Implemented pre configuration for pgadmin

group_vars/all/07_applications.yml

@@ -15,6 +15,7 @@ _applications_nextcloud_ldap_enabled: "{{ applications.nextcloud.ldap.enabled |
 _applications_nextcloud_oidc_enabled: "{{ applications.nextcloud.oidc.enabled | default(true) }}"
 _applications_nextcloud_oidc_flavor:  "{{ applications.nextcloud.oidc.flavor | default('oidc_login' if _applications_nextcloud_ldap_enabled else 'sociallogin') }}"
 
+# applications
 
 defaults_applications:
 
@@ -75,6 +76,7 @@ defaults_applications:
 #      turn_secret:                                                         # Needs to be defined in inventory file  
     urls:
       api:                        "https://{{domains.bigbluebutton}}/bigbluebutton/"  # API Address used by Nextcloud Integration
+
   ## Bluesky
   bluesky:
     users:
@@ -605,22 +607,22 @@ defaults_applications:
   
   ## Open Project
   openproject:
-    version:              "13"                                              # Update when available. Sadly no rolling release implemented
+    version:                    "13"                                      # Update when available. Sadly no rolling release implemented
     oauth2_proxy:  
-      enabled:            true                                              # OpenProject doesn't support OIDC, so this procy in combination with LDAP is needed
+      enabled:                  true                                      # OpenProject doesn't support OIDC, so this procy in combination with LDAP is needed
-      application:        "proxy"
+      application:              "proxy"
-      port:               "80"
+      port:                     "80"
-#     cookie_secret:      None                                              # Set via openssl rand -hex 16
+#     cookie_secret:            None                                      # Set via openssl rand -hex 16
     ldap:
-      enabled:            True                                              # Enables LDAP by default
+      enabled:                  True                                      # Enables LDAP by default
+      filters:
+        administrators:         True                                      # Set true to filter administrators
+        users:                  False                                     # Set true to filter users
     database:                                                                               
-      central_storage:    True                                              # Activate Central Database Storage
+      central_storage:          True                                      # Activate Central Database Storage
-    css:
+    matomo_tracking_enabled:    "{{matomo_tracking_enabled_default}}"     # Enables\Disables Matomo Tracking
-      enabled:            false                                             # Temporary deactivated due to bugs
+    css_enabled:                "{{css_enabled_default}}"                 # Enables\Disables Global CSS Style
-                                                                            # @todo Solve and reactivate
+    landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}"  # Enables\Disables the possibility to embed this on landing page via iframe
-    matomo_tracking_enabled:      "{{matomo_tracking_enabled_default}}"     # Enables\Disables Matomo Tracking
-    css_enabled:                  "{{css_enabled_default}}"                 # Enables\Disables Global CSS Style
-    landingpage_iframe_enabled:   "{{landingpage_iframe_enabled_default}}"  # Enables\Disables the possibility to embed this on landing page via iframe
 
   ## Peertube
   peertube:
@@ -634,15 +636,17 @@ defaults_applications:
   ## PgAdmin
   pgadmin:
     version:                     "latest"
+    server_mode:                 False                                          # If true then the preconfigured database file is loaded. Recommended False. True is a security risk.
+    master_password_required:    True                                           # Master password is required. Recommended True. False is a security risk.
     users:
       administrator:
         email:                   "{{ users.administrator.email }}"              # Initial login email address
         password:                "{{ users.administrator.initial_password }}"   # Initial login password – should be overridden in inventory for security
     oauth2_proxy:
-      enabled:                    true                                           # Enable OAuth2 proxy for authentication
+      enabled:                    true                                          # Enable OAuth2 proxy for authentication
       application:                "application"
       port:                       "80"
-#     cookie_secret:              None                                           # Set via: openssl rand -hex 16
+#     cookie_secret:              None                                          # Set via: openssl rand -hex 16
     database:
       central_storage:            True                                          # Uses central PostgreSQL database
     matomo_tracking_enabled:      "{{ matomo_tracking_enabled_default }}"       # Enables/Disables Matomo Tracking

roles/docker-pgadmin/tasks/configuration.yml

@@ -0,0 +1,22 @@
+- name: "load variables from {{ database_var_file }}"
+  include_vars: "{{ database_var_file }}"
+
+- name: "loading database configuration variables"
+  include_vars:
+    file: "{{ role_path }}/vars/configuration.yml"
+
+- name: "Render servers.json file"
+  template:
+    src: servers.json.j2
+    dest: "{{ pgadmin_host_server_file }}"
+    mode: "0644"
+  notify: docker compose project setup
+
+- name: "Render .pgpass file"
+  template:
+    src: pgpass.j2
+    dest: "{{ pgadmin_host_password_file }}"
+    owner: "{{ pgadmin_user }}"
+    group: "{{ pgadmin_group }}"
+    mode: "0600"
+  notify: docker compose project setup

roles/docker-pgadmin/tasks/main.yml

@@ -10,5 +10,9 @@
     domain:     "{{ domains[application_id] }}"
     http_port:  "{{ ports.localhost.http[application_id] }}"
 
+- name: "configure pgadmin servers"
+  include_tasks: configuration.yml
+  when: applications[application_id].server_mode | bool
+
 - name: "copy docker-compose.yml and env file"
   include_tasks: copy-docker-compose-and-env.yml

roles/docker-pgadmin/templates/docker-compose.yml.j2

@@ -3,7 +3,7 @@ services:
 {% include 'roles/docker-oauth2-proxy/templates/container.yml.j2' %}
 
   application:
-    image: dpage/pgadmin4:{{applications.pgadmin.version}}
+    image: dpage/pgadmin4:{{applications[application_id].version}}
     container_name: pgadmin
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
     ports:
@@ -15,5 +15,14 @@ services:
       interval: 30s
       timeout: 10s
       retries: 3
+    volumes:
+      - "data:/var/lib/pgadmin"
+{% if applications[application_id].server_mode | bool %}
+      - "{{ pgadmin_host_server_file }}:{{ pgadmin_docker_server_file }}"
+      - "{{ pgadmin_host_password_file }}:{{ pgadmin_docker_password_file }}"
+{% endif %}
+
+{% include 'templates/docker/compose/volumes.yml.j2' %}
+  data:
 
 {% include 'templates/docker/compose/networks.yml.j2' %}

roles/docker-pgadmin/templates/env.j2

@@ -1,5 +1,21 @@
 # Configuration @see https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html
 
-PGADMIN_DEFAULT_EMAIL={{ applications[application_id].users.administrator.email }}
+# Disable postfix integration (not needed in containerized environments)
-PGADMIN_DEFAULT_PASSWORD={{ applications[application_id].users.administrator.password }}
 PGADMIN_DISABLE_POSTFIX=True
+
+# Default login email for server mode
+PGADMIN_DEFAULT_EMAIL={{ applications[application_id].users.administrator.email }}
+
+# Default login password for server mode
+PGADMIN_DEFAULT_PASSWORD={{ applications[application_id].users.administrator.password }}
+
+{% if applications[application_id].server_mode | bool %}
+# Load server connection settings from this JSON file
+PGADMIN_SERVER_JSON_FILE={{ pgadmin_docker_server_file }}
+
+# Enable desktop (single-user) mode
+PGADMIN_CONFIG_SERVER_MODE=False
+
+# Disable master password prompt for stored credentials
+PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED={{ applications[application_id].master_password_required | capitalize }}
+{% endif %}

roles/docker-pgadmin/templates/pgpass.j2

@@ -0,0 +1,3 @@
+{% for server in pgadmin_servers %}
+{{ server.host }}:{{ server.port }}:*:{{ server.username }}:{{ server.password }}
+{% endfor %}

roles/docker-pgadmin/templates/servers.json.j2

@@ -0,0 +1,16 @@
+{
+  "Servers": {
+    {% for server in pgadmin_servers %}
+    "{{ loop.index }}": {
+      "Name": "{{ server.name }}",
+      "Group": "Servers",
+      "Host": "{{ server.host }}",
+      "Port": {{ server.port }},
+      "MaintenanceDB": "{{ server.maintenance_db }}",
+      "Username": "{{ server.username }}",
+      "SSLMode": "prefer",
+      "PassFile": "/pgpass"
+    }{% if not loop.last %},{% endif %}
+    {% endfor %}
+  }
+}

roles/docker-pgadmin/vars/configuration.yml

@@ -0,0 +1,14 @@
+pgadmin_host_server_file:     "{{docker_compose.directories.volumes}}servers.json"
+pgadmin_docker_server_file:   "/pgadmin4/servers.json"
+pgadmin_host_password_file:   "{{docker_compose.directories.volumes}}.pgpass"
+pgadmin_docker_password_file: "/pgpass"
+
+pgadmin_servers:
+  - name:           "Central Postgres Database"
+    host:           "{{ database_host }}"
+    port:           "{{ database_port }}"
+    username:       "postgres"
+    maintenance_db: "postgres"
+    password:       "{{ central_postgres_password }}"
+
+# Here you can add more databases 

roles/docker-pgadmin/vars/main.yml

@@ -1,3 +1,6 @@
-application_id:       "pgadmin"
+application_id:               "pgadmin"
-database_type:        "postgres"
+database_type:                "postgres"
-database_host:        "{{ 'central-' + database_type if applications[application_id].database.central_storage }}"
+database_host:                "{{ 'central-' + database_type if applications[application_id].database.central_storage }}"
+database_var_file:            "{{playbook_dir}}/roles/docker-central-database/vars/database.yml"
+pgadmin_user:                 5050
+pgadmin_group:                "{{pgadmin_user}}"

roles/docker-snipe_it/templates/env.j2

@@ -49,14 +49,14 @@ DB_SSL_VERIFY_SERVER=null
 # REQUIRED: OUTGOING MAIL SERVER SETTINGS
 # --------------------------------------------
 MAIL_MAILER             =   smtp
-MAIL_HOST               =   {{system_email.host}}                       # SMTP server address
+MAIL_HOST               =   {{system_email.host}}               # SMTP server address
-MAIL_PORT               =   {{system_email.port}}                       # SMTP server address
+MAIL_PORT               =   {{system_email.port}}               # SMTP server address
-MAIL_USERNAME           =   {{system_email.username}}                   # user to connect the SMTP server
+MAIL_USERNAME           =   {{system_email.username}}           # user to connect the SMTP server
-MAIL_PASSWORD           =   {{system_email.password}}                   # SMTP user's password
+MAIL_PASSWORD           =   {{system_email.password}}           # SMTP user's password
-MAIL_TLS_VERIFY_PEER    =   {{ system_email.tls | lower | capitalize }} # use TLS (secure) connection with the SMTP server
+MAIL_TLS_VERIFY_PEER    =   {{ system_email.tls | capitalize }} # use TLS (secure) connection with the SMTP server
-MAIL_FROM_ADDR          =   {{system_email.from}}                       # default email address for the automated emails
+MAIL_FROM_ADDR          =   {{system_email.from}}               # default email address for the automated emails
 MAIL_FROM_NAME          =   'Snipe-IT'
-MAIL_REPLYTO_ADDR       =   {{system_email.from}}                       # default email address for the automated emails
+MAIL_REPLYTO_ADDR       =   {{system_email.from}}               # default email address for the automated emails
 MAIL_REPLYTO_NAME       =   'Snipe-IT'
 MAIL_AUTO_EMBED_METHOD  =   'attachment'