mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-04-05 16:44:16 +02:00
738 lines
48 KiB
YAML
738 lines
48 KiB
YAML
# Docker Applications
|
||
|
||
## Docker Role Specific Parameters
|
||
docker_restart_policy: "unless-stopped"
|
||
|
||
##############################################
|
||
## Applications Configuration
|
||
##############################################
|
||
|
||
# Keep in mind, that this configuration should in general just apply to the roles which set the applications up.
|
||
# If other applications depend on this variables, propably it makes sense to define it in e.g. IMA or other variable files.
|
||
|
||
# helper
|
||
_applications_nextcloud_ldap_enabled: "{{ applications.nextcloud.ldap.enabled | default(true) }}"
|
||
_applications_nextcloud_oidc_enabled: "{{ applications.nextcloud.oidc.enabled | default(true) }}"
|
||
_applications_nextcloud_oidc_flavor: "{{ applications.nextcloud.oidc.flavor | default('oidc_login' if _applications_nextcloud_ldap_enabled else 'sociallogin') }}"
|
||
|
||
|
||
defaults_applications:
|
||
|
||
## Akaunting
|
||
akaunting:
|
||
version: "latest"
|
||
company_name: "{{primary_domain}}"
|
||
company_email: "{{users.administrator.email}}"
|
||
setup_admin_email: "{{users.administrator.email}}"
|
||
database:
|
||
central_storage: True
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
|
||
|
||
## Assets Server
|
||
assets_server:
|
||
source_directory: "{{ playbook_dir }}/assets" # Directory from which the assets will be copied
|
||
url: "https://{{domains.file_server}}/assets" # Public address of the assets directory
|
||
|
||
## Attendize
|
||
attendize:
|
||
version: "latest"
|
||
database:
|
||
central_storage: True
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
|
||
|
||
## Baserow
|
||
baserow:
|
||
version: "latest"
|
||
database:
|
||
central_storage: True
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
|
||
|
||
## Big Blue Button
|
||
bigbluebutton:
|
||
enable_greenlight: "true"
|
||
setup: false # Set to true in inventory file for initial setup
|
||
oidc:
|
||
enabled: true # Activate OIDC
|
||
database:
|
||
central_storage: True
|
||
ldap:
|
||
enabled: False # @todo LDAP needs to get propper implemented and tested, just set values during refactoring
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
|
||
|
||
## Bluesky
|
||
bluesky:
|
||
users:
|
||
administrator:
|
||
email: "{{users.administrator.email}}"
|
||
pds:
|
||
version: "latest"
|
||
#jwt_secret: # Needs to be defined in inventory file - Use: openssl rand -base64 64 | tr -d '\n'
|
||
#plc_rotation_key_k256_private_key_hex: # Needs to be defined in inventory file - Use: openssl rand -hex 32
|
||
#admin_password: # Needs to be defined in inventory file - Use: openssl rand -base64 16
|
||
database:
|
||
central_storage: True
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
|
||
|
||
# Chromium Browser
|
||
chromium:
|
||
plugins: # Plugins to be installed in Chromium
|
||
- "cjpalhdlnbpafiamejdnhcphjbkeiagm;https://clients2.google.com/service/update2/crx" # U-Block Origine Plugin
|
||
- "oboonakemofpalcgghocfoadofidjkkk;https://clients2.google.com/service/update2/crx" # KeepassXC Plugin
|
||
|
||
coturn: # @todo implement
|
||
credentials:
|
||
user: turnuser
|
||
# password: # Need to be defined in invetory file
|
||
# secret: # Need to be defined in invetory file
|
||
|
||
## Discourse:
|
||
discourse:
|
||
network: "discourse_default" # Name of the docker network
|
||
container: "discourse_application" # Name of the container application
|
||
repository: "discourse_repository" # Name of the repository folder
|
||
# database_password: # Needs to be defined in inventory file
|
||
oidc:
|
||
enabled: true # Activate OIDC
|
||
database:
|
||
central_storage: True # Activate Central Database Storage
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
|
||
|
||
## File Server
|
||
file_server:
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: "true" # Landingpage should be embeded in portfolio
|
||
|
||
# Firefox Browser
|
||
firefox:
|
||
plugins: # Plugins to be installed in Firefox
|
||
- "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi" # U-Block Origine Plugin
|
||
- "https://addons.mozilla.org/firefox/downloads/latest/keepassxc-browser/latest.xpi" # KeepassXC Plugin
|
||
|
||
## Friendica
|
||
friendica:
|
||
version: "latest"
|
||
oidc:
|
||
enabled: true # Activate OIDC. Plugin is not working yet
|
||
database:
|
||
central_storage: True # Activate Central Database Storage
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
|
||
|
||
## Funkwhale
|
||
funkwhale:
|
||
version: "1.4.0"
|
||
ldap:
|
||
enabled: True # Enables LDAP by default @todo check implementation
|
||
database:
|
||
central_storage: True # Activate Central Database Storage
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
|
||
|
||
## Gitea
|
||
gitea:
|
||
version: "latest" # Use latest docker image
|
||
database:
|
||
central_storage: True # Activate Central Database Storage
|
||
configuration:
|
||
repository:
|
||
enable_push_create_user: True # Allow users to push local repositories to Gitea and have them automatically created for a user.
|
||
default_private: last # Default private when creating a new repository: last, private, public
|
||
default_push_create_private: True # Default private when creating a new repository with push-to-create.
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
|
||
|
||
## Gitlab
|
||
gitlab:
|
||
version: "latest"
|
||
database:
|
||
central_storage: True # Activate Central Database Storage
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
|
||
|
||
## Gnome
|
||
gnome:
|
||
plugins:
|
||
- [enable,nasa_apod@elinvention.ovh,https://github.com/Elinvention/gnome-shell-extension-nasa-apod.git]
|
||
- [disable,dash-to-dock@micxgx.gmail.com,'']
|
||
- [enable, dash-to-panel@jderose9.github.com,'']
|
||
|
||
## Joomla
|
||
joomla:
|
||
version: "latest"
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
|
||
|
||
## HTML Server
|
||
html_server:
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: "true" # Landingpage should be embeded in portfolio
|
||
|
||
## Keycloak
|
||
keycloak:
|
||
version: "latest"
|
||
users:
|
||
administrator:
|
||
username: "{{users.administrator.username}}" # Administrator Username for Keycloak
|
||
ldap:
|
||
enabled: True # Enables LDAP by default
|
||
import_realm: True # If True realm will be imported. If false skip.
|
||
database:
|
||
central_storage: True # Activate Central Database Storage
|
||
# database_password: # Needs to be defined in inventory file
|
||
# administrator_password: # Needs to be defined in inventory file
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: false # Disabled by default, because it leads to authentification problems
|
||
|
||
## LDAP
|
||
ldap:
|
||
lam:
|
||
version: "latest"
|
||
administrator_password: "{{users.administrator.initial_password}}" # CHANGE for security reasons
|
||
openldap:
|
||
version: "latest"
|
||
network:
|
||
local: True # Activates local network to allow other docker containers to connect
|
||
public: False # Set to true in inventory file if you want to expose the LDAP port to the internet
|
||
hostname: "openldap" # Hostname of the LDAP Server in the central_ldap network
|
||
phpldapadmin:
|
||
version: "2.0.0-dev" # @todo Attention: Change this as fast as released to latest
|
||
webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin
|
||
users:
|
||
administrator:
|
||
username: "{{users.administrator.username}}"
|
||
ldap:
|
||
enabled: True # Should have the same value as applications.ldap.openldap.network.local.
|
||
oauth2_proxy:
|
||
enabled: true # Activate the OAuth2 Proxy for the LDAP Webinterface
|
||
application: lam # Needs to be the same as webinterface
|
||
port: 80 # If you use phpldapadmin set it to 8080
|
||
# cookie_secret: None # Set via openssl rand -hex 16
|
||
database:
|
||
central_storage: false # LDAP doesn't use an database in the current configuration. Propably a good idea to implement one later.
|
||
# administrator_password: # CHANGE for security reasons in inventory file
|
||
# administrator_database_password: # CHANGE for security reasons in inventory file
|
||
force_import: False # Forces the import of the LDIF files
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
|
||
|
||
## Libre Office
|
||
libreoffice:
|
||
flavor: "fresh" # Libre Office flavor, fresh for new, still for stable
|
||
|
||
## Listmonk
|
||
listmonk:
|
||
users:
|
||
administrator:
|
||
username: "{{users.administrator.username}}" # Listmonk administrator account username
|
||
public_api_activated: False # Security hole. Can be used for spaming
|
||
version: "latest" # Docker Image version
|
||
setup: false # Set true in inventory file to execute the setup and initializing procedures
|
||
database:
|
||
central_storage: True # Activate Central Database Storage
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
|
||
|
||
mailu:
|
||
version: "2024.06" # Docker Image Version
|
||
setup: false # Set true in inventory file to execute the setup and initializing procedures
|
||
oidc:
|
||
enabled: true # Activate OIDC for Mailu
|
||
domain: "{{primary_domain}}" # The main domain from which mails will be send \ email suffix behind @
|
||
# I don't know why the database deactivation is necessary
|
||
database:
|
||
central_storage: False # Deactivate central database for mailu
|
||
credentials:
|
||
# secret_key: # Set to a randomly generated 16 bytes string
|
||
# database_password: # Needs to be set in inventory file
|
||
# api_token: # Configures the authentication token. The minimum length is 3 characters. This is a mandatory setting for using the RESTful API.
|
||
# initial_administrator_password: # Initial administrator password for setup
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: true # Default enabled because working well in iframe
|
||
|
||
## MariaDB
|
||
mariadb:
|
||
version: "latest"
|
||
|
||
## Matomo
|
||
matomo:
|
||
version: "latest"
|
||
oauth2_proxy:
|
||
enabled: false # Deactivated atm. @todo implement
|
||
# cookie_secret: None # Set via openssl rand -hex 16
|
||
# database_password: Null # Needs to be set in inventory file
|
||
# auth_token: Null # Needs to be set in inventory file
|
||
database:
|
||
central_storage: True # Activate Central Database Storage
|
||
matomo_tracking_enabled: false # Activate in inventory file if you want to have the statistics, as soon as matomo is running
|
||
css_enabled: false # Not optimized yet for matomo
|
||
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
|
||
|
||
## Mastodon
|
||
mastodon:
|
||
version: "latest"
|
||
single_user_mode: false # Set true for initial setup
|
||
setup: false # Set true in inventory file to execute the setup and initializing procedures
|
||
database:
|
||
central_storage: True # Activate Central Database Storage
|
||
oidc:
|
||
enabled: True # Activate OIDC for Mastodon
|
||
credentials:
|
||
# Check out the README.md of the docker-mastodon role to get detailled instructions about how to setup the credentials
|
||
# database_password:
|
||
# secret_key_base:
|
||
# otp_secret:
|
||
# vapid:
|
||
# private_key:
|
||
# public_key:
|
||
# active_record_encryption:
|
||
# deterministic_key:
|
||
# key_derivation_salt:
|
||
# primary_key:
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
|
||
|
||
## Matrix
|
||
matrix:
|
||
users:
|
||
administrator:
|
||
username: "{{users.administrator.username}}" # Accountname of the matrix admin
|
||
playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start
|
||
role: "compose" # Role to setup Matrix. Valid values: ansible, compose
|
||
server_name: "{{primary_domain}}" # Adress for the account names etc.
|
||
synapse:
|
||
version: "latest"
|
||
element:
|
||
version: "latest"
|
||
setup: false # Set true in inventory file to execute the setup and initializing procedures
|
||
database:
|
||
central_storage: True # Activate Central Database Storage
|
||
oidc:
|
||
enabled: False # Deactivated OIDC due to this issue https://github.com/matrix-org/synapse/issues/10492
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
|
||
|
||
## Moodle
|
||
moodle:
|
||
site_titel: "Global Learning Academy on {{primary_domain}}"
|
||
users:
|
||
administrator:
|
||
username: "{{users.administrator.username}}"
|
||
email: "{{users.administrator.email}}"
|
||
version: "latest"
|
||
database:
|
||
central_storage: True # Activate Central Database Storage
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
|
||
|
||
## MyBB
|
||
mybb:
|
||
version: "latest"
|
||
database:
|
||
central_storage: True # Activate Central Database Storage
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
|
||
|
||
## Nextcloud
|
||
nextcloud:
|
||
version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
|
||
ldap:
|
||
enabled: True # Enables LDAP by default
|
||
oidc:
|
||
enabled: "{{ _applications_nextcloud_oidc_enabled }}" # Activate OIDC for Nextcloud
|
||
# floavor decides which OICD plugin should be used.
|
||
# Available options: oidc_login, sociallogin
|
||
# @see https://apps.nextcloud.com/apps/oidc_login
|
||
# @see https://apps.nextcloud.com/apps/sociallogin
|
||
flavor: "oidc_login" # Keeping on sociallogin because the other option is not implemented yet
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
|
||
database:
|
||
central_storage: True # Activate Central Database Storage
|
||
credentials:
|
||
# database_password: Null # Needs to be set in inventory file
|
||
users:
|
||
administrator:
|
||
username: "{{users.administrator.username}}"
|
||
initial_password: "{{users.administrator.initial_password}}" # Keep in mind to change the password fast after creation and activate 2FA
|
||
default_quota: '1000000000' # Quota to assign if no quota is specified in the OIDC response (bytes)
|
||
legacy_login_mask:
|
||
enabled: False # If true, then legacy login mask is shown. Otherwise just SSO
|
||
container:
|
||
application: "nextcloud-application" # Nextcloud application container name
|
||
proxy: "nextcloud-web" # Nextcloud Proxy Container Name
|
||
performance:
|
||
php:
|
||
memory_limit: "{{ ((ansible_memtotal_mb | int) / 30)|int }}M" # Dynamic set memory limit
|
||
upload_limit: "5G" # Set upload limit to 5GB for big media files
|
||
opcache_memory_consumption: "{{ ((ansible_memtotal_mb | int) / 30)|int }}M" # Dynamic set memory consumption
|
||
plugins:
|
||
# List for Nextcloud Plugin Routine
|
||
# Decides if plugins should be activated or deactivated
|
||
appointments:
|
||
# Nextcloud appointments: handles scheduling and appointment management (https://apps.nextcloud.com/apps/appointments)
|
||
enabled: true
|
||
bbb:
|
||
# Nextcloud BigBlueButton integration: enables video conferencing using BigBlueButton (https://apps.nextcloud.com/apps/bbb)
|
||
enabled: "{{ 'bigbluebutton' in group_names | lower }}"
|
||
#- bookmarks
|
||
# # Nextcloud Bookmarks: manage and share your bookmarks easily (https://apps.nextcloud.com/apps/bookmarks)
|
||
# enabled: false
|
||
calendar:
|
||
# Nextcloud calendar: manages calendar events and scheduling (https://apps.nextcloud.com/apps/calendar)
|
||
enabled: true
|
||
cfg_share_links:
|
||
# Nextcloud share links configuration: customizes sharing settings and link options (https://apps.nextcloud.com/apps/cfg_share_links)
|
||
enabled: true
|
||
collectives:
|
||
# Nextcloud collectives: supports collaborative group management and sharing (https://apps.nextcloud.com/apps/collectives)
|
||
enabled: true
|
||
contacts:
|
||
# Nextcloud contacts: manages address book and contact information (https://apps.nextcloud.com/apps/contacts)
|
||
enabled: true
|
||
cospend:
|
||
# Nextcloud cospend: manages shared expenses and spending tracking (https://apps.nextcloud.com/apps/cospend)
|
||
enabled: true
|
||
deck:
|
||
# Nextcloud Deck: organizes tasks and projects using Kanban boards (https://apps.nextcloud.com/apps/deck)
|
||
# When Taiga is activated, this plugin is deactivated, because Taiga is the prefered application.
|
||
enabled: "{{ 'taiga' not in group_names | lower }}"
|
||
drawio:
|
||
# Nextcloud draw.io: integrates diagram creation and editing tools (https://apps.nextcloud.com/apps/drawio)
|
||
enabled: true
|
||
duplicatefinder:
|
||
# Nextcloud duplicate finder: scans and identifies duplicate files (https://apps.nextcloud.com/apps/duplicatefinder)
|
||
enabled: true
|
||
emlviewer:
|
||
# Nextcloud EML Viewer: previews and manages EML email files (https://apps.nextcloud.com/apps/emlviewer)
|
||
enabled: true
|
||
event_update_notification:
|
||
# Nextcloud event update notification: sends alerts when events are updated (https://apps.nextcloud.com/apps/event_update_notification)
|
||
enabled: true
|
||
epubviewer:
|
||
# Nextcloud EPUB Viewer: enables reading and previewing EPUB e-books (https://apps.nextcloud.com/apps/epubviewer)
|
||
enabled: true
|
||
external:
|
||
# Nextcloud External: Adds links to external services (https://apps.nextcloud.com/apps/external)
|
||
enabled: true
|
||
#files_accesscontrol
|
||
# # Nextcloud Files Access Control: restricts file access based on defined rules (https://apps.nextcloud.com/apps/files_accesscontrol)
|
||
# enabled: false
|
||
#files_archive
|
||
# # Nextcloud Files Archive: compresses and archives files for efficient storage (https://apps.nextcloud.com/apps/files_archive)
|
||
# enabled: false
|
||
#files_automatedtagging
|
||
# # Nextcloud Files Automated Tagging: automatically tags files to improve organization (https://apps.nextcloud.com/apps/files_automatedtagging)
|
||
# enabled: false
|
||
files_bpm:
|
||
# Nextcloud Files BPM: integrates business process management for file workflows (https://apps.nextcloud.com/apps/files_bpm)
|
||
enabled: true
|
||
files_downloadactivity:
|
||
# Nextcloud Files Download Activity: tracks and logs file download events (https://apps.nextcloud.com/apps/files_downloadactivity)
|
||
enabled: true
|
||
files_linkeditor:
|
||
# Nextcloud files link editor: allows customization of shared file links (https://apps.nextcloud.com/apps/files_linkeditor)
|
||
enabled: true
|
||
files_mindmap:
|
||
# Nextcloud Files Mindmap: visualizes file relationships as mind maps (https://apps.nextcloud.com/apps/files_mindmap)
|
||
enabled: true
|
||
files_texteditor:
|
||
# Nextcloud Files Text Editor: provides an online editor for text files (https://apps.nextcloud.com/apps/files_texteditor)
|
||
# Not available for Nextcloud < 27
|
||
enabled: false
|
||
fileslibreofficeedit:
|
||
# Nextcloud LibreOffice integration: allows online editing of documents with LibreOffice (https://apps.nextcloud.com/apps/fileslibreofficeedit)
|
||
enabled: true
|
||
forms:
|
||
# Nextcloud forms: facilitates creation of forms and surveys (https://apps.nextcloud.com/apps/forms)
|
||
enabled: true
|
||
gestion:
|
||
# Nextcloud Gestion: manages administrative tasks and workflows (https://apps.nextcloud.com/apps/gestion)
|
||
enabled: true
|
||
groupfolders:
|
||
# Nextcloud Group Folders: centralizes shared folders for group collaboration (https://apps.nextcloud.com/apps/groupfolders)
|
||
enabled: true
|
||
gpxpod:
|
||
# Nextcloud GPX pod: visualizes GPS tracks and GPX data (https://apps.nextcloud.com/apps/gpxpod)
|
||
enabled: true
|
||
integration_discourse:
|
||
# Nextcloud Integration Discourse: connects Nextcloud with Discourse forums (https://apps.nextcloud.com/apps/integration_discourse)
|
||
enabled: false
|
||
integration_gitlab:
|
||
# Nextcloud Integration GitLab: connects Nextcloud with GitLab repositories (https://apps.nextcloud.com/apps/integration_gitlab)
|
||
enabled: "{{ 'gitlab' in group_names in group_names | lower }}"
|
||
integration_github:
|
||
# Nextcloud Integration GitHub: integrates GitHub repositories with Nextcloud (https://apps.nextcloud.com/apps/integration_github)
|
||
enabled: false
|
||
integration_google:
|
||
# Nextcloud Integration Google: connects Google services with Nextcloud (https://apps.nextcloud.com/apps/integration_google)
|
||
enabled: true
|
||
integration_mastodon:
|
||
# Nextcloud Integration Mastodon: connects Nextcloud with the Mastodon social network (https://apps.nextcloud.com/apps/integration_mastodon)
|
||
enabled: "{{ 'mastodon' in group_names | lower }}"
|
||
integration_openai:
|
||
# Nextcloud Integration OpenAI: brings OpenAI functionalities into Nextcloud (https://apps.nextcloud.com/apps/integration_openai)
|
||
enabled: false
|
||
integration_openproject:
|
||
# Nextcloud Integration OpenProject: integrates project management features from OpenProject (https://apps.nextcloud.com/apps/integration_openproject)
|
||
enabled: "{{ 'openproject' in group_names | lower }}"
|
||
integration_peertube:
|
||
# Nextcloud Integration PeerTube: connects to PeerTube for video sharing (https://apps.nextcloud.com/apps/integration_peertube)
|
||
enabled: "{{ 'peertube' in group_names | lower }}"
|
||
#keeweb
|
||
# # Nextcloud KeeWeb: integrates the KeeWeb password manager within Nextcloud (https://apps.nextcloud.com/apps/keeweb)
|
||
# # This isn't maintained anymore. The alternatives don't support keepass files
|
||
# enabled: false
|
||
keeporsweep:
|
||
# Nextcloud keep or sweep: helps manage and clean up files and data (https://apps.nextcloud.com/apps/keeporsweep)
|
||
enabled: true
|
||
mail:
|
||
# Nextcloud mail: integrated email client for managing mail accounts (https://apps.nextcloud.com/apps/mail)
|
||
enabled: true
|
||
maps:
|
||
# Nextcloud maps: provides mapping and location services integration (https://apps.nextcloud.com/apps/maps)
|
||
enabled: true
|
||
metadata:
|
||
# Nextcloud Metadata: manages and displays file metadata for enhanced organization (https://apps.nextcloud.com/apps/metadata)
|
||
enabled: true
|
||
news:
|
||
# Nextcloud News: aggregates and displays news feeds directly in Nextcloud (https://apps.nextcloud.com/apps/news)
|
||
enabled: true
|
||
oidc_login:
|
||
# Nextcloud User OIDC: integrates OpenID Connect for user authentication (https://apps.nextcloud.com/apps/oidc_login)
|
||
enabled: "{{ _applications_nextcloud_oidc_flavor=='oidc_login' | lower }}"
|
||
incompatible_plugins:
|
||
- user_oidc # Will be disabled
|
||
- sociallogin # Will be disabled
|
||
phonetrack:
|
||
# Nextcloud phone track: tracks and monitors mobile device usage (https://apps.nextcloud.com/apps/phonetrack)
|
||
enabled: true
|
||
polls:
|
||
# Nextcloud polls: facilitates creation and management of user polls (https://apps.nextcloud.com/apps/polls)
|
||
enabled: true
|
||
quota_warning:
|
||
# Nextcloud quota warning: notifies users when storage limits are reached (https://apps.nextcloud.com/apps/quota_warning)
|
||
enabled: true
|
||
recognize:
|
||
# Nextcloud recognize: performs image recognition tasks (https://apps.nextcloud.com/apps/recognize)
|
||
enabled: false # Deactivated because it let to bugs
|
||
richdocuments:
|
||
# Nextcloud Rich Documents: provides collaborative document editing capabilities (https://apps.nextcloud.com/apps/richdocuments)
|
||
enabled: false # @todo To set it default to true activate https://hub.docker.com/r/collabora/code before
|
||
sociallogin:
|
||
# Nextcloud social login: allows authentication using social networks (https://apps.nextcloud.com/apps/sociallogin)
|
||
enabled: "{{ _applications_nextcloud_oidc_flavor=='sociallogin' | lower }}"
|
||
incompatible_plugins:
|
||
- user_oidc # Will be disabled
|
||
- oidc_login # Will be disabled
|
||
spreed:
|
||
# Nextcloud Spreed: offers video conferencing and chat functionalities (https://apps.nextcloud.com/apps/spreed)
|
||
enabled: false # @todo to activate it first implement docker-coturn and activate it
|
||
tables:
|
||
# Nextcloud tables: allows creation and editing of tables within the interface (https://apps.nextcloud.com/apps/tables)
|
||
enabled: true
|
||
tasks:
|
||
# Nextcloud tasks: manages personal or group tasks and to-do lists (https://apps.nextcloud.com/apps/tasks)
|
||
enabled: true
|
||
#terms_of_service
|
||
# # Nextcloud Terms of Service: manages user acceptance of terms and conditions (https://apps.nextcloud.com/apps/terms_of_service)
|
||
# enabled: false
|
||
twofactor_nextcloud_notification:
|
||
# Nextcloud two-factor notification: sends notifications for two-factor authentication events (https://apps.nextcloud.com/apps/twofactor_nextcloud_notification)
|
||
enabled: "{{ (not _applications_nextcloud_oidc_enabled) | lower }}" # Deactivate 2FA if oidc is active
|
||
twofactor_totp:
|
||
# Nextcloud two-factor TOTP: provides time-based one-time password authentication (https://apps.nextcloud.com/apps/twofactor_totp)
|
||
enabled: "{{ (not _applications_nextcloud_oidc_enabled) | lower }}" # Deactivate 2FA if oidc is active
|
||
user_ldap:
|
||
# Nextcloud user LDAP: integrates LDAP for user management and authentication (https://apps.nextcloud.com/apps/user_ldap)
|
||
enabled: "{{ _applications_nextcloud_ldap_enabled | lower }}"
|
||
user_oidc:
|
||
# Nextcloud User OIDC: integrates OpenID Connect for user authentication (https://apps.nextcloud.com/apps/user_oidc)
|
||
enabled: "{{ _applications_nextcloud_oidc_flavor=='user_oidc' | lower }}"
|
||
incompatible_plugins:
|
||
- oidc_login
|
||
- sociallogin
|
||
whiteboard:
|
||
# Nextcloud Whiteboard: provides a collaborative drawing and brainstorming tool (https://apps.nextcloud.com/apps/whiteboard)
|
||
enabled: true
|
||
|
||
## OAuth2 Proxy
|
||
oauth2_proxy:
|
||
configuration_file: "oauth2-proxy-keycloak.cfg" # Needs to be set true in the roles which use it
|
||
version: "latest" # Docker Image version
|
||
redirect_url: "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
|
||
allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
|
||
|
||
## Open Project
|
||
openproject:
|
||
version: "13" # Update when available. Sadly no rolling release implemented
|
||
oauth2_proxy:
|
||
enabled: true # OpenProject doesn't support OIDC, so this procy in combination with LDAP is needed
|
||
application: "proxy"
|
||
port: "80"
|
||
# cookie_secret: None # Set via openssl rand -hex 16
|
||
ldap:
|
||
enabled: True # Enables LDAP by default
|
||
database:
|
||
central_storage: True # Activate Central Database Storage
|
||
css:
|
||
enabled: false # Temporary deactivated due to bugs
|
||
# @todo Solve and reactivate
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
|
||
|
||
## Peertube
|
||
peertube:
|
||
version: "bookworm"
|
||
database:
|
||
central_storage: True # Activate Central Database Storage
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
|
||
|
||
## PgAdmin
|
||
pgadmin:
|
||
version: "latest"
|
||
users:
|
||
administrator:
|
||
email: "{{ users.administrator.email }}" # Initial login email address
|
||
password: "{{ users.administrator.initial_password }}" # Initial login password – should be overridden in inventory for security
|
||
oauth2_proxy:
|
||
enabled: true # Enable OAuth2 proxy for authentication
|
||
application: "application"
|
||
port: "80"
|
||
# cookie_secret: None # Set via: openssl rand -hex 16
|
||
database:
|
||
central_storage: True # Uses central PostgreSQL database
|
||
matomo_tracking_enabled: "{{ matomo_tracking_enabled_default }}" # Enables/Disables Matomo Tracking
|
||
css_enabled: "{{ css_enabled_default }}" # Enables/Disables global CSS styling
|
||
landingpage_iframe_enabled: "{{ landingpage_iframe_enabled_default }}" # Enables/Disables embedding via iframe
|
||
|
||
## PHPMyAdmin
|
||
phpmyadmin:
|
||
version: "latest"
|
||
autologin: false # This is a high security risk. Just activate this option if you know what you're doing
|
||
oauth2_proxy:
|
||
enabled: true
|
||
port: "80"
|
||
application: "application"
|
||
# cookie_secret: None # Set via openssl rand -hex 16
|
||
database:
|
||
central_storage: True # Activate Central Database Storage
|
||
css:
|
||
enabled: False # The css needs more optimation for PHPMyAdmin
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
|
||
|
||
## Pixelfed
|
||
pixelfed:
|
||
titel: "Pictures on {{primary_domain}}"
|
||
version: "latest"
|
||
database:
|
||
central_storage: True # Activate Central Database Storage
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
|
||
|
||
## Postgres
|
||
# Please set an version in your inventory file - Rolling release for postgres isn't recommended
|
||
postgres:
|
||
database.version: "latest"
|
||
|
||
portfolio:
|
||
database:
|
||
central_storage: False # Portfolio doesn't use any database
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: false # Doesn't make sense to load landingpage in landingpage
|
||
|
||
# Snipe-IT
|
||
snipe_it:
|
||
version: "latest"
|
||
database:
|
||
central_storage: True # Activate Central Database Storage
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
|
||
|
||
## Sphinx
|
||
sphinx:
|
||
version: "3.9-slim" # Use latest docker image
|
||
repository_sphinx_source: "https://github.com/kevinveenbirkenbach/cymais.git" # Repository address to pull the source repository from
|
||
sphinx_exec_dir_relative: "docs/" # The relative path to the sphinx Makefile folder from the source dir
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: true # Makes sense to make the documentary allways in iframe available
|
||
|
||
|
||
## Taiga
|
||
taiga:
|
||
version: "latest"
|
||
database:
|
||
central_storage: True # Activate Central Database Storage
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
|
||
|
||
## YOURLS
|
||
yourls:
|
||
users:
|
||
administrator:
|
||
username: "{{users.administrator.username}}"
|
||
version: "latest"
|
||
oauth2_proxy:
|
||
enabled: true
|
||
application: "application"
|
||
port: "80"
|
||
location: "/admin/" # Protects the admin area
|
||
# cookie_secret: None # Set via openssl rand -hex 16
|
||
database:
|
||
central_storage: True # Activate Central Database Storage
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
|
||
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
|
||
|
||
wordpress:
|
||
# Deactivate Global theming for wordpress role
|
||
# due to the reason that wordpress has to much different themes
|
||
# and one styling for all is not possible.
|
||
#
|
||
# May a solution could be to generate a template or css file dedicated
|
||
# for wordpress based on the theming values and import it.
|
||
database:
|
||
central_storage: True # Activate Central Database Storage
|
||
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
|
||
css_enabled: false # CSS is hard to tweak for wordpress
|
||
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe |