kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 15:06:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Updated security for OAuth2 and optimized CSS

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-02-24 21:00:22 +01:00
parent bc455a4344
commit 6d5113b6ea
4 changed files with 30 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
View File

@@ -1,7 +1,7 @@
http_address = "0.0.0.0:4180"
cookie_secret = "{{applications.oauth2_proxy.cookie_secret}}"
cookie_secret = "{{applications[application_id].oauth2_proxy.cookie_secret}}"
email_domains = "{{primary_domain}}"
cookie_secure = "false"
cookie_secure = "true" # True is necessary to force the cookie set via https
upstreams = "http://{{applications[application_id].oauth2_proxy.application}}:{{applications[application_id].oauth2_proxy.port}}"
cookie_domains = ["{{domain}}", "{{domains.keycloak}}"] # Required so cookie can be read on all subdomains.
whitelist_domains = [".{{primary_domain}}"] # Required to allow redirection back to original requested target.
@@ -15,5 +15,5 @@ provider = "oidc"
provider_display_name = "Keycloak"
# role restrictions
#cookie_roles = "realm_access.roles"
allowed_roles = "{{applications.oauth2_proxy.allowed_roles}}"
#cookie_roles = "realm_access.roles"
allowed_roles = "{{applications.oauth2_proxy.allowed_roles}}" # This is not correct here. needs to be placed in applications @todo move there when implementing

2
roles/docker-openproject/vars/main.yml
View File

@@ -1,6 +1,6 @@
application_id: "openproject"
docker_repository_address: "https://github.com/opf/openproject-deploy"
database_password: "{{openproject_database_password}}"
database_password: "{{applications[application_id].credentials.database_password}}"
database_type: "postgres"
openproject_plugins_service: "{{docker_compose.directories.services}}plugins/"

21
roles/nginx-modifier-css/templates/global.css.j2
View File

@@ -847,6 +847,7 @@ html[native-dark-active] .btn, .btn {
/* New Gradient based on original background (90 -5, 90, 90 +1, 90 +5) */
background: linear-gradient({{ range(0, 361) | random }}deg, var(--color-85), var(--color-90), var(--color-91), var(--color-95));
border-color: var(--color-85);
color: var(--color-12);
}
.card-body {
@@ -877,7 +878,7 @@ html[native-dark-active] .btn, .btn {
color: var(--color-40);
}
/* Keycloak Header */
/* Keycloak */
div#app header, div#app header *{
background-color: var(--color-60);
/* New Gradient based on original background (60 -5, 60, 60 +1, 60 +5) */
@@ -998,7 +999,6 @@ div#mastodon .dropdown-button{
div#mastodon .button, div#mastodon .button:active, div#mastodon .button:focus, div#mastodon .button:hover{
background-color: var(--color-71);
/* New Gradient based on original background (71 -5, 71, 71 +1, 71 +5) */
background: linear-gradient({{ range(0, 361) | random }}deg, var(--color-66), var(--color-71), var(--color-72), var(--color-76));
}
@@ -1009,16 +1009,29 @@ div#mastodon .button, div#mastodon .button:active, div#mastodon .button:focus, d
/** OpenProject **/
header.op-app-header{
background-color: var(--color-40);
/* New Gradient based on original background (40 -5, 40, 40 +1, 40 +5) */
background: linear-gradient({{ range(0, 361) | random }}deg, var(--color-35), var(--color-40), var(--color-41), var(--color-45));
color: var(--color-40);
}
/** Open Project **/
div#wrapper button, div#wrapper input, button.top-menu-search-button, div.menu-sidebar a{
background-color: transparent;
}
/* OAuth2 Proxy */
{# The variables look like they are bootstrap variables. @todo Verify and generalize if possible #}
.box {
background-color: var(--color-92);
color: var(--color-10);
}
.subtitle {
color: inherit;
}
.has-background-light {
background-color: var(--color-96) !important;
}
/* Pixelfed */
div.page-wrapper{
background: none;