# Docker Applications ## Docker Role Specific Parameters docker_restart_policy: "unless-stopped" ############################################## ## Applications Configuration ############################################## # Keep in mind, that this configuration should in general just apply to the roles which set the applications up. # If other applications depend on this variables, propably it makes sense to define it in e.g. IMA or other variable files. defaults_applications: ## Akaunting akaunting: version: "latest" company_name: "{{primary_domain}}" company_email: "{{administrator_email}}" setup_admin_email: "{{administrator_email}}" ## Attendize attendize: version: "latest" ## Baserow baserow: version: "latest" ## Big Blue Button bigbluebutton: enable_greenlight: "true" setup: false # Set to true in inventory file for initial setup ## Bluesky bluesky: administrator_email: "{{administrator_email}}" pds: version: "latest" #jwt_secret: # Needs to be defined in inventory file - Use: openssl rand -base64 64 | tr -d '\n' #plc_rotation_key_k256_private_key_hex: # Needs to be defined in inventory file - Use: openssl rand -hex 32 #admin_password: # Needs to be defined in inventory file - Use: openssl rand -base64 16 ## Discourse: discourse: network: "discourse_default" # Name of the docker network container: "discourse_application" # Name of the container application repository: "discourse_repository" # Name of the repository folder # database_password: # Needs to be defined in inventory file ## Friendica friendica: version: "latest" ## Funkwhale funkwhale: version: "1.4.0" ldap_enabled: True # Enables LDAP by default ## Gitea gitea: version: "latest" ## Gitlab gitlab: version: "latest" ## Joomla joomla: version: "latest" ## Keycloak keycloak: version: "latest" administrator_username: "{{administrator_username}}" # Administrator Username for Keycloak ldap_enabled: True # Enables LDAP by default # database_password: # Needs to be defined in inventory file # administrator_password: # Needs to be defined in inventory file ## LDAP ldap: lam: version: "latest" administrator_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons openldap: version: "latest" network: local: True # Activates local network to allow other docker containers to connect public: False # Set to true in inventory file if you want to expose the LDAP port to the internet hostname: "openldap" # Hostname of the LDAP Server in the central_ldap network phpldapadmin: version: "2.0.0-dev" # @todo Attention: Change this as fast as released to latest webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin administrator_username: "{{administrator_username}}" ldap_enabled: True # Should have the same value as applications.ldap.openldap.network.local. oauth2_proxy: enabled: true # Activate the OAuth2 Proxy for the LDAP Webinterface application: lam # Needs to be the same as webinterface port: 80 # If you use phpldapadmin set it to 8080 # administrator_password: # CHANGE for security reasons in inventory file # administrator_database_password: # CHANGE for security reasons in inventory file ## Listmonk listmonk: administrator_username: "{{administrator_username}}" # Listmonk administrator account username public_api_activated: False # Security hole. Can be used for spaming version: "latest" # Docker Image version setup: false # Set true in inventory file to execute the setup and initializing procedures ## MariaDB mariadb: version: "latest" ## Matomo matomo: version: "latest" oauth2_proxy: enabled: false # Deactivated atm. @todo implement ## Mastodon mastodon: version: "latest" single_user_mode: false # Set true for initial setup setup: false # Set true in inventory file to execute the setup and initializing procedures # # Check out the README.md of the docker-mastodon role to get detailled instructions about how to setup the credentials # # credentials: # database_password: # secret_key_base: # otp_secret: # vapid: # private_key: # public_key: # active_record_encryption: # deterministic_key: # key_derivation_salt: # primary_key: ## Matrix matrix: administrator_username: "{{administrator_username}}" # Accountname of the matrix admin playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start role: "compose" # Role to setup Matrix. Valid values: ansible, compose server_name: "{{primary_domain}}" # Adress for the account names etc. synapse: version: "latest" element: version: "latest" setup: false # Set true in inventory file to execute the setup and initializing procedures ## Mailu mailu: version: "2024.06" domain: "{{primary_domain}}" setup: false # Set true in inventory file to execute the setup and initializing procedures ## Moodle moodle: site_titel: "Global Learning Academy on {{primary_domain}}" administrator_name: "{{administrator_username}}" administrator_email: "{{administrator_email}}" version: "latest" ## MyBB mybb: version: "latest" ## Nextcloud nextcloud: version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/ ldap_enabled: True # Enables LDAP by default ## OAuth2 Proxy oauth2_proxy: configuration_file: "oauth2-proxy-keycloak.cfg" # Needs to be set true in the roles which use it version: "latest" # Docker Image version redirect_url: "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak. allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups cookie_secret: "{{ applications.oauth2_proxy.cookie_secret if applications.oauth2_proxy is defined else '' }}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16 ## Open Project openproject: version: "13" # Update when available. Sadly no rolling release implemented oauth2_proxy: enabled: true # OpenProject doesn't support OIDC, so this procy in combination with LDAP is needed application: "proxy" port: "80" ldap_enabled: True # Enables LDAP by default ## Peertube peertube: version: "bookworm" ## PHPMyAdmin phpmyadmin: version: "latest" autologin: false # This is a high security risk. Just activate this option if you know what you're doing oauth2_proxy: enabled: true port: "80" application: "application" ## Pixelfed pixelfed: titel: "Pictures on {{primary_domain}}" version: "latest" ## Postgres # Please set an version in your inventory file - Rolling release for postgres isn't recommended postgres: database.version: "latest" # Snipe-IT snipe_it: version: "latest" ## Taiga taiga: version: "latest" ## YOURLS yourls: administrator_username: "{{administrator_username}}" version: "latest" oauth2_proxy: enabled: true application: "application" port: "80" location: "/admin/" # Protects the admin area wordpress: # Deactivate Global theming for wordpress role # due to the reason that wordpress has to much different themes # and one styling for all is not possible. # # May a solution could be to generate a template or css file dedicated # for wordpress based on the theming values and import it. css: enabled: false