kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-02-20 19:56:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Refactored application variables

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-02-03 11:44:13 +01:00
parent ce13beff68
commit b11879650c
60 changed files with 294 additions and 255 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
group_vars/all/03_domains.yml
View File

@ -1,7 +1,7 @@
# Domains
## Service Domains
default_domains:
defaults_domains:
akaunting: "accounting.{{primary_domain}}"
attendize: "tickets.{{primary_domain}}"
baserow: "baserow.{{primary_domain}}"

247
group_vars/all/07_applications.yml
View File

@ -10,44 +10,6 @@ enable_system_storage_optimizer: true
## Docker Role Specific Parameters
docker_restart_policy: "unless-stopped"
## Akaunting
akaunting_version: "latest"
akaunting_company_name: "{{primary_domain}}"
akaunting_company_email: "{{administrator_email}}"
akaunting_setup_admin_email: "{{administrator_email}}"
## Attendize
attendize_version: "latest"
## Baserow
baserow_version: "latest"
## Big Blue Button
bigbluebutton_enable_greenlight: "true"
## Bluesky
bluesky_administrator_email: "{{administrator_email}}"
bluesky_pds_version: "latest"
## Friendica
friendica_version: "latest"
## Funkwhale
funkwhale_version: "1.4.0"
## Gitea
gitea_version: "latest"
## Gitlab
gitlab_version: "latest"
## Joomla
joomla_version: "latest"
## Keycloak
keycloak_version: "latest"
keycloak_administrator_username: "{{administrator_username}}" # Administrator Username for Keycloak
### Keycloak Client Configuration
oidc_client_active: true # Implement OpenID Connect https://en.wikipedia.org/wiki/OpenID_Connect
oidc_client_id: "{{primary_domain}}"
@ -60,86 +22,161 @@ oidc_client_user_info_url: "{{oidc_client_issuer_url}}/protocol/openid-co
oidc_client_logout_url: "{{oidc_client_issuer_url}}/protocol/openid-connect/logout"
# oidc_client_secret: "{{oidc_client_secret}}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible
## LDAP
ldap_lam_version: "latest"
ldap_openldap_version: "latest"
ldap_phpldapadmin_version: "2.0.0-dev" # @todo Attention: Change this as fast as released to latest
ldap_webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin
ldap_administrator_username: "{{administrator_username}}"
ldap_administrator_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons
ldap_administrator_database_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons
ldap_lam_administrator_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons
ldap_expose_to_internet: false # Set to true if you want to expose the LDAP port to the internet. Keep in mind to
ldap_network_enabled: false # Activate LDAP network for insecure communitation on localhot between different container instances. Set in vars/main.yml
ldap_network_enabled: false # Activate LDAP network for insecure communitation on localhot between different container instances. Set in vars/main.yml
## Listmonk
listmonk_admin_username: "{{administrator_username}}"
listmonk_public_api_activated: False # Security hole. Can be used for spaming
listmonk_version: "latest"
oauth2_proxy_upstream_application_and_port: "application:80" # The name of the application which the server redirects to. Needs to be defined in role vars.
oauth2_proxy_active: false
## MariaDB
mariadb_version: "latest"
defaults_applications:
## Matomo
matomo_version: "latest"
## Akaunting
akaunting:
version: "latest"
company_name: "{{primary_domain}}"
company_email: "{{administrator_email}}"
setup_admin_email: "{{administrator_email}}"
## Mastodon
mastodon_version: "latest"
mastodon_single_user_mode: false
## Attendize
attendize:
version: "latest"
## Matrix
matrix_administrator_username: "{{administrator_username}}" # Accountname of the matrix admin
matrix_playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start
matrix_role: "compose" # Role to setup Matrix. Valid values: ansible, compose
matrix_server_name: "{{primary_domain}}" # Adress for the account names etc.
matrix_synapse_version: "latest"
matrix_element_version: "latest"
## Baserow
baserow:
version: "latest"
## Mailu
mailu_version: "2024.06"
mailu_domain: "{{primary_domain}}"
mailu_subnet: "192.168.203.0/24"
## Big Blue Button
bigbluebutton:
enable_greenlight: "true"
## Moodle
moodle_site_name: "Global Learning Academy on {{primary_domain}}"
moodle_administrator_name: "{{administrator_username}}"
moodle_administrator_email: "{{administrator_email}}"
moodle_version: "latest"
## Bluesky
bluesky:
administrator_email: "{{administrator_email}}"
pds:
version: "latest"
## MyBB
mybb_version: "latest"
## Friendica
friendica:
version: "latest"
## Nextcloud
nextcloud_version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
## Funkwhale
funkwhale:
version: "1.4.0"
## OAuth2 Proxy
oauth2_configuration_file: "oauth2-proxy-keycloak.cfg"
oauth2_proxy_active: false # Needs to be set true in the roles which use it
oauth2_version: "latest"
oauth2_proxy_redirect_url: "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
# oauth2_proxy_port: >= 4180 # This ports should be defined in the roles. They are for the local mapping on the host and need to be defined in the playbook for transparancy.
oauth2_proxy_upstream_application_and_port: "application:80" # The name of the application which the server redirects to. Needs to be defined in role vars.
oauth2_proxy_allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups
#oauth2_proxy_cookie_secret: "{{oauth2_proxy_cookie_secret}}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16
## Gitea
gitea:
version: "latest"
## Peertube
peertube_version: "bookworm"
## Gitlab
gitlab:
version: "latest"
## PHPMyAdmin
phpmyadmin_version: "latest"
phpmyadmin_autologin: false # This is a high security risk. Just activate this option if you know what you're doing
## Joomla
joomla:
version: "latest"
## Pixelfed
pixelfed_app_name: "Pictures on {{primary_domain}}"
pixelfed_version: "latest"
## Keycloak
keycloak:
version: "latest"
administrator_username: "{{administrator_username}}" # Administrator Username for Keycloak
## Postgres
# Please set an version in your inventory file - Rolling release for postgres isn't recommended
postgres_database_version: "latest"
## LDAP
ldap:
lam:
version: "latest"
administrator_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons
openldap:
version: "latest"
expose_to_internet: false # Set to true if you want to expose the LDAP port to the internet. Keep in mind to
phpldapadmin:
version: "2.0.0-dev" # @todo Attention: Change this as fast as released to latest
webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin
administrator_username: "{{administrator_username}}"
administrator_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons
administrator_database_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons
## Taiga
taiga_version: "latest"
## Listmonk
listmonk:
administrator_username: "{{administrator_username}}"
public_api_activated: False # Security hole. Can be used for spaming
version: "latest"
## YOURLS
yourls_administrator_username: "{{administrator_username}}"
yourls_version: "latest"
## MariaDB
mariadb:
version: "latest"
## Matomo
matomo:
version: "latest"
## Mastodon
mastodon:
version: "latest"
single_user_mode: false
## Matrix
matrix:
administrator_username: "{{administrator_username}}" # Accountname of the matrix admin
playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start
role: "compose" # Role to setup Matrix. Valid values: ansible, compose
server_name: "{{primary_domain}}" # Adress for the account names etc.
synapse:
version: "latest"
element:
version: "latest"
## Mailu
mailu:
version: "2024.06"
domain: "{{primary_domain}}"
subnet: "192.168.203.0/24"
## Moodle
moodle:
site_titel: "Global Learning Academy on {{primary_domain}}"
administrator_name: "{{administrator_username}}"
administrator_email: "{{administrator_email}}"
version: "latest"
## MyBB
mybb:
version: "latest"
## Nextcloud
nextcloud:
version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
## OAuth2 Proxy
oauth2_proxy:
configuration_file: "oauth2-proxy-keycloak.cfg" # Needs to be set true in the roles which use it
version: "latest"
redirect_url: "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups
cookie_secret: "{{applications.oauth2_proxy.cookie_secret}}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16
## Peertube
peertube:
version: "bookworm"
## PHPMyAdmin
phpmyadmin:
version: "latest"
autologin: false # This is a high security risk. Just activate this option if you know what you're doing
## Pixelfed
pixelfed:
titel: "Pictures on {{primary_domain}}"
version: "latest"
## Postgres
# Please set an version in your inventory file - Rolling release for postgres isn't recommended
postgres:
database.version: "latest"
## Taiga
taiga:
version: "latest"
## YOURLS
yourls:
administrator_username: "{{administrator_username}}"
version: "latest"

7
playbook.constructor.yml
View File

@ -4,10 +4,13 @@
tasks:
- name: Merge system_email definitions
set_fact:
system_email: "{{ default_system_email | combine(system_email | default({}, true)) }}"
system_email: "{{ default_system_email | combine(system_email | default({}, true), recursive=True) }}"
- name: Merge domain definitions
set_fact:
domains: "{{ default_domains | combine(domains | default({}, true)) }}"
domains: "{{ defaults_domains | combine(domains | default({}, true), recursive=True) }}"
- name: Merge application definitions
set_fact:
applications: "{{ defaults_applications | combine(applications | default({}, true), recursive=True) }}"
- name: update device
hosts: all

4
playbook.servers.yml
View File

@ -147,9 +147,9 @@
become: true
roles:
- role: docker-matrix-ansible
when: matrix_role == 'ansible'
when: applications.matrix.role == 'ansible'
- role: docker-matrix-compose
when: matrix_role == 'compose'
when: applications.matrix.role == 'compose'
- name: setup open project instances
hosts: openproject

2
roles/docker-akaunting/README.md
View File

@ -87,7 +87,7 @@ Detailed steps for backing up your Akaunting instance, including setting manual
Variables are crucial in configuring your Akaunting setup. Ensure you set the following variables correctly in your environment:
- `docker_compose_instance_directory`: Set this variable to the path where your Docker Compose files for Akaunting are located.
- `akaunting_db_password`, `akaunting_version`, `akaunting_company_name`, `akaunting_company_email`, `akaunting_setup_admin_email`, and `akaunting_setup_admin_password`: These should be set in your `.env` files as per your requirements.
- `akaunting_db_password`, `applications.akaunting.version`, `applications.akaunting.company_name`, `applications.akaunting.company_email`, `applications.akaunting.setup_admin_email`, and `akaunting_setup_admin_password`: These should be set in your `.env` files as per your requirements.
### Additional Configuration
- **SSL Certificate**: The guide includes steps to receive a certificate for your domain.

2
roles/docker-akaunting/templates/docker-compose.yml.j2
View File

@ -3,7 +3,7 @@ services:
{% include 'templates/docker/services/' + database_type + '.yml.j2' %}
application:
image: docker.io/akaunting/akaunting:{{akaunting_version}}
image: docker.io/akaunting/akaunting:{{applications.akaunting.version}}
build:
context: .
ports:

6
roles/docker-akaunting/templates/run.env.j2
View File

@ -14,9 +14,9 @@ DB_PASSWORD={{database_password}}
DB_PREFIX=asd_
# These define the first company to exist on this instance. They are only used during setup.
COMPANY_NAME={{akaunting_company_name}}
COMPANY_EMAIL={{akaunting_company_email}}
COMPANY_NAME={{applications.akaunting.company_name}}
COMPANY_EMAIL={{applications.akaunting.company_email}}
# This will be the first administrative user created on setup.
ADMIN_EMAIL={{akaunting_setup_admin_email}}
ADMIN_EMAIL={{applications.akaunting.setup_admin_email}}
ADMIN_PASSWORD={{akaunting_setup_admin_password}}

4
roles/docker-attendize/templates/docker-compose.yml.j2
View File

@ -5,7 +5,7 @@ services:
{% include 'templates/docker/services/' + database_type + '.yml.j2' %}
web:
image: "attendize_web:{{attendize_version}}"
image: "attendize_web:{{applications.attendize.version}}"
ports:
- "{{http_port}}:80"
volumes:
@ -19,7 +19,7 @@ services:
{% include 'templates/docker/container/networks.yml.j2' %}
worker:
image: "attendize_worker:{{attendize_version}}"
image: "attendize_worker:{{applications.attendize.version}}"
{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
maildev:
{% include 'templates/docker/container/networks.yml.j2' %}

2
roles/docker-baserow/templates/docker-compose.yml.j2
View File

@ -5,7 +5,7 @@ services:
{% include 'templates/docker/services/' + database_type + '.yml.j2' %}
application:
image: "baserow/baserow:{{baserow_version}}"
image: "baserow/baserow:{{applications.baserow.version}}"
container_name: baserow-application
restart: {{docker_restart_policy}}
logging:

2
roles/docker-bigbluebutton/templates/env.j2
View File

@ -1,7 +1,7 @@
ENABLE_COTURN=true
COTURN_TLS_CERT_PATH=/etc/letsencrypt/live/{{ primary_domain if enable_one_letsencrypt_cert_for_all else domain }}/fullchain.pem
COTURN_TLS_KEY_PATH=/etc/letsencrypt/live/{{ primary_domain if enable_one_letsencrypt_cert_for_all else domain }}/privkey.pem
ENABLE_GREENLIGHT={{bigbluebutton_enable_greenlight}}
ENABLE_GREENLIGHT={{applications.bigbluebutton.enable_greenlight}}
# Enable Webhooks
# used by some integrations

4
roles/docker-bluesky/templates/docker-compose.yml.j2
View File

@ -1,6 +1,6 @@
services:
pds:
image: "ghcr.io/bluesky-social/pds:{{bluesky_pds_version}}"
image: "ghcr.io/bluesky-social/pds:{{applications.bluesky.pds.version}}"
restart: {{docker_restart_policy}}
volumes:
- pds_data:/pds
@ -8,7 +8,7 @@ services:
environment:
# Geben Sie hier Ihre Domain und Konfigurationsdetails an
PDS_HOSTNAME: "{{domains.api}}"
PDS_ADMIN_EMAIL: "{{bluesky_administrator_email}}"
PDS_ADMIN_EMAIL: "{{applications.bluesky.administrator_email}}"
PDS_SERVICE_DID: "did:web:{{domain_api}}"
# See https://mattdyson.org/blog/2024/11/self-hosting-bluesky-pds/
PDS_SERVICE_HANDLE_DOMAINS: ".{{primary_domain}}"

2
roles/docker-friendica/templates/docker-compose.yml.j2
View File

@ -3,7 +3,7 @@ services:
{% include 'templates/docker/services/' + database_type + '.yml.j2' %}
application:
image: "friendica:{{friendica_version}}"
image: "friendica:{{applications.friendica.version}}"
restart: {{docker_restart_policy}}
volumes:
- data:/var/www/html

8
roles/docker-funkwhale/templates/docker-compose.yml.j2
View File

@ -14,7 +14,7 @@ services:
# flag:
# celery -A funkwhale_api.taskapp worker -l INFO --concurrency=4
restart: {{docker_restart_policy}}
image: funkwhale/api:${FUNKWHALE_VERSION:-latest}
image: funkwhale/api:${applications.funkwhale.version:-latest}
env_file: .env
command: celery -A funkwhale_api.taskapp worker -l INFO --concurrency=${CELERYD_CONCURRENCY-0}
environment:
@ -27,7 +27,7 @@ services:
celerybeat:
restart: {{docker_restart_policy}}
image: funkwhale/api:${FUNKWHALE_VERSION:-latest}
image: funkwhale/api:${applications.funkwhale.version:-latest}
env_file: .env
command: celery -A funkwhale_api.taskapp beat --pidfile= -l INFO
{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
@ -35,7 +35,7 @@ services:
api:
restart: {{docker_restart_policy}}
image: funkwhale/api:${FUNKWHALE_VERSION:-latest}
image: funkwhale/api:${applications.funkwhale.version:-latest}
env_file: .env
volumes:
- "music:${MUSIC_DIRECTORY_PATH}:ro"
@ -48,7 +48,7 @@ services:
front:
restart: {{docker_restart_policy}}
image: funkwhale/front:${FUNKWHALE_VERSION:-latest}
image: funkwhale/front:${applications.funkwhale.version:-latest}
depends_on:
- api
env_file:

2
roles/docker-funkwhale/templates/env.j2
View File

@ -18,7 +18,7 @@
# -----------
MUSIC_DIRECTORY_PATH=/music
FUNKWHALE_VERSION={{funkwhale_version}}
applications.funkwhale.version={{applications.funkwhale.version}}
# End of docker-only configuration

2
roles/docker-funkwhale/vars/main.yml
View File

@ -2,4 +2,4 @@ application_id: "funkwhale"
nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size 512M;"
database_password: "{{funkwhale_database_password}}"
database_type: "postgres"
ldap_network_enabled: true # Activate LDAP network
ldap_network_enabled: true # Activate LDAP network

2
roles/docker-gitea/templates/docker-compose.yml.j2
View File

@ -6,7 +6,7 @@ services:
logging:
driver: journald
restart: {{docker_restart_policy}}
image: "gitea/gitea:{{gitea_version}}"
image: "gitea/gitea:{{applications.gitea.version}}"
environment:
- USER_UID=1000
- USER_GID=1000

2
roles/docker-gitlab/templates/docker-compose.yml.j2
View File

@ -5,7 +5,7 @@ services:
{% include 'templates/docker/services/' + database_type + '.yml.j2' %}
web:
image: "gitlab/gitlab-ee:{{gitlab_version}}"
image: "gitlab/gitlab-ee:{{applications.gitlab.version}}"
restart: {{docker_restart_policy}}
hostname: '{{domain}}'
environment:

2
roles/docker-joomla/templates/docker-compose.yml.j2
View File

@ -3,7 +3,7 @@ services:
{% include 'templates/docker/services/' + database_type + '.yml.j2' %}
application:
image: "joomla:{{joomla_version}}"
image: "joomla:{{applications.joomla.version}}"
logging:
driver: journald
environment:

8
roles/docker-keycloak/README.md
View File

@ -33,9 +33,9 @@ Defined in `vars/main.yml`:
| Variable | Description |
|---------------------------------|------------------------------------------------------------------|
| `keycloak_version` | Version of the Keycloak image. |
| `applications.keycloak.version` | Version of the Keycloak image. |
| `domain` | Domain where Keycloak will be accessible. |
| `keycloak_administrator_username` | Admin username for Keycloak. |
| `applications.keycloak.administrator_username` | Admin username for Keycloak. |
| `keycloak_administrator_password` | Admin password for Keycloak. |
| `database_host` | Host of the PostgreSQL database. |
| `database_name` | Name of the PostgreSQL database. |
@ -66,8 +66,8 @@ Here is an example of how to use this role in a playbook:
hosts: all
vars:
domain: "auth.example.com"
keycloak_version: "21.1.0"
keycloak_administrator_username: "admin"
applications.keycloak.version: "21.1.0"
applications.keycloak.administrator_username: "admin"
keycloak_administrator_password: "securepassword"
database_host: "db.example.com"
database_name: "keycloak_db"

4
roles/docker-keycloak/templates/docker-compose.yml.j2
View File

@ -3,13 +3,13 @@ services:
{% include 'templates/docker/services/' + database_type + '.yml.j2' %}
application:
image: quay.io/keycloak/keycloak:{{keycloak_version}}
image: quay.io/keycloak/keycloak:{{applications.keycloak.version}}
command: start
environment:
KC_HOSTNAME: https://{{domain}}
KC_HTTP_ENABLED: true
KC_HEALTH_ENABLED: true
KEYCLOAK_ADMIN: "{{keycloak_administrator_username}}"
KEYCLOAK_ADMIN: "{{applications.keycloak.administrator_username}}"
KEYCLOAK_ADMIN_PASSWORD: "{{keycloak_administrator_password}}"
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://{{database_host}}/{{database_name}}

20
roles/docker-ldap/README.md
View File

@ -34,12 +34,12 @@ This Ansible role provides a streamlined implementation of an LDAP server with T
|-------------------------------|----------------------------------------------------------|--------------------------------------|
| `application_id` | Name of the Docker Compose project. | `ldap` |
| `ldap_root` | Base DN for the LDAP directory. | `dc={{primary_domain_sld}},dc={{primary_domain_tld}}` |
| `ldap_admin_dn` | Distinguished Name (DN) for the LDAP administrator. | `cn={{ldap_administrator_username}},{{ldap_root}}` |
| `ldap_admin_dn` | Distinguished Name (DN) for the LDAP administrator. | `cn={{applications.ldap.administrator_username}},{{ldap_root}}` |
| `cert_mount_directory` | Directory to mount SSL/TLS certificates. | `{{docker_compose_instance_directory}}/certs/` |
| `ldap_administrator_username` | Username for the LDAP admin. | `admin` |
| `ldap_administrator_password` | Password for the LDAP admin. | _Required_ |
| `ldap_phpldapadmin_version` | Version of phpLDAPadmin Docker image. | `latest` |
| `ldap_openldap_version` | Version of OpenLDAP Docker image. | `latest` |
| `applications.ldap.administrator_username` | Username for the LDAP admin. | `admin` |
| `applications.ldap.administrator_password` | Password for the LDAP admin. | _Required_ |
| `applications.ldap.phpldapadmin.version` | Version of phpLDAPadmin Docker image. | `latest` |
| `applications.ldap.openldap.version` | Version of OpenLDAP Docker image. | `latest` |
---
@ -73,10 +73,10 @@ Heres an example playbook to use this role:
docker_compose_instance_directory: "/opt/docker/ldap/"
primary_domain_sld: "veen"
primary_domain_tld: "world"
ldap_administrator_username: "administrator"
ldap_administrator_password: "secure_password_here"
ldap_phpldapadmin_version: "latest"
ldap_openldap_version: "latest"
applications.ldap.administrator_username: "administrator"
applications.ldap.administrator_password: "secure_password_here"
applications.ldap.phpldapadmin.version: "latest"
applications.ldap.openldap.version: "latest"
```
### **Steps to Deploy:**
@ -114,7 +114,7 @@ The following directories are mounted in the container:
---
## 🔒 **Security Recommendations**
- Always use strong passwords for `ldap_administrator_password`.
- Always use strong passwords for `applications.ldap.administrator_password`.
- Restrict access to phpLDAPadmin by binding it to `127.0.0.1` or using a reverse proxy.
---

4
roles/docker-ldap/tasks/main.yml
View File

@ -11,13 +11,13 @@
src: "nginx.stream.conf.j2"
dest: "{{nginx.directories.streams}}{{domain}}.conf"
notify: restart nginx
when: ldap_expose_to_internet | bool
when: applications.ldap.openldap.expose_to_internet | bool
- name: Remove {{domain}}.conf if LDAP is not exposed to internet
file:
path: "{{ nginx.directories.streams }}{{ domain }}.conf"
state: absent
when: not ldap_expose_to_internet | bool
when: not applications.ldap.openldap.expose_to_internet | bool
- name: "create {{docker_compose_instance_directory}}"
file:

28
roles/docker-ldap/templates/docker-compose.yml.j2
View File

@ -2,19 +2,19 @@ services:
{% include 'roles/docker-oauth2-proxy/templates/container.yml.j2' %}
{{ldap_webinterface}}:
container_name: {{ldap_webinterface}}
{{applications.ldap.webinterface}}:
container_name: {{applications.ldap.webinterface}}
logging:
driver: journald
restart: {{docker_restart_policy}}
{% if ldap_webinterface == 'lam' %}
image: ghcr.io/ldapaccountmanager/lam:{{ldap_lam_version}} # Dies ist das Docker-Image für LAM
{% if applications.ldap.webinterface == 'lam' %}
image: ghcr.io/ldapaccountmanager/lam:{{applications.ldap.lam.version}} # Dies ist das Docker-Image für LAM
ports:
- 127.0.0.1:{{http_port}}:80
environment: # See all variables here: https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env
# Basic Configuration
LAM_PASSWORD: {{ldap_lam_administrator_password}} # LAM configuration master password and password for server profile "lam
LAM_PASSWORD: {{applications.ldap.lam.administrator_password}} # LAM configuration master password and password for server profile "lam
# Database
LAM_CONFIGURATION_DATABASE: files # configuration database (files or mysql) @todo implement mariadb
@ -24,9 +24,9 @@ services:
LDAP_DOMAIN: {{domain}} # domain of LDAP database root entry, will be converted to dc=...,dc=...
LDAP_BASE_DN: {{ldap_root}} # LDAP base DN to overwrite value generated by LDAP_DOMAIN
LDAP_USER: {{ldap_admin_dn}} # LDAP admin user (set as login user for LAM)
LDAP_ADMIN_PASSWORD: {{ldap_administrator_database_password}} # LDAP admin password
{% elif ldap_webinterface == 'phpldapadmin' %}
image: leenooks/phpldapadmin:{{ldap_phpldapadmin_version}}
LDAP_ADMIN_PASSWORD: {{applications.ldap.administrator_database_password}} # LDAP admin password
{% elif applications.ldap.webinterface == 'phpldapadmin' %}
image: leenooks/phpldapadmin:{{applications.ldap.phpldapadmin.version}}
ports:
- 127.0.0.1:{{http_port}}:8080
environment:
@ -35,7 +35,7 @@ services:
LDAP_HOST: openldap
{% endif %}
openldap:
image: bitnami/openldap:{{ldap_openldap_version}}
image: bitnami/openldap:{{applications.ldap.openldap.version}}
container_name: openldap
logging:
driver: journald
@ -48,8 +48,8 @@ services:
# GENERAL
## Database
LDAP_ADMIN_USERNAME: {{ldap_administrator_username}} # LDAP database admin user.
LDAP_ADMIN_PASSWORD: {{ldap_administrator_database_password}} # LDAP database admin password.
LDAP_ADMIN_USERNAME: {{applications.ldap.administrator_username}} # LDAP database admin user.
LDAP_ADMIN_PASSWORD: {{applications.ldap.administrator_database_password}} # LDAP database admin password.
## Users
LDAP_USERS: ' ' # Comma separated list of LDAP users to create in the default LDAP tree. Default: user01,user02
@ -59,8 +59,8 @@ services:
## Admin
LDAP_ADMIN_DN: {{ldap_admin_dn}} # Not well documented. Don't know if this has an effect
LDAP_CONFIG_ADMIN_ENABLED: yes
LDAP_CONFIG_ADMIN_USERNAME: {{ldap_administrator_username}}
LDAP_CONFIG_ADMIN_PASSWORD: {{ldap_administrator_password}}
LDAP_CONFIG_ADMIN_USERNAME: {{applications.ldap.administrator_username}}
LDAP_CONFIG_ADMIN_PASSWORD: {{applications.ldap.administrator_password}}
# Network
LDAP_PORT_NUMBER: {{ldap_localhost_port}} # Route to default port
@ -73,7 +73,7 @@ services:
- 'data:/bitnami/openldap'
healthcheck:
test: >
ldapsearch -x -H ldap://localhost:389 -b "{{ldap_root}}" -D "{{ldap_admin_dn}}" -w "{{ldap_administrator_database_password}}"
ldapsearch -x -H ldap://localhost:389 -b "{{ldap_root}}" -D "{{ldap_admin_dn}}" -w "{{applications.ldap.administrator_database_password}}"
interval: 30s
timeout: 10s
retries: 3

5
roles/docker-ldap/vars/main.yml
View File

@ -1,15 +1,14 @@
application_id: "ldap"
ldap_root: "dc={{primary_domain_sld}},dc={{primary_domain_tld}}"
ldap_admin_dn: "cn={{ldap_administrator_username}},{{ldap_root}}"
ldap_admin_dn: "cn={{applications.ldap.administrator_username}},{{ldap_root}}"
ldap_secure_localhost_port: 1636
ldap_secure_internet_port: 636
ldap_localhost_port: 389
# OAuth2 Proxy Configuration
oauth2_proxy_upstream_application_and_port: "{{ ldap_webinterface }}:{% if ldap_webinterface == 'phpldapadmin' %}8080{% else %}80{% endif %}"
oauth2_proxy_upstream_application_and_port: "{{ applications.ldap.webinterface }}:{% if applications.ldap.webinterface == 'phpldapadmin' %}8080{% else %}80{% endif %}"
oauth2_proxy_active: true
enable_one_letsencrypt_cert_for_all: false # Activate dedicated Certificate
ldap_network_enabled: true # Activate LDAP network

4
roles/docker-listmonk/tasks/main.yml
View File

@ -2,10 +2,10 @@
- name: "include docker/compose/database.yml"
include_tasks: docker/compose/database.yml
- name: Set nginx_docker_reverse_proxy_extra_configuration based on listmonk_public_api_activated
- name: Set nginx_docker_reverse_proxy_extra_configuration based on applications.listmonk.public_api_activated
set_fact:
nginx_docker_reverse_proxy_extra_configuration: >-
{% if not listmonk_public_api_activated %}
{% if not applications.listmonk.public_api_activated %}
{{ lookup('file', '{{ role_path }}/files/deactivate-public-api.conf') }}
{% else %}
""

2
roles/docker-listmonk/templates/config.toml.j2
View File

@ -9,7 +9,7 @@ address = "0.0.0.0:9000"
# be replaced with a better multi-user, role-based authentication system.
# IMPORTANT: Leave both values empty to disable authentication on admin
# only where an external authentication is already setup.
# admin_username = "{{listmonk_admin_username}}"
# admin_username = "{{applications.listmonk.administrator_username}}"
# admin_password = "{{listmonk_admin_password}}"
# Deactivated for newer versions

2
roles/docker-listmonk/templates/docker-compose.yml.j2
View File

@ -4,7 +4,7 @@ services:
application:
restart: {{docker_restart_policy}}
image: listmonk/listmonk:{{listmonk_version}}
image: listmonk/listmonk:{{applications.listmonk.version}}
ports:
- "127.0.0.1:{{http_port}}:9000"
environment:

22
roles/docker-mailu/templates/docker-compose.yml.j2
View File

@ -6,7 +6,7 @@ services:
# Core services
resolver:
image: ghcr.io/mailu/unbound:{{mailu_version}}
image: ghcr.io/mailu/unbound:{{applications.mailu.version}}
env_file: mailu.env
restart: {{docker_restart_policy}}
{% include 'templates/docker/container/networks.yml.j2' %}
@ -15,7 +15,7 @@ services:
driver: journald
front:
image: ghcr.io/mailu/nginx:{{mailu_version}}
image: ghcr.io/mailu/nginx:{{applications.mailu.version}}
restart: {{docker_restart_policy}}
env_file: mailu.env
logging:
@ -43,7 +43,7 @@ services:
- 192.168.203.254
admin:
image: ghcr.io/mailu/admin:{{mailu_version}}
image: ghcr.io/mailu/admin:{{applications.mailu.version}}
restart: {{docker_restart_policy}}
env_file: mailu.env
volumes:
@ -61,7 +61,7 @@ services:
{% include 'templates/docker/container/networks.yml.j2' %}
imap:
image: ghcr.io/mailu/dovecot:{{mailu_version}}
image: ghcr.io/mailu/dovecot:{{applications.mailu.version}}
restart: {{docker_restart_policy}}
env_file: mailu.env
volumes:
@ -77,7 +77,7 @@ services:
{% include 'templates/docker/container/networks.yml.j2' %}
smtp:
image: ghcr.io/mailu/postfix:{{mailu_version}}
image: ghcr.io/mailu/postfix:{{applications.mailu.version}}
restart: {{docker_restart_policy}}
env_file: mailu.env
volumes:
@ -93,7 +93,7 @@ services:
{% include 'templates/docker/container/networks.yml.j2' %}
oletools:
image: ghcr.io/mailu/oletools:{{mailu_version}}
image: ghcr.io/mailu/oletools:{{applications.mailu.version}}
hostname: oletools
restart: {{docker_restart_policy}}
depends_on:
@ -104,7 +104,7 @@ services:
noinet:
antispam:
image: ghcr.io/mailu/rspamd:{{mailu_version}}
image: ghcr.io/mailu/rspamd:{{applications.mailu.version}}
restart: {{docker_restart_policy}}
env_file: mailu.env
volumes:
@ -140,7 +140,7 @@ services:
{% include 'templates/docker/container/networks.yml.j2' %}
webdav:
image: ghcr.io/mailu/radicale:{{mailu_version}}
image: ghcr.io/mailu/radicale:{{applications.mailu.version}}
restart: {{docker_restart_policy}}
env_file: mailu.env
volumes:
@ -155,7 +155,7 @@ services:
radicale:
fetchmail:
image: ghcr.io/mailu/fetchmail:{{mailu_version}}
image: ghcr.io/mailu/fetchmail:{{applications.mailu.version}}
volumes:
- "admin_data:/data"
restart: {{docker_restart_policy}}
@ -172,7 +172,7 @@ services:
{% include 'templates/docker/container/networks.yml.j2' %}
webmail:
image: ghcr.io/mailu/webmail:{{mailu_version}}
image: ghcr.io/mailu/webmail:{{applications.mailu.version}}
restart: {{docker_restart_policy}}
env_file: mailu.env
volumes:
@ -204,7 +204,7 @@ services:
ipam:
driver: default
config:
- subnet: {{mailu_subnet}}
- subnet: {{applications.mailu.subnet}}
radicale:
driver: bridge
webmail:

4
roles/docker-mailu/templates/mailu.env.j2
View File

@ -15,10 +15,10 @@ LD_PRELOAD=/usr/lib/libhardened_malloc.so
SECRET_KEY={{mailu_secret_key}}
# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
SUBNET={{mailu_subnet}}
SUBNET={{applications.mailu.subnet}}
# Main mail domain
DOMAIN={{mailu_domain}}
DOMAIN={{applications.mailu.domain}}
# Hostnames for this server, separated with comas
HOSTNAMES={{domain}}

2
roles/docker-mariadb/tasks/main.yml
View File

@ -7,7 +7,7 @@
- name: install MariaDB
docker_container:
name: central-mariadb
image: "mariadb:{{mariadb_version}}" #could lead to problems with nextcloud
image: "mariadb:{{applications.mariadb.version}}" #could lead to problems with nextcloud
detach: yes
env:
MARIADB_ROOT_PASSWORD: "{{central_mariadb_root_password}}"

2
roles/docker-mastodon/templates/.env.production.j2
View File

@ -1,6 +1,6 @@
LOCAL_DOMAIN={{domain}}
ALTERNATE_DOMAINS="{{ domains.mastodon_alternates | join(',') }}"
SINGLE_USER_MODE={{mastodon_single_user_mode}}
SINGLE_USER_MODE={{applications.mastodon.single_user_mode}}
SECRET_KEY_BASE={{mastodon_secret_key_base}}
OTP_SECRET={{mastodon_otp_secret}}
VAPID_PRIVATE_KEY={{mastodon_vapid_private_key}}

6
roles/docker-mastodon/templates/docker-compose.yml.j2
View File

@ -5,7 +5,7 @@ services:
{% include 'templates/docker/services/' + database_type + '.yml.j2' %}
web:
image: ghcr.io/mastodon/mastodon:{{mastodon_version}}
image: ghcr.io/mastodon/mastodon:{{applications.mastodon.version}}
restart: {{docker_restart_policy}}
env_file: .env.production
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
@ -21,7 +21,7 @@ services:
{% include 'templates/docker/container/networks.yml.j2' %}
streaming:
image: ghcr.io/mastodon/mastodon-streaming:{{mastodon_version}}
image: ghcr.io/mastodon/mastodon-streaming:{{applications.mastodon.version}}
restart: {{docker_restart_policy}}
env_file: .env.production
command: node ./streaming
@ -35,7 +35,7 @@ services:
{% include 'templates/docker/container/networks.yml.j2' %}
sidekiq:
image: ghcr.io/mastodon/mastodon:{{mastodon_version}}
image: ghcr.io/mastodon/mastodon:{{applications.mastodon.version}}
restart: {{docker_restart_policy}}
env_file: .env.production
command: bundle exec sidekiq

2
roles/docker-matomo/templates/docker-compose.yml.j2
View File

@ -5,7 +5,7 @@ services:
application:
logging:
driver: journald
image: matomo:{{matomo_version}}
image: matomo:{{applications.matomo.version}}
restart: {{docker_restart_policy}}
ports:
- "127.0.0.1:{{http_port}}:80"

2
roles/docker-matrix-ansible/tasks/main.yml
View File

@ -79,7 +79,7 @@
become: false
- name: play matrix-docker-ansible-deploy
local_action: "command ansible-playbook -i {{hosts_path}} {{local_repository_directory}}/setup.yml -vvv --tags={{matrix_playbook_tags}}"
local_action: "command ansible-playbook -i {{hosts_path}} {{local_repository_directory}}/setup.yml -vvv --tags={{applications.matrix.playbook_tags}}"
become: false

2
roles/docker-matrix-compose/tasks/main.yml
View File

@ -131,7 +131,7 @@
- name: create admin account
command:
cmd: docker compose exec -it synapse register_new_matrix_user -u {{matrix_administrator_username}} -p {{matrix_admin_password}} -a -c /data/homeserver.yaml http://localhost:8008
cmd: docker compose exec -it synapse register_new_matrix_user -u {{applications.matrix.administrator_username}} -p {{matrix_admin_password}} -a -c /data/homeserver.yaml http://localhost:8008
chdir: "{{ docker_compose_instance_directory }}"
ignore_errors: true
when: mode_setup | bool

8
roles/docker-matrix-compose/templates/docker-compose.yml.j2
View File

@ -3,7 +3,7 @@ services:
{% include 'templates/docker/services/' + database_type + '.yml.j2' %}
synapse:
image: matrixdotorg/synapse:{{matrix_synapse_version}}
image: matrixdotorg/synapse:{{applications.matrix.synapse.version}}
container_name: matrix-synapse
restart: {{docker_restart_policy}}
logging:
@ -33,7 +33,7 @@ services:
{% include 'templates/docker/container/networks.yml.j2' %}
element:
image: vectorim/element-web:{{matrix_element_version}}
image: vectorim/element-web:{{applications.matrix.element.version}}
container_name: matrix-element
restart: {{docker_restart_policy}}
volumes:
@ -90,13 +90,13 @@ services:
# KEYV_BOT_ENCRYPTION: 'false'
# KEYV_BOT_STORAGE: 'true'
# MATRIX_HOMESERVER_URL: 'https://{{domains.matrix_synapse}}'
# MATRIX_BOT_USERNAME: '@chatgptbot:{{matrix_server_name}}'
# MATRIX_BOT_USERNAME: '@chatgptbot:{{applications.matrix.server_name}}'
# MATRIX_ACCESS_TOKEN: '{{ matrix_chatgpt_bridge_access_token | default('') }}'
# MATRIX_BOT_PASSWORD: '{{matrix_chatgpt_bridge_user_password}}'
# MATRIX_DEFAULT_PREFIX: '!chatgpt'
# MATRIX_DEFAULT_PREFIX_REPLY: 'false'
# #MATRIX_BLACKLIST: ''
# MATRIX_WHITELIST: ':{{matrix_server_name}}'
# MATRIX_WHITELIST: ':{{applications.matrix.server_name}}'
# MATRIX_AUTOJOIN: 'true'
# MATRIX_ENCRYPTION: 'true'
# MATRIX_THREADS: 'true'

10
roles/docker-matrix-compose/templates/mautrix/facebook.config.yml.j2
View File

@ -3,7 +3,7 @@ homeserver:
# The address that this appservice can use to connect to the homeserver.
address: http://synapse:8008
# The domain of the homeserver (for MXIDs, etc).
domain: {{matrix_server_name}}
domain: {{applications.matrix.server_name}}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
@ -143,7 +143,7 @@ bridge:
sync_direct_chat_list: false
# Servers to always allow double puppeting from
double_puppet_server_map:
{{matrix_server_name}}: {{domains.matrix_synapse}}
{{applications.matrix.server_name}}: {{domains.matrix_synapse}}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
@ -154,7 +154,7 @@ bridge:
# If using this for other servers than the bridge's server,
# you must also set the URL in the double_puppet_server_map.
login_shared_secret_map:
{{matrix_server_name}}: {{matrix_registration_shared_secret}}
{{applications.matrix.server_name}}: {{matrix_registration_shared_secret}}
# Should presence from Facebook be bridged? This doesn't use the same API as the Android app,
# so it might be more suspicious to Facebook.
presence_from_facebook: false
@ -380,8 +380,8 @@ bridge:
# mxid - Specific user
permissions:
"*": relay
"{{matrix_server_name}}": user
"@{{matrix_administrator_username}}:{{matrix_server_name}}": admin
"{{applications.matrix.server_name}}": user
"@{{applications.matrix.administrator_username}}:{{applications.matrix.server_name}}": admin
relay:
# Whether relay mode should be allowed. If allowed, `!fb set-relay` can be used to turn any

2
roles/docker-matrix-compose/templates/mautrix/imessage.config.yml.j2
View File

@ -10,7 +10,7 @@ homeserver:
# How often should the websocket be pinged? Pinging will be disabled if this is zero.
ping_interval_seconds: 0
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain: {{matrix_server_name}}
domain: {{applications.matrix.server_name}}
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.

10
roles/docker-matrix-compose/templates/mautrix/instagram.config.yml.j2
View File

@ -3,7 +3,7 @@ homeserver:
# The address that this appservice can use to connect to the homeserver.
address: http://synapse:8008
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain: {{matrix_server_name}}
domain: {{applications.matrix.server_name}}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
@ -134,7 +134,7 @@ bridge:
double_puppet_allow_discovery: false
# Servers to allow double puppeting from, even if double_puppet_allow_discovery is false.
double_puppet_server_map:
{{matrix_server_name}}: https://{{domains.matrix_synapse}}
{{applications.matrix.server_name}}: https://{{domains.matrix_synapse}}
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
@ -143,7 +143,7 @@ bridge:
# If using this for other servers than the bridge's server,
# you must also set the URL in the double_puppet_server_map.
login_shared_secret_map:
{{matrix_server_name}}: {{matrix_registration_shared_secret}}
{{applications.matrix.server_name}}: {{matrix_registration_shared_secret}}
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: true
@ -359,8 +359,8 @@ bridge:
# mxid - Specific user
permissions:
"*": relay
"{{matrix_server_name}}": user
"@{{matrix_administrator_username}}:{{matrix_server_name}}": admin
"{{applications.matrix.server_name}}": user
"@{{applications.matrix.administrator_username}}:{{applications.matrix.server_name}}": admin
relay:
# Whether relay mode should be allowed. If allowed, `!ig set-relay` can be used to turn any

10
roles/docker-matrix-compose/templates/mautrix/signal.config.yml.j2
View File

@ -3,7 +3,7 @@ homeserver:
# The address that this appservice can use to connect to the homeserver.
address: http://synapse:8008
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain: {{matrix_server_name}}
domain: {{applications.matrix.server_name}}
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
@ -141,7 +141,7 @@ bridge:
federate_rooms: true
# Servers to always allow double puppeting from
double_puppet_server_map:
{{matrix_server_name}}: https://{{domains.matrix_synapse}}
{{applications.matrix.server_name}}: https://{{domains.matrix_synapse}}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
@ -150,7 +150,7 @@ bridge:
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map:
{{matrix_server_name}}: {{matrix_registration_shared_secret}}
{{applications.matrix.server_name}}: {{matrix_registration_shared_secret}}
# Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration
# Null means there's no enforced timeout.
@ -274,8 +274,8 @@ bridge:
# mxid - Specific user
permissions:
"*": relay
"{{matrix_server_name}}": user
"@{{matrix_administrator_username}}:{{matrix_server_name}}": admin
"{{applications.matrix.server_name}}": user
"@{{applications.matrix.administrator_username}}:{{applications.matrix.server_name}}": admin
# Settings for relay mode
relay:

10
roles/docker-matrix-compose/templates/mautrix/slack.config.yml.j2
View File

@ -3,7 +3,7 @@ homeserver:
# The address that this appservice can use to connect to the homeserver.
address: http://synapse:8008
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain: {{matrix_server_name}}
domain: {{applications.matrix.server_name}}
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
@ -118,7 +118,7 @@ bridge:
# Servers to always allow double puppeting from
double_puppet_server_map:
{{matrix_server_name}}: https://{{domains.matrix_synapse}}
{{applications.matrix.server_name}}: https://{{domains.matrix_synapse}}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
@ -127,7 +127,7 @@ bridge:
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map:
{{matrix_server_name}}: {{matrix_registration_shared_secret}}
{{applications.matrix.server_name}}: {{matrix_registration_shared_secret}}
message_handling_timeout:
# Send an error message after this timeout, but keep waiting for the response until the deadline.
@ -278,8 +278,8 @@ bridge:
# mxid - Specific user
permissions:
"*": relay
"{{matrix_server_name}}": user
"@{{matrix_administrator_username}}:{{matrix_server_name}}": admin
"{{applications.matrix.server_name}}": user
"@{{applications.matrix.administrator_username}}:{{applications.matrix.server_name}}": admin
# Logging config. See https://github.com/tulir/zeroconfig for details.
logging:

14
roles/docker-matrix-compose/templates/mautrix/telegram.config.yml.j2
View File

@ -3,7 +3,7 @@ homeserver:
# The address that this appservice can use to connect to the homeserver.
address: http://synapse:8008
# The domain of the homeserver (for MXIDs, etc).
domain: {{matrix_server_name}}
domain: {{applications.matrix.server_name}}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
@ -62,7 +62,7 @@ appservice:
prefix: /public
# The base URL where the public-facing endpoints are available. The prefix is not added
# implicitly.
external: https://{{matrix_server_name}}/public
external: https://{{applications.matrix.server_name}}/public
# Provisioning API part of the web server for automated portal creation and fetching information.
# Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
@ -198,7 +198,7 @@ bridge:
sync_direct_chat_list: false
# Servers to always allow double puppeting from
double_puppet_server_map:
{{matrix_server_name}}: https://{{domains.matrix_synapse}}
{{applications.matrix.server_name}}: https://{{domains.matrix_synapse}}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
@ -209,7 +209,7 @@ bridge:
# If using this for other servers than the bridge's server,
# you must also set the URL in the double_puppet_server_map.
login_shared_secret_map:
{{matrix_server_name}}: {{matrix_registration_shared_secret}}
{{applications.matrix.server_name}}: {{matrix_registration_shared_secret}}
# Set to false to disable link previews in messages sent to Telegram.
telegram_link_preview: true
# Whether or not the !tg join command should do a HTTP request
@ -530,9 +530,9 @@ bridge:
# mxid - Specific user
permissions:
"*": "relaybot"
"public.{{matrix_server_name}}": "user"
"{{matrix_server_name}}": "full"
"@{{matrix_administrator_username}}:{{matrix_server_name}}": "admin"
"public.{{applications.matrix.server_name}}": "user"
"{{applications.matrix.server_name}}": "full"
"@{{applications.matrix.administrator_username}}:{{applications.matrix.server_name}}": "admin"
# Options related to the message relay Telegram bot.
relaybot:

10
roles/docker-matrix-compose/templates/mautrix/whatsapp.config.yml.j2
View File

@ -3,7 +3,7 @@ homeserver:
# The address that this appservice can use to connect to the homeserver.
address: http://synapse:8008
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain: {{matrix_server_name}}
domain: {{applications.matrix.server_name}}
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
@ -236,7 +236,7 @@ bridge:
force_active_delivery_receipts: false
# Servers to always allow double puppeting from
double_puppet_server_map:
{{matrix_server_name}}: https://{{domains.matrix_synapse}}
{{applications.matrix.server_name}}: https://{{domains.matrix_synapse}}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
@ -245,7 +245,7 @@ bridge:
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map:
{{matrix_server_name}}: {{matrix_registration_shared_secret}}
{{applications.matrix.server_name}}: {{matrix_registration_shared_secret}}
# Whether to explicitly set the avatar and room name for private chat portal rooms.
# If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
# If set to `always`, all DM rooms will have explicit names and avatars set.
@ -434,8 +434,8 @@ bridge:
# mxid - Specific user
permissions:
"*": relay
"{{matrix_server_name}}": user
"@{{matrix_administrator_username}}:{{matrix_server_name}}": admin
"{{applications.matrix.server_name}}": user
"@{{applications.matrix.administrator_username}}:{{applications.matrix.server_name}}": admin
# Settings for relay mode
relay:

2
roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2
View File

@ -1,4 +1,4 @@
server_name: "{{matrix_server_name}}"
server_name: "{{applications.matrix.server_name}}"
pid_file: /data/homeserver.pid
listeners:
- port: 8008

8
roles/docker-moodle/templates/docker-compose.yml.j2
View File

@ -2,7 +2,7 @@ services:
{% include 'templates/docker/services/' + database_type + '.yml.j2' %}
moodle:
image: docker.io/bitnami/moodle:{{moodle_version}}
image: docker.io/bitnami/moodle:{{applications.moodle.version}}
ports:
- 127.0.0.1:{{http_port}}:8080
restart: {{docker_restart_policy}}
@ -15,12 +15,12 @@ services:
- MOODLE_DATABASE_NAME={{database_name}}
- MOODLE_DATABASE_PASSWORD={{database_password}}
- ALLOW_EMPTY_PASSWORD=no
- MOODLE_SITE_NAME="{{moodle_site_name}}"
- MOODLE_SITE_NAME="{{applications.moodle.site_titel}}"
- MOODLE_SSLPROXY=yes
- MOODLE_REVERSE_PROXY=yes
- MOODLE_USERNAME={{moodle_administrator_name}}
- MOODLE_USERNAME={{applications.moodle.administrator_name}}
- MOODLE_PASSWORD={{moodle_user_password}}
- MOODLE_EMAIL={{moodle_administrator_email}}
- MOODLE_EMAIL={{applications.moodle.administrator_email}}
- BITNAMI_DEBUG={% if mode_debug | bool %}true{% else %}false{% endif %}
volumes:
- 'moodle:/bitnami/moodle'

2
roles/docker-mybb/templates/docker-compose.yml.j2
View File

@ -7,7 +7,7 @@ services:
driver: journald
options:
tag: "mybb_application"
image: mybb/mybb:{{mybb_version}}
image: mybb/mybb:{{applications.mybb.version}}
restart: {{docker_restart_policy}}
volumes:
- data:/var/www/html

2
roles/docker-nextcloud/README.md
View File

@ -21,7 +21,7 @@ To update the nextcloud container execute the following commands on the server:
docker-compose down
```
Afterwards update the ***nextcloud_version*** variable to the next version and run the this repository with this ansible role.
Afterwards update the ***applications.nextcloud.version*** variable to the next version and run the this repository with this ansible role.
It is only possible to update from one to the next major version at a time

4
roles/docker-nextcloud/templates/docker-compose.yml.j2
View File

@ -5,7 +5,7 @@ services:
{% include 'templates/docker/services/' + database_type + '.yml.j2' %}
application:
image: "nextcloud:{{nextcloud_version}}-fpm-alpine"
image: "nextcloud:{{applications.nextcloud.version}}-fpm-alpine"
container_name: {{nextcloud_application_container_name}}
restart: {{docker_restart_policy}}
logging:
@ -59,7 +59,7 @@ services:
cron:
container_name: nextcloud-cron
image: "nextcloud:{{nextcloud_version}}-fpm-alpine"
image: "nextcloud:{{applications.nextcloud.version}}-fpm-alpine"
restart: {{docker_restart_policy}}
logging:
driver: journald

2
roles/docker-oauth2-proxy/tasks/main.yml
View File

@ -1,6 +1,6 @@
- name: "Transfering oauth2-proxy-keycloak.cfg.j2 to {{docker_compose_instance_directory}}"
template:
src: oauth2-proxy-keycloak.cfg.j2
dest: "{{docker_compose_instance_directory}}{{oauth2_configuration_file}}"
dest: "{{docker_compose_instance_directory}}{{applications.oauth2_proxy.configuration_file}}"
notify:
- docker compose project setup

4
roles/docker-oauth2-proxy/templates/container.yml.j2
View File

@ -1,10 +1,10 @@
oauth2-proxy:
image: quay.io/oauth2-proxy/oauth2-proxy:{{oauth2_version}}
image: quay.io/oauth2-proxy/oauth2-proxy:{{applications.oauth2_proxy.version}}
restart: {{docker_restart_policy}}
command: --config /oauth2-proxy.cfg
hostname: oauth2-proxy
ports:
- {{ports.localhost.oauth2_proxy_ports[application_id]}}:4180/tcp
volumes:
- "./{{oauth2_configuration_file}}:/oauth2-proxy.cfg"
- "./{{applications.oauth2_proxy.configuration_file}}:/oauth2-proxy.cfg"
{% include 'templates/docker/container/networks.yml.j2' %}

4
roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
View File

@ -1,5 +1,5 @@
http_address = "0.0.0.0:4180"
cookie_secret = "{{oauth2_proxy_cookie_secret}}"
cookie_secret = "{{applications.oauth2_proxy.cookie_secret}}"
email_domains = "{{primary_domain}}"
cookie_secure = "false"
upstreams = "http://{{oauth2_proxy_upstream_application_and_port}}"
@ -16,4 +16,4 @@ provider_display_name = "Keycloak"
# role restrictions
#cookie_roles = "realm_access.roles"
allowed_roles = "{{oauth2_proxy_allowed_roles}}"
allowed_roles = "{{applications.oauth2_proxy.allowed_roles}}"

2
roles/docker-peertube/templates/docker-compose.yml.j2
View File

@ -5,7 +5,7 @@ services:
{% include 'templates/docker/services/' + database_type + '.yml.j2' %}
application:
image: chocobozzz/peertube:production-{{peertube_version}}
image: chocobozzz/peertube:production-{{applications.peertube.version}}
env_file:
- .env
ports:

4
roles/docker-phpmyadmin/templates/docker-compose.yml.j2
View File

@ -5,11 +5,11 @@ services:
application:
logging:
driver: journald
image: phpmyadmin/phpmyadmin:{{phpmyadmin_version}}
image: phpmyadmin/phpmyadmin:{{applications.phpmyadmin.version}}
container_name: phpmyadmin
environment:
PMA_HOST: central-mariadb
{% if phpmyadmin_autologin | bool %}
{% if applications.phpmyadmin.autologin | bool %}
PMA_USER: root
PMA_PASSWORD: "{{central_mariadb_root_password}}"
{% endif %}

4
roles/docker-pixelfed/templates/docker-compose.yml.j2
View File

@ -5,7 +5,7 @@ services:
{% include 'templates/docker/services/redis.yml.j2' %}
application:
image: zknt/pixelfed:{{pixelfed_version}}
image: zknt/pixelfed:{{applications.pixelfed.version}}
restart: {{docker_restart_policy}}
logging:
driver: journald
@ -19,7 +19,7 @@ services:
{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
{% include 'templates/docker/container/networks.yml.j2' %}
worker:
image: zknt/pixelfed:{{pixelfed_version}}
image: zknt/pixelfed:{{applications.pixelfed.version}}
restart: {{docker_restart_policy}}
logging:
driver: journald

2
roles/docker-pixelfed/templates/env.j2
View File

@ -2,7 +2,7 @@
APP_KEY={{pixelfed_app_key}}
## General Settings
APP_NAME="{{pixelfed_app_name}}"
APP_NAME="{{applications.pixelfed.titel}}"
APP_ENV=production
APP_DEBUG=false
APP_URL=https://{{domain}}

2
roles/docker-postgres/tasks/main.yml
View File

@ -7,7 +7,7 @@
- name: Install PostgreSQL
docker_container:
name: central-postgres
image: "postgres:{{postgres_database_version}}"
image: "postgres:{{applications.postgres.database_version}}"
detach: yes
env:
POSTGRES_PASSWORD: "{{ central_postgres_password }}"

2
roles/docker-taiga/templates/docker-compose.yml.j2
View File

@ -41,7 +41,7 @@ services:
restart: {{docker_restart_policy}}
logging:
driver: journald
image: taigaio/taiga-back:{{taiga_version}}
image: taigaio/taiga-back:{{applications.taiga.version}}
environment: *default-back-environment
volumes: *default-back-volumes

4
roles/docker-yourls/templates/docker-compose.yml.j2
View File

@ -5,7 +5,7 @@ services:
application:
logging:
driver: journald
image: yourls:{{yourls_version}}
image: yourls:{{applications.yourls.version}}
restart: {{docker_restart_policy}}
ports:
- "127.0.0.1:{{http_port}}:80"
@ -15,7 +15,7 @@ services:
YOURLS_DB_PASS: "{{database_password}}"
YOURLS_DB_NAME: "{{database_name}}"
YOURLS_SITE: "https://{{domain}}"
YOURLS_USER: "{{yourls_administrator_username}}"
YOURLS_USER: "{{applications.yourls.administrator_username}}"
YOURLS_PASS: "{{yourls_administrator_password}}"
healthcheck:
test: ["CMD", "curl", "-f", "http://127.0.0.1/admin/"]

4
tasks/update-repository-with-files.yml
View File

@ -1,6 +1,6 @@
- name: "Merge detached_files with oauth2_configuration_file"
- name: "Merge detached_files with applications.oauth2_proxy.configuration_file"
ansible.builtin.set_fact:
merged_detached_files: "{{ detached_files + [oauth2_configuration_file] }}"
merged_detached_files: "{{ detached_files + [applications.oauth2_proxy.configuration_file] }}"
when: oauth2_proxy_active
- name: "backup detached files"

2
templates/docker/services/postgres.yml.j2
View File

@ -1,7 +1,7 @@
# This template needs to be included in docker-compose.yml, which depend on a postgres database
{% if not enable_central_database | bool %}
database:
image: postgres:{{postgres_database_version}}-alpine
image: postgres:{{applications.postgres.database_version}}-alpine
container_name: {{application_id}}-database
environment:
- POSTGRES_PASSWORD={{database_password}}