Big restructuring

roles/docker-snipe-it/Administration.md

@@ -0,0 +1,7 @@
+# Administration 🛠️
+Clear and restart the application:
+```bash
+docker-compose exec application php artisan config:clear
+docker-compose exec application php artisan cache:clear
+docker-compose restart application
+```

roles/docker-snipe-it/README.md

@@ -0,0 +1,40 @@
+# Snipe‑IT
+
+## Description
+
+Snipe‑IT is an open‑source asset management system designed to streamline hardware and software inventory tracking. This deployment provides an automated, containerized solution using Docker Compose, centralized MariaDB database integration, and secure, configurable environment settings—including robust SMTP email support and pending SAML authentication enhancements.
+
+## Overview
+
+This Docker deployment uses Ansible automation to set up Snipe‑IT along with necessary services such as a MariaDB database, an optional OAuth2 proxy for additional security, and a reverse proxy configuration. The system is built for reliable asset management in various environments.
+
+## Features
+
+- **Automated Deployment:**  
+  Launch Snipe‑IT quickly with Docker Compose and Ansible automation for a production‑ready platform.
+
+- **Centralized Database Support:**  
+  Leverage MariaDB for secure and reliable data storage.
+
+- **Configurable SMTP Settings:**  
+  Manage email notifications and alerts with customizable SMTP configurations.
+
+- **Optional SAML Authentication:**  
+  Prepare for enhanced, standards‑based authentication (integration pending).
+
+- **Redis Caching:**  
+  Improve application performance with built‑in Redis caching support.
+
+## Other Resources
+
+- [Snipe‑IT Official Documentation](https://snipe-it.readme.io/docs/ldap-sync-login)
+- [SAML Setup Instructions](https://snipe-it.readme.io/docs/saml)
+- [Mattermost SSO Integration Guide](https://docs.mattermost.com/onboard/sso-saml-keycloak.html)
+- [Additional GitHub Issues and Discussions](https://github.com/snipe/snipe-it/issues)
+
+## Credits
+
+Developed and maintained by **Kevin Veen-Birkenbach**.  
+Learn more at [veen.world](https://veen.world)  
+Part of the [CyMaIS Project](https://github.com/kevinveenbirkenbach/cymais)  
+License: [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl)

roles/docker-snipe-it/meta/main.yml

@@ -0,0 +1,30 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Snipe‑IT is an open‑source asset management system providing a containerized deployment with centralized MariaDB integration, configurable SMTP settings, and pending SAML authentication enhancements for secure asset tracking and management."
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: |
+    Kevin Veen-Birkenbach  
+    Consulting & Coaching Solutions  
+    https://www.veen.world
+  min_ansible_version: "2.9"
+  platforms:
+    - name: Linux
+      versions:
+        - all
+  galaxy_tags:
+    - snipe-it
+    - asset-management
+    - docker
+    - mariadb
+    - smtp
+    - saml
+    - automation
+  repository: "https://s.veen.world/cymais"
+  issue_tracker_url: "https://s.veen.world/cymaisissues"
+  documentation: "https://s.veen.world/cymais"
+  logo:
+    class: "fa-solid fa-box"
+dependencies: []
+

roles/docker-snipe-it/meta/schema.yml

@@ -0,0 +1,10 @@
+credentials:
+  database_password:
+    description: "Password for the Snipe-IT database user"
+    algorithm: "bcrypt"
+    validation: "^\\$2[aby]\\$.{56}$"
+
+  app_key:
+    description: "Application encryption key for Snipe-IT (.env APP_KEY)"
+    algorithm: "plain"
+    validation: "^base64:[A-Za-z0-9+/=]{40,}$"

roles/docker-snipe-it/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+- name: "include docker-central-database"
+  include_role: 
+    name: docker-central-database
+
+- name: "include role nginx-domain-setup for {{application_id}}"
+  include_role:
+    name: nginx-domain-setup
+  vars:
+    domain:   "{{ domains | get_domain(application_id) }}"
+    http_port:   "{{ ports.localhost.http[application_id] }}"
+
+- name: "copy docker-compose.yml and env file"
+  include_tasks: copy-docker-compose-and-env.yml

roles/docker-snipe-it/templates/docker-compose.yml.j2

@@ -0,0 +1,26 @@
+services:
+
+{% include 'templates/docker/services/redis.yml.j2' %}
+
+{% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
+
+  application:
+    image: grokability/snipe-it:{{applications[application_id].version}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+    volumes:
+      - data:/var/lib/snipeit
+    ports:
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
+{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
+{% include 'templates/docker/container/networks.yml.j2' %}
+    healthcheck:
+      test: ["CMD", "bash", "-c", "exec 3<>/dev/tcp/localhost/80 && echo -e 'GET / HTTP/1.1\\r\\nHost: localhost\\r\\nConnection: close\\r\\n\\r\\n' >&3 && cat <&3 | grep -q 'HTTP/1.1'"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      
+{% include 'templates/docker/compose/volumes.yml.j2' %}
+  redis:
+  data:
+
+{% include 'templates/docker/compose/networks.yml.j2' %}

roles/docker-snipe-it/templates/env.j2

@@ -0,0 +1,168 @@
+# --------------------------------------------
+# REQUIRED: BASIC APP SETTINGS
+# --------------------------------------------
+APP_ENV=production
+APP_DEBUG={{enable_debug | string | lower }}
+# Please regenerate the APP_KEY value by calling `docker compose run --rm app php artisan key:generate --show`. Copy paste the value here
+APP_KEY={{applications[application_id].credentials.app_key}}
+APP_URL=https://{{domains | get_domain(application_id)}}
+# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones - TZ identifier
+APP_TIMEZONE='{{ HOST_TIMEZONE }}'
+APP_LOCALE={{ HOST_LL }}
+MAX_RESULTS=500
+
+# --------------------------------------------
+# REQUIRED: UPLOADED FILE STORAGE SETTINGS
+# --------------------------------------------
+PRIVATE_FILESYSTEM_DISK=local
+PUBLIC_FILESYSTEM_DISK=local_public
+
+# --------------------------------------------
+# REQUIRED: DATABASE SETTINGS
+# --------------------------------------------
+DB_CONNECTION=mysql
+DB_HOST={{database_host}}
+DB_PORT={{database_port}}
+DB_DATABASE={{database_name}}
+DB_USERNAME={{database_username}}
+DB_PASSWORD={{database_password}}
+
+{% if not applications | is_feature_enabled('central_database',application_id) %}
+MYSQL_ROOT_PASSWORD={{database_password}}
+DB_PREFIX=null
+DB_DUMP_PATH='/usr/bin'
+DB_CHARSET=utf8mb4
+DB_COLLATION=utf8mb4_unicode_ci
+{% endif %}
+# --------------------------------------------
+# OPTIONAL: SSL DATABASE SETTINGS
+# --------------------------------------------
+DB_SSL=false
+DB_SSL_IS_PAAS=false
+DB_SSL_KEY_PATH=null
+DB_SSL_CERT_PATH=null
+DB_SSL_CA_PATH=null
+DB_SSL_CIPHER=null
+DB_SSL_VERIFY_SERVER=null
+
+# --------------------------------------------
+# REQUIRED: OUTGOING MAIL SERVER SETTINGS
+# --------------------------------------------
+MAIL_MAILER             =   smtp
+MAIL_HOST               =   {{system_email.host}}
+MAIL_PORT               =   {{system_email.port}}
+MAIL_USERNAME           =   {{ users['no-reply'].email }}
+MAIL_PASSWORD           =   {{ users['no-reply'].mailu_token }}
+MAIL_TLS_VERIFY_PEER    =   {{ system_email.tls | capitalize }}
+MAIL_FROM_ADDR          =   {{ users['no-reply'].email }}
+MAIL_FROM_NAME          =   {{ service_provider.company.titel }} - Snipe-IT
+MAIL_REPLYTO_ADDR       =   {{ users['no-reply'].email }}
+MAIL_REPLYTO_NAME       =   {{ service_provider.company.titel }} - Snipe-IT
+MAIL_AUTO_EMBED_METHOD  =   'attachment'
+
+# --------------------------------------------
+# REQUIRED: DATA PROTECTION
+# --------------------------------------------
+ALLOW_BACKUP_DELETE=false
+ALLOW_DATA_PURGE=false
+
+# --------------------------------------------
+# REQUIRED: IMAGE LIBRARY
+# This should be gd or imagick
+# --------------------------------------------
+IMAGE_LIB=gd
+
+# --------------------------------------------
+# OPTIONAL: BACKUP SETTINGS
+# --------------------------------------------
+MAIL_BACKUP_NOTIFICATION_DRIVER=null
+MAIL_BACKUP_NOTIFICATION_ADDRESS=null
+BACKUP_ENV=true
+
+# --------------------------------------------
+# OPTIONAL: SESSION SETTINGS
+# --------------------------------------------
+SESSION_LIFETIME=12000
+EXPIRE_ON_CLOSE=false
+ENCRYPT=false
+COOKIE_NAME=snipeit_session
+COOKIE_DOMAIN=null
+SECURE_COOKIES=true
+API_TOKEN_EXPIRATION_YEARS=40
+
+# --------------------------------------------
+# OPTIONAL: SECURITY HEADER SETTINGS
+# --------------------------------------------
+APP_TRUSTED_PROXIES=**
+ALLOW_IFRAMING=false
+REFERRER_POLICY=same-origin
+ENABLE_CSP=false
+CORS_ALLOWED_ORIGINS=null
+ENABLE_HSTS=true               # Certificates managed by nginx
+
+# --------------------------------------------
+# OPTIONAL: CACHE SETTINGS
+# --------------------------------------------
+CACHE_DRIVER=file
+SESSION_DRIVER=file
+QUEUE_DRIVER=sync
+CACHE_PREFIX=snipeit
+
+# --------------------------------------------
+# OPTIONAL: REDIS SETTINGS
+# --------------------------------------------
+REDIS_HOST=redis
+REDIS_PASSWORD=null
+REDIS_PORT=6379
+
+# --------------------------------------------
+# OPTIONAL: MEMCACHED SETTINGS
+# --------------------------------------------
+MEMCACHED_HOST=null
+MEMCACHED_PORT=null
+
+# --------------------------------------------
+# OPTIONAL: PUBLIC S3 Settings
+# --------------------------------------------
+PUBLIC_AWS_SECRET_ACCESS_KEY=null
+PUBLIC_AWS_ACCESS_KEY_ID=null
+PUBLIC_AWS_DEFAULT_REGION=null
+PUBLIC_AWS_BUCKET=null
+PUBLIC_AWS_URL=null
+PUBLIC_AWS_BUCKET_ROOT=null
+
+# --------------------------------------------
+# OPTIONAL: PRIVATE S3 Settings
+# --------------------------------------------
+PRIVATE_AWS_ACCESS_KEY_ID=null
+PRIVATE_AWS_SECRET_ACCESS_KEY=null
+PRIVATE_AWS_DEFAULT_REGION=null
+PRIVATE_AWS_BUCKET=null
+PRIVATE_AWS_URL=null
+PRIVATE_AWS_BUCKET_ROOT=null
+
+# --------------------------------------------
+# OPTIONAL: AWS Settings
+# --------------------------------------------
+AWS_ACCESS_KEY_ID=null
+AWS_SECRET_ACCESS_KEY=null
+AWS_DEFAULT_REGION=null
+
+# --------------------------------------------
+# OPTIONAL: LOGIN THROTTLING
+# --------------------------------------------
+LOGIN_MAX_ATTEMPTS=5
+LOGIN_LOCKOUT_DURATION=60
+RESET_PASSWORD_LINK_EXPIRES=900
+
+# --------------------------------------------
+# OPTIONAL: MISC
+# --------------------------------------------
+LOG_CHANNEL=stderr
+LOG_MAX_DAYS=10
+APP_LOCKED=false
+APP_CIPHER=AES-256-CBC
+APP_FORCE_TLS=true
+GOOGLE_MAPS_API=
+LDAP_MEM_LIM=500M
+LDAP_TIME_LIM=600

roles/docker-snipe-it/vars/configuration.yml

@@ -0,0 +1,9 @@
+version:              "latest"
+features:
+  matomo:             true
+  css:                true
+  portfolio_iframe:   false
+  central_database:   true
+domains:
+  canonical:
+    - "inventory.{{ primary_domain }}"

roles/docker-snipe-it/vars/main.yml

@@ -0,0 +1,3 @@
+application_id:     "snipe-it"
+database_password:  "{{applications[application_id].credentials.database_password}}"
+database_type:      "mariadb"