kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-11-03 19:58:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix Confluence & BookWyrm setup:

Browse Source 
- Add docker compose build trigger in docker-compose tasks
- Cleanup svc-prx-openresty vars
- Enable unsafe-inline CSP flags for BookWyrm, Confluence, Jira to allow Atlassian inline scripts
- Generalize CONFLUENCE_HOME usage in vars, env and docker-compose
- Ensure confluence-init.properties written with correct home
- Add JVM_SUPPORT_RECOMMENDED_ARGS to pass atlassian.home
- Update README to reference {{ CONFLUENCE_HOME }}

See: https://chatgpt.com/share/68b7582a-aeb8-800f-a14f-e98c5b4e6c70
This commit is contained in:
Kevin Veen-Birkenbach
2025-09-02 22:49:02 +02:00
parent 61bba3d2ef
commit 71ceb339fc
10 changed files with 29 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
roles/docker-compose/tasks/04_files.yml
View File

@@ -5,7 +5,9 @@
loop: loop:
- "{{ application_id | abs_role_path_by_application_id }}/templates/Dockerfile.j2" - "{{ application_id | abs_role_path_by_application_id }}/templates/Dockerfile.j2"
- "{{ application_id | abs_role_path_by_application_id }}/files/Dockerfile" - "{{ application_id | abs_role_path_by_application_id }}/files/Dockerfile"
notify: docker compose up notify:
- docker compose up
- docker compose build
register: create_dockerfile_result register: create_dockerfile_result
failed_when: failed_when:
- create_dockerfile_result is failed - create_dockerfile_result is failed

1
roles/svc-prx-openresty/vars/main.yml
View File

@@ -8,4 +8,3 @@ database_type: ""
OPENRESTY_IMAGE: "openresty/openresty" OPENRESTY_IMAGE: "openresty/openresty"
OPENRESTY_VERSION: "alpine" OPENRESTY_VERSION: "alpine"
OPENRESTY_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.openresty.name', True) }}" OPENRESTY_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.openresty.name', True) }}"

6
roles/web-app-bookwyrm/config/main.yml
View File

@@ -24,7 +24,11 @@ features:
server: server:
csp: csp:
whitelist: {} whitelist: {}
flags: {} flags:
script-src-elem:
unsafe-inline: true
script-src:
unsafe-inline: true
domains: domains:
canonical: canonical:
- "book.{{ PRIMARY_DOMAIN }}" - "book.{{ PRIMARY_DOMAIN }}"

2
roles/web-app-confluence/README.md
View File

@@ -17,7 +17,7 @@ The role builds a minimal custom image on top of the official Confluence image,
* **JVM Auto-Tuning:** `JVM_MINIMUM_MEMORY` / `JVM_MAXIMUM_MEMORY` computed from host memory with upper bounds. * **JVM Auto-Tuning:** `JVM_MINIMUM_MEMORY` / `JVM_MAXIMUM_MEMORY` computed from host memory with upper bounds.
* **Health Checks:** Curl-based container healthcheck for early failure detection. * **Health Checks:** Curl-based container healthcheck for early failure detection.
* **CSP & Canonical Domains:** Hooks into platform CSP/SSL/domain management to keep policies strict and URLs stable. * **CSP & Canonical Domains:** Hooks into platform CSP/SSL/domain management to keep policies strict and URLs stable.
* **Backup Friendly:** Data isolated under `/var/atlassian/application-data/confluence`. * **Backup Friendly:** Data isolated under `{{ CONFLUENCE_HOME }}`.
## Further Resources ## Further Resources

6
roles/web-app-confluence/config/main.yml
View File

@@ -20,7 +20,11 @@ features:
server: server:
csp: csp:
whitelist: {} whitelist: {}
flags: {} flags:
script-src-elem:
unsafe-inline: true
script-src:
unsafe-inline: true
domains: domains:
canonical: canonical:
- "confluence.{{ PRIMARY_DOMAIN }}" - "confluence.{{ PRIMARY_DOMAIN }}"

6
roles/web-app-confluence/templates/Dockerfile.j2
View File

@@ -4,5 +4,7 @@ FROM "{{ CONFLUENCE_IMAGE }}:{{ CONFLUENCE_VERSION }}"
# COPY ./plugins/atlassian-sso-dc-latest.obr /opt/atlassian/confluence/confluence/WEB-INF/atlassian-bundled-plugins/ # COPY ./plugins/atlassian-sso-dc-latest.obr /opt/atlassian/confluence/confluence/WEB-INF/atlassian-bundled-plugins/
# Ensure proper permissions for app data # Ensure proper permissions for app data
RUN mkdir -p /var/atlassian/application-data/confluence && \ RUN mkdir -p {{ CONFLUENCE_HOME }} && \
chown -R 2001:2001 /var/atlassian/application-data/confluence chown -R 2001:2001 {{ CONFLUENCE_HOME }}
RUN printf "confluence.home={{ CONFLUENCE_HOME }}\n" \
> /opt/atlassian/confluence/confluence/WEB-INF/classes/confluence-init.properties

2
roles/web-app-confluence/templates/docker-compose.yml.j2
View File

@@ -9,7 +9,7 @@
ports: ports:
- "127.0.0.1:{{ ports.localhost.http[application_id] }}:8090" - "127.0.0.1:{{ ports.localhost.http[application_id] }}:8090"
volumes: volumes:
- 'data:/var/atlassian/application-data/confluence' - 'data:{{ CONFLUENCE_HOME }}'
{% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %} {% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}
{% include 'roles/docker-container/templates/base.yml.j2' %} {% include 'roles/docker-container/templates/base.yml.j2' %}
{% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %} {% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}

6
roles/web-app-confluence/templates/env.j2
View File

@@ -1,6 +1,6 @@
## Confluence core ## Confluence core
CONFLUENCE_URL="{{ CONFLUENCE_URL }}" CONFLUENCE_URL="{{ CONFLUENCE_URL }}"
CONFLUENCE_HOME="{{ CONFLUENCE_HOME }}"
ATL_PROXY_NAME={{ CONFLUENCE_HOSTNAME }} ATL_PROXY_NAME={{ CONFLUENCE_HOSTNAME }}
ATL_PROXY_PORT={{ WEB_PORT }} ATL_PROXY_PORT={{ WEB_PORT }}
@@ -9,6 +9,8 @@ ATL_TOMCAT_SECURE={{ (WEB_PORT == 443) | lower }}
JVM_MINIMUM_MEMORY={{ CONFLUENCE_JVM_MIN }} JVM_MINIMUM_MEMORY={{ CONFLUENCE_JVM_MIN }}
JVM_MAXIMUM_MEMORY={{ CONFLUENCE_JVM_MAX }} JVM_MAXIMUM_MEMORY={{ CONFLUENCE_JVM_MAX }}
JVM_SUPPORT_RECOMMENDED_ARGS=-Datlassian.home={{ CONFLUENCE_HOME }}
## Database ## Database
ATL_DB_TYPE=postgresql ATL_DB_TYPE=postgresql
ATL_DB_DRIVER=org.postgresql.Driver ATL_DB_DRIVER=org.postgresql.Driver
@@ -16,8 +18,8 @@ ATL_JDBC_URL=jdbc:postgresql://{{ database_host }}:{{ database_port }}/{{ databa
ATL_JDBC_USER={{ database_username }} ATL_JDBC_USER={{ database_username }}
ATL_JDBC_PASSWORD={{ database_password }} ATL_JDBC_PASSWORD={{ database_password }}
## OIDC
{% if CONFLUENCE_OIDC_ENABLED %} {% if CONFLUENCE_OIDC_ENABLED %}
## OIDC
CONFLUENCE_OIDC_TITLE="{{ CONFLUENCE_OIDC_LABEL | replace('\"','\\\"') }}" CONFLUENCE_OIDC_TITLE="{{ CONFLUENCE_OIDC_LABEL | replace('\"','\\\"') }}"
CONFLUENCE_OIDC_ISSUER="{{ CONFLUENCE_OIDC_ISSUER }}" CONFLUENCE_OIDC_ISSUER="{{ CONFLUENCE_OIDC_ISSUER }}"
CONFLUENCE_OIDC_AUTHORIZATION_ENDPOINT="{{ CONFLUENCE_OIDC_AUTH_URL }}" CONFLUENCE_OIDC_AUTHORIZATION_ENDPOINT="{{ CONFLUENCE_OIDC_AUTH_URL }}"

1
roles/web-app-confluence/vars/main.yml
View File

@@ -11,6 +11,7 @@ container_hostname: "{{ domains | get_domain(application_id) }}"
## URLs ## URLs
CONFLUENCE_URL: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}" CONFLUENCE_URL: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
CONFLUENCE_HOSTNAME: "{{ container_hostname }}" CONFLUENCE_HOSTNAME: "{{ container_hostname }}"
CONFLUENCE_HOME: "/var/atlassian/application-data/confluence"
## OIDC ## OIDC
CONFLUENCE_OIDC_ENABLED: "{{ applications | get_app_conf(application_id, 'features.oidc') }}" CONFLUENCE_OIDC_ENABLED: "{{ applications | get_app_conf(application_id, 'features.oidc') }}"

6
roles/web-app-jira/config/main.yml
View File

@@ -21,7 +21,11 @@ features:
server: server:
csp: csp:
whitelist: {} whitelist: {}
flags: {} flags:
script-src-elem:
unsafe-inline: true
script-src:
unsafe-inline: true
domains: domains:
canonical: canonical:
- "jira.{{ PRIMARY_DOMAIN }}" - "jira.{{ PRIMARY_DOMAIN }}"