diff --git a/group_vars/all/00_general.yml b/group_vars/all/00_general.yml index 79753958..57f17507 100644 --- a/group_vars/all/00_general.yml +++ b/group_vars/all/00_general.yml @@ -31,13 +31,13 @@ test_email: "test@{{primary_domain}}" # Server Tact Variables ## Ours in which the server is "awake" (100% working). Rest of the time is reserved for maintanance -hours_server_awake: "0..23" +hours_server_awake: "0..23" ## Random delay for systemd timers to avoid peak loads. -randomized_delay_sec: "5min" +randomized_delay_sec: "5min" # Runtime Variables for Process Control -activate_all_timers: false # Activates all timers, independend if the handlers had been triggered +activate_all_timers: false # Activates all timers, independend if the handlers had been triggered # One Wildcard Certificate for All Subdomains # Enables a single Let's Encrypt wildcard certificate for all subdomains instead of individual certificates. @@ -47,11 +47,11 @@ activate_all_timers: false # Activates all timers, independen # To enable, update your inventory file. # For detailed setup instructions, visit: # https://github.com/kevinveenbirkenbach/cymais/tree/master/roles/nginx-docker-cert-deploy -enable_wildcard_certificate: false +enable_wildcard_certificate: false # This enables debugging in ansible and in the apps # You SHOULD NOT enable this on production servers -enable_debug: false +enable_debug: false ######################### ## ENABLED DEFAULTS ## diff --git a/group_vars/all/07_applications.yml b/group_vars/all/07_applications.yml index 65e5aa3b..5608801d 100644 --- a/group_vars/all/07_applications.yml +++ b/group_vars/all/07_applications.yml @@ -709,7 +709,7 @@ defaults_applications: presentation: matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking css_enabled: False # Would mess with the presentation layout - landingpage_iframe_enabled: False # Makes sense to make the documentary allways in iframe available + landingpage_iframe_enabled: True # Makes sense to make the documentary allways in iframe available # Snipe-IT snipe_it: @@ -770,7 +770,15 @@ defaults_applications: # May a solution could be to generate a template or css file dedicated # for wordpress based on the theming values and import it. database: - central_storage: True # Activate Central Database Storage + central_storage: True # Activate Central Database Storage matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking css_enabled: false # CSS is hard to tweak for wordpress - landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe \ No newline at end of file + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe + oidc: + enabled: true # Activate OIDC + title: "Blog" + credentials: + administrator: + username: "{{users.administrator.username}}" # Username of the wordpress administrator +# password: # Password of the wordpress administrator + email: "{{users.administrator.email}}" # Email of the wordpress adminsitrator \ No newline at end of file diff --git a/roles/docker-discourse/vars/main.yml b/roles/docker-discourse/vars/main.yml index e9e9b483..9db00ec6 100644 --- a/roles/docker-discourse/vars/main.yml +++ b/roles/docker-discourse/vars/main.yml @@ -1,5 +1,5 @@ application_id: "discourse" -database_password: "{{ applications.discourse.database_password }}" +database_password: "{{ applications.discourse.credentials.database.password }}" database_type: "postgres" docker_repository_directory : "{{docker_compose.directories.services}}{{applications.discourse.repository}}/" discourse_application_yml_destination: "{{docker_repository_directory }}containers/{{applications.discourse.container}}.yml" \ No newline at end of file diff --git a/roles/docker-keycloak/vars/main.yml b/roles/docker-keycloak/vars/main.yml index a516877b..29518e3a 100644 --- a/roles/docker-keycloak/vars/main.yml +++ b/roles/docker-keycloak/vars/main.yml @@ -1,6 +1,6 @@ application_id: "keycloak" database_type: "postgres" -database_password: "{{applications.keycloak.database_password}}" +database_password: "{{applications.keycloak.credentials.database.password}}" container_name: "{{application_id}}_application" realm: "{{primary_domain}}" # This is the name of the default realm which is used by the applications import_directory_host: "{{docker_compose.directories.volumes}}import/" # Directory in which keycloack import files are placed on the host diff --git a/roles/docker-mailu/vars/main.yml b/roles/docker-mailu/vars/main.yml index 92f2bc78..7340db66 100644 --- a/roles/docker-mailu/vars/main.yml +++ b/roles/docker-mailu/vars/main.yml @@ -1,5 +1,5 @@ application_id: "mailu" -database_password: "{{applications.mailu.credentials.database_password}}" +database_password: "{{applications.mailu.credentials.database.password}}" database_type: "mariadb" cert_mount_directory: "{{docker_compose.directories.volumes}}certs/" enable_wildcard_certificate: false diff --git a/roles/docker-mastodon/vars/main.yml b/roles/docker-mastodon/vars/main.yml index 5ec3d6d5..6529cf48 100644 --- a/roles/docker-mastodon/vars/main.yml +++ b/roles/docker-mastodon/vars/main.yml @@ -1,3 +1,3 @@ application_id: "mastodon" -database_password: "{{applications.mastodon.credentials.database_password}}" +database_password: "{{applications.mastodon.credentials.database.password}}" database_type: "postgres" \ No newline at end of file diff --git a/roles/docker-matomo/vars/main.yml b/roles/docker-matomo/vars/main.yml index e6d3eb26..34f10859 100644 --- a/roles/docker-matomo/vars/main.yml +++ b/roles/docker-matomo/vars/main.yml @@ -1,7 +1,7 @@ --- application_id: "matomo" database_type: "mariadb" -database_password: "{{applications.matomo.database_password}}" +database_password: "{{applications.matomo.credentials.database.password}}" # I don't know if this is still necessary domain: "{{domains.matomo}}" \ No newline at end of file diff --git a/roles/docker-nextcloud/vars/main.yml b/roles/docker-nextcloud/vars/main.yml index 8cd99ccf..8b6abcb1 100644 --- a/roles/docker-nextcloud/vars/main.yml +++ b/roles/docker-nextcloud/vars/main.yml @@ -3,7 +3,7 @@ application_id: "nextcloud" # Application identifier # Database -database_password: "{{applications.nextcloud.credentials.database_password}}" # Database password +database_password: "{{applications.nextcloud.credentials.database.password}}" # Database password database_type: "mariadb" # Database flavor # Networking diff --git a/roles/docker-openproject/vars/main.yml b/roles/docker-openproject/vars/main.yml index defa5c16..ea583428 100644 --- a/roles/docker-openproject/vars/main.yml +++ b/roles/docker-openproject/vars/main.yml @@ -1,6 +1,6 @@ application_id: "openproject" docker_repository_address: "https://github.com/opf/openproject-deploy" -database_password: "{{ applications[application_id].credentials.database_password }}" +database_password: "{{ applications[application_id].credentials.database.password }}" database_type: "postgres" openproject_plugins_service: "{{docker_compose.directories.services}}plugins/" diff --git a/roles/docker-portfolio/templates/footer_menu.yaml.j2 b/roles/docker-portfolio/templates/footer_menu.yaml.j2 index 20fadf18..ee7d8442 100644 --- a/roles/docker-portfolio/templates/footer_menu.yaml.j2 +++ b/roles/docker-portfolio/templates/footer_menu.yaml.j2 @@ -122,9 +122,9 @@ - name: Slides description: Checkout the presentation icon: - class: fas fa-book + class: "fas fa-chalkboard-teacher" url: https://{{domains.presentation}} - iframe: {{ applications | get_landingpage_iframe_enabled('sphinx') }} + iframe: {{ applications | get_landingpage_iframe_enabled('presentation') }} {% endif %} diff --git a/roles/docker-snipe_it/vars/main.yml b/roles/docker-snipe_it/vars/main.yml index c6155b31..52fd95b0 100644 --- a/roles/docker-snipe_it/vars/main.yml +++ b/roles/docker-snipe_it/vars/main.yml @@ -1,3 +1,3 @@ application_id: "snipe_it" -database_password: "{{applications.snipe_it.database_password}}" +database_password: "{{applications.snipe_it.credentials.database.password}}" database_type: "mariadb" \ No newline at end of file diff --git a/roles/docker-wordpress/files/Dockerfile b/roles/docker-wordpress/files/Dockerfile index 933802c2..b7d9f76b 100644 --- a/roles/docker-wordpress/files/Dockerfile +++ b/roles/docker-wordpress/files/Dockerfile @@ -1,12 +1,15 @@ FROM wordpress -# Update and installation of msmtp +# Install msmtp and update system RUN apt-get update && \ apt-get install -y msmtp msmtp-mta && \ rm -rf /var/lib/apt/lists/* -# Copy the msmtp configuration into the container -COPY config/msmtprc.conf /etc/msmtprc +# Install WP CLI +RUN curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && \ + chmod +x wp-cli.phar && \ + mv wp-cli.phar /usr/local/bin/wp -# Copy the PHP configuration for uploads (and mail settings) +# Copy msmtp configuration and PHP upload settings +COPY config/msmtprc.conf /etc/msmtprc COPY upload.ini $PHP_INI_DIR/conf.d/ \ No newline at end of file diff --git a/roles/docker-wordpress/tasks/install.yml b/roles/docker-wordpress/tasks/install.yml new file mode 100644 index 00000000..78678ea2 --- /dev/null +++ b/roles/docker-wordpress/tasks/install.yml @@ -0,0 +1,12 @@ +- name: "{{ role_name }} | Run WordPress core install via WP CLI" + command: > + docker-compose exec -T -u www-data application + wp core install + --url="https://{{ domains[application_id][0] }}" + --title="{{ applications[application_id].title }}" + --admin_user="{{ applications[application_id].credentials.administrator.username }}" + --admin_password="{{ applications[application_id].credentials.administrator.password }}" + --admin_email="{{ applications[application_id].credentials.administrator.email }}" + --path="{{ wordpress_docker_html_path }}" + args: + chdir: "{{ docker_compose.directories.instance }}" diff --git a/roles/docker-wordpress/tasks/main.yml b/roles/docker-wordpress/tasks/main.yml index b40569d2..bb8b705c 100644 --- a/roles/docker-wordpress/tasks/main.yml +++ b/roles/docker-wordpress/tasks/main.yml @@ -1,9 +1,9 @@ --- -- name: "include docker-central-database" +- name: "{{ role_name }} | Include docker-central-database" include_role: name: docker-central-database -- name: "include role nginx-domain-setup for {{ application_id }}" +- name: "{{ role_name }} | Include role nginx-domain-setup for {{ application_id }}" include_role: name: nginx-domain-setup loop: "{{ domains.wordpress }}" @@ -13,23 +13,30 @@ nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size {{ wordpress_max_upload_size }};" http_port: "{{ ports.localhost.http[application_id] }}" -- name: "Transfering upload.ini to {{ docker_compose.directories.instance }}" +- name: "{{ role_name }} | Transfering upload.ini to {{ docker_compose.directories.instance }}" template: src: upload.ini.j2 dest: "{{ docker_compose.directories.instance }}upload.ini" notify: docker compose project build and setup -- name: "Transfering msmtprc to {{ host_msmtp_conf }}" +- name: "{{ role_name }} | Transfering msmtprc to {{ host_msmtp_conf }}" template: src: "{{ playbook_dir }}/roles/msmtp/templates/msmtprc.conf.j2" dest: "{{ host_msmtp_conf }}" notify: docker compose project build and setup -- name: "Transfering Dockerfile to {{ docker_compose.directories.instance }}" +- name: "{{ role_name }} | Transfering Dockerfile to {{ docker_compose.directories.instance }}" copy: src: Dockerfile dest: "{{ docker_compose.directories.instance }}Dockerfile" notify: docker compose project build and setup -- name: "copy docker-compose.yml and env file" +- name: "{{ role_name }} | copy docker-compose.yml and env file" include_tasks: copy-docker-compose-and-env.yml + +- name: "{{ role_name }} | Install wordpress" + include_tasks: install.yml + +- name: "{{ role_name }} | Activating OIDC when enabled." + include_tasks: oidc.yml + when: applications[application_id].oidc.enabled | bool diff --git a/roles/docker-wordpress/tasks/oidc.yml b/roles/docker-wordpress/tasks/oidc.yml new file mode 100644 index 00000000..d58f9855 --- /dev/null +++ b/roles/docker-wordpress/tasks/oidc.yml @@ -0,0 +1,16 @@ +--- +- name: "{{ role_name }} | Install OpenID Connect Generic Plugin via WP CLI" + command: > + docker-compose exec -u www-data -T application + wp plugin install daggerhart-openid-connect-generic + --path={{ wordpress_docker_html_path }} + args: + chdir: "{{ docker_compose.directories.instance }}" + +- name: "{{ role_name }} | Activate OpenID Connect Generic Plugin" + command: > + docker-compose exec -u www-data -T application + wp plugin activate daggerhart-openid-connect-generic + --path={{ wordpress_docker_html_path }} + args: + chdir: "{{ docker_compose.directories.instance }}" diff --git a/roles/docker-wordpress/templates/docker-compose.yml.j2 b/roles/docker-wordpress/templates/docker-compose.yml.j2 index 4d677e71..a2dc917c 100644 --- a/roles/docker-wordpress/templates/docker-compose.yml.j2 +++ b/roles/docker-wordpress/templates/docker-compose.yml.j2 @@ -4,14 +4,14 @@ services: application: {% include 'roles/docker-compose/templates/services/base.yml.j2' %} - image: {{custom_wordpress_image}} + image: {{wordpress_custom_image}} container_name: wordpress-application build: context: . ports: - "127.0.0.1:{{ports.localhost.http[application_id]}}:80" volumes: - - data:/var/www/html + - data:{{ wordpress_docker_html_path }} {% include 'roles/docker-compose/templates/services/msmtp_curl_test.yml.j2' %} diff --git a/roles/docker-wordpress/templates/env.j2 b/roles/docker-wordpress/templates/env.j2 index ae261dfd..b8fe8259 100644 --- a/roles/docker-wordpress/templates/env.j2 +++ b/roles/docker-wordpress/templates/env.j2 @@ -1,4 +1,15 @@ WORDPRESS_DB_HOST= "{{database_host}}:{{database_port}}" WORDPRESS_DB_USER= "{{database_username}}" WORDPRESS_DB_PASSWORD= "{{database_password}}" -WORDPRESS_DB_NAME= "{{database_name}}" \ No newline at end of file +WORDPRESS_DB_NAME= "{{database_name}}" + +{% if applications[application_id].oidc.enabled | bool %} +# OIDC Configuration (loaded if OIDC is enabled) +# @see https://github.com/oidc-wp/openid-connect-generic/blob/develop/includes/openid-connect-generic-option-settings.php +OIDC_CLIENT_ID={{ oidc.client.id }} +OIDC_CLIENT_SECRET={{ oidc.client.secret }} +OIDC_ENDPOINT_LOGOUT_URL={{ oidc.client.logout_url }} +OIDC_ENDPOINT_LOGIN_URL={{ oidc.client.authorize_url }} +OIDC_ENDPOINT_TOKEN_URL={{ oidc.client.token_url }} +OIDC_ENDPOINT_USERINFO_URL={{ oidc.client.user_info_url }} +{% endif %} diff --git a/roles/docker-wordpress/vars/main.yml b/roles/docker-wordpress/vars/main.yml index cb7d0cd4..31c9d49d 100644 --- a/roles/docker-wordpress/vars/main.yml +++ b/roles/docker-wordpress/vars/main.yml @@ -1,6 +1,7 @@ application_id: "wordpress" wordpress_max_upload_size: "64M" database_type: "mariadb" -database_password: "{{wordpress_database_password}}" -custom_wordpress_image: "custom_wordpress" +database_password: "{{applications[application_id].credentials.database.password}}" +wordpress_custom_image: "wordpress_custom" +wordpress_docker_html_path: "/var/www/html" host_msmtp_conf: "{{docker_compose.directories.config}}msmtprc.conf" \ No newline at end of file