Solved other refactoring bugs and optimized docker role template

2025-07-07 17:15:15 +02:00 · 2025-07-06 19:54:51 +02:00 · 2025-07-06 19:54:51 +02:00 · 5919f49741
commit 5919f49741
parent ea9cc07112
10 changed files with 74 additions and 15 deletions
--- a/roles/docker-ldap/filter_plugins/build_ldap_role_entries.py
+++ b/roles/docker-ldap/filter_plugins/build_ldap_role_entries.py
@ -17,7 +17,7 @@ def build_ldap_role_entries(applications, users, ldap):

        group_id = application_config.get("group_id")
        user_dn_base = ldap["dn"]["ou"]["users"]
-        ldap_user_attr = ldap["attributes"]["user_id"]
+        ldap_user_attr = ldap["user"]["attributes"]["id"]
        role_dn_base = ldap["dn"]["ou"]["roles"]
        flavors = ldap.get("rbac", {}).get("flavors", [])

--- a/roles/docker-sphinx/tasks/main.yml
+++ b/roles/docker-sphinx/tasks/main.yml
@ -1,9 +1,5 @@
 ---
 # Docker Routines
- name: "include docker-compose role"
-  include_role: 
-    name: docker-compose
-
 - name: "pkgmgr install"
  include_role:
    name: pkgmgr-install
@ -15,6 +11,10 @@
  command: pkgmgr path cymais-sphinx
  register: path_cymais_sphinx_output

+- name: "include docker-compose role"
+  include_role: 
+    name: docker-compose
+
 - name: "include role nginx-domain-setup for {{application_id}}"
  include_role:
    name: nginx-domain-setup
--- a/roles/roles/docker-pretix/Readme.md
+++ b/roles/roles/docker-pretix/Readme.md
@ -0,0 +1,2 @@
+# Pretix (Draft)
+See https://github.com/pretix/pretix
--- a/templates/docker_role/meta/main.yml.j2
+++ b/templates/docker_role/meta/main.yml.j2
@ -21,3 +21,8 @@ galaxy_info:
  documentation: "https://github.com/kevinveenbirkenbach/cymais/roles/{{application_id}}"
  logo:
    class: "{{ logo_classes }}"
+  run_after:
+    - docker-matomo
+    - docker-keycloak
+    - docker-mailu
+dependencies: []
--- a/templates/docker_role/tasks/main.yml.j2
+++ b/templates/docker_role/tasks/main.yml.j2
@ -1,6 +1,6 @@
 ---

-{% if database | bool %}
+{% if database_type | bool %}

 {% raw %}
 - name: "include docker-central-database"
@ -8,13 +8,6 @@
    name: docker-central-database
  when: run_once_docker_{% endraw %}{{ application_id }}{% raw %} is not defined

- name: "include role nginx-domain-setup for {{application_id}}"
-  include_role:
-    name: nginx-domain-setup
-  vars:
-    domain:   "{{ domains | get_domain(application_id) }}"
-    http_port:   "{{ ports.localhost.http[application_id] }}"
-  when: run_once_docker_{% endraw %}{{ application_id }}{% raw %} is not defined
 {% endraw %}

 {% else %}
@ -29,6 +22,15 @@
 {% endif %}

 {% raw %}
+
+- name: "include role nginx-domain-setup for {{application_id}}"
+  include_role:
+    name: nginx-domain-setup
+  vars:
+    domain:   "{{ domains | get_domain(application_id) }}"
+    http_port:   "{{ ports.localhost.http[application_id] }}"
+  when: run_once_docker_{% endraw %}{{ application_id }}{% raw %} is not defined
+
 - name: run the {% raw %}portfolio{% endraw %} tasks once
  set_fact:
    run_once_docker_portfolio: true
--- a/templates/docker_role/templates/Dockerfile.j2.j2
+++ b/templates/docker_role/templates/Dockerfile.j2.j2
--- a/templates/docker_role/templates/docker-compose.yml.j2.j2
+++ b/templates/docker_role/templates/docker-compose.yml.j2.j2
@ -0,0 +1,19 @@
+services:
+  portfolio:
+    build:
+      context: {{docker_repository_path}}
+      dockerfile: Dockerfile
+    image: application-portfolio
+    container_name: portfolio
+    ports:
+      - 127.0.0.1:{{ports.localhost.http[application_id]}}:5000
+    volumes:
+      - {{docker_repository_path}}app:/app
+    restart: unless-stopped
+{% include 'templates/docker/container/networks.yml.j2' %}
+    healthcheck:
+      test: ["CMD", "bash", "-c", "exec 3<>/dev/tcp/localhost/5000 && echo -e 'GET / HTTP/1.1\\r\\nHost: localhost\\r\\nConnection: close\\r\\n\\r\\n' >&3 && cat <&3 | grep -q 'HTTP/1.1'"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+{% include 'templates/docker/compose/networks.yml.j2' %}
--- a/templates/docker_role/templates/env.j2.j2
+++ b/templates/docker_role/templates/env.j2.j2
--- a/templates/docker_role/vars/configuration.yml.j2
+++ b/templates/docker_role/vars/configuration.yml.j2
@ -0,0 +1,29 @@
+features:
+  matomo:           true
+  css:              true
+  portfolio_iframe: false
+csp:
+  whitelist:
+    script-src-elem:
+      - https://cdn.jsdelivr.net
+      - https://kit.fontawesome.com
+    style-src:
+      - https://cdn.jsdelivr.net
+    font-src:
+      - https://ka-f.fontawesome.com
+      - https://cdn.jsdelivr.net
+    connect-src:
+      - https://ka-f.fontawesome.com
+    frame-src:
+      - "{{ web_protocol }}://*.{{primary_domain}}"
+  flags:
+    style-src:
+      unsafe-inline: true
+    script-src:
+      unsafe-inline: true
+    script-src-elem:
+      unsafe-inline: true
+domains:
+  canonical:
+    - "{{ primary_domain }}"
+
--- a/tests/unit/roles/docker-ldap/test_build_ldap_role_entries.py
+++ b/tests/unit/roles/docker-ldap/test_build_ldap_role_entries.py
@ -48,8 +48,10 @@ class TestBuildLdapRoleEntries(unittest.TestCase):
                    "roles": "ou=roles,dc=example,dc=org"
                }
            },
-            "attributes": {
-                "user_id": "uid"
+            "user":{
+                "attributes": {
+                    "id": "uid"
+                }
            },
            "rbac": {
                "flavors": ["posixGroup", "groupOfNames"]