mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-02-22 20:39:40 +01:00
266 lines
12 KiB
YAML
266 lines
12 KiB
YAML
# Docker Applications
|
|
|
|
## Docker Role Specific Parameters
|
|
docker_restart_policy: "unless-stopped"
|
|
|
|
##############################################
|
|
## Applications Configuration
|
|
##############################################
|
|
|
|
# Keep in mind, that this configuration should in general just apply to the roles which set the applications up.
|
|
# If other applications depend on this variables, propably it makes sense to define it in e.g. IMA or other variable files.
|
|
|
|
defaults_applications:
|
|
|
|
## Akaunting
|
|
akaunting:
|
|
version: "latest"
|
|
company_name: "{{primary_domain}}"
|
|
company_email: "{{administrator_email}}"
|
|
setup_admin_email: "{{administrator_email}}"
|
|
|
|
## Attendize
|
|
attendize:
|
|
version: "latest"
|
|
|
|
## Baserow
|
|
baserow:
|
|
version: "latest"
|
|
|
|
## Big Blue Button
|
|
bigbluebutton:
|
|
enable_greenlight: "true"
|
|
setup: false # Set to true in inventory file for initial setup
|
|
oidc:
|
|
enabled: true # Activate OIDC
|
|
|
|
## Bluesky
|
|
bluesky:
|
|
administrator_email: "{{administrator_email}}"
|
|
pds:
|
|
version: "latest"
|
|
#jwt_secret: # Needs to be defined in inventory file - Use: openssl rand -base64 64 | tr -d '\n'
|
|
#plc_rotation_key_k256_private_key_hex: # Needs to be defined in inventory file - Use: openssl rand -hex 32
|
|
#admin_password: # Needs to be defined in inventory file - Use: openssl rand -base64 16
|
|
|
|
## Discourse:
|
|
discourse:
|
|
network: "discourse_default" # Name of the docker network
|
|
container: "discourse_application" # Name of the container application
|
|
repository: "discourse_repository" # Name of the repository folder
|
|
# database_password: # Needs to be defined in inventory file
|
|
oidc:
|
|
enabled: true # Activate OIDC
|
|
|
|
## Friendica
|
|
friendica:
|
|
version: "latest"
|
|
oidc:
|
|
enabled: true # Activate OIDC. Plugin is not working yet
|
|
|
|
## Funkwhale
|
|
funkwhale:
|
|
version: "1.4.0"
|
|
ldap_enabled: True # Enables LDAP by default
|
|
|
|
## Gitea
|
|
gitea:
|
|
version: "latest"
|
|
|
|
## Gitlab
|
|
gitlab:
|
|
version: "latest"
|
|
|
|
## Joomla
|
|
joomla:
|
|
version: "latest"
|
|
|
|
## Keycloak
|
|
keycloak:
|
|
version: "latest"
|
|
administrator_username: "{{administrator_username}}" # Administrator Username for Keycloak
|
|
ldap_enabled: True # Enables LDAP by default
|
|
# database_password: # Needs to be defined in inventory file
|
|
# administrator_password: # Needs to be defined in inventory file
|
|
|
|
## LDAP
|
|
ldap:
|
|
lam:
|
|
version: "latest"
|
|
administrator_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons
|
|
openldap:
|
|
version: "latest"
|
|
network:
|
|
local: True # Activates local network to allow other docker containers to connect
|
|
public: False # Set to true in inventory file if you want to expose the LDAP port to the internet
|
|
hostname: "openldap" # Hostname of the LDAP Server in the central_ldap network
|
|
phpldapadmin:
|
|
version: "2.0.0-dev" # @todo Attention: Change this as fast as released to latest
|
|
webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin
|
|
administrator_username: "{{administrator_username}}"
|
|
ldap_enabled: True # Should have the same value as applications.ldap.openldap.network.local.
|
|
oauth2_proxy:
|
|
enabled: true # Activate the OAuth2 Proxy for the LDAP Webinterface
|
|
application: lam # Needs to be the same as webinterface
|
|
port: 80 # If you use phpldapadmin set it to 8080
|
|
# administrator_password: # CHANGE for security reasons in inventory file
|
|
# administrator_database_password: # CHANGE for security reasons in inventory file
|
|
|
|
## Listmonk
|
|
listmonk:
|
|
administrator_username: "{{administrator_username}}" # Listmonk administrator account username
|
|
public_api_activated: False # Security hole. Can be used for spaming
|
|
version: "latest" # Docker Image version
|
|
setup: false # Set true in inventory file to execute the setup and initializing procedures
|
|
|
|
mailu:
|
|
oidc:
|
|
enabled: true # Activate OIDC for Mailu
|
|
domain: "{{primary_domain}}" # The main domain from which mails will be send \ email suffix behind @
|
|
# I don't know why the database deactivation is necessary
|
|
enable_central_database: False # Deactivate central database for mailu
|
|
# secret_key: # Needs to be set in inventory file
|
|
# database_password: # Needs to be set in inventory file
|
|
# api_token: # Needs to be set in inventory file
|
|
|
|
## MariaDB
|
|
mariadb:
|
|
version: "latest"
|
|
|
|
## Matomo
|
|
matomo:
|
|
version: "latest"
|
|
oauth2_proxy:
|
|
enabled: false # Deactivated atm. @todo implement
|
|
# database_password: Null # Needs to be set in inventory file
|
|
# auth_token: Null # Needs to be set in inventory file
|
|
css:
|
|
enabled: false # The css isn't optimized yet for Matomo
|
|
|
|
## Mastodon
|
|
mastodon:
|
|
version: "latest"
|
|
single_user_mode: false # Set true for initial setup
|
|
setup: false # Set true in inventory file to execute the setup and initializing procedures
|
|
oidc:
|
|
enabled: true # Activate OIDC for Mailu
|
|
#
|
|
# Check out the README.md of the docker-mastodon role to get detailled instructions about how to setup the credentials
|
|
#
|
|
# credentials:
|
|
# database_password:
|
|
# secret_key_base:
|
|
# otp_secret:
|
|
# vapid:
|
|
# private_key:
|
|
# public_key:
|
|
# active_record_encryption:
|
|
# deterministic_key:
|
|
# key_derivation_salt:
|
|
# primary_key:
|
|
|
|
## Matrix
|
|
matrix:
|
|
administrator_username: "{{administrator_username}}" # Accountname of the matrix admin
|
|
playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start
|
|
role: "compose" # Role to setup Matrix. Valid values: ansible, compose
|
|
server_name: "{{primary_domain}}" # Adress for the account names etc.
|
|
synapse:
|
|
version: "latest"
|
|
element:
|
|
version: "latest"
|
|
setup: false # Set true in inventory file to execute the setup and initializing procedures
|
|
|
|
## Mailu
|
|
mailu:
|
|
version: "2024.06"
|
|
domain: "{{primary_domain}}"
|
|
setup: false # Set true in inventory file to execute the setup and initializing procedures
|
|
|
|
## Moodle
|
|
moodle:
|
|
site_titel: "Global Learning Academy on {{primary_domain}}"
|
|
administrator_name: "{{administrator_username}}"
|
|
administrator_email: "{{administrator_email}}"
|
|
version: "latest"
|
|
|
|
## MyBB
|
|
mybb:
|
|
version: "latest"
|
|
|
|
## Nextcloud
|
|
nextcloud:
|
|
version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
|
|
ldap_enabled: True # Enables LDAP by default, missing ansible setup tasks @todo setup
|
|
# database_password: Null # Needs to be set in inventory file
|
|
oidc:
|
|
enabled: true # Activate OIDC for Nextcloud
|
|
|
|
## OAuth2 Proxy
|
|
oauth2_proxy:
|
|
configuration_file: "oauth2-proxy-keycloak.cfg" # Needs to be set true in the roles which use it
|
|
version: "latest" # Docker Image version
|
|
redirect_url: "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
|
|
allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups
|
|
cookie_secret: "{{ applications.oauth2_proxy.cookie_secret if applications.oauth2_proxy is defined else '' }}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16
|
|
|
|
## Open Project
|
|
openproject:
|
|
version: "13" # Update when available. Sadly no rolling release implemented
|
|
oauth2_proxy:
|
|
enabled: true # OpenProject doesn't support OIDC, so this procy in combination with LDAP is needed
|
|
application: "proxy"
|
|
port: "80"
|
|
ldap_enabled: True # Enables LDAP by default
|
|
|
|
## Peertube
|
|
peertube:
|
|
version: "bookworm"
|
|
|
|
## PHPMyAdmin
|
|
phpmyadmin:
|
|
version: "latest"
|
|
autologin: false # This is a high security risk. Just activate this option if you know what you're doing
|
|
oauth2_proxy:
|
|
enabled: true
|
|
port: "80"
|
|
application: "application"
|
|
|
|
## Pixelfed
|
|
pixelfed:
|
|
titel: "Pictures on {{primary_domain}}"
|
|
version: "latest"
|
|
|
|
## Postgres
|
|
# Please set an version in your inventory file - Rolling release for postgres isn't recommended
|
|
postgres:
|
|
database.version: "latest"
|
|
|
|
# Snipe-IT
|
|
snipe_it:
|
|
version: "latest"
|
|
|
|
## Taiga
|
|
taiga:
|
|
version: "latest"
|
|
|
|
## YOURLS
|
|
yourls:
|
|
administrator_username: "{{administrator_username}}"
|
|
version: "latest"
|
|
oauth2_proxy:
|
|
enabled: true
|
|
application: "application"
|
|
port: "80"
|
|
location: "/admin/" # Protects the admin area
|
|
|
|
|
|
wordpress:
|
|
# Deactivate Global theming for wordpress role
|
|
# due to the reason that wordpress has to much different themes
|
|
# and one styling for all is not possible.
|
|
#
|
|
# May a solution could be to generate a template or css file dedicated
|
|
# for wordpress based on the theming values and import it.
|
|
css:
|
|
enabled: false |