diff --git a/group_vars/all/07_applications.yml b/group_vars/all/07_applications.yml index 35c8ccd9..8833f32a 100644 --- a/group_vars/all/07_applications.yml +++ b/group_vars/all/07_applications.yml @@ -4,11 +4,11 @@ docker_restart_policy: "unless-stopped" ############################################## -## Private Helper variables ### +## Applications Configuration ############################################## -# By default don't expose openldap to the internet, just if explicit configured -_ldap_openldap_expose_to_internet: "{{ applications.ldap.openldap.expose_to_internet | default(False) if applications.ldap is defined and applications.ldap.openldap is defined else false}}" +# Keep in mind, that this configuration should in general just apply to the roles which set the applications up. +# If other applications depend on this variables, propably it makes sense to define it in e.g. IMA or other variable files. defaults_applications: @@ -72,15 +72,17 @@ defaults_applications: administrator_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons openldap: version: "latest" - expose_to_internet: "{{_ldap_openldap_expose_to_internet}}" # Set to true if you want to expose the LDAP port to the internet - domain: "{{domains.ldap if _ldap_openldap_expose_to_internet else 'openldap'}}" # Mapping for public or locale access + network: + local: True # Activates local network to allow other docker containers to connect + public: False # Set to true in inventory file if you want to expose the LDAP port to the internet + hostname: "openldap" # Hostname of the LDAP Server in the central_ldap network modify: False # When false entries will just be added, when true existing entries will be modified during import procedure phpldapadmin: version: "2.0.0-dev" # @todo Attention: Change this as fast as released to latest webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin administrator_username: "{{administrator_username}}" - administrator_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons - administrator_database_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons + administrator_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons in inventory file + administrator_database_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons in inventory file ## Listmonk listmonk: diff --git a/group_vars/all/09_ports.yml b/group_vars/all/09_ports.yml index c699ac27..9337b6eb 100644 --- a/group_vars/all/09_ports.yml +++ b/group_vars/all/09_ports.yml @@ -3,13 +3,13 @@ ports: localhost: web_socket: mastodon: 4001 - oauth2_proxy_ports: + oauth2_proxy: phpmyadmin: 4181 ldap: 4182 openproject: 4183 - ldap_ports: - openldap: - http_ports: + ldap: + openldap: 389 + http: nextcloud: 8001 gitea: 8002 wordpress: 8003 @@ -49,6 +49,8 @@ ports: # Ports which are exposed to the World Wide Web public: # The following ports should be changed to 22 on the subdomain via stream mapping - ssh_ports: + ssh: gitea: 2201 gitlab: 2202 + ldaps: + openldap: 636 diff --git a/group_vars/all/11_iam.yml b/group_vars/all/11_iam.yml index 027eb9a1..18a80a31 100644 --- a/group_vars/all/11_iam.yml +++ b/group_vars/all/11_iam.yml @@ -36,14 +36,25 @@ oauth2_proxy_active: false ### LDAP ### ############################################# +# Helper variables +_ldap_dn_base: "dc={{primary_domain_sld}},dc={{primary_domain_tld}}" -# Activate local LDAP network for communitation on localhot between different docker containers -# -# Set in vars/main.yml via: -# ldap_network_enabled: "{{ldap.enabled}}" -# -# This leads to that the local ldap networks get enabled, if LDAP is enabled -ldap_network_enabled: false + +# This leads to that the role gets configured to use ldap +ldap_enabled: false ldap: - enabled: true # Enable or disable LDAP + # Enables LDAP for all roles in play if true + enabled: true + # Distinguished Names (DN) + dn: + # Defines the base Distinguished Name (DN) for the LDAP directory, constructed from the second-level domain (SLD) and top-level domain (TLD). + root: "{{_ldap_dn_base}}" + # Specifies the Distinguished Name (DN) of the LDAP administrator, combining the admin's username with the LDAP root domain. + administrator: "cn={{applications.ldap.administrator_username}},{{_ldap_dn_base}}" + server: + domain: "{{applications.ldap.openldap.hostname if applications.ldap.openldap.network.local | bool else domains.ldap}}" # Mapping for public or locale access + uri: "{% if applications.ldap.openldap.network.local | bool %}ldap://{{ applications.ldap.openldap.hostname }}:{{ ports.localhost.ldap.openldap }}{% else %}ldaps://{{ domains.ldap }}:{{ ports.public.ldaps.openldap }}{% endif %}" + network: + local: "{{applications.ldap.openldap.network.local}}" # Uses the application configuration to define if local network should be available or not + \ No newline at end of file diff --git a/roles/docker-bigbluebutton/templates/nginx-proxy.conf.j2 b/roles/docker-bigbluebutton/templates/nginx-proxy.conf.j2 index c4461be9..843a2a78 100644 --- a/roles/docker-bigbluebutton/templates/nginx-proxy.conf.j2 +++ b/roles/docker-bigbluebutton/templates/nginx-proxy.conf.j2 @@ -5,7 +5,7 @@ server { location / { proxy_http_version 1.1; - proxy_pass http://$endpoint_addr:{{ports.localhost.oauth2_proxy_ports[application_id]}}; + proxy_pass http://$endpoint_addr:{{ports.localhost.oauth2_proxy[application_id]}}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/roles/docker-bluesky/tasks/main.yml b/roles/docker-bluesky/tasks/main.yml index 13ec84c7..69342ec2 100644 --- a/roles/docker-bluesky/tasks/main.yml +++ b/roles/docker-bluesky/tasks/main.yml @@ -7,13 +7,13 @@ include_tasks: nginx-docker-proxy-domain.yml vars: domain: "{{ domains.bluesky_api }}" - http_port: "{{ ports.localhost.http_ports.bluesky_api }}" + http_port: "{{ ports.localhost.http.bluesky_api }}" - name: "Include tasks for Web domain" include_tasks: nginx-docker-proxy-domain.yml vars: domain: "{{ domains.bluesky_web }}" - http_port: "{{ ports.localhost.http_ports.bluesky_web }}" + http_port: "{{ ports.localhost.http.bluesky_web }}" # The following lines should be removed when the following issue is closed: # https://github.com/bluesky-social/pds/issues/52 diff --git a/roles/docker-bluesky/templates/docker-compose.yml.j2 b/roles/docker-bluesky/templates/docker-compose.yml.j2 index 55c36f7e..474e5bc3 100644 --- a/roles/docker-bluesky/templates/docker-compose.yml.j2 +++ b/roles/docker-bluesky/templates/docker-compose.yml.j2 @@ -6,7 +6,7 @@ services: - pds_data:/opt/pds - {{pdsadmin_file_path}}:/usr/local/bin/pdsadmin:ro ports: - - "127.0.0.1:{{ports.localhost.http_ports.bluesky_api}}:3000" + - "127.0.0.1:{{ports.localhost.http.bluesky_api}}:3000" healthcheck: test: ["CMD", "wget", "--spider", "http://127.0.0.1:3000/xrpc/_health"] interval: 1m @@ -27,7 +27,7 @@ services: REACT_APP_SITE_NAME: "{{primary_domain | upper}} - Bluesky" REACT_APP_SITE_DESCRIPTION: "Decentral Social " ports: - - "127.0.0.1:{{ports.localhost.http_ports.bluesky_web}}:8100" + - "127.0.0.1:{{ports.localhost.http.bluesky_web}}:8100" healthcheck: test: ["CMD", "sh", "-c", "for pid in $(ls /proc | grep -E '^[0-9]+$'); do if cat /proc/$pid/cmdline 2>/dev/null | grep -q 'bskywebserve'; then exit 0; fi; done; exit 1"] interval: 30s diff --git a/roles/docker-compose/tasks/main.yml b/roles/docker-compose/tasks/main.yml index a35f2f62..5b331869 100644 --- a/roles/docker-compose/tasks/main.yml +++ b/roles/docker-compose/tasks/main.yml @@ -6,9 +6,9 @@ domain: "{{ domains[application_id] if application_id in domains else None }}" # Default case: One domain exists. Some applications like matrix don't have an default domain -- name: "Set global http_port to {{ ports.localhost.http_ports[application_id] }}" +- name: "Set global http_port to {{ ports.localhost.http[application_id] }}" set_fact: - http_port: "{{ ports.localhost.http_ports[application_id] if application_id in ports.localhost.http_ports else None }}" + http_port: "{{ ports.localhost.http[application_id] if application_id in ports.localhost.http else None }}" # Default case: One port exists. Some applications like matrix don't have an default port - name: "remove {{ docker_compose.directories.instance }} and all its contents" diff --git a/roles/docker-funkwhale/templates/env.j2 b/roles/docker-funkwhale/templates/env.j2 index 6c5f5d25..afe40964 100644 --- a/roles/docker-funkwhale/templates/env.j2 +++ b/roles/docker-funkwhale/templates/env.j2 @@ -99,19 +99,21 @@ DJANGO_SETTINGS_MODULE=config.settings.production # Generate one using `openssl rand -base64 45`, for example DJANGO_SECRET_KEY={{funkwhale_django_secret}} +{% if ldap_enabled | bool %} # LDAP settings # Use the following options to allow authentication on your Funkwhale instance # using a LDAP directory. # Have a look at https://docs.funkwhale.audio/installation/ldap.html for # detailed instructions. -# LDAP_ENABLED=False -# LDAP_SERVER_URI=ldap://your.server:389 -# LDAP_BIND_DN=cn=admin,dc=domain,dc=com -# LDAP_BIND_PASSWORD=bindpassword -# LDAP_SEARCH_FILTER=(|(cn={0})(mail={0})) -# LDAP_START_TLS=False -# LDAP_ROOT_DN=dc=domain,dc=com +LDAP_ENABLED=True +LDAP_SERVER_URI={{ldap.server.uri}} +LDAP_BIND_DN={{ldap.dn.administrator}} +LDAP_BIND_PASSWORD={{applications.ldap.administrator_database_password}} +LDAP_SEARCH_FILTER=(|(cn={0})(mail={0})) # Needs to checked +LDAP_START_TLS=False +LDAP_ROOT_DN={{ldap.dn.root}} +{% endif %} FUNKWHALE_FRONTEND_PATH=/srv/funkwhale/front/dist diff --git a/roles/docker-funkwhale/vars/main.yml b/roles/docker-funkwhale/vars/main.yml index c49abb4e..b1c25da6 100644 --- a/roles/docker-funkwhale/vars/main.yml +++ b/roles/docker-funkwhale/vars/main.yml @@ -2,7 +2,7 @@ application_id: "funkwhale" nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size 512M;" database_password: "{{funkwhale_database_password}}" database_type: "postgres" -ldap_network_enabled: "{{ldap.enabled}}" +ldap_enabled: True media_root: "/srv/funkwhale/data/" static_root: "{{media_root}}static" celeryd_concurrency: 1 diff --git a/roles/docker-gitea/templates/docker-compose.yml.j2 b/roles/docker-gitea/templates/docker-compose.yml.j2 index 6fa5ee71..8cbe0ede 100644 --- a/roles/docker-gitea/templates/docker-compose.yml.j2 +++ b/roles/docker-gitea/templates/docker-compose.yml.j2 @@ -7,7 +7,7 @@ services: image: "gitea/gitea:{{applications.gitea.version}}" ports: - "127.0.0.1:{{http_port}}:3000" - - "{{ports.public.ssh_ports[application_id]}}:22" + - "{{ports.public.ssh[application_id]}}:22" volumes: - data:/data - /etc/timezone:/etc/timezone:ro diff --git a/roles/docker-gitea/templates/env.j2 b/roles/docker-gitea/templates/env.j2 index e11f904c..f719f845 100644 --- a/roles/docker-gitea/templates/env.j2 +++ b/roles/docker-gitea/templates/env.j2 @@ -5,7 +5,7 @@ DB_HOST={{database_host}}:{{database_port}} DB_NAME={{database_name}} DB_USER={{database_username}} DB_PASSWD={{database_password}} -SSH_PORT={{ports.public.ssh_ports[application_id]}} +SSH_PORT={{ports.public.ssh[application_id]}} SSH_LISTEN_PORT=22 DOMAIN={{domain}} SSH_DOMAIN={{domain}} diff --git a/roles/docker-gitlab/templates/docker-compose.yml.j2 b/roles/docker-gitlab/templates/docker-compose.yml.j2 index 2dc138db..3d16f9e1 100644 --- a/roles/docker-gitlab/templates/docker-compose.yml.j2 +++ b/roles/docker-gitlab/templates/docker-compose.yml.j2 @@ -10,7 +10,7 @@ services: {% include 'roles/docker-compose/templates/services/base.yml.j2' %} ports: - "127.0.0.1:{{http_port}}:80" - - "{{ports.public.ssh_ports[application_id]}}:22" + - "{{ports.public.ssh[application_id]}}:22" volumes: - 'config:/etc/gitlab' - 'logs:/var/log/gitlab' diff --git a/roles/docker-gitlab/templates/env.j2 b/roles/docker-gitlab/templates/env.j2 index fa67bf2a..48b2b1e0 100644 --- a/roles/docker-gitlab/templates/env.j2 +++ b/roles/docker-gitlab/templates/env.j2 @@ -2,7 +2,7 @@ {% set config_lines = [ "external_url 'https://{{ domain }}'", "postgresql['enable']=false", - "gitlab_rails['gitlab_shell_ssh_port']={{ ports.public.ssh_ports[application_id] }}", + "gitlab_rails['gitlab_shell_ssh_port']={{ ports.public.ssh[application_id] }}", "gitlab_rails['db_adapter']='postgresql'", "gitlab_rails['db_encoding']='utf8'", "gitlab_rails['db_host']='{{ database_host }}'", diff --git a/roles/docker-keycloak/vars/main.yml b/roles/docker-keycloak/vars/main.yml index 22619a11..339390c3 100644 --- a/roles/docker-keycloak/vars/main.yml +++ b/roles/docker-keycloak/vars/main.yml @@ -1,4 +1,4 @@ application_id: "keycloak" database_type: "postgres" database_password: "{{keycloak_database_password}}" -ldap_network_enabled: "{{ldap.enabled}}" \ No newline at end of file +ldap_enabled: True \ No newline at end of file diff --git a/roles/docker-ldap/handlers/main.yml b/roles/docker-ldap/handlers/main.yml index 92e7fdb2..3b7ff5f2 100644 --- a/roles/docker-ldap/handlers/main.yml +++ b/roles/docker-ldap/handlers/main.yml @@ -1,6 +1,6 @@ - name: "import missing groups from {{ldif_docker_path}} to OpenLDAP" shell: > - docker exec -i openldap {{ 'ldapmodify' if applications.ldap.openldap.modify|bool else 'ldapadd' }} -x -D "{{ldap_admin_dn}}" -w "{{applications.ldap.administrator_database_password}}" -c -f "{{ldif_docker_path}}{{ item }}" + docker exec -i openldap {{ 'ldapmodify' if applications.ldap.openldap.modify|bool else 'ldapadd' }} -x -D "{{ldap.dn.administrator}}" -w "{{applications.ldap.administrator_database_password}}" -c -f "{{ldif_docker_path}}{{ item }}" loop: "{{ ldif_files }}" register: ldapadd_result changed_when: "'adding new entry' in ldapadd_result.stdout" diff --git a/roles/docker-ldap/tasks/main.yml b/roles/docker-ldap/tasks/main.yml index 0813fac7..96c7ca77 100644 --- a/roles/docker-ldap/tasks/main.yml +++ b/roles/docker-ldap/tasks/main.yml @@ -11,13 +11,13 @@ src: "nginx.stream.conf.j2" dest: "{{nginx.directories.streams}}{{domain}}.conf" notify: restart nginx - when: applications.ldap.openldap.expose_to_internet | bool + when: applications.ldap.openldap.network.public | bool - name: Remove {{domain}}.conf if LDAP is not exposed to internet file: path: "{{ nginx.directories.streams }}{{ domain }}.conf" state: absent - when: not applications.ldap.openldap.expose_to_internet | bool + when: not applications.ldap.openldap.network.public | bool - name: create docker network for LDAP, so that other applications can access it docker_network: diff --git a/roles/docker-ldap/templates/docker-compose.yml.j2 b/roles/docker-ldap/templates/docker-compose.yml.j2 index b36dfb11..70d8bc21 100644 --- a/roles/docker-ldap/templates/docker-compose.yml.j2 +++ b/roles/docker-ldap/templates/docker-compose.yml.j2 @@ -23,19 +23,18 @@ services: {% endif %} openldap: image: bitnami/openldap:{{applications.ldap.openldap.version}} - container_name: openldap + container_name: {{applications.ldap.openldap.hostname}} {% include 'roles/docker-compose/templates/services/base.yml.j2' %} -{% if applications.ldap.openldap.expose_to_internet | bool %} +{% if applications.ldap.openldap.network.public | bool %} ports: - - 127.0.0.1:{{ldap_localhost_port}}:{{ldap_localhost_port}} # Expose just on localhost so that nginx stream proxy can use it - - 127.0.0.1:{{ldap_secure_localhost_port}}:{{ldap_secure_localhost_port}} # Expose just on localhost + - 127.0.0.1:{{ports.localhost.ldap.openldap}}:{{ldap_docker_port}} # Expose just on localhost so that nginx stream proxy can use it {% endif %} volumes: - 'data:/bitnami/openldap' - - '{{ldif_host_path}}:{{ldif_docker_path}}:ro' # Mounting all ldif files for import + - '{{ldif_host_path}}:{{ldif_docker_path}}:ro' # Mounting all ldif files for import healthcheck: test: > - ldapsearch -x -H ldap://localhost:389 -b "{{ldap_root}}" -D "{{ldap_admin_dn}}" -w "{{applications.ldap.administrator_database_password}}" + ldapsearch -x -H ldap://localhost:{{ldap_docker_port}} -b "{{ldap.dn.root}}" -D "{{ldap.dn.administrator}}" -w "{{applications.ldap.administrator_database_password}}" interval: 30s timeout: 10s retries: 3 diff --git a/roles/docker-ldap/templates/env.j2 b/roles/docker-ldap/templates/env.j2 index d844e0c6..d61d551b 100644 --- a/roles/docker-ldap/templates/env.j2 +++ b/roles/docker-ldap/templates/env.j2 @@ -9,18 +9,18 @@ LDAP_ADMIN_PASSWORD= {{applications.ldap.administrator_database_password} ## Users LDAP_USERS= ' ' # Comma separated list of LDAP users to create in the default LDAP tree. Default: user01,user02 LDAP_PASSWORDS= ' ' # Comma separated list of passwords to use for LDAP users. Default: bitnami1,bitnami2 -LDAP_ROOT= {{ldap_root}} # LDAP baseDN (or suffix) of the LDAP tree. Default: dc=example,dc=org +LDAP_ROOT= {{ldap.dn.root}} # LDAP baseDN (or suffix) of the LDAP tree. Default: dc=example,dc=org ## Admin -LDAP_ADMIN_DN= {{ldap_admin_dn}} # Not well documented. Don't know if this has an effect +LDAP_ADMIN_DN= {{ldap.dn.administrator}} # Not well documented. Don't know if this has an effect LDAP_CONFIG_ADMIN_ENABLED= yes LDAP_CONFIG_ADMIN_USERNAME= {{applications.ldap.administrator_username}} LDAP_CONFIG_ADMIN_PASSWORD= {{applications.ldap.administrator_password}} # Network -LDAP_PORT_NUMBER= {{ldap_localhost_port}} # Route to default port +LDAP_PORT_NUMBER= {{ldap_docker_port}} # Route to default port LDAP_ENABLE_TLS= no # Using nginx proxy for tls -LDAP_LDAPS_PORT_NUMBER= {{ldap_secure_localhost_port}} # Port used for TLS secure traffic. Priviledged port is supported (e.g. 636). Default: 1636 (non privileged port). +LDAP_LDAPS_PORT_NUMBER= {{ldaps_docker_port}} # Port used for TLS secure traffic. Priviledged port is supported (e.g. 636). Default: 1636 (non privileged port). # Security LDAP_ALLOW_ANON_BINDING= no # Allow anonymous bindings to the LDAP server. Default: yes. \ No newline at end of file diff --git a/roles/docker-ldap/templates/lam.env.j2 b/roles/docker-ldap/templates/lam.env.j2 index ee37ecc9..02a776d6 100644 --- a/roles/docker-ldap/templates/lam.env.j2 +++ b/roles/docker-ldap/templates/lam.env.j2 @@ -7,7 +7,7 @@ LAM_PASSWORD= {{applications.ldap.lam.administrator_password}} LAM_CONFIGURATION_DATABASE= files # configuration database (files or mysql) @todo implement mariadb # LDAP Configuration -LDAP_SERVER= {{applications.ldap.openldap.domain}} # domain of LDAP database root entry, will be converted to dc=...,dc=... -LDAP_BASE_DN= {{ldap_root}} # LDAP base DN to overwrite value generated by LDAP_DOMAIN -LDAP_USER= {{ldap_admin_dn}} # LDAP admin user (set as login user for LAM) +LDAP_SERVER= {{ldap.server.domain}} # domain of LDAP database root entry +LDAP_BASE_DN= {{ldap.dn.root}} # LDAP base DN to overwrite value generated by LDAP_DOMAIN +LDAP_USER= {{ldap.dn.administrator}} # LDAP admin user (set as login user for LAM) LDAP_ADMIN_PASSWORD= {{applications.ldap.administrator_database_password}} # LDAP admin password \ No newline at end of file diff --git a/roles/docker-ldap/templates/nginx.stream.conf.j2 b/roles/docker-ldap/templates/nginx.stream.conf.j2 index 710f14cc..58e88b6c 100644 --- a/roles/docker-ldap/templates/nginx.stream.conf.j2 +++ b/roles/docker-ldap/templates/nginx.stream.conf.j2 @@ -1,6 +1,6 @@ server { - listen {{ldap_secure_internet_port}} ssl; - proxy_pass 127.0.0.1:{{ldap_localhost_port}}; + listen {{ports.public.ldaps.openldap}}ssl; + proxy_pass 127.0.0.1:{{ports.localhost.ldap.openldap}}; # SSL Configuration for LDAPS {% include 'roles/letsencrypt/templates/ssl_credentials.j2' %} diff --git a/roles/docker-ldap/vars/main.yml b/roles/docker-ldap/vars/main.yml index 7df5a586..c3efbf85 100644 --- a/roles/docker-ldap/vars/main.yml +++ b/roles/docker-ldap/vars/main.yml @@ -1,10 +1,8 @@ -application_id: "ldap" -ldap_root: "dc={{primary_domain_sld}},dc={{primary_domain_tld}}" -ldap_admin_dn: "cn={{applications.ldap.administrator_username}},{{ldap_root}}" -ldap_secure_localhost_port: 1636 -ldap_secure_internet_port: 636 -ldap_localhost_port: 389 -ldap_network_enabled: "{{ldap.enabled}}" +application_id: "ldap" +ldaps_docker_port: 636 +ldap_docker_port: 389 +ldap_enabled: True + # OAuth2 Proxy Configuration oauth2_proxy_upstream_application_and_port: "{{ applications.ldap.webinterface }}:{% if applications.ldap.webinterface == 'phpldapadmin' %}8080{% else %}80{% endif %}" oauth2_proxy_active: true diff --git a/roles/docker-matrix-compose/tasks/main.yml b/roles/docker-matrix-compose/tasks/main.yml index 6879235f..23aede9f 100644 --- a/roles/docker-matrix-compose/tasks/main.yml +++ b/roles/docker-matrix-compose/tasks/main.yml @@ -7,7 +7,7 @@ include_tasks: certbot-and-globals.yml vars: domain: "{{domains.matrix_synapse}}" - http_port: "{{ports.localhost.http_ports.matrix_synapse}}" + http_port: "{{ports.localhost.http.matrix_synapse}}" - name: create {{well_known_directory}} file: @@ -26,14 +26,14 @@ dest: "{{nginx.directories.http.servers}}{{domains.matrix_synapse}}.conf" vars: # domain: "{{domains.matrix_synapse}}" This does not seem to work @todo Check how to solve without declaring set_fact, seems a bug at templates - http_port: "{{ports.localhost.http_ports.matrix_synapse}}" + http_port: "{{ports.localhost.http.matrix_synapse}}" notify: restart nginx - name: "include tasks nginx-docker-proxy-domain.yml for element" include_tasks: nginx-docker-proxy-domain.yml vars: domain: "{{domains.matrix_element}}" - http_port: "{{ports.localhost.http_ports.matrix_element}}" + http_port: "{{ports.localhost.http.matrix_element}}" - name: include create-and-seed-database.yml for multiple bridges include_tasks: create-and-seed-database.yml diff --git a/roles/docker-matrix-compose/templates/docker-compose.yml.j2 b/roles/docker-matrix-compose/templates/docker-compose.yml.j2 index 912295c6..a6f67387 100644 --- a/roles/docker-matrix-compose/templates/docker-compose.yml.j2 +++ b/roles/docker-matrix-compose/templates/docker-compose.yml.j2 @@ -19,7 +19,7 @@ services: - SYNAPSE_SERVER_NAME={{domains.matrix_synapse}} - SYNAPSE_REPORT_STATS=no ports: - - "127.0.0.1:{{ports.localhost.http_ports.matrix_synapse}}:8008" + - "127.0.0.1:{{ports.localhost.http.matrix_synapse}}:8008" healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8008/"] interval: 1m @@ -39,7 +39,7 @@ services: volumes: - ./element-config.json:/app/config.json ports: - - "127.0.0.1:{{ports.localhost.http_ports.matrix_element}}:80" + - "127.0.0.1:{{ports.localhost.http.matrix_element}}:80" healthcheck: test: ["CMD", "wget", "--spider", "-q", "http://localhost:80/"] interval: 1m diff --git a/roles/docker-matrix-compose/templates/nginx.conf.j2 b/roles/docker-matrix-compose/templates/nginx.conf.j2 index 5ec80060..2fad6007 100644 --- a/roles/docker-matrix-compose/templates/nginx.conf.j2 +++ b/roles/docker-matrix-compose/templates/nginx.conf.j2 @@ -1,7 +1,7 @@ server { # Somehow .j2 doesn't interpretate the passed variable right. For this reasons this redeclaration is necessary {% set domain = domains.matrix_synapse %} - {% set http_port = ports.localhost.http_ports.matrix_synapse %} + {% set http_port = ports.localhost.http.matrix_synapse %} server_name {{domain}}; {% include 'roles/letsencrypt/templates/ssl_header.j2' %} diff --git a/roles/docker-nextcloud/vars/main.yml b/roles/docker-nextcloud/vars/main.yml index 0a7e90aa..b0f355d7 100644 --- a/roles/docker-nextcloud/vars/main.yml +++ b/roles/docker-nextcloud/vars/main.yml @@ -4,4 +4,4 @@ database_password: "{{nextcloud_database_password}}" database_type: "mariadb" nextcloud_application_container_name: "nextcloud-application" nextcloud_nginx_container_name: "nextcloud-web" -ldap_network_enabled: "{{ldap.enabled}}" \ No newline at end of file +ldap_enabled: True \ No newline at end of file diff --git a/roles/docker-oauth2-proxy/templates/container.yml.j2 b/roles/docker-oauth2-proxy/templates/container.yml.j2 index 3a043e10..bd72db0a 100644 --- a/roles/docker-oauth2-proxy/templates/container.yml.j2 +++ b/roles/docker-oauth2-proxy/templates/container.yml.j2 @@ -4,6 +4,6 @@ command: --config /oauth2-proxy.cfg hostname: oauth2-proxy ports: - - {{ports.localhost.oauth2_proxy_ports[application_id]}}:4180/tcp + - {{ports.localhost.oauth2_proxy[application_id]}}:4180/tcp volumes: - "{{docker_compose.directories.volumes}}{{applications.oauth2_proxy.configuration_file}}:/oauth2-proxy.cfg" \ No newline at end of file diff --git a/roles/docker-openproject/vars/main.yml b/roles/docker-openproject/vars/main.yml index bf9ee4ae..048838ad 100644 --- a/roles/docker-openproject/vars/main.yml +++ b/roles/docker-openproject/vars/main.yml @@ -15,4 +15,4 @@ dummy_volume: "{{docker_compose.directories.volu oauth2_proxy_upstream_application_and_port: "proxy:80" oauth2_proxy_active: true -ldap_network_enabled: "{{ldap.enabled}}" \ No newline at end of file +ldap_enabled: True \ No newline at end of file diff --git a/roles/docker-snipe_it/templates/docker-compose.yml.j2 b/roles/docker-snipe_it/templates/docker-compose.yml.j2 index 1ba528fb..56785eb9 100644 --- a/roles/docker-snipe_it/templates/docker-compose.yml.j2 +++ b/roles/docker-snipe_it/templates/docker-compose.yml.j2 @@ -10,7 +10,7 @@ services: volumes: - data:/var/lib/snipeit ports: - - "127.0.0.1:{{ports.localhost.http_ports.snipe_it}}:80" + - "127.0.0.1:{{ports.localhost.http.snipe_it}}:80" {% include 'templates/docker/container/depends-on-database-redis.yml.j2' %} {% include 'templates/docker/container/networks.yml.j2' %} diff --git a/roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 b/roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 index 067ecc4e..c38640f4 100644 --- a/roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 +++ b/roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 @@ -13,7 +13,7 @@ server # OAuth2-Proxy-Endpoint location /oauth2/ { - proxy_pass http://127.0.0.1:{{ports.localhost.oauth2_proxy_ports[application_id]}}; + proxy_pass http://127.0.0.1:{{ports.localhost.oauth2_proxy[application_id]}}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/templates/docker/compose/networks.yml.j2 b/templates/docker/compose/networks.yml.j2 index 3f4a3dc7..4d4cc6f0 100644 --- a/templates/docker/compose/networks.yml.j2 +++ b/templates/docker/compose/networks.yml.j2 @@ -4,7 +4,7 @@ networks: central_{{ database_type }}: external: true {% endif %} -{% if ldap_network_enabled | bool %} +{% if ldap_enabled | bool and applications.ldap.openldap.network.local | bool %} central_ldap: external: true {% endif %} diff --git a/templates/docker/container/networks.yml.j2 b/templates/docker/container/networks.yml.j2 index 0d5b5230..8c4ea9cd 100644 --- a/templates/docker/container/networks.yml.j2 +++ b/templates/docker/container/networks.yml.j2 @@ -3,7 +3,7 @@ {% if enable_central_database | bool and database_type is defined %} central_{{ database_type }}: {% endif %} -{% if ldap_network_enabled | bool %} +{% if ldap_enabled | bool and applications.ldap.openldap.network.local | bool %} central_ldap: {% endif %} default: