kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-09-07 18:57:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat(nextcloud): integrate Talk & Whiteboard; refactor to NEXTCLOUD_* vars; full-stack setup

Browse Source 
config(ports): add Nextcloud websocket port (4003); canonical domains (nextcloud/talk/whiteboard)

refactor: unify get_app_conf usage & Jinja spacing; migrate paths/handlers to new NEXTCLOUD_* vars

feat(plugins): split plugin routines; configure Whiteboard via occ (URL + JWT)

fix(oidc): use NEXTCLOUD_URL for logout; correct LDAP attribute mappings; add OIDC flavor switch

feat: Whiteboard container & reverse-proxy location; Talk STUN/WS ports; Redis URL for Whiteboard

chore: drop obsolete TODO; minor cleanups in oauth2-proxy, matrix, peertube, pgadmin, phpldapadmin, pixelfed, phpmyadmin

security(schema): Bluesky jwt_secret now base64_prefixed_32; add Nextcloud whiteboard_jwt_secret

db: normalize postgres image tag templating; central DB host checks spacing fixes

ops: add full-stack bootstrap (certs, proxy, volumes); internal nginx config reload handler update

refs: https://chatgpt.com/share/68b5f5b7-8d64-800f-b001-1241f818dc0e
This commit is contained in:
Kevin Veen-Birkenbach
2025-09-01 21:37:02 +02:00
parent 110381e80c
commit 7ca8b7c71d
48 changed files with 276 additions and 201 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
group_vars/all/09_ports.yml
View File

@@ -2,12 +2,13 @@ ports:
# Ports which are exposed to localhost
localhost:
database:
svc-db-postgres: 5432
svc-db-mariadb: 3306
svc-db-postgres: 5432
svc-db-mariadb: 3306
# https://developer.mozilla.org/de/docs/Web/API/WebSockets_API
websocket:
web-app-mastodon: 4001
web-app-espocrm: 4002
web-app-mastodon: 4001
web-app-espocrm: 4002
web-app-nextcloud: 4003
oauth2_proxy:
web-app-phpmyadmin: 4181
web-app-lam: 4182
@@ -23,10 +24,11 @@ ports:
http:
# Ports which are exposed to the World Wide Web
web-app-nextcloud: 8001
# web-app-nextcloud_talk: 8005
# web-app-nextcloud_whiteboard: 8015
web-app-gitea: 8002
web-app-wordpress: 8003
web-app-mediawiki: 8004
# Free: 8005
web-app-yourls: 8006
web-app-mailu: 8007
web-app-elk: 8008
@@ -36,7 +38,6 @@ ports:
web-app-funkwhale: 8012
web-app-roulette-wheel: 8013
web-app-joomla: 8014
# Free: 8015
web-app-pgadmin: 8016
web-app-baserow: 8017
web-app-matomo: 8018

2
roles/sys-ctl-hlth-webserver/templates/script.py.j2
View File

@@ -43,7 +43,7 @@ for filename in os.listdir(config_path):
url = f"{{ WEB_PROTOCOL }}://{domain}"
redirected_domains = [domain['source'] for domain in {{ redirect_domain_mappings }}]
redirected_domains.append("{{domains | get_domain('web-app-mailu')}}")
redirected_domains.append("{{domains | get_domain('web-app-mailu') }}")
expected_statuses = get_expected_statuses(domain, parts, redirected_domains)

2
roles/sys-svc-rdbms/templates/services/postgres.yml.j2
View File

@@ -2,7 +2,7 @@
{% if not applications | get_app_conf(application_id, 'features.central_database', False) %}
{{ database_host }}:
image: postgres:{{applications['svc-db-postgres'].version}}-alpine
image: postgres:{{ applications['svc-db-postgres'].version}}-alpine
container_name: {{ application_id | get_entity_name }}-database
env_file:
- {{database_env}}

6
roles/web-app-bluesky/schema/main.yml
View File

@@ -1,8 +1,8 @@
credentials:
jwt_secret:
description: "Secret used for JWT signing (base64, 64 bytes)"
algorithm: "plain"
validation: "^[A-Za-z0-9+/=]{86,}$" # 64 bytes base64 = ~86 characters without newline
description: "Secret used for JWT signing"
algorithm: "base64_prefixed_32"
validation: "^base64:[A-Za-z0-9+/]{43}=$"
plc_rotation_key_k256_private_key_hex:
description: "PLC rotation key in hex format (32 bytes)"
algorithm: "sha256"

2
roles/web-app-bluesky/templates/env.j2
View File

@@ -1,5 +1,5 @@
PDS_HOSTNAME="{{domains[application_id].api}}"
PDS_ADMIN_EMAIL="{{applications.bluesky.users.administrator.email}}"
PDS_ADMIN_EMAIL="{{ applications.bluesky.users.administrator.email}}"
PDS_SERVICE_DID="did:web:{{domains[application_id].api}}"
# See https://mattdyson.org/blog/2024/11/self-hosting-bluesky-pds/

2
roles/web-app-funkwhale/templates/env.j2
View File

@@ -97,7 +97,7 @@ STATIC_ROOT={{funkwhale_static_root}}
DJANGO_SETTINGS_MODULE=config.settings.production
# Generate one using `openssl rand -base64 45`, for example
DJANGO_SECRET_KEY={{applications | get_app_conf(application_id, 'credentials.django_secret', True)}}
DJANGO_SECRET_KEY={{ applications | get_app_conf(application_id, 'credentials.django_secret', True)}}
{% if applications | get_app_conf(application_id, 'features.ldap', False) %}
# LDAP settings

2
roles/web-app-keycloak/templates/import/scopes/nextcloud.json.j2
View File

@@ -41,7 +41,7 @@
"id.token.claim": "true",
"lightweight.claim": "false",
"access.token.claim": "true",
"claim.name": "{{LDAP.USER.ATTRIBUTES.ID}}",
"claim.name": "{{ LDAP.USER.ATTRIBUTES.ID }}",
"jsonType.label": "String"
}
}

2
roles/web-app-matrix/tasks/01_docker.yml
View File

@@ -112,7 +112,7 @@
- name: create chatgpt bot
command:
cmd: docker compose exec -it synapse register_new_matrix_user -u chatgptbot -p {{applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_user_password', True)}} -a -c {{ MATRIX_SYNAPSE_CONFIG_PATH_CONTAINER }} http://localhost:8008
cmd: docker compose exec -it synapse register_new_matrix_user -u chatgptbot -p {{ applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_user_password', True)}} -a -c {{ MATRIX_SYNAPSE_CONFIG_PATH_CONTAINER }} http://localhost:8008
chdir: "{{ docker_compose.directories.instance }}"
ignore_errors: true
when: applications | get_app_conf(application_id, 'setup', True) | bool

2
roles/web-app-matrix/templates/docker-compose.yml.j2
View File

@@ -62,7 +62,7 @@
volumes:
- chatgpt_data:/storage
environment:
OPENAI_API_KEY: '{{applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_openai_api_key', True)}}'
OPENAI_API_KEY: '{{ applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_openai_api_key', True)}}'
# Uncomment the next two lines if you are using Azure OpenAI API
# OPENAI_AZURE: 'false'
# CHATGPT_REVERSE_PROXY: 'your-completion-endpoint-here'

2
roles/web-app-matrix/templates/mautrix/facebook.config.yml.j2
View File

@@ -39,7 +39,7 @@ appservice:
# Format examples:
# SQLite: sqlite:filename.db
# Postgres: postgres://username:password@hostname/dbname
database: postgres://mautrix_facebook_bridge:{{applications | get_app_conf(application_id, 'credentials.mautrix_facebook_bridge_database_password', True)}}@{{ database_host }}/mautrix_facebook_bridge
database: postgres://mautrix_facebook_bridge:{{ applications | get_app_conf(application_id, 'credentials.mautrix_facebook_bridge_database_password', True)}}@{{ database_host }}/mautrix_facebook_bridge
# Additional arguments for asyncpg.create_pool() or sqlite3.connect()
# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect

2
roles/web-app-matrix/templates/mautrix/instagram.config.yml.j2
View File

@@ -42,7 +42,7 @@ appservice:
# Format examples:
# SQLite: sqlite:filename.db
# Postgres: postgres://username:password@hostname/dbname
database: postgres://mautrix_instagram_bridge:{{applications | get_app_conf(application_id, 'credentials.mautrix_instagram_bridge_database_password', True)}}@{{ database_host }}/mautrix_instagram_bridge
database: postgres://mautrix_instagram_bridge:{{ applications | get_app_conf(application_id, 'credentials.mautrix_instagram_bridge_database_password', True)}}@{{ database_host }}/mautrix_instagram_bridge
# Additional arguments for asyncpg.create_pool() or sqlite3.connect()
# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect

2
roles/web-app-matrix/templates/mautrix/signal.config.yml.j2
View File

@@ -43,7 +43,7 @@ appservice:
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: postgres://mautrix_signal_bridge:{{applications | get_app_conf(application_id, 'credentials.mautrix_signal_bridge_database_password', True)}}@{{ database_host }}/mautrix_signal_bridge?sslmode=disable
uri: postgres://mautrix_signal_bridge:{{ applications | get_app_conf(application_id, 'credentials.mautrix_signal_bridge_database_password', True)}}@{{ database_host }}/mautrix_signal_bridge?sslmode=disable
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2

2
roles/web-app-matrix/templates/mautrix/slack.config.yml.j2
View File

@@ -43,7 +43,7 @@ appservice:
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: postgres://mautrix_slack_bridge:{{applications | get_app_conf(application_id, 'credentials.mautrix_slack_bridge_database_password', True)}}@{{ database_host }}/mautrix_slack_bridge?sslmode=disable
uri: postgres://mautrix_slack_bridge:{{ applications | get_app_conf(application_id, 'credentials.mautrix_slack_bridge_database_password', True)}}@{{ database_host }}/mautrix_slack_bridge?sslmode=disable
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2

6
roles/web-app-matrix/templates/mautrix/telegram.config.yml.j2
View File

@@ -42,7 +42,7 @@ appservice:
# Format examples:
# SQLite: sqlite:filename.db
# Postgres: postgres://username:password@hostname/dbname
database: postgres://mautrix_telegram_bridge:{{applications | get_app_conf(application_id, 'credentials.mautrix_telegram_bridge_database_password', True)}}@{{ database_host }}/mautrix_telegram_bridge
database: postgres://mautrix_telegram_bridge:{{ applications | get_app_conf(application_id, 'credentials.mautrix_telegram_bridge_database_password', True)}}@{{ database_host }}/mautrix_telegram_bridge
# Additional arguments for asyncpg.create_pool() or sqlite3.connect()
# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
@@ -564,8 +564,8 @@ bridge:
# Telegram config
telegram:
# Get your own API keys at https://my.telegram.org/apps
api_id: {{applications | get_app_conf(application_id, 'credentials.mautrix_telgegram_bridge_api_id', True)}}
api_hash: {{applications | get_app_conf(application_id, 'credentials.mautrix_telgegram_bridge_api_pin', True)}}
api_id: {{ applications | get_app_conf(application_id, 'credentials.mautrix_telgegram_bridge_api_id', True)}}
api_hash: {{ applications | get_app_conf(application_id, 'credentials.mautrix_telgegram_bridge_api_pin', True)}}
# (Optional) Create your own bot at https://t.me/BotFather
bot_token: disabled

2
roles/web-app-matrix/templates/mautrix/whatsapp.config.yml.j2
View File

@@ -42,7 +42,7 @@ appservice:
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: postgres://mautrix_whatsapp_bridge:{{applications | get_app_conf(application_id, 'credentials.mautrix_whatsapp_bridge_database_password', True)}}@{{ database_host }}/mautrix_whatsapp_bridge?sslmode=disable
uri: postgres://mautrix_whatsapp_bridge:{{ applications | get_app_conf(application_id, 'credentials.mautrix_whatsapp_bridge_database_password', True)}}@{{ database_host }}/mautrix_whatsapp_bridge?sslmode=disable
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2

6
roles/web-app-moodle/templates/env.j2
View File

@@ -1,12 +1,12 @@
# General
MOODLE_SITE_NAME="{{applications | get_app_conf(application_id, 'site_titel', True)}}"
MOODLE_SITE_NAME="{{ applications | get_app_conf(application_id, 'site_titel', True) }}"
MOODLE_HOST="{{ domains | get_domain(application_id) }}"
MOODLE_SSLPROXY=yes
MOODLE_REVERSE_PROXY=yes
MOODLE_USERNAME={{ applications | get_app_conf(application_id, 'users.administrator.username') }}
MOODLE_PASSWORD={{applications | get_app_conf(application_id, 'credentials.user_password', True)}}
MOODLE_EMAIL={{applications | get_app_conf(application_id, 'users.administrator.email', True)}}
MOODLE_PASSWORD={{ applications | get_app_conf(application_id, 'credentials.user_password', True)}}
MOODLE_EMAIL={{ applications | get_app_conf(application_id, 'users.administrator.email', True)}}
BITNAMI_DEBUG={% if MODE_DEBUG | bool %}true{% else %}false{% endif %}
# Database

2
roles/web-app-nextcloud/TODO.md
View File

@@ -1,2 +0,0 @@
# Todo
- Implement Collabora and Talk Supper . [See](https://www.youtube.com/watch?v=7cRmvTyt1ik)

18
roles/web-app-nextcloud/config/main.yml
View File

@@ -17,8 +17,9 @@ server:
- "{{ WEBSOCKET_PROTOCOL }}://collabora.{{ PRIMARY_DOMAIN }}"
domains:
canonical:
- "cloud.{{ PRIMARY_DOMAIN }}"
# talk: "talk.{{ PRIMARY_DOMAIN }}" @todo needs to be activated
nextcloud: "cloud.{{ PRIMARY_DOMAIN }}"
talk: "talk.{{ PRIMARY_DOMAIN }}"
whiteboard: "whiteboard.{{ PRIMARY_DOMAIN }}"
docker:
volumes:
data: nextcloud_data
@@ -45,8 +46,14 @@ docker:
name: "nextcloud-talk"
image: "nextcloud/aio-talk"
version: "latest"
enabled: false # Not enabled yet, because just implemented during refactoring and not tested yet. if tested activate
oidc:
backup:
no_stop_required: false
whiteboard:
name: "nextcloud-whiteboard"
image: "ghcr.io/nextcloud-releases/whiteboard"
version: "latest"
backup:
no_stop_required: true
enabled: "{{ applications | get_app_conf('web-app-nextcloud', 'features.oidc', False, True) }}" # Activate OIDC for Nextcloud
# floavor decides which OICD plugin should be used.
# Available options: oidc_login, sociallogin
@@ -72,7 +79,8 @@ performance:
opcache_memory_consumption: "{{ ((ansible_memtotal_mb | int) / 30)|int }}M" # Dynamic set memory consumption
plugins_enabled: true # Implemented for speeding up testing and debugging process. For productive environments keep it true and steer the apps via the plugins config
oidc:
flavor: "{{ _applications_nextcloud_oidc_flavor }}"
plugins:
# List for Nextcloud Plugin Routine
# Decides if plugins should be activated or deactivated

2
roles/web-app-nextcloud/handlers/main.yml
View File

@@ -1,6 +1,6 @@
---
- name: restart nextcloud nginx service
command:
cmd: "docker exec {{ nextcloud_proxy_name }} nginx -s reload"
cmd: "docker exec {{ NEXTCLOUD_PROXY_CONTAINER }} nginx -s reload"
listen: restart nextcloud nginx service
ignore_errors: true # Ignoring if container is restarting

5
roles/web-app-nextcloud/schema/main.yml
View File

@@ -1,5 +1,8 @@
credentials:
whiteboard_jwt_secret:
description: "Secret used for JWT signing"
algorithm: "base64_prefixed_32"
validation: "^base64:[A-Za-z0-9+/]{43}=$"
administrator_password:
description: "Initial password for the Nextcloud administrator (change immediately and enable 2FA)"
algorithm: "sha256"

37
roles/web-app-nextcloud/tasks/01_fullstack.yml Normal file
View File

@@ -0,0 +1,37 @@
- name: "include role for {{ application_id }} to receive certs & do modification routines for '{{ domain }}:{{ port }}'"
include_role:
name: sys-util-csp-cert
- name: create nextcloud proxy configuration file
template:
src: "nginx/host.conf.j2"
dest: "{{ NEXTCLOUD_HOST_NGINX_PATH }}"
notify: restart openresty
- name: "load docker and db for {{ application_id }}"
include_role:
name: sys-stk-back-stateful
vars:
docker_compose_flush_handlers: false
- name: "create {{ NEXTCLOUD_HOST_CONF_ADD_PATH }}"
file:
path: "{{ NEXTCLOUD_HOST_CONF_ADD_PATH }}"
state: directory
mode: "0755"
- name: "Create config files at {{ NEXTCLOUD_HOST_CONF_ADD_PATH }}"
template:
src: "{{ item }}"
dest: "{{ NEXTCLOUD_HOST_CONF_ADD_PATH }}/{{ item | basename | regex_replace('\\.j2$', '') }}"
owner: "{{ NEXTCLOUD_DOCKER_USER_id }}"
group: "{{ NEXTCLOUD_DOCKER_USER_id }}"
loop: "{{ lookup('fileglob', role_path ~ '/templates/config/*.j2', wantlist=True) }}"
# Not all type of changes take instantly place. Due to this reason a rebuild is required.
notify: docker compose up
- name: create internal nextcloud nginx configuration
template:
src: "nginx/docker.conf.j2"
dest: "{{ [docker_compose.directories.volumes, 'nginx.conf'] | path_join }}"
notify: restart nextcloud nginx service

8
roles/web-app-nextcloud/tasks/01_config.yml → roles/web-app-nextcloud/tasks/02_config.yml
View File

@@ -3,7 +3,7 @@
- name: Add dynamic config merging from Jinja template
template:
src: include.php.j2
dest: "{{ nextcloud_host_include_instructions_file }}"
dest: "{{ NEXTCLOUD_HOST_INCL_PATH }}"
notify: docker compose restart
- name: Flush handlers so Nextcloud container is restarted and ready
@@ -19,11 +19,11 @@
- name: Copy include instructions to the container
command: >
docker cp {{ nextcloud_host_include_instructions_file }} {{ NEXTCLOUD_CONTAINER }}:{{ nextcloud_docker_include_instructions_file }}
docker cp {{ NEXTCLOUD_HOST_INCL_PATH }} {{ NEXTCLOUD_CONTAINER }}:{{ NEXTCLOUD_DOCKER_INCL_PATH }}
- name: Append generated config to config.php only if not present
command: >
docker exec -u {{ NEXTCLOUD_DOCKER_USER }} {{ NEXTCLOUD_CONTAINER }} sh -c "
grep -q '{{ nextcloud_docker_config_additives_directory }}' {{ nextcloud_docker_config_file }} ||
cat {{ nextcloud_docker_include_instructions_file }} >> {{ nextcloud_docker_config_file }}"
grep -q '{{ NEXTCLOUD_DOCKER_CONF_ADD_PATH }}' {{ NEXTCLOUD_DOCKER_CONFIG_FILE }} ||
cat {{ NEXTCLOUD_DOCKER_INCL_PATH }} >> {{ NEXTCLOUD_DOCKER_CONFIG_FILE }}"
notify: docker compose restart

0
roles/web-app-nextcloud/tasks/02_upgrade.yml → roles/web-app-nextcloud/tasks/03_upgrade.yml
View File

2
roles/web-app-nextcloud/tasks/03_admin.yml → roles/web-app-nextcloud/tasks/04_admin.yml
View File

@@ -1,7 +1,7 @@
- name: Ensure Nextcloud administrator is in the 'admin' group
command: >
docker exec -u {{ NEXTCLOUD_DOCKER_USER }} {{ NEXTCLOUD_CONTAINER }}
php occ group:adduser admin {{ nextcloud_administrator_username }}
php occ group:adduser admin {{ NEXTCLOUD_ADMINISTRATOR_USERNAME }}
register: add_admin_to_group
changed_when: "not ASYNC_ENABLED and 'Added user' in (add_admin_to_group.stdout | default(''))"
failed_when: >

0
roles/web-app-nextcloud/tasks/04_system_config.yml → roles/web-app-nextcloud/tasks/05_system_config.yml
View File

2
roles/web-app-nextcloud/tasks/05_plugin.yml → roles/web-app-nextcloud/tasks/06_setup_plugin.yml
View File

@@ -1,5 +1,5 @@
- block:
- include_tasks: 06_plugin_routines.yml
- include_tasks: _plugin_a_routines.yml
when: plugin_value.enabled | bool
- name: disable {{ plugin_key }} nextcloud plugin

7
roles/web-app-nextcloud/tasks/06_plugin_routines.yml → roles/web-app-nextcloud/tasks/_plugin_a_routines.yml
View File

@@ -35,9 +35,12 @@
and
("already installed" not in install_result.stdout)
- include_tasks: 07_plugin_enable_and_configure.yml
- include_tasks: _plugin_b_enable_and_configure.yml
when:
- install_result is defined
- >
install_result.rc == 0
or "already installed" in install_result.stdout
or "already installed" in install_result.stdout
vars:
plugin_task_path: "{{ NEXTCLOUD_CNODE_PLUGIN_TASKS_PATH }}{{ plugin_key }}.yml"
plugin_vars_path: "{{ NEXTCLOUD_CNODE_PLUGIN_VARS_PATH }}{{ plugin_key }}.yml"

14
roles/web-app-nextcloud/tasks/07_plugin_enable_and_configure.yml → roles/web-app-nextcloud/tasks/_plugin_b_enable_and_configure.yml
View File

@@ -3,16 +3,16 @@
register: enable_result
changed_when: enable_result.rc == 0 and ("already enabled" not in enable_result.stdout)
- name: Check if {{ nextcloud_control_node_plugin_vars_directory }}{{ plugin_key }}.yml exists
- name: Check if {{ plugin_vars_path }} exists
stat:
path: "{{ nextcloud_control_node_plugin_vars_directory }}{{ plugin_key }}.yml"
path: "{{ plugin_vars_path }}"
delegate_to: localhost
become: false
register: plugin_vars_file
- name: "Load {{ plugin_key }} configuration variables"
include_vars:
file: "{{ nextcloud_control_node_plugin_vars_directory }}{{ plugin_key }}.yml"
file: "{{ plugin_vars_path }}"
when: plugin_vars_file.stat.exists
- name: "Set plugin configuration (batched shell, no async)"
@@ -35,13 +35,13 @@
async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
poll: "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
- name: Check if {{ nextcloud_control_node_plugin_tasks_directory }}{{ plugin_key }}.yml exists
- name: Check if {{ plugin_task_path }} exists
stat:
path: "{{ nextcloud_control_node_plugin_tasks_directory }}{{ plugin_key }}.yml"
path: "{{ plugin_task_path }}"
delegate_to: localhost
become: false
register: plugin_tasks_file
- name: "include {{ nextcloud_control_node_plugin_tasks_directory }}{{ plugin_key }}.yml"
include_tasks: "{{ nextcloud_control_node_plugin_tasks_directory }}{{ plugin_key }}.yml"
- name: "include {{ plugin_task_path }}"
include_tasks: "{{ plugin_task_path }}"
when: plugin_tasks_file.stat.exists

64
roles/web-app-nextcloud/tasks/main.yml
View File

@@ -1,75 +1,39 @@
---
- name: "Install Collabora Dependency"
include_role:
name: web-svc-collabora
vars:
flush_handlers: true
when:
- run_once_web_svc_collabora is not defined
- NEXTCLOUD_COLLABORA_ENABLED | bool
- name: "include role for {{ application_id }} to receive certs & do modification routines"
include_role:
name: sys-util-csp-cert
- name: create nextcloud proxy configuration file
template:
src: "nginx/host.conf.j2"
dest: "{{ nextcloud_host_nginx_path }}"
notify: restart openresty
- name: "load docker and db for {{ application_id }}"
- name: "load docker, db and proxy for {{ application_id }}"
include_role:
name: sys-stk-back-stateful
name: sys-stk-full-stateful
vars:
docker_compose_flush_handlers: false
- name: "create {{ nextcloud_host_config_additives_directory }}"
file:
path: "{{ nextcloud_host_config_additives_directory }}"
state: directory
mode: "0755"
- name: "Create config files at {{ nextcloud_host_config_additives_directory }}"
template:
src: "{{ item }}"
dest: "{{ nextcloud_host_config_additives_directory }}/{{ item | basename | regex_replace('\\.j2$', '') }}"
owner: "{{ NEXTCLOUD_DOCKER_USER_id }}"
group: "{{ NEXTCLOUD_DOCKER_USER_id }}"
loop: "{{ lookup('fileglob', role_path ~ '/templates/config/*.j2', wantlist=True) }}"
# Not all type of changes take instantly place. Due to this reason a rebuild is required.
notify: docker compose up
- name: create internal nextcloud nginx configuration
template:
src: "nginx/docker.conf.j2"
dest: "{{ docker_compose.directories.volumes }}nginx.conf"
notify: restart nextcloud nginx service
- name: Setup the full docker stack
include_tasks: 01_fullstack.yml
vars:
domain: "{{ NEXTCLOUD_DOMAIN }}"
http_port: "{{ NEXTCLOUD_PORT }}"
- name: Setup config.php
include_tasks: 01_config.yml
include_tasks: 02_config.yml
- name: Flush all handlers immediately so that occ can be used
meta: flush_handlers
- name: Update\Upgrade Nextcloud
include_tasks: 02_upgrade.yml
include_tasks: 03_upgrade.yml
when: MODE_UPDATE | bool
- name: Load system configuration steps
include_tasks: "{{ item }}"
loop:
- 03_admin.yml
- 04_system_config.yml
- 04_admin.yml
- 05_system_config.yml
- name: Setup Nextcloud Plugins
include_tasks: 05_plugin.yml
loop: "{{ applications | get_app_conf(application_id, 'plugins', True) | dict2items }}"
include_tasks: 06_setup_plugin.yml
loop: "{{ NEXTCLOUD_PLUGIN_ITEMS }}"
loop_control:
loop_var: plugin_item
vars:
plugin_key: "{{ plugin_item.key }}"
plugin_value: "{{ plugin_item.value }}"
when: nextcloud_plugins_enabled
when: NEXTCLOUD_PLUGINS_ENABLED

7
roles/web-app-nextcloud/tasks/plugins/richdocuments.yml Normal file
View File

@@ -0,0 +1,7 @@
- name: "Install Collabora Dependency"
include_role:
name: web-svc-collabora
vars:
flush_handlers: true
when:
- run_once_web_svc_collabora is not defined

0
roles/web-app-nextcloud/tasks/plugins/spreed.yml Normal file
View File

9
roles/web-app-nextcloud/tasks/plugins/whiteboard.yml Normal file
View File

@@ -0,0 +1,9 @@
- name: Set Whiteboard Configuration
ansible.builtin.shell: >
{{ NEXTCLOUD_DOCKER_EXEC_OCC }} config:app:set whiteboard collabBackendUrl --value='{{ NEXTCLOUD_WHITEBOARD_URL }}'
&& {{ NEXTCLOUD_DOCKER_EXEC_OCC }} config:app:set whiteboard jwt_secret_key --value='{{ NEXTCLOUD_WHITEBOARD_JWT }}'
args:
executable: /bin/bash
async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
poll: "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"

8
roles/web-app-nextcloud/templates/config/oidc.config.php.j2
View File

@@ -1,7 +1,7 @@
<?php
# Implementing OICD configuration
{% if applications | get_app_conf(application_id, 'oidc.flavor', True) == "oidc_login" %}
{% if applications | get_app_conf(application_id, 'oidc.flavor') == "oidc_login" %}
# Check out: https://github.com/pulsejet/nextcloud-oidc-login
@@ -21,7 +21,7 @@ return array (
'oidc_login_auto_redirect' => true,
// Redirect to this page after logging out the user
'oidc_login_logout_url' => 'https://{{ domains | get_domain(application_id) }}',
'oidc_login_logout_url' => '{{ NEXTCLOUD_URL }}',
// If set to true the user will be redirected to the
// logout endpoint of the OIDC provider after logout
@@ -33,7 +33,7 @@ return array (
//
// NOTE: If you want to allow NextCloud to manage quotas, omit this option. Do not set it to
// zero or -1 or ''.
'oidc_login_default_quota' => '{{applications | get_app_conf(application_id, 'default_quota', True)}}',
'oidc_login_default_quota' => '{{ applications | get_app_conf(application_id, 'default_quota', True)}}',
// Login button text
'oidc_login_button_text' => '{{ OIDC.BUTTON_TEXT }}',
@@ -97,7 +97,7 @@ return array (
// note: on Keycloak, OIDC name claim = "${given_name} ${family_name}" or one of them if any is missing
//
'oidc_login_attributes' => array (
'id' => '{{LDAP.USER.ATTRIBUTES.ID}}',
'id' => '{{ LDAP.USER.ATTRIBUTES.ID }}',
'name' => 'name',
'mail' => 'email',
'quota' => '{{ LDAP.USER.ATTRIBUTES.NEXTCLOUD_QUOTA }}',

39
roles/web-app-nextcloud/templates/docker-compose.yml.j2
View File

@@ -1,11 +1,11 @@
{% include 'roles/docker-compose/templates/base.yml.j2' %}
application:
image: "{{ nextcloud_image }}:{{ nextcloud_version }}"
image: "{{ NEXTCLOUD_IMAGE }}:{{ NEXTCLOUD_VERSION }}"
container_name: {{ NEXTCLOUD_CONTAINER }}
volumes:
- data:{{ NEXTCLOUD_DOCKER_WORK_DIRECTORY }}
- {{ nextcloud_host_config_additives_directory }}:{{ nextcloud_docker_config_additives_directory }}:ro
- {{ NEXTCLOUD_HOST_CONF_ADD_PATH }}:{{ NEXTCLOUD_DOCKER_CONF_ADD_PATH }}:ro
healthcheck:
test: ["CMD", "su", "www-data", "-s", "/bin/sh", "-c", "php {{ NEXTCLOUD_DOCKER_WORK_DIRECTORY }}occ status"]
interval: 1m
@@ -16,25 +16,36 @@
{% include 'roles/docker-container/templates/networks.yml.j2' %}
ipv4_address: 192.168.102.69
{% if nextcloud_talk_enabled %}
{% if NEXTCLOUD_TALK_ENABLED %}
talk:
{% include 'roles/docker-container/templates/base.yml.j2' %}
image: "{{ nextcloud_talk_image }}:{{ nextcloud_talk_version }}"
container_name: {{ nextcloud_talk_name }}
hostname: hpb_yt
image: "{{ NEXTCLOUD_TALK_IMAGE }}:{{ NEXTCLOUD_TALK_VERSION }}"
container_name: {{ NEXTCLOUD_TALK_CONTAINER }}
init: true
ports:
- {{ networks.internet.ip4 }}:{{ nextcloud_talk_stun_port }}:3478/tcp #TURN TCP
- {{ networks.internet.ip4 }}:{{ nextcloud_talk_stun_port }}:3478/udp #TURN UDP
- {{ networks.internet.ip4 }}:8181:8081/tcp #Signaling @todo needs to be optimized
- {{ networks.internet.ip4 }}:{{ NEXTCLOUD_TALK_STUN_PORT }}:3478/tcp #TURN TCP
- {{ networks.internet.ip4 }}:{{ NEXTCLOUD_TALK_STUN_PORT }}:3478/udp #TURN UDP
- {{ networks.internet.ip4 }}:{{ NEXTCLOUD_TALK_WS_PORT }}:8081/tcp
networks:
default:
ipv4_address: 192.168.102.68
{% endif %}
{% if NEXTCLOUD_WHITEBOARD_ENABLED %}
whiteboard:
{% include 'roles/docker-container/templates/base.yml.j2' %}
image: "{{ NEXTCLOUD_WHITEBOARD_IMAGE }}:{{ NEXTCLOUD_WHITEBOARD_VERSION }}"
container_name: {{ NEXTCLOUD_WHITEBOARD_CONTAINER }}
expose:
- "{{ NEXTCLOUD_WHITEBOARD_INTERNAL_PORT }}"
networks:
default:
ipv4_address: 192.168.102.71
{% endif %}
proxy:
image: "{{ nextcloud_proxy_image }}:{{ nextcloud_proxy_version }}"
container_name: "{{ nextcloud_proxy_name }}"
image: "{{ NEXTCLOUD_PROXY_IMAGE }}:{{ NEXTCLOUD_PROXY_VERSION }}"
container_name: "{{ NEXTCLOUD_PROXY_CONTAINER }}"
logging:
driver: journald
restart: {{ DOCKER_RESTART_POLICY }}
@@ -51,8 +62,8 @@
ipv4_address: 192.168.102.67
cron:
container_name: "{{ nextcloud_cron_name }}"
image: "{{ nextcloud_image }}:{{ nextcloud_version }}"
container_name: "{{ NEXTCLOUD_CRON_CONTAINER }}"
image: "{{ NEXTCLOUD_IMAGE }}:{{ NEXTCLOUD_VERSION }}"
restart: {{ DOCKER_RESTART_POLICY }}
logging:
driver: journald
@@ -70,6 +81,6 @@
{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
data:
name: {{ nextcloud_volume }}
name: {{ NEXTCLOUD_VOLUME }}
{% include 'roles/docker-compose/templates/networks.yml.j2' %}

30
roles/web-app-nextcloud/templates/env.j2
View File

@@ -8,9 +8,9 @@ MYSQL_PASSWORD= "{{ database_password }}"
MYSQL_HOST= "{{ database_host }}:{{ database_port }}"
# PHP
PHP_MEMORY_LIMIT= "{{applications | get_app_conf(application_id, 'performance.php.memory_limit')}}"
PHP_UPLOAD_LIMIT= "{{applications | get_app_conf(application_id, 'performance.php.upload_limit')}}"
PHP_OPCACHE_MEMORY_CONSUMPTION= "{{applications | get_app_conf(application_id, 'performance.php.opcache_memory_consumption')}}"
PHP_MEMORY_LIMIT= "{{ applications | get_app_conf(application_id, 'performance.php.memory_limit') }}"
PHP_UPLOAD_LIMIT= "{{ applications | get_app_conf(application_id, 'performance.php.upload_limit') }}"
PHP_OPCACHE_MEMORY_CONSUMPTION= "{{ applications | get_app_conf(application_id, 'performance.php.opcache_memory_consumption') }}"
# Email Configuration
SMTP_HOST= {{ SYSTEM_EMAIL.HOST }}
@@ -24,30 +24,38 @@ MAIL_FROM_ADDRESS= "{{ users['no-reply'].username }}"
MAIL_DOMAIN= "{{ SYSTEM_EMAIL.DOMAIN }}"
# Initial Admin Data
NEXTCLOUD_ADMIN_USER= "{{applications | get_app_conf(application_id, 'users.administrator.username')}}"
NEXTCLOUD_ADMIN_PASSWORD= "{{applications | get_app_conf(application_id, 'credentials.administrator_password')}}"
NEXTCLOUD_ADMIN_USER= "{{ NEXTCLOUD_ADMINISTRATOR_USER }}"
NEXTCLOUD_ADMIN_PASSWORD= "{{ NEXTCLOUD_ADMINISTRATOR_PASSWORD }}"
# Security
NEXTCLOUD_TRUSTED_DOMAINS= "{{ domains[application_id] | select | join(',') }}"
NEXTCLOUD_TRUSTED_DOMAINS= "{{ NEXTCLOUD_DOMAIN }}"
# Whitelist local docker gateway in Nextcloud to prevent brute-force throtteling
TRUSTED_PROXIES= "{{ networks.internet.values() | select | join(',') }}"
OVERWRITECLIURL= "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
OVERWRITEPROTOCOL= "https"
OVERWRITECLIURL= "{{ NEXTCLOUD_URL }}"
OVERWRITEPROTOCOL= "{{ WEB_PROTOCOL }}"
# Redis Configuration
REDIS_HOST= redis
REDIS_PORT= 6379
{% if nextcloud_talk_enabled %}
{% if NEXTCLOUD_TALK_ENABLED %}
# Talk Configuration
# This code was just moved here during refactoring and isn't tested yet.
# @todo move it to an own env file for encapsulation reasons
NC_DOMAIN=cloud.yourdomain.tld
TALK_HOST=signaling.yourdomain.tld
NC_DOMAIN={{ NEXTCLOUD_DOMAIN }}
TALK_HOST={{ NEXTCLOUD_TALK_DOMAIN }}
TURN_SECRET=${TURN_SECRET}
SIGNALING_SECRET=${SIGNALING_SECRET}
TZ=Europe/Berlin
TALK_PORT=3478
INTERNAL_SECRET=${INTERNAL_SECRET}
{% endif %}
{% if NEXTCLOUD_WHITEBOARD_ENABLED %}
# @todo move it to an own env file for encapsuling reasons
NEXTCLOUD_URL= "{{ NEXTCLOUD_URL }}"
JWT_SECRET_KEY= "{{ NEXTCLOUD_WHITEBOARD_JWT }}"
STORAGE_STRATEGY=redis
REDIS_URL=redis://redis:6379/0
{% endif %}

2
roles/web-app-nextcloud/templates/include.php.j2
View File

@@ -3,7 +3,7 @@
$CONFIG_EXTRA = [];
foreach (glob("{% endraw %}{{ nextcloud_docker_config_additives_directory }}{% raw %}*.php") as $file) {
foreach (glob("{% endraw %}{{ NEXTCLOUD_DOCKER_CONF_ADD_PATH }}{% raw %}*.php") as $file) {
$CONFIG_EXTRA = array_merge($CONFIG_EXTRA, include $file);
}

10
roles/web-app-nextcloud/templates/nginx/docker.conf.j2
View File

@@ -179,5 +179,15 @@ http {
location / {
try_files $uri $uri/ /index.php$request_uri;
}
location {{ NEXTCLOUD_WHITEBOARD_LOCATION }} {
proxy_pass http://whiteboard:{{ NEXTCLOUD_WHITEBOARD_INTERNAL_PORT }}/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 3600;
}
}
}

132
roles/web-app-nextcloud/vars/main.yml
View File

@@ -1,72 +1,88 @@
---
# General
application_id: "web-app-nextcloud" # Application identifier
container_port: 80
# Networking
domain: "{{ domains | get_domain(application_id) }}" # Public domain at which Nextcloud will be accessable
http_port: "{{ ports.localhost.http[application_id] }}" # Port at which nextcloud is reachable in the local network
application_id: "web-app-nextcloud" # Application identifier
container_port: 80
# Database
database_password: "{{ applications | get_app_conf(application_id, 'credentials.database_password', True)}}"
database_type: "mariadb" # Database flavor
database_password: "{{ applications | get_app_conf(application_id, 'credentials.database_password') }}"
database_type: "mariadb" # Database flavor
nextcloud_plugins_enabled: "{{ applications | get_app_conf(application_id, 'plugins_enabled') }}"
nextcloud_administrator_username: "{{ applications | get_app_conf(application_id, 'users.administrator.username') }}"
# Nextcloud
## General
NEXTCLOUD_DOMAIN: "{{ domains | get_domain(application_id) }}"
NEXTCLOUD_PORT: "{{ ports.localhost.http[application_id] }}"
NEXTCLOUD_URL: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
# Control Node
nextcloud_control_node_plugin_vars_directory: "{{role_path}}/vars/plugins/" # Folder in which the files for the plugin configuration are stored
nextcloud_control_node_plugin_tasks_directory: "{{role_path}}/tasks/plugins/" # Folder which contains the files for extra plugin configuration tasks
NEXTCLOUD_PLUGINS_ENABLED: "{{ applications | get_app_conf(application_id, 'plugins_enabled') }}"
NEXTCLOUD_ADMINISTRATOR_USERNAME: "{{ applications | get_app_conf(application_id, 'users.administrator.username') }}"
# Host
## Plugins
NEXTCLOUD_PLUGIN_ITEMS: "{{ applications | get_app_conf(application_id, 'plugins') | dict2items }}"
## Host Paths
nextcloud_host_config_additives_directory: "{{ docker_compose.directories.volumes }}infinito/" # This folder is the path to which the additive configurations will be copied
nextcloud_host_include_instructions_file: "{{ docker_compose.directories.volumes }}includes.php" # Path to the instruction file on the host. Responsible for loading the additional configurations
nextcloud_host_nginx_path: "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}{{ domains | get_domain(application_id) }}.conf" # Nginx path for proxy conf
## Paths
# Docker
### Host
NEXTCLOUD_HOST_CONF_ADD_PATH: "{{ [ docker_compose.directories.volumes, 'infinito' ] | path_join }}" # This folder is the path to which the additive configurations will be copied
NEXTCLOUD_HOST_INCL_PATH: "{{ [ docker_compose.directories.volumes, 'includes.php' ] | path_join }}" # Path to the instruction file on the host. Responsible for loading the additional configurations
NEXTCLOUD_HOST_NGINX_PATH: "{{ [ NGINX.DIRECTORIES.HTTP.SERVERS, NEXTCLOUD_DOMAIN ~ '.conf' ] | path_join }}" # Nginx path for proxy conf
nextcloud_volume: "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
nextcloud_version: "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.version') }}"
nextcloud_image: "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.image') }}"
NEXTCLOUD_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.name') }}"
nextcloud_proxy_name: "{{ applications | get_app_conf(application_id, 'docker.services.proxy.name') }}"
nextcloud_proxy_image: "{{ applications | get_app_conf(application_id, 'docker.services.proxy.image') }}"
nextcloud_proxy_version: "{{ applications | get_app_conf(application_id, 'docker.services.proxy.version') }}"
nextcloud_cron_name: "{{ applications | get_app_conf(application_id, 'docker.services.cron.name') }}"
# Plugins
## Talk
nextcloud_talk_name: "{{ applications | get_app_conf(application_id, 'docker.services.talk.name') }}"
nextcloud_talk_image: "{{ applications | get_app_conf(application_id, 'docker.services.talk.image') }}"
nextcloud_talk_version: "{{ applications | get_app_conf(application_id, 'docker.services.talk.version') }}"
nextcloud_talk_enabled: "{{ applications | is_docker_service_enabled(application_id, 'talk') }}"
nextcloud_talk_stun_port: "{{ ports.public.stun[application_id] }}"
# nextcloud_talk_domain: "{{ domains[application_id].talk }}"
# Collabora
#nextcloud_collabora_name: "{{ applications | get_app_conf(application_id, 'docker.services.collabora.name') }}"
NEXTCLOUD_COLLABORA_URL: "{{ domains | get_url('web-svc-collabora', WEB_PROTOCOL) }}"
#NEXTCLOUD_COLLABORA_DOMAIN: "{{ domains | get_domain('web-svc-collabora') }}"
NEXTCLOUD_COLLABORA_ENABLED: "{{ applications | get_app_conf(application_id, 'plugins.richdocuments.enabled') }}"
## User Configuration
NEXTCLOUD_DOCKER_USER_id: 82 # UID of the www-data user
NEXTCLOUD_DOCKER_USER: "www-data" # Name of the www-data user (Set here to easy change it in the future)
## Control Node
NEXTCLOUD_CNODE_PLUGIN_VARS_PATH: "{{ [role_path, 'vars/plugins/'] | path_join }}" # Folder in which the files for the plugin configuration are stored
NEXTCLOUD_CNODE_PLUGIN_TASKS_PATH: "{{ [role_path, 'tasks/plugins/'] | path_join }}" # Folder which contains the files for extra plugin configuration tasks
## Internal Paths
NEXTCLOUD_DOCKER_WORK_DIRECTORY: "/var/www/html/" # Name of the workdir in which the application is stored
NEXTCLOUD_DOCKER_CONFIG_DIRECTORY: "{{ NEXTCLOUD_DOCKER_WORK_DIRECTORY }}config/" # Folder in which the Nextcloud configurations are stored
nextcloud_docker_config_file: "{{ NEXTCLOUD_DOCKER_CONFIG_DIRECTORY }}config.php" # Path to the Nextcloud configuration file
nextcloud_docker_config_additives_directory: "{{ NEXTCLOUD_DOCKER_CONFIG_DIRECTORY }}infinito/" # Path to the folder which contains additional configurations
nextcloud_docker_include_instructions_file: "/tmp/includes.php" # Path to the temporary file which will be included to the config.php to load the additional configurations
NEXTCLOUD_DOCKER_WORK_DIRECTORY: "/var/www/html/" # Name of the workdir in which the application is stored
NEXTCLOUD_DOCKER_CONF_DIRECTORY: "{{ NEXTCLOUD_DOCKER_WORK_DIRECTORY }}config/" # Folder in which the Nextcloud configurations are stored
NEXTCLOUD_DOCKER_CONFIG_FILE: "{{ NEXTCLOUD_DOCKER_CONF_DIRECTORY }}config.php" # Path to the Nextcloud configuration file
NEXTCLOUD_DOCKER_CONF_ADD_PATH: "{{ NEXTCLOUD_DOCKER_CONF_DIRECTORY }}infinito/" # Path to the folder which contains additional configurations
NEXTCLOUD_DOCKER_INCL_PATH: "/tmp/includes.php" # Path to the temporary file which will be included to the config.php to load the additional configurations
## Administrator
NEXTCLOUD_ADMINISTRATOR_USER: "{{ applications | get_app_conf(application_id, 'users.administrator.username') }}"
NEXTCLOUD_ADMINISTRATOR_PASSWORD: "{{ applications | get_app_conf(application_id, 'credentials.administrator_password') }}"
## Docker
### Base
NEXTCLOUD_VOLUME: "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
NEXTCLOUD_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.version') }}"
NEXTCLOUD_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.image') }}"
NEXTCLOUD_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.name') }}"
### Proxy
NEXTCLOUD_PROXY_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.proxy.name') }}"
NEXTCLOUD_PROXY_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.proxy.image') }}"
NEXTCLOUD_PROXY_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.proxy.version') }}"
### Cron
NEXTCLOUD_CRON_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.cron.name') }}"
### Talk
NEXTCLOUD_TALK_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.talk.name') }}"
NEXTCLOUD_TALK_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.talk.image') }}"
NEXTCLOUD_TALK_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.talk.version') }}"
NEXTCLOUD_TALK_ENABLED: "{{ applications | get_app_conf(application_id, 'plugins.spreed.enabled') }}"
NEXTCLOUD_TALK_STUN_PORT: "{{ ports.public.stun[application_id] }}"
NEXTCLOUD_TALK_WS_PORT: "{{ ports.localhost.websocket[application_id] }}"
NEXTCLOUD_TALK_DOMAIN: "{{ domains[application_id].talk }}"
NEXTCLOUD_WHITEBOARD_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.whiteboard.name') }}"
NEXTCLOUD_WHITEBOARD_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.whiteboard.image') }}"
NEXTCLOUD_WHITEBOARD_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.whiteboard.version') }}"
NEXTCLOUD_WHITEBOARD_ENABLED: "{{ applications | get_app_conf(application_id, 'plugins.whiteboard.enabled') }}"
NEXTCLOUD_WHITEBOARD_INTERNAL_PORT: "3002"
NEXTCLOUD_WHITEBOARD_JWT: "{{ applications | get_app_conf(application_id, 'credentials.whiteboard_jwt_secret') }}"
NEXTCLOUD_WHITEBOARD_LOCATION: "/whiteboard/"
NEXTCLOUD_WHITEBOARD_URL: "{{ [ NEXTCLOUD_URL, NEXTCLOUD_WHITEBOARD_LOCATION ] | url_join }}"
### Collabora
NEXTCLOUD_COLLABORA_URL: "{{ domains | get_url('web-svc-collabora', WEB_PROTOCOL) }}"
# NEXTCLOUD_COLLABORA_ENABLED: "{{ applications | get_app_conf(application_id, 'plugins.richdocuments.enabled') }}"
## User Configuration
NEXTCLOUD_DOCKER_USER_id: 82 # UID of the www-data user
NEXTCLOUD_DOCKER_USER: "www-data" # Name of the www-data user (Set here to easy change it in the future)
## Execution
NEXTCLOUD_DOCKER_EXEC: "docker exec -u {{ NEXTCLOUD_DOCKER_USER }} {{ NEXTCLOUD_CONTAINER }}" # General execute composition
NEXTCLOUD_DOCKER_EXEC_OCC: "{{NEXTCLOUD_DOCKER_EXEC}} {{ NEXTCLOUD_DOCKER_WORK_DIRECTORY }}occ" # Execute docker occ command
# NEXTCLOUD_COLLOBORA_CONF_EXEC: "docker exec {{ applications | get_app_conf('web-svc-collabora', 'docker.services.collabora.name') }} coolconfig"
NEXTCLOUD_DOCKER_EXEC: "docker exec -u {{ NEXTCLOUD_DOCKER_USER }} {{ NEXTCLOUD_CONTAINER }}" # General execute composition
NEXTCLOUD_DOCKER_EXEC_OCC: "{{NEXTCLOUD_DOCKER_EXEC}} {{ NEXTCLOUD_DOCKER_WORK_DIRECTORY }}occ" # Execute docker occ command

2
roles/web-app-nextcloud/vars/plugins/user_ldap.yml
View File

@@ -181,4 +181,4 @@ plugin_configuration:
-
appid: "user_ldap"
configkey: "s01ldap_expert_username_attr"
configvalue: "{{LDAP.USER.ATTRIBUTES.ID}}"
configvalue: "{{ LDAP.USER.ATTRIBUTES.ID }}"

4
roles/web-app-nextcloud/vars/system.yml
View File

@@ -15,7 +15,7 @@ nextcloud_system_config:
value: "{{ HOST_LL | upper }}"
- parameter: "trusted_domains 0"
value: "{{ domains | get_domain(application_id) }}"
value: "{{ NEXTCLOUD_DOMAIN }}"
- parameter: "overwrite.cli.url"
value: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
value: "{{ NEXTCLOUD_URL }}"

2
roles/web-app-oauth2-proxy/tasks/main.yml
View File

@@ -8,6 +8,6 @@
- name: "Transfering oauth2-proxy-keycloak.cfg.j2 to {{( application_id | get_docker_paths(PATH_DOCKER_COMPOSE_INSTANCES) ).directories.volumes }}"
template:
src: "{{ playbook_dir }}/roles/web-app-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2"
dest: "{{( application_id | get_docker_paths(PATH_DOCKER_COMPOSE_INSTANCES) ).directories.volumes }}{{applications | get_app_conf('web-app-oauth2-proxy','configuration_file')}}"
dest: "{{( application_id | get_docker_paths(PATH_DOCKER_COMPOSE_INSTANCES) ).directories.volumes }}{{ applications | get_app_conf('web-app-oauth2-proxy','configuration_file') }}"
notify:
- docker compose up

4
roles/web-app-oauth2-proxy/templates/container.yml.j2
View File

@@ -1,11 +1,11 @@
{% if applications | get_app_conf(application_id, 'features.oauth2', False) %}
oauth2-proxy:
image: quay.io/oauth2-proxy/oauth2-proxy:{{applications['web-app-oauth2-proxy'].version}}
image: quay.io/oauth2-proxy/oauth2-proxy:{{ applications['web-app-oauth2-proxy'].version}}
restart: {{ DOCKER_RESTART_POLICY }}
command: --config /oauth2-proxy.cfg
hostname: oauth2-proxy
ports:
- {{ ports.localhost.oauth2_proxy[application_id] }}:4180/tcp
volumes:
- "{{ docker_compose.directories.volumes }}{{applications | get_app_conf('web-app-oauth2-proxy','configuration_file')}}:/oauth2-proxy.cfg"
- "{{ docker_compose.directories.volumes }}{{ applications | get_app_conf('web-app-oauth2-proxy','configuration_file')}}:/oauth2-proxy.cfg"
{% endif %}

2
roles/web-app-peertube/templates/env.j2
View File

@@ -11,7 +11,7 @@ PEERTUBE_DB_HOSTNAME={{ database_host }}
PEERTUBE_WEBSERVER_HOSTNAME={{ domains | get_domain(application_id) }}
PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback"]
PEERTUBE_SECRET={{applications | get_app_conf(application_id, 'credentials.secret', True)}}
PEERTUBE_SECRET={{ applications | get_app_conf(application_id, 'credentials.secret', True)}}
# E-mail configuration
PEERTUBE_SMTP_USERNAME={{ users['no-reply'].email }}

2
roles/web-app-pgadmin/templates/docker-compose.yml.j2
View File

@@ -2,7 +2,7 @@
application:
{% set container_port = 80 %}
image: dpage/pgadmin4:{{applications | get_app_conf(application_id, 'version', True)}}
image: dpage/pgadmin4:{{ applications | get_app_conf(application_id, 'version', True)}}
container_name: pgadmin
{% include 'roles/docker-container/templates/base.yml.j2' %}
ports:

2
roles/web-app-phpldapadmin/templates/docker-compose.yml.j2
View File

@@ -2,7 +2,7 @@
application:
container_name: {{ application_id }}
image: leenooks/phpldapadmin:{{applications | get_app_conf(application_id, 'version', True)}}
image: leenooks/phpldapadmin:{{ applications | get_app_conf(application_id, 'version', True)}}
ports:
- 127.0.0.1:{{ ports.localhost.http[application_id] }}:8080
{% include 'roles/docker-container/templates/base.yml.j2' %}

2
roles/web-app-phpmyadmin/vars/main.yml
View File

@@ -1,6 +1,6 @@
application_id: "web-app-phpmyadmin"
database_type: "mariadb"
database_host: "{{ applications | get_app_conf('svc-db-mariadb', 'docker.services.mariadb.name', True) if applications | get_app_conf(application_id, 'features.central_database', False)}}"
database_host: "{{ applications | get_app_conf('svc-db-mariadb', 'docker.services.mariadb.name', True) if applications | get_app_conf(application_id, 'features.central_database', False) }}"
phpmyadmin_version: "{{ applications | get_app_conf(application_id, 'docker.services.phpmyadmin.version', True) }}"
phpmyadmin_image: "{{ applications | get_app_conf(application_id, 'docker.services.phpmyadmin.image', True) }}"
phpmyadmin_container: "{{ applications | get_app_conf(application_id, 'docker.services.phpmyadmin.name', True) }}"

2
roles/web-app-pixelfed/templates/env.j2
View File

@@ -1,5 +1,5 @@
## Crypto
APP_KEY={{applications | get_app_conf(application_id, 'credentials.app_key', True)}}
APP_KEY={{ applications | get_app_conf(application_id, 'credentials.app_key', True)}}
## General Settings
APP_NAME="{{ PIXELFED_TITEL }}"

2
roles/web-app-yourls/templates/env.j2
View File

@@ -6,4 +6,4 @@ YOURLS_SITE: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
YOURLS_USER: "{{ YOURLS_USER }}"
YOURLS_PASS: "{{ YOURLS_PASSWORD }}"
# The following deactivates the login mask for admins, if the oauth2 proxy is activated
YOURLS_PRIVATE: "{{not (applications | get_app_conf(application_id, 'features.oauth2', False))}}"
YOURLS_PRIVATE: "{{not (applications | get_app_conf(application_id, 'features.oauth2', False)) }}"