kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-07-16 21:44:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: kevinveenbirkenbach:8ae99aaf469db7f75d4799095972cec20cc555bc
Branches Tags
kevinveenbirkenbach:master
..
compare: kevinveenbirkenbach:82f442f40e2b66ebd37a6ccf094ec86ece89f4bf
Branches Tags
kevinveenbirkenbach:master

No commits in common. "8ae99aaf469db7f75d4799095972cec20cc555bc" and "82f442f40e2b66ebd37a6ccf094ec86ece89f4bf" have entirely different histories.
8ae99aaf46 ... 82f442f40e

200 changed files with 1123 additions and 1590 deletions
Show Stats Expand all files Collapse all files

9
Makefile
View File

@ -1,11 +1,12 @@
ROLES_DIR=./roles
# Makefile for j2render
TEMPLATE=./templates/vars/applications.yml.j2
OUTPUT=./group_vars/all/11_applications.yml
SCRIPT=./cli/generate_defaults_applications.py
build:
@echo "🔧 Generating $(OUTPUT) from roles in $(ROLES_DIR)..."
@echo "🔧 Building rendered file from $(TEMPLATE)..."
@mkdir -p $(dir $(OUTPUT))
python3 $(SCRIPT) --roles-dir $(ROLES_DIR) --output-file $(OUTPUT)
j2r $(TEMPLATE) $(OUTPUT)
@echo "✅ Output written to $(OUTPUT)"
install: build

0
cli/__init__.py
View File

36
cli/fix_tabs.py
View File

@ -1,36 +0,0 @@
#!/usr/bin/env python3
import os
from pathlib import Path
ROLES_DIR = Path("roles") # Adjust this if needed
FILES_FIXED = []
def fix_tabs_in_file(file_path):
with open(file_path, "r") as f:
lines = f.readlines()
if any('\t' in line for line in lines):
fixed_lines = [line.replace('\t', ' ') for line in lines]
with open(file_path, "w") as f:
f.writelines(fixed_lines)
FILES_FIXED.append(str(file_path))
def main():
for role_dir in sorted(ROLES_DIR.iterdir()):
if not role_dir.is_dir():
continue
vars_main = role_dir / "vars" / "main.yml"
if vars_main.exists():
fix_tabs_in_file(vars_main)
if FILES_FIXED:
print("✅ Fixed tab characters in the following files:")
for f in FILES_FIXED:
print(f" - {f}")
else:
print("✅ No tabs found in any vars/main.yml files.")
if __name__ == "__main__":
main()

62
cli/generate_defaults_applications.py
View File

@ -1,62 +0,0 @@
#!/usr/bin/env python3
import argparse
import os
import yaml
from pathlib import Path
def load_yaml_file(path):
"""Load a YAML file if it exists, otherwise return an empty dict."""
if not path.exists():
return {}
with path.open("r", encoding="utf-8") as f:
return yaml.safe_load(f) or {}
def main():
parser = argparse.ArgumentParser(description="Generate defaults_applications YAML from docker roles.")
parser.add_argument("--roles-dir", default="roles", help="Path to the roles directory (default: roles)")
parser.add_argument("--output-file", default="group_vars/all/11_applications.yml", help="Path to output YAML file")
args = parser.parse_args()
cwd = Path.cwd()
roles_dir = (cwd / args.roles_dir).resolve()
output_file = (cwd / args.output_file).resolve()
output_file.parent.mkdir(parents=True, exist_ok=True)
result = {"defaults_applications": {}}
for role_dir in sorted(roles_dir.iterdir()):
role_name = role_dir.name
vars_main = role_dir / "vars" / "main.yml"
config_file = role_dir / "vars" / "configuration.yml"
if not vars_main.exists():
print(f"[!] Skipping {role_name}: vars/main.yml missing")
continue
vars_data = load_yaml_file(vars_main)
application_id = vars_data.get("application_id")
if not application_id:
print(f"[!] Skipping {role_name}: application_id not defined in vars/main.yml")
continue
if not config_file.exists():
print(f"[!] Skipping {role_name}: vars/configuration.yml missing")
continue
config_data = load_yaml_file(config_file)
if config_data:
result["defaults_applications"][application_id] = config_data
with output_file.open("w", encoding="utf-8") as f:
yaml.dump(result, f, sort_keys=False)
try:
print(f"✅ Generated: {output_file.relative_to(cwd)}")
except ValueError:
print(f"✅ Generated: {output_file}")
if __name__ == "__main__":
main()

6
group_vars/all/00_general.yml
View File

@ -48,9 +48,3 @@ certbot_dns_propagation_wait_seconds: 40 # How long sho
certbot_flavor: san # Possible options: san (recommended, with a dns flavor like cloudflare, or hetzner), wildcard(doesn't function with www redirect), deicated
certbot_webroot_path: "/var/lib/letsencrypt/" # Path used by Certbot to serve HTTP-01 ACME challenges
certbot_cert_path: "/etc/letsencrypt/live" # Path containing active certificate symlinks for domains
## Docker Role Specific Parameters
docker_restart_policy: "unless-stopped"
# helper
_applications_nextcloud_oidc_flavor: "{{ applications.nextcloud.oidc.flavor | default('oidc_login' if applications.nextcloud.features.ldap | default(true) else 'sociallogin') }}"

4
requirements.yml
View File

@ -3,4 +3,6 @@ collections:
- name: community.general
pacman:
- ansible
- python-passlib
- python-passlib
pkgmgr:
- j2r

2
roles/backup-docker-to-local/tasks/seed-database-to-backup.yml
View File

@ -5,8 +5,6 @@
msg: |
database_instance: "{{ database_instance | default('undefined') }}"
database_name: "{{ database_name | default('undefined') }}"
database_type: "{{ database_type | default('undefined') }}"
database_host: "{{ database_host | default('undefined') }}"
database_username: "{{ database_username | default('undefined') }}"
database_password: "{{ database_password | default('undefined') }}"
when: enable_debug | bool

23
roles/client-browser-chromium/templates/configuration.yml.j2
View File

@ -1,23 +0,0 @@
# Concerning configuration options checkout:
# https://chromeenterprise.google/policies/#ExtensionSettings
chromium:
password_manager_enabled: false
default_installation_mode: allowed
plugins:
# UBlock Origin
- id: "cjpalhdlnbpafiamejdnhcphjbkeiagm"
update_url: "https://clients2.google.com/service/update2/crx"
incognito: true
installation_mode: "force_installed"
# KeepassXC
- id: "ddkjiahejlhfcafbddmgiahcphecmpfh"
update_url: "https://clients2.google.com/service/update2/crx"
incognito: false
installation_mode: "force_installed"
# Dark Mode Extension
- id: "dmghijelimhndkbmpgbldicpogfkceaj"
update_url: "https://clients2.google.com/service/update2/crx"
incognito: true
installation_mode: "force_installed"

20
roles/client-browser-chromium/templates/extensions_policy.json.j2
View File

@ -1,20 +1,8 @@
{
"ExtensionInstallForcelist": [
{% for plugin in applications[application_id].chromium.plugins -%}
"{{ plugin.id }};{{ plugin.update_url }}"{% if not loop.last %},{% endif %}
{% for plugin in applications[application_id].plugins -%}
"{{ plugin }}"{% if not loop.last %},{% endif %}
{% endfor %}
],
"ExtensionSettings": {
"*": {
"installation_mode": "{{ applications[application_id].default_installation_mode }}"
}
{% for plugin in applications[application_id].chromium.plugins -%},
"{{ plugin.id }}": {
"installation_mode": "{{ plugin.installation_mode }}",
"update_url": "{{ plugin.update_url }}",
"incognito_mode": "{{ 'enabled' if plugin.incognito else 'disabled' }}"
}
{% endfor %}
},
"PasswordManagerEnabled": {{ applications[application_id].password_manager_enabled }}
}
"PasswordManagerEnabled": false
}

3
roles/client-browser-firefox/vars/configuration.yml
View File

@ -1,3 +0,0 @@
plugins: # Plugins to be installed in Firefox
- "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi" # U-Block Origine Plugin
- "https://addons.mozilla.org/firefox/downloads/latest/keepassxc-browser/latest.xpi" # KeepassXC Plugin

4
roles/client-gnome/vars/configuration.yml
View File

@ -1,4 +0,0 @@
plugins:
- [enable,nasa_apod@elinvention.ovh,https://github.com/Elinvention/gnome-shell-extension-nasa-apod.git]
- [disable,dash-to-dock@micxgx.gmail.com,'']
- [enable, dash-to-panel@jderose9.github.com,'']

1
roles/client-gnome/vars/main.yml
View File

@ -1 +0,0 @@
application_id: gnome

1
roles/client-libreoffice/vars/configuration.yml
View File

@ -1 +0,0 @@
flavor: "fresh" # Libre Office flavor, fresh for new, still for stable

1
roles/client-libreoffice/vars/main.yml
View File

@ -1 +0,0 @@
application_id: "libreoffice"

9
roles/docker-akaunting/meta/schema.yml
View File

@ -1,9 +0,0 @@
credentials:
database_password:
description: "Database password for MariaDB"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"
setup_admin_password:
description: "Initial admin user password for Akaunting"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"

6
roles/docker-akaunting/templates/env.j2
View File

@ -14,9 +14,9 @@ DB_PASSWORD={{database_password}}
DB_PREFIX=asd_
# These define the first company to exist on this instance. They are only used during setup.
COMPANY_NAME={{applications[application_id].company_name}}
COMPANY_EMAIL={{applications[application_id].company_email}}
COMPANY_NAME={{applications.akaunting.company_name}}
COMPANY_EMAIL={{applications.akaunting.company_email}}
# This will be the first administrative user created on setup.
ADMIN_EMAIL={{applications.akaunting.setup_admin_email}}
ADMIN_PASSWORD={{applications[application_id].credentials.setup_admin_password}}
ADMIN_PASSWORD={{akaunting_setup_admin_password}}

12
roles/docker-akaunting/vars/configuration.yml
View File

@ -1,12 +0,0 @@
version: "latest"
company_name: "{{primary_domain}}"
company_email: "{{users.administrator.email}}"
setup_admin_email: "{{users.administrator.email}}"
features:
matomo: true
css: true
landingpage_iframe: false
central_database: true
credentials:
# database_password: Needs to be defined in inventory file
# setup_admin_password: Needs to be defined in inventory file

2
roles/docker-akaunting/vars/main.yml
View File

@ -1,4 +1,4 @@
application_id: "akaunting"
database_type: "mariadb"
database_password: "{{ applications[application_id]].credentials.database_password }}"
database_password: "{{akaunting_database_password}}"
docker_repository_address: "https://github.com/akaunting/docker.git"

5
roles/docker-attendize/meta/schema.yml
View File

@ -1,5 +0,0 @@
credentials:
database_password:
description: "Database password for MariaDB used by Attendize"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"

9
roles/docker-attendize/vars/configuration.yml
View File

@ -1,9 +0,0 @@
version: "latest"
credentials:
# database_password: Password for the database
features:
matomo: true
css: true
landingpage_iframe: false
central_database: true

2
roles/docker-attendize/vars/main.yml
View File

@ -1,5 +1,5 @@
---
application_id: "attendize"
database_type: "mariadb"
database_password: "{{applications[application_id].credentials.database_password}}"
database_password: "{{attendize_database_password}}"
docker_repository_address: "https://github.com/Attendize/Attendize.git"

5
roles/docker-baserow/meta/schema.yml
View File

@ -1,5 +0,0 @@
credentials:
database_password:
description: "Password for the PostgreSQL database used by Baserow"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"

6
roles/docker-baserow/vars/configuration.yml
View File

@ -1,6 +0,0 @@
version: "latest"
features:
matomo: true
css: true
landingpage_iframe: true
central_database: true

4
roles/docker-baserow/vars/main.yml
View File

@ -1,5 +1,5 @@
application_id: "baserow"
database_password: "{{ baserow_database_password }}"
database_type: "postgres"
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"

2
roles/docker-bigbluebutton/TODO.md
View File

@ -1,2 +0,0 @@
# Todo
- Propper implement and test the LDAP integration, the configuration values just had been set during refactoring

25
roles/docker-bigbluebutton/meta/schema.yml
View File

@ -1,25 +0,0 @@
credentials:
shared_secret:
description: "Shared secret for BigBlueButton API authentication"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"
etherpad_api_key:
description: "API key for Etherpad integration"
algorithm: "plain"
validation: "^[a-zA-Z0-9]{32}$"
rails_secret:
description: "Secret key for Rails backend"
algorithm: "random_hex"
validation: "^[a-f0-9]{128}$"
postgresql_secret:
description: "Password for PostgreSQL user"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"
fsesl_password:
description: "Password for FreeSWITCH ESL connection"
algorithm: "plain"
validation: "^.{8,}$"
turn_secret:
description: "TURN server shared secret"
algorithm: "sha1"
validation: "^[a-f0-9]{40}$"

21
roles/docker-bigbluebutton/vars/configuration.yml
View File

@ -1,21 +0,0 @@
enable_greenlight: "true"
setup: false # Set to true in inventory file for initial setup
credentials:
# shared_secret: # Needs to be defined in inventory file
# etherpad_api_key: # Needs to be defined in inventory file
# rails_secret: # Needs to be defined in inventory file
# postgresql_secret: # Needs to be defined in inventory file
# fsesl_password: # Needs to be defined in inventory file
# turn_secret: # Needs to be defined in inventory file
database:
name: "multiple_databases"
username: "postgres2"
urls:
api: "{{ web_protocol }}://{{domains.bigbluebutton}}/bigbluebutton/" # API Address used by Nextcloud Integration
features:
matomo: true
css: true
landingpage_iframe: false
ldap: false
oidc: true
central_database: false

20
roles/docker-bigbluebutton/vars/main.yml
View File

@ -1,13 +1,13 @@
application_id: "bigbluebutton"
bbb_repository_directory: "{{ docker_compose.directories.services }}"
docker_compose_file_origine: "{{ docker_compose.directories.services }}docker-compose.yml"
docker_compose_file_final: "{{ docker_compose.directories.instance }}docker-compose.yml"
application_id: "bigbluebutton"
bbb_repository_directory: "{{ docker_compose.directories.services }}"
docker_compose_file_origine: "{{ docker_compose.directories.services }}docker-compose.yml"
docker_compose_file_final: "{{ docker_compose.directories.instance }}docker-compose.yml"
# Database configuration
database_type: "postgres"
database_password: "{{ applications.bigbluebutton.credentials.postgresql_secret }}"
database_type: "postgres"
database_password: "{{ applications.bigbluebutton.credentials.postgresql_secret }}"
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
bbb_env_file_link: "{{ docker_compose.directories.instance }}.env"
bbb_env_file_origine: "{{ bbb_repository_directory }}.env"
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
bbb_env_file_link: "{{ docker_compose.directories.instance }}.env"
bbb_env_file_origine: "{{ bbb_repository_directory }}.env"

13
roles/docker-bluesky/meta/schema.yml
View File

@ -1,13 +0,0 @@
credentials:
jwt_secret:
description: "Secret used for JWT signing (base64, 64 bytes)"
algorithm: "plain"
validation: "^[A-Za-z0-9+/=]{86,}$" # 64 bytes base64 = ~86 characters without newline
plc_rotation_key_k256_private_key_hex:
description: "PLC rotation key in hex format (32 bytes)"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"
admin_password:
description: "Initial admin password for Bluesky PDS"
algorithm: "plain"
validation: "^.{12,}$"

6
roles/docker-bluesky/templates/env.j2
View File

@ -4,9 +4,9 @@ PDS_SERVICE_DID="did:web:{{domains.bluesky_api}}"
# See https://mattdyson.org/blog/2024/11/self-hosting-bluesky-pds/
PDS_SERVICE_HANDLE_DOMAINS=".{{primary_domain}}"
PDS_JWT_SECRET="{{applications.bluesky.credentials.jwt_secret}}"
PDS_ADMIN_PASSWORD="{{applications.bluesky.credentials.admin_password}}"
PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX="{{applications.bluesky.credentials.plc_rotation_key_k256_private_key_hex}}"
PDS_JWT_SECRET="{{applications.bluesky.pds.jwt_secret}}"
PDS_ADMIN_PASSWORD="{{applications.bluesky.pds.admin_password}}"
PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX="{{applications.bluesky.pds.plc_rotation_key_k256_private_key_hex}}"
PDS_CRAWLERS=https://bsky.network
PDS_EMAIL_SMTP_URL=smtps://{{ users['no-reply'].email }}:{{ users['no-reply'].mailu_token }}@{{system_email.host}}:{{system_email.port}}/
PDS_EMAIL_FROM_ADDRESS={{ users['no-reply'].email }}

14
roles/docker-bluesky/vars/configuration.yml
View File

@ -1,14 +0,0 @@
users:
administrator:
email: "{{users.administrator.email}}"
pds:
version: "latest"
credentials:
#jwt_secret: # Needs to be defined in inventory file - Use: openssl rand -base64 64 | tr -d '\n'
#plc_rotation_key_k256_private_key_hex: # Needs to be defined in inventory file - Use: openssl rand -hex 32
#admin_password: # Needs to be defined in inventory file - Use: openssl rand -base64 16
features:
matomo: true
css: true
landingpage_iframe: true
central_database: true

6
roles/docker-central-database/tasks/main.yml
View File

@ -10,18 +10,18 @@
name: docker-compose
# The following env file will just be used from the dedicated mariadb container
# and not the {{applications.mariadb.hostname }}-database
# and not the central-mariadb-database
- name: "Create {{database_env}}"
template:
src: "env/{{database_type}}.env.j2"
dest: "{{database_env}}"
notify: docker compose project build and setup
when: not applications | is_feature_enabled('central_database',application_id)
when: not applications[application_id].features.database | bool
- name: "Create central database"
include_role:
name: "docker-{{database_type}}"
when: applications | is_feature_enabled('central_database',application_id)
when: applications[application_id].features.database | bool
- name: "Add database to backup"
include_tasks: "{{ playbook_dir }}/roles/backup-docker-to-local/tasks/seed-database-to-backup.yml"

3
roles/docker-central-database/templates/configuration.yml.j2
View File

@ -1,3 +0,0 @@
# Jinja2 configuration template
# Define your variables here

2
roles/docker-central-database/templates/services/mariadb.yml.j2
View File

@ -1,5 +1,5 @@
# This template needs to be included in docker-compose.yml, which depend on a mariadb database
{% if not applications | is_feature_enabled('central_database',application_id) %}
{% if not applications[application_id].features.database | bool %}
database:
container_name: {{application_id}}-database
logging:

2
roles/docker-central-database/templates/services/postgres.yml.j2
View File

@ -1,5 +1,5 @@
# This template needs to be included in docker-compose.yml, which depend on a postgres database
{% if not applications | is_feature_enabled('central_database',application_id) %}
{% if not applications[application_id].features.database | bool %}
database:
image: postgres:{{applications.postgres.version}}-alpine
container_name: {{application_id}}-database

4
roles/docker-central-database/vars/database.yml
View File

@ -1,5 +1,5 @@
database_instance: "{{ 'central-' + database_type if applications | is_feature_enabled('central_database',application_id) else application_id }}"
database_host: "{{ 'central-' + database_type if applications | is_feature_enabled('central_database',application_id) else 'database' }}"
database_instance: "{{ 'central-' + database_type if applications[application_id].features.database | bool else application_id }}"
database_host: "{{ 'central-' + database_type if applications[application_id].features.database | bool else 'database' }}"
database_name: "{{ applications[application_id].credentials.database.name | default( application_id ) }}" # The overwritte configuration is needed by bigbluebutton
database_username: "{{ applications[application_id].credentials.database.username | default( application_id )}}" # The overwritte configuration is needed by bigbluebutton
database_port: "{{ 3306 if database_type == 'mariadb' else 5432 }}"

2
roles/docker-coturn/TODO.md
View File

@ -1,2 +0,0 @@
# Todo
- Implement this role

4
roles/docker-coturn/vars/configuration.yml.j2
View File

@ -1,4 +0,0 @@
user: turnuser
credentials:
# password: # Need to be defined in invetory file
# secret: # Need to be defined in invetory file

2
roles/docker-coturn/vars/main.yml
View File

@ -1,3 +1,3 @@
application_id: "coturn"
#database_password: "{{applications[application_id].credentials.database_password}}"
#database_password: "{{gitea_database_password}}"
#database_type: "mariadb"

2
roles/docker-discourse/handlers/main.yml
View File

@ -11,7 +11,7 @@
command:
cmd: "docker network connect {{applications.discourse.network}} central-{{ database_type }}"
ignore_errors: true
when: applications | is_feature_enabled('central_database',application_id)
when: applications[application_id].features.database | bool
listen: recreate discourse
- name: rebuild discourse

5
roles/docker-discourse/meta/schema.yml
View File

@ -1,5 +0,0 @@
credentials:
database_password:
description: "Password for the Discourse PostgreSQL database"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"

4
roles/docker-discourse/tasks/main.yml
View File

@ -83,7 +83,7 @@
cmd: "docker network connect central_postgres {{applications.discourse.container}}"
ignore_errors: true
when:
- applications | is_feature_enabled('central_database',application_id)
- applications[application_id].features.database | bool
- run_once_docker_discourse is not defined
- name: "remove central database from {{application_id}}_default"
@ -91,7 +91,7 @@
cmd: "docker network disconnect {{applications.discourse.network}} central-{{ database_type }}"
ignore_errors: true
when:
- applications | is_feature_enabled('central_database',application_id)
- applications[application_id].features.database | bool
- run_once_docker_discourse is not defined
- name: run the docker_discourse tasks once

2
roles/docker-discourse/templates/discourse_application.yml.j2
View File

@ -1,5 +1,5 @@
templates:
{% if not applications | is_feature_enabled('central_database',application_id) %}
{% if not applications[application_id].features.database | bool %}
- "templates/postgres.template.yml"
{% endif %}
#- "templates/redis.template.yml"

11
roles/docker-discourse/vars/configuration.yml
View File

@ -1,11 +0,0 @@
network: "discourse_default" # Name of the docker network
container: "discourse_application" # Name of the container application
repository: "discourse_repository" # Name of the repository folder
credentials:
# database_password: # Needs to be defined in inventory file
features:
matomo: true
css: true
landingpage_iframe: false
oidc: true
central_database: true

2
roles/docker-discourse/vars/main.yml
View File

@ -1,5 +1,5 @@
application_id: "discourse"
database_password: "{{ applications.discourse.credentials.database_password }}"
database_password: "{{ applications.discourse.credentials.database.password }}"
database_type: "postgres"
docker_repository_directory : "{{docker_compose.directories.services}}{{applications.discourse.repository}}/"
discourse_application_yml_destination: "{{docker_repository_directory }}containers/{{applications.discourse.container}}.yml"

1
roles/docker-elk/TODO.md
View File

@ -1,2 +1 @@
# Todo
- implement

3
roles/docker-elk/templates/configuration.yml.j2
View File

@ -1,3 +0,0 @@
# Jinja2 configuration template
# Define your variables here

9
roles/docker-espocrm/meta/schema.yml
View File

@ -1,9 +0,0 @@
credentials:
administrator_password:
description: "Initial password for the EspoCRM administrator user"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"
database_password:
description: "Password for the EspoCRM database user"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"

2
roles/docker-espocrm/templates/env.j2
View File

@ -20,7 +20,7 @@ CRON_DISABLED=true
# Initial admin account
# ------------------------------------------------
ESPOCRM_ADMIN_USERNAME={{ applications[application_id].users.administrator.username }}
ESPOCRM_ADMIN_PASSWORD={{ applications[application_id].credentials.administrator_password }}
ESPOCRM_ADMIN_PASSWORD={{ applications[application_id].credentials.administrator.password }}
# Public base URL of the EspoCRM instance
ESPOCRM_SITE_URL={{ web_protocol }}://{{ domains[application_id] }}

17
roles/docker-espocrm/vars/configuration.yml
View File

@ -1,17 +0,0 @@
version: "latest"
users:
administrator:
username: "{{ users.administrator.username }}"
email: "{{ users.administrator.email }}"
credentials:
# administrator_password: # Set in inventory file
# database_password: # Set in your inventory file
features:
matomo: true
css: false
landingpage_iframe: false
ldap: false
oidc: true
central_database: true

2
roles/docker-espocrm/vars/main.yml
View File

@ -1,5 +1,5 @@
application_id: "espocrm"
# Password for the espocrm DB user (taken from inventory applications dict)
database_password: "{{ applications[application_id].credentials.database_password }}"
database_password: "{{ applications[application_id].credentials.database.password }}"
# EspoCRM uses MySQL/MariaDB
database_type: "mariadb"

6
roles/docker-friendica/Administration.md
View File

@ -8,7 +8,7 @@ The following environment variables need to be defined for successful operation:
To completely reset Friendica, including its database and volumes, run:
```bash
docker exec -i {{applications.mariadb.hostname }} mariadb -u root -p"${DB_ROOT_PASSWORD}" -e "DROP DATABASE IF EXISTS friendica; CREATE DATABASE friendica;"
docker exec -i central-mariadb mariadb -u root -p"${DB_ROOT_PASSWORD}" -e "DROP DATABASE IF EXISTS friendica; CREATE DATABASE friendica;"
docker compose down
rm -rv /mnt/hdd/data/docker/volumes/friendica_data
docker volume rm friendica_data
@ -19,7 +19,7 @@ docker volume rm friendica_data
## Manual Method:
1. Connect to the MariaDB instance:
```bash
docker exec -it {{applications.mariadb.hostname }} mariadb -u root -p
docker exec -it central-mariadb mariadb -u root -p
```
2. Run the following commands:
```sql
@ -31,7 +31,7 @@ docker volume rm friendica_data
## Automatic Method:
```bash
DB_ROOT_PASSWORD="your_root_password"
docker exec -i {{applications.mariadb.hostname }} mariadb -u root -p"${DB_ROOT_PASSWORD}" -e "DROP DATABASE IF EXISTS friendica; CREATE DATABASE friendica;"
docker exec -i central-mariadb mariadb -u root -p"${DB_ROOT_PASSWORD}" -e "DROP DATABASE IF EXISTS friendica; CREATE DATABASE friendica;"
```
## Enter the Application Container 🔍

5
roles/docker-friendica/meta/schema.yml
View File

@ -1,5 +0,0 @@
credentials:
database_password:
description: "Password for the Friendica database user"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"

7
roles/docker-friendica/vars/configuration.yml
View File

@ -1,7 +0,0 @@
version: "latest"
features:
matomo: true
css: true
landingpage_iframe: true
oidc: true
central_database: true

4
roles/docker-friendica/vars/main.yml
View File

@ -1,4 +1,4 @@
application_id: "friendica"
database_password: "{{ applications[application_id].credentials.database_password }}"
database_password: "{{friendica_database_password}}"
database_type: "mariadb"
no_validation: "{{ applications[application_id].features.oidc }}" # Email validation is not neccessary if OIDC is active
no_validation: "{{applications[application_id].features.oidc}}" # Email validation is not neccessary if OIDC is active

9
roles/docker-funkwhale/meta/schema.yml
View File

@ -1,9 +0,0 @@
credentials:
database_password:
description: "Password for the Funkwhale PostgreSQL database"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"
django_secret:
description: "Django SECRET_KEY used for cryptographic signing"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"

2
roles/docker-funkwhale/templates/env.j2
View File

@ -98,7 +98,7 @@ STATIC_ROOT={{static_root}}
DJANGO_SETTINGS_MODULE=config.settings.production
# Generate one using `openssl rand -base64 45`, for example
DJANGO_SECRET_KEY={{applications[application_id].credentials.django_secret}}
DJANGO_SECRET_KEY={{funkwhale_django_secret}}
{% if applications[application_id].features.ldap | bool %}
# LDAP settings

10
roles/docker-funkwhale/vars/configuration.yml
View File

@ -1,10 +0,0 @@
version: "1.4.0"
features:
matomo: true
css: true
landingpage_iframe: true
ldap: true
central_database: true
credentials:
# database_password: # Needs to be defined in inventory file
# django_secret: # Needs to be defined in inventory file

2
roles/docker-funkwhale/vars/main.yml
View File

@ -1,6 +1,6 @@
application_id: "funkwhale"
nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size 512M;"
database_password: "{{applications[application_id].credentials.database_password}}"
database_password: "{{funkwhale_database_password}}"
database_type: "postgres"
media_root: "/srv/funkwhale/data/"
static_root: "{{media_root}}static"

5
roles/docker-gitea/meta/schema.yml
View File

@ -1,5 +0,0 @@
credentials:
database_password:
description: "Password for the Gitea database user"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"

11
roles/docker-gitea/vars/configuration.yml
View File

@ -1,11 +0,0 @@
version: "latest" # Use latest docker image
configuration:
repository:
enable_push_create_user: True # Allow users to push local repositories to Gitea and have them automatically created for a user.
default_private: last # Default private when creating a new repository: last, private, public
default_push_create_private: True # Default private when creating a new repository with push-to-create.
features:
matomo: true
css: true
landingpage_iframe: true
central_database: true

2
roles/docker-gitea/vars/main.yml
View File

@ -1,3 +1,3 @@
application_id: "gitea"
database_password: "{{applications[application_id].credentials.database_password}}"
database_password: "{{gitea_database_password}}"
database_type: "mariadb"

10
roles/docker-gitlab/meta/schema.yml
View File

@ -1,10 +0,0 @@
credentials:
database_password:
description: "Password for the GitLab PostgreSQL database"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"
initial_root_password:
description: "Initial password for the GitLab root user"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"

6
roles/docker-gitlab/vars/configuration.yml
View File

@ -1,6 +0,0 @@
version: "latest"
features:
matomo: true
css: true
landingpage_iframe: true
central_database: true

2
roles/docker-gitlab/vars/main.yml
View File

@ -1,3 +1,3 @@
application_id: "gitlab"
database_password: "{{applications[application_id].credentials.database_password}}"
database_password: "{{gitlab_database_password}}"
database_type: "postgres"

2
roles/docker-jenkins/Todo.md
View File

@ -1,2 +0,0 @@
# Todo
- Implement this role

3
roles/docker-jenkins/vars/configuration.yml
View File

@ -1,3 +0,0 @@
# Jinja2 configuration template
# Define your variables here

5
roles/docker-joomla/meta/schema.yml
View File

@ -1,5 +0,0 @@
credentials:
database_password:
description: "Password for the Joomla database user"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"

5
roles/docker-joomla/vars/configuration.yml
View File

@ -1,5 +0,0 @@
version: "latest"
features:
matomo: true
css: true
landingpage_iframe: true

2
roles/docker-joomla/vars/main.yml
View File

@ -1,3 +1,3 @@
application_id: "joomla"
application_id: "joomla"
database_password: "{{joomla_database_password}}"
database_type: "postgres"

10
roles/docker-keycloak/meta/schema.yml
View File

@ -1,10 +0,0 @@
credentials:
database_password:
description: "Password for the Keycloak PostgreSQL database"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"
administrator_password:
description: "Password for the Keycloak administrator user (used in bootstrap and CLI access)"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"

8
roles/docker-keycloak/templates/env.j2
View File

@ -10,13 +10,13 @@ KC_HTTP_ENABLED= true
KC_HEALTH_ENABLED= true
KC_METRICS_ENABLED= true
KEYCLOAK_ADMIN= "{{applications[application_id].users.administrator.username}}"
KEYCLOAK_ADMIN_PASSWORD= "{{applications[application_id].credentials.administrator_password}}"
KEYCLOAK_ADMIN= "{{applications.keycloak.users.administrator.username}}"
KEYCLOAK_ADMIN_PASSWORD= "{{applications.keycloak.administrator_password}}"
KC_DB= postgres
KC_DB_URL= {{database_url_jdbc}}
KC_DB_USERNAME= {{database_username}}
KC_DB_PASSWORD= {{database_password}}
# If the initial administrator already exists and the environment variables are still present at startup, an error message stating the failed creation of the initial administrator is shown in the logs. Keycloak ignores the values and starts up correctly.
KC_BOOTSTRAP_ADMIN_USERNAME= "{{applications[application_id].users.administrator.username}}"
KC_BOOTSTRAP_ADMIN_PASSWORD= "{{applications[application_id].credentials.administrator_password}}"
KC_BOOTSTRAP_ADMIN_USERNAME= {{users.administrator.username}}
KC_BOOTSTRAP_ADMIN_PASSWORD= {{users.administrator.password}}

15
roles/docker-keycloak/vars/configuration.yml
View File

@ -1,15 +0,0 @@
version: "latest"
users:
administrator:
username: "{{users.administrator.username}}" # Administrator Username for Keycloak
import_realm: True # If True realm will be imported. If false skip.
credentials:
# database_password: # Needs to be defined in inventory file
# administrator_password: # Needs to be defined in inventory file
features:
matomo: true
css: true
landingpage_iframe: true
ldap: true
central_database: true
recaptcha: true

4
roles/docker-keycloak/vars/main.yml
View File

@ -1,6 +1,6 @@
application_id: "keycloak"
application_id: "keycloak"
database_type: "postgres"
database_password: "{{applications[application_id].credentials.database_password}}"
database_password: "{{applications.keycloak.credentials.database.password}}"
container_name: "{{application_id}}_application"
realm: "{{primary_domain}}" # This is the name of the default realm which is used by the applications
import_directory_host: "{{docker_compose.directories.volumes}}import/" # Directory in which keycloack import files are placed on the host

10
roles/docker-lam/meta/schema.yml
View File

@ -1,10 +0,0 @@
credentials:
oauth2_proxy_cookie_secret:
description: "Secret used to encrypt OAuth2 proxy cookies (hex-encoded, 16 bytes)"
algorithm: "sha256"
validation: "^[a-f0-9]{32}$"
administrator_password:
description: "Initial password for the LAM administrator"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"

14
roles/docker-lam/vars/configuration.yml
View File

@ -1,14 +0,0 @@
version: "latest"
oauth2_proxy:
application: application # Needs to be the same as webinterface
port: 80 # application port
credentials:
# oauth2_proxy_cookie_secret: None # Set via openssl rand -hex 16
# administrator_password: "None" # CHANGE for security reasons
features:
matomo: true
css: true
landingpage_iframe: true
ldap: true
central_database: false
oauth2: false

10
roles/docker-ldap/meta/schema.yml
View File

@ -1,10 +0,0 @@
credentials:
administrator_password:
description: "Initial password for the LDAP administrator (e.g. cn=admin,dc=example,dc=com)"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"
administrator_database_password:
description: "Password used internally for the database-backed directory admin"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"

8
roles/docker-ldap/templates/env.j2
View File

@ -3,8 +3,8 @@
# GENERAL
## Database
LDAP_ADMIN_USERNAME= {{applications[application_id].administrator.username}} # LDAP database admin user.
LDAP_ADMIN_PASSWORD= {{applications[application_id].credentials.administrator_database_password}} # LDAP database admin password.
LDAP_ADMIN_USERNAME= {{applications.ldap.users.administrator.username}} # LDAP database admin user.
LDAP_ADMIN_PASSWORD= {{applications.ldap.administrator_database_password}} # LDAP database admin password.
## Users
LDAP_USERS= ' ' # Comma separated list of LDAP users to create in the default LDAP tree. Default: user01,user02
@ -14,8 +14,8 @@ LDAP_ROOT= {{ldap.dn.root}} # LDAP baseDN (or su
## Admin
LDAP_ADMIN_DN= {{ldap.dn.administrator}}
LDAP_CONFIG_ADMIN_ENABLED= yes
LDAP_CONFIG_ADMIN_USERNAME= {{applications[application_id].administrator.username}}
LDAP_CONFIG_ADMIN_PASSWORD= {{applications[application_id].credentials.administrator_password}}
LDAP_CONFIG_ADMIN_USERNAME= {{applications.ldap.users.administrator.username}}
LDAP_CONFIG_ADMIN_PASSWORD= {{applications.ldap.administrator_password}}
# Network
LDAP_PORT_NUMBER= {{ldap_docker_port}} # Route to default port

15
roles/docker-ldap/vars/configuration.yml
View File

@ -1,15 +0,0 @@
version: "latest"
network:
local: True # Activates local network. Necessary for LDIF import routines
docker: True # Activates docker network to allow other docker containers to connect
public: False # Set to true in inventory file if you want to expose the LDAP port to the internet
hostname: "ldap" # Hostname of the LDAP Server in the central_ldap network
webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin
users:
administrator:
username: "{{users.administrator.username}}" # Administrator username
credentials:
# administrator_password: # CHANGE for security reasons in inventory file
# administrator_database_password: # CHANGE for security reasons in inventory file
features:
ldap: true

20
roles/docker-listmonk/meta/schema.yml
View File

@ -1,20 +0,0 @@
credentials:
database_password:
description: "Password for the Listmonk PostgreSQL database user"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"
administrator_password:
description: "Initial password for the Listmonk administrator account"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"
hcaptcha_site_key:
description: "Public site key used by Listmonk to render hCaptcha"
algorithm: "plain"
validation: "^[0-9a-zA-Z_-]{32,}$"
hcaptcha_secret:
description: "Private hCaptcha secret key for server-side verification"
algorithm: "plain"
validation: "^[0-9a-zA-Z_-]{32,}$"

2
roles/docker-listmonk/templates/env.j2
View File

@ -3,4 +3,4 @@ TZ={{ HOST_TIMEZONE }}
# Administrator setup
LISTMONK_ADMIN_USER={{ applications[application_id].users.administrator.username }}
LISTMONK_ADMIN_PASSWORD={{ applications[application_id].credentials.administrator_password }}
LISTMONK_ADMIN_PASSWORD={{ applications[application_id].users.administrator.password }}

11
roles/docker-listmonk/vars/configuration.yml
View File

@ -1,11 +0,0 @@
users:
administrator:
username: "{{users.administrator.username}}" # Listmonk administrator account username
public_api_activated: False # Security hole. Can be used for spaming
version: "latest" # Docker Image version
features:
matomo: true
css: true
landingpage_iframe: true
central_database: true
oidc: true

8
roles/docker-listmonk/vars/main.yml
View File

@ -1,5 +1,5 @@
application_id: "listmonk"
database_password: "{{applications[application_id].credentials.database_password}}"
application_id: "listmonk"
database_password: "{{applications[application_id].credentials.database.password}}"
database_type: "postgres"
listmonk_settings:
@ -25,10 +25,10 @@ listmonk_settings:
value: 'true'
- key: "security.captcha_key"
value: '"{{ applications[application_id].credentials.hcaptcha_site_key }}"'
value: '"{{ applications[application_id].credentials.hcaptcha.site_key }}"'
- key: "security.captcha_secret"
value: '"{{ applications[application_id].credentials.hcaptcha_secret }}"'
value: '"{{ applications[application_id].credentials.hcaptcha.secret }}"'
# SMTP servers
- key: "smtp"

25
roles/docker-mailu/meta/schema.yml
View File

@ -1,25 +0,0 @@
credentials:
secret_key:
description: "Secret key for cryptographic operations in Mailu (must be a 16-byte random string, hex-encoded)"
algorithm: "sha256"
validation: "^[a-f0-9]{32}$"
database_password:
description: "Password for the Mailu PostgreSQL or MariaDB database user"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"
api_token:
description: "Authentication token for accessing the Mailu RESTful API (minimum 3 characters)"
algorithm: "plain"
validation: "^.{3,}$"
initial_administrator_password:
description: "Initial password for the Mailu administrator account (used during setup)"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"
dkim_public_key:
description: "Public DKIM key for DNS configuration (TXT record)"
algorithm: "plain"
validation: "^.{64,}$"

20
roles/docker-mailu/vars/configuration.yml
View File

@ -1,20 +0,0 @@
version: "2024.06" # Docker Image Version
users:
administrator:
email: "{{users.administrator.email}}" # Administrator Email for DNS Records
oidc:
email_by_username: true # If true, then the mail is set by the username. If wrong then the OIDC user email is used
enable_user_creation: true # Users will be created if not existing
domain: "{{primary_domain}}" # The main domain from which mails will be send \ email suffix behind @
credentials:
# secret_key: # Set to a randomly generated 16 bytes string
# database_password: # Needs to be set in inventory file
# api_token: # Configures the authentication token. The minimum length is 3 characters. This is a mandatory setting for using the RESTful API.
# initial_administrator_password: # Initial administrator password for setup
# dkim_public_key: # Must be set in inventory file
features:
matomo: true
css: true
landingpage_iframe: false # Deactivated mailu iframe loading until keycloak supports it
oidc: true
central_database: false # Deactivate central database for mailu, I don't know why the database deactivation is necessary

4
roles/docker-mailu/vars/main.yml
View File

@ -1,7 +1,7 @@
application_id: "mailu"
# Database Configuration
database_password: "{{applications.mailu.credentials.database_password}}"
database_password: "{{applications.mailu.credentials.database.password}}"
database_type: "mariadb"
cert_mount_directory: "{{docker_compose.directories.volumes}}certs/"
@ -11,4 +11,4 @@ cert_mount_directory: "{{docker_compose.directories.volumes}}certs/"
docker_source: "{{ 'ghcr.io/heviat' if applications[application_id].features.oidc | bool else 'ghcr.io/mailu' }}"
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"

2
roles/docker-mariadb/Administration.md
View File

@ -2,5 +2,5 @@
## Execute SQL commands
```bash
docker exec -it {{applications.mariadb.hostname }} mariadb -u root -p
docker exec -it central-mariadb mariadb -u root -p
```

26
roles/docker-mariadb/meta/main.yml
View File

@ -1,26 +0,0 @@
---
galaxy_info:
author: "Kevin Veen-Birkenbach"
description: >-
The Docker MariaDB Role offers an easy and efficient way to deploy a MariaDB server inside a Docker container.
Manage your data securely and effectively, making it ideal for production or local development.
license: "CyMaIS NonCommercial License (CNCL)"
license_url: "https://s.veen.world/cncl"
company: |
Kevin Veen-Birkenbach
Consulting & Coaching Solutions
https://www.veen.world
min_ansible_version: "2.9"
platforms:
- name: Docker
versions:
- "latest"
galaxy_tags:
- mariadb
- docker
- database
- administration
- central-database
repository: "https://s.veen.world/cymais"
issue_tracker_url: "https://s.veen.world/cymaisissues"
documentation: "https://s.veen.world/cymais"

5
roles/docker-mariadb/meta/schema.yml
View File

@ -1,5 +0,0 @@
credentials:
root_password:
description: "Password for the MariaDB root user"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"

14
roles/docker-mariadb/tasks/main.yml
View File

@ -8,11 +8,11 @@
- name: install MariaDB
docker_container:
name: "{{applications.mariadb.hostname }}"
name: central-mariadb
image: "mariadb:{{applications.mariadb.version}}" #could lead to problems with nextcloud
detach: yes
env:
MARIADB_ROOT_PASSWORD: "{{applications.mariadb.credentials.root_password}}"
MARIADB_ROOT_PASSWORD: "{{central_mariadb_root_password}}"
MARIADB_AUTO_UPGRADE: "1"
networks:
- name: central_mariadb
@ -23,7 +23,7 @@
command: "--transaction-isolation=READ-COMMITTED --binlog-format=ROW" #for nextcloud
restart_policy: "{{docker_restart_policy}}"
healthcheck:
test: "/usr/bin/mariadb --user=root --password={{applications.mariadb.credentials.root_password}} --execute \"SHOW DATABASES;\""
test: "/usr/bin/mariadb --user=root --password={{central_mariadb_root_password}} --execute \"SHOW DATABASES;\""
interval: 3s
timeout: 1s
retries: 5
@ -38,7 +38,7 @@
- name: Wait until the MariaDB container is healthy
community.docker.docker_container_info:
name: "{{applications.mariadb.hostname }}"
name: central-mariadb
register: db_info
until: db_info.containers[0].State.Health.Status == "healthy"
retries: 30
@ -53,7 +53,7 @@
name: "{{ database_name }}"
state: present
login_user: root
login_password: "{{ applications.mariadb.credentials.root_password }}"
login_password: "{{ central_mariadb_root_password }}"
login_host: 127.0.0.1
login_port: "{{database_port}}"
@ -65,13 +65,13 @@
priv: '{{database_name}}.*:ALL'
state: present
login_user: root
login_password: "{{applications.mariadb.credentials.root_password}}"
login_password: "{{central_mariadb_root_password}}"
login_host: 127.0.0.1
login_port: "{{database_port}}"
- name: Grant database privileges
ansible.builtin.shell:
cmd: "docker exec {{applications.mariadb.hostname }} mariadb -u root -p{{ applications.mariadb.credentials.root_password }} -e \"GRANT ALL PRIVILEGES ON {{database_name}}.* TO '{{database_username}}'@'%';\""
cmd: "docker exec central-mariadb mariadb -u root -p{{ central_mariadb_root_password }} -e \"GRANT ALL PRIVILEGES ON {{database_name}}.* TO '{{database_username}}'@'%';\""
args:
executable: /bin/bash

3
roles/docker-mariadb/vars/main.yml
View File

@ -1,3 +0,0 @@
version: "latest"
application_id: "mariadb"
hostname: "central-{{application_id}}"

40
roles/docker-mastodon/meta/schema.yml
View File

@ -1,40 +0,0 @@
credentials:
database_password:
description: "Password for the Mastodon PostgreSQL database user"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"
secret_key_base:
description: "Main secret key used to verify the integrity of signed cookies and tokens"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"
otp_secret:
description: "OTP secret used for two-factor authentication"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"
vapid_private_key:
description: "Private VAPID key used for web push notifications"
algorithm: "plain"
validation: "^[-_a-zA-Z0-9]{30,}$"
vapid_public_key:
description: "Public VAPID key used for web push notifications"
algorithm: "plain"
validation: "^[-_a-zA-Z0-9]{30,}$"
active_record_encryption_deterministic_key:
description: "Deterministic encryption key for Active Record encryption"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"
active_record_encryption_key_derivation_salt:
description: "Key derivation salt for Active Record encryption"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"
active_record_encryption_primary_key:
description: "Primary encryption key for Active Record encrypted columns"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"

10
roles/docker-mastodon/templates/env.j2
View File

@ -20,8 +20,8 @@ OTP_SECRET= {{applications.mastodon.credentials.otp_secret}}
# --------
# Generate with `bundle exec rails mastodon:webpush:generate_vapid_key`
# --------
VAPID_PRIVATE_KEY= {{applications.mastodon.credentials.vapid_private_key}}
VAPID_PUBLIC_KEY= {{applications.mastodon.credentials.vapid_public_key}}
VAPID_PRIVATE_KEY= {{applications.mastodon.credentials.vapid.private_key}}
VAPID_PUBLIC_KEY= {{applications.mastodon.credentials.vapid.public_key}}
# Encryption secrets
# ------------------
@ -29,9 +29,9 @@ VAPID_PUBLIC_KEY= {{applications.mastodon.credentials.vapid_public_key}}
# These are private/secret values, do not share outside hosting environment
# Use `bin/rails db:encryption:init` to generate fresh secrets
# Do NOT change these secrets once in use, as this would cause data loss and other issues
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY= {{applications.mastodon.credentials.active_record_encryption_deterministic_key}}
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT= {{applications.mastodon.credentials.active_record_encryption_key_derivation_salt}}
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY= {{applications.mastodon.credentials.active_record_encryption_primary_key}}
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY= {{applications.mastodon.credentials.active_record_encryption.deterministic_key}}
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT= {{applications.mastodon.credentials.active_record_encryption.key_derivation_salt}}
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY= {{applications.mastodon.credentials.active_record_encryption.primary_key}}
DB_HOST={{database_host}}
DB_PORT={{database_port}}

19
roles/docker-mastodon/vars/configuration.yml
View File

@ -1,19 +0,0 @@
version: "latest"
single_user_mode: false # Set true for initial setup
setup: false # Set true in inventory file to execute the setup and initializing procedures
credentials:
# Check out the README.md of the docker-mastodon role to get detailled instructions about how to setup the credentials
# database_password:
# secret_key_base:
# otp_secret:
# vapid_private_key:
# vapid_public_key:
# active_record_encryption_deterministic_key:
# active_record_encryption_key_derivation_salt:
# active_record_encryption_primary_key:
features:
matomo: true
css: true
landingpage_iframe: false
oidc: true
central_database: true

4
roles/docker-mastodon/vars/main.yml
View File

@ -1,3 +1,3 @@
application_id: "mastodon"
database_password: "{{applications[application_id].credentials.database_password}}"
application_id: "mastodon"
database_password: "{{applications[application_id].credentials.database.password}}"
database_type: "postgres"

15
roles/docker-matomo/meta/schema.yml
View File

@ -1,15 +0,0 @@
credentials:
database_password:
description: "Password for the Matomo database user"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"
auth_token:
description: "Authentication token for the Matomo HTTP API (used for automation and integrations)"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"
oauth2_proxy_cookie_secret:
description: "Secret used to encrypt cookies in the OAuth2 Proxy (hex-encoded, 16 bytes)"
algorithm: "sha256"
validation: "^[a-f0-9]{32}$"

7
roles/docker-matomo/vars/configuration.yml
View File

@ -1,7 +0,0 @@
version: "latest"
features:
matomo: true
css: false
landingpage_iframe: false
central_database: true
oauth2: false

6
roles/docker-matomo/vars/main.yml
View File

@ -1,7 +1,7 @@
---
application_id: "matomo"
application_id: "matomo"
database_type: "mariadb"
database_password: "{{ applications[application_id].credentials.database_password }}"
database_password: "{{applications.matomo.credentials.database.password}}"
# I don't know if this is still necessary
domain: "{{ domains[application_id] }}"
domain: "{{domains.matomo}}"

2
roles/docker-matrix-ansible/README.md
View File

@ -1,4 +1,4 @@
# Matrix (Ansible - Deprecated)
# Matrix (Ansible)
## Warning
This role is experimental and may not be actively maintained. Use it with caution in production environments. For a more stable deployment, please consider using the Matrix Compose role or another alternative solution.

4
roles/docker-matrix-ansible/templates/vars.yml.j2
View File

@ -18,7 +18,7 @@ matrix_homeserver_implementation: synapse
# A secret used as a base, for generating various other secrets.
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
matrix_homeserver_generic_secret_key: "{{applications[application_id].credentials.generic_secret_key}}"
matrix_homeserver_generic_secret_key: "{{matrix_generic_secret_key}}"
# By default, the playbook manages its own Traefik (https://doc.traefik.io/traefik/) reverse-proxy server.
# It will retrieve SSL certificates for you on-demand and forward requests to all other components.
@ -52,7 +52,7 @@ devture_traefik_config_certificatesResolvers_acme_email: "{{users.administrator.
#
# The playbook creates additional Postgres users and databases (one for each enabled service)
# using this superuser account.
devture_postgres_connection_password: "{{applications[application_id].credentials.database_password}}"
devture_postgres_connection_password: "{{matrix_database_password}}"
# By default, we configure Coturn's external IP address using the value specified for `ansible_host` in your `inventory/hosts` file.
# If this value is an external IP address, you can skip this section.

Some files were not shown because too many files have changed in this diff Show More