diff --git a/README.md b/README.md index b8a0d49fb5..2e927a22aa 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,7 @@ If you have a spare domain name you can configure applications to be accessible * [Cloudflare DDNS](https://hub.docker.com/r/joshuaavalon/cloudflare-ddns/) - automatically update Cloudflare with your IP address * [CouchPotato](https://couchpota.to/) - for downloading and managing movies * [Dashy](https://dashy.to/) - A self-hosted startpage for your server. Easy to use visual editor, status checking, widgets, themes and tons more! +* [DbGate](https://github.com/dbgate/dbgate) - Database manager for MySQL, PostgreSQL, SQL Server, MongoDB, SQLite and others * [DDNS Updater](https://github.com/qdm12/ddns-updater) - dynamic dns updater for serveral providers * [Deluge](https://dev.deluge-torrent.org/) - A lightweight, Free Software, cross-platform BitTorrent client. * [Dockge](https://github.com/louislam/dockge) - A fancy, easy-to-use and reactive self-hosted docker compose.yaml stack-oriented manager diff --git a/nas.yml b/nas.yml index 9c92bce199..3950e5f4c9 100644 --- a/nas.yml +++ b/nas.yml @@ -169,6 +169,10 @@ tags: - dashy + - role: dbgate + tags: + - dbgate + - role: ddns_updater tags: - ddns_updater diff --git a/roles/dbgate/defaults/main.yml b/roles/dbgate/defaults/main.yml new file mode 100644 index 0000000000..9b60faa814 --- /dev/null +++ b/roles/dbgate/defaults/main.yml @@ -0,0 +1,135 @@ +--- +dbgate_enabled: false +dbgate_available_externally: false + +# directories +dbgate_data_directory: "{{ docker_home }}/dbgate" + +# network +dbgate_port: "3026" +dbgate_hostname: "dbgate" +dbgate_network_name: "dbgate" +dbgate_networks: + - name: "{{ dbgate_network_name }}" + +# specs +dbgate_memory: 1g + +# docker +dbgate_container_name: dbgate +dbgate_image_name: "dbgate/dbgate" # or index.docker.io/dbgate/dbgate-ee +dbgate_image_version: latest +dbgate_user_id: "1000" +dbgate_group_id: "1000" + +# dbgate +dbgate_web_root: "" +dbgate_permissions: "" +dbgate_shell_connection: "0" +dbgate_shell_scripting: "0" +# dbgate_logins: "" +# dbgate_login_password: "" +# dbgate_login_permissions: "" +dbgate_token_lifetime: "1d" +dbgate_single_connection: "" +dbgate_single_database: "" +dbgate_basic_auth: "0" +dbgate_log_level: "info" +dbgate_file_log_level: "info" +dbgate_console_log_level: "info" +dbgate_oauth_auth: "" +dbgate_oauth_token: "" +dbgate_oauth_logout: "" +dbgate_oauth_client_id: "" +dbgate_oauth_client_secret: "" +dbgate_oauth_login_field: "" +dbgate_oauth_allowed_logins: "" +dbgate_oauth_scope: "" +dbgate_oauth_permissions: "" +dbgate_oauth_group_field: "" +dbgate_oauth_allowed_groups: "" +dbgate_ad_url: "" +dbgate_ad_basedn: "" +dbgate_ad_username: "" +dbgate_ad_password: "" +dbgate_ad_allowed_logins: "" + +dbgate_env: + WEB_ROOT: "{{ dbgate_web_root }}" # if you need to run DbGate in virtual subdirectory (eg. for value /dbadmin , dbgate will be accessible on localhost:3000/dbadmin ) + PERMISSIONS: "{{ dbgate_permissions }}" # list of comma separated permissions. See also permission list below + SHELL_CONNECTION: "{{ dbgate_shell_connection }}" # if true or 1, connections can be defined in shell scripts. Otherwise, only preconfigured connections are allowed. By default, this is not allowed for security reasons. + SHELL_SCRIPTING: "{{ dbgate_shell_scripting }}" # if true or 1, custom JavaScript shell scripts are allowed. By default, this is not allowed for security reasons. + # LOGINS: "{{ dbgate_logins }}" # comma delimited list of aditional logins + # LOGIN_PASSWORD_[login]: "{{ dbgate_login_password }}" # password for specified login + # LOGIN_PERMISSIONS_[login]: "{{ dbgate_login_permissions }}" # list of comma separated permissions for given login. See also permission list below + TOKEN_LIFETIME: "{{ dbgate_token_lifetime }}" # lifetime of access token. After this time, logged user will be redirected to login page. Default is 1d (means 1 day). Possible are values like 3h (3 hours), 10m (10 minutes), 2d (2 days) + SINGLE_CONNECTION: "{{ dbgate_single_connection }}" # connection id. If defined, only this connection will be available (must be used with SINGLE_DATABASE) + SINGLE_DATABASE: "{{ dbgate_single_database }}" # database name, only this database will be available. (must be used with SINGLE_CONNECTION) + BASIC_AUTH: "{{ dbgate_basic_auth }}" # if true or 1 and LOGIN or LOGINS are defined, baseic authentization of both web and API is used. Otherwise, login form and JWT token base API authentization is used. Basic authentization cannot be used for active directory/LDAP authentization. + LOG_LEVEL: "{{ dbgate_log_level }}" # all messages with this log level or bigger will be logged. One of values trace, debug, info, warn, error, fatal. Default is info + FILE_LOG_LEVEL: "{{ dbgate_file_log_level }}" # log level for logging into log file. For file logging, this has bigger priority than LOG_LEVEL + CONSOLE_LOG_LEVEL: "{{ dbgate_console_log_level }}" # log level for logging into log file. For console logging, this has bigger priority than LOG_LEVEL + OAUTH_AUTH: "{{ dbgate_oauth_auth }}" # authentication endpoint of OAuth protocol + OAUTH_TOKEN: "{{ dbgate_oauth_token }}" # token endpoint of OAuth protocol + OAUTH_LOGOUT: "{{ dbgate_oauth_logout }}" # logout URL of OAuth provider. User will be redirected to this URL when he requests logging out + OAUTH_CLIENT_ID: "{{ dbgate_oauth_client_id }}" # client ID + OAUTH_CLIENT_SECRET: "{{ dbgate_oauth_client_secret }}" # client secret + OAUTH_LOGIN_FIELD: "{{ dbgate_oauth_login_field }}" # field name from payload, which holds login name. For availabe fields, you could inspect dbgate log, payload sent from OAuth provider are logged to console. This login name is used eg. for configuring permissions. It is not neccessary login entered in OAuth. If not specified, all users from OAuth provider will have the same login name. + OAUTH_ALLOWED_LOGINS: "{{ dbgate_oauth_allowed_logins }}" # comma separator login names, which will be allowed to login. If not specified, all logins will be allowed to use DbGate app. + OAUTH_SCOPE: "{{ dbgate_oauth_scope }}" # scope, which is sent to OAuth authorize and token endpoint + OAUTH_PERMISSIONS: "{{ dbgate_oauth_permissions }}" # set 1 or true, when set, LOGIN_PERMISSIONS_[login] could be used also for users authentificated by OAuth + OAUTH_GROUP_FIELD: "{{ dbgate_oauth_group_field }}" # field in payload from OAuth which denotes group + OAUTH_ALLOWED_GROUPS: "{{ dbgate_oauth_allowed_groups }}" # comma separated alowed group names + AD_URL: "{{ dbgate_ad_url }}" # URL of LDAP provider (eg ldap://domain.com) + AD_BASEDN: "{{ dbgate_ad_basedn }}" # eg. dc=domain,dc=com + AD_USERNAME: "{{ dbgate_ad_username }}" # username to active directory + AD_PASSWORD: "{{ dbgate_ad_password }}" # password to acvtive directory + AD_ALLOWED_LOGINS: "{{ dbgate_ad_allowed_logins }}" # comma separator login names, which will be allowed to login. If not specified, all logins will be allowed to use DbGate app. + CONNECTIONS: "" # list of preconfigured connection names, comma delimited. In following options, [connection id] is ID from this list + LABEL_[connection id]: "" # label (display name) of connection. + SERVER_[connection id]: "" # server (host name) of connection. + USER_[connection id]: "" # user name for DB connection. + PASSWORD_[connection id]: "" # password for DB connection. + PASSWORD_MODE_[connection id]: "" # determines whether password and user name is stored or must be filled in by used. One of following values: + # askPassword # DbGate asks for password when connecting + # askUser # DbGate asks for username and password + PORT_[connection id]: "" # port for DB connection. + FILE_[connection id]: "" # database file path (for SQLite). + URL_[connection id]: "" # database URL (works for MongoDB, PostgreSQL, CockroachDb, Redshift). + DATABASE_[connection id]: "" # default database name. + READONLY_[connection id]: "" # connect in readonly mode + ENGINE_[connection id]: "" # engine of connection (mandatory, name of engine with plugin), one of: + # mssql@dbgate-plugin-mssql # Microsoft SQL Server + # mysql@dbgate-plugin-mysql # MySQL + # mariadb@dbgate-plugin-mysql # MariaDB + # postgres@dbgate-plugin-postgres # PostgreSQL + # cockroach@dbgate-plugin-postgres # CockroachDB + # redshift@dbgate-plugin-postgres # Amazon Redshift + # sqlite@dbgate-plugin-sqlite # SQLite + # mongo@dbgate-plugin-mongo # MongoDB + USE_SSH_[connection id]: "" # set value 1 or true, when SSH tunnel should be used + SSH_HOST_[connection id]: "" # SSH host name + SSH_PORT_[connection id]: "" # SSH port number + SSH_MODE_[connection id]: "" # one of following values + # userPassword # authenticate with user and password + # agent # authenticate with SSH agent + # keyFile # authenticate with key file + SSH_LOGIN_[connection id]: "" # SSH login + SSH_PASSWORD_[connection id]: "" # SSH password + SSH_KEY_FILE_[connection id]: "" # full path to key file + SSH_KEY_FILE_PASSWORD_[connection id]: "" # key file passphrase + USE_SSL_[connection id]: "" # set value 1 or true, when SSL should be used + SSL_CA_FILE_[connection id]: "" # path to CA Cert file + SSL_CERT_FILE_[connection id]: "{" # path to certificate file + SSL_CERT_FILE_PASSWORD_[connection id]: "" # certificate key file password + SSL_KEY_FILE_[connection id]: "" # path to key file + SSL_REJECT_UNAUTHORIZED_[connection id]: "" # set value 1 or true if reject unauthorized connections + SSL_TRUST_CERTIFICATE_[connection id]: "" # set value 1 or true for setting trustServerCertificate MSSQL option + SETTINGS_[settings key]: "" # preconfigure settings value. Setting key could be listed from source codes, https://github.com/dbgate/dbgate/blob/master/packages/web/src/settings/ + SOCKET_PATH_[connection id]: "" # path to socket file, if connecting via socket + AUTH_TYPE_[connection id]: "" # authentization type + # hostPort (default) + # socket # value is set implicitly, when settings SOCKET_PATH + # tedious # default portable authentization for MS SQL, using tedious driver + # sspi # Windows integrated authentization (Windows only, MS SQL), using native MSSQL driver + # sql # SQL authentization (Windows only, MS SQL), using native MSSQL driver diff --git a/roles/dbgate/docs/dbgate.md b/roles/dbgate/docs/dbgate.md new file mode 100644 index 0000000000..d15258f7fb --- /dev/null +++ b/roles/dbgate/docs/dbgate.md @@ -0,0 +1,11 @@ +# DbGate + +Homepage: [https://dbgate.org/](https://dbgate.org/) + +DbGate is cross-platform database manager. It's designed to be simple to use and effective, when working with more databases simultaneously. But there are also many advanced features like schema compare, visual query designer, chart visualisation or batch export and import. + +## Usage + +Set `dbgate_enabled: true` in your `inventories//group_vars/nas.yml` file. + +dbgate web interface can be found at [http://ansible_nas_host_or_ip:3026](http://ansible_nas_host_or_ip:3026). diff --git a/roles/dbgate/molecule/default/molecule.yml b/roles/dbgate/molecule/default/molecule.yml new file mode 100644 index 0000000000..41a2ac592a --- /dev/null +++ b/roles/dbgate/molecule/default/molecule.yml @@ -0,0 +1,6 @@ +--- +provisioner: + inventory: + group_vars: + all: + dbgate_enabled: true diff --git a/roles/dbgate/molecule/default/side_effect.yml b/roles/dbgate/molecule/default/side_effect.yml new file mode 100644 index 0000000000..9b3c9c410f --- /dev/null +++ b/roles/dbgate/molecule/default/side_effect.yml @@ -0,0 +1,10 @@ +--- +- name: Stop + hosts: all + become: true + tasks: + - name: "Include {{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }} role" + ansible.builtin.include_role: + name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" + vars: + dbgate_enabled: false diff --git a/roles/dbgate/molecule/default/verify.yml b/roles/dbgate/molecule/default/verify.yml new file mode 100644 index 0000000000..97ac4a3485 --- /dev/null +++ b/roles/dbgate/molecule/default/verify.yml @@ -0,0 +1,19 @@ +--- +- name: Verify + hosts: all + gather_facts: false + tasks: + - name: Include vars + ansible.builtin.include_vars: + file: ../../defaults/main.yml + + - name: Get dbgate container state + community.docker.docker_container: + name: "{{ dbgate_container_name }}" + register: result + + - name: Check if dbgate containers are running + ansible.builtin.assert: + that: + - result.container['State']['Status'] == "running" + - result.container['State']['Restarting'] == false diff --git a/roles/dbgate/molecule/default/verify_stopped.yml b/roles/dbgate/molecule/default/verify_stopped.yml new file mode 100644 index 0000000000..4341477eb4 --- /dev/null +++ b/roles/dbgate/molecule/default/verify_stopped.yml @@ -0,0 +1,19 @@ +--- +- name: Verify + hosts: all + gather_facts: false + tasks: + - name: Include vars + ansible.builtin.include_vars: + file: ../../defaults/main.yml + + - name: Try and stop and remove dbgate + community.docker.docker_container: + name: "{{ dbgate_container_name }}" + state: absent + register: result + + - name: Check if dbgate is stopped + ansible.builtin.assert: + that: + - not result.changed diff --git a/roles/dbgate/requirements.yml b/roles/dbgate/requirements.yml new file mode 120000 index 0000000000..9a736435ab --- /dev/null +++ b/roles/dbgate/requirements.yml @@ -0,0 +1 @@ +../../requirements.yml \ No newline at end of file diff --git a/roles/dbgate/tasks/main.yml b/roles/dbgate/tasks/main.yml new file mode 100644 index 0000000000..7992a8f30d --- /dev/null +++ b/roles/dbgate/tasks/main.yml @@ -0,0 +1,46 @@ +--- +- name: Start DbGate + block: + - name: Create DbGate Directories + ansible.builtin.file: + path: "{{ item }}" + state: directory + with_items: + - "{{ dbgate_data_directory }}" + - "{{ dbgate_data_directory }}/data" + + - name: Create DbGate network + community.docker.docker_network: + name: "{{ dbgate_network_name }}" + + - name: Create DbGate Docker Container + community.docker.docker_container: + container_default_behavior: no_defaults + name: "{{ dbgate_container_name }}" + image: "{{ dbgate_image_name }}:{{ dbgate_image_version }}" + pull: true + networks: "{{ dbgate_networks }}" + network_mode: "{{ dbgate_network_name }}" + volumes: + - "{{ dbgate_data_directory }}/data:/root/.dbgate:rw" + ports: + - "{{ dbgate_port }}:3000" + env: "{{ dbgate_env }}" + restart_policy: unless-stopped + memory: "{{ dbgate_memory }}" + labels: + traefik.enable: "{{ dbgate_available_externally | string }}" + traefik.http.routers.dbgate.rule: "Host(`{{ dbgate_hostname }}.{{ ansible_nas_domain }}`)" + traefik.http.routers.dbgate.tls.certresolver: "letsencrypt" + traefik.http.routers.dbgate.tls.domains[0].main: "{{ ansible_nas_domain }}" + traefik.http.routers.dbgate.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" + traefik.http.services.dbgate.loadbalancer.server.port: "3000" + when: dbgate_enabled is true + +- name: Stop DbGate + block: + - name: Stop DbGate + community.docker.docker_container: + name: "{{ dbgate_container_name }}" + state: absent + when: dbgate_enabled is false diff --git a/website/docs/applications/system-tools/dbgate.md b/website/docs/applications/system-tools/dbgate.md new file mode 100644 index 0000000000..687474057e --- /dev/null +++ b/website/docs/applications/system-tools/dbgate.md @@ -0,0 +1,14 @@ +--- +title: "DbGate" +description: "Database manager for MySQL, PostgreSQL, SQL Server, MongoDB, SQLite and others" +--- + +Homepage: [https://dbgate.org/](https://dbgate.org/) + +DbGate is cross-platform database manager. It's designed to be simple to use and effective, when working with more databases simultaneously. But there are also many advanced features like schema compare, visual query designer, chart visualisation or batch export and import. + +## Usage + +Set `dbgate_enabled: true` in your `inventories//group_vars/nas.yml` file. + +dbgate web interface can be found at [http://ansible_nas_host_or_ip:3026](http://ansible_nas_host_or_ip:3026).