feat(web-app-joomla): reliable first-run install, safe debug toggler, DB patching, LDAP scaffolding

Why - Fix flaky first-run installs and make config edits idempotent. - Prepare LDAP support and allow optional inline CSP for UI. - Improve observability and guard against broken configuration.php. What - config/main.yml: enable features.ldap; add CSP flags (allow inline style/script elem); minor spacing. - tasks/: split into 01_install (wait for core, absolute CLI path), 02_debug (toggle $debug/$error_reporting safely), 03_patch (patch DB creds in configuration.php), 04_ldap (configure plugin via helper), 05_assert (optional php -l). - templates/Dockerfile.j2: conditionally install/compile php-ldap (fallback to docker-php-ext-install with libsasl2-dev). - templates/cli-ldap.php.j2: idempotently enable & configure Authentication - LDAP from env. - templates/docker-compose.yml.j2: build custom image when LDAP is enabled; mount cli-ldap.php; pull_policy: never. - templates/env.j2: add site/admin vars, MariaDB connector/env, full LDAP env. - vars/main.yml: default to MariaDB (mysqli), add JOOMLA_* vars incl. JOOMLA_CONFIG_FILE. Notes - LDAP path implemented but NOT yet tested end-to-end. - Ref: https://chatgpt.com/share/68b068a8-2aa4-800f-8cd1-56383561a9a8.
2025-08-30 23:38:13 +02:00 · 2025-08-28 16:33:45 +02:00
parent dece6228a4
commit 18f3b1042f
12 changed files with 351 additions and 16 deletions
--- a/roles/web-app-joomla/vars/main.yml
+++ b/roles/web-app-joomla/vars/main.yml
@@ -1,10 +1,41 @@
 # General
-application_id:     "web-app-joomla"
-database_type:      "postgres"
-container_port:     80
+application_id:                 "web-app-joomla"
+database_type:                  "mariadb"
+container_port:                 80

 # Joomla
-JOOMLA_VERSION:    "{{ applications | get_app_conf(application_id, 'docker.services.joomla.version') }}"
-JOOMLA_IMAGE:      "{{ applications | get_app_conf(application_id, 'docker.services.joomla.image') }}"
-JOOMLA_CONTAINER:  "{{ applications | get_app_conf(application_id, 'docker.services.joomla.name') }}"
-JOOMLA_VOLUME:     "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
+JOOMLA_VERSION:                 "{{ applications | get_app_conf(application_id, 'docker.services.joomla.version') }}"
+JOOMLA_IMAGE:                   "{{ applications | get_app_conf(application_id, 'docker.services.joomla.image') }}"
+JOOMLA_CONTAINER:               "{{ applications | get_app_conf(application_id, 'docker.services.joomla.name') }}"
+JOOMLA_VOLUME:                  "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
+JOOMLA_CUSTOM_IMAGE:            "{{ JOOMLA_IMAGE }}_custom"
+JOOMLA_DOMAINS:                 "{{ applications | get_app_conf(application_id, 'server.domains.canonical') }}"
+JOOMLA_SITE_NAME:               "{{ SOFTWARE_NAME }} Joomla - CMS"
+JOOMLA_DB_CONNECTOR:            "{{ 'pgsql' if database_type == 'postgres' else 'mysqli' }}"
+JOOMLA_CONFIG_FILE:             "/var/www/html/configuration.php"
+
+# User
+JOOMLA_USER_NAME:               "{{ users.administrator.username }}"
+JOOMLA_USER:                    "{{ JOOMLA_USER_NAME | capitalize }}"     
+JOOMLA_USER_PASSWORD:           "{{ users.administrator.password }}"
+JOOMLA_USER_EMAIL:              "{{ users.administrator.email }}"
+
+# LDAP
+JOOMLA_LDAP_CONF_FILE:          "{{ [ docker_compose.directories.volumes, 'cli-ldap.php' ] | path_join }}"
+JOOMLA_LDAP_ENABLED:            "{{ applications | get_app_conf(application_id, 'features.ldap') }}"
+JOOMLA_LDAP_HOST:               "{{ LDAP.SERVER.DOMAIN }}"
+JOOMLA_LDAP_PORT:               "{{ LDAP.SERVER.PORT }}"
+JOOMLA_LDAP_BASE_DN:            "{{ LDAP.DN.ROOT }}"
+JOOMLA_LDAP_USER_TREE_DN:       "{{ LDAP.DN.OU.USERS }}"
+JOOMLA_LDAP_GROUP_TREE_DN:      "{{ LDAP.DN.OU.GROUPS }}"
+JOOMLA_LDAP_UID_ATTR:           "{{ LDAP.USER.ATTRIBUTES.ID }}"        # e.g. uid
+JOOMLA_LDAP_EMAIL_ATTR:         "{{ LDAP.USER.ATTRIBUTES.MAIL }}"
+JOOMLA_LDAP_NAME_ATTR:          "{{ LDAP.USER.ATTRIBUTES.FULLNAME }}"
+JOOMLA_LDAP_BIND_DN:            "{{ LDAP.DN.ADMINISTRATOR.DATA }}"
+JOOMLA_LDAP_BIND_PASSWORD:      "{{ LDAP.BIND_CREDENTIAL }}"
+JOOMLA_LDAP_USE_STARTTLS:       false
+JOOMLA_LDAP_IGNORE_CERT:        true
+JOOMLA_LDAP_MAP_FULLNAME:       true
+JOOMLA_LDAP_MAP_EMAIL:          true
+JOOMLA_LDAP_AUTH_METHOD:        "search"     # "bind" or "search"
+JOOMLA_LDAP_USER_SEARCH_STRING: "{{ JOOMLA_LDAP_UID_ATTR }}=[username],{{ JOOMLA_LDAP_USER_TREE_DN }}"