kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-04-04 16:14:16 +02:00
Code Issues Packages Projects Releases Wiki Activity

Activated oidc_login by default and optimized documentation for applications

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-02-26 15:54:46 +01:00
parent 54dab4ba6a
commit 9720fc1813
1 changed files with 105 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

208
group_vars/all/07_applications.yml
View File

@ -59,57 +59,57 @@ defaults_applications:
## Discourse: ## Discourse:
discourse: discourse:
network: "discourse_default" # Name of the docker network network: "discourse_default" # Name of the docker network
container: "discourse_application" # Name of the container application container: "discourse_application" # Name of the container application
repository: "discourse_repository" # Name of the repository folder repository: "discourse_repository" # Name of the repository folder
# database_password: # Needs to be defined in inventory file # database_password: # Needs to be defined in inventory file
oidc: oidc:
enabled: true # Activate OIDC enabled: true # Activate OIDC
database: database:
central_storage: True central_storage: True # Activate Central Database Storage
## Friendica ## Friendica
friendica: friendica:
version: "latest" version: "latest"
oidc: oidc:
enabled: true # Activate OIDC. Plugin is not working yet enabled: true # Activate OIDC. Plugin is not working yet
database: database:
central_storage: True central_storage: True # Activate Central Database Storage
## Funkwhale ## Funkwhale
funkwhale: funkwhale:
version: "1.4.0" version: "1.4.0"
ldap: ldap:
enabled: True # Enables LDAP by default @todo check implementation enabled: True # Enables LDAP by default @todo check implementation
database: database:
central_storage: True central_storage: True # Activate Central Database Storage
## Gitea ## Gitea
gitea: gitea:
version: "latest" version: "latest"
database: database:
central_storage: True central_storage: True # Activate Central Database Storage
## Gitlab ## Gitlab
gitlab: gitlab:
version: "latest" version: "latest"
database: database:
central_storage: True central_storage: True # Activate Central Database Storage
## Joomla ## Joomla
joomla: joomla:
version: "latest" version: "latest"
## Keycloak ## Keycloak
keycloak: keycloak:
version: "latest" version: "latest"
users: users:
administrator: administrator:
username: "{{users.administrator.username}}" # Administrator Username for Keycloak username: "{{users.administrator.username}}" # Administrator Username for Keycloak
ldap: ldap:
enabled: True # Enables LDAP by default enabled: True # Enables LDAP by default
database: database:
central_storage: True central_storage: True # Activate Central Database Storage
# database_password: # Needs to be defined in inventory file # database_password: # Needs to be defined in inventory file
# administrator_password: # Needs to be defined in inventory file # administrator_password: # Needs to be defined in inventory file
@ -117,57 +117,57 @@ defaults_applications:
ldap: ldap:
lam: lam:
version: "latest" version: "latest"
administrator_password: "{{users.administrator.initial_password}}" # CHANGE for security reasons administrator_password: "{{users.administrator.initial_password}}" # CHANGE for security reasons
openldap: openldap:
version: "latest" version: "latest"
network: network:
local: True # Activates local network to allow other docker containers to connect local: True # Activates local network to allow other docker containers to connect
public: False # Set to true in inventory file if you want to expose the LDAP port to the internet public: False # Set to true in inventory file if you want to expose the LDAP port to the internet
hostname: "openldap" # Hostname of the LDAP Server in the central_ldap network hostname: "openldap" # Hostname of the LDAP Server in the central_ldap network
phpldapadmin: phpldapadmin:
version: "2.0.0-dev" # @todo Attention: Change this as fast as released to latest version: "2.0.0-dev" # @todo Attention: Change this as fast as released to latest
webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin
users: users:
administrator: administrator:
username: "{{users.administrator.username}}" username: "{{users.administrator.username}}"
ldap: ldap:
enabled: True # Should have the same value as applications.ldap.openldap.network.local. enabled: True # Should have the same value as applications.ldap.openldap.network.local.
force_import: false # Forces the import of the LDIF files when set to true force_import: false # Forces the import of the LDIF files when set to true
oauth2_proxy: oauth2_proxy:
enabled: true # Activate the OAuth2 Proxy for the LDAP Webinterface enabled: true # Activate the OAuth2 Proxy for the LDAP Webinterface
application: lam # Needs to be the same as webinterface application: lam # Needs to be the same as webinterface
port: 80 # If you use phpldapadmin set it to 8080 port: 80 # If you use phpldapadmin set it to 8080
# cookie_secret: None # Set via openssl rand -hex 16 # cookie_secret: None # Set via openssl rand -hex 16
database: database:
central_storage: false # LDAP doesn't use an database in the current configuration. Propably a good idea to implement one later. central_storage: false # LDAP doesn't use an database in the current configuration. Propably a good idea to implement one later.
# administrator_password: # CHANGE for security reasons in inventory file # administrator_password: # CHANGE for security reasons in inventory file
# administrator_database_password: # CHANGE for security reasons in inventory file # administrator_database_password: # CHANGE for security reasons in inventory file
## Listmonk ## Listmonk
listmonk: listmonk:
users: users:
administrator: administrator:
username: "{{users.administrator.username}}" # Listmonk administrator account username username: "{{users.administrator.username}}" # Listmonk administrator account username
public_api_activated: False # Security hole. Can be used for spaming public_api_activated: False # Security hole. Can be used for spaming
version: "latest" # Docker Image version version: "latest" # Docker Image version
setup: false # Set true in inventory file to execute the setup and initializing procedures setup: false # Set true in inventory file to execute the setup and initializing procedures
database: database:
central_storage: True central_storage: True # Activate Central Database Storage
mailu: mailu:
version: "2024.06" # Docker Image Version version: "2024.06" # Docker Image Version
setup: false # Set true in inventory file to execute the setup and initializing procedures setup: false # Set true in inventory file to execute the setup and initializing procedures
oidc: oidc:
enabled: true # Activate OIDC for Mailu enabled: true # Activate OIDC for Mailu
domain: "{{primary_domain}}" # The main domain from which mails will be send \ email suffix behind @ domain: "{{primary_domain}}" # The main domain from which mails will be send \ email suffix behind @
# I don't know why the database deactivation is necessary # I don't know why the database deactivation is necessary
database: database:
central_storage: False # Deactivate central database for mailu central_storage: False # Deactivate central database for mailu
credentials: credentials:
# secret_key: # Set to a randomly generated 16 bytes string # secret_key: # Set to a randomly generated 16 bytes string
# database_password: # Needs to be set in inventory file # database_password: # Needs to be set in inventory file
# api_token: # Configures the authentication token. The minimum length is 3 characters. This is a mandatory setting for using the RESTful API. # api_token: # Configures the authentication token. The minimum length is 3 characters. This is a mandatory setting for using the RESTful API.
# initial_administrator_password: # Initial administrator password for setup # initial_administrator_password: # Initial administrator password for setup
## MariaDB ## MariaDB
mariadb: mariadb:
@ -175,26 +175,26 @@ defaults_applications:
## Matomo ## Matomo
matomo: matomo:
version: "latest" version: "latest"
oauth2_proxy: oauth2_proxy:
enabled: false # Deactivated atm. @todo implement enabled: false # Deactivated atm. @todo implement
# cookie_secret: None # Set via openssl rand -hex 16 # cookie_secret: None # Set via openssl rand -hex 16
# database_password: Null # Needs to be set in inventory file # database_password: Null # Needs to be set in inventory file
# auth_token: Null # Needs to be set in inventory file # auth_token: Null # Needs to be set in inventory file
css: css:
enabled: false # The css isn't optimized yet for Matomo enabled: false # The css isn't optimized yet for Matomo
database: database:
central_storage: True central_storage: True # Activate Central Database Storage
## Mastodon ## Mastodon
mastodon: mastodon:
version: "latest" version: "latest"
single_user_mode: false # Set true for initial setup single_user_mode: false # Set true for initial setup
setup: false # Set true in inventory file to execute the setup and initializing procedures setup: false # Set true in inventory file to execute the setup and initializing procedures
database: database:
central_storage: True central_storage: True # Activate Central Database Storage
oidc: oidc:
enabled: true # Activate OIDC for Mastodon enabled: True # Activate OIDC for Mastodon
credentials: credentials:
# Check out the README.md of the docker-mastodon role to get detailled instructions about how to setup the credentials # Check out the README.md of the docker-mastodon role to get detailled instructions about how to setup the credentials
# database_password: # database_password:
@ -212,68 +212,68 @@ defaults_applications:
matrix: matrix:
users: users:
administrator: administrator:
username: "{{users.administrator.username}}" # Accountname of the matrix admin username: "{{users.administrator.username}}" # Accountname of the matrix admin
playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start
role: "compose" # Role to setup Matrix. Valid values: ansible, compose role: "compose" # Role to setup Matrix. Valid values: ansible, compose
server_name: "{{primary_domain}}" # Adress for the account names etc. server_name: "{{primary_domain}}" # Adress for the account names etc.
synapse: synapse:
version: "latest" version: "latest"
element: element:
version: "latest" version: "latest"
setup: false # Set true in inventory file to execute the setup and initializing procedures setup: false # Set true in inventory file to execute the setup and initializing procedures
database: database:
central_storage: True central_storage: True # Activate Central Database Storage
oidc: oidc:
enabled: False # Deactivated OIDC due to this issue https://github.com/matrix-org/synapse/issues/10492 enabled: False # Deactivated OIDC due to this issue https://github.com/matrix-org/synapse/issues/10492
## Moodle ## Moodle
moodle: moodle:
site_titel: "Global Learning Academy on {{primary_domain}}" site_titel: "Global Learning Academy on {{primary_domain}}"
users: users:
administrator: administrator:
username: "{{users.administrator.username}}" username: "{{users.administrator.username}}"
email: "{{users.administrator.email}}" email: "{{users.administrator.email}}"
version: "latest" version: "latest"
database: database:
central_storage: True central_storage: True # Activate Central Database Storage
## MyBB ## MyBB
mybb: mybb:
version: "latest" version: "latest"
database: database:
central_storage: True central_storage: True # Activate Central Database Storage
## Nextcloud ## Nextcloud
nextcloud: nextcloud:
version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/ version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
ldap: ldap:
enabled: True # Enables LDAP by default enabled: True # Enables LDAP by default
oidc: oidc:
enabled: true # Activate OIDC for Nextcloud enabled: true # Activate OIDC for Nextcloud
# floavor decides which OICD plugin should be used. # floavor decides which OICD plugin should be used.
# Available options: oidc_login, sociallogin # Available options: oidc_login, sociallogin
# @see https://apps.nextcloud.com/apps/oidc_login # @see https://apps.nextcloud.com/apps/oidc_login
# @see https://apps.nextcloud.com/apps/sociallogin # @see https://apps.nextcloud.com/apps/sociallogin
flavor: "sociallogin" # Keeping on sociallogin because the other option is not implemented yet flavor: "oidc_login" # Keeping on sociallogin because the other option is not implemented yet
force_import: False # Forces the import of the LDIF files force_import: False # Forces the import of the LDIF files
database: database:
central_storage: True central_storage: True # Activate Central Database Storage
credentials: credentials:
# database_password: Null # Needs to be set in inventory file # database_password: Null # Needs to be set in inventory file
users: users:
administrator: administrator:
username: "{{users.administrator.username}}" username: "{{users.administrator.username}}"
initial_password: "{{users.administrator.initial_password}}" initial_password: "{{users.administrator.initial_password}}"
default_quota: '1000000000' # Quota to assign if no quota is specified in the OIDC response (bytes) default_quota: '1000000000' # Quota to assign if no quota is specified in the OIDC response (bytes)
legacy_login_mask: legacy_login_mask:
enabled: False # If true, then legacy login mask is shown. Otherwise just SSO enabled: False # If true, then legacy login mask is shown. Otherwise just SSO
## OAuth2 Proxy ## OAuth2 Proxy
oauth2_proxy: oauth2_proxy:
configuration_file: "oauth2-proxy-keycloak.cfg" # Needs to be set true in the roles which use it configuration_file: "oauth2-proxy-keycloak.cfg" # Needs to be set true in the roles which use it
version: "latest" # Docker Image version version: "latest" # Docker Image version
redirect_url: "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak. redirect_url: "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups
## Open Project ## Open Project
openproject: openproject:
@ -286,7 +286,7 @@ defaults_applications:
ldap: ldap:
enabled: True # Enables LDAP by default enabled: True # Enables LDAP by default
database: database:
central_storage: True central_storage: True # Activate Central Database Storage
css: css:
enabled: false # Temporary deactivated due to bugs enabled: false # Temporary deactivated due to bugs
# @todo Solve and reactivate # @todo Solve and reactivate
@ -295,7 +295,7 @@ defaults_applications:
peertube: peertube:
version: "bookworm" version: "bookworm"
database: database:
central_storage: True central_storage: True # Activate Central Database Storage
## PHPMyAdmin ## PHPMyAdmin
phpmyadmin: phpmyadmin:
@ -307,7 +307,7 @@ defaults_applications:
application: "application" application: "application"
# cookie_secret: None # Set via openssl rand -hex 16 # cookie_secret: None # Set via openssl rand -hex 16
database: database:
central_storage: True central_storage: True # Activate Central Database Storage
css: css:
enabled: False # The css needs more optimation for PHPMyAdmin enabled: False # The css needs more optimation for PHPMyAdmin
@ -316,7 +316,7 @@ defaults_applications:
titel: "Pictures on {{primary_domain}}" titel: "Pictures on {{primary_domain}}"
version: "latest" version: "latest"
database: database:
central_storage: True central_storage: True # Activate Central Database Storage
## Postgres ## Postgres
# Please set an version in your inventory file - Rolling release for postgres isn't recommended # Please set an version in your inventory file - Rolling release for postgres isn't recommended
@ -331,28 +331,28 @@ defaults_applications:
snipe_it: snipe_it:
version: "latest" version: "latest"
database: database:
central_storage: True central_storage: True # Activate Central Database Storage
## Taiga ## Taiga
taiga: taiga:
version: "latest" version: "latest"
database: database:
central_storage: True central_storage: True # Activate Central Database Storage
## YOURLS ## YOURLS
yourls: yourls:
users: users:
administrator: administrator:
username: "{{users.administrator.username}}" username: "{{users.administrator.username}}"
version: "latest" version: "latest"
oauth2_proxy: oauth2_proxy:
enabled: true enabled: true
application: "application" application: "application"
port: "80" port: "80"
location: "/admin/" # Protects the admin area location: "/admin/" # Protects the admin area
# cookie_secret: None # Set via openssl rand -hex 16 # cookie_secret: None # Set via openssl rand -hex 16
database: database:
central_storage: True central_storage: True # Activate Central Database Storage
wordpress: wordpress:
# Deactivate Global theming for wordpress role # Deactivate Global theming for wordpress role
@ -364,4 +364,4 @@ defaults_applications:
css: css:
enabled: false enabled: false
database: database:
central_storage: True central_storage: True # Activate Central Database Storage