web-app-chess: fix Corepack/Yarn EACCES and switch to ARG-driven Dockerfile

• Add roles/web-app-chess/files/Dockerfile using build ARGs (CHESS_VERSION, CHESS_REPO_URL, CHESS_REPO_REF, CHESS_ENTRYPOINT_REL, CHESS_ENTRYPOINT_INT, CHESS_APP_DATA_DIR, CONTAINER_PORT). Enable Corepack/Yarn as root in the runtime stage to avoid EACCES on /usr/local/bin symlinks, then drop privileges to 'node'. • Delete Jinja-based templates/Dockerfile.j2; docker-compose now passes former Jinja vars via build.args. • Update templates/docker-compose.yml.j2 to forward all required build args. • Update config/main.yml: add CSP flag 'script-src-elem: unsafe-inline'. Ref: https://chatgpt.com/share/68b88d3d-3bd8-800f-9723-e8df0cdc37e2
2025-09-10 04:25:20 +02:00 · 2025-09-03 20:47:50 +02:00
parent 699a6b6f1e
commit 33a5fadf67
4 changed files with 77 additions and 53 deletions
--- a/roles/web-app-chess/config/main.yml
+++ b/roles/web-app-chess/config/main.yml
@@ -21,7 +21,9 @@ features:
 server:
  csp:
    whitelist:      {}
-    flags:          {}
+    flags:
+      script-src-elem:
+        unsafe-inline: true
  domains:
    canonical:
      - "chess.{{ PRIMARY_DOMAIN }}"