Compare commits

...

166 Commits

Author SHA1 Message Date
3286c56929 meta: bump collection version to 0.2.1 2025-10-23 18:49:50 +02:00
cd4fac6372 update(ghost): bump version to 6.5.1 2025-10-23 18:48:46 +02:00
22cce2bf06 update(keycloak): bump version to 26.4.2 2025-10-23 18:47:45 +02:00
22c1e9d179 update(jellyfin): bump version to 10.11.0 2025-10-20 18:10:41 +02:00
acc7ae289b update(snipe_it): bump version to 8.3.4 2025-10-17 22:06:34 +02:00
3adb3d4d6d update(keycloak): bump version to 26.4.1 2025-10-16 15:35:24 +02:00
86cea40cfc update(vouch_proxy): bump version to 0.45.1 2025-10-13 16:41:00 +02:00
066a5f2c59 update(authelia): bump version to 4.39.13 2025-10-12 09:09:39 +02:00
ce14010fee update(ghost): bump version to 6.3.1 2025-10-10 22:46:57 +02:00
e6f0c912d5 update(pretix): bump version to 2025.8.0 2025-10-08 18:36:39 +02:00
8838e17624 update(authelia): bump version to 4.39.12 2025-10-08 13:42:02 +02:00
5d8845c075 update(snipe_it): bump version to 8.3.3 2025-10-07 12:23:12 +02:00
c593006de1 update(phpldapadmin): bump version to 2.3.4 2025-10-07 10:36:51 +02:00
55363ef3ae update(keycloak): bump version to 26.4.0 2025-10-01 16:00:29 +02:00
504b54f7ef update(authelia): bump version to 4.39.11 2025-10-01 15:44:49 +02:00
bca5e68288 feat(pretix): add ansible role and playbook 2025-09-29 16:41:20 +02:00
04f62eb021 update(keycloak): bump version to 26.3.5 2025-09-25 21:27:21 +02:00
887fd4055f update(phpldapadmin): bump version to 2.3.3 2025-09-20 19:06:19 +02:00
873dc4894a update(snipe_it): bump version to 8.3.2 2025-09-19 22:06:15 +02:00
1b979d54d3 update(authelia): bump version to 4.39.10 2025-09-16 22:46:34 +02:00
a1aea3ba10 update(phpldapadmin): bump version to 2.3.1 2025-09-13 10:53:53 +02:00
7360beb85d update(gitea): bump version to 1.24.6 2025-09-11 22:02:20 +02:00
c5d66a4bc3 update(authelia): bump version to 4.39.9 2025-09-09 19:04:52 +02:00
c1643a2a06 update(ghost): bump version to 6.0.7 2025-09-08 22:33:46 +02:00
6b004e3477 update(authelia): bump version to 4.39.8 2025-09-02 18:19:12 +02:00
b6e0a88716 update(snipe_it): bump version to 8.3.1 2025-09-01 16:59:08 +02:00
ae24dcfd9b update(authelia): bump version to 4.39.7 2025-08-31 16:12:29 +02:00
5457046433 update(snipe_it): bump version to 8.3.0 2025-08-29 22:04:30 +02:00
61be252a50 update(ghost): bump version to 6.0.5 2025-08-23 22:57:24 +02:00
20867e7a36 update(vouch_proxy): bump version to 0.45.0 2025-08-22 21:17:33 +02:00
5fbe6325d0 update(keycloak): bump version to 26.3.3 2025-08-20 16:26:41 +02:00
f3aa284efa update(ghost): bump version to 6.0.4 2025-08-19 21:24:30 +02:00
94a73bd3a9 update(phpldapadmin): bump version to 2.3.0 2025-08-18 21:38:25 +02:00
b66213e29d meta: update collection version to 0.2.0, update dependencies 2025-08-16 17:12:17 +02:00
79a39e1aca update(gitea): bump version to 1.24.5 2025-08-13 19:00:25 +02:00
448975a12f update(authelia): bump version to 4.39.6 2025-08-09 10:19:13 +02:00
9cde7b3961 update(gitea): bump version to 1.24.4 2025-08-04 21:47:37 +02:00
0b1ac4957e update(vaultwarden): bump version to 1.34.3 2025-07-31 23:27:20 +02:00
ef83afc453 update(vaultwarden): bump version to 1.34.2 2025-07-28 16:12:58 +02:00
4d266054d4 update(keycloak): bump version to 26.3.2 2025-07-25 22:59:40 +02:00
15810fd6dc update(snipe_it): bump version to 8.2.1 2025-07-24 20:30:42 +02:00
df5f37bd5a update(snipe_it): bump version to 8.2.0 2025-07-23 17:30:53 +02:00
6a5f04f751 update(phpldapadmin): bump version to 2.2.2 2025-07-18 23:06:48 +02:00
63803053dc update(gitea): bump version to 1.24.3 2025-07-15 21:16:00 +02:00
0d07413608 update(phpldapadmin): bump version to 2.2.1 2025-07-13 16:14:54 +02:00
f46812872c update(authelia): bump version to 4.39.5 2025-07-13 10:16:25 +02:00
9861de8914 update(snipe_it): bump version to 8.1.18 2025-07-09 18:15:27 +02:00
b73d10f31e update(keycloak): bump version to 26.3.1 2025-07-09 18:13:22 +02:00
a38ded822f update(ghost): bump version to 5.129.1 2025-07-06 22:48:56 +02:00
52a8630554 update(keycloak): bump version to 26.3.0 2025-07-02 21:53:21 +02:00
d0cbff5d20 update(snipe-it): bump version to 8.1.17 2025-06-30 15:32:13 +02:00
3a52c20914 update(ghost): bump version to 5.126.1 2025-06-22 19:37:07 +02:00
017edc5ee5 update(gitea): bump version to 1.24.2 2025-06-21 11:03:45 +02:00
f8a5b865ae update(gitea): bump version to 1.24.1 2025-06-20 16:24:55 +02:00
a3f750c17d update(snipe_it): bump version to 8.1.16 2025-06-16 15:57:30 +02:00
b12a374ef1 update(gost): bump version to 5.125.1 2025-06-14 23:06:41 +02:00
aa6bf10e97 update(gitea): bump version to 1.24.0 2025-06-11 19:49:49 +02:00
78beaa1814 meta: add community.general@^10.0.0 dependency 2025-06-07 22:14:50 +02:00
fcbcb39e55 update(ghost): bump version to 5.121.0 2025-06-06 23:10:35 +02:00
a7b6189fa3 update(snipe_it): bump version to 8.1.15 2025-06-03 16:42:39 +02:00
cd0e305d34 update(ghost): bump version to 5.102.4 2025-05-30 17:16:02 +02:00
d09baa48fa update(keycloak): bump version to 26.2.5 2025-05-28 12:53:54 +02:00
3bb6928fad update(vaultwarden): bump version to 1.34.1 2025-05-27 16:25:46 +02:00
bce1d4ecee update(authelia): bump version to 4.39.4 2025-05-25 14:04:24 +02:00
4de87f2407 update(snipe_it): bump version to 8.1.4 2025-05-23 15:03:05 +02:00
2984018cd2 update(ghost): bump version to 5.120.0 2025-05-17 22:07:45 +02:00
536c988d64 update(gitea): bump version to 1.23.8 2025-05-13 15:54:51 +02:00
ef34c4de67 update(authelia): bump version to 4.39.3 2025-05-11 20:25:12 +02:00
f23a3538bd update(authelia): bump version to 4.39.2, change registry to ghcr.io 2025-05-10 23:31:32 +02:00
503c421b2f update(ghost): bump version to 5.119.2 2025-05-09 21:59:52 +02:00
46f26900fc update(keycloak): bump version to 26.2.4 2025-05-08 17:56:15 +02:00
0b9bfc1646 update(snipe_it): bump version to 8.1.3 2025-05-07 17:24:22 +02:00
79c8b6537e update(keycloak): bump version to 26.2.3 2025-05-05 16:11:18 +02:00
1de7bc2de9 update(snipe_it): bump version to 8.1.2 2025-05-05 16:08:35 +02:00
9587b4193c feat(phpldapadmin): add ansible role 2025-05-02 21:52:12 +02:00
f996c7a373 chore(vaultwarden): use strict env comparisions for container 2025-05-01 10:21:15 +02:00
e1866a1a41 update(keycloak): bump version to 26.2.2 2025-04-30 16:56:05 +02:00
800ebbae77 meta: update collection version to 0.1.15 2025-04-27 19:00:17 +02:00
6faba56371 update(keycloak): bump version to 26.2.1 2025-04-23 18:21:28 +02:00
05aec0581b update(ghost): bump version to 5.117.0 2025-04-17 17:45:11 +02:00
fbe33c06cf update(keycloak): bump version to 26.2.0 2025-04-12 11:34:44 +02:00
0e405cef07 update(keycloak): bump version to 26.1.5 2025-04-12 11:34:43 +02:00
42782b58a4 update(hedgedoc): bump version to 1.10.3 2025-04-10 17:08:45 +02:00
ee410b29a8 update(gitea): bump version to 1.23.7 2025-04-08 21:21:42 +02:00
1f7c4635a4 update(jellyfin): bump version to 10.10.7 2025-04-06 09:09:38 +02:00
7995eba69b update(ghost): bump version to 5.116.0 2025-04-04 21:59:18 +02:00
c766e2ef46 meta: bump galaxy version to 0.1.14 2025-03-28 16:05:11 +01:00
8e667d113a update(gitea): bump version to 1.23.6 2025-03-25 17:13:53 +01:00
c8d49760b1 update(ghost): bump version to 5.113.1 2025-03-20 22:06:35 +01:00
c28cba452c update(snipe_it): bump version to 8.0.4 2025-03-18 21:24:02 +01:00
ed5118ea95 update(authelia): bump version to 4.39.1 2025-03-18 20:33:33 +01:00
4d43f3c425 update(ghost): bump version to 5.113.0 2025-03-17 21:49:18 +01:00
3c789f2736 update(authelia): bump version to 4.39.0 2025-03-16 19:56:00 +01:00
62b99afa95 update(keycloak): bump version to 26.1.4 2025-03-14 22:32:25 +01:00
213cff7da7 update(ghost): bump version to 5.111.0 2025-03-07 21:34:55 +01:00
6ce6c3ce41 update(gitea): bump version to 1.23.5 2025-03-06 14:57:09 +01:00
70fa36ff98 update(snipe_it): bump version to 7.1.17 2025-03-03 21:09:04 +01:00
a4d56624e5 chore(jellyfin): allow passing more options to docker container 2025-03-02 21:23:27 +01:00
fc79dc4bc1 update(keycloak): bump version to 26.1.3 2025-02-28 19:15:31 +01:00
94404387cc feat(authelia): add state absent support 2025-02-26 20:51:21 +01:00
6a420416db update(ghost): bump version to 5.110.1 2025-02-26 20:42:02 +01:00
fac73c1a6a update(vouch_proxy): bump version to 0.41.0 2025-02-20 17:39:58 +01:00
307025181b update(gitea): bump version to 1.23.4 2025-02-19 15:18:07 +01:00
f7594fed77 update(jellyfin): bump version to 10.10.6 2025-02-17 12:42:21 +01:00
c72e87dfd5 update(authelia): bump version to 4.38.19 2025-02-16 14:56:02 +01:00
82fc10fd5f update(hedgedoc): bump version to 1.10.2 2025-02-15 10:45:31 +01:00
05145b3b21 feat(jellyfin): add podman as deployment method 2025-02-14 22:26:48 +01:00
1e234bf68b feat(vaultwarden): support podman as deployment method 2025-02-14 22:12:52 +01:00
6516780e16 meta: add containers.podman@^1.16.0 to collection requirements 2025-02-14 22:12:51 +01:00
06df5b790e feat(hedgedoc): support podman as deployment method 2025-02-14 22:12:50 +01:00
9bfd87f256 meta: bump galaxy version to 0.1.13 2025-02-12 21:59:50 +01:00
20a4cf4da4 update(keycloak): bump version to 26.1.2 2025-02-11 17:24:58 +01:00
60ce6ca758 update(vaultwarden): bump version to 1.33.2 2025-02-09 19:44:00 +01:00
a1039eaa45 update(ghost): bump version to 5.109.3 2025-02-07 21:35:11 +01:00
01ff782b14 update(gitea): bump version to 1.23.3 2025-02-06 17:31:40 +01:00
bc61a40771 update(keycloak): bump version to 26.1.1 2025-02-06 17:31:09 +01:00
94ddaf98f0 chore(keycloak): allow disabling mapping of local providers into the container image 2025-02-04 12:04:15 +01:00
23f5f560b6 update(vaultwarden): bump version to 1.33.1 2025-02-03 20:23:50 +01:00
a8f74baa53 meta: bump version to 0.1.12, require community.docker@^4.0.0, community.crypto@^2.22.0 2025-02-03 09:44:09 +01:00
836183ad55 update(hedgedoc): bump version to 1.10.1 2025-02-03 09:40:21 +01:00
0deea90113 update(ghost): bump version to 5.109.0 2025-02-02 19:50:54 +01:00
a5108c1bb6 feat(gitea): allow specifying container user for rootless mode 2025-01-31 13:11:54 +01:00
a278d5a438 meta: bump collection version to 0.1.11 2025-01-30 15:47:46 +01:00
6ff3590514 update(jellyfin): bump version to 10.10.5 2025-01-26 09:01:10 +01:00
801b4b2cbf update(vaultwarden): bump version to 1.33.0 2025-01-25 22:06:06 +01:00
5ea018e04c update(ghost): bump version to 5.107.2 2025-01-23 21:40:20 +01:00
842492c30d update(jellyfin): bump version to 10.10.4 2025-01-22 20:37:58 +01:00
249f2e8926 update(ghost): bump version to 5.107.0 2025-01-19 14:07:00 +01:00
0f75b2a4aa update(keycloak): bump version to 26.1.0 2025-01-18 12:36:11 +01:00
d934993817 update(keycloak): bump version to 26.0.8 2025-01-17 16:01:52 +01:00
4c65b70f97 update(gitea): bump version to 1.23.1 2025-01-10 19:21:04 +01:00
fe5ebb9531 update(gitea): bump version to 1.23.0 2025-01-09 20:18:45 +01:00
2d5b6a9357 update(authelia): bump version to 4.38.18 2025-01-01 20:45:01 +01:00
563e261ef3 fix(hedgedoc): jinja template syntax error 2024-12-29 15:18:46 +01:00
51a466a150 update(ghost): bump version to 5.105.0 2024-12-24 23:07:59 +01:00
7b9fed4a11 update(gitea): bump version to 1.22.6 2024-12-23 19:58:02 +01:00
25be7155e0 update(vaultwarden): bump version to 1.32.7 2024-12-21 23:04:35 +01:00
950d017889 update(authelia): bump version to 4.38.17 2024-12-14 22:33:27 +01:00
31639291f1 meta: update collection to 0.1.10 2024-12-08 13:54:25 +01:00
127a128a73 update(gitea): bump version to 1.22.4 2024-12-08 13:52:42 +01:00
6bf38f8273 update(ghost): bump version to 5.103.0 2024-12-05 23:18:32 +01:00
266057d11c update(keycloak): bump version to 26.0.7 2024-12-03 16:14:52 +01:00
afa91a622b update(keycloak): bump version to 26.0.6 2024-11-29 22:50:54 +01:00
d92262798a update(snipe_it): bump version to 7.1.15 2024-11-28 22:05:40 +01:00
4b13c448d0 update(ghost): bump version to 5.101.4 2024-11-27 20:04:01 +01:00
a9a988ec69 update(ghost): bump version to 5.101.3 2024-11-23 21:54:14 +01:00
d9de07c8f8 update(jellyfin): bump version to 10.10.3 2024-11-19 14:08:00 +01:00
c51dd4c142 meta: update collection to 0.1.9 2024-11-18 14:01:46 +01:00
bfd6449a71 update(vaultwarden): bump version to 1.32.5 2024-11-18 14:00:42 +01:00
7ebde915db update(ghost): bump version to 5.101.1 2024-11-15 21:07:30 +01:00
a18c8c3355 meta: bump collection version to 0.1.8 2024-11-11 08:34:17 +01:00
5a6ffc6991 update(vaultwarden): bump version to 1.32.4 2024-11-11 08:32:26 +01:00
e7ea03c00e update(jellyfin): bump version to 10.10.1 2024-11-10 19:52:04 +01:00
c7040c96f8 chore(keycloak): set keycloak hostname and header mode for proxy 2024-11-09 12:21:56 +01:00
d8d0b5c9e5 chore(keycloak): use fully-qualified module names 2024-11-08 18:30:18 +01:00
1d1f519e3a chore(keycloak): split upstream container image coordinates 2024-11-08 18:29:35 +01:00
11d5c81c60 update(keycloak): bump version to 26.0.5 2024-11-08 18:24:12 +01:00
f7eeb59288 update(keycloak): bump version to 25.0.6 2024-11-08 18:11:25 +01:00
72d8ac9644 feat(keycloak): add ansible role
Migrate role from `entropia.sso` collection
2024-11-08 18:05:19 +01:00
d3d6f89949 fix(authelia): correctly template session.redis config section, fix container restarts recreating the container 2024-11-02 10:48:05 +01:00
43d0dc171a update(openproject)!: bump version to release/14 2024-11-01 21:32:08 +01:00
d8dfb24df0 update(vaultwarden): bump version to 1.32.3 2024-10-31 09:53:41 +01:00
57c8dae0c4 meta: bump version to 0.1.7 2024-10-27 19:26:55 +01:00
6385b6f7a8 update(jellyfin): bump version to 10.10.0 2024-10-27 19:23:09 +01:00
7d09c9a88d feat(snipe_it): add ansible role for deployment 2024-10-27 18:35:22 +01:00
98c60a73c6 meta: bump version to 0.1.6 2024-10-22 20:42:24 +02:00
69 changed files with 1547 additions and 114 deletions

View File

@@ -23,9 +23,17 @@ concise area of concern.
- [`jellyfin`](roles/jellyfin/README.md): Deploy [jellyfin.org](https://jellyfin.org),
the free software media system for streaming stored media to any device.
- [`keycloak`](roles/keycloak/README.md): Deploy [keycloak](https://www.keycloak.org/),
the open source identity and access management solution.
- [`openproject`](roles/openproject/README.md): Deploys an [openproject.org](https://www.openproject.org)
installation using the upstream provided docker-compose setup.
- [`pretix`](roles/pretix/README.md): Deploy [pretix](https://pretix.eu), the open source online ticketing solution.
- [`snipe_it`](roles/snipe_it/README.md): Deploys [Snipe-IT](https://snipeitapp.com/),
the free and open-source IT asset (and license) management with a powerful REST API
- [`vaultwarden`](roles/vaultwarden/README.md): Deploy [vaultwarden](https://github.com/dani-garcia/vaultwarden/),
an open-source implementation of the Bitwarden Server (formerly Bitwarden\_RS).

View File

@@ -1,13 +1,15 @@
namespace: finallycoffee
name: services
version: 0.1.5
version: "0.2.1"
readme: README.md
authors:
- transcaffeine <transcaffeine@finally.coffee>
description: Various ansible roles useful for automating infrastructure
dependencies:
"community.crypto": "^2.0.0"
"community.docker": "^3.0.0"
"community.general": "^11.0.0"
"community.crypto": "^3.0.3"
"community.docker": "^4.7.0"
"containers.podman": "^1.16.0"
license_file: LICENSE.md
build_ignore:
- '*.tar.gz'
@@ -19,4 +21,7 @@ tags:
- hedgedoc
- jellyfin
- vaultwarden
- snipeit
- docker
- phpldapadmin
- pretix

View File

@@ -0,0 +1,7 @@
---
- name: Configure and run phpldapadmin
hosts: "{{ phpldapadmin_hosts | default('phpldapadmin', true) }}"
become: "{{ phpldapadmin_become | default(false) }}"
gather_facts: "{{ phpldapadmin_gather_facts | default(false) }}"
roles:
- role: finallycoffee.services.phpldapadmin

99
playbooks/pretix.yml Normal file
View File

@@ -0,0 +1,99 @@
---
- import_playbook: finallycoffee.databases.postgresql_client
when: pretix_configure_postgresql | default(true)
vars:
postgresql_hosts: "{{ pretix_hosts | default('pretix') }}"
postgresql_become: >-2
{{ pretix_postgresql_client_become | default(pretix_become | default(true)) }}
postgresql_client_database: "{{ pretix_postgresql_database | default('pretix') }}"
postgresql_client_username: "{{ pretix_postgresql_user | default('pretix') }}"
postgresql_client_password: >-2
{{ pretix_postgresql_password | mandatory(msg='pretix postgresql password is required') }}
- import_playbook: finallycoffee.databases.valkey
when: pretix_configure_valkey | default(true)
vars:
valkey_hosts: "{{ pretix_hosts | default('pretix') }}"
valkey_instance: "pretix"
valkey_secret: "{{ pretix_redis_secret | mandatory(msg='pretix valkey secret is required') }}"
valkey_config_user:
- "default on +@all -DEBUG ~* &* >{{ pretix_redis_secret }}"
valkey_container_ports:
- "{{ pretix_redis_bind_addr | default('127.0.10.1:6739') }}:{{ valkey_config_port }}"
valkey_config_bind:
- "0.0.0.0"
- "-::"
- name: Install and configure pretix
hosts: "{{ pretix_hosts | default('pretix') }}"
become: "{{ pretix_become | default(true) }}"
gather_facts: "{{ pretix_gather_facts | default(false) }}"
roles:
- role: finallycoffee.services.pretix
vars:
pretix_config_url: "https://{{ pretix_domain }}"
pretix_config_database_name: "{{ pretix_postgresql_database | default('pretix') }}"
pretix_config_database_user: "{{ pretix_postgresql_user | default('pretix') }}"
pretix_config_database_password: "{{ pretix_postgresql_password }}"
pretix_config_redis_location: >-2
redis://:{{ pretix_redis_secret }}@{{ pretix_redis_bind_addr }}/0
pretix_config_celery_backend: >-2
redis://:{{ pretix_redis_secret }}@{{ pretix_redis_bind_addr }}/1
pretix_config_celery_broker: >-2
redis://:{{ pretix_redis_secret }}@{{ pretix_redis_bind_addr }}/2
- role: finallycoffee.base.nginx
when: pretix_configure_nginx | default(true)
vars:
nginx_container_name: "nginx-pretix"
nginx_container_labels: "{{ pretix_nginx_container_labels | default({}, true) }}"
nginx_config_file: "{{ nginx_base_path }}/nginx-pretix.conf"
nginx_config: |+
server {
listen 80 default_server;
server_name {{ pretix_domain }};
add_header Referrer-Policy same-origin;
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://{{ pretix_config_wsgi_bind_addr }};
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
}
location /media/ {
alias {{ pretix_media_dir }}/;
expires 7d;
access_log off;
}
location ^~ /media/cachedfiles {
deny all;
return 404;
}
location ^~ /media/invoices {
deny all;
return 404;
}
location /static/staticfiles.json {
deny all;
return 404;
}
location /static/CACHE/manifest.json {
deny all;
return 404;
}
location /static/ {
alias {{ pretix_static_asset_dir }};
access_log off;
expires 365d;
add_header Cache-Control "public";
}
}
pretix_python_version: >-2
python{{ ansible_python.version.major }}.{{ ansible_python.version.minor }}
pretix_static_asset_dir: >-2
{{ pretix_virtualenv_dir }}/lib/{{ pretix_python_version }}/site-packages/pretix/static.dist/
nginx_container_volumes:
- "{{ nginx_config_file }}:/etc/nginx/conf.d/nginx.conf:ro"
- "{{ pretix_media_dir }}:{{ pretix_media_dir }}:ro"
- "{{ pretix_static_asset_dir }}:{{ pretix_static_asset_dir }}:ro"
vars:
pretix_redis_bind_addr: "127.0.10.1:6739"

6
playbooks/snipe_it.yml Normal file
View File

@@ -0,0 +1,6 @@
---
- name: Install and configure Snipe-IT
hosts: "{{ snipe_it_hosts | default('snipe_it') }}"
become: "{{ snipe_it_become | default(true, false) }}"
roles:
- role: finallycoffee.services.snipe_it

View File

@@ -1,8 +1,10 @@
---
authelia_version: "4.38.16"
authelia_version: "4.39.13"
authelia_user: authelia
authelia_base_dir: /opt/authelia
authelia_domain: authelia.example.org
authelia_state: present
authelia_deployment_method: docker
authelia_config_dir: "{{ authelia_base_dir }}/config"
authelia_config_file: "{{ authelia_config_dir }}/config.yaml"
@@ -13,7 +15,7 @@ authelia_notification_storage_file: "{{ authelia_data_dir }}/notifications.txt"
authelia_user_storage_file: "{{ authelia_data_dir }}/user_database.yml"
authelia_container_name: authelia
authelia_container_image_server: docker.io
authelia_container_image_server: ghcr.io
authelia_container_image_namespace: authelia
authelia_container_image_name: authelia
authelia_container_image: >-2
@@ -90,7 +92,11 @@ authelia_config_webauthn_disable: true
authelia_config_webauthn_timeout: 60s
authelia_config_webauthn_display_name: "Authelia ({{ authelia_domain }})"
authelia_config_webauthn_attestation_conveyance_preference: indirect
authelia_config_webauthn_user_verification: preferred
authelia_config_webauthn_user_verification: "preferred"
authelia_config_webauthn_selection_criteria_user_verification: >-2
{{ authelia_config_webauthn_user_verification }}
authelia_config_webauthn_selection_criteria_discoverability: "preferred"
authelia_config_webauthn_selection_criteria_attachment: ""
authelia_config_duo_api_hostname: ~
authelia_config_duo_api_integration_key: ~
authelia_config_duo_api_secret_key: ~
@@ -105,6 +111,8 @@ authelia_config_authentication_backend_password_reset_disable: false
authelia_config_authentication_backend_password_reset_custom_url: ~
authelia_config_authentication_backend_ldap_implementation: custom
authelia_config_authentication_backend_ldap_url: ldap://127.0.0.1:389
authelia_config_authentication_backend_ldap_address: >-2
{{ authelia_config_authentication_backend_ldap_url }}
authelia_config_authentication_backend_ldap_timeout: 5s
authelia_config_authentication_backend_ldap_start_tls: false
authelia_config_authentication_backend_ldap_tls_skip_verify: false
@@ -155,6 +163,19 @@ authelia_config_session_inactivity: 5m
authelia_config_session_remember_me_duration: 1M
authelia_config_session_remember_me: >-2
{{ authelia_config_session_remember_me_duration }}
authelia_config_session_cookies:
- "{{ authelia_config_session_cookies_default }}"
authelia_config_session_cookies_default_domain: >-2
{{ authelia_config_session_domain }}
authelia_config_session_cookies_default_authelia_url: >-2
https://{{ authelia_config_session_cookies_default_domain }}
authelia_config_session_cookies_default_default_redirection_url: >-2
{{ authelia_config_default_redirection_url }}
authelia_config_session_cookies_default:
domain: "{{ authelia_config_session_cookies_default_domain }}"
authelia_url: "{{ authelia_config_session_cookies_default_authelia_url }}"
default_redirection_url: >-2
{{ authelia_config_session_cookies_default_default_redirection_url }}
authelia_config_session_redis_host: "{{ authelia_redis_host }}"
authelia_config_session_redis_port: "{{ authelia_redis_port }}"
authelia_config_session_redis_username: "{{ authelia_redis_user }}"
@@ -191,7 +212,10 @@ authelia_config_notifier_smtp_disable_require_tls: false
authelia_config_notifier_smtp_disable_html_emails: false
authelia_config_notifier_smtp_tls_skip_verify: false
authelia_config_notifier_smtp_tls_minimum_version: "{{ authelia_tls_minimum_version }}"
#authelia_config_identity_provider_
authelia_config_identity_validation_reset_password_jwt_secret: >-2
{{ authelia_config_jwt_secret }}
authelia_config_identity_validation_reset_password_jwt_lifespan: "5 minutes"
authelia_config_identity_validation_reset_password_jwt_algorithm: "HS256"
authelia_database_type: ~
authelia_database_host: ~

View File

@@ -4,5 +4,7 @@
docker_container:
name: "{{ authelia_container_name }}"
state: started
restart: yes
restart: true
comparisons:
'*': ignore
listen: restart-authelia

View File

@@ -0,0 +1,61 @@
---
- name: Ensure container mounts are present
when: authelia_state == 'present'
block:
- name: Ensure sqlite database file exists before mounting it
ansible.builtin.file:
path: "{{ authelia_sqlite_storage_file }}"
state: touch
owner: "{{ authelia_run_user }}"
group: "{{ authelia_run_group }}"
mode: "0640"
access_time: preserve
modification_time: preserve
when: authelia_config_storage_local_path | default(false, true)
- name: Ensure user database exists before mounting it
ansible.builtin.file:
path: "{{ authelia_user_storage_file }}"
state: touch
owner: "{{ authelia_run_user }}"
group: "{{ authelia_run_group }}"
mode: "0640"
access_time: preserve
modification_time: preserve
when: authelia_config_authentication_backend_file_path | default(false, true)
- name: Ensure notification reports file exists before mounting it
ansible.builtin.file:
path: "{{ authelia_notification_storage_file }}"
state: touch
owner: "{{ authelia_run_user }}"
group: "{{ authelia_run_group }}"
mode: "0640"
access_time: preserve
modification_time: preserve
when: authelia_config_notifier_filesystem_filename | default(false, true)
- name: Ensure authelia container image is {{ authelia_state }}
community.docker.docker_image:
name: "{{ authelia_container_image_ref }}"
state: "{{ authelia_state }}"
source: pull
force_source: "{{ authelia_container_image_force_pull }}"
register: authelia_container_image_info
- name: Ensure authelia container is {{ authelia_container_state }}
community.docker.docker_container:
name: "{{ authelia_container_name }}"
image: "{{ authelia_container_image_ref }}"
env: "{{ authelia_container_env }}"
user: "{{ authelia_run_user }}:{{ authelia_run_group }}"
ports: "{{ authelia_container_ports | default(omit, true) }}"
labels: "{{ authelia_container_labels }}"
volumes: "{{ authelia_container_volumes }}"
networks: "{{ authelia_container_networks | default(omit, true) }}"
etc_hosts: "{{ authelia_container_etc_hosts | default(omit, true) }}"
purge_networks: "{{ authelia_container_purge_networks | default(omit, true)}}"
restart_policy: "{{ authelia_container_restart_policy }}"
recreate: "{{ authelia_container_recreate | default(omit, true) }}"
state: "{{ authelia_container_state }}"
register: authelia_container_info

View File

@@ -1,16 +1,30 @@
---
- name: Check for valid state
ansible.builtin.fail:
msg: >-2
Unsupported state '{{ authelia_state }}'.
Supported states are {{ authelia_states | join(', ') }}.
when: authelia_state not in authelia_states
- name: Ensure user {{ authelia_user }} exists
- name: Check for valid authelia deployment method
ansible.builtin.fail:
msg: >-2
Unsupported deployment method '{{ authelia_deployment_method }}'.
Supported states are {{ authelia_deployment_methods | join(', ') }}.
when: authelia_deployment_method not in authelia_deployment_methods
- name: Ensure user {{ authelia_user }} is {{ authelia_state }}
ansible.builtin.user:
name: "{{ authelia_user }}"
state: present
state: "{{ authelia_state }}"
system: true
create_home: false
register: authelia_user_info
- name: Ensure host directories are created with correct permissions
- name: Ensure host directories are {{ authelia_state }}
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
state: "{{ (authelia_state == 'present') | ternary('directory', 'absent') }}"
owner: "{{ item.owner | default(authelia_user) }}"
group: "{{ item.group | default(authelia_user) }}"
mode: "{{ item.mode | default('0750') }}"
@@ -25,7 +39,7 @@
- path: "{{ authelia_asset_dir }}"
mode: "0750"
- name: Ensure config file is generated
- name: Ensure config file is {{ authelia_state }}
ansible.builtin.copy:
content: "{{ authelia_config | to_nice_yaml(indent=2, width=10000) }}"
dest: "{{ authelia_config_file }}"
@@ -33,61 +47,8 @@
group: "{{ authelia_run_group }}"
mode: "0640"
notify: restart-authelia
when: authelia_state == 'present'
- name: Ensure sqlite database file exists before mounting it
ansible.builtin.file:
path: "{{ authelia_sqlite_storage_file }}"
state: touch
owner: "{{ authelia_run_user }}"
group: "{{ authelia_run_group }}"
mode: "0640"
access_time: preserve
modification_time: preserve
when: authelia_config_storage_local_path | default(false, true)
- name: Ensure user database exists before mounting it
ansible.builtin.file:
path: "{{ authelia_user_storage_file }}"
state: touch
owner: "{{ authelia_run_user }}"
group: "{{ authelia_run_group }}"
mode: "0640"
access_time: preserve
modification_time: preserve
when: authelia_config_authentication_backend_file_path | default(false, true)
- name: Ensure notification reports file exists before mounting it
ansible.builtin.file:
path: "{{ authelia_notification_storage_file }}"
state: touch
owner: "{{ authelia_run_user }}"
group: "{{ authelia_run_group }}"
mode: "0640"
access_time: preserve
modification_time: preserve
when: authelia_config_notifier_filesystem_filename | default(false, true)
- name: Ensure authelia container image is present
community.docker.docker_image:
name: "{{ authelia_container_image_ref }}"
state: present
source: pull
force_source: "{{ authelia_container_image_force_pull }}"
register: authelia_container_image_info
- name: Ensure authelia container is running
community.docker.docker_container:
name: "{{ authelia_container_name }}"
image: "{{ authelia_container_image_ref }}"
env: "{{ authelia_container_env }}"
user: "{{ authelia_run_user }}:{{ authelia_run_group }}"
ports: "{{ authelia_container_ports | default(omit, true) }}"
labels: "{{ authelia_container_labels }}"
volumes: "{{ authelia_container_volumes }}"
networks: "{{ authelia_container_networks | default(omit, true) }}"
etc_hosts: "{{ authelia_container_etc_hosts | default(omit, true) }}"
purge_networks: "{{ authelia_container_purge_networks | default(omit, true)}}"
restart_policy: "{{ authelia_container_restart_policy }}"
recreate: "{{ authelia_container_recreate | default(omit, true) }}"
state: "{{ authelia_container_state }}"
register: authelia_container_info
- name: Deploy authelia using {{ authelia_deployment_method }}
ansible.builtin.include_tasks:
file: "deploy-{{ authelia_deployment_method }}.yml"

View File

@@ -1,4 +1,9 @@
---
authelia_states:
- "present"
- "absent"
authelia_deployment_methods:
- "docker"
authelia_run_user: "{{ (authelia_user_info.uid) if authelia_user_info is defined else authelia_user }}"
authelia_run_group: "{{ (authelia_user_info.group) if authelia_user_info is defined else authelia_user }}"
@@ -20,7 +25,6 @@ authelia_container_base_labels:
authelia_config: "{{ authelia_base_config | combine(authelia_extra_config, recursive=True) }}"
authelia_top_level_config:
theme: "{{ authelia_config_theme }}"
jwt_secret: "{{ authelia_config_jwt_secret }}"
log: "{{ authelia_config_log }}"
telemetry: "{{ authelia_config_telemetry }}"
totp: "{{ authelia_config_totp }}"
@@ -34,12 +38,11 @@ authelia_top_level_config:
regulation: "{{ authelia_config_regulation }}"
storage: "{{ authelia_config_storage }}"
notifier: "{{ authelia_config_notifier }}"
identity_validation: "{{ authelia_config_identity_validation }}"
authelia_base_config: >-2
{{
authelia_top_level_config
| combine({"default_redirection_url": authelia_config_default_redirection_url}
if authelia_config_default_redirection_url | default(false, true) else {})
| combine(({"server": authelia_config_server })
| combine({"tls": authelia_config_server_tls}
if authelia_config_server_tls_key | default(false, true) else {}))
@@ -94,7 +97,10 @@ authelia_config_webauthn:
timeout: "{{ authelia_config_webauthn_timeout }}"
display_name: "{{ authelia_config_webauthn_display_name }}"
attestation_conveyance_preference: "{{ authelia_config_webauthn_attestation_conveyance_preference }}"
user_verification: "{{ authelia_config_webauthn_user_verification }}"
selection_criteria:
attachment: "{{ authelia_config_webauthn_selection_criteria_attachment }}"
discoverability: "{{ authelia_config_webauthn_selection_criteria_discoverability }}"
user_verification: "{{ authelia_config_webauthn_selection_criteria_user_verification }}"
authelia_config_duo_api:
hostname: "{{ authelia_config_duo_api_hostname }}"
integration_key: "{{ authelia_config_duo_api_integration_key }}"
@@ -123,7 +129,7 @@ authelia_config_authentication_backend_password_reset:
disable: "{{ authelia_config_authentication_backend_password_reset_disable }}"
authelia_config_authentication_backend_ldap:
implementation: "{{ authelia_config_authentication_backend_ldap_implementation }}"
url: "{{ authelia_config_authentication_backend_ldap_url }}"
address: "{{ authelia_config_authentication_backend_ldap_address }}"
timeout: "{{ authelia_config_authentication_backend_ldap_timeout }}"
start_tls: "{{ authelia_config_authentication_backend_ldap_start_tls }}"
tls:
@@ -170,14 +176,19 @@ authelia_config_access_control:
default_policy: "{{ authelia_config_access_control_default_policy }}"
networks: "{{ authelia_config_access_control_networks }}"
rules: "{{ authelia_config_access_control_rules }}"
authelia_config_session:
authelia_config_session: >-2
{{ authelia_config_session_base
| combine(({'redis': authelia_config_session_redis}
if authelia_config_session_redis_host else {}), recursive=true)
}}
authelia_config_session_base:
name: "{{ authelia_config_session_name }}"
domain: "{{ authelia_config_session_domain }}"
same_site: "{{ authelia_config_session_same_site }}"
secret: "{{ authelia_config_session_secret }}"
expiration: "{{ authelia_config_session_expiration }}"
inactivity: "{{ authelia_config_session_inactivity }}"
remember_me: "{{ authelia_config_session_remember_me }}"
cookies: "{{ authelia_config_session_cookies }}"
authelia_config_session_redis: >-2
{{
{
@@ -264,3 +275,9 @@ authelia_config_notifier_smtp:
tls:
skip_verify: "{{ authelia_config_notifier_smtp_tls_skip_verify }}"
minimum_version: "{{ authelia_config_notifier_smtp_tls_minimum_version }}"
authelia_config_identity_validation:
reset_password: "{{ authelia_config_identity_validation_reset_password }}"
authelia_config_identity_validation_reset_password:
jwt_secret: "{{ authelia_config_identity_validation_reset_password_jwt_secret }}"
jwt_lifespan: "{{ authelia_config_identity_validation_reset_password_jwt_lifespan }}"
jwt_algorithm: "{{ authelia_config_identity_validation_reset_password_jwt_algorithm }}"

View File

@@ -1,6 +1,6 @@
---
ghost_domain: ~
ghost_version: "5.96.0"
ghost_version: "6.5.1"
ghost_user: ghost
ghost_user_group: ghost
ghost_base_path: /opt/ghost

View File

@@ -1,5 +1,5 @@
---
gitea_version: "1.22.3"
gitea_version: "1.24.6"
gitea_user: git
gitea_run_user: "{{ gitea_user }}"
gitea_base_path: "/opt/gitea"
@@ -32,6 +32,7 @@ gitea_container_extra_labels: {}
gitea_container_extra_ports: []
gitea_container_extra_volumes: []
gitea_container_state: started
gitea_container_user: ~
# container defaults
gitea_container_base_volumes:

View File

@@ -1,5 +1,4 @@
---
- name: Ensure gitea user '{{ gitea_user }}' is present
ansible.builtin.user:
name: "{{ gitea_user }}"
@@ -75,6 +74,7 @@
published_ports: "{{ gitea_container_ports }}"
restart_policy: "{{ gitea_container_restart_policy }}"
state: "{{ gitea_container_state }}"
user: "{{ gitea_container_user | default(omit, true) }}"
- name: Ensure given configuration is set in the config file
ansible.builtin.ini_file:

View File

@@ -53,5 +53,5 @@ hedgedoc_container_all_labels: >-2
{{ hedgedoc_container_base_labels | default({}, true)
| combine(hedgedoc_container_labels | default({}, true)) }}
hedgedoc_container_restart_policy: >-2
{{ (hedgedoc_deployment_method === 'docker')
{{ (hedgedoc_deployment_method == 'docker')
| ternary('unless-stopped', 'on-failure') }}

View File

@@ -1,6 +1,6 @@
---
hedgedoc_user: hedgedoc
hedgedoc_version: "1.10.0"
hedgedoc_version: "1.10.3"
hedgedoc_state: present
hedgedoc_deployment_method: docker

View File

@@ -0,0 +1,31 @@
---
- name: Ensure container image '{{ hedgedoc_container_image }}' is {{ hedgedoc_state }}
containers.podman.podman_image:
name: "{{ hedgedoc_container_image }}"
state: "{{ hedgedoc_state }}"
pull: "{{ (hedgedoc_container_image_source == 'pull') | bool }}"
force: >-2
{{ hedgedoc_container_force_source | default(
hedgedoc_container_image_tag | default(false, true), true) }}
register: hedgedoc_container_image_info
until: hedgedoc_container_image_info is success
retries: 5
delay: 3
- name: Ensure container '{{ hedgedoc_container_name }}' is {{ hedgedoc_container_state }}
containers.podman.podman_container:
name: "{{ hedgedoc_container_name }}"
image: "{{ hedgedoc_container_image }}"
env: "{{ hedgedoc_container_env | default(omit, true) }}"
user: "{{ hedgedoc_container_user | default(omit, true) }}"
ports: "{{ hedgedoc_container_ports | default(omit, true) }}"
labels: "{{ hedgedoc_container_all_labels }}"
volumes: "{{ hedgedoc_container_all_volumes }}"
etc_hosts: "{{ hedgedoc_container_etc_hosts | default(omit, true) }}"
dns_servers: >-2
{{ hedgedoc_container_dns_servers | default(omit, true) }}
network_mode: >-2
{{ hedgedoc_container_network_mode | default(omit, true) }}
restart_policy: >-2
{{ hedgedoc_container_restart_policy | default(omit, true) }}
state: "{{ hedgedoc_container_state }}"

View File

@@ -1,7 +1,8 @@
---
jellyfin_user: jellyfin
jellyfin_version: 10.9.11
jellyfin_version: "10.11.0"
jellyfin_state: present
jellyfin_deployment_method: docker
jellyfin_base_path: /opt/jellyfin
jellyfin_config_path: "{{ jellyfin_base_path }}/config"

View File

@@ -0,0 +1,25 @@
---
- name: Ensure container image '{{ jellyfin_container_image_ref }}' is {{ jellyfin_state }}
community.docker.docker_image:
name: "{{ jellyfin_container_image_ref }}"
state: "{{ jellyfin_state }}"
source: "{{ jellyfin_container_image_source }}"
force_source: "{{ jellyfin_container_image_tag | default(false, true) }}"
register: jellyfin_container_image_pull_result
until: jellyfin_container_image_pull_result is succeeded
retries: 5
delay: 3
- name: Ensure container '{{ jellyfin_container_name }}' is {{ jellyfin_container_state }}
community.docker.docker_container:
name: "{{ jellyfin_container_name }}"
image: "{{ jellyfin_container_image_ref }}"
user: "{{ jellyfin_uid }}:{{ jellyfin_gid }}"
labels: "{{ jellyfin_container_labels }}"
volumes: "{{ jellyfin_container_volumes }}"
ports: "{{ jellyfin_container_ports | default(omit, true) }}"
networks: "{{ jellyfin_container_networks | default(omit, true) }}"
network_mode: "{{ jellyfin_container_network_mode }}"
etc_hosts: "{{ jellyfin_container_etc_hosts | default(omit, true) }}"
restart_policy: "{{ jellyfin_container_restart_policy }}"
state: "{{ jellyfin_container_state }}"

View File

@@ -0,0 +1,22 @@
---
- name: Ensure container image '{{ jellyfin_container_image_ref }}' is {{ jellyfin_state }}
containers.podman.podman_image:
name: "{{ jellyfin_container_image_ref }}"
state: "{{ jellyfin_state }}"
pull: "{{ (jellyfin_container_image_source == 'pull') | bool }}"
force: "{{ jellyfin_container_image_tag | default(false, true) }}"
register: jellyfin_container_image_pull_result
until: jellyfin_container_image_pull_result is succeeded
retries: 5
delay: 3
- name: Ensure container '{{ jellyfin_container_name }}' is {{ jellyfin_container_state }}
containers.podman.podman_container:
name: "{{ jellyfin_container_name }}"
image: "{{ jellyfin_container_image_ref }}"
user: "{{ jellyfin_uid }}:{{ jellyfin_gid }}"
labels: "{{ jellyfin_container_labels }}"
volumes: "{{ jellyfin_container_volumes }}"
network: "{{ jellyfin_container_networks | default(omit, True) }}"
restart_policy: "{{ jellyfin_container_restart_policy }}"
state: "{{ jellyfin_container_state }}"

View File

@@ -6,6 +6,13 @@
states are {{ jellyfin_states | join(', ') }}.
when: jellyfin_state not in jellyfin_states
- name: Check if deployment method is valid
ansible.builtin.fail:
msg: >-2
Unsupported state '{{ jellyfin_deployment_method }}'. Supported
states are {{ jellyfin_deployment_methods | join(', ') }}.
when: jellyfin_deployment_method not in jellyfin_deployment_methods
- name: Ensure jellyfin user '{{ jellyfin_user }}' is {{ jellyfin_state }}
ansible.builtin.user:
name: "{{ jellyfin_user }}"
@@ -23,25 +30,6 @@
mode: "{{ item.mode }}"
loop: "{{ jellyfin_host_directories }}"
- name: Ensure container image '{{ jellyfin_container_image_ref }}' is {{ jellyfin_state }}
community.docker.docker_image:
name: "{{ jellyfin_container_image_ref }}"
state: "{{ jellyfin_state }}"
source: "{{ jellyfin_container_image_source }}"
force_source: "{{ jellyfin_container_image_tag | default(false, true) }}"
register: jellyfin_container_image_pull_result
until: jellyfin_container_image_pull_result is succeeded
retries: 5
delay: 3
- name: Ensure container '{{ jellyfin_container_name }}' is {{ jellyfin_container_state }}
community.docker.docker_container:
name: "{{ jellyfin_container_name }}"
image: "{{ jellyfin_container_image_ref }}"
user: "{{ jellyfin_uid }}:{{ jellyfin_gid }}"
labels: "{{ jellyfin_container_labels }}"
volumes: "{{ jellyfin_container_volumes }}"
networks: "{{ jellyfin_container_networks | default(omit, True) }}"
network_mode: "{{ jellyfin_container_network_mode }}"
restart_policy: "{{ jellyfin_container_restart_policy }}"
state: "{{ jellyfin_container_state }}"
- name: Ensure jellyfin is deployed using {{ jellyfin_deployment_method }}
ansible.builtin.include_tasks:
file: "deploy-{{ jellyfin_deployment_method }}.yml"

View File

@@ -2,6 +2,9 @@
jellyfin_states:
- present
- absent
jellyfin_deployment_methods:
- docker
- podman
jellyfin_container_base_volumes:
- "{{ jellyfin_config_path }}:/config:z"

16
roles/keycloak/README.md Normal file
View File

@@ -0,0 +1,16 @@
# `finallycoffee.services.keycloak` ansible role
Ansible role for deploying keycloak, currently only supports docker.
Migrated from `entropia.sso.keycloak`.
## Required variables
- `keycloak_database_password` - password for the database user
- `keycloak_config_hostname` - public domain of the keycloak server
## Database configuration
- `keycloak_database_hostname` - hostname of the database server, defaults to `localhost`
- `keycloak_database_username` - username to use when connecting to the database server, defaults to `keycloak`
- `keycloak_database_database` - name of the database to use, defaults to `keycloak`

View File

@@ -0,0 +1,51 @@
---
keycloak_version: "26.4.2"
keycloak_container_name: keycloak
keycloak_container_image_upstream_registry: quay.io
keycloak_container_image_upstream_namespace: keycloak
keycloak_container_image_upstream_name: keycloak
keycloak_container_image_upstream: >-2
{{
([
keycloak_container_image_upstream_registry | default([]),
keycloak_container_image_upstream_namespace | default([]),
keycloak_container_image_upstream_name,
] | flatten | join('/'))
}}
keycloak_container_image_name: "keycloak:{{ keycloak_version }}-custom"
keycloak_container_database_vendor: postgres
keycloak_base_path: /opt/keycloak
keycloak_container_build_directory: "{{ keycloak_base_path }}/build"
keycloak_container_build_jar_directory: providers
keycloak_container_build_flags: {}
keycloak_provider_jars_directory: "{{ keycloak_base_path }}/providers"
keycloak_build_provider_jars_directory: "{{ keycloak_container_build_directory }}/{{ keycloak_container_build_jar_directory }}"
keycloak_database_hostname: localhost
keycloak_database_port: 5432
keycloak_database_username: keycloak
keycloak_database_password: ~
keycloak_database_database: keycloak
keycloak_container_env: {}
keycloak_container_labels: ~
keycloak_container_volumes: ~
keycloak_container_restart_policy: unless-stopped
keycloak_container_command: >-2
start
--db-username {{ keycloak_database_username }}
--db-password {{ keycloak_database_password }}
--db-url jdbc:postgresql://{{ keycloak_database_hostname }}{{ keycloak_database_port | ternary(':' ~ keycloak_database_port, '') }}/{{ keycloak_database_database }}
{{ keycloak_container_extra_start_flags | default([]) | join(' ') }}
--proxy-headers=xforwarded
--hostname {{ keycloak_config_hostname }}
--optimized
keycloak_config_health_enabled: true
keycloak_config_metrics_enabled: true
keycloak_config_hostname: localhost
keycloak_config_admin_username: admin
keycloak_config_admin_password: ~

View File

@@ -0,0 +1,13 @@
---
allow_duplicates: true
dependencies: []
galaxy_info:
role_name: keycloak
description: Deploy keycloak, the opensource identity and access management solution
galaxy_tags:
- keycloak
- sso
- oidc
- oauth2
- iam
- docker

View File

@@ -0,0 +1,72 @@
---
- name: Ensure build directory exists
ansible.builtin.file:
name: "{{ keycloak_container_build_directory }}"
state: directory
recurse: yes
mode: 0700
tags:
- keycloak-build-container
- name: Ensure provider jars directory exists
ansible.builtin.file:
name: "{{ keycloak_provider_jars_directory }}"
state: directory
mode: 0775
tags:
- keycloak-build-container
- name: Ensure Dockerfile is templated
ansible.builtin.template:
src: Dockerfile.j2
dest: "{{ keycloak_container_build_directory }}/Dockerfile"
mode: 0700
register: keycloak_buildfile_info
tags:
- keycloak-container
- keycloak-build-container
- name: Ensure upstream Keycloak container image '{{ keycloak_container_image_upstream }}:{{ keycloak_version }}' is present
community.docker.docker_image:
name: "{{ keycloak_container_image_upstream }}:{{ keycloak_version }}"
source: pull
state: present
register: keycloak_container_image_upstream_status
tags:
- keycloak-container
- keycloak-build-container
- name: Ensure custom keycloak container image '{{ keycloak_container_image_name }}' is built
community.docker.docker_image:
name: "{{ keycloak_container_image_name }}"
build:
args:
DB_VENDOR: "{{ keycloak_container_database_vendor }}"
KC_ADMIN_PASSWORD: "{{ keycloak_config_admin_password }}"
dockerfile: "{{ keycloak_container_build_directory }}/Dockerfile"
path: "{{ keycloak_container_build_directory }}"
source: build
state: present
force_source: "{{ keycloak_buildfile_info.changed or keycloak_container_image_upstream_status.changed or (keycloak_force_rebuild_container | default(false))}}"
register: keycloak_container_image_status
tags:
- keycloak-container
- keycloak-build-container
- name: Ensure keycloak container is running
community.docker.docker_container:
name: "{{ keycloak_container_name }}"
image: "{{ keycloak_container_image_name }}"
env: "{{ keycloak_container_env | default(omit, true) }}"
ports: "{{ keycloak_container_ports | default(omit, true) }}"
hostname: "{{ keycloak_container_hostname | default(omit) }}"
labels: "{{ keycloak_container_labels | default(omit, true) }}"
volumes: "{{ keycloak_container_volumes | default(omit, true) }}"
restart_policy: "{{ keycloak_container_restart_policy }}"
recreate: "{{ keycloak_container_force_recreate | default(false) or (keycloak_container_image_status.changed if keycloak_container_image_status is defined else false) }}"
etc_hosts: "{{ keycloak_container_etc_hosts | default(omit) }}"
state: started
command: "{{ keycloak_container_command }}"
tags:
- keycloak-container

View File

@@ -0,0 +1,43 @@
FROM {{ keycloak_container_image_upstream }}:{{ keycloak_version }} as builder
# Enable health and metrics support
ENV KC_HEALTH_ENABLED={{ keycloak_config_health_enabled | ternary('true', 'false') }}
ENV KC_METRICS_ENABLED={{ keycloak_config_metrics_enabled | ternary('true', 'false') }}
# Configure a database vendor
ARG DB_VENDOR
ENV KC_DB=$DB_VENDOR
WORKDIR {{ keycloak_container_working_directory }}
{% if keycloak_container_image_add_local_providers | default(true) %}
ADD ./providers/* providers/
{% endif %}
# Workaround to set correct mode on jar files
USER root
RUN chmod -R 0770 providers/*
USER keycloak
RUN {{ keycloak_container_working_directory }}/bin/kc.sh --verbose \
{% for argument in keycloak_container_build_flags | dict2items(key_name='flag', value_name='value') %}
--{{- argument['flag'] -}}{{- argument['value'] | default(false, true) | ternary('=' + argument['value'], '') }} \
{% endfor%}
build{% if keycloak_container_build_features | default([]) | length > 0 %} \
{% endif %}
{% if keycloak_container_build_features | default([]) | length > 0 %}
--features="{{ keycloak_container_build_features | join(',') }}"
{% endif %}
FROM {{ keycloak_container_image_upstream }}:{{ keycloak_version }}
COPY --from=builder {{ keycloak_container_working_directory }}/ {{ keycloak_container_working_directory }}/
ENV KC_HOSTNAME={{ keycloak_config_hostname }}
ENV KEYCLOAK_ADMIN={{ keycloak_config_admin_username }}
ARG KC_ADMIN_PASSWORD
{% if keycloak_version | split('.') | first | int > 21 %}
ENV KEYCLOAK_ADMIN_PASSWORD=$KC_ADMIN_PASSWORD
{% else %}
ENV KEYCLOAK_PASSWORD=$KC_ADMIN_PASSWORD
{% endif %}
ENTRYPOINT ["{{ keycloak_container_working_directory }}/bin/kc.sh"]

View File

@@ -0,0 +1,3 @@
---
keycloak_container_working_directory: /opt/keycloak

View File

@@ -2,9 +2,9 @@
openproject_base_path: "/opt/openproject"
openproject_upstream_git_url: "https://github.com/opf/openproject-deploy.git"
openproject_upstream_git_branch: "stable/13"
openproject_upstream_git_branch: "stable/14"
openproject_compose_project_path: "{{ openproject_base_path }}/compose"
openproject_compose_project_path: "{{ openproject_base_path }}"
openproject_compose_project_name: "openproject"
openproject_compose_project_env_file: "{{ openproject_compose_project_path }}/.env"
openproject_compose_project_override_file: "{{ openproject_compose_project_path }}/docker-compose.override.yml"

View File

@@ -26,14 +26,13 @@
content: "{{ openproject_compose_overrides | default({}) | to_nice_yaml }}"
- name: Ensure containers are pulled
community.docker.docker_compose:
community.docker.docker_compose_v2:
project_src: "{{ openproject_compose_project_path }}"
project_name: "{{ openproject_compose_project_name }}"
pull: true
pull: "missing"
- name: Ensure services are running
community.docker.docker_compose:
community.docker.docker_compose_v2:
project_src: "{{ openproject_compose_project_path }}"
project_name: "{{ openproject_compose_project_name }}"
state: "present"
build: false

View File

@@ -0,0 +1,3 @@
# `finallycoffee.services.phpldapadmin`
Role to deploy and configure [phpldapadmin](https://github.com/leenooks/phpLDAPadmin).

View File

@@ -0,0 +1,39 @@
---
phpldapadmin_container_name: phpldapadmin
phpldapadmin_container_image_registry: docker.io
phpldapadmin_container_image_namespace: phpldapadmin
phpldapadmin_container_image_name: phpldapadmin
phpldapadmin_container_image_repository: >-2
{{
[
phpldapadmin_container_image_registry | default([], true),
phpldapadmin_container_image_namespace | default([], true),
phpldapadmin_container_image_name
] | flatten | join('/')
}}
phpldapadmin_container_image: >-2
{{
[
phpldapadmin_container_image_repository,
phpldapadmin_container_image_tag | default(phpldapadmin_version, true)
] | join(':')
}}
phpldapadmin_container_image_tag: ~
phpldapadmin_container_image_source: pull
phpldapadmin_container_image_force_source: >-2
{{ phpldapadmin_container_image_tag | default(false, true) }}
phpldapadmin_container_env: ~
phpldapadmin_container_user: ~
phpldapadmin_container_ports: ~
phpldapadmin_container_labels: ~
phpldapadmin_container_volumes: ~
phpldapadmin_container_networks: ~
phpldapadmin_container_network_mode: ~
phpldapadmin_container_dns_servers: ~
phpldapadmin_container_etc_hosts: ~
phpldapadmin_container_memory: ~
phpldapadmin_container_memory_swap: ~
phpldapadmin_container_memory_reservation: ~
phpldapadmin_container_restart_policy: "on-failure"
phpldapadmin_container_state: >-2
{{ (phpldapadmin_state == 'present') | ternary('started', 'absent') }}

View File

@@ -0,0 +1,5 @@
---
phpldapadmin_version: "2.3.4"
phpldapadmin_state: present
phpldapadmin_deployment_method: docker

View File

@@ -0,0 +1,27 @@
---
- name: Ensure phpldapadmin container image '{{ phpldapadmin_container_image }}' is {{ phpldapadmin_state }}
community.docker.docker_image:
name: "{{ phpldapadmin_container_image }}"
state: "{{ phpldapadmin_state }}"
source: "{{ phpldapadmin_container_image_source }}"
force_source: "{{ phpldapadmin_container_image_force_source }}"
- name: Ensure phpldapadmin container '{{ phpldapadmin_container_name }}' is {{ phpldapadmin_container_state }}
community.docker.docker_container:
name: "{{ phpldapadmin_container_name }}"
image: "{{ phpldapadmin_container_image }}"
env: "{{ phpldapadmin_container_env | default(omit, true) }}"
user: "{{ phpldapadmin_container_user | default(omit, true) }}"
ports: "{{ phpldapadmin_container_ports | default(omit, true) }}"
labels: "{{ phpldapadmin_container_labels | default(omit, true) }}"
volumes: "{{ phpldapadmin_container_volumes | default(omit, true) }}"
networks: "{{ phpldapadmin_container_networks | default(omit, true) }}"
network_mode: "{{ phpldapadmin_container_network_mode | default(omit, true) }}"
dns_servers: "{{ phpldapadmin_container_dns_servers | default(omit, true) }}"
etc_hosts: "{{ phpldapadmin_container_etc_hosts | default(omit, true) }}"
memory: "{{ phpldapadmin_container_memory | default(omit, true) }}"
memory_swap: "{{ phpldapadmin_container_memory_swap | default(omit, true) }}"
memory_reservation: >-2
{{ phpldapadmin_container_memory_reservation | default(omit, true) }}
restart_policy: "{{ phpldapadmin_container_restart_policy | default(omit, true) }}"
state: "{{ phpldapadmin_container_state }}"

View File

@@ -0,0 +1,18 @@
---
- name: Ensure 'phpldapadmin_state' is valid
ansible.builtin.fail:
msg: >-2
Unsupported state '{{ phpldapadmin_state }}'!
Supported states are {{ phpldapadmin_states | join(', ') }}
when: phpldapadmin_state not in phpldapadmin_states
- name: Ensure 'phpldapadmin_deployment_method' is valid
ansible.builtin.fail:
msg: >-2
Unsupported deployment method '{{ phpldapadmin_deployment_method }}'!
Supported deployment methods are {{ phpldapadmin_deployment_methods | join(', ') }}
when: phpldapadmin_deployment_method not in phpldapadmin_deployment_methods
- name: Deploy using {{ phpldapadmin_deployment_method }}
ansible.builtin.import_tasks:
file: "deploy-{{ phpldapadmin_deployment_method }}.yml"

View File

@@ -0,0 +1,6 @@
---
phpldapadmin_states:
- "present"
- "absent"
phpldapadmin_deployment_methods:
- "docker"

54
roles/pretix/README.md Normal file
View File

@@ -0,0 +1,54 @@
# `finallycoffee.services.pretix` ansible role
Deploy [pretix](https://pretix.eu) using ansible. Note that this
role does not configure pretix beyond its own configuration file,
and requires changing a default admin password after a successful
installation.
## Configuration
For all available configuration options, see [`defaults/main/config.yml`](defaults/main/config.yml)
and other supporting files in the [`defaults/main/`](defaults/main/) folder.
To add custom configuration to pretix, populate them in `pretix_config`,
where they will be (recusively) merged into the default configuration.
### Required
- `pretix_domain`: domain of the pretix instance
- `pretix_postgresql_password`: password for the (default: postgresql) database
- `pretix_config_redis_location`: connection string for the main pretix redis database
- `pretix_config_celery_backend`: connection string for the celery backend, can be a (different!) redis database
- `pretix_config_celery_broker`: connection string for the celery broker, can be a (yet another different) redis database
For examples on how a redis server (like valkey) can be configured
for redis, see [`playbooks/pretix.yml`](../../playbooks/pretix.yml).
### Mailing
Set up mails in pretix by populating the following variables:
- `pretix_config_mail_host`: domain/IP and optional port of the SMTP server
- `pretix_config_mail_user`: SMTP user to authenticate
- `pretix_config_mail_password`: password for the SMTP user
### Plugins
To install more plugins, list the wanted `pypi` packages as a list in
`pretix_plugins`. They will be installed in the created virtualenv, and migrations and an asset rebuild will be automatically started.
If your plugin requires custom configuration (f.ex.: `pretix-oidc`),
add the configuration into `pretix_config`.
## Troubleshooting
### virtualenv
By default, the virtualenv is located in `/var/lib/pretix/virtualenv`.
This can be controlled by setting `pretix_virtualenv_dir`.
NOTE: To fix a broken virtualenv, try setting `pretix_virtualenv_state` to `forcereinstall` (see
[`ansible.builtin.pip` on docs.ansible.com](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/pip_module.html)).
NOTE: To install pip packages or execute migrations in the virtualenv, ansible
needs to become the unprivilated `pretix_user` (default: `pretix`). This might
require having the `acl` system package installed.

View File

@@ -0,0 +1,86 @@
---
pretix_config_instance_name: "My pretix installation"
pretix_config_url: "https://pretix.example.org"
pretix_config_currency: "EUR"
pretix_config_data_dir: "{{ pretix_data_dir }}"
pretix_config_trust_x_forwarded_for: "on"
pretix_config_trust_x_forwarded_proto: "on"
pretix_config_wsgi_name: "pretix"
pretix_config_wsgi_workers: 4
pretix_config_wsgi_max_requests: 100
pretix_config_wsgi_log_level: "info"
pretix_config_wsgi_bind_addr: "127.0.0.1:8345"
pretix_config_worker_log_level: "{{ pretix_config_wsgi_log_level }}"
pretix_config_database_backend: postgresql
pretix_config_database_name: pretix
pretix_config_database_user: pretix
pretix_config_database_password: ~
pretix_config_database_host: ""
pretix_config_mail_host: ~
pretix_config_mail_from: "tickets@example.org"
pretix_config_mail_user: ~
pretix_config_mail_password: ~
pretix_config_mail_tls: true
pretix_config_mail_ssl: false
pretix_config_redis_location: ~
pretix_config_redis_sessions: true
pretix_config_celery_backend: ~
pretix_config_celery_broker: ~
pretix_app_config:
url: "{{ pretix_config_url }}"
instance_name: "{{ pretix_config_instance_name }}"
datadir: "{{ pretix_config_data_dir }}"
trust_x_forwarded_for: "{{ pretix_config_trust_x_forwarded_for }}"
trust_x_forwarded_proto: "{{ pretix_config_trust_x_forwarded_proto }}"
currency: "{{ pretix_config_currency }}"
pretix_database_config:
backend: "{{ pretix_config_database_backend }}"
name: "{{ pretix_config_database_name }}"
user: "{{ pretix_config_database_user }}"
password: "{{ pretix_config_database_password }}"
host: "{{ pretix_config_database_host }}"
pretix_mail_minimal_config:
host: "{{ pretix_config_mail_host }}"
from: "{{ pretix_config_mail_from }}"
pretix_mail_config: >-2
{{ pretix_mail_minimal_config
| combine({'user': pretix_config_mail_user} if pretix_config_mail_user else {})
| combine({'password': pretix_config_mail_password} if pretix_config_mail_password else {})
| combine({'ssl': pretix_config_mail_ssl | bool | ternary('on', 'off')} if pretix_config_mail_ssl else {})
| combine({'tls': pretix_config_mail_tls | bool | ternary('on', 'off')} if pretix_config_mail_tls else {})
}}
pretix_redis_config:
location: "{{ pretix_config_redis_location }}"
sessions: "{{ pretix_config_redis_sessions | bool | ternary('true', 'false') }}"
pretix_celery_config:
backend: "{{ pretix_config_celery_backend }}"
broker: "{{ pretix_config_celery_broker }}"
pretix_config: {}
pretix_default_config:
pretix: "{{ pretix_app_config }}"
database: "{{ pretix_database_config }}"
mail: "{{ pretix_mail_config }}"
redis: "{{ pretix_redis_config }}"
celery: "{{ pretix_celery_config }}"
pretix_config_merged: >-2
{{ pretix_default_config | combine(pretix_config | default({}), recursive=True) }}
pretix_config_file_content: |+2
{% for kv in (pretix_config_merged | dict2items) %}
[{{ kv.key }}]
{% for entry in ((kv.value | default({}, true)) | dict2items) %}
{{ entry.key }}={{ entry.value }}
{% endfor %}
{% endfor %}

View File

@@ -0,0 +1,16 @@
---
pretix_version: "2025.8.0"
pretix_state: "present"
pretix_deployment_method: "systemd"
pretix_config_file: "/etc/pretix/pretix.cfg"
pretix_config_file_owner: "{{ pretix_user_id }}"
pretix_config_file_group: "{{ pretix_group_id }}"
pretix_config_file_mode: "0640"
pretix_config_dir: "{{ pretix_config_file | dirname }}"
pretix_install_dir: "/var/lib/pretix"
pretix_virtualenv_dir: "{{ pretix_install_dir }}/virtualenv"
pretix_data_dir: "{{ pretix_install_dir }}/data"
pretix_media_dir: "{{ pretix_data_dir }}/media"
pretix_plugins: []

View File

@@ -0,0 +1,22 @@
---
pretix_debian_packages:
- "git"
- "build-essential"
- "python3-dev"
- "python3-venv"
- "python3"
- "python3-pip"
- "libxml2-dev"
- "libxslt1-dev"
- "libffi-dev"
- "zlib1g-dev"
- "libssl-dev"
- "gettext"
- "libpq-dev"
- "libjpeg-dev"
- "libopenjp2-7-dev"
- "nodejs"
pretix_packages:
"debian":
"12": "{{ pretix_debian_packages }}"

View File

@@ -0,0 +1,50 @@
---
pretix_systemd_unit_description: "pretix web service"
pretix_systemd_unit_after: "network.target"
pretix_systemd_unit_file_path: >-2
/etc/systemd/system/{{ pretix_systemd_service_name }}
pretix_systemd_service_name: "pretix.service"
pretix_systemd_service_user: "{{ pretix_user }}"
pretix_systemd_service_group: "{{ pretix_user }}"
pretix_systemd_service_environment:
VIRTUAL_ENV: "{{ pretix_virtualenv_dir }}"
PATH: "{{ pretix_virtualenv_dir }}/bin:/usr/local/bin:/usr/bin:/bin"
pretix_systemd_service_working_directory: "{{ pretix_install_dir }}"
pretix_systemd_service_exec_start: >-2
{{ pretix_virtualenv_dir }}/bin/gunicorn pretix.wsgi
--name {{ pretix_config_wsgi_name }}
--workers {{ pretix_config_wsgi_workers }}
--max-requests {{ pretix_config_wsgi_max_requests }}
--log-level={{ pretix_config_wsgi_log_level }}
--bind={{ pretix_config_wsgi_bind_addr }}
pretix_systemd_service_restart: "on-failure"
pretix_systemd_install_wanted_by: "multi-user.target"
# pretix worker
pretix_worker_systemd_service_name: "pretix-worker.service"
pretix_worker_systemd_service_description: "pretix worker service"
pretix_worker_systemd_unit_file_path: >-2
/etc/systemd/system/{{ pretix_worker_systemd_service_name }}
pretix_worker_systemd_service_exec_start: >-2
{{ pretix_virtualenv_dir }}/bin/celery
-A pretix.celery_app worker
-l {{ pretix_config_worker_log_level }}
# pretix cron
pretix_cron_systemd_service_name: "pretix-cron.service"
pretix_cron_systemd_service_description: "pretix cron service"
pretix_cron_systemd_unit_file_path: >-2
/etc/systemd/system/{{ pretix_cron_systemd_service_name }}
pretix_cron_systemd_service_exec_start: >-2
python3 -m pretix runperiodic
pretix_cron_systemd_timer_name: "pretix-cron.timer"
pretix_cron_systemd_timer_description: "pretix cron timer"
pretix_cron_systemd_timer_file_path: >-2
/etc/systemd/system/{{ pretix_cron_systemd_timer_name }}
pretix_cron_systemd_timer_on_active_sec: 1800
pretix_cron_systemd_timer_on_startup_sec: >-2
{{ pretix_cron_systemd_timer_on_active_sec }}
pretix_cron_systemd_timer_accuracy_sec: 60

View File

@@ -0,0 +1,7 @@
---
pretix_user: "pretix"
pretix_user_system: true
pretix_user_create_home: false
pretix_user_id: "{{ pretix_user_info.uid | default(pretix_user) }}"
pretix_group_id: "{{ pretix_user_info.group | default(pretix_user) }}"

View File

@@ -0,0 +1,11 @@
---
pretix_virtualenv_state: "{{ pretix_state }}"
pretix_virtualenv_packages:
- "pip"
- "setuptools"
- "wheel"
- "gunicorn"
- "pretix=={{ pretix_version }}"
pretix_virtualenv_site_packages: false
pretix_virtualenv_command: "python3 -m venv"

View File

@@ -0,0 +1,6 @@
---
- name: Ensure pretix systemd service is restarted
listen: pretix_restart
ansible.builtin.systemd_service:
name: "{{ pretix_systemd_service_name }}"
state: "restarted"

View File

@@ -0,0 +1,9 @@
---
allow_duplicates: true
dependencies: []
galaxy_info:
role_name: pretix
description: Ansible role to deploy pretix (https://pretix.eu)
galaxy_tags:
- pretix
- ticketing

View File

@@ -0,0 +1,14 @@
---
- name: Ensure 'pretix_state' is valid
ansible.builtin.fail:
msg: >-2
Unsupported pretix_state '{{ pretix_state }}'.
Supported states are {{ pretix_states | join(', ') }}
when: pretix_state not in pretix_states
- name: Ensure 'pretix_deployment_method' is valid
ansible.builtin.fail:
msg: >-2
Unsupported pretix_state '{{ pretix_deployment_method }}'.
Supported states are {{ pretix_deployment_methods | join(', ') }}
when: pretix_deployment_method not in pretix_deployment_methods

View File

@@ -0,0 +1,10 @@
---
- name: Ensure configuration file is written
ansible.builtin.copy:
dest: "{{ pretix_config_file }}"
content: "{{ pretix_config_file_content }}"
owner: "{{ pretix_config_file_owner }}"
group: "{{ pretix_config_file_group }}"
mode: "{{ pretix_config_file_mode }}"
when: pretix_state == 'present'
register: pretix_config_file_info

View File

@@ -0,0 +1,64 @@
---
- name: Ensure virtualenv in {{ pretix_virtualenv_dir }} is present
ansible.builtin.pip:
name: "{{ pretix_virtualenv_packages + pretix_plugins }}"
state: "{{ pretix_virtualenv_state }}"
chdir: "{{ pretix_install_dir }}"
virtualenv: "{{ pretix_virtualenv_dir }}"
virtualenv_command: "{{ pretix_virtualenv_command | default(omit, true) }}"
virtualenv_site_packages: "{{ pretix_virtualenv_site_packages }}"
become: true
become_user: "{{ pretix_user }}"
register: pretix_virtualenv_info
# TODO: determine to only do this on a) upgrades or b) initial deployis
- name: Ensure pretix database migrations are run
ansible.builtin.command:
cmd: "{{ pretix_virtualenv_dir }}/bin/python -m pretix migrate"
chdir: "{{ pretix_install_dir }}"
environment:
VIRTUAL_ENV: "{{ pretix_virtualenv_dir }}"
become: true
become_user: "{{ pretix_user }}"
notify: pretix_restart
when:
- pretix_state == 'present'
- pretix_virtualenv_info.changed or pretix_config_file_info.changed
# TODO: determine to only do this on a) upgrades or b) initial deployis
- name: Ensure pretix static assets are built
ansible.builtin.command:
cmd: "{{ pretix_virtualenv_dir }}/bin/python -m pretix rebuild"
chdir: "{{ pretix_install_dir }}"
environment:
VIRTUAL_ENV: "{{ pretix_virtualenv_dir }}"
become: true
become_user: "{{ pretix_user }}"
notify: pretix_restart
when:
- pretix_state == 'present'
- pretix_virtualenv_info.changed or pretix_config_file_info.changed
- name: Ensure pretix systemd service is enabled
ansible.builtin.systemd_service:
name: "{{ _service }}"
enabled: true
when: pretix_state == 'present'
loop:
- "{{ pretix_systemd_service_name }}"
- "{{ pretix_worker_systemd_service_name }}"
- "{{ pretix_cron_systemd_service_name }}"
- "{{ pretix_cron_systemd_timer_name }}"
loop_control:
loop_var: _service
- name: Ensure pretix systemd service is {{ pretix_state }}
ansible.builtin.systemd_service:
name: "{{ _service }}"
state: "{{ (pretix_state == 'present') | ternary('started', 'stopped') }}"
loop:
- "{{ pretix_systemd_service_name }}"
- "{{ pretix_worker_systemd_service_name }}"
- "{{ pretix_cron_systemd_timer_name }}"
loop_control:
loop_var: _service

View File

@@ -0,0 +1,5 @@
---
- name: Ensure pretix is deployed using {{ pretix_deployment_method }}
ansible.builtin.include_tasks:
file: "deploy-{{ pretix_deployment_method }}.yml"
when: pretix_state == 'present'

View File

@@ -0,0 +1,16 @@
---
- name: Ensure preconditions are met
ansible.builtin.include_tasks:
file: "check.yml"
- name: Ensure deployment preparations are done
ansible.builtin.include_tasks:
file: "prepare.yml"
- name: Ensure pretix is configured
ansible.builtin.include_tasks:
file: "configure.yml"
- name: Ensure pretix is deployed
ansible.builtin.include_tasks:
file: "deploy.yml"

View File

@@ -0,0 +1,61 @@
---
- name: Ensure ansible facts are collected
ansible.builtin.setup:
gather_subset:
- "!all"
- "pkg_mgr"
- "distribution"
- "distribution_release"
- "distribution_version"
- "distribution_major_version"
- name: Ensure system packages are present (apt)
ansible.builtin.apt:
name: "{{ package }}"
state: "{{ pretix_state }}"
loop: "{{ pretix_packages[ansible_distribution | lower][ansible_distribution_major_version] }}"
loop_control:
loop_var: "package"
when: ansible_facts['pkg_mgr'] == 'apt'
# TODO: add pretix worker and cron
- name: Ensure systemd unit {{ pretix_systemd_unit_name }} is {{ pretix_state }}
ansible.builtin.template:
src: "pretix.service.j2"
dest: "{{ pretix_systemd_unit_file_path }}"
register: pretix_systemd_unit_info
notify:
- pretix_restart
- name: Ensure systemd unit {{ pretix_worker_systemd_unit_name }} is {{ pretix_state }}
ansible.builtin.template:
src: "pretix.service.j2"
dest: "{{ pretix_worker_systemd_unit_file_path }}"
register: pretix_worker_systemd_unit_info
vars:
pretix_systemd_service_exec_start: "{{ pretix_worker_systemd_service_exec_start }}"
pretix_systemd_service_description: "{{ pretix_worker_systemd_service_description }}"
- name: Ensure systemd unit {{ pretix_cron_systemd_service_name }} is {{ pretix_state }}
ansible.builtin.template:
src: "pretix.service.j2"
dest: "{{ pretix_cron_systemd_unit_file_path }}"
register: pretix_cron_systemd_unit_info
vars:
pretix_systemd_service_exec_start: "{{ pretix_cron_systemd_service_exec_start }}"
pretix_systemd_service_description: "{{ pretix_cron_systemd_service_description }}"
- name: Ensure systemd timer unit {{ pretix_cron_systemd_timer_name }} is {{ pretix_state }}
ansible.builtin.template:
src: "pretix-cron.timer.j2"
dest: "{{ pretix_cron_systemd_timer_file_path }}"
register: pretix_cron_systemd_timer_info
- name: Ensure systemd is reloaded
ansible.builtin.systemd_service:
daemon_reload: true
when: >-2
pretix_systemd_unit_info.changed
or pretix_worker_systemd_unit_info.changed
or pretix_cron_systemd_unit_info.changed
or pretix_cron_systemd_timer_info.changed

View File

@@ -0,0 +1,29 @@
---
- name: Ensure pretix user '{{ pretix_user }}' is {{ pretix_state }}
ansible.builtin.user:
name: "{{ pretix_user }}"
state: "{{ pretix_state }}"
system: "{{ pretix_user_system }}"
create_home: "{{ pretix_user_create_home }}"
register: pretix_user_info
- name: Ensure host directories are {{ pretix_state }}
ansible.builtin.file:
path: "{{ item.path }}"
owner: "{{ item.owner | default(pretix_user_id) }}"
group: "{{ item.group | default(pretix_group_id) }}"
mode: "{{ item.mode | default('0750') }}"
state: "directory"
loop:
- path: "{{ pretix_config_dir }}"
- path: "{{ pretix_virtualenv_dir }}"
- path: "{{ pretix_data_dir }}"
- path: "{{ pretix_media_dir }}"
when: pretix_state == 'present'
- name: Ensure deployment-type specific preparations for '{{ pretix_deployment_method }}' are run
ansible.builtin.include_tasks:
file: "prepare-{{ pretix_deployment_method }}.yml"
when:
- pretix_state == 'present'
- pretix_deployment_method in ['systemd']

View File

@@ -0,0 +1,10 @@
[Unit]
Description={{ pretix_cron_systemd_timer_description }}
[Timer]
OnActiveSec={{ pretix_cron_systemd_timer_on_active_sec }}
OnStartupSec={{ pretix_cron_systemd_timer_on_startup_sec }}
AccuracySec={{ pretix_cron_systemd_timer_accuracy_sec }}
[Install]
WantedBy=timers.target

View File

@@ -0,0 +1,16 @@
[Unit]
Description={{ pretix_systemd_unit_description }}
After={{ pretix_systemd_unit_after }}
[Service]
User={{ pretix_systemd_service_user }}
Group={{ pretix_systemd_service_group }}
{% for kv in pretix_systemd_service_environment | dict2items %}
Environment="{{ kv.key }}={{ kv.value }}"
{% endfor %}
WorkingDirectory={{ pretix_systemd_service_working_directory }}
ExecStart={{ pretix_systemd_service_exec_start }}
Restart={{ pretix_systemd_service_restart }}
[Install]
WantedBy={{ pretix_systemd_install_wanted_by }}

View File

@@ -0,0 +1,7 @@
---
pretix_states:
- "present"
- "absent"
pretix_deployment_methods:
- "systemd"

46
roles/snipe_it/README.md Normal file
View File

@@ -0,0 +1,46 @@
# `finallycoffee.services.snipe_it` ansible role
[Snipe-IT](https://snipeitapp.com/) is an open-source asset management with
a powerful JSON-REST API. This ansible role deploys and configures Snipe-IT.
## Requirements
Snipe-IT requires a MySQL-Database like MariaDB and a working email service
for sending email. For installing and configuring MariaDB, see
[`finallycoffee.base.mariadb`](https://galaxy.ansible.com/ui/repo/published/finallycoffee/base/content/role/mariadb/).
## Configuration
Required variables to set are:
- `snipe_it_domain` - domain name of the snipe-it instance
- `snipe_it_config_app_url` - URL where snipe-it will be reachable including protocol and port
- `snipe_it_config_app_key` - Laravel application key
### Database configuration
All (database) options from the upstream laravel `.env` file are available
under the `snipe_it_config_db_*` prefix. Configure a database as follows:
```
snipe_it_config_db_host: localhost # defaults to localhost
snipe_it_config_db_port: "3306" # defaults to 3306
snipe_it_config_db_database: my_snipe_db_name # defaults to 'snipeit'
snipe_it_config_db_username: my_snipe_db_user # defaults to 'snipeit'
snipe_it_config_db_password: my_snipe_db_password
# Set this if the database is shared with
# other applications. defaults to not set
snipe_it_config_db_prefix: snipe_
```
### Email configuration
Configuring an email server is mandatory. An example is provided below:
```yaml
snipe_it_config_mail_host: smtp.example.com
snipe_it_config_mail_username: snipe_user@snipe.example.com
snipe_it_config_mail_password: i_want_to_be_strong_and_long
snipe_it_config_mail_from_addr: "noreply@snipe.example.com"
snipe_it_config_mail_from_name: "Example.com SnipeIT instance"
```
The default smtp port is `587` and can be set in `snipe_it_config_mail_port`.

View File

@@ -0,0 +1,131 @@
---
snipe_it_config_app_version: "v{{ snipe_it_version }}"
snipe_it_config_app_port: 8000
snipe_it_config_app_env: "production"
snipe_it_config_app_debug: false
snipe_it_config_app_key: ~
snipe_it_config_app_url: "http://localhost:{{ snipe_it_config_app_port }}"
snipe_it_config_app_timezone: UTC
snipe_it_config_app_locale: en-US
snipe_it_config_app_locked: false
snipe_it_config_app_cipher: "AES-256-GCM"
snipe_it_config_app_force_tls: false
snipe_it_config_app_trusted_proxies:
- '192.168.0.0/16'
- '172.16.0.0/12'
- '10.0.0.0/8'
snipe_it_config_db_connection: mysql
snipe_it_config_db_host: localhost
snipe_it_config_db_port: "3306"
snipe_it_config_db_database: snipeit
snipe_it_config_db_username: snipeit
snipe_it_config_db_password: ~
snipe_it_config_db_prefix: ~
snipe_it_config_db_dump_path: /usr/bin/
snipe_it_config_db_charset: utf8mb4
snipe_it_config_db_collation: utf8mb4_unicode_ci
snipe_it_config_db_ssl: false
snipe_it_config_db_ssl_is_paas: false
snipe_it_config_db_ssl_key_path: ~
snipe_it_config_db_ssl_cert_path: ~
snipe_it_config_db_ssl_ca_path: ~
snipe_it_config_db_ssl_cipher: ~
snipe_it_config_db_ssl_verify_server: ~
snipe_it_config_mail_mailer: smtp
snipe_it_config_mail_host: ~
snipe_it_config_mail_port: 587
snipe_it_config_mail_username: ~
snipe_it_config_mail_password: ~
snipe_it_config_mail_tls_verify_peer: true
snipe_it_config_mail_from_addr: ~
snipe_it_config_mail_from_name: ~
snipe_it_config_mail_replyto_addr: "{{ snipe_it_config_mail_from_addr }}"
snipe_it_config_mail_replyto_name: "{{ snipe_it_config_mail_from_name }}"
snipe_it_config_mail_auto_embed_method: attachment
snipe_it_config_mail_backup_notification_driver: ~
snipe_it_config_mail_backup_notification_address: ~
snipe_it_config_private_filesystem_disk: "local"
snipe_it_config_public_filesystem_disk: "local_public"
snipe_it_config_allow_backup_delete: false
snipe_it_config_allow_data_purge: false
snipe_it_config_image_lib: 'gd'
snipe_it_config_log_channel: 'stderr'
snipe_it_config_log_max_days: 10
snipe_it_config_cookie_name: "_snipe_session"
snipe_it_config_cookie_domain: "{{ snipe_it_domain }}"
snipe_it_config_secure_cookies: true
snipe_it_config_session_driver: file
snipe_it_config_session_lifetime: 12000
snipe_it_config_cache_driver: file
snipe_it_config_cache_prefix: snipeit
snipe_it_config_queue_driver: file
snipe_it_base_config:
APP_VERSION: "{{ snipe_it_config_app_version }}"
APP_PORT: "{{ snipe_it_config_app_port }}"
APP_ENV: "{{ snipe_it_config_app_env }}"
APP_DEBUG: "{{ snipe_it_config_app_debug }}"
APP_KEY: "{{ snipe_it_config_app_key }}"
APP_URL: "{{ snipe_it_config_app_url }}"
APP_TIMEZONE: "{{ snipe_it_config_app_timezone }}"
APP_LOCALE: "{{ snipe_it_config_app_locale }}"
APP_LOCKED: "{{ snipe_it_config_app_locked }}"
APP_CIPHER: "{{ snipe_it_config_app_cipher }}"
APP_FORCE_TLS: "{{ snipe_it_config_app_force_tls }}"
APP_TRUSTED_PROXIES: "{{ snipe_it_config_app_trusted_proxies | join(',') }}"
DB_CONNECTION: "{{ snipe_it_config_db_connection }}"
DB_HOST: "{{ snipe_it_config_db_host }}"
DB_PORT: "{{ snipe_it_config_db_port }}"
DB_DATABASE: "{{ snipe_it_config_db_database }}"
DB_USERNAME: "{{ snipe_it_config_db_username }}"
DB_PASSWORD: "{{ snipe_it_config_db_password }}"
DB_PREFIX: "{{ snipe_it_config_db_prefix | default('null', true) }}"
DB_DUMP_PATH: "{{ snipe_it_config_db_dump_path }}"
DB_CHARSET: "{{ snipe_it_config_db_charset }}"
DB_COLLATION: "{{ snipe_it_config_db_collation }}"
DB_SSL: "{{ snipe_it_config_db_ssl }}"
DB_SSL_IS_PAAS: "{{ snipe_it_config_db_ssl_is_paas }}"
DB_SSL_KEY_PATH: "{{ snipe_it_config_db_ssl_key_path | default('null', true) }}"
DB_SSL_CERT_PATH: "{{ snipe_it_config_db_ssl_cert_path | default('null', true) }}"
DB_SSL_CA_PATH: "{{ snipe_it_config_db_ssl_ca_path | default('null', true) }}"
DB_SSL_CIPHER: "{{ snipe_it_config_db_ssl_cipher | default('null', true) }}"
DB_SSL_VERIFY_SERVER: "{{ snipe_it_config_db_ssl_verify_server | default('null', true) }}"
MAIL_MAILER: "{{ snipe_it_config_mail_mailer }}"
MAIL_HOST: "{{ snipe_it_config_mail_host }}"
MAIL_PORT: "{{ snipe_it_config_mail_port }}"
MAIL_USERNAME: "{{ snipe_it_config_mail_username }}"
MAIL_PASSWORD: "{{ snipe_it_config_mail_password }}"
MAIL_TLS_VERIFY_PEER: "{{ snipe_it_config_mail_tls_verify_peer }}"
MAIL_FROM_ADDR: "{{ snipe_it_config_mail_from_addr | default('null', true) }}"
MAIL_FROM_NAME: "{{ snipe_it_config_mail_from_name | default('null', true) }}"
MAIL_REPLYTO_ADDR: "{{ snipe_it_config_mail_replyto_addr | default('null', true) }}"
MAIL_REPLYTO_NAME: "{{ snipe_it_config_mail_replyto_name | default('null', true) }}"
MAIL_AUTO_EMBED_METHOD: "{{ snipe_it_config_mail_auto_embed_method }}"
MAIL_BACKUP_NOTIFICATION_DRIVER: "{{ snipe_it_config_mail_backup_notification_driver }}"
MAIL_BACKUP_NOTIFICATION_ADDRESS: "{{ snipe_it_config_mail_backup_notification_address }}"
SESSION_DRIVER: "{{ snipe_it_config_session_driver }}"
SESSION_LIFETIME: "{{ snipe_it_config_session_lifetime }}"
CACHE_DRIVER: "{{ snipe_it_config_cache_driver }}"
CACHE_PREFIX: "{{ snipe_it_config_cache_prefix }}"
QUEUE_DRIVER: "{{ snipe_it_config_queue_driver }}"
PRIVATE_FILESYSTEM_DISK: "{{ snipe_it_config_private_filesystem_disk }}"
PUBLIC_FILESYSTEM_DISK: "{{ snipe_it_config_public_filesystem_disk }}"
ALLOW_BACKUP_DELETE: "{{ snipe_it_config_allow_backup_delete }}"
ALLOW_DATA_PURGE: "{{ snipe_it_config_allow_data_purge }}"
IMAGE_LIB: "{{ snipe_it_config_image_lib }}"
LOG_CHANNEL: "{{ snipe_it_config_log_channel }}"
LOG_MAX_DAYS: "{{ snipe_it_config_log_max_days }}"
COOKIE_NAME: "{{ snipe_it_config_cookie_name }}"
COOKIE_DOMAIN: "{{ snipe_it_config_cookie_domain }}"
SECURE_COOKIES: "{{ snipe_it_config_secure_cookies }}"
snipe_it_config: ~
snipe_it_merged_config: >-2
{{ (snipe_it_base_config | default({}, true))
| combine((snipe_it_config | default({}, true)), recursive=True) }}

View File

@@ -0,0 +1,48 @@
---
snipe_it_container_image_registry: docker.io
snipe_it_container_image_namespace: 'snipe'
snipe_it_container_image_name: 'snipe-it'
snipe_it_container_image_tag: ~
snipe_it_container_image_flavour: alpine
snipe_it_container_image_source: pull
snipe_it_container_image_force_source: >-2
{{ snipe_it_container_image_tag | default(false, true) | bool }}
snipe_it_container_image: >-2
{{
([
snipe_it_container_image_registry | default([], true),
snipe_it_container_image_namespace | default([], true),
snipe_it_container_image_name,
] | flatten | join('/'))
+ ':'
+ (snipe_it_container_image_tag | default(
'v' + snipe_it_version + (
((snipe_it_container_image_flavour is string)
and (snipe_it_container_image_flavour | length > 0))
| ternary(
'-' + snipe_it_container_image_flavour | default('', true),
''
)
),
true
))
}}
snipe_it_container_env_file: "/var/www/html/.env"
snipe_it_container_data_directory: "/var/lib/snipeit/"
snipe_it_container_volumes:
- "{{ snipe_it_data_directory }}:{{ snipe_it_container_data_directory }}:z"
snipe_it_container_name: 'snipe-it'
snipe_it_container_state: >-2
{{ (snipe_it_state == 'present') | ternary('started', 'absent') }}
snipe_it_container_env: ~
snipe_it_container_user: ~
snipe_it_container_ports: ~
snipe_it_container_labels: ~
snipe_it_container_recreate: ~
snipe_it_container_networks: ~
snipe_it_container_etc_hosts: ~
snipe_it_container_dns_servers: ~
snipe_it_container_network_mode: ~
snipe_it_container_restart_policy: 'unless-stopped'

View File

@@ -0,0 +1,9 @@
---
snipe_it_user: snipeit
snipe_it_version: "8.3.4"
snipe_it_domain: ~
snipe_it_state: present
snipe_it_deployment_method: docker
snipe_it_env_file: /etc/snipeit/env
snipe_it_data_directory: /var/lib/snipeit

View File

@@ -0,0 +1,5 @@
---
snipe_it_run_user_id: >-2
{{ snipe_it_user_info.uid | default(snipe_it_user) }}
snipe_it_run_group_id: >-2
{{ snipe_it_user_info.group | default(snipe_it_user) }}

View File

@@ -0,0 +1,12 @@
---
allow_duplicates: true
dependencies: []
galaxy_info:
role_name: snipe_it
description: >-2
Deploy Snipe-IT, an open-source asset / license management system with
powerful JSON REST API
galaxy_tags:
- snipeit
- asset-management
- docker

View File

@@ -0,0 +1,14 @@
---
- name: Ensure state is valid
ansible.builtin.fail:
msg: >-2
Unsupported state '{{ snipe_it_state }}'!
Supported states are {{ snipe_it_states | join(', ') }}.
when: snipe_it_state is not in snipe_it_states
- name: Ensure deployment method is valid
ansible.builtin.fail:
msg: >-2
Unsupported deployment_method '{{ snipe_it_deployment_method }}'!
Supported values are {{ snipe_it_deployment_methods | join(', ') }}.
when: snipe_it_deployment_method is not in snipe_it_deployment_methods

View File

@@ -0,0 +1,30 @@
---
- name: Ensure container image '{{ snipe_it_container_image }}' is {{ snipe_it_state }}
community.docker.docker_image:
name: "{{ snipe_it_container_image }}"
state: "{{ snipe_it_state }}"
source: "{{ snipe_it_container_image_source }}"
force_source: "{{ snipe_it_container_image_force_source }}"
register: snipe_it_container_image_info
until: snipe_it_container_image_info is success
retries: 5
delay: 3
- name: Ensure container '{{ snipe_it_container_name }}' is {{ snipe_it_container_state }}
community.docker.docker_container:
name: "{{ snipe_it_container_name }}"
image: "{{ snipe_it_container_image }}"
env_file: "{{ snipe_it_env_file }}"
env: "{{ snipe_it_container_env | default(omit, true) }}"
user: "{{ snipe_it_container_user | default(omit, true) }}"
ports: "{{ snipe_it_container_ports | default(omit, true) }}"
labels: "{{ snipe_it_container_labels | default(omit, true) }}"
volumes: "{{ snipe_it_container_volumes | default(omit, true) }}"
networks: "{{ snipe_it_container_networks | default(omit, true) }}"
etc_hosts: "{{ snipe_it_container_etc_hosts | default(omit, true) }}"
dns_servers: "{{ snipe_it_container_dns_servers | default(omit, true) }}"
network_mode: "{{ snipe_it_container_network_mode | default(omit, true) }}"
restart_policy: >-2
{{ snipe_it_container_restart_policy | default(omit, true) }}
recreate: "{{ snipe_it_container_recreate | default(omit, true) }}"
state: "{{ snipe_it_container_state }}"

View File

@@ -0,0 +1,59 @@
---
- name: Check preconditions
ansible.builtin.include_tasks:
file: "check.yml"
- name: Ensure snipe-it user '{{ snipe_it_user }}' is {{ snipe_it_state }}
ansible.builtin.user:
name: "{{ snipe_it_user }}"
state: "{{ snipe_it_state }}"
system: "{{ snipe_it_user_system | default(true, true) }}"
create_home: "{{ snipe_it_user_create_home | default(false, true) }}"
groups: "{{ snipe_it_user_groups | default(omit, true) }}"
append: >-2
{{
snipe_it_user_groups_append | default(
snipe_it_user_groups | default([], true) | length > 0,
true,
)
}}
register: snipe_it_user_info
- name: Ensure snipe-it environment file is {{ snipe_it_state }}
ansible.builtin.file:
path: "{{ snipe_it_env_file }}"
state: "{{ snipe_it_state }}"
when: snipe_it_state == 'absent'
- name: Ensure snipe-it config directory is {{ snipe_it_state }}
ansible.builtin.file:
path: "{{ snipe_it_env_file | dirname }}"
state: "{{ (snipe_it_state == 'present') | ternary('directory', 'absent') }}"
owner: "{{ snipe_it_run_user_id }}"
group: "{{ snipe_it_run_group_id }}"
mode: "0755"
when: snipe_it_state == 'present'
- name: Ensure snipe-it data directory '{{ snipe_it_data_directory }}' is {{ snipe_it_state }}
ansible.builtin.file:
path: "{{ snipe_it_data_directory }}"
state: "{{ (snipe_it_state == 'present') | ternary('directory', 'absent') }}"
owner: "{{ snipe_it_run_user_id }}"
group: "{{ snipe_it_run_group_id }}"
mode: "0755"
- name: Ensure snipe-it environment file is templated
ansible.builtin.copy:
content: |+2
{% for entry in snipe_it_merged_config | dict2items %}
{{ entry.key }}={{ entry.value }}
{% endfor %}
dest: "{{ snipe_it_env_file }}"
owner: "{{ snipe_it_run_user_id }}"
group: "{{ snipe_it_run_group_id }}"
mode: "0640"
when: snipe_it_state == 'present'
- name: Deploy using {{ snipe_it_deployment_method }}
ansible.builtin.include_tasks:
file: "deploy-{{ snipe_it_deployment_method }}.yml"

View File

@@ -0,0 +1,6 @@
---
snipe_it_states:
- present
- absent
snipe_it_deployment_methods:
- docker

View File

@@ -1,6 +1,6 @@
---
vaultwarden_user: vaultwarden
vaultwarden_version: "1.32.2"
vaultwarden_version: "1.34.3"
vaultwarden_config_file: "/etc/vaultwarden/config.json"
vaultwarden_config_directory: "{{ vaultwarden_config_file | dirname }}"

View File

@@ -20,3 +20,5 @@
dns_servers: "{{ vaultwarden_container_dns_servers | default(omit, true) }}"
restart_policy: "{{ vaultwarden_container_restart_policy | default(omit, true) }}"
state: "{{ vaultwarden_container_state | default(omit, true) }}"
comparisons:
'env': 'strict'

View File

@@ -0,0 +1,22 @@
---
- name: Ensure container image '{{ vaultwarden_container_image }}' is {{ vaultwarden_state }}
containers.podman.podman_image:
name: "{{ vaultwarden_container_image }}"
state: "{{ vaultwarden_state }}"
pull: "{{ (vaultwarden_container_image_source == 'pull') | bool }}"
force: "{{ vaultwarden_container_image_force_source }}"
- name: Ensure container '{{ vaultwarden_container_name }}' is {{ vaultwarden_container_state }}
containers.podman.podman_container:
name: "{{ vaultwarden_container_name }}"
image: "{{ vaultwarden_container_image }}"
env: "{{ vaultwarden_container_env | default(omit, true) }}"
user: "{{ vaultwarden_container_user | default(omit, true) }}"
ports: "{{ vaultwarden_container_ports | default(omit, true) }}"
labels: "{{ vaultwarden_container_labels | default(omit, true) }}"
volumes: "{{ vaultwarden_container_volumes }}"
network: "{{ vaultwarden_container_networks | default(omit, true) }}"
etc_hosts: "{{ vaultwarden_container_etc_hosts | default(omit, true) }}"
dns_servers: "{{ vaultwarden_container_dns_servers | default(omit, true) }}"
restart_policy: "{{ vaultwarden_container_restart_policy | default(omit, true) }}"
state: "{{ vaultwarden_container_state | default(omit, true) }}"

View File

@@ -4,6 +4,7 @@ vaultwarden_states:
- absent
vaultwarden_deployment_methods:
- docker
- podman
vaultwarden_required_variables:
- vaultwarden_config_domain
vaultwarden_conditionally_required_variables:

View File

@@ -1,7 +1,6 @@
---
vouch_proxy_user: vouch-proxy
vouch_proxy_version: 0.40.0
vouch_proxy_version: "0.45.1"
vouch_proxy_base_path: /opt/vouch-proxy
vouch_proxy_config_path: "{{ vouch_proxy_base_path }}/config"
vouch_proxy_config_file: "{{ vouch_proxy_config_path }}/config.yaml"