mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-10-31 02:10:05 +00:00
Kevin Veen-Birkenbach
dbbb3510f3
- Removed ?transport=udp from Nextcloud Talk TURN server definitions - Dropped --no-tcp-relay to allow TCP fallback - Removed invalid UDP mapping on TLS port - Introduced switch between REST secret auth and lt-cred-mech via COTURN_USER_AUTH_ENABLED - Added user_auth_enabled flag in coturn config for flexibility See: https://chatgpt.com/share/68d7d601-3558-800f-bc84-00d7e8fc3243
132 lines
9.0 KiB
YAML
132 lines
9.0 KiB
YAML
---
|
|
# General
|
|
application_id: "web-app-nextcloud" # Application identifier
|
|
container_port: 80
|
|
|
|
# Database
|
|
database_password: "{{ applications | get_app_conf(application_id, 'credentials.database_password') }}"
|
|
database_type: "mariadb" # Database flavor
|
|
|
|
# Nextcloud
|
|
|
|
## General
|
|
NEXTCLOUD_DOMAIN: "{{ domains | get_domain(application_id) }}"
|
|
NEXTCLOUD_PORT: "{{ ports.localhost.http[application_id] }}"
|
|
NEXTCLOUD_URL: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
|
|
|
|
## Plugins
|
|
NEXTCLOUD_PLUGIN_ITEMS: "{{ applications | get_app_conf(application_id, 'plugins') | dict2items }}"
|
|
NEXTCLOUD_PLUGINS_ENABLED: "{{ applications | get_app_conf(application_id, 'plugins_enabled') }}"
|
|
|
|
## Paths
|
|
|
|
### Host
|
|
NEXTCLOUD_HOST_CONF_ADD_PATH: "{{ [ docker_compose.directories.volumes, 'infinito' ] | path_join }}" # This folder is the path to which the additive configurations will be copied
|
|
NEXTCLOUD_HOST_INCL_PATH: "{{ [ docker_compose.directories.volumes, 'includes.php' ] | path_join }}" # Path to the instruction file on the host. Responsible for loading the additional configurations
|
|
NEXTCLOUD_HOST_NGINX_PATH: "{{ [ NGINX.DIRECTORIES.HTTP.SERVERS, NEXTCLOUD_DOMAIN ~ '.conf' ] | path_join }}" # Nginx path for proxy conf
|
|
NEXTCLOUD_HOST_NGINX_SRC: "{{ [ docker_compose.directories.volumes, 'nginx.conf' ] | path_join }}"
|
|
|
|
## Control Node
|
|
NEXTCLOUD_CNODE_PLUGIN_VARS_PATH: "{{ [role_path, 'vars/plugins/'] | path_join }}" # Folder in which the files for the plugin configuration are stored
|
|
NEXTCLOUD_CNODE_PLUGIN_TASKS_PATH: "{{ [role_path, 'tasks/plugins/'] | path_join }}" # Folder which contains the files for extra plugin configuration tasks
|
|
|
|
## Internal Paths
|
|
NEXTCLOUD_DOCKER_WORK_DIRECTORY: "/var/www/html/" # Name of the workdir in which the application is stored
|
|
NEXTCLOUD_DOCKER_CONF_DIRECTORY: "{{ [ NEXTCLOUD_DOCKER_WORK_DIRECTORY, 'config/'] | path_join }}" # Folder in which the Nextcloud configurations are stored
|
|
NEXTCLOUD_DOCKER_CONFIG_FILE: "{{ [ NEXTCLOUD_DOCKER_CONF_DIRECTORY, 'config.php'] | path_join }}" # Path to the Nextcloud configuration file
|
|
NEXTCLOUD_DOCKER_CONF_ADD_PATH: "{{ [ NEXTCLOUD_DOCKER_CONF_DIRECTORY, 'infinito/'] | path_join }}" # Path to the folder which contains additional configurations
|
|
NEXTCLOUD_DOCKER_INCL_PATH: "/tmp/includes.php" # Path to the temporary file which will be included to the config.php to load the additional configurations
|
|
|
|
## Administrator
|
|
NEXTCLOUD_ADMINISTRATOR_PASSWORD: "{{ applications | get_app_conf(application_id, 'credentials.administrator_password') }}"
|
|
NEXTCLOUD_ADMINISTRATOR_USERNAME: "{{ applications | get_app_conf(application_id, 'users.administrator.username') }}"
|
|
|
|
## Docker
|
|
|
|
### Base
|
|
NEXTCLOUD_VOLUME: "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
|
|
NEXTCLOUD_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.version') }}"
|
|
NEXTCLOUD_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.image') }}"
|
|
NEXTCLOUD_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.name') }}"
|
|
|
|
### Proxy
|
|
NEXTCLOUD_PROXY_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.proxy.name') }}"
|
|
NEXTCLOUD_PROXY_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.proxy.image') }}"
|
|
NEXTCLOUD_PROXY_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.proxy.version') }}"
|
|
|
|
### Cron
|
|
NEXTCLOUD_CRON_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.cron.name') }}"
|
|
|
|
### Talk
|
|
|
|
#### General
|
|
NEXTCLOUD_TALK_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.talk.name') }}"
|
|
NEXTCLOUD_TALK_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.talk.image') }}"
|
|
NEXTCLOUD_TALK_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.talk.version') }}"
|
|
NEXTCLOUD_TALK_PLUGIN_ENABLED: "{{ applications | get_app_conf(application_id, 'plugins.spreed.enabled') }}"
|
|
NEXTCLOUD_TALK_NETWORK_MODE: "{{ applications | get_app_conf(application_id, 'docker.services.talk.network_mode') }}"
|
|
NEXTCLOUD_TALK_INTERNAL_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.talk_internal_secret') }}"
|
|
NEXTCLOUD_TALK_DOMAIN: "{{ NEXTCLOUD_DOMAIN }}"
|
|
|
|
#### Signaling
|
|
NEXTCLOUD_TALK_SIGNALING_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.talk_signaling_secret') }}"
|
|
NEXTCLOUD_TALK_SIGNALING_LOCATION: "/standalone-signaling/"
|
|
NEXTCLOUD_TALK_SIGNALING_PORT: "8081"
|
|
NEXTCLOUD_TALK_SIGNALING_URL: "{{ [ NEXTCLOUD_URL, NEXTCLOUD_TALK_SIGNALING_LOCATION ] | url_join }}"
|
|
|
|
#### Talk Turn (Onboard)
|
|
NEXTCLOUD_TALK_TURN_ONBOARD_PORT: "{{ ports.public.stun_turn[application_id] }}"
|
|
NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED: "{{ applications | get_app_conf(application_id, 'docker.services.talk.turn_server.onboard_enabled') if NEXTCLOUD_TALK_PLUGIN_ENABLED else false }}"
|
|
NEXTCLOUD_TALK_TURN_ONBOARD_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.talk_turn_secret') }}"
|
|
NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_START: "{{ ports.public.relay_port_ranges[application_id ~ '_start'] }}"
|
|
NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_END: "{{ ports.public.relay_port_ranges[application_id ~ '_end' ] }}"
|
|
NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_RANGE: "{{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_START }}-{{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_END }}"
|
|
NEXTCLOUD_TALK_STUN_ONBOARD_CONFIG: "{{ NEXTCLOUD_TALK_DOMAIN }}:{{ NEXTCLOUD_TALK_TURN_ONBOARD_PORT }}"
|
|
NEXTCLOUD_TALK_TURN_ONBOARD_CONFIG: >-
|
|
{{
|
|
{
|
|
'server': NEXTCLOUD_TALK_DOMAIN ~ ':' ~ NEXTCLOUD_TALK_TURN_ONBOARD_PORT,
|
|
'secret': NEXTCLOUD_TALK_TURN_ONBOARD_SECRET,
|
|
'ttl': 86400,
|
|
'protocols': 'udp,tcp'
|
|
}
|
|
}}
|
|
|
|
#### Coturn (Standalone)
|
|
NEXTCLOUD_TALK_TURN_STANDALONE_ROLE: 'web-svc-coturn'
|
|
NEXTCLOUD_TALK_TURN_STANDALONE_PORT: "{{ ports.public.stun_turn[NEXTCLOUD_TALK_TURN_STANDALONE_ROLE] }}"
|
|
NEXTCLOUD_TALK_TURN_STANDALONE_SECRET: "{{ applications | get_app_conf(NEXTCLOUD_TALK_TURN_STANDALONE_ROLE, 'credentials.auth_secret') }}"
|
|
NEXTCLOUD_TALK_TURN_STANDALONE_ENABLED: "{{ applications | get_app_conf(application_id, 'docker.services.talk.turn_server.standalone_enabled') if NEXTCLOUD_TALK_PLUGIN_ENABLED else false }}"
|
|
NEXTCLOUD_TALK_TURN_STANDALONE_DOMAIN: "{{ domains | get_domain(NEXTCLOUD_TALK_TURN_STANDALONE_ROLE) }}"
|
|
NEXTCLOUD_TALK_STUN_STANDALONE_CONFIG: "{{ NEXTCLOUD_TALK_TURN_STANDALONE_DOMAIN }}:{{ NEXTCLOUD_TALK_TURN_STANDALONE_PORT }}"
|
|
NEXTCLOUD_TALK_TURN_STANDALONE_CONFIG: >-
|
|
{{
|
|
{
|
|
'server': NEXTCLOUD_TALK_TURN_STANDALONE_DOMAIN ~ ':' ~ NEXTCLOUD_TALK_TURN_STANDALONE_PORT,
|
|
'secret': NEXTCLOUD_TALK_TURN_STANDALONE_SECRET,
|
|
'ttl': 86400,
|
|
'protocols': 'udp,tcp'
|
|
}
|
|
}}
|
|
|
|
### Whiteboard
|
|
NEXTCLOUD_WHITEBOARD_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.whiteboard.name') }}"
|
|
NEXTCLOUD_WHITEBOARD_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.whiteboard.image') }}"
|
|
NEXTCLOUD_WHITEBOARD_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.whiteboard.version') }}"
|
|
NEXTCLOUD_WHITEBOARD_ENABLED: "{{ applications | get_app_conf(application_id, 'plugins.whiteboard.enabled') }}"
|
|
NEXTCLOUD_WHITEBOARD_PORT_INTERNAL: "3002"
|
|
NEXTCLOUD_WHITEBOARD_JWT: "{{ applications | get_app_conf(application_id, 'credentials.whiteboard_jwt_secret') }}"
|
|
NEXTCLOUD_WHITEBOARD_LOCATION: "/whiteboard/"
|
|
NEXTCLOUD_WHITEBOARD_URL: "{{ [ NEXTCLOUD_URL, NEXTCLOUD_WHITEBOARD_LOCATION ] | url_join }}"
|
|
|
|
### Collabora
|
|
NEXTCLOUD_COLLABORA_URL: "{{ domains | get_url('web-svc-collabora', WEB_PROTOCOL) }}"
|
|
|
|
## User Configuration
|
|
NEXTCLOUD_DOCKER_USER_id: 82 # UID of the www-data user
|
|
NEXTCLOUD_DOCKER_USER: "www-data" # Name of the www-data user (Set here to easy change it in the future)
|
|
|
|
## Execution
|
|
NEXTCLOUD_INTERNAL_OCC_COMMAND: "{{ [ NEXTCLOUD_DOCKER_WORK_DIRECTORY, 'occ'] | path_join }}"
|
|
NEXTCLOUD_DOCKER_EXEC: "docker exec -u {{ NEXTCLOUD_DOCKER_USER }} {{ NEXTCLOUD_CONTAINER }}" # General execute composition
|
|
NEXTCLOUD_DOCKER_EXEC_OCC: "{{ NEXTCLOUD_DOCKER_EXEC }} {{ NEXTCLOUD_INTERNAL_OCC_COMMAND }}" # Execute docker occ command |