Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation

2025-08-29 15:06:26 +02:00 · 2025-07-08 23:43:13 +02:00
parent 6b87a049d4
commit 563d5fd528
1242 changed files with 2301 additions and 1355 deletions
--- a/roles/web-app-snipe-it/tasks/ldap.yml
+++ b/roles/web-app-snipe-it/tasks/ldap.yml
@@ -0,0 +1,106 @@
+# @See https://raw.githubusercontent.com/snipe/snipe-it/master/app/Models/Setting.php
+---
+- name: "Wait until the Snipe-IT Login is available"
+  uri:
+    url: "{{ snipe_it_url }}/login"
+    method: GET
+    return_content: no
+    status_code: 200
+  register: snipeit_admin_check
+  retries: 30
+  delay: 5
+  until: snipeit_admin_check.status == 200
+  when: not ( applications | is_feature_enabled('oauth2', application_id))
+
+- name: "Debug: show APP_KEY in container shell"
+  shell: |
+    docker-compose exec -T \
+      -u www-data \
+      -e XDG_CONFIG_HOME=/tmp \
+      -e APP_KEY='{{ applications[application_id].credentials.app_key }}' \
+      application \
+      sh -c 'echo "SHELL sees APP_KEY=$APP_KEY"'
+  args:
+    chdir: "/opt/docker/snipe-it/"
+
+- name: "Debug: show APP_KEY in container shell"
+  shell: |
+    docker-compose exec -T -u www-data \
+    -e XDG_CONFIG_HOME=/tmp \
+    -e APP_KEY="{{ applications[application_id].credentials.app_key }}" \
+    application \
+    php artisan tinker --execute="echo 'CONFIG app.key: ' . config('app.key') . PHP_EOL;"
+  args:
+    chdir: "/opt/docker/snipe-it/"
+
+- name: "Set all LDAP settings via Laravel Setting model (inside container as www-data)"
+  shell: |
+    docker-compose exec -T \
+    -e APP_KEY='{{ applications[application_id].credentials.app_key }}' \ 
+    -e XDG_CONFIG_HOME=/tmp \ 
+    -u www-data application \ 
+    sh -c 'php artisan tinker << "EOF"
+    $s = \App\Models\Setting::getSettings();
+    $s->ldap_enabled             = 1;
+    $s->ldap_server              = "{{ ldap.server.uri }}";
+    $s->ldap_port                = {{ ldap.server.port }};
+    $s->ldap_uname               = "{{ ldap.dn.administrator.data }}";
+    $s->ldap_basedn              = "{{ ldap.dn.ou.users }}";
+    $s->ldap_filter              = "&(objectClass=inetOrgPerson)";
+    $s->ldap_username_field      = "{{ ldap.user.attributes.id }}";
+    $s->ldap_fname_field         = "{{ ldap.user.attributes.firstname }}";
+    $s->ldap_lname_field         = "{{ ldap.user.attributes.surname }}";
+    $s->ldap_auth_filter_query   = "uid=";
+    $s->ldap_version             = 3;
+    $s->ldap_pw_sync             = 0;
+    $s->is_ad                    = 0;
+    $s->ad_domain                = "";
+    $s->ldap_default_group       = "";
+    $s->ldap_email               = "{{ ldap.user.attributes.mail }}";
+    $s->custom_forgot_pass_url   = "{{ oidc.client.reset_credentials }}";
+    $s->save();
+    EOF'
+  args:
+    chdir: "{{ docker_compose.directories.instance }}"
+  register: ldap_tinker
+  failed_when: >
+    ldap_tinker.stdout_lines is not defined
+    or ldap_tinker.stdout_lines[0] != '= true'
+  changed_when: >
+    ldap_tinker.stdout_lines is defined
+    and ldap_tinker.stdout_lines[0] == '= true'
+  notify: docker compose up
+
+- name: Encrypt & save LDAP bind password via Crypt + DB façade
+  shell: |
+    docker-compose exec -T \
+      -u www-data \
+      -e APP_KEY="{{ applications[application_id].credentials.app_key }}" \
+      -e XDG_CONFIG_HOME=/tmp \
+      application \
+      php artisan tinker --execute="
+        use Illuminate\Support\Facades\Crypt;
+        use Illuminate\Support\Facades\DB;
+
+        /* encrypt the clear-text password */
+        \$encrypted = Crypt::encrypt('{{ ldap.bind_credential }}');
+
+        /* write it straight into settings.ldap_pword */
+        /* update the one and only row in `settings` */
+        DB::table('settings')->update([
+          'ldap_pword' => \$encrypted
+        ]);
+        echo 'Stored: ' . \$encrypted . PHP_EOL;
+      "
+  args:
+    chdir: "/opt/docker/snipe-it/"
+  register: ldap_encrypt
+  failed_when: ldap_encrypt.rc != 0
+
+- name: "Clear Laravel config & cache (inside container as www-data)"
+  shell: |
+    docker-compose exec -T -u www-data application php artisan config:clear
+    docker-compose exec -T -u www-data application php artisan cache:clear
+  args:
+    chdir: "{{ docker_compose.directories.instance }}"
+  notify: docker compose up 
--- a/roles/web-app-snipe-it/tasks/main.yml
+++ b/roles/web-app-snipe-it/tasks/main.yml
@@ -0,0 +1,16 @@
+---
+- name: "include service-rdbms-central"
+  include_role: 
+    name: service-rdbms-central
+
+- name: "include role webserver-proxy-domain for {{application_id}}"
+  include_role:
+    name: webserver-proxy-domain
+  vars:
+    domain:   "{{ domains | get_domain(application_id) }}"
+    http_port:   "{{ ports.localhost.http[application_id] }}"
+
+
+- name: "Configure Snipe-IT LDAP settings"
+  import_tasks: ldap.yml
+  when: applications | is_feature_enabled('ldap',application_id)