Adjusted variables and docker-compose file to account for multitenancy setups.

README.md

@@ -16,9 +16,13 @@ Role Variables
 
 | Variable                        | Description                                                                                                                                                                                                  | Default                           |
 | ---------------------------     | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------                              | ------------------                |
-| docker_user                     | The user who is going to manage/run the Docker Compose services                                                                                                                                              | deploy                            |
+| cryptpad_install_user           | The user who is going to manage/run the Docker Compose services                                                                                                                                              | {{ ansible_user }}                |
+| cryptpad_install_path           | The location where the service should be deployed                                                                                                                                                            | /home/{{ cryptpad_install_user }} |
+| cryptpad_multitenant_label      | A label (unique accross all instances on this host) identifying the tenant                                                                                                                                   |                                   |
 | cryptpad_virtual_host           | The virtual host that is e.g. used by Traefik, usually part of the public url                                                                                                                                | localhost                         |
 | cryptpad_safe_virtual_host      | See above, and: this additonal domain is used together with `cryptpad_virtual_host` for additional security and must not be the same! More docs are in the `config.js` template                              |                                   |
+| cryptpad_http_address           | The address under which this instance can be found                                                                                                                                                           | 127.0.0.1                         |
+| cryptpad_exposed_port           | The port under which this instance connects to the host                                                                                                                                                      | 3000                              |
 | cryptpad_http_unsafe_origin_url | The URL of the public entrypoint URL, e.g. `https://pad.example.tld`                                                                                                                                         | https:// + $cryptpad_virtual_host |
 | cryptpad_http_safe_origin_url   | The URL of the safe public URL, e.g. `https://pad-sandbox.example.tld`                                                                                                                                       |                                   |
 | cryptpad_admin_email            | An email address that will be published on the `/contact.html` page                                                                                                                                          |                                   |

defaults/main.yml

@@ -1,6 +1,12 @@
 ---
 # defaults file for jotbe.cryptpad-docker
+cryptpad_install_user: '{{ ansible_user }}' # This user must be present on the host
+cryptpad_install_path: '/home/{{ cryptpad_install_user }}'
+cryptpad_multitenant_label:
 cryptpad_http_address: 127.0.0.1
+cryptpad_exposed_port: 3000
 cryptpad_http_unsafe_origin_url: https://{{ cryptpad_virtual_host }}
 cryptpad_http_safe_origin_url: https://{{ cryptpad_safe_virtual_host }}
-cryptpad_block_daily_check: no
+cryptpad_block_daily_check: no
+# Internal variables
+cryptpad_multitenant_postfix: "{{ '_' + cryptpad_multitenant_label if (cryptpad_multitenant_label) else '' }}"

tasks/main.yml

@@ -2,21 +2,21 @@
 # tasks file for jotbe.cryptpad-docker
 - name: Ensure Docker Compose project directory exists
   file:
-    path: /home/{{ docker_user }}/cryptpad
+    path: "{{ cryptpad_install_path }}/cryptpad"
     state: directory
-    owner: '{{ docker_user }}'
-    group: '{{ docker_user }}'
+    owner: '{{ cryptpad_install_user }}'
+    group: '{{ cryptpad_install_user }}'
 
 - name: Provide docker-compose.yml
   template:
     src: templates/docker-compose.cryptpad.yml.j2
-    dest: /home/{{ docker_user }}/cryptpad/docker-compose.yml
-    owner: "{{ docker_user }}"
-    group: "{{ docker_user }}"
+    dest: "{{ cryptpad_install_path }}/cryptpad/docker-compose.yml"
+    owner: "{{ cryptpad_install_user }}"
+    group: "{{ cryptpad_install_user }}"
     mode: '0644'
 
 - name: Output docker-compose.yml
-  shell: cat /home/{{ docker_user }}/cryptpad/docker-compose.yml
+  shell: cat {{ cryptpad_install_path }}/cryptpad/docker-compose.yml
   register: output
 
 - debug:
@@ -24,9 +24,9 @@
 
 - name: Provide env vars
   copy:
-    dest: /home/{{ docker_user }}/cryptpad/.env
-    owner: "{{ docker_user }}"
-    group: "{{ docker_user }}"
+    dest: "{{ cryptpad_install_path }}/cryptpad/.env"
+    owner: "{{ cryptpad_install_user }}"
+    group: "{{ cryptpad_install_user }}"
     mode: '0640'
     content: |
       VERSION=v3.24.0
@@ -36,28 +36,28 @@
 
 - name: Ensure cryptpad config directory exists
   file:
-    path: /home/{{ docker_user }}/cryptpad/data/config
+    path: "{{ cryptpad_install_path }}/cryptpad/data/config"
     state: directory
-    owner: '{{ docker_user }}'
-    group: '{{ docker_user }}'
+    owner: '{{ cryptpad_install_user }}'
+    group: '{{ cryptpad_install_user }}'
 
 - name: Provide cryptpad config
   template:
     src: templates/config.js.j2
-    dest: /home/{{ docker_user }}/cryptpad/data/config/config.js
-    owner: "{{ docker_user }}"
-    group: "{{ docker_user }}"
+    dest: "{{ cryptpad_install_path }}/cryptpad/data/config/config.js"
+    owner: "{{ cryptpad_install_user }}"
+    group: "{{ cryptpad_install_user }}"
     mode: '0644'
 
 - name: "docker-compose: Teardown existing cryptpad service"
   docker_compose:
-    project_src: "/home/{{ docker_user }}/cryptpad/"
+    project_src: "{{ cryptpad_install_path }}/cryptpad/"
     state: absent
   tags: ['never', 'teardown']
 
 - name: "docker-compose: Start cryptpad service"
   docker_compose:
-    project_src: "/home/{{ docker_user }}/cryptpad/"
+    project_src: "{{ cryptpad_install_path }}/cryptpad/"
     pull: yes
   register: output
   tags: service_start

templates/docker-compose.cryptpad.yml.j2

@@ -3,25 +3,26 @@ services:
 
   cryptpad:
     image: "promasu/cryptpad:${VERSION}"
-    hostname: cryptpad
+    container_name: cryptpad{{ cryptpad_multitenant_postfix }}
+    hostname: cryptpad{{ cryptpad_multitenant_postfix }}
 
     labels:
       - "traefik.enable=true"
-      - "traefik.port=3000"
+      - "traefik.port={{ cryptpad_exposed_port }}"
       - "traefik.docker.network=traefik_public"
-      - "traefik.http.routers.cryptpad.rule=Host(`{{ cryptpad_virtual_host }}`) || Host(`{{ cryptpad_safe_virtual_host }}`)"
-      - "traefik.http.routers.cryptpad.entrypoints=websecure"
-      - "traefik.http.routers.cryptpad.tls=true"
-      - "traefik.http.routers.cryptpad.tls.certresolver=defaultresolver"
-      - "traefik.http.middlewares.cryptpad-headers.headers.SSLRedirect=true"
-      - "traefik.http.middlewares.cryptpad-headers.headers.browserXSSFilter=true"
-      - "traefik.http.middlewares.cryptpad-headers.headers.contentTypeNosniff=true"
-      - "traefik.http.middlewares.cryptpad-headers.headers.forceSTSHeader=true"
-      - "traefik.http.middlewares.cryptpad-headers.headers.STSSeconds=315360000"
-      - "traefik.http.middlewares.cryptpad-headers.headers.STSIncludeSubdomains=true"
-      - "traefik.http.middlewares.cryptpad-headers.headers.STSPreload=true"
-      - "traefik.http.middlewares.cryptpad-headers.headers.featurePolicy=geolocation 'none'; payment 'none'"
-      - "traefik.http.routers.cryptpad.middlewares=cryptpad-headers"
+      - "traefik.http.routers.cryptpad{{ cryptpad_multitenant_postfix }}.rule=Host(`{{ cryptpad_virtual_host }}`) || Host(`{{ cryptpad_safe_virtual_host }}`)"
+      - "traefik.http.routers.cryptpad{{ cryptpad_multitenant_postfix }}.entrypoints=websecure"
+      - "traefik.http.routers.cryptpad{{ cryptpad_multitenant_postfix }}.tls=true"
+      - "traefik.http.routers.cryptpad{{ cryptpad_multitenant_postfix }}.tls.certresolver=defaultresolver"
+      - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.SSLRedirect=true"
+      - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.browserXSSFilter=true"
+      - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.contentTypeNosniff=true"
+      - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.forceSTSHeader=true"
+      - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.STSSeconds=315360000"
+      - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.STSIncludeSubdomains=true"
+      - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.STSPreload=true"
+      - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.featurePolicy=geolocation 'none'; payment 'none'"
+      - "traefik.http.routers.cryptpad{{ cryptpad_multitenant_postfix }}.middlewares=cryptpad{{ cryptpad_multitenant_postfix }}-headers"
       - "traefik.frontend.passHostHeader=true"
     environment:
       - USE_SSL=${USE_SSL}