diff --git a/roles/docker-ldap/filter_plugins/build_ldap_role_entries.py b/roles/docker-ldap/filter_plugins/build_ldap_role_entries.py index 50210ada..3319eef3 100644 --- a/roles/docker-ldap/filter_plugins/build_ldap_role_entries.py +++ b/roles/docker-ldap/filter_plugins/build_ldap_role_entries.py @@ -17,7 +17,7 @@ def build_ldap_role_entries(applications, users, ldap): group_id = application_config.get("group_id") user_dn_base = ldap["dn"]["ou"]["users"] - ldap_user_attr = ldap["attributes"]["user_id"] + ldap_user_attr = ldap["user"]["attributes"]["id"] role_dn_base = ldap["dn"]["ou"]["roles"] flavors = ldap.get("rbac", {}).get("flavors", []) diff --git a/roles/docker-sphinx/tasks/main.yml b/roles/docker-sphinx/tasks/main.yml index e273d871..23513dc6 100644 --- a/roles/docker-sphinx/tasks/main.yml +++ b/roles/docker-sphinx/tasks/main.yml @@ -1,9 +1,5 @@ --- # Docker Routines -- name: "include docker-compose role" - include_role: - name: docker-compose - - name: "pkgmgr install" include_role: name: pkgmgr-install @@ -15,6 +11,10 @@ command: pkgmgr path cymais-sphinx register: path_cymais_sphinx_output +- name: "include docker-compose role" + include_role: + name: docker-compose + - name: "include role nginx-domain-setup for {{application_id}}" include_role: name: nginx-domain-setup diff --git a/roles/roles/docker-pretix/Readme.md b/roles/roles/docker-pretix/Readme.md new file mode 100644 index 00000000..4daf447f --- /dev/null +++ b/roles/roles/docker-pretix/Readme.md @@ -0,0 +1,2 @@ +# Pretix (Draft) +See https://github.com/pretix/pretix \ No newline at end of file diff --git a/templates/docker_role/meta/main.yml.j2 b/templates/docker_role/meta/main.yml.j2 index 043bb47e..3a50b3fa 100644 --- a/templates/docker_role/meta/main.yml.j2 +++ b/templates/docker_role/meta/main.yml.j2 @@ -21,3 +21,8 @@ galaxy_info: documentation: "https://github.com/kevinveenbirkenbach/cymais/roles/{{application_id}}" logo: class: "{{ logo_classes }}" + run_after: + - docker-matomo + - docker-keycloak + - docker-mailu +dependencies: [] \ No newline at end of file diff --git a/templates/docker_role/tasks/main.yml.j2 b/templates/docker_role/tasks/main.yml.j2 index 424fe903..2079d6d1 100644 --- a/templates/docker_role/tasks/main.yml.j2 +++ b/templates/docker_role/tasks/main.yml.j2 @@ -1,6 +1,6 @@ --- -{% if database | bool %} +{% if database_type | bool %} {% raw %} - name: "include docker-central-database" @@ -8,13 +8,6 @@ name: docker-central-database when: run_once_docker_{% endraw %}{{ application_id }}{% raw %} is not defined -- name: "include role nginx-domain-setup for {{application_id}}" - include_role: - name: nginx-domain-setup - vars: - domain: "{{ domains | get_domain(application_id) }}" - http_port: "{{ ports.localhost.http[application_id] }}" - when: run_once_docker_{% endraw %}{{ application_id }}{% raw %} is not defined {% endraw %} {% else %} @@ -29,6 +22,15 @@ {% endif %} {% raw %} + +- name: "include role nginx-domain-setup for {{application_id}}" + include_role: + name: nginx-domain-setup + vars: + domain: "{{ domains | get_domain(application_id) }}" + http_port: "{{ ports.localhost.http[application_id] }}" + when: run_once_docker_{% endraw %}{{ application_id }}{% raw %} is not defined + - name: run the {% raw %}portfolio{% endraw %} tasks once set_fact: run_once_docker_portfolio: true diff --git a/templates/docker_role/templates/Dockerfile.j2.j2 b/templates/docker_role/templates/Dockerfile.j2.j2 new file mode 100644 index 00000000..e69de29b diff --git a/templates/docker_role/templates/docker-compose.yml.j2.j2 b/templates/docker_role/templates/docker-compose.yml.j2.j2 new file mode 100644 index 00000000..7c8af583 --- /dev/null +++ b/templates/docker_role/templates/docker-compose.yml.j2.j2 @@ -0,0 +1,19 @@ +services: + portfolio: + build: + context: {{docker_repository_path}} + dockerfile: Dockerfile + image: application-portfolio + container_name: portfolio + ports: + - 127.0.0.1:{{ports.localhost.http[application_id]}}:5000 + volumes: + - {{docker_repository_path}}app:/app + restart: unless-stopped +{% include 'templates/docker/container/networks.yml.j2' %} + healthcheck: + test: ["CMD", "bash", "-c", "exec 3<>/dev/tcp/localhost/5000 && echo -e 'GET / HTTP/1.1\\r\\nHost: localhost\\r\\nConnection: close\\r\\n\\r\\n' >&3 && cat <&3 | grep -q 'HTTP/1.1'"] + interval: 30s + timeout: 10s + retries: 3 +{% include 'templates/docker/compose/networks.yml.j2' %} \ No newline at end of file diff --git a/templates/docker_role/templates/env.j2.j2 b/templates/docker_role/templates/env.j2.j2 new file mode 100644 index 00000000..e69de29b diff --git a/templates/docker_role/vars/configuration.yml.j2 b/templates/docker_role/vars/configuration.yml.j2 new file mode 100644 index 00000000..3bce8e50 --- /dev/null +++ b/templates/docker_role/vars/configuration.yml.j2 @@ -0,0 +1,29 @@ +features: + matomo: true + css: true + portfolio_iframe: false +csp: + whitelist: + script-src-elem: + - https://cdn.jsdelivr.net + - https://kit.fontawesome.com + style-src: + - https://cdn.jsdelivr.net + font-src: + - https://ka-f.fontawesome.com + - https://cdn.jsdelivr.net + connect-src: + - https://ka-f.fontawesome.com + frame-src: + - "{{ web_protocol }}://*.{{primary_domain}}" + flags: + style-src: + unsafe-inline: true + script-src: + unsafe-inline: true + script-src-elem: + unsafe-inline: true +domains: + canonical: + - "{{ primary_domain }}" + diff --git a/tests/unit/roles/docker-ldap/test_build_ldap_role_entries.py b/tests/unit/roles/docker-ldap/test_build_ldap_role_entries.py index 92b7eff4..e335fffa 100644 --- a/tests/unit/roles/docker-ldap/test_build_ldap_role_entries.py +++ b/tests/unit/roles/docker-ldap/test_build_ldap_role_entries.py @@ -48,8 +48,10 @@ class TestBuildLdapRoleEntries(unittest.TestCase): "roles": "ou=roles,dc=example,dc=org" } }, - "attributes": { - "user_id": "uid" + "user":{ + "attributes": { + "id": "uid" + } }, "rbac": { "flavors": ["posixGroup", "groupOfNames"]