From 72693e09e24bd24279ea64c7908c8e4f3de7c48e Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Wed, 19 Mar 2025 20:26:43 +0100 Subject: [PATCH] Implemented more detailed configuration for landing_page, css and matomo and restructured code --- filter_plugins/configuration_filters.py | 28 +- group_vars/all/00_general.yml | 17 ++ group_vars/all/05_nginx.yml | 5 +- group_vars/all/07_applications.yml | 248 ++++++++++++------ roles/corporate-identity/vars/main.yml | 0 roles/docker-matomo/vars/main.yml | 6 +- .../docker-portfolio/templates/config.yaml.j2 | 108 ++++---- .../templates/iframe.conf.j2 | 4 + .../templates/proxy_pass.conf.j2 | 7 +- roles/nginx-modifier-all/tasks/main.yml | 2 +- .../templates/global.includes.conf.j2 | 8 +- roles/nginx-modifier-all/vars/main.yml | 3 + 12 files changed, 277 insertions(+), 159 deletions(-) create mode 100644 roles/corporate-identity/vars/main.yml create mode 100644 roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2 create mode 100644 roles/nginx-modifier-all/vars/main.yml diff --git a/filter_plugins/configuration_filters.py b/filter_plugins/configuration_filters.py index efc52ac2..b42707ef 100644 --- a/filter_plugins/configuration_filters.py +++ b/filter_plugins/configuration_filters.py @@ -1,25 +1,35 @@ -def get_oauth2_enabled(applications, application_id): +import yaml + +def get_oauth2_enabled(applications:yaml, application_id:string): # Retrieve the application dictionary based on the ID app = applications.get(application_id, {}) # Retrieve the value for oauth2_proxy.enabled, default is False enabled = app.get('oauth2_proxy', {}).get('enabled', False) return bool(enabled) -def get_oidc_enabled(applications, application_id): +def get_oidc_enabled(applications:yaml, application_id:string): # Retrieve the application dictionary based on the ID app = applications.get(application_id, {}) # Retrieve the value for oidc.enabled, default is False enabled = app.get('oidc', {}).get('enabled', False) return bool(enabled) -def get_css_enabled(applications, application_id): - # Retrieve the application dictionary based on the given application_id. - app = applications.get(application_id, {}) - # Retrieve the 'enabled' value from the css key, defaulting to True if not present. - enabled = app.get('css', {}).get('enabled', True) +def get_css_enabled(applications:yaml, application_id:string): + app = applications.get(application_id) + enabled = app.get('css_enabled') return bool(enabled) -def get_database_central_storage(applications, application_id): +def get_landingpage_iframe_enabled(applications:yaml, application_id:string): + app = applications.get(application_id) + enabled = app.get('landingpage_iframe_enabled') + return bool(enabled) + +def get_matomo_tracking_enabled(applications:yaml, application_id:string): + app = applications.get(application_id) + enabled = app.get('matomo_tracking_enabled') + return bool(enabled) + +def get_database_central_storage(applications:yaml, application_id:string): """ Retrieve the type of the database from the application dictionary. The expected key structure is: applications[application_id]['database']['central_storage']. @@ -36,4 +46,6 @@ class FilterModule(object): 'get_oidc_enabled': get_oidc_enabled, 'get_oauth2_enabled': get_oauth2_enabled, 'get_database_central_storage': get_database_central_storage, + 'get_landingpage_iframe_enabled': get_landingpage_iframe_enabled, + 'get_matomo_tracking_enabled': get_matomo_tracking_enabled, } \ No newline at end of file diff --git a/group_vars/all/00_general.yml b/group_vars/all/00_general.yml index 081ecbc6..e3813e0c 100644 --- a/group_vars/all/00_general.yml +++ b/group_vars/all/00_general.yml @@ -52,3 +52,20 @@ enable_wildcard_certificate: false # This enables debugging in ansible and in the apps # You SHOULD NOT enable this on production servers enable_debug: false + +######################### +## ENABLED DEFAULTS ## +######################### + +# The following defaults are used for the default_applications +# It can be that in a default_applications the value for one application is overwritten. +# You can overwritte it in this case in the applications in your inventory + +## Matomo Tracking +matomo_tracking_enabled_default: true # Enables\Disables Matomo tracking on all html pages by default. + +## CSS +css_enabled_default: true # Enables\Disables Global CSS on all html pages by default. + +## iframe for primary domain +landingpage_iframe_enabled: false # Enables\Disables the possibility to be embedded via iframe by default. \ No newline at end of file diff --git a/group_vars/all/05_nginx.yml b/group_vars/all/05_nginx.yml index add55a79..f3a1a51f 100644 --- a/group_vars/all/05_nginx.yml +++ b/group_vars/all/05_nginx.yml @@ -15,7 +15,4 @@ nginx: files: "/var/www/public_files/" # Path where the web accessable files are stored global: "/var/www/global/" # Directory containing files which will be globaly accessable user: "http" # Default nginx user in ArchLinux - iframe: true # Allows applications to be loaded in iframe - -## Matomo Tracking -global_matomo_tracking_enabled: false # Activates matomo tracking on all html pages. Change this in inventory. \ No newline at end of file + iframe: true # Allows applications to be loaded in iframe \ No newline at end of file diff --git a/group_vars/all/07_applications.yml b/group_vars/all/07_applications.yml index 08dd7175..cda3b64f 100644 --- a/group_vars/all/07_applications.yml +++ b/group_vars/all/07_applications.yml @@ -26,29 +26,41 @@ defaults_applications: setup_admin_email: "{{users.administrator.email}}" database: central_storage: True + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe ## Attendize attendize: version: "latest" database: central_storage: True + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe ## Baserow baserow: version: "latest" database: central_storage: True + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe ## Big Blue Button bigbluebutton: enable_greenlight: "true" - setup: false # Set to true in inventory file for initial setup + setup: false # Set to true in inventory file for initial setup oidc: - enabled: true # Activate OIDC + enabled: true # Activate OIDC database: central_storage: True ldap: - enabled: False # @todo LDAP needs to get propper implemented and tested, just set values during refactoring + enabled: False # @todo LDAP needs to get propper implemented and tested, just set values during refactoring + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe ## Bluesky bluesky: @@ -57,79 +69,103 @@ defaults_applications: email: "{{users.administrator.email}}" pds: version: "latest" - #jwt_secret: # Needs to be defined in inventory file - Use: openssl rand -base64 64 | tr -d '\n' - #plc_rotation_key_k256_private_key_hex: # Needs to be defined in inventory file - Use: openssl rand -hex 32 - #admin_password: # Needs to be defined in inventory file - Use: openssl rand -base64 16 + #jwt_secret: # Needs to be defined in inventory file - Use: openssl rand -base64 64 | tr -d '\n' + #plc_rotation_key_k256_private_key_hex: # Needs to be defined in inventory file - Use: openssl rand -hex 32 + #admin_password: # Needs to be defined in inventory file - Use: openssl rand -base64 16 database: central_storage: True + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe coturn: # @todo implement credentials: user: turnuser - # password: # Need to be defined in invetory file - # secret: # Need to be defined in invetory file + # password: # Need to be defined in invetory file + # secret: # Need to be defined in invetory file ## Discourse: discourse: - network: "discourse_default" # Name of the docker network - container: "discourse_application" # Name of the container application - repository: "discourse_repository" # Name of the repository folder - # database_password: # Needs to be defined in inventory file + network: "discourse_default" # Name of the docker network + container: "discourse_application" # Name of the container application + repository: "discourse_repository" # Name of the repository folder + # database_password: # Needs to be defined in inventory file oidc: - enabled: true # Activate OIDC + enabled: true # Activate OIDC database: - central_storage: True # Activate Central Database Storage + central_storage: True # Activate Central Database Storage + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe ## Friendica friendica: version: "latest" oidc: - enabled: true # Activate OIDC. Plugin is not working yet + enabled: true # Activate OIDC. Plugin is not working yet database: - central_storage: True # Activate Central Database Storage + central_storage: True # Activate Central Database Storage + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe ## Funkwhale funkwhale: version: "1.4.0" ldap: - enabled: True # Enables LDAP by default @todo check implementation + enabled: True # Enables LDAP by default @todo check implementation database: - central_storage: True # Activate Central Database Storage + central_storage: True # Activate Central Database Storage + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe ## Gitea gitea: - version: "latest" # Use latest docker image + version: "latest" # Use latest docker image database: - central_storage: True # Activate Central Database Storage + central_storage: True # Activate Central Database Storage configuration: repository: - enable_push_create_user: True # Allow users to push local repositories to Gitea and have them automatically created for a user. - default_private: last # Default private when creating a new repository: last, private, public - default_push_create_private: True # Default private when creating a new repository with push-to-create. + enable_push_create_user: True # Allow users to push local repositories to Gitea and have them automatically created for a user. + default_private: last # Default private when creating a new repository: last, private, public + default_push_create_private: True # Default private when creating a new repository with push-to-create. + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe ## Gitlab gitlab: version: "latest" database: - central_storage: True # Activate Central Database Storage + central_storage: True # Activate Central Database Storage + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe ## Joomla joomla: version: "latest" + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe ## Keycloak keycloak: version: "latest" users: administrator: - username: "{{users.administrator.username}}" # Administrator Username for Keycloak + username: "{{users.administrator.username}}" # Administrator Username for Keycloak ldap: - enabled: True # Enables LDAP by default - import_realm: True # If True realm will be imported. If false skip. + enabled: True # Enables LDAP by default + import_realm: True # If True realm will be imported. If false skip. database: - central_storage: True # Activate Central Database Storage -# database_password: # Needs to be defined in inventory file -# administrator_password: # Needs to be defined in inventory file + central_storage: True # Activate Central Database Storage +# database_password: # Needs to be defined in inventory file +# administrator_password: # Needs to be defined in inventory file + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe ## LDAP ldap: @@ -160,32 +196,41 @@ defaults_applications: central_storage: false # LDAP doesn't use an database in the current configuration. Propably a good idea to implement one later. # administrator_password: # CHANGE for security reasons in inventory file # administrator_database_password: # CHANGE for security reasons in inventory file + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe ## Listmonk listmonk: users: administrator: - username: "{{users.administrator.username}}" # Listmonk administrator account username - public_api_activated: False # Security hole. Can be used for spaming - version: "latest" # Docker Image version - setup: false # Set true in inventory file to execute the setup and initializing procedures + username: "{{users.administrator.username}}" # Listmonk administrator account username + public_api_activated: False # Security hole. Can be used for spaming + version: "latest" # Docker Image version + setup: false # Set true in inventory file to execute the setup and initializing procedures database: - central_storage: True # Activate Central Database Storage + central_storage: True # Activate Central Database Storage + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe mailu: - version: "2024.06" # Docker Image Version - setup: false # Set true in inventory file to execute the setup and initializing procedures + version: "2024.06" # Docker Image Version + setup: false # Set true in inventory file to execute the setup and initializing procedures oidc: - enabled: true # Activate OIDC for Mailu - domain: "{{primary_domain}}" # The main domain from which mails will be send \ email suffix behind @ + enabled: true # Activate OIDC for Mailu + domain: "{{primary_domain}}" # The main domain from which mails will be send \ email suffix behind @ # I don't know why the database deactivation is necessary database: - central_storage: False # Deactivate central database for mailu + central_storage: False # Deactivate central database for mailu credentials: -# secret_key: # Set to a randomly generated 16 bytes string -# database_password: # Needs to be set in inventory file -# api_token: # Configures the authentication token. The minimum length is 3 characters. This is a mandatory setting for using the RESTful API. -# initial_administrator_password: # Initial administrator password for setup +# secret_key: # Set to a randomly generated 16 bytes string +# database_password: # Needs to be set in inventory file +# api_token: # Configures the authentication token. The minimum length is 3 characters. This is a mandatory setting for using the RESTful API. +# initial_administrator_password: # Initial administrator password for setup + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe ## MariaDB mariadb: @@ -199,20 +244,21 @@ defaults_applications: # cookie_secret: None # Set via openssl rand -hex 16 # database_password: Null # Needs to be set in inventory file # auth_token: Null # Needs to be set in inventory file - css: - enabled: false # The css isn't optimized yet for Matomo database: central_storage: True # Activate Central Database Storage + matomo_tracking_enabled: false # Activate in inventory file if you want to have the statistics, as soon as matomo is running + css_enabled: false # Not optimized yet for matomo + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe ## Mastodon mastodon: version: "latest" - single_user_mode: false # Set true for initial setup - setup: false # Set true in inventory file to execute the setup and initializing procedures + single_user_mode: false # Set true for initial setup + setup: false # Set true in inventory file to execute the setup and initializing procedures database: - central_storage: True # Activate Central Database Storage + central_storage: True # Activate Central Database Storage oidc: - enabled: True # Activate OIDC for Mastodon + enabled: True # Activate OIDC for Mastodon credentials: # Check out the README.md of the docker-mastodon role to get detailled instructions about how to setup the credentials # database_password: @@ -225,24 +271,30 @@ defaults_applications: # deterministic_key: # key_derivation_salt: # primary_key: + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe ## Matrix matrix: users: administrator: - username: "{{users.administrator.username}}" # Accountname of the matrix admin - playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start - role: "compose" # Role to setup Matrix. Valid values: ansible, compose - server_name: "{{primary_domain}}" # Adress for the account names etc. + username: "{{users.administrator.username}}" # Accountname of the matrix admin + playbook_tags: "setup-all,start" # For the initial update use: install-all,ensure-matrix-users-created,start + role: "compose" # Role to setup Matrix. Valid values: ansible, compose + server_name: "{{primary_domain}}" # Adress for the account names etc. synapse: version: "latest" element: version: "latest" - setup: false # Set true in inventory file to execute the setup and initializing procedures + setup: false # Set true in inventory file to execute the setup and initializing procedures database: - central_storage: True # Activate Central Database Storage + central_storage: True # Activate Central Database Storage oidc: - enabled: False # Deactivated OIDC due to this issue https://github.com/matrix-org/synapse/issues/10492 + enabled: False # Deactivated OIDC due to this issue https://github.com/matrix-org/synapse/issues/10492 + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe ## Moodle moodle: @@ -253,13 +305,19 @@ defaults_applications: email: "{{users.administrator.email}}" version: "latest" database: - central_storage: True # Activate Central Database Storage + central_storage: True # Activate Central Database Storage + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe ## MyBB mybb: version: "latest" database: - central_storage: True # Activate Central Database Storage + central_storage: True # Activate Central Database Storage + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe ## Nextcloud nextcloud: @@ -482,56 +540,74 @@ defaults_applications: whiteboard: # Nextcloud Whiteboard: provides a collaborative drawing and brainstorming tool (https://apps.nextcloud.com/apps/whiteboard) enabled: true - + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe + ## OAuth2 Proxy oauth2_proxy: configuration_file: "oauth2-proxy-keycloak.cfg" # Needs to be set true in the roles which use it version: "latest" # Docker Image version redirect_url: "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak. allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups - + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe + ## Open Project openproject: - version: "13" # Update when available. Sadly no rolling release implemented + version: "13" # Update when available. Sadly no rolling release implemented oauth2_proxy: - enabled: true # OpenProject doesn't support OIDC, so this procy in combination with LDAP is needed + enabled: true # OpenProject doesn't support OIDC, so this procy in combination with LDAP is needed application: "proxy" port: "80" -# cookie_secret: None # Set via openssl rand -hex 16 +# cookie_secret: None # Set via openssl rand -hex 16 ldap: - enabled: True # Enables LDAP by default + enabled: True # Enables LDAP by default database: - central_storage: True # Activate Central Database Storage + central_storage: True # Activate Central Database Storage css: - enabled: false # Temporary deactivated due to bugs - # @todo Solve and reactivate + enabled: false # Temporary deactivated due to bugs + # @todo Solve and reactivate + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe ## Peertube peertube: version: "bookworm" database: - central_storage: True # Activate Central Database Storage + central_storage: True # Activate Central Database Storage + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe ## PHPMyAdmin phpmyadmin: version: "latest" - autologin: false # This is a high security risk. Just activate this option if you know what you're doing + autologin: false # This is a high security risk. Just activate this option if you know what you're doing oauth2_proxy: enabled: true port: "80" application: "application" -# cookie_secret: None # Set via openssl rand -hex 16 +# cookie_secret: None # Set via openssl rand -hex 16 database: - central_storage: True # Activate Central Database Storage + central_storage: True # Activate Central Database Storage css: - enabled: False # The css needs more optimation for PHPMyAdmin + enabled: False # The css needs more optimation for PHPMyAdmin + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe ## Pixelfed pixelfed: titel: "Pictures on {{primary_domain}}" version: "latest" database: - central_storage: True # Activate Central Database Storage + central_storage: True # Activate Central Database Storage + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe ## Postgres # Please set an version in your inventory file - Rolling release for postgres isn't recommended @@ -541,18 +617,27 @@ defaults_applications: portfolio: database: central_storage: False # Portfolio doesn't use any database + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: false # Doesn't make sense to load landingpage in landingpage # Snipe-IT snipe_it: version: "latest" database: - central_storage: True # Activate Central Database Storage + central_storage: True # Activate Central Database Storage + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe ## Sphinx sphinx: version: "3.9-slim" # Use latest docker image repository_sphinx_source: "https://github.com/kevinveenbirkenbach/cymais.git" # Repository address to pull the source repository from sphinx_exec_dir_relative: "sphinx/" # The relative path to the sphinx Makefile folder from the source dir + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: true # Makes sense to make the documentary allways in iframe available ## Taiga @@ -560,6 +645,9 @@ defaults_applications: version: "latest" database: central_storage: True # Activate Central Database Storage + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe ## YOURLS yourls: @@ -575,6 +663,9 @@ defaults_applications: # cookie_secret: None # Set via openssl rand -hex 16 database: central_storage: True # Activate Central Database Storage + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe wordpress: # Deactivate Global theming for wordpress role @@ -583,7 +674,8 @@ defaults_applications: # # May a solution could be to generate a template or css file dedicated # for wordpress based on the theming values and import it. - css: - enabled: false database: - central_storage: True # Activate Central Database Storage \ No newline at end of file + central_storage: True # Activate Central Database Storage + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: false # CSS is hard to tweak for wordpress + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe \ No newline at end of file diff --git a/roles/corporate-identity/vars/main.yml b/roles/corporate-identity/vars/main.yml new file mode 100644 index 00000000..e69de29b diff --git a/roles/docker-matomo/vars/main.yml b/roles/docker-matomo/vars/main.yml index 835e99e6..e6d3eb26 100644 --- a/roles/docker-matomo/vars/main.yml +++ b/roles/docker-matomo/vars/main.yml @@ -4,8 +4,4 @@ database_type: "mariadb" database_password: "{{applications.matomo.database_password}}" # I don't know if this is still necessary -domain: "{{domains.matomo}}" - -# Disable matomo tracking, because otherwise recursiv loading technics would be neccessary -# This is the default value and it will be overwritten by set fact in main.yml -global_matomo_tracking_enabled: false \ No newline at end of file +domain: "{{domains.matomo}}" \ No newline at end of file diff --git a/roles/docker-portfolio/templates/config.yaml.j2 b/roles/docker-portfolio/templates/config.yaml.j2 index be4dbb6c..3bcd0473 100644 --- a/roles/docker-portfolio/templates/config.yaml.j2 +++ b/roles/docker-portfolio/templates/config.yaml.j2 @@ -25,7 +25,7 @@ accounts: class: fa-brands fa-mastodon url: "https://{{ service_provider.contact.mastodon.split('@')[2] }}/@{{ service_provider.contact.mastodon.split('@')[1] }}" identifier: "{{service_provider.contact.mastodon}}" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('mastodon') }} {% endif %} {% if service_provider.contact.bluesky is defined and service_provider.contact.bluesky != "" %} @@ -48,7 +48,7 @@ accounts: class: fa-solid fa-camera identifier: "{{service_provider.contact.pixelfed}}" url: "https://{{ service_provider.contact.pixelfed.split('@')[2] }}/@{{ service_provider.contact.pixelfed.split('@')[1] }}" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('pixelfed') }} {% endif %} {% if service_provider.contact.peertube is defined and service_provider.contact.peertube != "" %} @@ -60,7 +60,7 @@ accounts: class: fa-solid fa-video identifier: "{{service_provider.contact.peertube}}" url: "https://{{ service_provider.contact.peertube.split('@')[2] }}/@{{ service_provider.contact.peertube.split('@')[1] }}" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('peertube') }} {% endif %} {% if service_provider.contact.wordpress is defined and service_provider.contact.wordpress != "" %} @@ -72,7 +72,7 @@ accounts: class: fa-solid fa-blog identifier: "{{service_provider.contact.wordpress}}" url: "https://{{ service_provider.contact.wordpress.split('@')[2] }}/@{{ service_provider.contact.wordpress.split('@')[1] }}" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('wordpress') }} {% endif %} {% if service_provider.contact.source_code is defined and service_provider.contact.source_code != "" %} @@ -94,7 +94,7 @@ accounts: class: fas fa-network-wired identifier: "{{service_provider.contact.friendica}}" url: "https://{{ service_provider.contact.friendica.split('@')[2] }}/@{{ service_provider.contact.friendica.split('@')[1] }}" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('friendica') }} {% endif %} @@ -110,7 +110,7 @@ cards: text: "Experience the power of Matomo, an innovative open-source analytics platform that delivers real-time insights, robust visitor tracking, and privacy-first features to elevate your website performance. Dive into actionable data with unmatched precision and clarity!" url: https://{{domains.matomo}} link_text: "Discover Matomo Now!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('matomo') }} {% endif %} {% if "ldap" in group_names %} @@ -121,7 +121,7 @@ cards: text: "Unleash the potential of centralized identity management with our vibrant LDAP solution. Enjoy seamless authentication, efficient user management, and enhanced security that empowers your organization to stay connected, agile, and ahead of the curve in digital transformation." url: https://{{domains.ldap}} link_text: "Empower Your Network!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('ldap') }} {% endif %} {% if "keycloak" in group_names %} @@ -132,7 +132,7 @@ cards: text: "Step into a secure future with Keycloak! Our dynamic identity and access management solution offers streamlined SSO capabilities, robust security measures, and an intuitive user experience that propels your applications to unprecedented heights of performance and reliability." url: https://{{domains.keycloak}} link_text: "Secure Your Future Now!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('keycloak') }} {% endif %} {% if "nextcloud" in group_names %} @@ -143,7 +143,7 @@ cards: text: "Elevate your collaboration with Nextcloud, a vibrant self-hosted cloud solution designed for dynamic file sharing, seamless communication, and effortless teamwork. Embrace unparalleled control, flexibility, and a boosted digital workspace that adapts to your every need." url: https://{{domains.nextcloud}} link_text: "Experience Nextcloud Today!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('nextcloud') }} {% endif %} {% if "gitea" in group_names %} @@ -154,7 +154,7 @@ cards: text: "Boost your development journey with Gitea, a lightweight and energetic self-hosted Git service that offers efficient code collaboration, intuitive version control, and an agile environment for your projects. Ignite your coding spirit, innovate faster, and code with confidence!" url: https://{{domains.gitea}} link_text: "Ignite Your Code Now!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('gitea') }} {% endif %} {% if "wordpress" in group_names %} @@ -165,6 +165,8 @@ cards: text: "Unleash your creative potential with WordPress, a dynamic platform that empowers you to build, manage, and scale stunning websites and blogs effortlessly. Experience an ever-evolving ecosystem that inspires innovation and drives digital success with every click." url: https://{{domains.wordpress}} link_text: "Launch Your Site Today!" + iframe: {{ applications | get_landingpage_iframe_enabled('wordpress') }} + {% endif %} {% if "mediawiki" in group_names %} @@ -175,7 +177,7 @@ cards: text: "Empower your knowledge base with MediaWiki, a versatile and collaborative platform designed to build comprehensive, user-driven documentation. Embrace an energetic community and innovative tools that turn information into a vibrant, living resource." url: https://{{domains.mediawiki}} link_text: "Explore MediaWiki Now!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('mediawiki') }} {% endif %} {% if "mybb" in group_names %} @@ -186,7 +188,7 @@ cards: text: "Transform your community engagement with MyBB, a feature-rich forum solution that combines modern design with robust functionality. Enjoy dynamic discussions, intuitive moderation, and an energetic user interface that brings people together like never before." url: https://{{domains.mybb}} link_text: "Join the Conversation!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('mybb') }} {% endif %} {% if "yourls" in group_names %} @@ -197,7 +199,7 @@ cards: text: "Streamline your online presence with YOURLS, a nimble URL shortening solution that makes sharing links faster, easier, and more engaging. Enjoy the benefits of enhanced tracking and a user-friendly interface that energizes your digital strategy." url: https://{{domains.yourls}} link_text: "Shorten Links Instantly!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('yourls') }} {% endif %} {% if "mailu" in group_names %} @@ -208,7 +210,7 @@ cards: text: "Revolutionize your email communications with Mailu, a secure and flexible mail server solution that integrates seamlessly into your workflow. Experience enhanced reliability, robust security, and an energetic approach to managing your digital correspondence." url: https://{{domains.mailu}} link_text: "Elevate Your Email Now!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('mailu') }} {% endif %} {% if "mastodon" in group_names %} @@ -219,7 +221,7 @@ cards: text: "Dive into a decentralized social experience with Mastodon, a vibrant platform that redefines online communication with its community-driven approach. Enjoy a refreshing burst of innovation, freedom, and energetic interaction every time you connect." url: https://{{domains.mastodon}} link_text: "Join the Social Revolution!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('mastodon') }} {% endif %} {% if "pixelfed" in group_names %} @@ -230,7 +232,7 @@ cards: text: "Showcase your visual story with Pixelfed, an inspiring self-hosted image sharing platform that champions creativity and privacy. Revel in a dynamic, artistic environment where every photo is a window to endless possibilities and vibrant expression." url: https://{{domains.pixelfed}} link_text: "Share Your Vision Now!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('pixelfed') }} {% endif %} {% if "peertube" in group_names %} @@ -241,7 +243,7 @@ cards: text: "Embrace a new era of video hosting with PeerTube, a decentralized platform that empowers creators with freedom, innovation, and a community-focused approach. Experience seamless streaming and dynamic sharing that fuels your creative ambitions." url: https://{{domains.peertube}} link_text: "Stream with Freedom!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('peertube') }} {% endif %} {% if "bigbluebutton" in group_names %} @@ -252,7 +254,7 @@ cards: text: "Transform online learning and collaboration with BigBlueButton, an interactive web conferencing solution designed to energize virtual classrooms and meetings. Enjoy dynamic tools and an engaging environment that makes every session a powerful learning experience." url: https://{{domains.bigbluebutton}} link_text: "Start Your Virtual Session!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('bigbluebutton') }} {% endif %} {% if "funkwhale" in group_names %} @@ -263,7 +265,7 @@ cards: text: "Dive into a world of rhythm and sound with Funkwhale, an innovative self-hosted music sharing platform that celebrates creativity and community. Experience an energetic soundscape and seamless music streaming that amplifies your passion for tunes." url: https://{{domains.funkwhale}} link_text: "Jam Out Now!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('funkwhale') }} {% endif %} {% if "joomla" in group_names %} @@ -274,7 +276,7 @@ cards: text: "Elevate your website management with Joomla, a powerful content management system that fuses versatility with dynamic design. Experience a vibrant platform that inspires creativity and drives your digital presence to new, energetic heights." url: https://{{domains.joomla}} link_text: "Build with Joomla Today!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('joomla') }} {% endif %} {% if "attendize" in group_names %} @@ -285,7 +287,7 @@ cards: text: "Revolutionize your event management with Attendize, an energetic and intuitive platform designed to streamline ticketing and event planning. Enjoy a feature-rich, user-friendly solution that transforms every event into an unforgettable experience." url: https://{{domains.attendize}} link_text: "Plan Your Event Now!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('attendize') }} {% endif %} {% if "baserow" in group_names %} @@ -296,7 +298,7 @@ cards: text: "Empower your data management with Baserow, an innovative platform that makes building and managing databases both fun and efficient. Enjoy a dynamic interface, seamless collaboration, and energetic tools that supercharge your workflow." url: https://{{domains.baserow}} link_text: "Manage Data with Ease!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('baserow') }} {% endif %} {% if "listmonk" in group_names %} @@ -307,7 +309,7 @@ cards: text: "Elevate your email marketing with Listmonk, a high-energy, self-hosted solution that offers powerful newsletter management and analytics. Enjoy an intuitive design, robust features, and a spirited approach that takes your campaigns to the next level." url: https://{{domains.listmonk}} link_text: "Boost Your Campaigns Now!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('listmonk') }} {% endif %} {% if "discourse" in group_names %} @@ -318,7 +320,7 @@ cards: text: "Ignite community conversations with Discourse, an innovative forum platform that redefines online discussions with its modern, engaging interface. Experience an energetic, user-friendly environment that brings people together and fuels vibrant exchanges." url: https://{{domains.discourse}} link_text: "Join the Discussion!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('discourse') }} {% endif %} {% if "matrix" in group_names %} @@ -329,7 +331,7 @@ cards: text: "Step into the future of communication with Matrix, a dynamic and decentralized platform that delivers secure, real-time messaging and collaboration. Enjoy an innovative ecosystem that energizes your digital interactions and connects you globally." url: https://{{domains.matrix_synapse}} link_text: "Connect on Matrix Now!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('matrix') }} {% endif %} {% if "openproject" in group_names %} @@ -340,7 +342,7 @@ cards: text: "Transform your project management with OpenProject, a vibrant and collaborative tool that brings clarity and energy to your planning, tracking, and team communication. Experience streamlined workflows and an innovative platform that propels your projects forward." url: https://{{domains.openproject}} link_text: "Manage Projects Dynamically!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('openproject') }} {% endif %} {% if "gitlab" in group_names %} @@ -351,7 +353,7 @@ cards: text: "Accelerate your software development with GitLab, an energetic, all-in-one platform for source code management and continuous integration. Experience a robust, collaborative environment that empowers teams to innovate and deliver exceptional results." url: https://{{domains.gitlab}} link_text: "Revolutionize Your DevOps!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('gitlab') }} {% endif %} {% if "akaunting" in group_names %} @@ -362,7 +364,7 @@ cards: text: "Empower your financial management with Akaunting, a dynamic and feature-rich accounting platform designed to simplify your bookkeeping and boost your business growth. Enjoy intuitive tools, real-time insights, and an energetic approach to your finances." url: https://{{domains.akaunting}} link_text: "Transform Your Finances Today!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('akaunting') }} {% endif %} {% if "moodle" in group_names %} @@ -373,7 +375,7 @@ cards: text: "Ignite the learning experience with Moodle, a powerful and versatile platform for online education that energizes classrooms and fosters interactive learning. Embrace innovative tools, engaging content, and a dynamic community of educators and learners." url: https://{{domains.moodle}} link_text: "Start Learning Now!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('moodle') }} {% endif %} {% if "taiga" in group_names %} @@ -384,7 +386,7 @@ cards: text: "Supercharge your project management with Taiga, a dynamic and agile tool designed for teams that thrive on creativity and collaboration. Experience a vibrant interface, robust task tracking, and an energetic platform that drives your projects to success." url: https://{{domains.taiga}} link_text: "Boost Your Projects Now!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('taiga') }} {% endif %} {% if "friendica" in group_names %} @@ -395,7 +397,7 @@ cards: text: "Connect and share like never before with Friendica, an innovative social networking platform that celebrates community, freedom, and dynamic interactions. Enjoy a spirited and open environment where every connection is a step toward a more engaging digital world." url: https://{{domains.friendica}} link_text: "Join the Social Movement!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('friendica') }} {% endif %} {% if "portfolio" in group_names %} @@ -406,7 +408,7 @@ cards: text: "Showcase your professional journey with Portfolio, a dynamic platform that combines creativity and functionality to highlight your achievements. Experience an energetic design, intuitive features, and a compelling way to present your work to the world." url: https://{{domains.portfolio}} link_text: "Elevate Your Profile Now!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('portfolio') }} {% endif %} {% if "bluesky" in group_names %} @@ -417,7 +419,7 @@ cards: text: "Soar to new digital heights with Bluesky, an innovative platform that reimagines social networking with its forward-thinking, community-driven approach. Experience a burst of energy, creativity, and the freedom to connect in a truly inspiring way." url: https://{{domains.bluesky}} link_text: "Soar with Bluesky Today!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('bluesky') }} {% endif %} @@ -429,7 +431,7 @@ cards: text: "Unlock comprehensive insights with our extensive documentation. Explore guides, tutorials, and support resources designed to help you navigate our software effortlessly." url: https://{{domains.sphinx}} link_text: "Explore Documentation Now!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('sphinx') }} {% endif %} @@ -442,7 +444,7 @@ cards: text: "Manage your databases with confidence using PHPMyAdmin, a robust and dynamic tool designed to simplify administration and enhance productivity. Enjoy an intuitive interface, powerful features, and an energetic approach that makes database management a breeze." url: https://{{domains.phpmyadmin}} link_text: "Optimize Your Database Now!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('phpmyadmin') }} {% endif %} {% if "snipe_it" in group_names %} @@ -453,7 +455,7 @@ cards: text: "Streamline your asset management with SNIPE-IT, a cutting-edge solution that brings efficiency, clarity, and energy to tracking your hardware and software inventory. Experience a user-friendly design and dynamic features that make asset management simple and engaging." url: https://{{domains.snipe_it}} link_text: "Manage Assets Effortlessly!" - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('snipe_it') }} {% endif %} @@ -540,7 +542,7 @@ navigation: icon: class: fa-brands fa-discourse url: https://{{domains.discourse}}/ - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('discourse') }} {% endif %} {% if "moodle" in group_names %} @@ -550,7 +552,7 @@ navigation: icon: class: fa-solid fa-graduation-cap url: https://{{domains.moodle}}/ - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('moodle') }} {% endif %} {% if "listmonk" in group_names %} @@ -560,7 +562,7 @@ navigation: icon: class: fa-solid fa-envelope-open-text url: https://{{domains.listmonk}}/subscription/form - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('listmonk') }} {% endif %} {% endif %} @@ -579,7 +581,7 @@ navigation: icon: class: fa-solid fa-tasks url: https://{{domains.openproject}}/ - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('openproject') }} {% endif %} {% if "taiga" in group_names %} @@ -589,7 +591,7 @@ navigation: icon: class: bi bi-clipboard2-check-fill url: https://{{domains.taiga}}/ - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('taiga') }} {% endif %} {% if "snipe_it" in group_names %} @@ -599,7 +601,7 @@ navigation: icon: class: fas fa-box-open url: https://{{domains.snipe_it}}/ - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('snipe_it') }} {% endif %} {% endif %} @@ -617,7 +619,7 @@ navigation: icon: class: fa-solid fa-comment url: https://{{domains.matrix_element}}/ - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('matrix') }} {% endif %} {% if "bigbluebutton" in group_names %} @@ -627,7 +629,7 @@ navigation: icon: class: fa-solid fa-video url: https://{{domains.bigbluebutton}}/ - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('bigbluebutton') }} {% endif %} {% if "mailu" in group_names %} @@ -637,7 +639,7 @@ navigation: icon: class: fa-solid fa-envelope url: https://{{domains.mailu}}/ - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('mailu') }} {% endif %} {% endif %} @@ -655,7 +657,7 @@ navigation: icon: class: fa-solid fa-chart-simple url: https://{{domains.matomo}}/ - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('matomo') }} {% endif %} {% if "phpmyadmin" in group_names %} @@ -665,7 +667,7 @@ navigation: icon: class: fas fa-database url: https://{{domains.phpmyadmin}}/ - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('phpmyadmin') }} {% endif %} {% if "keycloak" in group_names %} @@ -675,7 +677,7 @@ navigation: icon: class: fas fa-user-shield url: https://{{domains.keycloak}}/admin - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('keycloak') }} {% endif %} {% if "ldap" in group_names %} @@ -685,7 +687,7 @@ navigation: icon: class: fas fa-key url: https://{{domains.ldap}}/ - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('ldap') }} {% endif %} {% endif %} @@ -703,7 +705,7 @@ navigation: icon: class: fa-solid fa-table url: https://{{domains.baserow}}/ - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('baserow') }} {% endif %} {% if "yourls" in group_names %} @@ -713,7 +715,7 @@ navigation: icon: class: bi bi-link url: https://{{domains.yourls}}/admin/ - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('yourls') }} {% endif %} {% if "nextcloud" in group_names %} @@ -723,7 +725,7 @@ navigation: icon: class: fa-solid fa-cloud url: https://{{domains.nextcloud}}/ - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('nextcloud') }} {% endif %} {% endif %} @@ -762,7 +764,7 @@ navigation: icon: class: fas fa-book url: https://{{domains.sphinx}} - iframe: true + iframe: {{ applications | get_landingpage_iframe_enabled('sphinx') }} {% endif %} diff --git a/roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2 b/roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2 new file mode 100644 index 00000000..392cb05d --- /dev/null +++ b/roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2 @@ -0,0 +1,4 @@ +{% if landingpage_iframe_enabled | bool %} + add_header X-Frame-Options "SAMEORIGIN" always; # Allow iframe embedding only from the same origin + add_header Content-Security-Policy "frame-ancestors {{primary_domain}};" always; # Restrict embedding to the specified primary domain +{% endif %} diff --git a/roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2 b/roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2 index daaf3e60..09b2019d 100644 --- a/roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2 +++ b/roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2 @@ -14,12 +14,7 @@ location {{location | default("/")}} proxy_set_header X-Forwarded-Port 443; proxy_set_header Accept-Encoding ""; - -{% if nginx.iframe | bool %} - # activate embedding via iframe - add_header X-Frame-Options "SAMEORIGIN" always; - add_header Content-Security-Policy "frame-ancestors {{primary_domain}} 'self' *.{{primary_domain}};" always; -{% endif %} + {% include 'iframe.conf.j2' %} # WebSocket specific header proxy_http_version 1.1; diff --git a/roles/nginx-modifier-all/tasks/main.yml b/roles/nginx-modifier-all/tasks/main.yml index 56a229ed..2efbd5b9 100644 --- a/roles/nginx-modifier-all/tasks/main.yml +++ b/roles/nginx-modifier-all/tasks/main.yml @@ -6,4 +6,4 @@ - name: "Activate Global Matomo Tracking for {{domain}}" include_role: name: nginx-modifier-matomo - when: global_matomo_tracking_enabled | bool \ No newline at end of file + when: matomo_tracking_enabled | bool \ No newline at end of file diff --git a/roles/nginx-modifier-all/templates/global.includes.conf.j2 b/roles/nginx-modifier-all/templates/global.includes.conf.j2 index 33bd8c73..c34cac42 100644 --- a/roles/nginx-modifier-all/templates/global.includes.conf.j2 +++ b/roles/nginx-modifier-all/templates/global.includes.conf.j2 @@ -2,16 +2,16 @@ sub_filter_once off; sub_filter_types text/html; -{% if global_matomo_tracking_enabled | bool %} +{% if matomo_tracking_enabled | bool %} {# Include Global Matomo Tracking #} {% include 'roles/nginx-modifier-matomo/templates/matomo-tracking.conf.j2' %} {% endif %} -{% if applications | get_css_enabled(application_id) or global_matomo_tracking_enabled | bool%} - sub_filter '' '{% if global_matomo_tracking_enabled | bool %}{% include 'roles/nginx-modifier-matomo/templates/script.j2' %}{% endif %}{% if applications | get_css_enabled(application_id) %}{% include 'roles/nginx-modifier-css/templates/link.j2' %}{% endif %}'; +{% if css_enabled | bool or matomo_tracking_enabled | bool %} + sub_filter '' '{% if matomo_tracking_enabled | bool %}{% include 'roles/nginx-modifier-matomo/templates/script.j2' %}{% endif %}{% if css_enabled | bool %}{% include 'roles/nginx-modifier-css/templates/link.j2' %}{% endif %}'; {% endif %} -{% if applications | get_css_enabled(application_id) %} +{% if css_enabled | bool %} {# Include Global CSS Location #} {% include 'roles/nginx-modifier-css/templates/location.conf.j2' %} {% endif %} diff --git a/roles/nginx-modifier-all/vars/main.yml b/roles/nginx-modifier-all/vars/main.yml new file mode 100644 index 00000000..c47120cb --- /dev/null +++ b/roles/nginx-modifier-all/vars/main.yml @@ -0,0 +1,3 @@ +matomo_tracking_enabled: "{{ matomo_tracking_enabled | default(applications | get_matomo_tracking_enabled(application_id)) }}" +css_enabled: "{{ css_enabled | default (applications | get_css_enabled(application_id)) }}" +landingpage_iframe_enabled: "{{ landingpage_iframe_enabled | default (applications | get_landingpage_iframe_enabled(application_id)) }}"