kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-04-28 18:30:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: kevinveenbirkenbach:6d5113b6ea96b6eb70d027d443a32e00cbf5f083
Branches Tags
kevinveenbirkenbach:master
..
compare: kevinveenbirkenbach:aa591de3e5c86d0d990f128c3d4a3a931af083ba
Branches Tags
kevinveenbirkenbach:master

No commits in common. "6d5113b6ea96b6eb70d027d443a32e00cbf5f083" and "aa591de3e5c86d0d990f128c3d4a3a931af083ba" have entirely different histories.
6d5113b6ea ... aa591de3e5

6 changed files with 16 additions and 101 deletions
Show Stats Expand all files Collapse all files

15
group_vars/all/07_applications.yml
View File

@ -126,7 +126,6 @@ defaults_applications:
enabled: true # Activate the OAuth2 Proxy for the LDAP Webinterface
application: lam # Needs to be the same as webinterface
port: 80 # If you use phpldapadmin set it to 8080
# cookie_secret: None # Set via openssl rand -hex 16
database:
central_storage: false # LDAP doesn't use an database in the current configuration. Propably a good idea to implement one later.
# administrator_password: # CHANGE for security reasons in inventory file
@ -165,7 +164,6 @@ defaults_applications:
version: "latest"
oauth2_proxy:
enabled: false # Deactivated atm. @todo implement
# cookie_secret: None # Set via openssl rand -hex 16
# database_password: Null # Needs to be set in inventory file
# auth_token: Null # Needs to be set in inventory file
css:
@ -239,13 +237,15 @@ defaults_applications:
# database_password: Null # Needs to be set in inventory file
administrator_username: "{{administrator_username}}"
administrator_initial_password: "{{administrator_initial_password}}"
## OAuth2 Proxy
oauth2_proxy:
configuration_file: "oauth2-proxy-keycloak.cfg" # Needs to be set true in the roles which use it
version: "latest" # Docker Image version
redirect_url: "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups
cookie_secret: "{{ applications.oauth2_proxy.cookie_secret if applications.oauth2_proxy is defined else '' }}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16
## Open Project
openproject:
@ -254,7 +254,6 @@ defaults_applications:
enabled: true # OpenProject doesn't support OIDC, so this procy in combination with LDAP is needed
application: "proxy"
port: "80"
# cookie_secret: None # Set via openssl rand -hex 16
ldap_enabled: True # Enables LDAP by default
database:
central_storage: True
@ -271,16 +270,13 @@ defaults_applications:
## PHPMyAdmin
phpmyadmin:
version: "latest"
autologin: false # This is a high security risk. Just activate this option if you know what you're doing
autologin: false # This is a high security risk. Just activate this option if you know what you're doing
oauth2_proxy:
enabled: true
port: "80"
application: "application"
# cookie_secret: None # Set via openssl rand -hex 16
database:
central_storage: True
css:
enabled: False # The css needs more optimation for PHPMyAdmin
## Pixelfed
pixelfed:
@ -318,8 +314,7 @@ defaults_applications:
enabled: true
application: "application"
port: "80"
location: "/admin/" # Protects the admin area
# cookie_secret: None # Set via openssl rand -hex 16
location: "/admin/" # Protects the admin area
database:
central_storage: True

19
roles/docker-nextcloud/README.md
View File

@ -92,24 +92,9 @@ To use OCC, run:
```bash
docker-compose exec -it -u www-data application /var/www/html/occ
```
### User Administration
#### Make user admin via cli
```bash
docker compose exec -it -u www-data application php occ group:adduser admin {{username}}
```
#### Delete user via CLI
```bash
docker compose exec -it -u www-data application php occ user:delete {{username}}
```
---
### App Administration
```bash
docker compose exec -u www-data application php occ config:list {{app_name}}
```
## App Relevant Tables 🗃️
- `oc_appconfig`
@ -145,10 +130,6 @@ docker compose exec -u www-data application /var/www/html/occ config:app:get soc
More information: https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html
## Federation
If users are just created via Keycloak and not via LDAP, they have a different username. Due to this reaso concider to use LDAP to guaranty that the username is valid.
---
## Further Information

4
roles/docker-nextcloud/tasks/ldap.yml
View File

@ -1,6 +1,4 @@
# @See https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html
# @See https://chatgpt.com/c/67aa2d21-cb4c-800f-b1be-8629b6bd3f55
# @todo implement
#docker compose exec -u www-data application php occ app:enable user_ldap
occ config:app:set user_ldap installed_version --value "1.21.0"
#docker compose exec -u www-data application php occ app:enable user_ldap

8
roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
View File

@ -1,7 +1,7 @@
http_address = "0.0.0.0:4180"
cookie_secret = "{{applications[application_id].oauth2_proxy.cookie_secret}}"
cookie_secret = "{{applications.oauth2_proxy.cookie_secret}}"
email_domains = "{{primary_domain}}"
cookie_secure = "true" # True is necessary to force the cookie set via https
cookie_secure = "false"
upstreams = "http://{{applications[application_id].oauth2_proxy.application}}:{{applications[application_id].oauth2_proxy.port}}"
cookie_domains = ["{{domain}}", "{{domains.keycloak}}"] # Required so cookie can be read on all subdomains.
whitelist_domains = [".{{primary_domain}}"] # Required to allow redirection back to original requested target.
@ -15,5 +15,5 @@ provider = "oidc"
provider_display_name = "Keycloak"
# role restrictions
#cookie_roles = "realm_access.roles"
allowed_roles = "{{applications.oauth2_proxy.allowed_roles}}" # This is not correct here. needs to be placed in applications @todo move there when implementing
#cookie_roles = "realm_access.roles"
allowed_roles = "{{applications.oauth2_proxy.allowed_roles}}"

2
roles/docker-openproject/vars/main.yml
View File

@ -1,6 +1,6 @@
application_id: "openproject"
docker_repository_address: "https://github.com/opf/openproject-deploy"
database_password: "{{applications[application_id].credentials.database_password}}"
database_password: "{{openproject_database_password}}"
database_type: "postgres"
openproject_plugins_service: "{{docker_compose.directories.services}}plugins/"

69
roles/nginx-modifier-css/templates/global.css.j2
View File

@ -97,13 +97,6 @@ HINT:
--bs-highlight-color: var(--color-10); /* Gemappt von #212529 */
--bs-border-color-translucent: rgba(var(--color-rgb-01), 0.175); /* Gemappt von rgba(0, 0, 0, 0.175) */
--bs-focus-ring-color: rgba(var(--color-rgb-65), 0.25); /* Gemappt von rgba(13, 110, 253, 0.25) */
--bs-table-color: var(--bs-emphasis-color);
--bs-table-bg: var(--color-99); /* White (#fff) */
--bs-table-border-color: var(--color-99); /* White (#fff) */
--bs-table-striped-bg: var(--color-85); /* Light Gray (entspricht ca. #dee2e6) */
--bs-table-hover-color: var(--color-01); /* Black (#000) */
--bs-table-hover-bg: rgba(var(--bs-emphasis-color-rgb), 0.075);
}
@ -824,7 +817,7 @@ html[native-dark-active] .btn, .btn {
}
/* Navigation (Background and Text Colors) */
.navbar, .navbar-light, .navbar-dark, .navbar.bg-light {
.navbar, .navbar-light, .navbar-dark {
background-color: var(--color-90);
/* New Gradient based on original background (90 -5, 90, 90 +1, 90 +5) */
background: linear-gradient({{ range(0, 361) | random }}deg, var(--color-85), var(--color-90), var(--color-91), var(--color-95));
@ -847,7 +840,6 @@ html[native-dark-active] .btn, .btn {
/* New Gradient based on original background (90 -5, 90, 90 +1, 90 +5) */
background: linear-gradient({{ range(0, 361) | random }}deg, var(--color-85), var(--color-90), var(--color-91), var(--color-95));
border-color: var(--color-85);
color: var(--color-12);
}
.card-body {
@ -878,7 +870,7 @@ html[native-dark-active] .btn, .btn {
color: var(--color-40);
}
/* Keycloak */
/* Keycloak Header */
div#app header, div#app header *{
background-color: var(--color-60);
/* New Gradient based on original background (60 -5, 60, 60 +1, 60 +5) */
@ -999,6 +991,7 @@ div#mastodon .dropdown-button{
div#mastodon .button, div#mastodon .button:active, div#mastodon .button:focus, div#mastodon .button:hover{
background-color: var(--color-71);
/* New Gradient based on original background (71 -5, 71, 71 +1, 71 +5) */
background: linear-gradient({{ range(0, 361) | random }}deg, var(--color-66), var(--color-71), var(--color-72), var(--color-76));
}
@ -1009,65 +1002,22 @@ div#mastodon .button, div#mastodon .button:active, div#mastodon .button:focus, d
/** OpenProject **/
header.op-app-header{
background-color: var(--color-40);
/* New Gradient based on original background (40 -5, 40, 40 +1, 40 +5) */
background: linear-gradient({{ range(0, 361) | random }}deg, var(--color-35), var(--color-40), var(--color-41), var(--color-45));
color: var(--color-40);
}
/** Open Project **/
div#wrapper button, div#wrapper input, button.top-menu-search-button, div.menu-sidebar a{
background-color: transparent;
}
/* OAuth2 Proxy */
{# The variables look like they are bootstrap variables. @todo Verify and generalize if possible #}
.box {
background-color: var(--color-92);
color: var(--color-10);
}
.subtitle {
color: inherit;
}
.has-background-light {
background-color: var(--color-96) !important;
}
/* Pixelfed */
div.page-wrapper{
background: none;
background-color: none;
}
/* PHP MyAdmin */
#pma_navigation {
background: linear-gradient(to right, var(--color-95), var(--color-85));
color: var(--color-05);
}
#pma_navigation_tree a {
color: var(--color-05);
}
#pma_navigation_tree li.activePointer, #pma_navigation_tree li.selected {
color: var(--color-05);
background-color: var(--color-70);
}
.breadcrumb-navbar {
background-color: var(--color-86);
}
.navbar-nav .nav-item {
background: linear-gradient(var(--color-99), var(--color-85));
border-right-color: var(--color-99);
border-left-color: var(--color-80);
border-bottom-color: var(--color-80);
}
.result_query div.sqlOuter {
background: var(--color-50);
}
/** Taiga specific configuration **/
section.main.kanban{
@ -1099,15 +1049,6 @@ section.kanban h1, section.kanban h2{
background: linear-gradient({{ range(0, 361) | random }}deg, var(--color-70), var(--color-75), var(--color-76), var(--color-80));
}
.kanban.swimlane .kanban-header {
background: none;
}
.kanban-table-header .task-colum-name {
background-color: var(--color-70);
color: var(--color-10);
}
/* Portfolio */
.card-img-top i {
filter: drop-shadow(4px 4px 4px rgba(var(--color-rgb-23), 0.6));