From b11879650c4e6519f473dfb65638db91a7f364bd Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Mon, 3 Feb 2025 11:44:13 +0100 Subject: [PATCH] Refactored application variables --- group_vars/all/03_domains.yml | 2 +- group_vars/all/07_applications.yml | 247 ++++++++++-------- playbook.constructor.yml | 7 +- playbook.servers.yml | 4 +- roles/docker-akaunting/README.md | 2 +- .../templates/docker-compose.yml.j2 | 2 +- roles/docker-akaunting/templates/run.env.j2 | 6 +- .../templates/docker-compose.yml.j2 | 4 +- .../templates/docker-compose.yml.j2 | 2 +- roles/docker-bigbluebutton/templates/env.j2 | 2 +- .../templates/docker-compose.yml.j2 | 4 +- .../templates/docker-compose.yml.j2 | 2 +- .../templates/docker-compose.yml.j2 | 8 +- roles/docker-funkwhale/templates/env.j2 | 2 +- roles/docker-funkwhale/vars/main.yml | 2 +- .../templates/docker-compose.yml.j2 | 2 +- .../templates/docker-compose.yml.j2 | 2 +- .../templates/docker-compose.yml.j2 | 2 +- roles/docker-keycloak/README.md | 8 +- .../templates/docker-compose.yml.j2 | 4 +- roles/docker-ldap/README.md | 20 +- roles/docker-ldap/tasks/main.yml | 4 +- .../templates/docker-compose.yml.j2 | 28 +- roles/docker-ldap/vars/main.yml | 5 +- roles/docker-listmonk/tasks/main.yml | 4 +- .../docker-listmonk/templates/config.toml.j2 | 2 +- .../templates/docker-compose.yml.j2 | 2 +- .../templates/docker-compose.yml.j2 | 22 +- roles/docker-mailu/templates/mailu.env.j2 | 4 +- roles/docker-mariadb/tasks/main.yml | 2 +- .../templates/.env.production.j2 | 2 +- .../templates/docker-compose.yml.j2 | 6 +- .../templates/docker-compose.yml.j2 | 2 +- roles/docker-matrix-ansible/tasks/main.yml | 2 +- roles/docker-matrix-compose/tasks/main.yml | 2 +- .../templates/docker-compose.yml.j2 | 8 +- .../templates/mautrix/facebook.config.yml.j2 | 10 +- .../templates/mautrix/imessage.config.yml.j2 | 2 +- .../templates/mautrix/instagram.config.yml.j2 | 10 +- .../templates/mautrix/signal.config.yml.j2 | 10 +- .../templates/mautrix/slack.config.yml.j2 | 10 +- .../templates/mautrix/telegram.config.yml.j2 | 14 +- .../templates/mautrix/whatsapp.config.yml.j2 | 10 +- .../templates/synapse/homeserver.yaml.j2 | 2 +- .../templates/docker-compose.yml.j2 | 8 +- .../templates/docker-compose.yml.j2 | 2 +- roles/docker-nextcloud/README.md | 2 +- .../templates/docker-compose.yml.j2 | 4 +- roles/docker-oauth2-proxy/tasks/main.yml | 2 +- .../templates/container.yml.j2 | 4 +- .../templates/oauth2-proxy-keycloak.cfg.j2 | 4 +- .../templates/docker-compose.yml.j2 | 2 +- .../templates/docker-compose.yml.j2 | 4 +- .../templates/docker-compose.yml.j2 | 4 +- roles/docker-pixelfed/templates/env.j2 | 2 +- roles/docker-postgres/tasks/main.yml | 2 +- .../templates/docker-compose.yml.j2 | 2 +- .../templates/docker-compose.yml.j2 | 4 +- tasks/update-repository-with-files.yml | 4 +- templates/docker/services/postgres.yml.j2 | 2 +- 60 files changed, 294 insertions(+), 255 deletions(-) diff --git a/group_vars/all/03_domains.yml b/group_vars/all/03_domains.yml index 7bee8294..a78b9918 100644 --- a/group_vars/all/03_domains.yml +++ b/group_vars/all/03_domains.yml @@ -1,7 +1,7 @@ # Domains ## Service Domains -default_domains: +defaults_domains: akaunting: "accounting.{{primary_domain}}" attendize: "tickets.{{primary_domain}}" baserow: "baserow.{{primary_domain}}" diff --git a/group_vars/all/07_applications.yml b/group_vars/all/07_applications.yml index ac7a91e4..50a27582 100644 --- a/group_vars/all/07_applications.yml +++ b/group_vars/all/07_applications.yml @@ -10,44 +10,6 @@ enable_system_storage_optimizer: true ## Docker Role Specific Parameters docker_restart_policy: "unless-stopped" -## Akaunting -akaunting_version: "latest" -akaunting_company_name: "{{primary_domain}}" -akaunting_company_email: "{{administrator_email}}" -akaunting_setup_admin_email: "{{administrator_email}}" - -## Attendize -attendize_version: "latest" - -## Baserow -baserow_version: "latest" - -## Big Blue Button -bigbluebutton_enable_greenlight: "true" - -## Bluesky -bluesky_administrator_email: "{{administrator_email}}" -bluesky_pds_version: "latest" - -## Friendica -friendica_version: "latest" - -## Funkwhale -funkwhale_version: "1.4.0" - -## Gitea -gitea_version: "latest" - -## Gitlab -gitlab_version: "latest" - -## Joomla -joomla_version: "latest" - -## Keycloak -keycloak_version: "latest" -keycloak_administrator_username: "{{administrator_username}}" # Administrator Username for Keycloak - ### Keycloak Client Configuration oidc_client_active: true # Implement OpenID Connect https://en.wikipedia.org/wiki/OpenID_Connect oidc_client_id: "{{primary_domain}}" @@ -60,86 +22,161 @@ oidc_client_user_info_url: "{{oidc_client_issuer_url}}/protocol/openid-co oidc_client_logout_url: "{{oidc_client_issuer_url}}/protocol/openid-connect/logout" # oidc_client_secret: "{{oidc_client_secret}}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible -## LDAP -ldap_lam_version: "latest" -ldap_openldap_version: "latest" -ldap_phpldapadmin_version: "2.0.0-dev" # @todo Attention: Change this as fast as released to latest -ldap_webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin -ldap_administrator_username: "{{administrator_username}}" -ldap_administrator_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons -ldap_administrator_database_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons -ldap_lam_administrator_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons -ldap_expose_to_internet: false # Set to true if you want to expose the LDAP port to the internet. Keep in mind to -ldap_network_enabled: false # Activate LDAP network for insecure communitation on localhot between different container instances. Set in vars/main.yml +ldap_network_enabled: false # Activate LDAP network for insecure communitation on localhot between different container instances. Set in vars/main.yml -## Listmonk -listmonk_admin_username: "{{administrator_username}}" -listmonk_public_api_activated: False # Security hole. Can be used for spaming -listmonk_version: "latest" +oauth2_proxy_upstream_application_and_port: "application:80" # The name of the application which the server redirects to. Needs to be defined in role vars. +oauth2_proxy_active: false -## MariaDB -mariadb_version: "latest" +defaults_applications: -## Matomo -matomo_version: "latest" + ## Akaunting + akaunting: + version: "latest" + company_name: "{{primary_domain}}" + company_email: "{{administrator_email}}" + setup_admin_email: "{{administrator_email}}" -## Mastodon -mastodon_version: "latest" -mastodon_single_user_mode: false + ## Attendize + attendize: + version: "latest" -## Matrix -matrix_administrator_username: "{{administrator_username}}" # Accountname of the matrix admin -matrix_playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start -matrix_role: "compose" # Role to setup Matrix. Valid values: ansible, compose -matrix_server_name: "{{primary_domain}}" # Adress for the account names etc. -matrix_synapse_version: "latest" -matrix_element_version: "latest" + ## Baserow + baserow: + version: "latest" -## Mailu -mailu_version: "2024.06" -mailu_domain: "{{primary_domain}}" -mailu_subnet: "192.168.203.0/24" + ## Big Blue Button + bigbluebutton: + enable_greenlight: "true" -## Moodle -moodle_site_name: "Global Learning Academy on {{primary_domain}}" -moodle_administrator_name: "{{administrator_username}}" -moodle_administrator_email: "{{administrator_email}}" -moodle_version: "latest" + ## Bluesky + bluesky: + administrator_email: "{{administrator_email}}" + pds: + version: "latest" -## MyBB -mybb_version: "latest" + ## Friendica + friendica: + version: "latest" -## Nextcloud -nextcloud_version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/ + ## Funkwhale + funkwhale: + version: "1.4.0" -## OAuth2 Proxy -oauth2_configuration_file: "oauth2-proxy-keycloak.cfg" -oauth2_proxy_active: false # Needs to be set true in the roles which use it -oauth2_version: "latest" -oauth2_proxy_redirect_url: "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak. -# oauth2_proxy_port: >= 4180 # This ports should be defined in the roles. They are for the local mapping on the host and need to be defined in the playbook for transparancy. -oauth2_proxy_upstream_application_and_port: "application:80" # The name of the application which the server redirects to. Needs to be defined in role vars. -oauth2_proxy_allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups -#oauth2_proxy_cookie_secret: "{{oauth2_proxy_cookie_secret}}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16 + ## Gitea + gitea: + version: "latest" -## Peertube -peertube_version: "bookworm" + ## Gitlab + gitlab: + version: "latest" -## PHPMyAdmin -phpmyadmin_version: "latest" -phpmyadmin_autologin: false # This is a high security risk. Just activate this option if you know what you're doing + ## Joomla + joomla: + version: "latest" -## Pixelfed -pixelfed_app_name: "Pictures on {{primary_domain}}" -pixelfed_version: "latest" + ## Keycloak + keycloak: + version: "latest" + administrator_username: "{{administrator_username}}" # Administrator Username for Keycloak -## Postgres -# Please set an version in your inventory file - Rolling release for postgres isn't recommended -postgres_database_version: "latest" + ## LDAP + ldap: + lam: + version: "latest" + administrator_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons + openldap: + version: "latest" + expose_to_internet: false # Set to true if you want to expose the LDAP port to the internet. Keep in mind to + phpldapadmin: + version: "2.0.0-dev" # @todo Attention: Change this as fast as released to latest + webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin + administrator_username: "{{administrator_username}}" + administrator_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons + administrator_database_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons -## Taiga -taiga_version: "latest" + ## Listmonk + listmonk: + administrator_username: "{{administrator_username}}" + public_api_activated: False # Security hole. Can be used for spaming + version: "latest" -## YOURLS -yourls_administrator_username: "{{administrator_username}}" -yourls_version: "latest" \ No newline at end of file + ## MariaDB + mariadb: + version: "latest" + + ## Matomo + matomo: + version: "latest" + + ## Mastodon + mastodon: + version: "latest" + single_user_mode: false + + ## Matrix + matrix: + administrator_username: "{{administrator_username}}" # Accountname of the matrix admin + playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start + role: "compose" # Role to setup Matrix. Valid values: ansible, compose + server_name: "{{primary_domain}}" # Adress for the account names etc. + synapse: + version: "latest" + element: + version: "latest" + + ## Mailu + mailu: + version: "2024.06" + domain: "{{primary_domain}}" + subnet: "192.168.203.0/24" + + ## Moodle + moodle: + site_titel: "Global Learning Academy on {{primary_domain}}" + administrator_name: "{{administrator_username}}" + administrator_email: "{{administrator_email}}" + version: "latest" + + ## MyBB + mybb: + version: "latest" + + ## Nextcloud + nextcloud: + version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/ + + ## OAuth2 Proxy + oauth2_proxy: + configuration_file: "oauth2-proxy-keycloak.cfg" # Needs to be set true in the roles which use it + version: "latest" + redirect_url: "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak. + allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups + cookie_secret: "{{applications.oauth2_proxy.cookie_secret}}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16 + + ## Peertube + peertube: + version: "bookworm" + + ## PHPMyAdmin + phpmyadmin: + version: "latest" + autologin: false # This is a high security risk. Just activate this option if you know what you're doing + + ## Pixelfed + pixelfed: + titel: "Pictures on {{primary_domain}}" + version: "latest" + + ## Postgres + # Please set an version in your inventory file - Rolling release for postgres isn't recommended + postgres: + database.version: "latest" + + ## Taiga + taiga: + version: "latest" + + ## YOURLS + yourls: + administrator_username: "{{administrator_username}}" + version: "latest" \ No newline at end of file diff --git a/playbook.constructor.yml b/playbook.constructor.yml index 35850b18..e75b2b63 100644 --- a/playbook.constructor.yml +++ b/playbook.constructor.yml @@ -4,10 +4,13 @@ tasks: - name: Merge system_email definitions set_fact: - system_email: "{{ default_system_email | combine(system_email | default({}, true)) }}" + system_email: "{{ default_system_email | combine(system_email | default({}, true), recursive=True) }}" - name: Merge domain definitions set_fact: - domains: "{{ default_domains | combine(domains | default({}, true)) }}" + domains: "{{ defaults_domains | combine(domains | default({}, true), recursive=True) }}" + - name: Merge application definitions + set_fact: + applications: "{{ defaults_applications | combine(applications | default({}, true), recursive=True) }}" - name: update device hosts: all diff --git a/playbook.servers.yml b/playbook.servers.yml index f14ede88..38afc45d 100644 --- a/playbook.servers.yml +++ b/playbook.servers.yml @@ -147,9 +147,9 @@ become: true roles: - role: docker-matrix-ansible - when: matrix_role == 'ansible' + when: applications.matrix.role == 'ansible' - role: docker-matrix-compose - when: matrix_role == 'compose' + when: applications.matrix.role == 'compose' - name: setup open project instances hosts: openproject diff --git a/roles/docker-akaunting/README.md b/roles/docker-akaunting/README.md index 1cba3d80..f16dbd54 100644 --- a/roles/docker-akaunting/README.md +++ b/roles/docker-akaunting/README.md @@ -87,7 +87,7 @@ Detailed steps for backing up your Akaunting instance, including setting manual Variables are crucial in configuring your Akaunting setup. Ensure you set the following variables correctly in your environment: - `docker_compose_instance_directory`: Set this variable to the path where your Docker Compose files for Akaunting are located. -- `akaunting_db_password`, `akaunting_version`, `akaunting_company_name`, `akaunting_company_email`, `akaunting_setup_admin_email`, and `akaunting_setup_admin_password`: These should be set in your `.env` files as per your requirements. +- `akaunting_db_password`, `applications.akaunting.version`, `applications.akaunting.company_name`, `applications.akaunting.company_email`, `applications.akaunting.setup_admin_email`, and `akaunting_setup_admin_password`: These should be set in your `.env` files as per your requirements. ### Additional Configuration - **SSL Certificate**: The guide includes steps to receive a certificate for your domain. diff --git a/roles/docker-akaunting/templates/docker-compose.yml.j2 b/roles/docker-akaunting/templates/docker-compose.yml.j2 index 95477de6..ff213954 100644 --- a/roles/docker-akaunting/templates/docker-compose.yml.j2 +++ b/roles/docker-akaunting/templates/docker-compose.yml.j2 @@ -3,7 +3,7 @@ services: {% include 'templates/docker/services/' + database_type + '.yml.j2' %} application: - image: docker.io/akaunting/akaunting:{{akaunting_version}} + image: docker.io/akaunting/akaunting:{{applications.akaunting.version}} build: context: . ports: diff --git a/roles/docker-akaunting/templates/run.env.j2 b/roles/docker-akaunting/templates/run.env.j2 index 4f524ab8..44dd3e9e 100644 --- a/roles/docker-akaunting/templates/run.env.j2 +++ b/roles/docker-akaunting/templates/run.env.j2 @@ -14,9 +14,9 @@ DB_PASSWORD={{database_password}} DB_PREFIX=asd_ # These define the first company to exist on this instance. They are only used during setup. -COMPANY_NAME={{akaunting_company_name}} -COMPANY_EMAIL={{akaunting_company_email}} +COMPANY_NAME={{applications.akaunting.company_name}} +COMPANY_EMAIL={{applications.akaunting.company_email}} # This will be the first administrative user created on setup. -ADMIN_EMAIL={{akaunting_setup_admin_email}} +ADMIN_EMAIL={{applications.akaunting.setup_admin_email}} ADMIN_PASSWORD={{akaunting_setup_admin_password}} diff --git a/roles/docker-attendize/templates/docker-compose.yml.j2 b/roles/docker-attendize/templates/docker-compose.yml.j2 index 61f55c6d..6c0abdb5 100644 --- a/roles/docker-attendize/templates/docker-compose.yml.j2 +++ b/roles/docker-attendize/templates/docker-compose.yml.j2 @@ -5,7 +5,7 @@ services: {% include 'templates/docker/services/' + database_type + '.yml.j2' %} web: - image: "attendize_web:{{attendize_version}}" + image: "attendize_web:{{applications.attendize.version}}" ports: - "{{http_port}}:80" volumes: @@ -19,7 +19,7 @@ services: {% include 'templates/docker/container/networks.yml.j2' %} worker: - image: "attendize_worker:{{attendize_version}}" + image: "attendize_worker:{{applications.attendize.version}}" {% include 'templates/docker/container/depends-on-database-redis.yml.j2' %} maildev: {% include 'templates/docker/container/networks.yml.j2' %} diff --git a/roles/docker-baserow/templates/docker-compose.yml.j2 b/roles/docker-baserow/templates/docker-compose.yml.j2 index 4c7f5dcd..50404baa 100644 --- a/roles/docker-baserow/templates/docker-compose.yml.j2 +++ b/roles/docker-baserow/templates/docker-compose.yml.j2 @@ -5,7 +5,7 @@ services: {% include 'templates/docker/services/' + database_type + '.yml.j2' %} application: - image: "baserow/baserow:{{baserow_version}}" + image: "baserow/baserow:{{applications.baserow.version}}" container_name: baserow-application restart: {{docker_restart_policy}} logging: diff --git a/roles/docker-bigbluebutton/templates/env.j2 b/roles/docker-bigbluebutton/templates/env.j2 index de0d0c8f..a1e33fa2 100644 --- a/roles/docker-bigbluebutton/templates/env.j2 +++ b/roles/docker-bigbluebutton/templates/env.j2 @@ -1,7 +1,7 @@ ENABLE_COTURN=true COTURN_TLS_CERT_PATH=/etc/letsencrypt/live/{{ primary_domain if enable_one_letsencrypt_cert_for_all else domain }}/fullchain.pem COTURN_TLS_KEY_PATH=/etc/letsencrypt/live/{{ primary_domain if enable_one_letsencrypt_cert_for_all else domain }}/privkey.pem -ENABLE_GREENLIGHT={{bigbluebutton_enable_greenlight}} +ENABLE_GREENLIGHT={{applications.bigbluebutton.enable_greenlight}} # Enable Webhooks # used by some integrations diff --git a/roles/docker-bluesky/templates/docker-compose.yml.j2 b/roles/docker-bluesky/templates/docker-compose.yml.j2 index 6a238191..ca4b4752 100644 --- a/roles/docker-bluesky/templates/docker-compose.yml.j2 +++ b/roles/docker-bluesky/templates/docker-compose.yml.j2 @@ -1,6 +1,6 @@ services: pds: - image: "ghcr.io/bluesky-social/pds:{{bluesky_pds_version}}" + image: "ghcr.io/bluesky-social/pds:{{applications.bluesky.pds.version}}" restart: {{docker_restart_policy}} volumes: - pds_data:/pds @@ -8,7 +8,7 @@ services: environment: # Geben Sie hier Ihre Domain und Konfigurationsdetails an PDS_HOSTNAME: "{{domains.api}}" - PDS_ADMIN_EMAIL: "{{bluesky_administrator_email}}" + PDS_ADMIN_EMAIL: "{{applications.bluesky.administrator_email}}" PDS_SERVICE_DID: "did:web:{{domain_api}}" # See https://mattdyson.org/blog/2024/11/self-hosting-bluesky-pds/ PDS_SERVICE_HANDLE_DOMAINS: ".{{primary_domain}}" diff --git a/roles/docker-friendica/templates/docker-compose.yml.j2 b/roles/docker-friendica/templates/docker-compose.yml.j2 index f9776111..485416d4 100644 --- a/roles/docker-friendica/templates/docker-compose.yml.j2 +++ b/roles/docker-friendica/templates/docker-compose.yml.j2 @@ -3,7 +3,7 @@ services: {% include 'templates/docker/services/' + database_type + '.yml.j2' %} application: - image: "friendica:{{friendica_version}}" + image: "friendica:{{applications.friendica.version}}" restart: {{docker_restart_policy}} volumes: - data:/var/www/html diff --git a/roles/docker-funkwhale/templates/docker-compose.yml.j2 b/roles/docker-funkwhale/templates/docker-compose.yml.j2 index 5fb5ad97..41cc490f 100644 --- a/roles/docker-funkwhale/templates/docker-compose.yml.j2 +++ b/roles/docker-funkwhale/templates/docker-compose.yml.j2 @@ -14,7 +14,7 @@ services: # flag: # celery -A funkwhale_api.taskapp worker -l INFO --concurrency=4 restart: {{docker_restart_policy}} - image: funkwhale/api:${FUNKWHALE_VERSION:-latest} + image: funkwhale/api:${applications.funkwhale.version:-latest} env_file: .env command: celery -A funkwhale_api.taskapp worker -l INFO --concurrency=${CELERYD_CONCURRENCY-0} environment: @@ -27,7 +27,7 @@ services: celerybeat: restart: {{docker_restart_policy}} - image: funkwhale/api:${FUNKWHALE_VERSION:-latest} + image: funkwhale/api:${applications.funkwhale.version:-latest} env_file: .env command: celery -A funkwhale_api.taskapp beat --pidfile= -l INFO {% include 'templates/docker/container/depends-on-database-redis.yml.j2' %} @@ -35,7 +35,7 @@ services: api: restart: {{docker_restart_policy}} - image: funkwhale/api:${FUNKWHALE_VERSION:-latest} + image: funkwhale/api:${applications.funkwhale.version:-latest} env_file: .env volumes: - "music:${MUSIC_DIRECTORY_PATH}:ro" @@ -48,7 +48,7 @@ services: front: restart: {{docker_restart_policy}} - image: funkwhale/front:${FUNKWHALE_VERSION:-latest} + image: funkwhale/front:${applications.funkwhale.version:-latest} depends_on: - api env_file: diff --git a/roles/docker-funkwhale/templates/env.j2 b/roles/docker-funkwhale/templates/env.j2 index 5c3228bf..b77ef7b9 100644 --- a/roles/docker-funkwhale/templates/env.j2 +++ b/roles/docker-funkwhale/templates/env.j2 @@ -18,7 +18,7 @@ # ----------- MUSIC_DIRECTORY_PATH=/music -FUNKWHALE_VERSION={{funkwhale_version}} +applications.funkwhale.version={{applications.funkwhale.version}} # End of docker-only configuration diff --git a/roles/docker-funkwhale/vars/main.yml b/roles/docker-funkwhale/vars/main.yml index 739dd755..4e0971f4 100644 --- a/roles/docker-funkwhale/vars/main.yml +++ b/roles/docker-funkwhale/vars/main.yml @@ -2,4 +2,4 @@ application_id: "funkwhale" nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size 512M;" database_password: "{{funkwhale_database_password}}" database_type: "postgres" -ldap_network_enabled: true # Activate LDAP network \ No newline at end of file +ldap_network_enabled: true # Activate LDAP network \ No newline at end of file diff --git a/roles/docker-gitea/templates/docker-compose.yml.j2 b/roles/docker-gitea/templates/docker-compose.yml.j2 index 5c4038ee..8e24b9a3 100644 --- a/roles/docker-gitea/templates/docker-compose.yml.j2 +++ b/roles/docker-gitea/templates/docker-compose.yml.j2 @@ -6,7 +6,7 @@ services: logging: driver: journald restart: {{docker_restart_policy}} - image: "gitea/gitea:{{gitea_version}}" + image: "gitea/gitea:{{applications.gitea.version}}" environment: - USER_UID=1000 - USER_GID=1000 diff --git a/roles/docker-gitlab/templates/docker-compose.yml.j2 b/roles/docker-gitlab/templates/docker-compose.yml.j2 index ad9ec22e..167271d1 100644 --- a/roles/docker-gitlab/templates/docker-compose.yml.j2 +++ b/roles/docker-gitlab/templates/docker-compose.yml.j2 @@ -5,7 +5,7 @@ services: {% include 'templates/docker/services/' + database_type + '.yml.j2' %} web: - image: "gitlab/gitlab-ee:{{gitlab_version}}" + image: "gitlab/gitlab-ee:{{applications.gitlab.version}}" restart: {{docker_restart_policy}} hostname: '{{domain}}' environment: diff --git a/roles/docker-joomla/templates/docker-compose.yml.j2 b/roles/docker-joomla/templates/docker-compose.yml.j2 index 4083639e..7a417eba 100644 --- a/roles/docker-joomla/templates/docker-compose.yml.j2 +++ b/roles/docker-joomla/templates/docker-compose.yml.j2 @@ -3,7 +3,7 @@ services: {% include 'templates/docker/services/' + database_type + '.yml.j2' %} application: - image: "joomla:{{joomla_version}}" + image: "joomla:{{applications.joomla.version}}" logging: driver: journald environment: diff --git a/roles/docker-keycloak/README.md b/roles/docker-keycloak/README.md index 1eb17dd1..76271e47 100644 --- a/roles/docker-keycloak/README.md +++ b/roles/docker-keycloak/README.md @@ -33,9 +33,9 @@ Defined in `vars/main.yml`: | Variable | Description | |---------------------------------|------------------------------------------------------------------| -| `keycloak_version` | Version of the Keycloak image. | +| `applications.keycloak.version` | Version of the Keycloak image. | | `domain` | Domain where Keycloak will be accessible. | -| `keycloak_administrator_username` | Admin username for Keycloak. | +| `applications.keycloak.administrator_username` | Admin username for Keycloak. | | `keycloak_administrator_password` | Admin password for Keycloak. | | `database_host` | Host of the PostgreSQL database. | | `database_name` | Name of the PostgreSQL database. | @@ -66,8 +66,8 @@ Here is an example of how to use this role in a playbook: hosts: all vars: domain: "auth.example.com" - keycloak_version: "21.1.0" - keycloak_administrator_username: "admin" + applications.keycloak.version: "21.1.0" + applications.keycloak.administrator_username: "admin" keycloak_administrator_password: "securepassword" database_host: "db.example.com" database_name: "keycloak_db" diff --git a/roles/docker-keycloak/templates/docker-compose.yml.j2 b/roles/docker-keycloak/templates/docker-compose.yml.j2 index 5fb74dea..ef914687 100644 --- a/roles/docker-keycloak/templates/docker-compose.yml.j2 +++ b/roles/docker-keycloak/templates/docker-compose.yml.j2 @@ -3,13 +3,13 @@ services: {% include 'templates/docker/services/' + database_type + '.yml.j2' %} application: - image: quay.io/keycloak/keycloak:{{keycloak_version}} + image: quay.io/keycloak/keycloak:{{applications.keycloak.version}} command: start environment: KC_HOSTNAME: https://{{domain}} KC_HTTP_ENABLED: true KC_HEALTH_ENABLED: true - KEYCLOAK_ADMIN: "{{keycloak_administrator_username}}" + KEYCLOAK_ADMIN: "{{applications.keycloak.administrator_username}}" KEYCLOAK_ADMIN_PASSWORD: "{{keycloak_administrator_password}}" KC_DB: postgres KC_DB_URL: jdbc:postgresql://{{database_host}}/{{database_name}} diff --git a/roles/docker-ldap/README.md b/roles/docker-ldap/README.md index cb312632..e0ef9ce1 100644 --- a/roles/docker-ldap/README.md +++ b/roles/docker-ldap/README.md @@ -34,12 +34,12 @@ This Ansible role provides a streamlined implementation of an LDAP server with T |-------------------------------|----------------------------------------------------------|--------------------------------------| | `application_id` | Name of the Docker Compose project. | `ldap` | | `ldap_root` | Base DN for the LDAP directory. | `dc={{primary_domain_sld}},dc={{primary_domain_tld}}` | -| `ldap_admin_dn` | Distinguished Name (DN) for the LDAP administrator. | `cn={{ldap_administrator_username}},{{ldap_root}}` | +| `ldap_admin_dn` | Distinguished Name (DN) for the LDAP administrator. | `cn={{applications.ldap.administrator_username}},{{ldap_root}}` | | `cert_mount_directory` | Directory to mount SSL/TLS certificates. | `{{docker_compose_instance_directory}}/certs/` | -| `ldap_administrator_username` | Username for the LDAP admin. | `admin` | -| `ldap_administrator_password` | Password for the LDAP admin. | _Required_ | -| `ldap_phpldapadmin_version` | Version of phpLDAPadmin Docker image. | `latest` | -| `ldap_openldap_version` | Version of OpenLDAP Docker image. | `latest` | +| `applications.ldap.administrator_username` | Username for the LDAP admin. | `admin` | +| `applications.ldap.administrator_password` | Password for the LDAP admin. | _Required_ | +| `applications.ldap.phpldapadmin.version` | Version of phpLDAPadmin Docker image. | `latest` | +| `applications.ldap.openldap.version` | Version of OpenLDAP Docker image. | `latest` | --- @@ -73,10 +73,10 @@ Here’s an example playbook to use this role: docker_compose_instance_directory: "/opt/docker/ldap/" primary_domain_sld: "veen" primary_domain_tld: "world" - ldap_administrator_username: "administrator" - ldap_administrator_password: "secure_password_here" - ldap_phpldapadmin_version: "latest" - ldap_openldap_version: "latest" + applications.ldap.administrator_username: "administrator" + applications.ldap.administrator_password: "secure_password_here" + applications.ldap.phpldapadmin.version: "latest" + applications.ldap.openldap.version: "latest" ``` ### **Steps to Deploy:** @@ -114,7 +114,7 @@ The following directories are mounted in the container: --- ## 🔒 **Security Recommendations** -- Always use strong passwords for `ldap_administrator_password`. +- Always use strong passwords for `applications.ldap.administrator_password`. - Restrict access to phpLDAPadmin by binding it to `127.0.0.1` or using a reverse proxy. --- diff --git a/roles/docker-ldap/tasks/main.yml b/roles/docker-ldap/tasks/main.yml index 55b5dc9a..e64477bb 100644 --- a/roles/docker-ldap/tasks/main.yml +++ b/roles/docker-ldap/tasks/main.yml @@ -11,13 +11,13 @@ src: "nginx.stream.conf.j2" dest: "{{nginx.directories.streams}}{{domain}}.conf" notify: restart nginx - when: ldap_expose_to_internet | bool + when: applications.ldap.openldap.expose_to_internet | bool - name: Remove {{domain}}.conf if LDAP is not exposed to internet file: path: "{{ nginx.directories.streams }}{{ domain }}.conf" state: absent - when: not ldap_expose_to_internet | bool + when: not applications.ldap.openldap.expose_to_internet | bool - name: "create {{docker_compose_instance_directory}}" file: diff --git a/roles/docker-ldap/templates/docker-compose.yml.j2 b/roles/docker-ldap/templates/docker-compose.yml.j2 index 34d51318..3022690e 100644 --- a/roles/docker-ldap/templates/docker-compose.yml.j2 +++ b/roles/docker-ldap/templates/docker-compose.yml.j2 @@ -2,19 +2,19 @@ services: {% include 'roles/docker-oauth2-proxy/templates/container.yml.j2' %} - {{ldap_webinterface}}: - container_name: {{ldap_webinterface}} + {{applications.ldap.webinterface}}: + container_name: {{applications.ldap.webinterface}} logging: driver: journald restart: {{docker_restart_policy}} -{% if ldap_webinterface == 'lam' %} - image: ghcr.io/ldapaccountmanager/lam:{{ldap_lam_version}} # Dies ist das Docker-Image für LAM +{% if applications.ldap.webinterface == 'lam' %} + image: ghcr.io/ldapaccountmanager/lam:{{applications.ldap.lam.version}} # Dies ist das Docker-Image für LAM ports: - 127.0.0.1:{{http_port}}:80 environment: # See all variables here: https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env # Basic Configuration - LAM_PASSWORD: {{ldap_lam_administrator_password}} # LAM configuration master password and password for server profile "lam + LAM_PASSWORD: {{applications.ldap.lam.administrator_password}} # LAM configuration master password and password for server profile "lam # Database LAM_CONFIGURATION_DATABASE: files # configuration database (files or mysql) @todo implement mariadb @@ -24,9 +24,9 @@ services: LDAP_DOMAIN: {{domain}} # domain of LDAP database root entry, will be converted to dc=...,dc=... LDAP_BASE_DN: {{ldap_root}} # LDAP base DN to overwrite value generated by LDAP_DOMAIN LDAP_USER: {{ldap_admin_dn}} # LDAP admin user (set as login user for LAM) - LDAP_ADMIN_PASSWORD: {{ldap_administrator_database_password}} # LDAP admin password -{% elif ldap_webinterface == 'phpldapadmin' %} - image: leenooks/phpldapadmin:{{ldap_phpldapadmin_version}} + LDAP_ADMIN_PASSWORD: {{applications.ldap.administrator_database_password}} # LDAP admin password +{% elif applications.ldap.webinterface == 'phpldapadmin' %} + image: leenooks/phpldapadmin:{{applications.ldap.phpldapadmin.version}} ports: - 127.0.0.1:{{http_port}}:8080 environment: @@ -35,7 +35,7 @@ services: LDAP_HOST: openldap {% endif %} openldap: - image: bitnami/openldap:{{ldap_openldap_version}} + image: bitnami/openldap:{{applications.ldap.openldap.version}} container_name: openldap logging: driver: journald @@ -48,8 +48,8 @@ services: # GENERAL ## Database - LDAP_ADMIN_USERNAME: {{ldap_administrator_username}} # LDAP database admin user. - LDAP_ADMIN_PASSWORD: {{ldap_administrator_database_password}} # LDAP database admin password. + LDAP_ADMIN_USERNAME: {{applications.ldap.administrator_username}} # LDAP database admin user. + LDAP_ADMIN_PASSWORD: {{applications.ldap.administrator_database_password}} # LDAP database admin password. ## Users LDAP_USERS: ' ' # Comma separated list of LDAP users to create in the default LDAP tree. Default: user01,user02 @@ -59,8 +59,8 @@ services: ## Admin LDAP_ADMIN_DN: {{ldap_admin_dn}} # Not well documented. Don't know if this has an effect LDAP_CONFIG_ADMIN_ENABLED: yes - LDAP_CONFIG_ADMIN_USERNAME: {{ldap_administrator_username}} - LDAP_CONFIG_ADMIN_PASSWORD: {{ldap_administrator_password}} + LDAP_CONFIG_ADMIN_USERNAME: {{applications.ldap.administrator_username}} + LDAP_CONFIG_ADMIN_PASSWORD: {{applications.ldap.administrator_password}} # Network LDAP_PORT_NUMBER: {{ldap_localhost_port}} # Route to default port @@ -73,7 +73,7 @@ services: - 'data:/bitnami/openldap' healthcheck: test: > - ldapsearch -x -H ldap://localhost:389 -b "{{ldap_root}}" -D "{{ldap_admin_dn}}" -w "{{ldap_administrator_database_password}}" + ldapsearch -x -H ldap://localhost:389 -b "{{ldap_root}}" -D "{{ldap_admin_dn}}" -w "{{applications.ldap.administrator_database_password}}" interval: 30s timeout: 10s retries: 3 diff --git a/roles/docker-ldap/vars/main.yml b/roles/docker-ldap/vars/main.yml index 57af69bc..dc555501 100644 --- a/roles/docker-ldap/vars/main.yml +++ b/roles/docker-ldap/vars/main.yml @@ -1,15 +1,14 @@ application_id: "ldap" ldap_root: "dc={{primary_domain_sld}},dc={{primary_domain_tld}}" -ldap_admin_dn: "cn={{ldap_administrator_username}},{{ldap_root}}" +ldap_admin_dn: "cn={{applications.ldap.administrator_username}},{{ldap_root}}" ldap_secure_localhost_port: 1636 ldap_secure_internet_port: 636 ldap_localhost_port: 389 # OAuth2 Proxy Configuration -oauth2_proxy_upstream_application_and_port: "{{ ldap_webinterface }}:{% if ldap_webinterface == 'phpldapadmin' %}8080{% else %}80{% endif %}" +oauth2_proxy_upstream_application_and_port: "{{ applications.ldap.webinterface }}:{% if applications.ldap.webinterface == 'phpldapadmin' %}8080{% else %}80{% endif %}" oauth2_proxy_active: true - enable_one_letsencrypt_cert_for_all: false # Activate dedicated Certificate ldap_network_enabled: true # Activate LDAP network \ No newline at end of file diff --git a/roles/docker-listmonk/tasks/main.yml b/roles/docker-listmonk/tasks/main.yml index 3aeb1903..b77eca93 100644 --- a/roles/docker-listmonk/tasks/main.yml +++ b/roles/docker-listmonk/tasks/main.yml @@ -2,10 +2,10 @@ - name: "include docker/compose/database.yml" include_tasks: docker/compose/database.yml -- name: Set nginx_docker_reverse_proxy_extra_configuration based on listmonk_public_api_activated +- name: Set nginx_docker_reverse_proxy_extra_configuration based on applications.listmonk.public_api_activated set_fact: nginx_docker_reverse_proxy_extra_configuration: >- - {% if not listmonk_public_api_activated %} + {% if not applications.listmonk.public_api_activated %} {{ lookup('file', '{{ role_path }}/files/deactivate-public-api.conf') }} {% else %} "" diff --git a/roles/docker-listmonk/templates/config.toml.j2 b/roles/docker-listmonk/templates/config.toml.j2 index 72f76b45..dc7a0b9c 100644 --- a/roles/docker-listmonk/templates/config.toml.j2 +++ b/roles/docker-listmonk/templates/config.toml.j2 @@ -9,7 +9,7 @@ address = "0.0.0.0:9000" # be replaced with a better multi-user, role-based authentication system. # IMPORTANT: Leave both values empty to disable authentication on admin # only where an external authentication is already setup. -# admin_username = "{{listmonk_admin_username}}" +# admin_username = "{{applications.listmonk.administrator_username}}" # admin_password = "{{listmonk_admin_password}}" # Deactivated for newer versions diff --git a/roles/docker-listmonk/templates/docker-compose.yml.j2 b/roles/docker-listmonk/templates/docker-compose.yml.j2 index f35c1404..7e4ae57a 100644 --- a/roles/docker-listmonk/templates/docker-compose.yml.j2 +++ b/roles/docker-listmonk/templates/docker-compose.yml.j2 @@ -4,7 +4,7 @@ services: application: restart: {{docker_restart_policy}} - image: listmonk/listmonk:{{listmonk_version}} + image: listmonk/listmonk:{{applications.listmonk.version}} ports: - "127.0.0.1:{{http_port}}:9000" environment: diff --git a/roles/docker-mailu/templates/docker-compose.yml.j2 b/roles/docker-mailu/templates/docker-compose.yml.j2 index 1e90c60d..18e592b4 100644 --- a/roles/docker-mailu/templates/docker-compose.yml.j2 +++ b/roles/docker-mailu/templates/docker-compose.yml.j2 @@ -6,7 +6,7 @@ services: # Core services resolver: - image: ghcr.io/mailu/unbound:{{mailu_version}} + image: ghcr.io/mailu/unbound:{{applications.mailu.version}} env_file: mailu.env restart: {{docker_restart_policy}} {% include 'templates/docker/container/networks.yml.j2' %} @@ -15,7 +15,7 @@ services: driver: journald front: - image: ghcr.io/mailu/nginx:{{mailu_version}} + image: ghcr.io/mailu/nginx:{{applications.mailu.version}} restart: {{docker_restart_policy}} env_file: mailu.env logging: @@ -43,7 +43,7 @@ services: - 192.168.203.254 admin: - image: ghcr.io/mailu/admin:{{mailu_version}} + image: ghcr.io/mailu/admin:{{applications.mailu.version}} restart: {{docker_restart_policy}} env_file: mailu.env volumes: @@ -61,7 +61,7 @@ services: {% include 'templates/docker/container/networks.yml.j2' %} imap: - image: ghcr.io/mailu/dovecot:{{mailu_version}} + image: ghcr.io/mailu/dovecot:{{applications.mailu.version}} restart: {{docker_restart_policy}} env_file: mailu.env volumes: @@ -77,7 +77,7 @@ services: {% include 'templates/docker/container/networks.yml.j2' %} smtp: - image: ghcr.io/mailu/postfix:{{mailu_version}} + image: ghcr.io/mailu/postfix:{{applications.mailu.version}} restart: {{docker_restart_policy}} env_file: mailu.env volumes: @@ -93,7 +93,7 @@ services: {% include 'templates/docker/container/networks.yml.j2' %} oletools: - image: ghcr.io/mailu/oletools:{{mailu_version}} + image: ghcr.io/mailu/oletools:{{applications.mailu.version}} hostname: oletools restart: {{docker_restart_policy}} depends_on: @@ -104,7 +104,7 @@ services: noinet: antispam: - image: ghcr.io/mailu/rspamd:{{mailu_version}} + image: ghcr.io/mailu/rspamd:{{applications.mailu.version}} restart: {{docker_restart_policy}} env_file: mailu.env volumes: @@ -140,7 +140,7 @@ services: {% include 'templates/docker/container/networks.yml.j2' %} webdav: - image: ghcr.io/mailu/radicale:{{mailu_version}} + image: ghcr.io/mailu/radicale:{{applications.mailu.version}} restart: {{docker_restart_policy}} env_file: mailu.env volumes: @@ -155,7 +155,7 @@ services: radicale: fetchmail: - image: ghcr.io/mailu/fetchmail:{{mailu_version}} + image: ghcr.io/mailu/fetchmail:{{applications.mailu.version}} volumes: - "admin_data:/data" restart: {{docker_restart_policy}} @@ -172,7 +172,7 @@ services: {% include 'templates/docker/container/networks.yml.j2' %} webmail: - image: ghcr.io/mailu/webmail:{{mailu_version}} + image: ghcr.io/mailu/webmail:{{applications.mailu.version}} restart: {{docker_restart_policy}} env_file: mailu.env volumes: @@ -204,7 +204,7 @@ services: ipam: driver: default config: - - subnet: {{mailu_subnet}} + - subnet: {{applications.mailu.subnet}} radicale: driver: bridge webmail: diff --git a/roles/docker-mailu/templates/mailu.env.j2 b/roles/docker-mailu/templates/mailu.env.j2 index 939b1440..3e9176e9 100644 --- a/roles/docker-mailu/templates/mailu.env.j2 +++ b/roles/docker-mailu/templates/mailu.env.j2 @@ -15,10 +15,10 @@ LD_PRELOAD=/usr/lib/libhardened_malloc.so SECRET_KEY={{mailu_secret_key}} # Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!) -SUBNET={{mailu_subnet}} +SUBNET={{applications.mailu.subnet}} # Main mail domain -DOMAIN={{mailu_domain}} +DOMAIN={{applications.mailu.domain}} # Hostnames for this server, separated with comas HOSTNAMES={{domain}} diff --git a/roles/docker-mariadb/tasks/main.yml b/roles/docker-mariadb/tasks/main.yml index d903e6d6..9da12252 100644 --- a/roles/docker-mariadb/tasks/main.yml +++ b/roles/docker-mariadb/tasks/main.yml @@ -7,7 +7,7 @@ - name: install MariaDB docker_container: name: central-mariadb - image: "mariadb:{{mariadb_version}}" #could lead to problems with nextcloud + image: "mariadb:{{applications.mariadb.version}}" #could lead to problems with nextcloud detach: yes env: MARIADB_ROOT_PASSWORD: "{{central_mariadb_root_password}}" diff --git a/roles/docker-mastodon/templates/.env.production.j2 b/roles/docker-mastodon/templates/.env.production.j2 index dfd2c0ac..5bc4ed1c 100644 --- a/roles/docker-mastodon/templates/.env.production.j2 +++ b/roles/docker-mastodon/templates/.env.production.j2 @@ -1,6 +1,6 @@ LOCAL_DOMAIN={{domain}} ALTERNATE_DOMAINS="{{ domains.mastodon_alternates | join(',') }}" -SINGLE_USER_MODE={{mastodon_single_user_mode}} +SINGLE_USER_MODE={{applications.mastodon.single_user_mode}} SECRET_KEY_BASE={{mastodon_secret_key_base}} OTP_SECRET={{mastodon_otp_secret}} VAPID_PRIVATE_KEY={{mastodon_vapid_private_key}} diff --git a/roles/docker-mastodon/templates/docker-compose.yml.j2 b/roles/docker-mastodon/templates/docker-compose.yml.j2 index d36563f6..c85624e8 100644 --- a/roles/docker-mastodon/templates/docker-compose.yml.j2 +++ b/roles/docker-mastodon/templates/docker-compose.yml.j2 @@ -5,7 +5,7 @@ services: {% include 'templates/docker/services/' + database_type + '.yml.j2' %} web: - image: ghcr.io/mastodon/mastodon:{{mastodon_version}} + image: ghcr.io/mastodon/mastodon:{{applications.mastodon.version}} restart: {{docker_restart_policy}} env_file: .env.production command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000" @@ -21,7 +21,7 @@ services: {% include 'templates/docker/container/networks.yml.j2' %} streaming: - image: ghcr.io/mastodon/mastodon-streaming:{{mastodon_version}} + image: ghcr.io/mastodon/mastodon-streaming:{{applications.mastodon.version}} restart: {{docker_restart_policy}} env_file: .env.production command: node ./streaming @@ -35,7 +35,7 @@ services: {% include 'templates/docker/container/networks.yml.j2' %} sidekiq: - image: ghcr.io/mastodon/mastodon:{{mastodon_version}} + image: ghcr.io/mastodon/mastodon:{{applications.mastodon.version}} restart: {{docker_restart_policy}} env_file: .env.production command: bundle exec sidekiq diff --git a/roles/docker-matomo/templates/docker-compose.yml.j2 b/roles/docker-matomo/templates/docker-compose.yml.j2 index 567ad6f4..e917cee7 100644 --- a/roles/docker-matomo/templates/docker-compose.yml.j2 +++ b/roles/docker-matomo/templates/docker-compose.yml.j2 @@ -5,7 +5,7 @@ services: application: logging: driver: journald - image: matomo:{{matomo_version}} + image: matomo:{{applications.matomo.version}} restart: {{docker_restart_policy}} ports: - "127.0.0.1:{{http_port}}:80" diff --git a/roles/docker-matrix-ansible/tasks/main.yml b/roles/docker-matrix-ansible/tasks/main.yml index 2c701493..0b12c00e 100644 --- a/roles/docker-matrix-ansible/tasks/main.yml +++ b/roles/docker-matrix-ansible/tasks/main.yml @@ -79,7 +79,7 @@ become: false - name: play matrix-docker-ansible-deploy - local_action: "command ansible-playbook -i {{hosts_path}} {{local_repository_directory}}/setup.yml -vvv --tags={{matrix_playbook_tags}}" + local_action: "command ansible-playbook -i {{hosts_path}} {{local_repository_directory}}/setup.yml -vvv --tags={{applications.matrix.playbook_tags}}" become: false diff --git a/roles/docker-matrix-compose/tasks/main.yml b/roles/docker-matrix-compose/tasks/main.yml index 64285cba..775184a4 100644 --- a/roles/docker-matrix-compose/tasks/main.yml +++ b/roles/docker-matrix-compose/tasks/main.yml @@ -131,7 +131,7 @@ - name: create admin account command: - cmd: docker compose exec -it synapse register_new_matrix_user -u {{matrix_administrator_username}} -p {{matrix_admin_password}} -a -c /data/homeserver.yaml http://localhost:8008 + cmd: docker compose exec -it synapse register_new_matrix_user -u {{applications.matrix.administrator_username}} -p {{matrix_admin_password}} -a -c /data/homeserver.yaml http://localhost:8008 chdir: "{{ docker_compose_instance_directory }}" ignore_errors: true when: mode_setup | bool diff --git a/roles/docker-matrix-compose/templates/docker-compose.yml.j2 b/roles/docker-matrix-compose/templates/docker-compose.yml.j2 index bcf0b23e..eb7630d9 100644 --- a/roles/docker-matrix-compose/templates/docker-compose.yml.j2 +++ b/roles/docker-matrix-compose/templates/docker-compose.yml.j2 @@ -3,7 +3,7 @@ services: {% include 'templates/docker/services/' + database_type + '.yml.j2' %} synapse: - image: matrixdotorg/synapse:{{matrix_synapse_version}} + image: matrixdotorg/synapse:{{applications.matrix.synapse.version}} container_name: matrix-synapse restart: {{docker_restart_policy}} logging: @@ -33,7 +33,7 @@ services: {% include 'templates/docker/container/networks.yml.j2' %} element: - image: vectorim/element-web:{{matrix_element_version}} + image: vectorim/element-web:{{applications.matrix.element.version}} container_name: matrix-element restart: {{docker_restart_policy}} volumes: @@ -90,13 +90,13 @@ services: # KEYV_BOT_ENCRYPTION: 'false' # KEYV_BOT_STORAGE: 'true' # MATRIX_HOMESERVER_URL: 'https://{{domains.matrix_synapse}}' -# MATRIX_BOT_USERNAME: '@chatgptbot:{{matrix_server_name}}' +# MATRIX_BOT_USERNAME: '@chatgptbot:{{applications.matrix.server_name}}' # MATRIX_ACCESS_TOKEN: '{{ matrix_chatgpt_bridge_access_token | default('') }}' # MATRIX_BOT_PASSWORD: '{{matrix_chatgpt_bridge_user_password}}' # MATRIX_DEFAULT_PREFIX: '!chatgpt' # MATRIX_DEFAULT_PREFIX_REPLY: 'false' # #MATRIX_BLACKLIST: '' -# MATRIX_WHITELIST: ':{{matrix_server_name}}' +# MATRIX_WHITELIST: ':{{applications.matrix.server_name}}' # MATRIX_AUTOJOIN: 'true' # MATRIX_ENCRYPTION: 'true' # MATRIX_THREADS: 'true' diff --git a/roles/docker-matrix-compose/templates/mautrix/facebook.config.yml.j2 b/roles/docker-matrix-compose/templates/mautrix/facebook.config.yml.j2 index f3fe27aa..1bac5e4e 100644 --- a/roles/docker-matrix-compose/templates/mautrix/facebook.config.yml.j2 +++ b/roles/docker-matrix-compose/templates/mautrix/facebook.config.yml.j2 @@ -3,7 +3,7 @@ homeserver: # The address that this appservice can use to connect to the homeserver. address: http://synapse:8008 # The domain of the homeserver (for MXIDs, etc). - domain: {{matrix_server_name}} + domain: {{applications.matrix.server_name}} # Whether or not to verify the SSL certificate of the homeserver. # Only applies if address starts with https:// verify_ssl: true @@ -143,7 +143,7 @@ bridge: sync_direct_chat_list: false # Servers to always allow double puppeting from double_puppet_server_map: - {{matrix_server_name}}: {{domains.matrix_synapse}} + {{applications.matrix.server_name}}: {{domains.matrix_synapse}} # Allow using double puppeting from any server with a valid client .well-known file. double_puppet_allow_discovery: false # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth @@ -154,7 +154,7 @@ bridge: # If using this for other servers than the bridge's server, # you must also set the URL in the double_puppet_server_map. login_shared_secret_map: - {{matrix_server_name}}: {{matrix_registration_shared_secret}} + {{applications.matrix.server_name}}: {{matrix_registration_shared_secret}} # Should presence from Facebook be bridged? This doesn't use the same API as the Android app, # so it might be more suspicious to Facebook. presence_from_facebook: false @@ -380,8 +380,8 @@ bridge: # mxid - Specific user permissions: "*": relay - "{{matrix_server_name}}": user - "@{{matrix_administrator_username}}:{{matrix_server_name}}": admin + "{{applications.matrix.server_name}}": user + "@{{applications.matrix.administrator_username}}:{{applications.matrix.server_name}}": admin relay: # Whether relay mode should be allowed. If allowed, `!fb set-relay` can be used to turn any diff --git a/roles/docker-matrix-compose/templates/mautrix/imessage.config.yml.j2 b/roles/docker-matrix-compose/templates/mautrix/imessage.config.yml.j2 index 4a8966c6..3c6e829e 100644 --- a/roles/docker-matrix-compose/templates/mautrix/imessage.config.yml.j2 +++ b/roles/docker-matrix-compose/templates/mautrix/imessage.config.yml.j2 @@ -10,7 +10,7 @@ homeserver: # How often should the websocket be pinged? Pinging will be disabled if this is zero. ping_interval_seconds: 0 # The domain of the homeserver (also known as server_name, used for MXIDs, etc). - domain: {{matrix_server_name}} + domain: {{applications.matrix.server_name}} # What software is the homeserver running? # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. diff --git a/roles/docker-matrix-compose/templates/mautrix/instagram.config.yml.j2 b/roles/docker-matrix-compose/templates/mautrix/instagram.config.yml.j2 index 18413e1b..335fa956 100644 --- a/roles/docker-matrix-compose/templates/mautrix/instagram.config.yml.j2 +++ b/roles/docker-matrix-compose/templates/mautrix/instagram.config.yml.j2 @@ -3,7 +3,7 @@ homeserver: # The address that this appservice can use to connect to the homeserver. address: http://synapse:8008 # The domain of the homeserver (also known as server_name, used for MXIDs, etc). - domain: {{matrix_server_name}} + domain: {{applications.matrix.server_name}} # Whether or not to verify the SSL certificate of the homeserver. # Only applies if address starts with https:// verify_ssl: true @@ -134,7 +134,7 @@ bridge: double_puppet_allow_discovery: false # Servers to allow double puppeting from, even if double_puppet_allow_discovery is false. double_puppet_server_map: - {{matrix_server_name}}: https://{{domains.matrix_synapse}} + {{applications.matrix.server_name}}: https://{{domains.matrix_synapse}} # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth # # If set, custom puppets will be enabled automatically for local users @@ -143,7 +143,7 @@ bridge: # If using this for other servers than the bridge's server, # you must also set the URL in the double_puppet_server_map. login_shared_secret_map: - {{matrix_server_name}}: {{matrix_registration_shared_secret}} + {{applications.matrix.server_name}}: {{matrix_registration_shared_secret}} # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. federate_rooms: true @@ -359,8 +359,8 @@ bridge: # mxid - Specific user permissions: "*": relay - "{{matrix_server_name}}": user - "@{{matrix_administrator_username}}:{{matrix_server_name}}": admin + "{{applications.matrix.server_name}}": user + "@{{applications.matrix.administrator_username}}:{{applications.matrix.server_name}}": admin relay: # Whether relay mode should be allowed. If allowed, `!ig set-relay` can be used to turn any diff --git a/roles/docker-matrix-compose/templates/mautrix/signal.config.yml.j2 b/roles/docker-matrix-compose/templates/mautrix/signal.config.yml.j2 index af921720..dd95b55b 100644 --- a/roles/docker-matrix-compose/templates/mautrix/signal.config.yml.j2 +++ b/roles/docker-matrix-compose/templates/mautrix/signal.config.yml.j2 @@ -3,7 +3,7 @@ homeserver: # The address that this appservice can use to connect to the homeserver. address: http://synapse:8008 # The domain of the homeserver (also known as server_name, used for MXIDs, etc). - domain: {{matrix_server_name}} + domain: {{applications.matrix.server_name}} # What software is the homeserver running? # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. @@ -141,7 +141,7 @@ bridge: federate_rooms: true # Servers to always allow double puppeting from double_puppet_server_map: - {{matrix_server_name}}: https://{{domains.matrix_synapse}} + {{applications.matrix.server_name}}: https://{{domains.matrix_synapse}} # Allow using double puppeting from any server with a valid client .well-known file. double_puppet_allow_discovery: false # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth @@ -150,7 +150,7 @@ bridge: # instead of users having to find an access token and run `login-matrix` # manually. login_shared_secret_map: - {{matrix_server_name}}: {{matrix_registration_shared_secret}} + {{applications.matrix.server_name}}: {{matrix_registration_shared_secret}} # Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration # Null means there's no enforced timeout. @@ -274,8 +274,8 @@ bridge: # mxid - Specific user permissions: "*": relay - "{{matrix_server_name}}": user - "@{{matrix_administrator_username}}:{{matrix_server_name}}": admin + "{{applications.matrix.server_name}}": user + "@{{applications.matrix.administrator_username}}:{{applications.matrix.server_name}}": admin # Settings for relay mode relay: diff --git a/roles/docker-matrix-compose/templates/mautrix/slack.config.yml.j2 b/roles/docker-matrix-compose/templates/mautrix/slack.config.yml.j2 index e10e6151..2d0cd048 100644 --- a/roles/docker-matrix-compose/templates/mautrix/slack.config.yml.j2 +++ b/roles/docker-matrix-compose/templates/mautrix/slack.config.yml.j2 @@ -3,7 +3,7 @@ homeserver: # The address that this appservice can use to connect to the homeserver. address: http://synapse:8008 # The domain of the homeserver (also known as server_name, used for MXIDs, etc). - domain: {{matrix_server_name}} + domain: {{applications.matrix.server_name}} # What software is the homeserver running? # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. @@ -118,7 +118,7 @@ bridge: # Servers to always allow double puppeting from double_puppet_server_map: - {{matrix_server_name}}: https://{{domains.matrix_synapse}} + {{applications.matrix.server_name}}: https://{{domains.matrix_synapse}} # Allow using double puppeting from any server with a valid client .well-known file. double_puppet_allow_discovery: false # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth @@ -127,7 +127,7 @@ bridge: # instead of users having to find an access token and run `login-matrix` # manually. login_shared_secret_map: - {{matrix_server_name}}: {{matrix_registration_shared_secret}} + {{applications.matrix.server_name}}: {{matrix_registration_shared_secret}} message_handling_timeout: # Send an error message after this timeout, but keep waiting for the response until the deadline. @@ -278,8 +278,8 @@ bridge: # mxid - Specific user permissions: "*": relay - "{{matrix_server_name}}": user - "@{{matrix_administrator_username}}:{{matrix_server_name}}": admin + "{{applications.matrix.server_name}}": user + "@{{applications.matrix.administrator_username}}:{{applications.matrix.server_name}}": admin # Logging config. See https://github.com/tulir/zeroconfig for details. logging: diff --git a/roles/docker-matrix-compose/templates/mautrix/telegram.config.yml.j2 b/roles/docker-matrix-compose/templates/mautrix/telegram.config.yml.j2 index a31bacf3..1b2687a8 100644 --- a/roles/docker-matrix-compose/templates/mautrix/telegram.config.yml.j2 +++ b/roles/docker-matrix-compose/templates/mautrix/telegram.config.yml.j2 @@ -3,7 +3,7 @@ homeserver: # The address that this appservice can use to connect to the homeserver. address: http://synapse:8008 # The domain of the homeserver (for MXIDs, etc). - domain: {{matrix_server_name}} + domain: {{applications.matrix.server_name}} # Whether or not to verify the SSL certificate of the homeserver. # Only applies if address starts with https:// verify_ssl: true @@ -62,7 +62,7 @@ appservice: prefix: /public # The base URL where the public-facing endpoints are available. The prefix is not added # implicitly. - external: https://{{matrix_server_name}}/public + external: https://{{applications.matrix.server_name}}/public # Provisioning API part of the web server for automated portal creation and fetching information. # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager). @@ -198,7 +198,7 @@ bridge: sync_direct_chat_list: false # Servers to always allow double puppeting from double_puppet_server_map: - {{matrix_server_name}}: https://{{domains.matrix_synapse}} + {{applications.matrix.server_name}}: https://{{domains.matrix_synapse}} # Allow using double puppeting from any server with a valid client .well-known file. double_puppet_allow_discovery: false # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth @@ -209,7 +209,7 @@ bridge: # If using this for other servers than the bridge's server, # you must also set the URL in the double_puppet_server_map. login_shared_secret_map: - {{matrix_server_name}}: {{matrix_registration_shared_secret}} + {{applications.matrix.server_name}}: {{matrix_registration_shared_secret}} # Set to false to disable link previews in messages sent to Telegram. telegram_link_preview: true # Whether or not the !tg join command should do a HTTP request @@ -530,9 +530,9 @@ bridge: # mxid - Specific user permissions: "*": "relaybot" - "public.{{matrix_server_name}}": "user" - "{{matrix_server_name}}": "full" - "@{{matrix_administrator_username}}:{{matrix_server_name}}": "admin" + "public.{{applications.matrix.server_name}}": "user" + "{{applications.matrix.server_name}}": "full" + "@{{applications.matrix.administrator_username}}:{{applications.matrix.server_name}}": "admin" # Options related to the message relay Telegram bot. relaybot: diff --git a/roles/docker-matrix-compose/templates/mautrix/whatsapp.config.yml.j2 b/roles/docker-matrix-compose/templates/mautrix/whatsapp.config.yml.j2 index 8bfb1bba..0cded410 100644 --- a/roles/docker-matrix-compose/templates/mautrix/whatsapp.config.yml.j2 +++ b/roles/docker-matrix-compose/templates/mautrix/whatsapp.config.yml.j2 @@ -3,7 +3,7 @@ homeserver: # The address that this appservice can use to connect to the homeserver. address: http://synapse:8008 # The domain of the homeserver (also known as server_name, used for MXIDs, etc). - domain: {{matrix_server_name}} + domain: {{applications.matrix.server_name}} # What software is the homeserver running? # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. @@ -236,7 +236,7 @@ bridge: force_active_delivery_receipts: false # Servers to always allow double puppeting from double_puppet_server_map: - {{matrix_server_name}}: https://{{domains.matrix_synapse}} + {{applications.matrix.server_name}}: https://{{domains.matrix_synapse}} # Allow using double puppeting from any server with a valid client .well-known file. double_puppet_allow_discovery: false # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth @@ -245,7 +245,7 @@ bridge: # instead of users having to find an access token and run `login-matrix` # manually. login_shared_secret_map: - {{matrix_server_name}}: {{matrix_registration_shared_secret}} + {{applications.matrix.server_name}}: {{matrix_registration_shared_secret}} # Whether to explicitly set the avatar and room name for private chat portal rooms. # If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms. # If set to `always`, all DM rooms will have explicit names and avatars set. @@ -434,8 +434,8 @@ bridge: # mxid - Specific user permissions: "*": relay - "{{matrix_server_name}}": user - "@{{matrix_administrator_username}}:{{matrix_server_name}}": admin + "{{applications.matrix.server_name}}": user + "@{{applications.matrix.administrator_username}}:{{applications.matrix.server_name}}": admin # Settings for relay mode relay: diff --git a/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2 b/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2 index 50d13eca..254d3c5d 100644 --- a/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2 +++ b/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2 @@ -1,4 +1,4 @@ -server_name: "{{matrix_server_name}}" +server_name: "{{applications.matrix.server_name}}" pid_file: /data/homeserver.pid listeners: - port: 8008 diff --git a/roles/docker-moodle/templates/docker-compose.yml.j2 b/roles/docker-moodle/templates/docker-compose.yml.j2 index bb1fa9b4..e2c28909 100644 --- a/roles/docker-moodle/templates/docker-compose.yml.j2 +++ b/roles/docker-moodle/templates/docker-compose.yml.j2 @@ -2,7 +2,7 @@ services: {% include 'templates/docker/services/' + database_type + '.yml.j2' %} moodle: - image: docker.io/bitnami/moodle:{{moodle_version}} + image: docker.io/bitnami/moodle:{{applications.moodle.version}} ports: - 127.0.0.1:{{http_port}}:8080 restart: {{docker_restart_policy}} @@ -15,12 +15,12 @@ services: - MOODLE_DATABASE_NAME={{database_name}} - MOODLE_DATABASE_PASSWORD={{database_password}} - ALLOW_EMPTY_PASSWORD=no - - MOODLE_SITE_NAME="{{moodle_site_name}}" + - MOODLE_SITE_NAME="{{applications.moodle.site_titel}}" - MOODLE_SSLPROXY=yes - MOODLE_REVERSE_PROXY=yes - - MOODLE_USERNAME={{moodle_administrator_name}} + - MOODLE_USERNAME={{applications.moodle.administrator_name}} - MOODLE_PASSWORD={{moodle_user_password}} - - MOODLE_EMAIL={{moodle_administrator_email}} + - MOODLE_EMAIL={{applications.moodle.administrator_email}} - BITNAMI_DEBUG={% if mode_debug | bool %}true{% else %}false{% endif %} volumes: - 'moodle:/bitnami/moodle' diff --git a/roles/docker-mybb/templates/docker-compose.yml.j2 b/roles/docker-mybb/templates/docker-compose.yml.j2 index 2a106dbe..d5f5dc45 100644 --- a/roles/docker-mybb/templates/docker-compose.yml.j2 +++ b/roles/docker-mybb/templates/docker-compose.yml.j2 @@ -7,7 +7,7 @@ services: driver: journald options: tag: "mybb_application" - image: mybb/mybb:{{mybb_version}} + image: mybb/mybb:{{applications.mybb.version}} restart: {{docker_restart_policy}} volumes: - data:/var/www/html diff --git a/roles/docker-nextcloud/README.md b/roles/docker-nextcloud/README.md index 466cd1ba..9dc756a8 100644 --- a/roles/docker-nextcloud/README.md +++ b/roles/docker-nextcloud/README.md @@ -21,7 +21,7 @@ To update the nextcloud container execute the following commands on the server: docker-compose down ``` -Afterwards update the ***nextcloud_version*** variable to the next version and run the this repository with this ansible role. +Afterwards update the ***applications.nextcloud.version*** variable to the next version and run the this repository with this ansible role. It is only possible to update from one to the next major version at a time diff --git a/roles/docker-nextcloud/templates/docker-compose.yml.j2 b/roles/docker-nextcloud/templates/docker-compose.yml.j2 index 153572ad..db764ae9 100644 --- a/roles/docker-nextcloud/templates/docker-compose.yml.j2 +++ b/roles/docker-nextcloud/templates/docker-compose.yml.j2 @@ -5,7 +5,7 @@ services: {% include 'templates/docker/services/' + database_type + '.yml.j2' %} application: - image: "nextcloud:{{nextcloud_version}}-fpm-alpine" + image: "nextcloud:{{applications.nextcloud.version}}-fpm-alpine" container_name: {{nextcloud_application_container_name}} restart: {{docker_restart_policy}} logging: @@ -59,7 +59,7 @@ services: cron: container_name: nextcloud-cron - image: "nextcloud:{{nextcloud_version}}-fpm-alpine" + image: "nextcloud:{{applications.nextcloud.version}}-fpm-alpine" restart: {{docker_restart_policy}} logging: driver: journald diff --git a/roles/docker-oauth2-proxy/tasks/main.yml b/roles/docker-oauth2-proxy/tasks/main.yml index 527a49e6..92a94db0 100644 --- a/roles/docker-oauth2-proxy/tasks/main.yml +++ b/roles/docker-oauth2-proxy/tasks/main.yml @@ -1,6 +1,6 @@ - name: "Transfering oauth2-proxy-keycloak.cfg.j2 to {{docker_compose_instance_directory}}" template: src: oauth2-proxy-keycloak.cfg.j2 - dest: "{{docker_compose_instance_directory}}{{oauth2_configuration_file}}" + dest: "{{docker_compose_instance_directory}}{{applications.oauth2_proxy.configuration_file}}" notify: - docker compose project setup \ No newline at end of file diff --git a/roles/docker-oauth2-proxy/templates/container.yml.j2 b/roles/docker-oauth2-proxy/templates/container.yml.j2 index ebf5b258..2dffe4bd 100644 --- a/roles/docker-oauth2-proxy/templates/container.yml.j2 +++ b/roles/docker-oauth2-proxy/templates/container.yml.j2 @@ -1,10 +1,10 @@ oauth2-proxy: - image: quay.io/oauth2-proxy/oauth2-proxy:{{oauth2_version}} + image: quay.io/oauth2-proxy/oauth2-proxy:{{applications.oauth2_proxy.version}} restart: {{docker_restart_policy}} command: --config /oauth2-proxy.cfg hostname: oauth2-proxy ports: - {{ports.localhost.oauth2_proxy_ports[application_id]}}:4180/tcp volumes: - - "./{{oauth2_configuration_file}}:/oauth2-proxy.cfg" + - "./{{applications.oauth2_proxy.configuration_file}}:/oauth2-proxy.cfg" {% include 'templates/docker/container/networks.yml.j2' %} \ No newline at end of file diff --git a/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2 b/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2 index 5b704e32..6e5ba7da 100644 --- a/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2 +++ b/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2 @@ -1,5 +1,5 @@ http_address = "0.0.0.0:4180" -cookie_secret = "{{oauth2_proxy_cookie_secret}}" +cookie_secret = "{{applications.oauth2_proxy.cookie_secret}}" email_domains = "{{primary_domain}}" cookie_secure = "false" upstreams = "http://{{oauth2_proxy_upstream_application_and_port}}" @@ -16,4 +16,4 @@ provider_display_name = "Keycloak" # role restrictions #cookie_roles = "realm_access.roles" -allowed_roles = "{{oauth2_proxy_allowed_roles}}" \ No newline at end of file +allowed_roles = "{{applications.oauth2_proxy.allowed_roles}}" \ No newline at end of file diff --git a/roles/docker-peertube/templates/docker-compose.yml.j2 b/roles/docker-peertube/templates/docker-compose.yml.j2 index 71e8d4d0..7ef4705c 100644 --- a/roles/docker-peertube/templates/docker-compose.yml.j2 +++ b/roles/docker-peertube/templates/docker-compose.yml.j2 @@ -5,7 +5,7 @@ services: {% include 'templates/docker/services/' + database_type + '.yml.j2' %} application: - image: chocobozzz/peertube:production-{{peertube_version}} + image: chocobozzz/peertube:production-{{applications.peertube.version}} env_file: - .env ports: diff --git a/roles/docker-phpmyadmin/templates/docker-compose.yml.j2 b/roles/docker-phpmyadmin/templates/docker-compose.yml.j2 index c2904920..f0ae2750 100644 --- a/roles/docker-phpmyadmin/templates/docker-compose.yml.j2 +++ b/roles/docker-phpmyadmin/templates/docker-compose.yml.j2 @@ -5,11 +5,11 @@ services: application: logging: driver: journald - image: phpmyadmin/phpmyadmin:{{phpmyadmin_version}} + image: phpmyadmin/phpmyadmin:{{applications.phpmyadmin.version}} container_name: phpmyadmin environment: PMA_HOST: central-mariadb -{% if phpmyadmin_autologin | bool %} +{% if applications.phpmyadmin.autologin | bool %} PMA_USER: root PMA_PASSWORD: "{{central_mariadb_root_password}}" {% endif %} diff --git a/roles/docker-pixelfed/templates/docker-compose.yml.j2 b/roles/docker-pixelfed/templates/docker-compose.yml.j2 index 49c945a0..304d1347 100644 --- a/roles/docker-pixelfed/templates/docker-compose.yml.j2 +++ b/roles/docker-pixelfed/templates/docker-compose.yml.j2 @@ -5,7 +5,7 @@ services: {% include 'templates/docker/services/redis.yml.j2' %} application: - image: zknt/pixelfed:{{pixelfed_version}} + image: zknt/pixelfed:{{applications.pixelfed.version}} restart: {{docker_restart_policy}} logging: driver: journald @@ -19,7 +19,7 @@ services: {% include 'templates/docker/container/depends-on-database-redis.yml.j2' %} {% include 'templates/docker/container/networks.yml.j2' %} worker: - image: zknt/pixelfed:{{pixelfed_version}} + image: zknt/pixelfed:{{applications.pixelfed.version}} restart: {{docker_restart_policy}} logging: driver: journald diff --git a/roles/docker-pixelfed/templates/env.j2 b/roles/docker-pixelfed/templates/env.j2 index 7c44d8ed..25021d12 100644 --- a/roles/docker-pixelfed/templates/env.j2 +++ b/roles/docker-pixelfed/templates/env.j2 @@ -2,7 +2,7 @@ APP_KEY={{pixelfed_app_key}} ## General Settings -APP_NAME="{{pixelfed_app_name}}" +APP_NAME="{{applications.pixelfed.titel}}" APP_ENV=production APP_DEBUG=false APP_URL=https://{{domain}} diff --git a/roles/docker-postgres/tasks/main.yml b/roles/docker-postgres/tasks/main.yml index 27224682..05010090 100644 --- a/roles/docker-postgres/tasks/main.yml +++ b/roles/docker-postgres/tasks/main.yml @@ -7,7 +7,7 @@ - name: Install PostgreSQL docker_container: name: central-postgres - image: "postgres:{{postgres_database_version}}" + image: "postgres:{{applications.postgres.database_version}}" detach: yes env: POSTGRES_PASSWORD: "{{ central_postgres_password }}" diff --git a/roles/docker-taiga/templates/docker-compose.yml.j2 b/roles/docker-taiga/templates/docker-compose.yml.j2 index 4a69f797..62a85097 100644 --- a/roles/docker-taiga/templates/docker-compose.yml.j2 +++ b/roles/docker-taiga/templates/docker-compose.yml.j2 @@ -41,7 +41,7 @@ services: restart: {{docker_restart_policy}} logging: driver: journald - image: taigaio/taiga-back:{{taiga_version}} + image: taigaio/taiga-back:{{applications.taiga.version}} environment: *default-back-environment volumes: *default-back-volumes diff --git a/roles/docker-yourls/templates/docker-compose.yml.j2 b/roles/docker-yourls/templates/docker-compose.yml.j2 index cc2d3827..441bd9fc 100644 --- a/roles/docker-yourls/templates/docker-compose.yml.j2 +++ b/roles/docker-yourls/templates/docker-compose.yml.j2 @@ -5,7 +5,7 @@ services: application: logging: driver: journald - image: yourls:{{yourls_version}} + image: yourls:{{applications.yourls.version}} restart: {{docker_restart_policy}} ports: - "127.0.0.1:{{http_port}}:80" @@ -15,7 +15,7 @@ services: YOURLS_DB_PASS: "{{database_password}}" YOURLS_DB_NAME: "{{database_name}}" YOURLS_SITE: "https://{{domain}}" - YOURLS_USER: "{{yourls_administrator_username}}" + YOURLS_USER: "{{applications.yourls.administrator_username}}" YOURLS_PASS: "{{yourls_administrator_password}}" healthcheck: test: ["CMD", "curl", "-f", "http://127.0.0.1/admin/"] diff --git a/tasks/update-repository-with-files.yml b/tasks/update-repository-with-files.yml index 8c1575c6..48d8c5f1 100644 --- a/tasks/update-repository-with-files.yml +++ b/tasks/update-repository-with-files.yml @@ -1,6 +1,6 @@ -- name: "Merge detached_files with oauth2_configuration_file" +- name: "Merge detached_files with applications.oauth2_proxy.configuration_file" ansible.builtin.set_fact: - merged_detached_files: "{{ detached_files + [oauth2_configuration_file] }}" + merged_detached_files: "{{ detached_files + [applications.oauth2_proxy.configuration_file] }}" when: oauth2_proxy_active - name: "backup detached files" diff --git a/templates/docker/services/postgres.yml.j2 b/templates/docker/services/postgres.yml.j2 index 69c49af8..6e780bd3 100644 --- a/templates/docker/services/postgres.yml.j2 +++ b/templates/docker/services/postgres.yml.j2 @@ -1,7 +1,7 @@ # This template needs to be included in docker-compose.yml, which depend on a postgres database {% if not enable_central_database | bool %} database: - image: postgres:{{postgres_database_version}}-alpine + image: postgres:{{applications.postgres.database_version}}-alpine container_name: {{application_id}}-database environment: - POSTGRES_PASSWORD={{database_password}}