kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-04-18 22:29:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Implemented pre configuration for pgadmin

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-04-07 21:09:46 +02:00
parent aceb111f86
commit b00988e792
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
10 changed files with 119 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
group_vars/all/07_applications.yml
View File

@ -15,6 +15,7 @@ _applications_nextcloud_ldap_enabled: "{{ applications.nextcloud.ldap.enabled |
_applications_nextcloud_oidc_enabled: "{{ applications.nextcloud.oidc.enabled | default(true) }}"
_applications_nextcloud_oidc_flavor: "{{ applications.nextcloud.oidc.flavor | default('oidc_login' if _applications_nextcloud_ldap_enabled else 'sociallogin') }}"
# applications
defaults_applications:
@ -75,6 +76,7 @@ defaults_applications:
# turn_secret: # Needs to be defined in inventory file
urls:
api: "https://{{domains.bigbluebutton}}/bigbluebutton/" # API Address used by Nextcloud Integration
## Bluesky
bluesky:
users:
@ -605,22 +607,22 @@ defaults_applications:
## Open Project
openproject:
version: "13" # Update when available. Sadly no rolling release implemented
version: "13" # Update when available. Sadly no rolling release implemented
oauth2_proxy:
enabled: true # OpenProject doesn't support OIDC, so this procy in combination with LDAP is needed
application: "proxy"
port: "80"
# cookie_secret: None # Set via openssl rand -hex 16
enabled: true # OpenProject doesn't support OIDC, so this procy in combination with LDAP is needed
application: "proxy"
port: "80"
# cookie_secret: None # Set via openssl rand -hex 16
ldap:
enabled: True # Enables LDAP by default
database:
central_storage: True # Activate Central Database Storage
css:
enabled: false # Temporary deactivated due to bugs
# @todo Solve and reactivate
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
enabled: True # Enables LDAP by default
filters:
administrators: True # Set true to filter administrators
users: False # Set true to filter users
database:
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## Peertube
peertube:
@ -634,15 +636,17 @@ defaults_applications:
## PgAdmin
pgadmin:
version: "latest"
server_mode: False # If true then the preconfigured database file is loaded. Recommended False. True is a security risk.
master_password_required: True # Master password is required. Recommended True. False is a security risk.
users:
administrator:
email: "{{ users.administrator.email }}" # Initial login email address
password: "{{ users.administrator.initial_password }}" # Initial login password should be overridden in inventory for security
oauth2_proxy:
enabled: true # Enable OAuth2 proxy for authentication
enabled: true # Enable OAuth2 proxy for authentication
application: "application"
port: "80"
# cookie_secret: None # Set via: openssl rand -hex 16
# cookie_secret: None # Set via: openssl rand -hex 16
database:
central_storage: True # Uses central PostgreSQL database
matomo_tracking_enabled: "{{ matomo_tracking_enabled_default }}" # Enables/Disables Matomo Tracking

22
roles/docker-pgadmin/tasks/configuration.yml Normal file
View File

@ -0,0 +1,22 @@
- name: "load variables from {{ database_var_file }}"
include_vars: "{{ database_var_file }}"
- name: "loading database configuration variables"
include_vars:
file: "{{ role_path }}/vars/configuration.yml"
- name: "Render servers.json file"
template:
src: servers.json.j2
dest: "{{ pgadmin_host_server_file }}"
mode: "0644"
notify: docker compose project setup
- name: "Render .pgpass file"
template:
src: pgpass.j2
dest: "{{ pgadmin_host_password_file }}"
owner: "{{ pgadmin_user }}"
group: "{{ pgadmin_group }}"
mode: "0600"
notify: docker compose project setup

4
roles/docker-pgadmin/tasks/main.yml
View File

@ -10,5 +10,9 @@
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: "configure pgadmin servers"
include_tasks: configuration.yml
when: applications[application_id].server_mode | bool
- name: "copy docker-compose.yml and env file"
include_tasks: copy-docker-compose-and-env.yml

11
roles/docker-pgadmin/templates/docker-compose.yml.j2
View File

@ -3,7 +3,7 @@ services:
{% include 'roles/docker-oauth2-proxy/templates/container.yml.j2' %}
application:
image: dpage/pgadmin4:{{applications.pgadmin.version}}
image: dpage/pgadmin4:{{applications[application_id].version}}
container_name: pgadmin
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
ports:
@ -15,5 +15,14 @@ services:
interval: 30s
timeout: 10s
retries: 3
volumes:
- "data:/var/lib/pgadmin"
{% if applications[application_id].server_mode | bool %}
- "{{ pgadmin_host_server_file }}:{{ pgadmin_docker_server_file }}"
- "{{ pgadmin_host_password_file }}:{{ pgadmin_docker_password_file }}"
{% endif %}
{% include 'templates/docker/compose/volumes.yml.j2' %}
data:
{% include 'templates/docker/compose/networks.yml.j2' %}

18
roles/docker-pgadmin/templates/env.j2
View File

@ -1,5 +1,21 @@
# Configuration @see https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html
# Disable postfix integration (not needed in containerized environments)
PGADMIN_DISABLE_POSTFIX=True
# Default login email for server mode
PGADMIN_DEFAULT_EMAIL={{ applications[application_id].users.administrator.email }}
# Default login password for server mode
PGADMIN_DEFAULT_PASSWORD={{ applications[application_id].users.administrator.password }}
PGADMIN_DISABLE_POSTFIX=True
{% if applications[application_id].server_mode | bool %}
# Load server connection settings from this JSON file
PGADMIN_SERVER_JSON_FILE={{ pgadmin_docker_server_file }}
# Enable desktop (single-user) mode
PGADMIN_CONFIG_SERVER_MODE=False
# Disable master password prompt for stored credentials
PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED={{ applications[application_id].master_password_required | capitalize }}
{% endif %}

3
roles/docker-pgadmin/templates/pgpass.j2 Normal file
View File

@ -0,0 +1,3 @@
{% for server in pgadmin_servers %}
{{ server.host }}:{{ server.port }}:*:{{ server.username }}:{{ server.password }}
{% endfor %}

16
roles/docker-pgadmin/templates/servers.json.j2 Normal file
View File

@ -0,0 +1,16 @@
{
"Servers": {
{% for server in pgadmin_servers %}
"{{ loop.index }}": {
"Name": "{{ server.name }}",
"Group": "Servers",
"Host": "{{ server.host }}",
"Port": {{ server.port }},
"MaintenanceDB": "{{ server.maintenance_db }}",
"Username": "{{ server.username }}",
"SSLMode": "prefer",
"PassFile": "/pgpass"
}{% if not loop.last %},{% endif %}
{% endfor %}
}
}

14
roles/docker-pgadmin/vars/configuration.yml Normal file
View File

@ -0,0 +1,14 @@
pgadmin_host_server_file: "{{docker_compose.directories.volumes}}servers.json"
pgadmin_docker_server_file: "/pgadmin4/servers.json"
pgadmin_host_password_file: "{{docker_compose.directories.volumes}}.pgpass"
pgadmin_docker_password_file: "/pgpass"
pgadmin_servers:
- name: "Central Postgres Database"
host: "{{ database_host }}"
port: "{{ database_port }}"
username: "postgres"
maintenance_db: "postgres"
password: "{{ central_postgres_password }}"
# Here you can add more databases

9
roles/docker-pgadmin/vars/main.yml
View File

@ -1,3 +1,6 @@
application_id: "pgadmin"
database_type: "postgres"
database_host: "{{ 'central-' + database_type if applications[application_id].database.central_storage }}"
application_id: "pgadmin"
database_type: "postgres"
database_host: "{{ 'central-' + database_type if applications[application_id].database.central_storage }}"
database_var_file: "{{playbook_dir}}/roles/docker-central-database/vars/database.yml"
pgadmin_user: 5050
pgadmin_group: "{{pgadmin_user}}"

14
roles/docker-snipe_it/templates/env.j2
View File

@ -49,14 +49,14 @@ DB_SSL_VERIFY_SERVER=null
# REQUIRED: OUTGOING MAIL SERVER SETTINGS
# --------------------------------------------
MAIL_MAILER = smtp
MAIL_HOST = {{system_email.host}} # SMTP server address
MAIL_PORT = {{system_email.port}} # SMTP server address
MAIL_USERNAME = {{system_email.username}} # user to connect the SMTP server
MAIL_PASSWORD = {{system_email.password}} # SMTP user's password
MAIL_TLS_VERIFY_PEER = {{ system_email.tls | lower | capitalize }} # use TLS (secure) connection with the SMTP server
MAIL_FROM_ADDR = {{system_email.from}} # default email address for the automated emails
MAIL_HOST = {{system_email.host}} # SMTP server address
MAIL_PORT = {{system_email.port}} # SMTP server address
MAIL_USERNAME = {{system_email.username}} # user to connect the SMTP server
MAIL_PASSWORD = {{system_email.password}} # SMTP user's password
MAIL_TLS_VERIFY_PEER = {{ system_email.tls | capitalize }} # use TLS (secure) connection with the SMTP server
MAIL_FROM_ADDR = {{system_email.from}} # default email address for the automated emails
MAIL_FROM_NAME = 'Snipe-IT'
MAIL_REPLYTO_ADDR = {{system_email.from}} # default email address for the automated emails
MAIL_REPLYTO_ADDR = {{system_email.from}} # default email address for the automated emails
MAIL_REPLYTO_NAME = 'Snipe-IT'
MAIL_AUTO_EMBED_METHOD = 'attachment'