From bdeaf14285e1f49bc6ab095c3139d18ccdfc801f Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Fri, 21 Feb 2025 03:53:27 +0100 Subject: [PATCH] Solved multiple bugs and propably produced 100 more.... Usual Nightshift... --- group_vars/all/07_applications.yml | 9 +++++---- roles/docker-ldap/handlers/main.yml | 2 +- roles/docker-ldap/tasks/main.yml | 7 ++----- .../docker-ldap/templates/docker-compose.yml.j2 | 4 ++-- roles/docker-mailu/templates/env.j2 | 2 +- roles/docker-matomo/tasks/main.yml | 16 ---------------- .../templates/docker-compose.yml.j2 | 2 +- roles/docker-matomo/vars/main.yml | 7 +++++-- roles/docker/README.md | 5 +++-- tasks/copy-docker-compose-and-env.yml | 5 ++++- templates/docker/compose/networks.yml.j2 | 2 +- .../container/depends-on-also-database.yml.j2 | 2 +- .../container/depends-on-database-redis.yml.j2 | 2 +- .../container/depends-on-just-database.yml.j2 | 2 +- templates/docker/container/networks.yml.j2 | 4 ++-- 15 files changed, 30 insertions(+), 41 deletions(-) diff --git a/group_vars/all/07_applications.yml b/group_vars/all/07_applications.yml index f9602f46..8eb153f9 100644 --- a/group_vars/all/07_applications.yml +++ b/group_vars/all/07_applications.yml @@ -60,8 +60,8 @@ defaults_applications: ## Funkwhale funkwhale: - version: "1.4.0" - ldap_enabled: True # Enables LDAP by default + version: "1.4.0" + ldap_enabled: True # Enables LDAP by default ## Gitea gitea: @@ -99,6 +99,7 @@ defaults_applications: webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin administrator_username: "{{administrator_username}}" ldap_enabled: True # Should have the same value as applications.ldap.openldap.network.local. + force_import: false # Forces the import of the LDIF files when set to true oauth2_proxy: enabled: true # Activate the OAuth2 Proxy for the LDAP Webinterface application: lam # Needs to be the same as webinterface @@ -122,9 +123,9 @@ defaults_applications: # I don't know why the database deactivation is necessary enable_central_database: False # Deactivate central database for mailu credentials: -# secret_key: # Needs to be set in inventory file +# secret_key: # Set to a randomly generated 16 bytes string # database_password: # Needs to be set in inventory file -# api_token: # Needs to be set in inventory file +# api_token: # Configures the authentication token. The minimum length is 3 characters. This is a mandatory setting for using the RESTful API. ## MariaDB mariadb: diff --git a/roles/docker-ldap/handlers/main.yml b/roles/docker-ldap/handlers/main.yml index 49c5a748..fa395db4 100644 --- a/roles/docker-ldap/handlers/main.yml +++ b/roles/docker-ldap/handlers/main.yml @@ -22,7 +22,7 @@ - name: "Import users, groups, etc. to LDAP" shell: > - docker exec -i openldap ldapadd -x -D "{{ldap.dn.bind}}" -w "{{ldap.bind_credential}}" -c -f "{{ldif_docker_path}}/import/{{ item | basename | regex_replace('\\.j2$', '') }}" + docker exec -i openldap ldapadd -x -D "{{ldap.dn.bind}}" -w "{{ldap.bind_credential}}" -c -f "{{ldif_docker_path}}import/{{ item | basename | regex_replace(r'\.j2$', '') }}" register: ldapadd_result changed_when: "'adding new entry' in ldapadd_result.stdout" # Allow return code 0 (all entries added) or 68 (entry already exists) diff --git a/roles/docker-ldap/tasks/main.yml b/roles/docker-ldap/tasks/main.yml index 1507a576..33810d02 100644 --- a/roles/docker-ldap/tasks/main.yml +++ b/roles/docker-ldap/tasks/main.yml @@ -27,9 +27,6 @@ ipam_config: - subnet: "{{ networks.local.central_ldap.subnet }}" -- name: "copy docker-compose.yml and env file" - include_tasks: copy-docker-compose-and-env.yml - - name: "create {{docker_compose.directories.env}}phpldapadmin.env" template: src: "phpldapadmin.env.j2" @@ -48,8 +45,8 @@ notify: docker compose project setup when: applications.ldap.webinterface == 'lam' -- name: flush docker service - meta: flush_handlers +- name: "copy docker-compose.yml and env file" + include_tasks: copy-docker-compose-and-env.yml - name: "create directory {{ldif_host_path}}{{item}}" file: diff --git a/roles/docker-ldap/templates/docker-compose.yml.j2 b/roles/docker-ldap/templates/docker-compose.yml.j2 index f6486910..12c35b8b 100644 --- a/roles/docker-ldap/templates/docker-compose.yml.j2 +++ b/roles/docker-ldap/templates/docker-compose.yml.j2 @@ -10,14 +10,14 @@ services: {% if applications.ldap.webinterface == 'lam' %} image: ghcr.io/ldapaccountmanager/lam:{{applications.ldap.lam.version}} # Dies ist das Docker-Image für LAM ports: - - 127.0.0.1:{{http_port}}:80 + - 127.0.0.1:{{ports.localhost.http.ldap}}:80 env_file: - "{{docker_compose.directories.env}}lam.env" {% elif applications.ldap.webinterface == 'phpldapadmin' %} image: leenooks/phpldapadmin:{{applications.ldap.phpldapadmin.version}} ports: - - 127.0.0.1:{{http_port}}:8080 + - 127.0.0.1:{{ports.localhost.http.ldap}}:8080 env_file: - "{{docker_compose.directories.env}}phpldapadmin.env" {% endif %} diff --git a/roles/docker-mailu/templates/env.j2 b/roles/docker-mailu/templates/env.j2 index f4438176..19348d22 100644 --- a/roles/docker-mailu/templates/env.j2 +++ b/roles/docker-mailu/templates/env.j2 @@ -1,6 +1,5 @@ # Mailu main configuration file # -# This file is autogenerated by the configuration management wizard for compose flavor. # For a detailed list of configuration variables, see the documentation at # https://mailu.io @@ -145,6 +144,7 @@ LOG_LEVEL=WARNING SQLALCHEMY_DATABASE_URI_ROUNDCUBE=mysql://{{database_username}}:{{database_password}}@{{database_host}}/{{database_name}}?collation=utf8mb4_unicode_ci SQLALCHEMY_DATABASE_URI=mysql+mysqlconnector://{{database_username}}:{{database_password}}@{{database_host}}/{{database_name}}?collation=utf8mb4_unicode_ci +# Configures the authentication token. The minimum length is 3 characters. This token must be passed as request header to the API as authentication token. This is a mandatory setting for using the RESTful API. API_TOKEN={{applications.mailu.credentials.api_token}} # Activated https://mailu.io/master/configuration.html#advanced-settings diff --git a/roles/docker-matomo/tasks/main.yml b/roles/docker-matomo/tasks/main.yml index df371fad..0adb05da 100644 --- a/roles/docker-matomo/tasks/main.yml +++ b/roles/docker-matomo/tasks/main.yml @@ -1,20 +1,4 @@ --- -- name: check if matomo is up - uri: - url: "https://{{ domains.matomo }}/" - method: GET - return_content: yes - status_code: 200 - validate_certs: yes - register: site_check - ignore_errors: yes - when: run_once_docker_matomo is not defined - -- name: "Determine global_matomo_tracking_enabled based on current value and site reachability" - set_fact: - global_matomo_tracking_enabled: "{{ (global_matomo_tracking_enabled | bool) and (site_check is defined and site_check.status == 200) }}" - when: run_once_docker_matomo is not defined - - name: "include docker-central-database" include_role: name: docker-central-database diff --git a/roles/docker-matomo/templates/docker-compose.yml.j2 b/roles/docker-matomo/templates/docker-compose.yml.j2 index 5e21faab..5c13ed12 100644 --- a/roles/docker-matomo/templates/docker-compose.yml.j2 +++ b/roles/docker-matomo/templates/docker-compose.yml.j2 @@ -6,7 +6,7 @@ services: {% include 'roles/docker-compose/templates/services/base.yml.j2' %} image: matomo:{{applications.matomo.version}} ports: - - "127.0.0.1:{{http_port}}:80" + - "127.0.0.1:{{ports.localhost.http.matomo}}:80" volumes: - data:/var/www/html {% include 'templates/docker/container/depends-on-just-database.yml.j2' %} diff --git a/roles/docker-matomo/vars/main.yml b/roles/docker-matomo/vars/main.yml index c43197f9..835e99e6 100644 --- a/roles/docker-matomo/vars/main.yml +++ b/roles/docker-matomo/vars/main.yml @@ -2,7 +2,10 @@ application_id: "matomo" database_type: "mariadb" database_password: "{{applications.matomo.database_password}}" -domain: "{{domains.matomo}}" # Don't know if this is still necessary -# Disable matomo tracking for matomo, because otherwise recursiv loading technics would be neccessary +# I don't know if this is still necessary +domain: "{{domains.matomo}}" + +# Disable matomo tracking, because otherwise recursiv loading technics would be neccessary +# This is the default value and it will be overwritten by set fact in main.yml global_matomo_tracking_enabled: false \ No newline at end of file diff --git a/roles/docker/README.md b/roles/docker/README.md index d768f49f..c3b28719 100644 --- a/roles/docker/README.md +++ b/roles/docker/README.md @@ -21,8 +21,9 @@ docker volume rm $(docker volume ls -q -f "dangling=true") docker stop $(docker ps -a -q) docker rm $(docker ps -a -q) docker network prune -f -sudo iptables -t nat -F DOCKER -sudo iptables -t nat -F DOCKER-USER +systemctl stop docker +rm -fv /var/lib/docker/network/files/local-kv.db +systemctl start docker ``` --- diff --git a/tasks/copy-docker-compose-and-env.yml b/tasks/copy-docker-compose-and-env.yml index e8ac5620..de4f1c98 100644 --- a/tasks/copy-docker-compose-and-env.yml +++ b/tasks/copy-docker-compose-and-env.yml @@ -14,7 +14,7 @@ notify: docker compose project setup register: env_template -- name: Check if docker compose has any running container and trigger setup if needed +- name: "Check if any container is running in {{ docker_compose.directories.instance }}" command: docker compose ps -q --filter status=running args: chdir: "{{ docker_compose.directories.instance }}" @@ -22,3 +22,6 @@ changed_when: (docker_ps.stdout | trim) == "" notify: docker compose project setup when: not (docker_compose_template.changed or env_template.changed) + +- name: flush docker compose project setup + meta: flush_handlers diff --git a/templates/docker/compose/networks.yml.j2 b/templates/docker/compose/networks.yml.j2 index df32a43d..fe8e681b 100644 --- a/templates/docker/compose/networks.yml.j2 +++ b/templates/docker/compose/networks.yml.j2 @@ -4,7 +4,7 @@ networks: central_{{ database_type }}: external: true {% endif %} -{% if applications[application_id].ldap_enabled is defined and applications[application_id].ldap_enabled | bool and applications.ldap.openldap.network.local | bool %} +{% if applications[application_id].ldap_enabled|default(false)|bool and applications.ldap.openldap.network.local|bool %} central_ldap: external: true {% endif %} diff --git a/templates/docker/container/depends-on-also-database.yml.j2 b/templates/docker/container/depends-on-also-database.yml.j2 index 98e7356e..9f239b43 100644 --- a/templates/docker/container/depends-on-also-database.yml.j2 +++ b/templates/docker/container/depends-on-also-database.yml.j2 @@ -1,4 +1,4 @@ -# This template needs to be included in docker-compose.yml containers which depend on a database and additional containers +{# This template needs to be included in docker-compose.yml containers which depend on a database and additional containers #} depends_on: {% if not enable_central_database | bool %} database: diff --git a/templates/docker/container/depends-on-database-redis.yml.j2 b/templates/docker/container/depends-on-database-redis.yml.j2 index b770de7b..60f39d04 100644 --- a/templates/docker/container/depends-on-database-redis.yml.j2 +++ b/templates/docker/container/depends-on-database-redis.yml.j2 @@ -1,4 +1,4 @@ -# This template needs to be included in docker-compose.yml containers, which depend on a database, redis and optional additional volumes +{# This template needs to be included in docker-compose.yml containers, which depend on a database, redis and optional additional volumes #} depends_on: {% if not enable_central_database | bool %} database: diff --git a/templates/docker/container/depends-on-just-database.yml.j2 b/templates/docker/container/depends-on-just-database.yml.j2 index fa23fa93..9c2dc9ea 100644 --- a/templates/docker/container/depends-on-just-database.yml.j2 +++ b/templates/docker/container/depends-on-just-database.yml.j2 @@ -1,4 +1,4 @@ -# This template needs to be included in docker-compose.yml containers, which just depend on a database +{# This template needs to be included in docker-compose.yml containers, which just depend on a database #} {% if not enable_central_database | bool %} depends_on: database: diff --git a/templates/docker/container/networks.yml.j2 b/templates/docker/container/networks.yml.j2 index 09764bf6..f0bdd9a1 100644 --- a/templates/docker/container/networks.yml.j2 +++ b/templates/docker/container/networks.yml.j2 @@ -1,9 +1,9 @@ -# This template needs to be included in docker-compose.yml containers +{# This template needs to be included in docker-compose.yml containers #} networks: {% if enable_central_database | bool and database_type is defined %} central_{{ database_type }}: {% endif %} -{% if applications[application_id].ldap_enabled is defined and applications[application_id].ldap_enabled | bool and applications.ldap.openldap.network.local | bool %} +{% if applications[application_id].ldap_enabled|default(false)|bool and applications.ldap.openldap.network.local|bool %} central_ldap: {% endif %} default: