kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-06-25 11:45:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: kevinveenbirkenbach:adecee43ec1e752fcacdcc4969dd62aba07ae00e
Branches Tags
kevinveenbirkenbach:master
..
compare: kevinveenbirkenbach:a43d1302acfcafe6976325ce5917bee9d8c7367c
Branches Tags
kevinveenbirkenbach:master

No commits in common. "adecee43ec1e752fcacdcc4969dd62aba07ae00e" and "a43d1302acfcafe6976325ce5917bee9d8c7367c" have entirely different histories.
adecee43ec ... a43d1302ac

25 changed files with 269 additions and 281 deletions
Show Stats Expand all files Collapse all files

79
group_vars/all/07_applications.yml
View File

@ -213,35 +213,38 @@ defaults_applications:
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: false # Disabled by default, because it leads to authentification problems
# LDAP Account Manager
lam:
version: "latest"
# administrator_password: "{{users.administrator.initial_password}}" # CHANGE for security reasons
ldap:
enabled: True # Should have the same value as applications.ldap.network.local.
oauth2_proxy:
enabled: true # Activate the OAuth2 Proxy for the LDAP Webinterface
application: application # Needs to be the same as webinterface
port: 80 # application port
# cookie_secret: None # Set via openssl rand -hex 16
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## LDAP
ldap:
version: "latest"
network:
local: True # Activates local network to allow other docker containers to connect
public: False # Set to true in inventory file if you want to expose the LDAP port to the internet
hostname: "openldap" # Hostname of the LDAP Server in the central_ldap network
lam:
version: "latest"
administrator_password: "{{users.administrator.initial_password}}" # CHANGE for security reasons
openldap:
version: "latest"
network:
local: True # Activates local network to allow other docker containers to connect
public: False # Set to true in inventory file if you want to expose the LDAP port to the internet
hostname: "openldap" # Hostname of the LDAP Server in the central_ldap network
phpldapadmin:
version: "2.0.0-dev" # @todo Attention: Change this as fast as released to latest
webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin
users:
administrator:
username: "{{users.administrator.username}}"
ldap:
enabled: True # Should have the same value as applications.ldap.openldap.network.local.
oauth2_proxy:
enabled: true # Activate the OAuth2 Proxy for the LDAP Webinterface
application: lam # Needs to be the same as webinterface
port: 80 # If you use phpldapadmin set it to 8080
# cookie_secret: None # Set via openssl rand -hex 16
database:
central_storage: false # LDAP doesn't use an database in the current configuration. Propably a good idea to implement one later.
# administrator_password: # CHANGE for security reasons in inventory file
# administrator_database_password: # CHANGE for security reasons in inventory file
force_import: False # Forces the import of the LDIF files
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## Libre Office
libreoffice:
@ -287,14 +290,14 @@ defaults_applications:
## Matomo
matomo:
version: "latest"
version: "latest"
oauth2_proxy:
enabled: false # Deactivated atm. @todo implement
# cookie_secret: None # Set via openssl rand -hex 16
# database_password: Null # Needs to be set in inventory file
# auth_token: Null # Needs to be set in inventory file
enabled: false # Deactivated atm. @todo implement
# cookie_secret: None # Set via openssl rand -hex 16
# database_password: Null # Needs to be set in inventory file
# auth_token: Null # Needs to be set in inventory file
database:
central_storage: True # Activate Central Database Storage
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: false # Activate in inventory file if you want to have the statistics, as soon as matomo is running
css_enabled: false # Not optimized yet for matomo
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
@ -496,7 +499,7 @@ defaults_applications:
enabled: false
integration_gitlab:
# Nextcloud Integration GitLab: connects Nextcloud with GitLab repositories (https://apps.nextcloud.com/apps/integration_gitlab)
enabled: "{{ 'gitlab' in group_names | lower }}"
enabled: "{{ 'gitlab' in group_names in group_names | lower }}"
integration_github:
# Nextcloud Integration GitHub: integrates GitHub repositories with Nextcloud (https://apps.nextcloud.com/apps/integration_github)
enabled: false
@ -650,20 +653,6 @@ defaults_applications:
css_enabled: "{{ css_enabled_default }}" # Enables/Disables global CSS styling
landingpage_iframe_enabled: "{{ landingpage_iframe_enabled_default }}" # Enables/Disables embedding via iframe
## phpLDAPadmin
phpldapadmin:
version: "2.0.0-dev" # @todo Attention: Change this as fast as released to latest
ldap:
enabled: True # Should have the same value as applications.ldap.network.local.
oauth2_proxy:
enabled: true # Activate the OAuth2 Proxy for the LDAP Webinterface
application: application # Needs to be the same as webinterface
port: 8080 # application port
# cookie_secret: None # Set via openssl rand -hex 16
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## PHPMyAdmin
phpmyadmin:
version: "latest" # Use the latest phpmyadmin version
@ -683,10 +672,10 @@ defaults_applications:
## Pixelfed
pixelfed:
titel: "Pictures on {{primary_domain}}"
version: "latest"
titel: "Pictures on {{primary_domain}}"
version: "latest"
database:
central_storage: True # Activate Central Database Storage
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
@ -694,7 +683,7 @@ defaults_applications:
## Postgres
# Please set an version in your inventory file - Rolling release for postgres isn't recommended
postgres:
version: "latest"
database.version: "latest"
portfolio:
database:

102
group_vars/all/09_ports.yml
View File

@ -2,66 +2,62 @@ ports:
# Ports which are exposed to localhost
localhost:
web_socket:
mastodon: 4001
mastodon: 4001
oauth2_proxy:
phpmyadmin: 4181
lam: 4182
openproject: 4183
yourls: 4184
pgadmin: 4185
phpldapadmin: 4186
fusiondirectory: 4187
phpmyadmin: 4181
ldap: 4182
openproject: 4183
yourls: 4184
pgadmin: 4185
ldap:
openldap: 389
openldap: 389
http:
nextcloud: 8001
gitea: 8002
wordpress: 8003
mediawiki: 8004
mybb: 8005
yourls: 8006
mailu: 8007
elk: 8008
mastodon: 8009
pixelfed: 8010
peertube: 8011
funkwhale: 8012
roulette-wheel: 8013
joomla: 8014
attendize: 8015
pgadmin: 8016
baserow: 8017
matomo: 8018
listmonk: 8019
discourse: 8020
matrix_synapse: 8021
matrix_element: 8022
openproject: 8023
gitlab: 8024
akaunting: 8025
moodle: 8026
taiga: 8027
friendica: 8028
portfolio: 8029
bluesky_api: 8030
bluesky_web: 8031
keycloak: 8032
lam: 8033
phpmyadmin: 8034
snipe_it: 8035
sphinx: 8036
phpldapadmin: 8037
fusiondirectory: 8038
bigbluebutton: 48087 # This port is predefined by bbb. @todo Try to change this to a 8XXX port
nextcloud: 8001
gitea: 8002
wordpress: 8003
mediawiki: 8004
mybb: 8005
yourls: 8006
mailu: 8007
elk: 8008
mastodon: 8009
pixelfed: 8010
peertube: 8011
funkwhale: 8012
roulette-wheel: 8013
joomla: 8014
attendize: 8015
pgadmin: 8016
baserow: 8017
matomo: 8018
listmonk: 8019
discourse: 8020
matrix_synapse: 8021
matrix_element: 8022
openproject: 8023
gitlab: 8024
akaunting: 8025
moodle: 8026
taiga: 8027
friendica: 8028
portfolio: 8029
bluesky_api: 8030
bluesky_web: 8031
keycloak: 8032
ldap: 8033
phpmyadmin: 8034
snipe_it: 8035
sphinx: 8036
bigbluebutton: 48087 # This port is predefined by bbb. @todo Try to change this to a 8XXX port
# Ports which are exposed to the World Wide Web
public:
# The following ports should be changed to 22 on the subdomain via stream mapping
ssh:
gitea: 2201
gitlab: 2202
gitea: 2201
gitlab: 2202
ldaps:
openldap: 636
openldap: 636
stun:
bigbluebutton: 3478 # Not sure if it's right placed here or if it should be moved to localhost section
bigbluebutton: 3478 # Not sure if it's right placed here or if it should be moved to localhost section
turn:
bigbluebutton: 5349 # Not sure if it's right placed here or if it should be moved to localhost section
bigbluebutton: 5349 # Not sure if it's right placed here or if it should be moved to localhost section

7
group_vars/all/10_networks.yml
View File

@ -72,13 +72,6 @@ defaults_networks:
subnet: 192.168.102.208/28
sphinx:
subnet: 192.168.102.224/28
lam:
subnet: 192.168.103.0/28
phpldapadmin:
subnet: 192.168.103.16/28
fusiondirectory:
subnet: 192.168.103.32/28
# /24 Networks / 254 Usable Clients
bigbluebutton:
subnet: 10.7.7.0/24 # This variable does not have an impact. It's just there for documentation reasons, because this network is used in bbb

79
roles/docker-central-database/README.md
View File

@ -1,30 +1,71 @@
# Docker Central Database 🐳
# Database Setup Role 🚀
## Description
This Ansible role provides the necessary tasks, files, templates, and variables to set up databases in your Docker Compose environment. It is essential for configuring your application's database, whether using a local or a central instance of **MariaDB** or **PostgreSQL**.
This Ansible role provisions a centralized database system in your Docker Compose environment. It supports both MariaDB and PostgreSQL, providing a robust, scalable, and low-maintenance database solution. Whether you're consolidating your application's data or creating a dedicated central storage, this role simplifies setup and integration.
---
## Overview
Tailored for environments that require a central data repository, this role:
- Loads necessary database variables defined in [vars/database.yml](./vars/database.yml).
- Generates an environment file based on the chosen database engine.
- Integrates seamlessly with Docker Compose to deploy a centralized database container (if enabled).
- **Database Variables**
Defined in [./vars/database.yml](./vars/database.yml), these variables include:
- `database_instance`
- `database_host`
- `database_name`
- `database_username`
- `database_port`
- `database_env`
## Purpose
- **Tasks**
Located in [./tasks/main.yml](./tasks/main.yml), the tasks perform the following:
- Include the Docker Compose role.
- Load database variables.
- Create the environment file for the chosen database from a template.
- Optionally create a central database (if enabled).
The role's purpose is to automate the provisioning and configuration of a centralized database service. This not only reduces manual setup but also ensures consistent, reliable deployment across production and homelab environments.
- **Templates**
- **Environment Files:**
- [PostgreSQL Environment Template](./templates/env/postgres.env.j2)
- [MariaDB Environment Template](./templates/env/mariadb.env.j2)
- **Service Files:**
- [MariaDB Service Template](./templates/services/mariadb.yml.j2)
- [PostgreSQL Service Template](./templates/services/postgres.yml.j2)
## Features
---
- **Supports Multiple Engines:** Easily switch between MariaDB and PostgreSQL.
- **Centralized Data Management:** Improves data consistency and security.
- **Docker Compose Integration:** Automates container setup and configuration.
- **Simplified Variable Management:** Preconfigured templates minimize manual intervention.
## Usage 📋
## Credits 📝
To use this role, include it in your playbook as follows:
Developed and maintained by **Kevin Veen-Birkenbach**.
Learn more at [www.veen.world](https://www.veen.world)
Part of the [CyMaIS Project](https://github.com/kevinveenbirkenbach/cymais)
License: [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl)
```yaml
- hosts: all
roles:
- your_database_role_name
```
When executed, the role will:
1. Load database configuration variables.
2. Generate the appropriate environment file for the database.
3. Incorporate the Docker Compose routines.
4. Create a central database if `applications[application_id].database.central_storage` is set to `true`.
---
## Author
Developed by [Kevin Veen-Birkenbach](https://www.veen.world/) 💻🌐
---
## Acknowledgments & ChatGPT Conversations 🤖💬
This role was created with the assistance of ChatGPT. The following ChatGPT conversations helped shape the design and implementation of this role:
- https://chatgpt.com/share/67a23d18-fb54-800f-983c-d6d00752b0b4
- https://chatgpt.com/share/67a244bb-11e4-800f-980f-5ef0e8b109d7
Feel free to explore these discussions for insights into design decisions and implementation details.
---
Happy automating! 🎉

23
roles/docker-central-database/meta/main.yml
View File

@ -1,23 +0,0 @@
---
galaxy_info:
author: "Kevin Veen-Birkenbach"
description: >-
The Docker Central Database Role lets you quickly provision a centralized database through Docker Compose.
Whether using MariaDB or PostgreSQL, this role provides a reliable, low-maintenance solution that supports your business applications.
license: "CyMaIS NonCommercial License (CNCL)"
license_url: "https://s.veen.world/cncl"
company: "Kevin Veen-Birkenbach Consulting & Coaching Solutions"
min_ansible_version: "2.9"
platforms:
- name: Docker
versions:
- "latest"
galaxy_tags:
- database
- docker
- mariadb
- postgresql
- central-database
repository: "https://s.veen.world/cymais"
issue_tracker_url: "https://s.veen.world/cymaisissues"
documentation: "https://s.veen.world/cymais"

2
roles/docker-central-database/templates/services/postgres.yml.j2
View File

@ -1,7 +1,7 @@
# This template needs to be included in docker-compose.yml, which depend on a postgres database
{% if not applications[application_id].database.central_storage | bool %}
database:
image: postgres:{{applications.postgres.version}}-alpine
image: postgres:{{applications.postgres.database_version}}-alpine
container_name: {{application_id}}-database
env_file:
- {{database_env}}

13
roles/docker-lam/tasks/main.yml
View File

@ -1,13 +0,0 @@
- name: "include docker-compose role"
include_role:
name: docker-compose
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: "copy docker-compose.yml and env file"
include_tasks: copy-docker-compose-and-env.yml

18
roles/docker-lam/templates/docker-compose.yml.j2
View File

@ -1,18 +0,0 @@
services:
{% include 'roles/docker-oauth2-proxy/templates/container.yml.j2' %}
application:
container_name: {{ application_id }}
logging:
driver: journald
restart: {{docker_restart_policy}}
image: ghcr.io/ldapaccountmanager/lam:{{applications[application_id].version}}
ports:
- 127.0.0.1:{{ports.localhost.http[application_id]}}:80
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
{% include 'templates/docker/container/networks.yml.j2' %}
{# include 'templates/docker/compose/volumes.yml.j2' #}
{% include 'templates/docker/compose/networks.yml.j2' %}

14
roles/docker-lam/templates/env.j2
View File

@ -1,14 +0,0 @@
# See all variables here:
# https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env
# Basic Configuration
LAM_PASSWORD= {{applications[application_id].administrator_password}} # LAM configuration master password and password for server profile "lam
# Database
LAM_CONFIGURATION_DATABASE= files # configuration database (files or mysql) @todo implement mariadb
# LDAP Configuration
LDAP_SERVER= {{ldap.server.domain}} # domain of LDAP database root entry
LDAP_BASE_DN= {{ldap.dn.root}} # LDAP base DN to overwrite value generated by LDAP_DOMAIN
LDAP_USER= {{ldap.dn.administrator}} # LDAP admin user (set as login user for LAM)
LDAP_ADMIN_PASSWORD= {{ldap.bind_credential}} # LDAP admin password

1
roles/docker-lam/vars/main.yml
View File

@ -1 +0,0 @@
application_id: "lam"

8
roles/docker-ldap/handlers/main.yml
View File

@ -4,7 +4,7 @@
listen: "Import LDIF files"
# @todo Remove the following ignore errors when setting up a new server
# Just here because debugging would take to much time
# ignore_errors: true
ignore_errors: true
- name: Refint Module Activation for OpenLDAP
shell: >
@ -14,17 +14,17 @@
failed_when: ldapadd_result.rc not in [0, 68]
# @todo Remove the following ignore errors when setting up a new server
# Just here because debugging would take to much time
# ignore_errors: true
ignore_errors: true
- name: Refint Overlay Configuration for OpenLDAP
shell: >
docker exec -i openldap ldapmodify -Y EXTERNAL -H ldapi:/// -f {{ldif_docker_path}}03_member_of_configuration.ldif
docker exec -i openldap modify -Y EXTERNAL -H ldapi:/// -f {{ldif_docker_path}}02_member_of_configuration.ldif
listen: "Import LDIF files"
register: ldapadd_result
failed_when: ldapadd_result.rc not in [0, 68]
# @todo Remove the following ignore errors when setting up a new server
# Just here because debugging would take to much time
# ignore_errors: true
ignore_errors: true
- name: "Import users, groups, etc. to LDAP"
shell: >

33
roles/docker-ldap/tasks/lam.yml Normal file
View File

@ -0,0 +1,33 @@
- name: "load lam variables"
include_vars:
file: lam.yml
- name: "Ensure LAM profiles directory exists"
file:
path: "{{ lam_profiles_dir }}"
state: directory
mode: '0755'
recurse: true
#- name: "create {{docker_compose.directories.env}}lam.env"
# template:
# src: "lam/env.j2"
# dest: "{{docker_compose.directories.env}}lam.env"
# mode: '770'
# force: yes
# notify: docker compose project setup
#
#- name: "create default.group to enable groupOfNames in LAM"
# template:
# src: "lam/default.group.j2"
# dest: "{{ lam_profiles_dir }}/default.group"
# mode: '0644'
# notify: docker compose project setup
#
#- name: "Create groupOfNames.conf to enable groupOfNames as base module in LAM"
# template:
# src: "lam/groupOfNames.conf.j2"
# dest: "{{ lam_profiles_dir }}/groupOfNames.conf"
# mode: '0644'

20
roles/docker-ldap/tasks/main.yml
View File

@ -3,6 +3,13 @@
include_role:
name: docker-compose
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: Create {{domains[application_id]}}.conf if LDAP is exposed to internet
template:
src: "nginx.stream.conf.j2"
@ -23,6 +30,19 @@
ipam_config:
- subnet: "{{ networks.local.central_ldap.subnet }}"
- name: "create {{docker_compose.directories.env}}phpldapadmin.env"
template:
src: "phpldapadmin.env.j2"
dest: "{{docker_compose.directories.env}}phpldapadmin.env"
mode: '770'
force: yes
notify: docker compose project setup
when: applications.ldap.webinterface == 'phpldapadmin'
- name: "execute lam tasks"
include_tasks: lam.yml
when: applications.ldap.webinterface == 'lam'
- name: "copy docker-compose.yml and env file"
include_tasks: copy-docker-compose-and-env.yml

29
roles/docker-ldap/templates/docker-compose.yml.j2
View File

@ -2,11 +2,32 @@ services:
{% include 'roles/docker-oauth2-proxy/templates/container.yml.j2' %}
application:
image: bitnami/openldap:{{ applications[application_id].version }}
container_name: {{ application_id }}
{{applications.ldap.webinterface}}:
container_name: {{applications.ldap.webinterface}}
logging:
driver: journald
restart: {{docker_restart_policy}}
{% if applications.ldap.webinterface == 'lam' %}
image: ghcr.io/ldapaccountmanager/lam:{{applications.ldap.lam.version}}
ports:
- 127.0.0.1:{{ports.localhost.http.ldap}}:80
env_file:
- "{{docker_compose.directories.env}}lam.env"
# volumes:
# - "{{ lam_profiles_dir }}:/var/lib/ldap-account-manager/config/profiles/"
{% elif applications.ldap.webinterface == 'phpldapadmin' %}
image: leenooks/phpldapadmin:{{applications.ldap.phpldapadmin.version}}
ports:
- 127.0.0.1:{{ports.localhost.http.ldap}}:8080
env_file:
- "{{docker_compose.directories.env}}phpldapadmin.env"
{% endif %}
openldap:
image: bitnami/openldap:{{applications.ldap.openldap.version}}
container_name: {{applications.ldap.openldap.hostname}}
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
{% if applications[application_id].network.public | bool %}
{% if applications.ldap.openldap.network.public | bool %}
ports:
- 127.0.0.1:{{ports.localhost.ldap.openldap}}:{{ldap_docker_port}} # Expose just on localhost so that nginx stream proxy can use it
{% endif %}

1
roles/docker-ldap/templates/lam/default.group.j2 Normal file
View File

@ -0,0 +1 @@
Modules: groupOfNames

13
roles/docker-ldap/templates/lam/env.j2 Normal file
View File

@ -0,0 +1,13 @@
# See all variables here: https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env
# Basic Configuration
LAM_PASSWORD= {{applications.ldap.lam.administrator_password}} # LAM configuration master password and password for server profile "lam
# Database
LAM_CONFIGURATION_DATABASE= files # configuration database (files or mysql) @todo implement mariadb
# LDAP Configuration
LDAP_SERVER= {{ldap.server.domain}} # domain of LDAP database root entry
LDAP_BASE_DN= {{ldap.dn.root}} # LDAP base DN to overwrite value generated by LDAP_DOMAIN
LDAP_USER= {{ldap.dn.administrator}} # LDAP admin user (set as login user for LAM)
LDAP_ADMIN_PASSWORD= {{ldap.bind_credential}} # LDAP admin password

5
roles/docker-ldap/templates/lam/groupOfNames.conf.j2 Normal file
View File

@ -0,0 +1,5 @@
type: group
module: groupOfNames
cn: cn
description: description
member: member

0
roles/docker-phpldapadmin/templates/env.j2 → roles/docker-ldap/templates/phpldapadmin.env.j2
View File

1
roles/docker-ldap/vars/lam.yml Normal file
View File

@ -0,0 +1 @@
lam_profiles_dir: "{{ docker_compose.directories.volumes }}lam/config/profiles/"

13
roles/docker-phpldapadmin/tasks/main.yml
View File

@ -1,13 +0,0 @@
- name: "include docker-compose role"
include_role:
name: docker-compose
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: "copy docker-compose.yml and env file"
include_tasks: copy-docker-compose-and-env.yml

19
roles/docker-phpldapadmin/templates/docker-compose.yml.j2
View File

@ -1,19 +0,0 @@
services:
{% include 'roles/docker-oauth2-proxy/templates/container.yml.j2' %}
application:
container_name: {{ application_id }}
logging:
driver: journald
restart: {{docker_restart_policy}}
image: leenooks/phpldapadmin:{{applications[application_id].version}}
ports:
- 127.0.0.1:{{ports.localhost.http[application_id]}}:8080
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
{% include 'templates/docker/container/networks.yml.j2' %}
{% include 'templates/docker/compose/volumes.yml.j2' %}
data:
{% include 'templates/docker/compose/networks.yml.j2' %}

1
roles/docker-phpldapadmin/vars/main.yml
View File

@ -1 +0,0 @@
application_id: "phpldapadmin"

44
roles/docker-postgres/README.md
View File

@ -1,30 +1,30 @@
# PostgreSQL 🐳
## Description
This Ansible role deploys and configures a PostgreSQL database in a Docker container using Docker Compose. It is designed to simplify database administration by automating the creation of networks, containers, and essential database tasks (such as database and user creation) for a secure and high-performance environment.
# Docker-Postgres Ansible Role
## Overview
This Ansible role is designed to deploy a PostgreSQL database using Docker. It includes tasks for setting up a Docker network, installing PostgreSQL in a Docker container, and initializing the database with a specified user and database.
Built for environments that demand reliability and ease of management, this role:
- Sets up a dedicated Docker network for PostgreSQL.
- Deploys a PostgreSQL container with secure configurations and automated healthchecks.
- Automates tasks like database creation, user setup, and privilege assignments to streamline your workflows.
## Role Variables
- `central_postgres_password`: The password for the PostgreSQL superuser (`postgres`).
- `database_name`: Name of the database to be created.
- `database_username`: Username for the database user.
- `database_password`: Password for the database user.
## Purpose
## Role Tasks
1. **Create Docker network for PostgreSQL**: Sets up a Docker network for PostgreSQL communication.
2. **Install PostgreSQL**: Deploys PostgreSQL in a Docker container, attaching it to the created network and setting the superuser password.
3. **Run the docker_postgres tasks once**: Ensures that the tasks are only run once to avoid redundancy.
The purpose of this role is to provide an effortless way to deploy a PostgreSQL database via Docker. It minimizes manual interventions while ensuring that your database is configured securely and reliably for both production and development scenarios.
## Handlers
- **Create database**: Creates a new database with the specified name.
- **Create database user**: Sets up a user with full privileges on the newly created database.
## Features
## Usage
1. Set the required variables in your playbook or inventory file.
2. Include this role in your playbook.
3. Run the playbook against the target host.
- **Automated Deployment:** Installs PostgreSQL with minimal manual steps.
- **Robust Administration:** Automatically creates databases, users, and assigns privileges.
- **Enhanced Security:** The service is bound to `127.0.0.1:5432`, restricting access and enhancing security.
- **Seamless Docker Integration:** Works harmoniously with Docker Compose and other roles in your infrastructure.
## Notes
- The PostgreSQL server is bound to `127.0.0.1:5432` on the host machine, making it accessible only from localhost.
## Credits 📝
Developed by **Kevin Veen-Birkenbach**.
Discover more at [www.veen.world](https://www.veen.world)
Part of the [CyMaIS Project](https://github.com/kevinveenbirkenbach/cymais)
License: [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl)
## Author
This role was created by [Kevin Veen-Birkenbach](https://www.veen.world).

23
roles/docker-postgres/meta/main.yml
View File

@ -1,23 +0,0 @@
---
galaxy_info:
author: "Kevin Veen-Birkenbach"
description: >-
The Docker PostgreSQL Role offers an easy and efficient way to run a PostgreSQL database inside a Docker container.
Manage your data securely and effectively, making it ideal for production or local development.
license: "CyMaIS NonCommercial License (CNCL)"
license_url: "https://s.veen.world/cncl"
company: "Kevin Veen-Birkenbach Consulting & Coaching Solutions"
min_ansible_version: "2.9"
platforms:
- name: Docker
versions:
- "latest"
galaxy_tags:
- postgresql
- docker
- database
- administration
- central-database
repository: "https://s.veen.world/cymais"
issue_tracker_url: "https://s.veen.world/cymaisissues"
documentation: "https://s.veen.world/cymais"

2
roles/docker-postgres/tasks/main.yml
View File

@ -9,7 +9,7 @@
- name: Install PostgreSQL
docker_container:
name: central-postgres
image: "postgres:{{applications.postgres.version}}"
image: "postgres:{{applications.postgres.database_version}}"
detach: yes
env:
POSTGRES_PASSWORD: "{{ central_postgres_password }}"