diff --git a/group_vars/all b/group_vars/all deleted file mode 100644 index a1f4bc6d..00000000 --- a/group_vars/all +++ /dev/null @@ -1,343 +0,0 @@ -# General -pause_duration: "120" # Database delay to wait for the central database before continue tasks -ip4_address: "127.0.0.1" # Change thie in inventory to the ip address of your server -backups_folder_path: "/Backups/" # Path to the backups folder - -## Domain -primary_domain_tld: "localhost" # Top Level Domain of the server -primary_domain_sld: "cymais" # Second Level Domain of the server -primary_domain: "{{primary_domain_sld}}.{{primary_domain_tld}}" # Primary Domain of the server - -# Administrator -administrator_username: "administrator" # Username of the administrator -administrator_email: "{{administrator_username}}@{{primary_domain}}" # Email of the administrator -#user_administrator_initial_password: EXAMPLE_PASSWORD_123456 # Example initialisation password needs to be set in inventory file - -# Email Configuration -system_email_local: no-reply -system_email_domain: "{{primary_domain}}" -system_email_username: "{{system_email_local}}@{{system_email_domain}}" -system_email_host: "mail.{{primary_domain}}" -system_email_smtp_port: 465 -system_email_tls: true -system_email_start_tls: false -system_email_from: "{{system_email_username}}" -system_email_smtp: true - -# Test Email -test_email: "test@{{primary_domain}}" - -# Mode - -# The following modes can be combined with each other -mode_reset: false # Cleans up all CyMaIS files. It's necessary to run to whole playbook and not particial roles when using this function. -mode_debug: false # Prints well formated debug information -mode_test: false # Executes test routines instead of productive routines -mode_update: true # Executes updates -mode_backup: true # Activates the backup before the update procedure -mode_setup: false # Execute the setup and initializing procedures - - -# Server Tact Variables - -## Ours in which the server is "awake" (100% working). Rest of the time is reserved for maintanance -hours_server_awake: "0..23" - -## Random delay for systemd timers to avoid peak loads. -randomized_delay_sec: "5min" - -## Schedule for Health Checks -on_calendar_health_btrfs: "*-*-* 00:00:00" # Check once per day the btrfs for errors -on_calendar_health_journalctl: "*-*-* 00:00:00" # Check once per day the journalctl for errors -on_calendar_health_disc_space: "*-*-* 06,12,18,00:00:00" # Check four times per day if there is sufficient disc space -on_calendar_health_docker_container: "*-*-* {{ hours_server_awake }}:00:00" # Check once per hour if the docker containers are healthy -on_calendar_health_docker_volumes: "*-*-* {{ hours_server_awake }}:15:00" # Check once per hour if the docker volumes are healthy -on_calendar_health_nginx: "*-*-* {{ hours_server_awake }}:45:00" # Check once per hour if all webservices are available - -## Schedule for Cleanup Tasks -on_calendar_cleanup_backups: "*-*-* 00,06,12,18:30:00" # Cleanup backups every 6 hours, MUST be called before disc space cleanup -on_calendar_cleanup_disc_space: "*-*-* 07,13,19,01:30:00" # Cleanup disc space every 6 hours - -## Schedule for Backup Tasks -on_calendar_backup_docker_to_local: "*-*-* 03:30:00" -on_calendar_backup_remote_to_local: "*-*-* 21:30:00" - -## Schedule for Maintenance Tasks -on_calendar_heal_docker: "*-*-* {{ hours_server_awake }}:30:00" # Heal unhealthy docker instances once per hour -on_calendar_renew_lets_encrypt_certificates: "*-*-* 12,00:30:00" # Renew Mailu certificates twice per day -on_calendar_deploy_certificates: "*-*-* 13,01:30:00" # Deploy letsencrypt certificates twice per day to docker containers -on_calendar_msi_keyboard_color: "*-*-* *:*:00" # Change the keyboard color every minute -on_calendar_cleanup_failed_docker: "*-*-* 12:00:00" # Clean up failed docker backups every noon -on_calendar_btrfs_auto_balancer: "Sat *-*-01..07 00:00:00" # Execute btrfs auto balancer every first Saturday of a month -on_calendar_restart_docker: "Sun *-*-* 08:00:00" # Restart docker instances every Sunday at 8:00 AM - -# Storage Space-Related Configurations -size_percent_maximum_backup: 75 # Maximum storage space in percent for backups -size_percent_cleanup_disc_space: 85 # Threshold for triggering cleanup actions -size_percent_disc_space_warning: 90 # Warning threshold in percent for free disk space - - -# Path Variables for Key Directories and Scripts -path_administrator_home: "/home/administrator/" -path_administrator_scripts: "{{path_administrator_home}}scripts/" -path_docker_volumes: "{{path_administrator_home}}volumes/docker/" -path_docker_compose_instances: "{{path_administrator_home}}docker-compose/" -path_system_lock_script: "{{path_administrator_scripts}}system-maintenance-lock.py" - - -# Runtime Variables for Process Control -activate_all_timers: false # Activates all timers, independend if the handlers had been triggered -nginx_matomo_tracking: false # Activates matomo tracking on all html pages - -# System maintenance Services - -## Timeouts to wait for other services to stop -system_maintenance_lock_timeout_cleanup_services: "15min" -system_maintenance_lock_timeout_storage_optimizer: "10min" -system_maintenance_lock_timeout_backup_services: "1h" -system_maintenance_lock_timeout_heal_docker: "30min" -system_maintenance_lock_timeout_update_docker: "2min" -system_maintenance_lock_timeout_restart_docker: "{{system_maintenance_lock_timeout_update_docker}}" - -## Services - -### Defined Services for Backup Tasks -system_maintenance_backup_services: - - "backup-docker-to-local" - - "backup-remote-to-local" - - "backup-data-to-usb" - - "backup-docker-to-local-everything" - -### Defined Services for System Cleanup -system_maintenance_cleanup_services: - - "cleanup-backups" - - "cleanup-disc-space" - - "cleanup-failed-docker-backups" - -### Services that Manipulate the System -system_maintenance_manipulation_services: - - "heal-docker" - - "update-docker" - - "system-storage-optimizer" - - "restart-docker" - -## Total System Maintenance Services -system_maintenance_services: "{{ system_maintenance_backup_services + system_maintenance_cleanup_services + system_maintenance_manipulation_services }}" - -### Define Variables for Docker Volume Health services -whitelisted_anonymous_docker_volumes: [] - -# Webserver Configuration - -## Nginx-Specific Path Configurations -nginx_configuration_directory: "/etc/nginx/conf.d/" # General configuration dir -nginx_servers_directory: "{{nginx_configuration_directory}}servers/" # Contains server blogs -nginx_maps_directory: "{{nginx_configuration_directory}}maps/" # Contains mappins -nginx_streams_directory: "{{nginx_configuration_directory}}streams/" # Contains streams configuration e.g. for ldaps -nginx_well_known_root: "/usr/share/nginx/well-known/" # Path where well-known files are stored -nginx_homepage_root: "/usr/share/nginx/homepage/" # Path where the static homepage files are stored - -## Nginx static repository -nginx_static_repository_address: NULL #This should contain the url to an git repository which has a static homepage included and an index.html file - -## Domains - -### Service Domains -domain_akaunting: "accounting.{{primary_domain}}" -domain_attendize: "tickets.{{primary_domain}}" -domain_baserow: "baserow.{{primary_domain}}" -domain_bigbluebutton: "meet.{{primary_domain}}" -domain_bluesky_api: "bluesky.{{primary_domain}}" -domain_bluesky_web: "bskyweb.{{primary_domain}}" -domain_discourse: "forum.{{primary_domain}}" -domain_elk: "elk.{{primary_domain}}" -domain_friendica: "friendica.{{primary_domain}}" -domain_funkwhale: "music.{{primary_domain}}" -domain_gitea: "git.{{primary_domain}}" -domain_gitlab: "gitlab.{{primary_domain}}" -domain_keycloak: "auth.{{primary_domain}}" -domain_ldap: "ldap.{{primary_domain}}" -domain_listmonk: "newsletter.{{primary_domain}}" -domain_mailu: "{{system_email_host}}" -domain_mastodon: "microblog.{{primary_domain}}" -domains_mastodon_alternates: ["mastodon.{{primary_domain}}"] -domain_matomo: "matomo.{{primary_domain}}" -domain_matrix_synapse: "matrix.{{primary_domain}}" -domain_matrix_element: "element.{{primary_domain}}" -domain_moodle: "academy.{{primary_domain}}" -domain_mediawiki: "wiki.{{primary_domain}}" -domain_nextcloud: "cloud.{{primary_domain}}" -domain_openproject: "project.{{primary_domain}}" -domain_peertube: "video.{{primary_domain}}" -domains_peertube: [] -domain_phpmyadmin: "phpmyadmin.{{primary_domain}}" -domain_pixelfed: "picture.{{primary_domain}}" -domain_portfolio: "{{primary_domain}}" -domain_roulette: "roulette.{{primary_domain}}" -domain_taiga: "kanban.{{primary_domain}}" -domain_yourls: "s.{{primary_domain}}" -domains_wordpress: ["wordpress.{{primary_domain}}","blog.{{primary_domain}}"] - -### Domain Redirects -redirect_domain_mappings: -- { source: "akaunting.{{primary_domain}}", target: "{{domain_akaunting}}" } -- { source: "bbb.{{primary_domain}}", target: "{{domain_bigbluebutton}}" } -- { source: "discourse.{{primary_domain}}", target: "{{domain_discourse}}" } -- { source: "funkwhale.{{primary_domain}}", target: "{{domain_funkwhale}}" } -- { source: "gitea.{{primary_domain}}", target: "{{domain_gitea}}" } -- { source: "keycloak.{{primary_domain}}", target: "{{domain_keycloak}}" } -- { source: "listmonk.{{primary_domain}}", target: "{{domain_listmonk}}" } -- { source: "moodle.{{primary_domain}}", target: "{{domain_moodle}}" } -- { source: "nextcloud.{{primary_domain}}", target: "{{domain_nextcloud}}" } -- { source: "openproject.{{primary_domain}}", target: "{{domain_openproject}}" } -- { source: "peertube.{{primary_domain}}", target: "{{domain_peertube}}" } -- { source: "pictures.{{primary_domain}}", target: "{{domain_pixelfed}}" } -- { source: "pixelfed.{{primary_domain}}", target: "{{domain_pixelfed}}" } -- { source: "short.{{primary_domain}}", target: "{{domain_yourls}}" } -- { source: "taiga.{{primary_domain}}", target: "{{domain_taiga}}" } -- { source: "videos.{{primary_domain}}", target: "{{domain_peertube}}" } - - -## Docker Applications - -### Enable Central MariaDB -enable_central_database: true -enable_central_database_mailu: "{{enable_central_database}}" - -### Enable Storage Optimizer for Docker Volumes -enable_system_storage_optimizer: true - -### Docker Role Specific Parameters -docker_restart_policy: "unless-stopped" - -#### Akaunting -akaunting_version: "latest" -akaunting_company_name: "{{primary_domain}}" -akaunting_company_email: "{{administrator_email}}" -akaunting_setup_admin_email: "{{administrator_email}}" - -#### Attendize -attendize_version: "latest" - -#### Baserow -baserow_version: "latest" - -#### Big Blue Button -bigbluebutton_enable_greenlight: "true" - -#### Bluesky -bluesky_administrator_email: "{{administrator_email}}" -bluesky_pds_version: "latest" - -#### Friendica -friendica_version: "latest" - -#### Funkwhale -funkwhale_version: "1.4.0" - -#### Gitea -gitea_version: "latest" - -#### Gitlab -gitlab_version: "latest" - -#### Joomla -joomla_version: "latest" - -#### Keycloak -keycloak_version: "latest" -keycloak_administrator_username: "{{administrator_username}}" # Administrator Username for Keycloak - -##### Keycloak Client Configuration -oidc_client_active: true # Implement OpenID Connect https://en.wikipedia.org/wiki/OpenID_Connect -oidc_client_id: "{{primary_domain}}" -oidc_client_realm: "{{primary_domain}}" -oidc_client_issuer_url: "https://{{domain_keycloak}}/realms/{{oidc_client_realm}}" -oidc_client_discovery_document: "{{oidc_client_issuer_url}}/.well-known/openid-configuration" -oidc_client_authorize_url: "https://auth.veen.world/realms/veen.world/protocol/openid-connect/auth" -oidc_client_toke_url: "https://auth.veen.world/realms/veen.world/protocol/openid-connect/token" -oidc_client_user_info_url: "https://auth.veen.world/realms/veen.world/protocol/openid-connect/userinfo" -oidc_client_logout_url: "https://auth.veen.world/realms/veen.world/protocol/openid-connect/logout" -# oidc_client_secret: "{{oidc_client_secret}}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible - -#### LDAP -ldap_lam_version: "latest" -ldap_openldap_version: "latest" -ldap_phpldapadmin_version: "2.0.0-dev" # @todo Attention: Change this as fast as released to latest -ldap_webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin -ldap_administrator_username: "{{administrator_username}}" -ldap_administrator_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons -ldap_administrator_database_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons -ldap_lam_administrator_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons - -#### Listmonk -listmonk_admin_username: "{{administrator_username}}" -listmonk_public_api_activated: False # Security hole. Can be used for spaming -listmonk_version: "latest" - -#### MariaDB -mariadb_version: "latest" - -#### Matomo -matomo_version: "latest" - -#### Mastodon -mastodon_version: "latest" -mastodon_single_user_mode: false - -#### Matrix -matrix_administrator_username: "{{administrator_username}}" # Accountname of the matrix admin -matrix_playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start -matrix_role: "compose" # Role to setup Matrix. Valid values: ansible, compose -matrix_server_name: "{{primary_domain}}" # Adress for the account names etc. -matrix_synapse_version: "latest" -matrix_element_version: "latest" - -#### Mailu -mailu_version: "2024.06" -mailu_domain: "{{primary_domain}}" -mailu_subnet: "192.168.203.0/24" - -#### Moodle -moodle_site_name: "Global Learning Academy on {{primary_domain}}" -moodle_administrator_name: "{{administrator_username}}" -moodle_administrator_email: "{{administrator_email}}" -moodle_version: "latest" - -#### MyBB -mybb_version: "latest" - -#### Nextcloud -nextcloud_version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/ - -#### OAuth2 Proxy -oauth2_configuration_file: "oauth2-proxy-keycloak.cfg" -oauth2_proxy_active: false # Needs to be set true in the roles which use it -oauth2_version: "latest" -oauth2_proxy_redirect_url: "https://{{domain_keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak. -# oauth2_proxy_port: >= 4180 # This ports should be defined in the roles. They are for the local mapping on the host and need to be defined in the playbook for transparancy. -oauth2_proxy_upstream_application_and_port: "application:80" # The name of the application which the server redirects to. Needs to be defined in role vars. -oauth2_proxy_allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups -#oauth2_proxy_cookie_secret: "{{oauth2_proxy_cookie_secret}}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16 - -#### Peertube -peertube_version: "bookworm" - -#### PHPMyAdmin -phpmyadmin_version: "latest" -phpmyadmin_autologin: false # This is a high security risk. Just activate this option if you know what you're doing - -#### Pixelfed -pixelfed_app_name: "Pictures on {{primary_domain}}" -pixelfed_version: "latest" - -#### Postgres -# Please set an version in your inventory file - Rolling release for postgres isn't recommended -postgres_database_version: "latest" - -#### Taiga -taiga_version: "latest" - -#### YOURLS -yourls_administrator_username: "{{administrator_username}}" -yourls_version: "latest" \ No newline at end of file diff --git a/group_vars/all/00_general.yml b/group_vars/all/00_general.yml new file mode 100644 index 00000000..26d98ae5 --- /dev/null +++ b/group_vars/all/00_general.yml @@ -0,0 +1,35 @@ +# General +pause_duration: "120" # Database delay to wait for the central database before continue tasks +ip4_address: "127.0.0.1" # Change thie in inventory to the ip address of your server +backups_folder_path: "/Backups/" # Path to the backups folder + +## Domain +primary_domain_tld: "localhost" # Top Level Domain of the server +primary_domain_sld: "cymais" # Second Level Domain of the server +primary_domain: "{{primary_domain_sld}}.{{primary_domain_tld}}" # Primary Domain of the server + +# Administrator +administrator_username: "administrator" # Username of the administrator +administrator_email: "{{administrator_username}}@{{primary_domain}}" # Email of the administrator +#user_administrator_initial_password: EXAMPLE_PASSWORD_123456 # Example initialisation password needs to be set in inventory file + +# Test Email +test_email: "test@{{primary_domain}}" + +# Server Tact Variables + +## Ours in which the server is "awake" (100% working). Rest of the time is reserved for maintanance +hours_server_awake: "0..23" + +## Random delay for systemd timers to avoid peak loads. +randomized_delay_sec: "5min" + +# Storage Space-Related Configurations +size_percent_maximum_backup: 75 # Maximum storage space in percent for backups +size_percent_cleanup_disc_space: 85 # Threshold for triggering cleanup actions +size_percent_disc_space_warning: 90 # Warning threshold in percent for free disk space + +# Runtime Variables for Process Control +activate_all_timers: false # Activates all timers, independend if the handlers had been triggered +nginx_matomo_tracking: false # Activates matomo tracking on all html pages + diff --git a/group_vars/all/01_mode.yml b/group_vars/all/01_mode.yml new file mode 100644 index 00000000..f72347c8 --- /dev/null +++ b/group_vars/all/01_mode.yml @@ -0,0 +1,9 @@ +# Mode + +# The following modes can be combined with each other +mode_reset: false # Cleans up all CyMaIS files. It's necessary to run to whole playbook and not particial roles when using this function. +mode_debug: false # Prints well formated debug information +mode_test: false # Executes test routines instead of productive routines +mode_update: true # Executes updates +mode_backup: true # Activates the backup before the update procedure +mode_setup: false # Execute the setup and initializing procedures \ No newline at end of file diff --git a/group_vars/all/02_domains.yml b/group_vars/all/02_domains.yml new file mode 100644 index 00000000..691451f9 --- /dev/null +++ b/group_vars/all/02_domains.yml @@ -0,0 +1,57 @@ +# Domains + +## Service Domains +default_domains: + akaunting: "accounting.{{primary_domain}}" + attendize: "tickets.{{primary_domain}}" + baserow: "baserow.{{primary_domain}}" + bigbluebutton: "meet.{{primary_domain}}" + bluesky_api: "bluesky.{{primary_domain}}" + bluesky_web: "bskyweb.{{primary_domain}}" + discourse: "forum.{{primary_domain}}" + elk: "elk.{{primary_domain}}" + friendica: "friendica.{{primary_domain}}" + funkwhale: "music.{{primary_domain}}" + gitea: "git.{{primary_domain}}" + gitlab: "gitlab.{{primary_domain}}" + keycloak: "auth.{{primary_domain}}" + ldap: "ldap.{{primary_domain}}" + listmonk: "newsletter.{{primary_domain}}" + mailu: "{{system_email.host}}" + mastodon: "microblog.{{primary_domain}}" + mastodon_alternates: ["mastodon.{{primary_domain}}"] + matomo: "matomo.{{primary_domain}}" + matrix_synapse: "matrix.{{primary_domain}}" + matrix_element: "element.{{primary_domain}}" + moodle: "academy.{{primary_domain}}" + mediawiki: "wiki.{{primary_domain}}" + nextcloud: "cloud.{{primary_domain}}" + openproject: "project.{{primary_domain}}" + peertube: "video.{{primary_domain}}" + peertube_alternates: [] + phpmyadmin: "phpmyadmin.{{primary_domain}}" + pixelfed: "picture.{{primary_domain}}" + portfolio: "{{primary_domain}}" + roulette: "roulette.{{primary_domain}}" + taiga: "kanban.{{primary_domain}}" + yourls: "s.{{primary_domain}}" + wordpress: ["wordpress.{{primary_domain}}","blog.{{primary_domain}}"] + +## Domain Redirects +redirect_domain_mappings: +- { source: "akaunting.{{primary_domain}}", target: "{{domains.akaunting}}" } +- { source: "bbb.{{primary_domain}}", target: "{{domains.bigbluebutton}}" } +- { source: "discourse.{{primary_domain}}", target: "{{domains.discourse}}" } +- { source: "funkwhale.{{primary_domain}}", target: "{{domains.funkwhale}}" } +- { source: "gitea.{{primary_domain}}", target: "{{domains.gitea}}" } +- { source: "keycloak.{{primary_domain}}", target: "{{domains.keycloak}}" } +- { source: "listmonk.{{primary_domain}}", target: "{{domains.listmonk}}" } +- { source: "moodle.{{primary_domain}}", target: "{{domains.moodle}}" } +- { source: "nextcloud.{{primary_domain}}", target: "{{domains.nextcloud}}" } +- { source: "openproject.{{primary_domain}}", target: "{{domains.openproject}}" } +- { source: "peertube.{{primary_domain}}", target: "{{domains.peertube}}" } +- { source: "pictures.{{primary_domain}}", target: "{{domains.pixelfed}}" } +- { source: "pixelfed.{{primary_domain}}", target: "{{domains.pixelfed}}" } +- { source: "short.{{primary_domain}}", target: "{{domains.yourls}}" } +- { source: "taiga.{{primary_domain}}", target: "{{domains.taiga}}" } +- { source: "videos.{{primary_domain}}", target: "{{domains.peertube}}" } diff --git a/group_vars/all/03_system_email.yml b/group_vars/all/03_system_email.yml new file mode 100644 index 00000000..baee59a7 --- /dev/null +++ b/group_vars/all/03_system_email.yml @@ -0,0 +1,11 @@ +# Email Configuration +default_system_email: + local: no-reply + domain: "{{primary_domain}}" + username: "{{system_email.local}}@{{system_email.domain}}" + host: "mail.{{primary_domain}}" + smtp_port: 465 + tls: true + start_tls: false + from: "{{system_email.username}}" + smtp: true \ No newline at end of file diff --git a/group_vars/all/04_maintenace.yml b/group_vars/all/04_maintenace.yml new file mode 100644 index 00000000..10f04e9d --- /dev/null +++ b/group_vars/all/04_maintenace.yml @@ -0,0 +1,38 @@ + +# System maintenance Services + +## Timeouts to wait for other services to stop +system_maintenance_lock_timeout_cleanup_services: "15min" +system_maintenance_lock_timeout_storage_optimizer: "10min" +system_maintenance_lock_timeout_backup_services: "1h" +system_maintenance_lock_timeout_heal_docker: "30min" +system_maintenance_lock_timeout_update_docker: "2min" +system_maintenance_lock_timeout_restart_docker: "{{system_maintenance_lock_timeout_update_docker}}" + +## Services + +### Defined Services for Backup Tasks +system_maintenance_backup_services: + - "backup-docker-to-local" + - "backup-remote-to-local" + - "backup-data-to-usb" + - "backup-docker-to-local-everything" + +### Defined Services for System Cleanup +system_maintenance_cleanup_services: + - "cleanup-backups" + - "cleanup-disc-space" + - "cleanup-failed-docker-backups" + +### Services that Manipulate the System +system_maintenance_manipulation_services: + - "heal-docker" + - "update-docker" + - "system-storage-optimizer" + - "restart-docker" + +## Total System Maintenance Services +system_maintenance_services: "{{ system_maintenance_backup_services + system_maintenance_cleanup_services + system_maintenance_manipulation_services }}" + +### Define Variables for Docker Volume Health services +whitelisted_anonymous_docker_volumes: [] diff --git a/group_vars/all/05_nginx.yml b/group_vars/all/05_nginx.yml new file mode 100644 index 00000000..70e3a98b --- /dev/null +++ b/group_vars/all/05_nginx.yml @@ -0,0 +1,12 @@ +# Webserver Configuration + +## Nginx-Specific Path Configurations +nginx_configuration_directory: "/etc/nginx/conf.d/" # General configuration dir +nginx_servers_directory: "{{nginx_configuration_directory}}servers/" # Contains server blogs +nginx_maps_directory: "{{nginx_configuration_directory}}maps/" # Contains mappins +nginx_streams_directory: "{{nginx_configuration_directory}}streams/" # Contains streams configuration e.g. for ldaps +nginx_well_known_root: "/usr/share/nginx/well-known/" # Path where well-known files are stored +nginx_homepage_root: "/usr/share/nginx/homepage/" # Path where the static homepage files are stored + +## Nginx static repository +nginx_static_repository_address: NULL #This should contain the url to an git repository which has a static homepage included and an index.html file \ No newline at end of file diff --git a/group_vars/all/06_paths.yml b/group_vars/all/06_paths.yml new file mode 100644 index 00000000..4d85f05c --- /dev/null +++ b/group_vars/all/06_paths.yml @@ -0,0 +1,7 @@ + +# Path Variables for Key Directories and Scripts +path_administrator_home: "/home/administrator/" +path_administrator_scripts: "/opt/scripts/" +#path_docker_volumes: "{{path_administrator_home}}volumes/docker/" +path_docker_compose_instances: "/opt/docker/" +path_system_lock_script: "/opt/scripts/system-maintenance-lock.py" \ No newline at end of file diff --git a/group_vars/all/07_applications.yml b/group_vars/all/07_applications.yml new file mode 100644 index 00000000..e47458fd --- /dev/null +++ b/group_vars/all/07_applications.yml @@ -0,0 +1,144 @@ +# Docker Applications + +## Enable Central MariaDB +enable_central_database: true +enable_central_database_mailu: "{{enable_central_database}}" + +## Enable Storage Optimizer for Docker Volumes +enable_system_storage_optimizer: true + +## Docker Role Specific Parameters +docker_restart_policy: "unless-stopped" + +## Akaunting +akaunting_version: "latest" +akaunting_company_name: "{{primary_domain}}" +akaunting_company_email: "{{administrator_email}}" +akaunting_setup_admin_email: "{{administrator_email}}" + +## Attendize +attendize_version: "latest" + +## Baserow +baserow_version: "latest" + +## Big Blue Button +bigbluebutton_enable_greenlight: "true" + +## Bluesky +bluesky_administrator_email: "{{administrator_email}}" +bluesky_pds_version: "latest" + +## Friendica +friendica_version: "latest" + +## Funkwhale +funkwhale_version: "1.4.0" + +## Gitea +gitea_version: "latest" + +## Gitlab +gitlab_version: "latest" + +## Joomla +joomla_version: "latest" + +## Keycloak +keycloak_version: "latest" +keycloak_administrator_username: "{{administrator_username}}" # Administrator Username for Keycloak + +### Keycloak Client Configuration +oidc_client_active: true # Implement OpenID Connect https://en.wikipedia.org/wiki/OpenID_Connect +oidc_client_id: "{{primary_domain}}" +oidc_client_realm: "{{primary_domain}}" +oidc_client_issuer_url: "https://{{domains.keycloak}}/realms/{{oidc_client_realm}}" +oidc_client_discovery_document: "{{oidc_client_issuer_url}}/.well-known/openid-configuration" +oidc_client_authorize_url: "{{oidc_client_issuer_url}}/protocol/openid-connect/auth" +oidc_client_toke_url: "{{oidc_client_issuer_url}}/protocol/openid-connect/token" +oidc_client_user_info_url: "{{oidc_client_issuer_url}}/protocol/openid-connect/userinfo" +oidc_client_logout_url: "{{oidc_client_issuer_url}}/protocol/openid-connect/logout" +# oidc_client_secret: "{{oidc_client_secret}}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible + +## LDAP +ldap_lam_version: "latest" +ldap_openldap_version: "latest" +ldap_phpldapadmin_version: "2.0.0-dev" # @todo Attention: Change this as fast as released to latest +ldap_webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin +ldap_administrator_username: "{{administrator_username}}" +ldap_administrator_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons +ldap_administrator_database_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons +ldap_lam_administrator_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons +ldap_expose_to_internet: false # Set to true if you want to expose the LDAP port to the internet. Keep in mind to + +## Listmonk +listmonk_admin_username: "{{administrator_username}}" +listmonk_public_api_activated: False # Security hole. Can be used for spaming +listmonk_version: "latest" + +## MariaDB +mariadb_version: "latest" + +## Matomo +matomo_version: "latest" + +## Mastodon +mastodon_version: "latest" +mastodon_single_user_mode: false + +## Matrix +matrix_administrator_username: "{{administrator_username}}" # Accountname of the matrix admin +matrix_playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start +matrix_role: "compose" # Role to setup Matrix. Valid values: ansible, compose +matrix_server_name: "{{primary_domain}}" # Adress for the account names etc. +matrix_synapse_version: "latest" +matrix_element_version: "latest" + +## Mailu +mailu_version: "2024.06" +mailu_domain: "{{primary_domain}}" +mailu_subnet: "192.168.203.0/24" + +## Moodle +moodle_site_name: "Global Learning Academy on {{primary_domain}}" +moodle_administrator_name: "{{administrator_username}}" +moodle_administrator_email: "{{administrator_email}}" +moodle_version: "latest" + +## MyBB +mybb_version: "latest" + +## Nextcloud +nextcloud_version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/ + +## OAuth2 Proxy +oauth2_configuration_file: "oauth2-proxy-keycloak.cfg" +oauth2_proxy_active: false # Needs to be set true in the roles which use it +oauth2_version: "latest" +oauth2_proxy_redirect_url: "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak. +# oauth2_proxy_port: >= 4180 # This ports should be defined in the roles. They are for the local mapping on the host and need to be defined in the playbook for transparancy. +oauth2_proxy_upstream_application_and_port: "application:80" # The name of the application which the server redirects to. Needs to be defined in role vars. +oauth2_proxy_allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups +#oauth2_proxy_cookie_secret: "{{oauth2_proxy_cookie_secret}}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16 + +## Peertube +peertube_version: "bookworm" + +## PHPMyAdmin +phpmyadmin_version: "latest" +phpmyadmin_autologin: false # This is a high security risk. Just activate this option if you know what you're doing + +## Pixelfed +pixelfed_app_name: "Pictures on {{primary_domain}}" +pixelfed_version: "latest" + +## Postgres +# Please set an version in your inventory file - Rolling release for postgres isn't recommended +postgres_database_version: "latest" + +## Taiga +taiga_version: "latest" + +## YOURLS +yourls_administrator_username: "{{administrator_username}}" +yourls_version: "latest" \ No newline at end of file diff --git a/group_vars/all/08_on_calendar.yml b/group_vars/all/08_on_calendar.yml new file mode 100644 index 00000000..bb8b0aa0 --- /dev/null +++ b/group_vars/all/08_on_calendar.yml @@ -0,0 +1,25 @@ + +## Schedule for Health Checks +on_calendar_health_btrfs: "*-*-* 00:00:00" # Check once per day the btrfs for errors +on_calendar_health_journalctl: "*-*-* 00:00:00" # Check once per day the journalctl for errors +on_calendar_health_disc_space: "*-*-* 06,12,18,00:00:00" # Check four times per day if there is sufficient disc space +on_calendar_health_docker_container: "*-*-* {{ hours_server_awake }}:00:00" # Check once per hour if the docker containers are healthy +on_calendar_health_docker_volumes: "*-*-* {{ hours_server_awake }}:15:00" # Check once per hour if the docker volumes are healthy +on_calendar_health_nginx: "*-*-* {{ hours_server_awake }}:45:00" # Check once per hour if all webservices are available + +## Schedule for Cleanup Tasks +on_calendar_cleanup_backups: "*-*-* 00,06,12,18:30:00" # Cleanup backups every 6 hours, MUST be called before disc space cleanup +on_calendar_cleanup_disc_space: "*-*-* 07,13,19,01:30:00" # Cleanup disc space every 6 hours + +## Schedule for Backup Tasks +on_calendar_backup_docker_to_local: "*-*-* 03:30:00" +on_calendar_backup_remote_to_local: "*-*-* 21:30:00" + +## Schedule for Maintenance Tasks +on_calendar_heal_docker: "*-*-* {{ hours_server_awake }}:30:00" # Heal unhealthy docker instances once per hour +on_calendar_renew_lets_encrypt_certificates: "*-*-* 12,00:30:00" # Renew Mailu certificates twice per day +on_calendar_deploy_certificates: "*-*-* 13,01:30:00" # Deploy letsencrypt certificates twice per day to docker containers +on_calendar_msi_keyboard_color: "*-*-* *:*:00" # Change the keyboard color every minute +on_calendar_cleanup_failed_docker: "*-*-* 12:00:00" # Clean up failed docker backups every noon +on_calendar_btrfs_auto_balancer: "Sat *-*-01..07 00:00:00" # Execute btrfs auto balancer every first Saturday of a month +on_calendar_restart_docker: "Sun *-*-* 08:00:00" # Restart docker instances every Sunday at 8:00 AM diff --git a/playbook.constructor.yml b/playbook.constructor.yml index 7b11eb86..f8a91662 100644 --- a/playbook.constructor.yml +++ b/playbook.constructor.yml @@ -1,4 +1,13 @@ --- +- name: Merge variables + hosts: all + tasks: + - name: Merge domain definitions + set_fact: + domains: "{{ default_domains | combine(domains | default({}, true)) }}" + - name: Merge system_email definitions + set_fact: + system_email: "{{ default_system_email | combine(system_email | default({}, true)) }}" - name: update device hosts: all diff --git a/playbook.servers.yml b/playbook.servers.yml index d949810b..79c56768 100644 --- a/playbook.servers.yml +++ b/playbook.servers.yml @@ -21,7 +21,7 @@ roles: - role: docker-nextcloud vars: - domain: "{{domain_nextcloud}}" + domain: "{{domains.nextcloud}}" http_port: 8001 - name: setup gitea hosts @@ -30,7 +30,7 @@ roles: - role: docker-gitea vars: - domain: "{{domain_gitea}}" + domain: "{{domains.gitea}}" http_port: 8002 ssh_port: 2201 run_mode: prod @@ -50,7 +50,7 @@ roles: - role: docker-mediawiki vars: - domain: "{{domain_mediawiki}}" + domain: "{{domains.mediawiki}}" http_port: 8004 - name: setup mybb hosts @@ -68,7 +68,7 @@ roles: - role: docker-yourls vars: - domain: "{{domain_yourls}}" + domain: "{{domains.yourls}}" http_port: 8006 - name: setup mailu hosts @@ -77,7 +77,7 @@ roles: - role: docker-mailu vars: - domain: "{{domain_mailu}}" + domain: "{{domains.mailu}}" http_port: 8007 enable_central_database: "{{enable_central_database_mailu}}" @@ -87,7 +87,7 @@ roles: - role: docker-elk vars: - domain: "{{domain_elk}}" + domain: "{{domains.elk}}" http_port: 8008 - name: setup mastodon hosts @@ -96,7 +96,7 @@ roles: - role: docker-mastodon vars: - domain: "{{domain_mastodon}}" + domain: "{{domains.mastodon}}" domains: "{{ [domain] + domains_mastodon_alternates }}" http_port: 8009 stream_port: 4001 @@ -107,7 +107,7 @@ roles: - role: docker-pixelfed vars: - domain: "{{domain_pixelfed}}" + domain: "{{domains.pixelfed}}" http_port: 8010 - name: setup peertube hosts @@ -116,8 +116,8 @@ roles: - role: docker-peertube vars: - domain: "{{domain_peertube}}" - domains: "{{ [domain] + domains_peertube }}" + domain: "{{domains.peertube}}" + domains: "{{ [domain] + peertube_alternates }}" http_port: 8011 - name: setup bigbluebutton hosts @@ -126,7 +126,7 @@ roles: - role: docker-bigbluebutton vars: - domain: "{{domain_bigbluebutton}}" + domain: "{{domains.bigbluebutton}}" - name: setup funkwhale hosts hosts: funkwhale @@ -134,7 +134,7 @@ roles: - role: docker-funkwhale vars: - domain: "{{domain_funkwhale}}" + domain: "{{domains.funkwhale}}" http_port: 8012 - name: setup roulette-wheel hosts @@ -143,7 +143,7 @@ roles: - role: docker-roulette-wheel vars: - domain: "{{domain_roulette}}" + domain: "{{domains.roulette}}" http_port: 8013 - name: setup joomla hosts @@ -161,7 +161,7 @@ roles: - role: docker-attendize vars: - domain: "{{domain_attendize}}" + domain: "{{domains.attendize}}" http_port: 8015 mail_interface_http_port: 8016 @@ -171,7 +171,7 @@ roles: - role: docker-baserow vars: - domain: "{{domain_baserow}}" + domain: "{{domains.baserow}}" http_port: 8017 - name: setup matomo hosts @@ -180,7 +180,7 @@ roles: - role: docker-matomo vars: - domain: "{{domain_matomo}}" + domain: "{{domains.matomo}}" http_port: 8018 - name: setup listmonk @@ -189,7 +189,7 @@ roles: - role: docker-listmonk vars: - domain: "{{domain_listmonk}}" + domain: "{{domains.listmonk}}" http_port: 8019 - name: setup discourse @@ -198,7 +198,7 @@ roles: - role: docker-discourse vars: - domain: "{{domain_discourse}}" + domain: "{{domains.discourse}}" http_port: 8020 - name: setup matrix @@ -209,16 +209,16 @@ when: matrix_role == 'ansible' vars: domains: - - "{{domain_matrix_element}}" - - "{{domain_matrix_synapse}}" - element_domain: "{{domain_matrix_element}}" - synapse_domain: "{{domain_matrix_synapse}}" + - "{{domains.matrix_element}}" + - "{{domains.matrix_synapse}}" + element_domain: "{{domains.matrix_element}}" + synapse_domain: "{{domains.matrix_synapse}}" http_port: 8021 - role: docker-matrix-compose when: matrix_role == 'compose' vars: - element_domain: "{{domain_matrix_element}}" - synapse_domain: "{{domain_matrix_synapse}}" + element_domain: "{{domains.matrix_element}}" + synapse_domain: "{{domains.matrix_synapse}}" synapse_http_port: 8021 element_http_port: 8022 @@ -228,7 +228,7 @@ roles: - role: docker-openproject vars: - domain: "{{domain_openproject}}" + domain: "{{domains.openproject}}" http_port: 8023 oauth2_proxy_port: 4180 @@ -238,7 +238,7 @@ roles: - role: docker-gitlab vars: - domain: "{{domain_gitlab}}" + domain: "{{domains.gitlab}}" http_port: 8024 ssh_port: 2202 @@ -248,7 +248,7 @@ roles: - role: docker-akaunting vars: - domain: "{{domain_akaunting}}" + domain: "{{domains.akaunting}}" http_port: 8025 - name: setup moodle instance @@ -257,7 +257,7 @@ roles: - role: docker-moodle vars: - domain: "{{domain_moodle}}" + domain: "{{domains.moodle}}" http_port: 8026 - name: setup taiga instance @@ -266,7 +266,7 @@ roles: - role: docker-taiga vars: - domain: "{{domain_taiga}}" + domain: "{{domains.taiga}}" http_port: 8027 - name: setup friendica hosts @@ -275,7 +275,7 @@ roles: - role: docker-friendica vars: - domain: "{{domain_friendica}}" + domain: "{{domains.friendica}}" http_port: 8028 - name: setup portfolio @@ -284,7 +284,7 @@ roles: - role: docker-portfolio vars: - domain: "{{domain_portfolio}}" + domain: "{{domains.portfolio}}" http_port: 8029 - name: setup bluesky @@ -293,8 +293,8 @@ roles: - role: docker-bluesky vars: - domain_api: "{{domain_bluesky_api}}" - domain_web: "{{domain_bluesky_web}}" + domain_api: "{{domains.bluesky_api}}" + domain_web: "{{domains.bluesky_web}}" http_port_api: 8030 http_port_web: 8031 @@ -304,7 +304,7 @@ roles: - role: docker-keycloak vars: - domain: "{{domain_keycloak}}" + domain: "{{domains.keycloak}}" http_port: 8032 - name: setup ldap @@ -313,7 +313,7 @@ roles: - role: docker-ldap vars: - domain: "{{domain_ldap}}" + domain: "{{domains.ldap}}" http_port: 8033 oauth2_proxy_port: 4182 @@ -323,7 +323,7 @@ roles: - role: docker-phpmyadmin vars: - domain: "{{domain_phpmyadmin}}" + domain: "{{domains.phpmyadmin}}" http_port: 8034 oauth2_proxy_port: 4181 diff --git a/roles/docker-baserow/templates/env.j2 b/roles/docker-baserow/templates/env.j2 index 7bdbef1b..048cec58 100644 --- a/roles/docker-baserow/templates/env.j2 +++ b/roles/docker-baserow/templates/env.j2 @@ -2,12 +2,12 @@ BASEROW_PUBLIC_URL=https://{{ domain }} # Email Server Configuration -EMAIL_SMTP={{ system_email_smtp | upper }} -EMAIL_SMTP_HOST={{ system_email_host }} -EMAIL_SMTP_PORT={{ system_email_smtp_port }} -EMAIL_SMTP_USER={{system_email_username}} -EMAIL_SMTP_PASSWORD={{ system_email_password }} -EMAIL_SMTP_USE_TLS={{ system_email_tls | upper }} +EMAIL_SMTP={{ system_email.smtp | upper }} +EMAIL_SMTP_HOST={{ system_email.host }} +EMAIL_SMTP_PORT={{ system_email.smtp_port }} +EMAIL_SMTP_USER={{system_email.username}} +EMAIL_SMTP_PASSWORD={{ system_email.password }} +EMAIL_SMTP_USE_TLS={{ system_email.tls | upper }} DATABASE_USER={{ database_username }} DATABASE_NAME={{ database_name }} diff --git a/roles/docker-bigbluebutton/tasks/main.yml b/roles/docker-bigbluebutton/tasks/main.yml index 4266f9c1..deeb4cbd 100644 --- a/roles/docker-bigbluebutton/tasks/main.yml +++ b/roles/docker-bigbluebutton/tasks/main.yml @@ -1,6 +1,7 @@ --- -- name: "include docker/compose/common.yml" - include_tasks: docker/compose/common.yml +- name: "include docker-compose role" + include_role: + name: docker-compose - name: "include task certbot-matomo.yml" include_tasks: certbot-matomo.yml diff --git a/roles/docker-bigbluebutton/templates/env.j2 b/roles/docker-bigbluebutton/templates/env.j2 index 9df8ae3e..7de55478 100644 --- a/roles/docker-bigbluebutton/templates/env.j2 +++ b/roles/docker-bigbluebutton/templates/env.j2 @@ -201,19 +201,19 @@ ALLOW_GREENLIGHT_ACCOUNTS=true # Emails are required for the basic features of Greenlight to function. # Please refer to your SMTP provider to get the values for the variables below -SMTP_SERVER={{system_email_host}} +SMTP_SERVER={{system_email.host}} SMTP_DOMAIN={{domain}} -SMTP_PORT={{system_email_smtp_port}} -SMTP_USERNAME={{system_email_username}} -SMTP_PASSWORD={{system_email_password}} +SMTP_PORT={{system_email.smtp_port}} +SMTP_USERNAME={{system_email.username}} +SMTP_PASSWORD={{system_email.password}} SMTP_AUTH=plain SMTP_OPENSSL_VERIFY_MODE=none -SMTP_STARTTLS_AUTO={{system_email_start_tls | lower}} -SMTP_STARTTLS={{system_email_start_tls | lower}} -SMTP_TLS={{system_email_tls | lower}} +SMTP_STARTTLS_AUTO={{system_email.start_tls | lower}} +SMTP_STARTTLS={{system_email.start_tls | lower}} +SMTP_TLS={{system_email.tls | lower}} SMTP_SSL_VERIFY=true -SMTP_SENDER={{system_email_from}} -SMTP_SENDER_EMAIL={{system_email_from}} +SMTP_SENDER={{system_email.from}} +SMTP_SENDER_EMAIL={{system_email.from}} # Prefix for the applications root URL. # Useful for deploying the application to a subdirectory, which is highly recommended diff --git a/roles/docker-bluesky/tasks/main.yml b/roles/docker-bluesky/tasks/main.yml index a5c52f17..d606d963 100644 --- a/roles/docker-bluesky/tasks/main.yml +++ b/roles/docker-bluesky/tasks/main.yml @@ -1,6 +1,7 @@ --- -- name: "include docker/compose/common.yml" - include_tasks: docker/compose/common.yml +- name: "include docker-compose role" + include_role: + name: docker-compose - name: "Include tasks for API domain" include_tasks: nginx-docker-proxy-domain.yml diff --git a/roles/docker-bluesky/templates/docker-compose.yml.j2 b/roles/docker-bluesky/templates/docker-compose.yml.j2 index 0ec4b9f1..6a238191 100644 --- a/roles/docker-bluesky/templates/docker-compose.yml.j2 +++ b/roles/docker-bluesky/templates/docker-compose.yml.j2 @@ -7,7 +7,7 @@ services: - {{pdsadmin_file_path}}:/usr/local/bin/pdsadmin:ro environment: # Geben Sie hier Ihre Domain und Konfigurationsdetails an - PDS_HOSTNAME: "{{domain_api}}" + PDS_HOSTNAME: "{{domains.api}}" PDS_ADMIN_EMAIL: "{{bluesky_administrator_email}}" PDS_SERVICE_DID: "did:web:{{domain_api}}" # See https://mattdyson.org/blog/2024/11/self-hosting-bluesky-pds/ @@ -16,8 +16,8 @@ services: PDS_ADMIN_PASSWORD: "{{bluesky_pds_admin_password}}" PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: "{{bluesky_pds_plc_rotation_key_k256_private_key_hex}}" PDS_CRAWLERS: https://bsky.network - PDS_EMAIL_SMTP_URL: smtps://{{system_email_username}}:{{system_email_password}}@{{system_email_host}}:{{system_email_smtp_port}}/ - PDS_EMAIL_FROM_ADDRESS: {{system_email_from}} + PDS_EMAIL_SMTP_URL: smtps://{{system_email.username}}:{{system_email.password}}@{{system_email.host}}:{{system_email.smtp_port}}/ + PDS_EMAIL_FROM_ADDRESS: {{system_email.from}} LOG_ENABLED: true PDS_BLOBSTORE_DISK_LOCATION: /opt/pds/blocks # -- DEFAULT VALUES --- diff --git a/vars/docker-common.yml.j2 b/roles/docker-compose/defaults/main.yml similarity index 100% rename from vars/docker-common.yml.j2 rename to roles/docker-compose/defaults/main.yml diff --git a/tasks/docker/compose/common.yml b/roles/docker-compose/tasks/main.yml similarity index 62% rename from tasks/docker/compose/common.yml rename to roles/docker-compose/tasks/main.yml index 5585e93d..c00caf4f 100644 --- a/tasks/docker/compose/common.yml +++ b/roles/docker-compose/tasks/main.yml @@ -1,6 +1,3 @@ -- name: include docker vars - include_vars: vars/docker-common.yml.j2 - - name: load docker compose dependencies include_role: name: docker-compose @@ -15,4 +12,13 @@ file: path: "{{docker_compose_instance_directory}}" state: directory - mode: 0755 \ No newline at end of file + mode: 0755 + +- name: flush docker service + meta: flush_handlers + when: run_once_docker_compose is not defined + +- name: run the docker tasks once + set_fact: + run_once_docker_compose: true + when: run_once_docker_compose is not defined \ No newline at end of file diff --git a/roles/docker-discourse/templates/discourse_application.yml.j2 b/roles/docker-discourse/templates/discourse_application.yml.j2 index 51bf1b4c..159f6dd9 100644 --- a/roles/docker-discourse/templates/discourse_application.yml.j2 +++ b/roles/docker-discourse/templates/discourse_application.yml.j2 @@ -52,13 +52,13 @@ env: # SMTP ADDRESS, username, and password are required # WARNING the char '#' in SMTP password can cause problems! - DISCOURSE_SMTP_ADDRESS: {{ system_email_host }} - DISCOURSE_SMTP_PORT: {{ system_email_smtp_port }} - DISCOURSE_SMTP_USER_NAME: {{system_email_username}} - DISCOURSE_SMTP_PASSWORD: {{ system_email_password }} - DISCOURSE_SMTP_ENABLE_START_TLS: {{ system_email_start_tls | upper }} - DISCOURSE_SMTP_DOMAIN: {{ system_email_domain }} - DISCOURSE_NOTIFICATION_EMAIL: {{system_email_from}} + DISCOURSE_SMTP_ADDRESS: {{ system_email.host }} + DISCOURSE_SMTP_PORT: {{ system_email.smtp_port }} + DISCOURSE_SMTP_USER_NAME: {{system_email.username}} + DISCOURSE_SMTP_PASSWORD: {{ system_email.password }} + DISCOURSE_SMTP_ENABLE_START_TLS: {{ system_email.start_tls | upper }} + DISCOURSE_SMTP_DOMAIN: {{ system_email.domain }} + DISCOURSE_NOTIFICATION_EMAIL: {{system_email.from}} # Database Configuration DISCOURSE_DB_USERNAME: {{ database_username }} diff --git a/roles/docker-friendica/templates/docker-compose.yml.j2 b/roles/docker-friendica/templates/docker-compose.yml.j2 index 7dfb6222..f9776111 100644 --- a/roles/docker-friendica/templates/docker-compose.yml.j2 +++ b/roles/docker-friendica/templates/docker-compose.yml.j2 @@ -43,14 +43,14 @@ services: MYSQL_PASSWORD: {{database_password}} # Email Configuration - SMTP: {{system_email_host}} - SMTP_DOMAIN: {{system_email_domain}} - SMTP_PORT: {{system_email_smtp_port}} - SMTP_AUTH_USER: {{system_email_username}} - SMTP_AUTH_PASS: {{system_email_password}} - SMTP_TLS: {{ 'on' if system_email_tls else 'off' }} - SMTP_STARTTLS: {{ 'on' if system_email_start_tls else 'off' }} - SMTP_FROM: {{system_email_local}} + SMTP: {{system_email.host}} + SMTP_DOMAIN: {{system_email.domain}} + SMTP_PORT: {{system_email.smtp_port}} + SMTP_AUTH_USER: {{system_email.username}} + SMTP_AUTH_PASS: {{system_email.password}} + SMTP_TLS: {{ 'on' if system_email.tls else 'off' }} + SMTP_STARTTLS: {{ 'on' if system_email.start_tls else 'off' }} + SMTP_FROM: {{system_email.local}} # Administrator Credentials FRIENDICA_ADMIN_MAIL: {{administrator_email}} diff --git a/roles/docker-funkwhale/templates/env.j2 b/roles/docker-funkwhale/templates/env.j2 index a1c10150..5c3228bf 100644 --- a/roles/docker-funkwhale/templates/env.j2 +++ b/roles/docker-funkwhale/templates/env.j2 @@ -53,14 +53,14 @@ LOGLEVEL=error # (returns `noreply%40youremail.host`) # EMAIL_CONFIG=smtp://user:password@youremail.host:25 # EMAIL_CONFIG=smtp+ssl://user:password@youremail.host:465 -EMAIL_CONFIG=smtp+tls://{{system_email_local}}:{{system_email_password}}@{{system_email_host}}:{{system_email_smtp_port}} +EMAIL_CONFIG=smtp+tls://{{system_email.local}}:{{system_email.password}}@{{system_email.host}}:{{system_email.smtp_port}} # Make e-mail verification mandatory before using the service # Doesn't apply to admins. # ACCOUNT_EMAIL_VERIFICATION_ENFORCE=false # The e-mail address to use to send system e-mails. -DEFAULT_FROM_EMAIL={{system_email_from}} +DEFAULT_FROM_EMAIL={{system_email.from}} # Depending on the reverse proxy used in front of your funkwhale instance, # the API will use different kind of headers to serve audio files diff --git a/roles/docker-ldap/tasks/main.yml b/roles/docker-ldap/tasks/main.yml index 89f16622..89a0fdbc 100644 --- a/roles/docker-ldap/tasks/main.yml +++ b/roles/docker-ldap/tasks/main.yml @@ -1,15 +1,23 @@ --- -- name: "include docker/compose/common.yml" - include_tasks: docker/compose/common.yml +- name: "include docker-compose role" + include_role: + name: docker-compose - name: "include tasks nginx-docker-proxy-domain.yml" include_tasks: nginx-docker-proxy-domain.yml -- name: create {{domain}}.conf +- name: Create {{domain}}.conf if LDAP is exposed to internet template: src: "nginx.stream.conf.j2" dest: "{{nginx_streams_directory}}{{domain}}.conf" notify: restart nginx + when: ldap_expose_to_internet | bool + +- name: Remove {{domain}}.conf if LDAP is not exposed to internet + file: + path: "{{ nginx_streams_directory }}{{ domain }}.conf" + state: absent + when: not ldap_expose_to_internet | bool - name: "create {{docker_compose_instance_directory}}" file: diff --git a/roles/docker-ldap/templates/docker-compose.yml.j2 b/roles/docker-ldap/templates/docker-compose.yml.j2 index f7a20153..9b674834 100644 --- a/roles/docker-ldap/templates/docker-compose.yml.j2 +++ b/roles/docker-ldap/templates/docker-compose.yml.j2 @@ -79,6 +79,7 @@ services: retries: 3 start_period: 20s {% include 'templates/docker/container/networks.yml.j2' %} + central_ldap: {% include 'templates/docker/compose/volumes.yml.j2' %} data: diff --git a/roles/docker-mastodon/templates/.env.production.j2 b/roles/docker-mastodon/templates/.env.production.j2 index ad103ceb..ec013d3c 100644 --- a/roles/docker-mastodon/templates/.env.production.j2 +++ b/roles/docker-mastodon/templates/.env.production.j2 @@ -16,14 +16,14 @@ REDIS_HOST=redis REDIS_PORT=6379 REDIS_PASSWORD= -SMTP_SERVER={{system_email_host}} -SMTP_PORT={{system_email_smtp_port}} -SMTP_LOGIN={{system_email_username}} -SMTP_PASSWORD={{system_email_password}} +SMTP_SERVER={{system_email.host}} +SMTP_PORT={{system_email.smtp_port}} +SMTP_LOGIN={{system_email.username}} +SMTP_PASSWORD={{system_email.password}} SMTP_AUTH_METHOD=plain SMTP_OPENSSL_VERIFY_MODE=none SMTP_ENABLE_STARTTLS=auto -SMTP_FROM_ADDRESS=Mastodon <{{system_email_from}}> +SMTP_FROM_ADDRESS=Mastodon <{{system_email.from}}> ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY= {{mastodon_active_record_encryption_deterministic_key}} ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT={{mastodon_active_record_encryption_key_derivation_salt}} diff --git a/roles/docker-matrix-compose/templates/element.config.json.j2 b/roles/docker-matrix-compose/templates/element.config.json.j2 index 3f73763d..dd3714da 100644 --- a/roles/docker-matrix-compose/templates/element.config.json.j2 +++ b/roles/docker-matrix-compose/templates/element.config.json.j2 @@ -1,8 +1,8 @@ { "default_server_config": { "m.homeserver": { - "base_url": "https://{{domain_matrix_synapse}}", - "server_name": "{{domain_matrix_synapse}}" + "base_url": "https://{{domains.matrix_synapse}}", + "server_name": "{{domains.matrix_synapse}}" }, "m.identity_server": { "base_url": "https://{{primary_domain}}" diff --git a/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2 b/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2 index 2d9a7df2..9ba72476 100644 --- a/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2 +++ b/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2 @@ -17,13 +17,13 @@ database: host: "{{database_host}}" cp_min: 5 cp_max: 10 -log_config: "/data/{{domain_matrix_synapse}}.log.config" +log_config: "/data/{{domains.matrix_synapse}}.log.config" media_store_path: "/data/media_store" registration_shared_secret: "{{matrix_registration_shared_secret}}" report_stats: true macaroon_secret_key: "{{matrix_macaroon_secret_key}}" form_secret: "{{matrix_form_secret}}" -signing_key_path: "/data/{{domain_matrix_synapse}}.signing.key" +signing_key_path: "/data/{{domains.matrix_synapse}}.signing.key" web_client_location: "https://{{element_domain}}" public_baseurl: "https://{{synapse_domain}}" trusted_key_servers: @@ -31,18 +31,18 @@ trusted_key_servers: admin_contact: 'mailto:{{administrator_email}}' email: - smtp_host: "{{system_email_host}}" - smtp_port: "{{system_email_smtp_port}}" - smtp_user: "{{system_email_from}}" - smtp_pass: "{{system_email_password}}" + smtp_host: "{{system_email.host}}" + smtp_port: "{{system_email.smtp_port}}" + smtp_user: "{{system_email.from}}" + smtp_pass: "{{system_email.password}}" #force_tls: true #require_transport_security: true - enable_tls: "{{ system_email_tls | upper }}" - notif_from: "Your Friendly %(app)s homeserver <{{system_email_from}}>" + enable_tls: "{{ system_email.tls | upper }}" + notif_from: "Your Friendly %(app)s homeserver <{{system_email.from}}>" app_name: "Matrix on {{synapse_domain}}" enable_notifs: true notif_for_new_users: false - client_base_url: "{{domain_matrix_synapse}}" + client_base_url: "{{domains.matrix_synapse}}" validation_token_lifetime: 15m app_service_config_files: diff --git a/roles/docker-nextcloud/tasks/main.yml b/roles/docker-nextcloud/tasks/main.yml index b8717f73..cbb721f9 100644 --- a/roles/docker-nextcloud/tasks/main.yml +++ b/roles/docker-nextcloud/tasks/main.yml @@ -11,10 +11,10 @@ dest: "{{nginx_servers_directory}}{{domain}}.conf" notify: restart nginx -- name: configure nginx.conf +- name: create nginx.conf template: src: "templates/nginx.conf.j2" - dest: "{{path_docker_volumes}}nextcloud/nginx.conf" + dest: "{{docker_compose_instance_directory}}nginx.conf" notify: docker compose project setup - name: add docker-compose.yml diff --git a/roles/docker-nextcloud/tasks/oidc_tasks.yml b/roles/docker-nextcloud/tasks/oidc_tasks.yml index d7281df8..1e1cfebe 100644 --- a/roles/docker-nextcloud/tasks/oidc_tasks.yml +++ b/roles/docker-nextcloud/tasks/oidc_tasks.yml @@ -20,7 +20,7 @@ command: > docker-compose exec -u www-data application /var/www/html/occ config:app:set sociallogin custom_providers - --value='{"custom_oidc":[{"name":"{{domain_keycloak}}","title":"keycloak","authorizeUrl":"{{oidc_client_authorize_url}}","tokenUrl":"{{oidc_client_toke_url}}","displayNameClaim":"","userInfoUrl":"{{oidc_client_user_info_url}}","logoutUrl":"{{oidc_client_logout_url}}","clientId":"{{oidc_client_id}}","clientSecret":"{{oidc_client_secret}}","scope":"openid","groupsClaim":"","style":"","defaultGroup":""}]}' + --value='{"custom_oidc":[{"name":"{{domains.keycloak}}","title":"keycloak","authorizeUrl":"{{oidc_client_authorize_url}}","tokenUrl":"{{oidc_client_toke_url}}","displayNameClaim":"","userInfoUrl":"{{oidc_client_user_info_url}}","logoutUrl":"{{oidc_client_logout_url}}","clientId":"{{oidc_client_id}}","clientSecret":"{{oidc_client_secret}}","scope":"openid","groupsClaim":"","style":"","defaultGroup":""}]}' # This configuration defines custom OpenID Connect (OIDC) providers for authentication. # In this case, it sets up a Keycloak provider with details like URLs for authorization, # token retrieval, user info, and logout, as well as the client ID and secret. diff --git a/roles/docker-nextcloud/templates/docker-compose.yml.j2 b/roles/docker-nextcloud/templates/docker-compose.yml.j2 index 4ca57c72..153572ad 100644 --- a/roles/docker-nextcloud/templates/docker-compose.yml.j2 +++ b/roles/docker-nextcloud/templates/docker-compose.yml.j2 @@ -25,15 +25,15 @@ services: PHP_MEMORY_LIMIT: 1G # Required for plugin duplicate finder # Email Configuration - SMTP_HOST: {{system_email_host}} - SMTP_SECURE: {{ 'ssl' if system_email_tls else '' }} - SMTP_PORT: {{system_email_smtp_port}} - SMTP_NAME: {{system_email_username}} - SMTP_PASSWORD: {{system_email_password}} + SMTP_HOST: {{system_email.host}} + SMTP_SECURE: {{ 'ssl' if system_email.tls else '' }} + SMTP_PORT: {{system_email.smtp_port}} + SMTP_NAME: {{system_email.username}} + SMTP_PASSWORD: {{system_email.password}} # Email from configuration MAIL_FROM_ADDRESS: no-reply - MAIL_DOMAIN: {{system_email_domain}} + MAIL_DOMAIN: {{system_email.domain}} {% include 'templates/docker/container/depends-on-database-redis.yml.j2' %} {% include 'templates/docker/container/networks.yml.j2' %} @@ -47,7 +47,7 @@ services: ports: - "127.0.0.1:{{http_port}}:80" volumes: - - "{{path_docker_volumes}}nextcloud/nginx.conf:/etc/nginx/nginx.conf:ro" + - "{{docker_compose_instance_directory}}/nginx.conf:/etc/nginx/nginx.conf:ro" volumes_from: - application healthcheck: diff --git a/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2 b/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2 index 4ada55e6..5b704e32 100644 --- a/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2 +++ b/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2 @@ -3,7 +3,7 @@ cookie_secret = "{{oauth2_proxy_cookie_secret}}" email_domains = "{{primary_domain}}" cookie_secure = "false" upstreams = "http://{{oauth2_proxy_upstream_application_and_port}}" -cookie_domains = ["{{domain}}", "{{domain_keycloak}}"] # Required so cookie can be read on all subdomains. +cookie_domains = ["{{domain}}", "{{domains.keycloak}}"] # Required so cookie can be read on all subdomains. whitelist_domains = [".{{primary_domain}}"] # Required to allow redirection back to original requested target. # keycloak provider diff --git a/roles/docker-openproject/templates/docker-compose.yml.j2 b/roles/docker-openproject/templates/docker-compose.yml.j2 index 4ab67cd1..97f1fa33 100644 --- a/roles/docker-openproject/templates/docker-compose.yml.j2 +++ b/roles/docker-openproject/templates/docker-compose.yml.j2 @@ -114,7 +114,7 @@ services: container_name: openproject-seeder restart: on-failure {% include 'templates/docker/container/networks.yml.j2' %} - + central_ldap: {% include 'templates/docker/compose/networks.yml.j2' %} {% include 'templates/docker/compose/volumes.yml.j2' %} diff --git a/roles/docker-peertube/templates/env.j2 b/roles/docker-peertube/templates/env.j2 index db526f35..f3a617d2 100644 --- a/roles/docker-peertube/templates/env.j2 +++ b/roles/docker-peertube/templates/env.j2 @@ -14,11 +14,11 @@ PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback"] PEERTUBE_SECRET={{peertube_secret}} # E-mail configuration -PEERTUBE_SMTP_USERNAME={{system_email_username}} -PEERTUBE_SMTP_PASSWORD={{system_email_password}} -PEERTUBE_SMTP_HOSTNAME={{system_email_host}} -PEERTUBE_SMTP_PORT={{system_email_smtp_port}} -PEERTUBE_SMTP_FROM={{system_email_from}} -PEERTUBE_SMTP_TLS={{ system_email_tls | lower }} -PEERTUBE_SMTP_DISABLE_STARTTLS={{ 'false' if system_email_start_tls else 'true' }} -PEERTUBE_ADMIN_EMAIL={{system_email_from}} \ No newline at end of file +PEERTUBE_SMTP_USERNAME={{system_email.username}} +PEERTUBE_SMTP_PASSWORD={{system_email.password}} +PEERTUBE_SMTP_HOSTNAME={{system_email.host}} +PEERTUBE_SMTP_PORT={{system_email.smtp_port}} +PEERTUBE_SMTP_FROM={{system_email.from}} +PEERTUBE_SMTP_TLS={{ system_email.tls | lower }} +PEERTUBE_SMTP_DISABLE_STARTTLS={{ 'false' if system_email.start_tls else 'true' }} +PEERTUBE_ADMIN_EMAIL={{system_email.from}} \ No newline at end of file diff --git a/roles/docker-phpmyadmin/tasks/main.yml b/roles/docker-phpmyadmin/tasks/main.yml index 25ab7524..0354b6d3 100644 --- a/roles/docker-phpmyadmin/tasks/main.yml +++ b/roles/docker-phpmyadmin/tasks/main.yml @@ -1,6 +1,7 @@ --- -- name: "include docker/compose/common.yml" - include_tasks: docker/compose/common.yml +- name: "include docker-compose role" + include_role: + name: docker-compose - name: "include tasks nginx-docker-proxy-domain.yml" include_tasks: nginx-docker-proxy-domain.yml diff --git a/roles/docker-pixelfed/templates/env.j2 b/roles/docker-pixelfed/templates/env.j2 index 265babd1..7c44d8ed 100644 --- a/roles/docker-pixelfed/templates/env.j2 +++ b/roles/docker-pixelfed/templates/env.j2 @@ -46,15 +46,15 @@ RESTRICTED_INSTANCE=false ## Mail MAIL_DRIVER=log -MAIL_HOST={{system_email_host}} -MAIL_PORT={{system_email_smtp_port}} -MAIL_FROM_ADDRESS="{{system_email_from}}" +MAIL_HOST={{system_email.host}} +MAIL_PORT={{system_email.smtp_port}} +MAIL_FROM_ADDRESS="{{system_email.from}}" MAIL_FROM_NAME="Pixelfed" -MAIL_USERNAME={{system_email_username}} -MAIL_PASSWORD={{system_email_password}} +MAIL_USERNAME={{system_email.username}} +MAIL_PASSWORD={{system_email.password}} # Not sure if the following is correct # Checkout: https://github.com/pixelfed/pixelfed/blob/dev/.env.docker -MAIL_ENCRYPTION={{ 'ssl' if system_email_start_tls else 'tls' }} +MAIL_ENCRYPTION={{ 'ssl' if system_email.start_tls else 'tls' }} ## Databases (MySQL) DB_CONNECTION=mysql diff --git a/roles/docker-portfolio/tasks/main.yml b/roles/docker-portfolio/tasks/main.yml index 8da07025..223d8aa7 100644 --- a/roles/docker-portfolio/tasks/main.yml +++ b/roles/docker-portfolio/tasks/main.yml @@ -1,6 +1,7 @@ --- -- name: "include docker/compose/common.yml" - include_tasks: docker/compose/common.yml +- name: "include docker-compose role" + include_role: + name: docker-compose - name: "include tasks nginx-docker-proxy-domain.yml" include_tasks: nginx-docker-proxy-domain.yml diff --git a/roles/docker-roulette-wheel/tasks/main.yml b/roles/docker-roulette-wheel/tasks/main.yml index 9a1caaff..272738fb 100644 --- a/roles/docker-roulette-wheel/tasks/main.yml +++ b/roles/docker-roulette-wheel/tasks/main.yml @@ -1,6 +1,7 @@ --- -- name: "include docker/compose/common.yml" - include_tasks: docker/compose/common.yml +- name: "include docker-compose role" + include_role: + name: docker-compose - name: pull app repository git: diff --git a/roles/docker-taiga/templates/.env.j2 b/roles/docker-taiga/templates/.env.j2 index 534b88aa..a3b04e26 100644 --- a/roles/docker-taiga/templates/.env.j2 +++ b/roles/docker-taiga/templates/.env.j2 @@ -13,14 +13,14 @@ POSTGRES_PASSWORD={{database_password}} # database user's password # Taiga's SMTP settings - Variables to send Taiga's emails to the users EMAIL_BACKEND = console # use an SMTP server or display the emails in the console (either "smtp" or "console") -EMAIL_HOST = {{system_email_host}} # SMTP server address -EMAIL_PORT = {{system_email_smtp_port}} # default SMTP port -EMAIL_HOST_USER = {{system_email_username}} # user to connect the SMTP server -EMAIL_HOST_PASSWORD = {{system_email_password}} # SMTP user's password -EMAIL_DEFAULT_FROM = {{system_email_from}} # default email address for the automated emails +EMAIL_HOST = {{system_email.host}} # SMTP server address +EMAIL_PORT = {{system_email.smtp_port}} # default SMTP port +EMAIL_HOST_USER = {{system_email.username}} # user to connect the SMTP server +EMAIL_HOST_PASSWORD = {{system_email.password}} # SMTP user's password +EMAIL_DEFAULT_FROM = {{system_email.from}} # default email address for the automated emails # EMAIL_USE_TLS/EMAIL_USE_SSL are mutually exclusive (only set one of those to True) -EMAIL_USE_TLS={{ system_email_tls | lower | capitalize }} # use TLS (secure) connection with the SMTP server -EMAIL_USE_SSL={{ 'False' if system_email_start_tls else 'True' }} # use implicit TLS (secure) connection with the SMTP server +EMAIL_USE_TLS={{ system_email.tls | lower | capitalize }} # use TLS (secure) connection with the SMTP server +EMAIL_USE_SSL={{ 'False' if system_email.start_tls else 'True' }} # use implicit TLS (secure) connection with the SMTP server # Taiga's RabbitMQ settings - Variables to leave messages for the realtime and asynchronous events RABBITMQ_USER=taiga # user to connect to RabbitMQ diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 8b34d9e1..82df296d 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -16,15 +16,6 @@ group: administrator when: run_once_docker is not defined -- name: "create {{path_docker_volumes}}" - file: - path: "{{path_docker_volumes}}" - state: directory - mode: 0700 - owner: administrator - group: administrator - when: run_once_docker is not defined - - name: flush docker service meta: flush_handlers when: run_once_docker is not defined diff --git a/roles/health-nginx/templates/health-nginx.py.j2 b/roles/health-nginx/templates/health-nginx.py.j2 index 39ba0d7f..9b3cccf9 100644 --- a/roles/health-nginx/templates/health-nginx.py.j2 +++ b/roles/health-nginx/templates/health-nginx.py.j2 @@ -25,17 +25,17 @@ for filename in os.listdir(config_path): # Default: Expect status code 200 or 302 for a domain expected_statuses = [200,302] - redirected_domains = [domain['source'] for domain in {{redirect_domain_mappings}}] - redirected_domains.append("{{domain_mailu}}") + redirected_domains = [domain['source'] for domain in {{redirect_domains_mappings}}] + redirected_domains.append("{{domains.mailu}}") # Determine expected status codes based on the domain - if domain == '{{domain_listmonk}}': + if domain == '{{domains.listmonk}}': expected_statuses = [404] {% if nginx_matomo_tracking | bool %} elif parts[0] == 'www' or domain in redirected_domains: expected_statuses = [301] {% endif %} - elif domain == '{{domain_yourls}}': + elif domain == '{{domains.yourls}}': expected_statuses = [403] try: diff --git a/roles/systemd-notifier-email/templates/msmtprc.conf.j2 b/roles/systemd-notifier-email/templates/msmtprc.conf.j2 index e3997fcd..99a6b0ef 100644 --- a/roles/systemd-notifier-email/templates/msmtprc.conf.j2 +++ b/roles/systemd-notifier-email/templates/msmtprc.conf.j2 @@ -2,8 +2,8 @@ defaults auth on logfile ~/.msmtp.log -tls_starttls {{ 'on' if system_email_start_tls else 'off' }} -{% if system_email_tls %} +tls_starttls {{ 'on' if system_email.start_tls else 'off' }} +{% if system_email.tls %} tls on tls_trust_file /etc/ssl/certs/ca-certificates.crt {% else %} @@ -11,10 +11,10 @@ tls off {% endif %} account system_email -host {{system_email_host}} -port {{system_email_smtp_port}} -from {{system_email_from}} -user {{system_email_username}} -password {{system_email_password}} +host {{system_email.host}} +port {{system_email.smtp_port}} +from {{system_email.from}} +user {{system_email.username}} +password {{system_email.password}} account default : system_email diff --git a/roles/systemd-notifier-email/templates/systemd-notifier-email.sh.j2 b/roles/systemd-notifier-email/templates/systemd-notifier-email.sh.j2 index a4981db5..a96a2d52 100644 --- a/roles/systemd-notifier-email/templates/systemd-notifier-email.sh.j2 +++ b/roles/systemd-notifier-email/templates/systemd-notifier-email.sh.j2 @@ -2,7 +2,7 @@ /usr/bin/sendmail -t < +From: systemd <{{system_email.from}}> Subject: $1 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 diff --git a/tasks/docker/compose/database.yml b/tasks/docker/compose/database.yml index e4050725..d33a3640 100644 --- a/tasks/docker/compose/database.yml +++ b/tasks/docker/compose/database.yml @@ -1,8 +1,9 @@ - name: include docker vars/docker-database.yml.j2 include_vars: vars/docker-database.yml.j2 -- name: "include docker/compose/common.yml" - include_tasks: docker/compose/common.yml +- name: "include docker-compose role" + include_role: + name: docker-compose - name: create central database include_role: