kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 15:06:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refactored application variables

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-02-03 11:44:13 +01:00
parent ce13beff68
commit b11879650c
60 changed files with 294 additions and 255 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
group_vars/all/03_domains.yml
View File

@@ -1,7 +1,7 @@
# Domains
## Service Domains
default_domains:
defaults_domains:
akaunting: "accounting.{{primary_domain}}"
attendize: "tickets.{{primary_domain}}"
baserow: "baserow.{{primary_domain}}"

247
group_vars/all/07_applications.yml
View File

@@ -10,44 +10,6 @@ enable_system_storage_optimizer: true
## Docker Role Specific Parameters
docker_restart_policy: "unless-stopped"
## Akaunting
akaunting_version: "latest"
akaunting_company_name: "{{primary_domain}}"
akaunting_company_email: "{{administrator_email}}"
akaunting_setup_admin_email: "{{administrator_email}}"
## Attendize
attendize_version: "latest"
## Baserow
baserow_version: "latest"
## Big Blue Button
bigbluebutton_enable_greenlight: "true"
## Bluesky
bluesky_administrator_email: "{{administrator_email}}"
bluesky_pds_version: "latest"
## Friendica
friendica_version: "latest"
## Funkwhale
funkwhale_version: "1.4.0"
## Gitea
gitea_version: "latest"
## Gitlab
gitlab_version: "latest"
## Joomla
joomla_version: "latest"
## Keycloak
keycloak_version: "latest"
keycloak_administrator_username: "{{administrator_username}}" # Administrator Username for Keycloak
### Keycloak Client Configuration
oidc_client_active: true # Implement OpenID Connect https://en.wikipedia.org/wiki/OpenID_Connect
oidc_client_id: "{{primary_domain}}"
@@ -60,86 +22,161 @@ oidc_client_user_info_url: "{{oidc_client_issuer_url}}/protocol/openid-co
oidc_client_logout_url: "{{oidc_client_issuer_url}}/protocol/openid-connect/logout"
# oidc_client_secret: "{{oidc_client_secret}}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible
## LDAP
ldap_lam_version: "latest"
ldap_openldap_version: "latest"
ldap_phpldapadmin_version: "2.0.0-dev" # @todo Attention: Change this as fast as released to latest
ldap_webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin
ldap_administrator_username: "{{administrator_username}}"
ldap_administrator_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons
ldap_administrator_database_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons
ldap_lam_administrator_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons
ldap_expose_to_internet: false # Set to true if you want to expose the LDAP port to the internet. Keep in mind to
ldap_network_enabled: false # Activate LDAP network for insecure communitation on localhot between different container instances. Set in vars/main.yml
ldap_network_enabled: false # Activate LDAP network for insecure communitation on localhot between different container instances. Set in vars/main.yml
## Listmonk
listmonk_admin_username: "{{administrator_username}}"
listmonk_public_api_activated: False # Security hole. Can be used for spaming
listmonk_version: "latest"
oauth2_proxy_upstream_application_and_port: "application:80" # The name of the application which the server redirects to. Needs to be defined in role vars.
oauth2_proxy_active: false
## MariaDB
mariadb_version: "latest"
defaults_applications:
## Matomo
matomo_version: "latest"
## Akaunting
akaunting:
version: "latest"
company_name: "{{primary_domain}}"
company_email: "{{administrator_email}}"
setup_admin_email: "{{administrator_email}}"
## Mastodon
mastodon_version: "latest"
mastodon_single_user_mode: false
## Attendize
attendize:
version: "latest"
## Matrix
matrix_administrator_username: "{{administrator_username}}" # Accountname of the matrix admin
matrix_playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start
matrix_role: "compose" # Role to setup Matrix. Valid values: ansible, compose
matrix_server_name: "{{primary_domain}}" # Adress for the account names etc.
matrix_synapse_version: "latest"
matrix_element_version: "latest"
## Baserow
baserow:
version: "latest"
## Mailu
mailu_version: "2024.06"
mailu_domain: "{{primary_domain}}"
mailu_subnet: "192.168.203.0/24"
## Big Blue Button
bigbluebutton:
enable_greenlight: "true"
## Moodle
moodle_site_name: "Global Learning Academy on {{primary_domain}}"
moodle_administrator_name: "{{administrator_username}}"
moodle_administrator_email: "{{administrator_email}}"
moodle_version: "latest"
## Bluesky
bluesky:
administrator_email: "{{administrator_email}}"
pds:
version: "latest"
## MyBB
mybb_version: "latest"
## Friendica
friendica:
version: "latest"
## Nextcloud
nextcloud_version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
## Funkwhale
funkwhale:
version: "1.4.0"
## OAuth2 Proxy
oauth2_configuration_file: "oauth2-proxy-keycloak.cfg"
oauth2_proxy_active: false # Needs to be set true in the roles which use it
oauth2_version: "latest"
oauth2_proxy_redirect_url: "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
# oauth2_proxy_port: >= 4180 # This ports should be defined in the roles. They are for the local mapping on the host and need to be defined in the playbook for transparancy.
oauth2_proxy_upstream_application_and_port: "application:80" # The name of the application which the server redirects to. Needs to be defined in role vars.
oauth2_proxy_allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups
#oauth2_proxy_cookie_secret: "{{oauth2_proxy_cookie_secret}}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16
## Gitea
gitea:
version: "latest"
## Peertube
peertube_version: "bookworm"
## Gitlab
gitlab:
version: "latest"
## PHPMyAdmin
phpmyadmin_version: "latest"
phpmyadmin_autologin: false # This is a high security risk. Just activate this option if you know what you're doing
## Joomla
joomla:
version: "latest"
## Pixelfed
pixelfed_app_name: "Pictures on {{primary_domain}}"
pixelfed_version: "latest"
## Keycloak
keycloak:
version: "latest"
administrator_username: "{{administrator_username}}" # Administrator Username for Keycloak
## Postgres
# Please set an version in your inventory file - Rolling release for postgres isn't recommended
postgres_database_version: "latest"
## LDAP
ldap:
lam:
version: "latest"
administrator_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons
openldap:
version: "latest"
expose_to_internet: false # Set to true if you want to expose the LDAP port to the internet. Keep in mind to
phpldapadmin:
version: "2.0.0-dev" # @todo Attention: Change this as fast as released to latest
webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin
administrator_username: "{{administrator_username}}"
administrator_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons
administrator_database_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons
## Taiga
taiga_version: "latest"
## Listmonk
listmonk:
administrator_username: "{{administrator_username}}"
public_api_activated: False # Security hole. Can be used for spaming
version: "latest"
## YOURLS
yourls_administrator_username: "{{administrator_username}}"
yourls_version: "latest"
## MariaDB
mariadb:
version: "latest"
## Matomo
matomo:
version: "latest"
## Mastodon
mastodon:
version: "latest"
single_user_mode: false
## Matrix
matrix:
administrator_username: "{{administrator_username}}" # Accountname of the matrix admin
playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start
role: "compose" # Role to setup Matrix. Valid values: ansible, compose
server_name: "{{primary_domain}}" # Adress for the account names etc.
synapse:
version: "latest"
element:
version: "latest"
## Mailu
mailu:
version: "2024.06"
domain: "{{primary_domain}}"
subnet: "192.168.203.0/24"
## Moodle
moodle:
site_titel: "Global Learning Academy on {{primary_domain}}"
administrator_name: "{{administrator_username}}"
administrator_email: "{{administrator_email}}"
version: "latest"
## MyBB
mybb:
version: "latest"
## Nextcloud
nextcloud:
version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
## OAuth2 Proxy
oauth2_proxy:
configuration_file: "oauth2-proxy-keycloak.cfg" # Needs to be set true in the roles which use it
version: "latest"
redirect_url: "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups
cookie_secret: "{{applications.oauth2_proxy.cookie_secret}}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16
## Peertube
peertube:
version: "bookworm"
## PHPMyAdmin
phpmyadmin:
version: "latest"
autologin: false # This is a high security risk. Just activate this option if you know what you're doing
## Pixelfed
pixelfed:
titel: "Pictures on {{primary_domain}}"
version: "latest"
## Postgres
# Please set an version in your inventory file - Rolling release for postgres isn't recommended
postgres:
database.version: "latest"
## Taiga
taiga:
version: "latest"
## YOURLS
yourls:
administrator_username: "{{administrator_username}}"
version: "latest"