Solved different bugs e.g. csp and optimized deploy help

2025-08-29 15:06:26 +02:00 · 2025-06-04 19:50:11 +02:00
parent 6d857663fb
commit 24cd75ac26
6 changed files with 78 additions and 20 deletions
--- a/roles/docker-mailu/vars/configuration.yml
+++ b/roles/docker-mailu/vars/configuration.yml
@@ -9,7 +9,7 @@ domain:                   "{{primary_domain}}"              # The main domain fr
 credentials:                                     
 features:
  matomo:                 true
-  css:                    true
+  css:                    false
  portfolio_iframe:       false                             # Deactivated mailu iframe loading until keycloak supports it
  oidc:                   true
  central_database:       false                             # Deactivate central database for mailu, I don't know why the database deactivation is necessary
@@ -20,5 +20,5 @@ csp:
  flags:
    style-src:
      unsafe-inline:        true
-    script-src-elem:
+    script-src:
      unsafe-inline:        true
--- a/roles/docker-mariadb/tasks/main.yml
+++ b/roles/docker-mariadb/tasks/main.yml
@@ -38,9 +38,12 @@

 - name: Wait until the MariaDB container is healthy
  community.docker.docker_container_info:
-    name: "{{applications.mariadb.hostname }}"
+    name: "{{ applications.mariadb.hostname }}"
  register: db_info
-  until: db_info.containers[0].State.Health.Status == "healthy"
+  until:
+  - db_info.containers is defined
+  - db_info.containers | length > 0
+  - db_info.containers[0].State.Health.Status == "healthy"
  retries: 30
  delay: 5
  when:
--- a/roles/docker-nextcloud/vars/configuration.yml
+++ b/roles/docker-nextcloud/vars/configuration.yml
@@ -22,7 +22,7 @@ oidc:
 credentials:
 features:
  matomo:                       true
-  css:                          true
+  css:                          false
  portfolio_iframe:             false
  ldap:                         true
  oidc:                         true
--- a/roles/docker-wordpress/tasks/main.yml
+++ b/roles/docker-wordpress/tasks/main.yml
@@ -6,7 +6,7 @@
 - name: "Include role nginx-domain-setup for {{ application_id }}"
  include_role:
    name: nginx-domain-setup
-  loop: "{{ domains.wordpress }}"
+  loop: "{{ applications[application_id].domains.canonical }}"
  loop_control:
    loop_var: domain
  vars:
--- a/roles/docker-wordpress/vars/configuration.yml
+++ b/roles/docker-wordpress/vars/configuration.yml
@@ -22,6 +22,7 @@ csp:
      unsafe-inline:  true
    script-src-elem:
      unsafe-inline:  true
+    script-src:
      unsafe-eval:    true
  whitelist:
    worker-src:
@@ -34,6 +35,20 @@ csp:
      - "blog.{{ primary_domain }}"
    style-src:
      - "https://fonts.bunny.net"
+    frame-src:
+      - "blob:"
+      - "*.{{ primary_domain }}"
+    #frame-src: >-
+    #  {{
+    #    ['*.{}'.format(primary_domain)]
+    #    +
+    #    (
+    #      applications.wordpress.domains.canonical
+    #      | default([])
+    #      | map('regex_replace', '^(.*)$', 'blob:\g<1>')
+    #      | list
+    #    )
+    #  }}
 domains:
  canonical:
    - "blog.{{ primary_domain }}"