kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-03-26 03:03:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Big cleanup

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-03-20 02:20:00 +01:00
parent 6520350731
commit 836a3e0238
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
22 changed files with 91 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
filter_plugins/configuration_filters.py
View File

@ -1,35 +1,23 @@
import yaml
def get_oauth2_enabled(applications:yaml, application_id:string):
def get_oauth22_enabled(applications, application_id):
# Retrieve the application dictionary based on the ID
app = applications.get(application_id, {})
# Retrieve the value for oauth2_proxy.enabled, default is False
enabled = app.get('oauth2_proxy', {}).get('enabled', False)
return bool(enabled)
def get_oidc_enabled(applications:yaml, application_id:string):
def get_oidc_enabled(applications, application_id):
# Retrieve the application dictionary based on the ID
app = applications.get(application_id, {})
# Retrieve the value for oidc.enabled, default is False
enabled = app.get('oidc', {}).get('enabled', False)
return bool(enabled)
def get_css_enabled(applications:yaml, application_id:string):
app = applications.get(application_id)
enabled = app.get('css_enabled')
return bool(enabled)
def get_landingpage_iframe_enabled(applications:yaml, application_id:string):
def get_landingpage_iframe_enabled(applications, application_id):
app = applications.get(application_id)
enabled = app.get('landingpage_iframe_enabled')
return bool(enabled)
def get_matomo_tracking_enabled(applications:yaml, application_id:string):
app = applications.get(application_id)
enabled = app.get('matomo_tracking_enabled')
return bool(enabled)
def get_database_central_storage(applications:yaml, application_id:string):
def get_database_central_storage(applications, application_id):
"""
Retrieve the type of the database from the application dictionary.
The expected key structure is: applications[application_id]['database']['central_storage'].
@ -42,10 +30,8 @@ def get_database_central_storage(applications:yaml, application_id:string):
class FilterModule(object):
def filters(self):
return {
'get_css_enabled': get_css_enabled,
'get_oidc_enabled': get_oidc_enabled,
'get_oauth2_enabled': get_oauth2_enabled,
'get_oauth2_enabled': get_oauth22_enabled,
'get_database_central_storage': get_database_central_storage,
'get_landingpage_iframe_enabled': get_landingpage_iframe_enabled,
'get_matomo_tracking_enabled': get_matomo_tracking_enabled,
}

4
group_vars/all/00_general.yml
View File

@ -68,4 +68,6 @@ matomo_tracking_enabled_default: true # Enables\Disables Matomo track
css_enabled_default: true # Enables\Disables Global CSS on all html pages by default.
## iframe for primary domain
landingpage_iframe_enabled_default: false # Enables\Disables the possibility to be embedded via iframe by default.
# Enables\Disables the possibility to be embedded via iframe by default.
# Enable conciously on every app in which it makes sense, due to that this a potential security risk
landingpage_iframe_enabled_default: false

49
group_vars/all/07_applications.yml
View File

@ -98,6 +98,12 @@ defaults_applications:
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## File Server
file_server:
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "true" # Landingpage should be embeded in portfolio
## Friendica
friendica:
version: "latest"
@ -122,21 +128,21 @@ defaults_applications:
## Gitea
gitea:
version: "latest" # Use latest docker image
version: "latest" # Use latest docker image
database:
central_storage: True # Activate Central Database Storage
central_storage: True # Activate Central Database Storage
configuration:
repository:
enable_push_create_user: True # Allow users to push local repositories to Gitea and have them automatically created for a user.
default_private: last # Default private when creating a new repository: last, private, public
default_push_create_private: True # Default private when creating a new repository with push-to-create.
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
enable_push_create_user: True # Allow users to push local repositories to Gitea and have them automatically created for a user.
default_private: last # Default private when creating a new repository: last, private, public
default_push_create_private: True # Default private when creating a new repository with push-to-create.
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## Gitlab
gitlab:
version: "latest"
version: "latest"
database:
central_storage: True # Activate Central Database Storage
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
@ -145,11 +151,23 @@ defaults_applications:
## Joomla
joomla:
version: "latest"
version: "latest"
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## HTML Server
html_server:
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "true" # Landingpage should be embeded in portfolio
## Imprint
imprint:
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "true" # Landingpage should be embeded in portfolio
## Keycloak
keycloak:
version: "latest"
@ -186,7 +204,6 @@ defaults_applications:
username: "{{users.administrator.username}}"
ldap:
enabled: True # Should have the same value as applications.ldap.openldap.network.local.
force_import: false # Forces the import of the LDIF files when set to true
oauth2_proxy:
enabled: true # Activate the OAuth2 Proxy for the LDAP Webinterface
application: lam # Needs to be the same as webinterface
@ -196,6 +213,7 @@ defaults_applications:
central_storage: false # LDAP doesn't use an database in the current configuration. Propably a good idea to implement one later.
# administrator_password: # CHANGE for security reasons in inventory file
# administrator_database_password: # CHANGE for security reasons in inventory file
force_import: False # Forces the import of the LDIF files
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
@ -230,7 +248,7 @@ defaults_applications:
# initial_administrator_password: # Initial administrator password for setup
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
landingpage_iframe_enabled: true # Default enabled because working well in iframe
## MariaDB
mariadb:
@ -331,7 +349,9 @@ defaults_applications:
# @see https://apps.nextcloud.com/apps/oidc_login
# @see https://apps.nextcloud.com/apps/sociallogin
flavor: "oidc_login" # Keeping on sociallogin because the other option is not implemented yet
force_import: False # Forces the import of the LDIF files
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "true" # Enables\Disables the possibility to embed this on landing page via iframe
database:
central_storage: True # Activate Central Database Storage
credentials:
@ -540,9 +560,6 @@ defaults_applications:
whiteboard:
# Nextcloud Whiteboard: provides a collaborative drawing and brainstorming tool (https://apps.nextcloud.com/apps/whiteboard)
enabled: true
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
## OAuth2 Proxy
oauth2_proxy:

BIN
images/favicon.ico Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 162 KiB

0
sphinx/_static/img/logo_cymais.png → images/logo.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 286 KiB

After

Width:  |  Height:  |  Size: 286 KiB

0
roles/corporate-identity/vars/main.yml
View File

2
roles/docker-nextcloud/templates/nginx/docker.conf.j2
View File

@ -71,10 +71,10 @@ http {
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always;
{% include 'roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2' %}
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;

8
roles/docker-nextcloud/vars/system.yml
View File

@ -12,4 +12,10 @@ nextcloud_system_config:
value: "{{ on_calendar_nextcloud }}"
- parameter: "default_phone_region"
value: "{{ locale | upper }}"
value: "{{ locale | upper }}"
- parameter: "trusted_domains 0"
value: "{{domains[application_id]}}"
- parameter: "overwrite.cli.url"
value: "https://{{domains[application_id]}}"

4
roles/docker-portfolio/tasks/main.yml
View File

@ -36,5 +36,7 @@
when: not config_file.stat.exists
- name: add docker-compose.yml
template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
template:
src: docker-compose.yml.j2
dest: "{docker_compose.directories.instance}}docker-compose.yml"
notify: docker compose project setup

4
roles/docker-portfolio/templates/config.yaml.j2
View File

@ -10,6 +10,9 @@ accounts:
description: Platforms where I share content.
icon:
class: fas fa-newspaper
{% if ["mastodon", "bluesky"] | any_in(group_names) %}
children:
- name: Microblogs
description: Stay updated with {{ 'our' if service_provider.type == 'legal' else 'my' }} microblogs.
@ -39,6 +42,7 @@ accounts:
- link: accounts.publishingchannels.microblogs.mastodon
identifier: "{{service_provider.contact.bluesky}}"
{% endif %}
{% endif %}
{% if service_provider.contact.pixelfed is defined and service_provider.contact.pixelfed != "" %}

4
roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2
View File

@ -1,4 +1,4 @@
{% if landingpage_iframe_enabled | bool %}
add_header X-Frame-Options "SAMEORIGIN" always; # Allow iframe embedding only from the same origin
add_header X-Frame-Options "SAMEORIGIN" always; # Allow iframe embedding only from the same origin
{% if landingpage_iframe_enabled | default(applications.get(application_id).get('landingpage_iframe_enabled')) | bool %}
add_header Content-Security-Policy "frame-ancestors {{primary_domain}};" always; # Restrict embedding to the specified primary domain
{% endif %}

2
roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2
View File

@ -14,7 +14,7 @@ location {{location | default("/")}}
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Accept-Encoding "";
{% include 'iframe.conf.j2' %}
{% include 'roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2' %}
# WebSocket specific header
proxy_http_version 1.1;

2
roles/nginx-domain-setup/tasks/main.yml
View File

@ -11,4 +11,4 @@
- name: "include the docker-oauth2-proxy role {{domain}}"
include_role:
name: docker-oauth2-proxy
when: applications | get_oauth2_enabled(application_id)
when: final_oauth2_enabled | bool

3
roles/nginx-domain-setup/vars/main.yml
View File

@ -1 +1,2 @@
configuration_destination: "{{nginx.directories.http.servers}}{{domain}}.conf"
configuration_destination: "{{nginx.directories.http.servers}}{{domain}}.conf"
final_oauth2_enabled: "{{applications[application_id].get('oauth2_proxy', {}).get('enabled', False)}}"

4
roles/nginx-modifier-all/tasks/main.yml
View File

@ -1,9 +1,9 @@
- name: "Activate Global CSS for {{domain}}"
include_role:
name: nginx-modifier-css
when: applications | get_css_enabled(application_id)
when: applications.get(application_id).get('css_enabled') | bool
- name: "Activate Global Matomo Tracking for {{domain}}"
include_role:
name: nginx-modifier-matomo
when: matomo_tracking_enabled | bool
when: applications.get(application_id).get('matomo_tracking_enabled') | bool

12
roles/nginx-modifier-all/templates/global.includes.conf.j2
View File

@ -2,16 +2,20 @@
sub_filter_once off;
sub_filter_types text/html;
{% if matomo_tracking_enabled | bool %}
{% set css_enabled_final = applications.get(application_id).get('css_enabled') | bool %}
{% set matomo_tracking_enabled_final = applications.get(application_id).get('matomo_tracking_enabled') | bool %}
{% if matomo_tracking_enabled_final | bool %}
{# Include Global Matomo Tracking #}
{% include 'roles/nginx-modifier-matomo/templates/matomo-tracking.conf.j2' %}
{% endif %}
{% if css_enabled | bool or matomo_tracking_enabled | bool %}
sub_filter '</head>' '{% if matomo_tracking_enabled | bool %}{% include 'roles/nginx-modifier-matomo/templates/script.j2' %}{% endif %}{% if css_enabled | bool %}{% include 'roles/nginx-modifier-css/templates/link.j2' %}{% endif %}</head>';
{% if css_enabled_final | bool or matomo_tracking_enabled_final | bool %}
sub_filter '</head>' '{% if matomo_tracking_enabled_final | bool %}{% include 'roles/nginx-modifier-matomo/templates/script.j2' %}{% endif %}{% if css_enabled_final | bool %}{% include 'roles/nginx-modifier-css/templates/link.j2' %}{% endif %}</head>';
{% endif %}
{% if css_enabled | bool %}
{% if css_enabled_final | bool %}
{# Include Global CSS Location #}
{% include 'roles/nginx-modifier-css/templates/location.conf.j2' %}
{% endif %}

3
roles/nginx-modifier-all/vars/main.yml
View File

@ -1,3 +0,0 @@
matomo_tracking_enabled: "{{ matomo_tracking_enabled | default(applications | get_matomo_tracking_enabled(application_id)) }}"
css_enabled: "{{ css_enabled | default (applications | get_css_enabled(application_id)) }}"
landingpage_iframe_enabled: "{{ landingpage_iframe_enabled | default (applications | get_landingpage_iframe_enabled(application_id)) }}"

1
roles/nginx-serve-html-legal/vars/main.yml Normal file
View File

@ -0,0 +1 @@
application_id: "imprint" # Application identifier

1
sphinx/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
_static/img/*

24
sphinx/Makefile
View File

@ -1,20 +1,24 @@
# Minimal makefile for Sphinx documentation
# Minimal Makefile for Sphinx documentation
#
# You can set these variables from the command line, and also
# from the environment
SPHINXOPTS ?= -c .
SPHINXBUILD ?= sphinx-build
SPHINX_SOURCE_DIR ?= ../
SPHINX_BUILD_DIR ?= ../docs
SPHINXOPTS ?= -c .
SPHINXBUILD ?= sphinx-build
SPHINX_SOURCE_DIR ?= ../
SPHINX_BUILD_DIR ?= ../docs
# Put it first so that "make" without argument is like "make help".
.PHONY: help install copy-images Makefile
# Copy images before running any Sphinx command (except for help)
copy-images:
@echo "Copying images from ../images/ to ./_static/img/..."
cp -r ../images/* ./_static/img/
# "help" target does not copy images
help:
@$(SPHINXBUILD) -M help "$(SPHINX_SOURCE_DIR)" "$(SPHINX_BUILD_DIR)" $(SPHINXOPTS) $(O)
.PHONY: help install Makefile
# Catch-all target: route all unknown targets to Sphinx using the new
# "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS).
# "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS).
%: Makefile
@$(SPHINXBUILD) -M $@ "$(SPHINX_SOURCE_DIR)" "$(SPHINX_BUILD_DIR)" $(SPHINXOPTS) $(O)

4
sphinx/conf.py
View File

@ -31,8 +31,8 @@ html_sidebars = {
]
}
cymais_logo = "_static/img/logo_cymais.png"
html_favicon = cymais_logo
cymais_logo = "_static/img/logo.png"
html_favicon = "_static/img/favicon.ico"
html_theme_options = {
"show_prev_next": False,

2
tasks/update-repository-with-files.yml
View File

@ -4,7 +4,7 @@
- name: "Merge detached_files with applications.oauth2_proxy.configuration_file"
ansible.builtin.set_fact:
merged_detached_files: "{{ detached_files + [applications.oauth2_proxy.configuration_file] }}"
when: applications | get_oauth2_enabled(application_id)
when: applications[application_id].get('oauth2_proxy', {}).get('enabled', False) | bool
- name: "backup detached files"
command: >