From cb6fbba8f41f2d918078d38c228eda59c71214e9 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Wed, 2 Jul 2025 15:08:42 +0200 Subject: [PATCH] Added new user generation script and optimized mail config --- Makefile | 6 + cli/generate_users.py | 163 ++++++++++++++++++ group_vars/all/.gitignore | 3 +- group_vars/all/02_system_email.yml | 2 +- group_vars/all/10_users.yml | 154 +++++------------ roles/docker-akaunting/vars/configuration.yml | 4 +- roles/docker-bluesky/vars/configuration.yml | 2 +- roles/docker-compose/vars/configuration.yml | 4 + roles/docker-compose/vars/main.yml | 0 .../templates/discourse_application.yml.j2 | 6 +- roles/docker-espocrm/meta/main.yml | 3 +- roles/docker-espocrm/templates/env.j2 | 8 +- roles/docker-espocrm/vars/configuration.yml | 10 +- roles/docker-friendica/templates/env.j2 | 4 +- roles/docker-keycloak/vars/configuration.yml | 2 +- roles/docker-ldap/vars/configuration.yml | 2 +- roles/docker-listmonk/vars/configuration.yml | 6 +- roles/docker-mailu/vars/configuration.yml | 2 +- .../tasks/create-administrator.yml | 2 +- .../templates/vars.yml.j2 | 2 +- .../templates/synapse/homeserver.yaml.j2 | 2 +- roles/docker-matrix/vars/configuration.yml | 3 +- roles/docker-moodle/vars/configuration.yml | 3 +- roles/docker-nextcloud/templates/env.j2 | 2 +- roles/docker-nextcloud/vars/configuration.yml | 4 +- roles/docker-pgadmin/vars/configuration.yml | 2 +- roles/docker-wordpress/vars/configuration.yml | 4 +- roles/docker-yourls/vars/configuration.yml | 2 +- roles/nginx/vars/configuration.yml | 7 + .../templates/systemd-notifier-email.sh.j2 | 2 +- .../user-administrator/vars/configuration.yml | 9 + 31 files changed, 281 insertions(+), 144 deletions(-) create mode 100644 cli/generate_users.py create mode 100644 roles/docker-compose/vars/configuration.yml create mode 100644 roles/docker-compose/vars/main.yml create mode 100644 roles/nginx/vars/configuration.yml create mode 100644 roles/user-administrator/vars/configuration.yml diff --git a/Makefile b/Makefile index 410513e4..3cd3b915 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,8 @@ ROLES_DIR := ./roles APPLICATIONS_OUT := ./group_vars/all/03_applications.yml APPLICATIONS_SCRIPT := ./cli/generate-applications-defaults.py +USERS_OUT := ./group_vars/all/10_users.yml +USERS_SCRIPT := ./cli/generate_users.py INCLUDES_OUT := ./tasks/utils/docker-roles.yml INCLUDES_SCRIPT := ./cli/generate_playbook.py @@ -11,6 +13,10 @@ build: @mkdir -p $(dir $(APPLICATIONS_OUT)) python3 $(APPLICATIONS_SCRIPT) --roles-dir $(ROLES_DIR) --output-file $(APPLICATIONS_OUT) @echo "✅ Applications defaults written to $(APPLICATIONS_OUT)\n" + @echo "🔧 Generating users defaults → $(USERS_OUT) from roles in $(ROLES_DIR)…" + @mkdir -p $(dir $(USERS_OUT)) + python3 $(USERS_SCRIPT) --roles-dir $(ROLES_DIR) --output $(USERS_OUT) + @echo "✅ Users defaults written to $(USERS_OUT)\n" @echo "🔧 Generating Docker role includes → $(INCLUDES_OUT)…" @mkdir -p $(dir $(INCLUDES_OUT)) python3 $(INCLUDES_SCRIPT) $(ROLES_DIR) -o $(INCLUDES_OUT) -p docker- diff --git a/cli/generate_users.py b/cli/generate_users.py new file mode 100644 index 00000000..300e5404 --- /dev/null +++ b/cli/generate_users.py @@ -0,0 +1,163 @@ +#!/usr/bin/env python3 +import os +import sys +import argparse +import yaml +import glob +from collections import OrderedDict + + +def build_users(defs, primary_domain, start_id, become_pwd): + """ + Build user entries with auto-incremented uid/gid and default username/email. + + Args: + defs (OrderedDict): Keys are user IDs, values are dicts with optional overrides. + primary_domain (str): e.g., 'example.com'. + start_id (int): Starting uid/gid (e.g., 1001). + become_pwd (str): Password string for all users. + + Returns: + OrderedDict: Merged user definitions with full fields. + """ + users = OrderedDict() + next_id = start_id + + for key, overrides in defs.items(): + username = overrides.get('username', key) + email = overrides.get('email', f"{username}@{primary_domain}") + uid = overrides.get('uid', next_id) + gid = overrides.get('gid', next_id) + is_admin = overrides.get('is_admin', False) + + entry = { + 'username': username, + 'email': email, + 'password': become_pwd, + 'uid': uid, + 'gid': gid + } + if is_admin: + entry['is_admin'] = True + + users[key] = entry + next_id += 1 + + return users + + +def load_user_defs(roles_dir): + """ + Scan all roles/*/vars/configuration.yml files and extract 'users:' sections. + + Raises an exception if conflicting definitions are found. + + Args: + roles_dir (str): Path to the directory containing role subdirectories. + + Returns: + OrderedDict: Merged user definitions. + + Raises: + ValueError: On invalid format or conflicting field values. + """ + pattern = os.path.join(roles_dir, '*/vars/configuration.yml') + files = sorted(glob.glob(pattern)) + merged = OrderedDict() + + for filepath in files: + with open(filepath, 'r') as f: + data = yaml.safe_load(f) or {} + users = data.get('users', {}) + if not isinstance(users, dict): + continue + + for key, overrides in users.items(): + if not isinstance(overrides, dict): + raise ValueError(f"Invalid definition for user '{key}' in {filepath}") + + if key not in merged: + merged[key] = overrides.copy() + else: + existing = merged[key] + for field, value in overrides.items(): + if field in existing and existing[field] != value: + raise ValueError( + f"Conflict for user '{key}': field '{field}' has existing value " + f"'{existing[field]}', tried to set '{value}' in {filepath}" + ) + existing.update(overrides) + + return merged + + +def dictify(data): + """ + Recursively convert OrderedDict to regular dict before YAML dump. + """ + if isinstance(data, OrderedDict): + return {k: dictify(v) for k, v in data.items()} + if isinstance(data, dict): + return {k: dictify(v) for k, v in data.items()} + if isinstance(data, list): + return [dictify(v) for v in data] + return data + + +def parse_args(): + parser = argparse.ArgumentParser( + description='Generate a users.yml by merging all roles/*/vars/configuration.yml users sections.' + ) + parser.add_argument( + '--roles-dir', '-r', required=True, + help='Directory containing roles (e.g., roles/*/vars/configuration.yml).' + ) + parser.add_argument( + '--output', '-o', required=True, + help='Path to the output YAML file (e.g., users.yml).' + ) + parser.add_argument( + '--start-id', '-s', type=int, default=1001, + help='Starting uid/gid number (default: 1001).' + ) + return parser.parse_args() + + +def main(): + args = parse_args() + primary_domain = '{{ primary_domain }}' + become_pwd = '{{ ansible_become_password }}' + + try: + user_defs = load_user_defs(args.roles_dir) + except ValueError as e: + print(f"Error merging user definitions: {e}", file=sys.stderr) + sys.exit(1) + + users = build_users( + defs=user_defs, + primary_domain=primary_domain, + start_id=args.start_id, + become_pwd=become_pwd + ) + + default_users = {'default_users': users} + plain_data = dictify(default_users) + + # Ensure strings are represented without Python-specific tags + yaml.SafeDumper.add_representer( + str, + lambda dumper, data: dumper.represent_scalar('tag:yaml.org,2002:str', data) + ) + + with open(args.output, 'w') as f: + yaml.safe_dump( + plain_data, + f, + default_flow_style=False, + sort_keys=False, + width=120 + ) + +if __name__ == '__main__': + main() diff --git a/group_vars/all/.gitignore b/group_vars/all/.gitignore index 85577219..5d3b91ba 100644 --- a/group_vars/all/.gitignore +++ b/group_vars/all/.gitignore @@ -1 +1,2 @@ -*_applications.yml \ No newline at end of file +*_applications.yml +*_users.yml \ No newline at end of file diff --git a/group_vars/all/02_system_email.yml b/group_vars/all/02_system_email.yml index a648dd61..8a30665c 100644 --- a/group_vars/all/02_system_email.yml +++ b/group_vars/all/02_system_email.yml @@ -3,7 +3,7 @@ default_system_email: domain: "{{primary_domain}}" host: "mail.{{primary_domain}}" port: 465 - tls: true + tls: true # true for TLS and false for SSL start_tls: false smtp: true # password: # Needs to be defined in inventory file \ No newline at end of file diff --git a/group_vars/all/10_users.yml b/group_vars/all/10_users.yml index 7b4ef2d9..a57fc1cf 100644 --- a/group_vars/all/10_users.yml +++ b/group_vars/all/10_users.yml @@ -1,110 +1,50 @@ -# Helper Variables - -# Helper Variables for administrator -_users_administrator_username: "{{ users.administrator.username | default('administrator') }}" -_users_administrator_email: "{{ users.administrator.email | default(_users_administrator_username ~ '@' ~ primary_domain) }}" - -# Helper Variables for bounce -_users_bounce_username: "{{ users.bounce.username | default('bounce') }}" -_users_bounce_email: "{{ users.bounce.email | default(_users_bounce_username ~ '@' ~ primary_domain) }}" - -# Helper Variables for no-reply -_users_no_reply_username: "{{ users['no-reply'].username | default('no-reply') }}" -_users_no_reply_email: "{{ users['no-reply'].email | default(_users_no_reply_username ~ '@' ~ primary_domain) }}" - -# Helper Variables for blackhole -_users_blackhole_username: "{{ users.blackhole.username | default('no-reply') }}" -_users_blackhole_email: "{{ users.blackhole.email | default(_users_blackhole_username ~ '@' ~ primary_domain) }}" - -# Helper Variables for contact user -_users_contact_username: "{{ users.contact.username | default('contact') }}" -_users_contact_email: "{{ users.contact.email | default(_users_contact_username ~ '@' ~ primary_domain) }}" - -# Helper Variables for support -_users_support_username: "{{ users.support.username | default('support') }}" -_users_support_email: "{{ users.support.email | default(_users_support_username ~ '@' ~ primary_domain) }}" - -# Helper Variables for helpdesk -_users_helpdesk_username: "{{ users.helpdesk.username | default('helpdesk') }}" -_users_helpdesk_email: "{{ users.helpdesk.email | default(_users_helpdesk_username ~ '@' ~ primary_domain) }}" - -# Extract SLD and TLD from primary_domain -_users_sld_username: "{{ primary_domain.split('.')[0] }}" -_users_sld_email: "{{ _users_sld_username ~ '@' ~ primary_domain }}" - -_users_tld_username: "{{ primary_domain.split('.')[-1] }}" -_users_tld_email: "{{ _users_tld_username ~ '@' ~ primary_domain }}" - -# Administrator default_users: - - # Credentials will be used as administration credentials for all applications and the system administrator: - username: "{{_users_administrator_username}}" # Username of the administrator - email: "{{_users_administrator_email}}" # Email of the administrator - password: "{{ansible_become_password}}" # Example initialisation password needs to be set in inventory file - uid: 1001 # Posix User ID - gid: 1001 # Posix Group ID - is_admin: true # Define as admin user - - # Account for Newsletter bouncing - bounce: - username: "{{ _users_bounce_username }}" # Bounce-handler account username - email: "{{ _users_bounce_email }}" # Email address for handling bounces - password: "{{ansible_become_password}}" # Example initialisation password needs to be set in inventory file - uid: 1002 # Posix User ID for bounce - gid: 1002 # Posix Group ID for bounce - - # User to send System Emails from - no-reply: - username: "{{ _users_no_reply_username }}" # No-reply account username - email: "{{ _users_no_reply_email }}" # Email address for outgoing no-reply mails - password: "{{ansible_become_password}}" # Example initialisation password needs to be set in inventory file - uid: 1003 # Posix User ID for no-reply - gid: 1003 # Posix Group ID for no-reply - - # Emails etc, what you send to this user will be forgetten + username: administrator + email: administrator@{{ primary_domain }} + password: '{{ ansible_become_password }}' + uid: 1001 + gid: 1001 + is_admin: true blackhole: - username: "{{ _users_blackhole_username }}" # Blackhole account username - email: "{{ _users_blackhole_email }}" # Email address to which emails can be send which well be forgetten - password: "{{ansible_become_password}}" # Example initialisation password needs to be set in inventory file - uid: 1004 # Posix User ID for bounce - gid: 1004 # Posix Group ID for bounce - - # The contact user account which clients and plattform users can contact - contact: - username: "{{ _users_contact_username }}" # Contact account username - email: "{{ _users_contact_email }}" # Email address to which initial contacct emails can be send - password: "{{ansible_become_password}}" # Example initialisation password needs to be set in inventory file - uid: 1005 # Posix User ID for bounce - gid: 1005 # Posix Group ID for bounce - - # Support and Helpdesk accounts - support: - username: "{{ _users_support_username }}" # Support account username - email: "{{ _users_support_email }}" # Email for customer and platform support communication - password: "{{ ansible_become_password }}" # Example initialisation password needs to be set in inventory file - uid: 1006 # Posix User ID for support - gid: 1006 # Posix Group ID for support - - helpdesk: - username: "{{ _users_helpdesk_username }}" # Helpdesk account username - email: "{{ _users_helpdesk_email }}" # Email for internal technical helpdesk communication - password: "{{ ansible_become_password }}" # Example initialisation password needs to be set in inventory file - uid: 1007 # Posix User ID for helpdesk - gid: 1007 # Posix Group ID for helpdesk - - sld_user: - username: "{{ _users_sld_username }}" # Username based on SLD of the primary domain - email: "{{ _users_sld_email }}" # Email address with SLD username - password: "{{ ansible_become_password }}" # Init password from inventory - uid: 1008 - gid: 1008 - - tld_user: - username: "{{ _users_tld_username }}" # Username based on TLD of the primary domain - email: "{{ _users_tld_email }}" # Email address with TLD username - password: "{{ ansible_become_password }}" # Init password from inventory - uid: 1009 - gid: 1009 - + username: blackhole + email: blackhole@{{ primary_domain }} + password: '{{ ansible_become_password }}' + uid: 1002 + gid: 1002 + crm: + username: contact + email: contact@{{ primary_domain }} + password: '{{ ansible_become_password }}' + uid: 1003 + gid: 1003 + bounce: + username: bounce + email: bounce@{{ primary_domain }} + password: '{{ ansible_become_password }}' + uid: 1004 + gid: 1004 + newsletter: + username: newsletter + email: newsletter@{{ primary_domain }} + password: '{{ ansible_become_password }}' + uid: 1005 + gid: 1005 + no-reply: + username: no-reply + email: no-reply@{{ primary_domain }} + password: '{{ ansible_become_password }}' + uid: 1006 + gid: 1006 + sld: + username: '{{ primary_domain.split(''.'')[0] }}' + email: '{{ primary_domain.split(''.'')[0] }}@{{ primary_domain }}' + password: '{{ ansible_become_password }}' + uid: 1007 + gid: 1007 + tld: + username: '{{ primary_domain.split(''.'')[1] }}' + email: '{{ primary_domain.split(''.'')[1] }}@{{ primary_domain }}' + password: '{{ ansible_become_password }}' + uid: 1008 + gid: 1008 diff --git a/roles/docker-akaunting/vars/configuration.yml b/roles/docker-akaunting/vars/configuration.yml index 8a669b93..6b9ef3b9 100644 --- a/roles/docker-akaunting/vars/configuration.yml +++ b/roles/docker-akaunting/vars/configuration.yml @@ -1,8 +1,8 @@ images: akaunting: "docker.io/akaunting/akaunting:latest" company_name: "{{primary_domain}}" -company_email: "{{users.administrator.email}}" -setup_admin_email: "{{users.administrator.email}}" +company_email: "{{ users.administrator.email }}" +setup_admin_email: "{{ users.administrator.email }}" features: matomo: true css: true diff --git a/roles/docker-bluesky/vars/configuration.yml b/roles/docker-bluesky/vars/configuration.yml index 43dd0ea3..a25d6c80 100644 --- a/roles/docker-bluesky/vars/configuration.yml +++ b/roles/docker-bluesky/vars/configuration.yml @@ -1,6 +1,6 @@ users: administrator: - email: "{{users.administrator.email}}" + email: "administrator@{{ primary_domain }}" images: pds: "ghcr.io/bluesky-social/pds:latest" pds: diff --git a/roles/docker-compose/vars/configuration.yml b/roles/docker-compose/vars/configuration.yml new file mode 100644 index 00000000..58b66249 --- /dev/null +++ b/roles/docker-compose/vars/configuration.yml @@ -0,0 +1,4 @@ +users: + blackhole: + description: "Everything what will be send to this user will disapear" + username: "blackhole" \ No newline at end of file diff --git a/roles/docker-compose/vars/main.yml b/roles/docker-compose/vars/main.yml new file mode 100644 index 00000000..e69de29b diff --git a/roles/docker-discourse/templates/discourse_application.yml.j2 b/roles/docker-discourse/templates/discourse_application.yml.j2 index e314a71c..acecd68d 100644 --- a/roles/docker-discourse/templates/discourse_application.yml.j2 +++ b/roles/docker-discourse/templates/discourse_application.yml.j2 @@ -48,7 +48,7 @@ env: #DOCKER_USE_HOSTNAME: true ## on initial signup example 'user1@example.com,user2@example.com' - DISCOURSE_DEVELOPER_EMAILS: {{users.administrator.email}} + DISCOURSE_DEVELOPER_EMAILS: {{ users.administrator.email }} # Set Logo {% if service_provider.platform.logo | bool %} @@ -135,8 +135,8 @@ run: - exec: rails r "SiteSetting.username_change_period = 0" # Deactivate changing of username # Activate Administrator User - #- exec: printf '{{users.administrator.email}}\n{{users.administrator.password}}\n{{users.administrator.password}}\nY\n' | rake admin:create - #- exec: rails r "User.find_by_email('{{users.administrator.email}}').update(username: '{{users.administrator.username}}')" + #- exec: printf '{{ users.administrator.email }}\n{{users.administrator.password}}\n{{users.administrator.password}}\nY\n' | rake admin:create + #- exec: rails r "User.find_by_email('{{ users.administrator.email }}').update(username: '{{users.administrator.username}}')" # The following code is just an inspiration, how to connect with the oidc account. as long as this is not set the admini account needs to be manually connected with oidc # docker exec -it discourse_application rails runner "user = User.find_by_email('test@cymais.cloud'); UserAuth.create(user_id: user.id, provider: 'oidc', uid: 'eindeutige_oidc_id', info: { name: user.username, email: user.email })" diff --git a/roles/docker-espocrm/meta/main.yml b/roles/docker-espocrm/meta/main.yml index 71515b5f..e4144c59 100644 --- a/roles/docker-espocrm/meta/main.yml +++ b/roles/docker-espocrm/meta/main.yml @@ -20,4 +20,5 @@ galaxy_info: logo: class: "fa-solid fa-phone" run_after: - - docker-keycloak \ No newline at end of file + - docker-keycloak + - docker-mailu \ No newline at end of file diff --git a/roles/docker-espocrm/templates/env.j2 b/roles/docker-espocrm/templates/env.j2 index 45bd67a4..404c89f2 100644 --- a/roles/docker-espocrm/templates/env.j2 +++ b/roles/docker-espocrm/templates/env.j2 @@ -50,12 +50,12 @@ ESPOCRM_CONFIG_LOGGER_ROTATION=false # ------------------------------------------------ ESPOCRM_CONFIG_SMTP_SERVER={{ system_email.host }} ESPOCRM_CONFIG_SMTP_PORT={{ system_email.port }} -ESPOCRM_CONFIG_SMTP_SECURITY=TLS +ESPOCRM_CONFIG_SMTP_SECURITY={{ "TLS" if system_email.start_tls else "SSL"}} ESPOCRM_CONFIG_SMTP_AUTH=true -ESPOCRM_CONFIG_SMTP_USERNAME={{ users['no-reply'].email }} -ESPOCRM_CONFIG_SMTP_PASSWORD={{ users['no-reply'].mailu_token }} +ESPOCRM_CONFIG_SMTP_USERNAME={{ users['contact'].email }} +ESPOCRM_CONFIG_SMTP_PASSWORD={{ users['contact'].mailu_token }} ESPOCRM_CONFIG_OUTBOUND_EMAIL_FROM_NAME={{ service_provider.company.titel }} - CRM -ESPOCRM_CONFIG_OUTBOUND_EMAIL_FROM_ADDRESS={{ users['no-reply'].email }} +ESPOCRM_CONFIG_OUTBOUND_EMAIL_FROM_ADDRESS={{ users['contact'].email }} # ------------------------------------------------ # LDAP settings (optional) diff --git a/roles/docker-espocrm/vars/configuration.yml b/roles/docker-espocrm/vars/configuration.yml index f57b88b2..fa6f24f6 100644 --- a/roles/docker-espocrm/vars/configuration.yml +++ b/roles/docker-espocrm/vars/configuration.yml @@ -2,10 +2,10 @@ images: espocrm: "espocrm/espocrm:latest" users: administrator: - username: "{{ users.administrator.username }}" - email: "{{ users.administrator.email }}" - -credentials: + username: "administrator" + crm: + description: "General contact account" + username: "contact" features: matomo: true css: false @@ -26,6 +26,8 @@ csp: connect-src: - wss://espocrm.{{ primary_domain }} - "data:" + frame-src: + - https://s.espocrm.com/ domains: aliases: - "crm.{{ primary_domain }}" \ No newline at end of file diff --git a/roles/docker-friendica/templates/env.j2 b/roles/docker-friendica/templates/env.j2 index 2fe57b47..b8d02c9a 100644 --- a/roles/docker-friendica/templates/env.j2 +++ b/roles/docker-friendica/templates/env.j2 @@ -27,5 +27,5 @@ SMTP_STARTTLS= {{ 'on' if system_email.start_tls else 'off' }} SMTP_FROM= no-reply # Administrator Credentials -FRIENDICA_ADMIN_MAIL= {{users.administrator.email}} -MAILNAME= {{users.administrator.email}} \ No newline at end of file +FRIENDICA_ADMIN_MAIL= {{ users.administrator.email }} +MAILNAME= {{ users.administrator.email }} \ No newline at end of file diff --git a/roles/docker-keycloak/vars/configuration.yml b/roles/docker-keycloak/vars/configuration.yml index 4ec98038..1a866210 100644 --- a/roles/docker-keycloak/vars/configuration.yml +++ b/roles/docker-keycloak/vars/configuration.yml @@ -2,7 +2,7 @@ images: keycloak: "quay.io/keycloak/keycloak:latest" users: administrator: - username: "{{users.administrator.username}}" # Administrator Username for Keycloak + username: "administrator" import_realm: True # If True realm will be imported. If false skip. credentials: features: diff --git a/roles/docker-ldap/vars/configuration.yml b/roles/docker-ldap/vars/configuration.yml index 6d0af31b..bc092154 100644 --- a/roles/docker-ldap/vars/configuration.yml +++ b/roles/docker-ldap/vars/configuration.yml @@ -8,7 +8,7 @@ hostname: "ldap" # Hostname of the LDAP Ser webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin users: administrator: - username: "{{users.administrator.username}}" # Administrator username + username: "administrator" credentials: features: ldap: true \ No newline at end of file diff --git a/roles/docker-listmonk/vars/configuration.yml b/roles/docker-listmonk/vars/configuration.yml index 75510c48..25b8d1a2 100644 --- a/roles/docker-listmonk/vars/configuration.yml +++ b/roles/docker-listmonk/vars/configuration.yml @@ -2,7 +2,11 @@ images: listmonk: "listmonk/listmonk:latest" users: administrator: - username: "{{users.administrator.username}}" # Listmonk administrator account username + username: "administrator" + bounce: + username: "bounce" + newsletter: + username: "newsletter" public_api_activated: False # Security hole. Can be used for spaming version: "latest" # Docker Image version features: diff --git a/roles/docker-mailu/vars/configuration.yml b/roles/docker-mailu/vars/configuration.yml index f6ffd447..96be3397 100644 --- a/roles/docker-mailu/vars/configuration.yml +++ b/roles/docker-mailu/vars/configuration.yml @@ -1,7 +1,7 @@ version: "2024.06" # Docker Image Version users: administrator: - email: "{{users.administrator.email}}" # Administrator Email for DNS Records + email: "administrator@{{ primary_domain }}" # Administrator Email for DNS Records oidc: email_by_username: true # If true, then the mail is set by the username. If wrong then the OIDC user email is used enable_user_creation: true # Users will be created if not existing diff --git a/roles/docker-mastodon/tasks/create-administrator.yml b/roles/docker-mastodon/tasks/create-administrator.yml index 4213aa3f..efafaca8 100644 --- a/roles/docker-mastodon/tasks/create-administrator.yml +++ b/roles/docker-mastodon/tasks/create-administrator.yml @@ -9,7 +9,7 @@ - name: Create admin account via tootctl command: - cmd: 'docker compose exec -u root web bash -c "RAILS_ENV=production bin/tootctl accounts create {{users.administrator.username}} --email {{users.administrator.email}} --confirmed --role Owner"' + cmd: 'docker compose exec -u root web bash -c "RAILS_ENV=production bin/tootctl accounts create {{users.administrator.username}} --email {{ users.administrator.email }} --confirmed --role Owner"' chdir: "{{docker_compose.directories.instance}}" register: tootctl_create changed_when: tootctl_create.rc == 0 diff --git a/roles/docker-matrix-deprecated/templates/vars.yml.j2 b/roles/docker-matrix-deprecated/templates/vars.yml.j2 index 999a0231..7722040c 100644 --- a/roles/docker-matrix-deprecated/templates/vars.yml.j2 +++ b/roles/docker-matrix-deprecated/templates/vars.yml.j2 @@ -46,7 +46,7 @@ devture_traefik_config_entrypoint_web_forwardedHeaders_insecure: true # you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`). # # Example value: someone@example.com -devture_traefik_config_certificatesResolvers_acme_email: "{{users.administrator.email}}" +devture_traefik_config_certificatesResolvers_acme_email: "{{ users.administrator.email }}" # A Postgres password to use for the superuser Postgres user (called `matrix` by default). # diff --git a/roles/docker-matrix/templates/synapse/homeserver.yaml.j2 b/roles/docker-matrix/templates/synapse/homeserver.yaml.j2 index 54d6b90d..275bb7d6 100644 --- a/roles/docker-matrix/templates/synapse/homeserver.yaml.j2 +++ b/roles/docker-matrix/templates/synapse/homeserver.yaml.j2 @@ -28,7 +28,7 @@ web_client_location: "{{ web_protocol }}://{{domains.matrix.element}} public_baseurl: "{{ web_protocol }}://{{domains.matrix.synapse}}" trusted_key_servers: - server_name: "matrix.org" -admin_contact: 'mailto:{{users.administrator.email}}' +admin_contact: 'mailto:{{ users.administrator.email }}' email: smtp_host: "{{system_email.host}}" diff --git a/roles/docker-matrix/vars/configuration.yml b/roles/docker-matrix/vars/configuration.yml index 5c5265e6..8847f054 100644 --- a/roles/docker-matrix/vars/configuration.yml +++ b/roles/docker-matrix/vars/configuration.yml @@ -1,10 +1,9 @@ images: synapse: "matrixdotorg/synapse:latest" element: "vectorim/element-web:latest" - # Set bridges users: administrator: - username: "{{users.administrator.username}}" # Accountname of the matrix admin + username: "administrator" playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start server_name: "{{primary_domain}}" # Adress for the account names etc. synapse: diff --git a/roles/docker-moodle/vars/configuration.yml b/roles/docker-moodle/vars/configuration.yml index 0e8ebc5e..dc02b2be 100644 --- a/roles/docker-moodle/vars/configuration.yml +++ b/roles/docker-moodle/vars/configuration.yml @@ -1,8 +1,7 @@ site_titel: "Academy on {{primary_domain}}" users: administrator: - username: "{{users.administrator.username}}" - email: "{{users.administrator.email}}" + username: "administrator" version: "4.5" # Latest LTS - Necessary for OIDC features: matomo: true diff --git a/roles/docker-nextcloud/templates/env.j2 b/roles/docker-nextcloud/templates/env.j2 index 31029226..0165b8bf 100644 --- a/roles/docker-nextcloud/templates/env.j2 +++ b/roles/docker-nextcloud/templates/env.j2 @@ -20,7 +20,7 @@ SMTP_NAME= {{ users['no-reply'].email }} SMTP_PASSWORD= {{ users['no-reply'].mailu_token }} # Email from configuration -MAIL_FROM_ADDRESS= "no-reply" +MAIL_FROM_ADDRESS= "{{ users['no-reply'].username }}" MAIL_DOMAIN= "{{system_email.domain}}" # Initial Admin Data diff --git a/roles/docker-nextcloud/vars/configuration.yml b/roles/docker-nextcloud/vars/configuration.yml index 6df322d2..6fc109f2 100644 --- a/roles/docker-nextcloud/vars/configuration.yml +++ b/roles/docker-nextcloud/vars/configuration.yml @@ -29,7 +29,9 @@ features: central_database: true users: administrator: - username: "{{users.administrator.username}}" + username: "administrator" + no-reply: + username: "no-reply" default_quota: '1000000000' # Quota to assign if no quota is specified in the OIDC response (bytes) legacy_login_mask: enabled: False # If true, then legacy login mask is shown. Otherwise just SSO diff --git a/roles/docker-pgadmin/vars/configuration.yml b/roles/docker-pgadmin/vars/configuration.yml index 0b60aa90..4cfafda2 100644 --- a/roles/docker-pgadmin/vars/configuration.yml +++ b/roles/docker-pgadmin/vars/configuration.yml @@ -3,7 +3,7 @@ server_mode: False # If true then the p master_password_required: True # Master password is required. Recommended True. False is a security risk. users: administrator: - email: "{{ users.administrator.email }}" # Initial login email address + email: "administrator@{{ primary_domain }}" oauth2_proxy: application: "application" port: "80" diff --git a/roles/docker-wordpress/vars/configuration.yml b/roles/docker-wordpress/vars/configuration.yml index 788d3e05..7699f832 100644 --- a/roles/docker-wordpress/vars/configuration.yml +++ b/roles/docker-wordpress/vars/configuration.yml @@ -1,8 +1,8 @@ title: "Blog" # Wordpress titel users: # Credentials administrator: # Wordpress administrator - username: "{{users.administrator.username}}" # Username of the wordpress administrator - email: "{{users.administrator.email}}" # Email of the wordpress adminsitrator + username: "administrator" + email: "administrator@{{ primary_domain }}" plugins: wp-discourse: enabled: "{{ 'discourse' in group_names | lower }}" diff --git a/roles/docker-yourls/vars/configuration.yml b/roles/docker-yourls/vars/configuration.yml index 5a398bda..22d9aa3f 100644 --- a/roles/docker-yourls/vars/configuration.yml +++ b/roles/docker-yourls/vars/configuration.yml @@ -1,6 +1,6 @@ users: administrator: - username: "{{users.administrator.username}}" + username: "administrator" version: "latest" oauth2_proxy: application: "application" diff --git a/roles/nginx/vars/configuration.yml b/roles/nginx/vars/configuration.yml new file mode 100644 index 00000000..d4ff6ce1 --- /dev/null +++ b/roles/nginx/vars/configuration.yml @@ -0,0 +1,7 @@ +users: + sld: + description: "Auto Generated Account to reserve the SLD" + username: "{{ primary_domain.split('.')[0] }}" + tld: + description: "Auto Generated Account to reserve the TLD" + username: "{{ primary_domain.split('.')[1] }}" \ No newline at end of file diff --git a/roles/systemd-notifier-email/templates/systemd-notifier-email.sh.j2 b/roles/systemd-notifier-email/templates/systemd-notifier-email.sh.j2 index d77e14a1..2c9f0307 100644 --- a/roles/systemd-notifier-email/templates/systemd-notifier-email.sh.j2 +++ b/roles/systemd-notifier-email/templates/systemd-notifier-email.sh.j2 @@ -1,7 +1,7 @@ #!/bin/bash /usr/bin/sendmail -t < Subject: $1 Content-Transfer-Encoding: 8bit diff --git a/roles/user-administrator/vars/configuration.yml b/roles/user-administrator/vars/configuration.yml new file mode 100644 index 00000000..947b591d --- /dev/null +++ b/roles/user-administrator/vars/configuration.yml @@ -0,0 +1,9 @@ +users: + administrator: + description: "System Administrator" + username: "administrator" + email: "administrator@{{ primary_domain }}" + password: "{{ ansible_become_password }}" + uid: 1001 + gid: 1001 + is_admin: true