kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-15 08:30:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

Restructured server config

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-08-07 11:31:06 +02:00
parent 99c6c9ec92
commit 9228d51e86
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
69 changed files with 770 additions and 677 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
filter_plugins/alias_domains_map.py
View File

@ -39,7 +39,7 @@ class FilterModule(object):
# 1) Precompute canonical domains per app (fallback to default)
canonical_map = {}
for app_id, cfg in apps.items():
domains_cfg = cfg.get('domains') or {}
domains_cfg = cfg.get('server',{}).get('domains',{})
entry = domains_cfg.get('canonical')
if entry is None:
canonical_map[app_id] = [default_domain(app_id, primary_domain)]
@ -49,13 +49,13 @@ class FilterModule(object):
canonical_map[app_id] = list(entry)
else:
raise AnsibleFilterError(
f"Unexpected type for 'domains.canonical' in application '{app_id}': {type(entry).__name__}"
f"Unexpected type for 'server.domains.canonical' in application '{app_id}': {type(entry).__name__}"
)
# 2) Build alias list per app
result = {}
for app_id, cfg in apps.items():
domains_cfg = cfg.get('domains')
domains_cfg = cfg.get('server',{}).get('domains')
# no domains key → no aliases
if domains_cfg is None:

4
filter_plugins/canonical_domains_map.py
View File

@ -28,7 +28,7 @@ class FilterModule(object):
f"expected a dict, got {cfg!r}"
)
domains_cfg = cfg.get('domains')
domains_cfg = cfg.get('server',{}).get('domains',{})
if not domains_cfg or 'canonical' not in domains_cfg:
self._add_default_domain(app_id, primary_domain, seen_domains, result)
continue
@ -64,7 +64,7 @@ class FilterModule(object):
self._process_canonical_domains_list(app_id, canonical_domains, seen_domains, result)
else:
raise AnsibleFilterError(
f"Unexpected type for 'domains.canonical' in application '{app_id}': "
f"Unexpected type for 'server.domains.canonical' in application '{app_id}': "
f"{type(canonical_domains).__name__}"
)

6
filter_plugins/domain_redirect_mappings.py
View File

@ -36,7 +36,7 @@ class FilterModule(object):
# 1) Compute canonical domains per app (always as a list)
canonical_map = {}
for app_id, cfg in apps.items():
domains_cfg = cfg.get('domains') or {}
domains_cfg = cfg.get('server',{}).get('domains',{})
entry = domains_cfg.get('canonical')
if entry is None:
canonical_map[app_id] = [default_domain(app_id, primary_domain)]
@ -46,13 +46,13 @@ class FilterModule(object):
canonical_map[app_id] = list(entry)
else:
raise AnsibleFilterError(
f"Unexpected type for 'domains.canonical' in application '{app_id}': {type(entry).__name__}"
f"Unexpected type for 'server.domains.canonical' in application '{app_id}': {type(entry).__name__}"
)
# 2) Compute alias domains per app
alias_map = {}
for app_id, cfg in apps.items():
domains_cfg = cfg.get('domains')
domains_cfg = cfg.get('server',{}).get('domains',{})
if domains_cfg is None:
alias_map[app_id] = []
continue

9
roles/web-app-akaunting/config/main.yml
View File

@ -7,10 +7,11 @@ features:
css: true
port-ui-desktop: true
central_database: true
logout: true
domains:
canonical:
- "accounting.{{ primary_domain }}"
logout: true
server:
domains:
canonical:
- "accounting.{{ primary_domain }}"
docker:
services:
database:

9
roles/web-app-attendize/config/main.yml
View File

@ -6,13 +6,14 @@ features:
css: true
port-ui-desktop: true
central_database: true
logout: true
logout: true
docker:
services:
redis:
enabled: true
database:
enabled: true
domains:
canonical:
- "tickets.{{ primary_domain }}"
server:
domains:
canonical:
- "tickets.{{ primary_domain }}"

8
roles/web-app-baserow/config/main.yml
View File

@ -18,7 +18,7 @@ docker:
name: "baserow"
volumes:
data: "baserow_data"
domains:
canonical:
- baserow.{{ primary_domain }}
server:
domains:
canonical:
- baserow.{{ primary_domain }}

19
roles/web-app-bigbluebutton/config/main.yml
View File

@ -12,13 +12,14 @@ features:
oidc: true
central_database: false
logout: true
domains:
canonical:
- "meet.{{ primary_domain }}"
csp:
flags:
script-src-elem:
unsafe-inline: true
style-src:
unsafe-inline: true
server:
csp:
flags:
script-src-elem:
unsafe-inline: true
style-src:
unsafe-inline: true
domains:
canonical:
- "meet.{{ primary_domain }}"
credentials: {}

11
roles/web-app-bluesky/config/main.yml
View File

@ -7,11 +7,12 @@ features:
css: true
port-ui-desktop: true
central_database: true
logout: true
domains:
canonical:
web: "bskyweb.{{ primary_domain }}"
api: "bluesky.{{ primary_domain }}"
logout: true
server:
domains:
canonical:
web: "bskyweb.{{ primary_domain }}"
api: "bluesky.{{ primary_domain }}"
docker:
services:
database:

7
roles/web-app-collabora/config/main.yml
View File

@ -1,6 +1,7 @@
domains:
canonical:
- "collabora.{{ primary_domain }}"
server:
domains:
canonical:
- "collabora.{{ primary_domain }}"
docker:
services:
redis:

25
roles/web-app-discourse/config/main.yml
View File

@ -7,18 +7,19 @@ features:
central_database: true
ldap: false # @todo implement and activate
logout: true
csp:
flags:
style-src:
unsafe-inline: true
script-src-elem:
unsafe-inline: true
whitelist:
font-src:
- "http://*.{{primary_domain}}"
domains:
canonical:
- "forum.{{ primary_domain }}"
server:
csp:
flags:
style-src:
unsafe-inline: true
script-src-elem:
unsafe-inline: true
whitelist:
font-src:
- "http://*.{{primary_domain}}"
domains:
canonical:
- "forum.{{ primary_domain }}"
docker:
services:
database:

8
roles/web-app-elk/config/main.yml
View File

@ -1,6 +1,6 @@
features:
logout: false # Just deactivated to oppress warnings, elk is anyhow not running
domains:
canonical:
- elk.{{ primary_domain }}
server:
domains:
canonical:
- elk.{{ primary_domain }}

41
roles/web-app-espocrm/config/main.yml
View File

@ -6,26 +6,27 @@ features:
oidc: true
central_database: true
logout: true
csp:
flags:
script-src-elem:
unsafe-inline: true
unsafe-eval: true
style-src:
unsafe-inline: true
script-src:
unsafe-eval: true
whitelist:
connect-src:
- wss://espocrm.{{ primary_domain }}
- "data:"
frame-src:
- https://s.espocrm.com/
domains:
aliases:
- "crm.{{ primary_domain }}"
canonical:
- espocrm.{{ primary_domain }}
server:
csp:
flags:
script-src-elem:
unsafe-inline: true
unsafe-eval: true
style-src:
unsafe-inline: true
script-src:
unsafe-eval: true
whitelist:
connect-src:
- wss://espocrm.{{ primary_domain }}
- "data:"
frame-src:
- https://s.espocrm.com/
domains:
aliases:
- "crm.{{ primary_domain }}"
canonical:
- espocrm.{{ primary_domain }}
email:
from_name: "Customer Relationship Management ({{ primary_domain }})"
docker:

25
roles/web-app-friendica/config/main.yml
View File

@ -9,18 +9,19 @@ features:
ldap: true
oauth2: false # No special login side which could be protected, use 2FA of Friendica instead
logout: true
domains:
canonical:
- "social.{{ primary_domain }}"
csp:
flags:
script-src-elem:
unsafe-inline: true
script-src:
unsafe-inline: true
unsafe-eval: true
style-src:
unsafe-inline: true
server:
domains:
canonical:
- "social.{{ primary_domain }}"
csp:
flags:
script-src-elem:
unsafe-inline: true
script-src:
unsafe-inline: true
unsafe-eval: true
style-src:
unsafe-inline: true
oauth2_proxy:
application: "application"
port: "80"

27
roles/web-app-funkwhale/config/main.yml
View File

@ -20,19 +20,20 @@ features:
central_database: true
oauth2: false # Doesn't make sense to activate it atm, because login is possible on homepage
logout: true
domains:
canonical:
- "audio.{{ primary_domain }}"
aliases:
- "music.{{ primary_domain }}"
- "sound.{{ primary_domain }}"
csp:
flags:
style-src:
unsafe-inline: true
whitelist:
font-src:
- "data:"
server:
domains:
canonical:
- "audio.{{ primary_domain }}"
aliases:
- "music.{{ primary_domain }}"
- "sound.{{ primary_domain }}"
csp:
flags:
style-src:
unsafe-inline: true
whitelist:
font-src:
- "data:"
oauth2_proxy:
application: "front"
port: "80"

39
roles/web-app-gitea/config/main.yml
View File

@ -19,25 +19,26 @@ oauth2_proxy:
acl:
blacklist:
- "/user/login"
csp:
flags:
script-src-elem:
unsafe-inline: true
style-src:
unsafe-inline: true
whitelist:
font-src:
- "data:"
- "blob:"
worker-src:
- "blob:"
manifest-src:
- "data:"
domains:
aliases:
- "git.{{ primary_domain }}"
canonical:
- gitea.{{ primary_domain }}
server:
csp:
flags:
script-src-elem:
unsafe-inline: true
style-src:
unsafe-inline: true
whitelist:
font-src:
- "data:"
- "blob:"
worker-src:
- "blob:"
manifest-src:
- "data:"
domains:
aliases:
- "git.{{ primary_domain }}"
canonical:
- gitea.{{ primary_domain }}
docker:
services:
database:

8
roles/web-app-gitlab/config/main.yml
View File

@ -15,7 +15,7 @@ docker:
version: "latest"
credentials:
initial_root_password: "{{ users.administrator.password }}"
domains:
canonical:
- gitlab.{{ primary_domain }}
server:
domains:
canonical:
- gitlab.{{ primary_domain }}

8
roles/web-app-jenkins/config/main.yml
View File

@ -1,6 +1,6 @@
features:
logout: true # Same like with elk, anyhow not active atm
domains:
canonical:
- jenkins.{{ primary_domain }}
server:
domains:
canonical:
- jenkins.{{ primary_domain }}

7
roles/web-app-joomla/config/main.yml
View File

@ -6,9 +6,10 @@ features:
port-ui-desktop: true
central_database: true
logout: true
domains:
canonical:
- "cms.{{ primary_domain }}"
server:
domains:
canonical:
- "cms.{{ primary_domain }}"
docker:
services:
database:

29
roles/web-app-keycloak/config/main.yml
View File

@ -7,20 +7,21 @@ features:
central_database: true
recaptcha: true
logout: true
csp:
flags:
script-src-elem:
unsafe-inline: true
script-src:
unsafe-inline: true
style-src:
unsafe-inline: true
whitelist:
frame-src:
- "*" # For frontend channel logout it's necessary that iframes can be loaded
domains:
canonical:
- "auth.{{ primary_domain }}"
server:
csp:
flags:
script-src-elem:
unsafe-inline: true
script-src:
unsafe-inline: true
style-src:
unsafe-inline: true
whitelist:
frame-src:
- "*" # For frontend channel logout it's necessary that iframes can be loaded
domains:
canonical:
- "auth.{{ primary_domain }}"
scopes:
rbac_roles: rbac_roles
nextcloud: nextcloud

31
roles/web-app-lam/config/main.yml
View File

@ -12,19 +12,20 @@ features:
ldap: true
central_database: false
oauth2: true
logout: true
csp:
flags:
style-src:
unsafe-inline: true
script-src-elem:
unsafe-inline: true
unsafe-eval: true
script-src:
unsafe-inline: true
domains:
aliases:
- "ldap.{{primary_domain}}"
canonical:
- lam.{{ primary_domain }}
logout: true
server:
csp:
flags:
style-src:
unsafe-inline: true
script-src-elem:
unsafe-inline: true
unsafe-eval: true
script-src:
unsafe-inline: true
domains:
aliases:
- "ldap.{{primary_domain}}"
canonical:
- lam.{{ primary_domain }}

15
roles/web-app-libretranslate/config/main.yml
View File

@ -18,13 +18,14 @@ features:
oauth2: false # Enable the OAuth2-Proy
javascript: false # Enables the custom JS in the javascript.js.j2 file
logout: false # With this app I assume that it's a service, so should be renamed and logging is unneccessary
csp:
whitelist: {} # URL's which should be whitelisted
flags: {} # Flags which should be set
domains:
canonical:
- "libretranslate.{{ primary_domain }}"
aliases: [] # Alias redirections to the first element of the canonical domains
server:
csp:
whitelist: {} # URL's which should be whitelisted
flags: {} # Flags which should be set
domains:
canonical:
- "libretranslate.{{ primary_domain }}"
aliases: [] # Alias redirections to the first element of the canonical domains
rbac:
roles: {}

9
roles/web-app-listmonk/config/main.yml
View File

@ -5,10 +5,11 @@ features:
port-ui-desktop: true
central_database: true
oidc: true
logout: true
domains:
canonical:
- "newsletter.{{ primary_domain }}"
logout: true
server:
domains:
canonical:
- "newsletter.{{ primary_domain }}"
docker:
services:
database:

35
roles/web-app-mailu/config/main.yml
View File

@ -1,26 +1,27 @@
oidc:
email_by_username: true # If true, then the mail is set by the username. If wrong then the OIDC user email is used
enable_user_creation: true # Users will be created if not existing
domain: "{{primary_domain}}" # The main domain from which mails will be send \ email suffix behind @
email_by_username: true # If true, then the mail is set by the username. If wrong then the OIDC user email is used
enable_user_creation: true # Users will be created if not existing
domain: "{{primary_domain}}" # The main domain from which mails will be send \ email suffix behind @
features:
matomo: true
css: false
port-ui-desktop: true # Deactivated mailu iframe loading until keycloak supports it
port-ui-desktop: true # Deactivated mailu iframe loading until keycloak supports it
oidc: true
central_database: false # Deactivate central database for mailu, I don't know why the database deactivation is necessary
central_database: false # Deactivate central database for mailu, I don't know why the database deactivation is necessary
logout: true
domains:
canonical:
- "mail.{{ primary_domain }}"
csp:
flags:
style-src:
unsafe-inline: true
script-src-elem:
unsafe-inline: true
script-src:
unsafe-inline: true
unsafe-eval: true
server:
domains:
canonical:
- "mail.{{ primary_domain }}"
csp:
flags:
style-src:
unsafe-inline: true
script-src-elem:
unsafe-inline: true
script-src:
unsafe-inline: true
unsafe-eval: true
rbac:
roles:
mail-bot:

17
roles/web-app-mastodon/config/main.yml
View File

@ -6,14 +6,15 @@ features:
port-ui-desktop: true
oidc: true
central_database: true
logout: true
domains:
canonical:
- "microblog.{{ primary_domain }}"
csp:
whitelist:
frame-src:
- "*"
logout: true
server:
domains:
canonical:
- "microblog.{{ primary_domain }}"
csp:
whitelist:
frame-src:
- "*"
docker:
services:
redis:

43
roles/web-app-matomo/config/main.yml
View File

@ -8,27 +8,28 @@ features:
port-ui-desktop: false # Didn't work in frame didn't have high priority @todo figure out pcause and solve it
central_database: true
oauth2: false
logout: true
csp:
whitelist:
script-src-elem:
- https://cdn.matomo.cloud
style-src:
- https://fonts.googleapis.com
flags:
script-src:
unsafe-eval: true
script-src-elem:
unsafe-inline: true
unsafe-eval: true
style-src:
unsafe-inline: true
unsafe-eval: true
domains:
aliases:
- "analytics.{{ primary_domain }}"
canonical:
- "matomo.{{ primary_domain }}"
logout: true
server:
csp:
whitelist:
script-src-elem:
- https://cdn.matomo.cloud
style-src:
- https://fonts.googleapis.com
flags:
script-src:
unsafe-eval: true
script-src-elem:
unsafe-inline: true
unsafe-eval: true
style-src:
unsafe-inline: true
unsafe-eval: true
domains:
aliases:
- "analytics.{{ primary_domain }}"
canonical:
- "matomo.{{ primary_domain }}"
excluded_ips: "{{ networks.internet.values() | list }}"
docker:

45
roles/web-app-matrix/config/main.yml
View File

@ -23,22 +23,28 @@ features:
port-ui-desktop: true
oidc: true # Deactivated OIDC due to this issue https://github.com/matrix-org/synapse/issues/10492
central_database: true
logout: true
csp:
flags:
script-src:
unsafe-eval: true
script-src-elem:
unsafe-inline: true
unsafe-eval: true
style-src:
unsafe-inline: true
whitelist:
connect-src:
- "*"
script-src-elem:
- "element.{{ primary_domain }}"
- "https://cdn.jsdelivr.net"
logout: true
server:
csp:
flags:
script-src:
unsafe-eval: true
script-src-elem:
unsafe-inline: true
unsafe-eval: true
style-src:
unsafe-inline: true
whitelist:
connect-src:
- "*"
script-src-elem:
- "element.{{ primary_domain }}"
- "https://cdn.jsdelivr.net"
domains:
canonical:
synapse: "matrix.{{ primary_domain }}"
element: "element.{{ primary_domain }}"
client_max_body_size: "15M"
plugins:
# You need to enable them in the inventory file
@ -50,10 +56,3 @@ plugins:
slack: false
telegram: false
whatsapp: false
client_max_body_size: "15M"
domains:
canonical:
synapse: "matrix.{{ primary_domain }}"
element: "element.{{ primary_domain }}"

2
roles/web-app-matrix/vars/main.yml
View File

@ -17,4 +17,4 @@ matrix_project: "{{ application_id | get_entity_name }}"
# Webserver
well_known_directory: "{{nginx.directories.data.well_known}}/matrix/"
location_upload: "~ ^/_matrix/media/v3/"
client_max_body_size: "{{ applications | get_app_conf(application_id, 'client_max_body_size') }}"
client_max_body_size: "{{ applications | get_app_conf(application_id, 'server.client_max_body_size') }}"

7
roles/web-app-mediawiki/config/main.yml
View File

@ -1,6 +1,7 @@
domains:
canonical:
- "wiki.{{ primary_domain }}"
server:
domains:
canonical:
- "wiki.{{ primary_domain }}"
docker:
services:
mediawiki:

61
roles/web-app-mig/config/main.yml
View File

@ -1,38 +1,39 @@
docker:
services:
redis:
enabled: false # No redis needed
enabled: false # No redis needed
database:
enabled: false # No database needed
enabled: false # No database needed
features:
matomo: true # activate tracking
css: true # use custom infinito stile
port-ui-desktop: true # Enable in port-ui
logout: false
csp:
whitelist:
script-src-elem:
- https://cdn.jsdelivr.net
- https://kit.fontawesome.com
- https://code.jquery.com/
- https://unpkg.com/
style-src:
- https://cdn.jsdelivr.net
- https://cdnjs.cloudflare.com
font-src:
- https://cdnjs.cloudflare.com
- https://ka-f.fontawesome.com
- https://cdn.jsdelivr.net
connect-src:
- https://ka-f.fontawesome.com
frame-ancestors:
- "*" # No damage if it's used somewhere on other websites, it anyhow looks like art
flags:
style-src:
unsafe-inline: true
domains:
canonical:
- "mig.{{ primary_domain }}"
aliases:
- "meta-infinite-graph.{{ primary_domain }}"
build_data: true # Enables the building of the meta data which the graph requiers
logout: false
server:
csp:
whitelist:
script-src-elem:
- https://cdn.jsdelivr.net
- https://kit.fontawesome.com
- https://code.jquery.com/
- https://unpkg.com/
style-src:
- https://cdn.jsdelivr.net
- https://cdnjs.cloudflare.com
font-src:
- https://cdnjs.cloudflare.com
- https://ka-f.fontawesome.com
- https://cdn.jsdelivr.net
connect-src:
- https://ka-f.fontawesome.com
frame-ancestors:
- "*" # No damage if it's used somewhere on other websites, it anyhow looks like art
flags:
style-src:
unsafe-inline: true
domains:
canonical:
- "mig.{{ primary_domain }}"
aliases:
- "meta-infinite-graph.{{ primary_domain }}"
build_data: true # Enables the building of the meta data which the graph requiers

23
roles/web-app-mobilizon/config/main.yml
View File

@ -5,17 +5,18 @@ features:
matomo: true
port-ui-desktop: true
logout: true
csp:
flags:
script-src-elem:
unsafe-inline: true
script-src:
unsafe-eval: true
domains:
canonical:
- "event.{{ primary_domain }}"
aliases:
- "events.{{ primary_domain }}"
server:
csp:
flags:
script-src-elem:
unsafe-inline: true
script-src:
unsafe-eval: true
domains:
canonical:
- "event.{{ primary_domain }}"
aliases:
- "events.{{ primary_domain }}"
docker:
services:
database:

41
roles/web-app-moodle/config/main.yml
View File

@ -5,26 +5,27 @@ features:
port-ui-desktop: true
central_database: true
oidc: true
logout: true
csp:
flags:
script-src-elem:
unsafe-inline: true
unsafe-eval: true
script-src:
unsafe-eval: true
style-src:
unsafe-inline: true
unsafe-eval: true
whitelist:
font-src:
- "data:"
- "blob:"
script-src-elem:
- "https://cdn.jsdelivr.net"
domains:
canonical:
- "academy.{{ primary_domain }}"
logout: true
server:
csp:
flags:
script-src-elem:
unsafe-inline: true
unsafe-eval: true
script-src:
unsafe-eval: true
style-src:
unsafe-inline: true
unsafe-eval: true
whitelist:
font-src:
- "data:"
- "blob:"
script-src-elem:
- "https://cdn.jsdelivr.net"
domains:
canonical:
- "academy.{{ primary_domain }}"
docker:
services:
database:

8
roles/web-app-mybb/config/main.yml
View File

@ -15,7 +15,7 @@ docker:
name: "mybb"
volumes:
data: "mybb_data"
domains:
canonical:
- mybb.{{ primary_domain }}
server:
domains:
canonical:
- mybb.{{ primary_domain }}

55
roles/web-app-navigator/config/main.yml
View File

@ -1,28 +1,29 @@
features:
matomo: true
css: true
port-ui-desktop: true
logout: false
csp:
whitelist:
script-src-elem:
- https://cdnjs.cloudflare.com
- https://code.jquery.com
- https://cdn.jsdelivr.net
style-src:
- https://cdnjs.cloudflare.com
- https://cdn.jsdelivr.net
font-src:
- https://cdnjs.cloudflare.com
frame-src:
- "{{ web_protocol }}://*.{{primary_domain}}" # Makes sense that all of the website content is available in the navigator
flags:
style-src:
unsafe-inline: true
script-src:
unsafe-eval: true
script-src-elem:
unsafe-inline: true
domains:
canonical:
- "slides.{{ primary_domain }}"
matomo: true
css: true
port-ui-desktop: true
logout: false
server:
csp:
whitelist:
script-src-elem:
- https://cdnjs.cloudflare.com
- https://code.jquery.com
- https://cdn.jsdelivr.net
style-src:
- https://cdnjs.cloudflare.com
- https://cdn.jsdelivr.net
font-src:
- https://cdnjs.cloudflare.com
frame-src:
- "{{ web_protocol }}://*.{{primary_domain}}" # Makes sense that all of the website content is available in the navigator
flags:
style-src:
unsafe-inline: true
script-src:
unsafe-eval: true
script-src-elem:
unsafe-inline: true
domains:
canonical:
- "slides.{{ primary_domain }}"

31
roles/web-app-nextcloud/config/main.yml
View File

@ -1,18 +1,19 @@
version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
csp:
flags:
style-src:
unsafe-inline: true
script-src-elem:
unsafe-inline: true
whitelist:
font-src:
- "data:"
domains:
canonical:
- "cloud.{{ primary_domain }}"
# nextcloud: "cloud.{{ primary_domain }}"
# talk: "talk.{{ primary_domain }}" @todo needs to be activated
version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
server:
csp:
flags:
style-src:
unsafe-inline: true
script-src-elem:
unsafe-inline: true
whitelist:
font-src:
- "data:"
domains:
canonical:
- "cloud.{{ primary_domain }}"
# nextcloud: "cloud.{{ primary_domain }}"
# talk: "talk.{{ primary_domain }}" @todo needs to be activated
docker:
volumes:
data: nextcloud_data

8
roles/web-app-oauth2-proxy/config/main.yml
View File

@ -6,7 +6,7 @@ features:
css: true
port-ui-desktop: false
logout: true
domains:
canonical:
- oauth2-proxy.{{ primary_domain }}
server:
domains:
canonical:
- oauth2-proxy.{{ primary_domain }}

21
roles/web-app-openproject/config/main.yml
View File

@ -17,16 +17,17 @@ features:
ldap: true
central_database: true
oauth2: true
logout: true
csp:
flags:
script-src-elem:
unsafe-inline: true
style-src:
unsafe-inline: true
domains:
canonical:
- "project.{{ primary_domain }}"
logout: true
server:
csp:
flags:
script-src-elem:
unsafe-inline: true
style-src:
unsafe-inline: true
domains:
canonical:
- "project.{{ primary_domain }}"
docker:
services:

43
roles/web-app-peertube/config/main.yml
View File

@ -4,27 +4,28 @@ features:
port-ui-desktop: true
central_database: true
oidc: true
logout: true
csp:
flags:
script-src-elem:
unsafe-inline: true
script-src:
unsafe-inline: true
style-src:
unsafe-inline: true
whitelist:
frame-ancestors:
- "*"
media-src:
- "blob:"
font-src:
- "data:"
domains:
canonical:
- "video.{{ primary_domain }}"
aliases:
- "videos.{{ primary_domain }}"
logout: true
server:
csp:
flags:
script-src-elem:
unsafe-inline: true
script-src:
unsafe-inline: true
style-src:
unsafe-inline: true
whitelist:
frame-ancestors:
- "*"
media-src:
- "blob:"
font-src:
- "data:"
domains:
canonical:
- "video.{{ primary_domain }}"
aliases:
- "videos.{{ primary_domain }}"
docker:
services:
redis:

26
roles/web-app-pgadmin/config/main.yml
View File

@ -13,20 +13,20 @@ features:
central_database: true
oauth2: true
logout: true
csp:
flags:
style-src:
unsafe-inline: true
script-src-elem:
unsafe-inline: true
whitelist:
font-src:
- "data:"
server:
csp:
flags:
style-src:
unsafe-inline: true
script-src-elem:
unsafe-inline: true
whitelist:
font-src:
- "data:"
domains:
canonical:
- pgadmin.{{ primary_domain }}
docker:
services:
database:
enabled: true
domains:
canonical:
- pgadmin.{{ primary_domain }}

8
roles/web-app-phpldapadmin/config/main.yml
View File

@ -11,7 +11,7 @@ features:
ldap: true
oauth2: true
logout: true
domains:
canonical:
- phpldapadmin.{{ primary_domain }}
server:
domains:
canonical:
- phpldapadmin.{{ primary_domain }}

27
roles/web-app-phpmyadmin/config/main.yml
View File

@ -11,19 +11,20 @@ features:
# it's anyhow not so enduser relevant, so it can be kept like this
central_database: true
oauth2: true
logout: true
csp:
flags:
style-src:
unsafe-inline: true
script-src-elem:
unsafe-inline: true
domains:
aliases:
- "mysql.{{ primary_domain }}"
- "mariadb.{{ primary_domain }}"
canonical:
- phpmyadmin.{{ primary_domain }}
logout: true
server:
csp:
flags:
style-src:
unsafe-inline: true
script-src-elem:
unsafe-inline: true
domains:
aliases:
- "mysql.{{ primary_domain }}"
- "mariadb.{{ primary_domain }}"
canonical:
- phpmyadmin.{{ primary_domain }}
docker:
services:
database:

39
roles/web-app-pixelfed/config/main.yml
View File

@ -5,25 +5,26 @@ features:
port-ui-desktop: true
central_database: true
oidc: true
logout: true
csp:
flags:
script-src:
unsafe-eval: true
unsafe-inline: true
script-src-elem:
unsafe-inline: true
unsafe-eval: true
style-src:
unsafe-inline: true
whitelist:
frame-ancestors:
- "*"
domains:
canonical:
- "picture.{{ primary_domain }}"
aliases:
- "pictures.{{ primary_domain }}"
logout: true
server:
csp:
flags:
script-src:
unsafe-eval: true
unsafe-inline: true
script-src-elem:
unsafe-inline: true
unsafe-eval: true
style-src:
unsafe-inline: true
whitelist:
frame-ancestors:
- "*"
domains:
canonical:
- "picture.{{ primary_domain }}"
aliases:
- "pictures.{{ primary_domain }}"
docker:
services:
redis:

53
roles/web-app-port-ui/config/main.yml
View File

@ -4,30 +4,31 @@ features:
port-ui-desktop: false
simpleicons: true # Activate Brand Icons for your groups
javascript: true # Necessary for URL sync
logout: false # Doesn't have own user data. Just a frame.
csp:
whitelist:
script-src-elem:
- https://cdn.jsdelivr.net
- https://kit.fontawesome.com
- https://code.jquery.com/
style-src:
- https://cdn.jsdelivr.net
font-src:
- https://ka-f.fontawesome.com
- https://cdn.jsdelivr.net
connect-src:
- https://ka-f.fontawesome.com
frame-src:
- "{{ web_protocol }}://*.{{primary_domain}}"
flags:
style-src:
unsafe-inline: true
script-src:
unsafe-inline: true
script-src-elem:
unsafe-inline: true
domains:
canonical:
- "{{ primary_domain }}"
logout: false # Doesn't have own user data. Just a frame.
server:
csp:
whitelist:
script-src-elem:
- https://cdn.jsdelivr.net
- https://kit.fontawesome.com
- https://code.jquery.com/
style-src:
- https://cdn.jsdelivr.net
font-src:
- https://ka-f.fontawesome.com
- https://cdn.jsdelivr.net
connect-src:
- https://ka-f.fontawesome.com
frame-src:
- "{{ web_protocol }}://*.{{primary_domain}}"
flags:
style-src:
unsafe-inline: true
script-src:
unsafe-inline: true
script-src-elem:
unsafe-inline: true
domains:
canonical:
- "{{ primary_domain }}"

19
roles/web-app-pretix/config/main.yml
View File

@ -11,20 +11,21 @@ docker:
features:
matomo: true # Enable Matomo Tracking
css: true # Enable Global CSS Styling
port-ui-desktop: true # Enable loading of app in iframe
port-ui-desktop: true # Enable loading of app in iframe
ldap: false # Enable LDAP Network
central_database: false # Enable Central Database Network
recaptcha: false # Enable ReCaptcha
oauth2: false # Enable the OAuth2-Proy
javascript: false # Enables the custom JS in the javascript.js.j2 file
logout: true
csp:
whitelist: {} # URL's which should be whitelisted
flags: {} # Flags which should be set
domains:
canonical:
- "pretix.{{ primary_domain }}"
aliases: [] # Alias redirections to the first element of the canonical domains
logout: true
server:
csp:
whitelist: {} # URL's which should be whitelisted
flags: {} # Flags which should be set
domains:
canonical:
- "pretix.{{ primary_domain }}"
aliases: [] # Alias redirections to the first element of the canonical domains
rbac:
roles: {}

7
roles/web-app-roulette-wheel/config/main.yml
View File

@ -1,5 +1,6 @@
features:
logout: false
domains:
canonical:
- "wheel.{{ primary_domain }}"
server:
domains:
canonical:
- "wheel.{{ primary_domain }}"

33
roles/web-app-snipe-it/config/main.yml
View File

@ -5,22 +5,23 @@ features:
central_database: true
ldap: true
oauth2: true
logout: true
domains:
canonical:
- "inventory.{{ primary_domain }}"
csp:
flags:
script-src:
unsafe-inline: true
unsafe-eval: true
script-src-elem:
unsafe-inline: true
style-src:
unsafe-inline: true
whitelist:
font-src:
- "data:"
logout: true
server:
domains:
canonical:
- "inventory.{{ primary_domain }}"
csp:
flags:
script-src:
unsafe-inline: true
unsafe-eval: true
script-src-elem:
unsafe-inline: true
style-src:
unsafe-inline: true
whitelist:
font-src:
- "data:"
oauth2_proxy:
application: "application"
port: "80"

33
roles/web-app-sphinx/config/main.yml
View File

@ -1,17 +1,18 @@
features:
matomo: true
css: true
port-ui-desktop: true
logout: false
csp:
flags:
script-src:
unsafe-eval: true
script-src-elem:
unsafe-inline: true
unsafe-eval: true
style-src:
unsafe-inline: true
domains:
canonical:
- "docs.{{ primary_domain }}"
matomo: true
css: true
port-ui-desktop: true
logout: false
server:
csp:
flags:
script-src:
unsafe-eval: true
script-src-elem:
unsafe-inline: true
unsafe-eval: true
style-src:
unsafe-inline: true
domains:
canonical:
- "docs.{{ primary_domain }}"

8
roles/web-app-syncope/config/main.yml
View File

@ -13,7 +13,7 @@ features:
# users:
# administrator:
# username: "{{ users.administrator.username }}"
domains:
canonical:
- syncope.{{ primary_domain }}
server:
domains:
canonical:
- syncope.{{ primary_domain }}

27
roles/web-app-taiga/config/main.yml
View File

@ -11,22 +11,23 @@ features:
port-ui-desktop: true
oidc: false
central_database: true
logout: true
logout: true
docker:
services:
database:
enabled: true
taiga:
version: "latest"
csp:
flags:
script-src-elem:
unsafe-inline: true
unsafe-eval: true
style-src:
unsafe-inline: true
script-src:
unsafe-eval: true
domains:
canonical:
- "kanban.{{ primary_domain }}"
server:
csp:
flags:
script-src-elem:
unsafe-inline: true
unsafe-eval: true
style-src:
unsafe-inline: true
script-src:
unsafe-eval: true
domains:
canonical:
- "kanban.{{ primary_domain }}"

51
roles/web-app-wordpress/config/main.yml
View File

@ -14,32 +14,33 @@ features:
oidc: true
central_database: true
logout: true
csp:
flags:
style-src:
unsafe-inline: true
script-src-elem:
unsafe-inline: true
script-src:
unsafe-eval: true
whitelist:
worker-src:
- "blob:"
font-src:
- "data:"
- "https://fonts.bunny.net"
script-src-elem:
- "https://cdn.gtranslate.net" # Necessary for translation plugins
- "https://translate.google.com" # Necessary for translation plugins
server:
csp:
flags:
style-src:
unsafe-inline: true
script-src-elem:
unsafe-inline: true
script-src:
unsafe-eval: true
whitelist:
worker-src:
- "blob:"
font-src:
- "data:"
- "https://fonts.bunny.net"
script-src-elem:
- "https://cdn.gtranslate.net" # Necessary for translation plugins
- "https://translate.google.com" # Necessary for translation plugins
- "blog.{{ primary_domain }}"
style-src:
- "https://fonts.bunny.net"
frame-src:
- "blob:"
- "*"
domains:
canonical:
- "blog.{{ primary_domain }}"
style-src:
- "https://fonts.bunny.net"
frame-src:
- "blob:"
- "*"
domains:
canonical:
- "blog.{{ primary_domain }}"
docker:
services:
database:

2
roles/web-app-wordpress/tasks/main.yml
View File

@ -6,7 +6,7 @@
- name: "Include role srv-proxy-6-6-domain for {{ application_id }}"
include_role:
name: srv-proxy-6-6-domain
loop: "{{ applications | get_app_conf(application_id, 'domains.canonical', True) }}"
loop: "{{ applications | get_app_conf(application_id, 'server.domains.canonical', True) }}"
loop_control:
loop_var: domain
vars:

8
roles/web-app-xmpp/config/main.yml
View File

@ -1,7 +1,7 @@
# xmpp is more a service then a app with ui interface. @todo Rename it
features:
logout: false # Reactivated as soon as xmpp is fully implemented
domains:
canonical:
- xmpp.{{ primary_domain }}
server:
domains:
canonical:
- xmpp.{{ primary_domain }}

27
roles/web-app-yourls/config/main.yml
View File

@ -13,11 +13,20 @@ features:
central_database: true
oauth2: true
logout: true
domains:
canonical:
- "s.{{ primary_domain }}"
aliases:
- "short.{{ primary_domain }}"
server:
domains:
canonical:
- "s.{{ primary_domain }}"
aliases:
- "short.{{ primary_domain }}"
csp:
flags:
style-src:
unsafe-inline: true
script-src-elem:
unsafe-inline: true
script-src:
unsafe-inline: true
docker:
services:
database:
@ -26,11 +35,3 @@ docker:
version: "latest"
name: "yourls"
image: "yourls"
csp:
flags:
style-src:
unsafe-inline: true
script-src-elem:
unsafe-inline: true
script-src:
unsafe-inline: true

10
roles/web-svc-asset/config/main.yml
View File

@ -1,6 +1,6 @@
source_directory: "{{ playbook_dir }}/assets"
url: "{{ web_protocol }}://<< defaults_applications['web-svc-file']domains.canonical[0] >>/assets"
domains:
canonical:
- asset.{{ primary_domain }}
url: "{{ web_protocol }}://<< defaults_applications['web-svc-file']server.domains.canonical[0] >>/assets"
server:
domains:
canonical:
- asset.{{ primary_domain }}

13
roles/web-svc-cdn/config/main.yml
View File

@ -1,7 +1,8 @@
features:
matomo: true
css: true
port-ui-desktop: true
domains:
canonical:
- "cdn.{{ primary_domain }}"
matomo: true
css: true
port-ui-desktop: true
server:
domains:
canonical:
- "cdn.{{ primary_domain }}"

17
roles/web-svc-file/config/main.yml
View File

@ -1,9 +1,10 @@
features:
matomo: true
css: true
port-ui-desktop: true
domains:
canonical:
- "file.{{ primary_domain }}"
alias:
- "files.{{ primary_domain }}"
matomo: true
css: true
port-ui-desktop: true
server:
domains:
canonical:
- "file.{{ primary_domain }}"
alias:
- "files.{{ primary_domain }}"

9
roles/web-svc-html/config/main.yml
View File

@ -1,7 +1,8 @@
features:
matomo: true
css: true
port-ui-desktop: true
domains:
canonical:
- "html.{{ primary_domain }}"
port-ui-desktop: true
server:
domains:
canonical:
- "html.{{ primary_domain }}"

39
roles/web-svc-logout/config/main.yml
View File

@ -4,23 +4,24 @@ features:
port-ui-desktop: true
javascript: false
logout: false
domains:
canonical:
- "logout.{{ primary_domain }}"
csp:
flags:
style-src:
unsafe-inline: true
script-src-elem:
unsafe-inline: true
whitelist:
connect-src:
- "{{ web_protocol }}://*.{{ primary_domain }}"
- "{{ web_protocol }}://{{ primary_domain }}"
script-src-elem:
- https://cdn.jsdelivr.net
style-src:
- https://cdn.jsdelivr.net
frame-ancestors:
- "{{ web_protocol }}://<< defaults_applications[web-app-keycloak].domains.canonical[0] >>"
server:
domains:
canonical:
- "logout.{{ primary_domain }}"
csp:
flags:
style-src:
unsafe-inline: true
script-src-elem:
unsafe-inline: true
whitelist:
connect-src:
- "{{ web_protocol }}://*.{{ primary_domain }}"
- "{{ web_protocol }}://{{ primary_domain }}"
script-src-elem:
- https://cdn.jsdelivr.net
style-src:
- https://cdn.jsdelivr.net
frame-ancestors:
- "{{ web_protocol }}://<< defaults_applications[web-app-keycloak].server.domains.canonical[0] >>"

2
roles/web-svc-logout/filter_plugins/domain_filters.py
View File

@ -31,7 +31,7 @@ class FilterModule(object):
continue
# use canonical domains list if present
domains_entry = config.get('domains', {}).get('canonical', [])
domains_entry = config.get('server', {}).get('domains', {}).get('canonical', [])
# normalize to a list of strings
if isinstance(domains_entry, dict):

9
roles/web-svc-simpleicons/config/main.yml
View File

@ -16,10 +16,11 @@ features:
central_database: false # Enable Central Database Network
recaptcha: false # Enable ReCaptcha
oauth2: false # Enable the OAuth2-Proy
csp: {}
domains:
canonical:
- "icons.{{ primary_domain }}"
server:
csp: {}
domains:
canonical:
- "icons.{{ primary_domain }}"
rbac:
roles:
mail-bot:

38
templates/roles/web-app/config/main.yml.j2
View File

@ -24,24 +24,24 @@ features:
recaptcha: false # Enable ReCaptcha
oauth2: false # Enable the OAuth2-Proy
javascript: false # Enable the custom JS in the javascript.js.j2 file
logout: true # Enable the logout via the central logout mechanism (deleting all cookies)
csp:
whitelist: # URL's which should be whitelisted
script-src-elem: []
style-src: []
font-src: []
connect-src: []
frame-src: []
flags: # Flags which should be set
style-src:
unsafe-inline: false
script-src:
unsafe-inline: false
script-src-elem:
unsafe-inline: false
domains:
domains:
canonical: {} # Urls under which the domain should be directly accessible
aliases: [] # Alias redirections to the first element of the canonical domains
logout: true # Enable the logout via the central logout mechanism (deleting all cookies)
server:
csp:
whitelist: # URL's which should be whitelisted
script-src-elem: []
style-src: []
font-src: []
connect-src: []
frame-src: []
flags: # Flags which should be set
style-src:
unsafe-inline: false
script-src:
unsafe-inline: false
script-src-elem:
unsafe-inline: false
domains:
canonical: {} # Urls under which the domain should be directly accessible
aliases: [] # Alias redirections to the first element of the canonical domains
rbac:
roles: {}

2
tests/integration/test_domain_uniqueness.py
View File

@ -25,7 +25,7 @@ class TestDomainUniqueness(unittest.TestCase):
domain_to_apps = defaultdict(set)
for app_name, app_cfg in apps.items():
domains_cfg = app_cfg.get('domains', {})
domains_cfg = app_cfg.get('server',{}).get('domains',{})
# canonical entries may be a list or a mapping
canonical = domains_cfg.get('canonical', [])

6
tests/integration/test_domains_canonical.py
View File

@ -20,17 +20,17 @@ class TestWebRolesDomains(unittest.TestCase):
self.assertIsInstance(data, dict, f"YAML root is not a dict in {path}")
domains = data.get("domains")
domains = data.get('server',{}).get('domains',{})
self.assertIsNotNone(domains, f"'domains' section missing in {path}")
self.assertIsInstance(domains, dict, f"'domains' must be a dict in {path}")
canonical = domains.get("canonical")
self.assertIsNotNone(canonical, f"'domains.canonical' missing in {path}")
self.assertIsNotNone(canonical, f"'server.domains.canonical' missing in {path}")
# Check for emptiness
empty_values = [{}, [], ""]
self.assertNotIn(canonical, empty_values,
f"'domains.canonical' in {path} must not be empty dict, list, or empty string")
f"'server.domains.canonical' in {path} must not be empty dict, list, or empty string")
if __name__ == "__main__":
unittest.main()

2
tests/integration/test_domains_structure.py
View File

@ -33,7 +33,7 @@ class TestDomainsStructure(unittest.TestCase):
if 'domains' not in data:
continue
domains = data['domains']
domains = data.get('server',{}).get('domains')
if not isinstance(domains, dict):
failed_roles.append((role_path.name, vars_file.name, "'domains' should be a dict"))
continue

30
tests/unit/filter_plugins/test_domain_filters_alias.py
View File

@ -33,7 +33,9 @@ class TestDomainFilters(unittest.TestCase):
def test_alias_with_explicit_aliases(self):
apps = {
'app1': {
'domains': {'aliases': ['alias.com']}
'server':{
'domains': {'aliases': ['alias.com']}
}
}
}
# canonical defaults to ['app1.example.com'], so alias should include alias.com and default
@ -44,7 +46,7 @@ class TestDomainFilters(unittest.TestCase):
def test_alias_with_canonical_not_default(self):
apps = {
'app1': {
'domains': {'canonical': ['foo.com']}
'server':{'domains': {'canonical': ['foo.com']}}
}
}
# foo.com is canonical, default not in canonical so added as alias
@ -55,9 +57,11 @@ class TestDomainFilters(unittest.TestCase):
def test_alias_with_existing_default(self):
apps = {
'app1': {
'domains': {
'canonical': ['foo.com'],
'aliases': ['app1.example.com']
'server':{
'domains': {
'canonical': ['foo.com'],
'aliases': ['app1.example.com']
}
}
}
}
@ -68,7 +72,7 @@ class TestDomainFilters(unittest.TestCase):
def test_invalid_aliases_type(self):
apps = {
'app1': {'domains': {'aliases': 123}}
'app1': {'server':{'domains': {'aliases': 123}}}
}
with self.assertRaises(AnsibleFilterError):
self.filter_module.alias_domains_map(apps, self.primary)
@ -76,7 +80,9 @@ class TestDomainFilters(unittest.TestCase):
def test_alias_with_empty_domains_cfg(self):
apps = {
'app1': {
'domains': {}
'server':{
'domains': {}
}
}
}
expected = apps
@ -86,10 +92,12 @@ class TestDomainFilters(unittest.TestCase):
def test_alias_with_canonical_dict_not_default(self):
apps = {
'app1': {
'domains': {
'canonical': {
'one': 'one.com',
'two': 'two.com'
'server':{
'domains': {
'canonical': {
'one': 'one.com',
'two': 'two.com'
}
}
}
}

24
tests/unit/filter_plugins/test_domain_filters_canonical.py
View File

@ -32,7 +32,9 @@ class TestDomainFilters(unittest.TestCase):
def test_canonical_with_list(self):
apps = {
'web-app-app1': {
'domains': {'canonical': ['foo.com', 'bar.com']}
'server':{
'domains': {'canonical': ['foo.com', 'bar.com']}
}
}
}
result = self.filter_module.canonical_domains_map(apps, self.primary)
@ -44,7 +46,9 @@ class TestDomainFilters(unittest.TestCase):
def test_canonical_with_dict(self):
apps = {
'web-app-app1': {
'domains': {'canonical': {'one': 'one.com', 'two': 'two.com'}}
'server':{
'domains': {'canonical': {'one': 'one.com', 'two': 'two.com'}}
}
}
}
result = self.filter_module.canonical_domains_map(apps, self.primary)
@ -55,8 +59,14 @@ class TestDomainFilters(unittest.TestCase):
def test_canonical_duplicate_raises(self):
apps = {
'web-app-app1': {'domains': {'canonical': ['dup.com']}},
'web-app-app2': {'domains': {'canonical': ['dup.com']}},
'web-app-app1':{
'server':{'domains': {'canonical': ['dup.com']}},
},
'web-app-app2':{
'server':{
'domains': {'canonical': ['dup.com']}
},
},
}
with self.assertRaises(AnsibleFilterError) as cm:
self.filter_module.canonical_domains_map(apps, self.primary)
@ -65,7 +75,7 @@ class TestDomainFilters(unittest.TestCase):
def test_invalid_canonical_type(self):
apps = {
'web-app-app1': {'domains': {'canonical': 123}}
'web-app-app1': {'server':{'domains': {'canonical': 123}}}
}
with self.assertRaises(AnsibleFilterError):
self.filter_module.canonical_domains_map(apps, self.primary)
@ -76,7 +86,7 @@ class TestDomainFilters(unittest.TestCase):
resulting in an empty mapping when only non-web apps are provided.
"""
apps = {
'db-app-app1': {'domains': {'canonical': ['db.example.com']}},
'db-app-app1': {'server':{'domains': {'canonical': ['db.example.com']}}},
'service-app-app2': {}
}
result = self.filter_module.canonical_domains_map(apps, self.primary)
@ -88,7 +98,7 @@ class TestDomainFilters(unittest.TestCase):
non-web apps should be ignored alongside valid web apps.
"""
apps = {
'db-app-app1': {'domains': {'canonical': ['db.example.com']}},
'db-app-app1': {'server':{'domains': {'canonical': ['db.example.com']}}},
'web-app-app1': {}
}
expected = {'web-app-app1': ['app1.example.com']}

29
tests/unit/filter_plugins/test_domain_mappings.py
View File

@ -37,7 +37,9 @@ class TestDomainMappings(unittest.TestCase):
def test_explicit_aliases(self):
apps = {
'app1': {
'domains': {'aliases': ['alias.com']}
'server':{
'domains': {'aliases': ['alias.com']}
}
}
}
default = 'app1.example.com'
@ -51,7 +53,9 @@ class TestDomainMappings(unittest.TestCase):
def test_canonical_not_default(self):
apps = {
'app1': {
'domains': {'canonical': ['foo.com']}
'server':{
'domains': {'canonical': ['foo.com']}
}
}
}
expected = [
@ -63,8 +67,10 @@ class TestDomainMappings(unittest.TestCase):
def test_canonical_dict(self):
apps = {
'app1': {
'domains': {
'canonical': {'one': 'one.com', 'two': 'two.com'}
'server':{
'domains': {
'canonical': {'one': 'one.com', 'two': 'two.com'}
}
}
}
}
@ -77,8 +83,12 @@ class TestDomainMappings(unittest.TestCase):
def test_multiple_apps(self):
apps = {
'app1': {'domains': {'aliases': ['a1.com']}},
'app2': {'domains': {'canonical': ['c2.com']}},
'app1': {
'server':{'domains': {'aliases': ['a1.com']}}
},
'app2': {
'server':{'domains': {'canonical': ['c2.com']}}
},
}
expected = [
{'source': 'a1.com', 'target': 'app1.example.com'},
@ -89,7 +99,10 @@ class TestDomainMappings(unittest.TestCase):
def test_multiple_aliases(self):
apps = {
'app1': {'domains': {'aliases': ['a1.com','a2.com']}}
'app1': {
'server':{'domains': {'aliases': ['a1.com','a2.com']}
}
}
}
expected = [
{'source': 'a1.com', 'target': 'app1.example.com'},
@ -100,7 +113,7 @@ class TestDomainMappings(unittest.TestCase):
def test_invalid_aliases_type(self):
apps = {
'app1': {'domains': {'aliases': 123}}
'app1': {'server':{'domains': {'aliases': 123}}}
}
with self.assertRaises(AnsibleFilterError):
self.filter.domain_mappings(apps, self.primary)

18
tests/unit/filter_plugins/test_load_configuration.py
View File

@ -19,12 +19,14 @@ class TestLoadConfigurationFilter(unittest.TestCase):
self.nested_cfg = {
'html': {
'features': {'matomo': True},
'domains': {'canonical': ['html.example.com']}
'server': {
'domains':{'canonical': ['html.example.com']}
}
}
}
self.flat_cfg = {
'features': {'matomo': False},
'domains': {'canonical': ['flat.example.com']}
'server': {'domains':{'canonical': ['flat.example.com']}}
}
def test_invalid_key(self):
@ -69,7 +71,7 @@ class TestLoadConfigurationFilter(unittest.TestCase):
self.assertIn(self.app, _cfg_cache)
mock_yaml.reset_mock()
# from cache
self.assertEqual(self.f(self.app, 'domains.canonical'),
self.assertEqual(self.f(self.app, 'server.domains.canonical'),
['html.example.com'])
mock_yaml.assert_not_called()
@ -92,7 +94,7 @@ class TestLoadConfigurationFilter(unittest.TestCase):
mock_yaml.return_value = self.nested_cfg
# nested fallback must work
self.assertTrue(self.f(self.app, 'features.matomo'))
self.assertEqual(self.f(self.app, 'domains.canonical'),
self.assertEqual(self.f(self.app, 'server.domains.canonical'),
['html.example.com'])
@patch('load_configuration.os.listdir', return_value=['r4'])
@ -105,13 +107,15 @@ class TestLoadConfigurationFilter(unittest.TestCase):
mock_exists.side_effect = lambda p: p.endswith('config/main.yml')
mock_yaml.return_value = {
'file': {
'domains': {
'canonical': ['files.example.com', 'extra.example.com']
'server': {
'domains':{
'canonical': ['files.example.com', 'extra.example.com']
}
}
}
}
# should get the first element of the canonical domains list
self.assertEqual(self.f('file', 'domains.canonical[0]'),
self.assertEqual(self.f('file', 'server.domains.canonical[0]'),
'files.example.com')
if __name__ == '__main__':

32
tests/unit/roles/web-svc-logout/filter_plugins/test_domain_filters.py
View File

@ -33,23 +33,33 @@ class TestLogoutDomainsFilter(unittest.TestCase):
def test_flatten_and_feature_flag(self):
applications = {
"app1": {
"domains": {"canonical": "single.domain.com"},
'server':{
"domains": {"canonical": "single.domain.com"}
},
"features": {"logout": True},
},
"app2": {
"domains": {"canonical": ["list1.com", "list2.com"]},
'server':{
"domains": {"canonical": ["list1.com", "list2.com"]}
},
"features": {"logout": True},
},
"app3": {
"domains": {"canonical": {"k1": "dictA.com", "k2": "dictB.com"}},
'server':{
"domains": {"canonical": {"k1": "dictA.com", "k2": "dictB.com"}}
},
"features": {"logout": True},
},
"app4": {
"domains": {"canonical": "no-logout.com"},
'server':{
"domains": {"canonical": "no-logout.com"}
},
"features": {"logout": False},
},
"other": {
"domains": {"canonical": "ignored.com"},
'server':{
"domains": {"canonical": "ignored.com"}
},
"features": {"logout": True},
},
}
@ -67,7 +77,9 @@ class TestLogoutDomainsFilter(unittest.TestCase):
def test_missing_canonical_defaults_empty(self):
applications = {
"app1": {
"domains": {}, # no 'canonical' key
'server':{
"domains": {}
}, # no 'canonical' key
"features": {"logout": True},
}
}
@ -77,7 +89,9 @@ class TestLogoutDomainsFilter(unittest.TestCase):
def test_app_not_in_group(self):
applications = {
"app1": {
"domains": {"canonical": "domain.com"},
'server':{
"domains": {"canonical": "domain.com"}
},
"features": {"logout": True},
}
}
@ -87,7 +101,9 @@ class TestLogoutDomainsFilter(unittest.TestCase):
def test_invalid_domain_type(self):
applications = {
"app1": {
"domains": {"canonical": 123},
'server':{
"domains": {"canonical": 123}
},
"features": {"logout": True},
}
}

8
tests/unit/utils/test_dict_renderer.py
View File

@ -64,11 +64,13 @@ class TestDictRenderer(unittest.TestCase):
# Combine quoted key, dot access and numeric index
data = {
"web-svc-file": {
"domains": {
"canonical": ["file.example.com"]
'server':{
"domains": {
"canonical": ["file.example.com"]
}
}
},
"url": '<<[\'web-svc-file\'].domains.canonical[0]>>'
"url": '<<[\'web-svc-file\'].server.domains.canonical[0]>>'
}
rendered = self.renderer.render(data)
self.assertEqual(rendered["url"], "file.example.com")