diff --git a/group_vars/all/07_applications.yml b/group_vars/all/07_applications.yml
index 100008df..3e5bc696 100644
--- a/group_vars/all/07_applications.yml
+++ b/group_vars/all/07_applications.yml
@@ -15,6 +15,7 @@ _applications_nextcloud_ldap_enabled: "{{ applications.nextcloud.ldap.enabled |
_applications_nextcloud_oidc_enabled: "{{ applications.nextcloud.oidc.enabled | default(true) }}"
_applications_nextcloud_oidc_flavor: "{{ applications.nextcloud.oidc.flavor | default('oidc_login' if _applications_nextcloud_ldap_enabled else 'sociallogin') }}"
+# applications
defaults_applications:
@@ -75,6 +76,7 @@ defaults_applications:
# turn_secret: # Needs to be defined in inventory file
urls:
api: "https://{{domains.bigbluebutton}}/bigbluebutton/" # API Address used by Nextcloud Integration
+
## Bluesky
bluesky:
users:
@@ -605,22 +607,22 @@ defaults_applications:
## Open Project
openproject:
- version: "13" # Update when available. Sadly no rolling release implemented
+ version: "13" # Update when available. Sadly no rolling release implemented
oauth2_proxy:
- enabled: true # OpenProject doesn't support OIDC, so this procy in combination with LDAP is needed
- application: "proxy"
- port: "80"
-# cookie_secret: None # Set via openssl rand -hex 16
+ enabled: true # OpenProject doesn't support OIDC, so this procy in combination with LDAP is needed
+ application: "proxy"
+ port: "80"
+# cookie_secret: None # Set via openssl rand -hex 16
ldap:
- enabled: True # Enables LDAP by default
- database:
- central_storage: True # Activate Central Database Storage
- css:
- enabled: false # Temporary deactivated due to bugs
- # @todo Solve and reactivate
- matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
- css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
- landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
+ enabled: True # Enables LDAP by default
+ filters:
+ administrators: True # Set true to filter administrators
+ users: False # Set true to filter users
+ database:
+ central_storage: True # Activate Central Database Storage
+ matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
+ css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
+ landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## Peertube
peertube:
@@ -634,15 +636,17 @@ defaults_applications:
## PgAdmin
pgadmin:
version: "latest"
+ server_mode: False # If true then the preconfigured database file is loaded. Recommended False. True is a security risk.
+ master_password_required: True # Master password is required. Recommended True. False is a security risk.
users:
administrator:
email: "{{ users.administrator.email }}" # Initial login email address
password: "{{ users.administrator.initial_password }}" # Initial login password – should be overridden in inventory for security
oauth2_proxy:
- enabled: true # Enable OAuth2 proxy for authentication
+ enabled: true # Enable OAuth2 proxy for authentication
application: "application"
port: "80"
-# cookie_secret: None # Set via: openssl rand -hex 16
+# cookie_secret: None # Set via: openssl rand -hex 16
database:
central_storage: True # Uses central PostgreSQL database
matomo_tracking_enabled: "{{ matomo_tracking_enabled_default }}" # Enables/Disables Matomo Tracking
diff --git a/roles/docker-pgadmin/tasks/configuration.yml b/roles/docker-pgadmin/tasks/configuration.yml
new file mode 100644
index 00000000..8ee21eae
--- /dev/null
+++ b/roles/docker-pgadmin/tasks/configuration.yml
@@ -0,0 +1,22 @@
+- name: "load variables from {{ database_var_file }}"
+ include_vars: "{{ database_var_file }}"
+
+- name: "loading database configuration variables"
+ include_vars:
+ file: "{{ role_path }}/vars/configuration.yml"
+
+- name: "Render servers.json file"
+ template:
+ src: servers.json.j2
+ dest: "{{ pgadmin_host_server_file }}"
+ mode: "0644"
+ notify: docker compose project setup
+
+- name: "Render .pgpass file"
+ template:
+ src: pgpass.j2
+ dest: "{{ pgadmin_host_password_file }}"
+ owner: "{{ pgadmin_user }}"
+ group: "{{ pgadmin_group }}"
+ mode: "0600"
+ notify: docker compose project setup
diff --git a/roles/docker-pgadmin/tasks/main.yml b/roles/docker-pgadmin/tasks/main.yml
index fb1c833c..f19e8795 100644
--- a/roles/docker-pgadmin/tasks/main.yml
+++ b/roles/docker-pgadmin/tasks/main.yml
@@ -10,5 +10,9 @@
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
+- name: "configure pgadmin servers"
+ include_tasks: configuration.yml
+ when: applications[application_id].server_mode | bool
+
- name: "copy docker-compose.yml and env file"
include_tasks: copy-docker-compose-and-env.yml
\ No newline at end of file
diff --git a/roles/docker-pgadmin/templates/docker-compose.yml.j2 b/roles/docker-pgadmin/templates/docker-compose.yml.j2
index e84b8291..74c7e7c3 100644
--- a/roles/docker-pgadmin/templates/docker-compose.yml.j2
+++ b/roles/docker-pgadmin/templates/docker-compose.yml.j2
@@ -3,7 +3,7 @@ services:
{% include 'roles/docker-oauth2-proxy/templates/container.yml.j2' %}
application:
- image: dpage/pgadmin4:{{applications.pgadmin.version}}
+ image: dpage/pgadmin4:{{applications[application_id].version}}
container_name: pgadmin
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
ports:
@@ -15,5 +15,14 @@ services:
interval: 30s
timeout: 10s
retries: 3
+ volumes:
+ - "data:/var/lib/pgadmin"
+{% if applications[application_id].server_mode | bool %}
+ - "{{ pgadmin_host_server_file }}:{{ pgadmin_docker_server_file }}"
+ - "{{ pgadmin_host_password_file }}:{{ pgadmin_docker_password_file }}"
+{% endif %}
+
+{% include 'templates/docker/compose/volumes.yml.j2' %}
+ data:
{% include 'templates/docker/compose/networks.yml.j2' %}
\ No newline at end of file
diff --git a/roles/docker-pgadmin/templates/env.j2 b/roles/docker-pgadmin/templates/env.j2
index ec1e7a17..313b6853 100644
--- a/roles/docker-pgadmin/templates/env.j2
+++ b/roles/docker-pgadmin/templates/env.j2
@@ -1,5 +1,21 @@
# Configuration @see https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html
+# Disable postfix integration (not needed in containerized environments)
+PGADMIN_DISABLE_POSTFIX=True
+
+# Default login email for server mode
PGADMIN_DEFAULT_EMAIL={{ applications[application_id].users.administrator.email }}
+
+# Default login password for server mode
PGADMIN_DEFAULT_PASSWORD={{ applications[application_id].users.administrator.password }}
-PGADMIN_DISABLE_POSTFIX=True
\ No newline at end of file
+
+{% if applications[application_id].server_mode | bool %}
+# Load server connection settings from this JSON file
+PGADMIN_SERVER_JSON_FILE={{ pgadmin_docker_server_file }}
+
+# Enable desktop (single-user) mode
+PGADMIN_CONFIG_SERVER_MODE=False
+
+# Disable master password prompt for stored credentials
+PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED={{ applications[application_id].master_password_required | capitalize }}
+{% endif %}
\ No newline at end of file
diff --git a/roles/docker-pgadmin/templates/pgpass.j2 b/roles/docker-pgadmin/templates/pgpass.j2
new file mode 100644
index 00000000..50b617d5
--- /dev/null
+++ b/roles/docker-pgadmin/templates/pgpass.j2
@@ -0,0 +1,3 @@
+{% for server in pgadmin_servers %}
+{{ server.host }}:{{ server.port }}:*:{{ server.username }}:{{ server.password }}
+{% endfor %}
\ No newline at end of file
diff --git a/roles/docker-pgadmin/templates/servers.json.j2 b/roles/docker-pgadmin/templates/servers.json.j2
new file mode 100644
index 00000000..fe59c119
--- /dev/null
+++ b/roles/docker-pgadmin/templates/servers.json.j2
@@ -0,0 +1,16 @@
+{
+ "Servers": {
+ {% for server in pgadmin_servers %}
+ "{{ loop.index }}": {
+ "Name": "{{ server.name }}",
+ "Group": "Servers",
+ "Host": "{{ server.host }}",
+ "Port": {{ server.port }},
+ "MaintenanceDB": "{{ server.maintenance_db }}",
+ "Username": "{{ server.username }}",
+ "SSLMode": "prefer",
+ "PassFile": "/pgpass"
+ }{% if not loop.last %},{% endif %}
+ {% endfor %}
+ }
+}
\ No newline at end of file
diff --git a/roles/docker-pgadmin/vars/configuration.yml b/roles/docker-pgadmin/vars/configuration.yml
new file mode 100644
index 00000000..de88fc5c
--- /dev/null
+++ b/roles/docker-pgadmin/vars/configuration.yml
@@ -0,0 +1,14 @@
+pgadmin_host_server_file: "{{docker_compose.directories.volumes}}servers.json"
+pgadmin_docker_server_file: "/pgadmin4/servers.json"
+pgadmin_host_password_file: "{{docker_compose.directories.volumes}}.pgpass"
+pgadmin_docker_password_file: "/pgpass"
+
+pgadmin_servers:
+ - name: "Central Postgres Database"
+ host: "{{ database_host }}"
+ port: "{{ database_port }}"
+ username: "postgres"
+ maintenance_db: "postgres"
+ password: "{{ central_postgres_password }}"
+
+# Here you can add more databases
\ No newline at end of file
diff --git a/roles/docker-pgadmin/vars/main.yml b/roles/docker-pgadmin/vars/main.yml
index 674ad11b..24eeabf3 100644
--- a/roles/docker-pgadmin/vars/main.yml
+++ b/roles/docker-pgadmin/vars/main.yml
@@ -1,3 +1,6 @@
-application_id: "pgadmin"
-database_type: "postgres"
-database_host: "{{ 'central-' + database_type if applications[application_id].database.central_storage }}"
\ No newline at end of file
+application_id: "pgadmin"
+database_type: "postgres"
+database_host: "{{ 'central-' + database_type if applications[application_id].database.central_storage }}"
+database_var_file: "{{playbook_dir}}/roles/docker-central-database/vars/database.yml"
+pgadmin_user: 5050
+pgadmin_group: "{{pgadmin_user}}"
\ No newline at end of file
diff --git a/roles/docker-snipe_it/templates/env.j2 b/roles/docker-snipe_it/templates/env.j2
index b7af0194..014b87a8 100644
--- a/roles/docker-snipe_it/templates/env.j2
+++ b/roles/docker-snipe_it/templates/env.j2
@@ -49,14 +49,14 @@ DB_SSL_VERIFY_SERVER=null
# REQUIRED: OUTGOING MAIL SERVER SETTINGS
# --------------------------------------------
MAIL_MAILER = smtp
-MAIL_HOST = {{system_email.host}} # SMTP server address
-MAIL_PORT = {{system_email.port}} # SMTP server address
-MAIL_USERNAME = {{system_email.username}} # user to connect the SMTP server
-MAIL_PASSWORD = {{system_email.password}} # SMTP user's password
-MAIL_TLS_VERIFY_PEER = {{ system_email.tls | lower | capitalize }} # use TLS (secure) connection with the SMTP server
-MAIL_FROM_ADDR = {{system_email.from}} # default email address for the automated emails
+MAIL_HOST = {{system_email.host}} # SMTP server address
+MAIL_PORT = {{system_email.port}} # SMTP server address
+MAIL_USERNAME = {{system_email.username}} # user to connect the SMTP server
+MAIL_PASSWORD = {{system_email.password}} # SMTP user's password
+MAIL_TLS_VERIFY_PEER = {{ system_email.tls | capitalize }} # use TLS (secure) connection with the SMTP server
+MAIL_FROM_ADDR = {{system_email.from}} # default email address for the automated emails
MAIL_FROM_NAME = 'Snipe-IT'
-MAIL_REPLYTO_ADDR = {{system_email.from}} # default email address for the automated emails
+MAIL_REPLYTO_ADDR = {{system_email.from}} # default email address for the automated emails
MAIL_REPLYTO_NAME = 'Snipe-IT'
MAIL_AUTO_EMBED_METHOD = 'attachment'