mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-08-31 07:48:04 +02:00
Refactor systemctl services and categories due to alarm bugs
This commit restructures systemctl service definitions and category mappings. Motivation: Alarm-related bugs revealed inconsistencies in service and role handling. Preparation step: lays the groundwork for fixing the alarm issues by aligning categories, roles, and service templates.
This commit is contained in:
27
roles/sys-ctl-hlth-csp/README.md
Normal file
27
roles/sys-ctl-hlth-csp/README.md
Normal file
@@ -0,0 +1,27 @@
|
||||
# Health CSP Crawler
|
||||
|
||||
## Description
|
||||
|
||||
This Ansible role automates the validation of [Content Security Policy (CSP)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP) enforcement for all configured domains by crawling them using a [CSP Checker](https://github.com/kevinveenbirkenbach/csp-checker).
|
||||
|
||||
## Overview
|
||||
|
||||
Designed for Archlinux systems, this role periodically checks whether web resources (JavaScript, fonts, images, etc.) are blocked by CSP headers. It integrates Python and Node.js tooling and installs a systemd service with timer support.
|
||||
|
||||
## Features
|
||||
|
||||
- **CSP Resource Validation:** Uses Puppeteer to simulate browser requests and detect blocked resources.
|
||||
- **Domain Extraction:** Parses all `.conf` files in the NGINX config folder to determine the list of domains to check.
|
||||
- **Automated Execution:** Registers a systemd service and timer for recurring health checks.
|
||||
- **Error Notification:** Integrates with `sys-ctl-alm-compose` for alerting on failure.
|
||||
|
||||
## License
|
||||
|
||||
Infinito.Nexus NonCommercial License
|
||||
[https://s.infinito.nexus/license](https://s.infinito.nexus/license)
|
||||
|
||||
## Author
|
||||
|
||||
Kevin Veen-Birkenbach
|
||||
Consulting & Coaching Solutions
|
||||
[https://www.veen.world](https://www.veen.world)
|
Reference in New Issue
Block a user