kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-04-20 23:14:56 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refactored CyMaIS basic features and optimized wordpress implementation

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-04-18 23:17:29 +02:00
parent ec5beff22f
commit f8c984d6c2
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
56 changed files with 1262 additions and 325 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
Makefile Normal file
View File

@ -0,0 +1,15 @@
# Makefile for j2render
TEMPLATE=./templates/vars/applications.yml.j2
OUTPUT=./group_vars/all/07_applications.yml
build:
@echo "🔧 Building rendered file from $(TEMPLATE)..."
@mkdir -p $(dir $(OUTPUT))
j2r $(TEMPLATE) $(OUTPUT)
@echo "✅ Output written to $(OUTPUT)"
install: build
test:
python -m unittest discover -s tests/unit

13
docs/guides/developer/Role_Creation.md
View File

@ -17,10 +17,15 @@ defaults_applications:
## My Service Configuration
my_service:
version: "latest" # Version of the service
matomo_tracking_enabled: true # Enable Matomo tracking for analytics
css_enabled: true # Enable or disable global CSS styling
landingpage_iframe_enabled: false # Allow embedding the landing page in an iframe (if true)
version: "latest"
features: # Version of the service
matomo: true # Enable Matomo tracking for analytics
css: true # Enable or disable global CSS styling
iframe: false # Allow embedding the landing page in an iframe (if true)
database: true # Enable central database integration
ldap: true # Enable ldap integration
oauth2: true # Enable oauth2 proxy
oidc: true # Enable oidc
```
---

16
filter_plugins/configuration_filters.py
View File

@ -1,20 +1,20 @@
def get_oauth22_enabled(applications, application_id):
def get_oauth2_enabled(applications, application_id):
# Retrieve the application dictionary based on the ID
app = applications.get(application_id, {})
# Retrieve the value for oauth2_proxy.enabled, default is False
enabled = app.get('oauth2_proxy', {}).get('enabled', False)
enabled = app.get('features', {}).get('oauth2', False)
return bool(enabled)
def get_oidc_enabled(applications, application_id):
# Retrieve the application dictionary based on the ID
app = applications.get(application_id, {})
# Retrieve the value for oidc.enabled, default is False
enabled = app.get('oidc', {}).get('enabled', False)
enabled = app.get('features', {}).get('oidc', False)
return bool(enabled)
def get_landingpage_iframe_enabled(applications, application_id):
def get_features_iframe(applications, application_id):
app = applications.get(application_id)
enabled = app.get('landingpage_iframe_enabled')
enabled = app.features.iframe
return bool(enabled)
def get_database_central_storage(applications, application_id):
@ -24,14 +24,14 @@ def get_database_central_storage(applications, application_id):
If not defined, None is returned.
"""
app = applications.get(application_id, {})
db_type = app.get('database', {}).get('central_storage', False)
db_type = app.get('features', {}).get('database', False)
return db_type
class FilterModule(object):
def filters(self):
return {
'get_oidc_enabled': get_oidc_enabled,
'get_oauth2_enabled': get_oauth22_enabled,
'get_oauth2_enabled': get_oauth2_enabled,
'get_database_central_storage': get_database_central_storage,
'get_landingpage_iframe_enabled': get_landingpage_iframe_enabled,
'get_features_iframe': get_features_iframe,
}

1
group_vars/all/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
*_applications.yml

17
group_vars/all/00_general.yml
View File

@ -52,20 +52,3 @@ enable_wildcard_certificate: false
# This enables debugging in ansible and in the apps
# You SHOULD NOT enable this on production servers
enable_debug: false
#########################
## ENABLED DEFAULTS ##
#########################
# The following defaults are used for the default_applications
# It can be that in a default_applications the value for one application is overwritten.
# You can overwritte it in this case in the applications in your inventory
## Matomo Tracking
matomo_tracking_enabled_default: true # Enables\Disables Matomo tracking on all html pages by default.
## CSS
css_enabled_default: true # Enables\Disables Global CSS on all html pages by default.
## iframe for primary domain
landingpage_iframe_enabled_default: true # Enables\Disables the possibility to be embedded via iframe by default.

440
group_vars/all/07_applications.yml
View File

@ -1,3 +1,4 @@
# Docker Applications
## Docker Role Specific Parameters
@ -11,9 +12,7 @@ docker_restart_policy: "unless-stopped"
# If other applications depend on this variables, propably it makes sense to define it in e.g. IMA or other variable files.
# helper
_applications_nextcloud_ldap_enabled: "{{ applications.nextcloud.ldap.enabled | default(true) }}"
_applications_nextcloud_oidc_enabled: "{{ applications.nextcloud.oidc.enabled | default(true) }}"
_applications_nextcloud_oidc_flavor: "{{ applications.nextcloud.oidc.flavor | default('oidc_login' if _applications_nextcloud_ldap_enabled else 'sociallogin') }}"
_applications_nextcloud_oidc_flavor: "{{ applications.nextcloud.oidc.flavor | default('oidc_login' if applications.nextcloud.features.ldap | default(true) else 'sociallogin') }}"
# applications
@ -25,48 +24,46 @@ defaults_applications:
company_name: "{{primary_domain}}"
company_email: "{{users.administrator.email}}"
setup_admin_email: "{{users.administrator.email}}"
database:
central_storage: True
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
database: True # Enables use of central database
## Assets Server
assets_server:
source_directory: "{{ playbook_dir }}/assets" # Directory from which the assets will be copied
url: "https://{{domains.file_server}}/assets" # Public address of the assets directory
## Attendize
attendize:
version: "latest"
database:
central_storage: True
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
database: True # Enables use of central database
## Baserow
baserow:
version: "latest"
database:
central_storage: True
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: True # Allows embedding via iframe on landing page
database: True # Enables use of central database
## Big Blue Button
bigbluebutton:
enable_greenlight: "true"
setup: false # Set to true in inventory file for initial setup
oidc:
enabled: true # Activate OIDC
database:
central_storage: True
ldap:
enabled: False # @todo LDAP needs to get propper implemented and tested, just set values during refactoring
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
# @todo LDAP needs to get propper implemented and tested, just set values during refactoring
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: True # Allows embedding via iframe on landing page
ldap: False # Enables LDAP integration and networking
oidc: True # Enables OpenID Connect (OIDC) authentication
database: True # Enables use of central database
credentials:
# shared_secret: # Needs to be defined in inventory file
# etherpad_api_key: # Needs to be defined in inventory file
@ -87,11 +84,11 @@ defaults_applications:
#jwt_secret: # Needs to be defined in inventory file - Use: openssl rand -base64 64 | tr -d '\n'
#plc_rotation_key_k256_private_key_hex: # Needs to be defined in inventory file - Use: openssl rand -hex 32
#admin_password: # Needs to be defined in inventory file - Use: openssl rand -base64 16
database:
central_storage: True
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: True # Allows embedding via iframe on landing page
database: True # Enables use of central database
# Chromium Browser
chromium:
@ -110,20 +107,25 @@ defaults_applications:
network: "discourse_default" # Name of the docker network
container: "discourse_application" # Name of the container application
repository: "discourse_repository" # Name of the repository folder
# database_password: # Needs to be defined in inventory file
oidc:
enabled: true # Activate OIDC
credentials:
database:
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
# password: # Needs to be defined in inventory file
master_api:
# key: # Needs to be defined in inventory file
username: "{{ users.administrator.username }}" # Username for the Master API
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: True # Allows embedding via iframe on landing page
oidc: True # Enables OpenID Connect (OIDC) authentication
database: True # Enables use of central database
## File Server
file_server:
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "true" # Landingpage should be embeded in portfolio
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: True # Allows embedding via iframe on landing page
# Firefox Browser
firefox:
@ -134,47 +136,45 @@ defaults_applications:
## Friendica
friendica:
version: "latest"
oidc:
enabled: true # Activate OIDC. Plugin is not working yet
database:
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: True # Allows embedding via iframe on landing page
oidc: True # Enables OpenID Connect (OIDC) authentication
database: True # Enables use of central database
## Funkwhale
funkwhale:
version: "1.4.0"
ldap:
enabled: True # Enables LDAP by default @todo check implementation
database:
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: True # Allows embedding via iframe on landing page
ldap: True # Enables LDAP integration and networking
database: True # Enables use of central database
## Gitea
gitea:
version: "latest" # Use latest docker image
database:
central_storage: True # Activate Central Database Storage
configuration:
repository:
enable_push_create_user: True # Allow users to push local repositories to Gitea and have them automatically created for a user.
default_private: last # Default private when creating a new repository: last, private, public
default_push_create_private: True # Default private when creating a new repository with push-to-create.
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: True # Allows embedding via iframe on landing page
database: True # Enables use of central database
## Gitlab
gitlab:
version: "latest"
database:
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: True # Allows embedding via iframe on landing page
database: True # Enables use of central database
## Gnome
gnome:
@ -186,15 +186,17 @@ defaults_applications:
## Joomla
joomla:
version: "latest"
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: True # Allows embedding via iframe on landing page
## HTML Server
html_server:
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "true" # Landingpage should be embeded in portfolio
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
## Keycloak
keycloak:
@ -202,31 +204,31 @@ defaults_applications:
users:
administrator:
username: "{{users.administrator.username}}" # Administrator Username for Keycloak
ldap:
enabled: True # Enables LDAP by default
import_realm: True # If True realm will be imported. If false skip.
database:
central_storage: True # Activate Central Database Storage
# database_password: # Needs to be defined in inventory file
# administrator_password: # Needs to be defined in inventory file
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: false # Disabled by default, because it leads to authentification problems
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: True # Allows embedding via iframe on landing page
ldap: True # Enables LDAP integration and networking
database: True # Enables use of central database
# LDAP Account Manager
lam:
version: "latest"
# administrator_password: "{{users.administrator.initial_password}}" # CHANGE for security reasons
ldap:
enabled: True # Should have the same value as applications.ldap.network.local.
oauth2_proxy:
enabled: true # Activate the OAuth2 Proxy for the LDAP Webinterface
application: application # Needs to be the same as webinterface
port: 80 # application port
# cookie_secret: None # Set via openssl rand -hex 16
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: True # Allows embedding via iframe on landing page
ldap: True # Enables LDAP integration and networking
oauth2: False # Enables OAuth2 proxy integration
database: False # Enables use of central database
## LDAP
ldap:
@ -242,8 +244,8 @@ defaults_applications:
# administrator_password: # CHANGE for security reasons in inventory file
# administrator_database_password: # CHANGE for security reasons in inventory file
force_import: False # Forces the import of the LDIF files
ldap:
enabled: True # Enables LDAP network by default
features:
ldap: True # Enables LDAP integration and networking
## Libre Office
libreoffice:
@ -257,31 +259,31 @@ defaults_applications:
public_api_activated: False # Security hole. Can be used for spaming
version: "latest" # Docker Image version
setup: false # Set true in inventory file to execute the setup and initializing procedures
database:
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: True # Allows embedding via iframe on landing page
database: True # Enables use of central database
mailu:
version: "2024.06" # Docker Image Version
setup: false # Set true in inventory file to execute the setup and initializing procedures
oidc:
enabled: true # Activate OIDC for Mailu
email_by_username: true # If true, then the mail is set by the username. If wrong then the OIDC user email is used
enable_user_creation: true # Users will be created if not existing
domain: "{{primary_domain}}" # The main domain from which mails will be send \ email suffix behind @
# I don't know why the database deactivation is necessary
database:
central_storage: False # Deactivate central database for mailu
credentials:
# secret_key: # Set to a randomly generated 16 bytes string
# database_password: # Needs to be set in inventory file
# api_token: # Configures the authentication token. The minimum length is 3 characters. This is a mandatory setting for using the RESTful API.
# initial_administrator_password: # Initial administrator password for setup
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: true # Default enabled because working well in iframe
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: True # Allows embedding via iframe on landing page
oidc: True # Enables OpenID Connect (OIDC) authentication
database: False # Enables use of central database
# Deactivate central database for mailu, I don't know why the database deactivation is necessary
## MariaDB
mariadb:
@ -291,25 +293,21 @@ defaults_applications:
matomo:
version: "latest"
oauth2_proxy:
enabled: false # Deactivated atm. @todo implement
# cookie_secret: None # Set via openssl rand -hex 16
# database_password: Null # Needs to be set in inventory file
# auth_token: Null # Needs to be set in inventory file
database:
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: false # Activate in inventory file if you want to have the statistics, as soon as matomo is running
css_enabled: false # Not optimized yet for matomo
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
features:
matomo: False # Enables Matomo tracking
css: False # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
oauth2: False # Enables OAuth2 proxy integration
database: True # Enables use of central database
## Mastodon
mastodon:
version: "latest"
single_user_mode: false # Set true for initial setup
setup: false # Set true in inventory file to execute the setup and initializing procedures
database:
central_storage: True # Activate Central Database Storage
oidc:
enabled: True # Activate OIDC for Mastodon
credentials:
# Check out the README.md of the docker-mastodon role to get detailled instructions about how to setup the credentials
# database_password:
@ -322,9 +320,12 @@ defaults_applications:
# deterministic_key:
# key_derivation_salt:
# primary_key:
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
oidc: True # Enables OpenID Connect (OIDC) authentication
database: True # Enables use of central database
## Matrix
matrix:
@ -339,13 +340,13 @@ defaults_applications:
element:
version: "latest"
setup: false # Set true in inventory file to execute the setup and initializing procedures
database:
central_storage: True # Activate Central Database Storage
oidc:
enabled: False # Deactivated OIDC due to this issue https://github.com/matrix-org/synapse/issues/10492
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
oidc: False # Enables OpenID Connect (OIDC) authentication
database: True # Enables use of central database
# Deactivated OIDC due to this issue https://github.com/matrix-org/synapse/issues/10492
## Moodle
moodle:
@ -355,20 +356,20 @@ defaults_applications:
username: "{{users.administrator.username}}"
email: "{{users.administrator.email}}"
version: "latest"
database:
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
database: True # Enables use of central database
## MyBB
mybb:
version: "latest"
database:
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
database: True # Enables use of central database
## Nextcloud
nextcloud:
@ -376,17 +377,19 @@ defaults_applications:
ldap:
enabled: True # Enables LDAP by default
oidc:
enabled: "{{ _applications_nextcloud_oidc_enabled }}" # Activate OIDC for Nextcloud
enabled: "{{ applications.nextcloud.features.oidc | default(true) }}" # Activate OIDC for Nextcloud
# floavor decides which OICD plugin should be used.
# Available options: oidc_login, sociallogin
# @see https://apps.nextcloud.com/apps/oidc_login
# @see https://apps.nextcloud.com/apps/sociallogin
flavor: "oidc_login" # Keeping on sociallogin because the other option is not implemented yet
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
database:
central_storage: True # Activate Central Database Storage
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
ldap: True # Enables LDAP integration and networking
oidc: True # Enables OpenID Connect (OIDC) authentication
database: True # Enables use of central database
credentials:
# database_password: Null # Needs to be set in inventory file
users:
@ -577,13 +580,13 @@ defaults_applications:
# enabled: false
twofactor_nextcloud_notification:
# Nextcloud two-factor notification: sends notifications for two-factor authentication events (https://apps.nextcloud.com/apps/twofactor_nextcloud_notification)
enabled: "{{ (not _applications_nextcloud_oidc_enabled) | lower }}" # Deactivate 2FA if oidc is active
enabled: "{{ not applications.nextcloud.features.oidc | default(true) }}" # Deactivate 2FA if oidc is active
twofactor_totp:
# Nextcloud two-factor TOTP: provides time-based one-time password authentication (https://apps.nextcloud.com/apps/twofactor_totp)
enabled: "{{ (not _applications_nextcloud_oidc_enabled) | lower }}" # Deactivate 2FA if oidc is active
enabled: "{{ not applications.nextcloud.features.oidc | default(true) }}" # Deactivate 2FA if oidc is active
user_ldap:
# Nextcloud user LDAP: integrates LDAP for user management and authentication (https://apps.nextcloud.com/apps/user_ldap)
enabled: "{{ _applications_nextcloud_ldap_enabled | lower }}"
enabled: "{{ applications.nextcloud.features.ldap | default(true) }}"
user_oidc:
# Nextcloud User OIDC: integrates OpenID Connect for user authentication (https://apps.nextcloud.com/apps/user_oidc)
enabled: "{{ _applications_nextcloud_oidc_flavor=='user_oidc' | lower }}"
@ -600,37 +603,38 @@ defaults_applications:
version: "latest" # Docker Image version
redirect_url: "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
## Open Project
openproject:
version: "13" # Update when available. Sadly no rolling release implemented
oauth2_proxy:
enabled: true # OpenProject doesn't support OIDC, so this procy in combination with LDAP is needed
application: "proxy"
port: "80"
# cookie_secret: None # Set via openssl rand -hex 16
ldap:
enabled: True # Enables LDAP by default
filters:
administrators: True # Set true to filter administrators
users: False # Set true to filter users
database:
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
ldap: True # Enables LDAP integration and networking
oauth2: True # Enables OAuth2 proxy integration
database: True # Enables use of central database
## Peertube
peertube:
version: "bookworm"
database:
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
database: True # Enables use of central database
## PgAdmin
pgadmin:
@ -642,56 +646,54 @@ defaults_applications:
email: "{{ users.administrator.email }}" # Initial login email address
password: "{{ users.administrator.initial_password }}" # Initial login password should be overridden in inventory for security
oauth2_proxy:
enabled: true # Enable OAuth2 proxy for authentication
application: "application"
port: "80"
# cookie_secret: None # Set via: openssl rand -hex 16
database:
central_storage: True # Uses central PostgreSQL database
matomo_tracking_enabled: "{{ matomo_tracking_enabled_default }}" # Enables/Disables Matomo Tracking
css_enabled: "{{ css_enabled_default }}" # Enables/Disables global CSS styling
landingpage_iframe_enabled: "{{ landingpage_iframe_enabled_default }}" # Enables/Disables embedding via iframe
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
oauth2: True # Enables OAuth2 proxy integration
database: True # Enables use of central database
## phpLDAPadmin
phpldapadmin:
version: "2.0.0-dev" # @todo Attention: Change this as fast as released to latest
ldap:
enabled: True # Should have the same value as applications.ldap.network.local.
oauth2_proxy:
enabled: true # Activate the OAuth2 Proxy for the LDAP Webinterface
application: application # Needs to be the same as webinterface
port: 8080 # application port
# cookie_secret: None # Set via openssl rand -hex 16
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
ldap: True # Enables LDAP integration and networking
oauth2: True # Enables OAuth2 proxy integration
## PHPMyAdmin
phpmyadmin:
version: "latest" # Use the latest phpmyadmin version
autologin: false # This is a high security risk. Just activate this option if you know what you're doing
oauth2_proxy:
enabled: true
port: "80"
application: "application"
# cookie_secret: None # Set via openssl rand -hex 16
database:
central_storage: True # Activate Central Database Storage
css:
enabled: False # The css needs more optimation for PHPMyAdmin
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
features:
matomo: True # Enables Matomo tracking
css: False # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
oauth2: True # Enables OAuth2 proxy integration
database: True # Enables use of central database
## Pixelfed
pixelfed:
titel: "Pictures on {{primary_domain}}"
version: "latest"
database:
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
database: True # Enables use of central database
## Postgres
# Please set an version in your inventory file - Rolling release for postgres isn't recommended
@ -699,50 +701,50 @@ defaults_applications:
version: "latest"
portfolio:
database:
central_storage: False # Portfolio doesn't use any database
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: false # Doesn't make sense to load landingpage in landingpage
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
## Presentation
presentation:
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: False # Would mess with the presentation layout
landingpage_iframe_enabled: True # Makes sense to make the documentary allways in iframe available
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: True # Allows embedding via iframe on landing page
# Snipe-IT
snipe_it:
version: "latest"
database:
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
database: True # Enables use of central database
## Sphinx
sphinx:
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: true # Makes sense to make the documentary allways in iframe available
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
## Taiga
taiga:
version: "latest"
database:
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
oidc:
# Taiga doesn't have a functioning oidc support at the moment
# See
# - https://community.taiga.io/t/taiga-and-oidc-plugin/4866
#
# Due to this reason this plutin is deactivated atm
enabled: False # De\Activate OIDC for Taiga
flavor: 'taigaio' # Potential flavors: robrotheram, taigaio
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
oidc: False # Enables OpenID Connect (OIDC) authentication
database: True # Enables use of central database
## YOURLS
yourls:
@ -751,16 +753,16 @@ defaults_applications:
username: "{{users.administrator.username}}"
version: "latest"
oauth2_proxy:
enabled: true
application: "application"
port: "80"
location: "/admin/" # Protects the admin area
# cookie_secret: None # Set via openssl rand -hex 16
database:
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
features:
matomo: True # Enables Matomo tracking
css: True # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
oauth2: True # Enables OAuth2 proxy integration
database: True # Enables use of central database
wordpress:
# Deactivate Global theming for wordpress role
@ -769,16 +771,18 @@ defaults_applications:
#
# May a solution could be to generate a template or css file dedicated
# for wordpress based on the theming values and import it.
database:
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: false # CSS is hard to tweak for wordpress
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
oidc:
enabled: true # Activate OIDC
title: "Blog"
credentials:
administrator:
title: "Blog" # Wordpress titel
credentials: # Credentials
administrator: # Wordpress administrator
username: "{{users.administrator.username}}" # Username of the wordpress administrator
# password: # Password of the wordpress administrator
email: "{{users.administrator.email}}" # Email of the wordpress adminsitrator
plugins:
discourse: false
oidc: true
features:
matomo: True # Enables Matomo tracking
css: False # Enables custom CSS styling
iframe: False # Allows embedding via iframe on landing page
oidc: True # Enables OpenID Connect (OIDC) authentication
database: True # Enables use of central database

2
main.py
View File

@ -30,7 +30,7 @@ def run_ansible_playbook(inventory: str, playbook: str, modes: dict, limit: str
if verbose:
# Append a single flag with multiple "v"s (e.g. -vvv)
cmd.append("-" + "v" * verbose)
subprocess.run(['make','build'], check=True)
subprocess.run(cmd, check=True)
def main():

2
requirements.yml
View File

@ -3,3 +3,5 @@ collections:
pacman:
- ansible
- python-passlib
pkgmgr:
- j2r

4
roles/docker-bigbluebutton/templates/env.j2
View File

@ -161,7 +161,7 @@ OFFICE365_HD=
# It is useful for cases when Greenlight is deployed behind a Network Load Balancer or proxy
OAUTH2_REDIRECT=
{% if applications[application_id].ldap.enabled | bool %}
{% if applications[application_id].features.ldap | bool %}
# LDAP Login Provider (optional)
#
# You can enable LDAP authentication by providing values for the variables below.
@ -286,7 +286,7 @@ HELP_URL=https://docs.bigbluebutton.org/greenlight/gl-overview.html
# approval - For approve/decline registration
DEFAULT_REGISTRATION=invite
{% if applications[application_id].oidc.enabled | bool %}
{% if applications[application_id].features.oidc | bool %}
### EXTERNAL AUTHENTICATION METHODS
# @See https://docs.bigbluebutton.org/greenlight/v3/external-authentication/
#

4
roles/docker-central-database/tasks/main.yml
View File

@ -16,12 +16,12 @@
src: "env/{{database_type}}.env.j2"
dest: "{{database_env}}"
notify: docker compose project build and setup
when: not applications[application_id].database.central_storage | bool
when: not applications[application_id].features.database | bool
- name: "Create central database"
include_role:
name: "docker-{{database_type}}"
when: applications[application_id].database.central_storage | bool
when: applications[application_id].features.database | bool
- name: "Add database to backup"
include_tasks: "{{ playbook_dir }}/roles/backup-docker-to-local/tasks/seed-database-to-backup.yml"

2
roles/docker-central-database/templates/services/mariadb.yml.j2
View File

@ -1,5 +1,5 @@
# This template needs to be included in docker-compose.yml, which depend on a mariadb database
{% if not applications[application_id].database.central_storage | bool %}
{% if not applications[application_id].features.database | bool %}
database:
container_name: {{application_id}}-database
logging:

2
roles/docker-central-database/templates/services/postgres.yml.j2
View File

@ -1,5 +1,5 @@
# This template needs to be included in docker-compose.yml, which depend on a postgres database
{% if not applications[application_id].database.central_storage | bool %}
{% if not applications[application_id].features.database | bool %}
database:
image: postgres:{{applications.postgres.version}}-alpine
container_name: {{application_id}}-database

4
roles/docker-central-database/vars/database.yml
View File

@ -1,5 +1,5 @@
database_instance: "{{ 'central-' + database_type if applications[application_id].database.central_storage | bool else application_id }}"
database_host: "{{ 'central-' + database_type if applications[application_id].database.central_storage | bool else 'database' }}"
database_instance: "{{ 'central-' + database_type if applications[application_id].features.database | bool else application_id }}"
database_host: "{{ 'central-' + database_type if applications[application_id].features.database | bool else 'database' }}"
database_name: "{{ application_id }}"
database_username: "{{ application_id }}"
database_port: "{{ 3306 if database_type == 'mariadb' else 5432 }}"

2
roles/docker-discourse/handlers/main.yml
View File

@ -11,7 +11,7 @@
command:
cmd: "docker network connect {{applications.discourse.network}} central-{{ database_type }}"
ignore_errors: true
when: applications[application_id].database.central_storage | bool
when: applications[application_id].features.database | bool
listen: recreate discourse
- name: rebuild discourse

4
roles/docker-discourse/tasks/main.yml
View File

@ -68,10 +68,10 @@
command:
cmd: "docker network connect central_postgres {{applications.discourse.container}}"
ignore_errors: true
when: applications[application_id].database.central_storage | bool
when: applications[application_id].features.database | bool
- name: "remove central database from {{application_id}}_default"
command:
cmd: "docker network disconnect {{applications.discourse.network}} central-{{ database_type }}"
ignore_errors: true
when: applications[application_id].database.central_storage | bool
when: applications[application_id].features.database | bool

4
roles/docker-discourse/templates/discourse_application.yml.j2
View File

@ -1,5 +1,5 @@
templates:
{% if not applications[application_id].database.central_storage | bool %}
{% if not applications[application_id].features.database | bool %}
- "templates/postgres.template.yml"
{% endif %}
#- "templates/redis.template.yml"
@ -112,7 +112,7 @@ run:
## If you want to set the 'From' email address for your first registration, uncomment and change:
## After getting the first signup email, re-comment the line. It only needs to run once.
#- exec: rails r "SiteSetting.notification_email='info@unconfigured.discourse.org'"
{% if applications[application_id].oidc.enabled | bool %}
{% if applications[application_id].features.oidc | bool %}
# Deactivate Default Login
- exec: rails r "SiteSetting.enable_local_logins = false"
- exec: rails r "SiteSetting.enable_passkeys = false" # https://meta.discourse.org/t/passwordless-login-using-passkeys/285589

2
roles/docker-friendica/vars/main.yml
View File

@ -1,4 +1,4 @@
application_id: "friendica"
database_password: "{{friendica_database_password}}"
database_type: "mariadb"
no_validation: "{{applications[application_id].oidc.enabled}}" # Email validation is not neccessary if OIDC is active
no_validation: "{{applications[application_id].features.oidc}}" # Email validation is not neccessary if OIDC is active

2
roles/docker-funkwhale/templates/env.j2
View File

@ -100,7 +100,7 @@ DJANGO_SETTINGS_MODULE=config.settings.production
# Generate one using `openssl rand -base64 45`, for example
DJANGO_SECRET_KEY={{funkwhale_django_secret}}
{% if applications[application_id].ldap.enabled | bool %}
{% if applications[application_id].features.ldap | bool %}
# LDAP settings
# Use the following options to allow authentication on your Funkwhale instance
# using a LDAP directory.

6
roles/docker-mailu/templates/env.j2
View File

@ -151,14 +151,14 @@ API_TOKEN={{applications.mailu.credentials.api_token}}
AUTH_REQUIRE_TOKENS=True
{% if applications[application_id].oidc.enabled | bool %}
{% if applications[application_id].features.oidc | bool %}
###################################
# OpenID Connect settings
###################################
# @see https://github.com/heviat/Mailu-OIDC/tree/master
# Enable OpenID Connect. Possible values: True, False
OIDC_ENABLED={{ applications[application_id].oidc.enabled | string | capitalize }}
OIDC_ENABLED={{ applications[application_id].features.oidc | string | capitalize }}
# OpenID Connect provider configuration URL
OIDC_PROVIDER_INFO_URL={{oidc.client.issuer_url}}
@ -182,7 +182,7 @@ OIDC_CHANGE_PASSWORD_REDIRECT_ENABLED=True
# Redirect URL for password change. Defaults to provider issuer url appended by /.well-known/change-password
OIDC_CHANGE_PASSWORD_REDIRECT_URL={{oidc.client.change_credentials}}
{% if applications[application_id].oidc.enabled | bool %}
{% if applications[application_id].features.oidc | bool %}
# The OIDC claim used as the username. If the selected claim contains an email address, it will be used as is. If it is not an email (e.g., sub), the email address will be constructed as <OIDC_USERNAME_CLAIM>@<OIDC_USER_DOMAIN>. Defaults to email.
OIDC_USERNAME_CLAIM={{oidc.attributes.username}}

2
roles/docker-mailu/vars/main.yml
View File

@ -6,7 +6,7 @@ enable_wildcard_certificate: false
# Use dedicated source for oidc if activated
# @see https://github.com/heviat/Mailu-OIDC/tree/2024.06
docker_source: "{{ 'ghcr.io/heviat' if applications[application_id].oidc.enabled | bool else 'ghcr.io/mailu' }}"
docker_source: "{{ 'ghcr.io/heviat' if applications[application_id].features.oidc | bool else 'ghcr.io/mailu' }}"
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"

4
roles/docker-mastodon/templates/env.j2
View File

@ -52,14 +52,14 @@ SMTP_OPENSSL_VERIFY_MODE=none
SMTP_ENABLE_STARTTLS=auto
SMTP_FROM_ADDRESS=Mastodon <{{system_email.from}}>
{% if applications[application_id].oidc.enabled | bool %}
{% if applications[application_id].features.oidc | bool %}
###################################
# OpenID Connect settings
###################################
# @see https://github.com/mastodon/mastodon/pull/16221
# @see https://stackoverflow.com/questions/72081776/how-mastodon-configured-login-using-sso
OIDC_ENABLED={{ applications[application_id].oidc.enabled | string | lower }}
OIDC_ENABLED={{ applications[application_id].features.oidc | string | lower }}
OIDC_DISPLAY_NAME="{{oidc.button_text}}"
OIDC_ISSUER={{oidc.client.issuer_url}}
OIDC_DISCOVERY=true

2
roles/docker-matrix-compose/tasks/create-and-seed-database.yml
View File

@ -7,7 +7,7 @@
- name: "create {{database_name}} database"
include_role:
name: docker-postgres
when: applications[application_id].database.central_storage | bool
when: applications[application_id].features.database | bool
- name: "include seed-database-to-backup.yml"
include_tasks: "{{ playbook_dir }}/roles/backup-docker-to-local/tasks/seed-database-to-backup.yml"

2
roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2
View File

@ -45,7 +45,7 @@ email:
client_base_url: "{{domains.matrix_synapse}}"
validation_token_lifetime: 15m
{% if applications[application_id].oidc.enabled | bool %}
{% if applications[application_id].features.oidc | bool %}
# @See https://matrix-org.github.io/synapse/latest/openid.html
oidc_providers:
- idp_id: keycloak

2
roles/docker-nextcloud/templates/config/oidc.config.php.j2
View File

@ -146,7 +146,7 @@ return array (
//
// The `id` attribute in `oidc_login_attributes` must return the
// "Internal Username" (see expert settings in LDAP integration)
'oidc_login_proxy_ldap' => {{applications[application_id].ldap.enabled | string | lower}},
'oidc_login_proxy_ldap' => {{applications[application_id].features.ldap | string | lower}},
// Disable creation of users new to Nextcloud from OIDC login.
// A user may be known to the IdP but not (yet) known to Nextcloud.

2
roles/docker-openproject/tasks/main.yml
View File

@ -59,4 +59,4 @@
- name: Setup LDAP
include_tasks: ldap.yml
when: applications[application_id].ldap.enabled | bool
when: applications[application_id].features.ldap | bool

2
roles/docker-pgadmin/vars/main.yml
View File

@ -1,6 +1,6 @@
application_id: "pgadmin"
database_type: "postgres"
database_host: "{{ 'central-' + database_type if applications[application_id].database.central_storage }}"
database_host: "{{ 'central-' + database_type if applications[application_id].features.database }}"
database_var_file: "{{playbook_dir}}/roles/docker-central-database/vars/database.yml"
pgadmin_user: 5050
pgadmin_group: "{{pgadmin_user}}"

2
roles/docker-phpmyadmin/vars/main.yml
View File

@ -1,3 +1,3 @@
application_id: "phpmyadmin"
database_type: "mariadb"
database_host: "{{ 'central-' + database_type if applications[application_id].database.central_storage}}"
database_host: "{{ 'central-' + database_type if applications[application_id].features.database}}"

4
roles/docker-portfolio/lookup_plugins/docker_cards.py
View File

@ -22,7 +22,7 @@ class LookupModule(LookupBase):
- Retrieves the icon class from galaxy_info.logo.class
- Retrieves the tags from galaxy_info.galaxy_tags
- Builds the URL using the 'domains' variable (e.g. domains[application_id])
- Sets the iframe flag from applications[application_id].landingpage_iframe_enabled
- Sets the iframe flag from applications[application_id].features.iframe
Only cards whose application_id is included in the variable group_names are returned.
"""
@ -98,7 +98,7 @@ class LookupModule(LookupBase):
url = "https://" + domain_url if domain_url else ""
app_data = applications.get(application_id, {})
iframe = app_data.get("landingpage_iframe_enabled", False)
iframe = app_data.get("features", {}).get("iframe", False)
# Build card dictionary
card = {

10
roles/docker-portfolio/templates/config.yaml.j2
View File

@ -28,7 +28,7 @@ accounts:
class: fa-brands fa-mastodon
url: "https://{{ service_provider.contact.mastodon.split('@')[2] }}/@{{ service_provider.contact.mastodon.split('@')[1] }}"
identifier: "{{service_provider.contact.mastodon}}"
iframe: {{ applications | get_landingpage_iframe_enabled('mastodon') }}
iframe: {{ applications | get_features_iframe('mastodon') }}
{% endif %}
{% if service_provider.contact.bluesky is defined and service_provider.contact.bluesky != "" %}
@ -52,7 +52,7 @@ accounts:
class: fa-solid fa-camera
identifier: "{{service_provider.contact.pixelfed}}"
url: "https://{{ service_provider.contact.pixelfed.split('@')[2] }}/@{{ service_provider.contact.pixelfed.split('@')[1] }}"
iframe: {{ applications | get_landingpage_iframe_enabled('pixelfed') }}
iframe: {{ applications | get_features_iframe('pixelfed') }}
{% endif %}
{% if service_provider.contact.peertube is defined and service_provider.contact.peertube != "" %}
@ -64,7 +64,7 @@ accounts:
class: fa-solid fa-video
identifier: "{{service_provider.contact.peertube}}"
url: "https://{{ service_provider.contact.peertube.split('@')[2] }}/@{{ service_provider.contact.peertube.split('@')[1] }}"
iframe: {{ applications | get_landingpage_iframe_enabled('peertube') }}
iframe: {{ applications | get_features_iframe('peertube') }}
{% endif %}
{% if service_provider.contact.wordpress is defined and service_provider.contact.wordpress != "" %}
@ -76,7 +76,7 @@ accounts:
class: fa-solid fa-blog
identifier: "{{service_provider.contact.wordpress}}"
url: "https://{{ service_provider.contact.wordpress.split('@')[2] }}/@{{ service_provider.contact.wordpress.split('@')[1] }}"
iframe: {{ applications | get_landingpage_iframe_enabled('wordpress') }}
iframe: {{ applications | get_features_iframe('wordpress') }}
{% endif %}
{% if service_provider.contact.source_code is defined and service_provider.contact.source_code != "" %}
@ -98,7 +98,7 @@ accounts:
class: fas fa-network-wired
identifier: "{{service_provider.contact.friendica}}"
url: "https://{{ service_provider.contact.friendica.split('@')[2] }}/@{{ service_provider.contact.friendica.split('@')[1] }}"
iframe: {{ applications | get_landingpage_iframe_enabled('friendica') }}
iframe: {{ applications | get_features_iframe('friendica') }}
{% endif %}

8
roles/docker-portfolio/templates/footer_menu.yaml.j2
View File

@ -37,13 +37,13 @@
icon:
class: fa-solid fa-shield-halved
url: https://{{domains.keycloak}}/admin
iframe: {{ applications | get_landingpage_iframe_enabled('keycloak') }}
iframe: {{ applications | get_features_iframe('keycloak') }}
- name: Profile
description: Update your personal admin settings
icon:
class: fa-solid fa-user-gear
url: https://{{ domains.keycloak }}/realms/{{oidc.client.id}}/account
iframe: {{ applications | get_landingpage_iframe_enabled('keycloak') }}
iframe: {{ applications | get_features_iframe('keycloak') }}
- name: Logout
description: End your admin session securely
icon:
@ -113,7 +113,7 @@
icon:
class: fas fa-book
url: https://{{domains.sphinx}}
iframe: {{ applications | get_landingpage_iframe_enabled('sphinx') }}
iframe: {{ applications | get_features_iframe('sphinx') }}
{% endif %}
@ -124,7 +124,7 @@
icon:
class: "fas fa-chalkboard-teacher"
url: https://{{domains.presentation}}
iframe: {{ applications | get_landingpage_iframe_enabled('presentation') }}
iframe: {{ applications | get_features_iframe('presentation') }}
{% endif %}

2
roles/docker-snipe_it/templates/env.j2
View File

@ -27,7 +27,7 @@ DB_DATABASE={{database_name}}
DB_USERNAME={{database_username}}
DB_PASSWORD={{database_password}}
{% if not applications[application_id].database.central_storage | bool %}
{% if not applications[application_id].features.database | bool %}
MYSQL_ROOT_PASSWORD={{database_password}}
DB_PREFIX=null
DB_DUMP_PATH='/usr/bin'

2
roles/docker-taiga/tasks/main.yml
View File

@ -18,7 +18,7 @@
template:
src: "taiga/{{item}}.py.j2"
dest: "{{ docker_compose.directories.config }}taiga-{{item}}.py"
when: applications[application_id].oidc.enabled and applications[application_id].oidc.flavor == 'taigaio'
when: applications[application_id].features.oidc and applications[application_id].oidc.flavor == 'taigaio'
notify: docker compose project build and setup
loop: "{{ settings_files }}"

8
roles/docker-taiga/templates/docker-compose.yml.j2
View File

@ -9,7 +9,7 @@ services:
- media-data:/taiga-back/media
# - ./config.py:/taiga-back/settings/config.py
{% if applications[application_id].oidc.enabled and applications[application_id].oidc.flavor == 'taigaio' %}
{% if applications[application_id].features.oidc and applications[application_id].oidc.flavor == 'taigaio' %}
- {{ docker_compose.directories.config }}taiga-local.py:/taiga-back/settings/local.py:ro
@ -22,7 +22,7 @@ services:
condition: service_started
taiga-async-rabbitmq:
condition: service_started
{% if applications[application_id].oidc.enabled and applications[application_id].oidc.flavor == 'taigaio' %}
{% if applications[application_id].features.oidc and applications[application_id].oidc.flavor == 'taigaio' %}
command: >
/bin/sh -c "
@ -42,7 +42,7 @@ services:
- media-data:/taiga-back/media
# - ./config.py:/taiga-back/settings/config.py
{% if applications[application_id].oidc.enabled and applications[application_id].oidc.flavor == 'taigaio' %}
{% if applications[application_id].features.oidc and applications[application_id].oidc.flavor == 'taigaio' %}
{% for item in settings_files %}
- {{ docker_compose.directories.config }}taiga-{{ item }}.py:/taiga-back/settings/{{ item }}.py:ro
@ -57,7 +57,7 @@ services:
condition: service_started
taiga-async-rabbitmq:
condition: service_started
{% if applications[application_id].oidc.enabled and applications[application_id].oidc.flavor == 'taigaio' %}
{% if applications[application_id].features.oidc and applications[application_id].oidc.flavor == 'taigaio' %}
command: >
/bin/sh -c "

2
roles/docker-taiga/templates/env.j2
View File

@ -47,7 +47,7 @@ MAX_AGE = 360
# Taiga's Telemetry - Variable to enable or disable the anonymous telemetry
ENABLE_TELEMETRY = True
{% if applications[application_id].oidc.enabled %}
{% if applications[application_id].features.oidc %}
{% if applications[application_id].oidc.flavor == 'taigaio' %}

4
roles/docker-taiga/vars/main.yml
View File

@ -5,10 +5,10 @@ docker_repository_address: "https://github.com/taigaio/taiga-docker"
email_backend: "smtp" ## use an SMTP server or display the emails in the console (either "smtp" or "console")
docker_compose_init: "{{docker_compose.directories.instance}}docker-compose-inits.yml.j2"
taiga_image_backend: >-
{{ 'robrotheram/taiga-back-openid' if applications[application_id].oidc.enabled and applications[application_id].oidc.flavor == 'robrotheram'
{{ 'robrotheram/taiga-back-openid' if applications[application_id].features.oidc and applications[application_id].oidc.flavor == 'robrotheram'
else 'taigaio/taiga-back' }}
taiga_image_frontend: >-
{{ 'robrotheram/taiga-front-openid' if applications[application_id].oidc.enabled and applications[application_id].oidc.flavor == 'robrotheram'
{{ 'robrotheram/taiga-front-openid' if applications[application_id].features.oidc and applications[application_id].oidc.flavor == 'robrotheram'
else 'taigaio/taiga-front' }}
taiga_frontend_conf_path: "{{docker_compose.directories.config}}conf.json"

6
roles/docker-wordpress/tasks/main.yml
View File

@ -39,4 +39,8 @@
- name: "Activating OIDC when enabled."
include_tasks: oidc.yml
when: applications[application_id].oidc.enabled | bool
when: applications[application_id].features.oidc | bool
#- name: "Activating WP Discourse when enabled"
# include_tasks: wp_discourse.yml
# when: applications[application_id].wp_discourse.enabled | bool

23
roles/docker-wordpress/tasks/setup-discourse-api-key.yml Normal file
View File

@ -0,0 +1,23 @@
---
- name: "Create Discourse API key for WordPress integration"
uri:
url: "https://{{ domains.discourse }}/admin/api/keys"
method: POST
headers:
Content-Type: "application/json"
Api-Key: "{{ applications.discourse.master_api_key }}"
Api-Username: "{{ applications.discourse.master_api_username | default('admin') }}"
body_format: json
body:
key:
description: "WP Discourse Integration"
username: "system"
return_content: true
status_code: 200
register: discourse_api_key_response
when: applications.discourse.master_api_key is defined
- name: "Set fact for vault_discourse_api_key"
set_fact:
vault_discourse_api_key: "{{ discourse_api_key_response.json.key.key }}"
when: discourse_api_key_response is defined and discourse_api_key_response.json.key is defined

17
roles/docker-wordpress/tasks/wp_discourse.yml Normal file
View File

@ -0,0 +1,17 @@
---
- name: "Install WP Discourse plugin"
command: >
docker-compose exec -u www-data -T application
wp plugin install wp-discourse --activate
--path={{ wordpress_docker_html_path }}
args:
chdir: "{{ docker_compose.directories.instance }}"
- name: "Configure WP Discourse settings"
vars:
discourse_settings_json_b64: "{{ discourse_settings | to_json | b64encode }}"
command: >
docker-compose exec -u www-data -T application bash -lc
"wp eval \"update_option('wp_discourse_options', json_decode(base64_decode('{{ discourse_settings_json_b64 }}'), true));\" --path={{ wordpress_docker_html_path }}"
args:
chdir: "{{ docker_compose.directories.instance }}"

10
roles/docker-wordpress/vars/wp_discourse.yml Normal file
View File

@ -0,0 +1,10 @@
# Defines WP Discourse plugin settings
# @see https://github.com/discourse/wp-discourse
discourse_settings:
publish_discourse_posts: true
discourse_url: "https://{{ domains.discourse }}"
discourse_api_key: "{{ applications.discourse.api_key }}"
discourse_username: "system"
discourse_use_sso: false # You can change this depending on your integration style
discourse_sso_secret: "{{ applications.wordpress.credentials.discourse_sso_secret | default('') }}"

2
roles/health-nginx/TODO.md Normal file
View File

@ -0,0 +1,2 @@
# Todo
- Implement health check for oauth2-proxy

2
roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2
View File

@ -1,4 +1,4 @@
{% if landingpage_iframe_enabled | default(applications.get(application_id).get('landingpage_iframe_enabled')) | bool %}
{% if applications.get(application_id, {}).get('features', {}).get('iframe', False) %}
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Content-Security-Policy "frame-ancestors 'self' {{primary_domain}};" always;
{% endif %}

4
roles/nginx-modifier-all/tasks/main.yml
View File

@ -1,9 +1,9 @@
- name: "Activate Global CSS for {{domain}}"
include_role:
name: nginx-modifier-css
when: applications.get(application_id).get('css_enabled') | bool
when: applications.get(application_id).get('features').get('css') | bool
- name: "Activate Global Matomo Tracking for {{domain}}"
include_role:
name: nginx-modifier-matomo
when: applications.get(application_id).get('matomo_tracking_enabled') | bool
when: applications.get(application_id).get('features').get('matomo') | bool

12
roles/nginx-modifier-all/templates/global.includes.conf.j2
View File

@ -2,20 +2,20 @@
sub_filter_once off;
sub_filter_types text/html;
{% set css_enabled_final = applications.get(application_id).get('css_enabled') | bool %}
{% set matomo_tracking_enabled_final = applications.get(application_id).get('matomo_tracking_enabled') | bool %}
{% set features_css_final = applications.get(application_id).get('features').get('css') | bool %}
{% set features_matomo_final = applications.get(application_id).get('features').get('matomo') | bool %}
{% if matomo_tracking_enabled_final | bool %}
{% if features_matomo_final | bool %}
{# Include Global Matomo Tracking #}
{% include 'roles/nginx-modifier-matomo/templates/matomo-tracking.conf.j2' %}
{% endif %}
{% if css_enabled_final | bool or matomo_tracking_enabled_final | bool %}
sub_filter '</head>' '{% if matomo_tracking_enabled_final | bool %}{% include 'roles/nginx-modifier-matomo/templates/script.j2' %}{% endif %}{% if css_enabled_final | bool %}{% include 'roles/nginx-modifier-css/templates/link.j2' %}{% endif %}</head>';
{% if features_css_final | bool or features_matomo_final | bool %}
sub_filter '</head>' '{% if features_matomo_final | bool %}{% include 'roles/nginx-modifier-matomo/templates/script.j2' %}{% endif %}{% if features_css_final | bool %}{% include 'roles/nginx-modifier-css/templates/link.j2' %}{% endif %}</head>';
{% endif %}
{% if css_enabled_final | bool %}
{% if features_css_final | bool %}
{# Include Global CSS Location #}
{% include 'roles/nginx-modifier-css/templates/location.conf.j2' %}
{% endif %}

2
roles/nginx-modifier-matomo/tasks/main.yml
View File

@ -30,7 +30,7 @@
uri:
url: "https://{{ domains.matomo }}/index.php"
method: POST
body: "module=API&method=SitesManager.addSite&siteName={{ base_domain }}&urls=https://{{ base_domain }}&token_auth={{ applications.matomo.auth_token }}&format=json"
body: "module=API&method=SitesManager.addSite&siteName={{ base_domain }}&urls=https://{{ base_domain }}&token_auth={{ applications.matomo.credentials.auth_token }}&format=json"
body_format: form-urlencoded
status_code: 200
return_content: yes

2
roles/nginx-modifier-matomo/vars/main.yml
View File

@ -1,2 +1,2 @@
base_domain: "{{ domain | regex_replace('^(?:.*\\.)?(.+\\..+)$', '\\1') }}"
verification_url: "https://{{domains.matomo}}/index.php?module=API&method=SitesManager.getSitesIdFromSiteUrl&url=https://{{base_domain}}&format=json&token_auth={{applications.matomo.auth_token}}"
verification_url: "https://{{domains.matomo}}/index.php?module=API&method=SitesManager.getSitesIdFromSiteUrl&url=https://{{base_domain}}&format=json&token_auth={{applications.matomo.credentials.auth_token}}"

14
tasks/constructor.yml
View File

@ -32,6 +32,20 @@
set_fact:
applications: "{{ defaults_applications | combine(applications | default({}, true), recursive=True) }}"
# @todo implement
# - name: Ensure features.integrated is set based on group membership
# set_fact:
# applications: "{{ applications | combine({ item.key: updated_app }, recursive=True) }}"
# vars:
# original_app: "{{ applications[item.key] | default({}) }}"
# original_features: "{{ original_app.features | default({}) }}"
# needs_integration: original_features.integrated is not defined
# updated_features: >-
# {{ original_features | combine({'integrated': (item.key in group_names)}) if needs_integration else original_features }}
# updated_app: >-
# {{ original_app | combine({'features': updated_features}) }}
# loop: "{{ applications | dict2items }}"
- name: Merge networks definitions
set_fact:
networks: "{{ defaults_networks | combine(networks | default({}, true), recursive=True) }}"

2
templates/docker/compose/networks.yml.j2
View File

@ -4,7 +4,7 @@ networks:
central_{{ database_type }}:
external: true
{% endif %}
{% if applications[application_id].get('ldap', {}).get('enabled', false) | bool and applications.ldap.network.local | bool %}
{% if applications[application_id].get('features', {}).get('ldap', false) | bool and applications.ldap.network.local | bool %}
central_ldap:
external: true
{% endif %}

2
templates/docker/compose/volumes-just-database.yml.j2
View File

@ -1,5 +1,5 @@
{# This needs to be included in docker-compose.yml which just contain a database volume #}
{% if not (applications[application_id].database.central_storage | default(false)) | bool %}
{% if not (applications[application_id].features.database | default(false)) | bool %}
volumes:
database:
{% endif %}

2
templates/docker/compose/volumes.yml.j2
View File

@ -1,6 +1,6 @@
{# This template needs to be included in docker-compose.yml which contain a database and additional volumes #}
volumes:
{% if not (applications[application_id].database.central_storage | default(false)) | bool %}
{% if not (applications[application_id].features.database | default(false)) | bool %}
database:
{% endif %}
{{ "\n" }}

2
templates/docker/container/depends-on-also-database.yml.j2
View File

@ -1,6 +1,6 @@
{# This template needs to be included in docker-compose.yml containers which depend on a database and additional containers #}
depends_on:
{% if not applications[application_id].database.central_storage | bool %}
{% if not applications[application_id].features.database | bool %}
database:
condition: service_healthy
{% endif %}

2
templates/docker/container/depends-on-database-redis.yml.j2
View File

@ -1,6 +1,6 @@
{# This template needs to be included in docker-compose.yml containers, which depend on a database, redis and optional additional volumes #}
depends_on:
{% if not applications[application_id].database.central_storage | bool %}
{% if not applications[application_id].features.database | bool %}
database:
condition: service_healthy
{% endif %}

2
templates/docker/container/depends-on-just-database.yml.j2
View File

@ -1,5 +1,5 @@
{# This template needs to be included in docker-compose.yml containers, which just depend on a database #}
{% if not applications[application_id].database.central_storage | bool %}
{% if not applications[application_id].features.database | bool %}
depends_on:
database:
condition: service_healthy

2
templates/docker/container/networks.yml.j2
View File

@ -3,7 +3,7 @@
{% if applications | get_database_central_storage(application_id) | bool and database_type is defined %}
central_{{ database_type }}:
{% endif %}
{% if applications[application_id].get('ldap', {}).get('enabled', false)|bool and applications.ldap.network.local|bool %}
{% if applications[application_id].get('features', {}).get('ldap', false) | bool and applications.ldap.network.local|bool %}
central_ldap:
{% endif %}
default:

826
templates/vars/applications.yml.j2 Normal file
View File

@ -0,0 +1,826 @@
{% import "features.yml.j2" as features %}{% raw %}
# Docker Applications
## Docker Role Specific Parameters
docker_restart_policy: "unless-stopped"
##############################################
## Applications Configuration
##############################################
# Keep in mind, that this configuration should in general just apply to the roles which set the applications up.
# If other applications depend on this variables, propably it makes sense to define it in e.g. IMA or other variable files.
# helper
_applications_nextcloud_oidc_flavor: "{{ applications.nextcloud.oidc.flavor | default('oidc_login' if applications.nextcloud.features.ldap | default(true) else 'sociallogin') }}"
# applications
defaults_applications:
## Akaunting
akaunting:
version: "latest"
company_name: "{{primary_domain}}"
company_email: "{{users.administrator.email}}"
setup_admin_email: "{{users.administrator.email}}"
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': false,
'database': true,
}) }}{% raw %}
## Assets Server
assets_server:
source_directory: "{{ playbook_dir }}/assets" # Directory from which the assets will be copied
url: "https://{{domains.file_server}}/assets" # Public address of the assets directory
## Attendize
attendize:
version: "latest"
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': false,
'database': true,
}) }}{% raw %}
## Baserow
baserow:
version: "latest"
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': true,
'database': true,
}) }}{% raw %}
## Big Blue Button
bigbluebutton:
enable_greenlight: "true"
setup: false # Set to true in inventory file for initial setup
# @todo LDAP needs to get propper implemented and tested, just set values during refactoring
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': true,
'ldap': false,
'oidc': true,
'database': true,
}) }}{% raw %}
credentials:
# shared_secret: # Needs to be defined in inventory file
# etherpad_api_key: # Needs to be defined in inventory file
# rails_secret: # Needs to be defined in inventory file
# postgresql_secret: # Needs to be defined in inventory file
# fsesl_password: # Needs to be defined in inventory file
# turn_secret: # Needs to be defined in inventory file
urls:
api: "https://{{domains.bigbluebutton}}/bigbluebutton/" # API Address used by Nextcloud Integration
## Bluesky
bluesky:
users:
administrator:
email: "{{users.administrator.email}}"
pds:
version: "latest"
#jwt_secret: # Needs to be defined in inventory file - Use: openssl rand -base64 64 | tr -d '\n'
#plc_rotation_key_k256_private_key_hex: # Needs to be defined in inventory file - Use: openssl rand -hex 32
#admin_password: # Needs to be defined in inventory file - Use: openssl rand -base64 16
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': true,
'database': true,
}) }}{% raw %}
# Chromium Browser
chromium:
plugins: # Plugins to be installed in Chromium
- "cjpalhdlnbpafiamejdnhcphjbkeiagm;https://clients2.google.com/service/update2/crx" # U-Block Origine Plugin
- "oboonakemofpalcgghocfoadofidjkkk;https://clients2.google.com/service/update2/crx" # KeepassXC Plugin
coturn: # @todo implement
credentials:
user: turnuser
# password: # Need to be defined in invetory file
# secret: # Need to be defined in invetory file
## Discourse:
discourse:
network: "discourse_default" # Name of the docker network
container: "discourse_application" # Name of the container application
repository: "discourse_repository" # Name of the repository folder
credentials:
database:
# password: # Needs to be defined in inventory file
master_api:
# key: # Needs to be defined in inventory file
username: "{{ users.administrator.username }}" # Username for the Master API
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': true,
'oidc': true,
'database': true,
}) }}{% raw %}
## File Server
file_server:
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': true,
}) }}{% raw %}
# Firefox Browser
firefox:
plugins: # Plugins to be installed in Firefox
- "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi" # U-Block Origine Plugin
- "https://addons.mozilla.org/firefox/downloads/latest/keepassxc-browser/latest.xpi" # KeepassXC Plugin
## Friendica
friendica:
version: "latest"
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': true,
'oidc': true,
'database': true,
}) }}{% raw %}
## Funkwhale
funkwhale:
version: "1.4.0"
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': true,
'ldap': true,
'database': true,
}) }}{% raw %}
## Gitea
gitea:
version: "latest" # Use latest docker image
configuration:
repository:
enable_push_create_user: True # Allow users to push local repositories to Gitea and have them automatically created for a user.
default_private: last # Default private when creating a new repository: last, private, public
default_push_create_private: True # Default private when creating a new repository with push-to-create.
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': true,
'database': true,
}) }}{% raw %}
## Gitlab
gitlab:
version: "latest"
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': true,
'database': true,
}) }}{% raw %}
## Gnome
gnome:
plugins:
- [enable,nasa_apod@elinvention.ovh,https://github.com/Elinvention/gnome-shell-extension-nasa-apod.git]
- [disable,dash-to-dock@micxgx.gmail.com,'']
- [enable, dash-to-panel@jderose9.github.com,'']
## Joomla
joomla:
version: "latest"
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': true,
}) }}{% raw %}
## HTML Server
html_server:
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': false,
}) }}{% raw %}
## Keycloak
keycloak:
version: "latest"
users:
administrator:
username: "{{users.administrator.username}}" # Administrator Username for Keycloak
import_realm: True # If True realm will be imported. If false skip.
# database_password: # Needs to be defined in inventory file
# administrator_password: # Needs to be defined in inventory file
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': true,
'ldap': true,
'database': true,
}) }}{% raw %}
# LDAP Account Manager
lam:
version: "latest"
# administrator_password: "{{users.administrator.initial_password}}" # CHANGE for security reasons
oauth2_proxy:
application: application # Needs to be the same as webinterface
port: 80 # application port
# cookie_secret: None # Set via openssl rand -hex 16
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': true,
'ldap': true,
'database': false,
'oauth2': false,
}) }}{% raw %}
## LDAP
ldap:
version: "latest"
network:
local: True # Activates local network to allow other docker containers to connect
public: False # Set to true in inventory file if you want to expose the LDAP port to the internet
hostname: "ldap" # Hostname of the LDAP Server in the central_ldap network
webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin
users:
administrator:
username: "{{users.administrator.username}}" # Administrator username
# administrator_password: # CHANGE for security reasons in inventory file
# administrator_database_password: # CHANGE for security reasons in inventory file
force_import: False # Forces the import of the LDIF files
{% endraw %}{{ features.render_features({
'ldap': true,
}) }}{% raw %}
## Libre Office
libreoffice:
flavor: "fresh" # Libre Office flavor, fresh for new, still for stable
## Listmonk
listmonk:
users:
administrator:
username: "{{users.administrator.username}}" # Listmonk administrator account username
public_api_activated: False # Security hole. Can be used for spaming
version: "latest" # Docker Image version
setup: false # Set true in inventory file to execute the setup and initializing procedures
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': true,
'database': true,
}) }}{% raw %}
mailu:
version: "2024.06" # Docker Image Version
setup: false # Set true in inventory file to execute the setup and initializing procedures
oidc:
email_by_username: true # If true, then the mail is set by the username. If wrong then the OIDC user email is used
enable_user_creation: true # Users will be created if not existing
domain: "{{primary_domain}}" # The main domain from which mails will be send \ email suffix behind @
credentials:
# secret_key: # Set to a randomly generated 16 bytes string
# database_password: # Needs to be set in inventory file
# api_token: # Configures the authentication token. The minimum length is 3 characters. This is a mandatory setting for using the RESTful API.
# initial_administrator_password: # Initial administrator password for setup
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': true,
'oidc': true,
'database': false
}) }}{% raw %}
# Deactivate central database for mailu, I don't know why the database deactivation is necessary
## MariaDB
mariadb:
version: "latest"
## Matomo
matomo:
version: "latest"
oauth2_proxy:
# cookie_secret: None # Set via openssl rand -hex 16
# database_password: Null # Needs to be set in inventory file
# auth_token: Null # Needs to be set in inventory file
{% endraw %}{{ features.render_features({
'matomo': false,
'css': false,
'iframe': false,
'database': true,
'oauth2': false,
}) }}{% raw %}
## Mastodon
mastodon:
version: "latest"
single_user_mode: false # Set true for initial setup
setup: false # Set true in inventory file to execute the setup and initializing procedures
credentials:
# Check out the README.md of the docker-mastodon role to get detailled instructions about how to setup the credentials
# database_password:
# secret_key_base:
# otp_secret:
# vapid:
# private_key:
# public_key:
# active_record_encryption:
# deterministic_key:
# key_derivation_salt:
# primary_key:
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': false,
'oidc': true,
'database': true,
}) }}{% raw %}
## Matrix
matrix:
users:
administrator:
username: "{{users.administrator.username}}" # Accountname of the matrix admin
playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start
role: "compose" # Role to setup Matrix. Valid values: ansible, compose
server_name: "{{primary_domain}}" # Adress for the account names etc.
synapse:
version: "latest"
element:
version: "latest"
setup: false # Set true in inventory file to execute the setup and initializing procedures
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': false,
'oidc': false,
'database': true,
}) }}{% raw %}
# Deactivated OIDC due to this issue https://github.com/matrix-org/synapse/issues/10492
## Moodle
moodle:
site_titel: "Global Learning Academy on {{primary_domain}}"
users:
administrator:
username: "{{users.administrator.username}}"
email: "{{users.administrator.email}}"
version: "latest"
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': false,
'database': true,
}) }}{% raw %}
## MyBB
mybb:
version: "latest"
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': false,
'database': true,
}) }}{% raw %}
## Nextcloud
nextcloud:
version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
ldap:
enabled: True # Enables LDAP by default
oidc:
enabled: "{{ applications.nextcloud.features.oidc | default(true) }}" # Activate OIDC for Nextcloud
# floavor decides which OICD plugin should be used.
# Available options: oidc_login, sociallogin
# @see https://apps.nextcloud.com/apps/oidc_login
# @see https://apps.nextcloud.com/apps/sociallogin
flavor: "oidc_login" # Keeping on sociallogin because the other option is not implemented yet
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': false,
'ldap': true,
'oidc': true,
'database': true,
}) }}{% raw %}
credentials:
# database_password: Null # Needs to be set in inventory file
users:
administrator:
username: "{{users.administrator.username}}"
initial_password: "{{users.administrator.initial_password}}" # Keep in mind to change the password fast after creation and activate 2FA
default_quota: '1000000000' # Quota to assign if no quota is specified in the OIDC response (bytes)
legacy_login_mask:
enabled: False # If true, then legacy login mask is shown. Otherwise just SSO
container:
application: "nextcloud-application" # Nextcloud application container name
proxy: "nextcloud-web" # Nextcloud Proxy Container Name
performance:
php:
memory_limit: "{{ ((ansible_memtotal_mb | int) / 30)|int }}M" # Dynamic set memory limit
upload_limit: "5G" # Set upload limit to 5GB for big media files
opcache_memory_consumption: "{{ ((ansible_memtotal_mb | int) / 30)|int }}M" # Dynamic set memory consumption
plugins:
# List for Nextcloud Plugin Routine
# Decides if plugins should be activated or deactivated
appointments:
# Nextcloud appointments: handles scheduling and appointment management (https://apps.nextcloud.com/apps/appointments)
enabled: true
bbb:
# Nextcloud BigBlueButton integration: enables video conferencing using BigBlueButton (https://apps.nextcloud.com/apps/bbb)
enabled: "{{ 'bigbluebutton' in group_names | lower }}"
#- bookmarks
# # Nextcloud Bookmarks: manage and share your bookmarks easily (https://apps.nextcloud.com/apps/bookmarks)
# enabled: false
calendar:
# Nextcloud calendar: manages calendar events and scheduling (https://apps.nextcloud.com/apps/calendar)
enabled: true
cfg_share_links:
# Nextcloud share links configuration: customizes sharing settings and link options (https://apps.nextcloud.com/apps/cfg_share_links)
enabled: true
collectives:
# Nextcloud collectives: supports collaborative group management and sharing (https://apps.nextcloud.com/apps/collectives)
enabled: true
contacts:
# Nextcloud contacts: manages address book and contact information (https://apps.nextcloud.com/apps/contacts)
enabled: true
cospend:
# Nextcloud cospend: manages shared expenses and spending tracking (https://apps.nextcloud.com/apps/cospend)
enabled: true
deck:
# Nextcloud Deck: organizes tasks and projects using Kanban boards (https://apps.nextcloud.com/apps/deck)
# When Taiga is activated, this plugin is deactivated, because Taiga is the prefered application.
enabled: "{{ 'taiga' not in group_names | lower }}"
drawio:
# Nextcloud draw.io: integrates diagram creation and editing tools (https://apps.nextcloud.com/apps/drawio)
enabled: true
duplicatefinder:
# Nextcloud duplicate finder: scans and identifies duplicate files (https://apps.nextcloud.com/apps/duplicatefinder)
enabled: true
emlviewer:
# Nextcloud EML Viewer: previews and manages EML email files (https://apps.nextcloud.com/apps/emlviewer)
enabled: true
event_update_notification:
# Nextcloud event update notification: sends alerts when events are updated (https://apps.nextcloud.com/apps/event_update_notification)
enabled: true
epubviewer:
# Nextcloud EPUB Viewer: enables reading and previewing EPUB e-books (https://apps.nextcloud.com/apps/epubviewer)
enabled: true
external:
# Nextcloud External: Adds links to external services (https://apps.nextcloud.com/apps/external)
enabled: true
#files_accesscontrol
# # Nextcloud Files Access Control: restricts file access based on defined rules (https://apps.nextcloud.com/apps/files_accesscontrol)
# enabled: false
#files_archive
# # Nextcloud Files Archive: compresses and archives files for efficient storage (https://apps.nextcloud.com/apps/files_archive)
# enabled: false
#files_automatedtagging
# # Nextcloud Files Automated Tagging: automatically tags files to improve organization (https://apps.nextcloud.com/apps/files_automatedtagging)
# enabled: false
files_bpm:
# Nextcloud Files BPM: integrates business process management for file workflows (https://apps.nextcloud.com/apps/files_bpm)
enabled: true
files_downloadactivity:
# Nextcloud Files Download Activity: tracks and logs file download events (https://apps.nextcloud.com/apps/files_downloadactivity)
enabled: true
files_linkeditor:
# Nextcloud files link editor: allows customization of shared file links (https://apps.nextcloud.com/apps/files_linkeditor)
enabled: true
files_mindmap:
# Nextcloud Files Mindmap: visualizes file relationships as mind maps (https://apps.nextcloud.com/apps/files_mindmap)
enabled: true
files_texteditor:
# Nextcloud Files Text Editor: provides an online editor for text files (https://apps.nextcloud.com/apps/files_texteditor)
# Not available for Nextcloud < 27
enabled: false
fileslibreofficeedit:
# Nextcloud LibreOffice integration: allows online editing of documents with LibreOffice (https://apps.nextcloud.com/apps/fileslibreofficeedit)
enabled: true
forms:
# Nextcloud forms: facilitates creation of forms and surveys (https://apps.nextcloud.com/apps/forms)
enabled: true
gestion:
# Nextcloud Gestion: manages administrative tasks and workflows (https://apps.nextcloud.com/apps/gestion)
enabled: true
groupfolders:
# Nextcloud Group Folders: centralizes shared folders for group collaboration (https://apps.nextcloud.com/apps/groupfolders)
enabled: true
gpxpod:
# Nextcloud GPX pod: visualizes GPS tracks and GPX data (https://apps.nextcloud.com/apps/gpxpod)
enabled: true
integration_discourse:
# Nextcloud Integration Discourse: connects Nextcloud with Discourse forums (https://apps.nextcloud.com/apps/integration_discourse)
enabled: false
integration_gitlab:
# Nextcloud Integration GitLab: connects Nextcloud with GitLab repositories (https://apps.nextcloud.com/apps/integration_gitlab)
enabled: "{{ 'gitlab' in group_names | lower }}"
integration_github:
# Nextcloud Integration GitHub: integrates GitHub repositories with Nextcloud (https://apps.nextcloud.com/apps/integration_github)
enabled: false
integration_google:
# Nextcloud Integration Google: connects Google services with Nextcloud (https://apps.nextcloud.com/apps/integration_google)
enabled: true
integration_mastodon:
# Nextcloud Integration Mastodon: connects Nextcloud with the Mastodon social network (https://apps.nextcloud.com/apps/integration_mastodon)
enabled: "{{ 'mastodon' in group_names | lower }}"
integration_openai:
# Nextcloud Integration OpenAI: brings OpenAI functionalities into Nextcloud (https://apps.nextcloud.com/apps/integration_openai)
enabled: false
integration_openproject:
# Nextcloud Integration OpenProject: integrates project management features from OpenProject (https://apps.nextcloud.com/apps/integration_openproject)
enabled: "{{ 'openproject' in group_names | lower }}"
integration_peertube:
# Nextcloud Integration PeerTube: connects to PeerTube for video sharing (https://apps.nextcloud.com/apps/integration_peertube)
enabled: "{{ 'peertube' in group_names | lower }}"
#keeweb
# # Nextcloud KeeWeb: integrates the KeeWeb password manager within Nextcloud (https://apps.nextcloud.com/apps/keeweb)
# # This isn't maintained anymore. The alternatives don't support keepass files
# enabled: false
keeporsweep:
# Nextcloud keep or sweep: helps manage and clean up files and data (https://apps.nextcloud.com/apps/keeporsweep)
enabled: true
mail:
# Nextcloud mail: integrated email client for managing mail accounts (https://apps.nextcloud.com/apps/mail)
enabled: true
maps:
# Nextcloud maps: provides mapping and location services integration (https://apps.nextcloud.com/apps/maps)
enabled: true
metadata:
# Nextcloud Metadata: manages and displays file metadata for enhanced organization (https://apps.nextcloud.com/apps/metadata)
enabled: true
news:
# Nextcloud News: aggregates and displays news feeds directly in Nextcloud (https://apps.nextcloud.com/apps/news)
enabled: true
oidc_login:
# Nextcloud User OIDC: integrates OpenID Connect for user authentication (https://apps.nextcloud.com/apps/oidc_login)
enabled: "{{ _applications_nextcloud_oidc_flavor=='oidc_login' | lower }}"
incompatible_plugins:
- user_oidc # Will be disabled
- sociallogin # Will be disabled
phonetrack:
# Nextcloud phone track: tracks and monitors mobile device usage (https://apps.nextcloud.com/apps/phonetrack)
enabled: true
polls:
# Nextcloud polls: facilitates creation and management of user polls (https://apps.nextcloud.com/apps/polls)
enabled: true
quota_warning:
# Nextcloud quota warning: notifies users when storage limits are reached (https://apps.nextcloud.com/apps/quota_warning)
enabled: true
recognize:
# Nextcloud recognize: performs image recognition tasks (https://apps.nextcloud.com/apps/recognize)
enabled: false # Deactivated because it let to bugs
richdocuments:
# Nextcloud Rich Documents: provides collaborative document editing capabilities (https://apps.nextcloud.com/apps/richdocuments)
enabled: false # @todo To set it default to true activate https://hub.docker.com/r/collabora/code before
sociallogin:
# Nextcloud social login: allows authentication using social networks (https://apps.nextcloud.com/apps/sociallogin)
enabled: "{{ _applications_nextcloud_oidc_flavor=='sociallogin' | lower }}"
incompatible_plugins:
- user_oidc # Will be disabled
- oidc_login # Will be disabled
spreed:
# Nextcloud Spreed: offers video conferencing and chat functionalities (https://apps.nextcloud.com/apps/spreed)
enabled: false # @todo to activate it first implement docker-coturn and activate it
tables:
# Nextcloud tables: allows creation and editing of tables within the interface (https://apps.nextcloud.com/apps/tables)
enabled: true
tasks:
# Nextcloud tasks: manages personal or group tasks and to-do lists (https://apps.nextcloud.com/apps/tasks)
enabled: true
#terms_of_service
# # Nextcloud Terms of Service: manages user acceptance of terms and conditions (https://apps.nextcloud.com/apps/terms_of_service)
# enabled: false
twofactor_nextcloud_notification:
# Nextcloud two-factor notification: sends notifications for two-factor authentication events (https://apps.nextcloud.com/apps/twofactor_nextcloud_notification)
enabled: "{{ not applications.nextcloud.features.oidc | default(true) }}" # Deactivate 2FA if oidc is active
twofactor_totp:
# Nextcloud two-factor TOTP: provides time-based one-time password authentication (https://apps.nextcloud.com/apps/twofactor_totp)
enabled: "{{ not applications.nextcloud.features.oidc | default(true) }}" # Deactivate 2FA if oidc is active
user_ldap:
# Nextcloud user LDAP: integrates LDAP for user management and authentication (https://apps.nextcloud.com/apps/user_ldap)
enabled: "{{ applications.nextcloud.features.ldap | default(true) }}"
user_oidc:
# Nextcloud User OIDC: integrates OpenID Connect for user authentication (https://apps.nextcloud.com/apps/user_oidc)
enabled: "{{ _applications_nextcloud_oidc_flavor=='user_oidc' | lower }}"
incompatible_plugins:
- oidc_login
- sociallogin
whiteboard:
# Nextcloud Whiteboard: provides a collaborative drawing and brainstorming tool (https://apps.nextcloud.com/apps/whiteboard)
enabled: true
## OAuth2 Proxy
oauth2_proxy:
configuration_file: "oauth2-proxy-keycloak.cfg" # Needs to be set true in the roles which use it
version: "latest" # Docker Image version
redirect_url: "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': false,
}) }}{% raw %}
## Open Project
openproject:
version: "13" # Update when available. Sadly no rolling release implemented
oauth2_proxy:
application: "proxy"
port: "80"
# cookie_secret: None # Set via openssl rand -hex 16
ldap:
filters:
administrators: True # Set true to filter administrators
users: False # Set true to filter users
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': false,
'ldap': true,
'database': true,
'oauth2': true,
}) }}{% raw %}
## Peertube
peertube:
version: "bookworm"
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': false,
'database': true,
}) }}{% raw %}
## PgAdmin
pgadmin:
version: "latest"
server_mode: False # If true then the preconfigured database file is loaded. Recommended False. True is a security risk.
master_password_required: True # Master password is required. Recommended True. False is a security risk.
users:
administrator:
email: "{{ users.administrator.email }}" # Initial login email address
password: "{{ users.administrator.initial_password }}" # Initial login password should be overridden in inventory for security
oauth2_proxy:
application: "application"
port: "80"
# cookie_secret: None # Set via: openssl rand -hex 16
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': false,
'database': true,
'oauth2': true,
}) }}{% raw %}
## phpLDAPadmin
phpldapadmin:
version: "2.0.0-dev" # @todo Attention: Change this as fast as released to latest
oauth2_proxy:
application: application # Needs to be the same as webinterface
port: 8080 # application port
# cookie_secret: None # Set via openssl rand -hex 16
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': false,
'ldap': true,
'oauth2': true,
}) }}{% raw %}
## PHPMyAdmin
phpmyadmin:
version: "latest" # Use the latest phpmyadmin version
autologin: false # This is a high security risk. Just activate this option if you know what you're doing
oauth2_proxy:
port: "80"
application: "application"
# cookie_secret: None # Set via openssl rand -hex 16
{% endraw %}{{ features.render_features({
'matomo': true,
'css': false,
'iframe': false,
'database': true,
'oauth2': true,
}) }}{% raw %}
## Pixelfed
pixelfed:
titel: "Pictures on {{primary_domain}}"
version: "latest"
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': false,
'database': true,
}) }}{% raw %}
## Postgres
# Please set an version in your inventory file - Rolling release for postgres isn't recommended
postgres:
version: "latest"
portfolio:
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': false,
}) }}{% raw %}
## Presentation
presentation:
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': true,
}) }}{% raw %}
# Snipe-IT
snipe_it:
version: "latest"
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': false,
'database': true,
}) }}{% raw %}
## Sphinx
sphinx:
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': false,
}) }}{% raw %}
## Taiga
taiga:
version: "latest"
oidc:
# Taiga doesn't have a functioning oidc support at the moment
# See
# - https://community.taiga.io/t/taiga-and-oidc-plugin/4866
#
# Due to this reason this plutin is deactivated atm
flavor: 'taigaio' # Potential flavors: robrotheram, taigaio
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': false,
'oidc': false,
'database': true,
}) }}{% raw %}
## YOURLS
yourls:
users:
administrator:
username: "{{users.administrator.username}}"
version: "latest"
oauth2_proxy:
application: "application"
port: "80"
location: "/admin/" # Protects the admin area
# cookie_secret: None # Set via openssl rand -hex 16
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
'iframe': false,
'database': true,
'oauth2': true,
}) }}{% raw %}
wordpress:
# Deactivate Global theming for wordpress role
# due to the reason that wordpress has to much different themes
# and one styling for all is not possible.
#
# May a solution could be to generate a template or css file dedicated
# for wordpress based on the theming values and import it.
title: "Blog" # Wordpress titel
credentials: # Credentials
administrator: # Wordpress administrator
username: "{{users.administrator.username}}" # Username of the wordpress administrator
# password: # Password of the wordpress administrator
email: "{{users.administrator.email}}" # Email of the wordpress adminsitrator
plugins:
discourse: false
oidc: true
{% endraw %}{{ features.render_features({
'matomo': true,
'css': false,
'iframe': false,
'oidc': true,
'database': true,
}) }}{% raw %}

19
templates/vars/features.yml.j2 Normal file
View File

@ -0,0 +1,19 @@
{% macro render_features(options) %}
features:
{%- set feature_map = {
'matomo': 'Enables Matomo tracking',
'css': 'Enables custom CSS styling',
'iframe': 'Allows embedding via iframe on landing page',
'ldap': 'Enables LDAP integration and networking',
'oidc': 'Enables OpenID Connect (OIDC) authentication',
'oauth2': 'Enables OAuth2 proxy integration',
'database': 'Enables use of central database'
} %}
{%- for key, comment in feature_map.items() %}
{%- if key in options %}
{{ key }}: {{ options[key] }} # {{ comment }}
{%- endif %}
{%- endfor %}
{% endmacro %}

16
tests/unit/test_docker_cards.py
View File

@ -44,7 +44,13 @@ galaxy_info:
# Define dummy variables including group_names that contain the application_id "portfolio".
fake_variables = {
"domains": {"portfolio": "myportfolio.com"},
"applications": {"portfolio": {"landingpage_iframe_enabled": True}},
"applications": {
"portfolio": {
"features": {
"iframe": True
}
}
},
"group_names": ["portfolio"]
}
result = lookup_module.run([self.test_roles_dir], variables=fake_variables)
@ -71,7 +77,13 @@ galaxy_info:
# Set fake variables with group_names that do NOT include the application_id "portfolio".
fake_variables = {
"domains": {"portfolio": "myportfolio.com"},
"applications": {"portfolio": {"landingpage_iframe_enabled": True}},
"applications": {
"portfolio": {
"features": {
"iframe": True
}
}
},
"group_names": [] # Not including "portfolio"
}
result = lookup_module.run([self.test_roles_dir], variables=fake_variables)