misc/ansible-base
0
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Compare commits

base: misc:576e8524d52b375d1caf6caf8ec1152ff5912e0c
Branches Tags
misc:main
misc:dev-var_objects
misc:task-230-tandoor
misc:task-230-mealie
misc:task-187
misc:dev-authelia_hashed_client_secrets
misc:task-186
misc:dev-mas
misc:dev-wiki.js
..
compare: misc:e6ee5fb35fbf9141033c11b0949dfc1479b5f898
Branches Tags
misc:main
misc:dev-var_objects
misc:task-230-tandoor
misc:task-230-mealie
misc:task-187
misc:dev-authelia_hashed_client_secrets
misc:task-186
misc:dev-mas
misc:dev-wiki.js

68 commits
576e8524d5 ... e6ee5fb35f

Author SHA1 Message Date
Christian Fraß
e6ee5fb35f [mod] role:wiki_js 2024-09-30 09:51:07 +02:00
Christian Fraß
4dde5388bc [mod] role:wiki_js:cli 2024-09-30 08:23:32 +02:00
Christian Fraß
064c47b270 [mod] wiki_js 2024-09-28 23:35:36 +02:00
Christian Fraß
cd7db6cf4e [fix] wiki.js-roles 2024-09-28 13:22:17 +02:00
Christian Fraß
e516bcacc5 [mod] role:wiki.js 2024-09-28 09:57:22 +02:00
Christian Fraß
b0f9767f90 [int] 2024-09-27 17:49:18 +02:00
Christian Fraß
b1a4da69c2 [fix] role:wiki.js:vars 2024-09-27 12:54:39 +02:00
Christian Fraß
8dc07a1bc5 [mod] wiki_js roles 2024-09-04 00:06:52 +02:00
Christian Fraß
c45fcfa757 Merge remote-tracking branch 'origin/main' into dev-wiki.js 2024-09-03 22:56:07 +02:00
Christian Fraß
24a5648766 [add] role:postgresql-for-wiki_js [add] role:authelia-for-wiki_js [add] role:wiki_js [add] role:wiki_js-and-nginx 2024-09-03 11:37:12 +02:00
Christian Fraß
1ca2b0afbf [mod] role:synapse:Variablen für E-Mail-Benachrichtigungen 2024-08-27 15:22:52 +02:00
Christian Fraß
1ffba118da [mod] todo 2024-08-23 10:26:46 +02:00
Christian Fraß
a89fe95c78 [mod] role:owncloud:info 2024-08-23 10:26:38 +02:00
Christian Fraß
93cf477d43 [fix] role:owncloud:auth 2024-08-23 10:26:28 +02:00
Christian Fraß
a7d449b24a Merge branch 'dev-owncloud' into 'main' 
Rolle | ownCloud

See merge request misc/ansible-base!13
 2024-08-22 13:31:55 +00:00
Christian Fraß
3c0d1a3f45 Merge branch 'dev-forgejo' into 'main' 
Rolle | Forgejo

See merge request misc/ansible-base!15
 2024-08-22 13:31:42 +00:00
Christian Fraß
1d765fc78e Rolle | Forgejo 2024-08-22 13:31:42 +00:00
Christian Fraß
34daa66373 [fix] role:authelia:conf template 2024-08-22 15:31:25 +02:00
Christian Fraß
67e9e06c82 [fix] role:murmur:ssl paths 2024-08-22 15:29:48 +02:00
Christian Fraß
4ec9a5c899 [fix] role:hedgedoc-and-nginx:syntax for vserver conf 2024-08-22 15:28:31 +02:00
Christian Fraß
0a8cc8d1df [mod] role:authelia:variable lifespans and cors endpoints 2024-08-22 15:27:43 +02:00
Christian Fraß
c25f90eefe [fix] role:authelia-for-owncloud:enable 1fa 2024-08-22 15:24:20 +02:00
Christian Fraß
824eeb3fb3 [mod] role:hedgedoc:user directory 2024-08-21 20:14:17 +02:00
Christian Fraß
9b0535e39a [mod] role:owncloud:Variable für Hinauflad-Größen-Grenzen 2024-08-20 10:07:47 +02:00
Christian Fraß
9831e1a8e4 [mod] role:owncloud-and-nginx:force tls 2024-07-30 15:36:47 +02:00
Christian Fraß
320cd91ccd [res] 2024-07-30 15:35:16 +02:00
Christian Fraß
d71099c4e5 [res] 2024-07-30 15:33:45 +02:00
Christian Fraß
f1524c5b04 [mod] roles:owncloud-and-nginx:größere Uploads erlauben 2024-07-30 08:46:18 +02:00
Christian Fraß
bef3f226e1 [fix] role:owncloud 2024-07-09 13:47:27 +02:00
Christian Fraß
97a0fc7db1 [fix] role:owncloud 2024-07-09 13:36:46 +02:00
Christian Fraß
f6a4d902ec Merge branch 'dev-tls_switch' into dev-owncloud 2024-07-09 13:34:07 +02:00
Christian Fraß
349832c77e [mod] role:owncloud:auth 2024-07-09 13:28:50 +02:00
Christian Fraß
91ca433198 Merge remote-tracking branch 'origin/main' into dev-tls_switch 2024-07-09 11:15:02 +02:00
Christian Fraß
bfd815e708 [mod] role:hedgedoc:defaults:authelia_url 2024-07-09 11:14:42 +02:00
Christian Fraß
6fb16d609a [fix] role:synapse-and-nginx 2024-07-09 11:14:19 +02:00
Christian Fraß
79415ee5bc [fix] role:hedgedoc-and-nginx 2024-07-09 11:14:06 +02:00
Christian Fraß
34c6ae6e54 [fix] authelia-and-nginx 2024-07-09 11:13:47 +02:00
Christian Fraß
2a96f510df [fix] role:dokuwiki-and-nginx 2024-07-09 11:07:14 +02:00
Christian Fraß
f2b4ba5fed [fix] role:dokuwiki-and-nginx 2024-07-09 10:44:06 +02:00
Christian Fraß
361abc6a74 [fix] role:dokuwiki-and-nginx 2024-07-09 10:42:02 +02:00
Christian Fraß
3d02e0f4fb [mod] nginx-connector-roles:conf formatting 2024-07-09 10:38:28 +02:00
Christian Fraß
75caf79a51 [mod] nginx-connector-roles:conf formatting 2024-07-09 09:19:57 +02:00
Christian Fraß
71f0549191 [fix] role:vikunja-and-nginx 2024-07-09 09:14:52 +02:00
Christian Fraß
2048b1f2ce [fix] role:vikunja-and-nginx 2024-07-09 09:12:07 +02:00
Christian Fraß
7e0f48a332 [fix] role:synapse-and-nginx 2024-07-09 09:11:53 +02:00
Christian Fraß
e82b76cef1 [fix] role:dokuwiki-and-nginx 2024-07-09 09:11:41 +02:00
Christian Fraß
bceb605f68 [mod] roles:gitlab-and-nginx:tls mode 2024-07-09 09:11:20 +02:00
Christian Fraß
37682a6e24 [mod] role:system_basics:install package "acl" 2024-07-09 09:10:50 +02:00
Christian Fraß
37a5b0cb7b [mod] role:owncloud-and-nginx:tls switch 2024-07-04 23:00:25 +02:00
Christian Fraß
6cf5a0666b [fix] role:authelia:Variablen für ownCloud-Anbindung 2024-07-04 11:20:40 +02:00
Christian Fraß
717898fea8 [fix] role:authelia-for-owncloud:desktop client stuff [fix] role:owncloud:desktop client stuff 2024-07-04 09:48:33 +02:00
Christian Fraß
0d8d5c3651 [mod] role:authelia:Variablen für ownCloud-Anbindung 2024-07-04 09:47:26 +02:00
Christian Fraß
1553ea9f53 [mod] roles:vikunja-and-nginx:tls mode 2024-07-03 22:34:15 +02:00
Christian Fraß
d08f287d73 [mod] roles:synapse-and-nginx:tls mode 2024-07-03 22:31:49 +02:00
Christian Fraß
6d42a70bd4 [mod] roles:dokuwiki-and-nginx:tls mode 2024-07-03 22:10:07 +02:00
Christian Fraß
fc03370b19 [mod] role:authelia-and-nginx:tls mode 2024-07-03 22:02:06 +02:00
Christian Fraß
dc28d22a90 [mod] role:hedgedoc-and-nginx:tls mode 2024-07-03 21:55:57 +02:00
Christian Fraß
a81ba565e1 [mod] role:owncloud:Einstellungen für öffentliche Freigaben 2024-07-03 08:26:19 +02:00
Christian Fraß
2b18625dd3 [mod] role:owncloud:Einstellungen für öffentliche Freigaben 2024-07-02 18:59:16 +02:00
Christian Fraß
704012f888 [fix] role:owncloud 2024-07-02 00:11:36 +02:00
Christian Fraß
0235238dd7 [fix] role:authelia-for-owncloud 2024-07-02 00:11:22 +02:00
Christian Fraß
6c8b3d1b08 [add] role:authelia-for-owncloud [add] owncloud [add] owncloud-and-nginx 2024-06-27 19:07:58 +02:00
Christian Fraß
a3509ca37b [int] 2024-06-25 11:44:29 +02:00
Christian Fraß
fadb660238 Merge branch 'main' into dev-tls_switch 2024-06-25 11:43:40 +02:00
Christian Fraß
1bf66c5c23 [mod] role:element-and-nginx:Abhängigkeiten nutzen und TLS-Schalter einbauen 2024-06-25 11:42:01 +02:00
Christian Fraß
c997a20276 [mod] role:tlscert_selfsigned:remove var for ssl-path and unify domain vars 2024-06-25 11:33:12 +02:00
Christian Fraß
82e9f8e806 [mod] role:tlscert_existing:remove var for ssl-path and unify domain vars 2024-06-25 11:32:36 +02:00
Christian Fraß
e4c3b3a287 [int] 2024-06-24 20:19:04 +02:00
63 changed files with 2780 additions and 8 deletions
Show stats Expand all files Collapse all files

5
roles/authelia-for-forgejo/defaults/main.json Normal file
View file

@ -0,0 +1,5 @@
{
"var_authelia_for_forgejo_forgejo_url_base": "https://forgejo.example.org",
"var_authelia_for_forgejo_client_id": "forgejo",
"var_authelia_for_forgejo_client_secret": "REPLACE_ME"
}

9
roles/authelia-for-forgejo/info.md Normal file
View file

@ -0,0 +1,9 @@
## Beschreibung
Um [Forgejo](../forgejo) gegen [Authelia](../authelia) authentifizieren zu lassen
## Verweise
- [Forgejo-Dokumentation | Configuration | OpenID](https://forgejo.org/docs/latest/admin/config-cheat-sheet/#openid-openid)
- [Authelia-Dokumentation | Gitea Integration](https://www.authelia.com/integration/openid-connect/gitea/)

25
roles/authelia-for-forgejo/tasks/main.json Normal file
View file

@ -0,0 +1,25 @@
[
{
"name": "configuration | emplace",
"become": true,
"ansible.builtin.template": {
"src": "authelia-client-conf.json.j2",
"dest": "/etc/authelia/conf.d/clients/forgejo.json"
}
},
{
"name": "configuration | apply",
"become": true,
"ansible.builtin.command": {
"cmd": "/usr/bin/authelia-conf-compose"
}
},
{
"name": "restart service",
"become": true,
"ansible.builtin.systemd_service": {
"state": "restarted",
"name": "authelia"
}
}
]

17
roles/authelia-for-forgejo/templates/authelia-client-conf.json.j2 Normal file
View file

@ -0,0 +1,17 @@
{
"client_id": "{{var_authelia_for_forgejo_client_id}}",
"client_secret": "{{var_authelia_for_forgejo_client_secret}}",
"client_name": "Forgejo",
"public": false,
"authorization_policy": "one_factor",
"redirect_uris": [
"{{var_authelia_for_forgejo_forgejo_url_base}}/user/oauth2/authelia/callback"
],
"scopes": [
"openid",
"email",
"profile"
],
"userinfo_signed_response_alg": "none",
"token_endpoint_auth_method": "client_secret_basic"
}

8
roles/authelia-for-owncloud/defaults/main.json Normal file
View file

@ -0,0 +1,8 @@
{
"var_authelia_for_owncloud_owncloud_url_base": "https://owncloud.example.org",
"var_authelia_for_owncloud_web_client_id": "owncloud_web",
"var_authelia_for_owncloud_android_client_id": "owncloud_android",
"var_authelia_for_owncloud_android_client_secret": "REPLACE_ME",
"var_authelia_for_owncloud_ios_client_id": "owncloud_ios",
"var_authelia_for_owncloud_ios_client_secret": "REPLACE_ME"
}

10
roles/authelia-for-owncloud/info.md Normal file
View file

@ -0,0 +1,10 @@
## Beschreibung
Um [ownCloud](../owncloud) gegen [Authelia](../authelia) authentifizieren zu lassen
## Verweise
- [Authelia-Dokumentation | ownCloud Infinite Scale Integration](https://www.authelia.com/integration/openid-connect/ocis/)
- [Helge Klein | SSO via Authelia: ownCloud OpenID Connect Authentication](https://helgeklein.com/blog/owncloud-infinite-scale-with-openid-connect-authentication-for-home-networks/#sso-via-authelia-owncloud-openid-connect-authentication)
- [ownCloud Forums | OCIS + Authelia](https://central.owncloud.org/t/ocis-authelia/44222)

31
roles/authelia-for-owncloud/tasks/main.json Normal file
View file

@ -0,0 +1,31 @@
[
{
"name": "configuration | emplace",
"become": true,
"loop": [
{"src": "authelia-client-conf-web.json.j2", "dest": "/etc/authelia/conf.d/clients/owncloud-web.json"},
{"src": "authelia-client-conf-desktop.json.j2", "dest": "/etc/authelia/conf.d/clients/owncloud-desktop.json"},
{"src": "authelia-client-conf-android.json.j2", "dest": "/etc/authelia/conf.d/clients/owncloud-android.json"},
{"src": "authelia-client-conf-ios.json.j2", "dest": "/etc/authelia/conf.d/clients/owncloud-ios.json"}
],
"ansible.builtin.template": {
"src": "{{item.src}}",
"dest": "{{item.dest}}"
}
},
{
"name": "configuration | apply",
"become": true,
"ansible.builtin.command": {
"cmd": "/usr/bin/authelia-conf-compose"
}
},
{
"name": "restart service",
"become": true,
"ansible.builtin.systemd_service": {
"state": "restarted",
"name": "authelia"
}
}
]

16
roles/authelia-for-owncloud/templates/authelia-client-conf-android.json.j2 Normal file
View file

@ -0,0 +1,16 @@
{
"client_id": "{{var_authelia_for_owncloud_android_client_id}}",
"client_secret": "{{var_authelia_for_owncloud_android_client_secret}}",
"client_name": "ownCloud | Android Client",
"authorization_policy": "one_factor",
"scopes": [
"openid",
"groups",
"profile",
"email",
"offline_access"
],
"redirect_uris": [
"oc://android.owncloud.com"
]
}

17
roles/authelia-for-owncloud/templates/authelia-client-conf-desktop.json.j2 Normal file
View file

@ -0,0 +1,17 @@
{
"client_id": "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69",
"client_secret": "UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh",
"client_name": "ownCloud | Desktop Client",
"authorization_policy": "one_factor",
"scopes": [
"openid",
"groups",
"profile",
"email",
"offline_access"
],
"redirect_uris": [
"http://127.0.0.1",
"http://localhost"
]
}

17
roles/authelia-for-owncloud/templates/authelia-client-conf-ios.json.j2 Normal file
View file

@ -0,0 +1,17 @@
{
"client_id": "{{var_authelia_for_owncloud_ios_client_id}}",
"client_secret": "{{var_authelia_for_owncloud_ios_client_secret}}",
"client_name": "ownCloud | iOS Client",
"authorization_policy": "one_factor",
"scopes": [
"openid",
"groups",
"profile",
"email",
"offline_access"
],
"redirect_uris": [
"oc://ios.owncloud.com",
"oc.ios://ios.owncloud.com"
]
}

20
roles/authelia-for-owncloud/templates/authelia-client-conf-web.json.j2 Normal file
View file

@ -0,0 +1,20 @@
{
"client_id": "{{var_authelia_for_owncloud_web_client_id}}",
"client_name": "ownCloud | Web Client",
"public": true,
"authorization_policy": "one_factor",
"scopes": [
"openid",
"email",
"profile",
"groups"
],
"response_types": [
"code"
],
"redirect_uris": [
"{{var_authelia_for_owncloud_owncloud_url_base}}",
"{{var_authelia_for_owncloud_owncloud_url_base}}/oidc-callback.html",
"{{var_authelia_for_owncloud_owncloud_url_base}}/oidc-silent-redirect.html"
]
}

26
roles/authelia-for-owncloud/vardef.json Normal file
View file

@ -0,0 +1,26 @@
{
"owncloud_url_base": {
"type": "string",
"mandatory": false
},
"web_client_id": {
"type": "string",
"mandatory": false
},
"android_client_id": {
"type": "string",
"mandatory": false
},
"android_client_secret": {
"type": "string",
"mandatory": false
},
"ios_client_id": {
"type": "string",
"mandatory": false
},
"ios_client_secret": {
"type": "string",
"mandatory": false
}
}

6
roles/authelia-for-wiki_js/defaults/main.json Normal file
View file

@ -0,0 +1,6 @@
{
"var_authelia_for_wiki_js_wiki_js_url_base": "https://wiki-js.example.org",
"var_authelia_for_wiki_js_client_id": "wiki_js",
"var_authelia_for_wiki_js_client_secret": "REPLACE_ME",
"var_authelia_for_wiki_js_strategy_id": "authelia"
}

9
roles/authelia-for-wiki_js/info.md Normal file
View file

@ -0,0 +1,9 @@
## Beschreibung
Um [Wiki.js](../wiki.js) gegen [Authelia](../authelia) authentifizieren zu lassen
## Verweise
[Wiki.js-Dokumentation | Authentication](https://docs.requarks.io/auth)
[Authelia-Dokumentation | Wiki.js Integration](https://www.authelia.com/integration/openid-connect/wikijs/)

25
roles/authelia-for-wiki_js/tasks/main.json Normal file
View file

@ -0,0 +1,25 @@
[
{
"name": "configuration | emplace",
"become": true,
"ansible.builtin.template": {
"src": "authelia-client-conf.json.j2",
"dest": "/etc/authelia/conf.d/clients/wiki_js.json"
}
},
{
"name": "configuration | apply",
"become": true,
"ansible.builtin.command": {
"cmd": "/usr/bin/authelia-conf-compose"
}
},
{
"name": "restart service",
"become": true,
"ansible.builtin.systemd_service": {
"state": "restarted",
"name": "authelia"
}
}
]

17
roles/authelia-for-wiki_js/templates/authelia-client-conf.json.j2 Normal file
View file

@ -0,0 +1,17 @@
{
"client_id": "{{var_authelia_for_wiki_js_client_id}}",
"client_secret": "{{var_authelia_for_wiki_js_client_secret}}",
"client_name": "Wiki.js",
"public": false,
"authorization_policy": "one_factor",
"redirect_uris": [
"{{var_authelia_for_wiki_js_wiki_js_url_base}}/login/{{var_authelia_for_wiki_js_strategy_id}}/callback"
],
"scopes": [
"openid",
"email",
"profile"
],
"userinfo_signed_response_alg": "none",
"token_endpoint_auth_method": "client_secret_post"
}

5
roles/authelia/defaults/main.json
View file

@ -32,5 +32,8 @@
"var_authelia_notification_smtp_username": "authelia", "var_authelia_notification_smtp_username": "authelia",
"var_authelia_notification_smtp_password": "REPLACE_ME", "var_authelia_notification_smtp_password": "REPLACE_ME",
"var_authelia_notification_smtp_sender": "authelia@example.org", "var_authelia_notification_smtp_sender": "authelia@example.org",
"var_authelia_oidc_hmac_secret": "REPLACE_ME" "var_authelia_oidc_hmac_secret": "REPLACE_ME",
"var_authelia_oidc_lifespan_access_token": "1h",
"var_authelia_oidc_lifespan_refresh_token": "1m",
"var_authelia_oidc_cors_endpoints": null
} }

8
roles/authelia/templates/conf-main.json.j2
View file

@ -190,8 +190,16 @@
"oidc": { "oidc": {
"hmac_secret": "{{var_authelia_oidc_hmac_secret}}", "hmac_secret": "{{var_authelia_oidc_hmac_secret}}",
"issuer_private_key": "{{temp_tls_result.privatekey | replace('\n', '\\n')}}", "issuer_private_key": "{{temp_tls_result.privatekey | replace('\n', '\\n')}}",
"lifespans": {
"access_token": "{{var_authelia_oidc_lifespan_access_token}}",
"refresh_token": "{{var_authelia_oidc_lifespan_refresh_token}}"
},
"cors": { "cors": {
"allowed_origins_from_client_redirect_uris": true "allowed_origins_from_client_redirect_uris": true
{% if var_authelia_oidc_cors_endpoints == None %}
{% else %}
,"endpoints": {{var_authelia_oidc_cors_endpoints | to_json}}
{% endif %}
}, },
"clients": [ "clients": [
] ]

26
roles/authelia/vardef.json
View file

@ -139,5 +139,31 @@
"oidc_hmac_secret": { "oidc_hmac_secret": {
"type": "string", "type": "string",
"mandatory": true "mandatory": true
},
"oidc_lifespan_access_token": {
"nullable": true,
"type": "string",
"mandatory": false
},
"oidc_lifespan_refresh_token": {
"nullable": true,
"type": "string",
"mandatory": false
},
"oidc_cors_endpoints": {
"nullable": true,
"type": "array",
"items": {
"type": "string",
"enum": [
"authorization",
"pushed-authorization-request",
"token",
"revocation",
"introspection",
"userinfo"
]
},
"mandatory": false
} }
} }

5
roles/forgejo-and-nginx/defaults/main.json Normal file
View file

@ -0,0 +1,5 @@
{
"var_forgejo_and_nginx_domain": "forgejo.example.org",
"var_forgejo_and_nginx_port": 2378,
"var_forgejo_and_nginx_tls_mode": "force"
}

1
roles/forgejo-and-nginx/info.md Normal file
View file

@ -0,0 +1 @@

35
roles/forgejo-and-nginx/tasks/main.json Normal file
View file

@ -0,0 +1,35 @@
[
{
"name": "deactivate default site",
"become": true,
"ansible.builtin.file": {
"state": "absent",
"dest": "/etc/nginx/sites-enabled/default"
}
},
{
"name": "emplace configuration | data",
"become": true,
"ansible.builtin.template": {
"src": "conf.j2",
"dest": "/etc/nginx/sites-available/{{var_forgejo_and_nginx_domain}}"
}
},
{
"name": "emplace configuration | link",
"become": true,
"ansible.builtin.file": {
"state": "link",
"src": "/etc/nginx/sites-available/{{var_forgejo_and_nginx_domain}}",
"dest": "/etc/nginx/sites-enabled/{{var_forgejo_and_nginx_domain}}"
}
},
{
"name": "restart nginx",
"become": true,
"ansible.builtin.systemd_service": {
"state": "restarted",
"name": "nginx"
}
}
]

34
roles/forgejo-and-nginx/templates/conf.j2 Normal file
View file

@ -0,0 +1,34 @@
{% macro forgejo_common() %}
location / {
proxy_pass http://localhost:{{var_forgejo_and_nginx_port | string}};
client_max_body_size 20M;
}
{% endmacro %}
server {
listen 80;
listen [::]:80;
server_name {{var_forgejo_and_nginx_domain}};
{% if var_forgejo_and_nginx_tls_mode == 'force' %}
return 301 https://$http_host$request_uri;
{% else %}
{{ forgejo_common() }}
{% endif %}
}
{% if var_forgejo_and_nginx_tls_mode != 'disable' %}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name {{var_forgejo_and_nginx_domain}};
ssl_certificate_key /etc/ssl/private/{{var_forgejo_and_nginx_domain}}.pem;
ssl_certificate /etc/ssl/fullchains/{{var_forgejo_and_nginx_domain}}.pem;
include /etc/nginx/ssl-hardening.conf;
{{ forgejo_common() }}
}
{% endif %}

19
roles/forgejo-and-nginx/vardef.json Normal file
View file

@ -0,0 +1,19 @@
{
"domain": {
"mandatory": false,
"type": "string"
},
"port": {
"mandatory": false,
"type": "integer"
},
"tls_mode": {
"mandatory": false,
"type": "string",
"options": [
"disable",
"enable",
"force"
]
}
}

31
roles/forgejo/defaults/main.json Normal file
View file

@ -0,0 +1,31 @@
{
"var_forgejo_user": "forgejo",
"var_forgejo_directory_main": "/opt/forgejo",
"var_forgejo_directory_repositories": "/var/forgejo/repositories",
"var_forgejo_version": "7.0.5",
"var_forgejo_platform": "linux-amd64",
"var_forgejo_secret_key": "REPLACE_ME",
"var_forgejo_internal_token": "REPLACE_ME",
"var_forgejo_domain": "forgejo.example.org",
"var_forgejo_listen_address": "0.0.0.0",
"var_forgejo_listen_port": 2378,
"var_forgejo_database_kind": "sqlite",
"var_forgejo_database_data_sqlite_path": "/var/forgejo/data.sqlite",
"var_forgejo_database_data_postgresql_host": "postgresql.example.org",
"var_forgejo_database_data_postgresql_port": 5432,
"var_forgejo_database_data_postgresql_username": "forgejo_user",
"var_forgejo_database_data_postgresql_password": "REPLACE_ME",
"var_forgejo_database_data_postgresql_scheme": "forgejo",
"var_forgejo_authentication_kind": "internal",
"var_forgejo_authentication_data_authelia_url_base": "https://authelia.example.org",
"var_forgejo_authentication_data_authelia_client_id": "forgejo",
"var_forgejo_authentication_data_authelia_client_secret": "REPLACE_ME",
"var_forgejo_smtp_host": "smtp.example.org",
"var_forgejo_smtp_port": 465,
"var_forgejo_smtp_username": "REPLACE_ME",
"var_forgejo_smtp_password": "REPLACE_ME",
"var_forgejo_email_sending_enabled": false,
"var_forgejo_email_sending_sender": "forgejo@example.org",
"var_forgejo_email_sending_html": false,
"var_forgejo_title": "Forgejo: Beyond coding. We Forge."
}

14
roles/forgejo/info.md Normal file
View file

@ -0,0 +1,14 @@
## Beschreibung
Zur Einrichtung der DevOps-Platform [Forgejo](https://forgejo.org/)
## Verweise
- [Forgejo | Documentation | Administrator Guide](https://forgejo.org/docs/latest/admin/)
- [Forgejo | Documentation | Configuration Cheat Sheet](https://forgejo.org/docs/latest/admin/config-cheat-sheet/)
## ToDo
- Download verfizieren

101
roles/forgejo/tasks/main.json Normal file
View file

@ -0,0 +1,101 @@
[
{
"name": "packages",
"become": true,
"ansible.builtin.apt": {
"update_cache": true,
"pkg": [
"git"
]
}
},
{
"name": "user",
"become": true,
"ansible.builtin.user": {
"name": "{{var_forgejo_user}}",
"create_home": true,
"home": "{{var_forgejo_directory_main}}"
}
},
{
"name": "directories | external",
"become": true,
"loop": [
"{{var_forgejo_database_data_sqlite_path | dirname}}",
"{{var_forgejo_directory_repositories}}"
],
"ansible.builtin.file": {
"path": "{{item}}",
"state": "directory",
"owner": "{{var_forgejo_user}}"
}
},
{
"name": "directories | internal",
"become": true,
"become_user": "{{var_forgejo_user}}",
"loop": [
"{{var_forgejo_directory_main}}/custom/conf"
],
"ansible.builtin.file": {
"path": "{{item}}",
"state": "directory"
}
},
{
"name": "download",
"become": true,
"become_user": "{{var_forgejo_user}}",
"ansible.builtin.get_url": {
"url": "https://codeberg.org/forgejo/forgejo/releases/download/v{{var_forgejo_version}}/forgejo-{{var_forgejo_version}}-{{var_forgejo_platform}}",
"dest": "{{var_forgejo_directory_main}}/forgejo",
"mode": "u+rx"
}
},
{
"name": "config | base",
"become": true,
"become_user": "{{var_forgejo_user}}",
"ansible.builtin.template": {
"src": "config.ini.j2",
"dest": "{{var_forgejo_directory_main}}/custom/conf/app.ini"
}
},
{
"name": "config | database",
"become": true,
"become_user": "{{var_forgejo_user}}",
"ansible.builtin.command": {
"chdir": "{{var_forgejo_directory_main}}",
"cmd": "./forgejo migrate"
}
},
{
"name": "config | authelia",
"when": "var_forgejo_authentication_kind == 'authelia'",
"become": true,
"become_user": "{{var_forgejo_user}}",
"ansible.builtin.shell": {
"chdir": "{{var_forgejo_directory_main}}",
"cmd": "(./forgejo admin auth list | grep authelia) || ./forgejo admin auth add-oauth --provider='openidConnect' --name='authelia' --key={{var_forgejo_authentication_data_authelia_client_id}} --secret={{var_forgejo_authentication_data_authelia_client_secret}} --auto-discover-url='{{var_forgejo_authentication_data_authelia_url_base}}/.well-known/openid-configuration' --scopes='openid email profile'"
}
},
{
"name": "systemd unit",
"become": true,
"ansible.builtin.template": {
"src": "systemd-unit.j2",
"dest": "/etc/systemd/system/forgejo.service"
}
},
{
"name": "start",
"become": true,
"ansible.builtin.systemd_service": {
"enabled": true,
"state": "restarted",
"name": "forgejo"
}
}
]

123
roles/forgejo/templates/config.ini.j2 Normal file
View file

@ -0,0 +1,123 @@
APP_NAME = {{var_forgejo_title}}
RUN_USER = {{var_forgejo_user}}
RUN_MODE = prod
[server]
DOMAIN = {{var_forgejo_domain}}
ROOT_URL = https://{{var_forgejo_domain}}
;HTTP_ADDR = {{var_forgejo_listen_address}}
HTTP_PORT = {{var_forgejo_listen_port | string}}
;LANDING_PAGE = home
[database]
{% if var_forgejo_database_kind == 'sqlite' %}
DB_TYPE = sqlite3
PATH = {{var_forgejo_database_data_sqlite_path}}
{% endif %}
{% if var_forgejo_database_kind == 'postgresql' %}
DB_TYPE = postgres
HOST = {{var_forgejo_database_data_postgresql_host}}:{{var_forgejo_database_data_postgresql_port | string}}
USER = {{var_forgejo_database_data_postgresql_username}}
PASSWD = {{var_forgejo_database_data_postgresql_password}}
NAME = {{var_forgejo_database_data_postgresql_scheme}}
{% endif %}
[security]
INSTALL_LOCK = true
SECRET_KEY = {{var_forgejo_secret_key}}
INTERNAL_TOKEN = {{var_forgejo_internal_token}}
DISABLE_GIT_HOOKS = true
[oauth2]
ENABLED = false
[log]
MODE = console
LEVEL = Info
[git]
HOME_PATH = {{var_forgejo_directory_main}}
[service]
REGISTER_EMAIL_CONFIRM = false
{% if var_forgejo_authentication_kind == 'internal' %}
DISABLE_REGISTRATION = false
ALLOW_ONLY_INTERNAL_REGISTRATION = true
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
SHOW_REGISTRATION_BUTTON = true
{% else %}
DISABLE_REGISTRATION = false
ALLOW_ONLY_INTERNAL_REGISTRATION = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = true
SHOW_REGISTRATION_BUTTON = false
{% endif %}
;REQUIRE_SIGNIN_VIEW = false
ENABLE_NOTIFY_MAIL = true
;ENABLE_BASIC_AUTHENTICATION = true
;ENABLE_REVERSE_PROXY_AUTHENTICATION = false
;ENABLE_REVERSE_PROXY_AUTHENTICATION_API = false
;ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
;ENABLE_REVERSE_PROXY_EMAIL = false
;ENABLE_REVERSE_PROXY_FULL_NAME = false
;DEFAULT_KEEP_EMAIL_PRIVATE = false
;DEFAULT_ALLOW_CREATE_ORGANIZATION = true
;DEFAULT_USER_IS_RESTRICTED = false
;DEFAULT_USER_VISIBILITY = public
;ALLOWED_USER_VISIBILITY_MODES = public,limited,private
;DEFAULT_ORG_VISIBILITY = public
;DEFAULT_ORG_MEMBER_VISIBLE = false
;DEFAULT_ENABLE_DEPENDENCIES = true
;ALLOW_CROSS_REPOSITORY_DEPENDENCIES = true
ENABLE_USER_HEATMAP = false
ENABLE_TIMETRACKING = false
DEFAULT_ENABLE_TIMETRACKING = false
{% if var_forgejo_authentication_kind == 'internal' %}
SHOW_REGISTRATION_BUTTON = true
{% else %}
SHOW_REGISTRATION_BUTTON = false
{% endif %}
AUTO_WATCH_NEW_REPOS = false
AUTO_WATCH_ON_CHANGES = false
[repository]
ROOT = {{var_forgejo_directory_repositories}}
{% if var_forgejo_authentication_kind == 'internal' %}
[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = false
{% else %}
[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = true
WHITELISTED_URIS = {{var_forgejo_authentication_data_authelia_url_base}}
[oauth2_client]
REGISTER_EMAIL_CONFIRM = false
OPENID_CONNECT_SCOPES = openid email profile
ENABLE_AUTO_REGISTRATION = true
USERNAME = nickname
{% endif %}
[mailer]
{% if var_forgejo_email_sending_enabled %}
ENABLED = true
SMTP_ADDR = {{var_forgejo_smtp_host}}
SMTP_PORT = {{var_forgejo_smtp_port | string}}
FROM = {{var_forgejo_email_sending_sender}}
USER = {{var_forgejo_smtp_username}}
PASSWD = {{var_forgejo_smtp_password}}
{% if var_forgejo_email_sending_html %}
SEND_AS_PLAIN_TEXT = false
{% else %}
SEND_AS_PLAIN_TEXT = true
{% endif %}
{% else %}
ENABLED = false
{% endif %}

21
roles/forgejo/templates/systemd-unit.j2 Normal file
View file

@ -0,0 +1,21 @@
[Unit]
Description=Forgejo
After=network.target
{% if var_forgejo_database_kind == 'postgresql' %}
Wants=postgresql.service
After=postgresql.service
{% endif %}
[Service]
RestartSec=2s
Type=simple
User={{var_forgejo_user}}
Group={{var_forgejo_user}}
WorkingDirectory={{var_forgejo_directory_main}}
ExecStart={{var_forgejo_directory_main}}/forgejo web --config {{var_forgejo_directory_main}}/custom/conf/app.ini
Restart=always
# Environment=USER=git HOME=/home/git FORGEJO_WORK_DIR=/var/lib/forgejo
# Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin
[Install]
WantedBy=multi-user.target

126
roles/forgejo/vardef.json Normal file
View file

@ -0,0 +1,126 @@
{
"user": {
"type": "string",
"mandatory": false
},
"directory_main": {
"type": "string",
"mandatory": false
},
"directory_repositories": {
"type": "string",
"mandatory": false
},
"version": {
"type": "string",
"mandatory": false
},
"platform": {
"type": "string",
"mandatory": false
},
"secret_key": {
"type": "string",
"mandatory": true
},
"internal_token": {
"type": "string",
"mandatory": true
},
"domain": {
"type": "string",
"mandatory": false
},
"listen_address": {
"type": "string",
"mandatory": false
},
"listen_port": {
"type": "integer",
"mandatory": false
},
"database_kind": {
"mandatory": false,
"type": "string",
"options": [
"sqlite",
"postgresql"
]
},
"database_data_sqlite_path": {
"mandatory": false,
"type": "string"
},
"database_data_postgresql_host": {
"mandatory": false,
"type": "string"
},
"database_data_postgresql_port": {
"mandatory": false,
"type": "string"
},
"database_data_postgresql_username": {
"mandatory": false,
"type": "string"
},
"database_data_postgresql_password": {
"mandatory": false,
"type": "string"
},
"database_data_postgresql_schema": {
"mandatory": false,
"type": "string"
},
"authentication_kind": {
"mandatory": false,
"type": "string",
"options": [
"internal",
"authelia"
]
},
"authentication_data_authelia_url_base": {
"mandatory": false,
"type": "string"
},
"authentication_data_authelia_client_id": {
"mandatory": false,
"type": "string"
},
"authentication_data_authelia_client_secret": {
"mandatory": false,
"type": "string"
},
"smtp_host": {
"mandatory": false,
"type": "string"
},
"smtp_port": {
"mandatory": false,
"type": "integer"
},
"smtp_username": {
"mandatory": false,
"type": "string"
},
"smtp_password": {
"mandatory": false,
"type": "string"
},
"email_sending_enabled": {
"mandatory": false,
"type": "boolean"
},
"email_sending_sender": {
"mandatory": false,
"type": "string"
},
"email_sending_html": {
"mandatory": false,
"type": "boolean"
},
"title": {
"mandatory": false,
"type": "string"
}
}

1
roles/hedgedoc-and-nginx/templates/conf.j2
View file

@ -49,3 +49,4 @@ server {
{{ hedgedoc_common() }} {{ hedgedoc_common() }}
} }
{% endif %}

3
roles/hedgedoc/tasks/main.json
View file

@ -27,7 +27,8 @@
"become": true, "become": true,
"ansible.builtin.user": { "ansible.builtin.user": {
"name": "{{var_hedgedoc_user_name}}", "name": "{{var_hedgedoc_user_name}}",
"create_home": true "create_home": true,
"home": "{{var_hedgedoc_directory}}"
} }
}, },
{ {

7
roles/murmur/tasks/main.json
View file

@ -15,7 +15,7 @@
"become": true, "become": true,
"ansible.builtin.file": { "ansible.builtin.file": {
"state": "directory", "state": "directory",
"path": "/var/murmur" "path": "/var/murmurd"
} }
}, },
{ {
@ -23,11 +23,10 @@
"when": "var_murmur_tls", "when": "var_murmur_tls",
"become": true, "become": true,
"loop": [ "loop": [
{"from": "/etc/ssl/private/{{var_murmur_domain}}.pem", "to": "/var/murmur/tls-key.pem"}, {"from": "/etc/ssl/private/{{var_murmur_domain}}.pem", "to": "/var/murmurd/tls-key.pem"},
{"from": "/etc/ssl/fullchains/{{var_murmur_domain}}.pem", "to": "/var/murmur/tls-fullchain.pem"} {"from": "/etc/ssl/fullchains/{{var_murmur_domain}}.pem", "to": "/var/murmurd/tls-fullchain.pem"}
], ],
"ansible.builtin.copy": { "ansible.builtin.copy": {
"state": "directory",
"remote_src": true, "remote_src": true,
"src": "{{item.from}}", "src": "{{item.from}}",
"dest": "{{item.to}}", "dest": "{{item.to}}",

5
roles/owncloud-and-nginx/defaults/main.json Normal file
View file

@ -0,0 +1,5 @@
{
"var_owncloud_and_nginx_domain": "owncloud.example.org",
"var_owncloud_and_nginx_tls_mode": "force",
"var_owncloud_and_nginx_maximum_upload_size": "1G"
}

35
roles/owncloud-and-nginx/tasks/main.json Normal file
View file

@ -0,0 +1,35 @@
[
{
"name": "deactivate default site",
"become": true,
"ansible.builtin.file": {
"state": "absent",
"dest": "/etc/nginx/sites-enabled/default"
}
},
{
"name": "emplace configuration | data",
"become": true,
"ansible.builtin.template": {
"src": "conf.j2",
"dest": "/etc/nginx/sites-available/{{var_owncloud_and_nginx_domain}}"
}
},
{
"name": "emplace configuration | link",
"become": true,
"ansible.builtin.file": {
"state": "link",
"src": "/etc/nginx/sites-available/{{var_owncloud_and_nginx_domain}}",
"dest": "/etc/nginx/sites-enabled/{{var_owncloud_and_nginx_domain}}"
}
},
{
"name": "restart nginx",
"become": true,
"ansible.builtin.systemd_service": {
"state": "restarted",
"name": "nginx"
}
}
]

34
roles/owncloud-and-nginx/templates/conf.j2 Normal file
View file

@ -0,0 +1,34 @@
{% macro owncloud_common() %}
location / {
proxy_pass http://localhost:9200;
client_max_body_size {{var_owncloud_and_nginx_maximum_upload_size}};
}
{% endmacro %}
server {
listen 80;
listen [::]:80;
server_name {{var_owncloud_and_nginx_domain}};
{% if var_owncloud_and_nginx_tls_mode == 'force' %}
return 301 https://$http_host$request_uri;
{% else %}
{{ owncloud_common() }}
{% endif %}
}
{% if var_owncloud_and_nginx_tls_mode != 'disable' %}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name {{var_owncloud_and_nginx_domain}};
ssl_certificate_key /etc/ssl/private/{{var_owncloud_and_nginx_domain}}.pem;
ssl_certificate /etc/ssl/fullchains/{{var_owncloud_and_nginx_domain}}.pem;
include /etc/nginx/ssl-hardening.conf;
{{ owncloud_common() }}
}
{% endif %}

20
roles/owncloud-and-nginx/vardef.json Normal file
View file

@ -0,0 +1,20 @@
{
"domain": {
"type": "string",
"mandatory": false
},
"tls_mode": {
"type": "string",
"options": [
"disable",
"enable",
"force"
],
"mandatory": false
},
"maximum_upload_size": {
"type": "string",
"mandatory": false
}
}

18
roles/owncloud/defaults/main.json Normal file
View file

@ -0,0 +1,18 @@
{
"var_owncloud_user": "owncloud",
"var_owncloud_directory": "/opt/owncloud",
"var_owncloud_version": "5.0.0",
"var_owncloud_platform": "linux-amd64",
"var_owncloud_domain": "owncloud.example.org",
"var_owncloud_admin_password": "REPLACE_ME",
"var_owncloud_authentication_kind": "internal",
"var_owncloud_authentication_data_authelia_url_base": "https://authelia.example.org",
"var_owncloud_authentication_data_authelia_web_client_id": "owncloud_web",
"var_owncloud_authentication_data_authelia_web_client_secret": "REPLACE_ME",
"var_owncloud_authentication_data_authelia_android_client_id": "owncloud_android",
"var_owncloud_authentication_data_authelia_android_client_secret": "REPLACE_ME",
"var_owncloud_authentication_data_authelia_ios_client_id": "owncloud_ios",
"var_owncloud_authentication_data_authelia_ios_client_secret": "REPLACE_ME",
"var_owncloud_public_share_password_necessity": "writable",
"var_owncloud_public_share_password_policy_active": true
}

19
roles/owncloud/info.md Normal file
View file

@ -0,0 +1,19 @@
## Beschreibung
Cloud-Plattform [ownCloud](https://owncloud.com/) (the rewrite in Go named "Infinite Scale")
## Verweise
- [ownCloud-Dokumentation | How to install ownCloud Infinite Scale Tech Preview in three easy steps](https://owncloud.com/news/howto-install-owncloud-infinite-scale-tech-preview/)
- [ownCloud-Dokumentation | oCIS](https://owncloud.dev/ocis/)
- [ownCloud-Dokumentation | Service | Proxy](https://doc.owncloud.com/ocis/next/deployment/services/s-list/proxy.html)
- [ownCloud-Dokumentation | Service | Web](https://doc.owncloud.com/ocis/next/deployment/services/s-list/web.html)
- [ownCloud-Dokumentation | Service | Sharing](https://doc.owncloud.com/ocis/next/deployment/services/s-list/sharing.html)
- [GitHub | ocis](https://github.com/owncloud/ocis/)
- [ownCloud-Foren | OCIS + Authelia](https://central.owncloud.org/t/ocis-authelia/44222)
## ToDo
- Download prüfen

56
roles/owncloud/tasks/main.json Normal file
View file

@ -0,0 +1,56 @@
[
{
"name": "user",
"become": true,
"ansible.builtin.user": {
"name": "{{var_owncloud_user}}",
"create_home": true,
"home": "{{var_owncloud_directory}}"
}
},
{
"name": "download",
"become": true,
"become_user": "{{var_owncloud_user}}",
"ansible.builtin.get_url": {
"url": "https://download.owncloud.com/ocis/ocis/stable/{{var_owncloud_version}}/ocis-{{var_owncloud_version}}-{{var_owncloud_platform}}",
"dest": "{{var_owncloud_directory}}/ocis",
"mode": "u+rx"
}
},
{
"name": "setup",
"become": true,
"become_user": "{{var_owncloud_user}}",
"ansible.builtin.shell": {
"chdir": "{{var_owncloud_directory}}",
"cmd": "rm -f {{var_owncloud_directory}}/.ocis/config/ocis.yaml && ./ocis init --insecure no --admin-password={{var_owncloud_admin_password}}"
}
},
{
"name": "configuration",
"become": true,
"become_user": "{{var_owncloud_user}}",
"ansible.builtin.template": {
"src": "env.j2",
"dest": "{{var_owncloud_directory}}/.env"
}
},
{
"name": "systemd unit",
"become": true,
"ansible.builtin.template": {
"src": "systemd_unit.j2",
"dest": "/etc/systemd/system/owncloud.service"
}
},
{
"name": "run",
"become": true,
"ansible.builtin.systemd_service": {
"name": "owncloud",
"enabled": true,
"state": "restarted"
}
}
]

44
roles/owncloud/templates/env.j2 Normal file
View file

@ -0,0 +1,44 @@
OCIS_URL="https://{{var_owncloud_domain}}"
OCIS_INSECURE="false"
PROXY_TLS="false"
{% if var_owncloud_authentication_kind == 'internal' %}
PROXY_AUTOPROVISION_ACCOUNTS="false"
{% endif %}
{% if var_owncloud_authentication_kind == 'authelia' %}
OCIS_OIDC_CLIENT_ID="{{var_owncloud_authentication_data_authelia_web_client_id}}"
OCIS_OIDC_ISSUER="{{var_owncloud_authentication_data_authelia_url_base}}"
PROXY_AUTOPROVISION_ACCOUNTS="true"
PROXY_OIDC_REWRITE_WELLKNOWN="true"
PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD="none"
PROXY_OIDC_INSECURE="false"
PROXY_USER_OIDC_CLAIM="name"
PROXY_USER_CS3_CLAIM="username"
WEB_OIDC_AUTHORITY="{{var_owncloud_authentication_data_authelia_url_base}}"
WEB_OIDC_METADATA_URL="{{var_owncloud_authentication_data_authelia_url_base}}/.well-known/openid-configuration"
WEB_OIDC_CLIENT_ID="{{var_owncloud_authentication_data_authelia_web_client_id}}"
WEB_OIDC_SCOPE="openid profile email groups"
{% endif %}
{% if var_owncloud_public_share_password_necessity == 'nothing' %}
OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD="false"
OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD="false"
{% endif %}
{% if var_owncloud_public_share_password_necessity == 'writable' %}
OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD="false"
OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD="true"
{% endif %}
{% if var_owncloud_public_share_password_necessity == 'all' %}
OCIS_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD="true"
OCIS_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD="true"
{% endif %}
{% if var_owncloud_public_share_password_policy_active %}
OCIS_SHARING_PASSWORD_POLICY_DISABLED="false"
{% else %}
OCIS_SHARING_PASSWORD_POLICY_DISABLED="true"
{% endif %}

15
roles/owncloud/templates/systemd_unit.j2 Normal file
View file

@ -0,0 +1,15 @@
[Unit]
Description=ownCloud
After=network.target
[Service]
WorkingDirectory={{var_owncloud_directory}}
EnvironmentFile={{var_owncloud_directory}}/.env
ExecStart={{var_owncloud_directory}}/ocis server
Type=simple
Restart=always
User={{var_owncloud_user}}
[Install]
WantedBy=default.target
RequiredBy=network.target

75
roles/owncloud/vardef.json Normal file
View file

@ -0,0 +1,75 @@
{
"user": {
"type": "string",
"mandatory": false
},
"directory": {
"type": "string",
"mandatory": false
},
"version": {
"type": "string",
"mandatory": false
},
"platform": {
"type": "string",
"mandatory": false
},
"domain": {
"type": "string",
"mandatory": false
},
"admin_password": {
"type": "string",
"mandatory": true
},
"authentication_kind": {
"type": "string",
"mandatory": false,
"options": [
"internal",
"authelia"
]
},
"authentication_data_authelia_url_base": {
"type": "string",
"mandatory": false
},
"authentication_data_authelia_web_client_id": {
"type": "string",
"mandatory": false
},
"authentication_data_authelia_web_client_secret": {
"type": "string",
"mandatory": false
},
"authentication_data_authelia_android_client_id": {
"type": "string",
"mandatory": false
},
"authentication_data_authelia_android_client_secret": {
"type": "string",
"mandatory": false
},
"authentication_data_authelia_ios_client_id": {
"type": "string",
"mandatory": false
},
"authentication_data_authelia_ios_client_secret": {
"type": "string",
"mandatory": false
},
"public_share_password_necessity": {
"type": "string",
"mandatory": false,
"options": [
"nothing",
"writable",
"all"
]
},
"public_share_password_policy_active": {
"type": "boolean",
"mandatory": false
}
}

5
roles/postgresql-for-forgejo/defaults/main.json Normal file
View file

@ -0,0 +1,5 @@
{
"var_postgresql_for_forgejo_username": "forgejo_user",
"var_postgresql_for_forgejo_password": "REPLACE_ME",
"var_postgresql_for_forgejo_schema": "forgejo"
}

49
roles/postgresql-for-forgejo/tasks/main.json Normal file
View file

@ -0,0 +1,49 @@
[
{
"name": "packages",
"become": true,
"ansible.builtin.apt": {
"update_cache": true,
"pkg": [
"acl",
"python3-psycopg2"
]
}
},
{
"name": "user",
"become": true,
"become_user": "postgres",
"community.postgresql.postgresql_user": {
"state": "present",
"name": "{{var_postgresql_for_forgejo_username}}",
"password": "{{var_postgresql_for_forgejo_password}}"
},
"environment": {
"PGOPTIONS": "-c password_encryption=scram-sha-256"
}
},
{
"name": "schema",
"become": true,
"become_user": "postgres",
"community.postgresql.postgresql_db": {
"state": "present",
"name": "{{var_postgresql_for_forgejo_schema}}",
"owner": "{{var_postgresql_for_forgejo_username}}"
}
},
{
"name": "rights",
"become": true,
"become_user": "postgres",
"community.postgresql.postgresql_privs": {
"state": "present",
"db": "{{var_postgresql_for_forgejo_schema}}",
"objs": "ALL_IN_SCHEMA",
"roles": "{{var_postgresql_for_forgejo_username}}",
"privs": "ALL",
"grant_option": true
}
}
]

5
roles/postgresql-for-wiki_js/defaults/main.json Normal file
View file

@ -0,0 +1,5 @@
{
"var_postgresql_for_wiki_js_username": "wiki_js_user",
"var_postgresql_for_wiki_js_password": "REPLACE_ME",
"var_postgresql_for_wiki_js_schema": "wiki_js"
}

49
roles/postgresql-for-wiki_js/tasks/main.json Normal file
View file

@ -0,0 +1,49 @@
[
{
"name": "packages",
"become": true,
"ansible.builtin.apt": {
"update_cache": true,
"pkg": [
"acl",
"python3-psycopg2"
]
}
},
{
"name": "user",
"become": true,
"become_user": "postgres",
"community.postgresql.postgresql_user": {
"state": "present",
"name": "{{var_postgresql_for_wiki_js_username}}",
"password": "{{var_postgresql_for_wiki_js_password}}"
},
"environment": {
"PGOPTIONS": "-c password_encryption=scram-sha-256"
}
},
{
"name": "schema",
"become": true,
"become_user": "postgres",
"community.postgresql.postgresql_db": {
"state": "present",
"name": "{{var_postgresql_for_wiki_js_schema}}",
"owner": "{{var_postgresql_for_wiki_js_username}}"
}
},
{
"name": "rights",
"become": true,
"become_user": "postgres",
"community.postgresql.postgresql_privs": {
"state": "present",
"db": "{{var_postgresql_for_wiki_js_schema}}",
"objs": "ALL_IN_SCHEMA",
"roles": "{{var_postgresql_for_wiki_js_username}}",
"privs": "ALL",
"grant_option": true
}
}
]

2
roles/synapse/defaults/main.json
View file

@ -24,6 +24,8 @@
"var_synapse_smtp_port": 587, "var_synapse_smtp_port": 587,
"var_synapse_smtp_username": "synapse@smtp.example.org", "var_synapse_smtp_username": "synapse@smtp.example.org",
"var_synapse_smtp_password": "REPLACE_ME", "var_synapse_smtp_password": "REPLACE_ME",
"var_synapse_notifications_via_email_enabled_by_default": false,
"var_synapse_notifications_via_email_delay": "1h",
"var_synapse_admin_user_define": true, "var_synapse_admin_user_define": true,
"var_synapse_admin_user_name": "admin", "var_synapse_admin_user_name": "admin",
"var_synapse_admin_user_password": "REPLACE_ME" "var_synapse_admin_user_password": "REPLACE_ME"

3
roles/synapse/templates/homeserver.yaml.j2
View file

@ -172,7 +172,8 @@ email:
require_transport_security: true require_transport_security: true
notif_from: "%(app)s | {{var_synapse_title}}" notif_from: "%(app)s | {{var_synapse_title}}"
enable_notifs: true enable_notifs: true
notif_for_new_users: false notif_for_new_users: {{var_synapse_notifications_via_email_enabled_by_default | to_yaml}}
notif_delay_before_mail: {{var_synapse_notifications_via_email_delay}}
subjects: subjects:
password_reset: "[%(server_name)s] Passwort zurücksetzen" password_reset: "[%(server_name)s] Passwort zurücksetzen"
email_validation: "[%(server_name)s] Nutzer-Konto-Freischaltung" email_validation: "[%(server_name)s] Nutzer-Konto-Freischaltung"

8
roles/synapse/vardef.json
View file

@ -110,6 +110,14 @@
"type": "string", "type": "string",
"mandatory": true "mandatory": true
}, },
"notifications_via_email_enabled_by_default": {
"type": "boolean",
"mandatory": false
},
"notifications_via_email_delay": {
"type": "string",
"mandatory": false
},
"admin_user_define": { "admin_user_define": {
"type": "boolean", "type": "boolean",
"mandatory": false "mandatory": false

5
roles/wiki_js-and-nginx/defaults/main.json Normal file
View file

@ -0,0 +1,5 @@
{
"var_wiki_js_and_nginx_domain": "wiki-js.example.org",
"var_wiki_js_and_nginx_internal_port": 5632,
"var_wiki_js_and_nginx_tls_mode": "force"
}

3
roles/wiki_js-and-nginx/info.md Normal file
View file

@ -0,0 +1,3 @@
## Verweise
- [Wiki.js-Dokumentation | Web Server](https://docs.requarks.io/en/install/requirements#web-server)

35
roles/wiki_js-and-nginx/tasks/main.json Normal file
View file

@ -0,0 +1,35 @@
[
{
"name": "deactivate default site",
"become": true,
"ansible.builtin.file": {
"state": "absent",
"dest": "/etc/nginx/sites-enabled/default"
}
},
{
"name": "emplace configuration | data",
"become": true,
"ansible.builtin.template": {
"src": "conf.j2",
"dest": "/etc/nginx/sites-available/{{var_wiki_js_and_nginx_domain}}"
}
},
{
"name": "emplace configuration | link",
"become": true,
"ansible.builtin.file": {
"state": "link",
"src": "/etc/nginx/sites-available/{{var_wiki_js_and_nginx_domain}}",
"dest": "/etc/nginx/sites-enabled/{{var_wiki_js_and_nginx_domain}}"
}
},
{
"name": "restart nginx",
"become": true,
"ansible.builtin.systemd_service": {
"state": "restarted",
"name": "nginx"
}
}
]

33
roles/wiki_js-and-nginx/templates/conf.j2 Normal file
View file

@ -0,0 +1,33 @@
{% macro wiki_js_common() %}
location / {
proxy_pass http://localhost:{{var_wiki_js_and_nginx_internal_port | string}};
}
{% endmacro %}
server {
server_name {{var_wiki_js_and_nginx_domain}};
listen 80;
listen [::]:80;
{% if (var_wiki_js_and_nginx_tls_mode == 'force') %}
return 301 https://$http_host$request_uri;
{% else %}
{{ wiki_js_common() }}
{% endif %}
}
{% if (var_wiki_js_and_nginx_tls_mode != 'disable') %}
server {
server_name {{var_wiki_js_and_nginx_domain}};
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate_key /etc/ssl/private/{{var_wiki_js_and_nginx_domain}}.pem;
ssl_certificate /etc/ssl/fullchains/{{var_wiki_js_and_nginx_domain}}.pem;
include /etc/nginx/ssl-hardening.conf;
{{ wiki_js_common() }}
}
{% endif %}

19
roles/wiki_js-and-nginx/vardef.json Normal file
View file

@ -0,0 +1,19 @@
{
"domain": {
"type": "string",
"mandatory": false
},
"internal_port": {
"type": "integer",
"mandatory": false
},
"tls_mode": {
"type": "string",
"options": [
"disable",
"enable",
"force"
],
"mandatory": false
}
}

36
roles/wiki_js/defaults/main.json Normal file
View file

@ -0,0 +1,36 @@
{
"var_wiki_js_port": 5632,
"var_wiki_js_distributed": false,
"var_wiki_js_domain": "wiki-js.example.org",
"var_wiki_js_user": "wiki_js",
"var_wiki_js_directory": "/opt/wiki_js",
"var_wiki_js_data_path": "/var/wiki_js/data",
"var_wiki_js_log_level": "info",
"var_wiki_js_log_format": "default",
"var_wiki_js_database_kind": "sqlite",
"var_wiki_js_database_data_sqlite_path": "/var/wiki_js/data.sqlite",
"var_wiki_js_database_data_postgresql_host": "postgresql.example.org",
"var_wiki_js_database_data_postgresql_port": 5432,
"var_wiki_js_database_data_postgresql_username": "wiki_js_user",
"var_wiki_js_database_data_postgresql_password": "REPLACE_ME",
"var_wiki_js_database_data_postgresql_schema": "wiki_js",
"var_wiki_js_authentication_kind": "internal",
"var_wiki_js_authentication_data_authelia_provider_id": "authelia",
"var_wiki_js_authentication_data_authelia_provider_name": "Authelia",
"var_wiki_js_authentication_data_authelia_client_id": "wiki_js",
"var_wiki_js_authentication_data_authelia_client_secret": "REPLACE_ME",
"var_wiki_js_authentication_data_authelia_url_base": "https://authelia.example.org",
"var_wiki_js_smtp_host": "smtp.example.org",
"var_wiki_js_smtp_port": 465,
"var_wiki_js_smtp_username": "REPLACE_ME",
"var_wiki_js_smtp_password": "REPLACE_ME",
"var_wiki_js_email_sending_sender_name": "Wiki.js",
"var_wiki_js_email_sending_sender_email_address": "wiki-js@example.org",
"var_wiki_js_admin_email_address": "wiki-js-admin@example.org",
"var_wiki_js_admin_password": "REPLACE_ME",
"var_wiki_js_additional_locales": [],
"var_wiki_js_user_group_name": "Default",
"var_wiki_js_allow_guest_view": true,
"var_wiki_js_dark_mode": false,
"var_wiki_js_toc_position": "left"
}

959
roles/wiki_js/files/wiki-js-cli Executable file
View file

@ -0,0 +1,959 @@
#!/usr/bin/env node
var _wiki_js_cli;
(function (_wiki_js_cli) {
var helpers;
(function (helpers) {
var string;
(function (string) {
/**
*/
function coin(template, arguments_) {
let result = template;
Object.entries(arguments_).forEach(([key, value]) => {
result = result.replace(new RegExp("{{" + key + "}}", "g"), value);
});
return result;
}
string.coin = coin;
})(string = helpers.string || (helpers.string = {}));
})(helpers = _wiki_js_cli.helpers || (_wiki_js_cli.helpers = {}));
})(_wiki_js_cli || (_wiki_js_cli = {}));
var _wiki_js_cli;
(function (_wiki_js_cli) {
var helpers;
(function (helpers) {
var file;
(function (file) {
/**
*/
function read(path) {
const nm_fs = require("fs");
return (new Promise((resolve, reject) => {
nm_fs.readFile(path, {}, (err, data) => {
if (err) {
reject(err);
}
else {
resolve(data.toString());
}
});
}));
}
file.read = read;
})(file = helpers.file || (helpers.file = {}));
})(helpers = _wiki_js_cli.helpers || (_wiki_js_cli.helpers = {}));
})(_wiki_js_cli || (_wiki_js_cli = {}));
var _wiki_js_cli;
(function (_wiki_js_cli) {
var helpers;
(function (helpers) {
var log;
(function (log) {
/**
*/
let enum_level;
(function (enum_level) {
enum_level["debug"] = "debug";
enum_level["info"] = "info";
enum_level["notice"] = "notice";
enum_level["warning"] = "warning";
enum_level["error"] = "error";
})(enum_level = log.enum_level || (log.enum_level = {}));
/**
*/
const _level_order = [
enum_level.debug,
enum_level.info,
enum_level.notice,
enum_level.warning,
enum_level.error,
];
/**
*/
var _threshold = enum_level.info;
/**
*/
function setup(threshold) {
_threshold = threshold;
return Promise.resolve(undefined);
}
log.setup = setup;
/**
*/
function write(level, incident, details) {
if (_level_order.indexOf(level) < _level_order.indexOf(_threshold)) {
// do nothing
}
else {
process.stderr.write(_wiki_js_cli.helpers.string.coin("\n<{{datetime}}> [{{level}}] {{incident}}\n{{details}}\n\n", {
"datetime": (new Date()).toISOString(),
"level": level,
"incident": incident,
"details": JSON.stringify(details, undefined, "\t"),
}));
}
}
log.write = write;
})(log = helpers.log || (helpers.log = {}));
})(helpers = _wiki_js_cli.helpers || (_wiki_js_cli.helpers = {}));
})(_wiki_js_cli || (_wiki_js_cli = {}));
var _wiki_js_cli;
(function (_wiki_js_cli) {
var helpers;
(function (helpers) {
var http;
(function (http) {
/**
*/
async function call(http_request) {
_wiki_js_cli.helpers.log.write(_wiki_js_cli.helpers.log.enum_level.debug, "http_call_request", http_request);
const fetch_request = new Request(http_request.target, {
"method": http_request.method,
"headers": http_request.headers,
"body": http_request.body,
});
const fetch_response = await fetch(fetch_request);
const http_response = {
"status_code": fetch_response.status,
"headers": Object.fromEntries(fetch_response.headers.entries()),
"body": await fetch_response.text(),
};
_wiki_js_cli.helpers.log.write(_wiki_js_cli.helpers.log.enum_level.debug, "http_call_response", http_response);
return http_response;
}
http.call = call;
})(http = helpers.http || (helpers.http = {}));
})(helpers = _wiki_js_cli.helpers || (_wiki_js_cli.helpers = {}));
})(_wiki_js_cli || (_wiki_js_cli = {}));
var _wiki_js_cli;
(function (_wiki_js_cli) {
var helpers;
(function (helpers) {
var args;
(function (args) {
/**
*/
function parse(args_raw) {
let result = {
"positional": [],
"volatile": {},
};
let state = "free";
let key = null;
args_raw.forEach((arg_raw) => {
switch (state) {
case "free": {
if (arg_raw.startsWith("-")) {
key = arg_raw.slice(1);
state = "bound";
}
else {
if (key === null) {
result.positional.push(arg_raw);
key = null;
state = "free";
}
else {
_wiki_js_cli.helpers.log.write(_wiki_js_cli.helpers.log.enum_level.warning, "arg_discarded", {
"arg_raw": arg_raw,
});
key = null;
state = "free";
}
}
break;
}
case "bound": {
if (!(key in result["volatile"])) {
result["volatile"][key] = [];
}
else {
// do nothing
}
result["volatile"][key].push(arg_raw);
key = null;
state = "free";
}
}
});
return result;
}
args.parse = parse;
})(args = helpers.args || (helpers.args = {}));
})(helpers = _wiki_js_cli.helpers || (_wiki_js_cli.helpers = {}));
})(_wiki_js_cli || (_wiki_js_cli = {}));
var _wiki_js_cli;
(function (_wiki_js_cli) {
var conf;
(function (conf) {
/**
*/
var _data = null;
/**
*/
async function load(path) {
let data_raw;
if (path === null) {
data_raw = {};
}
else {
const content = await _wiki_js_cli.helpers.file.read(path);
data_raw = JSON.parse(content);
}
_wiki_js_cli.helpers.log.write(_wiki_js_cli.helpers.log.enum_level.debug, "conf_raw", data_raw);
_data = {
"api": {
"url_base": (data_raw?.api?.url_base
??
"http://localhost:3000"),
},
"login": {
"username": (data_raw?.login?.username
??
"admin"),
"password": (data_raw?.login?.password
??
"admin"),
},
"log": {
"threshold": (data_raw?.log?.threshold
??
"info"),
}
};
return Promise.resolve(undefined);
}
conf.load = load;
/**
*/
function set(data) {
_data = data;
}
conf.set = set;
/**
*/
function get() {
return _data;
}
conf.get = get;
})(conf = _wiki_js_cli.conf || (_wiki_js_cli.conf = {}));
})(_wiki_js_cli || (_wiki_js_cli = {}));
var _wiki_js_cli;
(function (_wiki_js_cli) {
var api;
(function (api) {
/**
*/
var _login_token = null;
/**
*/
var _url_base = null;
/**
*/
function init(url_base) {
_url_base = url_base;
return Promise.resolve(undefined);
}
api.init = init;
/**
*/
async function call_generic_graphql(graphql_query, options) {
options = Object.assign({
"variables": {},
}, options);
const http_request = {
"target": (_url_base + "/graphql"),
"method": "POST",
"headers": Object.assign({
"Content-Type": "application/json",
}, ((_login_token === null)
?
{}
:
{ "Cookie": ("jwt=" + _login_token) })),
"body": JSON.stringify([
{
"operationName": null,
"variables": options.variables,
"extensions": {},
"query": graphql_query,
}
]),
};
const http_response = await _wiki_js_cli.helpers.http.call(http_request);
const data = JSON.parse(http_response.body);
return Promise.resolve(data[0]["data"]);
}
/**
*/
async function call_finalize(admin_email, admin_password, site_url, telemetry) {
const http_request = {
"target": (_wiki_js_cli.conf.get().api.url_base + "/finalize"),
"method": "POST",
"headers": {
"Content-Type": "application/json",
},
"body": JSON.stringify({
"adminEmail": admin_email,
"adminPassword": admin_password,
"adminPasswordConfirm": admin_password,
"siteUrl": site_url,
"telemetry": telemetry,
}),
};
const http_response = await _wiki_js_cli.helpers.http.call(http_request);
const data = JSON.parse(http_response.body);
return Promise.resolve(undefined);
}
api.call_finalize = call_finalize;
/**
* executes a local login
*/
async function call_login_local(username, password) {
_wiki_js_cli.helpers.log.write(_wiki_js_cli.helpers.log.enum_level.info, "api_call_login_local", {});
return (call_generic_graphql("mutation ($username: String!, $password: String!, $strategy: String!) {authentication {login(username: $username, password: $password, strategy: $strategy) {responseResult {succeeded errorCode slug message __typename} jwt mustChangePwd mustProvideTFA mustSetupTFA continuationToken redirect tfaQRImage __typename} __typename}}", {
"variables": {
"strategy": "local",
"username": username,
"password": password,
}
})
.then((data) => {
if (data["authentication"]["login"]["responseResult"]["succeeded"]) {
_login_token = data["authentication"]["login"]["jwt"];
return Promise.resolve(undefined);
}
else {
return Promise.reject(new Error("login failed"));
}
}));
}
api.call_login_local = call_login_local;
/**
*/
function call_email_settings_set(settings) {
_wiki_js_cli.helpers.log.write(_wiki_js_cli.helpers.log.enum_level.info, "api_call_email_settings_set", {
"settings": settings,
});
return (call_generic_graphql("mutation ($senderName: String!, $senderEmail: String!, $host: String!, $port: Int!, $name: String!, $secure: Boolean!, $verifySSL: Boolean!, $user: String!, $pass: String!, $useDKIM: Boolean!, $dkimDomainName: String!, $dkimKeySelector: String!, $dkimPrivateKey: String!) {mail {updateConfig(senderName: $senderName, senderEmail: $senderEmail, host: $host, port: $port, name: $name, secure: $secure, verifySSL: $verifySSL, user: $user, pass: $pass, useDKIM: $useDKIM, dkimDomainName: $dkimDomainName, dkimKeySelector: $dkimKeySelector, dkimPrivateKey: $dkimPrivateKey) {responseResult {succeeded errorCode slug message __typename} __typename} __typename}}", {
"variables": {
"senderName": settings.sender_name,
"senderEmail": settings.sender_email_address,
"host": settings.smtp_host,
"port": settings.smtp_port,
"name": settings.name,
"secure": settings.secure,
"verifySSL": settings.verify_ssl,
"user": settings.smtp_username,
"pass": settings.smtp_password,
"useDKIM": settings.use_dkim,
"dkimDomainName": settings.dkim_domain_name,
"dkimKeySelector": settings.dkim_key_selector,
"dkimPrivateKey": settings.dkim_private_key,
}
}));
}
api.call_email_settings_set = call_email_settings_set;
/**
*/
function call_locale_download(locale) {
_wiki_js_cli.helpers.log.write(_wiki_js_cli.helpers.log.enum_level.info, "api_call_locale_download", {
"locale": locale,
});
return (call_generic_graphql("mutation ($locale: String!) {localization {downloadLocale(locale: $locale) {responseResult {succeeded errorCode slug message __typename} __typename}__typename}}", {
"variables": {
"locale": locale,
}
}));
}
api.call_locale_download = call_locale_download;
/**
*/
function call_group_list(name) {
_wiki_js_cli.helpers.log.write(_wiki_js_cli.helpers.log.enum_level.info, "api_call_group_list", {});
return (call_generic_graphql("{groups {list {id name isSystem userCount createdAt updatedAt __typename} __typename}}", {
"variables": {}
}));
}
api.call_group_list = call_group_list;
/**
*/
function call_group_create(name) {
_wiki_js_cli.helpers.log.write(_wiki_js_cli.helpers.log.enum_level.info, "api_call_group_create", {
"name": name,
});
return (call_generic_graphql("mutation ($name: String!) {groups {create(name: $name) {responseResult {succeeded errorCode slug message __typename} group {id name createdAt updatedAt __typename} __typename} __typename}}", {
"variables": {
"name": name,
}
}));
}
api.call_group_create = call_group_create;
/**
* @param permissions_general {
* Array<
* string
* >
* }
* @param permissions_page_specific {
* Array<
* {
* id:string;
* path:string;
* roles:Array<
* string
* >;
* match:string;
* deny:boolean;
* locales:Array<
* string
* >;
* }
* >
* }
*/
function call_group_update(group_id, name, permissions_general, permissions_page_specific) {
_wiki_js_cli.helpers.log.write(_wiki_js_cli.helpers.log.enum_level.info, "api_call_group_update", {});
return (call_generic_graphql("mutation ($id: Int!, $name: String!, $redirectOnLogin: String!, $permissions: [String]!, $pageRules: [PageRuleInput]!) {groups {update(id: $id, name: $name, redirectOnLogin: $redirectOnLogin, permissions: $permissions, pageRules: $pageRules) {responseResult {succeeded errorCode slug message __typename} __typename} __typename}}", {
"variables": {
"id": group_id,
"name": name,
"redirectOnLogin": "/",
"permissions": permissions_general,
"pageRules": permissions_page_specific,
}
}));
}
api.call_group_update = call_group_update;
/**
*/
function call_authentication_strategy_list() {
_wiki_js_cli.helpers.log.write(_wiki_js_cli.helpers.log.enum_level.info, "api_call_authentication_strategy_list", {});
return (call_generic_graphql("{authentication {activeStrategies {key strategy {key title description useForm logo website __typename} config {key value __typename} order isEnabled displayName selfRegistration domainWhitelist autoEnrollGroups __typename} __typename}}", {})
.then((data) => Promise.resolve(data["authentication"]["activeStrategies"])));
}
api.call_authentication_strategy_list = call_authentication_strategy_list;
/**
*/
function call_authentication_strategy_set(strategies) {
_wiki_js_cli.helpers.log.write(_wiki_js_cli.helpers.log.enum_level.info, "api_call_authentication_strategy_set", {
"strategies": strategies,
});
return (call_generic_graphql("mutation ($strategies: [AuthenticationStrategyInput]!) {authentication {updateStrategies(strategies: $strategies) {responseResult {succeeded errorCode slug message __typename} __typename} __typename}}", {
"variables": {
"strategies": strategies,
}
}));
}
api.call_authentication_strategy_set = call_authentication_strategy_set;
/**
*/
function call_theming_set(dark_mode, toc_position) {
_wiki_js_cli.helpers.log.write(_wiki_js_cli.helpers.log.enum_level.info, "api_call_theming_set", {
"dark_mode": dark_mode,
"toc_position": toc_position,
});
return (call_generic_graphql("mutation ($theme: String!, $iconset: String!, $darkMode: Boolean!, $tocPosition: String, $injectCSS: String, $injectHead: String, $injectBody: String) {theming {setConfig(theme: $theme, iconset: $iconset, darkMode: $darkMode, tocPosition: $tocPosition, injectCSS: $injectCSS, injectHead: $injectHead, injectBody: $injectBody) {responseResult {succeeded errorCode slug message __typename} __typename} __typename}}", {
"variables": {
"theme": "default",
"iconset": "mdi",
"darkMode": dark_mode,
"tocPosition": toc_position,
"injectCSS": "",
"injectHead": "",
"injectBody": ""
}
}));
}
api.call_theming_set = call_theming_set;
})(api = _wiki_js_cli.api || (_wiki_js_cli.api = {}));
})(_wiki_js_cli || (_wiki_js_cli = {}));
var _wiki_js_cli;
(function (_wiki_js_cli) {
var logic;
(function (logic) {
/**
*/
async function login(options = {}) {
options = Object.assign({
"username": _wiki_js_cli.conf.get().login.username,
"password": _wiki_js_cli.conf.get().login.password,
}, options);
await _wiki_js_cli.api.call_login_local(options.username, options.password);
return Promise.resolve(undefined);
}
logic.login = login;
/**
*/
async function initialize(admin_email_address, admin_password, options = {}) {
options = Object.assign({
"site_url": "http://localhost:3000",
"allow_telemetry": false,
}, options);
await _wiki_js_cli.api.call_finalize(admin_email_address, admin_password, options.site_url, options.allow_telemetry);
return Promise.resolve(undefined);
}
logic.initialize = initialize;
/**
*/
async function email_settings_set(smtp_host, smtp_port, smtp_username, smtp_password, sender_name, sender_email_address, options = {}) {
options = Object.assign({}, options);
const result = await _wiki_js_cli.api.call_email_settings_set({
"sender_name": sender_name,
"sender_email_address": sender_email_address,
"smtp_host": smtp_host,
"smtp_port": smtp_port,
"secure": true,
"verify_ssl": true,
"smtp_username": smtp_username,
"smtp_password": smtp_password,
"name": "",
"use_dkim": false,
"dkim_domain_name": "",
"dkim_key_selector": "",
"dkim_private_key": "",
});
return Promise.resolve(undefined);
}
logic.email_settings_set = email_settings_set;
/**
*/
async function locale_add(locale_code) {
_wiki_js_cli.api.call_locale_download(locale_code);
return Promise.resolve(undefined);
}
logic.locale_add = locale_add;
/**
*/
async function group_identify(name) {
const data = await _wiki_js_cli.api.call_group_list(name);
const hits = (data["groups"]["list"]
.filter((entry) => (entry["name"] === name)));
if (hits.length !== 1) {
return Promise.reject(new Error("not found or ambiguous"));
}
else {
return Promise.resolve(hits[0]["id"]);
}
}
logic.group_identify = group_identify;
/**
* returns the ID of the generated group
*/
async function group_add(name, options = {}) {
options = Object.assign({
"permissions_general": [],
"permissions_specific": [],
}, options);
const result_1 = await _wiki_js_cli.api.call_group_create(name);
const id = result_1["groups"]["create"]["group"]["id"];
const result_2 = await _wiki_js_cli.api.call_group_update(id, name, options.permissions_general, options.permissions_specific);
return Promise.resolve(id);
}
logic.group_add = group_add;
/**
*/
async function group_modify(id, options = {}) {
options = Object.assign({
"permissions_general": [],
"permissions_specific": [],
}, options);
const result = await _wiki_js_cli.api.call_group_update(id, name, options.permissions_general, options.permissions_specific);
return Promise.resolve(undefined);
}
logic.group_modify = group_modify;
/**
*/
async function authentication_strategy_list() {
const result = await _wiki_js_cli.api.call_authentication_strategy_list();
return Promise.resolve(result);
}
logic.authentication_strategy_list = authentication_strategy_list;
/**
*/
async function authentication_strategy_add(strategy) {
const current = await _wiki_js_cli.api.call_authentication_strategy_list();
const result = await _wiki_js_cli.api.call_authentication_strategy_set(((current
.map((entry) => ({
"key": entry["key"],
"strategyKey": entry["strategy"]["key"],
"displayName": entry["displayName"],
"order": entry["order"],
"isEnabled": entry["isEnabled"],
"config": (entry["config"]
.map((item) => ({
"key": item["key"],
"value": JSON.stringify({ "v": JSON.parse(item["value"])["value"] }),
}))),
"selfRegistration": entry["selfRegistration"],
"domainWhitelist": entry["domainWhitelist"],
"autoEnrollGroups": entry["autoEnrollGroups"],
})))
.concat([
{
"key": strategy.key,
"strategyKey": "oauth2",
"displayName": strategy.name,
"order": ((current
.map(x => x["order"])
.reduce((x, y) => (((x === null) || (x < y)) ? y : x), null))
+
1),
"isEnabled": true,
"config": [
{
"key": "clientId",
"value": JSON.stringify({ "v": strategy.client_id }),
},
{
"key": "clientSecret",
"value": JSON.stringify({ "v": strategy.client_secret }),
},
{
"key": "authorizationURL",
"value": JSON.stringify({ "v": strategy.authorization_url }),
},
{
"key": "tokenURL",
"value": JSON.stringify({ "v": strategy.token_url }),
},
{
"key": "userInfoURL",
"value": JSON.stringify({ "v": strategy.user_info_url }),
},
{
"key": "userIdClaim",
"value": JSON.stringify({ "v": "id" }),
},
{
"key": "displayNameClaim",
"value": JSON.stringify({ "v": "name" }),
},
{
"key": "emailClaim",
"value": JSON.stringify({ "v": "email" }),
},
{
"key": "mapGroups",
"value": JSON.stringify({ "v": false }),
},
{
"key": "groupsClaim",
"value": JSON.stringify({ "v": "groups" }),
},
{
"key": "logoutURL",
"value": JSON.stringify({ "v": "" }),
},
{
"key": "scope",
"value": JSON.stringify({ "v": "openid profile email" }),
},
{
"key": "useQueryStringForAccessToken",
"value": JSON.stringify({ "v": false }),
},
{
"key": "enableCSRFProtection",
"value": JSON.stringify({ "v": true }),
}
],
"selfRegistration": true,
"domainWhitelist": [],
"autoEnrollGroups": await Promise.all(strategy.group_assignments
.map(x => group_identify(x))),
},
])));
return Promise.resolve(undefined);
}
logic.authentication_strategy_add = authentication_strategy_add;
/**
*/
async function theming_set(options = {}) {
options = Object.assign({
"dark_mode": false,
"toc_position": "left",
}, options);
const result = await _wiki_js_cli.api.call_theming_set(options.dark_mode, options.toc_position);
return Promise.resolve(result);
}
logic.theming_set = theming_set;
})(logic = _wiki_js_cli.logic || (_wiki_js_cli.logic = {}));
})(_wiki_js_cli || (_wiki_js_cli = {}));
var _wiki_js_cli;
(function (_wiki_js_cli) {
/**
*/
function parse_boolean(indicator) {
if ((indicator === "1")
||
(indicator === "yes")
||
(indicator === "on")
||
(indicator === "true")) {
return true;
}
else {
if ((indicator === "0")
||
(indicator === "no")
||
(indicator === "off")
||
(indicator === "false")) {
return false;
}
else {
throw (new Error("invalid boolean indicator: " + indicator));
}
}
}
/**
*/
async function main(args_raw) {
// args
const args = _wiki_js_cli.helpers.args.parse(args_raw);
const override_url_base = ((("b" in args.volatile)
&&
(args.volatile["b"].length >= 0))
?
args.volatile["b"][0]
:
null);
const override_username = ((("u" in args.volatile)
&&
(args.volatile["u"].length >= 0))
?
args.volatile["u"][0]
:
null);
const override_password = ((("p" in args.volatile)
&&
(args.volatile["p"].length >= 0))
?
args.volatile["p"][0]
:
null);
const override_log_level = ((("l" in args.volatile)
&&
(args.volatile["l"].length >= 0))
?
args.volatile["l"][0]
:
null);
// conf
const conf_path = ((("c" in args.volatile)
&&
(args.volatile["c"].length >= 0))
?
args.volatile["c"][0]
:
null);
await _wiki_js_cli.conf.load(conf_path);
_wiki_js_cli.helpers.log.write(_wiki_js_cli.helpers.log.enum_level.debug, "conf", _wiki_js_cli.conf.get());
// init
await _wiki_js_cli.helpers.log.setup(override_log_level ?? _wiki_js_cli.conf.get().log.threshold);
await _wiki_js_cli.api.init((override_url_base ?? _wiki_js_cli.conf.get().api.url_base));
// exec
if (args.positional.length < 1) {
return Promise.reject("SYNTAX: [node] cli.js [-c <conf-path>] [-b <api-url-base>] [-u <login-username>] [-p <login-password>] <action> [<arg-1> [<arg-2> […]]]\n\n\t<action> = init | email-settings-set | locale-add | group-add | group-modify | auth-strat-add-oauth2 | theming-set");
}
else {
const action = args.positional[0];
switch (action) {
default: {
return Promise.reject("invalid action: " + action);
break;
}
case "init": {
if (args.positional.length <= 2) {
return Promise.reject("SYNTAX: … init <admin-email-address> <admin-password> [<site-url> [<allow-telemetry>]]");
}
else {
const admin_email_address = args.positional[1];
const admin_password = args.positional[2];
const site_url = ((args.positional.length >= 4)
?
args.positional[3]
:
undefined);
const allow_telemetry = ((args.positional.length >= 5)
?
parse_boolean(args.positional[4])
:
undefined);
await _wiki_js_cli.logic.initialize(admin_email_address, admin_password, {
"site_url": site_url,
"allow_telemetry": allow_telemetry
});
return Promise.resolve(undefined);
}
break;
}
case "email-settings-set": {
if (args.positional.length <= 6) {
return Promise.reject("SYNTAX: … email-settings-set <smtp-host> <smtp-port> <smtp-username> <smtp-password> <sender-name> <sender-email-address>");
}
else {
const smtp_host = args.positional[1];
const smtp_port = parseInt(args.positional[2]);
const smtp_username = args.positional[3];
const smtp_password = args.positional[4];
const sender_name = args.positional[5];
const sender_email_address = args.positional[6];
await _wiki_js_cli.logic.login({
"username": override_username,
"password": override_password,
});
await _wiki_js_cli.logic.email_settings_set(smtp_host, smtp_port, smtp_username, smtp_password, sender_name, sender_email_address, {});
return Promise.resolve(undefined);
}
break;
}
case "locale-add": {
if (args.positional.length <= 1) {
return Promise.reject("SYNTAX: … locale-add <locale-code>");
}
else {
const locale_code = args.positional[1];
await _wiki_js_cli.logic.login({
"username": override_username,
"password": override_password,
});
await _wiki_js_cli.logic.locale_add(locale_code);
return Promise.resolve(undefined);
}
break;
}
case "group-add": {
if (args.positional.length <= 2) {
return Promise.reject("SYNTAX: … group-add <name> <permissions>");
}
else {
const name = args.positional[1];
const permissions = args.positional[2].split(",");
await _wiki_js_cli.logic.login({
"username": override_username,
"password": override_password,
});
const result = await _wiki_js_cli.logic.group_add(name, {
"permissions_general": permissions,
"permissions_specific": [
{
"id": "default",
"path": "",
"roles": permissions,
"match": "START",
"deny": false,
"locales": []
}
],
});
process.stdout.write(JSON.stringify(result, undefined, "\t")
+
"\n");
}
break;
}
case "group-modify": {
if (args.positional.length <= 2) {
return Promise.reject("SYNTAX: … group-modify <name> <permissions>");
}
else {
const name = args.positional[1];
const permissions = args.positional[2].split(",");
const id = await _wiki_js_cli.logic.group_identify(name);
await _wiki_js_cli.logic.login({
"username": override_username,
"password": override_password,
});
const result = await _wiki_js_cli.logic.group_modify(id, {
"permissions_general": permissions,
"permissions_specific": [
{
"id": "default",
"path": "",
"roles": permissions,
"match": "START",
"deny": false,
"locales": []
}
],
});
}
break;
}
case "auth-strat-add-oauth2": {
if (args.positional.length <= 8) {
return Promise.reject("SYNTAX: … auth-strat-add-oauth2 <strategy-key> <strategy-name> <strategy-client-id> <strategy-client-secret> <strategy-authorization-url> <strategy-token-url> <strategy-user-info-url> <group-assignments>");
}
else {
const strategy = {
"key": args.positional[1],
"name": args.positional[2],
"client_id": args.positional[3],
"client_secret": args.positional[4],
"authorization_url": args.positional[5],
"token_url": args.positional[6],
"user_info_url": args.positional[7],
"group_assignments": args.positional[8].split(","),
};
await _wiki_js_cli.logic.login({
"username": override_username,
"password": override_password,
});
await _wiki_js_cli.logic.authentication_strategy_add(strategy);
return Promise.resolve(undefined);
}
break;
}
case "theming-set": {
if (args.positional.length <= 1) {
return Promise.reject("SYNTAX: … theming-set <dark-mode> [<toc-position>]");
}
else {
const dark_mode = parse_boolean(args.positional[1]);
const toc_position_raw = ((args.positional.length <= 2)
?
"left"
:
args.positional[2]);
const toc_position = (() => {
switch (toc_position_raw) {
case "left": return "left";
case "right": return "right";
case "hidden": return "off";
default: {
return null;
}
}
})();
if (toc_position === null) {
return Promise.reject("invalid toc-position: " + toc_position_raw + "; valid values are: left,right,hidden");
}
else {
await _wiki_js_cli.logic.login({
"username": override_username,
"password": override_password,
});
await _wiki_js_cli.logic.theming_set({
"dark_mode": dark_mode,
"toc_position": toc_position,
});
return Promise.resolve(undefined);
}
}
break;
}
}
}
}
_wiki_js_cli.main = main;
})(_wiki_js_cli || (_wiki_js_cli = {}));
(_wiki_js_cli.main(process.argv.slice(2))
.then(() => {
})
.catch((reason) => {
process.stderr.write("-- " + String(reason) + "\n");
}));

19
roles/wiki_js/info.md Normal file
View file

@ -0,0 +1,19 @@
## Beschreibung
- Einrichtung der Aufgaben-Verwaltung [Wiki.js](https://js.wiki/)
## Verweise
- [Wiki.js-Dokumentation | Linux-Installation](https://docs.requarks.io/install/linux)
- [Wiki.js-Dokumentation | Konfiguration](https://docs.requarks.io/install/config)
## Anmerkungen
- `files/wiki-js-cli` stammt aus einem kleinen Projekt von _roydfalk_
## ToDo
- start page

193
roles/wiki_js/tasks/main.json Normal file
View file

@ -0,0 +1,193 @@
[
{
"name": "packages",
"become": true,
"ansible.builtin.apt": {
"update_cache": true,
"pkg": [
"npm"
]
}
},
{
"name": "user",
"become": true,
"ansible.builtin.user": {
"name": "{{var_wiki_js_user}}",
"create_home": true,
"home": "{{var_wiki_js_directory}}"
}
},
{
"name": "directories",
"become": true,
"loop": [
"{{var_wiki_js_data_path}}"
],
"ansible.builtin.file": {
"owner": "{{var_wiki_js_user}}",
"state": "directory",
"path": "{{item}}"
}
},
{
"name": "download",
"become": true,
"become_user": "{{var_wiki_js_user}}",
"ansible.builtin.get_url": {
"url": "https://github.com/Requarks/wiki/releases/latest/download/wiki-js.tar.gz",
"dest": "/tmp/wiki_js.tar.gz"
}
},
{
"name": "unpack",
"become": true,
"become_user": "{{var_wiki_js_user}}",
"ansible.builtin.unarchive": {
"remote_src": true,
"src": "/tmp/wiki_js.tar.gz",
"dest": "{{var_wiki_js_directory}}"
}
},
{
"name": "cli client",
"become": true,
"ansible.builtin.copy": {
"src": "wiki-js-cli",
"dest": "/usr/local/bin/wiki-js-cli",
"mode": "0700"
}
},
{
"name": "database | sqlite | dirctory",
"when": "var_wiki_js_database_kind == 'sqlite'",
"become": true,
"ansible.builtin.file": {
"path": "{{var_wiki_js_database_data_sqlite_path | dirname}}",
"state": "directory",
"owner": "{{var_wiki_js_user}}"
}
},
{
"name": "database | sqlite | file",
"when": "var_wiki_js_database_kind == 'sqlite'",
"become": true,
"become_user": "{{var_wiki_js_user}}",
"ansible.builtin.file": {
"path": "{{var_wiki_js_database_data_sqlite_path}}",
"state": "touch"
}
},
{
"name": "conf",
"become": true,
"become_user": "{{var_wiki_js_user}}",
"ansible.builtin.template": {
"src": "config.yml.j2",
"dest": "{{var_wiki_js_directory}}/config.yml"
}
},
{
"name": "database | sqlite | setup",
"when": "var_wiki_js_database_kind == 'sqlite'",
"become": true,
"become_user": "{{var_wiki_js_user}}",
"ansible.builtin.command": {
"chdir": "{{var_wiki_js_directory}}",
"cmd": "npm rebuild sqlite3"
}
},
{
"name": "systemd-unit",
"become": true,
"ansible.builtin.template": {
"src": "systemd-unit.j2",
"dest": "/etc/systemd/system/wiki_js.service"
}
},
{
"name": "start service",
"become": true,
"ansible.builtin.systemd_service": {
"state": "restarted",
"enabled": true,
"name": "wiki_js"
}
},
{
"name": "setup | initialize",
"become": true,
"become_user": "{{var_wiki_js_user}}",
"ansible.builtin.command": {
"chdir": "{{var_wiki_js_directory}}",
"cmd": "/usr/local/bin/wiki-js-cli -b http://127.0.0.1:{{var_wiki_js_port | string}} init {{var_wiki_js_admin_email_address}} {{var_wiki_js_admin_password}} https://{{var_wiki_js_domain}} no"
}
},
{
"name": "setup | email settings",
"become": true,
"become_user": "{{var_wiki_js_user}}",
"ansible.builtin.command": {
"chdir": "{{var_wiki_js_directory}}",
"cmd": "/usr/local/bin/wiki-js-cli -b http://127.0.0.1:{{var_wiki_js_port | string}} -u {{var_wiki_js_admin_email_address}} -p {{var_wiki_js_admin_password}} email-settings-set {{var_wiki_js_smtp_host}} {{var_wiki_js_smtp_port}} {{var_wiki_js_smtp_username}} {{var_wiki_js_smtp_password}} {{email_sending_sender_name}} {{email_sending_sender_email_address}}"
}
},
{
"name": "setup | locales",
"become": true,
"become_user": "{{var_wiki_js_user}}",
"loop": "{{var_wiki_js_additional_locales}}",
"ansible.builtin.command": {
"chdir": "{{var_wiki_js_directory}}",
"cmd": "/usr/local/bin/wiki-js-cli -b http://127.0.0.1:{{var_wiki_js_port | string}} -u {{var_wiki_js_admin_email_address}} -p {{var_wiki_js_admin_password}} locale-add {{item}}"
}
},
{
"name": "setup | set guest access | negative",
"when": "not var_wiki_js_allow_guest_view",
"become": true,
"become_user": "{{var_wiki_js_user}}",
"ansible.builtin.command": {
"chdir": "{{var_wiki_js_directory}}",
"cmd": "/usr/local/bin/wiki-js-cli -b http://127.0.0.1:{{var_wiki_js_port | string}} -u {{var_wiki_js_admin_email_address}} -p {{var_wiki_js_admin_password}} group-modify Guests"
}
},
{
"name": "setup | set guest access | positive",
"when": "var_wiki_js_allow_guest_view",
"become": true,
"become_user": "{{var_wiki_js_user}}",
"ansible.builtin.command": {
"chdir": "{{var_wiki_js_directory}}",
"cmd": "/usr/local/bin/wiki-js-cli -b http://127.0.0.1:{{var_wiki_js_port | string}} -u {{var_wiki_js_admin_email_address}} -p {{var_wiki_js_admin_password}} group-modify Guests read:pages read:assets read:comments"
}
},
{
"name": "setup | define user group",
"become": true,
"become_user": "{{var_wiki_js_user}}",
"ansible.builtin.command": {
"chdir": "{{var_wiki_js_directory}}",
"cmd": "/usr/local/bin/wiki-js-cli -b http://127.0.0.1:{{var_wiki_js_port | string}} -u {{var_wiki_js_admin_email_address}} -p {{var_wiki_js_admin_password}} group-add {{var_wiki_js_user_group_name}} {{var_wiki_js_allow_guest_view | ternary('read:pages,read:assets,read:comments,write:comments,write:pages,manage:pages,delete:pages,write:styles,write:scripts,read:source,read:history,write:assets,manage:assets,manage:comments','')}}"
}
},
{
"name": "setup | authentication | authelia",
"when": "var_wiki_js_authentication_kind == 'authelia'",
"become": true,
"become_user": "{{var_wiki_js_user}}",
"ansible.builtin.command": {
"chdir": "{{var_wiki_js_directory}}",
"cmd": "/usr/local/bin/wiki-js-cli -b http://127.0.0.1:{{var_wiki_js_port | string}} -u {{var_wiki_js_admin_email_address}} -p {{var_wiki_js_admin_password}} auth-strat-add-oauth2 {{var_wiki_js_authentication_data_authelia_provider_id}} {{var_wiki_js_authentication_data_authelia_provider_name}} {{var_wiki_js_authentication_data_authelia_client_id}} {{var_wiki_js_authentication_data_authelia_client_secret}} {{var_wiki_js_authentication_data_authelia_url_base}}/api/oidc/authorization {{var_wiki_js_authentication_data_authelia_url_base}}/api/oidc/token {{var_wiki_js_authentication_data_authelia_url_base}}/api/oidc/userinfo {{var_wiki_js_user_group_name}}"
}
},
{
"name": "setup | theming",
"become": true,
"become_user": "{{var_wiki_js_user}}",
"ansible.builtin.command": {
"chdir": "{{var_wiki_js_directory}}",
"cmd": "/usr/local/bin/wiki-js-cli -b http://127.0.0.1:{{var_wiki_js_port | string}} -u {{var_wiki_js_admin_email_address}} -p {{var_wiki_js_admin_password}} theming-set {{var_wiki_js_dark_mode | ternary('yes','no')}} {{var_wiki_js_toc_position}}"
}
}
]

49
roles/wiki_js/templates/config.yml.j2 Normal file
View file

@ -0,0 +1,49 @@
port: {{var_wiki_js_port | string}}
{% if var_wiki_js_database_kind == 'sqlite' %}
db:
type: sqlite
storage: {{var_wiki_js_database_data_sqlite_path}}
{% endif %}
{% if var_wiki_js_database_kind == 'postgresql' %}
db:
type: postgres
host: {{var_wiki_js_database_data_postgresql_host}}
port: {{var_wiki_js_database_data_postgresql_port | to_yaml}}
user: {{var_wiki_js_database_data_postgresql_username}}
pass: {{var_wiki_js_database_data_postgresql_password}}
db: {{var_wiki_js_database_data_postgresql_schema}}
ssl: false
# schema: public
{% endif %}
ssl:
enabled: false
port: 3443
# Provider to use, possible values: custom, letsencrypt
provider: custom
format: pem
key: path/to/key.pem
cert: path/to/cert.pem
pfx: path/to/cert.pfx
passphrase: null
dhparam: null
domain: wiki.yourdomain.com
subscriberEmail: admin@example.com
bindIP: 0.0.0.0
logLevel: {{var_wiki_js_log_level}}
logFormat: {{var_wiki_js_log_format}}
offline: false
ha: {{var_wiki_js_distributed | to_yaml}}
dataPath: {{var_wiki_js_data_path}}
bodyParserLimit: 5mb

14
roles/wiki_js/templates/systemd-unit.j2 Normal file
View file

@ -0,0 +1,14 @@
[Unit]
Description=Wiki.js
After=network.target
[Service]
Type=simple
ExecStart=/usr/bin/node server
Restart=always
User={{var_wiki_js_user}}
Environment=NODE_ENV=production
WorkingDirectory={{var_wiki_js_directory}}
[Install]
WantedBy=multi-user.target

162
roles/wiki_js/vardef.json Normal file
View file

@ -0,0 +1,162 @@
{
"port": {
"mandatory": false,
"type": "integer"
},
"distributed": {
"mandatory": false,
"type": "boolean"
},
"domain": {
"mandatory": false,
"type": "string"
},
"user": {
"mandatory": false,
"type": "string"
},
"directory": {
"mandatory": false,
"type": "string"
},
"log_level": {
"mandatory": false,
"type": "string",
"options": [
"error",
"warn",
"info",
"verbose",
"debug",
"silly"
]
},
"log_format": {
"mandatory": false,
"type": "string",
"options": [
"default",
"json"
]
},
"data_path": {
"mandatory": false,
"type": "string"
},
"database_kind": {
"mandatory": false,
"type": "string",
"options": [
"sqlite",
"postgresql"
]
},
"database_data_sqlite_path": {
"mandatory": false,
"type": "string"
},
"database_data_postgresql_host": {
"mandatory": false,
"type": "string"
},
"database_data_postgresql_port": {
"mandatory": false,
"type": "integer"
},
"database_data_postgresql_username": {
"mandatory": false,
"type": "string"
},
"database_data_postgresql_password": {
"mandatory": false,
"type": "string"
},
"database_data_postgresql_schema": {
"mandatory": false,
"type": "string"
},
"authentication_kind": {
"mandatory": false,
"type": "string",
"options": [
"internal",
"authelia"
]
},
"authentication_data_authelia_provider_id": {
"type": "string",
"mandatory": false
},
"authentication_data_authelia_provider_name": {
"type": "string",
"mandatory": false
},
"authentication_data_authelia_client_id": {
"type": "string",
"mandatory": false
},
"authentication_data_authelia_client_secret": {
"type": "string",
"mandatory": false
},
"authentication_data_authelia_url_base": {
"type": "string",
"mandatory": false
},
"smtp_host": {
"mandatory": false,
"type": "string"
},
"smtp_port": {
"mandatory": false,
"type": "integer"
},
"smtp_username": {
"mandatory": false,
"type": "string"
},
"smtp_password": {
"mandatory": false,
"type": "string"
},
"email_sending_sender_name": {
"mandatory": false,
"type": "string"
},
"email_sending_sender_email_address": {
"mandatory": false,
"type": "string"
},
"admin_email_address": {
"mandatory": false,
"type": "string"
},
"admin_password": {
"mandatory": false,
"type": "string"
},
"additional_locales": {
"mandatory": false,
"type": "array",
"items": {
"nullable": false,
"type": "string"
}
},
"user_group_name": {
"mandatory": false,
"type": "string"
},
"allow_guest_view": {
"mandatory": false,
"type": "boolean"
},
"dark_mode": {
"mandatory": false,
"type": "boolean"
},
"toc_position": {
"mandatory": false,
"type": "string"
}
}

1
todo.md
View file

@ -1,4 +1,3 @@
- postgresql:hba-setup - postgresql:hba-setup
- [Gitea](https://about.gitea.com/)
- [Seafile](https://www.seafile.com/en/home/) - [Seafile](https://www.seafile.com/en/home/)