mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-10-10 02:38:10 +02:00
Kevin Veen-Birkenbach
ca52dcda43
- Add CPU, memory and PID limits to all services in config/main.yml to prevent OOM - Replace old LDAP admin bootstrap with new 02_admin.yml using OPENPROJECT_ADMINISTRATOR_* vars - Standardize variable names (uppercase convention) - Fix HTTPS/HSTS port check (443 instead of 433) - Allow docker_restart_policy override in base.yml.j2 - Cleanup redundant LDAP admin runner in 01_ldap.yml See: https://chatgpt.com/share/68d40c6e-ab9c-800f-a4a0-d9338d8c1b32
66 lines
3.2 KiB
YAML
66 lines
3.2 KiB
YAML
# General
|
|
application_id: "web-app-openproject"
|
|
|
|
# Database
|
|
database_type: "postgres"
|
|
|
|
# Docker
|
|
docker_repository_branch: "stable/{{ OPENPROJECT_VERSION }}"
|
|
docker_repository_address: "https://github.com/opf/openproject-deploy"
|
|
docker_pull_git_repository: true
|
|
docker_compose_flush_handlers: false
|
|
|
|
# Open Project Specific
|
|
OPENPROJECT_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.web.version') }}"
|
|
OPENPROJECT_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.web.image') }}"
|
|
OPENPROJECT_VOLUME: "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
|
|
OPENPROJECT_WEB_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.web.name') }}"
|
|
OPENPROJECT_SEEDER_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.seeder.name') }}"
|
|
OPENPROJECT_CRON_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.cron.name') }}"
|
|
OPENPROJECT_PROXY_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.proxy.name') }}"
|
|
OPENPROJECT_WORKER_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.worker.name') }}"
|
|
|
|
## Admin
|
|
OPENPROJECT_ADMINISTRATOR_USERNAME: "{{ users.administrator.username }}"
|
|
OPENPROJECT_ADMINISTRATOR_PASSWORD: "{{ users.administrator.password }}"
|
|
OPENPROJECT_ADMINISTRATOR_EMAIL: "{{ users.administrator.email }}"
|
|
|
|
# Open Project Cache
|
|
OPENPROJECT_CACHE_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.cache.name') }}"
|
|
OPENPROJECT_CACHE_IMAGE: "{{ applications
|
|
| get_app_conf(application_id, 'docker.services.cache.image')
|
|
or applications
|
|
| get_app_conf('svc-db-memcached', 'docker.services.memcached.image')
|
|
}}"
|
|
|
|
OPENPROJECT_CACHE_VERSION: "{{ applications
|
|
| get_app_conf(application_id, 'docker.services.cache.version')
|
|
or applications
|
|
| get_app_conf('svc-db-memcached', 'docker.services.memcached.version')
|
|
}}"
|
|
|
|
|
|
OPENPROJECT_PLUGINS_FOLDER: "{{ docker_compose.directories.volumes }}plugins/"
|
|
|
|
OPENPROJECT_CUSTOM_IMAGE: "custom_openproject"
|
|
|
|
# The following volume doesn't have a practcical function. It just exist to prevent the creation of unnecessary anonymous volumes
|
|
OPENPROJECT_DUMMY_VOLUME: "{{ docker_compose.directories.volumes }}dummy_volume"
|
|
|
|
OPENPROJECT_RAILS_SETTINGS:
|
|
email_delivery_method: "smtp"
|
|
smtp_address: "{{ SYSTEM_EMAIL.HOST }}"
|
|
smtp_domain: "{{ SYSTEM_EMAIL.DOMAIN }}"
|
|
smtp_user_name: "{{ users['no-reply'].email }}"
|
|
smtp_password: "{{ users['no-reply'].mailu_token }}"
|
|
smtp_ssl: false
|
|
|
|
## LDAP
|
|
OPENPROJECT_LDAP_ENABLED: "{{ applications | get_app_conf(application_id, 'features.ldap') }}"
|
|
OPENPROJECT_LDAP_FILTERS:
|
|
# The administrator filter just works in the Enterprise edition
|
|
ADMINISTRATORS: "{{ '(memberOf=cn=openproject-admins,' ~ LDAP.DN.OU.ROLES ~ ')'
|
|
if applications | get_app_conf(application_id, 'ldap.filters.administrators') else '' }}"
|
|
USERS: "{{ '(memberOf=cn=openproject-users,' ~ LDAP.DN.OU.ROLES ~ ')'
|
|
if applications | get_app_conf(application_id, 'ldap.filters.users') else '' }}"
|