diff --git a/03_SECURITY_GUIDELINES.md b/03_SECURITY_GUIDELINES.md index 649d6628..64761e3a 100644 --- a/03_SECURITY_GUIDELINES.md +++ b/03_SECURITY_GUIDELINES.md @@ -23,6 +23,7 @@ For optimal personal security, we **strongly recommend** the following: Following these guidelines will significantly enhance your personal security—but remember, no system is completely immune to risk. +A tutorial how to setup secure password management you will find [here](https://blog.veen.world/blog/2025/04/04/%f0%9f%9b%a1%ef%b8%8f-keepassxc-cymais-cloud-the-ultimate-guide-to-cross-device-password-security/) --- ## For Administrators diff --git a/group_vars/all/07_applications.yml b/group_vars/all/07_applications.yml index 875af748..e038f68a 100644 --- a/group_vars/all/07_applications.yml +++ b/group_vars/all/07_applications.yml @@ -623,9 +623,11 @@ defaults_applications: ## PgAdmin pgadmin: - version: "latest" - default_email: "{{ users.administrator.email }}" # Initial login email address - default_password: "{{ users.administrator.initial_password }}" # Initial login password – should be overridden in inventory for security + version: "latest" + users: + administrator: + email: "{{ users.administrator.email }}" # Initial login email address + password: "{{ users.administrator.initial_password }}" # Initial login password – should be overridden in inventory for security oauth2_proxy: enabled: true # Enable OAuth2 proxy for authentication application: "application" diff --git a/roles/docker-nextcloud/README.md b/roles/docker-nextcloud/README.md index e2a5d635..b249387e 100644 --- a/roles/docker-nextcloud/README.md +++ b/roles/docker-nextcloud/README.md @@ -12,6 +12,10 @@ The role ensures consistent deployments, full automation, and secure configurati To automate the deployment of **secure, extensible, and production-ready Nextcloud instances** using Docker and Ansible. +## User Guide + +The Nextcloud User Guide you will find [here](https://docs.nextcloud.com/server/latest/user_manual/en/). + ## Features - Dockerized Nextcloud (PHP-FPM, Nginx, Cron, Redis) diff --git a/roles/docker-oauth2-proxy/Setup.md b/roles/docker-oauth2-proxy/Setup.md new file mode 100644 index 00000000..017d6364 --- /dev/null +++ b/roles/docker-oauth2-proxy/Setup.md @@ -0,0 +1,9 @@ +# Setup + +## Cookie Secret + +To generate a cookie secret execute: + +```bash +ansible-vault encrypt_string "$(openssl rand -hex 16)" +``` \ No newline at end of file diff --git a/roles/docker-pgadmin/templates/env.j2 b/roles/docker-pgadmin/templates/env.j2 index c1e116eb..dc9a84ea 100644 --- a/roles/docker-pgadmin/templates/env.j2 +++ b/roles/docker-pgadmin/templates/env.j2 @@ -1,5 +1,5 @@ -# Configuration @see https://hub.docker.com/r/dpage/pgadmin4 +# Configuration @see https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html -PGADMIN_DEFAULT_EMAIL={{ applications.pgadmin.default_email }} -PGADMIN_DEFAULT_PASSWORD={{ applications.pgadmin.default_password }} +PGADMIN_DEFAULT_EMAIL={{ applications[application_id].users.administrator.email }} +PGADMIN_DEFAULT_PASSWORD={{ applications.[application_id].users.administrator.password }} PGADMIN_DISABLE_POSTFIX=True \ No newline at end of file diff --git a/roles/docker-phpmyadmin/templates/env.j2 b/roles/docker-phpmyadmin/templates/env.j2 index b905e22f..a07f1e22 100644 --- a/roles/docker-phpmyadmin/templates/env.j2 +++ b/roles/docker-phpmyadmin/templates/env.j2 @@ -1,7 +1,7 @@ # Configuration @see https://hub.docker.com/_/phpmyadmin PMA_HOST= central-mariadb -{% if applications.phpmyadmin.autologin | bool %} +{% if applications.[application_id].autologin | bool %} PMA_USER= root PMA_PASSWORD= "{{central_mariadb_root_password}}" {% endif %} \ No newline at end of file