Add global CAPTCHA config and EspoCRM seeder

- Introduce shared CAPTCHA settings and RECAPTCHA_ENABLED/HCAPTCHA_ENABLED flags in group_vars - Wire reCAPTCHA/hCaptcha credentials into EspoCRM, Keycloak, Listmonk and Nextcloud - Replace EspoCRM set_flags.php with generic seed_config.php and hook it into entrypoint/env - Fix run_once handling in sys-ctl-cln-disc-space and minor CSS Jinja spacing issue https://chatgpt.com/share/692a1d4f-1154-800f-a4ae-bb068aa24a53
2025-12-03 07:59:42 +00:00 · 2025-11-28 23:08:32 +01:00
parent 4dd1769225
commit 654131ab89
20 changed files with 244 additions and 100 deletions
--- a/roles/web-app-listmonk/config/main.yml
+++ b/roles/web-app-listmonk/config/main.yml
@@ -6,7 +6,7 @@ features:
  central_database:         true
  oidc:                     true
  logout:                   true
-  hcaptcha:                 true
+  hcaptcha:                 "{{ HCAPTCHA_ENABLED | bool }}"
 server:
  domains:
    canonical:
@@ -23,9 +23,13 @@ docker:
    database:
      enabled: true
    listmonk:
-      image:            listmonk/listmonk
-      version:          latest
+      image:              listmonk/listmonk
+      version:            latest
      backup:
        no_stop_required: true
-      name:             listmonk
-      port:             9000
+      name:               listmonk
+      port:               9000
+credentials:
+  hcaptcha:
+    key:    "{{ CAPTCHA.HCAPTCHA.KEY }}"
+    secret: "{{ CAPTCHA.HCAPTCHA.SECRET }}"
--- a/roles/web-app-listmonk/schema/main.yml
+++ b/roles/web-app-listmonk/schema/main.yml
@@ -3,13 +3,3 @@ credentials:
    description: "Initial password for the Listmonk administrator account"
    algorithm: "sha256"
    validation: "^[a-f0-9]{64}$"
-
-  hcaptcha_site_key:
-    description: "Public site key used by Listmonk to render hCaptcha"
-    algorithm: "plain"
-    validation: "^[0-9a-zA-Z_-]{32,}$"
-
-  hcaptcha_secret:
-    description: "Private hCaptcha secret key for server-side verification"
-    algorithm: "plain"
-    validation: "^[0-9a-zA-Z_-]{32,}$"
--- a/roles/web-app-listmonk/vars/main.yml
+++ b/roles/web-app-listmonk/vars/main.yml
@@ -38,10 +38,10 @@ LISTMONK_SETTINGS:
    value: 'true'

  - key: "security.captcha_key"
-    value: '"{{ applications | get_app_conf(application_id, "credentials.hcaptcha_site_key") }}"'
+    value: '"{{ applications | get_app_conf(application_id, "credentials.hcaptcha.key") }}"'

  - key: "security.captcha_secret"
-    value: '"{{ applications | get_app_conf(application_id, "credentials.hcaptcha_secret") }}"'
+    value: '"{{ applications | get_app_conf(application_id, "credentials.hcaptcha.secret") }}"'

  # SMTP servers
  - key: "smtp"