mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-12-08 10:26:35 +00:00
Kevin Veen-Birkenbach
716ebef33b
This commit updates multiple roles to ensure compatibility with Ansible 2.20. Several include paths and task-loading mechanisms required adjustments, as Ansible 2.20 applies stricter evaluation rules for complex Jinja expressions and no longer resolves certain relative include paths the way Ansible 2.18 did. Key changes: - Replaced legacy once_finalize.yml and once_flag.yml with the new structure under tasks/utils/once/finalize.yml and tasks/utils/once/flag.yml. - Updated all include_tasks statements to use 'path_join' with playbook_dir, ensuring deterministic and absolute file resolution across roles. - Fixed all network helper includes by converting direct relative paths such as 'roles/docker-compose/tasks/utils/network.yml' to proper Jinja-evaluated paths. - Normalized MATOMO_* variable names for consistency with the updated variable scope behavior in Ansible 2.20. - Removed deprecated patterns that were implicitly supported in Ansible 2.18 but break under the more strict variable and path resolution model in 2.20. These changes are part of the full migration step required to ensure the infinito-nexus roles remain stable, deterministic, and forward-compatible with Ansible 2.20. Details of the discussion and reasoning can be found in this conversation: https://chatgpt.com/share/69300a8d-24d4-800f-bec0-e895a695618a
167 lines
5.1 KiB
Django/Jinja
167 lines
5.1 KiB
Django/Jinja
# --------------------------------------------
|
|
# REQUIRED: BASIC APP SETTINGS
|
|
# --------------------------------------------
|
|
APP_ENV={{ ENVIRONMENT | lower }}
|
|
APP_DEBUG={{MODE_DEBUG | string | lower }}
|
|
APP_KEY={{ applications | get_app_conf(application_id, 'credentials.app_key', True)}}
|
|
APP_URL={{ SNIPE_IT_URL }}
|
|
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones - TZ identifier
|
|
APP_TIMEZONE='{{ HOST_TIMEZONE }}'
|
|
APP_LOCALE={{ HOST_LL }}
|
|
MAX_RESULTS=500
|
|
|
|
# --------------------------------------------
|
|
# REQUIRED: UPLOADED FILE STORAGE SETTINGS
|
|
# --------------------------------------------
|
|
PRIVATE_FILESYSTEM_DISK=local
|
|
PUBLIC_FILESYSTEM_DISK=local_public
|
|
|
|
# --------------------------------------------
|
|
# REQUIRED: DATABASE SETTINGS
|
|
# --------------------------------------------
|
|
DB_CONNECTION=mysql
|
|
DB_HOST={{ database_host }}
|
|
DB_PORT={{ database_port }}
|
|
DB_DATABASE={{ database_name }}
|
|
DB_USERNAME={{ database_username }}
|
|
DB_PASSWORD={{ database_password }}
|
|
|
|
{% if not applications | get_app_conf(application_id, 'features.central_database', False)%}
|
|
MYSQL_ROOT_PASSWORD={{ database_password }}
|
|
DB_PREFIX=null
|
|
DB_DUMP_PATH='/usr/bin'
|
|
DB_CHARSET=utf8mb4
|
|
DB_COLLATION=utf8mb4_unicode_ci
|
|
{% endif %}
|
|
# --------------------------------------------
|
|
# OPTIONAL: SSL DATABASE SETTINGS
|
|
# --------------------------------------------
|
|
DB_SSL=false
|
|
DB_SSL_IS_PAAS=false
|
|
DB_SSL_KEY_PATH=null
|
|
DB_SSL_CERT_PATH=null
|
|
DB_SSL_CA_PATH=null
|
|
DB_SSL_CIPHER=null
|
|
DB_SSL_VERIFY_SERVER=null
|
|
|
|
# --------------------------------------------
|
|
# REQUIRED: OUTGOING MAIL SERVER SETTINGS
|
|
# --------------------------------------------
|
|
MAIL_MAILER = smtp
|
|
MAIL_HOST = {{ SYSTEM_EMAIL.HOST }}
|
|
MAIL_PORT = {{ SYSTEM_EMAIL.PORT }}
|
|
MAIL_USERNAME = {{ users['no-reply'].email }}
|
|
MAIL_PASSWORD = {{ users['no-reply'].mailu_token }}
|
|
MAIL_TLS_VERIFY_PEER = {{ SYSTEM_EMAIL.TLS | capitalize }}
|
|
MAIL_FROM_ADDR = {{ users['no-reply'].email }}
|
|
MAIL_FROM_NAME = {{ service_provider.company.titel }} - Snipe-IT
|
|
MAIL_REPLYTO_ADDR = {{ users['no-reply'].email }}
|
|
MAIL_REPLYTO_NAME = {{ service_provider.company.titel }} - Snipe-IT
|
|
MAIL_AUTO_EMBED_METHOD = 'attachment'
|
|
|
|
# --------------------------------------------
|
|
# REQUIRED: DATA PROTECTION
|
|
# --------------------------------------------
|
|
ALLOW_BACKUP_DELETE=false
|
|
ALLOW_DATA_PURGE=false
|
|
|
|
# --------------------------------------------
|
|
# REQUIRED: IMAGE LIBRARY
|
|
# This should be gd or imagick
|
|
# --------------------------------------------
|
|
IMAGE_LIB=gd
|
|
|
|
# --------------------------------------------
|
|
# OPTIONAL: BACKUP SETTINGS
|
|
# --------------------------------------------
|
|
MAIL_BACKUP_NOTIFICATION_DRIVER=null
|
|
MAIL_BACKUP_NOTIFICATION_ADDRESS=null
|
|
BACKUP_ENV=true
|
|
|
|
# --------------------------------------------
|
|
# OPTIONAL: SESSION SETTINGS
|
|
# --------------------------------------------
|
|
SESSION_LIFETIME=12000
|
|
EXPIRE_ON_CLOSE=false
|
|
ENCRYPT=false
|
|
COOKIE_NAME=snipeit_session
|
|
COOKIE_DOMAIN=null
|
|
SECURE_COOKIES=true
|
|
API_TOKEN_EXPIRATION_YEARS=40
|
|
|
|
# --------------------------------------------
|
|
# OPTIONAL: SECURITY HEADER SETTINGS
|
|
# --------------------------------------------
|
|
APP_TRUSTED_PROXIES=**
|
|
ALLOW_IFRAMING=false
|
|
REFERRER_POLICY=same-origin
|
|
ENABLE_CSP=false
|
|
CORS_ALLOWED_ORIGINS=null
|
|
ENABLE_HSTS=true # Certificates managed by nginx
|
|
|
|
# --------------------------------------------
|
|
# OPTIONAL: CACHE SETTINGS
|
|
# --------------------------------------------
|
|
CACHE_DRIVER=file
|
|
SESSION_DRIVER=file
|
|
QUEUE_DRIVER=sync
|
|
CACHE_PREFIX=snipeit
|
|
|
|
# --------------------------------------------
|
|
# OPTIONAL: REDIS SETTINGS
|
|
# --------------------------------------------
|
|
REDIS_HOST=redis
|
|
REDIS_PASSWORD=null
|
|
REDIS_PORT=6379
|
|
|
|
# --------------------------------------------
|
|
# OPTIONAL: MEMCACHED SETTINGS
|
|
# --------------------------------------------
|
|
MEMCACHED_HOST=null
|
|
MEMCACHED_PORT=null
|
|
|
|
# --------------------------------------------
|
|
# OPTIONAL: PUBLIC S3 Settings
|
|
# --------------------------------------------
|
|
PUBLIC_AWS_SECRET_ACCESS_KEY=null
|
|
PUBLIC_AWS_ACCESS_KEY_ID=null
|
|
PUBLIC_AWS_DEFAULT_REGION=null
|
|
PUBLIC_AWS_BUCKET=null
|
|
PUBLIC_AWS_URL=null
|
|
PUBLIC_AWS_BUCKET_ROOT=null
|
|
|
|
# --------------------------------------------
|
|
# OPTIONAL: PRIVATE S3 Settings
|
|
# --------------------------------------------
|
|
PRIVATE_AWS_ACCESS_KEY_ID=null
|
|
PRIVATE_AWS_SECRET_ACCESS_KEY=null
|
|
PRIVATE_AWS_DEFAULT_REGION=null
|
|
PRIVATE_AWS_BUCKET=null
|
|
PRIVATE_AWS_URL=null
|
|
PRIVATE_AWS_BUCKET_ROOT=null
|
|
|
|
# --------------------------------------------
|
|
# OPTIONAL: AWS Settings
|
|
# --------------------------------------------
|
|
AWS_ACCESS_KEY_ID=null
|
|
AWS_SECRET_ACCESS_KEY=null
|
|
AWS_DEFAULT_REGION=null
|
|
|
|
# --------------------------------------------
|
|
# OPTIONAL: LOGIN THROTTLING
|
|
# --------------------------------------------
|
|
LOGIN_MAX_ATTEMPTS=5
|
|
LOGIN_LOCKOUT_DURATION=60
|
|
RESET_PASSWORD_LINK_EXPIRES=900
|
|
|
|
# --------------------------------------------
|
|
# OPTIONAL: MISC
|
|
# --------------------------------------------
|
|
LOG_CHANNEL=stderr
|
|
LOG_MAX_DAYS=10
|
|
APP_LOCKED=false
|
|
APP_CIPHER=AES-256-CBC
|
|
APP_FORCE_TLS=true
|
|
GOOGLE_MAPS_API=
|
|
LDAP_MEM_LIM=500M
|
|
LDAP_TIME_LIM=600 |