Implemented OIDC für pixelfed

roles/docker-moodle/README.md

@@ -15,6 +15,7 @@ This role deploys Moodle using Docker, automating the setup of both the Moodle a
 - **Scalable Deployment:** Leverage Docker for a portable and scalable installation that adapts as your user base grows.
 - **Robust Data Management:** Secure and reliable storage of both the Moodle application and user data through Docker volumes.
 - **Secure Web Access:** Configured to work seamlessly behind an Nginx reverse proxy for enhanced security and performance.
+* **Single Sign-On (SSO) / OpenID Connect (OIDC):** Seamless integration with external identity providers for centralized authentication.
 
 ## Additional Resources
 

roles/docker-pixelfed/README.md

@@ -2,30 +2,22 @@
 
 ## Description
 
-Pixelfed is a decentralized image sharing platform that champions creativity and privacy. It offers a secure, community‑driven alternative to centralized social media networks by enabling federated communication and robust content sharing through a modern web interface.
+Pixelfed is a decentralized image-sharing platform that champions creativity and privacy. It offers a secure, community-driven alternative to centralized social networks by enabling federated communication and seamless content sharing through a modern web interface.
 
 ## Overview
 
-This Docker Compose deployment automates the installation and management of a Pixelfed instance
+This Docker Compose deployment automates the installation and operation of a Pixelfed instance.
 
-## Features 
+## Features
 
-- **Decentralized Content Sharing:**  
-  Empower users to share photos and visual content on an interoperable, federated network with enhanced privacy controls.
-
-- **Modern, Responsive Web Interface:**  
-  Access an intuitive and dynamic user interface designed for effortless browsing, administration, and content management.
-
-- **Robust Scalability & Performance:**  
-  Leverage integrated Redis caching and a secure database (MariaDB or PostgreSQL) to ensure smooth scaling and high performance.
-
-- **Flexible Configuration:**  
-  Easily customize settings such as cache sizes, domain settings, and authentication options with environment variables and templated configuration files.
-
-- **Maintenance & Administration Tools:**  
-  Includes a suite of CLI commands and web‑based management tools to clear cache, manage the database, and monitor application status.
+* **Decentralized Content Sharing:** Empower users to share photos and visual content across an interoperable, federated network with enhanced privacy controls.
+* **Modern, Responsive Web Interface:** Access an intuitive and adaptive UI for effortless browsing, administration, and content management.
+* **Robust Scalability & Performance:** Leverage integrated Redis caching and a reliable database (MariaDB or PostgreSQL) for smooth scaling and high performance.
+* **Flexible Configuration:** Customize cache sizes, domain settings, and authentication options via environment variables and templated configuration files.
+* **Maintenance & Administration Tools:** Built-in CLI and web-based tools to clear caches, manage the database, and monitor application health.
+* **Single Sign-On (SSO) / OpenID Connect (OIDC):** Seamless integration with external identity providers for centralized authentication.
 
 ## Other Resources
 
-- [Pixelfed GitHub Repository](https://github.com/pixelfed/pixelfed)
-- [OIDC Plugin Installation Guide](https://chat.openai.com/share/67a4f448-4be8-800f-8639-4c15cb2fb44e)
+* [Official Pixelfed website](https://pixelfed.org/)
+* [Pixelfed GitHub repository](https://github.com/pixelfed/pixelfed)

roles/docker-pixelfed/Todo.md

@@ -1,2 +0,0 @@
-# Todo
-- [Integrate OIDC as soon as possible](https://github.com/pixelfed/pixelfed/pull/5608)

roles/docker-pixelfed/meta/schema.yml

@@ -1,5 +1,5 @@
 credentials:
   app_key:
-    description: "Application key used for encryption in Pixelfed (.env APP_KEY)"
-    algorithm: "plain"
-    validation: "^base64:[A-Za-z0-9+/=]{40,}$"
+    description:  "Generic 32-byte base64 key with base64: prefix"
+    algorithm:    base64_prefixed_32
+    validation:   '^base64:[A-Za-z0-9+/]{43}=$'

roles/docker-pixelfed/templates/env.j2

@@ -149,6 +149,6 @@ PF_OIDC_USERNAME_FIELD="{{oidc.attributes.username}}"
 PF_OIDC_FIELD_ID="{{oidc.attributes.username}}"
 PF_OIDC_CLIENT_SECRET={{oidc.client.secret}}
 PF_OIDC_CLIENT_ID={{oidc.client.id}}
-PF_OIDC_SCOPES="openid,profile,email"
+PF_OIDC_SCOPES="openid profile email"
 
 {% endif %}

roles/docker-pixelfed/vars/configuration.yml

@@ -1,16 +1,18 @@
 titel:                "Pictures on {{primary_domain}}"
 #version:              "latest"
 images:
-  pixelfed:           "ghcr.io/pixelfed/pixelfed:latest"
+  pixelfed:           "zknt/pixelfed:latest"
 features:
   matomo:             true
-  css:                true
+  css:                false # Needs to be reactivated
   portfolio_iframe:   false
   central_database:   true
+  oidc:               true
 csp:
   flags:
     script-src:
       unsafe-eval:   true
+      unsafe-inline: true
     script-src-elem:
       unsafe-inline: true
       unsafe-eval:   true

roles/docker-snipe-it/meta/schema.yml

@@ -1,5 +1,5 @@
 credentials:
   app_key:
-    description: "Application encryption key for Snipe-IT (.env APP_KEY)"
-    algorithm: "plain"
-    validation: "^base64:[A-Za-z0-9+/=]{40,}$"
+    description:  "Generic 32-byte base64 key with base64: prefix"
+    algorithm:    base64_prefixed_32
+    validation:   '^base64:[A-Za-z0-9+/]{43}=$'