Solved Snipe IT bug

Continued snipe-it implementation
2025-10-31 10:19:09 +00:00 · 2025-02-05 12:53:06 +01:00 · 2025-02-05 11:44:11 +01:00
26 changed files with 66 additions and 52 deletions
--- a/group_vars/all/00_general.yml
+++ b/group_vars/all/00_general.yml
@@ -3,7 +3,7 @@ pause_duration:         "120"         # Database delay to wait for the central d

 backups_folder_path:    "/Backups/"   # Path to the backups folder
 timezone:               "UTC"
-locale:                 "locale"
+locale:                 "en"

 ## Domain
 primary_domain_tld:     "localhost"                                     # Top Level Domain of the server
@@ -43,4 +43,7 @@ nginx_matomo_tracking:                false   # Activates matomo tracking on all
 # To enable, update your inventory file.
 # For detailed setup instructions, visit: 
 # https://github.com/kevinveenbirkenbach/cymais/tree/master/roles/nginx-docker-cert-deploy
-enable_wildcard_certificate:          false    
+enable_wildcard_certificate:          false  
+
+# This enables debugging in ansible and in the apps
+enable_debug:   false
--- a/group_vars/all/01_modes.yml
+++ b/group_vars/all/01_modes.yml
@@ -2,7 +2,6 @@

 # The following modes can be combined with each other
 mode_reset:   false # Cleans up all CyMaIS files. It's necessary to run to whole playbook and not particial roles when using this function.
-mode_debug:   false # Prints well formated debug information
 mode_test:    false # Executes test routines instead of productive routines
 mode_update:  true  # Executes updates
 mode_backup:  true  # Activates the backup before the update procedure
--- a/group_vars/all/02_system_email.yml
+++ b/group_vars/all/02_system_email.yml
@@ -4,7 +4,7 @@ default_system_email:
  domain:    "{{primary_domain}}"
  username:  "no-reply@{{primary_domain}}"
  host:      "mail.{{primary_domain}}"
-  smtp_port: 465
+  port:      465
  tls:       true
  start_tls: false
  from:      "no-reply@{{primary_domain}}"
--- a/roles/docker-baserow/templates/env.j2
+++ b/roles/docker-baserow/templates/env.j2
@@ -4,7 +4,7 @@ BASEROW_PUBLIC_URL=https://{{ domain }}
 # Email Server Configuration
 EMAIL_SMTP={{ system_email.smtp | upper }}
 EMAIL_SMTP_HOST={{ system_email.host }}
-EMAIL_SMTP_PORT={{ system_email.smtp_port }}
+EMAIL_SMTP_PORT={{ system_email.port }}
 EMAIL_SMTP_USER={{system_email.username}}
 EMAIL_SMTP_PASSWORD={{ system_email.password }}
 EMAIL_SMTP_USE_TLS={{ system_email.tls | upper }}
--- a/roles/docker-bigbluebutton/templates/env.j2
+++ b/roles/docker-bigbluebutton/templates/env.j2
@@ -204,7 +204,7 @@ ALLOW_GREENLIGHT_ACCOUNTS=true

 SMTP_SERVER={{system_email.host}}
 SMTP_DOMAIN={{domain}}
-SMTP_PORT={{system_email.smtp_port}}
+SMTP_PORT={{system_email.port}}
 SMTP_USERNAME={{system_email.username}}
 SMTP_PASSWORD={{system_email.password}}
 SMTP_AUTH=plain
--- a/roles/docker-bluesky/templates/docker-compose.yml.j2
+++ b/roles/docker-bluesky/templates/docker-compose.yml.j2
@@ -16,7 +16,7 @@ services:
      PDS_ADMIN_PASSWORD: "{{bluesky_pds_admin_password}}"
      PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: "{{bluesky_pds_plc_rotation_key_k256_private_key_hex}}"
      PDS_CRAWLERS: https://bsky.network
-      PDS_EMAIL_SMTP_URL: smtps://{{system_email.username}}:{{system_email.password}}@{{system_email.host}}:{{system_email.smtp_port}}/
+      PDS_EMAIL_SMTP_URL: smtps://{{system_email.username}}:{{system_email.password}}@{{system_email.host}}:{{system_email.port}}/
      PDS_EMAIL_FROM_ADDRESS: {{system_email.from}}
      LOG_ENABLED: true
      PDS_BLOBSTORE_DISK_LOCATION: /opt/pds/blocks
--- a/roles/docker-central-database/tasks/main.yml
+++ b/roles/docker-central-database/tasks/main.yml
@@ -7,11 +7,14 @@
 - name: "load variables from {{ role_path }}/vars/database.yml for whole play"
  include_vars: "{{ role_path }}/vars/database.yml"

+# The following env file will just be used from the dedicated mariadb container
+# and not the central-mariadb-database
 - name: "create {{database_env}}"
  template: 
    src: "env/{{database_type}}.env.j2"
    dest: "{{database_env}}"
  notify: docker compose project build and setup
+  when: not enable_central_database | bool

 - name: create central database
  include_role:
--- a/roles/docker-discourse/templates/discourse_application.yml.j2
+++ b/roles/docker-discourse/templates/discourse_application.yml.j2
@@ -53,7 +53,7 @@ env:
  # SMTP ADDRESS, username, and password are required
  # WARNING the char '#' in SMTP password can cause problems!
  DISCOURSE_SMTP_ADDRESS:           {{ system_email.host }}
-  DISCOURSE_SMTP_PORT:              {{ system_email.smtp_port }}
+  DISCOURSE_SMTP_PORT:              {{ system_email.port }}
  DISCOURSE_SMTP_USER_NAME:         {{system_email.username}}
  DISCOURSE_SMTP_PASSWORD:          {{ system_email.password }}
  DISCOURSE_SMTP_ENABLE_START_TLS:  {{ system_email.start_tls | upper }}
--- a/roles/docker-friendica/templates/env.j2
+++ b/roles/docker-friendica/templates/env.j2
@@ -17,7 +17,7 @@ MYSQL_PASSWORD= {{database_password}}
 # Email Configuration
 SMTP=           {{system_email.host}}
 SMTP_DOMAIN=    {{system_email.domain}}
-SMTP_PORT=      {{system_email.smtp_port}}
+SMTP_PORT=      {{system_email.port}}
 SMTP_AUTH_USER= {{system_email.username}}
 SMTP_AUTH_PASS= {{system_email.password}}
 SMTP_TLS=       {{ 'on' if system_email.tls else 'off' }}
--- a/roles/docker-funkwhale/templates/env.j2
+++ b/roles/docker-funkwhale/templates/env.j2
@@ -59,7 +59,7 @@ LOGLEVEL=error
 # (returns `noreply%40youremail.host`)
 # EMAIL_CONFIG=smtp://user:password@youremail.host:25
 # EMAIL_CONFIG=smtp+ssl://user:password@youremail.host:465
-EMAIL_CONFIG=smtp+tls://{{system_email.local}}:{{system_email.password}}@{{system_email.host}}:{{system_email.smtp_port}}
+EMAIL_CONFIG=smtp+tls://{{system_email.local}}:{{system_email.password}}@{{system_email.host}}:{{system_email.port}}

 # Make e-mail verification mandatory before using the service
 # Doesn't apply to admins.
--- a/roles/docker-mastodon/templates/env.j2
+++ b/roles/docker-mastodon/templates/env.j2
@@ -17,7 +17,7 @@ REDIS_PORT=6379
 REDIS_PASSWORD=

 SMTP_SERVER={{system_email.host}}
-SMTP_PORT={{system_email.smtp_port}}
+SMTP_PORT={{system_email.port}}
 SMTP_LOGIN={{system_email.username}}
 SMTP_PASSWORD={{system_email.password}}
 SMTP_AUTH_METHOD=plain
--- a/roles/docker-matrix-ansible/tasks/main.yml
+++ b/roles/docker-matrix-ansible/tasks/main.yml
@@ -70,7 +70,7 @@
 - name: show variable information
  debug:
    msg: "hosts_path: {{hosts_path}}\nmatrix_inventory_tmp_dir:{{ matrix_inventory_tmp_dir }}"
-  when: mode_debug | bool
+  when: enable_debug | bool

 - name: install requirements
  local_action: command just roles
--- a/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2
+++ b/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2
@@ -32,7 +32,7 @@ admin_contact: 'mailto:{{administrator_email}}'

 email:
  smtp_host:                    "{{system_email.host}}"
-  smtp_port:                    "{{system_email.smtp_port}}"
+  smtp_port:                    "{{system_email.port}}"
  smtp_user:                    "{{system_email.from}}"
  smtp_pass:                    "{{system_email.password}}"
  #force_tls:                    true
--- a/roles/docker-moodle/templates/env.j2
+++ b/roles/docker-moodle/templates/env.j2
@@ -10,4 +10,4 @@ MOODLE_REVERSE_PROXY=yes
 MOODLE_USERNAME={{applications.moodle.administrator_name}}
 MOODLE_PASSWORD={{moodle_user_password}}
 MOODLE_EMAIL={{applications.moodle.administrator_email}}
-BITNAMI_DEBUG={% if mode_debug | bool %}true{% else %}false{% endif %}
+BITNAMI_DEBUG={% if enable_debug | bool %}true{% else %}false{% endif %}
--- a/roles/docker-nextcloud/templates/env.j2
+++ b/roles/docker-nextcloud/templates/env.j2
@@ -12,7 +12,7 @@ PHP_MEMORY_LIMIT= 1G # Required for plugin duplicate finder
 # Email Configuration
 SMTP_HOST=      {{system_email.host}}
 SMTP_SECURE=    {{ 'ssl' if system_email.tls else '' }}
-SMTP_PORT=      {{system_email.smtp_port}}
+SMTP_PORT=      {{system_email.port}}
 SMTP_NAME=      {{system_email.username}}
 SMTP_PASSWORD=  {{system_email.password}}

--- a/roles/docker-peertube/templates/env.j2
+++ b/roles/docker-peertube/templates/env.j2
@@ -17,7 +17,7 @@ PEERTUBE_SECRET={{peertube_secret}}
 PEERTUBE_SMTP_USERNAME={{system_email.username}}
 PEERTUBE_SMTP_PASSWORD={{system_email.password}}
 PEERTUBE_SMTP_HOSTNAME={{system_email.host}}
-PEERTUBE_SMTP_PORT={{system_email.smtp_port}}
+PEERTUBE_SMTP_PORT={{system_email.port}}
 PEERTUBE_SMTP_FROM={{system_email.from}}
 PEERTUBE_SMTP_TLS={{ system_email.tls | lower }}
 PEERTUBE_SMTP_DISABLE_STARTTLS={{ 'false' if system_email.start_tls else 'true' }}
--- a/roles/docker-pixelfed/templates/env.j2
+++ b/roles/docker-pixelfed/templates/env.j2
@@ -4,7 +4,7 @@ APP_KEY={{pixelfed_app_key}}
 ## General Settings
 APP_NAME="{{applications.pixelfed.titel}}"
 APP_ENV=production
-APP_DEBUG=false
+APP_DEBUG={{enable_debug | string | lower }}
 APP_URL=https://{{domain}}
 APP_DOMAIN="{{domain}}"
 ADMIN_DOMAIN="{{domain}}"
@@ -47,7 +47,7 @@ RESTRICTED_INSTANCE=false
 ## Mail
 MAIL_DRIVER=log
 MAIL_HOST={{system_email.host}}
-MAIL_PORT={{system_email.smtp_port}}
+MAIL_PORT={{system_email.port}}
 MAIL_FROM_ADDRESS="{{system_email.from}}"
 MAIL_FROM_NAME="Pixelfed"
 MAIL_USERNAME={{system_email.username}}
@@ -60,7 +60,7 @@ MAIL_ENCRYPTION={{ 'ssl' if system_email.start_tls else 'tls' }}
 DB_CONNECTION=mysql
 DB_DATABASE={{database_name}}
 DB_HOST={{database_host}}
-DB_PASSWORD="{{pixelfed_database_password}}"
+DB_PASSWORD="{{database_password}}"
 DB_PORT="{{database_port}}"
 DB_USERNAME={{database_username}}

--- a/roles/docker-snipe_it/README.md
+++ b/roles/docker-snipe_it/README.md
@@ -2,4 +2,5 @@
 ## more
 - https://github.com/snipe/snipe-it
 - https://snipeitapp.com/
- https://snipe-it.readme.io/docs/ldap-sync-login
+- https://snipe-it.readme.io/docs/ldap-sync-login
+- https://snipe-it.readme.io/docs/saml
--- a/roles/docker-snipe_it/tasks/main.yml
+++ b/roles/docker-snipe_it/tasks/main.yml
@@ -6,10 +6,16 @@
 - name: "include tasks nginx-docker-proxy-domain.yml"
  include_tasks: nginx-docker-proxy-domain.yml

- name: create .env
-  template: src=env.j2 dest={{docker_compose.directories.instance}}/.env
+- name: "create {{docker_compose.files.docker_compose}}"
+  template:
+    src:	"docker-compose.yml.j2"
+    dest:	"{{docker_compose.files.docker_compose}}"
  notify: docker compose project setup

- name: add docker-compose.yml
-  template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
+- name: "create {{docker_compose.files.env}}"
+  template: 
+    src:  "env.j2" 
+    dest: "{{docker_compose.files.env}}"
+    mode: '770'
+    force: yes
  notify: docker compose project setup
--- a/roles/docker-snipe_it/templates/env.j2
+++ b/roles/docker-snipe_it/templates/env.j2
@@ -2,10 +2,10 @@
 # REQUIRED: BASIC APP SETTINGS
 # --------------------------------------------
 APP_ENV=production
-APP_DEBUG=false
+APP_DEBUG={{enable_debug | string | lower }}
 # Please regenerate the APP_KEY value by calling `docker compose run --rm app php artisan key:generate --show`. Copy paste the value here
-APP_KEY=base64:3ilviXqB9u6DX1NRcyWGJ+sjySF+H18CPDGb3+IVwMQ=
-APP_URL=https://{{domain}}
+APP_KEY={{applications.snipe_it.app_key}}
+APP_URL=http://{{domain}}
 # https://en.wikipedia.org/wiki/List_of_tz_database_time_zones - TZ identifier
 APP_TIMEZONE='{{timezone}}'
 APP_LOCALE={{locale}}
@@ -25,13 +25,15 @@ DB_HOST={{database_host}}
 DB_PORT={{database_port}}
 DB_DATABASE={{database_name}}
 DB_USERNAME={{database_username}}
-DB_PASSWORD={{pixelfed_database_password}}
-#MYSQL_ROOT_PASSWORD=
-#DB_PREFIX=null
-#DB_DUMP_PATH='/usr/bin'
-#DB_CHARSET=utf8mb4
-#DB_COLLATION=utf8mb4_unicode_ci
+DB_PASSWORD={{database_password}}

+{% if not enable_central_database | bool %}
+MYSQL_ROOT_PASSWORD={{database_password}}
+DB_PREFIX=null
+DB_DUMP_PATH='/usr/bin'
+DB_CHARSET=utf8mb4
+DB_COLLATION=utf8mb4_unicode_ci
+{% endif %}
 # --------------------------------------------
 # OPTIONAL: SSL DATABASE SETTINGS
 # --------------------------------------------
@@ -47,14 +49,14 @@ DB_SSL_VERIFY_SERVER=null
 # REQUIRED: OUTGOING MAIL SERVER SETTINGS
 # --------------------------------------------
 MAIL_MAILER             =   smtp
-MAIL_HOST               =   {{system_email.host}}                                       # SMTP server address
-MAIL_PORT               =   {{system_email.host}}                                       # SMTP server address
-MAIL_USERNAME           =   {{system_email.username}}                                   # user to connect the SMTP server
-MAIL_PASSWORD           =   {{system_email.password}}                                   # SMTP user's password
-MAIL_TLS_VERIFY_PEER    =   EMAIL_USE_TLS={{ system_email.tls | lower | capitalize }}   # use TLS (secure) connection with the SMTP server
-MAIL_FROM_ADDR          =   {{system_email.from}}                                       # default email address for the automated emails
+MAIL_HOST               =   {{system_email.host}}                       # SMTP server address
+MAIL_PORT               =   {{system_email.port}}                       # SMTP server address
+MAIL_USERNAME           =   {{system_email.username}}                   # user to connect the SMTP server
+MAIL_PASSWORD           =   {{system_email.password}}                   # SMTP user's password
+MAIL_TLS_VERIFY_PEER    =   {{ system_email.tls | lower | capitalize }} # use TLS (secure) connection with the SMTP server
+MAIL_FROM_ADDR          =   {{system_email.from}}                       # default email address for the automated emails
 MAIL_FROM_NAME          =   'Snipe-IT'
-MAIL_REPLYTO_ADDR       =   {{system_email.from}}                                       # default email address for the automated emails
+MAIL_REPLYTO_ADDR       =   {{system_email.from}}                       # default email address for the automated emails
 MAIL_REPLYTO_NAME       =   'Snipe-IT'
 MAIL_AUTO_EMBED_METHOD  =   'attachment'

@@ -94,7 +96,7 @@ API_TOKEN_EXPIRATION_YEARS=40
 APP_TRUSTED_PROXIES=172.17.0.1  # Docker Gateway
 ALLOW_IFRAMING=false
 REFERRER_POLICY=same-origin
-ENABLE_CSP=true
+ENABLE_CSP=false
 CORS_ALLOWED_ORIGINS=null
 ENABLE_HSTS=false               # Certificates managed by nginx

@@ -160,7 +162,7 @@ LOG_CHANNEL=stderr
 LOG_MAX_DAYS=10
 APP_LOCKED=false
 APP_CIPHER=AES-256-CBC
-APP_FORCE_TLS=false
+APP_FORCE_TLS=true
 GOOGLE_MAPS_API=
 LDAP_MEM_LIM=500M
 LDAP_TIME_LIM=600
--- a/roles/docker-snipe_it/vars/main.yml
+++ b/roles/docker-snipe_it/vars/main.yml
@@ -1,3 +1,3 @@
-application_id:     "snipe_it"
-database_password:  "{{applications.snipe_it.database_password}}"
-database_type:      "mariadb"
+application_id:           "snipe_it"
+database_password:        "{{applications.snipe_it.database_password}}"
+database_type:            "mariadb"
--- a/roles/docker-taiga/templates/env.j2
+++ b/roles/docker-taiga/templates/env.j2
@@ -18,7 +18,7 @@ POSTGRES_HOST       =   "{{database_host}}"
 # Taiga's SMTP settings - Variables to send Taiga's emails to the users
 EMAIL_BACKEND       =   "{{email_backend}}"          # use an SMTP server or display the emails in the console (either "smtp" or "console")
 EMAIL_HOST          =   "{{system_email.host}}"      # SMTP server address
-EMAIL_PORT          =   "{{system_email.smtp_port}}" # default SMTP port
+EMAIL_PORT          =   "{{system_email.port}}" # default SMTP port
 EMAIL_HOST_USER     =   "{{system_email.username}}"  # user to connect the SMTP server
 EMAIL_HOST_PASSWORD =   "{{system_email.password}}"  # SMTP user's password
 EMAIL_DEFAULT_FROM  =   "{{system_email.from}}"      # default email address for the automated emails
--- a/roles/nginx-domain-redirect/tasks/main.yml
+++ b/roles/nginx-domain-redirect/tasks/main.yml
@@ -8,7 +8,7 @@
 - name: The domains for which a www. redirect will be implemented
  debug:
    var: domain_mappings
-  when: mode_debug | bool
+  when: enable_debug | bool

 - name: configure nginx redirect configurations
  vars:
--- a/roles/nginx-www-redirect/tasks/main.yml
+++ b/roles/nginx-www-redirect/tasks/main.yml
@@ -17,7 +17,7 @@
 - name: The domains for which a www. redirect will be implemented
  debug:
    var: filtered_domains
-  when: mode_debug | bool
+  when: enable_debug | bool

 # Routine for domains with primary domain included

@@ -28,7 +28,7 @@
 - name: Debug with primary domain
  debug:
    var: filtered_domains_with_primary_domain
-  when: mode_debug | bool
+  when: enable_debug | bool

 - name: Include nginx-domain-redirect role with dynamic domain mappings for domains with {{primary_domain}} included
  include_role:
@@ -55,7 +55,7 @@
 - name: Debug domains without primary domain
  debug:
    var: filtered_domains_without_primary_domain
-  when: mode_debug | bool
+  when: enable_debug | bool

 - name: Include nginx-domain-redirect role with dynamic domain mappings for domains without primary domain
  include_role:
--- a/roles/systemd-notifier-email/templates/msmtprc.conf.j2
+++ b/roles/systemd-notifier-email/templates/msmtprc.conf.j2
@@ -12,7 +12,7 @@ tls            off

 account        system_email
 host           {{system_email.host}}
-port           {{system_email.smtp_port}}
+port           {{system_email.port}}
 from           {{system_email.from}}
 user           {{system_email.username}}
 password       {{system_email.password}}
--- a/tasks/seed-database-to-backup.yml
+++ b/tasks/seed-database-to-backup.yml
@@ -5,7 +5,7 @@
      database_name: "{{ database_name | default('undefined') }}"
      database_username: "{{ database_username | default('undefined') }}"
      database_password: "{{ database_password | default('undefined') }}"
-  when: mode_debug | bool
+  when: enable_debug | bool

 - name: seed database values
  command:
Author	SHA1	Message	Date
Kevin Veen-Birkenbach	53af17b2ab	Solved Snipe IT bug	2025-02-05 12:53:06 +01:00
Kevin Veen-Birkenbach	26942a9265	Continued snipe-it implementation	2025-02-05 11:44:11 +01:00