From af3ea9039c4061c937650124743de0b26458006f Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Tue, 15 Jul 2025 23:51:51 +0200 Subject: [PATCH] Restructure and cleaned up in preparation of new backup logic --- group_vars/all/00_general.yml | 14 ++++- group_vars/all/09_ports.yml | 44 ++++++------- group_vars/all/10_networks.yml | 30 ++++----- group_vars/all/15_about.yml | 10 +-- group_vars/all/16_storage.yml | 3 - roles/desk-nextcloud/Todo.md | 2 + roles/desk-nextcloud/schema/main.yml | 1 + roles/sys-bkp-docker-2-loc/README.md | 4 +- .../filter_plugins/__init__.py | 0 .../filter_plugins/dict_to_cli_args.py | 36 +++++++++++ .../templates/update-docker.py.j2 | 6 +- roles/web-app-akaunting/config/main.yml | 16 +++-- .../templates/docker-compose.yml.j2 | 8 ++- roles/web-app-akaunting/templates/env.j2 | 4 +- roles/web-app-akaunting/vars/main.yml | 6 +- roles/web-app-baserow/config/main.yml | 15 +++-- .../templates/docker-compose.yml.j2 | 5 +- roles/web-app-baserow/vars/main.yml | 10 ++- .../templates/docker-compose.yml.j2 | 28 +++------ roles/web-app-coturn/vars/main.yml | 5 +- roles/web-app-discourse/config/main.yml | 15 +++-- roles/web-app-discourse/handlers/main.yml | 4 +- roles/web-app-discourse/tasks/main.yml | 12 ++-- .../templates/discourse_application.yml.j2 | 4 +- roles/web-app-discourse/vars/main.yml | 15 ++++- roles/web-app-elk/defaults/main.yml | 1 + roles/web-app-elk/vars/main.yml | 2 +- roles/web-app-gitea/config/main.yml | 20 +++--- .../templates/docker-compose.yml.j2 | 4 +- roles/web-app-gitea/vars/main.yml | 11 +++- roles/web-app-gitlab/config/main.yml | 4 +- roles/web-app-gitlab/vars/main.yml | 5 +- roles/web-app-joomla/vars/main.yml | 3 +- roles/web-app-listmonk/config/main.yml | 15 +++-- .../templates/docker-compose.yml.j2 | 3 +- roles/web-app-listmonk/vars/main.yml | 8 ++- .../templates/docker-compose.yml.j2 | 16 ++--- roles/web-app-mastodon/config/main.yml | 19 ++++-- roles/web-app-mastodon/tasks/main.yml | 4 +- .../templates/docker-compose.yml.j2 | 11 ++-- roles/web-app-mastodon/templates/env.j2 | 16 ++--- roles/web-app-mastodon/vars/main.yml | 13 +++- roles/web-app-matomo/config/main.yml | 9 ++- .../templates/docker-compose.yml.j2 | 3 +- roles/web-app-matomo/vars/main.yml | 4 +- roles/web-app-matrix-ansible/tasks/main.yml | 10 +-- .../templates/vars.yml.j2 | 2 +- roles/web-app-matrix/config/main.yml | 22 ++++--- roles/web-app-matrix/tasks/main.yml | 20 +++--- .../templates/docker-compose.yml.j2 | 21 ++++--- .../templates/element.config.json.j2 | 4 +- .../templates/mautrix/facebook.config.yml.j2 | 2 +- .../templates/mautrix/instagram.config.yml.j2 | 2 +- .../templates/mautrix/signal.config.yml.j2 | 2 +- .../templates/mautrix/slack.config.yml.j2 | 2 +- .../templates/mautrix/telegram.config.yml.j2 | 2 +- .../templates/mautrix/whatsapp.config.yml.j2 | 2 +- roles/web-app-matrix/templates/nginx.conf.j2 | 6 +- .../templates/synapse/homeserver.yaml.j2 | 12 ++-- .../templates/synapse/log.config.j2 | 2 +- roles/web-app-matrix/templates/well-known.j2 | 2 +- roles/web-app-matrix/vars/main.yml | 11 +++- roles/web-app-mediawiki/TODO.md | 3 +- roles/web-app-mediawiki/config/main.yml | 11 +++- .../templates/docker-compose.yml.j2 | 12 ++-- roles/web-app-mediawiki/vars/main.yml | 9 ++- roles/web-app-mobilizon/config/main.yml | 4 +- roles/web-app-mobilizon/vars/main.yml | 3 +- roles/web-app-mybb/config/main.yml | 10 ++- .../templates/docker-compose.yml.j2 | 4 +- roles/web-app-mybb/vars/main.yml | 9 ++- roles/web-app-nextcloud/config/main.yml | 47 +++++++++----- roles/web-app-nextcloud/docs/Update.md | 4 +- roles/web-app-nextcloud/handlers/main.yml | 2 +- roles/web-app-nextcloud/tasks/01_config.yml | 4 +- roles/web-app-nextcloud/tasks/main.yml | 10 +-- .../templates/docker-compose.yml.j2 | 50 +++++++-------- roles/web-app-nextcloud/templates/env.j2 | 19 +++++- roles/web-app-nextcloud/vars/main.yml | 61 +++++++++++++------ roles/web-app-oauth2-proxy/tasks/main.yml | 2 +- .../templates/container.yml.j2 | 2 +- roles/web-app-openproject/config/main.yml | 19 +++++- .../templates/Dockerfile.j2 | 2 +- .../templates/docker-compose.yml.j2 | 11 ++-- roles/web-app-openproject/vars/main.yml | 10 ++- roles/web-app-peertube/config/main.yml | 12 +++- roles/web-app-peertube/tasks/disable-oidc.yml | 2 +- roles/web-app-peertube/tasks/enable-oidc.yml | 4 +- .../templates/docker-compose.yml.j2 | 5 +- roles/web-app-peertube/vars/main.yml | 11 ++-- roles/web-app-pixelfed/config/main.yml | 14 +++-- .../templates/docker-compose.yml.j2 | 7 ++- roles/web-app-pixelfed/vars/main.yml | 11 +++- .../templates/menu/followus.yml.j2 | 8 +-- roles/web-app-wordpress/config/main.yml | 12 +++- .../tasks/plugins/wp-discourse.yml | 8 +-- .../web-app-wordpress/templates/Dockerfile.j2 | 2 +- .../templates/docker-compose.yml.j2 | 5 +- roles/web-app-wordpress/vars/discourse.yml | 2 +- roles/web-app-wordpress/vars/main.yml | 10 ++- tasks/utils/debug/docker-compose.yml | 50 --------------- tasks/utils/update-repository-with-files.yml | 6 +- templates/roles/web-app/vars/main.yml.j2 | 2 +- .../roles/sys-bkp-docker-2-loc/__init__.py | 0 .../filter_plugins/__init__.py | 0 .../filter_plugins/test_dict_to_cli_args.py | 61 +++++++++++++++++++ 106 files changed, 703 insertions(+), 429 deletions(-) create mode 100644 roles/desk-nextcloud/Todo.md create mode 100644 roles/desk-nextcloud/schema/main.yml create mode 100644 roles/sys-bkp-docker-2-loc/filter_plugins/__init__.py create mode 100644 roles/sys-bkp-docker-2-loc/filter_plugins/dict_to_cli_args.py delete mode 100644 tasks/utils/debug/docker-compose.yml create mode 100644 tests/unit/roles/sys-bkp-docker-2-loc/__init__.py create mode 100644 tests/unit/roles/sys-bkp-docker-2-loc/filter_plugins/__init__.py create mode 100644 tests/unit/roles/sys-bkp-docker-2-loc/filter_plugins/test_dict_to_cli_args.py diff --git a/group_vars/all/00_general.yml b/group_vars/all/00_general.yml index d7390f14..cadf901f 100644 --- a/group_vars/all/00_general.yml +++ b/group_vars/all/00_general.yml @@ -55,7 +55,19 @@ certbot_cert_path: "/etc/letsencrypt/live" # Path contain docker_restart_policy: "unless-stopped" # helper -_applications_nextcloud_oidc_flavor: "{{ applications.nextcloud.oidc.flavor | default('oidc_login' if applications.nextcloud.features.ldap | default(true) else 'sociallogin') }}" +_applications_nextcloud_oidc_flavor: >- + {{ + applications + | get_app_conf( + 'web-app-nextcloud', + 'oidc.flavor', + False, + 'oidc_login' + if applications + | get_app_conf('web-app-nextcloud','features.ldap',False) + else 'sociallogin' + ) + }} # default value if not set via CLI (-e) or in playbook vars allowed_applications: [] diff --git a/group_vars/all/09_ports.yml b/group_vars/all/09_ports.yml index 477dd7b8..419b292c 100644 --- a/group_vars/all/09_ports.yml +++ b/group_vars/all/09_ports.yml @@ -6,46 +6,46 @@ ports: svc-db-mariadb: 3306 # https://developer.mozilla.org/de/docs/Web/API/WebSockets_API websocket: - mastodon: 4001 + web-app-mastodon: 4001 espocrm: 4002 oauth2_proxy: phpmyadmin: 4181 lam: 4182 - openproject: 4183 + web-app-openproject: 4183 yourls: 4184 pgadmin: 4185 phpldapadmin: 4186 fusiondirectory: 4187 - gitea: 4188 + web-app-gitea: 4188 snipe-it: 4189 ldap: svc-db-openldap: 389 http: - nextcloud: 8001 - gitea: 8002 - wordpress: 8003 - mediawiki: 8004 - mybb: 8005 + web-app-nextcloud: 8001 + web-app-gitea: 8002 + web-app-wordpress: 8003 + web-app-mediawiki: 8004 + web-app-mybb: 8005 yourls: 8006 mailu: 8007 - elk: 8008 - mastodon: 8009 - pixelfed: 8010 - peertube: 8011 + web-app-elk: 8008 + web-app-mastodon: 8009 + web-app-pixelfed: 8010 + web-app-peertube: 8011 funkwhale: 8012 roulette-wheel: 8013 - joomla: 8014 + web-app-joomla: 8014 attendize: 8015 pgadmin: 8016 - baserow: 8017 + web-app-baserow: 8017 web-app-matomo: 8018 - listmonk: 8019 - discourse: 8020 - matrix_synapse: 8021 - matrix_element: 8022 - openproject: 8023 + web-app-listmonk: 8019 + web-app-discourse: 8020 + web-app-matrix_synapse: 8021 + web-app-matrix_element: 8022 + web-app-openproject: 8023 gitlab: 8024 - akaunting: 8025 + web-app-akaunting: 8025 moodle: 8026 taiga: 8027 friendica: 8028 @@ -73,11 +73,13 @@ ports: public: # The following ports should be changed to 22 on the subdomain via stream mapping ssh: - gitea: 2201 + web-app-gitea: 2201 gitlab: 2202 ldaps: svc-db-openldap: 636 stun: bigbluebutton: 3478 # Not sure if it's right placed here or if it should be moved to localhost section + web-app-nextcloud: 3479 turn: bigbluebutton: 5349 # Not sure if it's right placed here or if it should be moved to localhost section + web-app-nextcloud: 5350 # Not used yet \ No newline at end of file diff --git a/group_vars/all/10_networks.yml b/group_vars/all/10_networks.yml index 5ad975b9..08d95c20 100644 --- a/group_vars/all/10_networks.yml +++ b/group_vars/all/10_networks.yml @@ -8,11 +8,11 @@ defaults_networks: # This should be sufficient for the most cases # /28 Networks, 14 Usable Ip Addresses - akaunting: + web-app-akaunting: subnet: 192.168.101.0/28 attendize: subnet: 192.168.101.16/28 - baserow: + web-app-baserow: subnet: 192.168.101.32/28 mobilizon: subnet: 192.168.101.48/28 @@ -22,25 +22,25 @@ defaults_networks: subnet: 192.168.101.80/28 funkwhale: subnet: 192.168.101.96/28 - gitea: + web-app-gitea: subnet: 192.168.101.112/28 gitlab: subnet: 192.168.101.128/28 - joomla: + web-app-joomla: subnet: 192.168.101.144/28 keycloak: subnet: 192.168.101.160/28 - #svc-db-openldap: - # subnet: 192.168.101.176/28 - listmonk: + web-app-wordpress: + subnet: 192.168.101.176/28 + web-app-listmonk: subnet: 192.168.101.192/28 # Free: # subnet: 192.168.101.208/28 web-app-matomo: subnet: 192.168.101.224/28 - mastodon: + web-app-mastodon: subnet: 192.168.101.240/28 - matrix: + web-app-matrix: subnet: 192.168.102.0/28 mailu: # Use one of the last container ips for dns resolving so that it isn't used @@ -48,17 +48,17 @@ defaults_networks: subnet: 192.168.102.16/28 moodle: subnet: 192.168.102.32/28 - mybb: + web-app-mybb: subnet: 192.168.102.48/28 - nextcloud: + web-app-nextcloud: subnet: 192.168.102.64/28 - openproject: + web-app-openproject: subnet: 192.168.102.80/28 - peertube: + web-app-peertube: subnet: 192.168.102.96/28 phpmyadmin: subnet: 192.168.102.112/28 - pixelfed: + web-app-pixelfed: subnet: 192.168.102.128/28 pgadmin: subnet: 192.168.102.144/28 @@ -68,7 +68,7 @@ defaults_networks: subnet: 192.168.102.176/28 yourls: subnet: 192.168.102.192/28 - discourse: + web-app-discourse: subnet: 192.168.102.208/28 sphinx: subnet: 192.168.102.224/28 diff --git a/group_vars/all/15_about.yml b/group_vars/all/15_about.yml index 2b9331a3..bbd38690 100644 --- a/group_vars/all/15_about.yml +++ b/group_vars/all/15_about.yml @@ -20,12 +20,12 @@ defaults_service_provider: {{ ('@' ~ users.contact.username ~ '.' ~ domains.bluesky.api) if 'bluesky' in group_names else '' }} email: "{{ users.contact.username ~ '@' ~ primary_domain if 'mailu' in group_names else '' }}" - mastodon: "{{ '@' ~ users.contact.username ~ '@' ~ domains | get_domain('mastodon') if 'mastodon' in group_names else '' }}" - matrix: "{{ '@' ~ users.contact.username ~ ':' ~ domains.matrix.synapse if 'matrix' in group_names else '' }}" - peertube: "{{ '@' ~ users.contact.username ~ '@' ~ domains | get_domain('peertube') if 'peertube' in group_names else '' }}" - pixelfed: "{{ '@' ~ users.contact.username ~ '@' ~ domains | get_domain('pixelfed') if 'pixelfed' in group_names else '' }}" + mastodon: "{{ '@' ~ users.contact.username ~ '@' ~ domains | get_domain('web-app-mastodon') if 'web-app-mastodon' in group_names else '' }}" + matrix: "{{ '@' ~ users.contact.username ~ ':' ~ domains['web-app-matrix'].synapse if 'web-app-matrix' in group_names else '' }}" + peertube: "{{ '@' ~ users.contact.username ~ '@' ~ domains | get_domain('web-app-peertube') if 'web-app-peertube' in group_names else '' }}" + pixelfed: "{{ '@' ~ users.contact.username ~ '@' ~ domains | get_domain(web-app-pixelfed) if web-app-pixelfed in group_names else '' }}" phone: "+0 000 000 404" - wordpress: "{{ '@' ~ users.contact.username ~ '@' ~ domains | get_domain('wordpress') if 'wordpress' in group_names else '' }}" + wordpress: "{{ '@' ~ users.contact.username ~ '@' ~ domains | get_domain('web-app-wordpress') if 'web-app-wordpress' in group_names else '' }}" legal: editorial_responsible: "Johannes Gutenberg" diff --git a/group_vars/all/16_storage.yml b/group_vars/all/16_storage.yml index c7a71646..3291de0e 100644 --- a/group_vars/all/16_storage.yml +++ b/group_vars/all/16_storage.yml @@ -1,6 +1,3 @@ -## Enable Storage Optimizer for Docker Volumes -enable_system_storage_optimizer: true - backups_folder_path: "/Backups/" # Path to the backups folder # Storage Space-Related Configurations diff --git a/roles/desk-nextcloud/Todo.md b/roles/desk-nextcloud/Todo.md new file mode 100644 index 00000000..e8d4ba2d --- /dev/null +++ b/roles/desk-nextcloud/Todo.md @@ -0,0 +1,2 @@ +# Todos +- Implement the schema \ No newline at end of file diff --git a/roles/desk-nextcloud/schema/main.yml b/roles/desk-nextcloud/schema/main.yml new file mode 100644 index 00000000..1f3e54a6 --- /dev/null +++ b/roles/desk-nextcloud/schema/main.yml @@ -0,0 +1 @@ +cloud_fqdn: # @todo Add detailled scheme for this entry \ No newline at end of file diff --git a/roles/sys-bkp-docker-2-loc/README.md b/roles/sys-bkp-docker-2-loc/README.md index 2b6d6e2d..db745de6 100644 --- a/roles/sys-bkp-docker-2-loc/README.md +++ b/roles/sys-bkp-docker-2-loc/README.md @@ -2,7 +2,7 @@ ## Description -This Ansible role automates the process of backing up Docker volumes to a local folder. It pulls the [sys-bkp-docker-2-loc repository](https://github.com/kevinveenbirkenbach/sys-bkp-docker-2-loc.git), installs required software, configures systemd services for both standard and "everything" backup modes, and seeds backup database entries as needed. +This Ansible role automates the process of backing up Docker volumes to a local folder. It pulls the [backup-docker-to-local](https://github.com/kevinveenbirkenbach/backup-docker-to-local), installs required software, configures systemd services for both standard and "everything" backup modes, and seeds backup database entries as needed. ## Overview @@ -20,7 +20,7 @@ Backup Docker Volumes to Local is a comprehensive solution that leverages rsync ## Features - **Required Software Installation:** Installs necessary packages (e.g., lsof, python-pandas) via pacman. -- **Git Repository Pull:** Automatically pulls the latest version of the [sys-bkp-docker-2-loc repository](https://github.com/kevinveenbirkenbach/sys-bkp-docker-2-loc.git). +- **Git Repository Pull:** Automatically pulls the latest version of the [backup-docker-to-local](https://github.com/kevinveenbirkenbach/backup-docker-to-local). - **Systemd Service Configuration:** Deploys and reloads two systemd service templates to manage backup tasks. - **Database Seeding:** Includes tasks to seed and manage a backup database (`databases.csv`) for tracking backup details. - **Dependency Integration:** Works in conjunction with the dependent roles listed above to verify and manage backups. diff --git a/roles/sys-bkp-docker-2-loc/filter_plugins/__init__.py b/roles/sys-bkp-docker-2-loc/filter_plugins/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/roles/sys-bkp-docker-2-loc/filter_plugins/dict_to_cli_args.py b/roles/sys-bkp-docker-2-loc/filter_plugins/dict_to_cli_args.py new file mode 100644 index 00000000..5d01f81b --- /dev/null +++ b/roles/sys-bkp-docker-2-loc/filter_plugins/dict_to_cli_args.py @@ -0,0 +1,36 @@ +def dict_to_cli_args(data): + """ + Convert a dictionary into CLI argument string. + Example: + { + "backup-dir": "/mnt/backups", + "shutdown": True, + "ignore-volumes": ["redis", "memcached"] + } + becomes: + --backup-dir=/mnt/backups --shutdown --ignore-volumes="redis memcached" + """ + if not isinstance(data, dict): + raise TypeError("Expected a dictionary for CLI argument conversion") + + args = [] + + for key, value in data.items(): + cli_key = f"--{key}" + + if isinstance(value, bool): + if value: + args.append(cli_key) + elif isinstance(value, list): + items = " ".join(map(str, value)) + args.append(f'{cli_key}="{items}"') + elif value is not None: + args.append(f'{cli_key}={value}') + + return " ".join(args) + +class FilterModule(object): + def filters(self): + return { + 'dict_to_cli_args': dict_to_cli_args + } diff --git a/roles/update-docker/templates/update-docker.py.j2 b/roles/update-docker/templates/update-docker.py.j2 index bf629629..2973aedb 100644 --- a/roles/update-docker/templates/update-docker.py.j2 +++ b/roles/update-docker/templates/update-docker.py.j2 @@ -130,8 +130,8 @@ def update_discourse(directory): os.chdir(docker_repository_directory ) if git_pull(): print("Start Discourse update procedure.") - update_procedure("docker stop {{applications.discourse.container}}") - update_procedure("docker rm {{applications.discourse.container}}") + update_procedure("docker stop {{applications.discourse.docker.service.discourse.name}}") + update_procedure("docker rm {{applications.discourse.docker.service.discourse.name}}") try: update_procedure("docker network connect {{applications.discourse.network}} {{ applications['bpostgres'].hostname }}") except subprocess.CalledProcessError as e: @@ -140,7 +140,7 @@ def update_discourse(directory): print("Network connection already exists. Skipping...") else: raise - update_procedure("./launcher rebuild {{applications.discourse.container}}") + update_procedure("./launcher rebuild {{applications.discourse.docker.service.discourse.name}}") else: print("Discourse update skipped. No changes in git repository.") diff --git a/roles/web-app-akaunting/config/main.yml b/roles/web-app-akaunting/config/main.yml index 0ce2d4bb..bc45b9c6 100644 --- a/roles/web-app-akaunting/config/main.yml +++ b/roles/web-app-akaunting/config/main.yml @@ -1,12 +1,11 @@ -images: - akaunting: "docker.io/akaunting/akaunting:latest" -company_name: "{{primary_domain}}" -company_email: "{{ users.administrator.email }}" +company: + name: "Akaunting on {{ primary_domain | upper }}" # @todo load automatic based on service_provider infos, this will fail + email: "{{ users.administrator.email }}" # @todo load automatic based on service_provider infos, this will fail setup_admin_email: "{{ users.administrator.email }}" features: matomo: true css: true - port-ui-desktop: true + port-ui-desktop: true central_database: true domains: canonical: @@ -15,5 +14,12 @@ docker: services: database: enabled: true + akaunting: + no_stop_required: true + image: docker.io/akaunting/akaunting + version: latest + name: akaunting + volumes: + data: akaunting_data credentials: {} diff --git a/roles/web-app-akaunting/templates/docker-compose.yml.j2 b/roles/web-app-akaunting/templates/docker-compose.yml.j2 index dab3fc83..354f21cb 100644 --- a/roles/web-app-akaunting/templates/docker-compose.yml.j2 +++ b/roles/web-app-akaunting/templates/docker-compose.yml.j2 @@ -2,12 +2,12 @@ application: {% include 'roles/docker-container/templates/base.yml.j2' %} - - image: "{{ applications | get_app_conf(application_id, 'images.' ~ application_id, True) }}" + container_name: {{ akaunting_name }} + image: "{{ akaunting_image }}:{{ akaunting_version }}" build: context: . ports: - - 127.0.0.1:{{ports.localhost.http[application_id]}}:80 + - 127.0.0.1:{{ ports.localhost.http[application_id] }}:80 volumes: - data:/var/www/html environment: @@ -17,5 +17,7 @@ {% include 'roles/docker-compose/templates/volumes.yml.j2' %} data: + name: {{ akaunting_volume }} + {% include 'roles/docker-compose/templates/networks.yml.j2' %} \ No newline at end of file diff --git a/roles/web-app-akaunting/templates/env.j2 b/roles/web-app-akaunting/templates/env.j2 index 81f0088d..aa67b13f 100644 --- a/roles/web-app-akaunting/templates/env.j2 +++ b/roles/web-app-akaunting/templates/env.j2 @@ -14,8 +14,8 @@ DB_PASSWORD={{database_password}} DB_PREFIX=asd_ # These define the first company to exist on this instance. They are only used during setup. -COMPANY_NAME={{applications | get_app_conf(application_id, 'company_name', True)}} -COMPANY_EMAIL={{applications | get_app_conf(application_id, 'company_email', True)}} +COMPANY_NAME={{applications | get_app_conf(application_id, 'company.name', True)}} +COMPANY_EMAIL={{applications | get_app_conf(application_id, 'company.email', True)}} # This will be the first administrative user created on setup. ADMIN_EMAIL={{applications.akaunting.setup_admin_email}} diff --git a/roles/web-app-akaunting/vars/main.yml b/roles/web-app-akaunting/vars/main.yml index 6dd90f2a..1da7cb0c 100644 --- a/roles/web-app-akaunting/vars/main.yml +++ b/roles/web-app-akaunting/vars/main.yml @@ -1,4 +1,8 @@ -application_id: "akaunting" +application_id: "web-app-akaunting" database_type: "mariadb" database_password: "applications | get_app_conf(application_id, 'credentials.database_password', True)" docker_repository_address: "https://github.com/akaunting/docker.git" +akaunting_version: "{{ applications | get_app_conf(application_id, 'docker.services.akaunting.version', True) }}" +akaunting_image: "{{ applications | get_app_conf(application_id, 'docker.services.akaunting.image', True) }}" +akaunting_name: "{{ applications | get_app_conf(application_id, 'docker.services.akaunting.name', True) }}" +akaunting_volume: "{{ applications | get_app_conf(application_id, 'docker.services.volumes.data', True) }}" \ No newline at end of file diff --git a/roles/web-app-baserow/config/main.yml b/roles/web-app-baserow/config/main.yml index 65c911f8..281f0b99 100644 --- a/roles/web-app-baserow/config/main.yml +++ b/roles/web-app-baserow/config/main.yml @@ -1,13 +1,18 @@ -images: - baserow: "baserow/baserow:latest" features: matomo: true css: true - port-ui-desktop: true + port-ui-desktop: true central_database: true docker: services: redis: - enabled: true + enabled: true database: - enabled: true \ No newline at end of file + enabled: true + baserow: + no_stop_required: true + image: "baserow/baserow" + version: "latest" + name: "baserow" + volumes: + data: "baserow_data" diff --git a/roles/web-app-baserow/templates/docker-compose.yml.j2 b/roles/web-app-baserow/templates/docker-compose.yml.j2 index e369fc48..5e3b21f3 100644 --- a/roles/web-app-baserow/templates/docker-compose.yml.j2 +++ b/roles/web-app-baserow/templates/docker-compose.yml.j2 @@ -2,8 +2,8 @@ application: {% include 'roles/docker-container/templates/base.yml.j2' %} - image: "{{ applications | get_app_conf(application_id, 'images.baserow', True) }}" - container_name: baserow-application + image: "{{ baserow_image }}:{{ baserow_version }}" + container_name: {{ baserow_name }} volumes: - data:/baserow/data ports: @@ -13,6 +13,7 @@ {% include 'roles/docker-compose/templates/volumes.yml.j2' %} data: + name: {{ baserow_volume }} redis: {% include 'roles/docker-compose/templates/networks.yml.j2' %} \ No newline at end of file diff --git a/roles/web-app-baserow/vars/main.yml b/roles/web-app-baserow/vars/main.yml index b59afb70..f10d607d 100644 --- a/roles/web-app-baserow/vars/main.yml +++ b/roles/web-app-baserow/vars/main.yml @@ -1,3 +1,7 @@ -application_id: "baserow" -database_password: "{{ baserow_database_password }}" -database_type: "postgres" \ No newline at end of file +application_id: "web-app-baserow" +database_password: "{{ applications | get_app_conf(application_id, 'credentials.database_password', True) }}" +database_type: "postgres" +baserow_version: "{{ applications | get_app_conf(application_id, 'docker.services.baserow.version', True) }}" +baserow_image: "{{ applications | get_app_conf(application_id, 'docker.services.baserow.image', True) }}" +baserow_name: "{{ applications | get_app_conf(application_id, 'docker.services.baserow.name', True) }}" +baserow_volume: "{{ applications | get_app_conf(application_id, 'docker.services.volumes.data', True) }}" diff --git a/roles/web-app-coturn/templates/docker-compose.yml.j2 b/roles/web-app-coturn/templates/docker-compose.yml.j2 index 79800de3..ac8637e6 100644 --- a/roles/web-app-coturn/templates/docker-compose.yml.j2 +++ b/roles/web-app-coturn/templates/docker-compose.yml.j2 @@ -1,24 +1,8 @@ {% include 'roles/docker-compose/templates/base.yml.j2' %} - application: -{% include 'roles/docker-container/templates/base.yml.j2' %} - image: "gitea/gitea:{{applications.gitea.version}}" - ports: - - "127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}" - - "{{ports.public.ssh[application_id]}}:22" - volumes: - - data:/data - - /etc/timezone:/etc/timezone:ro - - /etc/localtime:/etc/localtime:ro -{% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %} - -{% include 'roles/docker-container/templates/networks.yml.j2' %} -{% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %} - -{% include 'roles/docker-compose/templates/volumes.yml.j2' %} - data: - -{% include 'roles/docker-compose/templates/networks.yml.j2' %} + coturn: +{% include 'roles/docker-container/templates/base.yml.j2' %} +{% include 'roles/docker-container/templates/networks.yml.j2' %} image: coturn/coturn restart: always network_mode: "host" # Nutzt die Host-IP für externe Erreichbarkeit (optional) @@ -58,6 +42,8 @@ --denied-peer-ip=203.0.113.0-203.0.113.255 --denied-peer-ip=240.0.0.0-255.255.255.255 -volumes: - nextcloud: +{% include 'roles/docker-compose/templates/networks.yml.j2' %} + +{% include 'roles/docker-compose/templates/volumes.yml.j2' %} coturn-config: + diff --git a/roles/web-app-coturn/vars/main.yml b/roles/web-app-coturn/vars/main.yml index db92a11d..fe189d24 100644 --- a/roles/web-app-coturn/vars/main.yml +++ b/roles/web-app-coturn/vars/main.yml @@ -1,3 +1,2 @@ -application_id: "coturn" -container_port: 3000 -#database_type: "mariadb" \ No newline at end of file +application_id: "web-app-coturn" +container_port: 3000 diff --git a/roles/web-app-discourse/config/main.yml b/roles/web-app-discourse/config/main.yml index f8343df6..e2a96915 100644 --- a/roles/web-app-discourse/config/main.yml +++ b/roles/web-app-discourse/config/main.yml @@ -1,10 +1,8 @@ -network: "discourse_default" # Name of the docker network -container: "discourse_application" # Name of the container application repository: "discourse_repository" # Name of the repository folder features: matomo: true css: true - port-ui-desktop: true + port-ui-desktop: true oidc: true central_database: true ldap: false # @todo implement and activate @@ -25,4 +23,13 @@ docker: database: enabled: true redis: - enabled: true \ No newline at end of file + enabled: true + # This container is propably wrong name. + # Chance is high that the name is discourse_application. + # @todo check this out and repair it if necessary + discourse: + name: "discourse" + no_stop_required: true + volumes: + data: discourse_data + network: discourse diff --git a/roles/web-app-discourse/handlers/main.yml b/roles/web-app-discourse/handlers/main.yml index f95aa3f3..638cb77a 100644 --- a/roles/web-app-discourse/handlers/main.yml +++ b/roles/web-app-discourse/handlers/main.yml @@ -1,7 +1,7 @@ --- - name: "stop and remove discourse container if it exist" docker_container: - name: "{{applications | get_app_conf(application_id, 'container', True)}}" + name: "{{ discourse_name }}" state: absent register: container_action failed_when: container_action.failed and 'No such container' not in container_action.msg @@ -17,7 +17,7 @@ listen: recreate discourse - name: rebuild discourse - shell: ./launcher rebuild {{applications | get_app_conf(application_id, 'container', True)}} + shell: ./launcher rebuild {{ discourse_name }} args: executable: /bin/bash chdir: "{{docker_repository_directory }}" diff --git a/roles/web-app-discourse/tasks/main.yml b/roles/web-app-discourse/tasks/main.yml index 5be4f093..6673354c 100644 --- a/roles/web-app-discourse/tasks/main.yml +++ b/roles/web-app-discourse/tasks/main.yml @@ -43,26 +43,26 @@ meta: flush_handlers when: run_once_docker_discourse is not defined -- name: "Connect {{ applications | get_app_conf(application_id, 'container', True) }} to network {{ applications['svc-db-postgres'].network }}" +- name: "Connect {{ discourse_name }} to network {{ applications['svc-db-postgres'].network }}" command: > - docker network connect {{ applications['svc-db-postgres'].network }} {{ applications | get_app_conf(application_id, 'container', True) }} + docker network connect {{ applications['svc-db-postgres'].network }} {{ discourse_name }} register: network_connect failed_when: > network_connect.rc != 0 and - 'Error response from daemon: endpoint with name {{ applications | get_app_conf(application_id, 'container', True) }} already exists in network {{ applications["svc-db-postgres"].network }}' + 'Error response from daemon: endpoint with name {{ discourse_name }} already exists in network {{ applications["svc-db-postgres"].network }}' not in network_connect.stderr changed_when: network_connect.rc == 0 when: - applications | get_app_conf(application_id, 'features.central_database', False) - run_once_docker_discourse is not defined -- name: "Remove {{ applications | get_app_conf(application_id, 'network', True) }} from {{ database_host }}" +- name: "Remove {{ discourse_network }} from {{ database_host }}" command: > - docker network disconnect {{ applications | get_app_conf(application_id, 'network', True) }} {{ database_host }} + docker network disconnect {{ discourse_network }} {{ database_host }} register: network_disconnect failed_when: > network_disconnect.rc != 0 and - 'is not connected to network {{ applications | get_app_conf(application_id, 'network', True) }}' not in network_disconnect.stderr + 'is not connected to network {{ discourse_network }}' not in network_disconnect.stderr changed_when: network_disconnect.rc == 0 when: - applications | get_app_conf(application_id, 'features.central_database', False) diff --git a/roles/web-app-discourse/templates/discourse_application.yml.j2 b/roles/web-app-discourse/templates/discourse_application.yml.j2 index fb7c8349..9d2ec1da 100644 --- a/roles/web-app-discourse/templates/discourse_application.yml.j2 +++ b/roles/web-app-discourse/templates/discourse_application.yml.j2 @@ -90,7 +90,7 @@ env: ## The Docker container is stateless; all data is stored in /shared volumes: - volume: - host: discourse_data + host: {{ discourse_volume }} guest: /shared - volume: host: /var/discourse/shared/standalone/log/var-log @@ -178,4 +178,4 @@ run: docker_args: - --network={{application_id}}_default - - --name={{applications | get_app_conf(application_id, 'container', True)}} + - --name={{ discourse_name }} diff --git a/roles/web-app-discourse/vars/main.yml b/roles/web-app-discourse/vars/main.yml index 382c6026..dddfaa7c 100644 --- a/roles/web-app-discourse/vars/main.yml +++ b/roles/web-app-discourse/vars/main.yml @@ -1,6 +1,15 @@ -application_id: "discourse" +application_id: "web-app-discourse" + +# Database database_password: "{{ applications | get_app_conf(application_id, 'credentials.database_password', True) }}" database_type: "postgres" -docker_repository_directory : "{{docker_compose.directories.services}}{{applications | get_app_conf(application_id, 'repository', True)}}/" -discourse_application_yml_destination: "{{docker_repository_directory }}containers/{{applications | get_app_conf(application_id, 'container', True)}}.yml" + +# Discourse +discourse_name: "{{ applications | get_app_conf(application_id, 'docker.services.discourse.name', True) }}" +discourse_application_yml_destination: "{{ docker_repository_directory }}containers/{{discourse_name }}.yml" +discourse_network: "{{ applications | get_app_conf(application_id, 'docker.network', True) }}" +discourse_volume: "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}" + +# General Docker Configuration +docker_repository_directory : "{{ docker_compose.directories.services}}{{applications | get_app_conf(application_id, 'repository', True) }}/" docker_compose_flush_handlers: false \ No newline at end of file diff --git a/roles/web-app-elk/defaults/main.yml b/roles/web-app-elk/defaults/main.yml index 5bff7199..bd8a90de 100644 --- a/roles/web-app-elk/defaults/main.yml +++ b/roles/web-app-elk/defaults/main.yml @@ -1,2 +1,3 @@ --- docker_elk_compose_path: "/srv/github.com/kevinveenbirkenbach/web-app-elk/" +elastic_search_password: '' # Just defined to pass the integration test. this role is old and hadn't been used since ages so @todo delete it as soon as you implement it productive \ No newline at end of file diff --git a/roles/web-app-elk/vars/main.yml b/roles/web-app-elk/vars/main.yml index 8fd85cc8..7e9589bc 100644 --- a/roles/web-app-elk/vars/main.yml +++ b/roles/web-app-elk/vars/main.yml @@ -1 +1 @@ -application_id: elk \ No newline at end of file +application_id: web-app-elk \ No newline at end of file diff --git a/roles/web-app-gitea/config/main.yml b/roles/web-app-gitea/config/main.yml index be2cc9ac..02671ed8 100644 --- a/roles/web-app-gitea/config/main.yml +++ b/roles/web-app-gitea/config/main.yml @@ -1,6 +1,4 @@ -title: "CyMaIS Code Hub" -images: - gitea: "gitea/gitea:latest" +title: "CyMaIS Code Hub" # @todo load automatic based on service_porvider infos configuration: repository: enable_push_create_user: True # Allow users to push local repositories to Gitea and have them automatically created for a user. @@ -9,14 +7,14 @@ configuration: features: matomo: true css: false - port-ui-desktop: true + port-ui-desktop: true central_database: true ldap: true oauth2: true - oidc: false # Deactivated because users aren't auto-created. + oidc: false # Deactivated because users aren't auto-created. oauth2_proxy: application: "application" - port: "3000" + port: "<< defaults_applications[web-app-gitea].docker.services.gitea.port >>" acl: blacklist: - "/user/login" @@ -40,4 +38,12 @@ domains: docker: services: database: - enabled: true \ No newline at end of file + enabled: true + gitea: + image: "gitea/gitea" + version: "latest" + no_stop_required: true + port: 3000 + name: "gitea" + volumes: + data: "gitea_data" \ No newline at end of file diff --git a/roles/web-app-gitea/templates/docker-compose.yml.j2 b/roles/web-app-gitea/templates/docker-compose.yml.j2 index 20e61b2d..d6b5d740 100644 --- a/roles/web-app-gitea/templates/docker-compose.yml.j2 +++ b/roles/web-app-gitea/templates/docker-compose.yml.j2 @@ -2,7 +2,8 @@ application: {% include 'roles/docker-container/templates/base.yml.j2' %} - image: "{{ applications | get_app_conf(application_id, 'images.gitea', True) }}" + image: "{{ gitea_image }}:{{ gitea_version }}" + name: "{{ gitea_name }}" ports: - "127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}" - "{{ports.public.ssh[application_id]}}:22" @@ -16,5 +17,6 @@ {% include 'roles/docker-compose/templates/volumes.yml.j2' %} data: + name: {{ gitea_volume }} {% include 'roles/docker-compose/templates/networks.yml.j2' %} \ No newline at end of file diff --git a/roles/web-app-gitea/vars/main.yml b/roles/web-app-gitea/vars/main.yml index 2bf502e8..563a2219 100644 --- a/roles/web-app-gitea/vars/main.yml +++ b/roles/web-app-gitea/vars/main.yml @@ -1,6 +1,5 @@ -application_id: "gitea" -container_port: 3000 -database_type: "mariadb" +application_id: "web-app-gitea" +database_type: "mariadb" gitea_ldap_auth_args: - '--name "LDAP ({{ primary_domain }})"' - '--host "{{ ldap.server.domain }}"' @@ -16,3 +15,9 @@ gitea_ldap_auth_args: - '--email-attribute "{{ ldap.user.attributes.mail }}"' - '--public-ssh-key-attribute "{{ ldap.user.attributes.ssh_public_key }}"' - '--synchronize-users' +gitea_version: "{{ applications | get_app_conf(application_id, 'docker.services.gitea.version', True) }}" +gitea_image: "{{ applications | get_app_conf(application_id, 'docker.services.gitea.image', True) }}" +gitea_name: "{{ applications | get_app_conf(application_id, 'docker.services.gitea.name', True) }}" +gitea_volume: "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}" + +container_port: "{{ applications | get_app_conf(application_id, 'docker.services.gitea.port', True) }}" \ No newline at end of file diff --git a/roles/web-app-gitlab/config/main.yml b/roles/web-app-gitlab/config/main.yml index ce6c57ad..99aa7ad8 100644 --- a/roles/web-app-gitlab/config/main.yml +++ b/roles/web-app-gitlab/config/main.yml @@ -10,4 +10,6 @@ docker: redis: enabled: true database: - enabled: true \ No newline at end of file + enabled: true +credentials: + initial_root_password: "{{ users.administrator.password }}" \ No newline at end of file diff --git a/roles/web-app-gitlab/vars/main.yml b/roles/web-app-gitlab/vars/main.yml index bc45f607..fc12ba89 100644 --- a/roles/web-app-gitlab/vars/main.yml +++ b/roles/web-app-gitlab/vars/main.yml @@ -1,2 +1,3 @@ -application_id: "gitlab" -database_type: "postgres" \ No newline at end of file +application_id: "gitlab" +database_type: "postgres" +gitlab_initial_root_password: "{{ applications | get_app_conf(application_id, 'credentials.initial_root_password') }}" \ No newline at end of file diff --git a/roles/web-app-joomla/vars/main.yml b/roles/web-app-joomla/vars/main.yml index eff41ceb..5d6dc4ae 100644 --- a/roles/web-app-joomla/vars/main.yml +++ b/roles/web-app-joomla/vars/main.yml @@ -1,3 +1,2 @@ -application_id: "joomla" -database_password: "{{joomla_database_password}}" +application_id: "web-app-joomla" database_type: "postgres" \ No newline at end of file diff --git a/roles/web-app-listmonk/config/main.yml b/roles/web-app-listmonk/config/main.yml index 8bd84d8a..09cfe399 100644 --- a/roles/web-app-listmonk/config/main.yml +++ b/roles/web-app-listmonk/config/main.yml @@ -1,11 +1,8 @@ -images: - listmonk: "listmonk/listmonk:latest" -public_api_activated: False # Security hole. Can be used for spaming -version: "latest" # Docker Image version +public_api_activated: False # Security hole. Can be used for spaming # Docker Image version features: matomo: true css: false - port-ui-desktop: true + port-ui-desktop: true central_database: true oidc: true domains: @@ -14,4 +11,10 @@ domains: docker: services: database: - enabled: true \ No newline at end of file + enabled: true + listmonk: + image: listmonk/listmonk + version: latest + no_stop_required: true + name: listmonk + port: 9000 \ No newline at end of file diff --git a/roles/web-app-listmonk/templates/docker-compose.yml.j2 b/roles/web-app-listmonk/templates/docker-compose.yml.j2 index e676a92f..9a2379aa 100644 --- a/roles/web-app-listmonk/templates/docker-compose.yml.j2 +++ b/roles/web-app-listmonk/templates/docker-compose.yml.j2 @@ -2,7 +2,8 @@ application: {% set container_healthcheck = 'health' %} {% include 'roles/docker-container/templates/base.yml.j2' %} - image: "{{ applications | get_app_conf(application_id, 'images.listmonk', True) }}" + image: "{{ listmonk_image }}:{{ listmonk_version }}" + container_name: "{{ listmonk_name }}" ports: - "127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}" volumes: diff --git a/roles/web-app-listmonk/vars/main.yml b/roles/web-app-listmonk/vars/main.yml index 4ba9e647..cff30363 100644 --- a/roles/web-app-listmonk/vars/main.yml +++ b/roles/web-app-listmonk/vars/main.yml @@ -1,6 +1,10 @@ -application_id: "listmonk" +application_id: "web-app-listmonk" database_type: "postgres" -container_port: "9000" + +container_port: "{{ applications | get_app_conf(application_id, 'docker.services.listmonk.port', True) }}" +listmonk_version: "{{ applications | get_app_conf(application_id, 'docker.services.listmonk.version', True) }}" +listmonk_image: "{{ applications | get_app_conf(application_id, 'docker.services.listmonk.image', True) }}" +listmonk_name: "{{ applications | get_app_conf(application_id, 'docker.services.listmonk.name', True) }}" listmonk_settings: - key: "app.root_url" diff --git a/roles/web-app-mailu/templates/docker-compose.yml.j2 b/roles/web-app-mailu/templates/docker-compose.yml.j2 index 7160b8d1..064904cb 100644 --- a/roles/web-app-mailu/templates/docker-compose.yml.j2 +++ b/roles/web-app-mailu/templates/docker-compose.yml.j2 @@ -12,14 +12,14 @@ {% include 'roles/docker-container/templates/base.yml.j2' %} ports: - "127.0.0.1:{{ports.localhost.http[application_id]}}:80" - - "{{networks.internet.ip4}}:25:25" - - "{{networks.internet.ip4}}:465:465" - - "{{networks.internet.ip4}}:587:587" - - "{{networks.internet.ip4}}:110:110" - - "{{networks.internet.ip4}}:995:995" - - "{{networks.internet.ip4}}:143:143" - - "{{networks.internet.ip4}}:993:993" - - "{{networks.internet.ip4}}:4190:4190" + - "{{ networks.internet.ip4 }}:25:25" + - "{{ networks.internet.ip4 }}:465:465" + - "{{ networks.internet.ip4 }}:587:587" + - "{{ networks.internet.ip4 }}:110:110" + - "{{ networks.internet.ip4 }}:995:995" + - "{{ networks.internet.ip4 }}:143:143" + - "{{ networks.internet.ip4 }}:993:993" + - "{{ networks.internet.ip4 }}:4190:4190" volumes: - "{{docker_compose.directories.volumes}}overrides/nginx:/overrides:ro" - "{{cert_mount_directory}}:/certs:ro" diff --git a/roles/web-app-mastodon/config/main.yml b/roles/web-app-mastodon/config/main.yml index 5fa4961a..cfe97d49 100644 --- a/roles/web-app-mastodon/config/main.yml +++ b/roles/web-app-mastodon/config/main.yml @@ -1,12 +1,9 @@ -images: - mastodon: "ghcr.io/mastodon/mastodon:latest" - streaming: "ghcr.io/mastodon/mastodon-streaming:latest" single_user_mode: false # Set true for initial setup -setup: false # Set true in inventory file to execute the setup and initializing procedures +setup: false # Set true in inventory file to execute the setup and initializing procedures, don't know if this is still necessary @todo test it features: matomo: true css: true - port-ui-desktop: true + port-ui-desktop: true oidc: true central_database: true domains: @@ -21,4 +18,14 @@ docker: redis: enabled: true database: - enabled: true \ No newline at end of file + enabled: true + mastodon: + image: "ghcr.io/mastodon/mastodon" + version: latest + no_stop_required: true + name: "mastodon" + streaming: + image: "ghcr.io/mastodon/mastodon-streaming" + version: latest + volumes: + data: "mastodon_data" \ No newline at end of file diff --git a/roles/web-app-mastodon/tasks/main.yml b/roles/web-app-mastodon/tasks/main.yml index 4eadc581..fa313ce4 100644 --- a/roles/web-app-mastodon/tasks/main.yml +++ b/roles/web-app-mastodon/tasks/main.yml @@ -18,13 +18,13 @@ - name: flush docker service meta: flush_handlers - when: applications.mastodon.setup |bool + when: mastodon_setup |bool - name: setup routine for mastodon command: cmd: "docker-compose run --rm web bundle exec rails db:migrate" chdir: "{{docker_compose.directories.instance}}" - when: applications.mastodon.setup |bool + when: mastodon_setup |bool - name: "include create-administrator.yml for mastodon" include_tasks: create-administrator.yml \ No newline at end of file diff --git a/roles/web-app-mastodon/templates/docker-compose.yml.j2 b/roles/web-app-mastodon/templates/docker-compose.yml.j2 index 1154d339..2abd1df0 100644 --- a/roles/web-app-mastodon/templates/docker-compose.yml.j2 +++ b/roles/web-app-mastodon/templates/docker-compose.yml.j2 @@ -3,7 +3,8 @@ web: {% set container_port = 3000 %} {% set container_healthcheck = 'health' %} - image: "{{ applications | get_app_conf(application_id, 'images.' ~ application_id, True) }}" + container_name: {{ mastodon_name }} + image: "{{ mastodon_image }}:{{ mastodon_version }}" {% include 'roles/docker-container/templates/base.yml.j2' %} command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p {{ container_port }}" {% include 'roles/docker-container/templates/healthcheck/wget.yml.j2' %} @@ -17,7 +18,8 @@ streaming: {% set container_port = 4000 %} {% set container_healthcheck = 'api/v1/streaming/health' %} - image: "{{ applications | get_app_conf(application_id, 'images.streaming', True) }}" + container_name: {{ mastodon_streaming_name }} + image: "{{ mastodon_streaming_image }}:{{ mastodon_streaming_version }}" {% include 'roles/docker-container/templates/base.yml.j2' %} command: node ./streaming {% include 'roles/docker-container/templates/healthcheck/wget.yml.j2' %} @@ -27,7 +29,8 @@ {% include 'roles/docker-container/templates/networks.yml.j2' %} sidekiq: - image: "{{ applications | get_app_conf(application_id, 'images.mastodon', True) }}" + container_name: {{ mastodon_sidekiq_name }} + image: "{{ mastodon_image }}:{{ mastodon_version }}" {% include 'roles/docker-container/templates/base.yml.j2' %} command: bundle exec sidekiq {% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %} @@ -40,5 +43,5 @@ {% include 'roles/docker-compose/templates/volumes.yml.j2' %} redis: data: - + name: "{{ mastodon_volume }}" {% include 'roles/docker-compose/templates/networks.yml.j2' %} \ No newline at end of file diff --git a/roles/web-app-mastodon/templates/env.j2 b/roles/web-app-mastodon/templates/env.j2 index bfdcdcc3..9eeb08cc 100644 --- a/roles/web-app-mastodon/templates/env.j2 +++ b/roles/web-app-mastodon/templates/env.j2 @@ -5,7 +5,7 @@ LOCAL_DOMAIN={{domains | get_domain(application_id)}} ALTERNATE_DOMAINS="{{ domains.mastodon[1:] | join(',') }}" -SINGLE_USER_MODE={{applications.mastodon.single_user_mode}} +SINGLE_USER_MODE={{ applications | get_app_conf(application_id, 'single_user_mode', True) }} # Credentials @@ -13,15 +13,15 @@ SINGLE_USER_MODE={{applications.mastodon.single_user_mode}} # ------- # Make sure to use `bundle exec rails secret` to generate secrets # ------- -SECRET_KEY_BASE= {{applications.mastodon.credentials.secret_key_base}} -OTP_SECRET= {{applications.mastodon.credentials.otp_secret}} +SECRET_KEY_BASE= {{ applications | get_app_conf(application_id, 'credentials.secret_key_base') }} +OTP_SECRET= {{ applications | get_app_conf(application_id, 'credentials.otp_secret') }} # Web Push # -------- # Generate with `bundle exec rails mastodon:webpush:generate_vapid_key` # -------- -VAPID_PRIVATE_KEY= {{applications.mastodon.credentials.vapid_private_key}} -VAPID_PUBLIC_KEY= {{applications.mastodon.credentials.vapid_public_key}} +VAPID_PRIVATE_KEY= {{ applications | get_app_conf(application_id, 'credentials.vapid_private_key') }} +VAPID_PUBLIC_KEY= {{ applications | get_app_conf(application_id, 'credentials.vapid_public_key') }} # Encryption secrets # ------------------ @@ -29,9 +29,9 @@ VAPID_PUBLIC_KEY= {{applications.mastodon.credentials.vapid_public_key}} # These are private/secret values, do not share outside hosting environment # Use `bin/rails db:encryption:init` to generate fresh secrets # Do NOT change these secrets once in use, as this would cause data loss and other issues -ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY= {{applications.mastodon.credentials.active_record_encryption_deterministic_key}} -ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT= {{applications.mastodon.credentials.active_record_encryption_key_derivation_salt}} -ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY= {{applications.mastodon.credentials.active_record_encryption_primary_key}} +ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY= {{ applications | get_app_conf(application_id, 'credentials.active_record_encryption_deterministic_key') }} +ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT= {{ applications | get_app_conf(application_id, 'credentials.active_record_encryption_key_derivation_salt') }} +ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY= {{ applications | get_app_conf(application_id, 'credentials.active_record_encryption_primary_key') }} DB_HOST={{ database_host }} DB_PORT={{ database_port }} diff --git a/roles/web-app-mastodon/vars/main.yml b/roles/web-app-mastodon/vars/main.yml index 9d7d2c5a..4280d5a7 100644 --- a/roles/web-app-mastodon/vars/main.yml +++ b/roles/web-app-mastodon/vars/main.yml @@ -1,2 +1,11 @@ -application_id: "mastodon" -database_type: "postgres" \ No newline at end of file +application_id: "web-app-mastodon" +database_type: "postgres" +mastodon_version: "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.version', True) }}" +mastodon_image: "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.image', True) }}" +mastodon_name: "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name', True) }}" +mastodon_volume: "{{ applications | get_app_conf(application_id, 'docker.services.volumes.data', True) }}" +mastodon_streaming_version: "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.version', True) }}" +mastodon_streaming_image: "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.image', True) }}" +mastodon_streaming_name: "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name', True) }}_streaming" +mastodon_sidekiq_name: "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name', True) }}_sidekiq" +mastodon_setup: "{{ applications | get_app_conf(application_id, 'setup', True) }}" \ No newline at end of file diff --git a/roles/web-app-matomo/config/main.yml b/roles/web-app-matomo/config/main.yml index 4486699d..d0ea4169 100644 --- a/roles/web-app-matomo/config/main.yml +++ b/roles/web-app-matomo/config/main.yml @@ -33,8 +33,13 @@ excluded_ips: "{{ networks.internet.values() | list }}" docker: services: matomo: - image: "matomo:latest" + image: "matomo" + version: "latest" + name: "matomo" + no_stop_required: true database: enabled: true redis: - enabled: false \ No newline at end of file + enabled: false + volumes: + data: matomo_data \ No newline at end of file diff --git a/roles/web-app-matomo/templates/docker-compose.yml.j2 b/roles/web-app-matomo/templates/docker-compose.yml.j2 index 854467ae..d6f9c4a2 100644 --- a/roles/web-app-matomo/templates/docker-compose.yml.j2 +++ b/roles/web-app-matomo/templates/docker-compose.yml.j2 @@ -2,7 +2,7 @@ application: {% set container_port = 80 %} {% include 'roles/docker-container/templates/base.yml.j2' %} - image: "{{ applications | get_app_conf(application_id, 'docker.services.matomo.image', True) }}" + image: "{{ matomo_image }}:{{ matomo_version }}" ports: - "127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}" volumes: @@ -12,5 +12,6 @@ {% include 'roles/docker-container/templates/healthcheck/tcp.yml.j2' %} {% include 'roles/docker-compose/templates/volumes.yml.j2' %} data: + name: {{ matomo_data }} {% include 'roles/docker-compose/templates/networks.yml.j2' %} diff --git a/roles/web-app-matomo/vars/main.yml b/roles/web-app-matomo/vars/main.yml index 39f3d56d..7bc65e76 100644 --- a/roles/web-app-matomo/vars/main.yml +++ b/roles/web-app-matomo/vars/main.yml @@ -4,7 +4,9 @@ database_type: "mariadb" matomo_excluded_ips: "{{ applications | get_app_conf(application_id, 'excluded_ips', True) }}" matomo_index_php_url: "{{ domains | get_url(application_id, web_protocol) }}/index.php" matomo_auth_token: "{{ applications | get_app_conf(application_id, 'credentials.auth_token', True) }}" - +matomo_version: "{{ applications | get_app_conf(application_id, 'docker.services.matomo.version', True) }}" +matomo_image: "{{ applications | get_app_conf(application_id, 'docker.services.matomo.image', True) }}" +matomo_data: "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}" # I don't know if this is still necessary domain: "{{ domains | get_domain(application_id) }}" \ No newline at end of file diff --git a/roles/web-app-matrix-ansible/tasks/main.yml b/roles/web-app-matrix-ansible/tasks/main.yml index eb2d37e1..d346fec9 100644 --- a/roles/web-app-matrix-ansible/tasks/main.yml +++ b/roles/web-app-matrix-ansible/tasks/main.yml @@ -3,8 +3,8 @@ include_role: name: srv-proxy-6-6-domain loop: - - "{{domains.matrix.element}}" - - "{{domains.matrix.synapse}}" + - "{{ domains[application_id].element }}" + - "{{ domains[application_id].synapse }}" loop_control: loop_var: domain @@ -80,7 +80,7 @@ become: false - name: play matrix-web-app-ansible-deploy - local_action: "command ansible-playbook -i {{hosts_path}} {{local_repository_directory}}/setup.yml -vvv --tags={{applications.matrix.playbook_tags}}" + local_action: "command ansible-playbook -i {{hosts_path}} {{local_repository_directory}}/setup.yml -vvv --tags={{ applications | get_app_conf(application_id, 'playbook_tags')}}" become: false @@ -129,13 +129,13 @@ #- name: add log.config # template: # src: "log.config.j2" -# dest: "{{docker_compose.directories.instance}}{{domains.matrix.synapse}}.log.config" +# dest: "{{docker_compose.directories.instance}}{{domains[application_id].synapse}}.log.config" # notify: recreate matrix # ## https://github.com/matrix-org/synapse/issues/6303 #- name: set correct folder permissions # command: -# cmd: "docker run --rm --mount type=volume,src=matrix_synapse_data,dst=/data -e SYNAPSE_SERVER_NAME={{domains.matrix.synapse}} -e SYNAPSE_REPORT_STATS=no --entrypoint /bin/sh matrixdotorg/synapse:latest -c 'chown -vR 991:991 /data'" +# cmd: "docker run --rm --mount type=volume,src=matrix_synapse_data,dst=/data -e SYNAPSE_SERVER_NAME={{domains[application_id].synapse}} -e SYNAPSE_REPORT_STATS=no --entrypoint /bin/sh matrixdotorg/synapse:latest -c 'chown -vR 991:991 /data'" # #- name: add docker-compose.yml # template: diff --git a/roles/web-app-matrix-ansible/templates/vars.yml.j2 b/roles/web-app-matrix-ansible/templates/vars.yml.j2 index 4f33a1eb..825cd2ea 100644 --- a/roles/web-app-matrix-ansible/templates/vars.yml.j2 +++ b/roles/web-app-matrix-ansible/templates/vars.yml.j2 @@ -8,7 +8,7 @@ # because you can't change the Domain after deployment. # # Example value: example.com -matrix_domain: "{{domains.matrix.synapse}}" +matrix_domain: "{{domains[application_id].synapse}}" # The Matrix homeserver software to install. # See: diff --git a/roles/web-app-matrix/config/main.yml b/roles/web-app-matrix/config/main.yml index ec0bf65a..424b9a66 100644 --- a/roles/web-app-matrix/config/main.yml +++ b/roles/web-app-matrix/config/main.yml @@ -2,20 +2,24 @@ docker: services: database: enabled: true -images: - synapse: "matrixdotorg/synapse:latest" - element: "vectorim/element-web:latest" + synapse: + version: latest + image: matrixdotorg/synapse + name: matrix-synapse + no_stop_required: true + element: + version: latest + image: vectorim/element-web + name: matrix-element + volumes: + synapse: "matrix_synapse_data" playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start -server_name: "{{primary_domain}}" # Adress for the account names etc. -synapse: - version: "latest" -element: - version: "latest" +server_name: "{{ primary_domain }}" # Adress for the account names etc. setup: false # Set true in inventory file to execute the setup and initializing procedures features: matomo: false # Deactivated, because in html CSP restricts use css: true - port-ui-desktop: true + port-ui-desktop: true oidc: true # Deactivated OIDC due to this issue https://github.com/matrix-org/synapse/issues/10492 central_database: true csp: diff --git a/roles/web-app-matrix/tasks/main.yml b/roles/web-app-matrix/tasks/main.yml index 0a08af9d..bd96fe46 100644 --- a/roles/web-app-matrix/tasks/main.yml +++ b/roles/web-app-matrix/tasks/main.yml @@ -16,8 +16,8 @@ include_role: name: srv-web-7-6-composer vars: - domain: "{{domains.matrix.synapse}}" - http_port: "{{ports.localhost.http.matrix_synapse}}" + domain: "{{domains[application_id].synapse}}" + http_port: "{{ports.localhost.http['web-app-matrix_synapse']}}" - name: create {{well_known_directory}} file: @@ -30,21 +30,21 @@ src: "well-known.j2" dest: "{{well_known_directory}}server" -- name: create {{domains.matrix.synapse}}.conf +- name: create {{domains[application_id].synapse}}.conf template: src: "templates/nginx.conf.j2" - dest: "{{nginx.directories.http.servers}}{{domains.matrix.synapse}}.conf" + dest: "{{nginx.directories.http.servers}}{{domains[application_id].synapse}}.conf" vars: - domain: "{{domains.matrix.synapse}}" # Didn't work in the past. May it works now. This does not seem to work @todo Check how to solve without declaring set_fact, seems a bug at templates - http_port: "{{ports.localhost.http.matrix_synapse}}" + domain: "{{domains[application_id].synapse}}" # Didn't work in the past. May it works now. This does not seem to work @todo Check how to solve without declaring set_fact, seems a bug at templates + http_port: "{{ports.localhost.http['web-app-matrix_synapse']}}" notify: restart nginx - name: "include role srv-proxy-6-6-domain for {{application_id}}" include_role: name: srv-proxy-6-6-domain vars: - domain: "{{domains.matrix.element}}" - http_port: "{{ports.localhost.http.matrix_element}}" + domain: "{{domains[application_id].element}}" + http_port: "{{ports.localhost.http['web-app-matrix_element']}}" - name: include create-and-seed-database.yml for multiple bridges include_tasks: create-and-seed-database.yml @@ -94,13 +94,13 @@ - name: add synapse log configuration template: src: "synapse/log.config.j2" - dest: "{{docker_compose.directories.instance}}{{domains.matrix.synapse}}.log.config" + dest: "{{docker_compose.directories.instance}}{{domains[application_id].synapse}}.log.config" notify: docker compose up # https://github.com/matrix-org/synapse/issues/6303 - name: set correct folder permissions command: - cmd: "docker run --rm --mount type=volume,src=matrix_synapse_data,dst=/data -e SYNAPSE_SERVER_NAME={{domains.matrix.synapse}} -e SYNAPSE_REPORT_STATS=no --entrypoint /bin/sh matrixdotorg/synapse:latest -c 'chown -vR 991:991 /data'" + cmd: "docker run --rm --mount type=volume,src=matrix_synapse_data,dst=/data -e SYNAPSE_SERVER_NAME={{domains[application_id].synapse}} -e SYNAPSE_REPORT_STATS=no --entrypoint /bin/sh matrixdotorg/synapse:latest -c 'chown -vR 991:991 /data'" - name: add docker-compose.yml template: diff --git a/roles/web-app-matrix/templates/docker-compose.yml.j2 b/roles/web-app-matrix/templates/docker-compose.yml.j2 index b56ea2e0..8d336e0d 100644 --- a/roles/web-app-matrix/templates/docker-compose.yml.j2 +++ b/roles/web-app-matrix/templates/docker-compose.yml.j2 @@ -1,23 +1,23 @@ {% include 'roles/docker-compose/templates/base.yml.j2' %} synapse: {% set container_port = 8008 %} - image: "{{ applications | get_app_conf(application_id, 'images.synapse', True) }}" - container_name: matrix-synapse + image: "{{ matrix_synapse_image }}:{{ matrix_synapse_version }}" + container_name: {{ matrix_synapse_name }} restart: {{docker_restart_policy}} logging: driver: journald volumes: - synapse_data:/data - ./homeserver.yaml:/data/homeserver.yaml:ro - - ./{{domains.matrix.synapse}}.log.config:/data/{{domains.matrix.synapse}}.log.config:ro + - ./{{domains[application_id].synapse}}.log.config:/data/{{domains[application_id].synapse}}.log.config:ro {% for item in bridges %} - {{docker_compose.directories.instance}}mautrix/{{item.bridge_name}}/registration.yaml:{{registration_file_folder}}{{item.bridge_name}}.registration.yaml:ro {% endfor %} environment: - - SYNAPSE_SERVER_NAME={{domains.matrix.synapse}} + - SYNAPSE_SERVER_NAME={{domains[application_id].synapse}} - SYNAPSE_REPORT_STATS=no ports: - - "127.0.0.1:{{ports.localhost.http.matrix_synapse}}:{{ container_port }}" + - "127.0.0.1:{{ports.localhost.http['web-app-matrix_synapse']}}:{{ container_port }}" {% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %} {% if bridges | length > 0 %} {% for item in bridges %} @@ -30,13 +30,13 @@ {% include 'roles/docker-container/templates/networks.yml.j2' %} element: {% set container_port = 80 %} - image: "{{ applications | get_app_conf(application_id, 'images.element', True) }}" - container_name: matrix-element + image: "{{ matrix_element_image }}:{{ matrix_element_version }}" + container_name: {{ matrix_element_name }} restart: {{docker_restart_policy}} volumes: - ./element-config.json:/app/config.json ports: - - "127.0.0.1:{{ports.localhost.http.matrix_element}}:{{ container_port }}" + - "127.0.0.1:{{ports.localhost.http['web-app-matrix_element']}}:{{ container_port }}" {% include 'roles/docker-container/templates/healthcheck/wget.yml.j2' %} {% include 'roles/docker-container/templates/networks.yml.j2' %} @@ -81,7 +81,7 @@ KEYV_URL: '' KEYV_BOT_ENCRYPTION: 'false' KEYV_BOT_STORAGE: 'true' - MATRIX_HOMESERVER_URL: 'https://{{domains.matrix.synapse}}' + MATRIX_HOMESERVER_URL: '{{ web_protocol }}://{{ domains[application_id].synapse }}' MATRIX_BOT_USERNAME: '@chatgptbot:{{applications | get_app_conf(application_id, 'server_name', True)}}' MATRIX_ACCESS_TOKEN: '{{ applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_access_token', True) | default('') }}' MATRIX_BOT_PASSWORD: '{{applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_user_password', True)}}' @@ -98,8 +98,9 @@ {% include 'roles/docker-compose/templates/volumes.yml.j2' %} synapse_data: + name: {{ matrix_synapse_data }} {% if applications | get_app_conf(application_id, 'plugins.chatgpt', True) | bool %} - chatgpt_data: + chatgpt_data: {% endif %} {% include 'roles/docker-compose/templates/networks.yml.j2' %} \ No newline at end of file diff --git a/roles/web-app-matrix/templates/element.config.json.j2 b/roles/web-app-matrix/templates/element.config.json.j2 index 714acfcd..696c255a 100644 --- a/roles/web-app-matrix/templates/element.config.json.j2 +++ b/roles/web-app-matrix/templates/element.config.json.j2 @@ -1,8 +1,8 @@ { "default_server_config": { "m.homeserver": { - "base_url": "{{ web_protocol }}://{{domains.matrix.synapse}}", - "server_name": "{{domains.matrix.synapse}}" + "base_url": "{{ web_protocol }}://{{domains[application_id].synapse}}", + "server_name": "{{domains[application_id].synapse}}" }, "m.identity_server": { "base_url": "{{ web_protocol }}://{{primary_domain}}" diff --git a/roles/web-app-matrix/templates/mautrix/facebook.config.yml.j2 b/roles/web-app-matrix/templates/mautrix/facebook.config.yml.j2 index 7a938224..c5cfd983 100644 --- a/roles/web-app-matrix/templates/mautrix/facebook.config.yml.j2 +++ b/roles/web-app-matrix/templates/mautrix/facebook.config.yml.j2 @@ -143,7 +143,7 @@ bridge: sync_direct_chat_list: false # Servers to always allow double puppeting from double_puppet_server_map: - {{applications | get_app_conf(application_id, 'server_name', True)}}: {{domains.matrix.synapse}} + {{applications | get_app_conf(application_id, 'server_name', True)}}: {{domains[application_id].synapse}} # Allow using double puppeting from any server with a valid client .well-known file. double_puppet_allow_discovery: false # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth diff --git a/roles/web-app-matrix/templates/mautrix/instagram.config.yml.j2 b/roles/web-app-matrix/templates/mautrix/instagram.config.yml.j2 index 14f0527e..6f3905bb 100644 --- a/roles/web-app-matrix/templates/mautrix/instagram.config.yml.j2 +++ b/roles/web-app-matrix/templates/mautrix/instagram.config.yml.j2 @@ -134,7 +134,7 @@ bridge: double_puppet_allow_discovery: false # Servers to allow double puppeting from, even if double_puppet_allow_discovery is false. double_puppet_server_map: - {{applications | get_app_conf(application_id, 'server_name', True)}}: https://{{domains.matrix.synapse}} + {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ web_protocol }}://{{ domains[application_id].synapse }} # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth # # If set, custom puppets will be enabled automatically for local users diff --git a/roles/web-app-matrix/templates/mautrix/signal.config.yml.j2 b/roles/web-app-matrix/templates/mautrix/signal.config.yml.j2 index dc9d20d4..e26e5ea6 100644 --- a/roles/web-app-matrix/templates/mautrix/signal.config.yml.j2 +++ b/roles/web-app-matrix/templates/mautrix/signal.config.yml.j2 @@ -141,7 +141,7 @@ bridge: federate_rooms: true # Servers to always allow double puppeting from double_puppet_server_map: - {{applications | get_app_conf(application_id, 'server_name', True)}}: https://{{domains.matrix.synapse}} + {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ web_protocol }}://{{ domains[application_id].synapse }} # Allow using double puppeting from any server with a valid client .well-known file. double_puppet_allow_discovery: false # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth diff --git a/roles/web-app-matrix/templates/mautrix/slack.config.yml.j2 b/roles/web-app-matrix/templates/mautrix/slack.config.yml.j2 index b19fee2c..70b20729 100644 --- a/roles/web-app-matrix/templates/mautrix/slack.config.yml.j2 +++ b/roles/web-app-matrix/templates/mautrix/slack.config.yml.j2 @@ -118,7 +118,7 @@ bridge: # Servers to always allow double puppeting from double_puppet_server_map: - {{applications | get_app_conf(application_id, 'server_name', True)}}: https://{{domains.matrix.synapse}} + {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ web_protocol }}://{{ domains[application_id].synapse }} # Allow using double puppeting from any server with a valid client .well-known file. double_puppet_allow_discovery: false # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth diff --git a/roles/web-app-matrix/templates/mautrix/telegram.config.yml.j2 b/roles/web-app-matrix/templates/mautrix/telegram.config.yml.j2 index 84a6c459..9155f733 100644 --- a/roles/web-app-matrix/templates/mautrix/telegram.config.yml.j2 +++ b/roles/web-app-matrix/templates/mautrix/telegram.config.yml.j2 @@ -198,7 +198,7 @@ bridge: sync_direct_chat_list: false # Servers to always allow double puppeting from double_puppet_server_map: - {{applications | get_app_conf(application_id, 'server_name', True)}}: https://{{domains.matrix.synapse}} + {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ web_protocol }}://{{ domains[application_id].synapse }} # Allow using double puppeting from any server with a valid client .well-known file. double_puppet_allow_discovery: false # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth diff --git a/roles/web-app-matrix/templates/mautrix/whatsapp.config.yml.j2 b/roles/web-app-matrix/templates/mautrix/whatsapp.config.yml.j2 index e8713718..3ca80c87 100644 --- a/roles/web-app-matrix/templates/mautrix/whatsapp.config.yml.j2 +++ b/roles/web-app-matrix/templates/mautrix/whatsapp.config.yml.j2 @@ -236,7 +236,7 @@ bridge: force_active_delivery_receipts: false # Servers to always allow double puppeting from double_puppet_server_map: - {{applications | get_app_conf(application_id, 'server_name', True)}}: https://{{domains.matrix.synapse}} + {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ web_protocol }}://{{ domains[application_id].synapse }} # Allow using double puppeting from any server with a valid client .well-known file. double_puppet_allow_discovery: false # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth diff --git a/roles/web-app-matrix/templates/nginx.conf.j2 b/roles/web-app-matrix/templates/nginx.conf.j2 index 175627cb..e8d53dd2 100644 --- a/roles/web-app-matrix/templates/nginx.conf.j2 +++ b/roles/web-app-matrix/templates/nginx.conf.j2 @@ -1,10 +1,10 @@ server { {# Somehow .j2 doesn't interpretate the passed variable right. For this reasons this redeclaration is necessary #} {# Could be that this is related to the set_fact use #} - {% set domain = domains.matrix.synapse %} - {% set http_port = ports.localhost.http.matrix_synapse %} + {% set domain = domains[application_id].synapse %} + {% set http_port = ports.localhost.http['web-app-matrix_synapse'] %} - server_name {{domains.matrix.synapse}}; + server_name {{domains[application_id].synapse}}; {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %} # For the federation port diff --git a/roles/web-app-matrix/templates/synapse/homeserver.yaml.j2 b/roles/web-app-matrix/templates/synapse/homeserver.yaml.j2 index ef144edc..5167cb71 100644 --- a/roles/web-app-matrix/templates/synapse/homeserver.yaml.j2 +++ b/roles/web-app-matrix/templates/synapse/homeserver.yaml.j2 @@ -17,15 +17,15 @@ database: host: "{{database_host}}" cp_min: 5 cp_max: 10 -log_config: "/data/{{domains.matrix.synapse}}.log.config" +log_config: "/data/{{domains[application_id].synapse}}.log.config" media_store_path: "/data/media_store" registration_shared_secret: "{{applications | get_app_conf(application_id, 'credentials.registration_shared_secret', True)}}" report_stats: true macaroon_secret_key: "{{applications | get_app_conf(application_id, 'credentials.macaroon_secret_key', True)}}" form_secret: "{{applications | get_app_conf(application_id, 'credentials.form_secret', True)}}" -signing_key_path: "/data/{{domains.matrix.synapse}}.signing.key" -web_client_location: "{{ web_protocol }}://{{domains.matrix.element}}" -public_baseurl: "{{ web_protocol }}://{{domains.matrix.synapse}}" +signing_key_path: "/data/{{domains[application_id].synapse}}.signing.key" +web_client_location: "{{ web_protocol }}://{{domains[application_id].element}}" +public_baseurl: "{{ web_protocol }}://{{domains[application_id].synapse}}" trusted_key_servers: - server_name: "matrix.org" admin_contact: 'mailto:{{ users.administrator.email }}' @@ -39,10 +39,10 @@ email: #require_transport_security: true enable_tls: "{{ system_email.tls | upper }}" notif_from: "Your Friendly %(app)s homeserver <{{ users['no-reply'].email }}>" - app_name: "Matrix on {{domains.matrix.synapse}}" + app_name: "Matrix on {{domains[application_id].synapse}}" enable_notifs: true notif_for_new_users: false - client_base_url: "{{domains.matrix.synapse}}" + client_base_url: "{{domains[application_id].synapse}}" validation_token_lifetime: 15m {% if applications | get_app_conf(application_id, 'features.oidc', False) %} diff --git a/roles/web-app-matrix/templates/synapse/log.config.j2 b/roles/web-app-matrix/templates/synapse/log.config.j2 index 0b345fb3..fba8335f 100644 --- a/roles/web-app-matrix/templates/synapse/log.config.j2 +++ b/roles/web-app-matrix/templates/synapse/log.config.j2 @@ -8,7 +8,7 @@ handlers: file: class: logging.handlers.RotatingFileHandler formatter: precise - filename: /data/{{domains.matrix.synapse}}.homeserver.log + filename: /data/{{domains[application_id].synapse}}.homeserver.log maxBytes: 10485760 backupCount: 3 console: diff --git a/roles/web-app-matrix/templates/well-known.j2 b/roles/web-app-matrix/templates/well-known.j2 index 2ae9946b..7cb9e4c7 100644 --- a/roles/web-app-matrix/templates/well-known.j2 +++ b/roles/web-app-matrix/templates/well-known.j2 @@ -1,3 +1,3 @@ { - "m.server": "{{domains.matrix.synapse}}:{{ WEB_PORT }}" + "m.server": "{{domains[application_id].synapse}}:{{ WEB_PORT }}" } \ No newline at end of file diff --git a/roles/web-app-matrix/vars/main.yml b/roles/web-app-matrix/vars/main.yml index 318e5012..a1cb9284 100644 --- a/roles/web-app-matrix/vars/main.yml +++ b/roles/web-app-matrix/vars/main.yml @@ -1,5 +1,12 @@ --- -application_id: "matrix" +application_id: "web-app-matrix" database_type: "postgres" registration_file_folder: "/data/" -well_known_directory: "{{nginx.directories.data.well_known}}/matrix/" \ No newline at end of file +well_known_directory: "{{nginx.directories.data.well_known}}/matrix/" +matrix_synapse_version: "{{ applications | get_app_conf(application_id, 'docker.services.synapse.version', True) }}" +matrix_synapse_image: "{{ applications | get_app_conf(application_id, 'docker.services.synapse.image', True) }}" +matrix_synapse_name: "{{ applications | get_app_conf(application_id, 'docker.services.synapse.name', True) }}" +matrix_synapse_data: "{{ applications | get_app_conf(application_id, 'docker.volumes.synapse', True) }}" +matrix_element_version: "{{ applications | get_app_conf(application_id, 'docker.services.element.version', True) }}" +matrix_element_image: "{{ applications | get_app_conf(application_id, 'docker.services.element.image', True) }}" +matrix_element_name: "{{ applications | get_app_conf(application_id, 'docker.services.element.name', True) }}" \ No newline at end of file diff --git a/roles/web-app-mediawiki/TODO.md b/roles/web-app-mediawiki/TODO.md index 00084ef4..bc5996cc 100644 --- a/roles/web-app-mediawiki/TODO.md +++ b/roles/web-app-mediawiki/TODO.md @@ -1,2 +1,3 @@ # Todo -- This role needs to be updated to the new role structure \ No newline at end of file +- This role needs to be updated to the new role structure +- It needs to be tested - Really antique role which wasn't used since ages, because I used discourse in production instead and just updated the refactored and restructure stuff here. \ No newline at end of file diff --git a/roles/web-app-mediawiki/config/main.yml b/roles/web-app-mediawiki/config/main.yml index b8c41ba0..ba6873e1 100644 --- a/roles/web-app-mediawiki/config/main.yml +++ b/roles/web-app-mediawiki/config/main.yml @@ -1,3 +1,12 @@ domains: canonical: - - "wiki.{{ primary_domain }}" \ No newline at end of file + - "wiki.{{ primary_domain }}" +docker: + services: + mediawiki: + image: mediawiki + version: latest + no_stop_required: true + name: mediawiki + volumes: + data: mediawiki_data \ No newline at end of file diff --git a/roles/web-app-mediawiki/templates/docker-compose.yml.j2 b/roles/web-app-mediawiki/templates/docker-compose.yml.j2 index 1a1028bc..75e6d00a 100644 --- a/roles/web-app-mediawiki/templates/docker-compose.yml.j2 +++ b/roles/web-app-mediawiki/templates/docker-compose.yml.j2 @@ -1,12 +1,10 @@ {% include 'roles/docker-compose/templates/base.yml.j2' %} application: - # Seems like image tag got lost. @todo Check and implement if necessary - log_driver: journald - restart: "{{docker_restart_policy}}" - depends_on: - - database +{% include 'roles/docker-container/templates/base.yml.j2' %} + container_name: "{{ mediawiki_name }}" + image: "{{ mediawiki_image }}:{{ mediawiki_version }}" volumes: - - "mediawiki-data:/var/www/html/" + - "data:/var/www/html/" ports: - "127.0.0.1:{{ports.localhost.http[application_id]}}:80" {% include 'roles/docker-container/templates/networks.yml.j2' %} @@ -14,5 +12,5 @@ {% include 'roles/docker-compose/templates/volumes.yml.j2' %} data: - + name: {{ mediawiki_volume }} {% include 'roles/docker-compose/templates/networks.yml.j2' %} \ No newline at end of file diff --git a/roles/web-app-mediawiki/vars/main.yml b/roles/web-app-mediawiki/vars/main.yml index 113081fc..fc8e7f9b 100644 --- a/roles/web-app-mediawiki/vars/main.yml +++ b/roles/web-app-mediawiki/vars/main.yml @@ -1,3 +1,6 @@ -application_id: "mediawiki" -database_password: "{{mediawiki_database_password}}" -database_type: "mariadb" \ No newline at end of file +application_id: "web-app-mediawiki" +database_type: "mariadb" +mediawiki_version: "{{ applications | get_app_conf(application_id, 'docker.services.mediawiki.version', True) }}" +mediawiki_image: "{{ applications | get_app_conf(application_id, 'docker.services.mediawiki.image', True) }}" +mediawiki_name: "{{ applications | get_app_conf(application_id, 'docker.services.mediawiki.name', True) }}" +mediawiki_volume: "{{ applications | get_app_conf(application_id, 'docker.services.volumes.data', True) }}" \ No newline at end of file diff --git a/roles/web-app-mobilizon/config/main.yml b/roles/web-app-mobilizon/config/main.yml index 8e1de690..01f3088d 100644 --- a/roles/web-app-mobilizon/config/main.yml +++ b/roles/web-app-mobilizon/config/main.yml @@ -1,6 +1,6 @@ -titel: "Mobilizon on {{ primary_domain | upper }}" +titel: "Mobilizon on {{ primary_domain | upper }}" images: - mobilizon: "docker.io/framasoft/mobilizon" + mobilizon: "docker.io/framasoft/mobilizon" features: central_database: true oidc: true diff --git a/roles/web-app-mobilizon/vars/main.yml b/roles/web-app-mobilizon/vars/main.yml index 0e7393fb..bfda0b34 100644 --- a/roles/web-app-mobilizon/vars/main.yml +++ b/roles/web-app-mobilizon/vars/main.yml @@ -3,6 +3,5 @@ application_id: mobilizon database_type: "postgres" database_gis_enabled: true -mobilizon_oidc_callback_url: "{{ domains | get_url(application_id, web_protocol) }}/auth/openid_connect/callback" -container_port: 4000 +container_port: 4000 mobilizon_host_conf_exs_file: "{{docker_compose.directories.config}}config.exs" \ No newline at end of file diff --git a/roles/web-app-mybb/config/main.yml b/roles/web-app-mybb/config/main.yml index 85a79131..cce85b34 100644 --- a/roles/web-app-mybb/config/main.yml +++ b/roles/web-app-mybb/config/main.yml @@ -1,12 +1,16 @@ -version: "latest" features: matomo: true css: true port-ui-desktop: true central_database: true - docker: services: database: - enabled: true \ No newline at end of file + enabled: true + mybb: + image: "mybb/mybb" + version: "latest" + name: "mybb" + volumes: + data: "mybb_data" \ No newline at end of file diff --git a/roles/web-app-mybb/templates/docker-compose.yml.j2 b/roles/web-app-mybb/templates/docker-compose.yml.j2 index 9d0dfb79..e96c8ef3 100644 --- a/roles/web-app-mybb/templates/docker-compose.yml.j2 +++ b/roles/web-app-mybb/templates/docker-compose.yml.j2 @@ -4,7 +4,8 @@ driver: journald options: tag: "mybb_application" - image: mybb/mybb:{{applications.mybb.version}} + image: {{ mybb_image }}:{{ mybb_version }} + container_name: {{ mybb_name }} restart: {{docker_restart_policy}} volumes: - data:/var/www/html @@ -27,5 +28,6 @@ {% include 'roles/docker-compose/templates/volumes.yml.j2' %} data: + name: {{ mybb_volume }} {% include 'roles/docker-compose/templates/networks.yml.j2' %} \ No newline at end of file diff --git a/roles/web-app-mybb/vars/main.yml b/roles/web-app-mybb/vars/main.yml index fde7c3f8..78b1dd26 100644 --- a/roles/web-app-mybb/vars/main.yml +++ b/roles/web-app-mybb/vars/main.yml @@ -1,8 +1,11 @@ --- -application_id: "mybb" +application_id: "web-app-mybb" docker_compose_instance_confd_directory: "{{docker_compose.directories.instance}}conf.d/" docker_compose_instance_confd_defaultconf_file: "{{docker_compose_instance_confd_directory}}default.conf" target_mount_conf_d_directory: "{{nginx.directories.http.servers}}" source_domain: "mybb.{{primary_domain}}" -database_password: "{{mybb_database_password}}" -database_type: "mariadb" \ No newline at end of file +database_type: "mariadb" +mybb_version: "{{ applications | get_app_conf(application_id, 'docker.services.mybb.version', True) }}" +mybb_image: "{{ applications | get_app_conf(application_id, 'docker.services.mybb.image', True) }}" +mybb_name: "{{ applications | get_app_conf(application_id, 'docker.services.mybb.name', True) }}" +mybb_volume: "{{ applications | get_app_conf(application_id, 'docker.services.volumes.data', True) }}" diff --git a/roles/web-app-nextcloud/config/main.yml b/roles/web-app-nextcloud/config/main.yml index f397412d..265a18c9 100644 --- a/roles/web-app-nextcloud/config/main.yml +++ b/roles/web-app-nextcloud/config/main.yml @@ -10,34 +10,53 @@ csp: - "data:" domains: canonical: - - "cloud.{{ primary_domain }}" + nextcloud: "cloud.{{ primary_domain }}" + # talk: "talk.{{ primary_domain }}" @todo needs to be activated docker: services: redis: enabled: true database: enabled: true + nextcloud: + name: "nextcloud" + image: "nextcloud" + version: "latest-fpm-alpine" + no_stop_required: true + proxy: + name: "nextcloud-proxy" + image: "nginx" + version: "alpine" + cron: + name: "nextcloud-cron" + talk: + name: "nextcloud-talk" + image: "nextcloud/aio-talk" + version: "latest" + enabled: false # Not enabled yet, because just implemented during refactoring and not tested yet. if tested activate + # Its in a own role. @todo remove it if it gets implemented via the other role + #collabora: + # name: "nextcloud-collabora" + # image: "nextcloud-collabora" + # version: "latest" oidc: - enabled: "{{ applications.nextcloud.features.oidc | default(true) }}" # Activate OIDC for Nextcloud + enabled: "{{ applications | get_app_conf(application_id, 'features.oidc')" # Activate OIDC for Nextcloud # floavor decides which OICD plugin should be used. # Available options: oidc_login, sociallogin # @see https://apps.nextcloud.com/apps/oidc_login # @see https://apps.nextcloud.com/apps/sociallogin - flavor: "oidc_login" # Keeping on sociallogin because the other option is not implemented yet + flavor: "oidc_login" # Keeping on sociallogin because the other option is not implemented yet features: matomo: true css: false - port-ui-desktop: true + port-ui-desktop: true ldap: true oidc: true central_database: true default_quota: '1000000000' # Quota to assign if no quota is specified in the OIDC response (bytes) legacy_login_mask: enabled: False # If true, then legacy login mask is shown. Otherwise just SSO -container: - application: "nextcloud-application" # Nextcloud application container name - proxy: "nextcloud-web" # Nextcloud Proxy Container Name - collabora: "nextcloud-collabora" + performance: php: memory_limit: "{{ ((ansible_memtotal_mb | int) / 30)|int }}M" # Dynamic set memory limit @@ -146,16 +165,16 @@ plugins: enabled: true integration_mastodon: # Nextcloud Integration Mastodon: connects Nextcloud with the Mastodon social network (https://apps.nextcloud.com/apps/integration_mastodon) - enabled: "{{ 'mastodon' in group_names | lower }}" + enabled: "{{ 'web-app-mastodon' in group_names | lower }}" integration_openai: # Nextcloud Integration OpenAI: brings OpenAI functionalities into Nextcloud (https://apps.nextcloud.com/apps/integration_openai) enabled: false integration_openproject: # Nextcloud Integration OpenProject: integrates project management features from OpenProject (https://apps.nextcloud.com/apps/integration_openproject) - enabled: "{{ 'openproject' in group_names | lower }}" + enabled: "{{ 'web-app-openproject' in group_names | lower }}" integration_peertube: # Nextcloud Integration PeerTube: connects to PeerTube for video sharing (https://apps.nextcloud.com/apps/integration_peertube) - enabled: "{{ 'peertube' in group_names | lower }}" + enabled: "{{ 'web-app-peertube' in group_names | lower }}" #keeweb # # Nextcloud KeeWeb: integrates the KeeWeb password manager within Nextcloud (https://apps.nextcloud.com/apps/keeweb) # # This isn't maintained anymore. The alternatives don't support keepass files @@ -216,13 +235,13 @@ plugins: # enabled: false twofactor_nextcloud_notification: # Nextcloud two-factor notification: sends notifications for two-factor authentication events (https://apps.nextcloud.com/apps/twofactor_nextcloud_notification) - enabled: "{{ not applications.nextcloud.features.oidc | default(true) }}" # Deactivate 2FA if oidc is active + enabled: "{{ not applications | get_app_conf('web-app-nextcloud', 'features.oidc', False, True) }}" # Deactivate 2FA if oidc is active twofactor_totp: # Nextcloud two-factor TOTP: provides time-based one-time password authentication (https://apps.nextcloud.com/apps/twofactor_totp) - enabled: "{{ not applications.nextcloud.features.oidc | default(true) }}" # Deactivate 2FA if oidc is active + enabled: "{{ not applications | get_app_conf('web-app-nextcloud', 'features.oidc', False, True) }}" # Deactivate 2FA if oidc is active user_ldap: # Nextcloud user LDAP: integrates LDAP for user management and authentication (https://apps.nextcloud.com/apps/user_ldap) - enabled: "{{ applications.nextcloud.features.ldap | default(true) }}" + enabled: "{{ applications | get_app_conf('web-app-nextcloud', 'features.ldap', False, True) }}" user_directory: enabled: true # Enables the LDAP User Directory Search user_oidc: diff --git a/roles/web-app-nextcloud/docs/Update.md b/roles/web-app-nextcloud/docs/Update.md index 4ceb7bd1..e4ae1b7a 100644 --- a/roles/web-app-nextcloud/docs/Update.md +++ b/roles/web-app-nextcloud/docs/Update.md @@ -8,7 +8,7 @@ export DOCKER_CLIENT_TIMEOUT=600 && docker-compose down ``` -Afterwards, update the ***applications.nextcloud.version*** variable to the next version and run this repository with this Ansible role. +Afterwards, update the ***applications.docker.services.*.version*** variable to the next version and run this repository with this Ansible role. > **Note:** > It is only possible to update from one to the next major version at a time. @@ -25,7 +25,7 @@ docker-compose exec -it application top If Nextcloud remains in maintenance mode after the update, try the following: ```bash -docker exec -it -u www-data nextcloud-application/var/www/html/occ maintenance:mode --on +docker exec -it -u www-data nextcloud-application /var/www/html/occ maintenance:mode --on docker exec -it -u www-data nextcloud-application /var/www/html/occ upgrade docker exec -it -u www-data nextcloud-application /var/www/html/occ maintenance:mode --off ``` diff --git a/roles/web-app-nextcloud/handlers/main.yml b/roles/web-app-nextcloud/handlers/main.yml index a08fc44e..c86676bc 100644 --- a/roles/web-app-nextcloud/handlers/main.yml +++ b/roles/web-app-nextcloud/handlers/main.yml @@ -1,6 +1,6 @@ --- - name: restart nextcloud nginx service command: - cmd: "docker exec {{applications.nextcloud.container.proxy}} nginx -s reload" + cmd: "docker exec {{ nextcloud_proxy_name }} nginx -s reload" listen: restart nextcloud nginx service ignore_errors: true # Ignoring if container is restarting diff --git a/roles/web-app-nextcloud/tasks/01_config.yml b/roles/web-app-nextcloud/tasks/01_config.yml index 5bc5afdc..6f862576 100644 --- a/roles/web-app-nextcloud/tasks/01_config.yml +++ b/roles/web-app-nextcloud/tasks/01_config.yml @@ -8,11 +8,11 @@ - name: Copy include instructions to the container command: > - docker cp {{ nextcloud_host_include_instructions_file }} {{ applications.nextcloud.container.application }}:{{nextcloud_docker_include_instructions_file}} + docker cp {{ nextcloud_host_include_instructions_file }} {{ nextcloud_name }}:{{nextcloud_docker_include_instructions_file}} - name: Append generated config to config.php only if not present command: > - docker exec -u {{nextcloud_docker_user}} {{ applications.nextcloud.container.application }} sh -c " + docker exec -u {{nextcloud_docker_user}} {{ nextcloud_name }} sh -c " grep -q '{{ nextcloud_docker_config_additives_directory }}' {{ nextcloud_docker_config_file }} || cat {{nextcloud_docker_include_instructions_file}} >> {{ nextcloud_docker_config_file }}" notify: docker compose restart \ No newline at end of file diff --git a/roles/web-app-nextcloud/tasks/main.yml b/roles/web-app-nextcloud/tasks/main.yml index fa05b79e..b25fc558 100644 --- a/roles/web-app-nextcloud/tasks/main.yml +++ b/roles/web-app-nextcloud/tasks/main.yml @@ -32,7 +32,7 @@ - name: create internal nextcloud nginx configuration template: src: "nginx/docker.conf.j2" - dest: "{{docker_compose.directories.volumes}}nginx.conf" + dest: "{{ docker_compose.directories.volumes }}nginx.conf" notify: restart nextcloud nginx service - name: Setup config.php @@ -43,7 +43,7 @@ - name: Setup Nextcloud Plugins include_tasks: 02_plugin.yml - loop: "{{applications | get_app_conf(application_id, 'plugins', True) | dict2items }}" + loop: "{{ applications | get_app_conf(application_id, 'plugins', True) | dict2items }}" loop_control: loop_var: plugin_item vars: @@ -55,7 +55,7 @@ - name: Add missing database indices in Nextcloud command: > - {{nextcloud_docker_exec_occ}} db:add-missing-indices + {{ nextcloud_docker_exec_occ }} db:add-missing-indices register: db_indices_result changed_when: > 'Adding additional' in db_indices_result.stdout or @@ -65,8 +65,8 @@ - name: Ensure Nextcloud administrator is in the 'admin' group command: > - docker exec -u {{ nextcloud_docker_user }} {{ applications.nextcloud.container.application }} - php occ group:adduser admin {{ applications.nextcloud.users.administrator.username }} + docker exec -u {{ nextcloud_docker_user }} {{ nextcloud_name }} + php occ group:adduser admin {{ nextcloud_administrator_username }} register: add_admin_to_group changed_when: "'Added user' in add_admin_to_group.stdout" failed_when: add_admin_to_group.rc != 0 and "'is already a member of' not in add_admin_to_group.stderr" diff --git a/roles/web-app-nextcloud/templates/docker-compose.yml.j2 b/roles/web-app-nextcloud/templates/docker-compose.yml.j2 index f92ada12..32862dad 100644 --- a/roles/web-app-nextcloud/templates/docker-compose.yml.j2 +++ b/roles/web-app-nextcloud/templates/docker-compose.yml.j2 @@ -1,8 +1,8 @@ {% include 'roles/docker-compose/templates/base.yml.j2' %} application: - image: "nextcloud:{{applications.nextcloud.version}}-fpm-alpine" - container_name: {{applications.nextcloud.container.application}} + image: "{{ nextcloud_image }}:{{ nextcloud_version }}" + container_name: {{ nextcloud_name }} volumes: - data:{{nextcloud_docker_work_directory}} - {{nextcloud_host_config_additives_directory}}:{{nextcloud_docker_config_additives_directory}}:ro @@ -16,31 +16,25 @@ {% include 'roles/docker-container/templates/networks.yml.j2' %} ipv4_address: 192.168.102.69 - # @Todo activate - #nc-talk: - # image: nextcloud/aio-talk:latest - # container_name: talk_hpb - # hostname: hpb_yt - # restart: unless-stopped - # init: true - # ports: - # - 3478:3478/tcp #TURN TCP - # - 3478:3478/udp #TURN UDP - # - 8181:8081/tcp #Signaling - # environment: - # - NC_DOMAIN=cloud.yourdomain.tld - # - TALK_HOST=signaling.yourdomain.tld - # - TURN_SECRET=${TURN_SECRET} - # - SIGNALING_SECRET=${SIGNALING_SECRET} - # - TZ=Europe/Berlin - # - TALK_PORT=3478 - # - INTERNAL_SECRET=${INTERNAL_SECRET} - # networks: - # - nxnetwork_yt +{% if nextcloud_talk_enabled %} + talk: + {% include 'roles/docker-container/templates/base.yml.j2' %} + image: "{{ nextcloud_talk_image }}:{{ nextcloud_talk_version }}" + container_name: {{ nextcloud_talk_name }} + hostname: hpb_yt + init: true + ports: + - {{ networks.internet.ip4 }}:{{ nextcloud_talk_stun_port }}:3478/tcp #TURN TCP + - {{ networks.internet.ip4 }}:{{ nextcloud_talk_stun_port }}:3478/udp #TURN UDP + - {{ networks.internet.ip4 }}:8181:8081/tcp #Signaling @todo needs to be optimized + networks: + default: + ipv4_address: 192.168.102.68 +{% endif %} - web: - image: nginx:alpine - container_name: {{applications.nextcloud.container.proxy}} + proxy: + image: "{{ nextcloud_proxy_image }}:{{ nextcloud_proxy_version }}" + container_name: "{{ nextcloud_proxy_name }}" logging: driver: journald restart: {{docker_restart_policy}} @@ -57,8 +51,8 @@ ipv4_address: 192.168.102.67 cron: - container_name: nextcloud-cron - image: "nextcloud:{{applications.nextcloud.version}}-fpm-alpine" + container_name: "{{ nextcloud_cron_name }}" + image: "{{ nextcloud_image }}:{{ nextcloud_version }}" restart: {{docker_restart_policy}} logging: driver: journald diff --git a/roles/web-app-nextcloud/templates/env.j2 b/roles/web-app-nextcloud/templates/env.j2 index 42cff2bf..b3a0b783 100644 --- a/roles/web-app-nextcloud/templates/env.j2 +++ b/roles/web-app-nextcloud/templates/env.j2 @@ -21,7 +21,7 @@ SMTP_PASSWORD= {{ users['no-reply'].mailu_token }} # Email from configuration MAIL_FROM_ADDRESS= "{{ users['no-reply'].username }}" -MAIL_DOMAIN= "{{system_email.domain}}" +MAIL_DOMAIN= "{{ system_email.domain }}" # Initial Admin Data NEXTCLOUD_ADMIN_USER= "{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}" @@ -29,7 +29,7 @@ NEXTCLOUD_ADMIN_PASSWORD= "{{applications | get_app_conf(application_id, ' # Security -NEXTCLOUD_TRUSTED_DOMAINS= "{{domains | get_domain(application_id)}}" +NEXTCLOUD_TRUSTED_DOMAINS= "{{ nextcloud_domains }}" # Whitelist local docker gateway in Nextcloud to prevent brute-force throtteling TRUSTED_PROXIES= "{{ networks.internet.values() | select | join(',') }}" OVERWRITECLIURL= "{{ domains | get_url(application_id, web_protocol) }}" @@ -37,4 +37,17 @@ OVERWRITEPROTOCOL= "https" # Redis Configuration REDIS_HOST= redis -REDIS_PORT= 6379 \ No newline at end of file +REDIS_PORT= 6379 + +{% if nextcloud_talk_enabled %} +# Talk Configuration +# This code was just moved here during refactoring and isn't tested yet. +# @todo move it to an own env file for encapsulation reasons +NC_DOMAIN=cloud.yourdomain.tld +TALK_HOST=signaling.yourdomain.tld +TURN_SECRET=${TURN_SECRET} +SIGNALING_SECRET=${SIGNALING_SECRET} +TZ=Europe/Berlin +TALK_PORT=3478 +INTERNAL_SECRET=${INTERNAL_SECRET} +{% endif %} \ No newline at end of file diff --git a/roles/web-app-nextcloud/vars/main.yml b/roles/web-app-nextcloud/vars/main.yml index 0bf2ed9e..77421745 100644 --- a/roles/web-app-nextcloud/vars/main.yml +++ b/roles/web-app-nextcloud/vars/main.yml @@ -1,39 +1,62 @@ --- # General -application_id: "nextcloud" # Application identifier -container_port: 80 +application_id: "web-app-nextcloud" # Application identifier +container_port: 80 # Database -database_password: "{{applications.nextcloud.credentials.database_password}}" # Database password -database_type: "mariadb" # Database flavor +database_password: "{{ applications | get_app_conf(application_id, 'credentials.database_password', True)}}" +database_type: "mariadb" # Database flavor # Networking -domain: "{{ domains | get_domain(application_id) }}" # Public domain at which Nextcloud will be accessable -http_port: "{{ ports.localhost.http[application_id] }}" # Port at which nextcloud is reachable in the local network +domain: "{{ domains | get_domain(application_id) }}" # Public domain at which Nextcloud will be accessable +http_port: "{{ ports.localhost.http[application_id] }}" # Port at which nextcloud is reachable in the local network + +nextcloud_administrator_username: "{{ applications | get_app_conf(application_id, 'users.administrator.username', True) }}" # Control Node -nextcloud_control_node_plugin_vars_directory: "{{role_path}}/vars/plugins/" # Folder in which the files for the plugin configuration are stored -nextcloud_control_node_plugin_tasks_directory: "{{role_path}}/tasks/plugins/" # Folder which contains the files for extra plugin configuration tasks +nextcloud_control_node_plugin_vars_directory: "{{role_path}}/vars/plugins/" # Folder in which the files for the plugin configuration are stored +nextcloud_control_node_plugin_tasks_directory: "{{role_path}}/tasks/plugins/" # Folder which contains the files for extra plugin configuration tasks # Host ## Host Paths -nextcloud_host_config_additives_directory: "{{docker_compose.directories.volumes}}cymais/" # This folder is the path to which the additive configurations will be copied -nextcloud_host_include_instructions_file: "{{docker_compose.directories.volumes}}includes.php" # Path to the instruction file on the host. Responsible for loading the additional configurations +nextcloud_host_config_additives_directory: "{{docker_compose.directories.volumes}}cymais/" # This folder is the path to which the additive configurations will be copied +nextcloud_host_include_instructions_file: "{{docker_compose.directories.volumes}}includes.php" # Path to the instruction file on the host. Responsible for loading the additional configurations + +nextcloud_domains: "{{ domains[application_id].nextcloud }}" # Docker +nextcloud_version: "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.version', True) }}" +nextcloud_image: "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.image', True) }}" +nextcloud_name: "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.name', True) }}" + +nextcloud_proxy_name: "{{ applications | get_app_conf(application_id, 'docker.services.proxy.name', True) }}" +nextcloud_proxy_image: "{{ applications | get_app_conf(application_id, 'docker.services.proxy.image', True) }}" +nextcloud_proxy_version: "{{ applications | get_app_conf(application_id, 'docker.services.proxy.version', True) }}" + +nextcloud_cron_name: "{{ applications | get_app_conf(application_id, 'docker.services.cron.name', True) }}" + +nextcloud_talk_name: "{{ applications | get_app_conf(application_id, 'docker.services.talk.name', True) }}" +nextcloud_talk_image: "{{ applications | get_app_conf(application_id, 'docker.services.talk.image', True) }}" +nextcloud_talk_version: "{{ applications | get_app_conf(application_id, 'docker.services.talk.version', True) }}" +nextcloud_talk_enabled: "{{ applications | get_app_conf(application_id, 'docker.services.talk.enabled', True) }}" +nextcloud_talk_stun_port: "{{ ports.public.stun[application_id] }}" +# nextcloud_talk_domain: "{{ domains[application_id].talk }}" + +#nextcloud_collabora_name: "{{ applications | get_app_conf(application_id, 'docker.services.collabora.name', True) }}" + ## User Configuration -nextcloud_docker_user_id: 82 # UID of the www-data user -nextcloud_docker_user: "www-data" # Name of the www-data user (Set here to easy change it in the future) +nextcloud_docker_user_id: 82 # UID of the www-data user +nextcloud_docker_user: "www-data" # Name of the www-data user (Set here to easy change it in the future) ## Internal Paths -nextcloud_docker_work_directory: "/var/www/html/" # Name of the workdir in which the application is stored -nextcloud_docker_config_directory: "{{nextcloud_docker_work_directory}}config/" # Folder in which the Nextcloud configurations are stored -nextcloud_docker_config_file: "{{nextcloud_docker_config_directory}}config.php" # Path to the Nextcloud configuration file -nextcloud_docker_config_additives_directory: "{{nextcloud_docker_config_directory}}cymais/" # Path to the folder which contains additional configurations -nextcloud_docker_include_instructions_file: "/tmp/includes.php" # Path to the temporary file which will be included to the config.php to load the additional configurations +nextcloud_docker_work_directory: "/var/www/html/" # Name of the workdir in which the application is stored +nextcloud_docker_config_directory: "{{nextcloud_docker_work_directory}}config/" # Folder in which the Nextcloud configurations are stored +nextcloud_docker_config_file: "{{nextcloud_docker_config_directory}}config.php" # Path to the Nextcloud configuration file +nextcloud_docker_config_additives_directory: "{{nextcloud_docker_config_directory}}cymais/" # Path to the folder which contains additional configurations +nextcloud_docker_include_instructions_file: "/tmp/includes.php" # Path to the temporary file which will be included to the config.php to load the additional configurations ## Execution -nextcloud_docker_exec: "docker exec -u {{ nextcloud_docker_user }} {{ applications.nextcloud.container.application }}" # General execute composition -nextcloud_docker_exec_occ: "{{nextcloud_docker_exec}} {{ nextcloud_docker_work_directory }}occ" # Execute docker occ command \ No newline at end of file +nextcloud_docker_exec: "docker exec -u {{ nextcloud_docker_user }} {{ nextcloud_name }}" # General execute composition +nextcloud_docker_exec_occ: "{{nextcloud_docker_exec}} {{ nextcloud_docker_work_directory }}occ" # Execute docker occ command \ No newline at end of file diff --git a/roles/web-app-oauth2-proxy/tasks/main.yml b/roles/web-app-oauth2-proxy/tasks/main.yml index e380de08..8a516cd2 100644 --- a/roles/web-app-oauth2-proxy/tasks/main.yml +++ b/roles/web-app-oauth2-proxy/tasks/main.yml @@ -1,6 +1,6 @@ - name: "Transfering oauth2-proxy-keycloak.cfg.j2 to {{(path_docker_compose_instances | get_docker_compose(application_id)).directories.volumes}}" template: src: "{{ playbook_dir }}/roles/web-app-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2" - dest: "{{(path_docker_compose_instances | get_docker_compose(application_id)).directories.volumes}}{{applications['oauth2-proxy'].configuration_file}}" + dest: "{{(path_docker_compose_instances | get_docker_compose(application_id)).directories.volumes}}{{applications | get_app_conf('oauth2-proxy' 'configuration_file')}}" notify: - docker compose up \ No newline at end of file diff --git a/roles/web-app-oauth2-proxy/templates/container.yml.j2 b/roles/web-app-oauth2-proxy/templates/container.yml.j2 index 71aa195c..4fc4f11d 100644 --- a/roles/web-app-oauth2-proxy/templates/container.yml.j2 +++ b/roles/web-app-oauth2-proxy/templates/container.yml.j2 @@ -7,5 +7,5 @@ ports: - {{ports.localhost.oauth2_proxy[application_id]}}:4180/tcp volumes: - - "{{docker_compose.directories.volumes}}{{applications['oauth2-proxy'].configuration_file}}:/oauth2-proxy.cfg" + - "{{docker_compose.directories.volumes}}{{applications | get_app_conf('oauth2-proxy' 'configuration_file')}}:/oauth2-proxy.cfg" {% endif %} \ No newline at end of file diff --git a/roles/web-app-openproject/config/main.yml b/roles/web-app-openproject/config/main.yml index 6fce66da..7242c8a2 100644 --- a/roles/web-app-openproject/config/main.yml +++ b/roles/web-app-openproject/config/main.yml @@ -1,4 +1,3 @@ -version: "13" # Update when available. Sadly no rolling release implemented oauth2_proxy: application: "proxy" port: "80" @@ -31,4 +30,20 @@ domains: docker: services: database: - enabled: true \ No newline at end of file + enabled: true + web: + name: openproject-web + image: openproject/community + version: "13" # Update when available. Sadly no rolling release implemented + no_stop_required: true + seeder: + name: openproject-seeder + cron: + name: openproject-cron + worker: + name: openproject-worker + proxy: + name: openproject-proxy + + volumes: + data: "openproject_data" \ No newline at end of file diff --git a/roles/web-app-openproject/templates/Dockerfile.j2 b/roles/web-app-openproject/templates/Dockerfile.j2 index 2254461e..4e428859 100644 --- a/roles/web-app-openproject/templates/Dockerfile.j2 +++ b/roles/web-app-openproject/templates/Dockerfile.j2 @@ -1,4 +1,4 @@ -FROM openproject/community:{{applications.openproject.version}} +FROM {{ openproject_image }}:{{ openproject_version }} # If installing a local plugin (using `path:` in the `Gemfile.plugins` above), # you will have to copy the plugin code into the container here and use the diff --git a/roles/web-app-openproject/templates/docker-compose.yml.j2 b/roles/web-app-openproject/templates/docker-compose.yml.j2 index 8647a30f..b454041e 100644 --- a/roles/web-app-openproject/templates/docker-compose.yml.j2 +++ b/roles/web-app-openproject/templates/docker-compose.yml.j2 @@ -17,7 +17,7 @@ x-op-app: &app proxy: {% include 'roles/docker-container/templates/base.yml.j2' %} image: {{custom_openproject_image}} - container_name: openproject-proxy + container_name: {{ openproject_proxy_name }} command: "./docker/prod/proxy" ports: - "127.0.0.1:{{ports.localhost.http[application_id]}}:80" @@ -33,7 +33,7 @@ x-op-app: &app <<: *app {% include 'roles/docker-container/templates/base.yml.j2' %} command: "./docker/prod/web" - container_name: openproject-web + container_name: {{ openproject_web_name }} {% include 'roles/docker-container/templates/networks.yml.j2' %} {% include 'roles/docker-container/templates/depends_on/dmbs_incl.yml.j2' %} cache: @@ -51,7 +51,7 @@ x-op-app: &app <<: *app {% include 'roles/docker-container/templates/base.yml.j2' %} command: "./docker/prod/worker" - container_name: openproject-worker + container_name: {{ openproject_worker_name }} {% include 'roles/docker-container/templates/networks.yml.j2' %} {% include 'roles/docker-container/templates/depends_on/dmbs_incl.yml.j2' %} cache: @@ -67,7 +67,7 @@ x-op-app: &app <<: *app {% include 'roles/docker-container/templates/base.yml.j2' %} command: "./docker/prod/cron" - container_name: openproject-cron + container_name: {{ openproject_cron_name }} {% include 'roles/docker-container/templates/networks.yml.j2' %} {% include 'roles/docker-container/templates/depends_on/dmbs_incl.yml.j2' %} cache: @@ -81,7 +81,7 @@ x-op-app: &app seeder: <<: *app command: "./docker/prod/seeder" - container_name: openproject-seeder + container_name: {{ openproject_seeder_name }} env_file: - "{{docker_compose.files.env}}" logging: @@ -94,5 +94,6 @@ x-op-app: &app {% include 'roles/docker-compose/templates/volumes.yml.j2' %} data: + name: {{ openproject_volume }} {% include 'roles/docker-compose/templates/networks.yml.j2' %} \ No newline at end of file diff --git a/roles/web-app-openproject/vars/main.yml b/roles/web-app-openproject/vars/main.yml index df45a936..c27e385e 100644 --- a/roles/web-app-openproject/vars/main.yml +++ b/roles/web-app-openproject/vars/main.yml @@ -1,7 +1,15 @@ -application_id: "openproject" +application_id: "web-app-openproject" docker_repository_address: "https://github.com/opf/openproject-deploy" database_type: "postgres" docker_repository: true +openproject_version: "{{ applications | get_app_conf(application_id, 'docker.services.web.version', True) }}" +openproject_image: "{{ applications | get_app_conf(application_id, 'docker.services.web.image', True) }}" +openproject_volume: "{{ applications | get_app_conf(application_id, 'docker.services.volumes.data', True) }}" +openproject_web_name: "{{ applications | get_app_conf(application_id, 'docker.services.web.name', True) }}" +openproject_seeder_name: "{{ applications | get_app_conf(application_id, 'docker.services.seeder.name', True) }}" +openproject_cron_name: "{{ applications | get_app_conf(application_id, 'docker.services.cron.name', True) }}" +openproject_proxy_name: "{{ applications | get_app_conf(application_id, 'docker.services.proxy.name', True) }}" +openproject_worker_name: "{{ applications | get_app_conf(application_id, 'docker.services.worker.name', True) }}" openproject_plugins_folder: "{{docker_compose.directories.volumes}}plugins/" diff --git a/roles/web-app-peertube/config/main.yml b/roles/web-app-peertube/config/main.yml index 3b7af579..7387c1aa 100644 --- a/roles/web-app-peertube/config/main.yml +++ b/roles/web-app-peertube/config/main.yml @@ -1,8 +1,7 @@ -version: "bookworm" features: matomo: true css: false - port-ui-desktop: true + port-ui-desktop: true central_database: true oidc: true csp: @@ -30,4 +29,11 @@ docker: redis: enabled: true database: - enabled: true \ No newline at end of file + enabled: true + peertube: + name: "peertube" + version: "production-bookworm" + image: "chocobozzz/peertube" + no_stop_required: true + volumes: + data: peertube_data \ No newline at end of file diff --git a/roles/web-app-peertube/tasks/disable-oidc.yml b/roles/web-app-peertube/tasks/disable-oidc.yml index 65406dd0..d5a28440 100644 --- a/roles/web-app-peertube/tasks/disable-oidc.yml +++ b/roles/web-app-peertube/tasks/disable-oidc.yml @@ -1,5 +1,5 @@ - name: "Uninstall auth-openid-connect plugin for Peertube" command: > - docker exec {{ container_name }} \ + docker exec {{ peertube_name }} \ npm run plugin:uninstall -- --npm-name {{oidc_plugin}} ignore_errors: true diff --git a/roles/web-app-peertube/tasks/enable-oidc.yml b/roles/web-app-peertube/tasks/enable-oidc.yml index ab2e0cc0..7a1e4748 100644 --- a/roles/web-app-peertube/tasks/enable-oidc.yml +++ b/roles/web-app-peertube/tasks/enable-oidc.yml @@ -4,14 +4,14 @@ - name: Check if OIDC plugin is already installed command: > - docker exec {{ container_name }} test -d /data/plugins/data/peertube-plugin-auth-openid-connect + docker exec {{ peertube_name }} test -d /data/plugins/data/peertube-plugin-auth-openid-connect register: peertube_oidc_plugin_check failed_when: false changed_when: false - name: "Install auth-openid-connect plugin for Peertube" command: > - docker exec {{ container_name }} \ + docker exec {{ peertube_name }} \ npm run plugin:install -- --npm-name {{oidc_plugin}} when: peertube_oidc_plugin_check.rc != 0 notify: docker compose up diff --git a/roles/web-app-peertube/templates/docker-compose.yml.j2 b/roles/web-app-peertube/templates/docker-compose.yml.j2 index 8d457d86..be712069 100644 --- a/roles/web-app-peertube/templates/docker-compose.yml.j2 +++ b/roles/web-app-peertube/templates/docker-compose.yml.j2 @@ -2,8 +2,8 @@ application: {% set container_port = 9000 %} - image: chocobozzz/peertube:production-{{ applications | get_app_conf(application_id, 'version', True) }} - container_name: {{ container_name }} + image: {{ peertube_image }}:{{ peertube_version }} + container_name: {{ peertube_name }} {% include 'roles/docker-container/templates/base.yml.j2' %} ports: - "1935:1935" # @todo Add to ports @@ -18,6 +18,7 @@ {% include 'roles/docker-compose/templates/volumes.yml.j2' %} assets: data: + name: {{ peertube_volume }} redis: config: diff --git a/roles/web-app-peertube/vars/main.yml b/roles/web-app-peertube/vars/main.yml index 1e13ca7d..8808d392 100644 --- a/roles/web-app-peertube/vars/main.yml +++ b/roles/web-app-peertube/vars/main.yml @@ -1,4 +1,7 @@ -application_id: "peertube" -database_type: "postgres" -container_name: "{{ application_id }}" -oidc_plugin: "peertube-plugin-auth-openid-connect" \ No newline at end of file +application_id: "web-app-peertube" +database_type: "postgres" +oidc_plugin: "peertube-plugin-auth-openid-connect" +peertube_version: "{{ applications | get_app_conf(application_id, 'docker.services.peertube.version', True) }}" +peertube_image: "{{ applications | get_app_conf(application_id, 'docker.services.peertube.image', True) }}" +peertube_name: "{{ applications | get_app_conf(application_id, 'docker.services.peertube.name', True) }}" +peertube_volume: "{{ applications | get_app_conf(application_id, 'docker.services.volumes.data', True) }}" \ No newline at end of file diff --git a/roles/web-app-pixelfed/config/main.yml b/roles/web-app-pixelfed/config/main.yml index b598d999..1c555083 100644 --- a/roles/web-app-pixelfed/config/main.yml +++ b/roles/web-app-pixelfed/config/main.yml @@ -1,7 +1,4 @@ titel: "Pictures on {{primary_domain}}" -#version: "latest" -images: - pixelfed: "zknt/pixelfed:latest" features: matomo: true css: false # Needs to be reactivated @@ -28,4 +25,13 @@ docker: redis: enabled: true database: - enabled: true \ No newline at end of file + enabled: true + pixelfed: + image: "zknt/pixelfed" + version: "latest" + name: "pixelfed" + no_stop_required: true + worker: + name: "pixelfed_worker" + volumes: + data: "pixelfed_data" diff --git a/roles/web-app-pixelfed/templates/docker-compose.yml.j2 b/roles/web-app-pixelfed/templates/docker-compose.yml.j2 index 8ae0b32e..2f4b5e2f 100644 --- a/roles/web-app-pixelfed/templates/docker-compose.yml.j2 +++ b/roles/web-app-pixelfed/templates/docker-compose.yml.j2 @@ -1,7 +1,8 @@ {% include 'roles/docker-compose/templates/base.yml.j2' %} application: - image: "{{ applications | get_app_conf(application_id, 'images.pixelfed', True) }}" + image: "{{ pixelfed_image }}:{{ pixelfed_version }}" + container_name: {{ pixelfed_name }} {% include 'roles/docker-container/templates/base.yml.j2' %} volumes: - "data:/var/www/storage" @@ -11,7 +12,8 @@ {% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %} {% include 'roles/docker-container/templates/networks.yml.j2' %} worker: - image: "{{ applications | get_app_conf(application_id, 'images.pixelfed', True) }}" + container_name: {{ pixelfed_worker_name }} + image: "{{ pixelfed_image }}:{{ pixelfed_version }}" {% include 'roles/docker-container/templates/base.yml.j2' %} volumes: - "data:/var/www/storage" @@ -30,5 +32,6 @@ {% include 'roles/docker-compose/templates/volumes.yml.j2' %} redis: data: + name: {{ pixelfed_volume }} {% include 'roles/docker-compose/templates/networks.yml.j2' %} \ No newline at end of file diff --git a/roles/web-app-pixelfed/vars/main.yml b/roles/web-app-pixelfed/vars/main.yml index b3c56a48..76ccd3db 100644 --- a/roles/web-app-pixelfed/vars/main.yml +++ b/roles/web-app-pixelfed/vars/main.yml @@ -1,3 +1,8 @@ -application_id: "pixelfed" -proxy_extra_configuration: "client_max_body_size 512M;" -database_type: "mariadb" +application_id: "web-app-pixelfed" +proxy_extra_configuration: "client_max_body_size 512M;" +database_type: "mariadb" +pixelfed_version: "{{ applications | get_app_conf(application_id, 'docker.services.pixelfed.version', True) }}" +pixelfed_image: "{{ applications | get_app_conf(application_id, 'docker.services.pixelfed.image', True) }}" +pixelfed_name: "{{ applications | get_app_conf(application_id, 'docker.services.pixelfed.name', True) }}" +pixelfed_worker_name: "{{ applications | get_app_conf(application_id, 'docker.services.worker.name', True) }}" +pixelfed_volume: "{{ applications | get_app_conf(application_id, 'docker.services.volumes.data', True) }}" diff --git a/roles/web-app-port-ui/templates/menu/followus.yml.j2 b/roles/web-app-port-ui/templates/menu/followus.yml.j2 index 9418f615..c9d9cc5c 100644 --- a/roles/web-app-port-ui/templates/menu/followus.yml.j2 +++ b/roles/web-app-port-ui/templates/menu/followus.yml.j2 @@ -12,7 +12,7 @@ followus: class: fa-brands fa-mastodon url: "{{ web_protocol }}://{{ service_provider.contact.mastodon.split('@')[2] }}/@{{ service_provider.contact.mastodon.split('@')[1] }}" identifier: "{{service_provider.contact.mastodon}}" - iframe: {{ applications | get_app_conf('mastodon','features.port-ui-desktop',True) }} + iframe: {{ applications | get_app_conf('web-app-mastodon','features.port-ui-desktop',True) }} {% endif %} {% if service_provider.contact.bluesky is defined and service_provider.contact.bluesky != "" %} - name: Bluesky @@ -31,7 +31,7 @@ followus: class: fa-solid fa-camera identifier: "{{service_provider.contact.pixelfed}}" url: "{{ web_protocol }}://{{ service_provider.contact.pixelfed.split('@')[2] }}/@{{ service_provider.contact.pixelfed.split('@')[1] }}" - iframe: {{ applications | get_app_conf('pixelfed','features.port-ui-desktop',True) }} + iframe: {{ applications | get_app_conf(web-app-pixelfed,'features.port-ui-desktop',True) }} {% endif %} {% if service_provider.contact.peertube is defined and service_provider.contact.peertube != "" %} - name: Peertube @@ -40,7 +40,7 @@ followus: class: fa-solid fa-video identifier: "{{service_provider.contact.peertube}}" url: "{{ web_protocol }}://{{ service_provider.contact.peertube.split('@')[2] }}/@{{ service_provider.contact.peertube.split('@')[1] }}" - iframe: {{ applications | get_app_conf('peertube','features.port-ui-desktop',True) }} + iframe: {{ applications | get_app_conf('web-app-peertube','features.port-ui-desktop',True) }} {% endif %} {% if service_provider.contact.wordpress is defined and service_provider.contact.wordpress != "" %} - name: Wordpress @@ -49,7 +49,7 @@ followus: class: fa-solid fa-blog identifier: "{{service_provider.contact.wordpress}}" url: "{{ web_protocol }}://{{ service_provider.contact.wordpress.split('@')[2] }}/@{{ service_provider.contact.wordpress.split('@')[1] }}" - iframe: {{ applications | get_app_conf('wordpress','features.port-ui-desktop',True) }} + iframe: {{ applications | get_app_conf('web-app-wordpress','features.port-ui-desktop',True) }} {% endif %} {% if service_provider.contact.friendica is defined and service_provider.contact.friendica != "" %} - name: Friendica diff --git a/roles/web-app-wordpress/config/main.yml b/roles/web-app-wordpress/config/main.yml index 1c855248..f3fec704 100644 --- a/roles/web-app-wordpress/config/main.yml +++ b/roles/web-app-wordpress/config/main.yml @@ -1,7 +1,7 @@ title: "Blog" # Wordpress titel plugins: wp-discourse: - enabled: "{{ 'discourse' in group_names | lower }}" + enabled: "{{ 'web-app-discourse' in group_names | lower }}" daggerhart-openid-connect-generic: enabled: true activitypub: @@ -12,7 +12,6 @@ features: port-ui-desktop: true oidc: true central_database: true -version: latest csp: flags: style-src: @@ -42,7 +41,14 @@ domains: docker: services: database: - enabled: true + enabled: true + wordpress: + version: latest + image: wordpress + name: wordpress + no_stop_required: true + volumes: + data: wordpress_data rbac: roles: subscriber: diff --git a/roles/web-app-wordpress/tasks/plugins/wp-discourse.yml b/roles/web-app-wordpress/tasks/plugins/wp-discourse.yml index d9a7391c..f921ed8a 100644 --- a/roles/web-app-wordpress/tasks/plugins/wp-discourse.yml +++ b/roles/web-app-wordpress/tasks/plugins/wp-discourse.yml @@ -5,14 +5,14 @@ - name: Wait for Discourse API wait_for: - host: "{{ domains | get_domain('discourse') }}" + host: "{{ domains | get_domain('web-app-discourse') }}" port: 80 delay: 5 timeout: 600 - name: Add /var/www/discourse to Git safe.directory command: > - docker exec {{ applications.discourse.container }} \ + docker exec {{ applications['web-app-discourse'].docker.service.discourse.name }} \ git config --global --add safe.directory /var/www/discourse args: chdir: "{{ docker_compose.directories.instance }}" @@ -20,7 +20,7 @@ - name: Revoke old WP Discourse API keys via Rails command: > - docker exec {{ applications.discourse.container }} bash -lc "\ + docker exec {{ applications['web-app-discourse'].docker.service.discourse.name }} bash -lc "\ cd /var/www/discourse && \ script/rails runner \"\ ApiKey.where(\ @@ -36,7 +36,7 @@ - name: Generate new WP Discourse API key via Rake task command: > - docker exec {{ applications.discourse.container }} bash -lc "\ + docker exec {{ applications['web-app-discourse'].docker.service.discourse.name }} bash -lc "\ cd /var/www/discourse && \ bin/rake api_key:create_master['WP Discourse Integration']\ " diff --git a/roles/web-app-wordpress/templates/Dockerfile.j2 b/roles/web-app-wordpress/templates/Dockerfile.j2 index 3a20f634..e6e253f6 100644 --- a/roles/web-app-wordpress/templates/Dockerfile.j2 +++ b/roles/web-app-wordpress/templates/Dockerfile.j2 @@ -1,4 +1,4 @@ -FROM wordpress:{{applications | get_app_conf(application_id, 'version', True)}} +FROM {{ wordpress_image }}:{{ wordpress_version }} # Install msmtp and update system RUN apt-get update && \ diff --git a/roles/web-app-wordpress/templates/docker-compose.yml.j2 b/roles/web-app-wordpress/templates/docker-compose.yml.j2 index 5c2e9f7c..74cd2fbe 100644 --- a/roles/web-app-wordpress/templates/docker-compose.yml.j2 +++ b/roles/web-app-wordpress/templates/docker-compose.yml.j2 @@ -1,8 +1,8 @@ {% include 'roles/docker-compose/templates/base.yml.j2' %} application: {% include 'roles/docker-container/templates/base.yml.j2' %} - image: {{wordpress_custom_image}} - container_name: wordpress-application + image: {{ wordpress_custom_image }} + container_name: {{ wordpress_name }} build: context: . ports: @@ -18,3 +18,4 @@ {% include 'roles/docker-compose/templates/volumes.yml.j2' %} data: + name: "{{ wordpress_volume }}" diff --git a/roles/web-app-wordpress/vars/discourse.yml b/roles/web-app-wordpress/vars/discourse.yml index 396d9085..be092952 100644 --- a/roles/web-app-wordpress/vars/discourse.yml +++ b/roles/web-app-wordpress/vars/discourse.yml @@ -11,7 +11,7 @@ discourse_settings: - name: discourse_connect key: url - value: "{{ domains | get_url('discourse', web_protocol) }}" + value: "{{ domains | get_url('web-app-discourse', web_protocol) }}" - name: discourse_connect key: api-key value: "{{ vault_discourse_api_key }}" diff --git a/roles/web-app-wordpress/vars/main.yml b/roles/web-app-wordpress/vars/main.yml index 497e9b8f..a0f13b91 100644 --- a/roles/web-app-wordpress/vars/main.yml +++ b/roles/web-app-wordpress/vars/main.yml @@ -1,6 +1,10 @@ -application_id: "wordpress" -wordpress_max_upload_size: "64M" +application_id: "web-app-wordpress" database_type: "mariadb" +host_msmtp_conf: "{{docker_compose.directories.config}}msmtprc.conf" +wordpress_max_upload_size: "64M" wordpress_custom_image: "wordpress_custom" wordpress_docker_html_path: "/var/www/html" -host_msmtp_conf: "{{docker_compose.directories.config}}msmtprc.conf" \ No newline at end of file +wordpress_version: "{{ applications | get_app_conf(application_id, 'docker.services.wordpress.version', True) }}" +wordpress_image: "{{ applications | get_app_conf(application_id, 'docker.services.wordpress.image', True) }}" +wordpress_name: "{{ applications | get_app_conf(application_id, 'docker.services.wordpress.name', True) }}" +wordpress_volume: "{{ applications | get_app_conf(application_id, 'docker.services.volumes.data', True) }}" \ No newline at end of file diff --git a/tasks/utils/debug/docker-compose.yml b/tasks/utils/debug/docker-compose.yml deleted file mode 100644 index 07774f2f..00000000 --- a/tasks/utils/debug/docker-compose.yml +++ /dev/null @@ -1,50 +0,0 @@ -- name: Assert all required application_id-based variables are defined - vars: - missing_keys: [] - block: - - name: Check if applications[application_id] exists - set_fact: - missing_keys: "{{ missing_keys + ['applications'] }}" - when: applications.get(application_id, None) is not defined - - - name: Check if applications[application_id].docker.services.database.enabled exists - set_fact: - missing_keys: "{{ missing_keys + ['applications.{}.docker.services.database.enabled'.format(application_id)] }}" - when: applications[application_id].docker.services.database is not defined - - - name: Check if applications[application_id].docker.services.redis.enabled exists - set_fact: - missing_keys: "{{ missing_keys + ['applications.{}.docker.services.redis.enabled'.format(application_id)] }}" - when: applications[application_id].docker.services.redis is not defined - - - name: Check if applications | get_app_conf(application_id, 'images.' ~ application_id, True) exists - set_fact: - missing_keys: "{{ missing_keys + ['applications.{}.images.{}'.format(application_id, application_id)] }}" - when: applications[application_id].images is not defined or applications[application_id].images.get(application_id) is not defined - - - name: Check if applications[application_id].features exists - set_fact: - missing_keys: "{{ missing_keys + ['applications.{}.features'.format(application_id)] }}" - when: applications[application_id].features is not defined - - - name: Check if ports.localhost.oauth2_proxy[application_id] exists - set_fact: - missing_keys: "{{ missing_keys + ['ports.localhost.oauth2_proxy.{}'.format(application_id)] }}" - when: ports.localhost.oauth2_proxy get(application_id, None) is not defined - - - name: Check if ports.localhost.http[application_id] exists - set_fact: - missing_keys: "{{ missing_keys + ['ports.localhost.http.{}'.format(application_id)] }}" - when: ports.localhost.http get(application_id, None) is not defined - - - name: Check if networks.local[application_id].subnet exists (optional) - set_fact: - missing_keys: "{{ missing_keys + ['networks.local.{}.subnet'.format(application_id)] }}" - when: networks.local.get(application_id, None) is not defined or networks.local[application_id].get('subnet', None) is not defined - - - name: Fail if any required keys are missing - debug: - msg: | - The following variables/keys for application_id {{ application_id }} are not defined or not accessible: - {{ missing_keys | join('\n- ') }} - Please define them in your group_vars, host_vars, or inventory. diff --git a/tasks/utils/update-repository-with-files.yml b/tasks/utils/update-repository-with-files.yml index f40902ff..aaa7c6d7 100644 --- a/tasks/utils/update-repository-with-files.yml +++ b/tasks/utils/update-repository-with-files.yml @@ -2,10 +2,10 @@ # Better load the repositories into /opt/docker/[servicename]/services, build them there and then use a docker-compose file for customizing # @todo Refactor\Remove # @deprecated -- name: "Merge detached_files with applications['oauth2-proxy'].configuration_file" +- name: "Merge detached_files with applications | get_app_conf('oauth2-proxy' 'configuration_file')" set_fact: - merged_detached_files: "{{ detached_files + [applications['oauth2-proxy'].configuration_file] }}" - when: applications[application_id].get('features', {}).get('oauth2', False) | bool + merged_detached_files: "{{ detached_files + [applications | get_app_conf('oauth2-proxy' 'configuration_file')] }}" + when: "{{ applications | get_app_conf(application_id,'features.oauth2')" - name: "backup detached files" command: > diff --git a/templates/roles/web-app/vars/main.yml.j2 b/templates/roles/web-app/vars/main.yml.j2 index 6e07cf6a..47ff798f 100644 --- a/templates/roles/web-app/vars/main.yml.j2 +++ b/templates/roles/web-app/vars/main.yml.j2 @@ -7,4 +7,4 @@ docker_compose_flush_handlers: true # When this is set to true {{ application_id | get_cymais_dir }}_version: "{% raw %}{{ applications | get_app_conf(application_id, 'docker.services.{% endraw %}{{ application_id | get_cymais_dir }}{% raw %}.version', True) }}"{% endraw %} {{ application_id | get_cymais_dir }}_image: "{% raw %}{{ applications | get_app_conf(application_id, 'docker.services.{% endraw %}{{ application_id | get_cymais_dir }}{% raw %}.image', True) }}"{% endraw %} {{ application_id | get_cymais_dir }}_name: "{% raw %}{{ applications | get_app_conf(application_id, 'docker.services.{% endraw %}{{ application_id | get_cymais_dir }}{% raw %}.name', True) }}"{% endraw %} -{{ application_id | get_cymais_dir }}_volume: "{% raw %}{{ applications | get_app_conf(application_id, 'docker.services.{% endraw %}{{ application_id | get_cymais_dir }}{% raw %}.volumes.data', True) }}"{% endraw %} \ No newline at end of file +{{ application_id | get_cymais_dir }}_volume: "{% raw %}{{ applications | get_app_conf(application_id, 'docker.services.volumes.data', True) }}"{% endraw %} \ No newline at end of file diff --git a/tests/unit/roles/sys-bkp-docker-2-loc/__init__.py b/tests/unit/roles/sys-bkp-docker-2-loc/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/tests/unit/roles/sys-bkp-docker-2-loc/filter_plugins/__init__.py b/tests/unit/roles/sys-bkp-docker-2-loc/filter_plugins/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/tests/unit/roles/sys-bkp-docker-2-loc/filter_plugins/test_dict_to_cli_args.py b/tests/unit/roles/sys-bkp-docker-2-loc/filter_plugins/test_dict_to_cli_args.py new file mode 100644 index 00000000..f12c5e00 --- /dev/null +++ b/tests/unit/roles/sys-bkp-docker-2-loc/filter_plugins/test_dict_to_cli_args.py @@ -0,0 +1,61 @@ +import unittest +import os +import sys + +# Add the path to roles/sys-bkp-docker-2-loc/filter_plugins +CURRENT_DIR = os.path.dirname(__file__) +FILTER_PLUGIN_DIR = os.path.abspath( + os.path.join(CURRENT_DIR, '../../../../../roles/sys-bkp-docker-2-loc/filter_plugins') +) +sys.path.insert(0, FILTER_PLUGIN_DIR) + +from dict_to_cli_args import dict_to_cli_args + + +class TestDictToCliArgs(unittest.TestCase): + def test_simple_string_args(self): + data = {"backup-dir": "/mnt/backups", "version-suffix": "-nightly"} + expected = "--backup-dir=/mnt/backups --version-suffix=-nightly" + self.assertEqual(dict_to_cli_args(data), expected) + + def test_boolean_true(self): + data = {"shutdown": True, "everything": True} + expected = "--shutdown --everything" + self.assertEqual(dict_to_cli_args(data), expected) + + def test_boolean_false(self): + data = {"shutdown": False, "everything": True} + expected = "--everything" + self.assertEqual(dict_to_cli_args(data), expected) + + def test_list_argument(self): + data = {"ignore-volumes": ["redis", "memcached"]} + expected = '--ignore-volumes="redis memcached"' + self.assertEqual(dict_to_cli_args(data), expected) + + def test_mixed_arguments(self): + data = { + "backup-dir": "/mnt/backups", + "shutdown": True, + "ignore-volumes": ["redis", "memcached"] + } + result = dict_to_cli_args(data) + self.assertIn("--backup-dir=/mnt/backups", result) + self.assertIn("--shutdown", result) + self.assertIn('--ignore-volumes="redis memcached"', result) + + def test_empty_dict(self): + self.assertEqual(dict_to_cli_args({}), "") + + def test_none_value(self): + data = {"some-value": None, "other": "yes"} + expected = "--other=yes" + self.assertEqual(dict_to_cli_args(data), expected) + + def test_invalid_type(self): + with self.assertRaises(TypeError): + dict_to_cli_args(["not", "a", "dict"]) + + +if __name__ == "__main__": + unittest.main()