From 1a5ce4a7fa180d93fb620ac531a1bb3459c26310 Mon Sep 17 00:00:00 2001
From: Kevin Veen-Birkenbach <kevin@veen.world>
Date: Wed, 3 Sep 2025 10:45:41 +0200
Subject: [PATCH] web-app-bookwyrm, web-app-confluence: - Fix BookWyrm email
 SSL/TLS handling (use ternary without 'not' for clarity) - Add
 truststore_enabled flag in Confluence config and vars - Wire
 JVM_SUPPORT_RECOMMENDED_ARGS to disable UPM signature check if truststore is
 disabled - Add placeholder style.css.j2 for Confluence

See conversation: https://chatgpt.com/share/68b80024-7100-800f-a2fe-ba8b9f5cec05
---
 roles/web-app-bookwyrm/vars/main.yml             | 2 +-
 roles/web-app-confluence/config/main.yml         | 1 +
 roles/web-app-confluence/templates/Dockerfile.j2 | 2 +-
 roles/web-app-confluence/templates/env.j2        | 2 +-
 roles/web-app-confluence/templates/style.css.j2  | 0
 roles/web-app-confluence/vars/main.yml           | 6 +++++-
 6 files changed, 9 insertions(+), 4 deletions(-)
 create mode 100644 roles/web-app-confluence/templates/style.css.j2

diff --git a/roles/web-app-bookwyrm/vars/main.yml b/roles/web-app-bookwyrm/vars/main.yml
index dded93a7..b934798d 100644
--- a/roles/web-app-bookwyrm/vars/main.yml
+++ b/roles/web-app-bookwyrm/vars/main.yml
@@ -59,5 +59,5 @@ EMAIL_HOST_USER:                "{{ users['no-reply'].email }}"
 EMAIL_HOST_PASSWORD:            "{{ users['no-reply'].mailu_token }}"
 # TLS/SSL: If TLS is true → TLS; else → SSL
 EMAIL_USE_TLS:                  "{{ SYSTEM_EMAIL.TLS | ternary('true','false') }}"
-EMAIL_USE_SSL:                  "{{ not SYSTEM_EMAIL.TLS | ternary('true','false') }}"
+EMAIL_USE_SSL:                  "{{ SYSTEM_EMAIL.TLS | ternary('false','true') }}"
 EMAIL_DEFAULT_FROM:             "BookWyrm <{{ users['no-reply'].email }}>"
diff --git a/roles/web-app-confluence/config/main.yml b/roles/web-app-confluence/config/main.yml
index c5f80b8d..617d0a10 100644
--- a/roles/web-app-confluence/config/main.yml
+++ b/roles/web-app-confluence/config/main.yml
@@ -30,3 +30,4 @@ server:
       - "confluence.{{ PRIMARY_DOMAIN }}"
 rbac:
   roles: {}
+truststore_enabled: false
\ No newline at end of file
diff --git a/roles/web-app-confluence/templates/Dockerfile.j2 b/roles/web-app-confluence/templates/Dockerfile.j2
index 7ce017a1..55ece263 100644
--- a/roles/web-app-confluence/templates/Dockerfile.j2
+++ b/roles/web-app-confluence/templates/Dockerfile.j2
@@ -7,4 +7,4 @@ FROM "{{ CONFLUENCE_IMAGE }}:{{ CONFLUENCE_VERSION }}"
 RUN mkdir -p {{ CONFLUENCE_HOME }} && \
     chown -R 2001:2001 {{ CONFLUENCE_HOME }}
 RUN printf "confluence.home={{ CONFLUENCE_HOME }}\n" \
-  > /opt/atlassian/confluence/confluence/WEB-INF/classes/confluence-init.properties
\ No newline at end of file
+  > /opt/atlassian/confluence/confluence/WEB-INF/classes/confluence-init.properties
diff --git a/roles/web-app-confluence/templates/env.j2 b/roles/web-app-confluence/templates/env.j2
index 57929c80..4d9a0e36 100644
--- a/roles/web-app-confluence/templates/env.j2
+++ b/roles/web-app-confluence/templates/env.j2
@@ -9,7 +9,7 @@ ATL_TOMCAT_SECURE={{ (WEB_PORT == 443) | lower }}
 JVM_MINIMUM_MEMORY={{ CONFLUENCE_JVM_MIN }}
 JVM_MAXIMUM_MEMORY={{ CONFLUENCE_JVM_MAX }}
 
-JVM_SUPPORT_RECOMMENDED_ARGS=-Datlassian.home={{ CONFLUENCE_HOME }}
+JVM_SUPPORT_RECOMMENDED_ARGS=-Datlassian.home={{ CONFLUENCE_HOME }} -Datlassian.upm.signature.check.disabled={{ CONFLUENCE_TRUST_STORE_ENABLED | ternary('false','true')}}
 
 ## Database
 ATL_DB_TYPE=postgresql
diff --git a/roles/web-app-confluence/templates/style.css.j2 b/roles/web-app-confluence/templates/style.css.j2
new file mode 100644
index 00000000..e69de29b
diff --git a/roles/web-app-confluence/vars/main.yml b/roles/web-app-confluence/vars/main.yml
index 82d7cac6..9f6cb125 100644
--- a/roles/web-app-confluence/vars/main.yml
+++ b/roles/web-app-confluence/vars/main.yml
@@ -39,4 +39,8 @@ CONFLUENCE_TOTAL_MB:              "{{ ansible_memtotal_mb | int }}"
 CONFLUENCE_JVM_MAX_MB:            "{{ [ (CONFLUENCE_TOTAL_MB | int // 2), 12288 ] | min }}"
 CONFLUENCE_JVM_MIN_MB:            "{{ [ (CONFLUENCE_TOTAL_MB | int // 4), (CONFLUENCE_JVM_MAX_MB | int) ] | min }}"
 CONFLUENCE_JVM_MIN:               "{{ CONFLUENCE_JVM_MIN_MB }}m"
-CONFLUENCE_JVM_MAX:               "{{ CONFLUENCE_JVM_MAX_MB }}m"
\ No newline at end of file
+CONFLUENCE_JVM_MAX:               "{{ CONFLUENCE_JVM_MAX_MB }}m"
+
+
+## Options 
+CONFLUENCE_TRUST_STORE_ENABLED:   "{{ applications | get_app_conf(application_id, 'truststore_enabled') }}"
\ No newline at end of file