Implemented a new docker compose structure which seperates between docker compose files and environment variable file to protect credentials better. Also did recatoring. Changes not fully tested

2025-08-29 15:06:26 +02:00 · 2025-02-04 22:37:07 +01:00
parent 5503326ea6
commit e50fd54f4e
85 changed files with 610 additions and 515 deletions
--- a/roles/docker-ldap/tasks/main.yml
+++ b/roles/docker-ldap/tasks/main.yml
@@ -19,14 +19,32 @@
    state: absent
  when: not applications.ldap.openldap.expose_to_internet | bool

- name: "create {{docker_compose.directories.instance}}"
-  file:
-    path: "{{docker_compose.directories.instance}}"
-    state: directory
-    mode: 0755
+- name: "create {{docker_compose.files.docker_compose}}"
+  template:
+    src:	"docker-compose.yml.j2"
+    dest:	"{{docker_compose.files.docker_compose}}"
+  notify: docker compose project setup

- name: add docker-compose.yml
+- name: "create {{docker_compose.files.env}}"
  template: 
-    src:  "docker-compose.yml.j2" 
-    dest: "{{docker_compose.directories.instance}}docker-compose.yml"
+    src:  "env.j2" 
+    dest: "{{docker_compose.files.env}}"
+    mode: '770'
+    force: yes
+  notify: docker compose project setup
+
+- name: "create {{docker_compose.directories.env}}phpldapadmin.env"
+  template: 
+    src:  "phpldapadmin.env.j2" 
+    dest: "{{docker_compose.directories.env}}phpldapadmin.env"
+    mode: '770'
+    force: yes
+  notify: docker compose project setup
+
+- name: "create {{docker_compose.directories.env}}lam.env"
+  template: 
+    src:  "lam.env.j2" 
+    dest: "{{docker_compose.directories.env}}lam.env"
+    mode: '770'
+    force: yes
  notify: docker compose project setup
--- a/roles/docker-ldap/templates/docker-compose.yml.j2
+++ b/roles/docker-ldap/templates/docker-compose.yml.j2
@@ -11,64 +11,23 @@ services:
    image: ghcr.io/ldapaccountmanager/lam:{{applications.ldap.lam.version}}      # Dies ist das Docker-Image für LAM
    ports:
      - 127.0.0.1:{{http_port}}:80 
-    environment:                                                    # See all variables here: https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env  
-      
-      # Basic Configuration   
-      LAM_PASSWORD:       {{applications.ldap.lam.administrator_password}}       # LAM configuration master password and password for server profile "lam
-      
-      # Database
-      LAM_CONFIGURATION_DATABASE: files                              # configuration database (files or mysql) @todo implement mariadb
+    env_file:
+      - "{{docker_compose.directories.env}}lam.env"

-      # LDAP Configuration
-      LDAP_SERVER:         ldap://openldap:389                       # LDAP server URL
-      LDAP_DOMAIN:         {{domain}}                                # domain of LDAP database root entry, will be converted to dc=...,dc=...
-      LDAP_BASE_DN:        {{ldap_root}}                             # LDAP base DN to overwrite value generated by LDAP_DOMAIN
-      LDAP_USER:           {{ldap_admin_dn}}                         # LDAP admin user (set as login user for LAM)
-      LDAP_ADMIN_PASSWORD: {{applications.ldap.administrator_database_password}}  # LDAP admin password
 {% elif applications.ldap.webinterface == 'phpldapadmin' %}
    image: leenooks/phpldapadmin:{{applications.ldap.phpldapadmin.version}}
    ports:
      - 127.0.0.1:{{http_port}}:8080
-    environment:
-      # @See https://github.com/leenooks/phpLDAPadmin/wiki/Docker-Container
-      APP_URL:    https://{{domain}}
-      LDAP_HOST:  openldap
+    env_file:
+      - "{{docker_compose.directories.env}}phpldapadmin.env"
 {% endif %}
  openldap:
    image: bitnami/openldap:{{applications.ldap.openldap.version}}
    container_name: openldap
-    logging:
-      driver: journald
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    ports:
      - 127.0.0.1:{{ldap_localhost_port}}:{{ldap_localhost_port}}               # Expose just on localhost so that nginx stream proxy can use it
      - 127.0.0.1:{{ldap_secure_localhost_port}}:{{ldap_secure_localhost_port}} # Expose just on localhost
-    environment:
-      # @See https://hub.docker.com/r/bitnami/openldap
-      
-      # GENERAL
-      ## Database
-      LDAP_ADMIN_USERNAME:        {{applications.ldap.administrator_username}}          # LDAP database admin user.
-      LDAP_ADMIN_PASSWORD:        {{applications.ldap.administrator_database_password}} # LDAP database admin password.
-      
-      ## Users
-      LDAP_USERS:                 ' '                             # Comma separated list of LDAP users to create in the default LDAP tree. Default: user01,user02
-      LDAP_PASSWORDS:             ' '                             # Comma separated list of passwords to use for LDAP users. Default: bitnami1,bitnami2
-      LDAP_ROOT:                  {{ldap_root}}                   # LDAP baseDN (or suffix) of the LDAP tree. Default: dc=example,dc=org
-      
-      ## Admin
-      LDAP_ADMIN_DN:              {{ldap_admin_dn}}               # Not well documented. Don't know if this has an effect
-      LDAP_CONFIG_ADMIN_ENABLED:  yes
-      LDAP_CONFIG_ADMIN_USERNAME: {{applications.ldap.administrator_username}}
-      LDAP_CONFIG_ADMIN_PASSWORD: {{applications.ldap.administrator_password}}
-        
-      # Network
-      LDAP_PORT_NUMBER:           {{ldap_localhost_port}}         # Route to default port
-      LDAP_ENABLE_TLS:            no                              # Using nginx proxy for tls
-      LDAP_LDAPS_PORT_NUMBER:     {{ldap_secure_localhost_port}}  # Port used for TLS secure traffic. Priviledged port is supported (e.g. 636). Default: 1636 (non privileged port).
-    
-      # Security
-      LDAP_ALLOW_ANON_BINDING:    no                              # Allow anonymous bindings to the LDAP server. Default: yes.
    volumes:
      - 'data:/bitnami/openldap'
    healthcheck:
--- a/roles/docker-ldap/templates/env.j2
+++ b/roles/docker-ldap/templates/env.j2
@@ -0,0 +1,26 @@
+
+# @See https://hub.docker.com/r/bitnami/openldap
+      
+# GENERAL
+## Database
+LDAP_ADMIN_USERNAME=        {{applications.ldap.administrator_username}}          # LDAP database admin user.
+LDAP_ADMIN_PASSWORD=        {{applications.ldap.administrator_database_password}} # LDAP database admin password.
+
+## Users
+LDAP_USERS=                 ' '                             # Comma separated list of LDAP users to create in the default LDAP tree. Default: user01,user02
+LDAP_PASSWORDS=             ' '                             # Comma separated list of passwords to use for LDAP users. Default: bitnami1,bitnami2
+LDAP_ROOT=                  {{ldap_root}}                   # LDAP baseDN (or suffix) of the LDAP tree. Default: dc=example,dc=org
+
+## Admin
+LDAP_ADMIN_DN=              {{ldap_admin_dn}}               # Not well documented. Don't know if this has an effect
+LDAP_CONFIG_ADMIN_ENABLED=  yes
+LDAP_CONFIG_ADMIN_USERNAME= {{applications.ldap.administrator_username}}
+LDAP_CONFIG_ADMIN_PASSWORD= {{applications.ldap.administrator_password}}
+  
+# Network
+LDAP_PORT_NUMBER=           {{ldap_localhost_port}}         # Route to default port
+LDAP_ENABLE_TLS=            no                              # Using nginx proxy for tls
+LDAP_LDAPS_PORT_NUMBER=     {{ldap_secure_localhost_port}}  # Port used for TLS secure traffic. Priviledged port is supported (e.g. 636). Default: 1636 (non privileged port).
+
+# Security
+LDAP_ALLOW_ANON_BINDING=    no                              # Allow anonymous bindings to the LDAP server. Default: yes.
--- a/roles/docker-ldap/templates/lam.env.j2
+++ b/roles/docker-ldap/templates/lam.env.j2
@@ -0,0 +1,13 @@
+# See all variables here: https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env  
+      
+# Basic Configuration   
+LAM_PASSWORD=               {{applications.ldap.lam.administrator_password}}        # LAM configuration master password and password for server profile "lam
+     
+# Database
+LAM_CONFIGURATION_DATABASE= files                                                   # configuration database (files or mysql) @todo implement mariadb
+
+# LDAP Configuration
+LDAP_SERVER=                {{domain}}                                              # domain of LDAP database root entry, will be converted to dc=...,dc=...
+LDAP_BASE_DN=               {{ldap_root}}                                           # LDAP base DN to overwrite value generated by LDAP_DOMAIN
+LDAP_USER=                  {{ldap_admin_dn}}                                       # LDAP admin user (set as login user for LAM)
+LDAP_ADMIN_PASSWORD=        {{applications.ldap.administrator_database_password}}   # LDAP admin password
--- a/roles/docker-ldap/templates/phpldapadmin.env.j2
+++ b/roles/docker-ldap/templates/phpldapadmin.env.j2
@@ -0,0 +1,3 @@
+# @See https://github.com/leenooks/phpLDAPadmin/wiki/Docker-Container
+APP_URL=    https://{{domain}}
+LDAP_HOST=  openldap