kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-06-25 19:55:31 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: kevinveenbirkenbach:a43d1302acfcafe6976325ce5917bee9d8c7367c
Branches Tags
kevinveenbirkenbach:master
..
compare: kevinveenbirkenbach:adecee43ec1e752fcacdcc4969dd62aba07ae00e
Branches Tags
kevinveenbirkenbach:master

2 Commits
a43d1302ac ... adecee43ec

Author SHA1 Message Date
Kevin Veen-Birkenbach
adecee43ec
Implemented README.md's und meta/main.yml and solved bugs 2025-04-08 12:55:53 +02:00
Kevin Veen-Birkenbach
a13bd1883e
In between commit refactoring LDAP, to continue working on other computer 2025-04-08 11:23:16 +02:00
25 changed files with 281 additions and 269 deletions
Show Stats Expand all files Collapse all files

79
group_vars/all/07_applications.yml
View File

@ -213,38 +213,35 @@ defaults_applications:
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: false # Disabled by default, because it leads to authentification problems landingpage_iframe_enabled: false # Disabled by default, because it leads to authentification problems
# LDAP Account Manager
lam:
version: "latest"
# administrator_password: "{{users.administrator.initial_password}}" # CHANGE for security reasons
ldap:
enabled: True # Should have the same value as applications.ldap.network.local.
oauth2_proxy:
enabled: true # Activate the OAuth2 Proxy for the LDAP Webinterface
application: application # Needs to be the same as webinterface
port: 80 # application port
# cookie_secret: None # Set via openssl rand -hex 16
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## LDAP ## LDAP
ldap: ldap:
lam: version: "latest"
version: "latest" network:
administrator_password: "{{users.administrator.initial_password}}" # CHANGE for security reasons local: True # Activates local network to allow other docker containers to connect
openldap: public: False # Set to true in inventory file if you want to expose the LDAP port to the internet
version: "latest" hostname: "openldap" # Hostname of the LDAP Server in the central_ldap network
network:
local: True # Activates local network to allow other docker containers to connect
public: False # Set to true in inventory file if you want to expose the LDAP port to the internet
hostname: "openldap" # Hostname of the LDAP Server in the central_ldap network
phpldapadmin:
version: "2.0.0-dev" # @todo Attention: Change this as fast as released to latest
webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin
users: users:
administrator: administrator:
username: "{{users.administrator.username}}" username: "{{users.administrator.username}}"
ldap:
enabled: True # Should have the same value as applications.ldap.openldap.network.local.
oauth2_proxy:
enabled: true # Activate the OAuth2 Proxy for the LDAP Webinterface
application: lam # Needs to be the same as webinterface
port: 80 # If you use phpldapadmin set it to 8080
# cookie_secret: None # Set via openssl rand -hex 16
database:
central_storage: false # LDAP doesn't use an database in the current configuration. Propably a good idea to implement one later.
# administrator_password: # CHANGE for security reasons in inventory file # administrator_password: # CHANGE for security reasons in inventory file
# administrator_database_password: # CHANGE for security reasons in inventory file # administrator_database_password: # CHANGE for security reasons in inventory file
force_import: False # Forces the import of the LDIF files force_import: False # Forces the import of the LDIF files
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## Libre Office ## Libre Office
libreoffice: libreoffice:
@ -290,14 +287,14 @@ defaults_applications:
## Matomo ## Matomo
matomo: matomo:
version: "latest" version: "latest"
oauth2_proxy: oauth2_proxy:
enabled: false # Deactivated atm. @todo implement enabled: false # Deactivated atm. @todo implement
# cookie_secret: None # Set via openssl rand -hex 16 # cookie_secret: None # Set via openssl rand -hex 16
# database_password: Null # Needs to be set in inventory file # database_password: Null # Needs to be set in inventory file
# auth_token: Null # Needs to be set in inventory file # auth_token: Null # Needs to be set in inventory file
database: database:
central_storage: True # Activate Central Database Storage central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: false # Activate in inventory file if you want to have the statistics, as soon as matomo is running matomo_tracking_enabled: false # Activate in inventory file if you want to have the statistics, as soon as matomo is running
css_enabled: false # Not optimized yet for matomo css_enabled: false # Not optimized yet for matomo
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
@ -499,7 +496,7 @@ defaults_applications:
enabled: false enabled: false
integration_gitlab: integration_gitlab:
# Nextcloud Integration GitLab: connects Nextcloud with GitLab repositories (https://apps.nextcloud.com/apps/integration_gitlab) # Nextcloud Integration GitLab: connects Nextcloud with GitLab repositories (https://apps.nextcloud.com/apps/integration_gitlab)
enabled: "{{ 'gitlab' in group_names in group_names | lower }}" enabled: "{{ 'gitlab' in group_names | lower }}"
integration_github: integration_github:
# Nextcloud Integration GitHub: integrates GitHub repositories with Nextcloud (https://apps.nextcloud.com/apps/integration_github) # Nextcloud Integration GitHub: integrates GitHub repositories with Nextcloud (https://apps.nextcloud.com/apps/integration_github)
enabled: false enabled: false
@ -653,6 +650,20 @@ defaults_applications:
css_enabled: "{{ css_enabled_default }}" # Enables/Disables global CSS styling css_enabled: "{{ css_enabled_default }}" # Enables/Disables global CSS styling
landingpage_iframe_enabled: "{{ landingpage_iframe_enabled_default }}" # Enables/Disables embedding via iframe landingpage_iframe_enabled: "{{ landingpage_iframe_enabled_default }}" # Enables/Disables embedding via iframe
## phpLDAPadmin
phpldapadmin:
version: "2.0.0-dev" # @todo Attention: Change this as fast as released to latest
ldap:
enabled: True # Should have the same value as applications.ldap.network.local.
oauth2_proxy:
enabled: true # Activate the OAuth2 Proxy for the LDAP Webinterface
application: application # Needs to be the same as webinterface
port: 8080 # application port
# cookie_secret: None # Set via openssl rand -hex 16
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## PHPMyAdmin ## PHPMyAdmin
phpmyadmin: phpmyadmin:
version: "latest" # Use the latest phpmyadmin version version: "latest" # Use the latest phpmyadmin version
@ -672,10 +683,10 @@ defaults_applications:
## Pixelfed ## Pixelfed
pixelfed: pixelfed:
titel: "Pictures on {{primary_domain}}" titel: "Pictures on {{primary_domain}}"
version: "latest" version: "latest"
database: database:
central_storage: True # Activate Central Database Storage central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
@ -683,7 +694,7 @@ defaults_applications:
## Postgres ## Postgres
# Please set an version in your inventory file - Rolling release for postgres isn't recommended # Please set an version in your inventory file - Rolling release for postgres isn't recommended
postgres: postgres:
database.version: "latest" version: "latest"
portfolio: portfolio:
database: database:

102
group_vars/all/09_ports.yml
View File

@ -2,62 +2,66 @@ ports:
# Ports which are exposed to localhost # Ports which are exposed to localhost
localhost: localhost:
web_socket: web_socket:
mastodon: 4001 mastodon: 4001
oauth2_proxy: oauth2_proxy:
phpmyadmin: 4181 phpmyadmin: 4181
ldap: 4182 lam: 4182
openproject: 4183 openproject: 4183
yourls: 4184 yourls: 4184
pgadmin: 4185 pgadmin: 4185
phpldapadmin: 4186
fusiondirectory: 4187
ldap: ldap:
openldap: 389 openldap: 389
http: http:
nextcloud: 8001 nextcloud: 8001
gitea: 8002 gitea: 8002
wordpress: 8003 wordpress: 8003
mediawiki: 8004 mediawiki: 8004
mybb: 8005 mybb: 8005
yourls: 8006 yourls: 8006
mailu: 8007 mailu: 8007
elk: 8008 elk: 8008
mastodon: 8009 mastodon: 8009
pixelfed: 8010 pixelfed: 8010
peertube: 8011 peertube: 8011
funkwhale: 8012 funkwhale: 8012
roulette-wheel: 8013 roulette-wheel: 8013
joomla: 8014 joomla: 8014
attendize: 8015 attendize: 8015
pgadmin: 8016 pgadmin: 8016
baserow: 8017 baserow: 8017
matomo: 8018 matomo: 8018
listmonk: 8019 listmonk: 8019
discourse: 8020 discourse: 8020
matrix_synapse: 8021 matrix_synapse: 8021
matrix_element: 8022 matrix_element: 8022
openproject: 8023 openproject: 8023
gitlab: 8024 gitlab: 8024
akaunting: 8025 akaunting: 8025
moodle: 8026 moodle: 8026
taiga: 8027 taiga: 8027
friendica: 8028 friendica: 8028
portfolio: 8029 portfolio: 8029
bluesky_api: 8030 bluesky_api: 8030
bluesky_web: 8031 bluesky_web: 8031
keycloak: 8032 keycloak: 8032
ldap: 8033 lam: 8033
phpmyadmin: 8034 phpmyadmin: 8034
snipe_it: 8035 snipe_it: 8035
sphinx: 8036 sphinx: 8036
bigbluebutton: 48087 # This port is predefined by bbb. @todo Try to change this to a 8XXX port phpldapadmin: 8037
fusiondirectory: 8038
bigbluebutton: 48087 # This port is predefined by bbb. @todo Try to change this to a 8XXX port
# Ports which are exposed to the World Wide Web # Ports which are exposed to the World Wide Web
public: public:
# The following ports should be changed to 22 on the subdomain via stream mapping # The following ports should be changed to 22 on the subdomain via stream mapping
ssh: ssh:
gitea: 2201 gitea: 2201
gitlab: 2202 gitlab: 2202
ldaps: ldaps:
openldap: 636 openldap: 636
stun: stun:
bigbluebutton: 3478 # Not sure if it's right placed here or if it should be moved to localhost section bigbluebutton: 3478 # Not sure if it's right placed here or if it should be moved to localhost section
turn: turn:
bigbluebutton: 5349 # Not sure if it's right placed here or if it should be moved to localhost section bigbluebutton: 5349 # Not sure if it's right placed here or if it should be moved to localhost section

7
group_vars/all/10_networks.yml
View File

@ -72,6 +72,13 @@ defaults_networks:
subnet: 192.168.102.208/28 subnet: 192.168.102.208/28
sphinx: sphinx:
subnet: 192.168.102.224/28 subnet: 192.168.102.224/28
lam:
subnet: 192.168.103.0/28
phpldapadmin:
subnet: 192.168.103.16/28
fusiondirectory:
subnet: 192.168.103.32/28
# /24 Networks / 254 Usable Clients # /24 Networks / 254 Usable Clients
bigbluebutton: bigbluebutton:
subnet: 10.7.7.0/24 # This variable does not have an impact. It's just there for documentation reasons, because this network is used in bbb subnet: 10.7.7.0/24 # This variable does not have an impact. It's just there for documentation reasons, because this network is used in bbb

79
roles/docker-central-database/README.md
View File

@ -1,71 +1,30 @@
# Database Setup Role 🚀 # Docker Central Database 🐳
This Ansible role provides the necessary tasks, files, templates, and variables to set up databases in your Docker Compose environment. It is essential for configuring your application's database, whether using a local or a central instance of **MariaDB** or **PostgreSQL**. ## Description
--- This Ansible role provisions a centralized database system in your Docker Compose environment. It supports both MariaDB and PostgreSQL, providing a robust, scalable, and low-maintenance database solution. Whether you're consolidating your application's data or creating a dedicated central storage, this role simplifies setup and integration.
## Overview ## Overview
- **Database Variables** Tailored for environments that require a central data repository, this role:
Defined in [./vars/database.yml](./vars/database.yml), these variables include: - Loads necessary database variables defined in [vars/database.yml](./vars/database.yml).
- `database_instance` - Generates an environment file based on the chosen database engine.
- `database_host` - Integrates seamlessly with Docker Compose to deploy a centralized database container (if enabled).
- `database_name`
- `database_username`
- `database_port`
- `database_env`
- **Tasks** ## Purpose
Located in [./tasks/main.yml](./tasks/main.yml), the tasks perform the following:
- Include the Docker Compose role.
- Load database variables.
- Create the environment file for the chosen database from a template.
- Optionally create a central database (if enabled).
- **Templates** The role's purpose is to automate the provisioning and configuration of a centralized database service. This not only reduces manual setup but also ensures consistent, reliable deployment across production and homelab environments.
- **Environment Files:**
- [PostgreSQL Environment Template](./templates/env/postgres.env.j2)
- [MariaDB Environment Template](./templates/env/mariadb.env.j2)
- **Service Files:**
- [MariaDB Service Template](./templates/services/mariadb.yml.j2)
- [PostgreSQL Service Template](./templates/services/postgres.yml.j2)
--- ## Features
## Usage 📋 - **Supports Multiple Engines:** Easily switch between MariaDB and PostgreSQL.
- **Centralized Data Management:** Improves data consistency and security.
- **Docker Compose Integration:** Automates container setup and configuration.
- **Simplified Variable Management:** Preconfigured templates minimize manual intervention.
To use this role, include it in your playbook as follows: ## Credits 📝
```yaml Developed and maintained by **Kevin Veen-Birkenbach**.
- hosts: all Learn more at [www.veen.world](https://www.veen.world)
roles: Part of the [CyMaIS Project](https://github.com/kevinveenbirkenbach/cymais)
- your_database_role_name License: [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl)
```
When executed, the role will:
1. Load database configuration variables.
2. Generate the appropriate environment file for the database.
3. Incorporate the Docker Compose routines.
4. Create a central database if `applications[application_id].database.central_storage` is set to `true`.
---
## Author
Developed by [Kevin Veen-Birkenbach](https://www.veen.world/) 💻🌐
---
## Acknowledgments & ChatGPT Conversations 🤖💬
This role was created with the assistance of ChatGPT. The following ChatGPT conversations helped shape the design and implementation of this role:
- https://chatgpt.com/share/67a23d18-fb54-800f-983c-d6d00752b0b4
- https://chatgpt.com/share/67a244bb-11e4-800f-980f-5ef0e8b109d7
Feel free to explore these discussions for insights into design decisions and implementation details.
---
Happy automating! 🎉

23
roles/docker-central-database/meta/main.yml Normal file
View File

@ -0,0 +1,23 @@
---
galaxy_info:
author: "Kevin Veen-Birkenbach"
description: >-
The Docker Central Database Role lets you quickly provision a centralized database through Docker Compose.
Whether using MariaDB or PostgreSQL, this role provides a reliable, low-maintenance solution that supports your business applications.
license: "CyMaIS NonCommercial License (CNCL)"
license_url: "https://s.veen.world/cncl"
company: "Kevin Veen-Birkenbach Consulting & Coaching Solutions"
min_ansible_version: "2.9"
platforms:
- name: Docker
versions:
- "latest"
galaxy_tags:
- database
- docker
- mariadb
- postgresql
- central-database
repository: "https://s.veen.world/cymais"
issue_tracker_url: "https://s.veen.world/cymaisissues"
documentation: "https://s.veen.world/cymais"

2
roles/docker-central-database/templates/services/postgres.yml.j2
View File

@ -1,7 +1,7 @@
# This template needs to be included in docker-compose.yml, which depend on a postgres database # This template needs to be included in docker-compose.yml, which depend on a postgres database
{% if not applications[application_id].database.central_storage | bool %} {% if not applications[application_id].database.central_storage | bool %}
database: database:
image: postgres:{{applications.postgres.database_version}}-alpine image: postgres:{{applications.postgres.version}}-alpine
container_name: {{application_id}}-database container_name: {{application_id}}-database
env_file: env_file:
- {{database_env}} - {{database_env}}

13
roles/docker-lam/tasks/main.yml Normal file
View File

@ -0,0 +1,13 @@
- name: "include docker-compose role"
include_role:
name: docker-compose
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: "copy docker-compose.yml and env file"
include_tasks: copy-docker-compose-and-env.yml

18
roles/docker-lam/templates/docker-compose.yml.j2 Normal file
View File

@ -0,0 +1,18 @@
services:
{% include 'roles/docker-oauth2-proxy/templates/container.yml.j2' %}
application:
container_name: {{ application_id }}
logging:
driver: journald
restart: {{docker_restart_policy}}
image: ghcr.io/ldapaccountmanager/lam:{{applications[application_id].version}}
ports:
- 127.0.0.1:{{ports.localhost.http[application_id]}}:80
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
{% include 'templates/docker/container/networks.yml.j2' %}
{# include 'templates/docker/compose/volumes.yml.j2' #}
{% include 'templates/docker/compose/networks.yml.j2' %}

14
roles/docker-lam/templates/env.j2 Normal file
View File

@ -0,0 +1,14 @@
# See all variables here:
# https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env
# Basic Configuration
LAM_PASSWORD= {{applications[application_id].administrator_password}} # LAM configuration master password and password for server profile "lam
# Database
LAM_CONFIGURATION_DATABASE= files # configuration database (files or mysql) @todo implement mariadb
# LDAP Configuration
LDAP_SERVER= {{ldap.server.domain}} # domain of LDAP database root entry
LDAP_BASE_DN= {{ldap.dn.root}} # LDAP base DN to overwrite value generated by LDAP_DOMAIN
LDAP_USER= {{ldap.dn.administrator}} # LDAP admin user (set as login user for LAM)
LDAP_ADMIN_PASSWORD= {{ldap.bind_credential}} # LDAP admin password

1
roles/docker-lam/vars/main.yml Normal file
View File

@ -0,0 +1 @@
application_id: "lam"

8
roles/docker-ldap/handlers/main.yml
View File

@ -4,7 +4,7 @@
listen: "Import LDIF files" listen: "Import LDIF files"
# @todo Remove the following ignore errors when setting up a new server # @todo Remove the following ignore errors when setting up a new server
# Just here because debugging would take to much time # Just here because debugging would take to much time
ignore_errors: true # ignore_errors: true
- name: Refint Module Activation for OpenLDAP - name: Refint Module Activation for OpenLDAP
shell: > shell: >
@ -14,17 +14,17 @@
failed_when: ldapadd_result.rc not in [0, 68] failed_when: ldapadd_result.rc not in [0, 68]
# @todo Remove the following ignore errors when setting up a new server # @todo Remove the following ignore errors when setting up a new server
# Just here because debugging would take to much time # Just here because debugging would take to much time
ignore_errors: true # ignore_errors: true
- name: Refint Overlay Configuration for OpenLDAP - name: Refint Overlay Configuration for OpenLDAP
shell: > shell: >
docker exec -i openldap modify -Y EXTERNAL -H ldapi:/// -f {{ldif_docker_path}}02_member_of_configuration.ldif docker exec -i openldap ldapmodify -Y EXTERNAL -H ldapi:/// -f {{ldif_docker_path}}03_member_of_configuration.ldif
listen: "Import LDIF files" listen: "Import LDIF files"
register: ldapadd_result register: ldapadd_result
failed_when: ldapadd_result.rc not in [0, 68] failed_when: ldapadd_result.rc not in [0, 68]
# @todo Remove the following ignore errors when setting up a new server # @todo Remove the following ignore errors when setting up a new server
# Just here because debugging would take to much time # Just here because debugging would take to much time
ignore_errors: true # ignore_errors: true
- name: "Import users, groups, etc. to LDAP" - name: "Import users, groups, etc. to LDAP"
shell: > shell: >

33
roles/docker-ldap/tasks/lam.yml
View File

@ -1,33 +0,0 @@
- name: "load lam variables"
include_vars:
file: lam.yml
- name: "Ensure LAM profiles directory exists"
file:
path: "{{ lam_profiles_dir }}"
state: directory
mode: '0755'
recurse: true
#- name: "create {{docker_compose.directories.env}}lam.env"
# template:
# src: "lam/env.j2"
# dest: "{{docker_compose.directories.env}}lam.env"
# mode: '770'
# force: yes
# notify: docker compose project setup
#
#- name: "create default.group to enable groupOfNames in LAM"
# template:
# src: "lam/default.group.j2"
# dest: "{{ lam_profiles_dir }}/default.group"
# mode: '0644'
# notify: docker compose project setup
#
#- name: "Create groupOfNames.conf to enable groupOfNames as base module in LAM"
# template:
# src: "lam/groupOfNames.conf.j2"
# dest: "{{ lam_profiles_dir }}/groupOfNames.conf"
# mode: '0644'

20
roles/docker-ldap/tasks/main.yml
View File

@ -3,13 +3,6 @@
include_role: include_role:
name: docker-compose name: docker-compose
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: Create {{domains[application_id]}}.conf if LDAP is exposed to internet - name: Create {{domains[application_id]}}.conf if LDAP is exposed to internet
template: template:
src: "nginx.stream.conf.j2" src: "nginx.stream.conf.j2"
@ -30,19 +23,6 @@
ipam_config: ipam_config:
- subnet: "{{ networks.local.central_ldap.subnet }}" - subnet: "{{ networks.local.central_ldap.subnet }}"
- name: "create {{docker_compose.directories.env}}phpldapadmin.env"
template:
src: "phpldapadmin.env.j2"
dest: "{{docker_compose.directories.env}}phpldapadmin.env"
mode: '770'
force: yes
notify: docker compose project setup
when: applications.ldap.webinterface == 'phpldapadmin'
- name: "execute lam tasks"
include_tasks: lam.yml
when: applications.ldap.webinterface == 'lam'
- name: "copy docker-compose.yml and env file" - name: "copy docker-compose.yml and env file"
include_tasks: copy-docker-compose-and-env.yml include_tasks: copy-docker-compose-and-env.yml

29
roles/docker-ldap/templates/docker-compose.yml.j2
View File

@ -2,32 +2,11 @@ services:
{% include 'roles/docker-oauth2-proxy/templates/container.yml.j2' %} {% include 'roles/docker-oauth2-proxy/templates/container.yml.j2' %}
{{applications.ldap.webinterface}}: application:
container_name: {{applications.ldap.webinterface}} image: bitnami/openldap:{{ applications[application_id].version }}
logging: container_name: {{ application_id }}
driver: journald
restart: {{docker_restart_policy}}
{% if applications.ldap.webinterface == 'lam' %}
image: ghcr.io/ldapaccountmanager/lam:{{applications.ldap.lam.version}}
ports:
- 127.0.0.1:{{ports.localhost.http.ldap}}:80
env_file:
- "{{docker_compose.directories.env}}lam.env"
# volumes:
# - "{{ lam_profiles_dir }}:/var/lib/ldap-account-manager/config/profiles/"
{% elif applications.ldap.webinterface == 'phpldapadmin' %}
image: leenooks/phpldapadmin:{{applications.ldap.phpldapadmin.version}}
ports:
- 127.0.0.1:{{ports.localhost.http.ldap}}:8080
env_file:
- "{{docker_compose.directories.env}}phpldapadmin.env"
{% endif %}
openldap:
image: bitnami/openldap:{{applications.ldap.openldap.version}}
container_name: {{applications.ldap.openldap.hostname}}
{% include 'roles/docker-compose/templates/services/base.yml.j2' %} {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
{% if applications.ldap.openldap.network.public | bool %} {% if applications[application_id].network.public | bool %}
ports: ports:
- 127.0.0.1:{{ports.localhost.ldap.openldap}}:{{ldap_docker_port}} # Expose just on localhost so that nginx stream proxy can use it - 127.0.0.1:{{ports.localhost.ldap.openldap}}:{{ldap_docker_port}} # Expose just on localhost so that nginx stream proxy can use it
{% endif %} {% endif %}

1
roles/docker-ldap/templates/lam/default.group.j2
View File

@ -1 +0,0 @@
Modules: groupOfNames

13
roles/docker-ldap/templates/lam/env.j2
View File

@ -1,13 +0,0 @@
# See all variables here: https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env
# Basic Configuration
LAM_PASSWORD= {{applications.ldap.lam.administrator_password}} # LAM configuration master password and password for server profile "lam
# Database
LAM_CONFIGURATION_DATABASE= files # configuration database (files or mysql) @todo implement mariadb
# LDAP Configuration
LDAP_SERVER= {{ldap.server.domain}} # domain of LDAP database root entry
LDAP_BASE_DN= {{ldap.dn.root}} # LDAP base DN to overwrite value generated by LDAP_DOMAIN
LDAP_USER= {{ldap.dn.administrator}} # LDAP admin user (set as login user for LAM)
LDAP_ADMIN_PASSWORD= {{ldap.bind_credential}} # LDAP admin password

5
roles/docker-ldap/templates/lam/groupOfNames.conf.j2
View File

@ -1,5 +0,0 @@
type: group
module: groupOfNames
cn: cn
description: description
member: member

1
roles/docker-ldap/vars/lam.yml
View File

@ -1 +0,0 @@
lam_profiles_dir: "{{ docker_compose.directories.volumes }}lam/config/profiles/"

13
roles/docker-phpldapadmin/tasks/main.yml Normal file
View File

@ -0,0 +1,13 @@
- name: "include docker-compose role"
include_role:
name: docker-compose
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: "copy docker-compose.yml and env file"
include_tasks: copy-docker-compose-and-env.yml

19
roles/docker-phpldapadmin/templates/docker-compose.yml.j2 Normal file
View File

@ -0,0 +1,19 @@
services:
{% include 'roles/docker-oauth2-proxy/templates/container.yml.j2' %}
application:
container_name: {{ application_id }}
logging:
driver: journald
restart: {{docker_restart_policy}}
image: leenooks/phpldapadmin:{{applications[application_id].version}}
ports:
- 127.0.0.1:{{ports.localhost.http[application_id]}}:8080
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
{% include 'templates/docker/container/networks.yml.j2' %}
{% include 'templates/docker/compose/volumes.yml.j2' %}
data:
{% include 'templates/docker/compose/networks.yml.j2' %}

0
roles/docker-ldap/templates/phpldapadmin.env.j2 → roles/docker-phpldapadmin/templates/env.j2
View File

1
roles/docker-phpldapadmin/vars/main.yml Normal file
View File

@ -0,0 +1 @@
application_id: "phpldapadmin"

44
roles/docker-postgres/README.md
View File

@ -1,30 +1,30 @@
# Docker-Postgres Ansible Role # PostgreSQL 🐳
## Description
This Ansible role deploys and configures a PostgreSQL database in a Docker container using Docker Compose. It is designed to simplify database administration by automating the creation of networks, containers, and essential database tasks (such as database and user creation) for a secure and high-performance environment.
## Overview ## Overview
This Ansible role is designed to deploy a PostgreSQL database using Docker. It includes tasks for setting up a Docker network, installing PostgreSQL in a Docker container, and initializing the database with a specified user and database.
## Role Variables Built for environments that demand reliability and ease of management, this role:
- `central_postgres_password`: The password for the PostgreSQL superuser (`postgres`). - Sets up a dedicated Docker network for PostgreSQL.
- `database_name`: Name of the database to be created. - Deploys a PostgreSQL container with secure configurations and automated healthchecks.
- `database_username`: Username for the database user. - Automates tasks like database creation, user setup, and privilege assignments to streamline your workflows.
- `database_password`: Password for the database user.
## Role Tasks ## Purpose
1. **Create Docker network for PostgreSQL**: Sets up a Docker network for PostgreSQL communication.
2. **Install PostgreSQL**: Deploys PostgreSQL in a Docker container, attaching it to the created network and setting the superuser password.
3. **Run the docker_postgres tasks once**: Ensures that the tasks are only run once to avoid redundancy.
## Handlers The purpose of this role is to provide an effortless way to deploy a PostgreSQL database via Docker. It minimizes manual interventions while ensuring that your database is configured securely and reliably for both production and development scenarios.
- **Create database**: Creates a new database with the specified name.
- **Create database user**: Sets up a user with full privileges on the newly created database.
## Usage ## Features
1. Set the required variables in your playbook or inventory file.
2. Include this role in your playbook.
3. Run the playbook against the target host.
## Notes - **Automated Deployment:** Installs PostgreSQL with minimal manual steps.
- The PostgreSQL server is bound to `127.0.0.1:5432` on the host machine, making it accessible only from localhost. - **Robust Administration:** Automatically creates databases, users, and assigns privileges.
- **Enhanced Security:** The service is bound to `127.0.0.1:5432`, restricting access and enhancing security.
- **Seamless Docker Integration:** Works harmoniously with Docker Compose and other roles in your infrastructure.
## Author ## Credits 📝
This role was created by [Kevin Veen-Birkenbach](https://www.veen.world).
Developed by **Kevin Veen-Birkenbach**.
Discover more at [www.veen.world](https://www.veen.world)
Part of the [CyMaIS Project](https://github.com/kevinveenbirkenbach/cymais)
License: [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl)

23
roles/docker-postgres/meta/main.yml Normal file
View File

@ -0,0 +1,23 @@
---
galaxy_info:
author: "Kevin Veen-Birkenbach"
description: >-
The Docker PostgreSQL Role offers an easy and efficient way to run a PostgreSQL database inside a Docker container.
Manage your data securely and effectively, making it ideal for production or local development.
license: "CyMaIS NonCommercial License (CNCL)"
license_url: "https://s.veen.world/cncl"
company: "Kevin Veen-Birkenbach Consulting & Coaching Solutions"
min_ansible_version: "2.9"
platforms:
- name: Docker
versions:
- "latest"
galaxy_tags:
- postgresql
- docker
- database
- administration
- central-database
repository: "https://s.veen.world/cymais"
issue_tracker_url: "https://s.veen.world/cymaisissues"
documentation: "https://s.veen.world/cymais"

2
roles/docker-postgres/tasks/main.yml
View File

@ -9,7 +9,7 @@
- name: Install PostgreSQL - name: Install PostgreSQL
docker_container: docker_container:
name: central-postgres name: central-postgres
image: "postgres:{{applications.postgres.database_version}}" image: "postgres:{{applications.postgres.version}}"
detach: yes detach: yes
env: env:
POSTGRES_PASSWORD: "{{ central_postgres_password }}" POSTGRES_PASSWORD: "{{ central_postgres_password }}"