mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-04-28 18:30:24 +02:00
Compare commits
12 Commits
bdeaf14285
...
ba49c2a840
| Author | SHA1 | Date | |
|---|---|---|---|
| ba49c2a840 | |||
| 8afb2a3b84 | |||
| a61fa3e614 | |||
| 8c951f6a19 | |||
| 0805929d41 | |||
| 10b2ead705 | |||
| c4b622ccdb | |||
| 82e69fc7a6 | |||
| 40a30cc927 | |||
| 88194ac3d3 | |||
| 9f41e25166 | |||
| b6eb866b36 |
@ -10,9 +10,9 @@ primary_domain_sld: "cymais" # Second
|
||||
primary_domain: "{{primary_domain_sld}}.{{primary_domain_tld}}" # Primary Domain of the server
|
||||
|
||||
# Administrator
|
||||
administrator_username: "administrator" # Username of the administrator
|
||||
administrator_email: "{{administrator_username}}@{{primary_domain}}" # Email of the administrator
|
||||
#user_administrator_initial_password: EXAMPLE_PASSWORD_123456 # Example initialisation password needs to be set in inventory file
|
||||
administrator_username: "administrator" # Username of the administrator
|
||||
administrator_email: "{{administrator_username}}@{{primary_domain}}" # Email of the administrator
|
||||
# administrator_initial_password: Null # Example initialisation password needs to be set in inventory file
|
||||
|
||||
# Test Email
|
||||
test_email: "test@{{primary_domain}}"
|
||||
|
||||
@ -19,7 +19,7 @@ defaults_domains:
|
||||
keycloak: "auth.{{primary_domain}}"
|
||||
ldap: "ldap.{{primary_domain}}"
|
||||
listmonk: "newsletter.{{primary_domain}}"
|
||||
mailu: "{{system_email.host}}"
|
||||
mailu: "mail.{{primary_domain}}"
|
||||
mastodon: "microblog.{{primary_domain}}"
|
||||
# ATTENTION: Will be owerwritten by the values in domains. Not merged.
|
||||
mastodon_alternates: ["mastodon.{{primary_domain}}"]
|
||||
@ -54,6 +54,7 @@ defaults_redirect_domain_mappings:
|
||||
- { source: "gitea.{{primary_domain}}", target: "{{domains.gitea}}" }
|
||||
- { source: "keycloak.{{primary_domain}}", target: "{{domains.keycloak}}" }
|
||||
- { source: "listmonk.{{primary_domain}}", target: "{{domains.listmonk}}" }
|
||||
- { source: "mail.{{primary_domain}}", target: "{{domains.mailu}}" }
|
||||
- { source: "moodle.{{primary_domain}}", target: "{{domains.moodle}}" }
|
||||
- { source: "nextcloud.{{primary_domain}}", target: "{{domains.nextcloud}}" }
|
||||
- { source: "openproject.{{primary_domain}}", target: "{{domains.openproject}}" }
|
||||
|
||||
@ -18,14 +18,20 @@ defaults_applications:
|
||||
company_name: "{{primary_domain}}"
|
||||
company_email: "{{administrator_email}}"
|
||||
setup_admin_email: "{{administrator_email}}"
|
||||
database:
|
||||
central_storage: True
|
||||
|
||||
## Attendize
|
||||
attendize:
|
||||
version: "latest"
|
||||
database:
|
||||
central_storage: True
|
||||
|
||||
## Baserow
|
||||
baserow:
|
||||
version: "latest"
|
||||
database:
|
||||
central_storage: True
|
||||
|
||||
## Big Blue Button
|
||||
bigbluebutton:
|
||||
@ -33,6 +39,8 @@ defaults_applications:
|
||||
setup: false # Set to true in inventory file for initial setup
|
||||
oidc:
|
||||
enabled: true # Activate OIDC
|
||||
database:
|
||||
central_storage: True
|
||||
|
||||
## Bluesky
|
||||
bluesky:
|
||||
@ -42,6 +50,8 @@ defaults_applications:
|
||||
#jwt_secret: # Needs to be defined in inventory file - Use: openssl rand -base64 64 | tr -d '\n'
|
||||
#plc_rotation_key_k256_private_key_hex: # Needs to be defined in inventory file - Use: openssl rand -hex 32
|
||||
#admin_password: # Needs to be defined in inventory file - Use: openssl rand -base64 16
|
||||
database:
|
||||
central_storage: True
|
||||
|
||||
## Discourse:
|
||||
discourse:
|
||||
@ -51,25 +61,35 @@ defaults_applications:
|
||||
# database_password: # Needs to be defined in inventory file
|
||||
oidc:
|
||||
enabled: true # Activate OIDC
|
||||
database:
|
||||
central_storage: True
|
||||
|
||||
## Friendica
|
||||
friendica:
|
||||
version: "latest"
|
||||
oidc:
|
||||
enabled: true # Activate OIDC. Plugin is not working yet
|
||||
database:
|
||||
central_storage: True
|
||||
|
||||
## Funkwhale
|
||||
funkwhale:
|
||||
version: "1.4.0"
|
||||
ldap_enabled: True # Enables LDAP by default
|
||||
database:
|
||||
central_storage: True
|
||||
|
||||
## Gitea
|
||||
gitea:
|
||||
version: "latest"
|
||||
database:
|
||||
central_storage: True
|
||||
|
||||
## Gitlab
|
||||
gitlab:
|
||||
version: "latest"
|
||||
database:
|
||||
central_storage: True
|
||||
|
||||
## Joomla
|
||||
joomla:
|
||||
@ -80,6 +100,8 @@ defaults_applications:
|
||||
version: "latest"
|
||||
administrator_username: "{{administrator_username}}" # Administrator Username for Keycloak
|
||||
ldap_enabled: True # Enables LDAP by default
|
||||
database:
|
||||
central_storage: True
|
||||
# database_password: # Needs to be defined in inventory file
|
||||
# administrator_password: # Needs to be defined in inventory file
|
||||
|
||||
@ -87,7 +109,7 @@ defaults_applications:
|
||||
ldap:
|
||||
lam:
|
||||
version: "latest"
|
||||
administrator_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons
|
||||
administrator_password: "{{administrator_initial_password}}" # CHANGE for security reasons
|
||||
openldap:
|
||||
version: "latest"
|
||||
network:
|
||||
@ -104,6 +126,8 @@ defaults_applications:
|
||||
enabled: true # Activate the OAuth2 Proxy for the LDAP Webinterface
|
||||
application: lam # Needs to be the same as webinterface
|
||||
port: 80 # If you use phpldapadmin set it to 8080
|
||||
database:
|
||||
central_storage: false # LDAP doesn't use an database in the current configuration. Propably a good idea to implement one later.
|
||||
# administrator_password: # CHANGE for security reasons in inventory file
|
||||
# administrator_database_password: # CHANGE for security reasons in inventory file
|
||||
|
||||
@ -113,6 +137,8 @@ defaults_applications:
|
||||
public_api_activated: False # Security hole. Can be used for spaming
|
||||
version: "latest" # Docker Image version
|
||||
setup: false # Set true in inventory file to execute the setup and initializing procedures
|
||||
database:
|
||||
central_storage: True
|
||||
|
||||
mailu:
|
||||
version: "2024.06" # Docker Image Version
|
||||
@ -121,11 +147,13 @@ defaults_applications:
|
||||
enabled: true # Activate OIDC for Mailu
|
||||
domain: "{{primary_domain}}" # The main domain from which mails will be send \ email suffix behind @
|
||||
# I don't know why the database deactivation is necessary
|
||||
enable_central_database: False # Deactivate central database for mailu
|
||||
database:
|
||||
central_storage: False # Deactivate central database for mailu
|
||||
credentials:
|
||||
# secret_key: # Set to a randomly generated 16 bytes string
|
||||
# database_password: # Needs to be set in inventory file
|
||||
# api_token: # Configures the authentication token. The minimum length is 3 characters. This is a mandatory setting for using the RESTful API.
|
||||
# initial_administrator_password: # Initial administrator password for setup
|
||||
|
||||
## MariaDB
|
||||
mariadb:
|
||||
@ -139,13 +167,17 @@ defaults_applications:
|
||||
# database_password: Null # Needs to be set in inventory file
|
||||
# auth_token: Null # Needs to be set in inventory file
|
||||
css:
|
||||
enabled: false # The css isn't optimized yet for Matomo
|
||||
enabled: false # The css isn't optimized yet for Matomo
|
||||
database:
|
||||
central_storage: True
|
||||
|
||||
## Mastodon
|
||||
mastodon:
|
||||
version: "latest"
|
||||
single_user_mode: false # Set true for initial setup
|
||||
setup: false # Set true in inventory file to execute the setup and initializing procedures
|
||||
database:
|
||||
central_storage: True
|
||||
oidc:
|
||||
enabled: true # Activate OIDC for Mastodon
|
||||
credentials:
|
||||
@ -172,6 +204,8 @@ defaults_applications:
|
||||
element:
|
||||
version: "latest"
|
||||
setup: false # Set true in inventory file to execute the setup and initializing procedures
|
||||
database:
|
||||
central_storage: True
|
||||
|
||||
## Moodle
|
||||
moodle:
|
||||
@ -179,19 +213,29 @@ defaults_applications:
|
||||
administrator_name: "{{administrator_username}}"
|
||||
administrator_email: "{{administrator_email}}"
|
||||
version: "latest"
|
||||
database:
|
||||
central_storage: True
|
||||
|
||||
## MyBB
|
||||
mybb:
|
||||
version: "latest"
|
||||
database:
|
||||
central_storage: True
|
||||
|
||||
## Nextcloud
|
||||
nextcloud:
|
||||
version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
|
||||
ldap_enabled: True # Enables LDAP by default, missing ansible setup tasks @todo setup
|
||||
# database_password: Null # Needs to be set in inventory file
|
||||
oidc:
|
||||
enabled: true # Activate OIDC for Nextcloud
|
||||
force_import: False # Forces the import of the LDIF files
|
||||
database:
|
||||
central_storage: True
|
||||
credentials:
|
||||
# database_password: Null # Needs to be set in inventory file
|
||||
administrator_username: "{{administrator_username}}"
|
||||
administrator_initial_password: "{{administrator_initial_password}}"
|
||||
|
||||
|
||||
## OAuth2 Proxy
|
||||
oauth2_proxy:
|
||||
@ -209,10 +253,14 @@ defaults_applications:
|
||||
application: "proxy"
|
||||
port: "80"
|
||||
ldap_enabled: True # Enables LDAP by default
|
||||
database:
|
||||
central_storage: True
|
||||
|
||||
## Peertube
|
||||
peertube:
|
||||
version: "bookworm"
|
||||
database:
|
||||
central_storage: True
|
||||
|
||||
## PHPMyAdmin
|
||||
phpmyadmin:
|
||||
@ -222,24 +270,36 @@ defaults_applications:
|
||||
enabled: true
|
||||
port: "80"
|
||||
application: "application"
|
||||
database:
|
||||
central_storage: True
|
||||
|
||||
## Pixelfed
|
||||
pixelfed:
|
||||
titel: "Pictures on {{primary_domain}}"
|
||||
version: "latest"
|
||||
titel: "Pictures on {{primary_domain}}"
|
||||
version: "latest"
|
||||
database:
|
||||
central_storage: True
|
||||
|
||||
## Postgres
|
||||
# Please set an version in your inventory file - Rolling release for postgres isn't recommended
|
||||
postgres:
|
||||
database.version: "latest"
|
||||
|
||||
portfolio:
|
||||
database:
|
||||
central_storage: False # Portfolio doesn't use any database
|
||||
|
||||
# Snipe-IT
|
||||
snipe_it:
|
||||
version: "latest"
|
||||
database:
|
||||
central_storage: True
|
||||
|
||||
## Taiga
|
||||
taiga:
|
||||
version: "latest"
|
||||
database:
|
||||
central_storage: True
|
||||
|
||||
## YOURLS
|
||||
yourls:
|
||||
@ -250,7 +310,8 @@ defaults_applications:
|
||||
application: "application"
|
||||
port: "80"
|
||||
location: "/admin/" # Protects the admin area
|
||||
|
||||
database:
|
||||
central_storage: True
|
||||
|
||||
wordpress:
|
||||
# Deactivate Global theming for wordpress role
|
||||
@ -260,4 +321,6 @@ defaults_applications:
|
||||
# May a solution could be to generate a template or css file dedicated
|
||||
# for wordpress based on the theming values and import it.
|
||||
css:
|
||||
enabled: false
|
||||
enabled: false
|
||||
database:
|
||||
central_storage: True
|
||||
@ -1,6 +1,3 @@
|
||||
## Enable Central Postgress and MariaDB instead of dedicated container per application
|
||||
enable_central_database: true
|
||||
|
||||
## Enable Storage Optimizer for Docker Volumes
|
||||
enable_system_storage_optimizer: true
|
||||
|
||||
|
||||
@ -6,6 +6,9 @@
|
||||
- name: "include role nginx-domain-setup for {{application_id}}"
|
||||
include_role:
|
||||
name: nginx-domain-setup
|
||||
vars:
|
||||
domain: "{{ domains[application_id] }}"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
|
||||
- name: "include tasks update-repository-with-files.yml"
|
||||
include_tasks: update-repository-with-files.yml
|
||||
|
||||
@ -10,7 +10,7 @@ services:
|
||||
build:
|
||||
context: .
|
||||
ports:
|
||||
- 127.0.0.1:{{http_port}}:80
|
||||
- 127.0.0.1:{{ports.localhost.http[application_id]}}:80
|
||||
volumes:
|
||||
- data:/var/www/html
|
||||
environment:
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
# You should change this to match your reverse proxy DNS name and protocol
|
||||
APP_URL=https://{{domain}}
|
||||
APP_URL=https://{{domains[application_id]}}
|
||||
LOCALE={{locale}}
|
||||
|
||||
# Don't change this unless you rename your database container or use rootless podman, in case of using rootless podman you should set it to 127.0.0.1 (NOT localhost)
|
||||
|
||||
@ -3,19 +3,20 @@
|
||||
include_role:
|
||||
name: docker-central-database
|
||||
|
||||
- name: "include tasks to receive attendize certbot certificate"
|
||||
- name: "include role for {{application_id}} to recieve certs & do modification routines"
|
||||
include_role:
|
||||
name: nginx-https-recieve-certificate
|
||||
name: nginx-https-get-cert-modify-all
|
||||
vars:
|
||||
domain: "{{ item }}"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
loop:
|
||||
- "{{ domains.mailu }}"
|
||||
- "{{ domain }}"
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
- name: configure {{domains[application_id]}}.conf
|
||||
template:
|
||||
src: roles/nginx-docker-reverse-proxy/templates/domain.conf.j2
|
||||
dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
|
||||
dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
|
||||
notify: restart nginx
|
||||
|
||||
- name: "include tasks update-repository-with-files.yml"
|
||||
|
||||
@ -7,7 +7,7 @@ services:
|
||||
web:
|
||||
image: "attendize_web:{{applications.attendize.version}}"
|
||||
ports:
|
||||
- "{{http_port}}:80"
|
||||
- "{{ports.localhost.http[application_id]}}:80"
|
||||
volumes:
|
||||
- .:/usr/share/nginx/html
|
||||
- .:/var/www
|
||||
|
||||
@ -6,6 +6,9 @@
|
||||
- name: "include role nginx-domain-setup for {{application_id}}"
|
||||
include_role:
|
||||
name: nginx-domain-setup
|
||||
vars:
|
||||
domain: "{{ domains[application_id] }}"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
|
||||
- name: "copy docker-compose.yml and env file"
|
||||
include_tasks: copy-docker-compose-and-env.yml
|
||||
@ -11,7 +11,7 @@ services:
|
||||
volumes:
|
||||
- data:/baserow/data
|
||||
ports:
|
||||
- "{{http_port}}:80"
|
||||
- "{{ports.localhost.http[application_id]}}:80"
|
||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||
{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
|
||||
|
||||
|
||||
@ -1,3 +1,5 @@
|
||||
application_id: "baserow"
|
||||
database_password: "{{ baserow_database_password }}"
|
||||
database_type: "postgres"
|
||||
domain: "{{ domains[application_id] }}"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
@ -9,15 +9,18 @@
|
||||
#- name: "include task certbot-and-globals.yml"
|
||||
# include_tasks: certbot-and-globals.yml
|
||||
#
|
||||
#- name: configure {{domain}}.conf
|
||||
#- name: configure {{domains[application_id]}}.conf
|
||||
# template:
|
||||
# src: "nginx-proxy.conf.j2"
|
||||
# dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
|
||||
# dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
|
||||
# notify: restart nginx
|
||||
|
||||
- name: "include role nginx-domain-setup for {{application_id}}"
|
||||
include_role:
|
||||
name: nginx-domain-setup
|
||||
vars:
|
||||
domain: "{{ domains[application_id] }}"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
|
||||
- name: configure websocket_upgrade.conf
|
||||
copy:
|
||||
|
||||
@ -40,7 +40,7 @@ FSESL_PASSWORD={{bigbluebutton_fsesl_password}}
|
||||
# CONNECTION
|
||||
# ====================================
|
||||
|
||||
DOMAIN={{domain}}
|
||||
DOMAIN={{domains[application_id]}}
|
||||
|
||||
EXTERNAL_IPv4={{networks.internet.ip4}}
|
||||
# The following line is not tested and could lead to bugs:
|
||||
@ -53,7 +53,7 @@ STUN_PORT={{ ports.public.stun[application_id] }}
|
||||
|
||||
# TURN SERVER
|
||||
# uncomment and adjust following two lines to add an external TURN server
|
||||
TURN_SERVER=turns:{{domain}}:{{ ports.public.turn[application_id] }}?transport=tcp
|
||||
TURN_SERVER=turns:{{domains[application_id]}}:{{ ports.public.turn[application_id] }}?transport=tcp
|
||||
TURN_SECRET={{bigbluebutton_turn_secret}}
|
||||
|
||||
# Allowed SIP IPs
|
||||
@ -204,7 +204,7 @@ ALLOW_GREENLIGHT_ACCOUNTS=true
|
||||
# Please refer to your SMTP provider to get the values for the variables below
|
||||
|
||||
SMTP_SERVER={{system_email.host}}
|
||||
SMTP_DOMAIN={{domain}}
|
||||
SMTP_DOMAIN={{system_email.domain}}
|
||||
SMTP_PORT={{system_email.port}}
|
||||
SMTP_USERNAME={{system_email.username}}
|
||||
SMTP_PASSWORD={{system_email.password}}
|
||||
@ -290,5 +290,5 @@ DEFAULT_REGISTRATION=invite
|
||||
OPENID_CONNECT_CLIENT_ID={{oidc.client.id}}
|
||||
OPENID_CONNECT_CLIENT_SECRET={{oidc.client.secret}}
|
||||
OPENID_CONNECT_ISSUER={{oidc.client.issuer_url}}
|
||||
OPENID_CONNECT_REDIRECT=https://{{domain}}
|
||||
OPENID_CONNECT_REDIRECT=https://{{domains[application_id]}}
|
||||
{% endif %}
|
||||
@ -47,7 +47,7 @@ When executed, the role will:
|
||||
1. Load database configuration variables.
|
||||
2. Generate the appropriate environment file for the database.
|
||||
3. Incorporate the Docker Compose routines.
|
||||
4. Create a central database if `enable_central_database` is set to `true`.
|
||||
4. Create a central database if `applications[application_id].database.central_storage` is set to `true`.
|
||||
|
||||
---
|
||||
|
||||
|
||||
@ -14,9 +14,9 @@
|
||||
src: "env/{{database_type}}.env.j2"
|
||||
dest: "{{database_env}}"
|
||||
notify: docker compose project build and setup
|
||||
when: not enable_central_database | bool
|
||||
when: not applications[application_id].database.central_storage | bool
|
||||
|
||||
- name: create central database
|
||||
include_role:
|
||||
name: "docker-{{database_type}}"
|
||||
when: enable_central_database | bool
|
||||
when: applications[application_id].database.central_storage | bool
|
||||
@ -1,5 +1,5 @@
|
||||
# This template needs to be included in docker-compose.yml, which depend on a mariadb database
|
||||
{% if not enable_central_database | bool %}
|
||||
{% if not applications[application_id].database.central_storage | bool %}
|
||||
database:
|
||||
container_name: {{application_id}}-database
|
||||
logging:
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
# This template needs to be included in docker-compose.yml, which depend on a postgres database
|
||||
{% if not enable_central_database | bool %}
|
||||
{% if not applications[application_id].database.central_storage | bool %}
|
||||
database:
|
||||
image: postgres:{{applications.postgres.database_version}}-alpine
|
||||
container_name: {{application_id}}-database
|
||||
|
||||
@ -1,6 +1,8 @@
|
||||
database_instance: "{{ 'central-' + database_type if enable_central_database | bool else application_id }}"
|
||||
database_host: "{{ 'central-' + database_type if enable_central_database | bool else 'database' }}"
|
||||
database_instance: "{{ 'central-' + database_type if applications[application_id].database.central_storage | bool else application_id }}"
|
||||
database_host: "{{ 'central-' + database_type if applications[application_id].database.central_storage | bool else 'database' }}"
|
||||
database_name: "{{ application_id }}"
|
||||
database_username: "{{ application_id }}"
|
||||
database_port: "{{ 3306 if database_type == 'mariadb' else 5432 }}"
|
||||
database_env: "{{docker_compose.directories.env}}{{database_type}}.env"
|
||||
|
||||
# Don't set application_id . It would conflict with central database logic
|
||||
@ -28,3 +28,9 @@
|
||||
COMPOSE_HTTP_TIMEOUT: 600
|
||||
DOCKER_CLIENT_TIMEOUT: 600
|
||||
listen: docker compose project build and setup
|
||||
|
||||
- name: docker compose restart
|
||||
command:
|
||||
cmd: "docker compose restart"
|
||||
chdir: "{{docker_compose.directories.instance}}"
|
||||
listen: docker compose restart
|
||||
|
||||
@ -1,19 +1,6 @@
|
||||
- name: "load variables from {{ role_path }}/vars/docker-compose.yml for whole play"
|
||||
include_vars: "{{ role_path }}/vars/docker-compose.yml"
|
||||
|
||||
- name: "Set global domain based on application_id"
|
||||
set_fact:
|
||||
domain: "{{ domains[application_id] }}"
|
||||
when:
|
||||
- application_id in domains
|
||||
- domains[application_id] is string
|
||||
# Default case: One domain exists. Some applications like matrix don't have an default domain
|
||||
|
||||
- name: "Set global http_port to {{ ports.localhost.http[application_id] }}"
|
||||
set_fact:
|
||||
http_port: "{{ ports.localhost.http[application_id] if application_id in ports.localhost.http else None }}"
|
||||
# Default case: One port exists. Some applications like matrix don't have an default port
|
||||
|
||||
- name: "remove {{ docker_compose.directories.instance }} and all its contents"
|
||||
file:
|
||||
path: "{{ docker_compose.directories.instance }}"
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
command:
|
||||
cmd: "docker network connect {{applications.discourse.network}} central-{{ database_type }}"
|
||||
ignore_errors: true
|
||||
when: enable_central_database | bool
|
||||
when: applications[application_id].database.central_storage | bool
|
||||
listen: recreate discourse
|
||||
|
||||
- name: rebuild discourse
|
||||
|
||||
@ -13,6 +13,9 @@
|
||||
- name: "include role nginx-domain-setup for {{application_id}}"
|
||||
include_role:
|
||||
name: nginx-domain-setup
|
||||
vars:
|
||||
domain: "{{ domains[application_id] }}"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
|
||||
- name: "cleanup central database from {{application_id}}_default network"
|
||||
command:
|
||||
@ -65,10 +68,10 @@
|
||||
command:
|
||||
cmd: "docker network connect central_postgres {{applications.discourse.container}}"
|
||||
ignore_errors: true
|
||||
when: enable_central_database | bool
|
||||
when: applications[application_id].database.central_storage | bool
|
||||
|
||||
- name: "remove central database from {{application_id}}_default"
|
||||
command:
|
||||
cmd: "docker network disconnect {{applications.discourse.network}} central-{{ database_type }}"
|
||||
ignore_errors: true
|
||||
when: enable_central_database | bool
|
||||
when: applications[application_id].database.central_storage | bool
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
templates:
|
||||
{% if not enable_central_database | bool %}
|
||||
{% if not applications[application_id].database.central_storage | bool %}
|
||||
- "templates/postgres.template.yml"
|
||||
{% endif %}
|
||||
#- "templates/redis.template.yml"
|
||||
@ -15,7 +15,7 @@ templates:
|
||||
## If you want Discourse to share a port with another webserver like Apache or nginx,
|
||||
## see https://meta.discourse.org/t/17247 for details
|
||||
expose:
|
||||
- "127.0.0.1:{{http_port}}:80" # http
|
||||
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80" # http
|
||||
|
||||
params:
|
||||
db_default_text_search_config: "pg_catalog.english"
|
||||
@ -41,7 +41,7 @@ env:
|
||||
UNICORN_WORKERS: 8
|
||||
|
||||
## Required. Discourse will not work with a bare IP number.
|
||||
DISCOURSE_HOSTNAME: {{domain}}
|
||||
DISCOURSE_HOSTNAME: {{domains[application_id]}}
|
||||
|
||||
## Uncomment if you want the container to be started with the same
|
||||
## hostname (-h option) as specified above (default "$hostname-$config")
|
||||
@ -122,7 +122,7 @@ run:
|
||||
- exec: rails r "SiteSetting.openid_connect_discovery_document = '{{oidc.client.discovery_document}}'"
|
||||
- exec: rails r "SiteSetting.openid_connect_client_id = '{{oidc.client.id}}'"
|
||||
- exec: rails r "SiteSetting.openid_connect_client_secret = '{{oidc.client.secret}}'"
|
||||
- exec: rails r "SiteSetting.openid_connect_rp_initiated_logout_redirect = 'https://{{domain}}'"
|
||||
- exec: rails r "SiteSetting.openid_connect_rp_initiated_logout_redirect = 'https://{{domains[application_id]}}'"
|
||||
- exec: rails r "SiteSetting.openid_connect_allow_association_change = false"
|
||||
- exec: rails r "SiteSetting.openid_connect_rp_initiated_logout = true"
|
||||
{% endif %}
|
||||
|
||||
@ -3,6 +3,9 @@
|
||||
- name: "include role nginx-domain-setup for {{application_id}}"
|
||||
include_role:
|
||||
name: nginx-domain-setup
|
||||
vars:
|
||||
domain: "{{ domains[application_id] }}"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
|
||||
- name: create elasticsearch-sysctl.conf
|
||||
copy:
|
||||
|
||||
@ -57,7 +57,7 @@ services:
|
||||
target: /usr/share/kibana/config/kibana.yml
|
||||
read_only: true
|
||||
ports:
|
||||
- "127.0.0.1:{{ http_port }}:5601"
|
||||
- "127.0.0.1:{{ports.localhost.http[application_id]}}:5601"
|
||||
depends_on:
|
||||
- elasticsearch
|
||||
|
||||
|
||||
@ -6,6 +6,9 @@
|
||||
- name: "include role nginx-domain-setup for {{application_id}}"
|
||||
include_role:
|
||||
name: nginx-domain-setup
|
||||
vars:
|
||||
domain: "{{ domains[application_id] }}"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
|
||||
- name: "copy docker-compose.yml and env file"
|
||||
include_tasks: copy-docker-compose-and-env.yml
|
||||
|
||||
@ -8,7 +8,7 @@ services:
|
||||
volumes:
|
||||
- data:/var/www/html
|
||||
ports:
|
||||
- "127.0.0.1:{{http_port}}:80"
|
||||
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
|
||||
healthcheck:
|
||||
# This health check ensures the test email is sent only once to prevent
|
||||
# hitting SMTP rate limits due to multiple health check executions.
|
||||
@ -20,7 +20,7 @@ services:
|
||||
test:
|
||||
[
|
||||
"CMD-SHELL",
|
||||
"(if [ ! -f /tmp/email_sent ]; then echo 'Subject: testmessage from {{domain}}\n\nSUCCESSFULL' | msmtp -t {{test_email}} && touch /tmp/email_sent; fi && curl -f http://127.0.0.1:80) || exit 1"
|
||||
"(if [ ! -f /tmp/email_sent ]; then echo 'Subject: testmessage from {{domains[application_id]}}\n\nSUCCESSFULL' | msmtp -t {{test_email}} && touch /tmp/email_sent; fi && curl -f http://127.0.0.1:80) || exit 1"
|
||||
]
|
||||
interval: 1m
|
||||
timeout: 10s
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
# The configuration options can be found here:
|
||||
# @see https://hub.docker.com/_/friendica
|
||||
|
||||
FRIENDICA_URL= https://{{domain}}
|
||||
HOSTNAME= {{domain}}
|
||||
FRIENDICA_URL= https://{{domains[application_id]}}
|
||||
HOSTNAME= {{domains[application_id]}}
|
||||
FRIENDICA_NO_VALIDATION={{no_validation | lower}}
|
||||
|
||||
# Debugging
|
||||
|
||||
@ -6,6 +6,9 @@
|
||||
- name: "include role nginx-domain-setup for {{application_id}}"
|
||||
include_role:
|
||||
name: nginx-domain-setup
|
||||
vars:
|
||||
domain: "{{ domains[application_id] }}"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
|
||||
- name: "copy docker-compose.yml and env file"
|
||||
include_tasks: copy-docker-compose-and-env.yml
|
||||
|
||||
@ -56,7 +56,7 @@ services:
|
||||
#- "{{static_root}}:{{static_root}}:ro"
|
||||
ports:
|
||||
# override those variables in your .env file if needed
|
||||
- "127.0.0.1:{{http_port}}:80"
|
||||
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
|
||||
|
||||
typesense:
|
||||
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||
|
||||
@ -32,7 +32,7 @@ FUNKWHALE_VERSION={{applications.funkwhale.version}}
|
||||
FUNKWHALE_API_IP=127.0.0.1
|
||||
# Assuming that the following variable isn't used anymore.
|
||||
# @todo remove it if this is true
|
||||
FUNKWHALE_API_PORT={{http_port}}
|
||||
FUNKWHALE_API_PORT={{ports.localhost.http[application_id]}}:
|
||||
|
||||
# The number of web workers to start in parallel. Higher means you can handle
|
||||
# more concurrent requests, but also leads to higher CPU/Memory usage
|
||||
@ -40,7 +40,7 @@ FUNKWHALE_WEB_WORKERS=4
|
||||
# Replace this by the definitive, public domain you will use for
|
||||
# your instance. It cannot be changed after initial deployment
|
||||
# without breaking your instance.
|
||||
FUNKWHALE_HOSTNAME={{domain}}
|
||||
FUNKWHALE_HOSTNAME={{domains[application_id]}}
|
||||
FUNKWHALE_PROTOCOL=https
|
||||
|
||||
# Log level (debug, info, warning, error, critical)
|
||||
|
||||
@ -6,6 +6,9 @@
|
||||
- name: "include role nginx-domain-setup for {{application_id}}"
|
||||
include_role:
|
||||
name: nginx-domain-setup
|
||||
vars:
|
||||
domain: "{{ domains[application_id] }}"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
|
||||
- name: "copy docker-compose.yml and env file"
|
||||
include_tasks: copy-docker-compose-and-env.yml
|
||||
|
||||
@ -6,7 +6,7 @@ services:
|
||||
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||
image: "gitea/gitea:{{applications.gitea.version}}"
|
||||
ports:
|
||||
- "127.0.0.1:{{http_port}}:3000"
|
||||
- "127.0.0.1:{{ports.localhost.http[application_id]}}:3000"
|
||||
- "{{ports.public.ssh[application_id]}}:22"
|
||||
volumes:
|
||||
- data:/data
|
||||
|
||||
@ -7,7 +7,7 @@ DB_USER={{database_username}}
|
||||
DB_PASSWD={{database_password}}
|
||||
SSH_PORT={{ports.public.ssh[application_id]}}
|
||||
SSH_LISTEN_PORT=22
|
||||
DOMAIN={{domain}}
|
||||
SSH_DOMAIN={{domain}}
|
||||
DOMAIN={{domains[application_id]}}
|
||||
SSH_DOMAIN={{domains[application_id]}}
|
||||
RUN_MODE="{{run_mode}}"
|
||||
ROOT_URL="https://{{domain}}/"
|
||||
ROOT_URL="https://{{domains[application_id]}}/"
|
||||
@ -6,6 +6,9 @@
|
||||
- name: "include role nginx-domain-setup for {{application_id}}"
|
||||
include_role:
|
||||
name: nginx-domain-setup
|
||||
vars:
|
||||
domain: "{{ domains[application_id] }}"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
|
||||
- name: "copy docker-compose.yml and env file"
|
||||
include_tasks: copy-docker-compose-and-env.yml
|
||||
|
||||
@ -6,10 +6,10 @@ services:
|
||||
|
||||
web:
|
||||
image: "gitlab/gitlab-ee:{{applications.gitlab.version}}"
|
||||
hostname: '{{domain}}'
|
||||
hostname: '{{domains[application_id]}}'
|
||||
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||
ports:
|
||||
- "127.0.0.1:{{http_port}}:80"
|
||||
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
|
||||
- "{{ports.public.ssh[application_id]}}:22"
|
||||
volumes:
|
||||
- 'config:/etc/gitlab'
|
||||
|
||||
@ -1,6 +1,9 @@
|
||||
- name: "include role nginx-domain-setup for {{application_id}}"
|
||||
include_role:
|
||||
name: nginx-domain-setup
|
||||
vars:
|
||||
domain: "{{ domains[application_id] }}"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
|
||||
- name: "docker jenkins"
|
||||
docker_compose:
|
||||
@ -10,7 +13,7 @@
|
||||
image: jenkins/jenkins:lts
|
||||
restart: "{{docker_restart_policy}}"
|
||||
ports:
|
||||
- "127.0.0.1:{{http_port}}:8080"
|
||||
- "127.0.0.1:{{ports.localhost.http[application_id]}}:8080"
|
||||
volumes:
|
||||
- jenkins_data:/var/jenkins_home
|
||||
log_driver: journald
|
||||
|
||||
@ -6,6 +6,9 @@
|
||||
- name: "include role nginx-domain-setup for {{application_id}}"
|
||||
include_role:
|
||||
name: nginx-domain-setup
|
||||
vars:
|
||||
domain: "{{ domains[application_id] }}"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
loop: "{{ domains }}"
|
||||
loop_control:
|
||||
loop_var: domain
|
||||
|
||||
@ -8,7 +8,7 @@ services:
|
||||
volumes:
|
||||
- data:/var/www/html
|
||||
ports:
|
||||
- "127.0.0.1:{{http_port}}:80"
|
||||
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
|
||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||
{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
|
||||
|
||||
|
||||
@ -6,6 +6,9 @@
|
||||
- name: "include role nginx-domain-setup for {{application_id}}"
|
||||
include_role:
|
||||
name: nginx-domain-setup
|
||||
vars:
|
||||
domain: "{{ domains[application_id] }}"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
|
||||
- name: "copy docker-compose.yml and env file"
|
||||
include_tasks: copy-docker-compose-and-env.yml
|
||||
|
||||
@ -8,7 +8,7 @@ services:
|
||||
command: start --import-realm # imports realms on startup
|
||||
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||
ports:
|
||||
- "127.0.0.1:{{http_port}}:8080"
|
||||
- "127.0.0.1:{{ports.localhost.http[application_id]}}:8080"
|
||||
volumes:
|
||||
- "{{import_directory_host}}:{{import_directory_docker}}"
|
||||
{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
# Documentation can be found here:
|
||||
# @see https://www.keycloak.org/server/containers
|
||||
|
||||
KC_HOSTNAME= https://{{domain}}
|
||||
KC_HOSTNAME= https://{{domains[application_id]}}
|
||||
KC_HTTP_ENABLED= true
|
||||
|
||||
# Health Checks
|
||||
|
||||
@ -6,17 +6,20 @@
|
||||
- name: "include role nginx-domain-setup for {{application_id}}"
|
||||
include_role:
|
||||
name: nginx-domain-setup
|
||||
vars:
|
||||
domain: "{{ domains[application_id] }}"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
|
||||
- name: Create {{domain}}.conf if LDAP is exposed to internet
|
||||
- name: Create {{domains[application_id]}}.conf if LDAP is exposed to internet
|
||||
template:
|
||||
src: "nginx.stream.conf.j2"
|
||||
dest: "{{nginx.directories.streams}}{{domain}}.conf"
|
||||
dest: "{{nginx.directories.streams}}{{domains[application_id]}}.conf"
|
||||
notify: restart nginx
|
||||
when: applications.ldap.openldap.network.public | bool
|
||||
|
||||
- name: Remove {{domain}}.conf if LDAP is not exposed to internet
|
||||
- name: Remove {{domains[application_id]}}.conf if LDAP is not exposed to internet
|
||||
file:
|
||||
path: "{{ nginx.directories.streams }}{{ domain }}.conf"
|
||||
path: "{{ nginx.directories.streams }}{{ domains[application_id] }}.conf"
|
||||
state: absent
|
||||
when: not applications.ldap.openldap.network.public | bool
|
||||
|
||||
|
||||
@ -1,3 +1,3 @@
|
||||
# @See https://github.com/leenooks/phpLDAPadmin/wiki/Docker-Container
|
||||
APP_URL= https://{{domain}}
|
||||
APP_URL= https://{{domains[application_id]}}
|
||||
LDAP_HOST= openldap
|
||||
@ -15,6 +15,9 @@
|
||||
- name: "include role nginx-domain-setup for {{application_id}}"
|
||||
include_role:
|
||||
name: nginx-domain-setup
|
||||
vars:
|
||||
domain: "{{ domains[application_id] }}"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
|
||||
- name: "copy docker-compose.yml and env file"
|
||||
include_tasks: copy-docker-compose-and-env.yml
|
||||
|
||||
@ -6,7 +6,7 @@ services:
|
||||
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||
image: listmonk/listmonk:{{applications.listmonk.version}}
|
||||
ports:
|
||||
- "127.0.0.1:{{http_port}}:9000"
|
||||
- "127.0.0.1:{{ports.localhost.http[application_id]}}:9000"
|
||||
volumes:
|
||||
- {{docker_compose.directories.config}}config.toml:/listmonk/config.toml
|
||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||
|
||||
@ -6,6 +6,9 @@
|
||||
- name: "include role nginx-domain-setup for {{application_id}}"
|
||||
include_role:
|
||||
name: nginx-domain-setup
|
||||
vars:
|
||||
domain: "{{ domains[application_id] }}"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
vars:
|
||||
nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size 31M;"
|
||||
|
||||
@ -18,11 +21,9 @@
|
||||
|
||||
- name: flush docker service
|
||||
meta: flush_handlers
|
||||
when: applications.mailu.setup |bool
|
||||
|
||||
- name: execute database migration
|
||||
command:
|
||||
cmd: "docker compose -p mailu exec admin flask mailu admin admin {{primary_domain}} {{mailu_initial_root_password}}"
|
||||
cmd: "docker compose -p mailu exec admin flask mailu admin admin {{primary_domain}} {{applications.mailu.initial_administrator_password}}"
|
||||
chdir: "{{docker_compose.directories.instance}}"
|
||||
ignore_errors: true
|
||||
when: applications.mailu.setup |bool
|
||||
@ -15,7 +15,7 @@ services:
|
||||
image: {{docker_source}}/nginx:{{applications.mailu.version}}
|
||||
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||
ports:
|
||||
- "127.0.0.1:{{ http_port }}:80"
|
||||
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
|
||||
- "{{networks.internet.ip4}}:25:25"
|
||||
- "{{networks.internet.ip4}}:465:465"
|
||||
- "{{networks.internet.ip4}}:587:587"
|
||||
|
||||
@ -20,7 +20,7 @@ SUBNET={{networks.local.mailu.subnet}}
|
||||
DOMAIN={{applications.mailu.domain}}
|
||||
|
||||
# Hostnames for this server, separated with comas
|
||||
HOSTNAMES={{domain}}
|
||||
HOSTNAMES={{domains[application_id]}}
|
||||
|
||||
# Postmaster local part (will append the main mail domain)
|
||||
POSTMASTER=admin
|
||||
@ -105,7 +105,7 @@ WEB_WEBMAIL=/webmail
|
||||
SITENAME=Mailservices
|
||||
|
||||
# Linked Website URL
|
||||
WEBSITE=https://{{domain}}
|
||||
WEBSITE=https://{{domains[application_id]}}
|
||||
|
||||
|
||||
|
||||
@ -162,7 +162,7 @@ OIDC_ENABLED={{ applications[application_id].oidc.enabled | string | capitalize
|
||||
# OpenID Connect provider configuration URL
|
||||
OIDC_PROVIDER_INFO_URL={{oidc.client.issuer_url}}
|
||||
# OpenID redirect URL if HOSTNAME not matching your login url
|
||||
OIDC_REDIRECT_URL=https://{{domain}}
|
||||
OIDC_REDIRECT_URL=https://{{domains[application_id]}}
|
||||
# OpenID Connect Client ID for Mailu
|
||||
OIDC_CLIENT_ID={{oidc.client.id}}
|
||||
# OpenID Connect Client secret for Mailu
|
||||
|
||||
@ -4,11 +4,9 @@ database_type: "mariadb"
|
||||
cert_mount_directory: "{{docker_compose.directories.volumes}}certs/"
|
||||
enable_wildcard_certificate: false
|
||||
|
||||
# I don't know why this configuration is necessary.
|
||||
# Propabldy due to a database migration problem, or dificulties to configure an external db in mailu
|
||||
# @todo research
|
||||
enable_central_database: "{{applications.mailu.enable_central_database}}"
|
||||
|
||||
# Use dedicated source for oidc if activated
|
||||
# @see https://github.com/heviat/Mailu-OIDC/tree/2024.06
|
||||
docker_source: "{{ 'ghcr.io/heviat' if applications[application_id].oidc.enabled | bool else 'ghcr.io/mailu' }}"
|
||||
|
||||
domain: "{{ domains[application_id] }}"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
@ -1,6 +1,6 @@
|
||||
- name: "include role receive certbot certificate"
|
||||
- name: "include role for {{application_id}} to recieve certs & do modification routines"
|
||||
include_role:
|
||||
name: nginx-https-recieve-certificate
|
||||
name: nginx-https-get-cert-modify-all
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
template:
|
||||
|
||||
@ -3,11 +3,13 @@
|
||||
include_role:
|
||||
name: docker-central-database
|
||||
|
||||
- name: "include create-domains.yml"
|
||||
- name: "include create-domains.yml for mastodon"
|
||||
include_tasks: create-domains.yml
|
||||
loop: "{{ [domain] + domains.mastodon_alternates }}"
|
||||
loop: "{{ [domains.mastodon] + domains.mastodon_alternates }}"
|
||||
loop_control:
|
||||
loop_var: domain
|
||||
vars:
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
|
||||
- name: "copy docker-compose.yml and env file"
|
||||
include_tasks: copy-docker-compose-and-env.yml
|
||||
|
||||
@ -11,7 +11,7 @@ services:
|
||||
healthcheck:
|
||||
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
|
||||
ports:
|
||||
- "127.0.0.1:{{http_port}}:3000"
|
||||
- "127.0.0.1:{{ports.localhost.http[application_id]}}:3000"
|
||||
{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
|
||||
volumes:
|
||||
- data:/mastodon/public/system
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
# @see https://github.com/mastodon/mastodon/blob/main/.env.production.sample
|
||||
|
||||
|
||||
LOCAL_DOMAIN={{domain}}
|
||||
LOCAL_DOMAIN={{domains[application_id]}}
|
||||
ALTERNATE_DOMAINS="{{ domains.mastodon_alternates | join(',') }}"
|
||||
SINGLE_USER_MODE={{applications.mastodon.single_user_mode}}
|
||||
|
||||
@ -66,7 +66,7 @@ OIDC_DISCOVERY=true
|
||||
OIDC_SCOPE="openid,profile,email"
|
||||
OIDC_UID_FIELD=preferred_username # @see https://stackoverflow.com/questions/72108087/how-to-set-the-username-of-mastodon-by-log-in-via-keycloak
|
||||
OIDC_CLIENT_ID={{oidc.client.id}}
|
||||
OIDC_REDIRECT_URI=https://{{domain}}/auth/auth/openid_connect/callback
|
||||
OIDC_REDIRECT_URI=https://{{domains[application_id]}}/auth/auth/openid_connect/callback
|
||||
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true
|
||||
OIDC_CLIENT_SECRET={{oidc.client.secret}}
|
||||
OMNIAUTH_ONLY=true # uncomment to only use OIDC for login / registration buttons
|
||||
|
||||
@ -4,7 +4,7 @@ map $http_upgrade $connection_upgrade {
|
||||
}
|
||||
|
||||
server {
|
||||
server_name {{domain}};
|
||||
server_name {{domains[application_id]}};
|
||||
|
||||
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
|
||||
|
||||
|
||||
@ -7,6 +7,9 @@
|
||||
- name: "include role nginx-domain-setup for {{application_id}}"
|
||||
include_role:
|
||||
name: nginx-domain-setup
|
||||
vars:
|
||||
domain: "{{ domains[application_id] }}"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
when: run_once_docker_matomo is not defined
|
||||
|
||||
- name: "copy docker-compose.yml and env file"
|
||||
|
||||
@ -32,7 +32,7 @@ matrix_playbook_ssl_enabled: true
|
||||
devture_traefik_config_entrypoint_web_secure_enabled: false
|
||||
|
||||
# If your reverse-proxy runs on another machine, consider using `0.0.0.0:81`, just `81` or `SOME_IP_ADDRESS_OF_THIS_MACHINE:81`
|
||||
devture_traefik_container_web_host_bind_port: "127.0.0.1:{{http_port}}"
|
||||
devture_traefik_container_web_host_bind_port: "127.0.0.1:{{ports.localhost.http[application_id]}}"
|
||||
|
||||
# We bind to `127.0.0.1` by default (see above), so trusting `X-Forwarded-*` headers from
|
||||
# a reverse-proxy running on the local machine is safe enough.
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
- name: "create {{database_name}} database"
|
||||
include_role:
|
||||
name: docker-postgres
|
||||
when: enable_central_database | bool
|
||||
when: applications[application_id].database.central_storage | bool
|
||||
|
||||
- name: "include seed-database-to-backup.yml"
|
||||
include_tasks: "{{ playbook_dir }}/roles/backup-docker-to-local/tasks/seed-database-to-backup.yml"
|
||||
@ -3,9 +3,9 @@
|
||||
include_role:
|
||||
name: docker-central-database
|
||||
|
||||
- name: "include role receive certbot certificate"
|
||||
- name: "include role for {{application_id}} to recieve certs & do modification routines"
|
||||
include_role:
|
||||
name: nginx-https-recieve-certificate
|
||||
name: nginx-https-get-cert-modify-all
|
||||
vars:
|
||||
domain: "{{domains.matrix_synapse}}"
|
||||
http_port: "{{ports.localhost.http.matrix_synapse}}"
|
||||
@ -26,7 +26,7 @@
|
||||
src: "templates/nginx.conf.j2"
|
||||
dest: "{{nginx.directories.http.servers}}{{domains.matrix_synapse}}.conf"
|
||||
vars:
|
||||
# domain: "{{domains.matrix_synapse}}" This does not seem to work @todo Check how to solve without declaring set_fact, seems a bug at templates
|
||||
domain: "{{domains.matrix_synapse}}" # Didn't work in the past. May it works now. This does not seem to work @todo Check how to solve without declaring set_fact, seems a bug at templates
|
||||
http_port: "{{ports.localhost.http.matrix_synapse}}"
|
||||
notify: restart nginx
|
||||
|
||||
|
||||
@ -1,9 +1,10 @@
|
||||
server {
|
||||
# Somehow .j2 doesn't interpretate the passed variable right. For this reasons this redeclaration is necessary
|
||||
{# Somehow .j2 doesn't interpretate the passed variable right. For this reasons this redeclaration is necessary #}
|
||||
{# Could be that this is related to the set_fact use #}
|
||||
{% set domain = domains.matrix_synapse %}
|
||||
{% set http_port = ports.localhost.http.matrix_synapse %}
|
||||
|
||||
server_name {{domain}};
|
||||
server_name {{domains.matrix_synapse}};
|
||||
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
|
||||
|
||||
# For the federation port
|
||||
|
||||
@ -6,6 +6,9 @@
|
||||
- name: "include role nginx-domain-setup for {{application_id}}"
|
||||
include_role:
|
||||
name: nginx-domain-setup
|
||||
vars:
|
||||
domain: "{{ domains[application_id] }}"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
|
||||
- name: add docker-compose.yml
|
||||
template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
|
||||
|
||||
@ -10,7 +10,7 @@ services:
|
||||
volumes:
|
||||
- "mediawiki-data:/var/www/html/"
|
||||
ports:
|
||||
- "127.0.0.1:{{http_port}}:80"
|
||||
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
|
||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||
{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
|
||||
|
||||
|
||||
@ -6,6 +6,9 @@
|
||||
- name: "include role nginx-domain-setup for {{application_id}}"
|
||||
include_role:
|
||||
name: nginx-domain-setup
|
||||
vars:
|
||||
domain: "{{ domains[application_id] }}"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
|
||||
- name: "copy docker-compose.yml and env file"
|
||||
include_tasks: copy-docker-compose-and-env.yml
|
||||
|
||||
@ -5,7 +5,7 @@ services:
|
||||
container_name: moodle
|
||||
image: docker.io/bitnami/moodle:{{applications.moodle.version}}
|
||||
ports:
|
||||
- 127.0.0.1:{{http_port}}:8080
|
||||
- 127.0.0.1:{{ports.localhost.http[application_id]}}:8080
|
||||
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||
volumes:
|
||||
- 'moodle:/bitnami/moodle'
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
include_role:
|
||||
name: docker-central-database
|
||||
|
||||
- name: "include tasks setup-domain.yml with {{domain}}"
|
||||
- name: "include tasks setup-domain.yml with {{domains[application_id]}}"
|
||||
include_tasks: setup-domain.yml
|
||||
loop: "{{ mybb_domains + [source_domain] }}"
|
||||
loop_control:
|
||||
|
||||
@ -1,13 +1,15 @@
|
||||
# Recieves https certificate and setup proxy with domain replace
|
||||
{# Recieves https certificate and setup proxy with domain replace #}
|
||||
|
||||
- name: "include role receive certbot certificate"
|
||||
include_role:
|
||||
name: nginx-https-recieve-certificate
|
||||
name: nginx-https-get-cert
|
||||
vars:
|
||||
domain: "{{domains[application_id]}}"
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
- name: configure {{domains[application_id]}}.conf
|
||||
template:
|
||||
src: "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2"
|
||||
dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
|
||||
dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
|
||||
notify: restart nginx
|
||||
vars:
|
||||
nginx_docker_reverse_proxy_extra_configuration: "sub_filter '{{source_domain}}' '{{domain}}';"
|
||||
nginx_docker_reverse_proxy_extra_configuration: "sub_filter '{{source_domain}}' '{{domains[application_id]}}';"
|
||||
|
||||
@ -22,7 +22,7 @@ services:
|
||||
image: nginx:mainline
|
||||
restart: {{docker_restart_policy}}
|
||||
ports:
|
||||
- "127.0.0.1:{{http_port}}:80"
|
||||
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
|
||||
volumes:
|
||||
- "{{docker_compose_instance_confd_directory}}:{{target_mount_conf_d_directory}}:ro"
|
||||
- "data:/var/www/html:ro"
|
||||
|
||||
@ -84,11 +84,6 @@ docker-compose exec -it database mysql -u nextcloud -D nextcloud -p
|
||||
docker-compose run --detach --name database --env MYSQL_USER="nextcloud" --env MYSQL_PASSWORD=PASSWORD --env MYSQL_ROOT_PASSWORD=PASSWORD --env MYSQL_DATABASE="nextcloud" -v nextcloud_database:/var/lib/mysql
|
||||
```
|
||||
|
||||
Check the process with:
|
||||
```sql
|
||||
show processlist;
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## OCC (Nextcloud Command Line) 🔧
|
||||
@ -125,6 +120,12 @@ docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mo
|
||||
|
||||
OIDC is supported in this role—for example, via **Keycloak**. OIDC-specific tasks are included when enabled, allowing integration of external authentication providers seamlessly.
|
||||
|
||||
### Verify OIDC Configuration
|
||||
|
||||
```bash
|
||||
docker compose exec -u www-data application /var/www/html/occ config:app:get sociallogin custom_providers
|
||||
```
|
||||
|
||||
## LDAP
|
||||
|
||||
More information: https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html
|
||||
|
||||
33
roles/docker-nextcloud/tasks/config.yml
Normal file
33
roles/docker-nextcloud/tasks/config.yml
Normal file
@ -0,0 +1,33 @@
|
||||
- name: "Substitute http with https in {{ nextcloud_config_file_path }}"
|
||||
replace:
|
||||
path: "{{ nextcloud_config_file_path }}"
|
||||
regexp: "http://{{ domain | regex_escape }}"
|
||||
replace: "https://{{ domain }}"
|
||||
notify:
|
||||
- docker compose restart
|
||||
|
||||
#- name: Ensure 'overwriteprotocol' is set to 'https' in Nextcloud {{ nextcloud_config_file_path }}
|
||||
# block:
|
||||
# Deactivated because it was really heavy to fix.
|
||||
# @todo implement
|
||||
# - name: Check if 'overwriteprotocol' is already set
|
||||
# lineinfile:
|
||||
# path: "{{ nextcloud_config_file_path }}"
|
||||
# regexp: "^\s*overwriteprotocol\s*=>\s*http"
|
||||
# line: "overwriteprotocol => 'https',"
|
||||
# backrefs: yes
|
||||
# state: present
|
||||
# notify:
|
||||
# - docker compose restart
|
||||
#
|
||||
# - name: Add 'overwriteprotocol' => 'https' if not present
|
||||
# lineinfile:
|
||||
# path: "{{ nextcloud_config_file_path }}"
|
||||
# regexp: "^\s*\);$"
|
||||
# line: "overwriteprotocol => 'https',"
|
||||
# insertafter: "^\s*\);$"
|
||||
# state: present
|
||||
# notify:
|
||||
# - docker compose restart
|
||||
# notify:
|
||||
# - docker compose restart
|
||||
@ -3,14 +3,14 @@
|
||||
include_role:
|
||||
name: docker-central-database
|
||||
|
||||
- name: "include role receive certbot certificate"
|
||||
- name: "include role for {{application_id}} to recieve certs & do modification routines"
|
||||
include_role:
|
||||
name: nginx-https-recieve-certificate
|
||||
name: nginx-https-get-cert-modify-all
|
||||
|
||||
- name: create nextcloud nginx proxy configuration file
|
||||
template:
|
||||
src: "proxy-nginx.conf.j2"
|
||||
dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
|
||||
dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
|
||||
notify: restart nginx
|
||||
|
||||
- name: create internal nextcloud nginx configuration
|
||||
@ -29,3 +29,6 @@
|
||||
- name: Include LDAP specific tasks
|
||||
include_tasks: ldap.yml
|
||||
when: applications[application_id].ldap_enabled | bool
|
||||
|
||||
- name: Include Config specific tasks
|
||||
include_tasks: config.yml
|
||||
@ -14,6 +14,13 @@
|
||||
# This configuration allows users to connect multiple accounts to their Nextcloud profile
|
||||
# using the sociallogin app.
|
||||
|
||||
- name: install sociallogin plugin
|
||||
command: "docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ app:install sociallogin"
|
||||
ignore_errors: true
|
||||
|
||||
- name: enable sociallogin plugin
|
||||
command: "docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ app:enable sociallogin"
|
||||
|
||||
- name: Set custom_providers
|
||||
command: >
|
||||
docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ
|
||||
|
||||
@ -26,7 +26,7 @@ services:
|
||||
driver: journald
|
||||
restart: {{docker_restart_policy}}
|
||||
ports:
|
||||
- "127.0.0.1:{{http_port}}:80"
|
||||
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
|
||||
volumes:
|
||||
- "{{docker_compose.directories.volumes}}nginx.conf:/etc/nginx/nginx.conf:ro"
|
||||
volumes_from:
|
||||
|
||||
@ -18,5 +18,11 @@ SMTP_NAME= {{system_email.username}}
|
||||
SMTP_PASSWORD= {{system_email.password}}
|
||||
|
||||
# Email from configuration
|
||||
MAIL_FROM_ADDRESS=no-reply
|
||||
MAIL_DOMAIN= {{system_email.domain}}
|
||||
MAIL_FROM_ADDRESS= "{{system_email.local}}"
|
||||
MAIL_DOMAIN= "{{system_email.domain}}"
|
||||
|
||||
# Initial Admin Data
|
||||
NEXTCLOUD_ADMIN_USER= "{{applications[application_id].credentials.administrator_username}}"
|
||||
NEXTCLOUD_ADMIN_PASSWORD= "{{applications[application_id].credentials.administrator_initial_password}}"
|
||||
|
||||
NEXTCLOUD_TRUSTED_DOMAINS= "{{domains[application_id]}}"
|
||||
@ -1,6 +1,9 @@
|
||||
---
|
||||
application_id: "nextcloud"
|
||||
database_password: "{{applications.nextcloud.database_password}}"
|
||||
database_password: "{{applications.nextcloud.credentials.database_password}}"
|
||||
database_type: "mariadb"
|
||||
nextcloud_application_container_name: "nextcloud-application"
|
||||
nextcloud_nginx_container_name: "nextcloud-web"
|
||||
nextcloud_config_file_path: "/var/lib/docker/volumes/nextcloud_data/_data/config/config.php"
|
||||
domain: "{{domains[application_id]}}"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
@ -6,6 +6,9 @@
|
||||
- name: "include role nginx-domain-setup for {{application_id}}"
|
||||
include_role:
|
||||
name: nginx-domain-setup
|
||||
vars:
|
||||
domain: "{{ domains[application_id] }}"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
|
||||
- name: "Create {{openproject_plugins_service}}"
|
||||
file:
|
||||
|
||||
@ -23,7 +23,7 @@ services:
|
||||
container_name: openproject-proxy
|
||||
command: "./docker/prod/proxy"
|
||||
ports:
|
||||
- "127.0.0.1:{{http_port}}:80"
|
||||
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
|
||||
environment:
|
||||
APP_HOST: web
|
||||
depends_on:
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
# https://www.openproject.org/docs/installation-and-operations/configuration/environment/
|
||||
#
|
||||
OPENPROJECT_HTTPS=true
|
||||
OPENPROJECT_HOST__NAME={{domain}}
|
||||
OPENPROJECT_HOST__NAME={{domains[application_id]}}
|
||||
OPENPROJECT_RAILS__RELATIVE__URL__ROOT=
|
||||
IMAP_ENABLED=false
|
||||
POSTGRES_PASSWORD="{{ database_password }}"
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
- name: "include role receive certbot certificate"
|
||||
- name: "include role for {{application_id}} to recieve certs & do modification routines"
|
||||
include_role:
|
||||
name: nginx-https-recieve-certificate
|
||||
name: nginx-https-get-cert-modify-all
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
template:
|
||||
|
||||
@ -3,11 +3,13 @@
|
||||
include_role:
|
||||
name: docker-central-database
|
||||
|
||||
- name: "include create-domains.yml"
|
||||
- name: "include create-domains.yml for peertube"
|
||||
include_tasks: create-domains.yml
|
||||
loop: "{{ [domain] + domains.peertube_alternates }}"
|
||||
loop: "{{ [domains.peertube] + domains.peertube_alternates }}"
|
||||
loop_control:
|
||||
loop_var: domain
|
||||
vars:
|
||||
http: "{{ ports.localhost.http[application_id] }}"
|
||||
|
||||
- name: "copy docker-compose.yml and env file"
|
||||
include_tasks: copy-docker-compose-and-env.yml
|
||||
|
||||
@ -9,7 +9,7 @@ services:
|
||||
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||
ports:
|
||||
- "1935:1935" # @todo Add to ports
|
||||
- "127.0.0.1:{{http_port}}:9000"
|
||||
- "127.0.0.1:{{ports.localhost.http[application_id]}}:9000"
|
||||
volumes:
|
||||
- assets:/app/client/dist
|
||||
- data:/data
|
||||
|
||||
@ -8,7 +8,7 @@ PEERTUBE_DB_SSL=false
|
||||
PEERTUBE_DB_HOSTNAME={{database_host}}
|
||||
|
||||
# PeerTube server configuration
|
||||
PEERTUBE_WEBSERVER_HOSTNAME={{domain}}
|
||||
PEERTUBE_WEBSERVER_HOSTNAME={{domains[application_id]}}
|
||||
PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback"]
|
||||
|
||||
PEERTUBE_SECRET={{peertube_secret}}
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
server {
|
||||
server_name {{domain}};
|
||||
server_name {{domains[application_id]}};
|
||||
|
||||
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
|
||||
|
||||
@ -21,7 +21,7 @@ server {
|
||||
send_timeout 10m;
|
||||
|
||||
#adapt
|
||||
proxy_pass http://127.0.0.1:{{http_port}};
|
||||
proxy_pass http://127.0.0.1:{{ports.localhost.http[application_id]}};
|
||||
}
|
||||
|
||||
location / {
|
||||
@ -62,7 +62,7 @@ server {
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
|
||||
proxy_pass http://127.0.0.1:{{http_port}};
|
||||
proxy_pass http://127.0.0.1:{{ports.localhost.http[application_id]}};
|
||||
}
|
||||
|
||||
location /socket.io {
|
||||
|
||||
@ -6,6 +6,9 @@
|
||||
- name: "include role nginx-domain-setup for {{application_id}}"
|
||||
include_role:
|
||||
name: nginx-domain-setup
|
||||
vars:
|
||||
domain: "{{ domains[application_id] }}"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
|
||||
- name: "copy docker-compose.yml and env file"
|
||||
include_tasks: copy-docker-compose-and-env.yml
|
||||
|
||||
@ -7,7 +7,7 @@ services:
|
||||
container_name: phpmyadmin
|
||||
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||
ports:
|
||||
- "127.0.0.1:{{http_port}}:80"
|
||||
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
|
||||
{% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
|
||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||
healthcheck:
|
||||
|
||||
@ -1,3 +1,3 @@
|
||||
application_id: "phpmyadmin"
|
||||
database_type: "mariadb"
|
||||
database_host: "{{ 'central-' + database_type if enable_central_database}}"
|
||||
database_host: "{{ 'central-' + database_type if applications[application_id].database.central_storage}}"
|
||||
@ -6,6 +6,9 @@
|
||||
- name: "include role nginx-domain-setup for {{application_id}}"
|
||||
include_role:
|
||||
name: nginx-domain-setup
|
||||
vars:
|
||||
domain: "{{ domains[application_id] }}"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
|
||||
- name: "copy docker-compose.yml and env file"
|
||||
include_tasks: copy-docker-compose-and-env.yml
|
||||
@ -11,7 +11,7 @@ services:
|
||||
- "data:/var/www/storage"
|
||||
- "./env:/var/www/.env"
|
||||
ports:
|
||||
- "{{http_port}}:80"
|
||||
- "{{ports.localhost.http[application_id]}}:80"
|
||||
{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
|
||||
{% include 'templates/docker/container/networks.yml.j2' %}
|
||||
worker:
|
||||
|
||||
@ -5,10 +5,10 @@ APP_KEY={{pixelfed_app_key}}
|
||||
APP_NAME="{{applications.pixelfed.titel}}"
|
||||
APP_ENV=production
|
||||
APP_DEBUG={{enable_debug | string | lower }}
|
||||
APP_URL=https://{{domain}}
|
||||
APP_DOMAIN="{{domain}}"
|
||||
ADMIN_DOMAIN="{{domain}}"
|
||||
SESSION_DOMAIN="{{domain}}"
|
||||
APP_URL=https://{{domains[application_id]}}
|
||||
APP_DOMAIN="{{domains[application_id]}}"
|
||||
ADMIN_DOMAIN="{{domains[application_id]}}"
|
||||
SESSION_DOMAIN="{{domains[application_id]}}"
|
||||
|
||||
OPEN_REGISTRATION=false
|
||||
ENFORCE_EMAIL_VERIFICATION=false
|
||||
|
||||
@ -6,6 +6,9 @@
|
||||
- name: "include role nginx-domain-setup for {{application_id}}"
|
||||
include_role:
|
||||
name: nginx-domain-setup
|
||||
vars:
|
||||
domain: "{{ domains[application_id] }}"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
|
||||
- name: "include role docker-repository-setup for {{application_id}}"
|
||||
include_role:
|
||||
|
||||
@ -6,7 +6,7 @@ services:
|
||||
image: application-portfolio
|
||||
container_name: portfolio
|
||||
ports:
|
||||
- 127.0.0.1:{{http_port}}:5000
|
||||
- 127.0.0.1:{{ports.localhost.http[application_id]}}:5000
|
||||
volumes:
|
||||
- {{docker_repository_path}}app:/app
|
||||
restart: unless-stopped
|
||||
|
||||
@ -4,5 +4,5 @@ services:
|
||||
build:
|
||||
context: .
|
||||
ports:
|
||||
- 127.0.0.1:{{http_port}}:8080
|
||||
- 127.0.0.1:{{ports.localhost.http[application_id]}}:8080
|
||||
restart: {{docker_restart_policy}}
|
||||
@ -6,6 +6,9 @@
|
||||
- name: "include role nginx-domain-setup for {{application_id}}"
|
||||
include_role:
|
||||
name: nginx-domain-setup
|
||||
vars:
|
||||
domain: "{{ domains[application_id] }}"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
|
||||
- name: "copy docker-compose.yml and env file"
|
||||
include_tasks: copy-docker-compose-and-env.yml
|
||||
|
||||
@ -5,7 +5,7 @@ APP_ENV=production
|
||||
APP_DEBUG={{enable_debug | string | lower }}
|
||||
# Please regenerate the APP_KEY value by calling `docker compose run --rm app php artisan key:generate --show`. Copy paste the value here
|
||||
APP_KEY={{applications.snipe_it.app_key}}
|
||||
APP_URL=https://{{domain}}
|
||||
APP_URL=https://{{domains[application_id]}}
|
||||
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones - TZ identifier
|
||||
APP_TIMEZONE='{{timezone}}'
|
||||
APP_LOCALE={{locale}}
|
||||
@ -27,7 +27,7 @@ DB_DATABASE={{database_name}}
|
||||
DB_USERNAME={{database_username}}
|
||||
DB_PASSWORD={{database_password}}
|
||||
|
||||
{% if not enable_central_database | bool %}
|
||||
{% if not applications[application_id].database.central_storage | bool %}
|
||||
MYSQL_ROOT_PASSWORD={{database_password}}
|
||||
DB_PREFIX=null
|
||||
DB_DUMP_PATH='/usr/bin'
|
||||
|
||||
@ -1,4 +1,3 @@
|
||||
application_id: "snipe_it"
|
||||
database_password: "{{applications.snipe_it.database_password}}"
|
||||
database_type: "mariadb"
|
||||
# enable_central_database: false For debugging reasons here
|
||||
@ -6,6 +6,9 @@
|
||||
- name: "include role nginx-domain-setup for {{application_id}}"
|
||||
include_role:
|
||||
name: nginx-domain-setup
|
||||
vars:
|
||||
domain: "{{ domains[application_id] }}"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
|
||||
- name: "include role docker-repository-setup for {{application_id}}"
|
||||
include_role:
|
||||
|
||||
@ -79,7 +79,7 @@ services:
|
||||
taiga-gateway:
|
||||
image: nginx:alpine
|
||||
ports:
|
||||
- "127.0.0.1:{{http_port}}:80"
|
||||
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
|
||||
volumes:
|
||||
- {{docker_repository_path}}taiga-gateway/taiga.conf:/etc/nginx/conf.d/default.conf
|
||||
- static-data:/taiga/static
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# Taiga's URLs - Variables to define where Taiga should be served
|
||||
TAIGA_SITES_SCHEME = https # serve Taiga using "http" or "https" (secured) connection
|
||||
TAIGA_SITES_DOMAIN = "{{domain}}" # Taiga's base URL
|
||||
TAIGA_SITES_DOMAIN = "{{domains[application_id]}}" # Taiga's base URL
|
||||
|
||||
TAIGA_SUBPATH = "" # it'll be appended to the TAIGA_DOMAIN (use either "" or a "/subpath")
|
||||
WEBSOCKETS_SCHEME = wss # events connection protocol (use either "ws" or "wss")
|
||||
|
||||
@ -11,6 +11,7 @@
|
||||
loop_var: domain
|
||||
vars:
|
||||
nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size {{wordpress_max_upload_size}};"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
|
||||
- name: "Transfering upload.ini to {{docker_compose.directories.instance}}"
|
||||
template:
|
||||
|
||||
@ -9,7 +9,7 @@ services:
|
||||
build:
|
||||
context: .
|
||||
ports:
|
||||
- "127.0.0.1:{{http_port}}:80"
|
||||
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
|
||||
volumes:
|
||||
- data:/var/www/html
|
||||
healthcheck:
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user