diff --git a/group_vars/all/09_ports.yml b/group_vars/all/09_ports.yml index 9426ddb2..d4fc4e2f 100644 --- a/group_vars/all/09_ports.yml +++ b/group_vars/all/09_ports.yml @@ -2,12 +2,13 @@ ports: # Ports which are exposed to localhost localhost: database: - svc-db-postgres: 5432 - svc-db-mariadb: 3306 + svc-db-postgres: 5432 + svc-db-mariadb: 3306 # https://developer.mozilla.org/de/docs/Web/API/WebSockets_API websocket: - web-app-mastodon: 4001 - web-app-espocrm: 4002 + web-app-mastodon: 4001 + web-app-espocrm: 4002 + web-app-nextcloud: 4003 oauth2_proxy: web-app-phpmyadmin: 4181 web-app-lam: 4182 @@ -23,10 +24,11 @@ ports: http: # Ports which are exposed to the World Wide Web web-app-nextcloud: 8001 + # web-app-nextcloud_talk: 8005 + # web-app-nextcloud_whiteboard: 8015 web-app-gitea: 8002 web-app-wordpress: 8003 web-app-mediawiki: 8004 - # Free: 8005 web-app-yourls: 8006 web-app-mailu: 8007 web-app-elk: 8008 @@ -36,7 +38,6 @@ ports: web-app-funkwhale: 8012 web-app-roulette-wheel: 8013 web-app-joomla: 8014 - # Free: 8015 web-app-pgadmin: 8016 web-app-baserow: 8017 web-app-matomo: 8018 diff --git a/roles/sys-ctl-hlth-webserver/templates/script.py.j2 b/roles/sys-ctl-hlth-webserver/templates/script.py.j2 index 7b570446..9a3a3825 100644 --- a/roles/sys-ctl-hlth-webserver/templates/script.py.j2 +++ b/roles/sys-ctl-hlth-webserver/templates/script.py.j2 @@ -43,7 +43,7 @@ for filename in os.listdir(config_path): url = f"{{ WEB_PROTOCOL }}://{domain}" redirected_domains = [domain['source'] for domain in {{ redirect_domain_mappings }}] - redirected_domains.append("{{domains | get_domain('web-app-mailu')}}") + redirected_domains.append("{{domains | get_domain('web-app-mailu') }}") expected_statuses = get_expected_statuses(domain, parts, redirected_domains) diff --git a/roles/sys-svc-rdbms/templates/services/postgres.yml.j2 b/roles/sys-svc-rdbms/templates/services/postgres.yml.j2 index 2c283572..efd81466 100644 --- a/roles/sys-svc-rdbms/templates/services/postgres.yml.j2 +++ b/roles/sys-svc-rdbms/templates/services/postgres.yml.j2 @@ -2,7 +2,7 @@ {% if not applications | get_app_conf(application_id, 'features.central_database', False) %} {{ database_host }}: - image: postgres:{{applications['svc-db-postgres'].version}}-alpine + image: postgres:{{ applications['svc-db-postgres'].version}}-alpine container_name: {{ application_id | get_entity_name }}-database env_file: - {{database_env}} diff --git a/roles/web-app-bluesky/schema/main.yml b/roles/web-app-bluesky/schema/main.yml index 1198e498..adf84572 100644 --- a/roles/web-app-bluesky/schema/main.yml +++ b/roles/web-app-bluesky/schema/main.yml @@ -1,8 +1,8 @@ credentials: jwt_secret: - description: "Secret used for JWT signing (base64, 64 bytes)" - algorithm: "plain" - validation: "^[A-Za-z0-9+/=]{86,}$" # 64 bytes base64 = ~86 characters without newline + description: "Secret used for JWT signing" + algorithm: "base64_prefixed_32" + validation: "^base64:[A-Za-z0-9+/]{43}=$" plc_rotation_key_k256_private_key_hex: description: "PLC rotation key in hex format (32 bytes)" algorithm: "sha256" diff --git a/roles/web-app-bluesky/templates/env.j2 b/roles/web-app-bluesky/templates/env.j2 index 1875844f..8ae049cb 100644 --- a/roles/web-app-bluesky/templates/env.j2 +++ b/roles/web-app-bluesky/templates/env.j2 @@ -1,5 +1,5 @@ PDS_HOSTNAME="{{domains[application_id].api}}" -PDS_ADMIN_EMAIL="{{applications.bluesky.users.administrator.email}}" +PDS_ADMIN_EMAIL="{{ applications.bluesky.users.administrator.email}}" PDS_SERVICE_DID="did:web:{{domains[application_id].api}}" # See https://mattdyson.org/blog/2024/11/self-hosting-bluesky-pds/ diff --git a/roles/web-app-funkwhale/templates/env.j2 b/roles/web-app-funkwhale/templates/env.j2 index 5bd093d0..5251e6e6 100644 --- a/roles/web-app-funkwhale/templates/env.j2 +++ b/roles/web-app-funkwhale/templates/env.j2 @@ -97,7 +97,7 @@ STATIC_ROOT={{funkwhale_static_root}} DJANGO_SETTINGS_MODULE=config.settings.production # Generate one using `openssl rand -base64 45`, for example -DJANGO_SECRET_KEY={{applications | get_app_conf(application_id, 'credentials.django_secret', True)}} +DJANGO_SECRET_KEY={{ applications | get_app_conf(application_id, 'credentials.django_secret', True)}} {% if applications | get_app_conf(application_id, 'features.ldap', False) %} # LDAP settings diff --git a/roles/web-app-keycloak/templates/import/scopes/nextcloud.json.j2 b/roles/web-app-keycloak/templates/import/scopes/nextcloud.json.j2 index 2a83c5a4..fe78cbd8 100644 --- a/roles/web-app-keycloak/templates/import/scopes/nextcloud.json.j2 +++ b/roles/web-app-keycloak/templates/import/scopes/nextcloud.json.j2 @@ -41,7 +41,7 @@ "id.token.claim": "true", "lightweight.claim": "false", "access.token.claim": "true", - "claim.name": "{{LDAP.USER.ATTRIBUTES.ID}}", + "claim.name": "{{ LDAP.USER.ATTRIBUTES.ID }}", "jsonType.label": "String" } } diff --git a/roles/web-app-matrix/tasks/01_docker.yml b/roles/web-app-matrix/tasks/01_docker.yml index 497ed7f9..2e3f3b91 100644 --- a/roles/web-app-matrix/tasks/01_docker.yml +++ b/roles/web-app-matrix/tasks/01_docker.yml @@ -112,7 +112,7 @@ - name: create chatgpt bot command: - cmd: docker compose exec -it synapse register_new_matrix_user -u chatgptbot -p {{applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_user_password', True)}} -a -c {{ MATRIX_SYNAPSE_CONFIG_PATH_CONTAINER }} http://localhost:8008 + cmd: docker compose exec -it synapse register_new_matrix_user -u chatgptbot -p {{ applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_user_password', True)}} -a -c {{ MATRIX_SYNAPSE_CONFIG_PATH_CONTAINER }} http://localhost:8008 chdir: "{{ docker_compose.directories.instance }}" ignore_errors: true when: applications | get_app_conf(application_id, 'setup', True) | bool diff --git a/roles/web-app-matrix/templates/docker-compose.yml.j2 b/roles/web-app-matrix/templates/docker-compose.yml.j2 index 090b357c..ada127c5 100644 --- a/roles/web-app-matrix/templates/docker-compose.yml.j2 +++ b/roles/web-app-matrix/templates/docker-compose.yml.j2 @@ -62,7 +62,7 @@ volumes: - chatgpt_data:/storage environment: - OPENAI_API_KEY: '{{applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_openai_api_key', True)}}' + OPENAI_API_KEY: '{{ applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_openai_api_key', True)}}' # Uncomment the next two lines if you are using Azure OpenAI API # OPENAI_AZURE: 'false' # CHATGPT_REVERSE_PROXY: 'your-completion-endpoint-here' diff --git a/roles/web-app-matrix/templates/mautrix/facebook.config.yml.j2 b/roles/web-app-matrix/templates/mautrix/facebook.config.yml.j2 index 1e68cfb3..9d66b56e 100644 --- a/roles/web-app-matrix/templates/mautrix/facebook.config.yml.j2 +++ b/roles/web-app-matrix/templates/mautrix/facebook.config.yml.j2 @@ -39,7 +39,7 @@ appservice: # Format examples: # SQLite: sqlite:filename.db # Postgres: postgres://username:password@hostname/dbname - database: postgres://mautrix_facebook_bridge:{{applications | get_app_conf(application_id, 'credentials.mautrix_facebook_bridge_database_password', True)}}@{{ database_host }}/mautrix_facebook_bridge + database: postgres://mautrix_facebook_bridge:{{ applications | get_app_conf(application_id, 'credentials.mautrix_facebook_bridge_database_password', True)}}@{{ database_host }}/mautrix_facebook_bridge # Additional arguments for asyncpg.create_pool() or sqlite3.connect() # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool # https://docs.python.org/3/library/sqlite3.html#sqlite3.connect diff --git a/roles/web-app-matrix/templates/mautrix/instagram.config.yml.j2 b/roles/web-app-matrix/templates/mautrix/instagram.config.yml.j2 index 1a4380c1..ccf396d2 100644 --- a/roles/web-app-matrix/templates/mautrix/instagram.config.yml.j2 +++ b/roles/web-app-matrix/templates/mautrix/instagram.config.yml.j2 @@ -42,7 +42,7 @@ appservice: # Format examples: # SQLite: sqlite:filename.db # Postgres: postgres://username:password@hostname/dbname - database: postgres://mautrix_instagram_bridge:{{applications | get_app_conf(application_id, 'credentials.mautrix_instagram_bridge_database_password', True)}}@{{ database_host }}/mautrix_instagram_bridge + database: postgres://mautrix_instagram_bridge:{{ applications | get_app_conf(application_id, 'credentials.mautrix_instagram_bridge_database_password', True)}}@{{ database_host }}/mautrix_instagram_bridge # Additional arguments for asyncpg.create_pool() or sqlite3.connect() # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool # https://docs.python.org/3/library/sqlite3.html#sqlite3.connect diff --git a/roles/web-app-matrix/templates/mautrix/signal.config.yml.j2 b/roles/web-app-matrix/templates/mautrix/signal.config.yml.j2 index 41a8a289..35d4c729 100644 --- a/roles/web-app-matrix/templates/mautrix/signal.config.yml.j2 +++ b/roles/web-app-matrix/templates/mautrix/signal.config.yml.j2 @@ -43,7 +43,7 @@ appservice: # https://github.com/mattn/go-sqlite3#connection-string # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable # To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql - uri: postgres://mautrix_signal_bridge:{{applications | get_app_conf(application_id, 'credentials.mautrix_signal_bridge_database_password', True)}}@{{ database_host }}/mautrix_signal_bridge?sslmode=disable + uri: postgres://mautrix_signal_bridge:{{ applications | get_app_conf(application_id, 'credentials.mautrix_signal_bridge_database_password', True)}}@{{ database_host }}/mautrix_signal_bridge?sslmode=disable # Maximum number of connections. Mostly relevant for Postgres. max_open_conns: 20 max_idle_conns: 2 diff --git a/roles/web-app-matrix/templates/mautrix/slack.config.yml.j2 b/roles/web-app-matrix/templates/mautrix/slack.config.yml.j2 index 9d10c2c8..bda3c656 100644 --- a/roles/web-app-matrix/templates/mautrix/slack.config.yml.j2 +++ b/roles/web-app-matrix/templates/mautrix/slack.config.yml.j2 @@ -43,7 +43,7 @@ appservice: # https://github.com/mattn/go-sqlite3#connection-string # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable # To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql - uri: postgres://mautrix_slack_bridge:{{applications | get_app_conf(application_id, 'credentials.mautrix_slack_bridge_database_password', True)}}@{{ database_host }}/mautrix_slack_bridge?sslmode=disable + uri: postgres://mautrix_slack_bridge:{{ applications | get_app_conf(application_id, 'credentials.mautrix_slack_bridge_database_password', True)}}@{{ database_host }}/mautrix_slack_bridge?sslmode=disable # Maximum number of connections. Mostly relevant for Postgres. max_open_conns: 20 max_idle_conns: 2 diff --git a/roles/web-app-matrix/templates/mautrix/telegram.config.yml.j2 b/roles/web-app-matrix/templates/mautrix/telegram.config.yml.j2 index 1b687e79..afb95692 100644 --- a/roles/web-app-matrix/templates/mautrix/telegram.config.yml.j2 +++ b/roles/web-app-matrix/templates/mautrix/telegram.config.yml.j2 @@ -42,7 +42,7 @@ appservice: # Format examples: # SQLite: sqlite:filename.db # Postgres: postgres://username:password@hostname/dbname - database: postgres://mautrix_telegram_bridge:{{applications | get_app_conf(application_id, 'credentials.mautrix_telegram_bridge_database_password', True)}}@{{ database_host }}/mautrix_telegram_bridge + database: postgres://mautrix_telegram_bridge:{{ applications | get_app_conf(application_id, 'credentials.mautrix_telegram_bridge_database_password', True)}}@{{ database_host }}/mautrix_telegram_bridge # Additional arguments for asyncpg.create_pool() or sqlite3.connect() # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool # https://docs.python.org/3/library/sqlite3.html#sqlite3.connect @@ -564,8 +564,8 @@ bridge: # Telegram config telegram: # Get your own API keys at https://my.telegram.org/apps - api_id: {{applications | get_app_conf(application_id, 'credentials.mautrix_telgegram_bridge_api_id', True)}} - api_hash: {{applications | get_app_conf(application_id, 'credentials.mautrix_telgegram_bridge_api_pin', True)}} + api_id: {{ applications | get_app_conf(application_id, 'credentials.mautrix_telgegram_bridge_api_id', True)}} + api_hash: {{ applications | get_app_conf(application_id, 'credentials.mautrix_telgegram_bridge_api_pin', True)}} # (Optional) Create your own bot at https://t.me/BotFather bot_token: disabled diff --git a/roles/web-app-matrix/templates/mautrix/whatsapp.config.yml.j2 b/roles/web-app-matrix/templates/mautrix/whatsapp.config.yml.j2 index 8a84c309..4539d486 100644 --- a/roles/web-app-matrix/templates/mautrix/whatsapp.config.yml.j2 +++ b/roles/web-app-matrix/templates/mautrix/whatsapp.config.yml.j2 @@ -42,7 +42,7 @@ appservice: # https://github.com/mattn/go-sqlite3#connection-string # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable # To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql - uri: postgres://mautrix_whatsapp_bridge:{{applications | get_app_conf(application_id, 'credentials.mautrix_whatsapp_bridge_database_password', True)}}@{{ database_host }}/mautrix_whatsapp_bridge?sslmode=disable + uri: postgres://mautrix_whatsapp_bridge:{{ applications | get_app_conf(application_id, 'credentials.mautrix_whatsapp_bridge_database_password', True)}}@{{ database_host }}/mautrix_whatsapp_bridge?sslmode=disable # Maximum number of connections. Mostly relevant for Postgres. max_open_conns: 20 max_idle_conns: 2 diff --git a/roles/web-app-moodle/templates/env.j2 b/roles/web-app-moodle/templates/env.j2 index 826f5d18..afefd726 100644 --- a/roles/web-app-moodle/templates/env.j2 +++ b/roles/web-app-moodle/templates/env.j2 @@ -1,12 +1,12 @@ # General -MOODLE_SITE_NAME="{{applications | get_app_conf(application_id, 'site_titel', True)}}" +MOODLE_SITE_NAME="{{ applications | get_app_conf(application_id, 'site_titel', True) }}" MOODLE_HOST="{{ domains | get_domain(application_id) }}" MOODLE_SSLPROXY=yes MOODLE_REVERSE_PROXY=yes MOODLE_USERNAME={{ applications | get_app_conf(application_id, 'users.administrator.username') }} -MOODLE_PASSWORD={{applications | get_app_conf(application_id, 'credentials.user_password', True)}} -MOODLE_EMAIL={{applications | get_app_conf(application_id, 'users.administrator.email', True)}} +MOODLE_PASSWORD={{ applications | get_app_conf(application_id, 'credentials.user_password', True)}} +MOODLE_EMAIL={{ applications | get_app_conf(application_id, 'users.administrator.email', True)}} BITNAMI_DEBUG={% if MODE_DEBUG | bool %}true{% else %}false{% endif %} # Database diff --git a/roles/web-app-nextcloud/TODO.md b/roles/web-app-nextcloud/TODO.md deleted file mode 100644 index e40a987a..00000000 --- a/roles/web-app-nextcloud/TODO.md +++ /dev/null @@ -1,2 +0,0 @@ -# Todo -- Implement Collabora and Talk Supper . [See](https://www.youtube.com/watch?v=7cRmvTyt1ik) \ No newline at end of file diff --git a/roles/web-app-nextcloud/config/main.yml b/roles/web-app-nextcloud/config/main.yml index bcdb5721..1fee84f0 100644 --- a/roles/web-app-nextcloud/config/main.yml +++ b/roles/web-app-nextcloud/config/main.yml @@ -17,8 +17,9 @@ server: - "{{ WEBSOCKET_PROTOCOL }}://collabora.{{ PRIMARY_DOMAIN }}" domains: canonical: - - "cloud.{{ PRIMARY_DOMAIN }}" - # talk: "talk.{{ PRIMARY_DOMAIN }}" @todo needs to be activated + nextcloud: "cloud.{{ PRIMARY_DOMAIN }}" + talk: "talk.{{ PRIMARY_DOMAIN }}" + whiteboard: "whiteboard.{{ PRIMARY_DOMAIN }}" docker: volumes: data: nextcloud_data @@ -45,8 +46,14 @@ docker: name: "nextcloud-talk" image: "nextcloud/aio-talk" version: "latest" - enabled: false # Not enabled yet, because just implemented during refactoring and not tested yet. if tested activate -oidc: + backup: + no_stop_required: false + whiteboard: + name: "nextcloud-whiteboard" + image: "ghcr.io/nextcloud-releases/whiteboard" + version: "latest" + backup: + no_stop_required: true enabled: "{{ applications | get_app_conf('web-app-nextcloud', 'features.oidc', False, True) }}" # Activate OIDC for Nextcloud # floavor decides which OICD plugin should be used. # Available options: oidc_login, sociallogin @@ -72,7 +79,8 @@ performance: opcache_memory_consumption: "{{ ((ansible_memtotal_mb | int) / 30)|int }}M" # Dynamic set memory consumption plugins_enabled: true # Implemented for speeding up testing and debugging process. For productive environments keep it true and steer the apps via the plugins config - +oidc: + flavor: "{{ _applications_nextcloud_oidc_flavor }}" plugins: # List for Nextcloud Plugin Routine # Decides if plugins should be activated or deactivated diff --git a/roles/web-app-nextcloud/handlers/main.yml b/roles/web-app-nextcloud/handlers/main.yml index c86676bc..2b9c935f 100644 --- a/roles/web-app-nextcloud/handlers/main.yml +++ b/roles/web-app-nextcloud/handlers/main.yml @@ -1,6 +1,6 @@ --- - name: restart nextcloud nginx service command: - cmd: "docker exec {{ nextcloud_proxy_name }} nginx -s reload" + cmd: "docker exec {{ NEXTCLOUD_PROXY_CONTAINER }} nginx -s reload" listen: restart nextcloud nginx service ignore_errors: true # Ignoring if container is restarting diff --git a/roles/web-app-nextcloud/schema/main.yml b/roles/web-app-nextcloud/schema/main.yml index f769ba93..12a8735e 100644 --- a/roles/web-app-nextcloud/schema/main.yml +++ b/roles/web-app-nextcloud/schema/main.yml @@ -1,5 +1,8 @@ credentials: - + whiteboard_jwt_secret: + description: "Secret used for JWT signing" + algorithm: "base64_prefixed_32" + validation: "^base64:[A-Za-z0-9+/]{43}=$" administrator_password: description: "Initial password for the Nextcloud administrator (change immediately and enable 2FA)" algorithm: "sha256" diff --git a/roles/web-app-nextcloud/tasks/01_fullstack.yml b/roles/web-app-nextcloud/tasks/01_fullstack.yml new file mode 100644 index 00000000..04b7c91a --- /dev/null +++ b/roles/web-app-nextcloud/tasks/01_fullstack.yml @@ -0,0 +1,37 @@ +- name: "include role for {{ application_id }} to receive certs & do modification routines for '{{ domain }}:{{ port }}'" + include_role: + name: sys-util-csp-cert + +- name: create nextcloud proxy configuration file + template: + src: "nginx/host.conf.j2" + dest: "{{ NEXTCLOUD_HOST_NGINX_PATH }}" + notify: restart openresty + +- name: "load docker and db for {{ application_id }}" + include_role: + name: sys-stk-back-stateful + vars: + docker_compose_flush_handlers: false + +- name: "create {{ NEXTCLOUD_HOST_CONF_ADD_PATH }}" + file: + path: "{{ NEXTCLOUD_HOST_CONF_ADD_PATH }}" + state: directory + mode: "0755" + +- name: "Create config files at {{ NEXTCLOUD_HOST_CONF_ADD_PATH }}" + template: + src: "{{ item }}" + dest: "{{ NEXTCLOUD_HOST_CONF_ADD_PATH }}/{{ item | basename | regex_replace('\\.j2$', '') }}" + owner: "{{ NEXTCLOUD_DOCKER_USER_id }}" + group: "{{ NEXTCLOUD_DOCKER_USER_id }}" + loop: "{{ lookup('fileglob', role_path ~ '/templates/config/*.j2', wantlist=True) }}" + # Not all type of changes take instantly place. Due to this reason a rebuild is required. + notify: docker compose up + +- name: create internal nextcloud nginx configuration + template: + src: "nginx/docker.conf.j2" + dest: "{{ [docker_compose.directories.volumes, 'nginx.conf'] | path_join }}" + notify: restart nextcloud nginx service diff --git a/roles/web-app-nextcloud/tasks/01_config.yml b/roles/web-app-nextcloud/tasks/02_config.yml similarity index 67% rename from roles/web-app-nextcloud/tasks/01_config.yml rename to roles/web-app-nextcloud/tasks/02_config.yml index dc4f91c1..13f039da 100644 --- a/roles/web-app-nextcloud/tasks/01_config.yml +++ b/roles/web-app-nextcloud/tasks/02_config.yml @@ -3,7 +3,7 @@ - name: Add dynamic config merging from Jinja template template: src: include.php.j2 - dest: "{{ nextcloud_host_include_instructions_file }}" + dest: "{{ NEXTCLOUD_HOST_INCL_PATH }}" notify: docker compose restart - name: Flush handlers so Nextcloud container is restarted and ready @@ -19,11 +19,11 @@ - name: Copy include instructions to the container command: > - docker cp {{ nextcloud_host_include_instructions_file }} {{ NEXTCLOUD_CONTAINER }}:{{ nextcloud_docker_include_instructions_file }} + docker cp {{ NEXTCLOUD_HOST_INCL_PATH }} {{ NEXTCLOUD_CONTAINER }}:{{ NEXTCLOUD_DOCKER_INCL_PATH }} - name: Append generated config to config.php only if not present command: > docker exec -u {{ NEXTCLOUD_DOCKER_USER }} {{ NEXTCLOUD_CONTAINER }} sh -c " - grep -q '{{ nextcloud_docker_config_additives_directory }}' {{ nextcloud_docker_config_file }} || - cat {{ nextcloud_docker_include_instructions_file }} >> {{ nextcloud_docker_config_file }}" + grep -q '{{ NEXTCLOUD_DOCKER_CONF_ADD_PATH }}' {{ NEXTCLOUD_DOCKER_CONFIG_FILE }} || + cat {{ NEXTCLOUD_DOCKER_INCL_PATH }} >> {{ NEXTCLOUD_DOCKER_CONFIG_FILE }}" notify: docker compose restart diff --git a/roles/web-app-nextcloud/tasks/02_upgrade.yml b/roles/web-app-nextcloud/tasks/03_upgrade.yml similarity index 100% rename from roles/web-app-nextcloud/tasks/02_upgrade.yml rename to roles/web-app-nextcloud/tasks/03_upgrade.yml diff --git a/roles/web-app-nextcloud/tasks/03_admin.yml b/roles/web-app-nextcloud/tasks/04_admin.yml similarity index 89% rename from roles/web-app-nextcloud/tasks/03_admin.yml rename to roles/web-app-nextcloud/tasks/04_admin.yml index b40d0c0e..329109f7 100644 --- a/roles/web-app-nextcloud/tasks/03_admin.yml +++ b/roles/web-app-nextcloud/tasks/04_admin.yml @@ -1,7 +1,7 @@ - name: Ensure Nextcloud administrator is in the 'admin' group command: > docker exec -u {{ NEXTCLOUD_DOCKER_USER }} {{ NEXTCLOUD_CONTAINER }} - php occ group:adduser admin {{ nextcloud_administrator_username }} + php occ group:adduser admin {{ NEXTCLOUD_ADMINISTRATOR_USERNAME }} register: add_admin_to_group changed_when: "not ASYNC_ENABLED and 'Added user' in (add_admin_to_group.stdout | default(''))" failed_when: > diff --git a/roles/web-app-nextcloud/tasks/04_system_config.yml b/roles/web-app-nextcloud/tasks/05_system_config.yml similarity index 100% rename from roles/web-app-nextcloud/tasks/04_system_config.yml rename to roles/web-app-nextcloud/tasks/05_system_config.yml diff --git a/roles/web-app-nextcloud/tasks/05_plugin.yml b/roles/web-app-nextcloud/tasks/06_setup_plugin.yml similarity index 93% rename from roles/web-app-nextcloud/tasks/05_plugin.yml rename to roles/web-app-nextcloud/tasks/06_setup_plugin.yml index 532184c8..85b87d9b 100644 --- a/roles/web-app-nextcloud/tasks/05_plugin.yml +++ b/roles/web-app-nextcloud/tasks/06_setup_plugin.yml @@ -1,5 +1,5 @@ - block: - - include_tasks: 06_plugin_routines.yml + - include_tasks: _plugin_a_routines.yml when: plugin_value.enabled | bool - name: disable {{ plugin_key }} nextcloud plugin diff --git a/roles/web-app-nextcloud/tasks/06_plugin_routines.yml b/roles/web-app-nextcloud/tasks/_plugin_a_routines.yml similarity index 84% rename from roles/web-app-nextcloud/tasks/06_plugin_routines.yml rename to roles/web-app-nextcloud/tasks/_plugin_a_routines.yml index 52afcd8a..737bcfe2 100644 --- a/roles/web-app-nextcloud/tasks/06_plugin_routines.yml +++ b/roles/web-app-nextcloud/tasks/_plugin_a_routines.yml @@ -35,9 +35,12 @@ and ("already installed" not in install_result.stdout) -- include_tasks: 07_plugin_enable_and_configure.yml +- include_tasks: _plugin_b_enable_and_configure.yml when: - install_result is defined - > install_result.rc == 0 - or "already installed" in install_result.stdout \ No newline at end of file + or "already installed" in install_result.stdout + vars: + plugin_task_path: "{{ NEXTCLOUD_CNODE_PLUGIN_TASKS_PATH }}{{ plugin_key }}.yml" + plugin_vars_path: "{{ NEXTCLOUD_CNODE_PLUGIN_VARS_PATH }}{{ plugin_key }}.yml" \ No newline at end of file diff --git a/roles/web-app-nextcloud/tasks/07_plugin_enable_and_configure.yml b/roles/web-app-nextcloud/tasks/_plugin_b_enable_and_configure.yml similarity index 69% rename from roles/web-app-nextcloud/tasks/07_plugin_enable_and_configure.yml rename to roles/web-app-nextcloud/tasks/_plugin_b_enable_and_configure.yml index 35323646..ab849d8c 100644 --- a/roles/web-app-nextcloud/tasks/07_plugin_enable_and_configure.yml +++ b/roles/web-app-nextcloud/tasks/_plugin_b_enable_and_configure.yml @@ -3,16 +3,16 @@ register: enable_result changed_when: enable_result.rc == 0 and ("already enabled" not in enable_result.stdout) -- name: Check if {{ nextcloud_control_node_plugin_vars_directory }}{{ plugin_key }}.yml exists +- name: Check if {{ plugin_vars_path }} exists stat: - path: "{{ nextcloud_control_node_plugin_vars_directory }}{{ plugin_key }}.yml" + path: "{{ plugin_vars_path }}" delegate_to: localhost become: false register: plugin_vars_file - name: "Load {{ plugin_key }} configuration variables" include_vars: - file: "{{ nextcloud_control_node_plugin_vars_directory }}{{ plugin_key }}.yml" + file: "{{ plugin_vars_path }}" when: plugin_vars_file.stat.exists - name: "Set plugin configuration (batched shell, no async)" @@ -35,13 +35,13 @@ async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}" poll: "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}" -- name: Check if {{ nextcloud_control_node_plugin_tasks_directory }}{{ plugin_key }}.yml exists +- name: Check if {{ plugin_task_path }} exists stat: - path: "{{ nextcloud_control_node_plugin_tasks_directory }}{{ plugin_key }}.yml" + path: "{{ plugin_task_path }}" delegate_to: localhost become: false register: plugin_tasks_file -- name: "include {{ nextcloud_control_node_plugin_tasks_directory }}{{ plugin_key }}.yml" - include_tasks: "{{ nextcloud_control_node_plugin_tasks_directory }}{{ plugin_key }}.yml" +- name: "include {{ plugin_task_path }}" + include_tasks: "{{ plugin_task_path }}" when: plugin_tasks_file.stat.exists \ No newline at end of file diff --git a/roles/web-app-nextcloud/tasks/main.yml b/roles/web-app-nextcloud/tasks/main.yml index 29a7ac0a..f1f61657 100644 --- a/roles/web-app-nextcloud/tasks/main.yml +++ b/roles/web-app-nextcloud/tasks/main.yml @@ -1,75 +1,39 @@ --- -- name: "Install Collabora Dependency" - include_role: - name: web-svc-collabora - vars: - flush_handlers: true - when: - - run_once_web_svc_collabora is not defined - - NEXTCLOUD_COLLABORA_ENABLED | bool - -- name: "include role for {{ application_id }} to receive certs & do modification routines" - include_role: - name: sys-util-csp-cert - -- name: create nextcloud proxy configuration file - template: - src: "nginx/host.conf.j2" - dest: "{{ nextcloud_host_nginx_path }}" - notify: restart openresty - -- name: "load docker and db for {{ application_id }}" +- name: "load docker, db and proxy for {{ application_id }}" include_role: - name: sys-stk-back-stateful + name: sys-stk-full-stateful vars: - docker_compose_flush_handlers: false -- name: "create {{ nextcloud_host_config_additives_directory }}" - file: - path: "{{ nextcloud_host_config_additives_directory }}" - state: directory - mode: "0755" - -- name: "Create config files at {{ nextcloud_host_config_additives_directory }}" - template: - src: "{{ item }}" - dest: "{{ nextcloud_host_config_additives_directory }}/{{ item | basename | regex_replace('\\.j2$', '') }}" - owner: "{{ NEXTCLOUD_DOCKER_USER_id }}" - group: "{{ NEXTCLOUD_DOCKER_USER_id }}" - loop: "{{ lookup('fileglob', role_path ~ '/templates/config/*.j2', wantlist=True) }}" - # Not all type of changes take instantly place. Due to this reason a rebuild is required. - notify: docker compose up - -- name: create internal nextcloud nginx configuration - template: - src: "nginx/docker.conf.j2" - dest: "{{ docker_compose.directories.volumes }}nginx.conf" - notify: restart nextcloud nginx service +- name: Setup the full docker stack + include_tasks: 01_fullstack.yml + vars: + domain: "{{ NEXTCLOUD_DOMAIN }}" + http_port: "{{ NEXTCLOUD_PORT }}" - name: Setup config.php - include_tasks: 01_config.yml + include_tasks: 02_config.yml - name: Flush all handlers immediately so that occ can be used meta: flush_handlers - name: Update\Upgrade Nextcloud - include_tasks: 02_upgrade.yml + include_tasks: 03_upgrade.yml when: MODE_UPDATE | bool - name: Load system configuration steps include_tasks: "{{ item }}" loop: - - 03_admin.yml - - 04_system_config.yml + - 04_admin.yml + - 05_system_config.yml - name: Setup Nextcloud Plugins - include_tasks: 05_plugin.yml - loop: "{{ applications | get_app_conf(application_id, 'plugins', True) | dict2items }}" + include_tasks: 06_setup_plugin.yml + loop: "{{ NEXTCLOUD_PLUGIN_ITEMS }}" loop_control: loop_var: plugin_item vars: plugin_key: "{{ plugin_item.key }}" plugin_value: "{{ plugin_item.value }}" - when: nextcloud_plugins_enabled + when: NEXTCLOUD_PLUGINS_ENABLED diff --git a/roles/web-app-nextcloud/tasks/plugins/richdocuments.yml b/roles/web-app-nextcloud/tasks/plugins/richdocuments.yml new file mode 100644 index 00000000..ceeb928c --- /dev/null +++ b/roles/web-app-nextcloud/tasks/plugins/richdocuments.yml @@ -0,0 +1,7 @@ +- name: "Install Collabora Dependency" + include_role: + name: web-svc-collabora + vars: + flush_handlers: true + when: + - run_once_web_svc_collabora is not defined diff --git a/roles/web-app-nextcloud/tasks/plugins/spreed.yml b/roles/web-app-nextcloud/tasks/plugins/spreed.yml new file mode 100644 index 00000000..e69de29b diff --git a/roles/web-app-nextcloud/tasks/plugins/whiteboard.yml b/roles/web-app-nextcloud/tasks/plugins/whiteboard.yml new file mode 100644 index 00000000..da4e6c6c --- /dev/null +++ b/roles/web-app-nextcloud/tasks/plugins/whiteboard.yml @@ -0,0 +1,9 @@ +- name: Set Whiteboard Configuration + ansible.builtin.shell: > + {{ NEXTCLOUD_DOCKER_EXEC_OCC }} config:app:set whiteboard collabBackendUrl --value='{{ NEXTCLOUD_WHITEBOARD_URL }}' + && {{ NEXTCLOUD_DOCKER_EXEC_OCC }} config:app:set whiteboard jwt_secret_key --value='{{ NEXTCLOUD_WHITEBOARD_JWT }}' + args: + executable: /bin/bash + async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}" + poll: "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}" + no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}" diff --git a/roles/web-app-nextcloud/templates/config/oidc.config.php.j2 b/roles/web-app-nextcloud/templates/config/oidc.config.php.j2 index 64a6979b..590fcd2e 100644 --- a/roles/web-app-nextcloud/templates/config/oidc.config.php.j2 +++ b/roles/web-app-nextcloud/templates/config/oidc.config.php.j2 @@ -1,7 +1,7 @@ true, // Redirect to this page after logging out the user - 'oidc_login_logout_url' => 'https://{{ domains | get_domain(application_id) }}', + 'oidc_login_logout_url' => '{{ NEXTCLOUD_URL }}', // If set to true the user will be redirected to the // logout endpoint of the OIDC provider after logout @@ -33,7 +33,7 @@ return array ( // // NOTE: If you want to allow NextCloud to manage quotas, omit this option. Do not set it to // zero or -1 or ''. - 'oidc_login_default_quota' => '{{applications | get_app_conf(application_id, 'default_quota', True)}}', + 'oidc_login_default_quota' => '{{ applications | get_app_conf(application_id, 'default_quota', True)}}', // Login button text 'oidc_login_button_text' => '{{ OIDC.BUTTON_TEXT }}', @@ -97,7 +97,7 @@ return array ( // note: on Keycloak, OIDC name claim = "${given_name} ${family_name}" or one of them if any is missing // 'oidc_login_attributes' => array ( - 'id' => '{{LDAP.USER.ATTRIBUTES.ID}}', + 'id' => '{{ LDAP.USER.ATTRIBUTES.ID }}', 'name' => 'name', 'mail' => 'email', 'quota' => '{{ LDAP.USER.ATTRIBUTES.NEXTCLOUD_QUOTA }}', diff --git a/roles/web-app-nextcloud/templates/docker-compose.yml.j2 b/roles/web-app-nextcloud/templates/docker-compose.yml.j2 index 64b9f878..bfaf8326 100644 --- a/roles/web-app-nextcloud/templates/docker-compose.yml.j2 +++ b/roles/web-app-nextcloud/templates/docker-compose.yml.j2 @@ -1,11 +1,11 @@ {% include 'roles/docker-compose/templates/base.yml.j2' %} application: - image: "{{ nextcloud_image }}:{{ nextcloud_version }}" + image: "{{ NEXTCLOUD_IMAGE }}:{{ NEXTCLOUD_VERSION }}" container_name: {{ NEXTCLOUD_CONTAINER }} volumes: - data:{{ NEXTCLOUD_DOCKER_WORK_DIRECTORY }} - - {{ nextcloud_host_config_additives_directory }}:{{ nextcloud_docker_config_additives_directory }}:ro + - {{ NEXTCLOUD_HOST_CONF_ADD_PATH }}:{{ NEXTCLOUD_DOCKER_CONF_ADD_PATH }}:ro healthcheck: test: ["CMD", "su", "www-data", "-s", "/bin/sh", "-c", "php {{ NEXTCLOUD_DOCKER_WORK_DIRECTORY }}occ status"] interval: 1m @@ -16,25 +16,36 @@ {% include 'roles/docker-container/templates/networks.yml.j2' %} ipv4_address: 192.168.102.69 -{% if nextcloud_talk_enabled %} +{% if NEXTCLOUD_TALK_ENABLED %} talk: {% include 'roles/docker-container/templates/base.yml.j2' %} - image: "{{ nextcloud_talk_image }}:{{ nextcloud_talk_version }}" - container_name: {{ nextcloud_talk_name }} - hostname: hpb_yt + image: "{{ NEXTCLOUD_TALK_IMAGE }}:{{ NEXTCLOUD_TALK_VERSION }}" + container_name: {{ NEXTCLOUD_TALK_CONTAINER }} init: true ports: - - {{ networks.internet.ip4 }}:{{ nextcloud_talk_stun_port }}:3478/tcp #TURN TCP - - {{ networks.internet.ip4 }}:{{ nextcloud_talk_stun_port }}:3478/udp #TURN UDP - - {{ networks.internet.ip4 }}:8181:8081/tcp #Signaling @todo needs to be optimized + - {{ networks.internet.ip4 }}:{{ NEXTCLOUD_TALK_STUN_PORT }}:3478/tcp #TURN TCP + - {{ networks.internet.ip4 }}:{{ NEXTCLOUD_TALK_STUN_PORT }}:3478/udp #TURN UDP + - {{ networks.internet.ip4 }}:{{ NEXTCLOUD_TALK_WS_PORT }}:8081/tcp networks: default: ipv4_address: 192.168.102.68 {% endif %} +{% if NEXTCLOUD_WHITEBOARD_ENABLED %} + whiteboard: + {% include 'roles/docker-container/templates/base.yml.j2' %} + image: "{{ NEXTCLOUD_WHITEBOARD_IMAGE }}:{{ NEXTCLOUD_WHITEBOARD_VERSION }}" + container_name: {{ NEXTCLOUD_WHITEBOARD_CONTAINER }} + expose: + - "{{ NEXTCLOUD_WHITEBOARD_INTERNAL_PORT }}" + networks: + default: + ipv4_address: 192.168.102.71 +{% endif %} + proxy: - image: "{{ nextcloud_proxy_image }}:{{ nextcloud_proxy_version }}" - container_name: "{{ nextcloud_proxy_name }}" + image: "{{ NEXTCLOUD_PROXY_IMAGE }}:{{ NEXTCLOUD_PROXY_VERSION }}" + container_name: "{{ NEXTCLOUD_PROXY_CONTAINER }}" logging: driver: journald restart: {{ DOCKER_RESTART_POLICY }} @@ -51,8 +62,8 @@ ipv4_address: 192.168.102.67 cron: - container_name: "{{ nextcloud_cron_name }}" - image: "{{ nextcloud_image }}:{{ nextcloud_version }}" + container_name: "{{ NEXTCLOUD_CRON_CONTAINER }}" + image: "{{ NEXTCLOUD_IMAGE }}:{{ NEXTCLOUD_VERSION }}" restart: {{ DOCKER_RESTART_POLICY }} logging: driver: journald @@ -70,6 +81,6 @@ {% include 'roles/docker-compose/templates/volumes.yml.j2' %} data: - name: {{ nextcloud_volume }} + name: {{ NEXTCLOUD_VOLUME }} {% include 'roles/docker-compose/templates/networks.yml.j2' %} diff --git a/roles/web-app-nextcloud/templates/env.j2 b/roles/web-app-nextcloud/templates/env.j2 index c3c41063..11f65b01 100644 --- a/roles/web-app-nextcloud/templates/env.j2 +++ b/roles/web-app-nextcloud/templates/env.j2 @@ -8,9 +8,9 @@ MYSQL_PASSWORD= "{{ database_password }}" MYSQL_HOST= "{{ database_host }}:{{ database_port }}" # PHP -PHP_MEMORY_LIMIT= "{{applications | get_app_conf(application_id, 'performance.php.memory_limit')}}" -PHP_UPLOAD_LIMIT= "{{applications | get_app_conf(application_id, 'performance.php.upload_limit')}}" -PHP_OPCACHE_MEMORY_CONSUMPTION= "{{applications | get_app_conf(application_id, 'performance.php.opcache_memory_consumption')}}" +PHP_MEMORY_LIMIT= "{{ applications | get_app_conf(application_id, 'performance.php.memory_limit') }}" +PHP_UPLOAD_LIMIT= "{{ applications | get_app_conf(application_id, 'performance.php.upload_limit') }}" +PHP_OPCACHE_MEMORY_CONSUMPTION= "{{ applications | get_app_conf(application_id, 'performance.php.opcache_memory_consumption') }}" # Email Configuration SMTP_HOST= {{ SYSTEM_EMAIL.HOST }} @@ -24,30 +24,38 @@ MAIL_FROM_ADDRESS= "{{ users['no-reply'].username }}" MAIL_DOMAIN= "{{ SYSTEM_EMAIL.DOMAIN }}" # Initial Admin Data -NEXTCLOUD_ADMIN_USER= "{{applications | get_app_conf(application_id, 'users.administrator.username')}}" -NEXTCLOUD_ADMIN_PASSWORD= "{{applications | get_app_conf(application_id, 'credentials.administrator_password')}}" +NEXTCLOUD_ADMIN_USER= "{{ NEXTCLOUD_ADMINISTRATOR_USER }}" +NEXTCLOUD_ADMIN_PASSWORD= "{{ NEXTCLOUD_ADMINISTRATOR_PASSWORD }}" # Security -NEXTCLOUD_TRUSTED_DOMAINS= "{{ domains[application_id] | select | join(',') }}" +NEXTCLOUD_TRUSTED_DOMAINS= "{{ NEXTCLOUD_DOMAIN }}" # Whitelist local docker gateway in Nextcloud to prevent brute-force throtteling TRUSTED_PROXIES= "{{ networks.internet.values() | select | join(',') }}" -OVERWRITECLIURL= "{{ domains | get_url(application_id, WEB_PROTOCOL) }}" -OVERWRITEPROTOCOL= "https" +OVERWRITECLIURL= "{{ NEXTCLOUD_URL }}" +OVERWRITEPROTOCOL= "{{ WEB_PROTOCOL }}" # Redis Configuration REDIS_HOST= redis REDIS_PORT= 6379 -{% if nextcloud_talk_enabled %} +{% if NEXTCLOUD_TALK_ENABLED %} # Talk Configuration # This code was just moved here during refactoring and isn't tested yet. # @todo move it to an own env file for encapsulation reasons -NC_DOMAIN=cloud.yourdomain.tld -TALK_HOST=signaling.yourdomain.tld +NC_DOMAIN={{ NEXTCLOUD_DOMAIN }} +TALK_HOST={{ NEXTCLOUD_TALK_DOMAIN }} TURN_SECRET=${TURN_SECRET} SIGNALING_SECRET=${SIGNALING_SECRET} TZ=Europe/Berlin TALK_PORT=3478 INTERNAL_SECRET=${INTERNAL_SECRET} +{% endif %} + +{% if NEXTCLOUD_WHITEBOARD_ENABLED %} +# @todo move it to an own env file for encapsuling reasons +NEXTCLOUD_URL= "{{ NEXTCLOUD_URL }}" +JWT_SECRET_KEY= "{{ NEXTCLOUD_WHITEBOARD_JWT }}" +STORAGE_STRATEGY=redis +REDIS_URL=redis://redis:6379/0 {% endif %} \ No newline at end of file diff --git a/roles/web-app-nextcloud/templates/include.php.j2 b/roles/web-app-nextcloud/templates/include.php.j2 index bad45e41..78c42592 100644 --- a/roles/web-app-nextcloud/templates/include.php.j2 +++ b/roles/web-app-nextcloud/templates/include.php.j2 @@ -3,7 +3,7 @@ $CONFIG_EXTRA = []; -foreach (glob("{% endraw %}{{ nextcloud_docker_config_additives_directory }}{% raw %}*.php") as $file) { +foreach (glob("{% endraw %}{{ NEXTCLOUD_DOCKER_CONF_ADD_PATH }}{% raw %}*.php") as $file) { $CONFIG_EXTRA = array_merge($CONFIG_EXTRA, include $file); } diff --git a/roles/web-app-nextcloud/templates/nginx/docker.conf.j2 b/roles/web-app-nextcloud/templates/nginx/docker.conf.j2 index 194de40c..6ed966db 100644 --- a/roles/web-app-nextcloud/templates/nginx/docker.conf.j2 +++ b/roles/web-app-nextcloud/templates/nginx/docker.conf.j2 @@ -179,5 +179,15 @@ http { location / { try_files $uri $uri/ /index.php$request_uri; } + + location {{ NEXTCLOUD_WHITEBOARD_LOCATION }} { + proxy_pass http://whiteboard:{{ NEXTCLOUD_WHITEBOARD_INTERNAL_PORT }}/; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 3600; + } } } diff --git a/roles/web-app-nextcloud/vars/main.yml b/roles/web-app-nextcloud/vars/main.yml index 83b5fd61..a5981f39 100644 --- a/roles/web-app-nextcloud/vars/main.yml +++ b/roles/web-app-nextcloud/vars/main.yml @@ -1,72 +1,88 @@ --- # General -application_id: "web-app-nextcloud" # Application identifier -container_port: 80 - -# Networking -domain: "{{ domains | get_domain(application_id) }}" # Public domain at which Nextcloud will be accessable -http_port: "{{ ports.localhost.http[application_id] }}" # Port at which nextcloud is reachable in the local network +application_id: "web-app-nextcloud" # Application identifier +container_port: 80 # Database -database_password: "{{ applications | get_app_conf(application_id, 'credentials.database_password', True)}}" -database_type: "mariadb" # Database flavor +database_password: "{{ applications | get_app_conf(application_id, 'credentials.database_password') }}" +database_type: "mariadb" # Database flavor -nextcloud_plugins_enabled: "{{ applications | get_app_conf(application_id, 'plugins_enabled') }}" -nextcloud_administrator_username: "{{ applications | get_app_conf(application_id, 'users.administrator.username') }}" +# Nextcloud +## General +NEXTCLOUD_DOMAIN: "{{ domains | get_domain(application_id) }}" +NEXTCLOUD_PORT: "{{ ports.localhost.http[application_id] }}" +NEXTCLOUD_URL: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}" -# Control Node -nextcloud_control_node_plugin_vars_directory: "{{role_path}}/vars/plugins/" # Folder in which the files for the plugin configuration are stored -nextcloud_control_node_plugin_tasks_directory: "{{role_path}}/tasks/plugins/" # Folder which contains the files for extra plugin configuration tasks +NEXTCLOUD_PLUGINS_ENABLED: "{{ applications | get_app_conf(application_id, 'plugins_enabled') }}" +NEXTCLOUD_ADMINISTRATOR_USERNAME: "{{ applications | get_app_conf(application_id, 'users.administrator.username') }}" -# Host +## Plugins +NEXTCLOUD_PLUGIN_ITEMS: "{{ applications | get_app_conf(application_id, 'plugins') | dict2items }}" -## Host Paths -nextcloud_host_config_additives_directory: "{{ docker_compose.directories.volumes }}infinito/" # This folder is the path to which the additive configurations will be copied -nextcloud_host_include_instructions_file: "{{ docker_compose.directories.volumes }}includes.php" # Path to the instruction file on the host. Responsible for loading the additional configurations -nextcloud_host_nginx_path: "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}{{ domains | get_domain(application_id) }}.conf" # Nginx path for proxy conf +## Paths -# Docker +### Host +NEXTCLOUD_HOST_CONF_ADD_PATH: "{{ [ docker_compose.directories.volumes, 'infinito' ] | path_join }}" # This folder is the path to which the additive configurations will be copied +NEXTCLOUD_HOST_INCL_PATH: "{{ [ docker_compose.directories.volumes, 'includes.php' ] | path_join }}" # Path to the instruction file on the host. Responsible for loading the additional configurations +NEXTCLOUD_HOST_NGINX_PATH: "{{ [ NGINX.DIRECTORIES.HTTP.SERVERS, NEXTCLOUD_DOMAIN ~ '.conf' ] | path_join }}" # Nginx path for proxy conf -nextcloud_volume: "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}" - -nextcloud_version: "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.version') }}" -nextcloud_image: "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.image') }}" -NEXTCLOUD_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.name') }}" - -nextcloud_proxy_name: "{{ applications | get_app_conf(application_id, 'docker.services.proxy.name') }}" -nextcloud_proxy_image: "{{ applications | get_app_conf(application_id, 'docker.services.proxy.image') }}" -nextcloud_proxy_version: "{{ applications | get_app_conf(application_id, 'docker.services.proxy.version') }}" - -nextcloud_cron_name: "{{ applications | get_app_conf(application_id, 'docker.services.cron.name') }}" - -# Plugins - -## Talk -nextcloud_talk_name: "{{ applications | get_app_conf(application_id, 'docker.services.talk.name') }}" -nextcloud_talk_image: "{{ applications | get_app_conf(application_id, 'docker.services.talk.image') }}" -nextcloud_talk_version: "{{ applications | get_app_conf(application_id, 'docker.services.talk.version') }}" -nextcloud_talk_enabled: "{{ applications | is_docker_service_enabled(application_id, 'talk') }}" -nextcloud_talk_stun_port: "{{ ports.public.stun[application_id] }}" -# nextcloud_talk_domain: "{{ domains[application_id].talk }}" - -# Collabora -#nextcloud_collabora_name: "{{ applications | get_app_conf(application_id, 'docker.services.collabora.name') }}" -NEXTCLOUD_COLLABORA_URL: "{{ domains | get_url('web-svc-collabora', WEB_PROTOCOL) }}" -#NEXTCLOUD_COLLABORA_DOMAIN: "{{ domains | get_domain('web-svc-collabora') }}" -NEXTCLOUD_COLLABORA_ENABLED: "{{ applications | get_app_conf(application_id, 'plugins.richdocuments.enabled') }}" - -## User Configuration -NEXTCLOUD_DOCKER_USER_id: 82 # UID of the www-data user -NEXTCLOUD_DOCKER_USER: "www-data" # Name of the www-data user (Set here to easy change it in the future) +## Control Node +NEXTCLOUD_CNODE_PLUGIN_VARS_PATH: "{{ [role_path, 'vars/plugins/'] | path_join }}" # Folder in which the files for the plugin configuration are stored +NEXTCLOUD_CNODE_PLUGIN_TASKS_PATH: "{{ [role_path, 'tasks/plugins/'] | path_join }}" # Folder which contains the files for extra plugin configuration tasks ## Internal Paths -NEXTCLOUD_DOCKER_WORK_DIRECTORY: "/var/www/html/" # Name of the workdir in which the application is stored -NEXTCLOUD_DOCKER_CONFIG_DIRECTORY: "{{ NEXTCLOUD_DOCKER_WORK_DIRECTORY }}config/" # Folder in which the Nextcloud configurations are stored -nextcloud_docker_config_file: "{{ NEXTCLOUD_DOCKER_CONFIG_DIRECTORY }}config.php" # Path to the Nextcloud configuration file -nextcloud_docker_config_additives_directory: "{{ NEXTCLOUD_DOCKER_CONFIG_DIRECTORY }}infinito/" # Path to the folder which contains additional configurations -nextcloud_docker_include_instructions_file: "/tmp/includes.php" # Path to the temporary file which will be included to the config.php to load the additional configurations +NEXTCLOUD_DOCKER_WORK_DIRECTORY: "/var/www/html/" # Name of the workdir in which the application is stored +NEXTCLOUD_DOCKER_CONF_DIRECTORY: "{{ NEXTCLOUD_DOCKER_WORK_DIRECTORY }}config/" # Folder in which the Nextcloud configurations are stored +NEXTCLOUD_DOCKER_CONFIG_FILE: "{{ NEXTCLOUD_DOCKER_CONF_DIRECTORY }}config.php" # Path to the Nextcloud configuration file +NEXTCLOUD_DOCKER_CONF_ADD_PATH: "{{ NEXTCLOUD_DOCKER_CONF_DIRECTORY }}infinito/" # Path to the folder which contains additional configurations +NEXTCLOUD_DOCKER_INCL_PATH: "/tmp/includes.php" # Path to the temporary file which will be included to the config.php to load the additional configurations + +## Administrator +NEXTCLOUD_ADMINISTRATOR_USER: "{{ applications | get_app_conf(application_id, 'users.administrator.username') }}" +NEXTCLOUD_ADMINISTRATOR_PASSWORD: "{{ applications | get_app_conf(application_id, 'credentials.administrator_password') }}" + +## Docker + +### Base +NEXTCLOUD_VOLUME: "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}" +NEXTCLOUD_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.version') }}" +NEXTCLOUD_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.image') }}" +NEXTCLOUD_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.name') }}" + +### Proxy +NEXTCLOUD_PROXY_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.proxy.name') }}" +NEXTCLOUD_PROXY_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.proxy.image') }}" +NEXTCLOUD_PROXY_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.proxy.version') }}" + +### Cron +NEXTCLOUD_CRON_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.cron.name') }}" + +### Talk +NEXTCLOUD_TALK_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.talk.name') }}" +NEXTCLOUD_TALK_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.talk.image') }}" +NEXTCLOUD_TALK_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.talk.version') }}" +NEXTCLOUD_TALK_ENABLED: "{{ applications | get_app_conf(application_id, 'plugins.spreed.enabled') }}" +NEXTCLOUD_TALK_STUN_PORT: "{{ ports.public.stun[application_id] }}" +NEXTCLOUD_TALK_WS_PORT: "{{ ports.localhost.websocket[application_id] }}" +NEXTCLOUD_TALK_DOMAIN: "{{ domains[application_id].talk }}" + +NEXTCLOUD_WHITEBOARD_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.whiteboard.name') }}" +NEXTCLOUD_WHITEBOARD_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.whiteboard.image') }}" +NEXTCLOUD_WHITEBOARD_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.whiteboard.version') }}" +NEXTCLOUD_WHITEBOARD_ENABLED: "{{ applications | get_app_conf(application_id, 'plugins.whiteboard.enabled') }}" +NEXTCLOUD_WHITEBOARD_INTERNAL_PORT: "3002" +NEXTCLOUD_WHITEBOARD_JWT: "{{ applications | get_app_conf(application_id, 'credentials.whiteboard_jwt_secret') }}" +NEXTCLOUD_WHITEBOARD_LOCATION: "/whiteboard/" +NEXTCLOUD_WHITEBOARD_URL: "{{ [ NEXTCLOUD_URL, NEXTCLOUD_WHITEBOARD_LOCATION ] | url_join }}" + +### Collabora +NEXTCLOUD_COLLABORA_URL: "{{ domains | get_url('web-svc-collabora', WEB_PROTOCOL) }}" +# NEXTCLOUD_COLLABORA_ENABLED: "{{ applications | get_app_conf(application_id, 'plugins.richdocuments.enabled') }}" + +## User Configuration +NEXTCLOUD_DOCKER_USER_id: 82 # UID of the www-data user +NEXTCLOUD_DOCKER_USER: "www-data" # Name of the www-data user (Set here to easy change it in the future) ## Execution -NEXTCLOUD_DOCKER_EXEC: "docker exec -u {{ NEXTCLOUD_DOCKER_USER }} {{ NEXTCLOUD_CONTAINER }}" # General execute composition -NEXTCLOUD_DOCKER_EXEC_OCC: "{{NEXTCLOUD_DOCKER_EXEC}} {{ NEXTCLOUD_DOCKER_WORK_DIRECTORY }}occ" # Execute docker occ command -# NEXTCLOUD_COLLOBORA_CONF_EXEC: "docker exec {{ applications | get_app_conf('web-svc-collabora', 'docker.services.collabora.name') }} coolconfig" \ No newline at end of file +NEXTCLOUD_DOCKER_EXEC: "docker exec -u {{ NEXTCLOUD_DOCKER_USER }} {{ NEXTCLOUD_CONTAINER }}" # General execute composition +NEXTCLOUD_DOCKER_EXEC_OCC: "{{NEXTCLOUD_DOCKER_EXEC}} {{ NEXTCLOUD_DOCKER_WORK_DIRECTORY }}occ" # Execute docker occ command \ No newline at end of file diff --git a/roles/web-app-nextcloud/vars/plugins/user_ldap.yml b/roles/web-app-nextcloud/vars/plugins/user_ldap.yml index 87ce7cac..217ba54d 100644 --- a/roles/web-app-nextcloud/vars/plugins/user_ldap.yml +++ b/roles/web-app-nextcloud/vars/plugins/user_ldap.yml @@ -181,4 +181,4 @@ plugin_configuration: - appid: "user_ldap" configkey: "s01ldap_expert_username_attr" - configvalue: "{{LDAP.USER.ATTRIBUTES.ID}}" \ No newline at end of file + configvalue: "{{ LDAP.USER.ATTRIBUTES.ID }}" \ No newline at end of file diff --git a/roles/web-app-nextcloud/vars/system.yml b/roles/web-app-nextcloud/vars/system.yml index 8c65ffbb..29324ed3 100644 --- a/roles/web-app-nextcloud/vars/system.yml +++ b/roles/web-app-nextcloud/vars/system.yml @@ -15,7 +15,7 @@ nextcloud_system_config: value: "{{ HOST_LL | upper }}" - parameter: "trusted_domains 0" - value: "{{ domains | get_domain(application_id) }}" + value: "{{ NEXTCLOUD_DOMAIN }}" - parameter: "overwrite.cli.url" - value: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}" \ No newline at end of file + value: "{{ NEXTCLOUD_URL }}" \ No newline at end of file diff --git a/roles/web-app-oauth2-proxy/tasks/main.yml b/roles/web-app-oauth2-proxy/tasks/main.yml index 2327b822..1752c824 100644 --- a/roles/web-app-oauth2-proxy/tasks/main.yml +++ b/roles/web-app-oauth2-proxy/tasks/main.yml @@ -8,6 +8,6 @@ - name: "Transfering oauth2-proxy-keycloak.cfg.j2 to {{( application_id | get_docker_paths(PATH_DOCKER_COMPOSE_INSTANCES) ).directories.volumes }}" template: src: "{{ playbook_dir }}/roles/web-app-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2" - dest: "{{( application_id | get_docker_paths(PATH_DOCKER_COMPOSE_INSTANCES) ).directories.volumes }}{{applications | get_app_conf('web-app-oauth2-proxy','configuration_file')}}" + dest: "{{( application_id | get_docker_paths(PATH_DOCKER_COMPOSE_INSTANCES) ).directories.volumes }}{{ applications | get_app_conf('web-app-oauth2-proxy','configuration_file') }}" notify: - docker compose up \ No newline at end of file diff --git a/roles/web-app-oauth2-proxy/templates/container.yml.j2 b/roles/web-app-oauth2-proxy/templates/container.yml.j2 index f7f5fb54..85713fb6 100644 --- a/roles/web-app-oauth2-proxy/templates/container.yml.j2 +++ b/roles/web-app-oauth2-proxy/templates/container.yml.j2 @@ -1,11 +1,11 @@ {% if applications | get_app_conf(application_id, 'features.oauth2', False) %} oauth2-proxy: - image: quay.io/oauth2-proxy/oauth2-proxy:{{applications['web-app-oauth2-proxy'].version}} + image: quay.io/oauth2-proxy/oauth2-proxy:{{ applications['web-app-oauth2-proxy'].version}} restart: {{ DOCKER_RESTART_POLICY }} command: --config /oauth2-proxy.cfg hostname: oauth2-proxy ports: - {{ ports.localhost.oauth2_proxy[application_id] }}:4180/tcp volumes: - - "{{ docker_compose.directories.volumes }}{{applications | get_app_conf('web-app-oauth2-proxy','configuration_file')}}:/oauth2-proxy.cfg" + - "{{ docker_compose.directories.volumes }}{{ applications | get_app_conf('web-app-oauth2-proxy','configuration_file')}}:/oauth2-proxy.cfg" {% endif %} \ No newline at end of file diff --git a/roles/web-app-peertube/templates/env.j2 b/roles/web-app-peertube/templates/env.j2 index 09e05bb6..d7d87deb 100644 --- a/roles/web-app-peertube/templates/env.j2 +++ b/roles/web-app-peertube/templates/env.j2 @@ -11,7 +11,7 @@ PEERTUBE_DB_HOSTNAME={{ database_host }} PEERTUBE_WEBSERVER_HOSTNAME={{ domains | get_domain(application_id) }} PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback"] -PEERTUBE_SECRET={{applications | get_app_conf(application_id, 'credentials.secret', True)}} +PEERTUBE_SECRET={{ applications | get_app_conf(application_id, 'credentials.secret', True)}} # E-mail configuration PEERTUBE_SMTP_USERNAME={{ users['no-reply'].email }} diff --git a/roles/web-app-pgadmin/templates/docker-compose.yml.j2 b/roles/web-app-pgadmin/templates/docker-compose.yml.j2 index 2f522a69..b5ff0da3 100644 --- a/roles/web-app-pgadmin/templates/docker-compose.yml.j2 +++ b/roles/web-app-pgadmin/templates/docker-compose.yml.j2 @@ -2,7 +2,7 @@ application: {% set container_port = 80 %} - image: dpage/pgadmin4:{{applications | get_app_conf(application_id, 'version', True)}} + image: dpage/pgadmin4:{{ applications | get_app_conf(application_id, 'version', True)}} container_name: pgadmin {% include 'roles/docker-container/templates/base.yml.j2' %} ports: diff --git a/roles/web-app-phpldapadmin/templates/docker-compose.yml.j2 b/roles/web-app-phpldapadmin/templates/docker-compose.yml.j2 index 0ed7420c..eeedb73f 100644 --- a/roles/web-app-phpldapadmin/templates/docker-compose.yml.j2 +++ b/roles/web-app-phpldapadmin/templates/docker-compose.yml.j2 @@ -2,7 +2,7 @@ application: container_name: {{ application_id }} - image: leenooks/phpldapadmin:{{applications | get_app_conf(application_id, 'version', True)}} + image: leenooks/phpldapadmin:{{ applications | get_app_conf(application_id, 'version', True)}} ports: - 127.0.0.1:{{ ports.localhost.http[application_id] }}:8080 {% include 'roles/docker-container/templates/base.yml.j2' %} diff --git a/roles/web-app-phpmyadmin/vars/main.yml b/roles/web-app-phpmyadmin/vars/main.yml index 12589152..514227b8 100644 --- a/roles/web-app-phpmyadmin/vars/main.yml +++ b/roles/web-app-phpmyadmin/vars/main.yml @@ -1,6 +1,6 @@ application_id: "web-app-phpmyadmin" database_type: "mariadb" -database_host: "{{ applications | get_app_conf('svc-db-mariadb', 'docker.services.mariadb.name', True) if applications | get_app_conf(application_id, 'features.central_database', False)}}" +database_host: "{{ applications | get_app_conf('svc-db-mariadb', 'docker.services.mariadb.name', True) if applications | get_app_conf(application_id, 'features.central_database', False) }}" phpmyadmin_version: "{{ applications | get_app_conf(application_id, 'docker.services.phpmyadmin.version', True) }}" phpmyadmin_image: "{{ applications | get_app_conf(application_id, 'docker.services.phpmyadmin.image', True) }}" phpmyadmin_container: "{{ applications | get_app_conf(application_id, 'docker.services.phpmyadmin.name', True) }}" \ No newline at end of file diff --git a/roles/web-app-pixelfed/templates/env.j2 b/roles/web-app-pixelfed/templates/env.j2 index beb42fb3..696846f9 100644 --- a/roles/web-app-pixelfed/templates/env.j2 +++ b/roles/web-app-pixelfed/templates/env.j2 @@ -1,5 +1,5 @@ ## Crypto -APP_KEY={{applications | get_app_conf(application_id, 'credentials.app_key', True)}} +APP_KEY={{ applications | get_app_conf(application_id, 'credentials.app_key', True)}} ## General Settings APP_NAME="{{ PIXELFED_TITEL }}" diff --git a/roles/web-app-yourls/templates/env.j2 b/roles/web-app-yourls/templates/env.j2 index b23331b4..5a398dab 100644 --- a/roles/web-app-yourls/templates/env.j2 +++ b/roles/web-app-yourls/templates/env.j2 @@ -6,4 +6,4 @@ YOURLS_SITE: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}" YOURLS_USER: "{{ YOURLS_USER }}" YOURLS_PASS: "{{ YOURLS_PASSWORD }}" # The following deactivates the login mask for admins, if the oauth2 proxy is activated -YOURLS_PRIVATE: "{{not (applications | get_app_conf(application_id, 'features.oauth2', False))}}" \ No newline at end of file +YOURLS_PRIVATE: "{{not (applications | get_app_conf(application_id, 'features.oauth2', False)) }}" \ No newline at end of file