kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-03-29 04:23:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Optimized .mds and meta/main.yml for client-wireguard roles and refactored README.md of Docker Roles

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-03-14 14:42:59 +01:00
parent 17e2c992b3
commit 892403cf8c
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
142 changed files with 1427 additions and 1395 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
roles/backup-data-to-usb/README.md
View File

@ -4,7 +4,7 @@
This Ansible role automates data backups to a swappable USB device. It triggers the backup process automatically when the USB is mounted, allowing for customizable source and destination paths and integrating with systemd for reliable execution.
## Overview
## 📌 Overview
Optimized for Archlinux, this role ensures that backups are performed consistently with minimal manual intervention. It leverages efficient synchronization methods and provides a seamless integration with systemd to manage the backup service.
@ -20,6 +20,6 @@ The primary purpose of this role is to simplify the backup process for systems t
- **Efficient Synchronization:** Utilizes rsync with incremental backup strategies for optimal performance.
- **Optimized for Archlinux:** Tailored for Archlinux systems using the rolling release model.
## Credits
## Credits 📝
Developed and maintained by **Kevin Veen-Birkenbach**. Special thanks to [OpenAI ChatGPT](https://chat.openai.com/share/a75ca771-d8a4-4b75-9912-c515ba371ae4) for its assistance in developing this role.

2
roles/backup-directory-validator/README.md
View File

@ -4,7 +4,7 @@
This Ansible role pulls the [directory-validator](https://github.com/kevinveenbirkenbach/directory-validator.git) repository to a predefined location. It is used by the backup-docker-to-local and cleanup-failed-docker-backups roles to verify whether backups have been successfully created.
## Overview
## 📌 Overview
The role retrieves the latest version of the directory-validator from its Git repository and installs it into the designated folder (configured via the `backup_directory_validator_folder` variable). A fact is set to ensure that the repository is pulled only once per playbook run.

2
roles/backup-docker-to-local/README.md
View File

@ -4,7 +4,7 @@
This Ansible role automates the process of backing up Docker volumes to a local folder. It pulls the [backup-docker-to-local repository](https://github.com/kevinveenbirkenbach/backup-docker-to-local.git), installs required software, configures systemd services for both standard and "everything" backup modes, and seeds backup database entries as needed.
## Overview
## 📌 Overview
Optimized for Archlinux, this role ensures that Docker volume backups are performed reliably with minimal manual intervention. It integrates with several dependent roles to verify backup success and manage related tasks, including:
- [backup-directory-validator](../backup-directory-validator/) Validates backup directories.

4
roles/backup-remote-to-local/README.md
View File

@ -4,7 +4,7 @@
This role pulls backups from a remote server and stores them locally using rsync with retry logic. It is designed to retrieve remote backup data and integrate with your overall backup scheme.
## Overview
## 📌 Overview
Optimized for Archlinux, this role is a key component of a comprehensive backup system. It works in conjunction with other roles to ensure that backup data is collected, verified, and maintained. The role uses a Bash script to pull backups, manage remote connections, and handle incremental backup creation.
@ -20,7 +20,7 @@ Backup Remote to Local is a robust solution for retrieving backup data from remo
- **Integration with Other Roles:** Works alongside roles like backup-directory-validator, cleanup-failed-docker-backups, systemd-timer, backups-provider, and system-maintenance-lock.
- **Administrative Debugging:** Detailed debug instructions and administrative tasks are provided in a separate file.
## Further Information
## 📚 Other Resources
- **Backup Scheme:**
![backup scheme](https://www.veen.world/wp-content/uploads/2020/12/server-backup-768x567.jpg)

4
roles/backups-provider-user/README.md
View File

@ -4,7 +4,7 @@
This role sets up a dedicated backup user (`backup`) for performing secure backup operations. It creates the user, configures a restricted SSH environment with a custom `authorized_keys` template and an SSH wrapper script, and grants necessary sudo rights for executing rsync. This configuration helps ensure controlled and secure access specifically for backup processes.
## Overview
## 📌 Overview
The role is a critical component in a secure backup scheme. By isolating backup operations to a dedicated user, it minimizes the risk of unauthorized actions. The role configures the SSH environment so that only specific, allowed commands can be executed, and it sets up passwordless sudo rights for rsync, ensuring smooth and secure backup operations.
@ -20,7 +20,7 @@ The purpose of this role is to enhance the security of your backup system by pro
- **Sudo Configuration:** Grants passwordless sudo rights for rsync, enabling secure and automated backup transfers.
- **Integration:** Supports seamless integration with your backup infrastructure by limiting the backup user's permissions to only the required commands.
## Further Information
## 📚 Other Resources
For more details on how the role works and advanced configuration options, please see the related references below:
- [Ansible Playbooks Lookups](https://docs.ansible.com/ansible/latest/user_guide/playbooks_lookups.html#id3)

2
roles/backups-provider/README.md
View File

@ -4,7 +4,7 @@
This role sets up and manages the host as a backup provider. It establishes the framework for secure backup operations and integrates with other roles to facilitate reliable backup data management.
## Overview
## 📌 Overview
Optimized for automated backup processes, this role:
- Configures the host to provide backup services.

4
roles/cleanup-backups-service/README.md
View File

@ -4,7 +4,7 @@
This role automates the cleanup of old backups by executing a Python script that deletes outdated backup versions based on disk usage thresholds. It ensures that backup storage does not exceed a defined usage percentage.
## Overview
## 📌 Overview
Optimized for effective disk space management, this role:
- Installs required packages (e.g. [lsof](https://en.wikipedia.org/wiki/Lsof) and [psutil](https://pypi.org/project/psutil/)) using pacman.
@ -23,5 +23,5 @@ The primary purpose of this role is to maintain optimal backup storage by automa
- **Systemd Integration:** Configures a systemd service to run cleanup tasks.
- **Dependency Integration:** Works in conjunction with related roles for comprehensive backup management.
## Further Information
## 📚 Other Resources
- https://stackoverflow.com/questions/48929553/get-hard-disk-size-in-python

2
roles/cleanup-backups-timer/README.md
View File

@ -4,7 +4,7 @@
This role sets up a systemd timer to schedule the periodic cleanup of old backups. It leverages the cleanup-backups-service role to perform the actual cleanup operation.
## Overview
## 📌 Overview
Optimized for automated maintenance, this role:
- Sets a fact for the service name.

2
roles/cleanup-disc-space/README.md
View File

@ -4,7 +4,7 @@
This role frees disk space by executing a script that cleans up temporary files, clears package caches, and optionally cleans up backup directories and Docker resources when disk usage exceeds a specified threshold.
## Overview
## 📌 Overview
Optimized for efficient storage management, this role:
- Creates a directory for disk cleanup scripts.

2
roles/cleanup-failed-docker-backups/README.md
View File

@ -4,7 +4,7 @@
This role cleans up failed Docker backups by pulling a [Git repository](https://github.com/kevinveenbirkenbach/cleanup-failed-docker-backups) that contains cleanup scripts and configuring a systemd service to execute them. It ensures that failed or incomplete backups are removed to free up disk space and maintain a healthy backup environment.
## Overview
## 📌 Overview
Optimized for backup maintenance, this role:
- Clones the cleanup-failed-docker-backups repository.

25
roles/client-wireguard-behind-firewall/README.md
View File

@ -1,5 +1,26 @@
# client-wireguard-behind-nat
# Client WireGuard Behind NAT Role
# see
## Description
This role adapts iptables rules to enable proper connectivity for a WireGuard client running behind a NAT or firewall. It ensures that traffic is forwarded correctly by applying necessary masquerading rules.
## 📌 Overview
Optimized for environments with network address translation (NAT), this role:
- Executes shell commands to modify iptables rules.
- Allows traffic from the WireGuard client interface (e.g. `wg0-client`) and sets up NAT masquerading on the external interface (e.g. `eth0`).
- Works as an extension to the native WireGuard client role.
## Purpose
The primary purpose of this role is to enable proper routing and connectivity for a WireGuard client situated behind a firewall or NAT device. By adapting iptables rules, it ensures that the client can communicate effectively with external networks.
## Features
- **iptables Rule Adaptation:** Modifies iptables to allow forwarding and NAT masquerading for the WireGuard client.
- **NAT Support:** Configures the external interface for proper masquerading.
- **Role Integration:** Depends on the [client-wireguard](../client-wireguard/README.md) role to ensure that WireGuard is properly configured before applying firewall rules.
## 📚 Other Resources
- https://gist.github.com/insdavm/b1034635ab23b8839bf957aa406b5e39
- https://wiki.debian.org/iptables

26
roles/client-wireguard-behind-firewall/meta/main.yml
View File

@ -1,2 +1,26 @@
---
galaxy_info:
author: "Kevin Veen-Birkenbach"
description: "Adapts iptables rules to enable proper connectivity for a WireGuard client running behind a NAT or firewall, ensuring that traffic is correctly forwarded and masqueraded."
license: "CyMaIS NonCommercial License (CNCL)"
license_url: "https://s.veen.world/cncl"
company: |
Kevin Veen-Birkenbach
Consulting & Coaching Solutions
https://www.veen.world
min_ansible_version: "2.9"
platforms:
- name: Linux
versions:
- all
galaxy_tags:
- wireguard
- nat
- firewall
- iptables
- networking
repository: "https://s.veen.world/cymais"
issue_tracker_url: "https://s.veen.world/cymaisissues"
documentation: "https://s.veen.world/cymais"
dependencies:
- client-wireguard
- client-wireguard

11
roles/client-wireguard/Administration.md Normal file
View File

@ -0,0 +1,11 @@
# Administration
## Create Client Keys
```bash
wg_private_key="$(wg genkey)"
wg_public_key="$(echo "$wg_private_key" | wg pubkey)"
echo "PrivateKey: $wg_private_key"
echo "PublicKey: $wg_public_key"
echo "PresharedKey: $(wg genpsk)"
```

61
roles/client-wireguard/README.md
View File

@ -1,28 +1,37 @@
# Role Native Wireguard
Manages wireguard on a client.
# Native Wireguard Client
## Create Client Keys
```bash
wg_private_key="$(wg genkey)"
wg_public_key="$(echo "$wg_private_key" | wg pubkey)"
echo "PrivateKey: $wg_private_key"
echo "PublicKey: $wg_public_key"
echo "PresharedKey: $(wg genpsk)"
```
## Description
## Other
- https://golb.hplar.ch/2019/01/expose-server-vpn.html
- https://wiki.archlinux.org/index.php/WireGuard
- https://wireguard.how/server/raspbian/
- https://www.scaleuptech.com/de/blog/was-ist-und-wie-funktioniert-subnetting/
- https://bodhilinux.boards.net/thread/450/wireguard-rtnetlink-answers-permission-denied
- https://stackoverflow.com/questions/69140072/unable-to-ssh-into-wireguard-ip-until-i-ping-another-server-from-inside-the-serv
- https://unix.stackexchange.com/questions/717172/why-is-ufw-blocking-acces-to-ssh-via-wireguard
- https://forum.openwrt.org/t/cannot-ssh-to-clients-on-lan-when-accessing-router-via-wireguard-client/132709/3
- https://serverfault.com/questions/1086297/wireguard-connection-dies-on-ubuntu-peer
- https://unix.stackexchange.com/questions/624987/ssh-fails-to-start-when-listenaddress-is-set-to-wireguard-vpn-ip
- https://serverfault.com/questions/210408/cannot-ssh-debug1-expecting-ssh2-msg-kex-dh-gex-reply
- https://www.thomas-krenn.com/de/wiki/Linux_ip_Kommando
- https://wiki.archlinux.org/title/dhcpcd
- https://wiki.ubuntuusers.de/NetworkManager/Dispatcher/
- https://askubuntu.com/questions/1024916/how-can-i-launch-a-systemd-service-at-startup-before-another-systemd-service-sta
This role manages WireGuard on a client system. It sets up essential services and scripts to configure and optimize WireGuard connectivity. Additionally, it provides a link to an Administration document for creating client keys.
## 📌 Overview
Optimized for client configurations, this role:
- Deploys a systemd service (`set-mtu.cymais.service`) and its associated script to set the MTU on specified network interfaces.
- Uses a Jinja2 template to generate the `set-mtu.sh` script.
- Ensures that the MTU is configured correctly before starting WireGuard with [wg-quick](https://www.wireguard.com/quickstart/).
## Purpose
The primary purpose of this role is to configure WireGuard on a client by setting appropriate MTU values on network interfaces. This ensures a stable and optimized VPN connection.
## Features
- **MTU Configuration:** Deploys a template-based script to set the MTU on all defined internet interfaces.
- **Systemd Service Integration:** Creates and manages a systemd service to execute the MTU configuration script.
- **Administration Support:** For client key creation and further setup, please refer to the [Administration](./Administration.md) file.
- **Modular Design:** Easily integrates with other WireGuard roles or network configuration roles.
## 📚 Other Resources
- [WireGuard Documentation](https://www.wireguard.com/)
- [ArchWiki: WireGuard](https://wiki.archlinux.org/index.php/WireGuard)
- [WireGuard on Raspbian](https://wireguard.how/server/raspbian/)
- [Subnetting Basics](https://www.scaleuptech.com/de/blog/was-ist-und-wie-funktioniert-subnetting/)
- [WireGuard Permissions Issue Discussion](https://bodhilinux.boards.net/thread/450/wireguard-rtnetlink-answers-permission-denied)
- [SSH Issues with WireGuard](https://stackoverflow.com/questions/69140072/unable-to-ssh-into-wireguard-ip-until-i-ping-another-server-from-inside-the-serv)
- [UFW and SSH via WireGuard](https://unix.stackexchange.com/questions/717172/why-is-ufw-blocking-acces-to-ssh-via-wireguard)
- [OpenWrt Forum Discussion on WireGuard](https://forum.openwrt.org/t/cannot-ssh-to-clients-on-lan-when-accessing-router-via-wireguard-client/132709/3)
- [WireGuard Connection Dies on Ubuntu](https://serverfault.com/questions/1086297/wireguard-connection-dies-on-ubuntu-peer)
- [SSH Fails with WireGuard IP](https://unix.stackexchange.com/questions/624987/ssh-fails-to-start-when-listenaddress-is-set-to-wireguard-vpn-ip)
- [WireGuard NAT and Firewall Issues](https://serverfault.com/questions/210408/cannot-ssh-debug1-expecting-ssh2-msg-kex-dh-gex-reply)

27
roles/client-wireguard/meta/main.yml
View File

@ -1,2 +1,27 @@
---
galaxy_info:
author: "Kevin Veen-Birkenbach"
description: "Manages WireGuard on a client system by deploying services and scripts to set MTU on network interfaces and ensure optimal VPN connectivity."
license: "CyMaIS NonCommercial License (CNCL)"
license_url: "https://s.veen.world/cncl"
company: |
Kevin Veen-Birkenbach
Consulting & Coaching Solutions
https://www.veen.world
min_ansible_version: "2.9"
platforms:
- name: Linux
versions:
- all
galaxy_tags:
- wireguard
- vpn
- client
- mtu
- systemd
- configuration
repository: "https://s.veen.world/cymais"
issue_tracker_url: "https://s.veen.world/cymaisissues"
documentation: "https://s.veen.world/cymais"
dependencies:
- wireguard
- wireguard

31
roles/docker-akaunting/Administration.md Normal file
View File

@ -0,0 +1,31 @@
# Administration
## View Logs
To check the latest logs of Akaunting.
```bash
docker-compose exec -it akaunting tail -n 300 storage/logs/laravel.log
```
## Access Containers
- Akaunting Container: `docker-compose exec -it akaunting bash`
- Database Container: `docker-compose exec -it akaunting-db /bin/mariadb -u admin --password=$akaunting_db_password akaunting`
## Manual Update
Execute PHP artisan commands in the following order for updating Akaunting:
```bash
php artisan about
php artisan cache:clear
php artisan view:clear
php artisan migrate:status
php artisan update:all
php artisan update:db
```
## Composer
To install Composer, a PHP dependency management tool:
```bash
curl https://getcomposer.org/download/2.4.1/composer.phar --output composer.phar
php composer.phar install
```

32
roles/docker-akaunting/INSTALLATIONN.md Normal file
View File

@ -0,0 +1,32 @@
# Installation Steps
@ATTENTION Variable ```#AKAUNTING_SETUP: true``` needs to be set
## New Manual Setup
1. **Navigate to Docker Compose Directory**: Change to the directory containing your Docker Compose files for Akaunting.
```bash
cd {{path_docker_compose_instances}}akaunting/
```
2. **Set Environment Variables**: These are necessary to prevent timeouts during long operations.
```bash
export COMPOSE_HTTP_TIMEOUT=600
export DOCKER_CLIENT_TIMEOUT=600
```
3. **Start Akaunting Service**: This command will initialize the Akaunting setup.
```bash
AKAUNTING_SETUP=true docker-compose -p akaunting up -d
```
4. **Check Web Interface**: Ensure the web interface is operational.
5. **Restart Services**: To finalize the setup, restart the services.
```bash
docker-compose down
docker-compose -p akaunting up -d
```

65
roles/docker-akaunting/README.md
View File

@ -16,69 +16,6 @@ This guide details the process of setting up Akaunting, a free and online accoun
- Basic understanding of Docker concepts.
- Access to the command line or terminal.
## Installation Steps
@ATTENTION Variable ```#AKAUNTING_SETUP: true``` needs to be set
### New Manual Setup
1. **Navigate to Docker Compose Directory**: Change to the directory containing your Docker Compose files for Akaunting.
```bash
cd {{path_docker_compose_instances}}akaunting/
```
2. **Set Environment Variables**: These are necessary to prevent timeouts during long operations.
```bash
export COMPOSE_HTTP_TIMEOUT=600
export DOCKER_CLIENT_TIMEOUT=600
```
3. **Start Akaunting Service**: This command will initialize the Akaunting setup.
```bash
AKAUNTING_SETUP=true docker-compose -p akaunting up -d
```
4. **Check Web Interface**: Ensure the web interface is operational.
5. **Restart Services**: To finalize the setup, restart the services.
```bash
docker-compose down
docker-compose -p akaunting up -d
```
### Administration
- **View Logs**: To check the latest logs of Akaunting.
```bash
docker-compose exec -it akaunting tail -n 300 storage/logs/laravel.log
```
- **Access Containers**: For troubleshooting or configuration.
- Akaunting Container: `docker-compose exec -it akaunting bash`
- Database Container: `docker-compose exec -it akaunting-db /bin/mariadb -u admin --password=$akaunting_db_password akaunting`
### Manual Update
Execute PHP artisan commands in the following order for updating Akaunting:
```bash
php artisan about
php artisan cache:clear
php artisan view:clear
php artisan migrate:status
php artisan update:all
php artisan update:db
```
### Composer
To install Composer, a PHP dependency management tool:
```bash
curl https://getcomposer.org/download/2.4.1/composer.phar --output composer.phar
php composer.phar install
```
### Full Backup Routine
Detailed steps for backing up your Akaunting instance, including setting manual and automatic variables, destroying containers, removing volumes, and rebuilding and recovering volumes. (Refer to the full backup routine script in the original README).
@ -94,7 +31,7 @@ Variables are crucial in configuring your Akaunting setup. Ensure you set the fo
- **Nginx Configuration**: Necessary steps to configure Nginx as a reverse proxy for Akaunting.
- **Database and Runtime Environment**: Instructions on how to set up the `db.env` and `run.env` files for database and runtime configurations.
## Further Information
## 📚 Other Resources
For more details, visit the [Akaunting Docker Repository](https://github.com/akaunting/docker) and the [Akaunting Forums](https://akaunting.com/forum).
## Contribution and Feedback

5
roles/docker-attendize/Installation.md Normal file
View File

@ -0,0 +1,5 @@
## Setup Instructions
```bash
bash ./Makefile setup
```

8
roles/docker-attendize/README.md
View File

@ -2,10 +2,4 @@
# Role: docker-attendize (WIP)
This Ansible role sets up Attendize, an open-source ticket selling and event management platform.
## Setup Instructions
```bash
bash ./Makefile setup
```
This Ansible role sets up Attendize, an open-source ticket selling and event management platform.

2
roles/docker-baserow/README.md
View File

@ -2,7 +2,7 @@
This role allows the setup of [baserole](https://baserow.io/).
## More Information
## 📚 Other Resources
It was created with the help of [Chat GPT-4](https://chat.openai.com/share/556c2d7f-6b6f-4256-a646-a50529554efc).

16
roles/docker-bigbluebutton/Administration.md Normal file
View File

@ -0,0 +1,16 @@
## Administration
## cleanup
```bash
docker compose down -v
```
## check container status
```bash
watch -n 2 "docker compose ps -a"
```
## database access
```bash
sudo docker-compose exec -it postgres psql -U postgres
```

19
roles/docker-bigbluebutton/README.md
View File

@ -3,27 +3,10 @@
Role to deploy [BigBlueButton](https://bigbluebutton.org/).
## maintanace
### cleanup
```bash
docker compose down -v
```
### check container status
```bash
watch -n 2 "docker compose ps -a"
```
### database access
```bash
sudo docker-compose exec -it postgres psql -U postgres
```
## SSO
- https://docs.bigbluebutton.org/greenlight/v3/external-authentication/
## further information
## 📚 Other Resources
- https://github.com/bigbluebutton/docker
- https://docs.bigbluebutton.org/greenlight/gl-install.html#setting-bigbluebutton-credentials
- https://goneuland.de/big-blue-button-mit-docker-und-traefik-installieren/

28
roles/docker-bluesky/Administration.md Normal file
View File

@ -0,0 +1,28 @@
# Administration
## create user via POST
```bash
curl -X POST https://your-pds-domain/xrpc/com.atproto.server.createAccount \
--user "admin:$admin-password"
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com",
"handle": "username",
"password": "securepassword123",
"inviteCode": "optional-invite-code"
}'
```
## Use pdsadmin
docker compose exec -it pds pdsadmin
docker compose exec -it pds pdsadmin account create-invite-code
## Debugging
- Websocket: https://piehost.com/websocket-tester
- Instance: https://bsky-debug.app
https://bluesky.veen.world/.well-known/atproto-did
Initial setup keine top level domain

4
roles/docker-bluesky/Installation.md Normal file
View File

@ -0,0 +1,4 @@
# Installation
## Configure DNS
- https://bsky.social/about/blog/4-28-2023-domain-handle-tutorial

37
roles/docker-bluesky/README.md
View File

@ -1,42 +1,7 @@
# DRAFT role docker-bluesky
## Setup
### Configure DNS
- https://bsky.social/about/blog/4-28-2023-domain-handle-tutorial
## Administration
### create user via POST
```bash
curl -X POST https://your-pds-domain/xrpc/com.atproto.server.createAccount \
--user "admin:$admin-password"
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com",
"handle": "username",
"password": "securepassword123",
"inviteCode": "optional-invite-code"
}'
```
### Use pdsadmin
docker compose exec -it pds pdsadmin
docker compose exec -it pds pdsadmin account create-invite-code
## Debugging
- Websocket: https://piehost.com/websocket-tester
- Instance: https://bsky-debug.app
https://bluesky.veen.world/.well-known/atproto-did
Initial setup keine top level domain
## more information
## 📚 Other Resources
- https://therobbiedavis.com/selfhosting-bluesky-with-docker-and-swag/
- Relevant for proxy configuration: https://cprimozic.net/notes/posts/notes-on-self-hosting-bluesky-pds-alongside-other-services/
- https://github.com/bluesky-social/pds

2
roles/docker-central-database/README.md
View File

@ -4,7 +4,7 @@ This Ansible role provides the necessary tasks, files, templates, and variables
---
## Overview 🔍
## 📌 Overview 🔍
- **Database Variables**
Defined in [./vars/database.yml](./vars/database.yml), these variables include:

8
roles/docker-discourse/Administration.md Normal file
View File

@ -0,0 +1,8 @@
# Administration
## Check configuration
```bash
./launcher enter application
pry(main)> SiteSetting.all.each { |setting| puts "#{setting.name}: #{setting.value}" }
```
---

9
roles/docker-discourse/README.md
View File

@ -2,13 +2,6 @@
This Ansible role sets up Discourse, a popular open-source discussion platform, using Docker containers. It is designed to automate the deployment and configuration process of Discourse, making it easier to maintain and update.
## Check configuration
```bash
./launcher enter application
pry(main)> SiteSetting.all.each { |setting| puts "#{setting.name}: #{setting.value}" }
```
---
## Credits 📝
This README was generated with information provided in the Ansible role. For more detailed instructions and information, refer to the inline comments within the role files. Additional support and context for this role can be found in an [online chat discussion](https://chat.openai.com/share/fdbf9870-1f7e-491f-b4d2-357e6e8ad59c).

4
roles/docker-elk/Administration.md Normal file
View File

@ -0,0 +1,4 @@
## restart all services
```bash
docker restart elk_logstash_1 && docker restart elk_elasticsearch_1 && docker restart elk_kibana_1
```

5
roles/docker-elk/README.md
View File

@ -2,11 +2,6 @@
I decided against using this role for security reasons. I recommend to use another tool if you don't want to pay for keeping your logs save and if you don't want to depend on external servers.
## restart all services
```bash
docker restart elk_logstash_1 && docker restart elk_elasticsearch_1 && docker restart elk_kibana_1
```
## see
- https://logz.io/blog/elk-stack-on-docker/
- https://github.com/kevinveenbirkenbach/docker-elk

92
roles/docker-friendica/Administration.md Normal file
View File

@ -0,0 +1,92 @@
## Administration 📚
### Full Reset 🚫➡️✅
The following environment variables need to be defined for successful operation:
- `DB_ROOT_PASSWORD`: The root password for the MariaDB instance
To completely reset Friendica, including its database and volumes, run:
```bash
docker exec -i central-mariadb mariadb -u root -p"${DB_ROOT_PASSWORD}" -e "DROP DATABASE IF EXISTS friendica; CREATE DATABASE friendica;"
docker compose down
rm -rv /mnt/hdd/data/docker/volumes/friendica_data
docker volume rm friendica_data
```
### Reset Database 🗄️
#### Manual Method:
1. Connect to the MariaDB instance:
```bash
docker exec -it central-mariadb mariadb -u root -p
```
2. Run the following commands:
```sql
DROP DATABASE friendica;
CREATE DATABASE friendica;
exit;
```
#### Automatic Method:
```bash
DB_ROOT_PASSWORD="your_root_password"
docker exec -i central-mariadb mariadb -u root -p"${DB_ROOT_PASSWORD}" -e "DROP DATABASE IF EXISTS friendica; CREATE DATABASE friendica;"
```
### Enter the Application Container 🔍
To access the application container:
```bash
docker compose exec -it application sh
```
### Debugging Tools 🛠️
#### Check Environment Variables
```bash
docker compose exec -it application printenv
```
#### Inspect Volume Data
```bash
ls -la /var/lib/docker/volumes/friendica_data/_data/
```
### Autoinstall 🌟
Run the following command to autoinstall Friendica:
```bash
docker compose exec --user www-data -it application bin/console autoinstall
```
### Reinitialization 🔄
#### Docker Only:
```bash
docker-compose up -d --force-recreate
```
#### Full Reinitialization:
```bash
docker-compose up -d --force-recreate && sleep 2; docker compose exec --user www-data -it application bin/console autoinstall;
```
### Configuration Information
#### General Configuration:
```bash
cat /var/lib/docker/volumes/friendica_data/_data/config/local.config.php
```
#### Email Configuration:
```bash
docker compose exec -it application cat /etc/msmtprc
```
### Email Debugging ✉️
To send a test email:
```bash
docker compose exec -it application msmtp --account=system_email -t test@test.de
```

97
roles/docker-friendica/README.md
View File

@ -2,7 +2,7 @@
This role manages the setup, reset, and maintenance of a Friendica instance running with Docker.
## Overview 🚀
## 📌 Overview
Friendica is a decentralized social networking platform. This role helps manage Friendica in a containerized environment with Docker and provides tools for debugging, resetting, and maintaining the installation.
@ -13,100 +13,7 @@ Ensure you have the following:
- A central MariaDB instance running
- Necessary permissions to manage Docker and database configurations
## Usage 📚
### Full Reset 🚫➡️✅
The following environment variables need to be defined for successful operation:
- `DB_ROOT_PASSWORD`: The root password for the MariaDB instance
To completely reset Friendica, including its database and volumes, run:
```bash
docker exec -i central-mariadb mariadb -u root -p"${DB_ROOT_PASSWORD}" -e "DROP DATABASE IF EXISTS friendica; CREATE DATABASE friendica;"
docker compose down
rm -rv /mnt/hdd/data/docker/volumes/friendica_data
docker volume rm friendica_data
```
### Reset Database 🗄️
#### Manual Method:
1. Connect to the MariaDB instance:
```bash
docker exec -it central-mariadb mariadb -u root -p
```
2. Run the following commands:
```sql
DROP DATABASE friendica;
CREATE DATABASE friendica;
exit;
```
#### Automatic Method:
```bash
DB_ROOT_PASSWORD="your_root_password"
docker exec -i central-mariadb mariadb -u root -p"${DB_ROOT_PASSWORD}" -e "DROP DATABASE IF EXISTS friendica; CREATE DATABASE friendica;"
```
### Enter the Application Container 🔍
To access the application container:
```bash
docker compose exec -it application sh
```
### Debugging Tools 🛠️
#### Check Environment Variables
```bash
docker compose exec -it application printenv
```
#### Inspect Volume Data
```bash
ls -la /var/lib/docker/volumes/friendica_data/_data/
```
### Autoinstall 🌟
Run the following command to autoinstall Friendica:
```bash
docker compose exec --user www-data -it application bin/console autoinstall
```
### Reinitialization 🔄
#### Docker Only:
```bash
docker-compose up -d --force-recreate
```
#### Full Reinitialization:
```bash
docker-compose up -d --force-recreate && sleep 2; docker compose exec --user www-data -it application bin/console autoinstall;
```
### Configuration Information
#### General Configuration:
```bash
cat /var/lib/docker/volumes/friendica_data/_data/config/local.config.php
```
#### Email Configuration:
```bash
docker compose exec -it application cat /etc/msmtprc
```
### Email Debugging ✉️
To send a test email:
```bash
docker compose exec -it application msmtp --account=system_email -t test@test.de
```
## Additional Resources 📖
## 📚 Other Resources
- [Friendica Docker Hub](https://hub.docker.com/_/friendica)
- [Friendica Installation Docs](https://wiki.friendi.ca/docs/install)

7
roles/docker-funkwhale/Administration.md Normal file
View File

@ -0,0 +1,7 @@
# Administration
## cleanup
```bash
docker-compose down && docker volume rm funkwhale_data
```

8
roles/docker-funkwhale/README.md
View File

@ -2,11 +2,5 @@
This role doesn't work and needs to be implemented
## cleanup
```bash
docker-compose down && docker volume rm funkwhale_data
```
## further information
## 📚 Other Resources
- https://docs.funkwhale.audio/installation/docker.html

29
roles/docker-gitea/Administration.md Normal file
View File

@ -0,0 +1,29 @@
# Administration
## update
```bash
cd {{docker_compose.directories.instance}}
docker-compose down
docker-compose pull
docker-compose up -d
```
Keep in mind to track and to don't interrupt the update process until the migration is done.
## set variables
```bash
COMPOSE_HTTP_TIMEOUT=600
DOCKER_CLIENT_TIMEOUT=600
```
## recreate
```bash
cd {{docker_compose.directories.instance}} && docker-compose -p gitea up -d --force-recreate
```
## database access
To access the database execute
```bash
docker-compose exec -it database /bin/mysql -u gitea -p
```
## bash in application
docker-compose exec -it application /bin/sh

30
roles/docker-gitea/README.md
View File

@ -1,33 +1,5 @@
# role docker-gitea
## update
```bash
cd {{docker_compose.directories.instance}}
docker-compose down
docker-compose pull
docker-compose up -d
```
Keep in mind to track and to don't interrupt the update process until the migration is done.
## set variables
```bash
COMPOSE_HTTP_TIMEOUT=600
DOCKER_CLIENT_TIMEOUT=600
```
## recreate
```bash
cd {{docker_compose.directories.instance}} && docker-compose -p gitea up -d --force-recreate
```
## database access
To access the database execute
```bash
docker-compose exec -it database /bin/mysql -u gitea -p
```
## bash in application
docker-compose exec -it application /bin/sh
## More Information
## 📚 Other Resources
- [Gitea LDAP integration](https://docs.gitea.com/usage/authentication)
- [Gitea Alternatives](https://chatgpt.com/share/67a5f599-c9b0-800f-87fe-49a3b61263e6)

4
roles/docker-gitlab/README.md
View File

@ -1,6 +1,6 @@
# Docker-GitLab Ansible Role
## Overview
## 📌 Overview
This Ansible role is designed for setting up and managing a GitLab server running in a Docker container. It automates the process of installing GitLab, configuring its environment, and managing dependencies such as a PostgreSQL database and an Nginx reverse proxy.
## Features
@ -33,7 +33,7 @@ Include this role in your Ansible playbooks and specify the necessary variables.
For a detailed walkthrough and explanation of this role, refer to the conversation at [ChatGPT Session Transcript](https://chat.openai.com/share/1b0147bf-d4de-4790-b8ed-c332aa4e3ce3).
## Further Information
## 📚 Other Resources
- https://ralph.blog.imixs.com/2019/06/09/running-gitlab-on-docker/
## Performance Optimation

5
roles/docker-joomla/Administration.md Normal file
View File

@ -0,0 +1,5 @@
## delete all data
```bash
docker stop joomla_application_1; docker rm -f joomla_application_1; docker volume rm -f joomla-data;
docker stop joomla_database_1; docker rm -f joomla_database_1; docker volume rm -f joomla-database;
```

5
roles/docker-joomla/README.md
View File

@ -1,6 +1 @@
# role docker-joomla
## delete all data
```bash
docker stop joomla_application_1; docker rm -f joomla_application_1; docker volume rm -f joomla-data;
docker stop joomla_database_1; docker rm -f joomla_database_1; docker volume rm -f joomla-database;
```

2
roles/docker-keycloak/README.md
View File

@ -13,7 +13,7 @@ The role integrates Keycloak with PostgreSQL as a database and supports operatio
- Support for running behind a reverse proxy (e.g., NGINX).
- Automatic creation and management of Docker Compose files.
## More Information 📚
## 📚 Other Resources 📚
For more details about Keycloak, check out:
- [Official Keycloak Documentation](https://www.keycloak.org/)

26
roles/docker-ldap/Administration.md Normal file
View File

@ -0,0 +1,26 @@
# Administration
## Show Configuration
```bash
docker exec -it openldap bash -c "ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b 'cn=config'"
```
```bash
docker exec -it openldap bash -c "ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b 'cn=config' -s base '(objectClass=*)'"
```
```bash
docker exec -it openldap bash -c "ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b 'cn=config' -s base '(objectClass=olcModuleList)'"
```
## Show all Entries
```bash
docker exec --env LDAP_ADMIN_PASSWORD="$LDAP_ADMIN_PASSWORD" LDAP_DN_BASE="$LDAP_DN_BASE" -it openldap bash -c "ldapsearch -LLL -o ldif-wrap=no -x -D \"cn=administrator,\$LDAP_DN_BASE\" -w \"\$LDAP_ADMIN_PASSWORD\" -b \"\$LDAP_DN_BASE\"";
```
### Delete Groups and Subgroup
To delete the group inclusive all subgroups use:
```bash
docker exec --env LDAP_ADMIN_PASSWORD="$LDAP_ADMIN_PASSWORD" -it openldap bash -c "ldapsearch -LLL -o ldif-wrap=no -x -D \"cn=administrator,\$LDAP_DN_BASE\" -w \"\$LDAP_ADMIN_PASSWORD\" -b \"ou=applications,ou=groups,\$LDAP_DN_BASE\" dn | sed -n 's/^dn: //p' | tac | while read -r dn; do echo \"Deleting \$dn\"; ldapdelete -x -D \"cn=administrator,\$LDAP_DN_BASE\" -w \"\$LDAP_ADMIN_PASSWORD\" \"\$dn\"; done"
```

29
roles/docker-ldap/Installation.md Normal file
View File

@ -0,0 +1,29 @@
# Installation
## MemberOf
```bash
# Activate
ldapmodify -Y EXTERNAL -H ldapi:/// <<EOF
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: /opt/bitnami/openldap/lib/openldap/memberof.so
EOF
# Verify
ldapsearch -Q -Y EXTERNAL -H ldapi:/// -b "cn=module{0},cn=config" olcModuleLoad
ldapadd -Y EXTERNAL -H ldapi:/// <<EOF
dn: olcOverlay=memberof,olcDatabase={2}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcMemberOf
olcOverlay: memberof
olcMemberOfRefInt: TRUE
olcMemberOfDangling: ignore
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf
EOF
```

58
roles/docker-ldap/README.md
View File

@ -16,64 +16,6 @@ This Ansible role provides a streamlined implementation of an LDAP server with T
- **Healthcheck Support**:
- Ensures that the LDAP service is healthy and accessible using `ldapsearch`.
--
## Maintanance
### Show Config
```bash
docker exec -it openldap bash -c "ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b 'cn=config'"
```
```bash
docker exec -it openldap bash -c "ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b 'cn=config' -s base '(objectClass=*)'"
```
```bash
docker exec -it openldap bash -c "ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b 'cn=config' -s base '(objectClass=olcModuleList)'"
```
## install
### MemberOf
```bash
# Activate
ldapmodify -Y EXTERNAL -H ldapi:/// <<EOF
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: /opt/bitnami/openldap/lib/openldap/memberof.so
EOF
# Verify
ldapsearch -Q -Y EXTERNAL -H ldapi:/// -b "cn=module{0},cn=config" olcModuleLoad
ldapadd -Y EXTERNAL -H ldapi:/// <<EOF
dn: olcOverlay=memberof,olcDatabase={2}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcMemberOf
olcOverlay: memberof
olcMemberOfRefInt: TRUE
olcMemberOfDangling: ignore
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf
EOF
```
### Show all Entries
```bash
docker exec --env LDAP_ADMIN_PASSWORD="$LDAP_ADMIN_PASSWORD" LDAP_DN_BASE="$LDAP_DN_BASE" -it openldap bash -c "ldapsearch -LLL -o ldif-wrap=no -x -D \"cn=administrator,\$LDAP_DN_BASE\" -w \"\$LDAP_ADMIN_PASSWORD\" -b \"\$LDAP_DN_BASE\"";
```
### Delete Groups and Subgroup
To delete the group inclusive all subgroups use:
```bash
docker exec --env LDAP_ADMIN_PASSWORD="$LDAP_ADMIN_PASSWORD" -it openldap bash -c "ldapsearch -LLL -o ldif-wrap=no -x -D \"cn=administrator,\$LDAP_DN_BASE\" -w \"\$LDAP_ADMIN_PASSWORD\" -b \"ou=applications,ou=groups,\$LDAP_DN_BASE\" dn | sed -n 's/^dn: //p' | tac | while read -r dn; do echo \"Deleting \$dn\"; ldapdelete -x -D \"cn=administrator,\$LDAP_DN_BASE\" -w \"\$LDAP_ADMIN_PASSWORD\" \"\$dn\"; done"
```
--
## 🛠️ **Technical Details**

14
roles/docker-listmonk/Installation.md Normal file
View File

@ -0,0 +1,14 @@
# Installation and Configuration
## Initial Database Setup
After the first setup, run the following command to initialize the Listmonk database:
```bash
docker compose run --rm application ./listmonk --install
```
## Start Services
Use the following command to start Listmonk services:
```bash
docker-compose -p listmonk up -d --force-recreate
```

32
roles/docker-listmonk/README.md
View File

@ -6,42 +6,12 @@ This role deploys the Listmonk application using Docker. Listmonk is a high perf
- Docker and Docker Compose should be installed on your system.
- Make sure that the required ports are available and not used by other services.
## Installation and Configuration
1. **Clone the Repository**:
- Ensure you have the latest version of this playbook from the repository.
2. **Configure Variables**:
- Set your desired configurations in `vars/main.yml`. This includes the path to your Docker Compose files and any other relevant variables.
3. **Run the Playbook**:
- Execute the ansible playbook to set up Listmonk.
4. **Initial Database Setup**:
- After the first setup, run the following command to initialize the Listmonk database:
```bash
docker compose run --rm application ./listmonk --install
```
5. **Configure Reverse Proxy** (Optional):
- If you are using a reverse proxy, configure it as per your domain settings in the `nginx-docker-reverse-proxy` role.
6. **Start Services**:
- Use the following command to start Listmonk services:
```bash
docker-compose -p listmonk up -d --force-recreate
```
## Upgrade
```bash
docker compose run application ./listmonk --upgrade
```
## Configuration Files
- **docker-compose.yml**: Defines the Docker setup for Listmonk and its database.
- **config.toml**: Contains the application settings including the database connection, admin credentials, and server settings.
## Further Information
## 📚 Other Resources
- For detailed installation instructions and configuration options, visit the [Listmonk Installation Documentation](https://listmonk.app/docs/installation/).
- You can also find more information on the [Listmonk GitHub Repository](https://github.com/knadh/listmonk/).

5
roles/docker-listmonk/Upgrade.md Normal file
View File

@ -0,0 +1,5 @@
# Upgrade
```bash
docker compose run application ./listmonk --upgrade
```

60
roles/docker-mailu/Administration.md Normal file
View File

@ -0,0 +1,60 @@
# Administration 🕵️‍♂️
## Database Access 📂
To access the database, use the following command:
```bash
docker-compose exec -it database mysql -u root -D mailu -p
```
## Container Access 🖥️
To access the front container, use this command:
```bash
docker-compose exec -it front /bin/bash
```
## Restarting Services 🔄
To restart all services, use the following command:
```bash
docker-compose restart
```
## Resending Queued Mails ✉️
To resend queued mails, use this command:
```bash
docker-compose exec -it smtp postqueue -f
```
# Testing 🧪
Use the following tools for testing:
- [SSL-Tools Mailserver Test](https://de.ssl-tools.net/mailservers/)
- [TestEmail.de](http://testemail.de/)
# Updates 🔄
For instructions on updating your Mailu setup, follow the official [Mailu maintenance guide](https://mailu.io/master/maintain.html).
# Queue Management 📬
To manage the Postfix email queue in Mailu, you can use the following commands:
- **Display the email queue**:
```bash
docker compose exec -it smtp postqueue -p
```
- **Delete all emails in the queue**:
```bash
docker compose exec -it smtp postsuper -d ALL
```

62
roles/docker-mailu/Installation.md Normal file
View File

@ -0,0 +1,62 @@
# Installation ⚙️
## Fetchmail Issues 📨
Fetchmail might not work properly with large amounts of data. For more information, refer to this [issue](https://github.com/Mailu/Mailu/issues/1719).
## Deactivating Fetchmail ❌
Before uninstalling Fetchmail, ensure you remove all fetched accounts from the administration panel.
## Fetchmail Security Concerns 🔐
There are known security concerns with Fetchmail as stated in the [German Wikipedia](https://de.wikipedia.org/wiki/Fetchmail). If you require Fetchmail functions in the future, consider creating a Docker container for [Getmail](https://en.wikipedia.org/wiki/Getmail) as it is considered more secure.
## Fetchmail Workaround 🔄
If you need to receive emails from another account, follow these steps:
1. Redirect your emails to your new email account.
2. Export all data from your original account.
3. Import all data to your new account.
## Port Management 🌐
Check for any port conflicts and manually change the conflicting ports if necessary. Use the following command to verify:
```bash
netstat -tulpn
```
## Admin Account Creation 👤
To use Mailu, create the primary administrator user account, `admin@{{hostname}}`, using the command below. Replace `PASSWORD` with your preferred password:
```bash
docker-compose -p mailu exec admin flask mailu admin {{admin}} {{hostname}} PASSWORD
```
## CLI User Management 🛠️
For managing users, follow the instructions in the official [Mailu CLI documentation](https://mailu.io/master/cli.html).
## Starting the Server ▶️
To start the server, use the following command:
```bash
docker-compose -p mailu up -d
```
## OIDC Support 🔐
This role now supports OpenID Connect (OIDC) authentication with [Mailu-OIDC](https://github.com/heviat/Mailu-OIDC)! 🎉
To enable OIDC authentication, simply set the following variable:
```yaml
oidc:
enabled: true
```
For more details, check out the [Mailu-OIDC repository](https://github.com/heviat/Mailu-OIDC/tree/2024.06).

165
roles/docker-mailu/README.md
View File

@ -2,171 +2,6 @@
This guide provides instructions for setting up, operating, and maintaining the [Mailu](https://mailu.io/) server Docker role.
## Table of Contents 📖
- [Setup](#setup)
- [Fetchmail Issues](#fetchmail-issues)
- [Data Deletion](#data-deletion)
- [Port Management](#port-management)
- [Admin Account Creation](#admin-account-creation)
- [CLI User Management](#cli-user-management)
- [Starting the Server](#starting-the-server)
- [Debugging](#debugging)
- [Testing](#testing)
- [Updates](#updates)
- [Queue Management](#queue-management)
- [Spam Issues](#spam-issues)
- [OIDC Support](#oidc-support)
- [To-Do](#to-do)
- [References](#references)
## Setup ⚙️
### Fetchmail Issues 📨
Fetchmail might not work properly with large amounts of data. For more information, refer to this [issue](https://github.com/Mailu/Mailu/issues/1719).
#### Deactivating Fetchmail ❌
Before uninstalling Fetchmail, ensure you remove all fetched accounts from the administration panel.
#### Fetchmail Security Concerns 🔐
There are known security concerns with Fetchmail as stated in the [German Wikipedia](https://de.wikipedia.org/wiki/Fetchmail). If you require Fetchmail functions in the future, consider creating a Docker container for [Getmail](https://en.wikipedia.org/wiki/Getmail) as it is considered more secure.
#### Fetchmail Workaround 🔄
If you need to receive emails from another account, follow these steps:
1. Redirect your emails to your new email account.
2. Export all data from your original account.
3. Import all data to your new account.
### Port Management 🌐
Check for any port conflicts and manually change the conflicting ports if necessary. Use the following command to verify:
```bash
netstat -tulpn
```
### Admin Account Creation 👤
To use Mailu, create the primary administrator user account, `admin@{{hostname}}`, using the command below. Replace `PASSWORD` with your preferred password:
```bash
docker-compose -p mailu exec admin flask mailu admin {{admin}} {{hostname}} PASSWORD
```
### CLI User Management 🛠️
For managing users, follow the instructions in the official [Mailu CLI documentation](https://mailu.io/master/cli.html).
### Starting the Server ▶️
To start the server, use the following command:
```bash
docker-compose -p mailu up -d
```
## Debugging 🕵️‍♂️
### Database Access 📂
To access the database, use the following command:
```bash
docker-compose exec -it database mysql -u root -D mailu -p
```
### Container Access 🖥️
To access the front container, use this command:
```bash
docker-compose exec -it front /bin/bash
```
### Restarting Services 🔄
To restart all services, use the following command:
```bash
docker-compose restart
```
### Resending Queued Mails ✉️
To resend queued mails, use this command:
```bash
docker-compose exec -it smtp postqueue -f
```
## Testing 🧪
Use the following tools for testing:
- [SSL-Tools Mailserver Test](https://de.ssl-tools.net/mailservers/)
- [TestEmail.de](http://testemail.de/)
## Updates 🔄
For instructions on updating your Mailu setup, follow the official [Mailu maintenance guide](https://mailu.io/master/maintain.html).
## Queue Management 📬
To manage the Postfix email queue in Mailu, you can use the following commands:
- **Display the email queue**:
```bash
docker compose exec -it smtp postqueue -p
```
- **Delete all emails in the queue**:
```bash
docker compose exec -it smtp postsuper -d ALL
```
## Spam Issues 🚨
### Inspect 🔎
Use the following tools to monitor your domain and email deliverability:
- [Google Postmaster](https://postmaster.google.com/) - Analyzes deliverability and spam issues for Gmail.
- [Yahoo Postmaster](https://postmaster.yahooinc.com) - Provides insights and delivery reports for Yahoo.
- [mxtoolbox.com](https://mxtoolbox.com)
### Blacklist Check 🚫
If your domain is blacklisted, you can check the status with these services and take steps to remove your domain if necessary:
- [Spamhaus](https://check.spamhaus.org/)
- [Barracuda](https://www.barracudacentral.org/lookups)
### Cloudmark Reset Request 🔄
If your IP or domain is flagged by Cloudmark, you can submit a **reset request**:
- [Cloudmark Reset](https://csi.cloudmark.com/en/reset/)
## OIDC Support 🔐
This role now supports OpenID Connect (OIDC) authentication with [Mailu-OIDC](https://github.com/heviat/Mailu-OIDC)! 🎉
To enable OIDC authentication, simply set the following variable:
```yaml
oidc:
enabled: true
```
For more details, check out the [Mailu-OIDC repository](https://github.com/heviat/Mailu-OIDC/tree/2024.06).
## References 🔗
- [Mailu compose setup guide](https://mailu.io/1.7/compose/setup.html)
- [SysPass issue #1299](https://github.com/nuxsmin/sysPass/issues/1299)

22
roles/docker-mailu/Spam_Issues.md Normal file
View File

@ -0,0 +1,22 @@
# Spam Issues 🚨
## Inspect 🔎
Use the following tools to monitor your domain and email deliverability:
- [Google Postmaster](https://postmaster.google.com/) - Analyzes deliverability and spam issues for Gmail.
- [Yahoo Postmaster](https://postmaster.yahooinc.com) - Provides insights and delivery reports for Yahoo.
- [mxtoolbox.com](https://mxtoolbox.com)
## Blacklist Check 🚫
If your domain is blacklisted, you can check the status with these services and take steps to remove your domain if necessary:
- [Spamhaus](https://check.spamhaus.org/)
- [Barracuda](https://www.barracudacentral.org/lookups)
## Cloudmark Reset Request 🔄
If your IP or domain is flagged by Cloudmark, you can submit a **reset request**:
- [Cloudmark Reset](https://csi.cloudmark.com/en/reset/)

6
roles/docker-mariadb/Administration.md Normal file
View File

@ -0,0 +1,6 @@
# Administration
## Execute SQL commands
```bash
docker exec -it central-mariadb mariadb -u root -p
```

7
roles/docker-mariadb/README.md
View File

@ -1,6 +1,6 @@
# MariaDB Docker Ansible Role
## Overview
## 📌 Overview
This Ansible role facilitates the deployment of a MariaDB server using Docker. It is designed to ensure ease of installation and configuration, with the flexibility to adapt to different environments.
## Features
@ -23,10 +23,5 @@ Configure the role by setting the required variables. These can be set in the pl
- `database_username`: The username for the database user.
- `database_password`: The password for the database user.
## Execute SQL commands
```bash
docker exec -it central-mariadb mariadb -u root -p
```
## Contributing
Contributions to this project are welcome. Please submit issues and pull requests with your suggestions.

39
roles/docker-mastodon/Administration.md Normal file
View File

@ -0,0 +1,39 @@
# Administration
## 🗑️ Cleanup (Remove Instance & Volumes)
```bash
cd {{path_docker_compose_instances}}mastodon/
docker-compose down
docker volume rm mastodon_data mastodon_database mastodon_redis
cd {{path_docker_compose_instances}} &&
rm -vR {{path_docker_compose_instances}}mastodon
```
## 🔍 Access Mastodon Terminal
```bash
docker-compose exec -it web /bin/bash
```
## 🛠️ Set File Permissions
After setting up Mastodon, apply the correct file permissions:
```bash
docker-compose exec -it -u root web chown -R 991:991 public
```
# 📦 Database Management
## 🏗️ Running Database Migrations
Ensure all required database structures are up to date:
```bash
docker compose exec -it web bash -c "RAILS_ENV=production bin/rails db:migrate"
```
# 🚀 Performance Optimization
## 🗑️ Delete Cache & Recompile Assets
```bash
docker-compose exec web bundle exec rails assets:precompile
docker-compose restart
```
This ensures your Mastodon instance is loading the latest assets after updates.

22
roles/docker-mastodon/Installation.md Normal file
View File

@ -0,0 +1,22 @@
# ⚙️ Configuration & Setup
## 🔧 Create Credentials
Run the following command to generate a new configuration setup:
```bash
docker pull ghcr.io/mastodon/mastodon:latest
# Secret Generation
docker run --rm ghcr.io/mastodon/mastodon:latest bundle exec rails secret
docker run --rm ghcr.io/mastodon/mastodon:latest bundle exec rails secret
# Vapid Key Generation
docker run --rm ghcr.io/mastodon/mastodon:latest bundle exec rails mastodon:webpush:generate_vapid_key
# ACTIVE_RECORD_ENCRYPTION Generation
docker run --rm ghcr.io/mastodon/mastodon:latest bin/rails db:encryption:init
```
## 🔄 Setup with an Existing Configuration
```bash
docker-compose run --rm web bundle exec rails db:migrate
```
## 🔐 OIDC (OpenID Connect) Authentication Support
This Mastodon role now **fully supports OpenID Connect (OIDC)**, allowing seamless authentication via identity providers like **Keycloak, Auth0, Google, or other OIDC-compliant services**.

65
roles/docker-mastodon/README.md
View File

@ -3,70 +3,11 @@
## 📌 Overview
This project provides a **Docker-based setup for Mastodon**, including full **OIDC (OpenID Connect) authentication support**. It is maintained by **[Kevin Veen-Birkenbach](https://www.veen.world)**.
## Credits 📝
This README and some parts of the code were created with the assistance of ChatGPT. You can follow the discussion and evolution of this project in [this conversation](https://chatgpt.com/c/67a4e19b-3884-800f-9d45-621dda2a6572).
## ⚙️ Configuration & Setup
### 🔧 Create Credentials
Run the following command to generate a new configuration setup:
```bash
docker pull ghcr.io/mastodon/mastodon:latest
# Secret Generation
docker run --rm ghcr.io/mastodon/mastodon:latest bundle exec rails secret
docker run --rm ghcr.io/mastodon/mastodon:latest bundle exec rails secret
# Vapid Key Generation
docker run --rm ghcr.io/mastodon/mastodon:latest bundle exec rails mastodon:webpush:generate_vapid_key
# ACTIVE_RECORD_ENCRYPTION Generation
docker run --rm ghcr.io/mastodon/mastodon:latest bin/rails db:encryption:init
```
### 🔄 Setup with an Existing Configuration
```bash
docker-compose run --rm web bundle exec rails db:migrate
```
### 🗑️ Cleanup (Remove Instance & Volumes)
```bash
cd {{path_docker_compose_instances}}mastodon/
docker-compose down
docker volume rm mastodon_data mastodon_database mastodon_redis
cd {{path_docker_compose_instances}} &&
rm -vR {{path_docker_compose_instances}}mastodon
```
### 🔍 Access Mastodon Terminal
```bash
docker-compose exec -it web /bin/bash
```
### 🛠️ Set File Permissions
After setting up Mastodon, apply the correct file permissions:
```bash
docker-compose exec -it -u root web chown -R 991:991 public
```
## 📦 Database Management
### 🏗️ Running Database Migrations
Ensure all required database structures are up to date:
```bash
docker compose exec -it web bash -c "RAILS_ENV=production bin/rails db:migrate"
```
## 🚀 Performance Optimization
### 🗑️ Delete Cache & Recompile Assets
```bash
docker-compose exec web bundle exec rails assets:precompile
docker-compose restart
```
This ensures your Mastodon instance is loading the latest assets after updates.
## 🔐 OIDC (OpenID Connect) Authentication Support
This Mastodon role now **fully supports OpenID Connect (OIDC)**, allowing seamless authentication via identity providers like **Keycloak, Auth0, Google, or other OIDC-compliant services**.
## 📚 Further Reading
## 📚 Other Resources
- [Mastodon with Docker & Traefik](https://goneuland.de/mastodon-mit-docker-und-traefik-installieren/)
- [Mastodon Configuration Guide](https://gist.github.com/TrillCyborg/84939cd4013ace9960031b803a0590c4)
- [Check Website Availability](https://www.2daygeek.com/linux-command-check-website-is-up-down-alive/)

7
roles/docker-matomo/README.md
View File

@ -2,8 +2,5 @@
This Ansible role deploys a [Matomo](https://matomo.org/) analytics platform instance using Docker.
## AI Generated
This script was created with the help of ChatGPT. The full conversation is [here](https://chat.openai.com/share/49e0c7e4-a2af-4a04-adad-7a735bdd85c4) available.
## Author
- [Kevin Veen-Birkenbach](https://www.veen.world/)
## Credits 📝
This script was created with the help of ChatGPT. The full conversation is [here](https://chat.openai.com/share/49e0c7e4-a2af-4a04-adad-7a735bdd85c4) available.

9
roles/docker-matrix-ansible/Administration.md Normal file
View File

@ -0,0 +1,9 @@
# Administration
## DANGER: Manuell deativation and deletion
Be carefull what you do. This code you can execute:
```
systemctl list-units --type=service | grep 'matrix' | awk '{print $1}' | xargs -I {} systemctl disable {} &&
systemctl list-units --type=service | grep 'matrix' | awk '{print $1}' | xargs -I {} systemctl stop {} &&
rm -rv /matrix/
```

10
roles/docker-matrix-ansible/README.md
View File

@ -1,6 +1,6 @@
# Docker Setup Matrix via Ansible
## Overview
## 📌 Overview
This document serves as the README for the `docker-ansible-matrix` role, a part of the `CyMaIS` project. This role automates the deployment of a Matrix server using Ansible.
@ -8,13 +8,5 @@ Matrix is an open-source project that provides a protocol for secure, decentrali
This software uses https://github.com/spantaleev/matrix-docker-ansible-deploy as a base.
## DANGER: Manuell deativation and deletion
Be carefull what you do. This code you can execute:
```
systemctl list-units --type=service | grep 'matrix' | awk '{print $1}' | xargs -I {} systemctl disable {} &&
systemctl list-units --type=service | grep 'matrix' | awk '{print $1}' | xargs -I {} systemctl stop {} &&
rm -rv /matrix/
```
## Alternativ Matrix Setup Role
An alternativ role to deploy Matrix you will find [here](../docker-matrix-compose/)

9
roles/docker-matrix-compose/Administration.md Normal file
View File

@ -0,0 +1,9 @@
# Administration
## Cleanup
```
# Cleanup Database
for db in matrix mautrix_whatsapp_bridge mautrix_telegram_bridge mautrix_signal_bridge mautrix_slack_bridge; do python reset-database-in-central-postgres.py $db; done
# Cleanup Docker and Volumes
docker compose down -v
```

21
roles/docker-matrix-compose/Installation.md Normal file
View File

@ -0,0 +1,21 @@
# Installation
## Bridges
### Mautrix
Contact one of the following bots for more information:
- @signalbot:yourdomain.tld
- @telegrambot:yourdomain.tld
- @whatsappbot:yourdomain.tld
- @slackbot:yourdomain.tld
#### Slack
For login with Token checkout [this guide](https://docs.mau.fi/bridges/go/slack/authentication.html).
### ChatGPT
- Create API Token: https://platform.openai.com/api-keys
- Set ``matrix_chatgpt_bridge_access_token``
## Debug:
- https://federationtester.matrix.org/

32
roles/docker-matrix-compose/README.md
View File

@ -1,40 +1,12 @@
# Docker-Matrix Role README
## Overview
## 📌 Overview
This document serves as the README for the `docker-matrix` role, a part of the `CyMaIS` project. This role automates the deployment of a Matrix server using Docker. This role was developed by [Kevin Veen-Birkenbach](https://www.veen.world/)
Matrix is an open-source project that provides a protocol for secure, decentralized, real-time communication. It offers features like end-to-end encrypted chat, VoIP, and file sharing, catering to both individual and enterprise users. With a focus on interoperability, Matrix can bridge with other communication systems, offering a unified platform for messaging and collaboration.
## Cleanup
```
# Cleanup Database
for db in matrix mautrix_whatsapp_bridge mautrix_telegram_bridge mautrix_signal_bridge mautrix_slack_bridge; do python reset-database-in-central-postgres.py $db; done
# Cleanup Docker and Volumes
docker compose down -v
```
## Bridges
### Mautrix
Contact one of the following bots for more information:
- @signalbot:yourdomain.tld
- @telegrambot:yourdomain.tld
- @whatsappbot:yourdomain.tld
- @slackbot:yourdomain.tld
#### Slack
For login with Token checkout [this guide](https://docs.mau.fi/bridges/go/slack/authentication.html).
### ChatGPT
- Create API Token: https://platform.openai.com/api-keys
- Set ``matrix_chatgpt_bridge_access_token``
## Debug:
- https://federationtester.matrix.org/
## Sources
## Credits 📝
### Guides
- https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html

145
roles/docker-mediawiki/Installation.md Normal file
View File

@ -0,0 +1,145 @@
# Installation
## Generate LocalSettings.php
Login to the container:
```bash
docker-compose exec -it application /bin/sh
```
Seed the LocalSettings.php:
```bash
cat > LocalSettings.php << EOF
<?php
# This file was automatically generated by the MediaWiki 1.35.0
# installer. If you make manual changes, please keep track in case you
# need to recreate them later.
#
# See includes/DefaultSettings.php for all configurable settings
# and their default values, but don't forget to make changes in _this_
# file, not there.
#
# Further documentation for configuration settings may be found at:
# https://www.mediawiki.org/wiki/Manual:Configuration_settings
# Protect against web entry
if ( !defined( 'MEDIAWIKI' ) ) {
exit;
}
## Uncomment this to disable output compression
# \$wgDisableOutputCompression = true;
\$wgSitename = "test";
\$wgMetaNamespace = "Test";
## The URL base path to the directory containing the wiki;
## defaults for all runtime URL paths are based off of this.
## For more information on customizing the URLs
## (like /w/index.php/Page_title to /wiki/Page_title) please see:
## https://www.mediawiki.org/wiki/Manual:Short_URL
\$wgScriptPath = "";
## The protocol and server name to use in fully-qualified URLs
\$wgServer = "http://wiki.veen.world";
## The URL path to static resources (images, scripts, etc.)
\$wgResourceBasePath = \$wgScriptPath;
## The URL paths to the logo. Make sure you change this from the default,
## or else you'll overwrite your logo when you upgrade!
\$wgLogos = [ '1x' => "\$wgResourceBasePath/resources/assets/wiki.png" ];
## UPO means: this is also a user preference option
\$wgEnableEmail = true;
\$wgEnableUserEmail = true; # UPO
\$wgEmergencyContact = "apache@🌻.invalid";
\$wgPasswordSender = "apache@🌻.invalid";
\$wgEnotifUserTalk = false; # UPO
\$wgEnotifWatchlist = false; # UPO
\$wgEmailAuthentication = true;
## Database settings
\$wgDBtype = "mysql";
\$wgDBserver = "database:3306";
\$wgDBname = "mediawiki";
\$wgDBuser = "mediawiki";
\$wgDBpassword = "test";
# MySQL specific settings
\$wgDBprefix = "";
# MySQL table options to use during installation or update
\$wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary";
## Shared memory settings
\$wgMainCacheType = CACHE_NONE;
\$wgMemCachedServers = [];
## To enable image uploads, make sure the 'images' directory
## is writable, then set this to true:
\$wgEnableUploads = false;
\$wgUseImageMagick = true;
\$wgImageMagickConvertCommand = "/usr/bin/convert";
# InstantCommons allows wiki to use images from https://commons.wikimedia.org
\$wgUseInstantCommons = false;
# Periodically send a pingback to https://www.mediawiki.org/ with basic data
# about this MediaWiki instance. The Wikimedia Foundation shares this data
# with MediaWiki developers to help guide future development efforts.
\$wgPingback = true;
## If you use ImageMagick (or any other shell command) on a
## Linux server, this will need to be set to the name of an
## available UTF-8 locale
\$wgShellLocale = "C.UTF-8";
## Set \$wgCacheDirectory to a writable directory on the web server
## to make your wiki go slightly faster. The directory should not
## be publicly accessible from the web.
#\$wgCacheDirectory = "\$IP/cache";
# Site language code, should be one of the list in ./languages/data/Names.php
\$wgLanguageCode = "en";
\$wgSecretKey = "603fe88c985b05706f19aaf77d2a61459555ff21a4a4d4ef0aa15c8f8ec50f00";
# Changing this will log out all existing sessions.
\$wgAuthenticationTokenVersion = "1";
# Site upgrade key. Must be set to a string (default provided) to turn on the
# web installer while LocalSettings.php is in place
\$wgUpgradeKey = "f99263b0f3a7c59a";
## For attaching licensing metadata to pages, and displaying an
## appropriate copyright notice / icon. GNU Free Documentation
## License and Creative Commons licenses are supported so far.
\$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright
\$wgRightsUrl = "";
\$wgRightsText = "";
\$wgRightsIcon = "";
# Path to the GNU diff3 utility. Used for conflict resolution.
\$wgDiff3 = "/usr/bin/diff3";
## Default skin: you can change the default skin. Use the internal symbolic
## names, ie 'vector', 'monobook':
\$wgDefaultSkin = "vector";
# Enabled skins.
# The following skins were automatically enabled:
wfLoadSkin( 'MonoBook' );
wfLoadSkin( 'Timeless' );
wfLoadSkin( 'Vector' );
# End of automatically generated settings.
# Add more configuration options below.
EOF
```

145
roles/docker-mediawiki/README.md
View File

@ -1,147 +1,4 @@
# role docker-mediawiki
## Generate LocalSettings.php
Login to the container:
```bash
docker-compose exec -it application /bin/sh
```
Seed the LocalSettings.php:
```bash
cat > LocalSettings.php << EOF
<?php
# This file was automatically generated by the MediaWiki 1.35.0
# installer. If you make manual changes, please keep track in case you
# need to recreate them later.
#
# See includes/DefaultSettings.php for all configurable settings
# and their default values, but don't forget to make changes in _this_
# file, not there.
#
# Further documentation for configuration settings may be found at:
# https://www.mediawiki.org/wiki/Manual:Configuration_settings
# Protect against web entry
if ( !defined( 'MEDIAWIKI' ) ) {
exit;
}
## Uncomment this to disable output compression
# \$wgDisableOutputCompression = true;
\$wgSitename = "test";
\$wgMetaNamespace = "Test";
## The URL base path to the directory containing the wiki;
## defaults for all runtime URL paths are based off of this.
## For more information on customizing the URLs
## (like /w/index.php/Page_title to /wiki/Page_title) please see:
## https://www.mediawiki.org/wiki/Manual:Short_URL
\$wgScriptPath = "";
## The protocol and server name to use in fully-qualified URLs
\$wgServer = "http://wiki.veen.world";
## The URL path to static resources (images, scripts, etc.)
\$wgResourceBasePath = \$wgScriptPath;
## The URL paths to the logo. Make sure you change this from the default,
## or else you'll overwrite your logo when you upgrade!
\$wgLogos = [ '1x' => "\$wgResourceBasePath/resources/assets/wiki.png" ];
## UPO means: this is also a user preference option
\$wgEnableEmail = true;
\$wgEnableUserEmail = true; # UPO
\$wgEmergencyContact = "apache@🌻.invalid";
\$wgPasswordSender = "apache@🌻.invalid";
\$wgEnotifUserTalk = false; # UPO
\$wgEnotifWatchlist = false; # UPO
\$wgEmailAuthentication = true;
## Database settings
\$wgDBtype = "mysql";
\$wgDBserver = "database:3306";
\$wgDBname = "mediawiki";
\$wgDBuser = "mediawiki";
\$wgDBpassword = "test";
# MySQL specific settings
\$wgDBprefix = "";
# MySQL table options to use during installation or update
\$wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary";
## Shared memory settings
\$wgMainCacheType = CACHE_NONE;
\$wgMemCachedServers = [];
## To enable image uploads, make sure the 'images' directory
## is writable, then set this to true:
\$wgEnableUploads = false;
\$wgUseImageMagick = true;
\$wgImageMagickConvertCommand = "/usr/bin/convert";
# InstantCommons allows wiki to use images from https://commons.wikimedia.org
\$wgUseInstantCommons = false;
# Periodically send a pingback to https://www.mediawiki.org/ with basic data
# about this MediaWiki instance. The Wikimedia Foundation shares this data
# with MediaWiki developers to help guide future development efforts.
\$wgPingback = true;
## If you use ImageMagick (or any other shell command) on a
## Linux server, this will need to be set to the name of an
## available UTF-8 locale
\$wgShellLocale = "C.UTF-8";
## Set \$wgCacheDirectory to a writable directory on the web server
## to make your wiki go slightly faster. The directory should not
## be publicly accessible from the web.
#\$wgCacheDirectory = "\$IP/cache";
# Site language code, should be one of the list in ./languages/data/Names.php
\$wgLanguageCode = "en";
\$wgSecretKey = "603fe88c985b05706f19aaf77d2a61459555ff21a4a4d4ef0aa15c8f8ec50f00";
# Changing this will log out all existing sessions.
\$wgAuthenticationTokenVersion = "1";
# Site upgrade key. Must be set to a string (default provided) to turn on the
# web installer while LocalSettings.php is in place
\$wgUpgradeKey = "f99263b0f3a7c59a";
## For attaching licensing metadata to pages, and displaying an
## appropriate copyright notice / icon. GNU Free Documentation
## License and Creative Commons licenses are supported so far.
\$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright
\$wgRightsUrl = "";
\$wgRightsText = "";
\$wgRightsIcon = "";
# Path to the GNU diff3 utility. Used for conflict resolution.
\$wgDiff3 = "/usr/bin/diff3";
## Default skin: you can change the default skin. Use the internal symbolic
## names, ie 'vector', 'monobook':
\$wgDefaultSkin = "vector";
# Enabled skins.
# The following skins were automatically enabled:
wfLoadSkin( 'MonoBook' );
wfLoadSkin( 'Timeless' );
wfLoadSkin( 'Vector' );
# End of automatically generated settings.
# Add more configuration options below.
EOF
```
## Further Information
## 📚 Other Resources
This role was adapted to solve some deprecation message. Please test it before using productive. [See this conversation](https://chatgpt.com/share/6781487e-45fc-800f-a35e-e93f49448176).

2
roles/docker-moodle/README.md
View File

@ -1,4 +1,4 @@
# role docker-moodle
## further information
## 📚 Other Resources
- https://github.com/bitnami/containers/tree/main/bitnami/moodle

55
roles/docker-mybb/Installation.md Normal file
View File

@ -0,0 +1,55 @@
# Installation
## Multi Domain Installation
If you want to access your mybb over multiple domains, keep the following in mind:
- Set Cookie Domain to nothing
- Access mybb for installation via mybb.<primary_domain>
- Set the Board Url to mybb.<primary_domain>
## Manual Installation of MyBB Plugins
This guide describes the process of manually installing MyBB plugins in your Docker-MyBB environment. This can be useful if you want to quickly test plugins or do not wish to execute the Ansible role.
### Steps for Manual Installation
1. **Prepare Plugin Files:**
- Download the desired MyBB plugin zip files.
2. **Copy plugin to host:**
- ```bash scp <plugin> administrator@<server>:/opt/docker/mybb/plugins```
3. **Unzip Plugin Files on the Host:**
- Unzip the plugin zip files in the host's plugin directory:
```bash
unzip /opt/docker/mybb/plugins/<plugin-file>.zip -d /opt/docker/mybb/plugins/
```
- Replace `<plugin-file>.zip` with the name of the plugin zip file.
- Repeat this step for each plugin.
4. **Access the Docker Container:**
- Open a terminal or SSH session on the server where the Docker container is running.
5. **Copy Unzipped Plugin Files to the Container:**
- Copy the unzipped plugin files from the host directory to the Docker container:
```bash
docker compose cp /opt/docker/mybb/plugins/<unzipped-plugin-folder> application:/var/www/html/inc/plugins/
```
- Replace `<unzipped-plugin-folder>` with the name of the unzipped plugin folder.
6. **Restart the Container:**
- Execute the following command to restart the MyBB container:
```bash
docker-compose -p mybb up -d --force-recreate
```
- This ensures all changes take effect.
7. **Activate Plugins in the MyBB Admin Panel:**
- Open the MyBB admin panel in your web browser.
- Navigate to the plugin settings and activate the newly installed plugins.
### Important Notes
- Ensure you use the correct paths and filenames.
- Do not forget to regularly back up your MyBB database and files before making changes.
- If encountering issues, refer to the MyBB documentation or specific instructions from the plugin author.

75
roles/docker-mybb/README.md
View File

@ -1,76 +1,7 @@
# Role Name: Docker MyBB
# Docker MyBB
## Dependencies
- nginx-docker-reverse-proxy
## Usage
### Multi Domain Installation
If you want to access your mybb over multiple domains, keep the following in mind:
- Set Cookie Domain to nothing
- Access mybb for installation via mybb.<primary_domain>
- Set the Board Url to mybb.<primary_domain>
### Manual Installation of MyBB Plugins
This guide describes the process of manually installing MyBB plugins in your Docker-MyBB environment. This can be useful if you want to quickly test plugins or do not wish to execute the Ansible role.
#### Steps for Manual Installation
1. **Prepare Plugin Files:**
- Download the desired MyBB plugin zip files.
2. **Copy plugin to host:**
- ```bash scp <plugin> administrator@<server>:/opt/docker/mybb/plugins```
3. **Unzip Plugin Files on the Host:**
- Unzip the plugin zip files in the host's plugin directory:
```bash
unzip /opt/docker/mybb/plugins/<plugin-file>.zip -d /opt/docker/mybb/plugins/
```
- Replace `<plugin-file>.zip` with the name of the plugin zip file.
- Repeat this step for each plugin.
4. **Access the Docker Container:**
- Open a terminal or SSH session on the server where the Docker container is running.
5. **Copy Unzipped Plugin Files to the Container:**
- Copy the unzipped plugin files from the host directory to the Docker container:
```bash
docker compose cp /opt/docker/mybb/plugins/<unzipped-plugin-folder> application:/var/www/html/inc/plugins/
```
- Replace `<unzipped-plugin-folder>` with the name of the unzipped plugin folder.
6. **Restart the Container:**
- Execute the following command to restart the MyBB container:
```bash
docker-compose -p mybb up -d --force-recreate
```
- This ensures all changes take effect.
7. **Activate Plugins in the MyBB Admin Panel:**
- Open the MyBB admin panel in your web browser.
- Navigate to the plugin settings and activate the newly installed plugins.
#### Important Notes
- Ensure you use the correct paths and filenames.
- Do not forget to regularly back up your MyBB database and files before making changes.
- If encountering issues, refer to the MyBB documentation or specific instructions from the plugin author.
### Running the Role
Execute the Ansible playbook containing this role to set up MyBB in a Docker environment.
## Docker Compose Configuration
The `docker-compose.yml.j2` template outlines the services required for MyBB, including the application server, Nginx web server, and database (MariaDB).
## Additional Information
- For detailed configuration and customization, refer to the contents of the `default.conf` template and the `docker-compose.yml.j2` template.
- Ensure that the environment variables and paths are correctly set as per your system's configuration.
## Created with ChatGPT
## Credits 📝
This README was created with the assistance of ChatGPT, based on a conversation held at this [link](https://chat.openai.com/share/83828f9a-b817-48d8-86ed-599f64850b4d). ChatGPT provided guidance on structuring this document and outlining the key components of the Docker MyBB role.
## More Information
## 📚 Other Resources
- https://github.com/mybb/docker

190
roles/docker-nextcloud/Administration.md Normal file
View File

@ -0,0 +1,190 @@
# Administration
## Modify Config 🔧
### Enter the Container
```bash
docker-compose exec -it application /bin/sh
```
### Modify the Configuration
Inside the container, install a text editor and edit the config:
```bash
apk add --no-cache nano && nano config/config.php
```
---
## Update 🔄
To update the Nextcloud container, execute the following commands on the server:
```bash
docker exec -it -u www-data nextcloud-application /var/www/html/occ maintenance:mode --on &&
export COMPOSE_HTTP_TIMEOUT=600 &&
export DOCKER_CLIENT_TIMEOUT=600 &&
docker-compose down
```
Afterwards, update the ***applications.nextcloud.version*** variable to the next version and run this repository with this Ansible role.
> **Note:**
> It is only possible to update from one to the next major version at a time.
> Wait for the update to finish.
Verify the update by checking the logs:
```bash
docker-compose logs application
```
and
```bash
docker-compose exec -it application top
```
If Nextcloud remains in maintenance mode after the update, try the following:
```bash
docker exec -it -u www-data nextcloud-application/var/www/html/occ maintenance:mode --on
docker exec -it -u www-data nextcloud-application /var/www/html/occ upgrade
docker exec -it -u www-data nextcloud-application /var/www/html/occ maintenance:mode --off
```
If the update process fails, execute:
```bash
docker exec -it -u www-data nextcloud-application /var/www/html/occ maintenance:repair --include-expensive
```
and disable any non-functioning apps.
---
## Recover Latest Backup 💾
```bash
cd {{path_docker_compose_instances}}nextcloud &&
docker-compose down &&
docker-compose exec -i database mysql -u nextcloud -pPASSWORT nextcloud < "/Backups/$(sha256sum /etc/machine-id | head -c 64)/backup-docker-to-local/latest/nextcloud_database/sql/backup.sql" &&
cd {{path_administrator_scripts}}backup-docker-to-local &&
bash ./recover-docker-from-local.sh "nextcloud_data" "$(sha256sum /etc/machine-id | head -c 64)"
```
---
## Database Management 🗄️
### Database Access
To access the database, execute:
```bash
docker-compose exec -it database mysql -u nextcloud -D nextcloud -p
```
### Recreate Database with New Volume
```bash
docker-compose run --detach --name database --env MYSQL_USER="nextcloud" --env MYSQL_PASSWORD=PASSWORD --env MYSQL_ROOT_PASSWORD=PASSWORD --env MYSQL_DATABASE="nextcloud" -v nextcloud_database:/var/lib/mysql
```
---
## OCC (Nextcloud Command Line) 🔧
To use OCC, run:
```bash
docker-compose exec -it -u www-data application /var/www/html/occ
```
### User Administration
#### List Users
```bash
docker compose exec -it -u www-data application php occ user:list
```
#### Sync Users
```bash
docker compose exec -it -u www-data application php occ user:sync
```
#### Create user via CLI
```bash
docker compose exec -it -u www-data application php occ user:add {{username}}
```
#### Make user admin via cli
```bash
docker compose exec -it -u www-data application php occ group:adduser admin {{username}}
```
#### Delete user via CLI
```bash
docker compose exec -it -u www-data application php occ user:delete {{username}}
```
---
### App Administration
```bash
docker compose exec -u www-data application php occ config:list {{app_name}}
```
### Initialize Duplicates
```bash
docker-compose exec -it -u www-data application /var/www/html/occ duplicates:find-all --output
```
### Unlock Files
```bash
docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mode --on
docker-compose exec -it nextcloud_database_1 mysql -u nextcloud -pPASSWORD1234132 -D nextcloud -e "delete from oc_file_locks where 1"
docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mode --off
```
---
## Apps
### App Relevant Tables 🗃️
- `oc_appconfig`
- `oc_migrations`
### Cospend
#### Relevant SQL Commands for Cospend
Debugguging Migrations:
https://github.com/julien-nc/cospend-nc/issues/325
```sql
-- Show all Cospend Tables
SHOW TABLES where Tables_in_nextcloud LIKE "%cospend%";
-- Show Cospend Configuration
SELECT * FROM `oc_appconfig` WHERE appid LIKE "%cospend%";
-- Show Cospend Database Migrations
SELECT * FROM `oc_migrations` WHERE app LIKE "%cospend%";
```
# Identity and Access Management (IAM)
## OpenID Connect (OIDC) Support 🔐
OIDC is supported in this role—for example, via **Keycloak**. OIDC-specific tasks are included when enabled, allowing integration of external authentication providers seamlessly.
### Verify OIDC Configuration
```bash
docker compose exec -u www-data application /var/www/html/occ config:app:get sociallogin custom_providers
```
## LDAP
More information: https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html
## Get all relevant entries except password
```sql
SELECT * FROM `oc_appconfig` WHERE appid LIKE "%ldap%" and configkey != "s01ldap_agent_password";
```
## Update User with LDAP values
```bash
docker compose exec -it -u www-data application php occ ldap:check-user --update {{username}}
```
## Federation
If users are just created via Keycloak and not via LDAP, they have a different username. Due to this reaso concider to use LDAP to guaranty that the username is valid.

202
roles/docker-nextcloud/README.md
View File

@ -1,201 +1,9 @@
# Docker Nextcloud Role 🚀
This repository contains an Ansible role for deploying and managing [Nextcloud](https://nextcloud.com/) using [Docker](https://www.docker.com/). It covers configuration modifications, updates, backups, database management, and more. Additionally, OIDC (OpenID Connect) is supported (for example, via **Keycloak**).
---
## Modify Config 🔧
### Enter the Container
```bash
docker-compose exec -it application /bin/sh
```
### Modify the Configuration
Inside the container, install a text editor and edit the config:
```bash
apk add --no-cache nano && nano config/config.php
```
---
## Update 🔄
To update the Nextcloud container, execute the following commands on the server:
```bash
docker exec -it -u www-data nextcloud-application /var/www/html/occ maintenance:mode --on &&
export COMPOSE_HTTP_TIMEOUT=600 &&
export DOCKER_CLIENT_TIMEOUT=600 &&
docker-compose down
```
Afterwards, update the ***applications.nextcloud.version*** variable to the next version and run this repository with this Ansible role.
> **Note:**
> It is only possible to update from one to the next major version at a time.
> Wait for the update to finish.
Verify the update by checking the logs:
```bash
docker-compose logs application
```
and
```bash
docker-compose exec -it application top
```
If Nextcloud remains in maintenance mode after the update, try the following:
```bash
docker exec -it -u www-data nextcloud-application/var/www/html/occ maintenance:mode --on
docker exec -it -u www-data nextcloud-application /var/www/html/occ upgrade
docker exec -it -u www-data nextcloud-application /var/www/html/occ maintenance:mode --off
```
If the update process fails, execute:
```bash
docker exec -it -u www-data nextcloud-application /var/www/html/occ maintenance:repair --include-expensive
```
and disable any non-functioning apps.
---
## Recover Latest Backup 💾
```bash
cd {{path_docker_compose_instances}}nextcloud &&
docker-compose down &&
docker-compose exec -i database mysql -u nextcloud -pPASSWORT nextcloud < "/Backups/$(sha256sum /etc/machine-id | head -c 64)/backup-docker-to-local/latest/nextcloud_database/sql/backup.sql" &&
cd {{path_administrator_scripts}}backup-docker-to-local &&
bash ./recover-docker-from-local.sh "nextcloud_data" "$(sha256sum /etc/machine-id | head -c 64)"
```
---
## Database Management 🗄️
### Database Access
To access the database, execute:
```bash
docker-compose exec -it database mysql -u nextcloud -D nextcloud -p
```
### Recreate Database with New Volume
```bash
docker-compose run --detach --name database --env MYSQL_USER="nextcloud" --env MYSQL_PASSWORD=PASSWORD --env MYSQL_ROOT_PASSWORD=PASSWORD --env MYSQL_DATABASE="nextcloud" -v nextcloud_database:/var/lib/mysql
```
---
## OCC (Nextcloud Command Line) 🔧
To use OCC, run:
```bash
docker-compose exec -it -u www-data application /var/www/html/occ
```
### User Administration
#### List Users
```bash
docker compose exec -it -u www-data application php occ user:list
```
#### Sync Users
```bash
docker compose exec -it -u www-data application php occ user:sync
```
#### Create user via CLI
```bash
docker compose exec -it -u www-data application php occ user:add {{username}}
```
#### Make user admin via cli
```bash
docker compose exec -it -u www-data application php occ group:adduser admin {{username}}
```
#### Delete user via CLI
```bash
docker compose exec -it -u www-data application php occ user:delete {{username}}
```
---
### App Administration
```bash
docker compose exec -u www-data application php occ config:list {{app_name}}
```
### Initialize Duplicates
```bash
docker-compose exec -it -u www-data application /var/www/html/occ duplicates:find-all --output
```
### Unlock Files
```bash
docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mode --on
docker-compose exec -it nextcloud_database_1 mysql -u nextcloud -pPASSWORD1234132 -D nextcloud -e "delete from oc_file_locks where 1"
docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mode --off
```
---
## Apps
### App Relevant Tables 🗃️
- `oc_appconfig`
- `oc_migrations`
### Cospend
#### Relevant SQL Commands for Cospend
Debugguging Migrations:
https://github.com/julien-nc/cospend-nc/issues/325
```sql
-- Show all Cospend Tables
SHOW TABLES where Tables_in_nextcloud LIKE "%cospend%";
-- Show Cospend Configuration
SELECT * FROM `oc_appconfig` WHERE appid LIKE "%cospend%";
-- Show Cospend Database Migrations
SELECT * FROM `oc_migrations` WHERE app LIKE "%cospend%";
```
# Identity and Access Management (IAM)
## OpenID Connect (OIDC) Support 🔐
OIDC is supported in this role—for example, via **Keycloak**. OIDC-specific tasks are included when enabled, allowing integration of external authentication providers seamlessly.
### Verify OIDC Configuration
```bash
docker compose exec -u www-data application /var/www/html/occ config:app:get sociallogin custom_providers
```
## LDAP
More information: https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html
## Get all relevant entries except password
```sql
SELECT * FROM `oc_appconfig` WHERE appid LIKE "%ldap%" and configkey != "s01ldap_agent_password";
```
## Update User with LDAP values
```bash
docker compose exec -it -u www-data application php occ ldap:check-user --update {{username}}
```
## Federation
If users are just created via Keycloak and not via LDAP, they have a different username. Due to this reaso concider to use LDAP to guaranty that the username is valid.
---
## Further Information
## 📚 Other Resources
- [Nextcloud Docker Example with Nginx Proxy, MariaDB, and FPM](https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml)
- [Nextcloud Upgrade via Docker by Goneuland](https://goneuland.de/nextcloud-upgrade-auf-neue-versionen-mittels-docker/)
@ -210,14 +18,6 @@ If users are just created via Keycloak and not via LDAP, they have a different u
- [Nextcloud Talk Plugin and Turnserver in Docker](https://forum.openmediavault.org/index.php?thread/31782-docker-nextcloud-talk-plugin-and-turnserver/)
- [Nextcloud Talk on Docker: Turn Server Issues](https://help.nextcloud.com/t/nextcloud-talk-im-docker/container/turn-server-auf-docker-host-kein-video/84133/10)
---
## Author
**Developed by:** Kevin Veen-Birkenbach
**Website:** [https://www.veen.world/](https://www.veen.world/)
*This README.md was created with the help of [ChatGPT](https://chatgpt.com/share/67a5312c-7248-800f-ae27-0288c1c82f1d).*
---
*Enjoy and happy containerizing! 😄*

2
roles/docker-oauth2-proxy/README.md
View File

@ -2,7 +2,7 @@
Welcome to the **Docker OAuth2 Proxy Role**! 🌟 This role contains helper functions to set up an OAuth2 proxy using [OAuth2 Proxy](https://github.com/oauth2-proxy/oauth2-proxy), a tool designed to secure applications by protecting them with OAuth2 authentication. 💡
## Overview
## 📌 Overview
The OAuth2 Proxy is used to shield specific web applications from unauthorized access by requiring users to authenticate via an external identity provider, such as Keycloak. This role simplifies the setup process by providing templated configurations and tasks to integrate the OAuth2 Proxy with Docker Compose and Keycloak.

2
roles/docker-openproject/README.md
View File

@ -1,6 +1,6 @@
# OpenProject Role
## Overview
## 📌 Overview
This role is designed to deploy the [OpenProject](https://www.openproject.org/) application using Docker. It includes tasks for setting up the environment, pulling the Docker repository, and configuring a reverse proxy with Nginx. It was developed by [Kevin Veen-Birkenbach](https://www.veen.world/)

29
roles/docker-peertube/Administration.md Normal file
View File

@ -0,0 +1,29 @@
# Administration
## track docker container status
```bash
watch -n 2 "docker ps -a | grep peertube"
```
## clean rebuild
```bash
cd {{path_docker_compose_instances}}peertube/ &&
docker-compose down
docker volume rm peertube_assets peertube_config peertube_data peertube_database peertube_redis
docker-compose up -d
```
## access terminal
```bash
docker-compose exec -it application /bin/bash
```
## update config
```bash
apt update && apt install nano && nano ./config/default.yaml
```
## get root pasword
```bash
docker logs peertube-application-1 | grep -A1 root
```

32
roles/docker-peertube/README.md
View File

@ -1,37 +1,7 @@
# docker peertube
## track docker container status
```bash
watch -n 2 "docker ps -a | grep peertube"
```
## clean rebuild
```bash
cd {{path_docker_compose_instances}}peertube/ &&
docker-compose down
docker volume rm peertube_assets peertube_config peertube_data peertube_database peertube_redis
docker-compose up -d
```
## access terminal
```bash
docker-compose exec -it application /bin/bash
```
## update config
```bash
apt update && apt install nano && nano ./config/default.yaml
```
## get root pasword
```bash
docker logs peertube-application-1 | grep -A1 root
```
## upgrade version
- https://docs.joinpeertube.org/install/docker
## further information
## 📚 Other Resources
- https://docs.joinpeertube.org/install-docker
- https://github.com/Chocobozzz/PeerTube/issues/3091
- [OIDC Plugin installation](https://chatgpt.com/c/67a4f448-4be8-800f-8639-4c15cb2fb44e)

2
roles/docker-peertube/Upgrade.md Normal file
View File

@ -0,0 +1,2 @@
# upgrade version
- https://docs.joinpeertube.org/install/docker

134
roles/docker-pixelfed/Administration.md Normal file
View File

@ -0,0 +1,134 @@
## Accessing Services
### Application Access
To gain shell access to the application container, run the following command:
```bash
docker-compose exec -it application bash
```
### Clear Cache
```bash
docker compose exec -it application php artisan cache:clear
```
### Database Access
To access the MariaDB instance in the database container, run the following command:
```bash
docker-compose exec -it database mariadb -u pixelfed -p
```
### User Management via CLI in Pixelfed Docker Setup
To manage users in your Pixelfed instance running in a Docker container, as configured in Kevin Veen-Birkenbach's docker-pixelfed role, you can follow these steps via the Command Line Interface (CLI):
1. **Access the Application Container:** First, gain shell access to the Pixelfed application container. Use the command provided in the README:
```bash
docker-compose exec -it application bash
```
This command lets you access the bash shell inside the `application` Docker container where Pixelfed is running.
2. **Navigate to Pixelfed Directory:** Once inside the container, navigate to the Pixelfed directory. This is typically the root directory where Pixelfed is installed.
3. **Use Artisan Commands:** Pixelfed is built on Laravel, so you'll use Laravel's Artisan CLI for user management. Here are some common tasks:
- **Create a New User:**
```bash
php artisan user:create
```
This command will prompt you to enter the user's details like username, email, and password.
- **List Users:**
```bash
php artisan user:list
```
This command displays a list of all users.
- **Delete a User:**
```bash
php artisan user:delete {username}
```
Replace `{username}` with the actual username of the user you wish to delete.
- **Reset Password:**
```bash
php artisan user:reset-password {username}
```
This will initiate a password reset process for the specified user.
4. **Verify and Validate:** Depending on your Pixelfed's configuration, especially if email verification is required, you might need to perform additional steps to verify new accounts or modify user details.
5. **Exit the Container:** After completing your user management tasks, exit the Docker container shell by typing `exit`.
### Note:
- **Commands Variability:** The available Artisan commands can vary based on your version of Pixelfed and Laravel. Always refer to the specific documentation for your version.
- **Permissions:** Ensure you have the necessary permissions and rights within the Docker container to perform these actions.
- **Environment Specifics:** The exact paths and commands may vary based on your Docker and Pixelfed setup, as defined in your `docker-compose.yml` and other configuration files.
This process provides a streamlined way to manage Pixelfed users directly from the CLI in a Dockerized environment, ensuring that you can efficiently administer your Pixelfed instance without needing to access the Pixelfed web interface.
## Instagram Import Cleanup
If you have imported posts from Instagram, you can clean up the imported data and files as follows:
### Database Cleanup
Run these commands inside your MariaDB shell to remove import related data:
```bash
DELETE from import_posts WHERE 1;
DELETE from import_jobs WHERE 1;
DELETE from import_datas WHERE 1;
DELETE from statuses where created_at < "2022-12-01 22:15:39";
DELETE from media where deleted_at >= "2023-07-28 14:39:05";
```
### File System Cleanup
Run these commands to remove the imported files and trigger the cleanup job:
```bash
docker-compose exec -u "www-data" application rm -rv "/var/www/storage/app/imports/1"
docker-compose exec -u "www-data" application php artisan schedule:run
```
## Full Cleanup (Reset)
For a hard reset, which will delete all data and stop all services, use the following commands:
```bash
docker-compose down
docker volume rm pixelfed_application_data pixelfed_database pixelfed_redis
```
## Update Procedure
To update your Pixelfed instance, navigate to the directory where your `docker-compose.yml` file is located and run these commands:
```bash
cd {{path_docker_compose_instances}}pixelfed/ &&
docker-compose down &&
docker network prune -f &&
docker-compose pull &&
docker-compose build &&
docker-compose -p pixelfed up -d --force-recreate
```
## Inspecting the Services
To see the status of all services or follow the logs, use these commands:
```bash
docker-compose ps -a
docker-compose logs -f
```
## Debug
To debug the system set APP_DEBUG to true, like descriped [here](https://docs.pixelfed.org/technical-documentation/config/).
```bash
nano config/app.php
php artisan cache:clear
php artisan route:cache
php artisan view:clear
php artisan config:cache
```
## Modifying files
```bash
apt update && apt upgrade && apt install nano
```

135
roles/docker-pixelfed/README.md
View File

@ -2,141 +2,6 @@
This README details the steps to manage your Pixelfed instance running in a Docker container. This setup is part of the docker-pixelfed role within Kevin Veen-Birkenbach's cymais located at [this GitHub repository](https://github.com/kevinveenbirkenbach/cymais/tree/master/roles/docker-pixelfed).
## Accessing Services
### Application Access
To gain shell access to the application container, run the following command:
```bash
docker-compose exec -it application bash
```
### Clear Cache
```bash
docker compose exec -it application php artisan cache:clear
```
### Database Access
To access the MariaDB instance in the database container, run the following command:
```bash
docker-compose exec -it database mariadb -u pixelfed -p
```
### User Management via CLI in Pixelfed Docker Setup
To manage users in your Pixelfed instance running in a Docker container, as configured in Kevin Veen-Birkenbach's docker-pixelfed role, you can follow these steps via the Command Line Interface (CLI):
1. **Access the Application Container:** First, gain shell access to the Pixelfed application container. Use the command provided in the README:
```bash
docker-compose exec -it application bash
```
This command lets you access the bash shell inside the `application` Docker container where Pixelfed is running.
2. **Navigate to Pixelfed Directory:** Once inside the container, navigate to the Pixelfed directory. This is typically the root directory where Pixelfed is installed.
3. **Use Artisan Commands:** Pixelfed is built on Laravel, so you'll use Laravel's Artisan CLI for user management. Here are some common tasks:
- **Create a New User:**
```bash
php artisan user:create
```
This command will prompt you to enter the user's details like username, email, and password.
- **List Users:**
```bash
php artisan user:list
```
This command displays a list of all users.
- **Delete a User:**
```bash
php artisan user:delete {username}
```
Replace `{username}` with the actual username of the user you wish to delete.
- **Reset Password:**
```bash
php artisan user:reset-password {username}
```
This will initiate a password reset process for the specified user.
4. **Verify and Validate:** Depending on your Pixelfed's configuration, especially if email verification is required, you might need to perform additional steps to verify new accounts or modify user details.
5. **Exit the Container:** After completing your user management tasks, exit the Docker container shell by typing `exit`.
### Note:
- **Commands Variability:** The available Artisan commands can vary based on your version of Pixelfed and Laravel. Always refer to the specific documentation for your version.
- **Permissions:** Ensure you have the necessary permissions and rights within the Docker container to perform these actions.
- **Environment Specifics:** The exact paths and commands may vary based on your Docker and Pixelfed setup, as defined in your `docker-compose.yml` and other configuration files.
This process provides a streamlined way to manage Pixelfed users directly from the CLI in a Dockerized environment, ensuring that you can efficiently administer your Pixelfed instance without needing to access the Pixelfed web interface.
## Instagram Import Cleanup
If you have imported posts from Instagram, you can clean up the imported data and files as follows:
### Database Cleanup
Run these commands inside your MariaDB shell to remove import related data:
```bash
DELETE from import_posts WHERE 1;
DELETE from import_jobs WHERE 1;
DELETE from import_datas WHERE 1;
DELETE from statuses where created_at < "2022-12-01 22:15:39";
DELETE from media where deleted_at >= "2023-07-28 14:39:05";
```
### File System Cleanup
Run these commands to remove the imported files and trigger the cleanup job:
```bash
docker-compose exec -u "www-data" application rm -rv "/var/www/storage/app/imports/1"
docker-compose exec -u "www-data" application php artisan schedule:run
```
## Full Cleanup (Reset)
For a hard reset, which will delete all data and stop all services, use the following commands:
```bash
docker-compose down
docker volume rm pixelfed_application_data pixelfed_database pixelfed_redis
```
## Update Procedure
To update your Pixelfed instance, navigate to the directory where your `docker-compose.yml` file is located and run these commands:
```bash
cd {{path_docker_compose_instances}}pixelfed/ &&
docker-compose down &&
docker network prune -f &&
docker-compose pull &&
docker-compose build &&
docker-compose -p pixelfed up -d --force-recreate
```
## Inspecting the Services
To see the status of all services or follow the logs, use these commands:
```bash
docker-compose ps -a
docker-compose logs -f
```
## Debug
To debug the system set APP_DEBUG to true, like descriped [here](https://docs.pixelfed.org/technical-documentation/config/).
```bash
nano config/app.php
php artisan cache:clear
php artisan route:cache
php artisan view:clear
php artisan config:cache
```
## Modifying files
```bash
apt update && apt upgrade && apt install nano
```
## Further Reading
For additional information, refer to these resources:
- [Docker image on Docker Hub](https://hub.docker.com/r/zknt/pixelfed)

5
roles/docker-postgres/Administration.md Normal file
View File

@ -0,0 +1,5 @@
## Root Access
To access the database via the root account execute the following on the server:
```bash
docker exec -it central-postgres psql -U postgres
```

8
roles/docker-postgres/README.md
View File

@ -1,6 +1,6 @@
# Docker-Postgres Ansible Role
## Overview
## 📌 Overview
This Ansible role is designed to deploy a PostgreSQL database using Docker. It includes tasks for setting up a Docker network, installing PostgreSQL in a Docker container, and initializing the database with a specified user and database.
## Role Variables
@ -23,12 +23,6 @@ This Ansible role is designed to deploy a PostgreSQL database using Docker. It i
2. Include this role in your playbook.
3. Run the playbook against the target host.
## Root Access
To access the database via the root account execute the following on the server:
```bash
docker exec -it central-postgres psql -U postgres
```
## Notes
- The PostgreSQL server is bound to `127.0.0.1:5432` on the host machine, making it accessible only from localhost.

2
roles/docker-roulette-wheel/README.md
View File

@ -1,6 +1,6 @@
# docker roulette-wheel
## further information
## 📚 Other Resources
- https://github.com/p-wojt/roulette-wheel
- https://dev.to/ms314006/how-to-package-front-end-projects-into-docker-images-and-use-it-with-webpack-go3
- https://stackoverflow.com/questions/53178820/dockerfile-to-run-nodejs-static-content-in-docker-container

7
roles/docker-snipe_it/Administration.md Normal file
View File

@ -0,0 +1,7 @@
# Administration 🛠️
Clear and restart the application:
```bash
docker-compose exec application php artisan config:clear
docker-compose exec application php artisan cache:clear
docker-compose restart application
```

8
roles/docker-snipe_it/README.md
View File

@ -13,14 +13,6 @@ This 🚀 **CyMaIS** role provides an automated deployment and configuration for
- **SAML Authentication Support** (Pending Fix) 🔐
- **Redis Caching** for improved performance ⚡
## Administration 🛠️
Clear and restart the application:
```bash
docker-compose exec application php artisan config:clear
docker-compose exec application php artisan cache:clear
docker-compose restart application
```
## Pending Issue 🚧
To ensure full **SAML authentication integration**, this issue still needs to be resolved:
🔗 [GitHub Issue #16186](https://github.com/snipe/snipe-it/issues/16186)

27
roles/docker-wordpress/Administration.md Normal file
View File

@ -0,0 +1,27 @@
# Administration
## database
## access database
To access the database execute
```bash
docker-compose exec -it database /bin/mysql -u wordpress -p
```
## upgrade database
To upgrade the database execute
```bash
docker-compose exec -it database /bin/mysql_upgrade --user=root --password=
```
## change database root password
- https://wolfgang.gassler.org/reset-password-mariadb-mysql-docker/
- https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password
## bash in application
docker-compose exec -it wordpress-application-1 /bin/sh
## update wp-config.php
```bash
apt update && apt install nano && nano wp-config.php
```

26
roles/docker-wordpress/README.md
View File

@ -1,31 +1,5 @@
# role docker-wordpress
## database
## access database
To access the database execute
```bash
docker-compose exec -it database /bin/mysql -u wordpress -p
```
## upgrade database
To upgrade the database execute
```bash
docker-compose exec -it database /bin/mysql_upgrade --user=root --password=
```
## change database root password
- https://wolfgang.gassler.org/reset-password-mariadb-mysql-docker/
- https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password
## bash in application
docker-compose exec -it wordpress-application-1 /bin/sh
## update wp-config.php
```bash
apt update && apt install nano && nano wp-config.php
```
## multiside
- https://multilingualpress.de/doku/wordpress-multisite-installieren-einrichten/
- https://pressable.com/knowledgebase/adding-or-changing-the-domain-on-a-wordpress-multisite/

9
roles/docker-yourls/Administration.md Normal file
View File

@ -0,0 +1,9 @@
# Administration
## database
To login to the database type in:
```bash
docker-compose exec -it database /bin/mysql -u yourls -p
```

8
roles/docker-yourls/README.md
View File

@ -1,9 +1 @@
# role docker-yourls
## database
To login to the database type in:
```bash
docker-compose exec -it database /bin/mysql -u yourls -p
```

2
roles/driver-epson-multiprinter/README.md
View File

@ -1,5 +1,5 @@
# role driver-epson-multiprinter
## further information
## 📚 Other Resources
- https://bernhardsteindl.at/epson-ecotank-et-3600-unter-arch-linux-einrichten/
- http://download.ebz.epson.net/dsc/search/01/search/searchModule
- https://aur.archlinux.org/packages/epson-inkjet-printer-escpr

2
roles/health-nginx/README.md
View File

@ -1,6 +1,6 @@
# health-nginx
## Overview
## 📌 Overview
`health-nginx` is an Ansible role designed to send health reports for nginx configurations. It leverages Python scripting to check the status of nginx server configurations and reports back any issues. This role is especially useful for maintaining the health of nginx servers in a dynamic environment.
## Requirements

2
roles/hunspell/tasks/README.md
View File

@ -1,6 +1,6 @@
# Hunspell
## Overview
## 📌 Overview
This README accompanies the Hunspell Playbook, located within the `cymais` repository. The playbook is focused on installing Hunspell, a widely-used spell checker, along with various language packages to enhance its functionality.
## Playbook Contents

2
roles/java/README.md
View File

@ -1,6 +1,6 @@
# Java
## Overview
## 📌 Overview
This README file is for the Java role, which is part of the `cymais`. The role is specifically designed to automate the installation of Java on a system, focusing on the OpenJDK 11 version.
## Contents of the role

2
roles/nginx-redirect-www/README.md
View File

@ -1,6 +1,6 @@
# nginx-redirect-www
## Overview
## 📌 Overview
The `nginx-redirect-www` role is designed to automate the process of setting up redirects from `www.domain.tld` to `domain.tld` for all domains and subdomains configured within the `{{nginx.directories.http.servers}}` directory. This role dynamically identifies configuration files following the pattern `*domain.tld.conf` and creates corresponding redirection rules.
## Role Description

4
roles/pc-administrator-tools/README.md
View File

@ -1,6 +1,6 @@
# PC-Bluray-Player-Tools Role
## Overview
## 📌 Overview
Welcome to the `pc-bluray-player-tools` role, a part of the `cymais` repository. This role is dedicated to setting up software required for Blu-ray playback on personal computers. It focuses on installing necessary packages to enable the use of Blu-ray media with VLC player and other compatible software.
## Role Contents
@ -12,7 +12,7 @@ The `main.yml` file in this role consists of tasks that automate the installatio
There are commented-out tasks for installing additional AUR packages, such as `aacskeys` and `libbdplus`, which can be enabled as per the user's requirements.
## Further Information and Resources
## 📚 Other Resources and Resources
For more in-depth information and guidance on Blu-ray playback and software configuration, the following resources can be consulted:
- [Arch Linux Wiki on Blu-ray](https://wiki.archlinux.org/title/Blu-ray#Using_aacskeys)
- [Guide to Play Blu-ray with VLC](https://videobyte.de/play-blu-ray-with-vlc)

2
roles/pc-bluray-player-tools/README.md
View File

@ -1,6 +1,6 @@
# collection-blu-ray-player
## further information
## 📚 Other Resources
- https://wiki.archlinux.org/title/Blu-ray#Using_aacskeys
- https://videobyte.de/play-blu-ray-with-vlc
- https://archived.forum.manjaro.org/t/wie-kann-ich-bluray-uhd-abspielen/127396/12

2
roles/pc-designer-tools/README.md
View File

@ -1,6 +1,6 @@
# PC-Designer-Tools Role
## Overview
## 📌 Overview
This README is associated with the `pc-designer-tools` role, part of the `cymais` repository. This role focuses on setting up a suite of essential design tools on personal computers, catering specifically to the needs of graphic designers, illustrators, and digital artists.
## Role Contents

2
roles/pc-developer-tools-arduino/README.md
View File

@ -1,6 +1,6 @@
# PC-Developer-Tools-Arduino Role
## Overview
## 📌 Overview
This README file is for the `pc-developer-tools-arduino` role, a specialized component of the `cymais` repository. This role is specifically crafted for setting up Arduino development tools on personal computers.
## Role Details

2
roles/pc-developer-tools-bash/README.md
View File

@ -1,6 +1,6 @@
# PC-Developer-Tools-Bash Role
## Overview
## 📌 Overview
This README accompanies the `pc-developer-tools-bash` role within the `cymais` repository. This role is dedicated to equipping personal computers with essential tools for Bash scripting and development.
## Role Contents

2
roles/pc-developer-tools-java/README.md
View File

@ -1,6 +1,6 @@
# PC-Developer-Tools-Java Role
## Overview
## 📌 Overview
Welcome to the `pc-developer-tools-java` role, a part of the `cymais` repository. This role is specifically designed for setting up Java development tools on personal computers. It is an essential component for Java developers, providing the necessary tools and dependencies for efficient Java development.
## Role Dependencies

2
roles/pc-developer-tools-php/README.md
View File

@ -1,6 +1,6 @@
# PC-Developer-Tools-PHP Role
## Overview
## 📌 Overview
This README document is for the `pc-developer-tools-php` role within the `cymais` repository. This role is specifically designed to facilitate the setup of PHP development tools on personal computing environments.
## Role Contents

2
roles/pc-developer-tools-python/README.md
View File

@ -1,6 +1,6 @@
# PC-Developer-Tools-Python Role
## Overview
## 📌 Overview
This README accompanies the `pc-developer-tools-python` role, which is part of the `cymais` repository. The role is dedicated to setting up Python development tools on personal computers.
## Role Contents

2
roles/pc-developer-tools/README.md
View File

@ -1,6 +1,6 @@
# PC-Developer-Tools Role
## Overview
## 📌 Overview
This README document is for the `pc-developer-tools` role within the `cymais` repository. The role is designed to streamline the setup of essential development tools on personal computers, particularly for software development environments.
## Role Contents

2
roles/pc-docker/README.md
View File

@ -1,6 +1,6 @@
# README for PC-Docker Playbook
## Overview
## 📌 Overview
This playbook, `pc-docker`, is part of a larger collection housed within the `cymais` repository. It is specifically tailored for setting up Docker and Docker Compose on personal computers (PCs) used for development purposes. The primary goal is to facilitate a development environment on individual workstations rather than configuring servers for hosting or distributing Docker images.
## Contents

Some files were not shown because too many files have changed in this diff Show More