kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-02-22 20:39:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
computer-playbook/group_vars/all/07_applications.yml

326 lines
14 KiB
YAML
Raw Blame History

# Docker Applications
## Docker Role Specific Parameters
docker_restart_policy: "unless-stopped"
##############################################
## Applications Configuration
##############################################
# Keep in mind, that this configuration should in general just apply to the roles which set the applications up.
# If other applications depend on this variables, propably it makes sense to define it in e.g. IMA or other variable files.
defaults_applications:
## Akaunting
akaunting:
version: "latest"
company_name: "{{primary_domain}}"
company_email: "{{administrator_email}}"
setup_admin_email: "{{administrator_email}}"
database:
central_storage: True
## Attendize
attendize:
version: "latest"
database:
central_storage: True
## Baserow
baserow:
version: "latest"
database:
central_storage: True
## Big Blue Button
bigbluebutton:
enable_greenlight: "true"
setup: false # Set to true in inventory file for initial setup
oidc:
enabled: true # Activate OIDC
database:
central_storage: True
## Bluesky
bluesky:
administrator_email: "{{administrator_email}}"
pds:
version: "latest"
#jwt_secret: # Needs to be defined in inventory file - Use: openssl rand -base64 64 | tr -d '\n'
#plc_rotation_key_k256_private_key_hex: # Needs to be defined in inventory file - Use: openssl rand -hex 32
#admin_password: # Needs to be defined in inventory file - Use: openssl rand -base64 16
database:
central_storage: True
## Discourse:
discourse:
network: "discourse_default" # Name of the docker network
container: "discourse_application" # Name of the container application
repository: "discourse_repository" # Name of the repository folder
# database_password: # Needs to be defined in inventory file
oidc:
enabled: true # Activate OIDC
database:
central_storage: True
## Friendica
friendica:
version: "latest"
oidc:
enabled: true # Activate OIDC. Plugin is not working yet
database:
central_storage: True
## Funkwhale
funkwhale:
version: "1.4.0"
ldap_enabled: True # Enables LDAP by default
database:
central_storage: True
## Gitea
gitea:
version: "latest"
database:
central_storage: True
## Gitlab
gitlab:
version: "latest"
database:
central_storage: True
## Joomla
joomla:
version: "latest"
## Keycloak
keycloak:
version: "latest"
administrator_username: "{{administrator_username}}" # Administrator Username for Keycloak
ldap_enabled: True # Enables LDAP by default
database:
central_storage: True
# database_password: # Needs to be defined in inventory file
# administrator_password: # Needs to be defined in inventory file
## LDAP
ldap:
lam:
version: "latest"
administrator_password: "{{administrator_initial_password}}" # CHANGE for security reasons
openldap:
version: "latest"
network:
local: True # Activates local network to allow other docker containers to connect
public: False # Set to true in inventory file if you want to expose the LDAP port to the internet
hostname: "openldap" # Hostname of the LDAP Server in the central_ldap network
phpldapadmin:
version: "2.0.0-dev" # @todo Attention: Change this as fast as released to latest
webinterface: "lam" # The webinterface which should be used. Possible: lam and phpldapadmin
administrator_username: "{{administrator_username}}"
ldap_enabled: True # Should have the same value as applications.ldap.openldap.network.local.
force_import: false # Forces the import of the LDIF files when set to true
oauth2_proxy:
enabled: true # Activate the OAuth2 Proxy for the LDAP Webinterface
application: lam # Needs to be the same as webinterface
port: 80 # If you use phpldapadmin set it to 8080
database:
central_storage: false # LDAP doesn't use an database in the current configuration. Propably a good idea to implement one later.
# administrator_password: # CHANGE for security reasons in inventory file
# administrator_database_password: # CHANGE for security reasons in inventory file
## Listmonk
listmonk:
administrator_username: "{{administrator_username}}" # Listmonk administrator account username
public_api_activated: False # Security hole. Can be used for spaming
version: "latest" # Docker Image version
setup: false # Set true in inventory file to execute the setup and initializing procedures
database:
central_storage: True
mailu:
version: "2024.06" # Docker Image Version
setup: false # Set true in inventory file to execute the setup and initializing procedures
oidc:
enabled: true # Activate OIDC for Mailu
domain: "{{primary_domain}}" # The main domain from which mails will be send \ email suffix behind @
# I don't know why the database deactivation is necessary
database:
central_storage: False # Deactivate central database for mailu
credentials:
# secret_key: # Set to a randomly generated 16 bytes string
# database_password: # Needs to be set in inventory file
# api_token: # Configures the authentication token. The minimum length is 3 characters. This is a mandatory setting for using the RESTful API.
# initial_administrator_password: # Initial administrator password for setup
## MariaDB
mariadb:
version: "latest"
## Matomo
matomo:
version: "latest"
oauth2_proxy:
enabled: false # Deactivated atm. @todo implement
# database_password: Null # Needs to be set in inventory file
# auth_token: Null # Needs to be set in inventory file
css:
enabled: false # The css isn't optimized yet for Matomo
database:
central_storage: True
## Mastodon
mastodon:
version: "latest"
single_user_mode: false # Set true for initial setup
setup: false # Set true in inventory file to execute the setup and initializing procedures
database:
central_storage: True
oidc:
enabled: true # Activate OIDC for Mastodon
credentials:
# Check out the README.md of the docker-mastodon role to get detailled instructions about how to setup the credentials
# database_password:
# secret_key_base:
# otp_secret:
# vapid:
# private_key:
# public_key:
# active_record_encryption:
# deterministic_key:
# key_derivation_salt:
# primary_key:
## Matrix
matrix:
administrator_username: "{{administrator_username}}" # Accountname of the matrix admin
playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start
role: "compose" # Role to setup Matrix. Valid values: ansible, compose
server_name: "{{primary_domain}}" # Adress for the account names etc.
synapse:
version: "latest"
element:
version: "latest"
setup: false # Set true in inventory file to execute the setup and initializing procedures
database:
central_storage: True
## Moodle
moodle:
site_titel: "Global Learning Academy on {{primary_domain}}"
administrator_name: "{{administrator_username}}"
administrator_email: "{{administrator_email}}"
version: "latest"
database:
central_storage: True
## MyBB
mybb:
version: "latest"
database:
central_storage: True
## Nextcloud
nextcloud:
version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
ldap_enabled: True # Enables LDAP by default, missing ansible setup tasks @todo setup
oidc:
enabled: true # Activate OIDC for Nextcloud
force_import: False # Forces the import of the LDIF files
database:
central_storage: True
credentials:
# database_password: Null # Needs to be set in inventory file
administrator_username: "{{administrator_username}}"
administrator_initial_password: "{{administrator_initial_password}}"
## OAuth2 Proxy
oauth2_proxy:
configuration_file: "oauth2-proxy-keycloak.cfg" # Needs to be set true in the roles which use it
version: "latest" # Docker Image version
redirect_url: "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups
cookie_secret: "{{ applications.oauth2_proxy.cookie_secret if applications.oauth2_proxy is defined else '' }}" # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16
## Open Project
openproject:
version: "13" # Update when available. Sadly no rolling release implemented
oauth2_proxy:
enabled: true # OpenProject doesn't support OIDC, so this procy in combination with LDAP is needed
application: "proxy"
port: "80"
ldap_enabled: True # Enables LDAP by default
database:
central_storage: True
## Peertube
peertube:
version: "bookworm"
database:
central_storage: True
## PHPMyAdmin
phpmyadmin:
version: "latest"
autologin: false # This is a high security risk. Just activate this option if you know what you're doing
oauth2_proxy:
enabled: true
port: "80"
application: "application"
database:
central_storage: True
## Pixelfed
pixelfed:
titel: "Pictures on {{primary_domain}}"
version: "latest"
database:
central_storage: True
## Postgres
# Please set an version in your inventory file - Rolling release for postgres isn't recommended
postgres:
database.version: "latest"
portfolio:
database:
central_storage: False # Portfolio doesn't use any database
# Snipe-IT
snipe_it:
version: "latest"
database:
central_storage: True
## Taiga
taiga:
version: "latest"
database:
central_storage: True
## YOURLS
yourls:
administrator_username: "{{administrator_username}}"
version: "latest"
oauth2_proxy:
enabled: true
application: "application"
port: "80"
location: "/admin/" # Protects the admin area
database:
central_storage: True
wordpress:
# Deactivate Global theming for wordpress role
# due to the reason that wordpress has to much different themes
# and one styling for all is not possible.
#
# May a solution could be to generate a template or css file dedicated
# for wordpress based on the theming values and import it.
css:
enabled: false
database:
central_storage: True
Reference in New Issue View Git Blame Copy Permalink