 +27,7 @@
{% include 'roles/docker-container/templates/networks.yml.j2' %}
sidekiq:
image: "{{ applications[application_id].images.mastodon }}"
image: "{{ applications | get_app_conf(application_id, 'images.mastodon', True) }}"
{% include 'roles/docker-container/templates/base.yml.j2' %}
command: bundle exec sidekiq
{% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}

6
roles/web-app-matomo/config/main.yml
View File

@ -1,5 +1,3 @@
images:
matomo: "matomo:latest"
features:
# If you want to use Matomo on the Matomo page, you
# have to set it here manual to true.
@ -7,7 +5,7 @@ features:
# itself wouldn't be possible
matomo: false
css: false
port-ui-desktop: true
port-ui-desktop: true
central_database: true
oauth2: false
csp:
@ -34,6 +32,8 @@ excluded_ips: "{{ networks.internet.values() | list }}"
docker:
services:
matomo:
image: "matomo:latest"
database:
enabled: true
redis:

2
roles/web-app-matomo/templates/docker-compose.yml.j2
View File

@ -2,7 +2,7 @@
application:
{% set container_port = 80 %}
{% include 'roles/docker-container/templates/base.yml.j2' %}
image: "{{ applications[application_id].images['matomo'] }}"
image: "{{ applications | get_app_conf(application_id, 'docker.services.matomo.image']', True) }}"
ports:
- "127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}"
volumes:

4
roles/web-app-matomo/vars/main.yml
View File

@ -1,9 +1,9 @@
---
application_id: "web-app-matomo"
database_type: "mariadb"
matomo_excluded_ips: "{{ applications[application_id].excluded_ips }}"
matomo_excluded_ips: "{{ applications | get_app_conf(application_id, 'excluded_ips', True) }}"
matomo_index_php_url: "{{ domains | get_url(application_id, web_protocol) }}/index.php"
matomo_auth_token: "{{ applications[application_id].credentials.auth_token }}"
matomo_auth_token: "{{ applications | get_app_conf(application_id, 'credentials.auth_token', True) }}"
# I don't know if this is still necessary

2
roles/web-app-matrix-deprecated/templates/vars.yml.j2
View File

@ -18,7 +18,7 @@ matrix_homeserver_implementation: synapse
# A secret used as a base, for generating various other secrets.
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
matrix_homeserver_generic_secret_key: "{{applications[application_id].credentials.generic_secret_key}}"
matrix_homeserver_generic_secret_key: "{{applications | get_app_conf(application_id, 'credentials.generic_secret_key', True)}}"
# By default, the playbook manages its own Traefik (https://doc.traefik.io/traefik/) reverse-proxy server.
# It will retrieve SSL certificates for you on-demand and forward requests to all other components.

2
roles/web-app-matrix/Administration.md
View File

@ -3,7 +3,7 @@
## Cleanup
```
# Cleanup Database
for db in matrix applications[application_id].credentials.mautrix_whatsapp_bridge applications[application_id].credentials.mautrix_telegram_bridge applications[application_id].credentials.mautrix_signal_bridge applications[application_id].credentials.mautrix_slack_bridge; do python reset-database-in-central-postgres.py $db; done
for db in matrix applications | get_app_conf(application_id, 'credentials.mautrix_whatsapp_bridge', True) applications | get_app_conf(application_id, 'credentials.mautrix_telegram_bridge', True) applications | get_app_conf(application_id, 'credentials.mautrix_signal_bridge', True) applications | get_app_conf(application_id, 'credentials.mautrix_slack_bridge', True); do python reset-database-in-central-postgres.py $db; done
# Cleanup Docker and Volumes
docker compose down -v
```

2
roles/web-app-matrix/Installation.md
View File

@ -15,7 +15,7 @@ For login with Token checkout [this guide](https://docs.mau.fi/bridges/go/slack/
### ChatGPT
- Create API Token: https://platform.openai.com/api-keys
- Set ``applications[application_id].credentials.chatgpt_bridge_access_token``
- Set ``applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_access_token', True)``
## Debug:
- https://federationtester.matrix.org/

10
roles/web-app-matrix/tasks/main.yml
View File

@ -5,7 +5,7 @@
- name: Filter enabled bridges and register as fact
set_fact:
bridges: "{{ bridges_configuration | filter_enabled_bridges(applications[application_id].plugins) }}"
bridges: "{{ bridges_configuration | filter_enabled_bridges(applications | get_app_conf(application_id, 'plugins', True)) }}"
changed_when: false
- name: "load docker and db for {{application_id}}"
@ -143,14 +143,14 @@
- name: create admin account
command:
cmd: docker compose exec -it synapse register_new_matrix_user -u {{applications[application_id].users.administrator.username}} -p {{applications[application_id].credentials.administrator_password}} -a -c /data/homeserver.yaml http://localhost:8008
cmd: docker compose exec -it synapse register_new_matrix_user -u {{applications | get_app_conf(application_id, 'users.administrator.username', True)}} -p {{applications | get_app_conf(application_id, 'credentials.administrator_password', True)}} -a -c /data/homeserver.yaml http://localhost:8008
chdir: "{{ docker_compose.directories.instance }}"
ignore_errors: true
when: applications[application_id].setup | bool
when: applications | get_app_conf(application_id, 'setup', True) | bool
- name: create chatgpt bot
command:
cmd: docker compose exec -it synapse register_new_matrix_user -u chatgptbot -p {{applications[application_id].credentials.chatgpt_bridge_user_password}} -a -c /data/homeserver.yaml http://localhost:8008
cmd: docker compose exec -it synapse register_new_matrix_user -u chatgptbot -p {{applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_user_password', True)}} -a -c /data/homeserver.yaml http://localhost:8008
chdir: "{{ docker_compose.directories.instance }}"
ignore_errors: true
when: applications[application_id].setup | bool
when: applications | get_app_conf(application_id, 'setup', True) | bool

18
roles/web-app-matrix/templates/docker-compose.yml.j2
View File

@ -1,7 +1,7 @@
{% include 'roles/docker-compose/templates/base.yml.j2' %}
synapse:
{% set container_port = 8008 %}
image: "{{ applications[application_id].images.synapse }}"
image: "{{ applications | get_app_conf(application_id, 'images.synapse', True) }}"
container_name: matrix-synapse
restart: {{docker_restart_policy}}
logging:
@ -30,7 +30,7 @@
{% include 'roles/docker-container/templates/networks.yml.j2' %}
element:
{% set container_port = 80 %}
image: "{{ applications[application_id].images.element }}"
image: "{{ applications | get_app_conf(application_id, 'images.element', True) }}"
container_name: matrix-element
restart: {{docker_restart_policy}}
volumes:
@ -54,7 +54,7 @@
retries: 3
{% include 'roles/docker-container/templates/networks.yml.j2' %}
{% endfor %}
{% if applications[application_id].plugins.chatgpt | bool %}
{% if applications | get_app_conf(application_id, 'plugins', True).chatgpt | bool %}
matrix-chatgpt-bot:
restart: {{docker_restart_policy}}
container_name: matrix-chatgpt
@ -62,7 +62,7 @@
volumes:
- chatgpt_data:/storage
environment:
OPENAI_API_KEY: '{{applications[application_id].credentials.chatgpt_bridge_openai_api_key}}'
OPENAI_API_KEY: '{{applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_openai_api_key', True)}}'
# Uncomment the next two lines if you are using Azure OpenAI API
# OPENAI_AZURE: 'false'
# CHATGPT_REVERSE_PROXY: 'your-completion-endpoint-here'
@ -82,13 +82,13 @@
KEYV_BOT_ENCRYPTION: 'false'
KEYV_BOT_STORAGE: 'true'
MATRIX_HOMESERVER_URL: 'https://{{domains.matrix.synapse}}'
MATRIX_BOT_USERNAME: '@chatgptbot:{{applications[application_id].server_name}}'
MATRIX_ACCESS_TOKEN: '{{ applications[application_id].credentials.chatgpt_bridge_access_token | default('') }}'
MATRIX_BOT_PASSWORD: '{{applications[application_id].credentials.chatgpt_bridge_user_password}}'
MATRIX_BOT_USERNAME: '@chatgptbot:{{applications | get_app_conf(application_id, 'server_name', True)}}'
MATRIX_ACCESS_TOKEN: '{{ applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_access_token', True) | default('') }}'
MATRIX_BOT_PASSWORD: '{{applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_user_password', True)}}'
MATRIX_DEFAULT_PREFIX: '!chatgpt'
MATRIX_DEFAULT_PREFIX_REPLY: 'false'
#MATRIX_BLACKLIST: ''
MATRIX_WHITELIST: ':{{applications[application_id].server_name}}'
MATRIX_WHITELIST: ':{{applications | get_app_conf(application_id, 'server_name', True)}}'
MATRIX_AUTOJOIN: 'true'
MATRIX_ENCRYPTION: 'true'
MATRIX_THREADS: 'true'
@ -98,7 +98,7 @@
{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
synapse_data:
{% if applications[application_id].plugins.chatgpt | bool %}
{% if applications | get_app_conf(application_id, 'plugins', True).chatgpt | bool %}
chatgpt_data:
{% endif %}

12
roles/web-app-matrix/templates/mautrix/facebook.config.yml.j2
View File

@ -3,7 +3,7 @@ homeserver:
# The address that this appservice can use to connect to the homeserver.
address: http://synapse:8008
# The domain of the homeserver (for MXIDs, etc).
domain: {{applications[application_id].server_name}}
domain: {{applications | get_app_conf(application_id, 'server_name', True)}}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
@ -39,7 +39,7 @@ appservice:
# Format examples:
# SQLite: sqlite:filename.db
# Postgres: postgres://username:password@hostname/dbname
database: postgres://mautrix_facebook_bridge:{{applications[application_id].credentials.mautrix_facebook_bridge_database_password}}@{{database_host}}/mautrix_facebook_bridge
database: postgres://mautrix_facebook_bridge:{{applications | get_app_conf(application_id, 'credentials.mautrix_facebook_bridge_database_password', True)}}@{{database_host}}/mautrix_facebook_bridge
# Additional arguments for asyncpg.create_pool() or sqlite3.connect()
# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
@ -143,7 +143,7 @@ bridge:
sync_direct_chat_list: false
# Servers to always allow double puppeting from
double_puppet_server_map:
{{applications[application_id].server_name}}: {{domains.matrix.synapse}}
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{domains.matrix.synapse}}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
@ -154,7 +154,7 @@ bridge:
# If using this for other servers than the bridge's server,
# you must also set the URL in the double_puppet_server_map.
login_shared_secret_map:
{{applications[application_id].server_name}}: {{applications[application_id].credentials.registration_shared_secret}}
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{applications | get_app_conf(application_id, 'credentials.registration_shared_secret', True)}}
# Should presence from Facebook be bridged? This doesn't use the same API as the Android app,
# so it might be more suspicious to Facebook.
presence_from_facebook: false
@ -380,8 +380,8 @@ bridge:
# mxid - Specific user
permissions:
"*": relay
"{{applications[application_id].server_name}}": user
"@{{applications[application_id].users.administrator.username}}:{{applications[application_id].server_name}}": admin
"{{applications | get_app_conf(application_id, 'server_name', True)}}": user
"@{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}:{{applications | get_app_conf(application_id, 'server_name', True)}}": admin
relay:
# Whether relay mode should be allowed. If allowed, `!fb set-relay` can be used to turn any

2
roles/web-app-matrix/templates/mautrix/imessage.config.yml.j2
View File

@ -10,7 +10,7 @@ homeserver:
# How often should the websocket be pinged? Pinging will be disabled if this is zero.
ping_interval_seconds: 0
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain: {{applications[application_id].server_name}}
domain: {{applications | get_app_conf(application_id, 'server_name', True)}}
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.

12
roles/web-app-matrix/templates/mautrix/instagram.config.yml.j2
View File

@ -3,7 +3,7 @@ homeserver:
# The address that this appservice can use to connect to the homeserver.
address: http://synapse:8008
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain: {{applications[application_id].server_name}}
domain: {{applications | get_app_conf(application_id, 'server_name', True)}}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
@ -42,7 +42,7 @@ appservice:
# Format examples:
# SQLite: sqlite:filename.db
# Postgres: postgres://username:password@hostname/dbname
database: postgres://mautrix_instagram_bridge:{{applications[application_id].credentials.mautrix_instagram_bridge_database_password}}@{{database_host}}/mautrix_instagram_bridge
database: postgres://mautrix_instagram_bridge:{{applications | get_app_conf(application_id, 'credentials.mautrix_instagram_bridge_database_password', True)}}@{{database_host}}/mautrix_instagram_bridge
# Additional arguments for asyncpg.create_pool() or sqlite3.connect()
# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
@ -134,7 +134,7 @@ bridge:
double_puppet_allow_discovery: false
# Servers to allow double puppeting from, even if double_puppet_allow_discovery is false.
double_puppet_server_map:
{{applications[application_id].server_name}}: https://{{domains.matrix.synapse}}
{{applications | get_app_conf(application_id, 'server_name', True)}}: https://{{domains.matrix.synapse}}
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
@ -143,7 +143,7 @@ bridge:
# If using this for other servers than the bridge's server,
# you must also set the URL in the double_puppet_server_map.
login_shared_secret_map:
{{applications[application_id].server_name}}: {{applications[application_id].credentials.registration_shared_secret}}
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{applications | get_app_conf(application_id, 'credentials.registration_shared_secret', True)}}
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: true
@ -359,8 +359,8 @@ bridge:
# mxid - Specific user
permissions:
"*": relay
"{{applications[application_id].server_name}}": user
"@{{applications[application_id].users.administrator.username}}:{{applications[application_id].server_name}}": admin
"{{applications | get_app_conf(application_id, 'server_name', True)}}": user
"@{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}:{{applications | get_app_conf(application_id, 'server_name', True)}}": admin
relay:
# Whether relay mode should be allowed. If allowed, `!ig set-relay` can be used to turn any

12
roles/web-app-matrix/templates/mautrix/signal.config.yml.j2
View File

@ -3,7 +3,7 @@ homeserver:
# The address that this appservice can use to connect to the homeserver.
address: http://synapse:8008
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain: {{applications[application_id].server_name}}
domain: {{applications | get_app_conf(application_id, 'server_name', True)}}
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
@ -43,7 +43,7 @@ appservice:
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: postgres://mautrix_signal_bridge:{{applications[application_id].credentials.mautrix_signal_bridge_database_password}}@{{database_host}}/mautrix_signal_bridge?sslmode=disable
uri: postgres://mautrix_signal_bridge:{{applications | get_app_conf(application_id, 'credentials.mautrix_signal_bridge_database_password', True)}}@{{database_host}}/mautrix_signal_bridge?sslmode=disable
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
@ -141,7 +141,7 @@ bridge:
federate_rooms: true
# Servers to always allow double puppeting from
double_puppet_server_map:
{{applications[application_id].server_name}}: https://{{domains.matrix.synapse}}
{{applications | get_app_conf(application_id, 'server_name', True)}}: https://{{domains.matrix.synapse}}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
@ -150,7 +150,7 @@ bridge:
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map:
{{applications[application_id].server_name}}: {{applications[application_id].credentials.registration_shared_secret}}
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{applications | get_app_conf(application_id, 'credentials.registration_shared_secret', True)}}
# Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration
# Null means there's no enforced timeout.
@ -274,8 +274,8 @@ bridge:
# mxid - Specific user
permissions:
"*": relay
"{{applications[application_id].server_name}}": user
"@{{applications[application_id].users.administrator.username}}:{{applications[application_id].server_name}}": admin
"{{applications | get_app_conf(application_id, 'server_name', True)}}": user
"@{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}:{{applications | get_app_conf(application_id, 'server_name', True)}}": admin
# Settings for relay mode
relay:

12
roles/web-app-matrix/templates/mautrix/slack.config.yml.j2
View File

@ -3,7 +3,7 @@ homeserver:
# The address that this appservice can use to connect to the homeserver.
address: http://synapse:8008
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain: {{applications[application_id].server_name}}
domain: {{applications | get_app_conf(application_id, 'server_name', True)}}
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
@ -43,7 +43,7 @@ appservice:
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: postgres://mautrix_slack_bridge:{{applications[application_id].credentials.mautrix_slack_bridge_database_password}}@{{database_host}}/mautrix_slack_bridge?sslmode=disable
uri: postgres://mautrix_slack_bridge:{{applications | get_app_conf(application_id, 'credentials.mautrix_slack_bridge_database_password', True)}}@{{database_host}}/mautrix_slack_bridge?sslmode=disable
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
@ -118,7 +118,7 @@ bridge:
# Servers to always allow double puppeting from
double_puppet_server_map:
{{applications[application_id].server_name}}: https://{{domains.matrix.synapse}}
{{applications | get_app_conf(application_id, 'server_name', True)}}: https://{{domains.matrix.synapse}}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
@ -127,7 +127,7 @@ bridge:
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map:
{{applications[application_id].server_name}}: {{applications[application_id].credentials.registration_shared_secret}}
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{applications | get_app_conf(application_id, 'credentials.registration_shared_secret', True)}}
message_handling_timeout:
# Send an error message after this timeout, but keep waiting for the response until the deadline.
@ -278,8 +278,8 @@ bridge:
# mxid - Specific user
permissions:
"*": relay
"{{applications[application_id].server_name}}": user
"@{{applications[application_id].users.administrator.username}}:{{applications[application_id].server_name}}": admin
"{{applications | get_app_conf(application_id, 'server_name', True)}}": user
"@{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}:{{applications | get_app_conf(application_id, 'server_name', True)}}": admin
# Logging config. See https://github.com/tulir/zeroconfig for details.
logging:

20
roles/web-app-matrix/templates/mautrix/telegram.config.yml.j2
View File

@ -3,7 +3,7 @@ homeserver:
# The address that this appservice can use to connect to the homeserver.
address: http://synapse:8008
# The domain of the homeserver (for MXIDs, etc).
domain: {{applications[application_id].server_name}}
domain: {{applications | get_app_conf(application_id, 'server_name', True)}}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
@ -42,7 +42,7 @@ appservice:
# Format examples:
# SQLite: sqlite:filename.db
# Postgres: postgres://username:password@hostname/dbname
database: postgres://mautrix_telegram_bridge:{{applications[application_id].credentials.mautrix_telegram_bridge_database_password}}@{{database_host}}/mautrix_telegram_bridge
database: postgres://mautrix_telegram_bridge:{{applications | get_app_conf(application_id, 'credentials.mautrix_telegram_bridge_database_password', True)}}@{{database_host}}/mautrix_telegram_bridge
# Additional arguments for asyncpg.create_pool() or sqlite3.connect()
# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
@ -62,7 +62,7 @@ appservice:
prefix: /public
# The base URL where the public-facing endpoints are available. The prefix is not added
# implicitly.
external: https://{{applications[application_id].server_name}}/public
external: https://{{applications | get_app_conf(application_id, 'server_name', True)}}/public
# Provisioning API part of the web server for automated portal creation and fetching information.
# Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
@ -198,7 +198,7 @@ bridge:
sync_direct_chat_list: false
# Servers to always allow double puppeting from
double_puppet_server_map:
{{applications[application_id].server_name}}: https://{{domains.matrix.synapse}}
{{applications | get_app_conf(application_id, 'server_name', True)}}: https://{{domains.matrix.synapse}}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
@ -209,7 +209,7 @@ bridge:
# If using this for other servers than the bridge's server,
# you must also set the URL in the double_puppet_server_map.
login_shared_secret_map:
{{applications[application_id].server_name}}: {{applications[application_id].credentials.registration_shared_secret}}
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{applications | get_app_conf(application_id, 'credentials.registration_shared_secret', True)}}
# Set to false to disable link previews in messages sent to Telegram.
telegram_link_preview: true
# Whether or not the !tg join command should do a HTTP request
@ -530,9 +530,9 @@ bridge:
# mxid - Specific user
permissions:
"*": "relaybot"
"public.{{applications[application_id].server_name}}": "user"
"{{applications[application_id].server_name}}": "full"
"@{{applications[application_id].users.administrator.username}}:{{applications[application_id].server_name}}": "admin"
"public.{{applications | get_app_conf(application_id, 'server_name', True)}}": "user"
"{{applications | get_app_conf(application_id, 'server_name', True)}}": "full"
"@{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}:{{applications | get_app_conf(application_id, 'server_name', True)}}": "admin"
# Options related to the message relay Telegram bot.
relaybot:
@ -564,8 +564,8 @@ bridge:
# Telegram config
telegram:
# Get your own API keys at https://my.telegram.org/apps
api_id: {{applications[application_id].credentials.mautrix_telgegram_bridge_api_id}}
api_hash: {{applications[application_id].credentials.mautrix_telgegram_bridge_api_pin}}
api_id: {{applications | get_app_conf(application_id, 'credentials.mautrix_telgegram_bridge_api_id', True)}}
api_hash: {{applications | get_app_conf(application_id, 'credentials.mautrix_telgegram_bridge_api_pin', True)}}
# (Optional) Create your own bot at https://t.me/BotFather
bot_token: disabled

12
roles/web-app-matrix/templates/mautrix/whatsapp.config.yml.j2
View File

@ -3,7 +3,7 @@ homeserver:
# The address that this appservice can use to connect to the homeserver.
address: http://synapse:8008
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain: {{applications[application_id].server_name}}
domain: {{applications | get_app_conf(application_id, 'server_name', True)}}
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
@ -42,7 +42,7 @@ appservice:
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: postgres://mautrix_whatsapp_bridge:{{applications[application_id].credentials.mautrix_whatsapp_bridge_database_password}}@{{database_host}}/mautrix_whatsapp_bridge?sslmode=disable
uri: postgres://mautrix_whatsapp_bridge:{{applications | get_app_conf(application_id, 'credentials.mautrix_whatsapp_bridge_database_password', True)}}@{{database_host}}/mautrix_whatsapp_bridge?sslmode=disable
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
@ -236,7 +236,7 @@ bridge:
force_active_delivery_receipts: false
# Servers to always allow double puppeting from
double_puppet_server_map:
{{applications[application_id].server_name}}: https://{{domains.matrix.synapse}}
{{applications | get_app_conf(application_id, 'server_name', True)}}: https://{{domains.matrix.synapse}}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
@ -245,7 +245,7 @@ bridge:
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map:
{{applications[application_id].server_name}}: {{applications[application_id].credentials.registration_shared_secret}}
{{applications | get_app_conf(application_id, 'server_name', True)}}: {{applications | get_app_conf(application_id, 'credentials.registration_shared_secret', True)}}
# Whether to explicitly set the avatar and room name for private chat portal rooms.
# If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
# If set to `always`, all DM rooms will have explicit names and avatars set.
@ -434,8 +434,8 @@ bridge:
# mxid - Specific user
permissions:
"*": relay
"{{applications[application_id].server_name}}": user
"@{{applications[application_id].users.administrator.username}}:{{applications[application_id].server_name}}": admin
"{{applications | get_app_conf(application_id, 'server_name', True)}}": user
"@{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}:{{applications | get_app_conf(application_id, 'server_name', True)}}": admin
# Settings for relay mode
relay:

8
roles/web-app-matrix/templates/synapse/homeserver.yaml.j2
View File

@ -1,4 +1,4 @@
server_name: "{{applications[application_id].server_name}}"
server_name: "{{applications | get_app_conf(application_id, 'server_name', True)}}"
pid_file: /data/homeserver.pid
listeners:
- port: 8008
@ -19,10 +19,10 @@ database:
cp_max: 10
log_config: "/data/{{domains.matrix.synapse}}.log.config"
media_store_path: "/data/media_store"
registration_shared_secret: "{{applications[application_id].credentials.registration_shared_secret}}"
registration_shared_secret: "{{applications | get_app_conf(application_id, 'credentials.registration_shared_secret', True)}}"
report_stats: true
macaroon_secret_key: "{{applications[application_id].credentials.macaroon_secret_key}}"
form_secret: "{{applications[application_id].credentials.form_secret}}"
macaroon_secret_key: "{{applications | get_app_conf(application_id, 'credentials.macaroon_secret_key', True)}}"
form_secret: "{{applications | get_app_conf(application_id, 'credentials.form_secret', True)}}"
signing_key_path: "/data/{{domains.matrix.synapse}}.signing.key"
web_client_location: "{{ web_protocol }}://{{domains.matrix.element}}"
public_baseurl: "{{ web_protocol }}://{{domains.matrix.synapse}}"

12
roles/web-app-matrix/vars/bridges.yml
View File

@ -1,30 +1,30 @@
bridges_configuration:
- database_password: "{{ applications[application_id].credentials.mautrix_whatsapp_bridge_database_password }}"
- database_password: "{{ applications | get_app_conf(application_id, 'credentials.mautrix_whatsapp_bridge_database_password', True) }}"
database_username: "mautrix_whatsapp_bridge"
database_name: "mautrix_whatsapp_bridge"
bridge_name: "whatsapp"
- database_password: "{{ applications[application_id].credentials.mautrix_telegram_bridge_database_password }}"
- database_password: "{{ applications | get_app_conf(application_id, 'credentials.mautrix_telegram_bridge_database_password', True) }}"
database_username: "mautrix_telegram_bridge"
database_name: "mautrix_telegram_bridge"
bridge_name: "telegram"
- database_password: "{{ applications[application_id].credentials.mautrix_signal_bridge_database_password }}"
- database_password: "{{ applications | get_app_conf(application_id, 'credentials.mautrix_signal_bridge_database_password', True) }}"
database_username: "mautrix_signal_bridge"
database_name: "mautrix_signal_bridge"
bridge_name: "signal"
- database_password: "{{ applications[application_id].credentials.mautrix_slack_bridge_database_password }}"
- database_password: "{{ applications | get_app_conf(application_id, 'credentials.mautrix_slack_bridge_database_password', True) }}"
database_username: "mautrix_slack_bridge"
database_name: "mautrix_slack_bridge"
bridge_name: "slack"
- database_password: "{{ applications[application_id].credentials.mautrix_facebook_bridge_database_password }}"
- database_password: "{{ applications | get_app_conf(application_id, 'credentials.mautrix_facebook_bridge_database_password', True) }}"
database_username: "mautrix_facebook_bridge"
database_name: "mautrix_facebook_bridge"
bridge_name: "facebook"
- database_password: "{{ applications[application_id].credentials.mautrix_instagram_bridge_database_password }}"
- database_password: "{{ applications | get_app_conf(application_id, 'credentials.mautrix_instagram_bridge_database_password', True) }}"
database_username: "mautrix_instagram_bridge"
database_name: "mautrix_instagram_bridge"
bridge_name: "instagram"

2
roles/web-app-mobilizon/templates/docker-compose.yml.j2
View File

@ -1,6 +1,6 @@
{% include 'roles/docker-compose/templates/base.yml.j2' %}
application:
image: "{{ applications[application_id].images[application_id] }}"
image: "{{ applications | get_app_conf(application_id, 'images.' ~ application_id, True) }}"
volumes:
- uploads:/var/lib/mobilizon/uploads
- {{ mobilizon_host_conf_exs_file }}:/etc/mobilizon/config.exs:ro

6
roles/web-app-mobilizon/templates/env.j2
View File

@ -6,7 +6,7 @@
######################################################
# The name for your instance
MOBILIZON_INSTANCE_NAME={{ applications[application_id].titel }}
MOBILIZON_INSTANCE_NAME={{ applications | get_app_conf(application_id, 'titel', True) }}
# Your domain
MOBILIZON_INSTANCE_HOST={{ domains | get_domain(application_id) }}
@ -67,12 +67,12 @@ MOBILIZON_DATABASE_PORT={{ database_port }}
# A secret key used as a base to generate secrets for encrypting and signing data.
# Make sure it's long enough (~64 characters should be fine)
# You can run `openssl rand -base64 48` to generate such a secret
MOBILIZON_INSTANCE_SECRET_KEY_BASE={{ applications[application_id].credentials.secret_key_base }}
MOBILIZON_INSTANCE_SECRET_KEY_BASE={{ applications | get_app_conf(application_id, 'credentials.secret_key_base', True) }}
# A secret key used as a base to generate JWT tokens
# Make sure it's long enough (~64 characters should be fine)
# You can run `openssl rand -base64 48` to generate such a secret
MOBILIZON_INSTANCE_SECRET_KEY={{ applications[application_id].credentials.secret_key }}
MOBILIZON_INSTANCE_SECRET_KEY={{ applications | get_app_conf(application_id, 'credentials.secret_key', True) }}
######################################################

4
roles/web-app-moodle/templates/Dockerfile.j2
View File

@ -1,10 +1,10 @@
FROM bitnami/moodle:{{ applications[application_id].version }}
FROM bitnami/moodle:{{ applications | get_app_conf(application_id, 'version', True) }}
{% if applications | is_feature_enabled('oidc', application_id) %}
RUN install_packages unzip curl jq \
&& VERSION=$(curl -s https://api.github.com/repos/microsoft/moodle-auth_oidc/tags \
| jq -r '.[].name' \
| grep v{{ applications[application_id].version }} \
| grep v{{ applications | get_app_conf(application_id, 'version', True) }} \
| sort -Vr \
| head -n1) \
&& echo "Using version $VERSION" \

8
roles/web-app-moodle/templates/env.j2
View File

@ -1,12 +1,12 @@
# General
MOODLE_SITE_NAME="{{applications[application_id].site_titel}}"
MOODLE_SITE_NAME="{{applications | get_app_conf(application_id, 'site_titel', True)}}"
MOODLE_HOST="{{ domains | get_domain(application_id) }}"
MOODLE_SSLPROXY=yes
MOODLE_REVERSE_PROXY=yes
MOODLE_USERNAME={{applications[application_id].users.administrator.username}}
MOODLE_PASSWORD={{applications[application_id].credentials.user_password}}
MOODLE_EMAIL={{applications[application_id].users.administrator.email}}
MOODLE_USERNAME={{applications | get_app_conf(application_id, 'users.administrator.username', True)}}
MOODLE_PASSWORD={{applications | get_app_conf(application_id, 'credentials.user_password', True)}}
MOODLE_EMAIL={{applications | get_app_conf(application_id, 'users.administrator.email', True)}}
BITNAMI_DEBUG={% if enable_debug | bool %}true{% else %}false{% endif %}
# Database

2
roles/web-app-nextcloud/tasks/main.yml
View File

@ -43,7 +43,7 @@
- name: Setup Nextcloud Plugins
include_tasks: plugin.yml
loop: "{{applications[application_id].plugins | dict2items }}"
loop: "{{applications | get_app_conf(application_id, 'plugins', True) | dict2items }}"
loop_control:
loop_var: plugin_item
vars:

4
roles/web-app-nextcloud/templates/config/oidc.config.php.j2
View File

@ -1,7 +1,7 @@
<?php
# Implementing OICD configuration
{% if applications[application_id].oidc.flavor == "oidc_login" %}
{% if applications | get_app_conf(application_id, 'oidc.flavor', True) == "oidc_login" %}
# Check out: https://github.com/pulsejet/nextcloud-oidc-login
@ -33,7 +33,7 @@ return array (
//
// NOTE: If you want to allow NextCloud to manage quotas, omit this option. Do not set it to
// zero or -1 or ''.
'oidc_login_default_quota' => '{{applications[application_id].default_quota}}',
'oidc_login_default_quota' => '{{applications | get_app_conf(application_id, 'default_quota', True)}}',
// Login button text
'oidc_login_button_text' => '{{oidc.button_text}}',

10
roles/web-app-nextcloud/templates/env.j2
View File

@ -8,9 +8,9 @@ MYSQL_PASSWORD= "{{database_password}}"
MYSQL_HOST= "{{database_host}}:{{database_port}}"
# PHP
PHP_MEMORY_LIMIT= "{{applications[application_id].performance.php.memory_limit}}"
PHP_UPLOAD_LIMIT= "{{applications[application_id].performance.php.upload_limit}}"
PHP_OPCACHE_MEMORY_CONSUMPTION= "{{applications[application_id].performance.php.opcache_memory_consumption}}"
PHP_MEMORY_LIMIT= "{{applications | get_app_conf(application_id, 'performance.php.memory_limit', True)}}"
PHP_UPLOAD_LIMIT= "{{applications | get_app_conf(application_id, 'performance.php.upload_limit', True)}}"
PHP_OPCACHE_MEMORY_CONSUMPTION= "{{applications | get_app_conf(application_id, 'performance.php.opcache_memory_consumption', True)}}"
# Email Configuration
SMTP_HOST= {{system_email.host}}
@ -24,8 +24,8 @@ MAIL_FROM_ADDRESS= "{{ users['no-reply'].username }}"
MAIL_DOMAIN= "{{system_email.domain}}"
# Initial Admin Data
NEXTCLOUD_ADMIN_USER= "{{applications[application_id].users.administrator.username}}"
NEXTCLOUD_ADMIN_PASSWORD= "{{applications[application_id].credentials.administrator_password}}"
NEXTCLOUD_ADMIN_USER= "{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}"
NEXTCLOUD_ADMIN_PASSWORD= "{{applications | get_app_conf(application_id, 'credentials.administrator_password', True)}}"
# Security

2
roles/web-app-nextcloud/vars/plugins/user_ldap.yml
View File

@ -164,7 +164,7 @@ plugin_configuration:
appid: "user_ldap"
configkey: "s01ldap_userlist_filter"
configvalue: |-
{% if applications[application_id].plugins.user_ldap.user_directory.enabled %}
{% if applications | get_app_conf(application_id, 'plugins', True).user_ldap.user_directory.enabled %}
{{ ldap.filters.users.all }}
{% else %}
()

4
roles/web-app-nextcloud/vars/system.yml
View File

@ -1,11 +1,11 @@
nextcloud_system_config:
- parameter: "hide_login_form"
type: "boolean"
value: "{{ (not applications[application_id].legacy_login_mask.enabled) | lower }}"
value: "{{ (not applications | get_app_conf(application_id, 'legacy_login_mask.enabled', True)) | lower }}"
- parameter: "auth.webauthn.enabled"
type: "boolean"
value: "{{ applications[application_id].legacy_login_mask.enabled | lower }}"
value: "{{ applications | get_app_conf(application_id, 'legacy_login_mask.enabled', True) | lower }}"
- parameter: "maintenance_window_start"
type: "integer"

2
roles/web-app-openproject/tasks/main.yml
View File

@ -35,4 +35,4 @@
- name: Setup LDAP
include_tasks: ldap.yml
when: applications[application_id].features.ldap | bool
when: applications | get_app_conf(application_id, 'features.ldap', True) | bool

4
roles/web-app-openproject/vars/main.yml
View File

@ -21,8 +21,8 @@ openproject_rails_settings:
openproject_filters:
administrators: >-
{{ '(memberOf=cn=openproject-admins,' ~ ldap.dn.ou.roles ~ ')'
if applications[application_id].ldap.filters.administrators else '' }}
if applications | get_app_conf(application_id, 'ldap.filters.administrators', True) else '' }}
users: >-
{{ '(memberOf=cn=openproject-users,' ~ ldap.dn.ou.roles ~ ')'
if applications[application_id].ldap.filters.users else '' }}
if applications | get_app_conf(application_id, 'ldap.filters.users', True) else '' }}

2
roles/web-app-peertube/templates/docker-compose.yml.j2
View File

@ -2,7 +2,7 @@
application:
{% set container_port = 9000 %}
image: chocobozzz/peertube:production-{{ applications[application_id].version }}
image: chocobozzz/peertube:production-{{ applications | get_app_conf(application_id, 'version', True) }}
container_name: {{ container_name }}
{% include 'roles/docker-container/templates/base.yml.j2' %}
ports:

2
roles/web-app-peertube/templates/env.j2
View File

@ -11,7 +11,7 @@ PEERTUBE_DB_HOSTNAME={{database_host}}
PEERTUBE_WEBSERVER_HOSTNAME={{domains | get_domain(application_id)}}
PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback"]
PEERTUBE_SECRET={{applications[application_id].credentials.secret}}
PEERTUBE_SECRET={{applications | get_app_conf(application_id, 'credentials.secret', True)}}
# E-mail configuration
PEERTUBE_SMTP_USERNAME={{ users['no-reply'].email }}

2
roles/web-app-pgadmin/tasks/main.yml
View File

@ -5,4 +5,4 @@
- name: "configure pgadmin servers"
include_tasks: configuration.yml
when: applications[application_id].server_mode | bool
when: applications | get_app_conf(application_id, 'server_mode', True) | bool

4
roles/web-app-pgadmin/templates/docker-compose.yml.j2
View File

@ -2,7 +2,7 @@
application:
{% set container_port = 80 %}
image: dpage/pgadmin4:{{applications[application_id].version}}
image: dpage/pgadmin4:{{applications | get_app_conf(application_id, 'version', True)}}
container_name: pgadmin
{% include 'roles/docker-container/templates/base.yml.j2' %}
ports:
@ -12,7 +12,7 @@
{% include 'roles/docker-container/templates/healthcheck/wget.yml.j2' %}
volumes:
- "data:/var/lib/pgadmin"
{% if applications[application_id].server_mode | bool %}
{% if applications | get_app_conf(application_id, 'server_mode', True) | bool %}
- "{{ pgadmin_host_server_file }}:{{ pgadmin_docker_server_file }}"
- "{{ pgadmin_host_password_file }}:{{ pgadmin_docker_password_file }}"
{% endif %}

8
roles/web-app-pgadmin/templates/env.j2
View File

@ -4,12 +4,12 @@
PGADMIN_DISABLE_POSTFIX=True
# Default login email for server mode
PGADMIN_DEFAULT_EMAIL={{ applications[application_id].users.administrator.email }}
PGADMIN_DEFAULT_EMAIL={{ applications | get_app_conf(application_id, 'users.administrator.email', True) }}
# Default login password for server mode
PGADMIN_DEFAULT_PASSWORD={{ applications[application_id].credentials.administrator_password }}
PGADMIN_DEFAULT_PASSWORD={{ applications | get_app_conf(application_id, 'credentials.administrator_password', True) }}
{% if applications[application_id].server_mode | bool %}
{% if applications | get_app_conf(application_id, 'server_mode', True) | bool %}
# Load server connection settings from this JSON file
PGADMIN_SERVER_JSON_FILE={{ pgadmin_docker_server_file }}
@ -17,5 +17,5 @@ PGADMIN_SERVER_JSON_FILE={{ pgadmin_docker_server_file }}
PGADMIN_CONFIG_SERVER_MODE=False
# Disable master password prompt for stored credentials
PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED={{ applications[application_id].master_password_required | capitalize }}
PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED={{ applications | get_app_conf(application_id, 'master_password_required', True) | capitalize }}
{% endif %}

2
roles/web-app-phpldapadmin/templates/docker-compose.yml.j2
View File

@ -2,7 +2,7 @@
application:
container_name: {{ application_id }}
image: leenooks/phpldapadmin:{{applications[application_id].version}}
image: leenooks/phpldapadmin:{{applications | get_app_conf(application_id, 'version', True)}}
ports:
- 127.0.0.1:{{ports.localhost.http[application_id]}}:8080
{% include 'roles/docker-container/templates/base.yml.j2' %}

2
roles/web-app-phpmyadmin/templates/env.j2
View File

@ -1,7 +1,7 @@
# Configuration @see https://hub.docker.com/_/phpmyadmin
PMA_HOST={{applications['svc-db-mariadb'].hostname}}
{% if applications[application_id].autologin | bool %}
{% if applications | get_app_conf(application_id, 'autologin', True) | bool %}
PMA_USER= root
PMA_PASSWORD= "{{applications['svc-db-mariadb'].credentials.root_password}}"
{% endif %}

4
roles/web-app-pixelfed/templates/docker-compose.yml.j2
View File

@ -1,7 +1,7 @@
{% include 'roles/docker-compose/templates/base.yml.j2' %}
application:
image: "{{ applications[application_id].images.pixelfed }}"
image: "{{ applications | get_app_conf(application_id, 'images.pixelfed', True) }}"
{% include 'roles/docker-container/templates/base.yml.j2' %}
volumes:
- "data:/var/www/storage"
@ -11,7 +11,7 @@
{% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}
{% include 'roles/docker-container/templates/networks.yml.j2' %}
worker:
image: "{{ applications[application_id].images.pixelfed }}"
image: "{{ applications | get_app_conf(application_id, 'images.pixelfed', True) }}"
{% include 'roles/docker-container/templates/base.yml.j2' %}
volumes:
- "data:/var/www/storage"

2
roles/web-app-pixelfed/templates/env.j2
View File

@ -1,5 +1,5 @@
## Crypto
APP_KEY={{applications[application_id].credentials.app_key}}
APP_KEY={{applications | get_app_conf(application_id, 'credentials.app_key', True)}}
## General Settings
APP_NAME="{{applications.pixelfed.titel}}"

2
roles/web-app-port-ui/lookup_plugins/docker_cards.py
View File

@ -22,7 +22,7 @@ class LookupModule(LookupBase):
- Retrieves the icon class from galaxy_info.logo.class
- Retrieves the tags from galaxy_info.galaxy_tags
- Builds the URL using the 'domains' variable
- Sets the iframe flag from applications[application_id].features.port-ui-desktop
- Sets the iframe flag from applications | get_app_conf(application_id, 'features.port-ui-desktop', True)
Only cards whose application_id is included in the variable group_names are returned.
"""

2
roles/web-app-pretix/templates/docker-compose.yml.j2
View File

@ -4,7 +4,7 @@ services:
{% include 'roles/docker-compose/templates/base.yml.j2' %}
application:
image: "{{ applications[application_id].images[application_id] }}"
image: "{{ applications | get_app_conf(application_id, 'images.' ~ application_id, True) }}"
volumes: []
ports:
- "127.0.0.1:{{ ports.localhost.http[application_id] }}:{{ container_port }}"

8
roles/web-app-snipe-it/tasks/ldap.yml
View File

@ -17,7 +17,7 @@
docker-compose exec -T \
-u www-data \
-e XDG_CONFIG_HOME=/tmp \
-e APP_KEY='{{ applications[application_id].credentials.app_key }}' \
-e APP_KEY='{{ applications | get_app_conf(application_id, 'credentials.app_key', True) }}' \
application \
sh -c 'echo "SHELL sees APP_KEY=$APP_KEY"'
args:
@ -27,7 +27,7 @@
shell: |
docker-compose exec -T -u www-data \
-e XDG_CONFIG_HOME=/tmp \
-e APP_KEY="{{ applications[application_id].credentials.app_key }}" \
-e APP_KEY="{{ applications | get_app_conf(application_id, 'credentials.app_key', True) }}" \
application \
php artisan tinker --execute="echo 'CONFIG app.key: ' . config('app.key') . PHP_EOL;"
args:
@ -36,7 +36,7 @@
- name: "Set all LDAP settings via Laravel Setting model (inside container as www-data)"
shell: |
docker-compose exec -T \
-e APP_KEY='{{ applications[application_id].credentials.app_key }}' \
-e APP_KEY='{{ applications | get_app_conf(application_id, 'credentials.app_key', True) }}' \
-e XDG_CONFIG_HOME=/tmp \
-u www-data application \
sh -c 'php artisan tinker << "EOF"
@ -75,7 +75,7 @@
shell: |
docker-compose exec -T \
-u www-data \
-e APP_KEY="{{ applications[application_id].credentials.app_key }}" \
-e APP_KEY="{{ applications | get_app_conf(application_id, 'credentials.app_key', True) }}" \
-e XDG_CONFIG_HOME=/tmp \
application \
php artisan tinker --execute="

2
roles/web-app-snipe-it/templates/docker-compose.yml.j2
View File

@ -2,7 +2,7 @@
application:
{% set container_port = 80 %}
image: grokability/snipe-it:{{applications[application_id].version}}
image: grokability/snipe-it:{{applications | get_app_conf(application_id, 'version', True)}}
{% include 'roles/docker-container/templates/base.yml.j2' %}
volumes:
- data:/var/lib/snipeit

2
roles/web-app-snipe-it/templates/env.j2
View File

@ -3,7 +3,7 @@
# --------------------------------------------
APP_ENV={{ CYMAIS_ENVIRONMENT | lower }}
APP_DEBUG={{enable_debug | string | lower }}
APP_KEY={{ applications[application_id].credentials.app_key}}
APP_KEY={{ applications | get_app_conf(application_id, 'credentials.app_key', True)}}
APP_URL={{ snipe_it_url }}
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones - TZ identifier
APP_TIMEZONE='{{ HOST_TIMEZONE }}'

2
roles/web-app-snipe-it/vars/main.yml
View File

@ -1,4 +1,4 @@
application_id: "snipe-it"
database_password: "{{ applications[application_id].credentials.database_password }}"
database_password: "{{ applications | get_app_conf(application_id, 'credentials.database_password', True) }}"
database_type: "mariadb"
snipe_it_url: "{{ domains | get_url(application_id, web_protocol) }}"

6
roles/web-app-syncope/templates/docker-compose.yml.j2
View File

@ -2,7 +2,7 @@
application:
depends_on:
- db
image: apache/syncope:{{ applications[application_id].version }}
image: apache/syncope:{{ applications | get_app_conf(application_id, 'version', True) }}
ports:
- "18080:8080"
restart: always
@ -16,7 +16,7 @@
console:
depends_on:
- syncope
image: apache/syncope-console:{{ applications[application_id].version }}
image: apache/syncope-console:{{ applications | get_app_conf(application_id, 'version', True) }}
ports:
- "28080:8080"
restart: always
@ -27,7 +27,7 @@
enduser:
depends_on:
- syncope
image: apache/syncope-enduser:{{ applications[application_id].version }}
image: apache/syncope-enduser:{{ applications | get_app_conf(application_id, 'version', True) }}
ports:
- "38080:8080"
restart: always

2
roles/web-app-taiga/tasks/main.yml
View File

@ -7,7 +7,7 @@
template:
src: "taiga/{{item}}.py.j2"
dest: "{{ docker_compose.directories.config }}taiga-{{item}}.py"
when: applications[application_id].features.oidc and applications[application_id].oidc.flavor == 'taigaio'
when: applications | get_app_conf(application_id, 'features.oidc', True) and applications | get_app_conf(application_id, 'oidc.flavor', True) == 'taigaio'
notify: docker compose up
loop: "{{ settings_files }}"

8
roles/web-app-taiga/templates/docker-compose.yml.j2
View File

@ -9,7 +9,7 @@
- media-data:/taiga-back/media
# - ./config.py:/taiga-back/settings/config.py
{% if applications | is_feature_enabled('oidc',application_id) and applications[application_id].oidc.flavor == 'taigaio' %}
{% if applications | is_feature_enabled('oidc',application_id) and applications | get_app_conf(application_id, 'oidc.flavor', True) == 'taigaio' %}
- {{ docker_compose.directories.config }}taiga-local.py:/taiga-back/settings/local.py:ro
@ -22,7 +22,7 @@
condition: service_started
taiga-async-rabbitmq:
condition: service_started
{% if applications | is_feature_enabled('oidc',application_id) and applications[application_id].oidc.flavor == 'taigaio' %}
{% if applications | is_feature_enabled('oidc',application_id) and applications | get_app_conf(application_id, 'oidc.flavor', True) == 'taigaio' %}
command: >
/bin/sh -c "
@ -42,7 +42,7 @@
- media-data:/taiga-back/media
# - ./config.py:/taiga-back/settings/config.py
{% if applications | is_feature_enabled('oidc',application_id) and applications[application_id].oidc.flavor == 'taigaio' %}
{% if applications | is_feature_enabled('oidc',application_id) and applications | get_app_conf(application_id, 'oidc.flavor', True) == 'taigaio' %}
{% for item in settings_files %}
- {{ docker_compose.directories.config }}taiga-{{ item }}.py:/taiga-back/settings/{{ item }}.py:ro
@ -57,7 +57,7 @@
condition: service_started
taiga-async-rabbitmq:
condition: service_started
{% if applications | is_feature_enabled('oidc',application_id) and applications[application_id].oidc.flavor == 'taigaio' %}
{% if applications | is_feature_enabled('oidc',application_id) and applications | get_app_conf(application_id, 'oidc.flavor', True) == 'taigaio' %}
command: >
/bin/sh -c "

8
roles/web-app-taiga/templates/env.j2
View File

@ -6,8 +6,8 @@ TAIGA_SUBPATH = "" # it'll be appended to the TAIGA_DOMAIN (use either
WEBSOCKETS_SCHEME = wss # events connection protocol (use either "ws" or "wss")
# Taiga's Secret Key - Variable to provide cryptographic signing
TAIGA_SECRET_KEY = "{{applications[application_id].credentials.secret_key}}"
SECRET_KEY = "{{applications[application_id].credentials.secret_key}}"
TAIGA_SECRET_KEY = "{{applications | get_app_conf(application_id, 'credentials.secret_key', True)}}"
SECRET_KEY = "{{applications | get_app_conf(application_id, 'credentials.secret_key', True)}}"
# Taiga's Database settings - Variables to create the Taiga database and connect to it
POSTGRES_USER = "{{database_username}}" # user to connect to PostgreSQL
@ -49,7 +49,7 @@ ENABLE_TELEMETRY = True
{% if applications | is_feature_enabled('oidc',application_id) %}
{% if applications[application_id].oidc.flavor == 'taigaio' %}
{% if applications | get_app_conf(application_id, 'oidc.flavor', True) == 'taigaio' %}
# OIDC via taigaio official contrib
# @See https://github.com/taigaio/taiga-contrib-oidc-auth
@ -65,7 +65,7 @@ OIDC_OP_JWKS_ENDPOINT="{{ oidc.client.certs }}"
{% endif %}
{% if applications[application_id].oidc.flavor == 'robrotheram' %}
{% if applications | get_app_conf(application_id, 'oidc.flavor', True) == 'robrotheram' %}
# OIDC via robrotheram
# @see https://github.com/robrotheram/taiga-contrib-openid-auth

4
roles/web-app-taiga/vars/main.yml
View File

@ -4,10 +4,10 @@ docker_repository_address: "https://github.com/taigaio/taiga-docker"
email_backend: "smtp" ## use an SMTP server or display the emails in the console (either "smtp" or "console")
docker_compose_init: "{{docker_compose.directories.instance}}docker-compose-inits.yml.j2"
taiga_image_backend: >-
{{ 'robrotheram/taiga-back-openid' if applications[application_id].features.oidc and applications[application_id].oidc.flavor == 'robrotheram'
{{ 'robrotheram/taiga-back-openid' if applications | get_app_conf(application_id, 'features.oidc', True) and applications | get_app_conf(application_id, 'oidc.flavor', True) == 'robrotheram'
else 'taigaio/taiga-back' }}
taiga_image_frontend: >-
{{ 'robrotheram/taiga-front-openid' if applications[application_id].features.oidc and applications[application_id].oidc.flavor == 'robrotheram'
{{ 'robrotheram/taiga-front-openid' if applications | get_app_conf(application_id, 'features.oidc', True) and applications | get_app_conf(application_id, 'oidc.flavor', True) == 'robrotheram'
else 'taigaio/taiga-front' }}
taiga_frontend_conf_path: "{{docker_compose.directories.config}}conf.json"
docker_repository: true

Some files were not shown because too many files have changed in this diff Show More