Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • infrastruktur/ansible-warpzone
  • specki/ansible-warpzone
2 results
Show changes
Commits on Source (30)
Hide whitespace changes
Inline Side-by-side
Showing
with 584 additions and 227 deletions
host_vars/ogg
View file @ a568db47
......@@ -73,7 +73,6 @@ alert:
- { name: "mqtt-tgfloat-1" }
- { name: "nodered-app-1" }
- { name: "omada-app-1" }
- { name: "pihole-app-1" }
- { name: "tasmoadmin-app-1" }
- { name: "traefik-app-1" }
- { name: "watchtower-app-1" }
......
host_vars/pihole
View file @ a568db47
......@@ -4,6 +4,7 @@
motd_lines:
- "pihole - Interner pihole DNS @ warpzone"
- "Haupt-IP @ eth0: {{ansible_eth0.ipv4.address}}"
- "IPv6-IP @ eth0: {{ ext_ip6 }}"
debian_sources:
- "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free non-free-firmware"
......@@ -19,7 +20,7 @@ debian_keys_url:
# Primäre IP Adressen des Hosts
#ext_ip4: <keine>
#ext_ip6: <keine>
ext_ip6: 2a02:1799:7:1337::2
int_ip4: 10.0.0.2
......
host_vars/webserver
View file @ a568db47
......@@ -39,6 +39,7 @@ webserver_domains:
- "ldap.warpzone.ms"
- "keycloak.warpzone.ms"
- "md.warpzone.ms"
- "privatebin.warpzone.ms"
# - "turn.warpzone.ms"
- "wiki.warpzone.ms"
- "www.warpzone.ms"
......@@ -82,9 +83,6 @@ alert:
- { name: "icinga-app-1" }
- { name: "icinga-db-1" }
- { name: "icinga-graphite-1" }
- { name: "keycloak-app-1" }
- { name: "keycloak-db-1" }
- { name: "keycloak-sync-group-active-1" }
- { name: "ldap-openldap-1" }
- { name: "ldap-phpldapadmin-1" }
- { name: "mail-admin-1" }
......@@ -109,6 +107,7 @@ alert:
- { name: "matterbridge-wz-1" }
- { name: "matterbridge-web-1" }
- { name: "matterbridge-restarter-1" }
- { name: "privatebin-app-1" }
- { name: "traefik-app-1" }
- { name: "uffd-app-1" }
- { name: "uffd-db-1" }
......
intern/docker_homeassistant/templates/config/configuration.yaml
View file @ a568db47
......@@ -132,6 +132,50 @@ sensor:
- 'date_time'
automation ansible:
# Autodiscovery für Licht Hackcenter
# Das Licht Hackcenter besteht eigentlich aus zwei geräten, einem DALI-Controller und einem Tasmota-Schalter.
# - Der Tasmota Schalter, schaltet generell den Strom ein und aus.
# - Der Dali Controller ist für die Regelung der Helligkeit verantwortlich. (Wertebereich 0 - 255)
# Die Automatisierung erstellt eine Autodiscovery-Konfiguration für HomeAssistant,
# die beide Geräte als ein Licht darstellt.
# Die Autodiscovery Message wird automatisch beim Start von HomeAssistant gesendet.
- alias: ANSIBLE_autodiscovery_light_hackcenter
description: "MQTT Autodiscovery für Licht Hackcenter"
mode: single
triggers:
- trigger: homeassistant
event: start
action:
- service: mqtt.publish
data:
topic: "homeassistant/light/licht_hackcenter_01/config"
retain: true
qos: 0
payload: >
{
"name": "Licht Hackcenter",
"unique_id": "licht_hackcenter_01",
"object_id": "licht_hackcenter",
"state_topic": "stat/tasmota_B1233C/POWER",
"command_topic": "cmnd/tasmota_B1233C/Power1",
"brightness_state_topic": "light/dali_out",
"brightness_command_topic": "light/dali_in",
"qos": 0,
"payload_on": "ON",
"payload_off": "OFF",
"optimistic": false,
"device": {
"identifiers": ["licht_hackcenter_01"],
"name": "Licht Hackcenter",
"manufacturer": "warpzone",
"model": "DALI"
}
}
# Abluft dauerhaft an
- alias: ANSIBLE_Abluft_dauer_an
description: Verhindert Ausschalten der Abluft und setzt festen Wert bei schließen der Zone
......@@ -176,93 +220,6 @@ automation ansible:
target:
device_id: 96844a416179e61fff99195b6a16522e
# Licht im Hackcenter dimmen
- alias: ANSIBLE_dali_licht_hackcenter_helligkeit-anpassen
description: Ruft den Helper aus um per MQTT das Licht zu dimmen
trigger:
- platform: state
entity_id:
- input_number.dali_licht_hackcenter
for:
hours: 0
minutes: 0
seconds: 0
action:
- service: mqtt.publish
data:
topic: light/dali
payload_template: "{{ '{{' }} states('input_number.dali_licht_hackcenter') | int {{ '}}' }}"
mode: restart
- alias: ANSIBLE_Dimmer_Hackcenter_down
description: ""
mode: single
triggers:
- domain: mqtt
device_id: 868d603a22c4f1f6d5cc6d050f962e1a
type: action
subtype: rotate_left
trigger: device
- domain: mqtt
device_id: a35a891d445fc54d0aab7c5e2fce40a1
type: action
subtype: rotate_left
trigger: device
conditions: []
actions:
- repeat:
count: 25
sequence:
- target:
entity_id: input_number.dali_licht_hackcenter
data: {}
action: input_number.decrement
- alias: ANSIBLE_Dimmer_Hackcenter_up
description: ""
mode: single
triggers:
- domain: mqtt
device_id: 868d603a22c4f1f6d5cc6d050f962e1a
type: action
subtype: rotate_right
trigger: device
- domain: mqtt
device_id: a35a891d445fc54d0aab7c5e2fce40a1
type: action
subtype: rotate_right
trigger: device
conditions: []
actions:
- repeat:
count: 25
sequence:
- target:
entity_id: input_number.dali_licht_hackcenter
data: {}
action: input_number.increment
- alias: ANSIBLE_Dimmer_Hackcenter_toggle
description: ""
mode: single
triggers:
- domain: mqtt
device_id: 868d603a22c4f1f6d5cc6d050f962e1a
type: action
subtype: single
trigger: device
- domain: mqtt
device_id: a35a891d445fc54d0aab7c5e2fce40a1
type: action
subtype: single
trigger: device
conditions: []
actions:
- type: toggle
device_id: f65f71ef46e86492b79d75223670013a
entity_id: c522db6731a33bd27763830ddd2740e2
domain: switch
- alias: ANSIBLE_Zonenshutdown
mode: single
triggers:
......@@ -333,7 +290,7 @@ automation ansible:
data:
skip_condition: true
target:
entity_id: automation.ansible_hackcenter_licht_nach_shutdown
entity_id: automation.ANSIBLE_hackcenter_licht_nach_shutdown
- alias: ANSIBLE_Zonenboot
mode: single
......@@ -838,6 +795,29 @@ automation ansible:
area_id: NoAutoOn
mode: single
- alias: ANSIBLE_hackcenter_licht_nach_shutdown
description: ""
mode: single
triggers: []
conditions: []
actions:
- action: light.turn_on
metadata: {}
data:
brightness_pct: 50
target:
device_id: c4f8f83fb287ba7b1d66b674a1564c75
- delay:
hours: 0
minutes: 3
seconds: 0
milliseconds: 0
- action: light.turn_off
metadata: {}
data: {}
target:
device_id: c4f8f83fb287ba7b1d66b674a1564c75
- alias: ANSIBLE_ZONE_backcenter_an
description: ""
triggers: []
......@@ -989,37 +969,4 @@ automation ansible:
data: {}
target:
area_id: schnackcenter
mode: single
- alias: ANSIBLE_Hackcenter_licht_nach_shutdown
description: ""
mode: restart
triggers: []
conditions: []
actions:
- metadata: {}
data:
value: 255
target:
entity_id: input_number.dali_licht_hackcenter
action: input_number.set_value
- delay:
hours: 0
minutes: 1
seconds: 0
milliseconds: 0
- metadata: {}
data:
value: 150
target:
entity_id: input_number.dali_licht_hackcenter
action: input_number.set_value
- delay:
hours: 0
minutes: 0
seconds: 10
milliseconds: 0
- type: turn_off
device_id: f65f71ef46e86492b79d75223670013a
entity_id: c522db6731a33bd27763830ddd2740e2
domain: switch
\ No newline at end of file
mode: single
\ No newline at end of file
site.yml
View file @ a568db47
......@@ -27,28 +27,28 @@
domain: "test-warpzone.de",
domain_default: "www.test-warpzone.de",
}
- {
role: testserver/docker_mail, tags: [ test_mail, docker_services ],
servicename: mail,
basedir: "/srv/{{ servicename }}",
domain: "test-warpzone.de",
mailserver: "mailserver.test-warpzone.de",
listserver: "listserver.test-warpzone.de"
}
# - {
# role: testserver/docker_mail, tags: [ test_mail, docker_services ],
# servicename: mail,
# basedir: "/srv/{{ servicename }}",
# domain: "test-warpzone.de",
# mailserver: "mailserver.test-warpzone.de",
# listserver: "listserver.test-warpzone.de"
# }
- {
role: testserver/docker_uffd, tags: [ test_uffd, docker_services ],
servicename: uffd,
basedir: "/srv/{{ servicename }}",
domain: "uffd.test-warpzone.de",
}
- {
role: testserver/docker_icinga, tags: [ test_icinga, docker_services ],
servicename: icinga,
basedir: "/srv/{{ servicename }}",
domain: "icinga.test-warpzone.de",
api_port: 5665,
mysql_port: 33306
}
# - {
# role: testserver/docker_icinga, tags: [ test_icinga, docker_services ],
# servicename: icinga,
# basedir: "/srv/{{ servicename }}",
# domain: "icinga.test-warpzone.de",
# api_port: 5665,
# mysql_port: 33306
# }
- {
role: testserver/docker_gitlab, tags: [ test_gitlab, docker_services ],
servicename: "gitlab",
......@@ -380,6 +380,12 @@
basedir: /srv/wordpress,
domain: "www.warpzone.ms"
}
- {
role: webserver/docker_privatebin, tags: [ privatebin, docker_services ],
servicename: privatebin,
basedir: /srv/privatebin,
domain: "privatebin.warpzone.ms"
}
# - {
# role: webserver/docker_workadventure, tags: [ workadventure, docker_services ],
# servicename: "workadventure",
......
testserver/docker_dokuwiki/tasks/main.yml
View file @ a568db47
......@@ -3,6 +3,8 @@
- include_tasks: ../functions/get_secret.yml
with_items:
- { path: "{{ basedir }}/secrets/oauth_secret", length: 64}
- { path: "{{ basedir }}/dokuwiki_api_secret", length: 32 }
- { path: "{{ basedir }}/ldap_bind_pw", length: 32 }
- name: create folder struct for dokuwiki
file:
......@@ -16,6 +18,7 @@
- "{{ basedir }}/data/lib/plugins"
- "{{ basedir }}/data/lib/plugins/oauth"
- "{{ basedir }}/data/lib/plugins/oauthgeneric"
- "{{ basedir }}/uffd-ldapd"
- name: Docker Compose Konfig-Datei erstellen
template:
......@@ -24,35 +27,36 @@
with_items:
- docker-compose.yml
- Dockerfile
- uffd-ldapd/Dockerfile
register: config
- name: oauth plugin clonen
ansible.builtin.git:
repo: https://github.com/cosmocode/dokuwiki-plugin-oauth.git
dest: "{{ basedir }}/data/lib/plugins/oauth"
force: true
#- name: oauth plugin clonen
# ansible.builtin.git:
# repo: https://github.com/cosmocode/dokuwiki-plugin-oauth.git
# dest: "{{ basedir }}/data/lib/plugins/oauth"
# force: true
- name: config für oauth kopieren
ansible.builtin.template:
src: oauth_vars.php
dest: "{{ basedir }}/data/lib/plugins/oauth/conf/default.php"
#- name: config für oauth kopieren
# ansible.builtin.template:
# src: oauth_vars.php
# dest: "{{ basedir }}/data/lib/plugins/oauth/conf/default.php"
- name: oauthgeneric plugin clonen
ansible.builtin.git:
repo: https://github.com/cosmocode/dokuwiki-plugin-oauthgeneric.git
dest: "{{ basedir }}/data/lib/plugins/oauthgeneric"
force: true
#- name: oauthgeneric plugin clonen
# ansible.builtin.git:
# repo: https://github.com/cosmocode/dokuwiki-plugin-oauthgeneric.git
# dest: "{{ basedir }}/data/lib/plugins/oauthgeneric"
# force: true
- name: config für oauthgeneric kopieren
ansible.builtin.template:
src: oauthgeneric_vars.php
dest: "{{ basedir }}/data/lib/plugins/oauthgeneric/conf/default.php"
#- name: config für oauthgeneric kopieren
# ansible.builtin.template:
# src: oauthgeneric_vars.php
# dest: "{{ basedir }}/data/lib/plugins/oauthgeneric/conf/default.php"
- name: oauth provider aktivieren
ansible.builtin.lineinfile:
path: "{{ basedir }}/data/conf/local.php"
regexp: "^$conf['authtype'] = "
line: "$conf['authtype'] = 'oauth';"
#- name: oauth provider aktivieren
# ansible.builtin.lineinfile:
# path: "{{ basedir }}/data/conf/local.php"
# regexp: "^$conf['authtype'] = "
# line: "$conf['authtype'] = 'oauth';"
- name: "stop {{ servicename}} docker"
community.docker.docker_compose_v2:
......
testserver/docker_dokuwiki/templates/docker-compose.yml
View file @ a568db47
......@@ -17,7 +17,20 @@ services:
networks:
- default
- web
ldap:
build: uffd-ldapd/
restart: always
environment:
SERVER_API_URL: "{{ oidc_global.provider_url }}"
SERVER_API_USER: "dokuwikildap"
SERVER_API_SECRET: "{{ dokuwiki_api_secret }}"
SERVER_BASE_DN: "{{ oidc_global.ldap_base_dn }}"
SERVER_BIND_PASSWORD: "{{ ldap_bind_pw}}"
networks:
- default
networks:
web:
external: true
testserver/docker_dokuwiki/templates/uffd-ldapd/Dockerfile 0 → 100644
View file @ a568db47
FROM debian:bookworm-slim
# Set environment variables
ENV DEBIAN_FRONTEND=noninteractive
# Install necessary dependencies and configure custom repository
RUN apt-get update \
&& apt-get install -y --no-install-recommends wget gnupg ca-certificates \
&& wget -O- "https://packages.cccv.de/docs/cccv-archive-key.gpg" | gpg --dearmor -o /etc/apt/trusted.gpg.d/cccv-archive-key.gpg \
&& echo "deb https://packages.cccv.de/uffd bookworm main" > /etc/apt/sources.list.d/custom.list \
&& apt-get update \
&& apt-get install -y --no-install-recommends uffd-ldapd ldap-utils \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
USER 999
EXPOSE 389/tcp
# Set default command
CMD ["/usr/sbin/uffd-ldapd","--socket-address","0.0.0.0:389"]
# Get all LDAP Entries
# ldapsearch -x -H ldap://127.0.0.1 -D "cn=service,ou=system,{{ oidc_global.ldap_base_dn }}" -w "{{ ldap_bind_pw }}" -b "ou=users,{{ oidc_global.ldap_base_dn }}" "(objectClass=*)"
testserver/docker_mail/templates/mailu.env
View file @ a568db47
......@@ -179,3 +179,6 @@ DEFAULT_SPAM_THRESHOLD=80
# API token required for authenticating to the RESTful API.
# This is a mandatory setting for using the RESTful API.
API_TOKEN={{ mailu_api_token }}
#Advanced Vector Extensions
LD_PRELOAD=/usr/lib/libhardened_malloc.so
\ No newline at end of file
testserver/docker_uffd/templates/uffd.cfg
View file @ a568db47
......@@ -14,12 +14,12 @@ ACL_ACCESS_GROUP="uffd_access"
# Members can create invite links for signup
ACL_SIGNUP_GROUP="uffd_signup"
MAIL_SERVER='mail.test-warpzone.de'
MAIL_SERVER='mail.warpzone.ms'
MAIL_PORT=587
MAIL_USERNAME='noreply-uffd@test-warpzone.de'
MAIL_USERNAME='uffd-test@warpzone.ms'
MAIL_PASSWORD='{{ uffd_mail_pass }}'
MAIL_USE_STARTTLS=True
MAIL_FROM_ADDRESS='noreply-uffd@test-warpzone.de'
MAIL_FROM_ADDRESS='uffd-test@warpzone.ms'
# Do not enable this on a public service! There is no spam protection implemented at the moment.
SELF_SIGNUP=False
......@@ -110,7 +110,7 @@ SITE_TITLE='uffd @ test-warpzone.de'
# Name and contact mail address are displayed to users in a few places (plain text only!)
ORGANISATION_NAME='test-warpzone.de'
ORGANISATION_CONTACT='uffd@test-warpzone.de'
ORGANISATION_CONTACT='uffd-test@warpzone.ms'
# Optional text included in account registration mails (plain text only!)
WELCOME_TEXT='See https://docs.example.com/ for further information.'
......
testserver/docker_wordpress/Documentation.md
View file @ a568db47
......@@ -68,27 +68,31 @@ Benutzer, mit der Gruppe 'wordpress_admin' in uddf erhalten Administrator-Berech
Alle anderen Benutzer erhalten Editor-Berechtigungen.
```
add_action('openid-connect-generic-update-user-using-current-claim', function( $user, $user_claim) {
// Based on some data in the user_claim, modify the user.
foreach($user_claim as $key => $value) {
error_log('Openid Role mapping: User claim: ' . $key . ", Value: " . $value);
}
if ( array_key_exists( 'groups', $user_claim ) ) {
error_log('Openid Role mapping: Groups: ' . implode(',',$user_claim['groups']));
if ( in_array('wordpress_admin', $user_claim['groups'] )) {
error_log('Openid Role mapping: Set role: Administrator');
$user->set_role( 'administrator' );
}
else {
error_log('Openid Role mapping: Set role: Editor');
$user->set_role( 'editor' );
}
add_action('openid-connect-generic-update-user-using-current-claim', function($user, $user_claim) {
// Log all user claims safely
foreach($user_claim as $key => $value) {
$valueToLog = is_array($value) ? json_encode($value) : $value;
error_log('Openid Role mapping: User claim: ' . $key . ', Value: ' . $valueToLog);
}
if (array_key_exists('groups', $user_claim)) {
// Ensure groups is an array before working with it
if (is_array($user_claim['groups'])) {
error_log('Openid Role mapping: Groups: ' . implode(',', $user_claim['groups']));
if (in_array('wordpress_admin', $user_claim['groups'])) {
error_log('Openid Role mapping: Set role: Administrator');
$user->set_role('administrator');
} else {
error_log('Openid Role mapping: Set role: Editor');
$user->set_role('editor');
}
} else {
// If groups is not an array, log its actual format
error_log('Openid Role mapping: Groups is not an array: ' . gettype($user_claim['groups']));
error_log('Openid Role mapping: Groups value: ' . json_encode($user_claim['groups']));
}
}
}, 10, 2);
```
webserver/docker_hackmd/tasks/main.yml
View file @ a568db47
......@@ -5,7 +5,7 @@
- { path: /srv/hackmd/mysql_root_pass, length: 24 }
- { path: /srv/hackmd/mysql_user_pass, length: 12 }
- { path: /srv/hackmd/hackmd_session_secret, length: 32 }
- { path: /srv/ldap/secret/ldap_readonly_pass, length: -1 }
- { path: /srv/hackmd/oauth_client_secret, length: 32 }
- name: create folder struct for hackmd
......
webserver/docker_hackmd/templates/docker-compose.yml
View file @ a568db47
......@@ -15,15 +15,17 @@ services:
CMD_ALLOW_ANONYMOUS_EDITS: "true"
CMD_DEFAULT_PERMISSION: "freely"
CMD_ALLOW_FREEURL: "true"
CMD_LDAP_URL: "ldap://{{ ldap_ip_ext }}:389"
CMD_LDAP_BINDDN: "{{ ldap_readonly_bind_dn }}"
CMD_LDAP_BINDCREDENTIALS: "{{ ldap_readonly_pass }}"
CMD_LDAP_SEARCHBASE: "{{ ldap_base_dn }}"
CMD_LDAP_SEARCHFILTER: "(&(uid={% raw %}{{username}}{% endraw %})(objectClass=inetOrgPerson)(memberof=CN=active,OU=groups,DC=warpzone,DC=ms))"
CMD_LDAP_SEARCHATTRIBUTES: "uid"
CMD_LDAP_USERIDFIELD: "uid"
CMD_LDAP_USERNAMEFIELD: "uid"
CMD_EMAIL: "false"
CMD_OAUTH2_USER_PROFILE_URL: "{{ oauth_global.userinfo_url }}"
CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR: "preferred_username"
CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR: "preferred_username"
CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR: "email"
CMD_OAUTH2_TOKEN_URL: "{{ oauth_global.token_url }}"
CMD_OAUTH2_AUTHORIZATION_URL: "{{ oauth_global.authorize_url }}"
CMD_OAUTH2_CLIENT_ID: "hackmd"
CMD_OAUTH2_CLIENT_SECRET: "{{ oauth_client_secret }}"
CMD_OAUTH2_PROVIDERNAME: "Login with uffd"
CMD_OAUTH2_SCOPE: "openid email profile"
labels:
- traefik.enable=true
- traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
......
webserver/docker_icinga/templates/Dockerfile
View file @ a568db47
......@@ -36,7 +36,13 @@ RUN cd /opt/ \
RUN cd /opt/ \
&& git clone https://github.com/matteocorti/check_rbl.git \
&& cd /opt/check_rbl/ \
&& git checkout v1.6.3
&& git checkout v1.7.6 \
&& sed -i '/server=cbl.abuseat.org/d' /opt/check_rbl/check_rbl.ini \
&& sed -i '/server=pbl.spamhaus.org/d' /opt/check_rbl/check_rbl.ini \
&& sed -i '/server=xbl.spamhaus.org/d' /opt/check_rbl/check_rbl.ini \
&& sed -i '/server=sbl.spamhaus.org/d' /opt/check_rbl/check_rbl.ini \
&& sed -i '/server=sbl-xbl.spamhaus.org/d' /opt/check_rbl/check_rbl.ini \
&& sed -i '/server=zen.spamhaus.org/d' /opt/check_rbl/check_rbl.ini
# prom2json -- needed for check_metric_value
RUN cd /opt/ \
......
webserver/docker_icinga/templates/etc/icinga/conf.d/hosts_manual.conf
View file @ a568db47
......@@ -29,7 +29,7 @@ object Host "wz-sw-access" {
object Host "wz-sw-dach" {
import "generic-host"
address = "192.168.0.4"
address = "192.168.0.6"
groups = [ "network" ]
}
......
webserver/docker_privatebin/tasks/main.yml 0 → 100644
View file @ a568db47
- name: create folder for {{ servicename }}
file:
path: "{{ item }}"
state: "directory"
with_items:
- "{{ basedir }}"
- name: create folder for {{ servicename }} data
file:
path: "{{ item }}"
state: "directory"
mode: '0777'
with_items:
- "{{ basedir }}/data"
- "{{ basedir }}/cfg"
- name: privatebin config erstellen
template:
src: "conf.php"
dest: "{{ basedir }}/cfg/conf.php"
register: config
- name: Docker Compose Konfig-Datei erstellen
template:
src: "{{ item }}"
dest: "{{ basedir }}/{{ item }}"
with_items:
- "docker-compose.yml"
register: config
- name: stop {{ servicename }} docker
community.docker.docker_compose_v2:
project_src: "{{ basedir }}/"
state: absent
when: config.changed
- name: start {{ servicename }} docker
community.docker.docker_compose_v2:
project_src: "{{ basedir }}/"
state: present
\ No newline at end of file
webserver/docker_privatebin/templates/conf.php 0 → 100644
View file @ a568db47
;<?php http_response_code(403); /*
; config file for PrivateBin
;
; An explanation of each setting can be find online at https://github.com/PrivateBin/PrivateBin/wiki/Configuration.
[main]
; (optional) set a project name to be displayed on the website
name = "warpzone PrivateBin"
; The full URL, with the domain name and directories that point to the
; PrivateBin files, including an ending slash (/). This URL is essential to
; allow Opengraph images to be displayed on social networks.
basepath = "https://privatebin.webdiscount.net/"
; enable or disable the discussion feature, defaults to true
discussion = false
; preselect the discussion feature, defaults to false
opendiscussion = false
; enable or disable the display of dates & times in the comments, defaults to true
; Note that internally the creation time will still get tracked in order to sort
; the comments by creation time, but you can choose not to display them.
; discussiondatedisplay = false
; enable or disable the password feature, defaults to true
password = true
; enable or disable the file upload feature, defaults to false
fileupload = true
; preselect the burn-after-reading feature, defaults to false
burnafterreadingselected = true
; which display mode to preselect by default, defaults to "plaintext"
; make sure the value exists in [formatter_options]
defaultformatter = "plaintext"
; (optional) set a syntax highlighting theme, as found in css/prettify/
; syntaxhighlightingtheme = "sons-of-obsidian"
; size limit per paste or comment in bytes, defaults to 10 Mebibytes
sizelimit = 10485760
; by default PrivateBin use "bootstrap" template (tpl/bootstrap.php).
; Optionally you can enable the template selection menu, which uses
; a session cookie to store the choice until the browser is closed.
templateselection = true
; List of available for selection templates when "templateselection" option is enabled
availabletemplates[] = "bootstrap"
availabletemplates[] = "bootstrap-dark"
availabletemplates[] = "bootstrap5"
; set the template your installs defaults to, defaults to "bootstrap" (tpl/bootstrap.php), also
; available are "page" (tpl/page.php), the classic ZeroBin style and several
; bootstrap variants: "bootstrap-dark", "bootstrap-compact", "bootstrap-page",
; which can be combined with "-dark" and "-compact" for "bootstrap-dark-page",
; "bootstrap-compact-page" and finally "bootstrap5" (tpl/bootstrap5.php) - previews at:
; https://privatebin.info/screenshots.html
template = "bootstrap5"
; (optional) info text to display
; use single, instead of double quotes for HTML attributes
;info = "More information on the <a href='https://privatebin.info/'>project page</a>."
; (optional) notice to display
notice = "Note: Data may be deleted anytime. Kittens will die if you abuse this service."
; by default PrivateBin will guess the visitors language based on the browsers
; settings. Optionally you can enable the language selection menu, which uses
; a session cookie to store the choice until the browser is closed.
languageselection = false
; set the language your installs defaults to, defaults to English
; if this is set and language selection is disabled, this will be the only language
; languagedefault = "en"
; (optional) URL shortener address to offer after a new paste is created.
; It is suggested to only use this with self-hosted shorteners as this will leak
; the pastes encryption key.
; urlshortener = "https://shortener.example.com/api?link="
; (optional) Let users create a QR code for sharing the paste URL with one click.
; It works both when a new paste is created and when you view a paste.
; qrcode = true
; (optional) Let users send an email sharing the paste URL with one click.
; It works both when a new paste is created and when you view a paste.
; email = true
; (optional) IP based icons are a weak mechanism to detect if a comment was from
; a different user when the same username was used in a comment. It might get
; used to get the IP of a comment poster if the server salt is leaked and a
; SHA512 HMAC rainbow table is generated for all (relevant) IPs.
; Can be set to one these values:
; "none" / "identicon" (default) / "jdenticon" / "vizhash".
; icon = "none"
; Content Security Policy headers allow a website to restrict what sources are
; allowed to be accessed in its context. You need to change this if you added
; custom scripts from third-party domains to your templates, e.g. tracking
; scripts or run your site behind certain DDoS-protection services.
; Check the documentation at https://content-security-policy.com/
; Notes:
; - If you use any bootstrap theme, you can remove the allow-popups from the
; sandbox restrictions.
; - If you use the bootstrap5 theme, you must change default-src to 'self' to
; enable display of the svg icons
; - By default this disallows to load images from third-party servers, e.g. when
; they are embedded in pastes. If you wish to allow that, you can adjust the
; policy here. See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-it-load-embedded-images
; for details.
; - The 'wasm-unsafe-eval' is used to enable webassembly support (used for zlib
; compression). You can remove it if compression doesn't need to be supported.
; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads"
; stay compatible with PrivateBin Alpha 0.19, less secure
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
; sha256 in HMAC for the deletion token
; zerobincompatibility = false
; Enable or disable the warning message when the site is served over an insecure
; connection (insecure HTTP instead of HTTPS), defaults to true.
; Secure transport methods like Tor and I2P domains are automatically whitelisted.
; It is **strongly discouraged** to disable this.
; See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-it-show-me-an-error-about-an-insecure-connection for more information.
httpwarning = true
; Pick compression algorithm or disable it. Only applies to pastes/comments
; created after changing the setting.
; Can be set to one these values: "none" / "zlib" (default).
; compression = "zlib"
[expire]
; expire value that is selected per default
; make sure the value exists in [expire_options]
default = "1week"
[expire_options]
; Set each one of these to the number of seconds in the expiration period,
; or 0 if it should never expire
5min = 300
10min = 600
1hour = 3600
1day = 86400
1week = 604800
; Well this is not *exactly* one month, it's 30 days:
1month = 2592000
1year = 31536000
never = 0
[formatter_options]
; Set available formatters, their order and their labels
plaintext = "Plain Text"
syntaxhighlighting = "Source Code"
markdown = "Markdown"
[traffic]
; time limit between calls from the same IP address in seconds
; Set this to 0 to disable rate limiting.
limit = 5
; (optional) Set IPs addresses (v4 or v6) or subnets (CIDR) which are exempted
; from the rate-limit. Invalid IPs will be ignored. If multiple values are to
; be exempted, the list needs to be comma separated. Leave unset to disable
; exemptions.
; exempted = "1.2.3.4,10.10.10/24"
; (optional) If you want only some source IP addresses (v4 or v6) or subnets
; (CIDR) to be allowed to create pastes, set these here. Invalid IPs will be
; ignored. If multiple values are to be exempted, the list needs to be comma
; separated. Leave unset to allow anyone to create pastes.
; creators = "1.2.3.4,10.10.10/24"
; (optional) if your website runs behind a reverse proxy or load balancer,
; set the HTTP header containing the visitors IP address, i.e. X_FORWARDED_FOR
header = "X_FORWARDED_FOR"
[purge]
; minimum time limit between two purgings of expired pastes, it is only
; triggered when pastes are created
; Set this to 0 to run a purge every time a paste is created.
limit = 300
; maximum amount of expired pastes to delete in one purge
; Set this to 0 to disable purging. Set it higher, if you are running a large
; site
batchsize = 10
[model]
; name of data model class to load and directory for storage
; the default model "Filesystem" stores everything in the filesystem
class = Filesystem
[model_options]
dir = PATH "data"
;[model]
; example of a Google Cloud Storage configuration
;class = GoogleCloudStorage
;[model_options]
;bucket = "my-private-bin"
;prefix = "pastes"
;uniformacl = false
;[model]
; example of DB configuration for MySQL
;class = Database
;[model_options]
;dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
;tbl = "privatebin_" ; table prefix
;usr = "privatebin"
;pwd = "Z3r0P4ss"
;opt[12] = true ; PDO::ATTR_PERSISTENT
;[model]
; example of DB configuration for SQLite
;class = Database
;[model_options]
;dsn = "sqlite:" PATH "data/db.sq3"
;usr = null
;pwd = null
;opt[12] = true ; PDO::ATTR_PERSISTENT
;[model]
; example of DB configuration for PostgreSQL
;class = Database
;[model_options]
;dsn = "pgsql:host=localhost;dbname=privatebin"
;tbl = "privatebin_" ; table prefix
;usr = "privatebin"
;pwd = "Z3r0P4ss"
;opt[12] = true ; PDO::ATTR_PERSISTENT
;[model]
; example of S3 configuration for Rados gateway / CEPH
;class = S3Storage
;[model_options]
;region = ""
;version = "2006-03-01"
;endpoint = "https://s3.my-ceph.invalid"
;use_path_style_endpoint = true
;bucket = "my-bucket"
;accesskey = "my-rados-user"
;secretkey = "my-rados-pass"
;[model]
; example of S3 configuration for AWS
;class = S3Storage
;[model_options]
;region = "eu-central-1"
;version = "latest"
;bucket = "my-bucket"
;accesskey = "access key id"
;secretkey = "secret access key"
;[model]
; example of S3 configuration for AWS using its SDK default credential provider chain
; if relying on environment variables, the AWS SDK will look for the following:
; - AWS_ACCESS_KEY_ID
; - AWS_SECRET_ACCESS_KEY
; - AWS_SESSION_TOKEN (if needed)
; for more details, see https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_credentials.html#default-credential-chain
;class = S3Storage
;[model_options]
;region = "eu-central-1"
;version = "latest"
;bucket = "my-bucket"
;[yourls]
; When using YOURLS as a "urlshortener" config item:
; - By default, "urlshortener" will point to the YOURLS API URL, with or without
; credentials, and will be visible in public on the PrivateBin web page.
; Only use this if you allow short URL creation without credentials.
; - Alternatively, using the parameters in this section ("signature" and
; "apiurl"), "urlshortener" needs to point to the base URL of your PrivateBin
; instance with "?shortenviayourls&link=" appended. For example:
; urlshortener = "${basepath}?shortenviayourls&link="
; This URL will in turn call YOURLS on the server side, using the URL from
; "apiurl" and the "access signature" from the "signature" parameters below.
; (optional) the "signature" (access key) issued by YOURLS for the using account
; signature = ""
; (optional) the URL of the YOURLS API, called to shorten a PrivateBin URL
; apiurl = "https://yourls.example.com/yourls-api.php"
;[sri]
; Subresource integrity (SRI) hashes used in template files. Uncomment and set
; these for all js files used. See:
; https://github.com/PrivateBin/PrivateBin/wiki/FAQ#user-content-how-to-make-privatebin-work-when-i-have-changed-some-javascript-files
;js/privatebin.js = "sha512-[…]"
\ No newline at end of file
webserver/docker_privatebin/templates/docker-compose.yml 0 → 100644
View file @ a568db47
services:
app:
image: privatebin/nginx-fpm-alpine:stable
volumes:
- "{{ basedir }}/data:/srv/data"
- "{{ basedir }}/cfg:/srv/cfg"
networks:
- web
labels:
- traefik.enable=true
- traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
- traefik.http.routers.{{ servicename }}.entrypoints=websecure
- traefik.http.services.{{ servicename }}.loadbalancer.server.port=8080
networks:
web:
external: true
\ No newline at end of file
webserver/docker_uffd/templates/uffd.cfg
View file @ a568db47
......@@ -91,6 +91,14 @@ SERVICES=[
# 'logo_url': 'https://grafana.{{ global_domains.warpzonems.domain }}/public/img/fav32.png'
# },
{
'title': 'Dokuwiki',
'description': 'warpzone Wiki',
'url': 'https://wiki.{{ global_domains.warpzonems.domain }}',
'logo_url': 'https://wiki.{{ global_domains.warpzonems.domain }}/_media/wiki:dokuwiki.svg',
'required_group': 'dokuwiki_access',
'confidential': True
},
{
'title': 'Gitea (Verwaltung)',
'description': 'Gitea für Verwaltungsdaten',
......@@ -104,7 +112,7 @@ SERVICES=[
'title': 'Gitlab',
'description': 'Gitlab Server',
'url': 'https://gitlab.{{ global_domains.warpzonems.domain }}',
'logo_url': 'https://about.gitlab.com/nuxt-images/ico/favicon-192x192.png',
'logo_url': 'https://gitlab.{{ global_domains.warpzonems.domain }}/assets/apple-touch-icon-b049d4bc0dd9626f31db825d61880737befc7835982586d015bded10b4435460.png',
'required_group': 'gitlab_access',
'confidential': True
},
......@@ -113,7 +121,7 @@ SERVICES=[
'title': 'HedgeDoc',
'description': 'HedgeDoc, ehemals: CodiMD / HackMD',
'url': 'https://md.{{ global_domains.warpzonems.domain }}',
'logo_url': 'https://avatars.githubusercontent.com/u/67865462?s=280&v=4',
'logo_url': 'https://md.{{ global_domains.warpzonems.domain }}/icons/apple-touch-icon.png',
'required_group': 'hackmd_access',
'confidential': True
},
......@@ -122,7 +130,7 @@ SERVICES=[
'title': 'Icinga',
'description': 'Icinga Monitoring',
'url': 'https://icinga.{{ global_domains.warpzonems.domain }}',
'logo_url': 'https://icinga.com/wp-content/uploads/2020/11/cropped-icinga-favicon-512x512px-192x192.png',
'logo_url': 'https://icinga.{{ global_domains.warpzonems.domain }}/icingaweb2/img/touch-icon.png',
'required_group': 'icinga_access',
'confidential': True
},
......@@ -136,22 +144,21 @@ SERVICES=[
'confidential': True
},
{
'title': 'Mailu (Mailserver)',
'description': 'Mailu Mailserver - Administration und Webmail',
'url': 'https://mailserver.{{ global_domains.warpzonems.domain }}',
'logo_url': 'https://avatars.githubusercontent.com/u/23010996?s=280&v=4',
'confidential': True
},
# {
# 'title': 'Mailu (Mailserver)',
# 'description': 'Mailu Mailserver - Administration und Webmail',
# 'url': 'https://mailserver.{{ global_domains.warpzonems.domain }}',
# 'logo_url': 'https://avatars.githubusercontent.com/u/23010996?s=280&v=4',
# 'confidential': True
# },
{
'title': 'Mailman (Mailinglisten)',
'description': 'Mailman Mailinglistenverwaltung',
'url': 'https://listserver.{{ global_domains.warpzonems.domain }}',
'logo_url': 'https://list.org/images/logo2010-2.jpg',
'required_group': 'mailman_access',
'confidential': True
},
{
'title': 'Nextcloud',
'description': 'Nextcloud Cloud Storage',
......@@ -174,23 +181,16 @@ SERVICES=[
'title': 'Vaultwarden',
'description': 'Vaultwarden Passwortverwaltung',
'url': 'https://vault.{{ global_domains.warpzonems.domain }}',
'logo_url': 'https://canada1.discourse-cdn.com/free1/uploads/vaultwarden/original/1X/26a1c808c7d5849039d47820eef7889b3415e5ec.png'
'logo_url': 'https://vault.{{ global_domains.warpzonems.domain }}/images/apple-touch-icon.png',
'required_group': 'verwaltung',
'confidential': True
},
{
'title': 'Warpapi',
'description': 'API für Services wie SpaceAPI etc.',
'description': 'API für Services wie SpaceAPI etc.',
'url': 'https://api.{{ global_domains.warpzonems.domain }}',
'logo_url': 'https://gitlab.warpzone.ms/presse/media/-/raw/master/Logo/WZ_Blume_3c.svg'
},
{
'title': 'Wiki',
'description': 'Dokuwiki für allgemeine Dokumentation',
'url': 'https://wiki.{{ global_domains.warpzonems.domain }}',
'logo_url': 'https://gitlab.warpzone.ms/presse/media/-/raw/master/Logo/WZ_Blume_3c.svg'
},
{
'title': 'Wordpress',
'description': 'Wordpress Webseiten Verwaltung',
......@@ -222,7 +222,7 @@ ORGANISATION_NAME='Warpzone'
ORGANISATION_CONTACT='admin@{{ mail_domains.warpzonems.maildomain }}'
# Optional text included in account registration mails (plain text only!)
WELCOME_TEXT='Warpzone uffd Server'
WELCOME_TEXT='Wenn ihr Hilfe braucht meldet euch beim admin team unter admin@warpzone.ms oder sprecht uns an.'
# DO set in production
......