[int]

roles/authelia-and-nginx/cfg.schema.json

@@ -0,0 +1,24 @@
+{
+	"nullable": false,
+	"type": "object",
+	"properties": {
+		"domain": {
+			"nullable": false,
+			"type": "string"
+		},
+		"tls_mode": {
+			"nullable": false,
+			"type": "string",
+			"options": [
+				"disable",
+				"enable",
+				"force"
+			],
+			"enum": "force"
+		}
+	},
+	"additionalProperties": false,
+	"required": [
+		"domain"
+	]
+}

roles/authelia-and-nginx/defaults/main.json

@@ -1,4 +1,5 @@
 {
-	"var_authelia_and_nginx_domain": "authelia.example.org",
+	"cfg_authelia_and_nginx_defaults": {
-	"var_authelia_and_nginx_tls_mode": "force"
+		"tls_mode": "force"
+	}
 }

roles/authelia-and-nginx/tasks/main.json

@@ -1,4 +1,11 @@
 [
+	{
+		"name": "show vars",
+		"when": "switch_show_vars",
+		"ansible.builtin.debug": {
+			"var": "vars.cfg_authelia_and_nginx"
+		}
+	},
 	{
 		"name": "deactivate default site",
 		"become": true,
@@ -12,7 +19,7 @@
 		"become": true,
 		"ansible.builtin.template": {
 			"src": "conf.j2",
-			"dest": "/etc/nginx/sites-available/{{var_authelia_and_nginx_domain}}"
+			"dest": "/etc/nginx/sites-available/{{cfg_authelia_and_nginx.domain}}"
 		}
 	},
 	{
@@ -20,8 +27,8 @@
 		"become": true,
 		"ansible.builtin.file": {
 			"state": "link",
-			"src": "/etc/nginx/sites-available/{{var_authelia_and_nginx_domain}}",
+			"src": "/etc/nginx/sites-available/{{cfg_authelia_and_nginx.domain}}",
-			"dest": "/etc/nginx/sites-enabled/{{var_authelia_and_nginx_domain}}"
+			"dest": "/etc/nginx/sites-enabled/{{cfg_authelia_and_nginx.domain}}"
 		}
 	},
 	{

roles/authelia-and-nginx/templates/conf.j2

@@ -45,27 +45,27 @@
 {% endmacro %}
 
 server {
-	server_name {{var_authelia_and_nginx_domain}};
+	server_name {{cfg_authelia_and_nginx.domain}};
 	
 	listen 80;
 	listen [::]:80;
 	
-{% if (var_authelia_and_nginx_tls_mode == 'force') %}
+{% if (cfg_authelia_and_nginx.tls_mode == 'force') %}
 	return 301 https://$http_host$request_uri;
 {% else %}
 {{ authelia_common() }}
 {% endif %}
 }
 
-{% if (var_authelia_and_nginx_tls_mode != 'disable') %}
+{% if (cfg_authelia_and_nginx.tls_mode != 'disable') %}
 server {
-	server_name {{var_authelia_and_nginx_domain}};
+	server_name {{cfg_authelia_and_nginx.domain}};
 	
 	listen [::]:443 ssl http2;
 	listen 443 ssl http2;
 	
-	ssl_certificate_key /etc/ssl/private/{{var_authelia_and_nginx_domain}}.pem;
+	ssl_certificate_key /etc/ssl/private/{{cfg_authelia_and_nginx.domain}}.pem;
-	ssl_certificate /etc/ssl/fullchains/{{var_authelia_and_nginx_domain}}.pem;
+	ssl_certificate /etc/ssl/fullchains/{{cfg_authelia_and_nginx.domain}}.pem;
 	include /etc/nginx/ssl-hardening.conf;
 	
 {{ authelia_common() }}

roles/authelia-and-nginx/vardef.json

@@ -1,15 +0,0 @@
-{
-	"domain": {
-		"type": "string",
-		"mandatory": false
-	},
-	"tls_mode": {
-		"type": "string",
-		"options": [
-			"disable",
-			"enable",
-			"force"
-		],
-		"mandatory": false
-	}
-}

roles/authelia-for-hedgedoc/cfg.schema.json

@@ -0,0 +1,24 @@
+{
+	"nullable": false,
+	"type": "object",
+	"properties": {
+		"hedgedoc_url_base": {
+			"nullable": false,
+			"type": "string",
+			"default": "https://hedgedoc.example.org"
+		},
+		"client_id": {
+			"nullable": false,
+			"type": "string",
+			"default": "hedgedoc"
+		},
+		"client_secret": {
+			"nullable": false,
+			"type": "string"
+		}
+	},
+	"additionalProperties": false,
+	"required": [
+		"client_secret"
+	]
+}

roles/authelia-for-hedgedoc/defaults/main.json

@@ -1,5 +1,5 @@
 {
-	"var_authelia_for_hedgedoc_hedgedoc_url_base": "https://hedgedoc.example.org",
+	"cfg_authelia_for_hedgedoc_defaults": {
-	"var_authelia_for_hedgedoc_client_id": "hedgedoc",
+		"client_id": "hedgedoc"
-	"var_authelia_for_hedgedoc_client_secret": "REPLACE_ME"
+	}
 }

roles/authelia-for-hedgedoc/tasks/main.json

@@ -1,9 +1,16 @@
 [
+	{
+		"name": "show vars",
+		"when": "switch_show_vars",
+		"ansible.builtin.debug": {
+			"var": "vars.cfg_authelia_for_hedgedoc"
+		}
+	},
 	{
 		"name": "configuration | compute client secret hash",
 		"become": true,
 		"ansible.builtin.shell": {
-			"cmd": "authelia crypto hash generate bcrypt --password {{var_authelia_for_hedgedoc_client_secret}} | cut --delimiter=' ' --fields='2-'"
+			"cmd": "authelia crypto hash generate bcrypt --password {{cfg_authelia_for_hedgedoc.client_secret}} | cut --delimiter=' ' --fields='2-'"
 		},
 		"register": "temp_authelia_for_hedgedoc_client_secret_hashed"
 	},

roles/authelia-for-hedgedoc/templates/authelia-client-conf.json.j2

@@ -1,5 +1,5 @@
 {
-	"client_id": "{{var_authelia_for_hedgedoc_client_id}}",
+	"client_id": "{{cfg_authelia_for_hedgedoc.client_id}}",
 	"client_secret": "{{temp_authelia_for_hedgedoc_client_secret_hashed.stdout}}",
 	"client_name": "Hedgedoc",
 	"public": false,
@@ -10,7 +10,7 @@
 		"profile"
 	],
 	"redirect_uris": [
-		"{{var_authelia_for_hedgedoc_hedgedoc_url_base}}/auth/oauth2/callback"
+		"{{cfg_authelia_for_hedgedoc.hedgedoc_url_base}}/auth/oauth2/callback"
 	],
 	"response_types": [
 		"code"

roles/hedgedoc-and-nginx/cfg.schema.json

@@ -0,0 +1,24 @@
+{
+	"nullable": false,
+	"type": "object",
+	"properties": {
+		"domain": {
+			"nullable": false,
+			"type": "string"
+		},
+		"tls_mode": {
+			"nullable": false,
+			"type": "string",
+			"options": [
+				"disable",
+				"enable",
+				"force"
+			],
+			"default": "force"
+		}
+	},
+	"additionalProperties": false,
+	"required": [
+		"domain"
+	]
+}

roles/hedgedoc-and-nginx/defaults/main.json

@@ -1,4 +1,5 @@
 {
-	"var_hedgedoc_and_nginx_domain": "hedgedoc.example.org",
+	"cfg_hedgedoc_and_nginx_defaults": {
-	"var_hedgedoc_and_nginx_tls_mode": "force"
+		"tls_mode": "force"
+	}
 }

roles/hedgedoc-and-nginx/tasks/main.json

@@ -1,4 +1,11 @@
 [
+	{
+		"name": "show vars",
+		"when": "switch_show_vars",
+		"ansible.builtin.debug": {
+			"var": "vars.cfg_hedgedoc_and_nginx"
+		}
+	},
 	{
 		"name": "deactivate default site",
 		"become": true,
@@ -12,7 +19,7 @@
 		"become": true,
 		"ansible.builtin.template": {
 			"src": "conf.j2",
-			"dest": "/etc/nginx/sites-available/{{var_hedgedoc_and_nginx_domain}}"
+			"dest": "/etc/nginx/sites-available/{{cfg_hedgedoc_and_nginx.domain}}"
 		}
 	},
 	{
@@ -20,8 +27,8 @@
 		"become": true,
 		"ansible.builtin.file": {
 			"state": "link",
-			"src": "/etc/nginx/sites-available/{{var_hedgedoc_and_nginx_domain}}",
+			"src": "/etc/nginx/sites-available/{{cfg_hedgedoc_and_nginx.domain}}",
-			"dest": "/etc/nginx/sites-enabled/{{var_hedgedoc_and_nginx_domain}}"
+			"dest": "/etc/nginx/sites-enabled/{{cfg_hedgedoc_and_nginx.domain}}"
 		}
 	},
 	{

roles/hedgedoc-and-nginx/templates/conf.j2

@@ -24,7 +24,7 @@ map $http_upgrade $connection_upgrade {
 {% endmacro %}
 
 server {
-	server_name {{var_hedgedoc_and_nginx_domain}};
+	server_name {{cfg_hedgedoc_and_nginx.domain}};
 	
 	listen 80;
 	listen [::]:80;
@@ -36,15 +36,15 @@ server {
 {% endif %}
 }
 
-{% if (var_hedgedoc_and_nginx_tls_mode != 'disable') %}
+{% if (cfg_hedgedoc_and_nginx.tls_mode != 'disable') %}
 server {
-	server_name {{var_hedgedoc_and_nginx_domain}};
+	server_name {{cfg_hedgedoc_and_nginx.domain}};
 	
 	listen [::]:443 ssl http2;
 	listen 443 ssl http2;
 	
-	ssl_certificate_key /etc/ssl/private/{{var_hedgedoc_and_nginx_domain}}.pem;
+	ssl_certificate_key /etc/ssl/private/{{cfg_hedgedoc_and_nginx.domain}}.pem;
-	ssl_certificate /etc/ssl/fullchains/{{var_hedgedoc_and_nginx_domain}}.pem;
+	ssl_certificate /etc/ssl/fullchains/{{cfg_hedgedoc_and_nginx.domain}}.pem;
 	include /etc/nginx/ssl-hardening.conf;
 	
 {{ hedgedoc_common() }}

roles/hedgedoc-and-nginx/vardef.json

@@ -1,15 +0,0 @@
-{
-	"domain": {
-		"type": "string",
-		"mandatory": false
-	},
-	"tls_mode": {
-		"type": "string",
-		"options": [
-			"disable",
-			"enable",
-			"force"
-		],
-		"mandatory": false
-	}
-}

roles/hedgedoc/cfg.schema.json

@@ -0,0 +1,264 @@
+{
+	"nullable": false,
+	"type": "object",
+	"properties": {
+		"user_name": {
+			"nullable": false,
+			"type": "string",
+			"default": "hedgedoc"
+		},
+		"directory": {
+			"nullable": false,
+			"type": "string",
+			"default": "/opt/hedgedoc"
+		},
+		"version": {
+			"nullable": false,
+			"type": "string",
+			"version": "1.9.9"
+		},
+		"session_secret": {
+			"nullable": false,
+			"type": "string"
+		},
+		"domain": {
+			"nullable": false,
+			"type": "string",
+			"default": "hedgedoc.example.org"
+		},
+		"database": {
+			"anyOf": [
+				{
+					"nullable": false,
+					"type": "object",
+					"properties": {
+						"kind": {
+							"nullable": false,
+							"type": "string",
+							"enum": ["sqlite"]
+						},
+						"data": {
+							"nullable": false,
+							"type": "object",
+							"properties": {
+								"path": {
+									"nullable": false,
+									"type": "string",
+									"default": "/var/hedgedoc/data.sqlite"
+								}
+							},
+							"additionalProperties": false,
+							"required": [
+							],
+							"default": {
+							}
+						}
+					},
+					"additionalProperties": false,
+					"required": [
+						"kind"
+					]
+				},
+				{
+					"nullable": false,
+					"type": "object",
+					"properties": {
+						"kind": {
+							"nullable": false,
+							"type": "string",
+							"enum": ["postgresql"]
+						},
+						"data": {
+							"nullable": false,
+							"type": "object",
+							"properties": {
+								"host": {
+									"nullable": false,
+									"type": "string",
+									"default": "localhost"
+								},
+								"port": {
+									"nullable": false,
+									"type": "integer",
+									"default": 5432
+								},
+								"username": {
+									"nullable": false,
+									"type": "string",
+									"default": "hedgedoc_user"
+								},
+								"password": {
+									"nullable": false,
+									"type": "string"
+								},
+								"schema": {
+									"nullable": false,
+									"type": "string",
+									"default": "hedgedoc"
+								}
+							},
+							"additionalProperties": false,
+							"required": [
+								"password"
+							]
+						}
+					},
+					"additionalProperties": false,
+					"required": [
+						"kind",
+						"data"
+					]
+				},
+				{
+					"nullable": false,
+					"type": "object",
+					"properties": {
+						"kind": {
+							"nullable": false,
+							"type": "string",
+							"enum": ["mariadb"]
+						},
+						"data": {
+							"nullable": false,
+							"type": "object",
+							"properties": {
+								"host": {
+									"nullable": false,
+									"type": "string",
+									"default": "localhost"
+								},
+								"port": {
+									"nullable": false,
+									"type": "integer",
+									"default": 3306
+								},
+								"username": {
+									"nullable": false,
+									"type": "string",
+									"default": "hedgedoc_user"
+								},
+								"password": {
+									"nullable": false,
+									"type": "string"
+								},
+								"schema": {
+									"nullable": false,
+									"type": "string",
+									"default": "hedgedoc"
+								}
+							},
+							"additionalProperties": false,
+							"required": [
+								"password"
+							]
+						}
+					},
+					"additionalProperties": false,
+					"required": [
+						"kind",
+						"data"
+					]
+				}
+			]
+		},
+		"authentication": {
+			"anyOf": [
+				{
+					"nullable": false,
+					"type": "object",
+					"properties": {
+						"kind": {
+							"nullable": false,
+							"type": "string",
+							"enum": ["internal"]
+						},
+						"data": {
+							"nullable": false,
+							"type": "object",
+							"properties": {
+							},
+							"additionalProperties": false,
+							"required": [
+							]
+						}
+					},
+					"additionalProperties": false,
+					"required": [
+						"kind"
+					]
+				},
+				{
+					"nullable": false,
+					"type": "object",
+					"properties": {
+						"kind": {
+							"nullable": false,
+							"type": "string",
+							"enum": ["authelia"]
+						},
+						"data": {
+							"nullable": false,
+							"type": "object",
+							"properties": {
+								"url_base": {
+									"nullable": false,
+									"type": "string"
+								},
+								"client_id": {
+									"nullable": false,
+									"type": "string",
+									"default": "hedgedoc"
+								},
+								"client_secret": {
+									"nullable": false,
+									"type": "string"
+								}
+							},
+							"additionalProperties": false,
+							"required": [
+								"url_base",
+								"client_secret"
+							]
+						}
+					},
+					"additionalProperties": false,
+					"required": [
+						"kind"
+					]
+				}
+			]
+		},
+		"log_level": {
+			"nullable": false,
+			"type": "string",
+			"enum": [
+				"debug",
+				"verbose",
+				"info",
+				"warn",
+				"error"
+			],
+			"default": "error"
+		},
+		"guest_allow_create": {
+			"nullable": false,
+			"type": "boolean",
+			"default": false
+		},
+		"guest_allow_change": {
+			"nullable": false,
+			"type": "boolean",
+			"default": false
+		},
+		"free_names_mode": {
+			"nullable": false,
+			"type": "string",
+			"default": "authed"
+		}
+	},
+	"additionalProperties": false,
+	"required": [
+		"domain",
+		"session_secret"
+	]
+}

roles/hedgedoc/defaults/main.json

@@ -1,21 +1,20 @@
 {
-	"var_hedgedoc_user_name": "hedgedoc",
+	"cfg_hedgedoc_defaults": {
-	"var_hedgedoc_directory": "/opt/hedgedoc",
+		"user_name": "hedgedoc",
-	"var_hedgedoc_version": "1.9.9",
+		"directory": "/opt/hedgedoc",
-	"var_hedgedoc_session_secret": "REPLACE_ME",
+		"version": "1.9.9",
-	"var_hedgedoc_database_kind": "sqlite",
+		"database": {
-	"var_hedgedoc_database_data_sqlite_path": "/var/hedgedoc/data.sqlite",
+			"kind": "sqlite",
-	"var_hedgedoc_database_data_postgresql_host": "localhost",
+			"data": {
-	"var_hedgedoc_database_data_postgresql_port": 5432,
+				"path": "/var/hedgedoc/data.sqlite"
-	"var_hedgedoc_database_data_postgresql_username": "hedgedoc_user",
+			}
-	"var_hedgedoc_database_data_postgresql_password": "REPLACE_ME",
+		},
-	"var_hedgedoc_database_data_postgresql_schema": "hedgedoc",
+		"authentication": {
-	"var_hedgedoc_domain": "hedgedoc.example.org",
+			"kind": "internal"
-	"var_hedgedoc_authentication_kind": "internal",
+		},
-	"var_hedgedoc_authentication_data_authelia_client_id": "hedgedoc",
+		"log_level": "error",
-	"var_hedgedoc_authentication_data_authelia_client_secret": "REPLACE_ME",
+		"guest_allow_create": false,
-	"var_hedgedoc_authentication_data_authelia_url_base": "https://authelia.example.org",
+		"guest_allow_change": false,
-	"var_hedgedoc_guest_allow_create": false,
+		"free_names_mode": "authed"
-	"var_hedgedoc_guest_allow_change": false,
+	}
-	"var_hedgedoc_free_names_mode": "authed"
 }

roles/hedgedoc/tasks/main.json

@@ -1,4 +1,11 @@
 [
+	{
+		"name": "show vars",
+		"when": "switch_show_vars",
+		"ansible.builtin.debug": {
+			"var": "vars.cfg_hedgedoc"
+		}
+	},
 	{
 		"name": "packages",
 		"become": true,
@@ -26,16 +33,16 @@
 		"name": "user",
 		"become": true,
 		"ansible.builtin.user": {
-			"name": "{{var_hedgedoc_user_name}}",
+			"name": "{{cfg_hedgedoc.user_name}}",
 			"create_home": true,
-			"home": "{{var_hedgedoc_directory}}"
+			"home": "{{cfg_hedgedoc.directory}}"
 		}
 	},
 	{
 		"name": "download",
 		"become": false,
 		"ansible.builtin.get_url": {
-			"url": "https://github.com/hedgedoc/hedgedoc/releases/download/{{var_hedgedoc_version}}/hedgedoc-{{var_hedgedoc_version}}.tar.gz",
+			"url": "https://github.com/hedgedoc/hedgedoc/releases/download/{{cfg_hedgedoc.version}}/hedgedoc-{{cfg_hedgedoc.version}}.tar.gz",
 			"dest": "/tmp/hedgedoc.tar.gz"
 		}
 	},
@@ -45,8 +52,8 @@
 		"ansible.builtin.unarchive": {
 			"remote_src": true,
 			"src": "/tmp/hedgedoc.tar.gz",
-			"dest": "{{var_hedgedoc_directory | dirname}}",
+			"dest": "{{cfg_hedgedoc.directory | dirname}}",
-			"owner": "{{var_hedgedoc_user_name}}"
+			"owner": "{{cfg_hedgedoc.user_name}}"
 		}
 	},
 	{
@@ -54,7 +61,7 @@
 		"become": true,
 		"become_user": "hedgedoc",
 		"ansible.builtin.command": {
-			"chdir": "{{var_hedgedoc_directory}}",
+			"chdir": "{{cfg_hedgedoc.directory}}",
 			"cmd": "bin/setup"
 		}
 	},
@@ -63,7 +70,7 @@
 		"become": true,
 		"ansible.builtin.template": {
 			"src": "config.json.j2",
-			"dest": "{{var_hedgedoc_directory}}/config.json"
+			"dest": "{{cfg_hedgedoc.directory}}/config.json"
 		}
 	},
 	{

roles/hedgedoc/templates/config.json.j2

@@ -1,61 +1,61 @@
 {
 	"production": {
-		"loglevel": "error",
+		"loglevel": "{{cfg_hedgedoc.log_level}}",
-{% if var_hedgedoc_database_kind == 'sqlite' %}
+{% if cfg_hedgedoc.database.kind == 'sqlite' %}
 		"db": {
 			"dialect": "sqlite",
-			"storage": "{{var_hedgedoc_database_data_sqlite_path}}"
+			"storage": "{{cfg_hedgedoc.database.data.path}}"
 		},
 {% endif %}
-{% if var_hedgedoc_database_kind == 'postgresql' %}
+{% if cfg_hedgedoc.database.kind == 'postgresql' %}
 		"db": {
 			"dialect": "postgres",
-			"host": "{{var_hedgedoc_database_data_postgresql_host}}",
+			"host": "{{cfg_hedgedoc.database.data.host}}",
-			"port": {{var_hedgedoc_database_data_postgresql_port | to_json}},
+			"port": {{cfg_hedgedoc.database.data.port | to_json}},
-			"username": "{{var_hedgedoc_database_data_postgresql_username}}",
+			"username": "{{cfg_hedgedoc.database.data.username}}",
-			"password": "{{var_hedgedoc_database_data_postgresql_password}}",
+			"password": "{{cfg_hedgedoc.database.data.password}}",
-			"database": "{{var_hedgedoc_database_data_postgresql_schema}}"
+			"database": "{{cfg_hedgedoc.database.data.schema}}"
 		},
 {% endif %}
-		"sessionSecret": "{{var_hedgedoc_session_secret}}",
+		"sessionSecret": "{{cfg_hedgedoc.session_secret}}",
 		"host": "localhost",
 		"allowOrigin": [
 			"localhost"
 		],
-		"domain": "{{var_hedgedoc_domain}}",
+		"domain": "{{cfg_hedgedoc.domain}}",
 		"urlAddPort": false,
 		"protocolUseSSL": true,
-{% if var_hedgedoc_authentication_kind == 'internal' %}
+{% if cfg_hedgedoc.authentication.kind == 'internal' %}
 		"email": true,
 		"allowEmailRegister": true,
 {% endif %}
-{% if var_hedgedoc_authentication_kind == 'authelia' %}
+{% if cfg_hedgedoc.authentication.kind == 'authelia' %}
 		"oauth2": {
-			"providerName": "{{var_hedgedoc_authentication_data_authelia_provider_name}}",
+			"providerName": "{{cfg_hedgedoc.authentication.data.provider_name}}",
-			"clientID": "{{var_hedgedoc_authentication_data_authelia_client_id}}",
+			"clientID": "{{cfg_hedgedoc.authentication.data.client_id}}",
-			"clientSecret": "{{var_hedgedoc_authentication_data_authelia_client_secret}}",
+			"clientSecret": "{{cfg_hedgedoc.authentication.data.client_secret}}",
 			"scope": "openid email profile",
 			"userProfileUsernameAttr": "sub",
 			"userProfileDisplayNameAttr": "name",
 			"userProfileEmailAttr": "email",
-			"userProfileURL": "{{var_hedgedoc_authentication_data_authelia_url_base}}/api/oidc/userinfo",
+			"userProfileURL": "{{cfg_hedgedoc.authentication.data.url_base}}/api/oidc/userinfo",
-			"tokenURL": "{{var_hedgedoc_authentication_data_authelia_url_base}}/api/oidc/token",
+			"tokenURL": "{{cfg_hedgedoc.authentication.data.url_base}}/api/oidc/token",
-			"authorizationURL": "{{var_hedgedoc_authentication_data_authelia_url_base}}/api/oidc/authorization"
+			"authorizationURL": "{{cfg_hedgedoc.authentication.data.url_base}}/api/oidc/authorization"
 		},
 		"email": false,
 		"allowEmailRegister": false,
 {% endif %}
-		"allowAnonymous": {{var_hedgedoc_guest_allow_create | to_json}},
+		"allowAnonymous": {{cfg_hedgedoc.guest_allow_create | to_json}},
-		"allowAnonymousEdits": {{var_hedgedoc_guest_allow_change | to_json}},
+		"allowAnonymousEdits": {{cfg_hedgedoc.guest_allow_change | to_json}},
-{% if var_hedgedoc_free_names_mode == 'never' %}
+{% if cfg_hedgedoc.free_names_mode == 'never' %}
 		"allowFreeURL": false,
 		"requireFreeURLAuthentication": false,
 {% endif %}
-{% if var_hedgedoc_free_names_mode == 'authed' %}
+{% if cfg_hedgedoc.free_names_mode == 'authed' %}
 		"allowFreeURL": true,
 		"requireFreeURLAuthentication": true,
 {% endif %}
-{% if var_hedgedoc_free_names_mode == 'always' %}
+{% if cfg_hedgedoc.free_names_mode == 'always' %}
 		"allowFreeURL": true,
 		"requireFreeURLAuthentication": false,
 {% endif %}

roles/hedgedoc/templates/systemd-unit.j2

@@ -3,8 +3,8 @@ Description=Hedgedoc
 After=multi-user.target
 
 [Service]
-WorkingDirectory={{var_hedgedoc_directory}}
+WorkingDirectory={{cfg_hedgedoc.directory}}
-User={{var_hedgedoc_user_name}}
+User={{cfg_hedgedoc.user_name}}
 Environment="NODE_ENV=production"
 ExecStart=yarn start
 SyslogIdentifier=hedgedoc

roles/hedgedoc/vardef.json

@@ -1,87 +0,0 @@
-{
-	"user_name": {
-		"type": "string",
-		"mandatory": false
-	},
-	"directory": {
-		"type": "string",
-		"mandatory": false
-	},
-	"version": {
-		"type": "string",
-		"mandatory": false
-	},
-	"session_secret": {
-		"type": "string",
-		"mandatory": true
-	},
-	"database_kind": {
-		"type": "string",
-		"mandatory": false,
-		"options": [
-			"sqlite",
-			"postgresql",
-			"mariadb"
-		]
-	},
-	"database_data_sqlite_path": {
-		"type": "string",
-		"mandatory": false
-	},
-	"database_data_postgresql_host": {
-		"type": "string",
-		"mandatory": false
-	},
-	"database_data_postgresql_port": {
-		"type": "integer",
-		"mandatory": false
-	},
-	"database_data_postgresql_username": {
-		"type": "string",
-		"mandatory": false
-	},
-	"database_data_postgresql_password": {
-		"type": "string",
-		"mandatory": false
-	},
-	"database_data_postgresql_schema": {
-		"type": "string",
-		"mandatory": false
-	},
-	"domain": {
-		"type": "string",
-		"mandatory": false
-	},
-	"authentication_kind": {
-		"type": "string",
-		"mandatory": false,
-		"options": [
-			"internal",
-			"authelia"
-		]
-	},
-	"authentication_data_authelia_client_id": {
-		"type": "string",
-		"mandatory": false
-	},
-	"authentication_data_authelia_client_secret": {
-		"type": "string",
-		"mandatory": false
-	},
-	"authentication_data_authelia_url_base": {
-		"type": "string",
-		"mandatory": false
-	},
-	"guest_allow_create": {
-		"type": "boolean",
-		"mandatory": false
-	},
-	"guest_allow_change": {
-		"type": "boolean",
-		"mandatory": false
-	},
-	"free_names_mode": {
-		"type": "string",
-		"mandatory": false
-	}
-}

roles/owncloud-and-nginx/cfg.schema.json

@@ -0,0 +1,28 @@
+{
+	"nullable": false,
+	"type": "object",
+	"properties": {
+		"domain": {
+			"nullable": false,
+			"type": "string"
+		},
+		"tls_mode": {
+			"nullable": false,
+			"type": "string",
+			"enum": [
+				"disable",
+				"enable",
+				"force"
+			],
+			"default": "force"
+		},
+		"maximum_upload_size": {
+			"type": "string",
+			"default": "1G"
+		}
+	},
+	"additionalProperties": false,
+	"required": [
+		"domain"
+	]
+}

roles/owncloud-and-nginx/defaults/main.json

@@ -1,5 +1,6 @@
 {
-	"var_owncloud_and_nginx_domain": "owncloud.example.org",
+	"cfg_owncloud_and_nginx_defaults": {
-	"var_owncloud_and_nginx_tls_mode": "force",
+		"tls_mode": "force",
-	"var_owncloud_and_nginx_maximum_upload_size": "1G"
+		"maximum_upload_size": "1G"
+	}
 }

roles/owncloud-and-nginx/tasks/main.json

@@ -1,4 +1,11 @@
 [
+	{
+		"name": "show vars",
+		"when": "switch_show_vars",
+		"ansible.builtin.debug": {
+			"var": "vars.cfg_owncloud_and_nginx"
+		}
+	},
 	{
 		"name": "deactivate default site",
 		"become": true,
@@ -12,7 +19,7 @@
 		"become": true,
 		"ansible.builtin.template": {
 			"src": "conf.j2",
-			"dest": "/etc/nginx/sites-available/{{var_owncloud_and_nginx_domain}}"
+			"dest": "/etc/nginx/sites-available/{{cfg_owncloud_and_nginx.domain}}"
 		}
 	},
 	{
@@ -20,8 +27,8 @@
 		"become": true,
 		"ansible.builtin.file": {
 			"state": "link",
-			"src": "/etc/nginx/sites-available/{{var_owncloud_and_nginx_domain}}",
+			"src": "/etc/nginx/sites-available/{{cfg_owncloud_and_nginx.domain}}",
-			"dest": "/etc/nginx/sites-enabled/{{var_owncloud_and_nginx_domain}}"
+			"dest": "/etc/nginx/sites-enabled/{{cfg_owncloud_and_nginx.domain}}"
 		}
 	},
 	{

roles/owncloud-and-nginx/templates/conf.j2

@@ -1,7 +1,7 @@
 {% macro owncloud_common() %}
 	location / {
 		proxy_pass http://localhost:9200;
-		client_max_body_size {{var_owncloud_and_nginx_maximum_upload_size}};
+		client_max_body_size {{cfg_owncloud_and_nginx.maximum_upload_size}};
 	}
 {% endmacro %}
 
@@ -9,24 +9,24 @@ server {
 	listen 80;
 	listen [::]:80;
 	
-	server_name {{var_owncloud_and_nginx_domain}};
+	server_name {{cfg_owncloud_and_nginx.domain}};
 	
-{% if var_owncloud_and_nginx_tls_mode == 'force' %}
+{% if cfg_owncloud_and_nginx.tls_mode == 'force' %}
 	return 301 https://$http_host$request_uri;
 {% else %}
 	{{ owncloud_common() }}
 {% endif %}
 }
 
-{% if var_owncloud_and_nginx_tls_mode != 'disable' %}
+{% if cfg_owncloud_and_nginx.tls_mode != 'disable' %}
 server {
 	listen 443 ssl;
 	listen [::]:443 ssl;
 	
-	server_name {{var_owncloud_and_nginx_domain}};
+	server_name {{cfg_owncloud_and_nginx.domain}};
 	
-	ssl_certificate_key /etc/ssl/private/{{var_owncloud_and_nginx_domain}}.pem;
+	ssl_certificate_key /etc/ssl/private/{{cfg_owncloud_and_nginx.domain}}.pem;
-	ssl_certificate /etc/ssl/fullchains/{{var_owncloud_and_nginx_domain}}.pem;
+	ssl_certificate /etc/ssl/fullchains/{{cfg_owncloud_and_nginx.domain}}.pem;
 	include /etc/nginx/ssl-hardening.conf;
 	
 	{{ owncloud_common() }}

roles/owncloud-and-nginx/vardef.json

@@ -1,20 +0,0 @@
-
-{
-	"domain": {
-		"type": "string",
-		"mandatory": false
-	},
-	"tls_mode": {
-        "type": "string",
-        "options": [
-			"disable",
-			"enable",
-			"force"
-        ],
-        "mandatory": false
-	},
-	"maximum_upload_size": {
-		"type": "string",
-		"mandatory": false
-	}
-}

roles/owncloud/templates/csp.yaml.j2

@@ -1,6 +1,7 @@
 directives:
   connect-src:
     - '''self'''
+    - 'https://{{cfg_owncloud.domain}}'
 {% if cfg_owncloud.authentication.kind == 'authelia' %}
     - '{{cfg_owncloud.authentication.data.url_base}}'
 {% endif %}

roles/owncloud/templates/env.j2

@@ -12,8 +12,8 @@ WEB_OIDC_RESPONSE_TYPE=code
 WEB_OIDC_SCOPE=openid profile email groups
 WEB_OPTION_LOGIN_URL={{cfg_owncloud.authentication.data.url_base}}
 WEB_OPTION_LOGOUT_URL={{cfg_owncloud.authentication.data.url_base}}
-WEB_UI_THEME_SERVER={{cfg_owncloud.domain}}
+WEB_UI_THEME_SERVER=https://{{cfg_owncloud.domain}}
-WEB_UI_CONFIG_SERVER={{cfg_owncloud.domain}}
+WEB_UI_CONFIG_SERVER=https://{{cfg_owncloud.domain}}
 {% endif %}
 
 ## other clients

roles/tlscert_selfsigned/cfg.schema.json

@@ -0,0 +1,14 @@
+{
+	"nullable": false,
+	"type": "object",
+	"properties": {
+		"domain": {
+			"nullable": false,
+			"type": "string"
+		}
+	},
+	"additionalProperties": false,
+	"required": [
+		"domain"
+	]
+}

roles/tlscert_selfsigned/defaults/main.json

@@ -1,3 +1,4 @@
 {
-	"var_tlscert_selfsigned_domain": "foo.example.org"
+	"cfg_tlscert_selfsigned_defaults": {
+	}
 }

roles/tlscert_selfsigned/tasks/main.json

@@ -1,4 +1,11 @@
 [
+	{
+		"name": "show vars",
+		"when": "switch_show_vars",
+		"ansible.builtin.debug": {
+			"var": "vars.cfg_tlscert_selfsigned"
+		}
+	},
 	{
 		"name": "install packages",
 		"become": true,
@@ -28,19 +35,19 @@
 		"name": "csr | generate private key",
 		"become": true,
 		"community.crypto.openssl_privatekey": {
-			"path": "/etc/ssl/private/{{var_tlscert_selfsigned_domain}}.pem"
+			"path": "/etc/ssl/private/{{cfg_tlscert_selfsigned.domain}}.pem"
 		}
 	},
 	{
 		"name": "csr | execute",
 		"become": true,
 		"community.crypto.openssl_csr": {
-			"privatekey_path": "/etc/ssl/private/{{var_tlscert_selfsigned_domain}}.pem",
+			"privatekey_path": "/etc/ssl/private/{{cfg_tlscert_selfsigned.domain}}.pem",
-			"common_name": "{{var_tlscert_selfsigned_domain}}",
+			"common_name": "{{cfg_tlscert_selfsigned.domain}}",
 			"subject_alt_name": [
-				"DNS:{{var_tlscert_selfsigned_domain}}"
+				"DNS:{{cfg_tlscert_selfsigned.domain}}"
 			],
-			"path": "/etc/ssl/csr/{{var_tlscert_selfsigned_domain}}.pem"
+			"path": "/etc/ssl/csr/{{cfg_tlscert_selfsigned.domain}}.pem"
 		},
 		"register": "temp_csr"
 	},
@@ -48,17 +55,17 @@
 		"name": "generate certificate",
 		"become": true,
 		"community.crypto.x509_certificate": {
-			"privatekey_path": "/etc/ssl/private/{{var_tlscert_selfsigned_domain}}.pem",
+			"privatekey_path": "/etc/ssl/private/{{cfg_tlscert_selfsigned.domain}}.pem",
-			"csr_path": "/etc/ssl/csr/{{var_tlscert_selfsigned_domain}}.pem",
+			"csr_path": "/etc/ssl/csr/{{cfg_tlscert_selfsigned.domain}}.pem",
 			"provider": "selfsigned",
-			"path": "/etc/ssl/certs/{{var_tlscert_selfsigned_domain}}.pem"
+			"path": "/etc/ssl/certs/{{cfg_tlscert_selfsigned.domain}}.pem"
 		}
 	},
 	{
 		"name": "compose fullchain",
 		"become": true,
 		"ansible.builtin.shell": {
-			"cmd": "cat /etc/ssl/certs/{{var_tlscert_selfsigned_domain}}.pem > /etc/ssl/fullchains/{{var_tlscert_selfsigned_domain}}.pem"
+			"cmd": "cat /etc/ssl/certs/{{cfg_tlscert_selfsigned.domain}}.pem > /etc/ssl/fullchains/{{cfg_tlscert_selfsigned.domain}}.pem"
 		}
 	}
 ]