From 2717651189bddf4a3bb2a7e1eb2e7d0a3798623e Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Thu, 22 May 2025 05:55:33 +0200 Subject: [PATCH] Little tweaks --- cli/generate_playbook.py | 21 ++++++++++++++----- roles/docker-joomla/README.md | 2 +- roles/docker-keycloak/meta/main.yml | 2 +- roles/docker-mastodon/vars/configuration.yml | 6 +++++- roles/docker-openproject/meta/main.yml | 2 +- roles/docker-peertube/meta/main.yml | 2 +- roles/docker-pgadmin/meta/main.yml | 3 ++- roles/docker-phpldapadmin/meta/main.yml | 3 ++- roles/docker-phpmyadmin/meta/main.yml | 3 ++- roles/docker-pixelfed/meta/main.yml | 3 ++- .../templates/footer_menu.yaml.j2 | 10 +++++++-- roles/docker-portfolio/vars/configuration.yml | 2 ++ roles/docker-wordpress/meta/main.yml | 2 +- roles/nginx-serve-html/vars/main.yml | 6 ++++-- .../test_csp_configuration_consistency.py | 2 ++ tests/unit/test_csp_filters.py | 2 +- 16 files changed, 51 insertions(+), 20 deletions(-) diff --git a/cli/generate_playbook.py b/cli/generate_playbook.py index 124a2067..ec035528 100644 --- a/cli/generate_playbook.py +++ b/cli/generate_playbook.py @@ -120,17 +120,28 @@ def generate_playbook_entries(roles_dir, prefix=None): # Include the remaining unsorted roles final_sorted_roles += [role for role in sorted_role_names if role not in final_sorted_roles] + # Remove duplicates, keeping only the last occurrence of each role + seen = set() + deduplicated_roles = [] + for role in reversed(final_sorted_roles): + if role not in seen: + deduplicated_roles.insert(0, role) + seen.add(role) + # Generate the playbook entries entries = [] - for role_name in final_sorted_roles: + for role_name in deduplicated_roles: role = roles[role_name] - entry = ( - f"- name: setup {role['application_id']}\n" # Use application_id here - f" when: ('{role['application_id']}' in group_names)\n" # Correct condition format + entries.append( + f"- name: setup {role['application_id']}\n" + f" when: ('{role['application_id']}' in group_names)\n" f" include_role:\n" f" name: {role['role_name']}\n" ) - entries.append(entry) + entries.append( + f"- name: flush handlers after {role['application_id']}\n" + f" meta: flush_handlers\n" + ) return entries diff --git a/roles/docker-joomla/README.md b/roles/docker-joomla/README.md index dcc6c862..21c875e9 100644 --- a/roles/docker-joomla/README.md +++ b/roles/docker-joomla/README.md @@ -2,7 +2,7 @@ ## Description -Elevate your website management with Joomla, a powerful content management system that fuses versatility with dynamic design. Experience a vibrant platform that inspires creativity and drives your digital presence to new, energetic heights. +Elevate your website management with [Joomla](https://www.joomla.org/), a powerful content management system that fuses versatility with dynamic design. Experience a vibrant platform that inspires creativity and drives your digital presence to new, energetic heights. ## Overview diff --git a/roles/docker-keycloak/meta/main.yml b/roles/docker-keycloak/meta/main.yml index bf1b1a78..0607659a 100644 --- a/roles/docker-keycloak/meta/main.yml +++ b/roles/docker-keycloak/meta/main.yml @@ -19,6 +19,6 @@ galaxy_info: documentation: https://s.veen.world/cymais logo: class: "fa-solid fa-lock" - run_after: + run_after: - docker-matomo dependencies: [] diff --git a/roles/docker-mastodon/vars/configuration.yml b/roles/docker-mastodon/vars/configuration.yml index d5082a8e..8a7714dc 100644 --- a/roles/docker-mastodon/vars/configuration.yml +++ b/roles/docker-mastodon/vars/configuration.yml @@ -10,4 +10,8 @@ features: central_database: true domains: canonical: - - "microblog.{{ primary_domain }}" \ No newline at end of file + - "microblog.{{ primary_domain }}" +csp: + whitelist: + frame-src: + - "*" \ No newline at end of file diff --git a/roles/docker-openproject/meta/main.yml b/roles/docker-openproject/meta/main.yml index 0abb2e9c..02d9479d 100644 --- a/roles/docker-openproject/meta/main.yml +++ b/roles/docker-openproject/meta/main.yml @@ -29,5 +29,5 @@ galaxy_info: documentation: "https://s.veen.world/cymais" logo: class: "fa-solid fa-project-diagram" - run_after: + run_after: - docker-keycloak diff --git a/roles/docker-peertube/meta/main.yml b/roles/docker-peertube/meta/main.yml index 61c0aac4..be9c1e26 100644 --- a/roles/docker-peertube/meta/main.yml +++ b/roles/docker-peertube/meta/main.yml @@ -28,5 +28,5 @@ galaxy_info: documentation: "https://s.veen.world/cymais" logo: class: "fa-solid fa-video" - run_after: + run_after: - docker-keycloak diff --git a/roles/docker-pgadmin/meta/main.yml b/roles/docker-pgadmin/meta/main.yml index a09c75d9..a6514055 100644 --- a/roles/docker-pgadmin/meta/main.yml +++ b/roles/docker-pgadmin/meta/main.yml @@ -24,4 +24,5 @@ galaxy_info: documentation: "https://s.veen.world/cymais" logo: class: "fa-solid fa-database" -dependencies: [] + run_after: + - docker-postgres diff --git a/roles/docker-phpldapadmin/meta/main.yml b/roles/docker-phpldapadmin/meta/main.yml index e85b1a04..6f9f6e53 100644 --- a/roles/docker-phpldapadmin/meta/main.yml +++ b/roles/docker-phpldapadmin/meta/main.yml @@ -23,4 +23,5 @@ galaxy_info: documentation: "https://s.veen.world/cymais" logo: class: "fa-solid fa-user-lock" -dependencies: [] + run_after: + - docker-ldap diff --git a/roles/docker-phpmyadmin/meta/main.yml b/roles/docker-phpmyadmin/meta/main.yml index 7ab7c384..ce656c50 100644 --- a/roles/docker-phpmyadmin/meta/main.yml +++ b/roles/docker-phpmyadmin/meta/main.yml @@ -25,4 +25,5 @@ galaxy_info: documentation: https://s.veen.world/cymais logo: class: "fa-solid fa-database" -dependencies: [] \ No newline at end of file + run_after: + - docker-mariadb \ No newline at end of file diff --git a/roles/docker-pixelfed/meta/main.yml b/roles/docker-pixelfed/meta/main.yml index 39e837aa..e7edca7d 100644 --- a/roles/docker-pixelfed/meta/main.yml +++ b/roles/docker-pixelfed/meta/main.yml @@ -24,4 +24,5 @@ galaxy_info: documentation: "https://s.veen.world/cymais" logo: class: "fa-solid fa-camera" -dependencies: [] \ No newline at end of file + run_after: + - docker-keycloak \ No newline at end of file diff --git a/roles/docker-portfolio/templates/footer_menu.yaml.j2 b/roles/docker-portfolio/templates/footer_menu.yaml.j2 index 83a4a969..229517d7 100644 --- a/roles/docker-portfolio/templates/footer_menu.yaml.j2 +++ b/roles/docker-portfolio/templates/footer_menu.yaml.j2 @@ -112,7 +112,7 @@ description: Access our comprehensive documentation and support resources to help you get the most out of the software. icon: class: fas fa-book - url: https://{{domains.sphinx}} + url: https://{{domains | get_domain('sphinx')}} iframe: {{ applications | is_feature_enabled('portfolio_iframe','sphinx') }} {% endif %} @@ -123,10 +123,16 @@ description: Checkout the presentation icon: class: "fas fa-chalkboard-teacher" - url: https://{{domains.presentation}} + url: https://{{domains | get_domain('presentation')}} iframe: {{ applications | is_feature_enabled('portfolio_iframe','presentation') }} {% endif %} + - name: Solutions + description: "Software and IT Infrastructure Solutions by Kevin Veen-Birkenbach" + icon: + class: fa-solid fa-rocket + url: "https://cybermaster.space/" + iframe: false - name: Imprint description: Check out the imprint information diff --git a/roles/docker-portfolio/vars/configuration.yml b/roles/docker-portfolio/vars/configuration.yml index 1735c61b..7fdbc4ce 100644 --- a/roles/docker-portfolio/vars/configuration.yml +++ b/roles/docker-portfolio/vars/configuration.yml @@ -19,6 +19,8 @@ csp: flags: style-src: unsafe-inline: true + script-src: + unsafe-inline: true domains: canonical: - "{{ primary_domain }}" diff --git a/roles/docker-wordpress/meta/main.yml b/roles/docker-wordpress/meta/main.yml index d9816f59..b2476291 100644 --- a/roles/docker-wordpress/meta/main.yml +++ b/roles/docker-wordpress/meta/main.yml @@ -27,5 +27,5 @@ galaxy_info: documentation: "https://s.veen.world/cymais" logo: class: "fa-solid fa-blog" - run_after: + run_after: - docker-keycloak \ No newline at end of file diff --git a/roles/nginx-serve-html/vars/main.yml b/roles/nginx-serve-html/vars/main.yml index 891758c8..c4c86a55 100644 --- a/roles/nginx-serve-html/vars/main.yml +++ b/roles/nginx-serve-html/vars/main.yml @@ -1,2 +1,4 @@ -application_id: "html-server" -domain: "{{domains | get_domain(application_id)}}" \ No newline at end of file +application_id: "html-server" +domain: "{{domains | get_domain(application_id)}}" +features: + portfolio_iframe: true # Necessary for imprint loading \ No newline at end of file diff --git a/tests/integration/test_csp_configuration_consistency.py b/tests/integration/test_csp_configuration_consistency.py index 12d82ea3..253c9079 100644 --- a/tests/integration/test_csp_configuration_consistency.py +++ b/tests/integration/test_csp_configuration_consistency.py @@ -28,6 +28,8 @@ class TestCspConfigurationConsistency(unittest.TestCase): return True if entry.startswith(('data:', 'blob:')): return True + if entry == '*': + return True parsed = urlparse(entry) return parsed.scheme in ('http', 'https') and bool(parsed.netloc) diff --git a/tests/unit/test_csp_filters.py b/tests/unit/test_csp_filters.py index d055125d..1ab35cc7 100644 --- a/tests/unit/test_csp_filters.py +++ b/tests/unit/test_csp_filters.py @@ -181,7 +181,7 @@ class TestCspFilters(unittest.TestCase): # Expect '*.domain-example.com' in the frame-ancestors directive self.assertRegex( header, - r"frame-ancestors\s+'self'\s+\*\.domain-example\.com;" + r"frame-ancestors\s+'self'\s+domain-example\.com;" ) # Now disable the feature and rebuild