group_vars/all

@@ -1,49 +1,3 @@
-# PASSWORDS AND SECRETS:
-
-akaunting_database_password:        "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-akaunting_setup_admin_password:     "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-baserow_database_password:          "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-bigbluebutton_database_password:    "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-bigbluebutton_etherpad_api_key:     "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-bigbluebutton_fsesl_password:       "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-bigbluebutton_rails_secret:         "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-bigbluebutton_shared_secret:        "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-bigbluebutton_postgresql_secret:    "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-bigbluebutton_turn_secret:          "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-central_mariadb_root_password:      "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-central_postgres_password:          "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-discourse_database_password:        "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-gitlab_database_password:	          "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-gitlab_initial_root_password:       "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-gitea_database_password:            "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-listmonk_admin_password:            "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-listmonk_database_password:         "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-mailu_api_token:                    "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-mailu_database_password:            "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-mailu_initial_root_password:        "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-mailu_secret_key:                   "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-mastodon_database_password:         "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-mastodon_otp_secret:                "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-mastodon_secret_key_base:           "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-mastodon_vapid_private_key:         "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-mastodon_vapid_public_key:          "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-matomo_auth_token:                  "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-matomo_database_password:           "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-matrix_database_password:           "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-matrix_generic_secret_key:		      "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-matrix_form_secret:                 "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-matrix_macaroon_secret_key:         "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-matrix_registration_shared_secret:  "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-nextcloud_database_password:        "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-openproject_database_password:      "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-peertube_database_password:         "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-peertube_secret:                    "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-pixelfed_database_password:         "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-pixelfed_app_key:                   "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-wordpress_database_password:        "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-yourls_database_password:           "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-yourls_user_password:               "I_NEED_TO_CHANGE_THIS_UNSECURE_PASSWORD"
-
 # General
 setup:                false       # Pass CLI commands to execute the setup tasks for the different roles
 verbose:              false       # Prints well formated debug information
@@ -183,38 +137,25 @@ postgres_default_version:       "16"
 
 ### Docker Role Specific Parameters
 
-#### Akaunting
-version_akaunting:            "latest"
-akaunting_company_name:       "DUMMY_VALUE_NEEDS_TO_BE_CHANGED"
-akaunting_company_email:      "DUMMY_VALUE_NEEDS_TO_BE_CHANGED"
-akaunting_setup_admin_email:  "DUMMY_VALUE_NEEDS_TO_BE_CHANGED"
-
-#### Listmonk
-listmonk_admin_username:          "admin"
-
-#### Mastodon
-version_mastodon:                 "latest"
-mastodon_single_user_mode:        false
+#### Pixelfed
+pixelfed_app_name:      "Pictures"
 
 #### Matrix
 matrix_playbook_tags:   "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start
 matrix_role:            "compose"         # Role to setup Matrix. Valid values: ansible, compose
 
+#### Mastodon
+version_mastodon:       "latest"
+
+#### Akaunting
+version_akaunting:      "latest"
+
 #### Mailu
-version_mailu:                    "2.0"
-mailu_domain:                     "{{top_domain}}"
-mailu_subnet:                     "192.168.203.0/24"
+version_mailu:          "2.0"
 
 #### Nextcloud
 version_nextcloud:      "production"  # Danger: Nextcloud can't skipp major version updates.
 
-#### Pixelfed
-pixelfed_app_name:      "Pictures"
-
-#### YOURLS
-yourls_user:            "admin"
-
-
 # Routing Configurations for Domain Redirections
 redirect_domain_mappings:
 - { source: "bbb.{{top_domain}}",         target: "{{domain_bigbluebutton}}" }

roles/docker-discourse/handlers/main.yml

@@ -2,4 +2,4 @@
 - name: recreate discourse
   command:
     cmd: ./launcher rebuild app
-    chdir: "{{discourse_repository_directory}}"
+    chdir: "{{docker_compose_instance_directory}}"

roles/docker-discourse/tasks/main.yml

@@ -18,51 +18,30 @@
     state: directory
     mode: 0755
 
-- name: add docker-compose.yml
-  template: src=docker-compose.yml.j2 dest={{docker_compose_instance_directory}}docker-compose.yml
-  notify: docker compose project setup
-
-- name: flush, to recreate discourse docker compose
-  meta: flush_handlers
-  when: enable_central_database | bool
+- name: checkout repository 
+  ansible.builtin.shell: git checkout .
+  become: true
+  args:
+    chdir: "{{docker_compose_instance_directory}}"
+  ignore_errors: true
 
 - name: pull docker repository
   git:
     repo: "https://github.com/discourse/discourse_docker.git"
-    dest: "{{discourse_repository_directory}}"
+    dest: "{{docker_compose_instance_directory}}"
     update: yes
   notify: recreate discourse
   become: true
   ignore_errors: true
 
-- name: set chmod 700 for {{discourse_repository_directory}}containers
+- name: set chmod 700 for {{docker_compose_instance_directory}}containers
   ansible.builtin.file:
-    path: "{{discourse_repository_directory}}/containers"
+    path: "{{docker_compose_instance_directory}}/containers"
     mode: '700'
     state: directory
 
-- name: "copy configuration to {{discourse_repository_directory}}containers/app.yml"
+- name: "copy configuration to {{docker_compose_instance_directory}}containers/app.yml"
   template: 
     src: app.yml.j2
-    dest: "{{discourse_repository_directory}}containers/app.yml"
+    dest: "{{docker_compose_instance_directory}}containers/app.yml"
   notify: recreate discourse
-
-- name: "Ensure {{docker_compose_project_name}}_default network exists"
-  community.docker.docker_network:
-    name: "{{docker_compose_project_name}}_default"
-    state: present
-  when: enable_central_database | bool
-
-- name: "add central database temporary to {{docker_compose_project_name}}_default"
-  command:
-    cmd: "docker network connect discourse_default central-{{ database_type }}"
-  when: enable_central_database | bool
-
-- name: flush, to recreate discourse app
-  meta: flush_handlers
-  when: enable_central_database | bool
-
-- name: "remove central database from {{docker_compose_project_name}}_default"
-  command:
-    cmd: "docker network disconnect discourse_default central-{{ database_type }}"
-  when: enable_central_database | bool

roles/docker-discourse/templates/app.yml.j2

@@ -1,8 +1,17 @@
+## this is the all-in-one, standalone Discourse Docker container template
+##
+## After making changes to this file, you MUST rebuild
+## /var/discourse/launcher rebuild app
+##
+## BE *VERY* CAREFUL WHEN EDITING!
+## YAML FILES ARE SUPER SUPER SENSITIVE TO MISTAKES IN WHITESPACE OR ALIGNMENT!
+## visit http://www.yamllint.com/ to validate this file as needed
+
 templates:
 {% if not enable_central_database | bool %}
   - "templates/postgres.template.yml"
 {% endif %}
-  #- "templates/redis.template.yml"
+  - "templates/redis.template.yml"
   - "templates/web.template.yml"
   ## Uncomment the next line to enable the IPv6 listener
   #- "templates/web.ipv6.template.yml"
@@ -16,6 +25,7 @@ templates:
 ## see https://meta.discourse.org/t/17247 for details
 expose:
   - "127.0.0.1:{{http_port}}:80"   # http
+  #- "443:443" # https
 
 params:
   db_default_text_search_config: "pg_catalog.english"
@@ -63,14 +73,13 @@ env:
   DISCOURSE_SMTP_DOMAIN:            {{ system_email_domain }}
   DISCOURSE_NOTIFICATION_EMAIL:     {{ system_email }}
 
+{% if enable_central_database | bool %}
   # Database Configuration
   DISCOURSE_DB_USERNAME: {{ database_username }}
   DISCOURSE_DB_PASSWORD: {{ database_password }}
   DISCOURSE_DB_HOST:     {{ database_host }}
   DISCOURSE_DB_NAME:     {{ database_databasename }}
-
-  # Redis Configuration
-  DISCOURSE_REDIS_HOST: {{docker_compose_project_name}}-redis
+{% endif %}
 
   ## If you added the Lets Encrypt template, uncomment below to get a free SSL certificate
   #LETSENCRYPT_ACCOUNT_EMAIL: administrator@veen.world
@@ -118,5 +127,7 @@ run:
   - exec: echo "End of custom commands"
 
 docker_args:
-  - --network={{docker_compose_project_name}}_default
+{% if enable_central_database | bool %}
+  - --network=central_{{ database_type }}_network
+{% endif %}
   - --name=discourse_application

roles/docker-discourse/templates/docker-compose.yml.j2

@@ -1,12 +0,0 @@
-version: '3.8'
-
-services:
-
-{% include 'templates/docker-service-redis.yml.j2' %}
-
-{% include 'templates/docker-service-' + database_type + '.yml.j2' %}
-
-{% include 'templates/docker-compose-volumes.yml.j2' %}
-  redis:
-
-{% include 'templates/docker-compose-networks.yml.j2' %}

roles/docker-discourse/vars/main.yml

@@ -1,4 +1,3 @@
-docker_compose_project_name:     "discourse"
-database_password:               "{{ baserow_database_password }}"
-database_type:                   "postgres"
-discourse_repository_directory:  "{{ path_docker_compose_instances + docker_compose_project_name + '/repository/' }}"
+docker_compose_project_name:        "discourse"
+database_password:                  "{{ baserow_database_password }}"
+database_type:                      "postgres"

roles/docker-listmonk/tasks/main.yml

@@ -22,13 +22,3 @@
     src:  "config.toml.j2" 
     dest: "{{docker_compose_instance_directory}}config.toml"
   notify: docker compose project setup
-
-- name: flush docker service
-  meta: flush_handlers
-  when: setup | bool 
-
-- name: setup routine for listmonk
-  command:
-    cmd: "yes | docker compose run -T --rm application ./listmonk --install"
-    chdir: "{{docker_compose_instance_directory}}"
-  when: setup | bool 

roles/docker-mailu/tasks/main.yml

@@ -61,13 +61,3 @@
     on_calendar:  "{{on_calendar_deploy_mailu_certificates}}"
     service_name: "deploy-letsencrypt-mailu"
     persistent:   "true"
-
-- name: flush docker service
-  meta: flush_handlers
-  when: setup | bool 
-
-- name: execute database migration
-  command:
-    cmd: "docker compose -p mailu exec admin flask mailu admin admin {{top_domain}} {{mailu_initial_root_password}}"
-    chdir: "{{docker_compose_instance_directory}}"
-  when: setup | bool 

roles/docker-mailu/templates/docker-compose.yml.j2

@@ -12,6 +12,7 @@ services:
     env_file: mailu.env
     restart: always
 {% include 'templates/docker-container-networks.yml.j2' %}
+      default:
         ipv4_address: 192.168.203.254
     logging:
       driver: journald
@@ -38,6 +39,7 @@ services:
       resolver:
         condition: service_started
 {% include 'templates/docker-container-networks.yml.j2' %}
+      default:
       webmail:
       radicale:
     dns:
@@ -122,6 +124,7 @@ services:
     logging:
       driver: journald
 {% include 'templates/docker-container-networks.yml.j2' %}
+      default:
       noinet:  
 
 
@@ -201,6 +204,7 @@ services:
   redis:
 
 {% include 'templates/docker-compose-networks.yml.j2' %}
+  default:
     driver: bridge
     ipam:
       driver: default

roles/docker-mariadb/tasks/main.yml

@@ -1,6 +1,6 @@
 - name: Create Docker network for MariaDB
   docker_network:
-    name: central_mariadb
+    name: central_mariadb_network
     state: present
   when: run_once_docker_mariadb is not defined
 
@@ -18,18 +18,12 @@
       MARIADB_ROOT_PASSWORD:  "{{central_mariadb_root_password}}"
       MARIADB_AUTO_UPGRADE:   "1"
     networks:
-      - name: central_mariadb
+      - name: central_mariadb_network
     volumes:
       - central_mariadb_database:/var/lib/mysql
     published_ports:
       - "127.0.0.1:3306:3306" # can be that this will be removed if all applications use sockets
     command: "--transaction-isolation=READ-COMMITTED --binlog-format=ROW" #for nextcloud
-    restart_policy: unless-stopped
-    healthcheck:
-      test: "/usr/bin/mariadb --user=root --password={{central_mariadb_root_password}} --execute \"SHOW DATABASES;\""
-      interval: 3s
-      timeout: 1s
-      retries: 5
   when: run_once_docker_mariadb is not defined
 
 - name: install python-mysqlclient

roles/docker-mastodon/tasks/main.yml

@@ -24,11 +24,7 @@
     dest: "{{docker_compose_instance_directory}}.env.production"
   notify: docker compose project setup
 
-- name: flush docker service
-  meta: flush_handlers
-  when: setup | bool 
-
-- name: setup routine for mastodon
+- name: execute database migration
   command:
     cmd: "docker-compose run --rm web bundle exec rails db:migrate"
     chdir: "{{docker_compose_instance_directory}}"

roles/docker-openproject/templates/docker-compose.yml.j2

@@ -50,9 +50,7 @@ services:
 {% include 'templates/docker-container-networks.yml.j2' %}
 {% include 'templates/docker-container-depends-on-also-database.yml.j2' %}
       cache:
-        condition: service_started
       seeder:
-        condition: service_started
     labels:
       - autoheal=true
     healthcheck:
@@ -77,9 +75,7 @@ services:
 {% include 'templates/docker-container-networks.yml.j2' %}
 {% include 'templates/docker-container-depends-on-also-database.yml.j2' %}
       cache:
-        condition: service_started
       seeder:
-        condition: service_started
 
   cron:
     <<: *app
@@ -87,9 +83,7 @@ services:
 {% include 'templates/docker-container-networks.yml.j2' %}
 {% include 'templates/docker-container-depends-on-also-database.yml.j2' %}
       cache:
-        condition: service_started
       seeder:
-        condition: service_started
 
   seeder:
     <<: *app

roles/docker-postgres/tasks/main.yml

@@ -1,6 +1,6 @@
 - name: Create Docker network for PostgreSQL
   docker_network:
-    name: central_postgres
+    name: central_postgres_network
     state: present
   when: run_once_docker_postgres is not defined
 
@@ -13,18 +13,11 @@
       POSTGRES_PASSWORD: "{{ central_postgres_password }}"
       POSTGRES_INITDB_ARGS: "--encoding=UTF8 --locale=C" # Necessary for docker-matrix
     networks:
-      - name: central_postgres
+      - name: central_postgres_network
     published_ports:
       - "127.0.0.1:5432:5432"
     volumes:
       - central_postgres_database:/var/lib/postgresql/data
-    restart_policy: unless-stopped
-    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U postgres"]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-      start_period: 30s
   when: run_once_docker_postgres is not defined
 
 - name: wait for availability of postgres

roles/docker-roulette-wheel/templates/docker-compose.yml.j2

@@ -1,7 +1,7 @@
 version: '3.7'
 services:
     application:
-        container_name: roulette_application
+        container_name: application
         build:
             context: .
         ports:

templates/docker-compose-networks.yml.j2

@@ -1,8 +1,8 @@
 # This template needs to be included in docker-compose.yml
 networks:
 {% if enable_central_database | bool %}
-  central_{{ database_type }}:
+  central_{{ database_type }}_network:
     external: true
 {% endif %}
-  default:
+  {{docker_compose_project_name}}_network:
 {{ "\n" }}

templates/docker-container-networks.yml.j2

@@ -1,7 +1,7 @@
 # This template needs to be included in docker-compose.yml containers
     networks:
+      {{docker_compose_project_name}}_network:
 {% if enable_central_database | bool %}
-      central_{{ database_type }}:
+      central_{{ database_type }}_network:
 {% endif %}
-      default:
 {{ "\n" }}

templates/docker-service-mariadb.yml.j2

@@ -1,7 +1,6 @@
 # This template needs to be included in docker-compose.yml, which depend on a mariadb database
 {% if not enable_central_database | bool %}
   database:
-    container_name: {{docker_compose_project_name}}-mariadb
     logging:
       driver: journald
     image: mariadb
@@ -21,6 +20,6 @@
       timeout: 1s
       retries: 5
     networks:
-      - default
+      - {{docker_compose_project_name}}_network
 {% endif %}
 {{ "\n" }}

templates/docker-service-postgres.yml.j2

@@ -2,7 +2,6 @@
 {% if not enable_central_database | bool %}  
   database:
     image: postgres:{{database_version}}-alpine
-    container_name: {{docker_compose_project_name}}-postgres
     environment:
       - POSTGRES_PASSWORD={{database_password}}
       - POSTGRES_USER={{database_username}}
@@ -19,6 +18,6 @@
         source: database
         target: /var/lib/postgresql/data
     networks:
-      - default
+      - {{docker_compose_project_name}}_network
 {% endif %}
 {{ "\n" }}

templates/docker-service-redis.yml.j2

@@ -1,7 +1,6 @@
 # This template needs to be included in docker-compose.yml, which depend on redis
   redis:
     image: redis:alpine
-    container_name: {{docker_compose_project_name}}-redis
     restart: always
     logging:
       driver: journald
@@ -13,5 +12,5 @@
       timeout: 3s
       retries: 30
     networks:
-      - default
+      - {{docker_compose_project_name}}_network
 {{ "\n" }}