kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-04-22 16:02:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: kevinveenbirkenbach:ec5beff22ff15ab0ada8f3833296c14136ae9c3d
Branches Tags
kevinveenbirkenbach:master
..
compare: kevinveenbirkenbach:7d5d69c380557d6ee422693e16991aa77add310a
Branches Tags
kevinveenbirkenbach:master

No commits in common. "ec5beff22ff15ab0ada8f3833296c14136ae9c3d" and "7d5d69c380557d6ee422693e16991aa77add310a" have entirely different histories.
ec5beff22f ... 7d5d69c380

36 changed files with 52 additions and 164 deletions
Show Stats Expand all files Collapse all files

10
group_vars/all/00_general.yml
View File

@ -31,13 +31,13 @@ test_email: "test@{{primary_domain}}"
# Server Tact Variables
## Ours in which the server is "awake" (100% working). Rest of the time is reserved for maintanance
hours_server_awake: "0..23"
hours_server_awake: "0..23"
## Random delay for systemd timers to avoid peak loads.
randomized_delay_sec: "5min"
randomized_delay_sec: "5min"
# Runtime Variables for Process Control
activate_all_timers: false # Activates all timers, independend if the handlers had been triggered
activate_all_timers: false # Activates all timers, independend if the handlers had been triggered
# One Wildcard Certificate for All Subdomains
# Enables a single Let's Encrypt wildcard certificate for all subdomains instead of individual certificates.
@ -47,11 +47,11 @@ activate_all_timers: false # Activates all timers, indep
# To enable, update your inventory file.
# For detailed setup instructions, visit:
# https://github.com/kevinveenbirkenbach/cymais/tree/master/roles/nginx-docker-cert-deploy
enable_wildcard_certificate: false
enable_wildcard_certificate: false
# This enables debugging in ansible and in the apps
# You SHOULD NOT enable this on production servers
enable_debug: false
enable_debug: false
#########################
## ENABLED DEFAULTS ##

14
group_vars/all/07_applications.yml
View File

@ -709,7 +709,7 @@ defaults_applications:
presentation:
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: False # Would mess with the presentation layout
landingpage_iframe_enabled: True # Makes sense to make the documentary allways in iframe available
landingpage_iframe_enabled: False # Makes sense to make the documentary allways in iframe available
# Snipe-IT
snipe_it:
@ -770,15 +770,7 @@ defaults_applications:
# May a solution could be to generate a template or css file dedicated
# for wordpress based on the theming values and import it.
database:
central_storage: True # Activate Central Database Storage
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: false # CSS is hard to tweak for wordpress
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
oidc:
enabled: true # Activate OIDC
title: "Blog"
credentials:
administrator:
username: "{{users.administrator.username}}" # Username of the wordpress administrator
# password: # Password of the wordpress administrator
email: "{{users.administrator.email}}" # Email of the wordpress adminsitrator
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe

3
group_vars/all/11_iam.yml
View File

@ -28,9 +28,6 @@ defaults_oidc:
attributes:
# Attribut to identify the user
username: "preferred_username"
given_name: "given_name"
family_name: "family_name"
email: "email"
#############################################
### LDAP ###

2
roles/backup-directory-validator/tasks/main.yml
View File

@ -1,4 +1,4 @@
- name: "pkgmgr install"
- name: "{{ role_name }} | pkgmgr install"
include_role:
name: pkgmgr-install
vars:

2
roles/backup-docker-to-local/tasks/main.yml
View File

@ -1,4 +1,4 @@
- name: "pkgmgr install"
- name: "{{ role_name }} | pkgmgr install"
include_role:
name: pkgmgr-install
vars:

6
roles/backup-docker-to-local/tasks/seed-database-to-backup.yml
View File

@ -1,6 +1,6 @@
# This file is also used by docker-matrix-compose
- name: "Display all database variables"
- name: "{{ role_name }} | Display all database variables"
debug:
msg: |
database_instance: "{{ database_instance | default('undefined') }}"
@ -9,7 +9,7 @@
database_password: "{{ database_password | default('undefined') }}"
when: enable_debug | bool
- name: "fail if not all required database variables are defined"
- name: "{{ role_name }} | fail if not all required database variables are defined"
fail:
msg: "You must define all of the following variables: database_instance, database_name, database_username, database_password"
when: >
@ -22,7 +22,7 @@
database_username is defined and
database_password is defined)
- name: "seed database values in directory {{ backup_docker_to_local_folder }}"
- name: "{{ role_name }} | seed database values in directory {{ backup_docker_to_local_folder }}"
command:
cmd: "python database_entry_seeder.py databases.csv {{database_instance}} {{database_name}} {{database_username}} {{database_password}}"
chdir: "{{ backup_docker_to_local_folder }}"

2
roles/cleanup-docker-anonymous-volumes/tasks/main.yml
View File

@ -1,4 +1,4 @@
- name: "pkgmgr install"
- name: "{{ role_name }} | pkgmgr install"
include_role:
name: pkgmgr-install
vars:

2
roles/cleanup-failed-docker-backups/tasks/main.yml
View File

@ -1,4 +1,4 @@
- name: "pkgmgr install"
- name: "{{ role_name }} | pkgmgr install"
include_role:
name: pkgmgr-install
vars:

2
roles/client-git/tasks/main.yml
View File

@ -4,7 +4,7 @@
state: present
become: true
- name: "pkgmgr install"
- name: "{{ role_name }} | pkgmgr install"
include_role:
name: pkgmgr-install
vars:

2
roles/client-gnome-extensions/tasks/main.yml
View File

@ -2,7 +2,7 @@
ansible.builtin.shell: gsettings set org.gnome.shell disable-user-extensions false
become: false
- name: "pkgmgr install"
- name: "{{ role_name }} | pkgmgr install"
include_role:
name: pkgmgr-install
vars:

10
roles/docker-central-database/tasks/main.yml
View File

@ -1,27 +1,27 @@
- name: "Load database variables"
- name: "{{ role_name }} | Load database variables"
include_vars: "{{ item }}"
loop:
- "{{ docker_var_file }}" # Important to load docker variables first so that database can use them
- "{{ database_var_file }}" # Important to load them before docker role so that backup can use them
# Docker Routines
- name: "Include docker-compose role"
- name: "{{ role_name }} | Include docker-compose role"
include_role:
name: docker-compose
# The following env file will just be used from the dedicated mariadb container
# and not the central-mariadb-database
- name: "Create {{database_env}}"
- name: "{{ role_name }} | Create {{database_env}}"
template:
src: "env/{{database_type}}.env.j2"
dest: "{{database_env}}"
notify: docker compose project build and setup
when: not applications[application_id].database.central_storage | bool
- name: "Create central database"
- name: "{{ role_name }} | Create central database"
include_role:
name: "docker-{{database_type}}"
when: applications[application_id].database.central_storage | bool
- name: "Add database to backup"
- name: "{{ role_name }} | Add database to backup"
include_tasks: "{{ playbook_dir }}/roles/backup-docker-to-local/tasks/seed-database-to-backup.yml"

6
roles/docker-compose/tasks/main.yml
View File

@ -1,7 +1,7 @@
- name: "Load variables from {{ role_path }}/vars/docker-compose.yml for whole play"
- name: "{{ role_name }} | Load variables from {{ role_path }}/vars/docker-compose.yml for whole play"
include_vars: "{{ role_path }}/vars/docker-compose.yml"
- name: "Remove {{ docker_compose.directories.instance }} and all its contents"
- name: "{{ role_name }} | Remove {{ docker_compose.directories.instance }} and all its contents"
file:
path: "{{ docker_compose.directories.instance }}"
state: absent
@ -9,7 +9,7 @@
# This could lead to problems in docker-compose directories which are based on a git repository
# @todo Verify that this isn't the case. E.g. in accounting
- name: "Create all docker-compose directories (including parent directories)"
- name: "{{ role_name }} | Create all docker-compose directories (including parent directories)"
file:
path: "{{ item.value }}"
state: directory

2
roles/docker-discourse/vars/main.yml
View File

@ -1,5 +1,5 @@
application_id: "discourse"
database_password: "{{ applications.discourse.credentials.database.password }}"
database_password: "{{ applications.discourse.database_password }}"
database_type: "postgres"
docker_repository_directory : "{{docker_compose.directories.services}}{{applications.discourse.repository}}/"
discourse_application_yml_destination: "{{docker_repository_directory }}containers/{{applications.discourse.container}}.yml"

2
roles/docker-keycloak/vars/main.yml
View File

@ -1,6 +1,6 @@
application_id: "keycloak"
database_type: "postgres"
database_password: "{{applications.keycloak.credentials.database.password}}"
database_password: "{{applications.keycloak.database_password}}"
container_name: "{{application_id}}_application"
realm: "{{primary_domain}}" # This is the name of the default realm which is used by the applications
import_directory_host: "{{docker_compose.directories.volumes}}import/" # Directory in which keycloack import files are placed on the host

2
roles/docker-mailu/vars/main.yml
View File

@ -1,5 +1,5 @@
application_id: "mailu"
database_password: "{{applications.mailu.credentials.database.password}}"
database_password: "{{applications.mailu.credentials.database_password}}"
database_type: "mariadb"
cert_mount_directory: "{{docker_compose.directories.volumes}}certs/"
enable_wildcard_certificate: false

2
roles/docker-mastodon/vars/main.yml
View File

@ -1,3 +1,3 @@
application_id: "mastodon"
database_password: "{{applications.mastodon.credentials.database.password}}"
database_password: "{{applications.mastodon.credentials.database_password}}"
database_type: "postgres"

2
roles/docker-matomo/vars/main.yml
View File

@ -1,7 +1,7 @@
---
application_id: "matomo"
database_type: "mariadb"
database_password: "{{applications.matomo.credentials.database.password}}"
database_password: "{{applications.matomo.database_password}}"
# I don't know if this is still necessary
domain: "{{domains.matomo}}"

2
roles/docker-nextcloud/vars/main.yml
View File

@ -3,7 +3,7 @@
application_id: "nextcloud" # Application identifier
# Database
database_password: "{{applications.nextcloud.credentials.database.password}}" # Database password
database_password: "{{applications.nextcloud.credentials.database_password}}" # Database password
database_type: "mariadb" # Database flavor
# Networking

2
roles/docker-openproject/vars/main.yml
View File

@ -1,6 +1,6 @@
application_id: "openproject"
docker_repository_address: "https://github.com/opf/openproject-deploy"
database_password: "{{ applications[application_id].credentials.database.password }}"
database_password: "{{ applications[application_id].credentials.database_password }}"
database_type: "postgres"
openproject_plugins_service: "{{docker_compose.directories.services}}plugins/"

4
roles/docker-portfolio/templates/footer_menu.yaml.j2
View File

@ -122,9 +122,9 @@
- name: Slides
description: Checkout the presentation
icon:
class: "fas fa-chalkboard-teacher"
class: fas fa-book
url: https://{{domains.presentation}}
iframe: {{ applications | get_landingpage_iframe_enabled('presentation') }}
iframe: {{ applications | get_landingpage_iframe_enabled('sphinx') }}
{% endif %}

2
roles/docker-presentation/tasks/main.yml
View File

@ -4,7 +4,7 @@
include_role:
name: docker-compose
- name: "pkgmgr install"
- name: "{{ role_name }} | pkgmgr install"
include_role:
name: pkgmgr-install
vars:

2
roles/docker-snipe_it/vars/main.yml
View File

@ -1,3 +1,3 @@
application_id: "snipe_it"
database_password: "{{applications.snipe_it.credentials.database.password}}"
database_password: "{{applications.snipe_it.database_password}}"
database_type: "mariadb"

2
roles/docker-sphinx/tasks/main.yml
View File

@ -4,7 +4,7 @@
include_role:
name: docker-compose
- name: "pkgmgr install"
- name: "{{ role_name }} | pkgmgr install"
include_role:
name: pkgmgr-install
vars:

11
roles/docker-wordpress/files/Dockerfile
View File

@ -1,15 +1,12 @@
FROM wordpress
# Install msmtp and update system
# Update and installation of msmtp
RUN apt-get update && \
apt-get install -y msmtp msmtp-mta && \
rm -rf /var/lib/apt/lists/*
# Install WP CLI
RUN curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && \
chmod +x wp-cli.phar && \
mv wp-cli.phar /usr/local/bin/wp
# Copy msmtp configuration and PHP upload settings
# Copy the msmtp configuration into the container
COPY config/msmtprc.conf /etc/msmtprc
# Copy the PHP configuration for uploads (and mail settings)
COPY upload.ini $PHP_INI_DIR/conf.d/

12
roles/docker-wordpress/tasks/install.yml
View File

@ -1,12 +0,0 @@
- name: "Run WordPress core install via WP CLI"
command: >
docker-compose exec -T -u www-data application
wp core install
--url="https://{{ domains[application_id][0] }}"
--title="{{ applications[application_id].title }}"
--admin_user="{{ applications[application_id].credentials.administrator.username }}"
--admin_password="{{ applications[application_id].credentials.administrator.password }}"
--admin_email="{{ applications[application_id].credentials.administrator.email }}"
--path="{{ wordpress_docker_html_path }}"
args:
chdir: "{{ docker_compose.directories.instance }}"

11
roles/docker-wordpress/tasks/main.yml
View File

@ -1,9 +1,9 @@
---
- name: "Include docker-central-database"
- name: "include docker-central-database"
include_role:
name: docker-central-database
- name: "Include role nginx-domain-setup for {{ application_id }}"
- name: "include role nginx-domain-setup for {{ application_id }}"
include_role:
name: nginx-domain-setup
loop: "{{ domains.wordpress }}"
@ -33,10 +33,3 @@
- name: "copy docker-compose.yml and env file"
include_tasks: copy-docker-compose-and-env.yml
- name: "Install wordpress"
include_tasks: install.yml
- name: "Activating OIDC when enabled."
include_tasks: oidc.yml
when: applications[application_id].oidc.enabled | bool

19
roles/docker-wordpress/tasks/oidc.yml
View File

@ -1,19 +0,0 @@
---
- name: "Install OpenID Connect Generic Plugin via WP CLI"
command: >
docker-compose exec -u www-data -T application
wp plugin install daggerhart-openid-connect-generic
--path={{ wordpress_docker_html_path }}
args:
chdir: "{{ docker_compose.directories.instance }}"
- name: "Activate OpenID Connect Generic Plugin"
command: >
docker-compose exec -u www-data -T application
wp plugin activate daggerhart-openid-connect-generic
--path={{ wordpress_docker_html_path }}
args:
chdir: "{{ docker_compose.directories.instance }}"
- name: "Setup OIDC settings"
include_tasks: "oidc_settings.yml"

25
roles/docker-wordpress/tasks/oidc_settings.yml
View File

@ -1,25 +0,0 @@
- name: "Load OIDC settings variables"
include_vars:
file: "{{ role_path }}/vars/oidc.yml"
name: oidc_vars
- name: "Ensure the OIDC settings option exists as a PHP-serialized empty array"
# Generate an empty serialized array in the container, then add or update the option
command: >
docker-compose exec -u www-data -T application bash -lc
"serialized_empty_array=$(wp eval 'echo serialize(array());' --path={{ wordpress_docker_html_path }}); \
wp option add openid_connect_generic_settings \"$serialized_empty_array\" --path={{ wordpress_docker_html_path }} \
|| wp option update openid_connect_generic_settings \"$serialized_empty_array\" --path={{ wordpress_docker_html_path }};"
args:
chdir: "{{ docker_compose.directories.instance }}"
failed_when: false
- name: "Apply all OIDC settings via WP-CLI eval (safe via base64)"
# Convert the settings map to base64-encoded JSON to avoid shell escaping issues
vars:
oidc_settings_json_b64: "{{ oidc_vars.oidc_settings | to_json | b64encode }}"
command: >
docker-compose exec -u www-data -T application bash -lc
"wp eval \"update_option('openid_connect_generic_settings', json_decode(base64_decode('{{ oidc_settings_json_b64 }}'), true));\" --path={{ wordpress_docker_html_path }}"
args:
chdir: "{{ docker_compose.directories.instance }}"

4
roles/docker-wordpress/templates/docker-compose.yml.j2
View File

@ -4,14 +4,14 @@ services:
application:
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
image: {{wordpress_custom_image}}
image: {{custom_wordpress_image}}
container_name: wordpress-application
build:
context: .
ports:
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
volumes:
- data:{{ wordpress_docker_html_path }}
- data:/var/www/html
{% include 'roles/docker-compose/templates/services/msmtp_curl_test.yml.j2' %}

7
roles/docker-wordpress/templates/env.j2
View File

@ -1,9 +1,4 @@
WORDPRESS_DB_HOST= "{{database_host}}:{{database_port}}"
WORDPRESS_DB_USER= "{{database_username}}"
WORDPRESS_DB_PASSWORD= "{{database_password}}"
WORDPRESS_DB_NAME= "{{database_name}}"
# Debug flags
WP_DEBUG={{ enable_debug | lower }}
WP_DEBUG_LOG={{ enable_debug | lower }}
WP_DEBUG_DISPLAY={{ enable_debug | lower }}
WORDPRESS_DB_NAME= "{{database_name}}"

5
roles/docker-wordpress/vars/main.yml
View File

@ -1,7 +1,6 @@
application_id: "wordpress"
wordpress_max_upload_size: "64M"
database_type: "mariadb"
database_password: "{{applications[application_id].credentials.database.password}}"
wordpress_custom_image: "wordpress_custom"
wordpress_docker_html_path: "/var/www/html"
database_password: "{{wordpress_database_password}}"
custom_wordpress_image: "custom_wordpress"
host_msmtp_conf: "{{docker_compose.directories.config}}msmtprc.conf"

29
roles/docker-wordpress/vars/oidc.yml
View File

@ -1,29 +0,0 @@
# vars/oidc.yml
# Defines OIDC settings for the OpenID Connect Generic plugin, with explanatory comments.
# @see https://github.com/oidc-wp/openid-connect-generic/blob/develop/includes/openid-connect-generic-option-settings.php
oidc_settings:
client_id: "{{ oidc.client.id }}" # The client ID that identifies WordPress as the OIDC client.
client_secret: "{{ oidc.client.secret }}" # The secret key used by WordPress to authenticate to the OIDC provider.
endpoint_login: "{{ oidc.client.authorize_url }}" # URL of the authorization endpoint to initiate the login flow.
endpoint_token: "{{ oidc.client.token_url }}" # URL of the token endpoint for exchanging authorization codes for tokens.
endpoint_userinfo: "{{ oidc.client.user_info_url }}" # URL of the userinfo endpoint to retrieve user profile data.
endpoint_end_session: "{{ oidc.client.logout_url }}" # URL of the end-session endpoint to log users out of the IDP.
login_type: "auto" # Determines how the login interface is rendered (e.g., button or form).
scope: "openid profile email" # Scopes requested from the OIDC provider during authentication.
create_if_does_not_exist: true # Auto-create a new WP user if one doesnt exist.
enforce_privacy: false # Require authentication for all site pages if set to true.
link_existing_users: true # Link OIDC login to existing WP users by matching email.
redirect_on_logout: true # Redirect users after logout to the login screen or homepage.
redirect_user_back: true # Return users to their original URL after successful login.
#acr_values: "{{ oidc.client.acr_values | default('') }}" # ACR values defining required authentication context (e.g., MFA level).
enable_logging: "{{ enable_debug }}" # Enable detailed plugin logging for debugging and auditing.
# log_limit: "{{ oidc.client.log_limit | default('') }}" # Maximum number of log entries to retain before pruning.
no_sslverify: false # The flag to enable/disable SSL verification during authorization.
http_request_timeout: 5 # The timeout for requests made to the IDP. Default value is 5.
identity_key: "{{ oidc.attributes.username }}" # The key in the user claim array to find the user's identification data.
nickname_key: "{{ oidc.attributes.username }}" # The key in the user claim array to find the user's nickname.
email_format: "{{ oidc.attributes.email }}" # The key(s) in the user claim array to formulate the user's email address.
displayname_format: "{{ oidc.attributes.given_name }} {{ oidc.attributes.family_name }}" # The key(s) in the user claim array to formulate the user's display name.
identify_with_username: true # The flag which indicates how the user's identity will be determined.
state_time_limit: 180 # The valid time limit of the state, in seconds. Defaults to 180 seconds.

2
roles/driver-lid-switch/tasks/main.yml
View File

@ -1,5 +1,5 @@
---
- name: "pkgmgr install"
- name: "{{ role_name }} | pkgmgr install"
include_role:
name: pkgmgr-install
vars:

2
roles/pkgmgr-install/tasks/main.yml
View File

@ -1,4 +1,4 @@
- name: "pkgmgr installation tasks"
- name: "{{ role_name }} | pkgmgr installation tasks"
become: "{{ pkgmgr_become }}"
block:
- name: update pkgmgr

2
roles/system-btrfs-auto-balancer/tasks/main.yml
View File

@ -1,4 +1,4 @@
- name: "pkgmgr install"
- name: "{{ role_name }} | pkgmgr install"
include_role:
name: pkgmgr-install
vars:

2
roles/system-swapfile/tasks/main.yml
View File

@ -1,4 +1,4 @@
- name: "pkgmgr install"
- name: "{{ role_name }} | pkgmgr install"
include_role:
name: pkgmgr-install
vars: