feat(nextcloud): integrate Talk & Whiteboard; refactor to NEXTCLOUD_* vars; full-stack setup

config(ports): add Nextcloud websocket port (4003); canonical domains (nextcloud/talk/whiteboard) refactor: unify get_app_conf usage & Jinja spacing; migrate paths/handlers to new NEXTCLOUD_* vars feat(plugins): split plugin routines; configure Whiteboard via occ (URL + JWT) fix(oidc): use NEXTCLOUD_URL for logout; correct LDAP attribute mappings; add OIDC flavor switch feat: Whiteboard container & reverse-proxy location; Talk STUN/WS ports; Redis URL for Whiteboard chore: drop obsolete TODO; minor cleanups in oauth2-proxy, matrix, peertube, pgadmin, phpldapadmin, pixelfed, phpmyadmin security(schema): Bluesky jwt_secret now base64_prefixed_32; add Nextcloud whiteboard_jwt_secret db: normalize postgres image tag templating; central DB host checks spacing fixes ops: add full-stack bootstrap (certs, proxy, volumes); internal nginx config reload handler update refs: https://chatgpt.com/share/68b5f5b7-8d64-800f-b001-1241f818dc0e
2025-10-31 10:19:09 +00:00 · 2025-09-01 21:37:02 +02:00
parent 110381e80c
commit 7ca8b7c71d
48 changed files with 276 additions and 201 deletions
--- a/roles/web-app-bluesky/schema/main.yml
+++ b/roles/web-app-bluesky/schema/main.yml
@@ -1,8 +1,8 @@
 credentials:
  jwt_secret:
-    description: "Secret used for JWT signing (base64, 64 bytes)"
-    algorithm: "plain"
-    validation: "^[A-Za-z0-9+/=]{86,}$"  # 64 bytes base64 = ~86 characters without newline
+    description: "Secret used for JWT signing"
+    algorithm: "base64_prefixed_32"
+    validation: "^base64:[A-Za-z0-9+/]{43}=$"
  plc_rotation_key_k256_private_key_hex:
    description: "PLC rotation key in hex format (32 bytes)"
    algorithm: "sha256"