# Docker Applications ## Enable Central MariaDB enable_central_database: true enable_central_database_mailu: "{{enable_central_database}}" ## Enable Storage Optimizer for Docker Volumes enable_system_storage_optimizer: true ## Docker Role Specific Parameters docker_restart_policy: "unless-stopped" ### Keycloak Client Configuration oidc_client_active: true # Implement OpenID Connect https://en.wikipedia.org/wiki/OpenID_Connect oidc_client_id: "{{primary_domain}}" oidc_client_realm: "{{primary_domain}}" oidc_client_issuer_url: "https://{{domains.keycloak}}/realms/{{oidc_client_realm}}" oidc_client_discovery_document: "{{oidc_client_issuer_url}}/.well-known/openid-configuration" oidc_client_authorize_url: "{{oidc_client_issuer_url}}/protocol/openid-connect/auth" oidc_client_toke_url: "{{oidc_client_issuer_url}}/protocol/openid-connect/token" oidc_client_user_info_url: "{{oidc_client_issuer_url}}/protocol/openid-connect/userinfo" oidc_client_logout_url: "{{oidc_client_issuer_url}}/protocol/openid-connect/logout" # oidc_client_secret: "{{oidc_client_secret}}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible ldap_network_enabled: false # Activate LDAP network for insecure communitation on localhot between different container instances. Set in vars/main.yml oauth2_proxy_upstream_application_and_port: "application:80" # The name of the application which the server redirects to. Needs to be defined in role vars. oauth2_proxy_active: false defaults_applications: ## Akaunting akaunting: version: "latest" company_name: "{{primary_domain}}" company_email: "{{administrator_email}}" setup_admin_email: "{{administrator_email}}" ## Attendize attendize: version: "latest" ## Baserow baserow: version: "latest" ## Big Blue Button bigbluebutton: enable_greenlight: "true" ## Bluesky bluesky: administrator_email: "{{administrator_email}}" pds: version: "latest" ## Friendica friendica: version: "latest" ## Funkwhale funkwhale: version: "1.4.0" ## Gitea gitea: version: "latest" ## Gitlab gitlab: version: "latest" ## Joomla joomla: version: "latest" ## Keycloak keycloak: version: "latest" administrator_username: "{{administrator_username}}" # Administrator Username for Keycloak ## LDAP ldap: lam: version: "latest" administrator_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons openldap: version: "latest" expose_to_internet: false # Set to true if you want to expose the LDAP port to the internet. Keep in mind to phpldapadmin: version: "2.0.0-dev" # @todo Attention: Change this as fast as released to latest webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin administrator_username: "{{administrator_username}}" administrator_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons administrator_database_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons ## Listmonk listmonk: administrator_username: "{{administrator_username}}" public_api_activated: False # Security hole. Can be used for spaming version: "latest" ## MariaDB mariadb: version: "latest" ## Matomo matomo: version: "latest" ## Mastodon mastodon: version: "latest" single_user_mode: false ## Matrix matrix: administrator_username: "{{administrator_username}}" # Accountname of the matrix admin playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start role: "compose" # Role to setup Matrix. Valid values: ansible, compose server_name: "{{primary_domain}}" # Adress for the account names etc. synapse: version: "latest" element: version: "latest" ## Mailu mailu: version: "2024.06" domain: "{{primary_domain}}" subnet: "192.168.203.0/24" ## Moodle moodle: site_titel: "Global Learning Academy on {{primary_domain}}" administrator_name: "{{administrator_username}}" administrator_email: "{{administrator_email}}" version: "latest" ## MyBB mybb: version: "latest" ## Nextcloud nextcloud: version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/ ## OAuth2 Proxy oauth2_proxy: configuration_file: "oauth2-proxy-keycloak.cfg" # Needs to be set true in the roles which use it version: "latest" redirect_url: "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak. allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups cookie_secret: "{{applications.oauth2_proxy.cookie_secret}}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16 ## Open Project openproject: version: "13" # Update when available. Sadly no rolling release implemented ## Peertube peertube: version: "bookworm" ## PHPMyAdmin phpmyadmin: version: "latest" autologin: false # This is a high security risk. Just activate this option if you know what you're doing ## Pixelfed pixelfed: titel: "Pictures on {{primary_domain}}" version: "latest" ## Postgres # Please set an version in your inventory file - Rolling release for postgres isn't recommended postgres: database.version: "latest" # Snipe-IT snipe_it: version: "latest" ## Taiga taiga: version: "latest" ## YOURLS yourls: administrator_username: "{{administrator_username}}" version: "latest"