kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-04-28 18:30:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Optimized oidc und hcaptcha autosetup für listmonk

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-04-23 18:08:24 +02:00
parent 3b3ec5196a
commit 6a1be99f1e
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
4 changed files with 72 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
roles/docker-listmonk/tasks/main.yml
View File

@ -3,10 +3,10 @@
include_role: include_role:
name: docker-central-database name: docker-central-database
- name: Set nginx_docker_reverse_proxy_extra_configuration based on applications.listmonk.public_api_activated - name: Set nginx_docker_reverse_proxy_extra_configuration based on applications[application_id].public_api_activated
set_fact: set_fact:
nginx_docker_reverse_proxy_extra_configuration: >- nginx_docker_reverse_proxy_extra_configuration: >-
{% if not applications.listmonk.public_api_activated %} {% if not applications[application_id].public_api_activated %}
{{ lookup('file', '{{ role_path }}/files/deactivate-public-api.conf') }} {{ lookup('file', '{{ role_path }}/files/deactivate-public-api.conf') }}
{% else %} {% else %}
"" ""
@ -28,8 +28,70 @@
- name: "copy docker-compose.yml and env file" - name: "copy docker-compose.yml and env file"
include_tasks: copy-docker-compose-and-env.yml include_tasks: copy-docker-compose-and-env.yml
- name: setup routine for listmonk - name: Check if listmonk database is already initialized
command: docker compose exec -T {{database_host}} psql -U {{database_username}} -d {{database_name}} -c "\dt"
register: db_tables
changed_when: false
failed_when: false
- name: Run Listmonk setup only if DB is empty
command: command:
cmd: docker compose run -T --rm application sh -c "yes | ./listmonk --install" cmd: docker compose run -T --rm application sh -c "yes | ./listmonk --install"
chdir: "{{docker_compose.directories.instance}}" chdir: "{{docker_compose.directories.instance}}"
ignore_errors: true # Ignore errors if already setup when: "'No relations found.' in db_tables.stdout"
- name: Construct OIDC settings JSON
set_fact:
oidc_settings_json: >-
{{ {
"enabled": True,
"client_id": oidc.client.id,
"provider_url": oidc.client.discovery_document,
"client_secret": oidc.client.secret
} | to_json }}
- name: Build OIDC settings JSON
set_fact:
oidc_settings_json: >-
{{ {
"enabled": True,
"client_id": oidc.client.id,
"provider_url": oidc.client.discovery_document,
"client_secret": oidc.client.secret
} | to_json }}
- name: Apply OIDC settings via Docker + here-doc
shell: |
docker exec -i {{ database_host }} psql \
-U {{ database_username }} \
-d {{ database_name }} <<'EOSQL'
UPDATE settings
SET value = '{{ oidc_settings_json }}'::jsonb
WHERE key = 'security.oidc';
EOSQL
args:
executable: /bin/bash
when: applications[application_id].features.oidc | bool
- name: Enable hCaptcha and configure keys in Listmonk database
shell: |
docker exec -i {{ database_host }} psql \
-U {{ database_username }} \
-d {{ database_name }} <<'EOSQL'
-- enable captcha (boolean true)
UPDATE settings
SET value = 'true'::jsonb
WHERE key = 'security.enable_captcha';
-- set site key (JSON string)
UPDATE settings
SET value = '"{{ applications[application_id].credentials.hcaptcha.site_key }}"'::jsonb
WHERE key = 'security.captcha_key';
-- set secret (JSON string)
UPDATE settings
SET value = '"{{ applications[application_id].credentials.hcaptcha.secret }}"'::jsonb
WHERE key = 'security.captcha_secret';
EOSQL
args:
executable: /bin/bash

11
roles/docker-listmonk/templates/env.j2
View File

@ -4,14 +4,3 @@ TZ=Etc/UTC
LISTMONK_ADMIN_USER={{ applications[application_id].users.administrator.username }} LISTMONK_ADMIN_USER={{ applications[application_id].users.administrator.username }}
LISTMONK_ADMIN_PASSWORD={{ applications[application_id].users.administrator.password }} LISTMONK_ADMIN_PASSWORD={{ applications[application_id].users.administrator.password }}
{% if applications[application_id].features.oidc | bool %}
###################################
# OpenID Connect settings
###################################
LISTMONK_security__oidc__enabled=true
LISTMONK_security__oidc__provider_url={{ oidc.client.discovery_document }}
LISTMONK_security__oidc__client_id={{oidc.client.id}}
LISTMONK_security__oidc__client_secret={{oidc.client.secret}}
{% endif %}

5
templates/vars/applications.yml.j2
View File

@ -276,9 +276,12 @@ defaults_applications:
credentials: credentials:
database: database:
# password: "" # Database password # password: "" # Database password
hcaptcha:
# site_key:
# secret:
public_api_activated: False # Security hole. Can be used for spaming public_api_activated: False # Security hole. Can be used for spaming
version: "latest" # Docker Image version version: "latest" # Docker Image version
setup: false # Set true in inventory file to execute the setup and initializing procedures
{% endraw %}{{ features.render_features({ {% endraw %}{{ features.render_features({
'matomo': true, 'matomo': true,
'css': true, 'css': true,