diff --git a/roles/389ds/defaults/main.yml b/roles/389ds/defaults/main.yml deleted file mode 100644 index 82890ad..0000000 --- a/roles/389ds/defaults/main.yml +++ /dev/null @@ -1,32 +0,0 @@ -#SPDX-License-Identifier: MIT-0 ---- -# defaults file for 389ds - -# Base directory configuration (inherited from base role or defined here) -docker_compose_base_dir: /etc/docker/compose -docker_volume_base_dir: /srv/data - -# 389ds-specific configuration -ds389_service_name: 389ds -ds389_docker_compose_dir: "{{ docker_compose_base_dir }}/{{ ds389_service_name }}" -ds389_docker_volume_dir: "{{ docker_volume_base_dir }}/{{ ds389_service_name }}" - -# 389ds service configuration -ds389_image: "docker.io/389ds/dirsrv:3.1" -ds389_suffix: "dc=example,dc=com" -ds389_root_dn: "cn=Directory Manager" -ds389_root_password: "changeme" - -# Instance configuration -ds389_instance_name: "localhost" -ds389_hostname: "{{ ds389_service_name }}" - -# Network configuration -ds389_backend_network: "backend" -ds389_ldap_port: 3389 -ds389_ldaps_port: 3636 - -# Base OUs to create after container starts -ds389_base_ous: - - users - - groups \ No newline at end of file diff --git a/roles/389ds/handlers/main.yml b/roles/389ds/handlers/main.yml deleted file mode 100644 index 9201934..0000000 --- a/roles/389ds/handlers/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -#SPDX-License-Identifier: MIT-0 ---- -# handlers file for 389ds diff --git a/roles/389ds/meta/main.yml b/roles/389ds/meta/main.yml deleted file mode 100644 index 6f91fd3..0000000 --- a/roles/389ds/meta/main.yml +++ /dev/null @@ -1,35 +0,0 @@ -#SPDX-License-Identifier: MIT-0 -galaxy_info: - author: your name - description: your role description - company: your company (optional) - - # If the issue tracker for your role is not on github, uncomment the - # next line and provide a value - # issue_tracker_url: http://example.com/issue/tracker - - # Choose a valid license ID from https://spdx.org - some suggested licenses: - # - BSD-3-Clause (default) - # - MIT - # - GPL-2.0-or-later - # - GPL-3.0-only - # - Apache-2.0 - # - CC-BY-4.0 - license: license (GPL-2.0-or-later, MIT, etc) - - min_ansible_version: 2.2 - - # If this a Container Enabled role, provide the minimum Ansible Container version. - # min_ansible_container_version: - - galaxy_tags: [] - # List tags for your role here, one per line. A tag is a keyword that describes - # and categorizes the role. Users find roles by searching for tags. Be sure to - # remove the '[]' above, if you add tags to this list. - # - # NOTE: A tag is limited to a single word comprised of alphanumeric characters. - # Maximum 20 tags per role. - -dependencies: [] - # List your role dependencies here, one per line. Be sure to remove the '[]' above, - # if you add dependencies to this list. diff --git a/roles/389ds/tasks/main.yml b/roles/389ds/tasks/main.yml deleted file mode 100644 index 117f12b..0000000 --- a/roles/389ds/tasks/main.yml +++ /dev/null @@ -1,76 +0,0 @@ -#SPDX-License-Identifier: MIT-0 ---- -# tasks file for 389ds - -- name: Create docker compose directory - file: - path: "{{ ds389_docker_compose_dir }}" - state: directory - mode: '0755' - -- name: Create 389ds data directory - file: - path: "{{ ds389_docker_volume_dir }}/data" - state: directory - mode: '0755' - -- name: Create 389ds config directory - file: - path: "{{ ds389_docker_volume_dir }}/config" - state: directory - mode: '0755' - -- name: Create docker-compose file for 389ds - template: - src: docker-compose.yml.j2 - dest: "{{ ds389_docker_compose_dir }}/docker-compose.yml" - mode: '0644' - -- name: Start 389ds container - community.docker.docker_compose_v2: - project_src: "{{ ds389_docker_compose_dir }}" - state: present - -- name: Wait for LDAP to be ready - shell: > - docker compose -f {{ ds389_docker_compose_dir }}/docker-compose.yml - exec -T {{ ds389_service_name }} ldapsearch -H ldap://localhost:3389 -x - -D "{{ ds389_root_dn }}" -w "{{ ds389_root_password }}" - -b "" -s base "(objectClass=*)" - register: ds389_ldap_ready - retries: 30 - delay: 2 - until: ds389_ldap_ready.rc == 0 - changed_when: false - no_log: true - -- name: Ensure backend and suffix exist - shell: > - docker compose -f {{ ds389_docker_compose_dir }}/docker-compose.yml - exec -T {{ ds389_service_name }} dsconf localhost backend create - --suffix "{{ ds389_suffix }}" --be-name userroot --create-suffix - register: ds389_backend_result - failed_when: - - ds389_backend_result.rc != 0 - - "'already exists' not in ds389_backend_result.stderr" - - "'suffix exists' not in ds389_backend_result.stderr" - changed_when: ds389_backend_result.rc == 0 - -- name: Template base OUs LDIF - template: - src: base-ous.ldif.j2 - dest: "{{ ds389_docker_volume_dir }}/data/base-ous.ldif" - mode: '0644' - -- name: Apply base OUs LDIF - shell: > - docker compose -f {{ ds389_docker_compose_dir }}/docker-compose.yml - exec -T {{ ds389_service_name }} ldapadd -H ldap://localhost:3389 -x - -D "{{ ds389_root_dn }}" -w "{{ ds389_root_password }}" - -f /data/base-ous.ldif - register: ds389_ldapadd_result - failed_when: - - ds389_ldapadd_result.rc != 0 - - "'Already exists' not in ds389_ldapadd_result.stderr" - changed_when: "'Already exists' not in ds389_ldapadd_result.stderr" - no_log: true \ No newline at end of file diff --git a/roles/389ds/templates/base-ous.ldif.j2 b/roles/389ds/templates/base-ous.ldif.j2 deleted file mode 100644 index 8cccaa9..0000000 --- a/roles/389ds/templates/base-ous.ldif.j2 +++ /dev/null @@ -1,7 +0,0 @@ -{% for ou in ds389_base_ous %} -dn: ou={{ ou }},{{ ds389_suffix }} -changetype: add -objectClass: organizationalUnit -ou: {{ ou }} - -{% endfor %} diff --git a/roles/389ds/templates/docker-compose.yml.j2 b/roles/389ds/templates/docker-compose.yml.j2 deleted file mode 100644 index 7e0c7c0..0000000 --- a/roles/389ds/templates/docker-compose.yml.j2 +++ /dev/null @@ -1,19 +0,0 @@ -services: - {{ ds389_service_name }}: - image: {{ ds389_image }} - hostname: {{ ds389_hostname }} - restart: unless-stopped - environment: - DS_SUFFIX_NAME: {{ ds389_suffix }} - DS_DM_PASSWORD: {{ ds389_root_password }} - ports: - - "{{ ds389_ldap_port }}:3389" - - "{{ ds389_ldaps_port }}:3636" - volumes: - - {{ ds389_docker_volume_dir }}/data:/data - - {{ ds389_docker_volume_dir }}/config:/etc/dirsrv/slapd-{{ ds389_instance_name }} - networks: - - {{ ds389_backend_network }} - -networks: - {{ ds389_backend_network }}: diff --git a/roles/collabora/README.md b/roles/collabora/README.md deleted file mode 100644 index 225dd44..0000000 --- a/roles/collabora/README.md +++ /dev/null @@ -1,38 +0,0 @@ -Role Name -========= - -A brief description of the role goes here. - -Requirements ------------- - -Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. - -Role Variables --------------- - -A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. - -Dependencies ------------- - -A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. - -Example Playbook ----------------- - -Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: - - - hosts: servers - roles: - - { role: username.rolename, x: 42 } - -License -------- - -BSD - -Author Information ------------------- - -An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/collabora/defaults/main.yml b/roles/collabora/defaults/main.yml deleted file mode 100644 index 3cfb559..0000000 --- a/roles/collabora/defaults/main.yml +++ /dev/null @@ -1,35 +0,0 @@ -#SPDX-License-Identifier: MIT-0 ---- -# defaults file for collabora - -# Base directory configuration (inherited from base role or defined here) -docker_compose_base_dir: /etc/docker/compose -docker_volume_base_dir: /srv/data - -# Collabora-specific configuration -collabora_service_name: collabora -collabora_docker_compose_dir: "{{ docker_compose_base_dir }}/{{ collabora_service_name }}" -collabora_docker_volume_dir: "{{ docker_volume_base_dir }}/{{ collabora_service_name }}" - -# Service configuration -collabora_domain: "office.local.test" -collabora_image: "collabora/code:latest" -collabora_port: 9980 -collabora_extra_hosts: [] - -# Traefik configuration -collabora_traefik_network: "proxy" -collabora_use_ssl: true - -# SSL verification for WOPI callbacks (set to false for self-signed certs) -collabora_ssl_verification: true - -# Allowed WOPI host domains (Nextcloud, OpenCloud WOPI server, etc.) -# These domains are allowed to send WOPI requests to Collabora. -# Each entry is used as a regex pattern (dots are auto-escaped). -collabora_allowed_domains: - - "nextcloud.local.test" - -# Domains allowed to embed Collabora in an iframe (Nextcloud, OpenCloud, etc.) -collabora_frame_ancestors: - - "nextcloud.local.test" \ No newline at end of file diff --git a/roles/collabora/handlers/main.yml b/roles/collabora/handlers/main.yml deleted file mode 100644 index bfd2b02..0000000 --- a/roles/collabora/handlers/main.yml +++ /dev/null @@ -1,8 +0,0 @@ -#SPDX-License-Identifier: MIT-0 ---- -# handlers file for collabora - -- name: restart collabora - community.docker.docker_compose_v2: - project_src: "{{ collabora_docker_compose_dir }}" - state: restarted \ No newline at end of file diff --git a/roles/collabora/meta/main.yml b/roles/collabora/meta/main.yml deleted file mode 100644 index 6f91fd3..0000000 --- a/roles/collabora/meta/main.yml +++ /dev/null @@ -1,35 +0,0 @@ -#SPDX-License-Identifier: MIT-0 -galaxy_info: - author: your name - description: your role description - company: your company (optional) - - # If the issue tracker for your role is not on github, uncomment the - # next line and provide a value - # issue_tracker_url: http://example.com/issue/tracker - - # Choose a valid license ID from https://spdx.org - some suggested licenses: - # - BSD-3-Clause (default) - # - MIT - # - GPL-2.0-or-later - # - GPL-3.0-only - # - Apache-2.0 - # - CC-BY-4.0 - license: license (GPL-2.0-or-later, MIT, etc) - - min_ansible_version: 2.2 - - # If this a Container Enabled role, provide the minimum Ansible Container version. - # min_ansible_container_version: - - galaxy_tags: [] - # List tags for your role here, one per line. A tag is a keyword that describes - # and categorizes the role. Users find roles by searching for tags. Be sure to - # remove the '[]' above, if you add tags to this list. - # - # NOTE: A tag is limited to a single word comprised of alphanumeric characters. - # Maximum 20 tags per role. - -dependencies: [] - # List your role dependencies here, one per line. Be sure to remove the '[]' above, - # if you add dependencies to this list. diff --git a/roles/collabora/tasks/main.yml b/roles/collabora/tasks/main.yml deleted file mode 100644 index b6146c7..0000000 --- a/roles/collabora/tasks/main.yml +++ /dev/null @@ -1,34 +0,0 @@ -#SPDX-License-Identifier: MIT-0 ---- -# tasks file for collabora - -- name: Create docker compose directory - file: - path: "{{ collabora_docker_compose_dir }}" - state: directory - mode: '0755' - -- name: Create collabora volume directory - file: - path: "{{ collabora_docker_volume_dir }}" - state: directory - mode: '0755' - -- name: Create coolwsd configuration - template: - src: coolwsd.xml.j2 - dest: "{{ collabora_docker_volume_dir }}/coolwsd.xml" - mode: '0644' - notify: restart collabora - -- name: Create docker-compose file for collabora - template: - src: docker-compose.yml.j2 - dest: "{{ collabora_docker_compose_dir }}/docker-compose.yml" - mode: '0644' - notify: restart collabora - -- name: Start collabora container - community.docker.docker_compose_v2: - project_src: "{{ collabora_docker_compose_dir }}" - state: present \ No newline at end of file diff --git a/roles/collabora/templates/coolwsd.xml.j2 b/roles/collabora/templates/coolwsd.xml.j2 deleted file mode 100644 index df5dd50..0000000 --- a/roles/collabora/templates/coolwsd.xml.j2 +++ /dev/null @@ -1,340 +0,0 @@ - - - - - - false - - - de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru - - - false - - - - true - - - - - false - - - - - - - true - - - - false - true - - - 4 - 10 - true - - - 4 - 5 - 5 - 120 - false - 96 - 3600 - 30 - 300 - true - true - false - 0 - 8000 - 0 - 0 - 100 - 5 - 100 - 500 - 5000 - - 10000 - 60 - 300 - 3072 - 85 - 120 - - - - - 300 - 900 - - 6 - - - - - - true - warning - trace - Socket,WebSocket,Admin,Pixel - notice - fatal - false - -INFO-WARN - - /var/log/coolwsd.log - never - timestamp - true - 10 days - 10 - true - false - - - false - 82589933 - - false - false - false - - - true - - - true - true - - /var/log/coolwsd-ui-cmd.log - 10 - true - false - - - - - /var/log/coolwsd.trace.json - - - false - - - - - - - - false - - - - - all - any - - - 192\.168\.[0-9]{1,3}\.[0-9]{1,3} - ::ffff:192\.168\.[0-9]{1,3}\.[0-9]{1,3} - 127\.0\.0\.1 - ::ffff:127\.0\.0\.1 - ::1 - 172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3} - ::ffff:172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3} - 172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3} - ::ffff:172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3} - 172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3} - ::ffff:172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3} - 10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} - ::ffff:10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} - - - 192\.168\.[0-9]{1,3}\.[0-9]{1,3} - ::ffff:192\.168\.[0-9]{1,3}\.[0-9]{1,3} - 127\.0\.0\.1 - ::ffff:127\.0\.0\.1 - ::1 - 172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3} - ::ffff:172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3} - 172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3} - ::ffff:172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3} - 172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3} - ::ffff:172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3} - 10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} - ::ffff:10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} - localhost - - - {{ collabora_frame_ancestors | map('regex_replace', '^(.*)$', 'https://\\1') | join(' ') }} - 30 - false - - - - true - false - /etc/coolwsd/cert.pem - /etc/coolwsd/key.pem - /etc/coolwsd/ca-chain.cert.pem - false - - - 1000 - - - - - false - 31536000 - - - - - true - true - 1800 - false - 1 - false - false - false - - - - - - - - 0.2 - - - - - default - true - true - - - - - - 0 - - 900 - - - -{% for domain in collabora_allowed_domains %} - - https://{{ domain }}:443 - -{% endfor %} - - - false - - - true - - - - - - - - - - true - false - - - - true - true - true - true - - - - - - - 250 - 5 - - 3000 - - - - - 1000 - - - - false - false - false - false - false - false - - - - 3600 - - - - - - - false - - - - - - - log - - - - - 180 - - false - - - - - - - - false - - - - true - - - https://help.collaboraoffice.com/help.html? - - - false - - - - false - false - - - - true - - - \ No newline at end of file diff --git a/roles/collabora/templates/docker-compose.yml.j2 b/roles/collabora/templates/docker-compose.yml.j2 deleted file mode 100644 index c0f589e..0000000 --- a/roles/collabora/templates/docker-compose.yml.j2 +++ /dev/null @@ -1,34 +0,0 @@ -services: - collabora: - image: {{ collabora_image }} - container_name: {{ collabora_service_name }} - restart: unless-stopped - environment: - extra_params: "--o:ssl.enable=false --o:ssl.termination=true --o:ssl.ssl_verification={{ collabora_ssl_verification | string | lower }}" - volumes: - - {{ collabora_docker_volume_dir }}/coolwsd.xml:/etc/coolwsd/coolwsd.xml:ro - cap_add: - - MKNOD - networks: - - {{ collabora_traefik_network }} -{% if collabora_extra_hosts is defined and collabora_extra_hosts | length > 0 %} - extra_hosts: -{% for host in collabora_extra_hosts %} - - "{{ host }}" -{% endfor %} -{% endif %} - labels: - - traefik.enable=true - - traefik.docker.network={{ collabora_traefik_network }} - - traefik.http.routers.{{ collabora_service_name }}.rule=Host(`{{ collabora_domain }}`) - - traefik.http.services.{{ collabora_service_name }}.loadbalancer.server.port={{ collabora_port }} -{% if collabora_use_ssl %} - - traefik.http.routers.{{ collabora_service_name }}.entrypoints=websecure - - traefik.http.routers.{{ collabora_service_name }}.tls=true -{% else %} - - traefik.http.routers.{{ collabora_service_name }}.entrypoints=web -{% endif %} - -networks: - {{ collabora_traefik_network }}: - external: true \ No newline at end of file diff --git a/roles/collabora/tests/inventory b/roles/collabora/tests/inventory deleted file mode 100644 index 03ca42f..0000000 --- a/roles/collabora/tests/inventory +++ /dev/null @@ -1,3 +0,0 @@ -#SPDX-License-Identifier: MIT-0 -localhost - diff --git a/roles/collabora/tests/test.yml b/roles/collabora/tests/test.yml deleted file mode 100644 index 80a6a59..0000000 --- a/roles/collabora/tests/test.yml +++ /dev/null @@ -1,6 +0,0 @@ -#SPDX-License-Identifier: MIT-0 ---- -- hosts: localhost - remote_user: root - roles: - - collabora diff --git a/roles/drawio/README.md b/roles/drawio/README.md deleted file mode 100644 index 225dd44..0000000 --- a/roles/drawio/README.md +++ /dev/null @@ -1,38 +0,0 @@ -Role Name -========= - -A brief description of the role goes here. - -Requirements ------------- - -Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. - -Role Variables --------------- - -A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. - -Dependencies ------------- - -A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. - -Example Playbook ----------------- - -Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: - - - hosts: servers - roles: - - { role: username.rolename, x: 42 } - -License -------- - -BSD - -Author Information ------------------- - -An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/drawio/defaults/main.yml b/roles/drawio/defaults/main.yml deleted file mode 100644 index 7b67976..0000000 --- a/roles/drawio/defaults/main.yml +++ /dev/null @@ -1,20 +0,0 @@ -#SPDX-License-Identifier: MIT-0 ---- -# defaults file for drawio - -# Base directory configuration (inherited from base role or defined here) -docker_compose_base_dir: /etc/docker/compose - -# Drawio-specific configuration -drawio_service_name: drawio -drawio_docker_compose_dir: "{{ docker_compose_base_dir }}/{{ drawio_service_name }}" - -# Service configuration -drawio_domain: "drawio.local.test" -drawio_image: "jgraph/drawio:latest" -drawio_port: 8080 -drawio_extra_hosts: [] - -# Traefik configuration -drawio_traefik_network: "proxy" -drawio_use_ssl: true \ No newline at end of file diff --git a/roles/drawio/handlers/main.yml b/roles/drawio/handlers/main.yml deleted file mode 100644 index f1ef0da..0000000 --- a/roles/drawio/handlers/main.yml +++ /dev/null @@ -1,8 +0,0 @@ -#SPDX-License-Identifier: MIT-0 ---- -# handlers file for drawio - -- name: restart drawio - community.docker.docker_compose_v2: - project_src: "{{ drawio_docker_compose_dir }}" - state: restarted \ No newline at end of file diff --git a/roles/drawio/tasks/main.yml b/roles/drawio/tasks/main.yml deleted file mode 100644 index 67bd50d..0000000 --- a/roles/drawio/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -#SPDX-License-Identifier: MIT-0 ---- -# tasks file for drawio - -- name: Create docker compose directory - file: - path: "{{ drawio_docker_compose_dir }}" - state: directory - mode: '0755' - -- name: Create docker-compose file for drawio - template: - src: docker-compose.yml.j2 - dest: "{{ drawio_docker_compose_dir }}/docker-compose.yml" - mode: '0644' - notify: restart drawio - -- name: Start drawio container - community.docker.docker_compose_v2: - project_src: "{{ drawio_docker_compose_dir }}" - state: present \ No newline at end of file diff --git a/roles/drawio/templates/docker-compose.yml.j2 b/roles/drawio/templates/docker-compose.yml.j2 deleted file mode 100644 index b6b9ef5..0000000 --- a/roles/drawio/templates/docker-compose.yml.j2 +++ /dev/null @@ -1,28 +0,0 @@ -services: - drawio: - image: {{ drawio_image }} - container_name: {{ drawio_service_name }} - restart: unless-stopped - networks: - - {{ drawio_traefik_network }} -{% if drawio_extra_hosts is defined and drawio_extra_hosts | length > 0 %} - extra_hosts: -{% for host in drawio_extra_hosts %} - - "{{ host }}" -{% endfor %} -{% endif %} - labels: - - traefik.enable=true - - traefik.docker.network={{ drawio_traefik_network }} - - traefik.http.routers.{{ drawio_service_name }}.rule=Host(`{{ drawio_domain }}`) - - traefik.http.services.{{ drawio_service_name }}.loadbalancer.server.port={{ drawio_port }} -{% if drawio_use_ssl %} - - traefik.http.routers.{{ drawio_service_name }}.entrypoints=websecure - - traefik.http.routers.{{ drawio_service_name }}.tls=true -{% else %} - - traefik.http.routers.{{ drawio_service_name }}.entrypoints=web -{% endif %} - -networks: - {{ drawio_traefik_network }}: - external: true \ No newline at end of file diff --git a/roles/drawio/tests/inventory b/roles/drawio/tests/inventory deleted file mode 100644 index 03ca42f..0000000 --- a/roles/drawio/tests/inventory +++ /dev/null @@ -1,3 +0,0 @@ -#SPDX-License-Identifier: MIT-0 -localhost - diff --git a/roles/drawio/tests/test.yml b/roles/drawio/tests/test.yml deleted file mode 100644 index b542b76..0000000 --- a/roles/drawio/tests/test.yml +++ /dev/null @@ -1,6 +0,0 @@ -#SPDX-License-Identifier: MIT-0 ---- -- hosts: localhost - remote_user: root - roles: - - drawio diff --git a/roles/drawio/vars/main.yml b/roles/drawio/vars/main.yml deleted file mode 100644 index 245172f..0000000 --- a/roles/drawio/vars/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -#SPDX-License-Identifier: MIT-0 ---- -# vars file for drawio diff --git a/roles/389ds/README.md b/roles/homarr/README.md similarity index 96% rename from roles/389ds/README.md rename to roles/homarr/README.md index 225dd44..da76bcd 100644 --- a/roles/389ds/README.md +++ b/roles/homarr/README.md @@ -35,4 +35,4 @@ BSD Author Information ------------------ -An optional section for the role authors to include contact information, or a website (HTML is not allowed). +An optional section for the role authors to include contact information, or a website (HTML is not allowed). \ No newline at end of file diff --git a/roles/homarr/defaults/main.yml b/roles/homarr/defaults/main.yml new file mode 100644 index 0000000..c5dccef --- /dev/null +++ b/roles/homarr/defaults/main.yml @@ -0,0 +1,23 @@ +#SPDX-License-Identifier: MIT-0 +--- +# defaults file for homarr + +# Base directory configuration (inherited from base role or defined here) +docker_compose_base_dir: /etc/docker/compose +docker_volume_base_dir: /srv/data + +# homarr-specific configuration +homarr_service_name: homarr +homarr_docker_compose_dir: "{{ docker_compose_base_dir }}/{{ homarr_service_name }}" +homarr_docker_volume_dir: "{{ docker_volume_base_dir }}/{{ homarr_service_name }}" + +# Service configuration +homarr_domain: "homarr.local.test" +homarr_image: "ghcr.io/homarr-labs/homarr:latest" +homarr_secret_encription_key: "CHANGE_ME" +homarr_port: 7575 +homarr_use_docker: false + +# Traefik configuration +homarr_traefik_network: "proxy" +homarr_use_ssl: true \ No newline at end of file diff --git a/roles/collabora/vars/main.yml b/roles/homarr/handlers/main.yml similarity index 58% rename from roles/collabora/vars/main.yml rename to roles/homarr/handlers/main.yml index 5787a3b..56f5283 100644 --- a/roles/collabora/vars/main.yml +++ b/roles/homarr/handlers/main.yml @@ -1,3 +1,3 @@ #SPDX-License-Identifier: MIT-0 --- -# vars file for collabora +# handlers file for homarr \ No newline at end of file diff --git a/roles/drawio/meta/main.yml b/roles/homarr/meta/main.yml similarity index 96% rename from roles/drawio/meta/main.yml rename to roles/homarr/meta/main.yml index 6f91fd3..faea947 100644 --- a/roles/drawio/meta/main.yml +++ b/roles/homarr/meta/main.yml @@ -32,4 +32,4 @@ galaxy_info: dependencies: [] # List your role dependencies here, one per line. Be sure to remove the '[]' above, - # if you add dependencies to this list. + # if you add dependencies to this list. \ No newline at end of file diff --git a/roles/homarr/tasks/main.yml b/roles/homarr/tasks/main.yml new file mode 100644 index 0000000..17c3bf5 --- /dev/null +++ b/roles/homarr/tasks/main.yml @@ -0,0 +1,19 @@ +#SPDX-License-Identifier: MIT-0 +--- +# tasks file for homarr +- name: Create docker compose directory + file: + path: "{{ homarr_docker_compose_dir }}" + state: directory + mode: '0755' + +- name: Create docker-compose file for homarr + template: + src: docker-compose.yml.j2 + dest: "{{ homarr_docker_compose_dir }}/docker-compose.yml" + mode: '0644' + +- name: Start homarr containers + community.docker.docker_compose_v2: + project_src: "{{ homarr_docker_compose_dir }}" + state: present \ No newline at end of file diff --git a/roles/homarr/templates/docker-compose.yml.j2 b/roles/homarr/templates/docker-compose.yml.j2 new file mode 100644 index 0000000..7992c7c --- /dev/null +++ b/roles/homarr/templates/docker-compose.yml.j2 @@ -0,0 +1,31 @@ +#---------------------------------------------------------------------# +# Homarr - A simple, yet powerful dashboard for your server. # +#---------------------------------------------------------------------# +services: + homarr: + container_name: {{ homarr_service_name }} + image: {{ homarr_image }} + restart: unless-stopped + volumes: +{% if homarr_use_docker %} + - /var/run/docker.sock:/var/run/docker.sock # Optional, only if you want docker integration +{% endif %} + - {{ homarr_docker_volume_dir }}/homarr/appdata:/appdata + environment: + - SECRET_ENCRYPTION_KEY={{ homarr_secret_encryption_key }} + networks: + - {{ homarr_traefik_network }} + labels: + - traefik.enable=true + - traefik.docker.network={{ homarr_traefik_network }} + - traefik.http.routers.{{ homarr_service_name }}.rule=Host(`{{ homarr_domain }}`) +{% if homarr_use_ssl %} + - traefik.http.routers.{{ homarr_service_name }}.entrypoints=websecure + - traefik.http.routers.{{ homarr_service_name }}.tls=true +{% else %} + - traefik.http.routers.{{ homarr_service_name }}.entrypoints=web +{% endif %} + - traefik.http.services.{{ homarr_service_name }}.loadbalancer.server.port={{ homarr_port }} +networks: + {{ homarr_traefik_network }}: + external: true \ No newline at end of file diff --git a/roles/389ds/tests/inventory b/roles/homarr/tests/inventory similarity index 97% rename from roles/389ds/tests/inventory rename to roles/homarr/tests/inventory index 03ca42f..712db59 100644 --- a/roles/389ds/tests/inventory +++ b/roles/homarr/tests/inventory @@ -1,3 +1,2 @@ #SPDX-License-Identifier: MIT-0 localhost - diff --git a/roles/389ds/tests/test.yml b/roles/homarr/tests/test.yml similarity index 87% rename from roles/389ds/tests/test.yml rename to roles/homarr/tests/test.yml index d7b9ef6..88ecfc1 100644 --- a/roles/389ds/tests/test.yml +++ b/roles/homarr/tests/test.yml @@ -3,4 +3,4 @@ - hosts: localhost remote_user: root roles: - - 389ds + - homarr \ No newline at end of file diff --git a/roles/389ds/vars/main.yml b/roles/homarr/vars/main.yml similarity index 62% rename from roles/389ds/vars/main.yml rename to roles/homarr/vars/main.yml index 02d1889..984df2b 100644 --- a/roles/389ds/vars/main.yml +++ b/roles/homarr/vars/main.yml @@ -1,3 +1,3 @@ #SPDX-License-Identifier: MIT-0 --- -# vars file for 389ds +# vars file for homarr \ No newline at end of file diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml index df29e65..66d0a72 100644 --- a/roles/keycloak/defaults/main.yml +++ b/roles/keycloak/defaults/main.yml @@ -33,97 +33,3 @@ keycloak_use_ssl: true keycloak_log_level: "INFO" keycloak_proxy_mode: "edge" keycloak_gzip_enabled: false # Disable GZIP encoding to avoid MIME type issues - -# Extra CA certificates to trust (host paths to PEM files) -keycloak_truststore_certificates: [] -# - /srv/data/389ds/data/ssca/ca.crt - -# Extra /etc/hosts entries for the Keycloak container -keycloak_extra_hosts: [] -# - "ldap:192.168.56.11" - -# Provisioning configuration -keycloak_provisioning_enabled: false - -# Realm configuration -keycloak_realm: "default" -keycloak_realm_display_name: "Default Realm" - -# Auth URL for API access (used by provisioning tasks) -keycloak_auth_url: "{{ 'https' if keycloak_use_ssl else 'http' }}://{{ keycloak_domain }}" - -# Groups to provision -keycloak_groups: [] -# - name: admins -# - name: users - -# Local users to provision -keycloak_local_users: [] -# - username: admin -# first_name: "Admin" -# last_name: "User" -# email: "admin@example.com" -# password: "changeme" -# groups: -# - name: admins - -# OIDC clients to provision -keycloak_oidc_clients: [] -# - client_id: nextcloud -# name: "Nextcloud" -# client_secret: "changeme" -# redirect_uris: -# - "https://nextcloud.example.com/apps/user_oidc/code" -# default_client_scopes: -# - openid -# - email -# - profile - -# Identity providers (e.g., Entra ID, Google) -keycloak_identity_providers: [] -# - alias: entra-id -# display_name: "Login with Microsoft" -# provider_id: oidc -# config: -# clientId: "{{ entra_client_id }}" -# clientSecret: "{{ entra_client_secret }}" -# authorizationUrl: "https://login.microsoftonline.com/common/oauth2/v2.0/authorize" -# tokenUrl: "https://login.microsoftonline.com/common/oauth2/v2.0/token" -# defaultScope: "openid profile email" - -# Resources to remove from Keycloak (cleanup) -# Add names/aliases here when removing from the lists above -keycloak_removed_users: [] -# - olduser - -keycloak_removed_groups: [] -# - oldgroup - -keycloak_removed_clients: [] -# - old-client - -keycloak_removed_identity_providers: [] -# - old-idp - -# LDAP user federations -keycloak_user_federations: [] -# - name: ldap-389ds -# provider_id: ldap -# config: -# editMode: WRITABLE -# syncRegistrations: "true" -# importEnabled: "true" -# vendor: rhds -# connectionUrl: "ldaps://ldap.example.com:636" -# usersDn: "ou=users,dc=example,dc=com" -# bindDn: "cn=Directory Manager" -# bindCredential: "changeme" -# usernameLDAPAttribute: uid -# rdnLDAPAttribute: uid -# uuidLDAPAttribute: nsuniqueid -# userObjectClasses: "inetOrgPerson, organizationalPerson" -# authType: simple -# useTruststoreSpi: never - -keycloak_removed_user_federations: [] -# - old-federation diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml index 33374a5..05db2ef 100644 --- a/roles/keycloak/tasks/main.yml +++ b/roles/keycloak/tasks/main.yml @@ -13,8 +13,6 @@ path: "{{ keycloak_docker_volume_dir }}/data" state: directory mode: '0755' - owner: "1000" - group: "1000" - name: Create postgres data directory file: @@ -32,25 +30,3 @@ community.docker.docker_compose_v2: project_src: "{{ keycloak_docker_compose_dir }}" state: present - -- name: Wait for Keycloak health endpoint - uri: - url: "{{ keycloak_auth_url }}/health/ready" - method: GET - status_code: 200 - validate_certs: false - register: keycloak_health - until: keycloak_health.status == 200 - retries: 30 - delay: 10 - delegate_to: localhost - become: false - when: keycloak_provisioning_enabled | bool - -- name: Run Keycloak provisioning - ansible.builtin.include_tasks: provisioning.yml - args: - apply: - become: false - delegate_to: localhost - when: keycloak_provisioning_enabled | bool diff --git a/roles/keycloak/tasks/provisioning.yml b/roles/keycloak/tasks/provisioning.yml deleted file mode 100644 index f1d915a..0000000 --- a/roles/keycloak/tasks/provisioning.yml +++ /dev/null @@ -1,190 +0,0 @@ -#SPDX-License-Identifier: MIT-0 ---- -# Keycloak provisioning tasks -# Create realm (if not master) -- name: Create Keycloak realm - community.general.keycloak_realm: - auth_keycloak_url: "{{ keycloak_auth_url }}" - auth_realm: master - auth_username: "{{ keycloak_admin_user }}" - auth_password: "{{ keycloak_admin_password }}" - realm: "{{ keycloak_realm }}" - display_name: "{{ keycloak_realm_display_name }}" - enabled: true - state: present - validate_certs: false - no_log: true - when: keycloak_realm != "master" - -# Cleanup: Remove deleted identity providers -- name: Remove deleted identity providers - community.general.keycloak_identity_provider: - auth_keycloak_url: "{{ keycloak_auth_url }}" - auth_realm: master - auth_username: "{{ keycloak_admin_user }}" - auth_password: "{{ keycloak_admin_password }}" - realm: "{{ keycloak_realm }}" - alias: "{{ item }}" - state: absent - validate_certs: false - loop: "{{ keycloak_removed_identity_providers }}" - no_log: true - -# Cleanup: Remove deleted user federations -- name: Remove deleted user federations - community.general.keycloak_user_federation: - auth_keycloak_url: "{{ keycloak_auth_url }}" - auth_realm: master - auth_username: "{{ keycloak_admin_user }}" - auth_password: "{{ keycloak_admin_password }}" - realm: "{{ keycloak_realm }}" - name: "{{ item }}" - state: absent - validate_certs: false - loop: "{{ keycloak_removed_user_federations }}" - no_log: true - -# Cleanup: Remove deleted clients -- name: Remove deleted clients - community.general.keycloak_client: - auth_keycloak_url: "{{ keycloak_auth_url }}" - auth_realm: master - auth_username: "{{ keycloak_admin_user }}" - auth_password: "{{ keycloak_admin_password }}" - realm: "{{ keycloak_realm }}" - client_id: "{{ item }}" - state: absent - validate_certs: false - loop: "{{ keycloak_removed_clients }}" - no_log: true - -# Cleanup: Remove deleted users -- name: Remove deleted users - community.general.keycloak_user: - auth_keycloak_url: "{{ keycloak_auth_url }}" - auth_realm: master - auth_username: "{{ keycloak_admin_user }}" - auth_password: "{{ keycloak_admin_password }}" - realm: "{{ keycloak_realm }}" - username: "{{ item }}" - state: absent - validate_certs: false - loop: "{{ keycloak_removed_users }}" - no_log: true - -# Cleanup: Remove deleted groups -- name: Remove deleted groups - community.general.keycloak_group: - auth_keycloak_url: "{{ keycloak_auth_url }}" - auth_realm: master - auth_username: "{{ keycloak_admin_user }}" - auth_password: "{{ keycloak_admin_password }}" - realm: "{{ keycloak_realm }}" - name: "{{ item }}" - state: absent - validate_certs: false - loop: "{{ keycloak_removed_groups }}" - no_log: true - -# Create groups -- name: Create groups - community.general.keycloak_group: - auth_keycloak_url: "{{ keycloak_auth_url }}" - auth_realm: master - auth_username: "{{ keycloak_admin_user }}" - auth_password: "{{ keycloak_admin_password }}" - realm: "{{ keycloak_realm }}" - name: "{{ item.name }}" - state: present - validate_certs: false - loop: "{{ keycloak_groups }}" - no_log: true - -# Create user federations (LDAP) -- name: Create user federations - community.general.keycloak_user_federation: - auth_keycloak_url: "{{ keycloak_auth_url }}" - auth_realm: master - auth_username: "{{ keycloak_admin_user }}" - auth_password: "{{ keycloak_admin_password }}" - realm: "{{ keycloak_realm }}" - name: "{{ item.name }}" - provider_id: "{{ item.provider_id }}" - provider_type: org.keycloak.storage.UserStorageProvider - config: "{{ item.config }}" - mappers: "{{ item.mappers | default(omit) }}" - bind_credential_update_mode: only_indirect - state: present - validate_certs: false - loop: "{{ keycloak_user_federations }}" - no_log: true - -# Create local users -- name: Create local users - community.general.keycloak_user: - auth_keycloak_url: "{{ keycloak_auth_url }}" - auth_realm: master - auth_username: "{{ keycloak_admin_user }}" - auth_password: "{{ keycloak_admin_password }}" - realm: "{{ keycloak_realm }}" - username: "{{ item.username }}" - first_name: "{{ item.first_name | default(omit) }}" - last_name: "{{ item.last_name | default(omit) }}" - email: "{{ item.email | default(omit) }}" - enabled: "{{ item.enabled | default(true) }}" - email_verified: "{{ item.email_verified | default(true) }}" - credentials: - - type: password - value: "{{ item.password }}" - temporary: false - groups: "{{ item.groups | default([]) }}" - state: present - validate_certs: false - loop: "{{ keycloak_local_users }}" - no_log: true - -# Create OIDC clients -- name: Create OIDC clients - community.general.keycloak_client: - auth_keycloak_url: "{{ keycloak_auth_url }}" - auth_realm: master - auth_username: "{{ keycloak_admin_user }}" - auth_password: "{{ keycloak_admin_password }}" - realm: "{{ keycloak_realm }}" - client_id: "{{ item.client_id }}" - name: "{{ item.name | default(item.client_id) }}" - enabled: true - client_authenticator_type: client-secret - secret: "{{ item.client_secret }}" - redirect_uris: "{{ item.redirect_uris | default([]) }}" - web_origins: "{{ item.web_origins | default(['+']) }}" - standard_flow_enabled: true - implicit_flow_enabled: false - direct_access_grants_enabled: "{{ item.direct_access_grants_enabled | default(false) }}" - protocol: openid-connect - default_client_scopes: "{{ item.default_client_scopes | default(['openid', 'email', 'profile']) }}" - protocol_mappers: "{{ item.protocol_mappers | default(omit) }}" - state: present - validate_certs: false - loop: "{{ keycloak_oidc_clients }}" - no_log: true - -# Create identity providers -- name: Create identity providers - community.general.keycloak_identity_provider: - auth_keycloak_url: "{{ keycloak_auth_url }}" - auth_realm: master - auth_username: "{{ keycloak_admin_user }}" - auth_password: "{{ keycloak_admin_password }}" - realm: "{{ keycloak_realm }}" - alias: "{{ item.alias }}" - display_name: "{{ item.display_name | default(item.alias) }}" - provider_id: "{{ item.provider_id }}" - enabled: "{{ item.enabled | default(true) }}" - trust_email: "{{ item.trust_email | default(true) }}" - first_broker_login_flow_alias: "{{ item.first_broker_login_flow_alias | default('first broker login') }}" - config: "{{ item.config }}" - state: present - validate_certs: false - loop: "{{ keycloak_identity_providers }}" - no_log: true \ No newline at end of file diff --git a/roles/keycloak/templates/docker-compose.yml.j2 b/roles/keycloak/templates/docker-compose.yml.j2 index e08a2c7..a91f746 100644 --- a/roles/keycloak/templates/docker-compose.yml.j2 +++ b/roles/keycloak/templates/docker-compose.yml.j2 @@ -32,26 +32,13 @@ services: KC_SPI_RESOURCE_ENCODING_GZIP_CACHE_DIR: /opt/keycloak/data/gzip-cache KC_PROXY: {{ keycloak_proxy_mode }} KC_HOSTNAME: {{ keycloak_domain }} - KC_HEALTH_ENABLED: "true" -{% if keycloak_truststore_certificates | length > 0 %} - KC_TRUSTSTORE_PATHS: "{{ keycloak_truststore_certificates | map('regex_replace', '^.*/(.*)$', '/opt/keycloak/certs/\\1') | join(',') }}" -{% endif %} depends_on: - postgres volumes: - {{ keycloak_docker_volume_dir }}/data:/opt/keycloak/data -{% for cert in keycloak_truststore_certificates %} - - {{ cert }}:/opt/keycloak/certs/{{ cert | basename }}:ro -{% endfor %} networks: - {{ keycloak_backend_network }} - {{ keycloak_traefik_network }} -{% if keycloak_extra_hosts | length > 0 %} - extra_hosts: -{% for host in keycloak_extra_hosts %} - - "{{ host }}" -{% endfor %} -{% endif %} tmpfs: - /opt/keycloak/data/tmp:size=1024m labels: diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml index 0adf71e..2e5a61e 100644 --- a/roles/nextcloud/defaults/main.yml +++ b/roles/nextcloud/defaults/main.yml @@ -14,7 +14,6 @@ nextcloud_image: "nextcloud:fpm" nextcloud_redis_image: "redis:latest" nextcloud_port: 80 nextcloud_extra_hosts: [] -nextcloud_allow_local_remote_servers: false # Set to true to allow requests to local network (dev only) nextcloud_postgres_image: "postgres:15" nextcloud_postgres_db: nextcloud @@ -27,14 +26,10 @@ nextcloud_use_ssl: true nextcloud_enable_collabora: true nextcloud_collabora_domain: "office.local.test" +nextcloud_collabora_service_name: collabora +nextcloud_collabora_image: collabora/code:latest nextcloud_collabora_disable_cert_verification: false -# Draw.io integration (set nextcloud_drawio_url to enable) -nextcloud_enable_drawio: false -nextcloud_drawio_url: "" -nextcloud_drawio_theme: "kennedy" -nextcloud_drawio_offline: "yes" - nextcloud_use_s3_storage: false nextcloud_s3_key: changeme nextcloud_s3_secret: changeme @@ -53,12 +48,6 @@ nextcloud_upload_limit_mb: 2048 nextcloud_scale_factor: 2 -# Trusted proxies (Docker internal networks) -nextcloud_trusted_proxies: "172.16.0.0/12" - -# File locking and real-time push notifications -nextcloud_enable_notify_push: false - # Non-default apps to install and enable nextcloud_apps_to_install: - groupfolders @@ -66,55 +55,4 @@ nextcloud_apps_to_install: - spreed - user_ldap - user_oidc - - whiteboard - - files_lock - - notify_push - -# OIDC provider configuration -nextcloud_oidc_allow_selfsigned: false # Set to true to disable SSL verification for OIDC providers (dev only) -nextcloud_oidc_providers: [] -# - identifier: keycloak -# display_name: "Login with Keycloak" -# client_id: "nextcloud" -# client_secret: "changeme" -# discovery_url: "https://keycloak.example.com/realms/default/.well-known/openid-configuration" -# scope: "openid email profile" -# unique_uid: true -# check_bearer: false -# send_id_token_hint: true -# mapping: -# uid: preferred_username -# display_name: name -# email: email -# groups: groups - -# OIDC providers to remove -nextcloud_oidc_providers_removed: [] -# - old-provider - -# LDAP configuration -nextcloud_ldap_enabled: false -nextcloud_ldap_config: {} -# Example for 389ds with Keycloak user federation: -# ldapHost: "ldaps://389ds" -# ldapPort: "3636" -# ldapAgentName: "cn=Directory Manager" -# ldapAgentPassword: "changeme" -# ldapBase: "dc=example,dc=com" -# ldapBaseUsers: "ou=users,dc=example,dc=com" -# ldapBaseGroups: "dc=example,dc=com" -# ldapTLS: "0" -# turnOffCertCheck: "0" -# ldapUserFilter: "(&(objectclass=inetOrgPerson)(uid=*))" -# ldapLoginFilter: "(&(objectclass=inetOrgPerson)(uid=%uid))" -# ldapUserDisplayName: "displayname" -# ldapEmailAttribute: "mail" -# ldapExpertUsernameAttr: "uid" -# ldapExpertUUIDUserAttr: "nsuniqueid" -# ldapBaseGroups: "ou=groups,dc=example,dc=com" -# ldapGroupFilter: "(&(objectClass=groupOfNames))" -# ldapGroupFilterObjectclass: "groupOfNames" -# ldapGroupDisplayName: "cn" -# ldapGroupMemberAssocAttr: "member" -# ldapAdminGroup: "admins" -# ldapConfigurationActive: "1" \ No newline at end of file + - whiteboard \ No newline at end of file diff --git a/roles/nextcloud/tasks/collabora.yml b/roles/nextcloud/tasks/collabora.yml index 05c56e4..a165ffa 100644 --- a/roles/nextcloud/tasks/collabora.yml +++ b/roles/nextcloud/tasks/collabora.yml @@ -14,9 +14,4 @@ - name: Set Collabora WOPI allowlist community.docker.docker_container_exec: container: "{{ nextcloud_docker_compose_dir | basename }}-nextcloud-1" - command: php /var/www/html/occ config:app:set richdocuments wopi_allowlist --value='' - -- name: Activate richdocuments configuration (fetch discovery from Collabora) - community.docker.docker_container_exec: - container: "{{ nextcloud_docker_compose_dir | basename }}-nextcloud-1" - command: php /var/www/html/occ richdocuments:activate-config \ No newline at end of file + command: php /var/www/html/occ config:app:set richdocuments wopi_allowlist --value='' \ No newline at end of file diff --git a/roles/nextcloud/tasks/drawio.yml b/roles/nextcloud/tasks/drawio.yml deleted file mode 100644 index bd2e17e..0000000 --- a/roles/nextcloud/tasks/drawio.yml +++ /dev/null @@ -1,19 +0,0 @@ -#SPDX-License-Identifier: MIT-0 ---- -# tasks file for configuring draw.io in Nextcloud - -- name: Configure draw.io URL - community.docker.docker_container_exec: - container: "{{ nextcloud_docker_compose_dir | basename }}-nextcloud-1" - command: php /var/www/html/occ config:app:set drawio DrawioUrl --value={{ nextcloud_drawio_url }} - when: nextcloud_drawio_url | length > 0 - -- name: Configure draw.io theme - community.docker.docker_container_exec: - container: "{{ nextcloud_docker_compose_dir | basename }}-nextcloud-1" - command: php /var/www/html/occ config:app:set drawio DrawioTheme --value={{ nextcloud_drawio_theme }} - -- name: Configure draw.io offline mode - community.docker.docker_container_exec: - container: "{{ nextcloud_docker_compose_dir | basename }}-nextcloud-1" - command: php /var/www/html/occ config:app:set drawio DrawioOffline --value={{ nextcloud_drawio_offline }} \ No newline at end of file diff --git a/roles/nextcloud/tasks/ldap.yml b/roles/nextcloud/tasks/ldap.yml deleted file mode 100644 index dcb2392..0000000 --- a/roles/nextcloud/tasks/ldap.yml +++ /dev/null @@ -1,41 +0,0 @@ -#SPDX-License-Identifier: MIT-0 ---- -# LDAP configuration for Nextcloud user_ldap app - -- name: Check if LDAP configuration exists - community.docker.docker_container_exec: - container: "{{ nextcloud_service_name }}-nextcloud-1" - command: php /var/www/html/occ ldap:show-config - register: ldap_show_config - changed_when: false - -- name: Create LDAP configuration - community.docker.docker_container_exec: - container: "{{ nextcloud_service_name }}-nextcloud-1" - command: php /var/www/html/occ ldap:create-empty-config - when: "'s01' not in ldap_show_config.stdout" - -- name: Configure LDAP settings - community.docker.docker_container_exec: - container: "{{ nextcloud_service_name }}-nextcloud-1" - argv: - - php - - /var/www/html/occ - - ldap:set-config - - s01 - - "{{ item.key }}" - - "{{ item.value | string }}" - loop: "{{ nextcloud_ldap_config | dict2items }}" - loop_control: - label: "{{ item.key }}" - no_log: true - -- name: Test LDAP configuration - community.docker.docker_container_exec: - container: "{{ nextcloud_service_name }}-nextcloud-1" - command: php /var/www/html/occ ldap:test-config s01 - register: ldap_test_result - changed_when: false - failed_when: - - ldap_test_result.rc != 0 - - "'succeeded' not in (ldap_test_result.stdout | default('') | lower)" \ No newline at end of file diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index 530baf7..f15103c 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -55,33 +55,9 @@ - (nextcloud_ready.stdout | from_json).installed == true changed_when: false -- name: Deploy local network config file - ansible.builtin.template: - src: local-network.config.php.j2 - dest: "{{ nextcloud_docker_volume_dir }}/nextcloud/config/local-network.config.php" - owner: www-data - group: www-data - mode: '0640' - - name: Install nextcloud plugins ansible.builtin.include_tasks: plugins.yml - name: Configure nextcloud collabora ansible.builtin.include_tasks: collabora.yml when: nextcloud_enable_collabora - -- name: Configure nextcloud draw.io - ansible.builtin.include_tasks: drawio.yml - when: nextcloud_enable_drawio - -- name: Configure notify_push - ansible.builtin.include_tasks: notify_push.yml - when: nextcloud_enable_notify_push - -- name: Configure LDAP backend - ansible.builtin.include_tasks: ldap.yml - when: nextcloud_ldap_enabled - -- name: Configure OIDC providers - ansible.builtin.include_tasks: oidc.yml - when: nextcloud_oidc_providers | length > 0 or nextcloud_oidc_providers_removed | length > 0 diff --git a/roles/nextcloud/tasks/notify_push.yml b/roles/nextcloud/tasks/notify_push.yml deleted file mode 100644 index 18dbb8b..0000000 --- a/roles/nextcloud/tasks/notify_push.yml +++ /dev/null @@ -1,8 +0,0 @@ -#SPDX-License-Identifier: MIT-0 ---- -# tasks file for configuring notify_push in Nextcloud - -- name: Configure notify_push base endpoint - community.docker.docker_container_exec: - container: "{{ nextcloud_docker_compose_dir | basename }}-nextcloud-1" - command: php /var/www/html/occ notify_push:setup https://{{ nextcloud_domain }}/push \ No newline at end of file diff --git a/roles/nextcloud/tasks/oidc.yml b/roles/nextcloud/tasks/oidc.yml deleted file mode 100644 index 5a8d8f5..0000000 --- a/roles/nextcloud/tasks/oidc.yml +++ /dev/null @@ -1,53 +0,0 @@ -#SPDX-License-Identifier: MIT-0 ---- -# OIDC provider configuration for Nextcloud user_oidc app - -- name: Deploy OIDC config file - ansible.builtin.template: - src: oidc.config.php.j2 - dest: "{{ nextcloud_docker_volume_dir }}/nextcloud/config/oidc.config.php" - owner: www-data - group: www-data - mode: '0640' - -- name: Remove deleted OIDC providers - community.docker.docker_container_exec: - container: "{{ nextcloud_service_name }}-nextcloud-1" - command: php /var/www/html/occ user_oidc:provider:delete "{{ item }}" --force - loop: "{{ nextcloud_oidc_providers_removed }}" - register: oidc_delete_result - changed_when: "'deleted' in (oidc_delete_result.stdout | default('') | lower)" - failed_when: - - oidc_delete_result.rc != 0 - - "'not found' not in (oidc_delete_result.stderr | default('') | lower)" - - "'does not exist' not in (oidc_delete_result.stderr | default('') | lower)" - -- name: Create or update OIDC providers - vars: - _mapping: "{{ item.mapping | default({}) }}" - _base_args: - - php - - /var/www/html/occ - - user_oidc:provider - - "{{ item.identifier }}" - - "--clientid={{ item.client_id }}" - - "--clientsecret={{ item.client_secret }}" - - "--discoveryuri={{ item.discovery_url }}" - - "--unique-uid={{ '1' if item.unique_uid | default(true) else '0' }}" - - "--check-bearer={{ '1' if item.check_bearer | default(false) else '0' }}" - - "--send-id-token-hint={{ '1' if item.send_id_token_hint | default(true) else '0' }}" - _optional_args: "{{ - ((['--scope=' ~ item.scope]) if item.scope is defined else []) + - ((['--group-provisioning=1']) if item.group_provisioning | default(false) else []) + - ((['--mapping-uid=' ~ _mapping.uid]) if _mapping.uid is defined else []) + - ((['--mapping-display-name=' ~ _mapping.display_name]) if _mapping.display_name is defined else []) + - ((['--mapping-email=' ~ _mapping.email]) if _mapping.email is defined else []) + - ((['--mapping-groups=' ~ _mapping.groups]) if _mapping.groups is defined else []) - }}" - community.docker.docker_container_exec: - container: "{{ nextcloud_service_name }}-nextcloud-1" - argv: "{{ _base_args + _optional_args }}" - loop: "{{ nextcloud_oidc_providers }}" - register: oidc_create_result - changed_when: "'created' in (oidc_create_result.stdout | default('') | lower) or 'updated' in (oidc_create_result.stdout | default('') | lower)" - no_log: true \ No newline at end of file diff --git a/roles/nextcloud/templates/docker-compose.yml.j2 b/roles/nextcloud/templates/docker-compose.yml.j2 index 9a98033..b8a8a4d 100644 --- a/roles/nextcloud/templates/docker-compose.yml.j2 +++ b/roles/nextcloud/templates/docker-compose.yml.j2 @@ -61,7 +61,7 @@ services: PHP_UPLOAD_LIMIT: {{ nextcloud_upload_limit_mb }}M OVERWRITEPROTOCOL: https OVERWRITEHOST: {{ nextcloud_domain }} - TRUSTED_PROXIES: "{{ nextcloud_trusted_proxies }}" + TRUSTED_PROXIES: "172.18.0.0/16 172.16.9.88/16 172.16.17.0/24 172.16.9.88" volumes: - {{ nextcloud_docker_volume_dir }}/nextcloud/:/var/www/html networks: @@ -86,7 +86,7 @@ services: PHP_UPLOAD_LIMIT: {{ nextcloud_upload_limit_mb }}M OVERWRITEPROTOCOL: https OVERWRITEHOST: {{ nextcloud_domain }} - TRUSTED_PROXIES: "{{ nextcloud_trusted_proxies }}" + TRUSTED_PROXIES: "172.18.0.0/16 172.16.9.88/16 172.16.17.0/24 172.16.9.88" {% if nextcloud_use_s3_storage %} OBJECTSTORE_S3_KEY: {{ nextcloud_s3_key }} OBJECTSTORE_S3_SECRET: {{ nextcloud_s3_secret }} @@ -109,37 +109,32 @@ services: {% endfor %} {% endif %} -{% if nextcloud_enable_notify_push %} - notify-push: - image: icewind1991/notify_push +{% if nextcloud_enable_collabora %} + collabora: + image: {{ nextcloud_collabora_image }} restart: always - depends_on: - - redis - - db - volumes: - - {{ nextcloud_docker_volume_dir }}/nextcloud/:/var/www/html environment: - PORT: "7867" - REDIS_URL: "redis://redis:6379" - DATABASE_URL: "postgres://{{ nextcloud_postgres_user }}:{{ nextcloud_postgres_password }}@db:5432/{{ nextcloud_postgres_db }}" - DATABASE_PREFIX: "oc_" - NEXTCLOUD_URL: "http://nginx" + domain: ^{{ nextcloud_domain | replace('.', '\\.') }}$ + extra_params: >- + --o:ssl.enable=false + --o:ssl.termination=true + --o:net.frame_ancestors=https://{{ nextcloud_domain }} + cap_add: + - MKNOD networks: - - {{ nextcloud_backend_network }} - {{ nextcloud_traefik_network }} labels: - traefik.enable=true - traefik.docker.network={{ nextcloud_traefik_network }} - - traefik.http.routers.{{ nextcloud_service_name }}-push.rule=Host(`{{ nextcloud_domain }}`) && PathPrefix(`/push`) - - traefik.http.services.{{ nextcloud_service_name }}-push.loadbalancer.server.port=7867 + - traefik.http.routers.{{ nextcloud_collabora_service_name }}.rule=Host(`{{ nextcloud_collabora_domain }}`) + - traefik.http.services.{{ nextcloud_collabora_service_name }}.loadbalancer.server.port=9980 {% if nextcloud_use_ssl %} - - traefik.http.routers.{{ nextcloud_service_name }}-push.entrypoints=websecure - - traefik.http.routers.{{ nextcloud_service_name }}-push.tls=true + - traefik.http.routers.{{ nextcloud_collabora_service_name }}.entrypoints=websecure + - traefik.http.routers.{{ nextcloud_collabora_service_name }}.tls=true {% else %} - - traefik.http.routers.{{ nextcloud_service_name }}-push.entrypoints=web + - traefik.http.routers.{{ nextcloud_collabora_service_name }}.entrypoints=web {% endif %} - - traefik.http.middlewares.{{ nextcloud_service_name }}-push-https.headers.customrequestheaders.X-Forwarded-Proto=https - - traefik.http.routers.{{ nextcloud_service_name }}-push.middlewares={{ nextcloud_service_name }}-push-https + {% endif %} networks: diff --git a/roles/nextcloud/templates/local-network.config.php.j2 b/roles/nextcloud/templates/local-network.config.php.j2 deleted file mode 100644 index 49f5b06..0000000 --- a/roles/nextcloud/templates/local-network.config.php.j2 +++ /dev/null @@ -1,4 +0,0 @@ - {{ nextcloud_allow_local_remote_servers | lower }}, -); \ No newline at end of file diff --git a/roles/nextcloud/templates/oidc.config.php.j2 b/roles/nextcloud/templates/oidc.config.php.j2 deleted file mode 100644 index d09f638..0000000 --- a/roles/nextcloud/templates/oidc.config.php.j2 +++ /dev/null @@ -1,6 +0,0 @@ - array ( - 'httpclient.allowselfsigned' => {{ nextcloud_oidc_allow_selfsigned | lower }}, - ), -); diff --git a/roles/opencloud/README.md b/roles/opencloud/README.md deleted file mode 100644 index 225dd44..0000000 --- a/roles/opencloud/README.md +++ /dev/null @@ -1,38 +0,0 @@ -Role Name -========= - -A brief description of the role goes here. - -Requirements ------------- - -Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. - -Role Variables --------------- - -A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. - -Dependencies ------------- - -A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. - -Example Playbook ----------------- - -Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: - - - hosts: servers - roles: - - { role: username.rolename, x: 42 } - -License -------- - -BSD - -Author Information ------------------- - -An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/opencloud/defaults/main.yml b/roles/opencloud/defaults/main.yml deleted file mode 100644 index 137ece8..0000000 --- a/roles/opencloud/defaults/main.yml +++ /dev/null @@ -1,85 +0,0 @@ -#SPDX-License-Identifier: MIT-0 ---- -# defaults file for opencloud - -# Base directory configuration (inherited from base role or defined here) -docker_compose_base_dir: /etc/docker/compose -docker_volume_base_dir: /srv/data - -# OpenCloud-specific configuration -opencloud_service_name: opencloud -opencloud_docker_compose_dir: "{{ docker_compose_base_dir }}/{{ opencloud_service_name }}" -opencloud_docker_volume_dir: "{{ docker_volume_base_dir }}/{{ opencloud_service_name }}" - -# Service configuration -opencloud_domain: "opencloud.local.test" -opencloud_image: "opencloudeu/opencloud:latest" -opencloud_port: 9200 -opencloud_admin_password: "admin" -opencloud_log_level: "warn" -opencloud_extra_hosts: [] - -# Traefik configuration -opencloud_traefik_network: "proxy" -opencloud_use_ssl: true - -# OIDC configuration (leave empty to use built-in IDP) -opencloud_oidc_issuer: "" -opencloud_oidc_client_id: "opencloud" -opencloud_oidc_client_secret: "" -opencloud_oidc_rewrite_wellknown: true -opencloud_oidc_user_claim: "preferred_username" -opencloud_oidc_user_cs3_claim: "username" -opencloud_oidc_account_edit_url: "" -opencloud_oidc_autoprovision_accounts: true - -# S3 storage configuration (leave empty to use local storage) -opencloud_use_s3_storage: false -opencloud_s3_endpoint: "" -opencloud_s3_region: "us-east-1" -opencloud_s3_access_key: "" -opencloud_s3_secret_key: "" -opencloud_s3_bucket: "opencloud" - -# Collabora integration (set opencloud_collabora_domain to enable) -opencloud_collabora_domain: "" -opencloud_wopi_domain: "" -opencloud_collabora_insecure: true - -# LDAP configuration (set opencloud_ldap_uri to enable external LDAP) -opencloud_ldap_uri: "" -opencloud_ldap_insecure: true -opencloud_ldap_bind_dn: "" -opencloud_ldap_bind_password: "" -opencloud_ldap_user_base_dn: "" -opencloud_ldap_group_base_dn: "" -opencloud_ldap_user_schema_id: "nsuniqueid" -opencloud_ldap_user_schema_id_is_octet_string: true -opencloud_ldap_user_schema_username: "uid" -opencloud_ldap_user_schema_mail: "mail" -opencloud_ldap_user_schema_display_name: "displayName" -opencloud_ldap_group_schema_id: "nsuniqueid" -opencloud_ldap_group_schema_id_is_octet_string: true -opencloud_ldap_group_schema_groupname: "cn" -opencloud_ldap_group_schema_member: "member" -opencloud_ldap_write_enabled: false - -# Role assignment via OIDC (set opencloud_role_assignment_driver to "oidc" to enable) -opencloud_role_assignment_driver: "default" -opencloud_role_assignment_oidc_claim: "groups" -opencloud_role_mapping: [] -# Example mapping LDAP groups to OpenCloud roles: -# opencloud_role_mapping: -# - role_name: admin -# claim_value: admins -# - role_name: user -# claim_value: users - -# Draw.io integration (set opencloud_drawio_url to enable) -opencloud_drawio_url: "" -opencloud_drawio_theme: "minimal" -opencloud_drawio_extension_image: "opencloudeu/web-extensions:draw-io-latest" - -# CSP configuration (extra URLs to allow in connect-src and frame-src) -opencloud_csp_extra_connect_src: [] -opencloud_csp_extra_frame_src: [] \ No newline at end of file diff --git a/roles/opencloud/handlers/main.yml b/roles/opencloud/handlers/main.yml deleted file mode 100644 index 95b6986..0000000 --- a/roles/opencloud/handlers/main.yml +++ /dev/null @@ -1,8 +0,0 @@ -#SPDX-License-Identifier: MIT-0 ---- -# handlers file for opencloud - -- name: restart opencloud - community.docker.docker_compose_v2: - project_src: "{{ opencloud_docker_compose_dir }}" - state: restarted \ No newline at end of file diff --git a/roles/opencloud/meta/main.yml b/roles/opencloud/meta/main.yml deleted file mode 100644 index 6f91fd3..0000000 --- a/roles/opencloud/meta/main.yml +++ /dev/null @@ -1,35 +0,0 @@ -#SPDX-License-Identifier: MIT-0 -galaxy_info: - author: your name - description: your role description - company: your company (optional) - - # If the issue tracker for your role is not on github, uncomment the - # next line and provide a value - # issue_tracker_url: http://example.com/issue/tracker - - # Choose a valid license ID from https://spdx.org - some suggested licenses: - # - BSD-3-Clause (default) - # - MIT - # - GPL-2.0-or-later - # - GPL-3.0-only - # - Apache-2.0 - # - CC-BY-4.0 - license: license (GPL-2.0-or-later, MIT, etc) - - min_ansible_version: 2.2 - - # If this a Container Enabled role, provide the minimum Ansible Container version. - # min_ansible_container_version: - - galaxy_tags: [] - # List tags for your role here, one per line. A tag is a keyword that describes - # and categorizes the role. Users find roles by searching for tags. Be sure to - # remove the '[]' above, if you add tags to this list. - # - # NOTE: A tag is limited to a single word comprised of alphanumeric characters. - # Maximum 20 tags per role. - -dependencies: [] - # List your role dependencies here, one per line. Be sure to remove the '[]' above, - # if you add dependencies to this list. diff --git a/roles/opencloud/tasks/main.yml b/roles/opencloud/tasks/main.yml deleted file mode 100644 index 9de9625..0000000 --- a/roles/opencloud/tasks/main.yml +++ /dev/null @@ -1,82 +0,0 @@ -#SPDX-License-Identifier: MIT-0 ---- -# tasks file for opencloud - -- name: Create docker compose directory - file: - path: "{{ opencloud_docker_compose_dir }}" - state: directory - mode: '0755' - -- name: Create opencloud data directory - file: - path: "{{ opencloud_docker_volume_dir }}/data" - state: directory - owner: "1000" - group: "1000" - mode: '0750' - -- name: Create opencloud config directory - file: - path: "{{ opencloud_docker_volume_dir }}/config" - state: directory - owner: "1000" - group: "1000" - mode: '0750' - -- name: Create CSP override file - template: - src: csp-override.yaml.j2 - dest: "{{ opencloud_docker_volume_dir }}/config/csp-override.yaml" - owner: "1000" - group: "1000" - mode: '0644' - when: opencloud_csp_extra_connect_src | length > 0 or opencloud_csp_extra_frame_src | length > 0 - notify: restart opencloud - -- name: Create proxy role assignment config - template: - src: proxy.yaml.j2 - dest: "{{ opencloud_docker_volume_dir }}/config/proxy.yaml" - owner: "1000" - group: "1000" - mode: '0644' - when: opencloud_role_assignment_driver == "oidc" and opencloud_role_mapping | length > 0 - notify: restart opencloud - -- name: Create draw.io extension apps directory - file: - path: "{{ opencloud_docker_volume_dir }}/data/web/assets/apps/draw-io" - state: directory - owner: "1000" - group: "1000" - mode: '0755' - when: opencloud_drawio_url | length > 0 - -- name: Create draw.io extension config - copy: - content: | - { - "config": { - "url": "{{ opencloud_drawio_url }}", - "theme": "{{ opencloud_drawio_theme }}" - } - } - dest: "{{ opencloud_docker_volume_dir }}/data/web/assets/apps/draw-io/config.json" - owner: "1000" - group: "1000" - mode: '0644' - when: opencloud_drawio_url | length > 0 - notify: restart opencloud - -- name: Create docker-compose file for opencloud - template: - src: docker-compose.yml.j2 - dest: "{{ opencloud_docker_compose_dir }}/docker-compose.yml" - mode: '0644' - notify: restart opencloud - -- name: Start opencloud container - community.docker.docker_compose_v2: - project_src: "{{ opencloud_docker_compose_dir }}" - state: present \ No newline at end of file diff --git a/roles/opencloud/templates/csp-override.yaml.j2 b/roles/opencloud/templates/csp-override.yaml.j2 deleted file mode 100644 index 29afd38..0000000 --- a/roles/opencloud/templates/csp-override.yaml.j2 +++ /dev/null @@ -1,20 +0,0 @@ -directives: - connect-src: - - "'self'" - - "blob:" - - "https://raw.githubusercontent.com/opencloud-eu/awesome-apps/" - - "https://update.opencloud.eu/" -{% for url in opencloud_csp_extra_connect_src %} - - "{{ url }}" -{% endfor %} -{% if opencloud_csp_extra_frame_src | length > 0 %} - frame-src: - - "'self'" -{% for url in opencloud_csp_extra_frame_src %} - - "{{ url }}" -{% endfor %} -{% endif %} - script-src: - - "'self'" - - "'unsafe-inline'" - - "'unsafe-eval'" \ No newline at end of file diff --git a/roles/opencloud/templates/docker-compose.yml.j2 b/roles/opencloud/templates/docker-compose.yml.j2 deleted file mode 100644 index 10d8d22..0000000 --- a/roles/opencloud/templates/docker-compose.yml.j2 +++ /dev/null @@ -1,138 +0,0 @@ -services: -{% if opencloud_drawio_url %} - drawio-ext: - image: {{ opencloud_drawio_extension_image }} - entrypoint: /bin/sh - command: ["-c", "cp -R /usr/share/nginx/html/apps/draw-io/ /apps/"] - volumes: - - {{ opencloud_docker_volume_dir }}/data/web/assets/apps:/apps -{% endif %} - opencloud: - image: {{ opencloud_image }} - container_name: {{ opencloud_service_name }} - restart: unless-stopped -{% if opencloud_drawio_url %} - depends_on: - drawio-ext: - condition: service_completed_successfully -{% endif %} - entrypoint: - - /bin/sh - command: ["-c", "opencloud init || true; opencloud server"] - volumes: - - {{ opencloud_docker_volume_dir }}/config:/etc/opencloud - - {{ opencloud_docker_volume_dir }}/data:/var/lib/opencloud - environment: -{% if opencloud_use_ssl %} - OC_URL: "https://{{ opencloud_domain }}" -{% else %} - OC_URL: "http://{{ opencloud_domain }}" -{% endif %} - OC_INSECURE: "true" - OC_LOG_LEVEL: "{{ opencloud_log_level }}" - PROXY_TLS: "false" -{% if opencloud_csp_extra_connect_src | length > 0 or opencloud_csp_extra_frame_src | length > 0 %} - PROXY_CSP_CONFIG_FILE_OVERRIDE_LOCATION: "/etc/opencloud/csp-override.yaml" -{% endif %} - IDM_ADMIN_PASSWORD: "{{ opencloud_admin_password }}" -{% if opencloud_role_assignment_driver == "oidc" %} - PROXY_ROLE_ASSIGNMENT_DRIVER: "oidc" - PROXY_ROLE_ASSIGNMENT_OIDC_CLAIM: "{{ opencloud_role_assignment_oidc_claim }}" - GRAPH_ASSIGN_DEFAULT_USER_ROLE: "false" - SETTINGS_SETUP_DEFAULT_ASSIGNMENTS: "false" -{% endif %} -{% if opencloud_oidc_issuer %} - OC_OIDC_ISSUER: "{{ opencloud_oidc_issuer }}" - OC_OIDC_CLIENT_ID: "{{ opencloud_oidc_client_id }}" -{% if opencloud_oidc_client_secret %} - OC_OIDC_CLIENT_SECRET: "{{ opencloud_oidc_client_secret }}" -{% endif %} - PROXY_OIDC_REWRITE_WELLKNOWN: "{{ opencloud_oidc_rewrite_wellknown | string | lower }}" - PROXY_USER_OIDC_CLAIM: "{{ opencloud_oidc_user_claim }}" - PROXY_USER_CS3_CLAIM: "{{ opencloud_oidc_user_cs3_claim }}" - PROXY_AUTOPROVISION_ACCOUNTS: "{{ opencloud_oidc_autoprovision_accounts | string | lower }}" -{% if opencloud_oidc_account_edit_url %} - WEB_OPTION_ACCOUNT_EDIT_LINK_HREF: "{{ opencloud_oidc_account_edit_url }}" -{% endif %} -{% endif %} -{% if opencloud_use_s3_storage %} - STORAGE_USERS_DRIVER: "decomposeds3" - STORAGE_USERS_DECOMPOSEDS3_ENDPOINT: "{{ opencloud_s3_endpoint }}" - STORAGE_USERS_DECOMPOSEDS3_REGION: "{{ opencloud_s3_region }}" - STORAGE_USERS_DECOMPOSEDS3_ACCESS_KEY: "{{ opencloud_s3_access_key }}" - STORAGE_USERS_DECOMPOSEDS3_SECRET_KEY: "{{ opencloud_s3_secret_key }}" - STORAGE_USERS_DECOMPOSEDS3_BUCKET: "{{ opencloud_s3_bucket }}" -{% endif %} -{% if opencloud_ldap_uri %} - # Disable built-in IDM when using external LDAP - OC_EXCLUDE_RUN_SERVICES: "idm" - IDM_CREATE_DEMO_USERS: "false" - # LDAP connection - OC_LDAP_URI: "{{ opencloud_ldap_uri }}" - OC_LDAP_INSECURE: "{{ opencloud_ldap_insecure | string | lower }}" - OC_LDAP_BIND_DN: "{{ opencloud_ldap_bind_dn }}" - OC_LDAP_BIND_PASSWORD: "{{ opencloud_ldap_bind_password }}" - # LDAP user/group base - OC_LDAP_USER_BASE_DN: "{{ opencloud_ldap_user_base_dn }}" - OC_LDAP_GROUP_BASE_DN: "{{ opencloud_ldap_group_base_dn }}" - # LDAP user schema - OC_LDAP_USER_SCHEMA_ID: "{{ opencloud_ldap_user_schema_id }}" - OC_LDAP_USER_SCHEMA_ID_IS_OCTET_STRING: "{{ opencloud_ldap_user_schema_id_is_octet_string | string | lower }}" - OC_LDAP_USER_SCHEMA_USERNAME: "{{ opencloud_ldap_user_schema_username }}" - OC_LDAP_USER_SCHEMA_MAIL: "{{ opencloud_ldap_user_schema_mail }}" - OC_LDAP_USER_SCHEMA_DISPLAY_NAME: "{{ opencloud_ldap_user_schema_display_name }}" - # LDAP group schema - OC_LDAP_GROUP_SCHEMA_ID: "{{ opencloud_ldap_group_schema_id }}" - OC_LDAP_GROUP_SCHEMA_ID_IS_OCTET_STRING: "{{ opencloud_ldap_group_schema_id_is_octet_string | string | lower }}" - OC_LDAP_GROUP_SCHEMA_GROUPNAME: "{{ opencloud_ldap_group_schema_groupname }}" - OC_LDAP_GROUP_SCHEMA_MEMBER: "{{ opencloud_ldap_group_schema_member }}" - GRAPH_LDAP_SERVER_WRITE_ENABLED: "{{ opencloud_ldap_write_enabled | string | lower }}" -{% endif %} -{% if opencloud_collabora_domain %} - OC_ADD_RUN_SERVICES: "collaboration" - COLLABORA_DOMAIN: "{{ opencloud_collabora_domain }}" - COLLABORATION_APP_NAME: "CollaboraOnline" - COLLABORATION_APP_PRODUCT: "Collabora" - COLLABORATION_APP_ADDR: "https://{{ opencloud_collabora_domain }}" - COLLABORATION_APP_INSECURE: "{{ opencloud_collabora_insecure | string | lower }}" - COLLABORATION_APP_PROOF_DISABLE: "{{ opencloud_collabora_insecure | string | lower }}" - COLLABORATION_CS3API_DATAGATEWAY_INSECURE: "{{ opencloud_collabora_insecure | string | lower }}" - COLLABORATION_HTTP_ADDR: "0.0.0.0:9300" - COLLABORATION_WOPI_SRC: "https://{{ opencloud_wopi_domain }}" - FRONTEND_APP_HANDLER_SECURE_VIEW_APP_ADDR: "eu.opencloud.api.collaboration" -{% endif %} - networks: - - {{ opencloud_traefik_network }} -{% if opencloud_extra_hosts is defined and opencloud_extra_hosts | length > 0 %} - extra_hosts: -{% for host in opencloud_extra_hosts %} - - "{{ host }}" -{% endfor %} -{% endif %} - labels: - - traefik.enable=true - - traefik.docker.network={{ opencloud_traefik_network }} - - traefik.http.routers.{{ opencloud_service_name }}.rule=Host(`{{ opencloud_domain }}`) -{% if opencloud_use_ssl %} - - traefik.http.routers.{{ opencloud_service_name }}.entrypoints=websecure - - traefik.http.routers.{{ opencloud_service_name }}.tls=true -{% else %} - - traefik.http.routers.{{ opencloud_service_name }}.entrypoints=web -{% endif %} - - traefik.http.services.{{ opencloud_service_name }}.loadbalancer.server.port={{ opencloud_port }} -{% if opencloud_collabora_domain %} - - traefik.http.routers.{{ opencloud_service_name }}.service={{ opencloud_service_name }} - - traefik.http.routers.{{ opencloud_service_name }}-wopi.rule=Host(`{{ opencloud_wopi_domain }}`) - - traefik.http.routers.{{ opencloud_service_name }}-wopi.service={{ opencloud_service_name }}-wopi - - traefik.http.services.{{ opencloud_service_name }}-wopi.loadbalancer.server.port=9300 -{% if opencloud_use_ssl %} - - traefik.http.routers.{{ opencloud_service_name }}-wopi.entrypoints=websecure - - traefik.http.routers.{{ opencloud_service_name }}-wopi.tls=true -{% else %} - - traefik.http.routers.{{ opencloud_service_name }}-wopi.entrypoints=web -{% endif %} -{% endif %} - -networks: - {{ opencloud_traefik_network }}: - external: true \ No newline at end of file diff --git a/roles/opencloud/templates/proxy.yaml.j2 b/roles/opencloud/templates/proxy.yaml.j2 deleted file mode 100644 index 78f5a9e..0000000 --- a/roles/opencloud/templates/proxy.yaml.j2 +++ /dev/null @@ -1,9 +0,0 @@ -role_assignment: - driver: oidc - oidc_role_mapper: - role_claim: {{ opencloud_role_assignment_oidc_claim }} - role_mapping: -{% for mapping in opencloud_role_mapping %} - - role_name: {{ mapping.role_name }} - claim_value: "{{ mapping.claim_value }}" -{% endfor %} \ No newline at end of file diff --git a/roles/opencloud/tests/inventory b/roles/opencloud/tests/inventory deleted file mode 100644 index 03ca42f..0000000 --- a/roles/opencloud/tests/inventory +++ /dev/null @@ -1,3 +0,0 @@ -#SPDX-License-Identifier: MIT-0 -localhost - diff --git a/roles/opencloud/tests/test.yml b/roles/opencloud/tests/test.yml deleted file mode 100644 index a139404..0000000 --- a/roles/opencloud/tests/test.yml +++ /dev/null @@ -1,6 +0,0 @@ -#SPDX-License-Identifier: MIT-0 ---- -- hosts: localhost - remote_user: root - roles: - - opencloud diff --git a/roles/opencloud/vars/main.yml b/roles/opencloud/vars/main.yml deleted file mode 100644 index 34f40a9..0000000 --- a/roles/opencloud/vars/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -#SPDX-License-Identifier: MIT-0 ---- -# vars file for opencloud