Digitalboard/digitalboard.core
5
2
Fork 0
Code Pull requests Releases Packages Activity Actions

Compare commits

base: Digitalboard:0f75e3a3d421d9b668b360c3ae8d8d2c73425a5f
Branches Tags
Digitalboard:main
Digitalboard:feature/homarr
..
compare: Digitalboard:129121f3f289494e92a0045e16cf077c99118354
Branches Tags
Digitalboard:feature/homarr
Digitalboard:main

6 commits
0f75e3a3d4 ... 129121f3f2

Author SHA1 Message Date
Tobias Wüst
129121f3f2
chore: add new boilerplate role for homarr 2026-01-22 14:21:25 +01:00
Bert-Jan Fikse
8e49b09fd6
feat(traefik): allow exposure of dashboard via domain 2026-01-22 14:01:39 +01:00
Bert-Jan Fikse
bce1daf5a6
feat: add provisioning of apps to nextcloud role 2026-01-16 15:53:36 +01:00
Bert-Jan Fikse
ea8178fcf0
feat: add ability to add extra_hosts to nextcloud docker-compose 2026-01-15 17:29:29 +01:00
Bert-Jan Fikse
d3bf520bf0
fix: remove dep to base role from traefik role 2026-01-15 17:20:50 +01:00
Bert-Jan Fikse
868e2c3860
fix: ensure unredacted secret is used for s3-keys 2026-01-15 16:51:19 +01:00
10 changed files with 77 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

2
roles/garage/tasks/provision.yml
View file

@ -75,7 +75,7 @@
- name: Get detailed key information for all keys - name: Get detailed key information for all keys
community.docker.docker_container_exec: community.docker.docker_container_exec:
container: "{{ garage_service_name }}" container: "{{ garage_service_name }}"
command: /garage key info {{ item.name }} command: /garage key info {{ item.name }} --show-secret
loop: "{{ garage_s3_keys }}" loop: "{{ garage_s3_keys }}"
register: _key_details_results register: _key_details_results
when: garage_s3_keys | length > 0 when: garage_s3_keys | length > 0

12
roles/nextcloud/defaults/main.yml
View file

@ -13,6 +13,7 @@ nextcloud_domain: "nextcloud.local.test"
nextcloud_image: "nextcloud:fpm" nextcloud_image: "nextcloud:fpm"
nextcloud_redis_image: "redis:latest" nextcloud_redis_image: "redis:latest"
nextcloud_port: 80 nextcloud_port: 80
nextcloud_extra_hosts: []
nextcloud_postgres_image: "postgres:15" nextcloud_postgres_image: "postgres:15"
nextcloud_postgres_db: nextcloud nextcloud_postgres_db: nextcloud
@ -45,4 +46,13 @@ nextcloud_admin_password: admin
nextcloud_memory_limit_mb: 1024 nextcloud_memory_limit_mb: 1024
nextcloud_upload_limit_mb: 2048 nextcloud_upload_limit_mb: 2048
nextcloud_scale_factor: 2 nextcloud_scale_factor: 2
# Non-default apps to install and enable
nextcloud_apps_to_install:
- groupfolders
- richdocuments
- spreed
- user_ldap
- user_oidc
- whiteboard

22
roles/nextcloud/tasks/plugins.yml
View file

@ -1,3 +1,25 @@
#SPDX-License-Identifier: MIT-0 #SPDX-License-Identifier: MIT-0
--- ---
# tasks file for installing Nextcloud plugins/apps # tasks file for installing Nextcloud plugins/apps
- name: Install Nextcloud apps
ansible.builtin.shell:
cmd: docker compose exec -T nextcloud php /var/www/html/occ app:install {{ item }}
chdir: "{{ nextcloud_docker_compose_dir }}"
loop: "{{ nextcloud_apps_to_install }}"
register: app_install_result
changed_when: "'installed' in app_install_result.stdout"
failed_when:
- app_install_result.rc != 0
- "'already installed' not in app_install_result.stdout"
- name: Enable Nextcloud apps
ansible.builtin.shell:
cmd: docker compose exec -T nextcloud php /var/www/html/occ app:enable {{ item }}
chdir: "{{ nextcloud_docker_compose_dir }}"
loop: "{{ nextcloud_apps_to_install }}"
register: app_enable_result
changed_when: "'enabled' in app_enable_result.stdout"
failed_when:
- app_enable_result.rc != 0
- "'already enabled' not in app_enable_result.stdout"

6
roles/nextcloud/templates/docker-compose.yml.j2
View file

@ -102,6 +102,12 @@ services:
- {{ nextcloud_docker_volume_dir }}/nextcloud/:/var/www/html - {{ nextcloud_docker_volume_dir }}/nextcloud/:/var/www/html
networks: networks:
- {{ nextcloud_backend_network }} - {{ nextcloud_backend_network }}
{% if nextcloud_extra_hosts is defined and nextcloud_extra_hosts | length > 0 %}
extra_hosts:
{% for host in nextcloud_extra_hosts %}
- "{{ host }}"
{% endfor %}
{% endif %}
{% if nextcloud_enable_collabora %} {% if nextcloud_enable_collabora %}
collabora: collabora:

1
roles/traefik/defaults/main.yml
View file

@ -41,6 +41,7 @@ selfsigned_common_name: "*.local.test"
# Dashboard # Dashboard
enable_dashboard: false enable_dashboard: false
dashboard_domain: "" # e.g., "traefik.local.test" - if set, exposes dashboard via hostname instead of port 8080
# Access log configuration # Access log configuration
enable_access_logs: true enable_access_logs: true

3
roles/traefik/meta/main.yml
View file

@ -30,5 +30,4 @@ galaxy_info:
# NOTE: A tag is limited to a single word comprised of alphanumeric characters. # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role. # Maximum 20 tags per role.
dependencies: dependencies: []
- digitalboard.core.base

16
roles/traefik/tasks/main.yml
View file

@ -37,7 +37,6 @@
path: "{{ docker_volume_dir }}/config" path: "{{ docker_volume_dir }}/config"
state: directory state: directory
mode: '0755' mode: '0755'
when: traefik_mode == 'dmz'
- name: Create letsencrypt directory - name: Create letsencrypt directory
file: file:
@ -66,6 +65,21 @@
notify: restart traefik notify: restart traefik
when: traefik_mode == 'dmz' when: traefik_mode == 'dmz'
- name: Generate dashboard routing configuration
template:
src: dashboard.yml.j2
dest: "{{ docker_volume_dir }}/config/dashboard.yml"
mode: '0644'
notify: restart traefik
when: enable_dashboard | bool and dashboard_domain | length > 0
- name: Remove dashboard routing configuration when not needed
file:
path: "{{ docker_volume_dir }}/config/dashboard.yml"
state: absent
notify: restart traefik
when: not (enable_dashboard | bool) or dashboard_domain | length == 0
- name: Create docker-compose file for traefik - name: Create docker-compose file for traefik
template: template:
src: docker-compose.yml.j2 src: docker-compose.yml.j2

16
roles/traefik/templates/dashboard.yml.j2 Normal file
View file

@ -0,0 +1,16 @@
{% set dashboard_ssl = use_ssl_dashboard | default(use_ssl) %}
http:
routers:
dashboard:
rule: "Host(`{{ dashboard_domain }}`)"
service: api@internal
entryPoints:
- {{ 'websecure' if dashboard_ssl else 'web' }}
{% if dashboard_ssl %}
tls:
{% if cert_mode == 'acme' %}
certResolver: {{ ssl_cert_resolver }}
{% else %}
{}
{% endif %}
{% endif %}

6
roles/traefik/templates/docker-compose.yml.j2
View file

@ -16,17 +16,15 @@ services:
ports: ports:
- "80:80" - "80:80"
- "443:443" - "443:443"
{% if enable_dashboard %} {% if enable_dashboard and not dashboard_domain %}
- "8080:8080" - "8080:8080"
{% endif %} {% endif %}
volumes: volumes:
- {{ docker_volume_dir }}/traefik.yml:/traefik.yml:ro - {{ docker_volume_dir }}/traefik.yml:/traefik.yml:ro
- {{ docker_volume_dir }}/config:/config:ro
{% if cert_mode == 'acme' %} {% if cert_mode == 'acme' %}
- {{ docker_volume_dir }}/letsencrypt:/letsencrypt - {{ docker_volume_dir }}/letsencrypt:/letsencrypt
{% endif %} {% endif %}
{% if traefik_mode == 'dmz' %}
- {{ docker_volume_dir }}/config:/config:ro
{% endif %}
{% if traefik_mode == 'backend' %} {% if traefik_mode == 'backend' %}
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro
{% endif %} {% endif %}

4
roles/traefik/templates/traefik.yml.j2
View file

@ -4,8 +4,10 @@ log:
{% if enable_dashboard %} {% if enable_dashboard %}
api: api:
dashboard: true dashboard: true
{% if not dashboard_domain %}
insecure: true insecure: true
{% endif %} {% endif %}
{% endif %}
{% if enable_access_logs %} {% if enable_access_logs %}
accessLog: accessLog:
@ -26,11 +28,9 @@ entryPoints:
address: ":443" address: ":443"
providers: providers:
{% if traefik_mode == 'dmz' %}
file: file:
directory: /config directory: /config
watch: true watch: true
{% endif %}
{% if traefik_mode == 'backend' %} {% if traefik_mode == 'backend' %}
docker: docker:
endpoint: "unix:///var/run/docker.sock" endpoint: "unix:///var/run/docker.sock"