feat(web-app-joomla): reliable first-run install, safe debug toggler, DB patching, LDAP scaffolding

Why - Fix flaky first-run installs and make config edits idempotent. - Prepare LDAP support and allow optional inline CSP for UI. - Improve observability and guard against broken configuration.php. What - config/main.yml: enable features.ldap; add CSP flags (allow inline style/script elem); minor spacing. - tasks/: split into 01_install (wait for core, absolute CLI path), 02_debug (toggle $debug/$error_reporting safely), 03_patch (patch DB creds in configuration.php), 04_ldap (configure plugin via helper), 05_assert (optional php -l). - templates/Dockerfile.j2: conditionally install/compile php-ldap (fallback to docker-php-ext-install with libsasl2-dev). - templates/cli-ldap.php.j2: idempotently enable & configure Authentication - LDAP from env. - templates/docker-compose.yml.j2: build custom image when LDAP is enabled; mount cli-ldap.php; pull_policy: never. - templates/env.j2: add site/admin vars, MariaDB connector/env, full LDAP env. - vars/main.yml: default to MariaDB (mysqli), add JOOMLA_* vars incl. JOOMLA_CONFIG_FILE. Notes - LDAP path implemented but NOT yet tested end-to-end. - Ref: https://chatgpt.com/share/68b068a8-2aa4-800f-8cd1-56383561a9a8.
2025-08-30 15:28:12 +02:00 · 2025-08-28 16:33:45 +02:00
parent dece6228a4
commit 18f3b1042f
12 changed files with 351 additions and 16 deletions
--- a/roles/web-app-joomla/templates/env.j2
+++ b/roles/web-app-joomla/templates/env.j2
@@ -1,4 +1,34 @@
+JOOMLA_SITE_NAME={{ JOOMLA_SITE_NAME }}
+JOOMLA_ADMIN_USER={{ JOOMLA_USER }}
+JOOMLA_ADMIN_USERNAME={{ JOOMLA_USER_NAME }}
+JOOMLA_ADMIN_PASSWORD={{ JOOMLA_USER_PASSWORD }}
+JOOMLA_ADMIN_EMAIL={{ JOOMLA_USER_EMAIL }}
+
+{% if database_type == 'mariadb' %}
+# Database
 JOOMLA_DB_HOST="{{ database_host }}:{{ database_port }}"
 JOOMLA_DB_USER="{{ database_username }}"
 JOOMLA_DB_PASSWORD="{{ database_password }}"
-JOOMLA_DB_NAME="{{ database_name }}"
+JOOMLA_DB_NAME="{{ database_name }}"
+JOOMLA_DB_TYPE="{{ JOOMLA_DB_CONNECTOR }}"
+{% endif %}
+
+{% if JOOMLA_LDAP_ENABLED %}
+# LDAP
+JOOMLA_LDAP_HOST="{{ JOOMLA_LDAP_HOST }}"
+JOOMLA_LDAP_PORT="{{ JOOMLA_LDAP_PORT }}"
+JOOMLA_LDAP_BASE_DN="{{ JOOMLA_LDAP_BASE_DN }}"
+JOOMLA_LDAP_USER_TREE_DN="{{ JOOMLA_LDAP_USER_TREE_DN }}"
+JOOMLA_LDAP_GROUP_TREE_DN="{{ JOOMLA_LDAP_GROUP_TREE_DN }}"
+JOOMLA_LDAP_UID_ATTR="{{ JOOMLA_LDAP_UID_ATTR }}"
+JOOMLA_LDAP_EMAIL_ATTR="{{ JOOMLA_LDAP_EMAIL_ATTR }}"
+JOOMLA_LDAP_NAME_ATTR="{{ JOOMLA_LDAP_NAME_ATTR }}"
+JOOMLA_LDAP_BIND_DN="{{ JOOMLA_LDAP_BIND_DN }}"
+JOOMLA_LDAP_BIND_PASSWORD="{{ JOOMLA_LDAP_BIND_PASSWORD }}"
+JOOMLA_LDAP_USE_STARTTLS="{{ JOOMLA_LDAP_USE_STARTTLS | ternary('1','') }}"
+JOOMLA_LDAP_IGNORE_CERT="{{ JOOMLA_LDAP_IGNORE_CERT | ternary('1','') }}"
+JOOMLA_LDAP_MAP_FULLNAME="{{ JOOMLA_LDAP_MAP_FULLNAME | ternary('1','') }}"
+JOOMLA_LDAP_MAP_EMAIL="{{ JOOMLA_LDAP_MAP_EMAIL | ternary('1','') }}"
+JOOMLA_LDAP_AUTH_METHOD="{{ JOOMLA_LDAP_AUTH_METHOD }}"
+JOOMLA_LDAP_USER_SEARCH_STRING="{{ JOOMLA_LDAP_USER_SEARCH_STRING }}"
+{% endif %}