kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-04-28 18:30:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: kevinveenbirkenbach:ba49c2a840771bea1e389d53a0ecdc73bf635751
Branches Tags
kevinveenbirkenbach:master
..
compare: kevinveenbirkenbach:bdeaf14285e1f49bc6ab095c3139d18ccdfc801f
Branches Tags
kevinveenbirkenbach:master

No commits in common. "ba49c2a840771bea1e389d53a0ecdc73bf635751" and "bdeaf14285e1f49bc6ab095c3139d18ccdfc801f" have entirely different histories.
ba49c2a840 ... bdeaf14285

124 changed files with 243 additions and 449 deletions
Show Stats Expand all files Collapse all files

6
group_vars/all/00_general.yml
View File

@ -10,9 +10,9 @@ primary_domain_sld: "cymais" # Second
primary_domain: "{{primary_domain_sld}}.{{primary_domain_tld}}" # Primary Domain of the server
# Administrator
administrator_username: "administrator" # Username of the administrator
administrator_email: "{{administrator_username}}@{{primary_domain}}" # Email of the administrator
# administrator_initial_password: Null # Example initialisation password needs to be set in inventory file
administrator_username: "administrator" # Username of the administrator
administrator_email: "{{administrator_username}}@{{primary_domain}}" # Email of the administrator
#user_administrator_initial_password: EXAMPLE_PASSWORD_123456 # Example initialisation password needs to be set in inventory file
# Test Email
test_email: "test@{{primary_domain}}"

3
group_vars/all/03_domains.yml
View File

@ -19,7 +19,7 @@ defaults_domains:
keycloak: "auth.{{primary_domain}}"
ldap: "ldap.{{primary_domain}}"
listmonk: "newsletter.{{primary_domain}}"
mailu: "mail.{{primary_domain}}"
mailu: "{{system_email.host}}"
mastodon: "microblog.{{primary_domain}}"
# ATTENTION: Will be owerwritten by the values in domains. Not merged.
mastodon_alternates: ["mastodon.{{primary_domain}}"]
@ -54,7 +54,6 @@ defaults_redirect_domain_mappings:
- { source: "gitea.{{primary_domain}}", target: "{{domains.gitea}}" }
- { source: "keycloak.{{primary_domain}}", target: "{{domains.keycloak}}" }
- { source: "listmonk.{{primary_domain}}", target: "{{domains.listmonk}}" }
- { source: "mail.{{primary_domain}}", target: "{{domains.mailu}}" }
- { source: "moodle.{{primary_domain}}", target: "{{domains.moodle}}" }
- { source: "nextcloud.{{primary_domain}}", target: "{{domains.nextcloud}}" }
- { source: "openproject.{{primary_domain}}", target: "{{domains.openproject}}" }

85
group_vars/all/07_applications.yml
View File

@ -18,20 +18,14 @@ defaults_applications:
company_name: "{{primary_domain}}"
company_email: "{{administrator_email}}"
setup_admin_email: "{{administrator_email}}"
database:
central_storage: True
## Attendize
attendize:
version: "latest"
database:
central_storage: True
## Baserow
baserow:
version: "latest"
database:
central_storage: True
## Big Blue Button
bigbluebutton:
@ -39,8 +33,6 @@ defaults_applications:
setup: false # Set to true in inventory file for initial setup
oidc:
enabled: true # Activate OIDC
database:
central_storage: True
## Bluesky
bluesky:
@ -50,8 +42,6 @@ defaults_applications:
#jwt_secret: # Needs to be defined in inventory file - Use: openssl rand -base64 64 | tr -d '\n'
#plc_rotation_key_k256_private_key_hex: # Needs to be defined in inventory file - Use: openssl rand -hex 32
#admin_password: # Needs to be defined in inventory file - Use: openssl rand -base64 16
database:
central_storage: True
## Discourse:
discourse:
@ -61,35 +51,25 @@ defaults_applications:
# database_password: # Needs to be defined in inventory file
oidc:
enabled: true # Activate OIDC
database:
central_storage: True
## Friendica
friendica:
version: "latest"
oidc:
enabled: true # Activate OIDC. Plugin is not working yet
database:
central_storage: True
## Funkwhale
funkwhale:
version: "1.4.0"
ldap_enabled: True # Enables LDAP by default
database:
central_storage: True
ldap_enabled: True # Enables LDAP by default
## Gitea
gitea:
version: "latest"
database:
central_storage: True
## Gitlab
gitlab:
version: "latest"
database:
central_storage: True
## Joomla
joomla:
@ -99,9 +79,7 @@ defaults_applications:
keycloak:
version: "latest"
administrator_username: "{{administrator_username}}" # Administrator Username for Keycloak
ldap_enabled: True # Enables LDAP by default
database:
central_storage: True
ldap_enabled: True # Enables LDAP by default
# database_password: # Needs to be defined in inventory file
# administrator_password: # Needs to be defined in inventory file
@ -109,7 +87,7 @@ defaults_applications:
ldap:
lam:
version: "latest"
administrator_password: "{{administrator_initial_password}}" # CHANGE for security reasons
administrator_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons
openldap:
version: "latest"
network:
@ -126,8 +104,6 @@ defaults_applications:
enabled: true # Activate the OAuth2 Proxy for the LDAP Webinterface
application: lam # Needs to be the same as webinterface
port: 80 # If you use phpldapadmin set it to 8080
database:
central_storage: false # LDAP doesn't use an database in the current configuration. Propably a good idea to implement one later.
# administrator_password: # CHANGE for security reasons in inventory file
# administrator_database_password: # CHANGE for security reasons in inventory file
@ -137,8 +113,6 @@ defaults_applications:
public_api_activated: False # Security hole. Can be used for spaming
version: "latest" # Docker Image version
setup: false # Set true in inventory file to execute the setup and initializing procedures
database:
central_storage: True
mailu:
version: "2024.06" # Docker Image Version
@ -147,13 +121,11 @@ defaults_applications:
enabled: true # Activate OIDC for Mailu
domain: "{{primary_domain}}" # The main domain from which mails will be send \ email suffix behind @
# I don't know why the database deactivation is necessary
database:
central_storage: False # Deactivate central database for mailu
enable_central_database: False # Deactivate central database for mailu
credentials:
# secret_key: # Set to a randomly generated 16 bytes string
# database_password: # Needs to be set in inventory file
# api_token: # Configures the authentication token. The minimum length is 3 characters. This is a mandatory setting for using the RESTful API.
# initial_administrator_password: # Initial administrator password for setup
## MariaDB
mariadb:
@ -167,17 +139,13 @@ defaults_applications:
# database_password: Null # Needs to be set in inventory file
# auth_token: Null # Needs to be set in inventory file
css:
enabled: false # The css isn't optimized yet for Matomo
database:
central_storage: True
enabled: false # The css isn't optimized yet for Matomo
## Mastodon
mastodon:
version: "latest"
single_user_mode: false # Set true for initial setup
setup: false # Set true in inventory file to execute the setup and initializing procedures
database:
central_storage: True
oidc:
enabled: true # Activate OIDC for Mastodon
credentials:
@ -204,8 +172,6 @@ defaults_applications:
element:
version: "latest"
setup: false # Set true in inventory file to execute the setup and initializing procedures
database:
central_storage: True
## Moodle
moodle:
@ -213,29 +179,19 @@ defaults_applications:
administrator_name: "{{administrator_username}}"
administrator_email: "{{administrator_email}}"
version: "latest"
database:
central_storage: True
## MyBB
mybb:
version: "latest"
database:
central_storage: True
## Nextcloud
nextcloud:
version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
ldap_enabled: True # Enables LDAP by default, missing ansible setup tasks @todo setup
# database_password: Null # Needs to be set in inventory file
oidc:
enabled: true # Activate OIDC for Nextcloud
force_import: False # Forces the import of the LDIF files
database:
central_storage: True
credentials:
# database_password: Null # Needs to be set in inventory file
administrator_username: "{{administrator_username}}"
administrator_initial_password: "{{administrator_initial_password}}"
## OAuth2 Proxy
oauth2_proxy:
@ -252,15 +208,11 @@ defaults_applications:
enabled: true # OpenProject doesn't support OIDC, so this procy in combination with LDAP is needed
application: "proxy"
port: "80"
ldap_enabled: True # Enables LDAP by default
database:
central_storage: True
ldap_enabled: True # Enables LDAP by default
## Peertube
peertube:
version: "bookworm"
database:
central_storage: True
## PHPMyAdmin
phpmyadmin:
@ -270,36 +222,24 @@ defaults_applications:
enabled: true
port: "80"
application: "application"
database:
central_storage: True
## Pixelfed
pixelfed:
titel: "Pictures on {{primary_domain}}"
version: "latest"
database:
central_storage: True
titel: "Pictures on {{primary_domain}}"
version: "latest"
## Postgres
# Please set an version in your inventory file - Rolling release for postgres isn't recommended
postgres:
database.version: "latest"
portfolio:
database:
central_storage: False # Portfolio doesn't use any database
# Snipe-IT
snipe_it:
version: "latest"
database:
central_storage: True
## Taiga
taiga:
version: "latest"
database:
central_storage: True
## YOURLS
yourls:
@ -310,8 +250,7 @@ defaults_applications:
application: "application"
port: "80"
location: "/admin/" # Protects the admin area
database:
central_storage: True
wordpress:
# Deactivate Global theming for wordpress role
@ -321,6 +260,4 @@ defaults_applications:
# May a solution could be to generate a template or css file dedicated
# for wordpress based on the theming values and import it.
css:
enabled: false
database:
central_storage: True
enabled: false

3
group_vars/all/12_storage.yml
View File

@ -1,3 +1,6 @@
## Enable Central Postgress and MariaDB instead of dedicated container per application
enable_central_database: true
## Enable Storage Optimizer for Docker Volumes
enable_system_storage_optimizer: true

5
roles/docker-akaunting/tasks/main.yml
View File

@ -4,11 +4,8 @@
name: docker-central-database
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: "include tasks update-repository-with-files.yml"
include_tasks: update-repository-with-files.yml

2
roles/docker-akaunting/templates/docker-compose.yml.j2
View File

@ -10,7 +10,7 @@ services:
build:
context: .
ports:
- 127.0.0.1:{{ports.localhost.http[application_id]}}:80
- 127.0.0.1:{{http_port}}:80
volumes:
- data:/var/www/html
environment:

2
roles/docker-akaunting/templates/env.j2
View File

@ -1,5 +1,5 @@
# You should change this to match your reverse proxy DNS name and protocol
APP_URL=https://{{domains[application_id]}}
APP_URL=https://{{domain}}
LOCALE={{locale}}
# Don't change this unless you rename your database container or use rootless podman, in case of using rootless podman you should set it to 127.0.0.1 (NOT localhost)

11
roles/docker-attendize/tasks/main.yml
View File

@ -3,20 +3,19 @@
include_role:
name: docker-central-database
- name: "include role for {{application_id}} to recieve certs & do modification routines"
include_role:
name: nginx-https-get-cert-modify-all
- name: "include tasks to receive attendize certbot certificate"
include_role:
name: nginx-https-recieve-certificate
vars:
domain: "{{ item }}"
http_port: "{{ ports.localhost.http[application_id] }}"
loop:
- "{{ domains.mailu }}"
- "{{ domain }}"
- name: configure {{domains[application_id]}}.conf
- name: configure {{domain}}.conf
template:
src: roles/nginx-docker-reverse-proxy/templates/domain.conf.j2
dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
notify: restart nginx
- name: "include tasks update-repository-with-files.yml"

2
roles/docker-attendize/templates/docker-compose.yml.j2
View File

@ -7,7 +7,7 @@ services:
web:
image: "attendize_web:{{applications.attendize.version}}"
ports:
- "{{ports.localhost.http[application_id]}}:80"
- "{{http_port}}:80"
volumes:
- .:/usr/share/nginx/html
- .:/var/www

5
roles/docker-baserow/tasks/main.yml
View File

@ -4,11 +4,8 @@
name: docker-central-database
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: "copy docker-compose.yml and env file"
include_tasks: copy-docker-compose-and-env.yml

2
roles/docker-baserow/templates/docker-compose.yml.j2
View File

@ -11,7 +11,7 @@ services:
volumes:
- data:/baserow/data
ports:
- "{{ports.localhost.http[application_id]}}:80"
- "{{http_port}}:80"
{% include 'templates/docker/container/networks.yml.j2' %}
{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}

4
roles/docker-baserow/vars/main.yml
View File

@ -1,5 +1,3 @@
application_id: "baserow"
database_password: "{{ baserow_database_password }}"
database_type: "postgres"
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
database_type: "postgres"

9
roles/docker-bigbluebutton/tasks/main.yml
View File

@ -9,18 +9,15 @@
#- name: "include task certbot-and-globals.yml"
# include_tasks: certbot-and-globals.yml
#
#- name: configure {{domains[application_id]}}.conf
#- name: configure {{domain}}.conf
# template:
# src: "nginx-proxy.conf.j2"
# dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
# dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
# notify: restart nginx
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: configure websocket_upgrade.conf
copy:

8
roles/docker-bigbluebutton/templates/env.j2
View File

@ -40,7 +40,7 @@ FSESL_PASSWORD={{bigbluebutton_fsesl_password}}
# CONNECTION
# ====================================
DOMAIN={{domains[application_id]}}
DOMAIN={{domain}}
EXTERNAL_IPv4={{networks.internet.ip4}}
# The following line is not tested and could lead to bugs:
@ -53,7 +53,7 @@ STUN_PORT={{ ports.public.stun[application_id] }}
# TURN SERVER
# uncomment and adjust following two lines to add an external TURN server
TURN_SERVER=turns:{{domains[application_id]}}:{{ ports.public.turn[application_id] }}?transport=tcp
TURN_SERVER=turns:{{domain}}:{{ ports.public.turn[application_id] }}?transport=tcp
TURN_SECRET={{bigbluebutton_turn_secret}}
# Allowed SIP IPs
@ -204,7 +204,7 @@ ALLOW_GREENLIGHT_ACCOUNTS=true
# Please refer to your SMTP provider to get the values for the variables below
SMTP_SERVER={{system_email.host}}
SMTP_DOMAIN={{system_email.domain}}
SMTP_DOMAIN={{domain}}
SMTP_PORT={{system_email.port}}
SMTP_USERNAME={{system_email.username}}
SMTP_PASSWORD={{system_email.password}}
@ -290,5 +290,5 @@ DEFAULT_REGISTRATION=invite
OPENID_CONNECT_CLIENT_ID={{oidc.client.id}}
OPENID_CONNECT_CLIENT_SECRET={{oidc.client.secret}}
OPENID_CONNECT_ISSUER={{oidc.client.issuer_url}}
OPENID_CONNECT_REDIRECT=https://{{domains[application_id]}}
OPENID_CONNECT_REDIRECT=https://{{domain}}
{% endif %}

2
roles/docker-central-database/README.md
View File

@ -47,7 +47,7 @@ When executed, the role will:
1. Load database configuration variables.
2. Generate the appropriate environment file for the database.
3. Incorporate the Docker Compose routines.
4. Create a central database if `applications[application_id].database.central_storage` is set to `true`.
4. Create a central database if `enable_central_database` is set to `true`.
---

4
roles/docker-central-database/tasks/main.yml
View File

@ -14,9 +14,9 @@
src: "env/{{database_type}}.env.j2"
dest: "{{database_env}}"
notify: docker compose project build and setup
when: not applications[application_id].database.central_storage | bool
when: not enable_central_database | bool
- name: create central database
include_role:
name: "docker-{{database_type}}"
when: applications[application_id].database.central_storage | bool
when: enable_central_database | bool

2
roles/docker-central-database/templates/services/mariadb.yml.j2
View File

@ -1,5 +1,5 @@
# This template needs to be included in docker-compose.yml, which depend on a mariadb database
{% if not applications[application_id].database.central_storage | bool %}
{% if not enable_central_database | bool %}
database:
container_name: {{application_id}}-database
logging:

2
roles/docker-central-database/templates/services/postgres.yml.j2
View File

@ -1,5 +1,5 @@
# This template needs to be included in docker-compose.yml, which depend on a postgres database
{% if not applications[application_id].database.central_storage | bool %}
{% if not enable_central_database | bool %}
database:
image: postgres:{{applications.postgres.database_version}}-alpine
container_name: {{application_id}}-database

8
roles/docker-central-database/vars/database.yml
View File

@ -1,8 +1,6 @@
database_instance: "{{ 'central-' + database_type if applications[application_id].database.central_storage | bool else application_id }}"
database_host: "{{ 'central-' + database_type if applications[application_id].database.central_storage | bool else 'database' }}"
database_instance: "{{ 'central-' + database_type if enable_central_database | bool else application_id }}"
database_host: "{{ 'central-' + database_type if enable_central_database | bool else 'database' }}"
database_name: "{{ application_id }}"
database_username: "{{ application_id }}"
database_port: "{{ 3306 if database_type == 'mariadb' else 5432 }}"
database_env: "{{docker_compose.directories.env}}{{database_type}}.env"
# Don't set application_id . It would conflict with central database logic
database_env: "{{docker_compose.directories.env}}{{database_type}}.env"

6
roles/docker-compose/handlers/main.yml
View File

@ -28,9 +28,3 @@
COMPOSE_HTTP_TIMEOUT: 600
DOCKER_CLIENT_TIMEOUT: 600
listen: docker compose project build and setup
- name: docker compose restart
command:
cmd: "docker compose restart"
chdir: "{{docker_compose.directories.instance}}"
listen: docker compose restart

13
roles/docker-compose/tasks/main.yml
View File

@ -1,6 +1,19 @@
- name: "load variables from {{ role_path }}/vars/docker-compose.yml for whole play"
include_vars: "{{ role_path }}/vars/docker-compose.yml"
- name: "Set global domain based on application_id"
set_fact:
domain: "{{ domains[application_id] }}"
when:
- application_id in domains
- domains[application_id] is string
# Default case: One domain exists. Some applications like matrix don't have an default domain
- name: "Set global http_port to {{ ports.localhost.http[application_id] }}"
set_fact:
http_port: "{{ ports.localhost.http[application_id] if application_id in ports.localhost.http else None }}"
# Default case: One port exists. Some applications like matrix don't have an default port
- name: "remove {{ docker_compose.directories.instance }} and all its contents"
file:
path: "{{ docker_compose.directories.instance }}"

2
roles/docker-discourse/handlers/main.yml
View File

@ -11,7 +11,7 @@
command:
cmd: "docker network connect {{applications.discourse.network}} central-{{ database_type }}"
ignore_errors: true
when: applications[application_id].database.central_storage | bool
when: enable_central_database | bool
listen: recreate discourse
- name: rebuild discourse

9
roles/docker-discourse/tasks/main.yml
View File

@ -11,11 +11,8 @@
name: docker-central-database
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: "cleanup central database from {{application_id}}_default network"
command:
@ -68,10 +65,10 @@
command:
cmd: "docker network connect central_postgres {{applications.discourse.container}}"
ignore_errors: true
when: applications[application_id].database.central_storage | bool
when: enable_central_database | bool
- name: "remove central database from {{application_id}}_default"
command:
cmd: "docker network disconnect {{applications.discourse.network}} central-{{ database_type }}"
ignore_errors: true
when: applications[application_id].database.central_storage | bool
when: enable_central_database | bool

8
roles/docker-discourse/templates/discourse_application.yml.j2
View File

@ -1,5 +1,5 @@
templates:
{% if not applications[application_id].database.central_storage | bool %}
{% if not enable_central_database | bool %}
- "templates/postgres.template.yml"
{% endif %}
#- "templates/redis.template.yml"
@ -15,7 +15,7 @@ templates:
## If you want Discourse to share a port with another webserver like Apache or nginx,
## see https://meta.discourse.org/t/17247 for details
expose:
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80" # http
- "127.0.0.1:{{http_port}}:80" # http
params:
db_default_text_search_config: "pg_catalog.english"
@ -41,7 +41,7 @@ env:
UNICORN_WORKERS: 8
## Required. Discourse will not work with a bare IP number.
DISCOURSE_HOSTNAME: {{domains[application_id]}}
DISCOURSE_HOSTNAME: {{domain}}
## Uncomment if you want the container to be started with the same
## hostname (-h option) as specified above (default "$hostname-$config")
@ -122,7 +122,7 @@ run:
- exec: rails r "SiteSetting.openid_connect_discovery_document = '{{oidc.client.discovery_document}}'"
- exec: rails r "SiteSetting.openid_connect_client_id = '{{oidc.client.id}}'"
- exec: rails r "SiteSetting.openid_connect_client_secret = '{{oidc.client.secret}}'"
- exec: rails r "SiteSetting.openid_connect_rp_initiated_logout_redirect = 'https://{{domains[application_id]}}'"
- exec: rails r "SiteSetting.openid_connect_rp_initiated_logout_redirect = 'https://{{domain}}'"
- exec: rails r "SiteSetting.openid_connect_allow_association_change = false"
- exec: rails r "SiteSetting.openid_connect_rp_initiated_logout = true"
{% endif %}

5
roles/docker-elk/tasks/main.yml
View File

@ -1,11 +1,8 @@
---
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: create elasticsearch-sysctl.conf
copy:

2
roles/docker-elk/templates/docker-compose.yml.j2
View File

@ -57,7 +57,7 @@ services:
target: /usr/share/kibana/config/kibana.yml
read_only: true
ports:
- "127.0.0.1:{{ports.localhost.http[application_id]}}:5601"
- "127.0.0.1:{{ http_port }}:5601"
depends_on:
- elasticsearch

5
roles/docker-friendica/tasks/main.yml
View File

@ -4,11 +4,8 @@
name: docker-central-database
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: "copy docker-compose.yml and env file"
include_tasks: copy-docker-compose-and-env.yml

4
roles/docker-friendica/templates/docker-compose.yml.j2
View File

@ -8,7 +8,7 @@ services:
volumes:
- data:/var/www/html
ports:
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
- "127.0.0.1:{{http_port}}:80"
healthcheck:
# This health check ensures the test email is sent only once to prevent
# hitting SMTP rate limits due to multiple health check executions.
@ -20,7 +20,7 @@ services:
test:
[
"CMD-SHELL",
"(if [ ! -f /tmp/email_sent ]; then echo 'Subject: testmessage from {{domains[application_id]}}\n\nSUCCESSFULL' | msmtp -t {{test_email}} && touch /tmp/email_sent; fi && curl -f http://127.0.0.1:80) || exit 1"
"(if [ ! -f /tmp/email_sent ]; then echo 'Subject: testmessage from {{domain}}\n\nSUCCESSFULL' | msmtp -t {{test_email}} && touch /tmp/email_sent; fi && curl -f http://127.0.0.1:80) || exit 1"
]
interval: 1m
timeout: 10s

4
roles/docker-friendica/templates/env.j2
View File

@ -1,8 +1,8 @@
# The configuration options can be found here:
# @see https://hub.docker.com/_/friendica
FRIENDICA_URL= https://{{domains[application_id]}}
HOSTNAME= {{domains[application_id]}}
FRIENDICA_URL= https://{{domain}}
HOSTNAME= {{domain}}
FRIENDICA_NO_VALIDATION={{no_validation | lower}}
# Debugging

5
roles/docker-funkwhale/tasks/main.yml
View File

@ -4,11 +4,8 @@
name: docker-central-database
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: "copy docker-compose.yml and env file"
include_tasks: copy-docker-compose-and-env.yml

2
roles/docker-funkwhale/templates/docker-compose.yml.j2
View File

@ -56,7 +56,7 @@ services:
#- "{{static_root}}:{{static_root}}:ro"
ports:
# override those variables in your .env file if needed
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
- "127.0.0.1:{{http_port}}:80"
typesense:
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}

4
roles/docker-funkwhale/templates/env.j2
View File

@ -32,7 +32,7 @@ FUNKWHALE_VERSION={{applications.funkwhale.version}}
FUNKWHALE_API_IP=127.0.0.1
# Assuming that the following variable isn't used anymore.
# @todo remove it if this is true
FUNKWHALE_API_PORT={{ports.localhost.http[application_id]}}:
FUNKWHALE_API_PORT={{http_port}}
# The number of web workers to start in parallel. Higher means you can handle
# more concurrent requests, but also leads to higher CPU/Memory usage
@ -40,7 +40,7 @@ FUNKWHALE_WEB_WORKERS=4
# Replace this by the definitive, public domain you will use for
# your instance. It cannot be changed after initial deployment
# without breaking your instance.
FUNKWHALE_HOSTNAME={{domains[application_id]}}
FUNKWHALE_HOSTNAME={{domain}}
FUNKWHALE_PROTOCOL=https
# Log level (debug, info, warning, error, critical)

5
roles/docker-gitea/tasks/main.yml
View File

@ -4,11 +4,8 @@
name: docker-central-database
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: "copy docker-compose.yml and env file"
include_tasks: copy-docker-compose-and-env.yml

2
roles/docker-gitea/templates/docker-compose.yml.j2
View File

@ -6,7 +6,7 @@ services:
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
image: "gitea/gitea:{{applications.gitea.version}}"
ports:
- "127.0.0.1:{{ports.localhost.http[application_id]}}:3000"
- "127.0.0.1:{{http_port}}:3000"
- "{{ports.public.ssh[application_id]}}:22"
volumes:
- data:/data

6
roles/docker-gitea/templates/env.j2
View File

@ -7,7 +7,7 @@ DB_USER={{database_username}}
DB_PASSWD={{database_password}}
SSH_PORT={{ports.public.ssh[application_id]}}
SSH_LISTEN_PORT=22
DOMAIN={{domains[application_id]}}
SSH_DOMAIN={{domains[application_id]}}
DOMAIN={{domain}}
SSH_DOMAIN={{domain}}
RUN_MODE="{{run_mode}}"
ROOT_URL="https://{{domains[application_id]}}/"
ROOT_URL="https://{{domain}}/"

5
roles/docker-gitlab/tasks/main.yml
View File

@ -4,11 +4,8 @@
name: docker-central-database
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: "copy docker-compose.yml and env file"
include_tasks: copy-docker-compose-and-env.yml

4
roles/docker-gitlab/templates/docker-compose.yml.j2
View File

@ -6,10 +6,10 @@ services:
web:
image: "gitlab/gitlab-ee:{{applications.gitlab.version}}"
hostname: '{{domains[application_id]}}'
hostname: '{{domain}}'
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
ports:
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
- "127.0.0.1:{{http_port}}:80"
- "{{ports.public.ssh[application_id]}}:22"
volumes:
- 'config:/etc/gitlab'

7
roles/docker-jenkins/tasks/main.yml
View File

@ -1,9 +1,6 @@
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: "docker jenkins"
docker_compose:
@ -13,7 +10,7 @@
image: jenkins/jenkins:lts
restart: "{{docker_restart_policy}}"
ports:
- "127.0.0.1:{{ports.localhost.http[application_id]}}:8080"
- "127.0.0.1:{{http_port}}:8080"
volumes:
- jenkins_data:/var/jenkins_home
log_driver: journald

5
roles/docker-joomla/tasks/main.yml
View File

@ -4,11 +4,8 @@
name: docker-central-database
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
loop: "{{ domains }}"
loop_control:
loop_var: domain

2
roles/docker-joomla/templates/docker-compose.yml.j2
View File

@ -8,7 +8,7 @@ services:
volumes:
- data:/var/www/html
ports:
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
- "127.0.0.1:{{http_port}}:80"
{% include 'templates/docker/container/networks.yml.j2' %}
{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}

5
roles/docker-keycloak/tasks/main.yml
View File

@ -4,11 +4,8 @@
name: docker-central-database
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: "copy docker-compose.yml and env file"
include_tasks: copy-docker-compose-and-env.yml

2
roles/docker-keycloak/templates/docker-compose.yml.j2
View File

@ -8,7 +8,7 @@ services:
command: start --import-realm # imports realms on startup
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
ports:
- "127.0.0.1:{{ports.localhost.http[application_id]}}:8080"
- "127.0.0.1:{{http_port}}:8080"
volumes:
- "{{import_directory_host}}:{{import_directory_docker}}"
{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}

2
roles/docker-keycloak/templates/env.j2
View File

@ -2,7 +2,7 @@
# Documentation can be found here:
# @see https://www.keycloak.org/server/containers
KC_HOSTNAME= https://{{domains[application_id]}}
KC_HOSTNAME= https://{{domain}}
KC_HTTP_ENABLED= true
# Health Checks

13
roles/docker-ldap/tasks/main.yml
View File

@ -4,22 +4,19 @@
name: docker-compose
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: Create {{domains[application_id]}}.conf if LDAP is exposed to internet
- name: Create {{domain}}.conf if LDAP is exposed to internet
template:
src: "nginx.stream.conf.j2"
dest: "{{nginx.directories.streams}}{{domains[application_id]}}.conf"
dest: "{{nginx.directories.streams}}{{domain}}.conf"
notify: restart nginx
when: applications.ldap.openldap.network.public | bool
- name: Remove {{domains[application_id]}}.conf if LDAP is not exposed to internet
- name: Remove {{domain}}.conf if LDAP is not exposed to internet
file:
path: "{{ nginx.directories.streams }}{{ domains[application_id] }}.conf"
path: "{{ nginx.directories.streams }}{{ domain }}.conf"
state: absent
when: not applications.ldap.openldap.network.public | bool

2
roles/docker-ldap/templates/phpldapadmin.env.j2
View File

@ -1,3 +1,3 @@
# @See https://github.com/leenooks/phpLDAPadmin/wiki/Docker-Container
APP_URL= https://{{domains[application_id]}}
APP_URL= https://{{domain}}
LDAP_HOST= openldap

5
roles/docker-listmonk/tasks/main.yml
View File

@ -13,11 +13,8 @@
{% endif %}
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: "copy docker-compose.yml and env file"
include_tasks: copy-docker-compose-and-env.yml

2
roles/docker-listmonk/templates/docker-compose.yml.j2
View File

@ -6,7 +6,7 @@ services:
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
image: listmonk/listmonk:{{applications.listmonk.version}}
ports:
- "127.0.0.1:{{ports.localhost.http[application_id]}}:9000"
- "127.0.0.1:{{http_port}}:9000"
volumes:
- {{docker_compose.directories.config}}config.toml:/listmonk/config.toml
{% include 'templates/docker/container/networks.yml.j2' %}

11
roles/docker-mailu/tasks/main.yml
View File

@ -4,11 +4,8 @@
name: docker-central-database
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
vars:
nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size 31M;"
@ -21,9 +18,11 @@
- name: flush docker service
meta: flush_handlers
when: applications.mailu.setup |bool
- name: execute database migration
command:
cmd: "docker compose -p mailu exec admin flask mailu admin admin {{primary_domain}} {{applications.mailu.initial_administrator_password}}"
cmd: "docker compose -p mailu exec admin flask mailu admin admin {{primary_domain}} {{mailu_initial_root_password}}"
chdir: "{{docker_compose.directories.instance}}"
ignore_errors: true
ignore_errors: true
when: applications.mailu.setup |bool

2
roles/docker-mailu/templates/docker-compose.yml.j2
View File

@ -15,7 +15,7 @@ services:
image: {{docker_source}}/nginx:{{applications.mailu.version}}
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
ports:
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
- "127.0.0.1:{{ http_port }}:80"
- "{{networks.internet.ip4}}:25:25"
- "{{networks.internet.ip4}}:465:465"
- "{{networks.internet.ip4}}:587:587"

6
roles/docker-mailu/templates/env.j2
View File

@ -20,7 +20,7 @@ SUBNET={{networks.local.mailu.subnet}}
DOMAIN={{applications.mailu.domain}}
# Hostnames for this server, separated with comas
HOSTNAMES={{domains[application_id]}}
HOSTNAMES={{domain}}
# Postmaster local part (will append the main mail domain)
POSTMASTER=admin
@ -105,7 +105,7 @@ WEB_WEBMAIL=/webmail
SITENAME=Mailservices
# Linked Website URL
WEBSITE=https://{{domains[application_id]}}
WEBSITE=https://{{domain}}
@ -162,7 +162,7 @@ OIDC_ENABLED={{ applications[application_id].oidc.enabled | string | capitalize
# OpenID Connect provider configuration URL
OIDC_PROVIDER_INFO_URL={{oidc.client.issuer_url}}
# OpenID redirect URL if HOSTNAME not matching your login url
OIDC_REDIRECT_URL=https://{{domains[application_id]}}
OIDC_REDIRECT_URL=https://{{domain}}
# OpenID Connect Client ID for Mailu
OIDC_CLIENT_ID={{oidc.client.id}}
# OpenID Connect Client secret for Mailu

10
roles/docker-mailu/vars/main.yml
View File

@ -4,9 +4,11 @@ database_type: "mariadb"
cert_mount_directory: "{{docker_compose.directories.volumes}}certs/"
enable_wildcard_certificate: false
# I don't know why this configuration is necessary.
# Propabldy due to a database migration problem, or dificulties to configure an external db in mailu
# @todo research
enable_central_database: "{{applications.mailu.enable_central_database}}"
# Use dedicated source for oidc if activated
# @see https://github.com/heviat/Mailu-OIDC/tree/2024.06
docker_source: "{{ 'ghcr.io/heviat' if applications[application_id].oidc.enabled | bool else 'ghcr.io/mailu' }}"
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
docker_source: "{{ 'ghcr.io/heviat' if applications[application_id].oidc.enabled | bool else 'ghcr.io/mailu' }}"

6
roles/docker-mastodon/tasks/create-domains.yml
View File

@ -1,6 +1,6 @@
- name: "include role for {{application_id}} to recieve certs & do modification routines"
include_role:
name: nginx-https-get-cert-modify-all
- name: "include role receive certbot certificate"
include_role:
name: nginx-https-recieve-certificate
- name: configure {{domain}}.conf
template:

6
roles/docker-mastodon/tasks/main.yml
View File

@ -3,13 +3,11 @@
include_role:
name: docker-central-database
- name: "include create-domains.yml for mastodon"
- name: "include create-domains.yml"
include_tasks: create-domains.yml
loop: "{{ [domains.mastodon] + domains.mastodon_alternates }}"
loop: "{{ [domain] + domains.mastodon_alternates }}"
loop_control:
loop_var: domain
vars:
http_port: "{{ ports.localhost.http[application_id] }}"
- name: "copy docker-compose.yml and env file"
include_tasks: copy-docker-compose-and-env.yml

2
roles/docker-mastodon/templates/docker-compose.yml.j2
View File

@ -11,7 +11,7 @@ services:
healthcheck:
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
ports:
- "127.0.0.1:{{ports.localhost.http[application_id]}}:3000"
- "127.0.0.1:{{http_port}}:3000"
{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
volumes:
- data:/mastodon/public/system

4
roles/docker-mastodon/templates/env.j2
View File

@ -3,7 +3,7 @@
# @see https://github.com/mastodon/mastodon/blob/main/.env.production.sample
LOCAL_DOMAIN={{domains[application_id]}}
LOCAL_DOMAIN={{domain}}
ALTERNATE_DOMAINS="{{ domains.mastodon_alternates | join(',') }}"
SINGLE_USER_MODE={{applications.mastodon.single_user_mode}}
@ -66,7 +66,7 @@ OIDC_DISCOVERY=true
OIDC_SCOPE="openid,profile,email"
OIDC_UID_FIELD=preferred_username # @see https://stackoverflow.com/questions/72108087/how-to-set-the-username-of-mastodon-by-log-in-via-keycloak
OIDC_CLIENT_ID={{oidc.client.id}}
OIDC_REDIRECT_URI=https://{{domains[application_id]}}/auth/auth/openid_connect/callback
OIDC_REDIRECT_URI=https://{{domain}}/auth/auth/openid_connect/callback
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true
OIDC_CLIENT_SECRET={{oidc.client.secret}}
OMNIAUTH_ONLY=true # uncomment to only use OIDC for login / registration buttons

2
roles/docker-mastodon/templates/mastodon.conf.j2
View File

@ -4,7 +4,7 @@ map $http_upgrade $connection_upgrade {
}
server {
server_name {{domains[application_id]}};
server_name {{domain}};
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}

5
roles/docker-matomo/tasks/main.yml
View File

@ -5,11 +5,8 @@
when: run_once_docker_matomo is not defined
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
when: run_once_docker_matomo is not defined
- name: "copy docker-compose.yml and env file"

2
roles/docker-matrix-ansible/templates/vars.yml.j2
View File

@ -32,7 +32,7 @@ matrix_playbook_ssl_enabled: true
devture_traefik_config_entrypoint_web_secure_enabled: false
# If your reverse-proxy runs on another machine, consider using `0.0.0.0:81`, just `81` or `SOME_IP_ADDRESS_OF_THIS_MACHINE:81`
devture_traefik_container_web_host_bind_port: "127.0.0.1:{{ports.localhost.http[application_id]}}"
devture_traefik_container_web_host_bind_port: "127.0.0.1:{{http_port}}"
# We bind to `127.0.0.1` by default (see above), so trusting `X-Forwarded-*` headers from
# a reverse-proxy running on the local machine is safe enough.

2
roles/docker-matrix-compose/tasks/create-and-seed-database.yml
View File

@ -7,7 +7,7 @@
- name: "create {{database_name}} database"
include_role:
name: docker-postgres
when: applications[application_id].database.central_storage | bool
when: enable_central_database | bool
- name: "include seed-database-to-backup.yml"
include_tasks: "{{ playbook_dir }}/roles/backup-docker-to-local/tasks/seed-database-to-backup.yml"

8
roles/docker-matrix-compose/tasks/main.yml
View File

@ -3,9 +3,9 @@
include_role:
name: docker-central-database
- name: "include role for {{application_id}} to recieve certs & do modification routines"
include_role:
name: nginx-https-get-cert-modify-all
- name: "include role receive certbot certificate"
include_role:
name: nginx-https-recieve-certificate
vars:
domain: "{{domains.matrix_synapse}}"
http_port: "{{ports.localhost.http.matrix_synapse}}"
@ -26,7 +26,7 @@
src: "templates/nginx.conf.j2"
dest: "{{nginx.directories.http.servers}}{{domains.matrix_synapse}}.conf"
vars:
domain: "{{domains.matrix_synapse}}" # Didn't work in the past. May it works now. This does not seem to work @todo Check how to solve without declaring set_fact, seems a bug at templates
# domain: "{{domains.matrix_synapse}}" This does not seem to work @todo Check how to solve without declaring set_fact, seems a bug at templates
http_port: "{{ports.localhost.http.matrix_synapse}}"
notify: restart nginx

5
roles/docker-matrix-compose/templates/nginx.conf.j2
View File

@ -1,10 +1,9 @@
server {
{# Somehow .j2 doesn't interpretate the passed variable right. For this reasons this redeclaration is necessary #}
{# Could be that this is related to the set_fact use #}
# Somehow .j2 doesn't interpretate the passed variable right. For this reasons this redeclaration is necessary
{% set domain = domains.matrix_synapse %}
{% set http_port = ports.localhost.http.matrix_synapse %}
server_name {{domains.matrix_synapse}};
server_name {{domain}};
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
# For the federation port

5
roles/docker-mediawiki/tasks/main.yml
View File

@ -4,11 +4,8 @@
name: docker-central-database
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: add docker-compose.yml
template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml

2
roles/docker-mediawiki/templates/docker-compose.yml.j2
View File

@ -10,7 +10,7 @@ services:
volumes:
- "mediawiki-data:/var/www/html/"
ports:
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
- "127.0.0.1:{{http_port}}:80"
{% include 'templates/docker/container/networks.yml.j2' %}
{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}

5
roles/docker-moodle/tasks/main.yml
View File

@ -4,11 +4,8 @@
name: docker-central-database
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: "copy docker-compose.yml and env file"
include_tasks: copy-docker-compose-and-env.yml

2
roles/docker-moodle/templates/docker-compose.yml.j2
View File

@ -5,7 +5,7 @@ services:
container_name: moodle
image: docker.io/bitnami/moodle:{{applications.moodle.version}}
ports:
- 127.0.0.1:{{ports.localhost.http[application_id]}}:8080
- 127.0.0.1:{{http_port}}:8080
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
volumes:
- 'moodle:/bitnami/moodle'

2
roles/docker-mybb/tasks/main.yml
View File

@ -3,7 +3,7 @@
include_role:
name: docker-central-database
- name: "include tasks setup-domain.yml with {{domains[application_id]}}"
- name: "include tasks setup-domain.yml with {{domain}}"
include_tasks: setup-domain.yml
loop: "{{ mybb_domains + [source_domain] }}"
loop_control:

12
roles/docker-mybb/tasks/setup-domain.yml
View File

@ -1,15 +1,13 @@
{# Recieves https certificate and setup proxy with domain replace #}
# Recieves https certificate and setup proxy with domain replace
- name: "include role receive certbot certificate"
include_role:
name: nginx-https-get-cert
vars:
domain: "{{domains[application_id]}}"
name: nginx-https-recieve-certificate
- name: configure {{domains[application_id]}}.conf
- name: configure {{domain}}.conf
template:
src: "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2"
dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
notify: restart nginx
vars:
nginx_docker_reverse_proxy_extra_configuration: "sub_filter '{{source_domain}}' '{{domains[application_id]}}';"
nginx_docker_reverse_proxy_extra_configuration: "sub_filter '{{source_domain}}' '{{domain}}';"

2
roles/docker-mybb/templates/docker-compose.yml.j2
View File

@ -22,7 +22,7 @@ services:
image: nginx:mainline
restart: {{docker_restart_policy}}
ports:
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
- "127.0.0.1:{{http_port}}:80"
volumes:
- "{{docker_compose_instance_confd_directory}}:{{target_mount_conf_d_directory}}:ro"
- "data:/var/www/html:ro"

11
roles/docker-nextcloud/README.md
View File

@ -84,6 +84,11 @@ docker-compose exec -it database mysql -u nextcloud -D nextcloud -p
docker-compose run --detach --name database --env MYSQL_USER="nextcloud" --env MYSQL_PASSWORD=PASSWORD --env MYSQL_ROOT_PASSWORD=PASSWORD --env MYSQL_DATABASE="nextcloud" -v nextcloud_database:/var/lib/mysql
```
Check the process with:
```sql
show processlist;
```
---
## OCC (Nextcloud Command Line) 🔧
@ -120,12 +125,6 @@ docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mo
OIDC is supported in this role—for example, via **Keycloak**. OIDC-specific tasks are included when enabled, allowing integration of external authentication providers seamlessly.
### Verify OIDC Configuration
```bash
docker compose exec -u www-data application /var/www/html/occ config:app:get sociallogin custom_providers
```
## LDAP
More information: https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html

33
roles/docker-nextcloud/tasks/config.yml
View File

@ -1,33 +0,0 @@
- name: "Substitute http with https in {{ nextcloud_config_file_path }}"
replace:
path: "{{ nextcloud_config_file_path }}"
regexp: "http://{{ domain | regex_escape }}"
replace: "https://{{ domain }}"
notify:
- docker compose restart
#- name: Ensure 'overwriteprotocol' is set to 'https' in Nextcloud {{ nextcloud_config_file_path }}
# block:
# Deactivated because it was really heavy to fix.
# @todo implement
# - name: Check if 'overwriteprotocol' is already set
# lineinfile:
# path: "{{ nextcloud_config_file_path }}"
# regexp: "^\s*overwriteprotocol\s*=>\s*http"
# line: "overwriteprotocol => 'https',"
# backrefs: yes
# state: present
# notify:
# - docker compose restart
#
# - name: Add 'overwriteprotocol' => 'https' if not present
# lineinfile:
# path: "{{ nextcloud_config_file_path }}"
# regexp: "^\s*\);$"
# line: "overwriteprotocol => 'https',"
# insertafter: "^\s*\);$"
# state: present
# notify:
# - docker compose restart
# notify:
# - docker compose restart

13
roles/docker-nextcloud/tasks/main.yml
View File

@ -3,14 +3,14 @@
include_role:
name: docker-central-database
- name: "include role for {{application_id}} to recieve certs & do modification routines"
include_role:
name: nginx-https-get-cert-modify-all
- name: "include role receive certbot certificate"
include_role:
name: nginx-https-recieve-certificate
- name: create nextcloud nginx proxy configuration file
template:
src: "proxy-nginx.conf.j2"
dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
notify: restart nginx
- name: create internal nextcloud nginx configuration
@ -28,7 +28,4 @@
- name: Include LDAP specific tasks
include_tasks: ldap.yml
when: applications[application_id].ldap_enabled | bool
- name: Include Config specific tasks
include_tasks: config.yml
when: applications[application_id].ldap_enabled | bool

7
roles/docker-nextcloud/tasks/oidc.yml
View File

@ -14,13 +14,6 @@
# This configuration allows users to connect multiple accounts to their Nextcloud profile
# using the sociallogin app.
- name: install sociallogin plugin
command: "docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ app:install sociallogin"
ignore_errors: true
- name: enable sociallogin plugin
command: "docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ app:enable sociallogin"
- name: Set custom_providers
command: >
docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ

2
roles/docker-nextcloud/templates/docker-compose.yml.j2
View File

@ -26,7 +26,7 @@ services:
driver: journald
restart: {{docker_restart_policy}}
ports:
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
- "127.0.0.1:{{http_port}}:80"
volumes:
- "{{docker_compose.directories.volumes}}nginx.conf:/etc/nginx/nginx.conf:ro"
volumes_from:

10
roles/docker-nextcloud/templates/env.j2
View File

@ -18,11 +18,5 @@ SMTP_NAME= {{system_email.username}}
SMTP_PASSWORD= {{system_email.password}}
# Email from configuration
MAIL_FROM_ADDRESS= "{{system_email.local}}"
MAIL_DOMAIN= "{{system_email.domain}}"
# Initial Admin Data
NEXTCLOUD_ADMIN_USER= "{{applications[application_id].credentials.administrator_username}}"
NEXTCLOUD_ADMIN_PASSWORD= "{{applications[application_id].credentials.administrator_initial_password}}"
NEXTCLOUD_TRUSTED_DOMAINS= "{{domains[application_id]}}"
MAIL_FROM_ADDRESS=no-reply
MAIL_DOMAIN= {{system_email.domain}}

7
roles/docker-nextcloud/vars/main.yml
View File

@ -1,9 +1,6 @@
---
application_id: "nextcloud"
database_password: "{{applications.nextcloud.credentials.database_password}}"
database_password: "{{applications.nextcloud.database_password}}"
database_type: "mariadb"
nextcloud_application_container_name: "nextcloud-application"
nextcloud_nginx_container_name: "nextcloud-web"
nextcloud_config_file_path: "/var/lib/docker/volumes/nextcloud_data/_data/config/config.php"
domain: "{{domains[application_id]}}"
http_port: "{{ ports.localhost.http[application_id] }}"
nextcloud_nginx_container_name: "nextcloud-web"

5
roles/docker-openproject/tasks/main.yml
View File

@ -4,11 +4,8 @@
name: docker-central-database
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: "Create {{openproject_plugins_service}}"
file:

2
roles/docker-openproject/templates/docker-compose.yml.j2
View File

@ -23,7 +23,7 @@ services:
container_name: openproject-proxy
command: "./docker/prod/proxy"
ports:
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
- "127.0.0.1:{{http_port}}:80"
environment:
APP_HOST: web
depends_on:

2
roles/docker-openproject/templates/env.j2
View File

@ -7,7 +7,7 @@
# https://www.openproject.org/docs/installation-and-operations/configuration/environment/
#
OPENPROJECT_HTTPS=true
OPENPROJECT_HOST__NAME={{domains[application_id]}}
OPENPROJECT_HOST__NAME={{domain}}
OPENPROJECT_RAILS__RELATIVE__URL__ROOT=
IMAP_ENABLED=false
POSTGRES_PASSWORD="{{ database_password }}"

6
roles/docker-peertube/tasks/create-domains.yml
View File

@ -1,6 +1,6 @@
- name: "include role for {{application_id}} to recieve certs & do modification routines"
include_role:
name: nginx-https-get-cert-modify-all
- name: "include role receive certbot certificate"
include_role:
name: nginx-https-recieve-certificate
- name: configure {{domain}}.conf
template:

6
roles/docker-peertube/tasks/main.yml
View File

@ -3,13 +3,11 @@
include_role:
name: docker-central-database
- name: "include create-domains.yml for peertube"
- name: "include create-domains.yml"
include_tasks: create-domains.yml
loop: "{{ [domains.peertube] + domains.peertube_alternates }}"
loop: "{{ [domain] + domains.peertube_alternates }}"
loop_control:
loop_var: domain
vars:
http: "{{ ports.localhost.http[application_id] }}"
- name: "copy docker-compose.yml and env file"
include_tasks: copy-docker-compose-and-env.yml

2
roles/docker-peertube/templates/docker-compose.yml.j2
View File

@ -9,7 +9,7 @@ services:
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
ports:
- "1935:1935" # @todo Add to ports
- "127.0.0.1:{{ports.localhost.http[application_id]}}:9000"
- "127.0.0.1:{{http_port}}:9000"
volumes:
- assets:/app/client/dist
- data:/data

2
roles/docker-peertube/templates/env.j2
View File

@ -8,7 +8,7 @@ PEERTUBE_DB_SSL=false
PEERTUBE_DB_HOSTNAME={{database_host}}
# PeerTube server configuration
PEERTUBE_WEBSERVER_HOSTNAME={{domains[application_id]}}
PEERTUBE_WEBSERVER_HOSTNAME={{domain}}
PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback"]
PEERTUBE_SECRET={{peertube_secret}}

6
roles/docker-peertube/templates/peertube.conf.j2
View File

@ -1,5 +1,5 @@
server {
server_name {{domains[application_id]}};
server_name {{domain}};
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
@ -21,7 +21,7 @@ server {
send_timeout 10m;
#adapt
proxy_pass http://127.0.0.1:{{ports.localhost.http[application_id]}};
proxy_pass http://127.0.0.1:{{http_port}};
}
location / {
@ -62,7 +62,7 @@ server {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:{{ports.localhost.http[application_id]}};
proxy_pass http://127.0.0.1:{{http_port}};
}
location /socket.io {

5
roles/docker-phpmyadmin/tasks/main.yml
View File

@ -4,11 +4,8 @@
name: docker-compose
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: "copy docker-compose.yml and env file"
include_tasks: copy-docker-compose-and-env.yml

2
roles/docker-phpmyadmin/templates/docker-compose.yml.j2
View File

@ -7,7 +7,7 @@ services:
container_name: phpmyadmin
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
ports:
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
- "127.0.0.1:{{http_port}}:80"
{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
{% include 'templates/docker/container/networks.yml.j2' %}
healthcheck:

2
roles/docker-phpmyadmin/vars/main.yml
View File

@ -1,3 +1,3 @@
application_id: "phpmyadmin"
database_type: "mariadb"
database_host: "{{ 'central-' + database_type if applications[application_id].database.central_storage}}"
database_host: "{{ 'central-' + database_type if enable_central_database}}"

5
roles/docker-pixelfed/tasks/main.yml
View File

@ -4,11 +4,8 @@
name: docker-central-database
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: "copy docker-compose.yml and env file"
include_tasks: copy-docker-compose-and-env.yml

2
roles/docker-pixelfed/templates/docker-compose.yml.j2
View File

@ -11,7 +11,7 @@ services:
- "data:/var/www/storage"
- "./env:/var/www/.env"
ports:
- "{{ports.localhost.http[application_id]}}:80"
- "{{http_port}}:80"
{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
{% include 'templates/docker/container/networks.yml.j2' %}
worker:

8
roles/docker-pixelfed/templates/env.j2
View File

@ -5,10 +5,10 @@ APP_KEY={{pixelfed_app_key}}
APP_NAME="{{applications.pixelfed.titel}}"
APP_ENV=production
APP_DEBUG={{enable_debug | string | lower }}
APP_URL=https://{{domains[application_id]}}
APP_DOMAIN="{{domains[application_id]}}"
ADMIN_DOMAIN="{{domains[application_id]}}"
SESSION_DOMAIN="{{domains[application_id]}}"
APP_URL=https://{{domain}}
APP_DOMAIN="{{domain}}"
ADMIN_DOMAIN="{{domain}}"
SESSION_DOMAIN="{{domain}}"
OPEN_REGISTRATION=false
ENFORCE_EMAIL_VERIFICATION=false

5
roles/docker-portfolio/tasks/main.yml
View File

@ -4,11 +4,8 @@
name: docker-compose
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: "include role docker-repository-setup for {{application_id}}"
include_role:

2
roles/docker-portfolio/templates/docker-compose.yml.j2
View File

@ -6,7 +6,7 @@ services:
image: application-portfolio
container_name: portfolio
ports:
- 127.0.0.1:{{ports.localhost.http[application_id]}}:5000
- 127.0.0.1:{{http_port}}:5000
volumes:
- {{docker_repository_path}}app:/app
restart: unless-stopped

2
roles/docker-roulette-wheel/templates/docker-compose.yml.j2
View File

@ -4,5 +4,5 @@ services:
build:
context: .
ports:
- 127.0.0.1:{{ports.localhost.http[application_id]}}:8080
- 127.0.0.1:{{http_port}}:8080
restart: {{docker_restart_policy}}

5
roles/docker-snipe_it/tasks/main.yml
View File

@ -4,11 +4,8 @@
name: docker-central-database
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: "copy docker-compose.yml and env file"
include_tasks: copy-docker-compose-and-env.yml

4
roles/docker-snipe_it/templates/env.j2
View File

@ -5,7 +5,7 @@ APP_ENV=production
APP_DEBUG={{enable_debug | string | lower }}
# Please regenerate the APP_KEY value by calling `docker compose run --rm app php artisan key:generate --show`. Copy paste the value here
APP_KEY={{applications.snipe_it.app_key}}
APP_URL=https://{{domains[application_id]}}
APP_URL=https://{{domain}}
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones - TZ identifier
APP_TIMEZONE='{{timezone}}'
APP_LOCALE={{locale}}
@ -27,7 +27,7 @@ DB_DATABASE={{database_name}}
DB_USERNAME={{database_username}}
DB_PASSWORD={{database_password}}
{% if not applications[application_id].database.central_storage | bool %}
{% if not enable_central_database | bool %}
MYSQL_ROOT_PASSWORD={{database_password}}
DB_PREFIX=null
DB_DUMP_PATH='/usr/bin'

3
roles/docker-snipe_it/vars/main.yml
View File

@ -1,3 +1,4 @@
application_id: "snipe_it"
database_password: "{{applications.snipe_it.database_password}}"
database_type: "mariadb"
database_type: "mariadb"
# enable_central_database: false For debugging reasons here

5
roles/docker-taiga/tasks/main.yml
View File

@ -4,11 +4,8 @@
name: docker-central-database
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
include_role:
name: nginx-domain-setup
vars:
domain: "{{ domains[application_id] }}"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: "include role docker-repository-setup for {{application_id}}"
include_role:

2
roles/docker-taiga/templates/docker-compose.yml.j2
View File

@ -79,7 +79,7 @@ services:
taiga-gateway:
image: nginx:alpine
ports:
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
- "127.0.0.1:{{http_port}}:80"
volumes:
- {{docker_repository_path}}taiga-gateway/taiga.conf:/etc/nginx/conf.d/default.conf
- static-data:/taiga/static

2
roles/docker-taiga/templates/env.j2
View File

@ -1,6 +1,6 @@
# Taiga's URLs - Variables to define where Taiga should be served
TAIGA_SITES_SCHEME = https # serve Taiga using "http" or "https" (secured) connection
TAIGA_SITES_DOMAIN = "{{domains[application_id]}}" # Taiga's base URL
TAIGA_SITES_DOMAIN = "{{domain}}" # Taiga's base URL
TAIGA_SUBPATH = "" # it'll be appended to the TAIGA_DOMAIN (use either "" or a "/subpath")
WEBSOCKETS_SCHEME = wss # events connection protocol (use either "ws" or "wss")

3
roles/docker-wordpress/tasks/main.yml
View File

@ -4,14 +4,13 @@
name: docker-central-database
- name: "include role nginx-domain-setup for {{application_id}}"
include_role:
include_role:
name: nginx-domain-setup
loop: "{{ domains.wordpress }}"
loop_control:
loop_var: domain
vars:
nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size {{wordpress_max_upload_size}};"
http_port: "{{ ports.localhost.http[application_id] }}"
- name: "Transfering upload.ini to {{docker_compose.directories.instance}}"
template:

2
roles/docker-wordpress/templates/docker-compose.yml.j2
View File

@ -9,7 +9,7 @@ services:
build:
context: .
ports:
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
- "127.0.0.1:{{http_port}}:80"
volumes:
- data:/var/www/html
healthcheck:

Some files were not shown because too many files have changed in this diff Show More