Added new user generation script and optimized mail config

2025-08-29 23:08:06 +02:00 · 2025-07-02 15:08:42 +02:00
parent 2ccfdf0de6
commit cb6fbba8f4
31 changed files with 281 additions and 144 deletions
--- a/roles/docker-akaunting/vars/configuration.yml
+++ b/roles/docker-akaunting/vars/configuration.yml
@@ -1,8 +1,8 @@
 images:
  akaunting:      "docker.io/akaunting/akaunting:latest"
 company_name:       "{{primary_domain}}"
-company_email:      "{{users.administrator.email}}"
-setup_admin_email:  "{{users.administrator.email}}"
+company_email:      "{{ users.administrator.email }}"
+setup_admin_email:  "{{ users.administrator.email }}"
 features:
  matomo:           true
  css:              true
--- a/roles/docker-bluesky/vars/configuration.yml
+++ b/roles/docker-bluesky/vars/configuration.yml
@@ -1,6 +1,6 @@
 users:
  administrator:
-    email:          "{{users.administrator.email}}"
+    email:          "administrator@{{ primary_domain }}"
 images:
  pds:              "ghcr.io/bluesky-social/pds:latest"
 pds:
--- a/roles/docker-compose/vars/configuration.yml
+++ b/roles/docker-compose/vars/configuration.yml
@@ -0,0 +1,4 @@
+users:
+  blackhole:
+    description: "Everything what will be send to this user will disapear"
+    username: "blackhole"
--- a/roles/docker-compose/vars/main.yml
+++ b/roles/docker-compose/vars/main.yml
--- a/roles/docker-discourse/templates/discourse_application.yml.j2
+++ b/roles/docker-discourse/templates/discourse_application.yml.j2
@@ -48,7 +48,7 @@ env:
  #DOCKER_USE_HOSTNAME: true

  ## on initial signup example 'user1@example.com,user2@example.com'
-  DISCOURSE_DEVELOPER_EMAILS:       {{users.administrator.email}}
+  DISCOURSE_DEVELOPER_EMAILS:       {{ users.administrator.email }}

  # Set Logo
  {% if service_provider.platform.logo | bool %}
@@ -135,8 +135,8 @@ run:
  - exec: rails r "SiteSetting.username_change_period = 0" # Deactivate changing of username

  # Activate Administrator User
-  #- exec: printf '{{users.administrator.email}}\n{{users.administrator.password}}\n{{users.administrator.password}}\nY\n' | rake admin:create
-  #- exec: rails r "User.find_by_email('{{users.administrator.email}}').update(username: '{{users.administrator.username}}')"
+  #- exec: printf '{{ users.administrator.email }}\n{{users.administrator.password}}\n{{users.administrator.password}}\nY\n' | rake admin:create
+  #- exec: rails r "User.find_by_email('{{ users.administrator.email }}').update(username: '{{users.administrator.username}}')"

  # The following code is just an inspiration, how to connect with the oidc account. as long as this is not set the admini account needs to be manually connected with oidc 
  # docker exec -it discourse_application rails runner "user = User.find_by_email('test@cymais.cloud'); UserAuth.create(user_id: user.id, provider: 'oidc', uid: 'eindeutige_oidc_id', info: { name: user.username, email: user.email })"
--- a/roles/docker-espocrm/meta/main.yml
+++ b/roles/docker-espocrm/meta/main.yml
@@ -20,4 +20,5 @@ galaxy_info:
  logo:
    class: "fa-solid fa-phone"
  run_after:  
-    - docker-keycloak
+    - docker-keycloak
+    - docker-mailu
--- a/roles/docker-espocrm/templates/env.j2
+++ b/roles/docker-espocrm/templates/env.j2
@@ -50,12 +50,12 @@ ESPOCRM_CONFIG_LOGGER_ROTATION=false
 # ------------------------------------------------
 ESPOCRM_CONFIG_SMTP_SERVER={{ system_email.host }}
 ESPOCRM_CONFIG_SMTP_PORT={{ system_email.port }}
-ESPOCRM_CONFIG_SMTP_SECURITY=TLS
+ESPOCRM_CONFIG_SMTP_SECURITY={{ "TLS" if system_email.start_tls else "SSL"}}
 ESPOCRM_CONFIG_SMTP_AUTH=true
-ESPOCRM_CONFIG_SMTP_USERNAME={{ users['no-reply'].email }}
-ESPOCRM_CONFIG_SMTP_PASSWORD={{ users['no-reply'].mailu_token }}
+ESPOCRM_CONFIG_SMTP_USERNAME={{ users['contact'].email }}
+ESPOCRM_CONFIG_SMTP_PASSWORD={{ users['contact'].mailu_token }}
 ESPOCRM_CONFIG_OUTBOUND_EMAIL_FROM_NAME={{ service_provider.company.titel }} - CRM
-ESPOCRM_CONFIG_OUTBOUND_EMAIL_FROM_ADDRESS={{ users['no-reply'].email }}
+ESPOCRM_CONFIG_OUTBOUND_EMAIL_FROM_ADDRESS={{ users['contact'].email }}

 # ------------------------------------------------
 # LDAP settings (optional)
--- a/roles/docker-espocrm/vars/configuration.yml
+++ b/roles/docker-espocrm/vars/configuration.yml
@@ -2,10 +2,10 @@ images:
  espocrm:            "espocrm/espocrm:latest"
 users:
  administrator:
-    username:         "{{ users.administrator.username }}"
-    email:            "{{ users.administrator.email }}"
-
-credentials:
+    username:         "administrator"
+  crm:
+    description:      "General contact account"
+    username:         "contact"
 features:
  matomo:             true
  css:                false
@@ -26,6 +26,8 @@ csp:
    connect-src:
      - wss://espocrm.{{ primary_domain }}
      - "data:"
+    frame-src:
+      - https://s.espocrm.com/
 domains:
  aliases:
    - "crm.{{ primary_domain }}"
--- a/roles/docker-friendica/templates/env.j2
+++ b/roles/docker-friendica/templates/env.j2
@@ -27,5 +27,5 @@ SMTP_STARTTLS=  {{ 'on' if system_email.start_tls else 'off' }}
 SMTP_FROM=      no-reply

 # Administrator Credentials
-FRIENDICA_ADMIN_MAIL= {{users.administrator.email}}
-MAILNAME= {{users.administrator.email}}
+FRIENDICA_ADMIN_MAIL= {{ users.administrator.email }}
+MAILNAME= {{ users.administrator.email }}
--- a/roles/docker-keycloak/vars/configuration.yml
+++ b/roles/docker-keycloak/vars/configuration.yml
@@ -2,7 +2,7 @@ images:
  keycloak:           "quay.io/keycloak/keycloak:latest"
 users:
  administrator:
-    username:         "{{users.administrator.username}}"  # Administrator Username for Keycloak
+    username:         "administrator"
 import_realm:         True                                # If True realm will be imported. If false skip.
 credentials:
 features:
--- a/roles/docker-ldap/vars/configuration.yml
+++ b/roles/docker-ldap/vars/configuration.yml
@@ -8,7 +8,7 @@ hostname:         "ldap"                              # Hostname of the LDAP Ser
 webinterface:     "lam"                               # The webinterface which should be used. Possible: lam and phpldapadmin
 users:  
  administrator:
-    username:     "{{users.administrator.username}}"  # Administrator username
+    username:     "administrator"
 credentials:
 features:
  ldap:           true
--- a/roles/docker-listmonk/vars/configuration.yml
+++ b/roles/docker-listmonk/vars/configuration.yml
@@ -2,7 +2,11 @@ images:
  listmonk:                 "listmonk/listmonk:latest"
 users:
  administrator:
-    username:               "{{users.administrator.username}}"    # Listmonk administrator account username
+    username:               "administrator"
+  bounce:
+    username:               "bounce"
+  newsletter:
+    username:               "newsletter"
 public_api_activated:       False                                 # Security hole. Can be used for spaming
 version:                    "latest"                              # Docker Image version
 features:
--- a/roles/docker-mailu/vars/configuration.yml
+++ b/roles/docker-mailu/vars/configuration.yml
@@ -1,7 +1,7 @@
 version:                  "2024.06"                         # Docker Image Version
 users:
  administrator:
-    email:                "{{users.administrator.email}}"   # Administrator Email for DNS Records
+    email:                "administrator@{{ primary_domain }}"   # Administrator Email for DNS Records
 oidc:
  email_by_username:      true                              # If true, then the mail is set by the username. If wrong then the OIDC user email is used
  enable_user_creation:   true                              # Users will be created if not existing
--- a/roles/docker-mastodon/tasks/create-administrator.yml
+++ b/roles/docker-mastodon/tasks/create-administrator.yml
@@ -9,7 +9,7 @@

 - name: Create admin account via tootctl
  command: 
-    cmd: 'docker compose exec -u root web bash -c "RAILS_ENV=production bin/tootctl accounts create {{users.administrator.username}} --email {{users.administrator.email}} --confirmed --role Owner"'
+    cmd: 'docker compose exec -u root web bash -c "RAILS_ENV=production bin/tootctl accounts create {{users.administrator.username}} --email {{ users.administrator.email }} --confirmed --role Owner"'
    chdir: "{{docker_compose.directories.instance}}"
  register: tootctl_create
  changed_when: tootctl_create.rc == 0
--- a/roles/docker-matrix-deprecated/templates/vars.yml.j2
+++ b/roles/docker-matrix-deprecated/templates/vars.yml.j2
@@ -46,7 +46,7 @@ devture_traefik_config_entrypoint_web_forwardedHeaders_insecure: true
 # you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`).
 #
 # Example value: someone@example.com
-devture_traefik_config_certificatesResolvers_acme_email: "{{users.administrator.email}}"
+devture_traefik_config_certificatesResolvers_acme_email: "{{ users.administrator.email }}"

 # A Postgres password to use for the superuser Postgres user (called `matrix` by default).
 #
--- a/roles/docker-matrix/templates/synapse/homeserver.yaml.j2
+++ b/roles/docker-matrix/templates/synapse/homeserver.yaml.j2
@@ -28,7 +28,7 @@ web_client_location:            "{{ web_protocol }}://{{domains.matrix.element}}
 public_baseurl:                 "{{ web_protocol }}://{{domains.matrix.synapse}}"
 trusted_key_servers:
  - server_name: "matrix.org"
-admin_contact: 'mailto:{{users.administrator.email}}'
+admin_contact: 'mailto:{{ users.administrator.email }}'

 email:
  smtp_host:                    "{{system_email.host}}"
--- a/roles/docker-matrix/vars/configuration.yml
+++ b/roles/docker-matrix/vars/configuration.yml
@@ -1,10 +1,9 @@
 images:
  synapse:            "matrixdotorg/synapse:latest"
  element:            "vectorim/element-web:latest"
-  # Set bridges
 users:
  administrator:
-    username:         "{{users.administrator.username}}" # Accountname of the matrix admin
+    username:         "administrator"
 playbook_tags:        "setup-all,start"                  # For the initial update use: install-all,ensure-matrix-users-created,start
 server_name:          "{{primary_domain}}"               # Adress for the account names etc.
 synapse:
--- a/roles/docker-moodle/vars/configuration.yml
+++ b/roles/docker-moodle/vars/configuration.yml
@@ -1,8 +1,7 @@
 site_titel:           "Academy on {{primary_domain}}"
 users:
  administrator:
-    username:         "{{users.administrator.username}}"
-    email:            "{{users.administrator.email}}"
+    username:         "administrator"
 version:              "4.5"                                 # Latest LTS - Necessary for OIDC
 features:
  matomo:             true
--- a/roles/docker-nextcloud/templates/env.j2
+++ b/roles/docker-nextcloud/templates/env.j2
@@ -20,7 +20,7 @@ SMTP_NAME=                      {{ users['no-reply'].email }}
 SMTP_PASSWORD=                  {{ users['no-reply'].mailu_token }}

 # Email from configuration
-MAIL_FROM_ADDRESS=              "no-reply"
+MAIL_FROM_ADDRESS=              "{{ users['no-reply'].username }}"
 MAIL_DOMAIN=                    "{{system_email.domain}}"

 # Initial Admin Data
--- a/roles/docker-nextcloud/vars/configuration.yml
+++ b/roles/docker-nextcloud/vars/configuration.yml
@@ -29,7 +29,9 @@ features:
  central_database:             true
 users:      
  administrator:
-    username:                  "{{users.administrator.username}}"
+    username:                  "administrator"
+  no-reply:
+    username: "no-reply"
 default_quota:                 '1000000000'                                     # Quota to assign if no quota is specified in the OIDC response (bytes)
 legacy_login_mask:   
  enabled:                      False                                           # If true, then legacy  login mask is shown. Otherwise just SSO
--- a/roles/docker-pgadmin/vars/configuration.yml
+++ b/roles/docker-pgadmin/vars/configuration.yml
@@ -3,7 +3,7 @@ server_mode:              False                             # If true then the p
 master_password_required: True                              # Master password is required. Recommended True. False is a security risk.
 users:
  administrator:
-    email:                "{{ users.administrator.email }}" # Initial login email address
+    email:                "administrator@{{ primary_domain }}"
 oauth2_proxy:
  application:            "application"
  port:                   "80"
--- a/roles/docker-wordpress/vars/configuration.yml
+++ b/roles/docker-wordpress/vars/configuration.yml
@@ -1,8 +1,8 @@
 title:                "Blog"                                      # Wordpress titel
 users:                                                            # Credentials
  administrator:                                                  # Wordpress administrator
-    username:         "{{users.administrator.username}}"          # Username of the wordpress administrator
-    email:            "{{users.administrator.email}}"             # Email of the wordpress adminsitrator
+    username:         "administrator"
+    email:            "administrator@{{ primary_domain }}"
 plugins:
  wp-discourse:
    enabled:          "{{ 'discourse' in group_names | lower }}"
--- a/roles/docker-yourls/vars/configuration.yml
+++ b/roles/docker-yourls/vars/configuration.yml
@@ -1,6 +1,6 @@
 users:
  administrator:
-    username:         "{{users.administrator.username}}"
+    username:         "administrator"
 version:              "latest"
 oauth2_proxy:  
  application:        "application"
--- a/roles/nginx/vars/configuration.yml
+++ b/roles/nginx/vars/configuration.yml
@@ -0,0 +1,7 @@
+users:
+  sld:
+    description: "Auto Generated Account to reserve the SLD"
+    username: "{{ primary_domain.split('.')[0] }}"
+  tld:
+    description: "Auto Generated Account to reserve the TLD"
+    username: "{{ primary_domain.split('.')[1] }}"
--- a/roles/systemd-notifier-email/templates/systemd-notifier-email.sh.j2
+++ b/roles/systemd-notifier-email/templates/systemd-notifier-email.sh.j2
@@ -1,7 +1,7 @@
 #!/bin/bash

 /usr/bin/sendmail -t <<ERRMAIL
-To: {{users.administrator.email}}
+To: {{ users.administrator.email }}
 From: systemd <{{ users['no-reply'].email }}>
 Subject: $1
 Content-Transfer-Encoding: 8bit
--- a/roles/user-administrator/vars/configuration.yml
+++ b/roles/user-administrator/vars/configuration.yml
@@ -0,0 +1,9 @@
+users:
+  administrator:
+    description:        "System Administrator"
+    username:           "administrator"
+    email:              "administrator@{{ primary_domain }}"
+    password:           "{{ ansible_become_password }}"
+    uid:                1001
+    gid:                1001
+    is_admin:           true