kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-03-31 14:24:16 +02:00
Code Issues Packages Projects Releases Wiki Activity

Solved multiple bugs and propably produced 100 more.... Usual Nightshift...

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-02-21 03:53:27 +01:00
parent 5694023da8
commit bdeaf14285
15 changed files with 30 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
group_vars/all/07_applications.yml
View File

@ -60,8 +60,8 @@ defaults_applications:
## Funkwhale ## Funkwhale
funkwhale: funkwhale:
version: "1.4.0" version: "1.4.0"
ldap_enabled: True # Enables LDAP by default ldap_enabled: True # Enables LDAP by default
## Gitea ## Gitea
gitea: gitea:
@ -99,6 +99,7 @@ defaults_applications:
webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin
administrator_username: "{{administrator_username}}" administrator_username: "{{administrator_username}}"
ldap_enabled: True # Should have the same value as applications.ldap.openldap.network.local. ldap_enabled: True # Should have the same value as applications.ldap.openldap.network.local.
force_import: false # Forces the import of the LDIF files when set to true
oauth2_proxy: oauth2_proxy:
enabled: true # Activate the OAuth2 Proxy for the LDAP Webinterface enabled: true # Activate the OAuth2 Proxy for the LDAP Webinterface
application: lam # Needs to be the same as webinterface application: lam # Needs to be the same as webinterface
@ -122,9 +123,9 @@ defaults_applications:
# I don't know why the database deactivation is necessary # I don't know why the database deactivation is necessary
enable_central_database: False # Deactivate central database for mailu enable_central_database: False # Deactivate central database for mailu
credentials: credentials:
# secret_key: # Needs to be set in inventory file # secret_key: # Set to a randomly generated 16 bytes string
# database_password: # Needs to be set in inventory file # database_password: # Needs to be set in inventory file
# api_token: # Needs to be set in inventory file # api_token: # Configures the authentication token. The minimum length is 3 characters. This is a mandatory setting for using the RESTful API.
## MariaDB ## MariaDB
mariadb: mariadb:

2
roles/docker-ldap/handlers/main.yml
View File

@ -22,7 +22,7 @@
- name: "Import users, groups, etc. to LDAP" - name: "Import users, groups, etc. to LDAP"
shell: > shell: >
docker exec -i openldap ldapadd -x -D "{{ldap.dn.bind}}" -w "{{ldap.bind_credential}}" -c -f "{{ldif_docker_path}}/import/{{ item | basename | regex_replace('\\.j2$', '') }}" docker exec -i openldap ldapadd -x -D "{{ldap.dn.bind}}" -w "{{ldap.bind_credential}}" -c -f "{{ldif_docker_path}}import/{{ item | basename | regex_replace(r'\.j2$', '') }}"
register: ldapadd_result register: ldapadd_result
changed_when: "'adding new entry' in ldapadd_result.stdout" changed_when: "'adding new entry' in ldapadd_result.stdout"
# Allow return code 0 (all entries added) or 68 (entry already exists) # Allow return code 0 (all entries added) or 68 (entry already exists)

7
roles/docker-ldap/tasks/main.yml
View File

@ -27,9 +27,6 @@
ipam_config: ipam_config:
- subnet: "{{ networks.local.central_ldap.subnet }}" - subnet: "{{ networks.local.central_ldap.subnet }}"
- name: "copy docker-compose.yml and env file"
include_tasks: copy-docker-compose-and-env.yml
- name: "create {{docker_compose.directories.env}}phpldapadmin.env" - name: "create {{docker_compose.directories.env}}phpldapadmin.env"
template: template:
src: "phpldapadmin.env.j2" src: "phpldapadmin.env.j2"
@ -48,8 +45,8 @@
notify: docker compose project setup notify: docker compose project setup
when: applications.ldap.webinterface == 'lam' when: applications.ldap.webinterface == 'lam'
- name: flush docker service - name: "copy docker-compose.yml and env file"
meta: flush_handlers include_tasks: copy-docker-compose-and-env.yml
- name: "create directory {{ldif_host_path}}{{item}}" - name: "create directory {{ldif_host_path}}{{item}}"
file: file:

4
roles/docker-ldap/templates/docker-compose.yml.j2
View File

@ -10,14 +10,14 @@ services:
{% if applications.ldap.webinterface == 'lam' %} {% if applications.ldap.webinterface == 'lam' %}
image: ghcr.io/ldapaccountmanager/lam:{{applications.ldap.lam.version}} # Dies ist das Docker-Image für LAM image: ghcr.io/ldapaccountmanager/lam:{{applications.ldap.lam.version}} # Dies ist das Docker-Image für LAM
ports: ports:
- 127.0.0.1:{{http_port}}:80 - 127.0.0.1:{{ports.localhost.http.ldap}}:80
env_file: env_file:
- "{{docker_compose.directories.env}}lam.env" - "{{docker_compose.directories.env}}lam.env"
{% elif applications.ldap.webinterface == 'phpldapadmin' %} {% elif applications.ldap.webinterface == 'phpldapadmin' %}
image: leenooks/phpldapadmin:{{applications.ldap.phpldapadmin.version}} image: leenooks/phpldapadmin:{{applications.ldap.phpldapadmin.version}}
ports: ports:
- 127.0.0.1:{{http_port}}:8080 - 127.0.0.1:{{ports.localhost.http.ldap}}:8080
env_file: env_file:
- "{{docker_compose.directories.env}}phpldapadmin.env" - "{{docker_compose.directories.env}}phpldapadmin.env"
{% endif %} {% endif %}

2
roles/docker-mailu/templates/env.j2
View File

@ -1,6 +1,5 @@
# Mailu main configuration file # Mailu main configuration file
# #
# This file is autogenerated by the configuration management wizard for compose flavor.
# For a detailed list of configuration variables, see the documentation at # For a detailed list of configuration variables, see the documentation at
# https://mailu.io # https://mailu.io
@ -145,6 +144,7 @@ LOG_LEVEL=WARNING
SQLALCHEMY_DATABASE_URI_ROUNDCUBE=mysql://{{database_username}}:{{database_password}}@{{database_host}}/{{database_name}}?collation=utf8mb4_unicode_ci SQLALCHEMY_DATABASE_URI_ROUNDCUBE=mysql://{{database_username}}:{{database_password}}@{{database_host}}/{{database_name}}?collation=utf8mb4_unicode_ci
SQLALCHEMY_DATABASE_URI=mysql+mysqlconnector://{{database_username}}:{{database_password}}@{{database_host}}/{{database_name}}?collation=utf8mb4_unicode_ci SQLALCHEMY_DATABASE_URI=mysql+mysqlconnector://{{database_username}}:{{database_password}}@{{database_host}}/{{database_name}}?collation=utf8mb4_unicode_ci
# Configures the authentication token. The minimum length is 3 characters. This token must be passed as request header to the API as authentication token. This is a mandatory setting for using the RESTful API.
API_TOKEN={{applications.mailu.credentials.api_token}} API_TOKEN={{applications.mailu.credentials.api_token}}
# Activated https://mailu.io/master/configuration.html#advanced-settings # Activated https://mailu.io/master/configuration.html#advanced-settings

16
roles/docker-matomo/tasks/main.yml
View File

@ -1,20 +1,4 @@
--- ---
- name: check if matomo is up
uri:
url: "https://{{ domains.matomo }}/"
method: GET
return_content: yes
status_code: 200
validate_certs: yes
register: site_check
ignore_errors: yes
when: run_once_docker_matomo is not defined
- name: "Determine global_matomo_tracking_enabled based on current value and site reachability"
set_fact:
global_matomo_tracking_enabled: "{{ (global_matomo_tracking_enabled | bool) and (site_check is defined and site_check.status == 200) }}"
when: run_once_docker_matomo is not defined
- name: "include docker-central-database" - name: "include docker-central-database"
include_role: include_role:
name: docker-central-database name: docker-central-database

2
roles/docker-matomo/templates/docker-compose.yml.j2
View File

@ -6,7 +6,7 @@ services:
{% include 'roles/docker-compose/templates/services/base.yml.j2' %} {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
image: matomo:{{applications.matomo.version}} image: matomo:{{applications.matomo.version}}
ports: ports:
- "127.0.0.1:{{http_port}}:80" - "127.0.0.1:{{ports.localhost.http.matomo}}:80"
volumes: volumes:
- data:/var/www/html - data:/var/www/html
{% include 'templates/docker/container/depends-on-just-database.yml.j2' %} {% include 'templates/docker/container/depends-on-just-database.yml.j2' %}

7
roles/docker-matomo/vars/main.yml
View File

@ -2,7 +2,10 @@
application_id: "matomo" application_id: "matomo"
database_type: "mariadb" database_type: "mariadb"
database_password: "{{applications.matomo.database_password}}" database_password: "{{applications.matomo.database_password}}"
domain: "{{domains.matomo}}" # Don't know if this is still necessary
# Disable matomo tracking for matomo, because otherwise recursiv loading technics would be neccessary # I don't know if this is still necessary
domain: "{{domains.matomo}}"
# Disable matomo tracking, because otherwise recursiv loading technics would be neccessary
# This is the default value and it will be overwritten by set fact in main.yml
global_matomo_tracking_enabled: false global_matomo_tracking_enabled: false

5
roles/docker/README.md
View File

@ -21,8 +21,9 @@ docker volume rm $(docker volume ls -q -f "dangling=true")
docker stop $(docker ps -a -q) docker stop $(docker ps -a -q)
docker rm $(docker ps -a -q) docker rm $(docker ps -a -q)
docker network prune -f docker network prune -f
sudo iptables -t nat -F DOCKER systemctl stop docker
sudo iptables -t nat -F DOCKER-USER rm -fv /var/lib/docker/network/files/local-kv.db
systemctl start docker
``` ```
--- ---

5
tasks/copy-docker-compose-and-env.yml
View File

@ -14,7 +14,7 @@
notify: docker compose project setup notify: docker compose project setup
register: env_template register: env_template
- name: Check if docker compose has any running container and trigger setup if needed - name: "Check if any container is running in {{ docker_compose.directories.instance }}"
command: docker compose ps -q --filter status=running command: docker compose ps -q --filter status=running
args: args:
chdir: "{{ docker_compose.directories.instance }}" chdir: "{{ docker_compose.directories.instance }}"
@ -22,3 +22,6 @@
changed_when: (docker_ps.stdout | trim) == "" changed_when: (docker_ps.stdout | trim) == ""
notify: docker compose project setup notify: docker compose project setup
when: not (docker_compose_template.changed or env_template.changed) when: not (docker_compose_template.changed or env_template.changed)
- name: flush docker compose project setup
meta: flush_handlers

2
templates/docker/compose/networks.yml.j2
View File

@ -4,7 +4,7 @@ networks:
central_{{ database_type }}: central_{{ database_type }}:
external: true external: true
{% endif %} {% endif %}
{% if applications[application_id].ldap_enabled is defined and applications[application_id].ldap_enabled | bool and applications.ldap.openldap.network.local | bool %} {% if applications[application_id].ldap_enabled|default(false)|bool and applications.ldap.openldap.network.local|bool %}
central_ldap: central_ldap:
external: true external: true
{% endif %} {% endif %}

2
templates/docker/container/depends-on-also-database.yml.j2
View File

@ -1,4 +1,4 @@
# This template needs to be included in docker-compose.yml containers which depend on a database and additional containers {# This template needs to be included in docker-compose.yml containers which depend on a database and additional containers #}
depends_on: depends_on:
{% if not enable_central_database | bool %} {% if not enable_central_database | bool %}
database: database:

2
templates/docker/container/depends-on-database-redis.yml.j2
View File

@ -1,4 +1,4 @@
# This template needs to be included in docker-compose.yml containers, which depend on a database, redis and optional additional volumes {# This template needs to be included in docker-compose.yml containers, which depend on a database, redis and optional additional volumes #}
depends_on: depends_on:
{% if not enable_central_database | bool %} {% if not enable_central_database | bool %}
database: database:

2
templates/docker/container/depends-on-just-database.yml.j2
View File

@ -1,4 +1,4 @@
# This template needs to be included in docker-compose.yml containers, which just depend on a database {# This template needs to be included in docker-compose.yml containers, which just depend on a database #}
{% if not enable_central_database | bool %} {% if not enable_central_database | bool %}
depends_on: depends_on:
database: database:

4
templates/docker/container/networks.yml.j2
View File

@ -1,9 +1,9 @@
# This template needs to be included in docker-compose.yml containers {# This template needs to be included in docker-compose.yml containers #}
networks: networks:
{% if enable_central_database | bool and database_type is defined %} {% if enable_central_database | bool and database_type is defined %}
central_{{ database_type }}: central_{{ database_type }}:
{% endif %} {% endif %}
{% if applications[application_id].ldap_enabled is defined and applications[application_id].ldap_enabled | bool and applications.ldap.openldap.network.local | bool %} {% if applications[application_id].ldap_enabled|default(false)|bool and applications.ldap.openldap.network.local|bool %}
central_ldap: central_ldap:
{% endif %} {% endif %}
default: default: