kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-06-25 03:38:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Solved different bugs e.g. csp and optimized deploy help

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-06-04 19:50:11 +02:00
parent 6d857663fb
commit 24cd75ac26
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
6 changed files with 78 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
cli/deploy.py
View File

@ -5,7 +5,7 @@ import subprocess
import os import os
import datetime import datetime
def run_ansible_playbook(inventory, playbook, modes, limit=None, password_file=None, verbose=0, skip_tests=False): def run_ansible_playbook(inventory, playbook, modes, limit=None, password_file=None, verbose=0, skip_tests:bool=False):
start_time = datetime.datetime.now() start_time = datetime.datetime.now()
print(f"\n▶️ Script started at: {start_time.isoformat()}\n") print(f"\n▶️ Script started at: {start_time.isoformat()}\n")
@ -44,20 +44,60 @@ def run_ansible_playbook(inventory, playbook, modes, limit=None, password_file=N
def main(): def main():
script_dir = os.path.dirname(os.path.realpath(__file__)) script_dir = os.path.dirname(os.path.realpath(__file__))
parser = argparse.ArgumentParser(description="Run Ansible Playbooks") parser = argparse.ArgumentParser(
description="Run the central Ansible deployment script to manage infrastructure, updates, and tests."
)
parser.add_argument("inventory", help="Path to the inventory file") parser.add_argument(
parser.add_argument("--limit", help="Limit execution to a specific server") "inventory",
parser.add_argument("--host-type", choices=["server", "personal-computer"], default="server") help="Path to the inventory file (INI or YAML) containing hosts and variables."
parser.add_argument("--reset", action="store_true") )
parser.add_argument("--test", action="store_true") parser.add_argument(
parser.add_argument("--update", action="store_true") "--limit",
parser.add_argument("--backup", action="store_true") help="Restrict execution to a specific host or host group from the inventory."
parser.add_argument("--cleanup", action="store_true") )
parser.add_argument("--debug", action="store_true") parser.add_argument(
parser.add_argument("--password-file") "--host-type",
parser.add_argument("--skip-tests", action="store_true") choices=["server", "personal-computer"],
parser.add_argument("-v", "--verbose", action="count", default=0) default="server",
help="Specify whether the target is a server or a personal computer. Affects role selection and variables."
)
parser.add_argument(
"--reset", action="store_true",
help="Reset all CyMaIS files and configurations, and run the entire playbook (not just individual roles)."
)
parser.add_argument(
"--test", action="store_true",
help="Run test routines instead of production tasks. Useful for local testing and CI pipelines."
)
parser.add_argument(
"--update", action="store_true",
help="Enable the update procedure to bring software and roles up to date."
)
parser.add_argument(
"--backup", action="store_true",
help="Perform a full backup of critical data and configurations before the update process."
)
parser.add_argument(
"--cleanup", action="store_true",
help="Clean up unused files and outdated configurations after all tasks are complete."
)
parser.add_argument(
"--debug", action="store_true",
help="Enable detailed debug output for Ansible and this script."
)
parser.add_argument(
"--password-file",
help="Path to the file containing the Vault password. If not provided, prompts for the password interactively."
)
parser.add_argument(
"--skip-tests", action="store_true",
help="Skip running 'make test' even if tests are normally enabled."
)
parser.add_argument(
"-v", "--verbose", action="count", default=0,
help="Increase verbosity level. Multiple -v flags increase detail (e.g., -vvv for maximum log output)."
)
args = parser.parse_args() args = parser.parse_args()

4
roles/docker-mailu/vars/configuration.yml
View File

@ -9,7 +9,7 @@ domain: "{{primary_domain}}" # The main domain fr
credentials: credentials:
features: features:
matomo: true matomo: true
css: true css: false
portfolio_iframe: false # Deactivated mailu iframe loading until keycloak supports it portfolio_iframe: false # Deactivated mailu iframe loading until keycloak supports it
oidc: true oidc: true
central_database: false # Deactivate central database for mailu, I don't know why the database deactivation is necessary central_database: false # Deactivate central database for mailu, I don't know why the database deactivation is necessary
@ -20,5 +20,5 @@ csp:
flags: flags:
style-src: style-src:
unsafe-inline: true unsafe-inline: true
script-src-elem: script-src:
unsafe-inline: true unsafe-inline: true

7
roles/docker-mariadb/tasks/main.yml
View File

@ -38,9 +38,12 @@
- name: Wait until the MariaDB container is healthy - name: Wait until the MariaDB container is healthy
community.docker.docker_container_info: community.docker.docker_container_info:
name: "{{applications.mariadb.hostname }}" name: "{{ applications.mariadb.hostname }}"
register: db_info register: db_info
until: db_info.containers[0].State.Health.Status == "healthy" until:
- db_info.containers is defined
- db_info.containers | length > 0
- db_info.containers[0].State.Health.Status == "healthy"
retries: 30 retries: 30
delay: 5 delay: 5
when: when:

2
roles/docker-nextcloud/vars/configuration.yml
View File

@ -22,7 +22,7 @@ oidc:
credentials: credentials:
features: features:
matomo: true matomo: true
css: true css: false
portfolio_iframe: false portfolio_iframe: false
ldap: true ldap: true
oidc: true oidc: true

2
roles/docker-wordpress/tasks/main.yml
View File

@ -6,7 +6,7 @@
- name: "Include role nginx-domain-setup for {{ application_id }}" - name: "Include role nginx-domain-setup for {{ application_id }}"
include_role: include_role:
name: nginx-domain-setup name: nginx-domain-setup
loop: "{{ domains.wordpress }}" loop: "{{ applications[application_id].domains.canonical }}"
loop_control: loop_control:
loop_var: domain loop_var: domain
vars: vars:

15
roles/docker-wordpress/vars/configuration.yml
View File

@ -22,6 +22,7 @@ csp:
unsafe-inline: true unsafe-inline: true
script-src-elem: script-src-elem:
unsafe-inline: true unsafe-inline: true
script-src:
unsafe-eval: true unsafe-eval: true
whitelist: whitelist:
worker-src: worker-src:
@ -34,6 +35,20 @@ csp:
- "blog.{{ primary_domain }}" - "blog.{{ primary_domain }}"
style-src: style-src:
- "https://fonts.bunny.net" - "https://fonts.bunny.net"
frame-src:
- "blob:"
- "*.{{ primary_domain }}"
#frame-src: >-
# {{
# ['*.{}'.format(primary_domain)]
# +
# (
# applications.wordpress.domains.canonical
# | default([])
# | map('regex_replace', '^(.*)$', 'blob:\g<1>')
# | list
# )
# }}
domains: domains:
canonical: canonical:
- "blog.{{ primary_domain }}" - "blog.{{ primary_domain }}"