mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-07-17 14:04:24 +02:00
Rmeoved is_feature_enabled function
This commit is contained in:
parent
991ed7d614
commit
ad60f5fb37
@ -1,2 +0,0 @@
|
||||
# Todo
|
||||
- Refactor is_feature_enabled to one function
|
||||
@ -1,4 +1,5 @@
|
||||
from get_app_conf import get_app_conf
|
||||
|
||||
def is_feature_enabled(applications: dict, feature: str, application_id: str) -> bool:
|
||||
"""
|
||||
Wrapper for compatibility: Return True if applications[application_id].features[feature] is truthy.
|
||||
|
||||
@ -5,14 +5,14 @@
|
||||
src: "env/{{database_type}}.env.j2"
|
||||
dest: "{{database_env}}"
|
||||
notify: docker compose up
|
||||
when: not applications | is_feature_enabled('central_database',application_id)
|
||||
when: not applications | get_app_conf(application_id, 'features.central_database', False)
|
||||
|
||||
- name: "For '{{ application_id }}': Create central database"
|
||||
# I don't know why this includes leads to that the application_id in vars/main.yml of the database role isn't used
|
||||
# This is the behaviour which I want, but I'm still wondering why ;)
|
||||
include_role:
|
||||
name: "svc-db-{{database_type}}"
|
||||
when: applications | is_feature_enabled('central_database',application_id)
|
||||
when: applications | get_app_conf(application_id, 'features.central_database', False)
|
||||
|
||||
- name: "For '{{ application_id }}': Add Entry for Backup Procedure"
|
||||
include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-to-local/tasks/seed-database-to-backup.yml"
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
# This template needs to be included in docker-compose.yml, which depend on a mariadb database
|
||||
{% if not applications | is_feature_enabled('central_database',application_id) %}
|
||||
{% if not applications | get_app_conf(application_id, 'features.central_database', False) %}
|
||||
{{ database_host }}:
|
||||
container_name: {{application_id}}-database
|
||||
logging:
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
# This template needs to be included in docker-compose.yml, which depend on a postgres database
|
||||
{% if not applications | is_feature_enabled('central_database',application_id) %}
|
||||
{% if not applications | get_app_conf(application_id, 'features.central_database', False) %}
|
||||
{{ database_host }}:
|
||||
image: postgres:{{applications['svc-db-postgres'].version}}-alpine
|
||||
container_name: {{application_id}}-database
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
database_instance: "{{ applications[ 'svc-db-' ~ database_type ].hostname if applications | is_feature_enabled('central_database',database_application_id) else database_application_id }}"
|
||||
database_host: "{{ applications[ 'svc-db-' ~ database_type ].hostname if applications | is_feature_enabled('central_database',database_application_id) else 'database' }}"
|
||||
database_instance: "{{ applications[ 'svc-db-' ~ database_type ].hostname if applications | get_app_conf(database_application_id, 'features.central_database', False) else database_application_id }}"
|
||||
database_host: "{{ applications[ 'svc-db-' ~ database_type ].hostname if applications | get_app_conf(database_application_id, 'features.central_database', False) else 'database' }}"
|
||||
database_name: "{{ applications | get_app_conf(database_application_id, 'database.name', False) | default( database_application_id ) }}" # The overwritte configuration is needed by bigbluebutton
|
||||
database_username: "{{ applications | get_app_conf(database_application_id, 'database.username', False) | default( database_application_id )}}" # The overwritte configuration is needed by bigbluebutton
|
||||
database_password: "{{ applications | get_app_conf(database_application_id, 'credentials.database_password', true) }}"
|
||||
|
||||
@ -9,7 +9,7 @@ services:
|
||||
{% include 'roles/svc-db-redis/templates/service.yml.j2' %}
|
||||
{% endif %}
|
||||
{# Load OAuth2 Proxy #}
|
||||
{% if applications | is_feature_enabled('oauth2',application_id) %}
|
||||
{% if applications | get_app_conf(application_id, 'features.oauth2', False) %}
|
||||
{% include 'roles/web-app-oauth2-proxy/templates/container.yml.j2' %}
|
||||
{% endif %}
|
||||
{{ "\n" }}
|
||||
|
||||
@ -1,10 +1,11 @@
|
||||
{# This template needs to be included in docker-compose.yml #}
|
||||
networks:
|
||||
{% if applications | is_feature_enabled('central_database',application_id) and database_type is defined %}
|
||||
{% if applications | get_app_conf(application_id, 'features.central_database', False) and database_type is defined %}
|
||||
|
||||
{{ applications[ 'svc-db-' ~ database_type ].network }}:
|
||||
external: true
|
||||
{% endif %}
|
||||
{% if applications | is_feature_enabled('ldap',application_id) and applications['svc-db-openldap'].network.docker | bool %}
|
||||
{% if applications | get_app_conf(application_id, 'features.ldap', False) and applications['svc-db-openldap'].network.docker | bool %}
|
||||
svc-db-openldap:
|
||||
external: true
|
||||
{% endif %}
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
{# This needs to be included in docker-compose.yml which just contain a database volume #}
|
||||
{% if not applications | is_feature_enabled('central_database',application_id) %}
|
||||
{% if not applications | get_app_conf(application_id, 'features.central_database', False)%}
|
||||
volumes:
|
||||
database:
|
||||
{% endif %}
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{# This template needs to be included in docker-compose.yml which contain a database and additional volumes #}
|
||||
volumes:
|
||||
{% if not applications | is_feature_enabled('central_database',application_id) %}
|
||||
{% if not applications | get_app_conf(application_id, 'features.central_database', False)%}
|
||||
database:
|
||||
{% endif %}
|
||||
{{ "\n" }}
|
||||
@ -1,4 +1,4 @@
|
||||
{% if not applications | is_feature_enabled('central_database',application_id) %}
|
||||
{% if not applications | get_app_conf(application_id, 'features.central_database', False)%}
|
||||
{{ database_host }}:
|
||||
condition: service_healthy
|
||||
{% endif %}
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
{# This template needs to be included in docker-compose.yml containers, which depend on a database, redis and optional additional volumes #}
|
||||
{% if
|
||||
applications | is_docker_service_enabled(application_id, 'redis') or
|
||||
not applications | is_feature_enabled('central_database',application_id)
|
||||
not applications | get_app_conf(application_id, 'features.central_database', False)
|
||||
%}
|
||||
depends_on:
|
||||
{% include "roles/docker-container/templates/depends_on/dbms_base.yml.j2" %}
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
{# This template needs to be included in docker-compose.yml containers #}
|
||||
networks:
|
||||
{% if applications | is_feature_enabled('central_database',application_id) | bool and database_type is defined %}
|
||||
{% if applications | get_app_conf(application_id, 'features.central_database', False)| bool and database_type is defined %}
|
||||
{{ applications[ 'svc-db-' ~ database_type ].network }}:
|
||||
{% endif %}
|
||||
{% if applications | is_feature_enabled('ldap',application_id) | bool and applications['svc-db-openldap'].network.docker|bool %}
|
||||
{% if applications | get_app_conf(application_id, 'features.ldap', False) | bool and applications['svc-db-openldap'].network.docker|bool %}
|
||||
svc-db-openldap:
|
||||
{% endif %}
|
||||
default:
|
||||
|
||||
@ -29,8 +29,8 @@
|
||||
- name: "set oauth2_proxy_application_id (Needed due to lazzy loading issue)"
|
||||
set_fact:
|
||||
oauth2_proxy_application_id: "{{ application_id }}"
|
||||
when: applications | is_feature_enabled('oauth2',application_id)
|
||||
when: applications | get_app_conf(application_id, 'features.oauth2', False)
|
||||
|
||||
- name: "include the web-app-oauth2-proxy role {{domain}}"
|
||||
include_tasks: "{{ playbook_dir }}/roles/web-app-oauth2-proxy/tasks/main.yml"
|
||||
when: applications | is_feature_enabled('oauth2',application_id)
|
||||
when: applications | get_app_conf(application_id, 'features.oauth2', False)
|
||||
@ -2,7 +2,7 @@ server
|
||||
{
|
||||
server_name {{domain}};
|
||||
|
||||
{% if applications | is_feature_enabled('oauth2',application_id) %}
|
||||
{% if applications | get_app_conf(application_id, 'features.oauth2', False) %}
|
||||
{% include 'roles/web-app-oauth2-proxy/templates/endpoint.conf.j2'%}
|
||||
{% endif %}
|
||||
|
||||
@ -15,7 +15,7 @@ server
|
||||
|
||||
{% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %}
|
||||
|
||||
{% if applications | is_feature_enabled('oauth2', application_id) %}
|
||||
{% if applications | get_app_conf(application_id, 'features.oauth2', False) %}
|
||||
{% set acl = applications | get_app_conf(application_id, 'oauth2_proxy.acl', True) | default({}) %}
|
||||
|
||||
{% if acl.blacklist is defined %}
|
||||
|
||||
@ -1,19 +1,19 @@
|
||||
- name: "Activate Global CSS for {{domain}}"
|
||||
include_role:
|
||||
name: srv-web-7-7-inj-css
|
||||
when: applications | is_feature_enabled('css',application_id)
|
||||
when: applications | get_app_conf(application_id, 'features.css', False)
|
||||
|
||||
- name: "Activate Global Matomo Tracking for {{domain}}"
|
||||
include_role:
|
||||
name: srv-web-7-7-inj-matomo
|
||||
when: applications | is_feature_enabled('matomo',application_id)
|
||||
when: applications | get_app_conf(application_id, 'features.matomo', False)
|
||||
|
||||
- name: "Activate Portfolio iFrame Notifier for {{ domain }}"
|
||||
include_role:
|
||||
name: srv-web-7-7-inj-iframe
|
||||
when: applications | is_feature_enabled('port-ui-desktop', application_id)
|
||||
when: applications | get_app_conf(application_id, 'features.port-ui-desktop', False)
|
||||
|
||||
- name: "Activate Javascript for {{ domain }}"
|
||||
include_role:
|
||||
name: srv-web-7-7-inj-javascript
|
||||
when: applications | is_feature_enabled('javascript', application_id)
|
||||
when: applications | get_app_conf(application_id, 'features.javascript', False)
|
||||
@ -2,10 +2,10 @@
|
||||
sub_filter_once off;
|
||||
sub_filter_types text/html;
|
||||
|
||||
{% set modifier_css_enabled = applications | is_feature_enabled('css',application_id) %}
|
||||
{% set modifier_matomo_enabled = applications | is_feature_enabled('matomo',application_id) %}
|
||||
{% set modifier_iframe_enabled = applications | is_feature_enabled('port-ui-desktop',application_id) %}
|
||||
{% set modifier_javascript_enabled = applications | is_feature_enabled('javascript',application_id) %}
|
||||
{% set modifier_css_enabled = applications | get_app_conf(application_id, 'features.css', False) %}
|
||||
{% set modifier_matomo_enabled = applications | get_app_conf(application_id, 'features.matomo', False) %}
|
||||
{% set modifier_iframe_enabled = applications | get_app_conf(application_id, 'features.port-ui-desktop', False) %}
|
||||
{% set modifier_javascript_enabled = applications | get_app_conf(application_id, 'features.javascript', False) %}
|
||||
|
||||
{% if modifier_iframe_enabled or modifier_css_enabled or modifier_matomo_enabled or modifier_javascript_enabled %}
|
||||
sub_filter '</head>' '
|
||||
|
||||
@ -158,7 +158,7 @@ OFFICE365_HD=
|
||||
# It is useful for cases when Greenlight is deployed behind a Network Load Balancer or proxy
|
||||
OAUTH2_REDIRECT=
|
||||
|
||||
{% if applications | is_feature_enabled('ldap',application_id) %}
|
||||
{% if applications | get_app_conf(application_id, 'features.ldap', False) %}
|
||||
# LDAP Login Provider (optional)
|
||||
#
|
||||
# You can enable LDAP authentication by providing values for the variables below.
|
||||
@ -283,7 +283,7 @@ HELP_URL=https://docs.bigbluebutton.org/greenlight/gl-overview.html
|
||||
# approval - For approve/decline registration
|
||||
DEFAULT_REGISTRATION=invite
|
||||
|
||||
{% if applications | is_feature_enabled('oidc',application_id) %}
|
||||
{% if applications | get_app_conf(application_id, 'features.oidc', False) %}
|
||||
### EXTERNAL AUTHENTICATION METHODS
|
||||
# @See https://docs.bigbluebutton.org/greenlight/v3/external-authentication/
|
||||
#
|
||||
|
||||
@ -13,7 +13,7 @@
|
||||
result.rc != 0 and
|
||||
'already exists in network' not in result.stderr
|
||||
register: result
|
||||
when: applications | is_feature_enabled('central_database', application_id)
|
||||
when: applications | get_app_conf(application_id, 'features.central_database', False)
|
||||
listen: recreate discourse
|
||||
|
||||
- name: rebuild discourse
|
||||
|
||||
@ -53,7 +53,7 @@
|
||||
not in network_connect.stderr
|
||||
changed_when: network_connect.rc == 0
|
||||
when:
|
||||
- applications | is_feature_enabled('central_database', application_id)
|
||||
- applications | get_app_conf(application_id, 'features.central_database', False)
|
||||
- run_once_docker_discourse is not defined
|
||||
|
||||
- name: "Remove {{ applications | get_app_conf(application_id, 'network', True) }} from {{ database_host }}"
|
||||
@ -65,7 +65,7 @@
|
||||
'is not connected to network {{ applications | get_app_conf(application_id, 'network', True) }}' not in network_disconnect.stderr
|
||||
changed_when: network_disconnect.rc == 0
|
||||
when:
|
||||
- applications | is_feature_enabled('central_database', application_id)
|
||||
- applications | get_app_conf(application_id, 'features.central_database', False)
|
||||
- run_once_docker_discourse is not defined
|
||||
|
||||
- name: run the docker_discourse tasks once
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
templates:
|
||||
{% if not applications | is_feature_enabled('central_database',application_id) %}
|
||||
{% if not applications | get_app_conf(application_id, 'features.central_database', False)%}
|
||||
- "templates/postgres.template.yml"
|
||||
{% endif %}
|
||||
#- "templates/redis.template.yml"
|
||||
@ -112,11 +112,11 @@ hooks:
|
||||
- git clone --depth=1 https://github.com/discourse/discourse-voting.git
|
||||
- git clone --depth=1 https://github.com/discourse/discourse-oauth2-basic.git
|
||||
|
||||
{% if applications | is_feature_enabled('oidc',application_id) %}
|
||||
{% if applications | get_app_conf(application_id, 'features.oidc', False) %}
|
||||
- git clone --depth=1 https://github.com/discourse/discourse-openid-connect.git
|
||||
{% endif %}
|
||||
|
||||
{% if applications | is_feature_enabled('ldap',application_id) %}
|
||||
{% if applications | get_app_conf(application_id, 'features.ldap', False) %}
|
||||
- git clone --depth=1 https://github.com/jonmbake/discourse-ldap-auth.git
|
||||
{% endif %}
|
||||
|
||||
@ -127,7 +127,7 @@ run:
|
||||
## If you want to set the 'From' email address for your first registration, uncomment and change:
|
||||
## After getting the first signup email, re-comment the line. It only needs to run once.
|
||||
#- exec: rails r "SiteSetting.notification_email='info@unconfigured.discourse.org'"
|
||||
{% if applications | is_feature_enabled('oidc',application_id) %}
|
||||
{% if applications | get_app_conf(application_id, 'features.oidc', False) %}
|
||||
# Deactivate Default Login
|
||||
- exec: rails r "SiteSetting.enable_local_logins = false"
|
||||
- exec: rails r "SiteSetting.enable_passkeys = false" # https://meta.discourse.org/t/passwordless-login-using-passkeys/285589
|
||||
@ -151,7 +151,7 @@ run:
|
||||
- exec: rails r "SiteSetting.openid_connect_rp_initiated_logout = true"
|
||||
{% endif %}
|
||||
|
||||
{% if applications | is_feature_enabled('ldap',application_id) %}
|
||||
{% if applications | get_app_conf(application_id, 'features.ldap', False) %}
|
||||
# Enable LDAP authentication
|
||||
- exec: rails r "SiteSetting.ldap_auth_enabled = true"
|
||||
- exec: rails r "SiteSetting.ldap_sync_enabled = true"
|
||||
|
||||
@ -61,7 +61,7 @@ ESPOCRM_CONFIG_OUTBOUND_EMAIL_FROM_ADDRESS={{ users['contact'].email }}
|
||||
# LDAP settings (optional)
|
||||
# Applied only if the feature flag is true
|
||||
# ------------------------------------------------
|
||||
{% if applications | is_feature_enabled('ldap',application_id) %}
|
||||
{% if applications | get_app_conf(application_id, 'features.ldap', False) %}
|
||||
ESPOCRM_CONFIG_AUTHENTICATION_METHOD=Ldap
|
||||
ESPOCRM_CONFIG_LDAP_HOST={{ ldap.server.domain }}
|
||||
ESPOCRM_CONFIG_LDAP_PORT={{ ldap.server.port }}
|
||||
@ -77,7 +77,7 @@ ESPOCRM_CONFIG_LDAP_USER_LOGIN_FILTER=(sAMAccountName=%USERNAME%)
|
||||
# OpenID Connect settings (optional)
|
||||
# Applied only if the feature flag is true
|
||||
# ------------------------------------------------
|
||||
{% if applications | is_feature_enabled('oidc',application_id) %}
|
||||
{% if applications | get_app_conf(application_id, 'features.oidc', False) %}
|
||||
|
||||
# ------------------------------------------------
|
||||
# OpenID Connect settings
|
||||
|
||||
@ -12,7 +12,7 @@
|
||||
group: 33
|
||||
force: yes
|
||||
notify: docker compose up
|
||||
when: applications | is_feature_enabled('ldap',application_id)
|
||||
when: applications | get_app_conf(application_id, 'features.ldap', False)
|
||||
|
||||
- name: Build friendica_addons based on features
|
||||
set_fact:
|
||||
|
||||
@ -99,7 +99,7 @@ DJANGO_SETTINGS_MODULE=config.settings.production
|
||||
# Generate one using `openssl rand -base64 45`, for example
|
||||
DJANGO_SECRET_KEY={{applications | get_app_conf(application_id, 'credentials.django_secret', True)}}
|
||||
|
||||
{% if applications | is_feature_enabled('ldap',application_id) %}
|
||||
{% if applications | get_app_conf(application_id, 'features.ldap', False) %}
|
||||
# LDAP settings
|
||||
# Use the following options to allow authentication on your Funkwhale instance
|
||||
# using a LDAP directory.
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
- name: Execute OIDC Cleanup Routine
|
||||
include_tasks: cleanup/oidc.yml
|
||||
when: not (applications | is_feature_enabled('oidc', application_id))
|
||||
when: not (applications | get_app_conf(application_id, 'features.oidc', False))
|
||||
|
||||
- name: Execute LDAP Cleanup Routine
|
||||
include_tasks: cleanup/ldap.yml
|
||||
when: not (applications | is_feature_enabled('ldap', application_id))
|
||||
when: not (applications | get_app_conf(application_id, 'features.ldap', False))
|
||||
@ -46,7 +46,7 @@
|
||||
until: gitea_ready.status == 200
|
||||
retries: 20
|
||||
delay: 5
|
||||
when: applications | is_feature_enabled('oidc', application_id) or applications | is_feature_enabled('ldap', application_id)
|
||||
when: applications | get_app_conf(application_id, 'features.oidc', False) or applications | get_app_conf(application_id, 'features.ldap', False)
|
||||
|
||||
- name: Execute Setup Routines
|
||||
include_tasks: setup.yml
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
- name: Execute OIDC Setup Routine
|
||||
include_tasks: setup/oidc.yml
|
||||
when: applications | is_feature_enabled('oidc', application_id)
|
||||
when: applications | get_app_conf(application_id, 'features.oidc', False)
|
||||
|
||||
- name: Execute LDAP Setup Routine
|
||||
include_tasks: setup/ldap.yml
|
||||
when: applications | is_feature_enabled('ldap', application_id)
|
||||
when: applications | get_app_conf(application_id, 'features.ldap', False)
|
||||
@ -45,14 +45,14 @@ GITEA__REPOSITORY__DEFAULT_PUSH_CREATE_PRIVATE={{ applications | get_app_conf(ap
|
||||
GITEA__security__INSTALL_LOCK=true # Locks the installation page
|
||||
|
||||
# (De)activate OIDC
|
||||
GITEA__openid__ENABLE_OPENID_SIGNUP={{ applications | is_feature_enabled('oidc',application_id) | lower }}
|
||||
GITEA__openid__ENABLE_OPENID_SIGNIN={{ applications | is_feature_enabled('oidc',application_id) | lower }}
|
||||
GITEA__openid__ENABLE_OPENID_SIGNUP={{ applications | get_app_conf(application_id, 'features.oidc', False) | lower }}
|
||||
GITEA__openid__ENABLE_OPENID_SIGNIN={{ applications | get_app_conf(application_id, 'features.oidc', False) | lower }}
|
||||
|
||||
{% if applications | is_feature_enabled('oidc',application_id) or applications | is_feature_enabled('ldap',application_id) %}
|
||||
{% if applications | get_app_conf(application_id, 'features.oidc', False) or applications | get_app_conf(application_id, 'features.ldap', False) %}
|
||||
|
||||
EXTERNAL_USER_DISABLE_FEATURES=deletion,manage_credentials,change_username,change_full_name
|
||||
|
||||
{% if applications | is_feature_enabled('ldap',application_id) %}
|
||||
{% if applications | get_app_conf(application_id, 'features.ldap', False) %}
|
||||
GITEA__ldap__SYNC_USER_ON_LOGIN=true
|
||||
{% endif %}
|
||||
|
||||
|
||||
@ -27,4 +27,9 @@ rbac_groups: "/rbac"
|
||||
docker:
|
||||
services:
|
||||
database:
|
||||
enabled: true
|
||||
enabled: true
|
||||
|
||||
credentials:
|
||||
recaptcha:
|
||||
website_key: "YOUR_RECAPTCHA_WEBSITE_KEY" # Required if you enabled recaptcha:
|
||||
secret_key: "YOUR_RECAPTCHA_SECRET_KEY" # Required if you enabled recaptcha:
|
||||
@ -2820,7 +2820,7 @@
|
||||
"autheticatorFlow": false,
|
||||
"userSetupAllowed": false
|
||||
},
|
||||
{%- if applications | is_feature_enabled('recaptcha', application_id) %}
|
||||
{%- if applications | get_app_conf(application_id, 'features.recaptcha', False) %}
|
||||
{
|
||||
"authenticatorConfig": "Google reCaptcha",
|
||||
"authenticator": "registration-recaptcha-action",
|
||||
@ -2912,7 +2912,7 @@
|
||||
}
|
||||
],
|
||||
"authenticatorConfig": [
|
||||
{%- if applications | is_feature_enabled('recaptcha',application_id) %}
|
||||
{%- if applications | get_app_conf(application_id, 'features.recaptcha', False) %}
|
||||
{
|
||||
"id": "c6dcf381-7e39-4f7f-8d1f-631faec31b56",
|
||||
"alias": "Google reCaptcha",
|
||||
|
||||
@ -18,7 +18,7 @@ listmonk_settings:
|
||||
"provider_url": oidc.client.issuer_url,
|
||||
"client_secret": oidc.client.secret
|
||||
} | to_json }}
|
||||
when: applications | is_feature_enabled('oidc',application_id)
|
||||
when: applications | get_app_conf(application_id, 'features.oidc', False)
|
||||
|
||||
# hCaptcha toggles and credentials
|
||||
- key: "security.enable_captcha"
|
||||
|
||||
@ -158,14 +158,14 @@ API_TOKEN={{applications.mailu.credentials.api_token}}
|
||||
AUTH_REQUIRE_TOKENS=True
|
||||
|
||||
|
||||
{% if applications | is_feature_enabled('oidc',application_id) %}
|
||||
{% if applications | get_app_conf(application_id, 'features.oidc', False) %}
|
||||
###################################
|
||||
# OpenID Connect settings
|
||||
###################################
|
||||
# @see https://github.com/heviat/Mailu-OIDC/tree/master
|
||||
|
||||
# Enable OpenID Connect. Possible values: True, False
|
||||
OIDC_ENABLED={{ applications | is_feature_enabled('oidc',application_id) | string | capitalize }}
|
||||
OIDC_ENABLED={{ applications | get_app_conf(application_id, 'features.oidc', False) | string | capitalize }}
|
||||
|
||||
# OpenID Connect provider configuration URL
|
||||
OIDC_PROVIDER_INFO_URL={{oidc.client.issuer_url}}
|
||||
|
||||
@ -8,7 +8,7 @@ cert_mount_directory: "{{docker_compose.directories.volumes}}certs/"
|
||||
|
||||
# Use dedicated source for oidc if activated
|
||||
# @see https://github.com/heviat/Mailu-OIDC/tree/2024.06
|
||||
docker_source: "{{ 'ghcr.io/heviat' if applications | is_feature_enabled('oidc',application_id) else 'ghcr.io/mailu' }}"
|
||||
docker_source: "{{ 'ghcr.io/heviat' if applications | get_app_conf(application_id, 'features.oidc', False) else 'ghcr.io/mailu' }}"
|
||||
|
||||
domain: "{{ domains | get_domain(application_id) }}"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
|
||||
@ -52,14 +52,14 @@ SMTP_OPENSSL_VERIFY_MODE=none
|
||||
SMTP_ENABLE_STARTTLS=auto
|
||||
SMTP_FROM_ADDRESS=Mastodon <{{ users['no-reply'].email }}>
|
||||
|
||||
{% if applications | is_feature_enabled('oidc',application_id) %}
|
||||
{% if applications | get_app_conf(application_id, 'features.oidc', False) %}
|
||||
###################################
|
||||
# OpenID Connect settings
|
||||
###################################
|
||||
# @see https://github.com/mastodon/mastodon/pull/16221
|
||||
# @see https://stackoverflow.com/questions/72081776/how-mastodon-configured-login-using-sso
|
||||
|
||||
OIDC_ENABLED={{ applications | is_feature_enabled('oidc',application_id) | string | lower }}
|
||||
OIDC_ENABLED={{ applications | get_app_conf(application_id, 'features.oidc', False) | string | lower }}
|
||||
OIDC_DISPLAY_NAME="{{oidc.button_text}}"
|
||||
OIDC_ISSUER={{oidc.client.issuer_url}}
|
||||
OIDC_DISCOVERY=true
|
||||
|
||||
@ -1,9 +0,0 @@
|
||||
# Administration
|
||||
|
||||
## Cleanup
|
||||
```
|
||||
# Cleanup Database
|
||||
for db in matrix applications | get_app_conf(application_id, 'credentials.mautrix_whatsapp_bridge', True) applications | get_app_conf(application_id, 'credentials.mautrix_telegram_bridge', True) applications | get_app_conf(application_id, 'credentials.mautrix_signal_bridge', True) applications | get_app_conf(application_id, 'credentials.mautrix_slack_bridge', True); do python reset-database-in-central-postgres.py $db; done
|
||||
# Cleanup Docker and Volumes
|
||||
docker compose down -v
|
||||
```
|
||||
@ -7,7 +7,7 @@
|
||||
- name: "create {{database_name}} database"
|
||||
include_role:
|
||||
name: svc-db-postgres
|
||||
when: applications | is_feature_enabled('central_database',application_id)
|
||||
when: applications | get_app_conf(application_id, 'features.central_database', False)
|
||||
|
||||
- name: "include seed-database-to-backup.yml"
|
||||
include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-to-local/tasks/seed-database-to-backup.yml"
|
||||
@ -45,7 +45,7 @@ email:
|
||||
client_base_url: "{{domains.matrix.synapse}}"
|
||||
validation_token_lifetime: 15m
|
||||
|
||||
{% if applications | is_feature_enabled('oidc',application_id) %}
|
||||
{% if applications | get_app_conf(application_id, 'features.oidc', False) %}
|
||||
# @See https://matrix-org.github.io/synapse/latest/openid.html
|
||||
oidc_providers:
|
||||
- idp_id: keycloak
|
||||
|
||||
@ -255,7 +255,7 @@ config :mobilizon, Mobilizon.Service.FrontEndAnalytics.Sentry,
|
||||
System.get_env("MOBILIZON_ERROR_REPORTING_SENTRY_HOST", "") |> String.split(" ", trim: true)
|
||||
]
|
||||
|
||||
{% if applications | is_feature_enabled('oidc',application_id) %}
|
||||
{% if applications | get_app_conf(application_id, 'features.oidc', False) %}
|
||||
config :ueberauth,
|
||||
Ueberauth,
|
||||
providers: [
|
||||
|
||||
@ -92,7 +92,7 @@ MOBILIZON_SMTP_PASSWORD={{ users['no-reply'].mailu_token }}
|
||||
MOBILIZON_SMTP_SSL=false
|
||||
|
||||
# Deactivate Database Login if OIDC or LDAP are enabled
|
||||
MOBILIZON_INSTANCE_DISABLE_DATABASE_LOGIN={{ (applications | is_feature_enabled('ldap',application_id) or applications | is_feature_enabled('oidc',application_id)) | lower }}
|
||||
MOBILIZON_INSTANCE_DISABLE_DATABASE_LOGIN={{ (applications | get_app_conf(application_id, 'features.ldap', False) or applications | get_app_conf(application_id, 'features.oidc', False)) | lower }}
|
||||
|
||||
# Whether to use TLS for SMTP.
|
||||
# Allowed values: always (TLS), never (Clear) and if_available (STARTTLS)
|
||||
|
||||
@ -15,7 +15,7 @@
|
||||
|
||||
- name: "Configure OIDC login for Moodle if enabled"
|
||||
include_tasks: oidc.yml
|
||||
when: applications | is_feature_enabled('oidc',application_id)
|
||||
when: applications | get_app_conf(application_id, 'features.oidc', False)
|
||||
|
||||
- name: Run Moodle system check
|
||||
command: >
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
FROM bitnami/moodle:{{ applications | get_app_conf(application_id, 'version', True) }}
|
||||
|
||||
{% if applications | is_feature_enabled('oidc', application_id) %}
|
||||
{% if applications | get_app_conf(application_id, 'features.oidc', False) %}
|
||||
RUN install_packages unzip curl jq \
|
||||
&& VERSION=$(curl -s https://api.github.com/repos/microsoft/moodle-auth_oidc/tags \
|
||||
| jq -r '.[].name' \
|
||||
|
||||
@ -146,7 +146,7 @@ return array (
|
||||
//
|
||||
// The `id` attribute in `oidc_login_attributes` must return the
|
||||
// "Internal Username" (see expert settings in LDAP integration)
|
||||
'oidc_login_proxy_ldap' => {{ applications | is_feature_enabled('ldap',application_id) | string | lower }},
|
||||
'oidc_login_proxy_ldap' => {{ applications | get_app_conf(application_id, 'features.ldap', False) | string | lower }},
|
||||
|
||||
// Disable creation of users new to Nextcloud from OIDC login.
|
||||
// A user may be known to the IdP but not (yet) known to Nextcloud.
|
||||
|
||||
7
roles/web-app-oauth2-proxy/schema/main.yml
Normal file
7
roles/web-app-oauth2-proxy/schema/main.yml
Normal file
@ -0,0 +1,7 @@
|
||||
# This file was created during refactoring to pass integration tests
|
||||
# @todo add correct type
|
||||
credentials:
|
||||
oauth2_proxy_cookie_secret:
|
||||
description: "Cookie secret for OAuth2 Proxy (hex string, 32 characters, generated via `openssl rand -hex 16`)"
|
||||
type: string
|
||||
validation: "^[0-9A-Fa-f]{32}$"
|
||||
@ -1,4 +1,4 @@
|
||||
{% if applications | is_feature_enabled('oauth2',application_id) %}
|
||||
{% if applications | get_app_conf(application_id, 'features.oauth2', False) %}
|
||||
oauth2-proxy:
|
||||
image: quay.io/oauth2-proxy/oauth2-proxy:{{applications['oauth2-proxy'].version}}
|
||||
restart: {{docker_restart_policy}}
|
||||
|
||||
@ -13,8 +13,8 @@
|
||||
|
||||
- name: "Install and activate auth-openid-connect plugin if OIDC is enabled"
|
||||
include_tasks: enable-oidc.yml
|
||||
when: applications | is_feature_enabled('oidc',application_id)
|
||||
when: applications | get_app_conf(application_id, 'features.oidc', False)
|
||||
|
||||
- name: "Deinstall and disable auth-openid-connect plugin if OIDC is enabled"
|
||||
include_tasks: disable-oidc.yml
|
||||
when: applications | is_feature_enabled('oidc',application_id)
|
||||
when: applications | get_app_conf(application_id, 'features.oidc', False)
|
||||
@ -1,5 +1,5 @@
|
||||
application_id: "pgadmin"
|
||||
database_type: "postgres"
|
||||
database_host: "{{ applications['svc-db-postgres'].hostname if applications | is_feature_enabled('central_database',application_id) }}"
|
||||
database_host: "{{ applications['svc-db-postgres'].hostname if applications | get_app_conf(application_id, 'features.central_database', False)}}"
|
||||
pgadmin_user: 5050
|
||||
pgadmin_group: "{{pgadmin_user}}"
|
||||
@ -1,3 +1,3 @@
|
||||
application_id: "phpmyadmin"
|
||||
database_type: "mariadb"
|
||||
database_host: "{{ applications['svc-db-mariadb'].hostname if applications | is_feature_enabled('central_database',application_id) }}"
|
||||
database_host: "{{ applications['svc-db-mariadb'].hostname if applications | get_app_conf(application_id, 'features.central_database', False)}}"
|
||||
@ -133,14 +133,14 @@ TRUST_PROXIES="*"
|
||||
|
||||
ENABLE_CONFIG_CACHE=true
|
||||
|
||||
{% if applications | is_feature_enabled('oidc',application_id) %}
|
||||
{% if applications | get_app_conf(application_id, 'features.oidc', False) %}
|
||||
|
||||
###################################
|
||||
# OpenID Connect settings
|
||||
###################################
|
||||
# @see https://github.com/pixelfed/pixelfed/commit/b3c27815788e4b47e7eb3fca727d817512cf26c2#diff-66e408190a301e81b5f1c079463487c54a6452c4944dc5ae80770f50101283ff
|
||||
|
||||
PF_OIDC_ENABLED={{ applications | is_feature_enabled('oidc',application_id) | string | lower }}
|
||||
PF_OIDC_ENABLED={{ applications | get_app_conf(application_id, 'features.oidc', False) | string | lower }}
|
||||
PF_OIDC_AUTHORIZE_URL="{{oidc.client.authorize_url}}"
|
||||
PF_OIDC_TOKEN_URL="{{oidc.client.token_url}}"
|
||||
PF_OIDC_PROFILE_URL="{{ oidc.client.user_info_url }}"
|
||||
|
||||
@ -27,7 +27,7 @@
|
||||
set_fact:
|
||||
portfolio_cards: "{{ portfolio_cards | add_simpleicon_source(domains, web_protocol) }}"
|
||||
when:
|
||||
- (applications | is_feature_enabled('simpleicons',application_id))
|
||||
- (applications | get_app_conf(application_id, 'features.simpleicons', False))
|
||||
- run_once_docker_portfolio is not defined
|
||||
|
||||
- name: Group docker cards
|
||||
|
||||
@ -33,13 +33,13 @@ applications:
|
||||
icon:
|
||||
class: fa-solid fa-shield-halved
|
||||
url: https://{{domains | get_domain('keycloak')}}/admin
|
||||
iframe: {{ applications | is_feature_enabled('port-ui-desktop','keycloak') }}
|
||||
iframe: {{ applications | get_app_conf( 'keycloak', 'features.port-ui-desktop', False) }}
|
||||
- name: Profile
|
||||
description: Update your personal admin settings
|
||||
icon:
|
||||
class: fa-solid fa-user-gear
|
||||
url: https://{{ domains | get_domain('keycloak') }}/realms/{{oidc.client.id}}/account
|
||||
iframe: {{ applications | is_feature_enabled('port-ui-desktop','keycloak') }}
|
||||
iframe: {{ applications | get_app_conf( 'keycloak', 'features.port-ui-desktop', False) }}
|
||||
- name: Logout
|
||||
description: End your admin session securely
|
||||
icon:
|
||||
|
||||
@ -12,7 +12,7 @@ followus:
|
||||
class: fa-brands fa-mastodon
|
||||
url: "{{ web_protocol }}://{{ service_provider.contact.mastodon.split('@')[2] }}/@{{ service_provider.contact.mastodon.split('@')[1] }}"
|
||||
identifier: "{{service_provider.contact.mastodon}}"
|
||||
iframe: {{ applications | is_feature_enabled('port-ui-desktop','mastodon') }}
|
||||
iframe: {{ applications | get_app_conf('mastodon','features.port-ui-desktop',True) }}
|
||||
{% endif %}
|
||||
{% if service_provider.contact.bluesky is defined and service_provider.contact.bluesky != "" %}
|
||||
- name: Bluesky
|
||||
@ -31,7 +31,7 @@ followus:
|
||||
class: fa-solid fa-camera
|
||||
identifier: "{{service_provider.contact.pixelfed}}"
|
||||
url: "{{ web_protocol }}://{{ service_provider.contact.pixelfed.split('@')[2] }}/@{{ service_provider.contact.pixelfed.split('@')[1] }}"
|
||||
iframe: {{ applications | is_feature_enabled('port-ui-desktop','pixelfed') }}
|
||||
iframe: {{ applications | get_app_conf('pixelfed','features.port-ui-desktop',True) }}
|
||||
{% endif %}
|
||||
{% if service_provider.contact.peertube is defined and service_provider.contact.peertube != "" %}
|
||||
- name: Peertube
|
||||
@ -40,7 +40,7 @@ followus:
|
||||
class: fa-solid fa-video
|
||||
identifier: "{{service_provider.contact.peertube}}"
|
||||
url: "{{ web_protocol }}://{{ service_provider.contact.peertube.split('@')[2] }}/@{{ service_provider.contact.peertube.split('@')[1] }}"
|
||||
iframe: {{ applications | is_feature_enabled('port-ui-desktop','peertube') }}
|
||||
iframe: {{ applications | get_app_conf('peertube','features.port-ui-desktop',True) }}
|
||||
{% endif %}
|
||||
{% if service_provider.contact.wordpress is defined and service_provider.contact.wordpress != "" %}
|
||||
- name: Wordpress
|
||||
@ -49,7 +49,7 @@ followus:
|
||||
class: fa-solid fa-blog
|
||||
identifier: "{{service_provider.contact.wordpress}}"
|
||||
url: "{{ web_protocol }}://{{ service_provider.contact.wordpress.split('@')[2] }}/@{{ service_provider.contact.wordpress.split('@')[1] }}"
|
||||
iframe: {{ applications | is_feature_enabled('port-ui-desktop','wordpress') }}
|
||||
iframe: {{ applications | get_app_conf('wordpress','features.port-ui-desktop',True) }}
|
||||
{% endif %}
|
||||
{% if service_provider.contact.friendica is defined and service_provider.contact.friendica != "" %}
|
||||
- name: Friendica
|
||||
@ -58,5 +58,5 @@ followus:
|
||||
class: fas fa-net-wired
|
||||
identifier: "{{service_provider.contact.friendica}}"
|
||||
url: "{{ web_protocol }}://{{ service_provider.contact.friendica.split('@')[2] }}/@{{ service_provider.contact.friendica.split('@')[1] }}"
|
||||
iframe: {{ applications | is_feature_enabled('port-ui-desktop','friendica') }}
|
||||
iframe: {{ applications | get_app_conf('friendica','features.port-ui-desktop',True) }}
|
||||
{% endif %}
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
icon:
|
||||
class: fas fa-book
|
||||
url: https://{{domains | get_domain('sphinx')}}
|
||||
iframe: {{ applications | is_feature_enabled('port-ui-desktop','sphinx') }}
|
||||
iframe: {{ applications | get_app_conf('sphinx','features.port-ui-desktop',True) }}
|
||||
|
||||
{% endif %}
|
||||
|
||||
@ -21,7 +21,7 @@
|
||||
icon:
|
||||
class: "fas fa-chalkboard-teacher"
|
||||
url: https://{{domains | get_domain('presentation')}}
|
||||
iframe: {{ applications | is_feature_enabled('port-ui-desktop','presentation') }}
|
||||
iframe: {{ applications | get_app_conf('presentation','features.port-ui-desktop',True) }}
|
||||
|
||||
{% endif %}
|
||||
- name: Solutions
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
retries: 30
|
||||
delay: 5
|
||||
until: snipeit_admin_check.status == 200
|
||||
when: not ( applications | is_feature_enabled('oauth2', application_id))
|
||||
when: not ( applications | get_app_conf(application_id, 'features.oauth2', False))
|
||||
|
||||
- name: "Debug: show APP_KEY in container shell"
|
||||
shell: |
|
||||
|
||||
@ -6,4 +6,4 @@
|
||||
|
||||
- name: "Configure Snipe-IT LDAP settings"
|
||||
import_tasks: ldap.yml
|
||||
when: applications | is_feature_enabled('ldap',application_id)
|
||||
when: applications | get_app_conf(application_id, 'features.ldap', False)
|
||||
|
||||
@ -26,7 +26,7 @@ DB_DATABASE={{database_name}}
|
||||
DB_USERNAME={{database_username}}
|
||||
DB_PASSWORD={{database_password}}
|
||||
|
||||
{% if not applications | is_feature_enabled('central_database',application_id) %}
|
||||
{% if not applications | get_app_conf(application_id, 'features.central_database', False)%}
|
||||
MYSQL_ROOT_PASSWORD={{database_password}}
|
||||
DB_PREFIX=null
|
||||
DB_DUMP_PATH='/usr/bin'
|
||||
|
||||
@ -2,7 +2,7 @@ server
|
||||
{
|
||||
server_name {{domain}};
|
||||
|
||||
{% if applications | is_feature_enabled('oauth2',application_id) %}
|
||||
{% if applications | get_app_conf(application_id, 'features.oauth2', False) %}
|
||||
{% include 'roles/web-app-oauth2-proxy/templates/endpoint.conf.j2'%}
|
||||
{% endif %}
|
||||
|
||||
|
||||
@ -9,7 +9,7 @@
|
||||
- media-data:/taiga-back/media
|
||||
# - ./config.py:/taiga-back/settings/config.py
|
||||
|
||||
{% if applications | is_feature_enabled('oidc',application_id) and applications | get_app_conf(application_id, 'oidc.flavor', True) == 'taigaio' %}
|
||||
{% if applications | get_app_conf(application_id, 'features.oidc', False) and applications | get_app_conf(application_id, 'oidc.flavor', True) == 'taigaio' %}
|
||||
|
||||
- {{ docker_compose.directories.config }}taiga-local.py:/taiga-back/settings/local.py:ro
|
||||
|
||||
@ -22,7 +22,7 @@
|
||||
condition: service_started
|
||||
taiga-async-rabbitmq:
|
||||
condition: service_started
|
||||
{% if applications | is_feature_enabled('oidc',application_id) and applications | get_app_conf(application_id, 'oidc.flavor', True) == 'taigaio' %}
|
||||
{% if applications | get_app_conf(application_id, 'features.oidc', False) and applications | get_app_conf(application_id, 'oidc.flavor', True) == 'taigaio' %}
|
||||
|
||||
command: >
|
||||
/bin/sh -c "
|
||||
@ -42,7 +42,7 @@
|
||||
- media-data:/taiga-back/media
|
||||
# - ./config.py:/taiga-back/settings/config.py
|
||||
|
||||
{% if applications | is_feature_enabled('oidc',application_id) and applications | get_app_conf(application_id, 'oidc.flavor', True) == 'taigaio' %}
|
||||
{% if applications | get_app_conf(application_id, 'features.oidc', False) and applications | get_app_conf(application_id, 'oidc.flavor', True) == 'taigaio' %}
|
||||
|
||||
{% for item in settings_files %}
|
||||
- {{ docker_compose.directories.config }}taiga-{{ item }}.py:/taiga-back/settings/{{ item }}.py:ro
|
||||
@ -57,7 +57,7 @@
|
||||
condition: service_started
|
||||
taiga-async-rabbitmq:
|
||||
condition: service_started
|
||||
{% if applications | is_feature_enabled('oidc',application_id) and applications | get_app_conf(application_id, 'oidc.flavor', True) == 'taigaio' %}
|
||||
{% if applications | get_app_conf(application_id, 'features.oidc', False) and applications | get_app_conf(application_id, 'oidc.flavor', True) == 'taigaio' %}
|
||||
|
||||
command: >
|
||||
/bin/sh -c "
|
||||
|
||||
@ -47,7 +47,7 @@ MAX_AGE = 360
|
||||
# Taiga's Telemetry - Variable to enable or disable the anonymous telemetry
|
||||
ENABLE_TELEMETRY = True
|
||||
|
||||
{% if applications | is_feature_enabled('oidc',application_id) %}
|
||||
{% if applications | get_app_conf(application_id, 'features.oidc', False) %}
|
||||
|
||||
{% if applications | get_app_conf(application_id, 'oidc.flavor', True) == 'taigaio' %}
|
||||
|
||||
|
||||
@ -6,4 +6,4 @@ YOURLS_SITE: "{{ domains | get_url(application_id, web_protocol) }}"
|
||||
YOURLS_USER: "{{applications.yourls.users.administrator.username}}"
|
||||
YOURLS_PASS: "{{applications | get_app_conf(application_id, 'credentials.administrator_password', True)}}"
|
||||
# The following deactivates the login mask for admins, if the oauth2 proxy is activated
|
||||
YOURLS_PRIVATE: "{{not (applications | is_feature_enabled('oauth2', application_id))}}"
|
||||
YOURLS_PRIVATE: "{{not (applications | get_app_conf(application_id, 'features.oauth2', False))}}"
|
||||
Loading…
x
Reference in New Issue
Block a user