From ad60f5fb37810a027edce4846e6f40a0a7381e40 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Sun, 13 Jul 2025 17:54:09 +0200 Subject: [PATCH] Rmeoved is_feature_enabled function --- filter_plugins/Todo.md | 2 -- filter_plugins/configuration_filters.py | 1 + roles/cmp-rdbms/tasks/main.yml | 4 ++-- roles/cmp-rdbms/templates/services/mariadb.yml.j2 | 2 +- roles/cmp-rdbms/templates/services/postgres.yml.j2 | 2 +- roles/cmp-rdbms/vars/database.yml | 4 ++-- roles/docker-compose/templates/base.yml.j2 | 2 +- roles/docker-compose/templates/networks.yml.j2 | 5 +++-- .../templates/volumes-just-database.yml.j2 | 2 +- roles/docker-compose/templates/volumes.yml.j2 | 2 +- .../templates/depends_on/dbms_base.yml.j2 | 2 +- .../templates/depends_on/dmbs_excl.yml.j2 | 2 +- roles/docker-container/templates/networks.yml.j2 | 4 ++-- roles/srv-proxy-6-6-domain/tasks/main.yml | 4 ++-- roles/srv-proxy-7-4-core/templates/vhost/basic.conf.j2 | 4 ++-- roles/srv-web-7-7-inj-compose/tasks/main.yml | 8 ++++---- .../templates/global.includes.conf.j2 | 8 ++++---- roles/web-app-bigbluebutton/templates/env.j2 | 4 ++-- roles/web-app-discourse/handlers/main.yml | 2 +- roles/web-app-discourse/tasks/main.yml | 4 ++-- .../templates/discourse_application.yml.j2 | 10 +++++----- roles/web-app-espocrm/templates/env.j2 | 4 ++-- roles/web-app-friendica/tasks/main.yml | 2 +- roles/web-app-funkwhale/templates/env.j2 | 2 +- roles/web-app-gitea/tasks/cleanup.yml | 4 ++-- roles/web-app-gitea/tasks/main.yml | 2 +- roles/web-app-gitea/tasks/setup.yml | 4 ++-- roles/web-app-gitea/templates/env.j2 | 8 ++++---- roles/web-app-keycloak/config/main.yml | 7 ++++++- roles/web-app-keycloak/templates/import/realm.json.j2 | 4 ++-- roles/web-app-listmonk/vars/main.yml | 2 +- roles/web-app-mailu/templates/env.j2 | 4 ++-- roles/web-app-mailu/vars/main.yml | 2 +- roles/web-app-mastodon/templates/env.j2 | 4 ++-- roles/web-app-matrix/Administration.md | 9 --------- .../web-app-matrix/tasks/create-and-seed-database.yml | 2 +- .../templates/synapse/homeserver.yaml.j2 | 2 +- roles/web-app-mobilizon/templates/config.exs.j2 | 2 +- roles/web-app-mobilizon/templates/env.j2 | 2 +- roles/web-app-moodle/tasks/main.yml | 2 +- roles/web-app-moodle/templates/Dockerfile.j2 | 2 +- .../templates/config/oidc.config.php.j2 | 2 +- roles/web-app-oauth2-proxy/schema/main.yml | 7 +++++++ roles/web-app-oauth2-proxy/templates/container.yml.j2 | 2 +- roles/web-app-peertube/tasks/main.yml | 4 ++-- roles/web-app-pgadmin/vars/main.yml | 2 +- roles/web-app-phpmyadmin/vars/main.yml | 2 +- roles/web-app-pixelfed/templates/env.j2 | 4 ++-- roles/web-app-port-ui/tasks/main.yml | 2 +- .../web-app-port-ui/templates/menu/applications.yml.j2 | 4 ++-- roles/web-app-port-ui/templates/menu/followus.yml.j2 | 10 +++++----- roles/web-app-port-ui/templates/menu/footer.yml.j2 | 4 ++-- roles/web-app-snipe-it/tasks/ldap.yml | 2 +- roles/web-app-snipe-it/tasks/main.yml | 2 +- roles/web-app-snipe-it/templates/env.j2 | 2 +- roles/web-app-syncope/templates/proxy.conf | 2 +- roles/web-app-taiga/templates/docker-compose.yml.j2 | 8 ++++---- roles/web-app-taiga/templates/env.j2 | 2 +- roles/web-app-yourls/templates/env.j2 | 2 +- 59 files changed, 107 insertions(+), 104 deletions(-) delete mode 100644 filter_plugins/Todo.md delete mode 100644 roles/web-app-matrix/Administration.md create mode 100644 roles/web-app-oauth2-proxy/schema/main.yml diff --git a/filter_plugins/Todo.md b/filter_plugins/Todo.md deleted file mode 100644 index 84820331..00000000 --- a/filter_plugins/Todo.md +++ /dev/null @@ -1,2 +0,0 @@ -# Todo -- Refactor is_feature_enabled to one function \ No newline at end of file diff --git a/filter_plugins/configuration_filters.py b/filter_plugins/configuration_filters.py index 6986b717..ef0c837b 100644 --- a/filter_plugins/configuration_filters.py +++ b/filter_plugins/configuration_filters.py @@ -1,4 +1,5 @@ from get_app_conf import get_app_conf + def is_feature_enabled(applications: dict, feature: str, application_id: str) -> bool: """ Wrapper for compatibility: Return True if applications[application_id].features[feature] is truthy. diff --git a/roles/cmp-rdbms/tasks/main.yml b/roles/cmp-rdbms/tasks/main.yml index 80e84289..4569c421 100644 --- a/roles/cmp-rdbms/tasks/main.yml +++ b/roles/cmp-rdbms/tasks/main.yml @@ -5,14 +5,14 @@ src: "env/{{database_type}}.env.j2" dest: "{{database_env}}" notify: docker compose up - when: not applications | is_feature_enabled('central_database',application_id) + when: not applications | get_app_conf(application_id, 'features.central_database', False) - name: "For '{{ application_id }}': Create central database" # I don't know why this includes leads to that the application_id in vars/main.yml of the database role isn't used # This is the behaviour which I want, but I'm still wondering why ;) include_role: name: "svc-db-{{database_type}}" - when: applications | is_feature_enabled('central_database',application_id) + when: applications | get_app_conf(application_id, 'features.central_database', False) - name: "For '{{ application_id }}': Add Entry for Backup Procedure" include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-to-local/tasks/seed-database-to-backup.yml" diff --git a/roles/cmp-rdbms/templates/services/mariadb.yml.j2 b/roles/cmp-rdbms/templates/services/mariadb.yml.j2 index 7a2cf8c5..e820ef34 100644 --- a/roles/cmp-rdbms/templates/services/mariadb.yml.j2 +++ b/roles/cmp-rdbms/templates/services/mariadb.yml.j2 @@ -1,5 +1,5 @@ # This template needs to be included in docker-compose.yml, which depend on a mariadb database -{% if not applications | is_feature_enabled('central_database',application_id) %} +{% if not applications | get_app_conf(application_id, 'features.central_database', False) %} {{ database_host }}: container_name: {{application_id}}-database logging: diff --git a/roles/cmp-rdbms/templates/services/postgres.yml.j2 b/roles/cmp-rdbms/templates/services/postgres.yml.j2 index 1b434361..5a107007 100644 --- a/roles/cmp-rdbms/templates/services/postgres.yml.j2 +++ b/roles/cmp-rdbms/templates/services/postgres.yml.j2 @@ -1,5 +1,5 @@ # This template needs to be included in docker-compose.yml, which depend on a postgres database -{% if not applications | is_feature_enabled('central_database',application_id) %} +{% if not applications | get_app_conf(application_id, 'features.central_database', False) %} {{ database_host }}: image: postgres:{{applications['svc-db-postgres'].version}}-alpine container_name: {{application_id}}-database diff --git a/roles/cmp-rdbms/vars/database.yml b/roles/cmp-rdbms/vars/database.yml index 8f409b59..27a5b5c4 100644 --- a/roles/cmp-rdbms/vars/database.yml +++ b/roles/cmp-rdbms/vars/database.yml @@ -1,5 +1,5 @@ -database_instance: "{{ applications[ 'svc-db-' ~ database_type ].hostname if applications | is_feature_enabled('central_database',database_application_id) else database_application_id }}" -database_host: "{{ applications[ 'svc-db-' ~ database_type ].hostname if applications | is_feature_enabled('central_database',database_application_id) else 'database' }}" +database_instance: "{{ applications[ 'svc-db-' ~ database_type ].hostname if applications | get_app_conf(database_application_id, 'features.central_database', False) else database_application_id }}" +database_host: "{{ applications[ 'svc-db-' ~ database_type ].hostname if applications | get_app_conf(database_application_id, 'features.central_database', False) else 'database' }}" database_name: "{{ applications | get_app_conf(database_application_id, 'database.name', False) | default( database_application_id ) }}" # The overwritte configuration is needed by bigbluebutton database_username: "{{ applications | get_app_conf(database_application_id, 'database.username', False) | default( database_application_id )}}" # The overwritte configuration is needed by bigbluebutton database_password: "{{ applications | get_app_conf(database_application_id, 'credentials.database_password', true) }}" diff --git a/roles/docker-compose/templates/base.yml.j2 b/roles/docker-compose/templates/base.yml.j2 index fa3baece..ab86b96f 100644 --- a/roles/docker-compose/templates/base.yml.j2 +++ b/roles/docker-compose/templates/base.yml.j2 @@ -9,7 +9,7 @@ services: {% include 'roles/svc-db-redis/templates/service.yml.j2' %} {% endif %} {# Load OAuth2 Proxy #} -{% if applications | is_feature_enabled('oauth2',application_id) %} +{% if applications | get_app_conf(application_id, 'features.oauth2', False) %} {% include 'roles/web-app-oauth2-proxy/templates/container.yml.j2' %} {% endif %} {{ "\n" }} diff --git a/roles/docker-compose/templates/networks.yml.j2 b/roles/docker-compose/templates/networks.yml.j2 index 333c705c..96160c57 100644 --- a/roles/docker-compose/templates/networks.yml.j2 +++ b/roles/docker-compose/templates/networks.yml.j2 @@ -1,10 +1,11 @@ {# This template needs to be included in docker-compose.yml #} networks: -{% if applications | is_feature_enabled('central_database',application_id) and database_type is defined %} +{% if applications | get_app_conf(application_id, 'features.central_database', False) and database_type is defined %} + {{ applications[ 'svc-db-' ~ database_type ].network }}: external: true {% endif %} -{% if applications | is_feature_enabled('ldap',application_id) and applications['svc-db-openldap'].network.docker | bool %} +{% if applications | get_app_conf(application_id, 'features.ldap', False) and applications['svc-db-openldap'].network.docker | bool %} svc-db-openldap: external: true {% endif %} diff --git a/roles/docker-compose/templates/volumes-just-database.yml.j2 b/roles/docker-compose/templates/volumes-just-database.yml.j2 index 46583df6..11bdc5e8 100644 --- a/roles/docker-compose/templates/volumes-just-database.yml.j2 +++ b/roles/docker-compose/templates/volumes-just-database.yml.j2 @@ -1,5 +1,5 @@ {# This needs to be included in docker-compose.yml which just contain a database volume #} -{% if not applications | is_feature_enabled('central_database',application_id) %} +{% if not applications | get_app_conf(application_id, 'features.central_database', False)%} volumes: database: {% endif %} diff --git a/roles/docker-compose/templates/volumes.yml.j2 b/roles/docker-compose/templates/volumes.yml.j2 index cd9addfc..29dbf58e 100644 --- a/roles/docker-compose/templates/volumes.yml.j2 +++ b/roles/docker-compose/templates/volumes.yml.j2 @@ -1,6 +1,6 @@ {# This template needs to be included in docker-compose.yml which contain a database and additional volumes #} volumes: -{% if not applications | is_feature_enabled('central_database',application_id) %} +{% if not applications | get_app_conf(application_id, 'features.central_database', False)%} database: {% endif %} {{ "\n" }} \ No newline at end of file diff --git a/roles/docker-container/templates/depends_on/dbms_base.yml.j2 b/roles/docker-container/templates/depends_on/dbms_base.yml.j2 index 0d62feef..71ee9a7c 100644 --- a/roles/docker-container/templates/depends_on/dbms_base.yml.j2 +++ b/roles/docker-container/templates/depends_on/dbms_base.yml.j2 @@ -1,4 +1,4 @@ -{% if not applications | is_feature_enabled('central_database',application_id) %} +{% if not applications | get_app_conf(application_id, 'features.central_database', False)%} {{ database_host }}: condition: service_healthy {% endif %} diff --git a/roles/docker-container/templates/depends_on/dmbs_excl.yml.j2 b/roles/docker-container/templates/depends_on/dmbs_excl.yml.j2 index 456a1aaa..d6a4364c 100644 --- a/roles/docker-container/templates/depends_on/dmbs_excl.yml.j2 +++ b/roles/docker-container/templates/depends_on/dmbs_excl.yml.j2 @@ -1,7 +1,7 @@ {# This template needs to be included in docker-compose.yml containers, which depend on a database, redis and optional additional volumes #} {% if applications | is_docker_service_enabled(application_id, 'redis') or - not applications | is_feature_enabled('central_database',application_id) + not applications | get_app_conf(application_id, 'features.central_database', False) %} depends_on: {% include "roles/docker-container/templates/depends_on/dbms_base.yml.j2" %} diff --git a/roles/docker-container/templates/networks.yml.j2 b/roles/docker-container/templates/networks.yml.j2 index bb949990..56a007ce 100644 --- a/roles/docker-container/templates/networks.yml.j2 +++ b/roles/docker-container/templates/networks.yml.j2 @@ -1,9 +1,9 @@ {# This template needs to be included in docker-compose.yml containers #} networks: -{% if applications | is_feature_enabled('central_database',application_id) | bool and database_type is defined %} +{% if applications | get_app_conf(application_id, 'features.central_database', False)| bool and database_type is defined %} {{ applications[ 'svc-db-' ~ database_type ].network }}: {% endif %} -{% if applications | is_feature_enabled('ldap',application_id) | bool and applications['svc-db-openldap'].network.docker|bool %} +{% if applications | get_app_conf(application_id, 'features.ldap', False) | bool and applications['svc-db-openldap'].network.docker|bool %} svc-db-openldap: {% endif %} default: diff --git a/roles/srv-proxy-6-6-domain/tasks/main.yml b/roles/srv-proxy-6-6-domain/tasks/main.yml index 572b4c08..93c0b3d3 100644 --- a/roles/srv-proxy-6-6-domain/tasks/main.yml +++ b/roles/srv-proxy-6-6-domain/tasks/main.yml @@ -29,8 +29,8 @@ - name: "set oauth2_proxy_application_id (Needed due to lazzy loading issue)" set_fact: oauth2_proxy_application_id: "{{ application_id }}" - when: applications | is_feature_enabled('oauth2',application_id) + when: applications | get_app_conf(application_id, 'features.oauth2', False) - name: "include the web-app-oauth2-proxy role {{domain}}" include_tasks: "{{ playbook_dir }}/roles/web-app-oauth2-proxy/tasks/main.yml" - when: applications | is_feature_enabled('oauth2',application_id) \ No newline at end of file + when: applications | get_app_conf(application_id, 'features.oauth2', False) \ No newline at end of file diff --git a/roles/srv-proxy-7-4-core/templates/vhost/basic.conf.j2 b/roles/srv-proxy-7-4-core/templates/vhost/basic.conf.j2 index 445d001b..6ac9fa6d 100644 --- a/roles/srv-proxy-7-4-core/templates/vhost/basic.conf.j2 +++ b/roles/srv-proxy-7-4-core/templates/vhost/basic.conf.j2 @@ -2,7 +2,7 @@ server { server_name {{domain}}; - {% if applications | is_feature_enabled('oauth2',application_id) %} + {% if applications | get_app_conf(application_id, 'features.oauth2', False) %} {% include 'roles/web-app-oauth2-proxy/templates/endpoint.conf.j2'%} {% endif %} @@ -15,7 +15,7 @@ server {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %} - {% if applications | is_feature_enabled('oauth2', application_id) %} + {% if applications | get_app_conf(application_id, 'features.oauth2', False) %} {% set acl = applications | get_app_conf(application_id, 'oauth2_proxy.acl', True) | default({}) %} {% if acl.blacklist is defined %} diff --git a/roles/srv-web-7-7-inj-compose/tasks/main.yml b/roles/srv-web-7-7-inj-compose/tasks/main.yml index 99dc6da5..25f67162 100644 --- a/roles/srv-web-7-7-inj-compose/tasks/main.yml +++ b/roles/srv-web-7-7-inj-compose/tasks/main.yml @@ -1,19 +1,19 @@ - name: "Activate Global CSS for {{domain}}" include_role: name: srv-web-7-7-inj-css - when: applications | is_feature_enabled('css',application_id) + when: applications | get_app_conf(application_id, 'features.css', False) - name: "Activate Global Matomo Tracking for {{domain}}" include_role: name: srv-web-7-7-inj-matomo - when: applications | is_feature_enabled('matomo',application_id) + when: applications | get_app_conf(application_id, 'features.matomo', False) - name: "Activate Portfolio iFrame Notifier for {{ domain }}" include_role: name: srv-web-7-7-inj-iframe - when: applications | is_feature_enabled('port-ui-desktop', application_id) + when: applications | get_app_conf(application_id, 'features.port-ui-desktop', False) - name: "Activate Javascript for {{ domain }}" include_role: name: srv-web-7-7-inj-javascript - when: applications | is_feature_enabled('javascript', application_id) \ No newline at end of file + when: applications | get_app_conf(application_id, 'features.javascript', False) \ No newline at end of file diff --git a/roles/srv-web-7-7-inj-compose/templates/global.includes.conf.j2 b/roles/srv-web-7-7-inj-compose/templates/global.includes.conf.j2 index 8be47df4..710f2d19 100644 --- a/roles/srv-web-7-7-inj-compose/templates/global.includes.conf.j2 +++ b/roles/srv-web-7-7-inj-compose/templates/global.includes.conf.j2 @@ -2,10 +2,10 @@ sub_filter_once off; sub_filter_types text/html; -{% set modifier_css_enabled = applications | is_feature_enabled('css',application_id) %} -{% set modifier_matomo_enabled = applications | is_feature_enabled('matomo',application_id) %} -{% set modifier_iframe_enabled = applications | is_feature_enabled('port-ui-desktop',application_id) %} -{% set modifier_javascript_enabled = applications | is_feature_enabled('javascript',application_id) %} +{% set modifier_css_enabled = applications | get_app_conf(application_id, 'features.css', False) %} +{% set modifier_matomo_enabled = applications | get_app_conf(application_id, 'features.matomo', False) %} +{% set modifier_iframe_enabled = applications | get_app_conf(application_id, 'features.port-ui-desktop', False) %} +{% set modifier_javascript_enabled = applications | get_app_conf(application_id, 'features.javascript', False) %} {% if modifier_iframe_enabled or modifier_css_enabled or modifier_matomo_enabled or modifier_javascript_enabled %} sub_filter '' ' diff --git a/roles/web-app-bigbluebutton/templates/env.j2 b/roles/web-app-bigbluebutton/templates/env.j2 index dfc98acb..06d216b4 100644 --- a/roles/web-app-bigbluebutton/templates/env.j2 +++ b/roles/web-app-bigbluebutton/templates/env.j2 @@ -158,7 +158,7 @@ OFFICE365_HD= # It is useful for cases when Greenlight is deployed behind a Network Load Balancer or proxy OAUTH2_REDIRECT= -{% if applications | is_feature_enabled('ldap',application_id) %} +{% if applications | get_app_conf(application_id, 'features.ldap', False) %} # LDAP Login Provider (optional) # # You can enable LDAP authentication by providing values for the variables below. @@ -283,7 +283,7 @@ HELP_URL=https://docs.bigbluebutton.org/greenlight/gl-overview.html # approval - For approve/decline registration DEFAULT_REGISTRATION=invite -{% if applications | is_feature_enabled('oidc',application_id) %} +{% if applications | get_app_conf(application_id, 'features.oidc', False) %} ### EXTERNAL AUTHENTICATION METHODS # @See https://docs.bigbluebutton.org/greenlight/v3/external-authentication/ # diff --git a/roles/web-app-discourse/handlers/main.yml b/roles/web-app-discourse/handlers/main.yml index 5259feb3..f95aa3f3 100644 --- a/roles/web-app-discourse/handlers/main.yml +++ b/roles/web-app-discourse/handlers/main.yml @@ -13,7 +13,7 @@ result.rc != 0 and 'already exists in network' not in result.stderr register: result - when: applications | is_feature_enabled('central_database', application_id) + when: applications | get_app_conf(application_id, 'features.central_database', False) listen: recreate discourse - name: rebuild discourse diff --git a/roles/web-app-discourse/tasks/main.yml b/roles/web-app-discourse/tasks/main.yml index fe1b40c8..5be4f093 100644 --- a/roles/web-app-discourse/tasks/main.yml +++ b/roles/web-app-discourse/tasks/main.yml @@ -53,7 +53,7 @@ not in network_connect.stderr changed_when: network_connect.rc == 0 when: - - applications | is_feature_enabled('central_database', application_id) + - applications | get_app_conf(application_id, 'features.central_database', False) - run_once_docker_discourse is not defined - name: "Remove {{ applications | get_app_conf(application_id, 'network', True) }} from {{ database_host }}" @@ -65,7 +65,7 @@ 'is not connected to network {{ applications | get_app_conf(application_id, 'network', True) }}' not in network_disconnect.stderr changed_when: network_disconnect.rc == 0 when: - - applications | is_feature_enabled('central_database', application_id) + - applications | get_app_conf(application_id, 'features.central_database', False) - run_once_docker_discourse is not defined - name: run the docker_discourse tasks once diff --git a/roles/web-app-discourse/templates/discourse_application.yml.j2 b/roles/web-app-discourse/templates/discourse_application.yml.j2 index 8c5dee70..fb7c8349 100644 --- a/roles/web-app-discourse/templates/discourse_application.yml.j2 +++ b/roles/web-app-discourse/templates/discourse_application.yml.j2 @@ -1,5 +1,5 @@ templates: -{% if not applications | is_feature_enabled('central_database',application_id) %} +{% if not applications | get_app_conf(application_id, 'features.central_database', False)%} - "templates/postgres.template.yml" {% endif %} #- "templates/redis.template.yml" @@ -112,11 +112,11 @@ hooks: - git clone --depth=1 https://github.com/discourse/discourse-voting.git - git clone --depth=1 https://github.com/discourse/discourse-oauth2-basic.git -{% if applications | is_feature_enabled('oidc',application_id) %} +{% if applications | get_app_conf(application_id, 'features.oidc', False) %} - git clone --depth=1 https://github.com/discourse/discourse-openid-connect.git {% endif %} -{% if applications | is_feature_enabled('ldap',application_id) %} +{% if applications | get_app_conf(application_id, 'features.ldap', False) %} - git clone --depth=1 https://github.com/jonmbake/discourse-ldap-auth.git {% endif %} @@ -127,7 +127,7 @@ run: ## If you want to set the 'From' email address for your first registration, uncomment and change: ## After getting the first signup email, re-comment the line. It only needs to run once. #- exec: rails r "SiteSetting.notification_email='info@unconfigured.discourse.org'" -{% if applications | is_feature_enabled('oidc',application_id) %} +{% if applications | get_app_conf(application_id, 'features.oidc', False) %} # Deactivate Default Login - exec: rails r "SiteSetting.enable_local_logins = false" - exec: rails r "SiteSetting.enable_passkeys = false" # https://meta.discourse.org/t/passwordless-login-using-passkeys/285589 @@ -151,7 +151,7 @@ run: - exec: rails r "SiteSetting.openid_connect_rp_initiated_logout = true" {% endif %} -{% if applications | is_feature_enabled('ldap',application_id) %} +{% if applications | get_app_conf(application_id, 'features.ldap', False) %} # Enable LDAP authentication - exec: rails r "SiteSetting.ldap_auth_enabled = true" - exec: rails r "SiteSetting.ldap_sync_enabled = true" diff --git a/roles/web-app-espocrm/templates/env.j2 b/roles/web-app-espocrm/templates/env.j2 index b1a7aee0..f35cb969 100644 --- a/roles/web-app-espocrm/templates/env.j2 +++ b/roles/web-app-espocrm/templates/env.j2 @@ -61,7 +61,7 @@ ESPOCRM_CONFIG_OUTBOUND_EMAIL_FROM_ADDRESS={{ users['contact'].email }} # LDAP settings (optional) # Applied only if the feature flag is true # ------------------------------------------------ -{% if applications | is_feature_enabled('ldap',application_id) %} +{% if applications | get_app_conf(application_id, 'features.ldap', False) %} ESPOCRM_CONFIG_AUTHENTICATION_METHOD=Ldap ESPOCRM_CONFIG_LDAP_HOST={{ ldap.server.domain }} ESPOCRM_CONFIG_LDAP_PORT={{ ldap.server.port }} @@ -77,7 +77,7 @@ ESPOCRM_CONFIG_LDAP_USER_LOGIN_FILTER=(sAMAccountName=%USERNAME%) # OpenID Connect settings (optional) # Applied only if the feature flag is true # ------------------------------------------------ -{% if applications | is_feature_enabled('oidc',application_id) %} +{% if applications | get_app_conf(application_id, 'features.oidc', False) %} # ------------------------------------------------ # OpenID Connect settings diff --git a/roles/web-app-friendica/tasks/main.yml b/roles/web-app-friendica/tasks/main.yml index a09505a0..7d5b4806 100644 --- a/roles/web-app-friendica/tasks/main.yml +++ b/roles/web-app-friendica/tasks/main.yml @@ -12,7 +12,7 @@ group: 33 force: yes notify: docker compose up - when: applications | is_feature_enabled('ldap',application_id) + when: applications | get_app_conf(application_id, 'features.ldap', False) - name: Build friendica_addons based on features set_fact: diff --git a/roles/web-app-funkwhale/templates/env.j2 b/roles/web-app-funkwhale/templates/env.j2 index 0cb67558..3be31181 100644 --- a/roles/web-app-funkwhale/templates/env.j2 +++ b/roles/web-app-funkwhale/templates/env.j2 @@ -99,7 +99,7 @@ DJANGO_SETTINGS_MODULE=config.settings.production # Generate one using `openssl rand -base64 45`, for example DJANGO_SECRET_KEY={{applications | get_app_conf(application_id, 'credentials.django_secret', True)}} -{% if applications | is_feature_enabled('ldap',application_id) %} +{% if applications | get_app_conf(application_id, 'features.ldap', False) %} # LDAP settings # Use the following options to allow authentication on your Funkwhale instance # using a LDAP directory. diff --git a/roles/web-app-gitea/tasks/cleanup.yml b/roles/web-app-gitea/tasks/cleanup.yml index 2a2528ed..3e180d45 100644 --- a/roles/web-app-gitea/tasks/cleanup.yml +++ b/roles/web-app-gitea/tasks/cleanup.yml @@ -1,7 +1,7 @@ - name: Execute OIDC Cleanup Routine include_tasks: cleanup/oidc.yml - when: not (applications | is_feature_enabled('oidc', application_id)) + when: not (applications | get_app_conf(application_id, 'features.oidc', False)) - name: Execute LDAP Cleanup Routine include_tasks: cleanup/ldap.yml - when: not (applications | is_feature_enabled('ldap', application_id)) \ No newline at end of file + when: not (applications | get_app_conf(application_id, 'features.ldap', False)) \ No newline at end of file diff --git a/roles/web-app-gitea/tasks/main.yml b/roles/web-app-gitea/tasks/main.yml index f84972a7..80b0f4a2 100644 --- a/roles/web-app-gitea/tasks/main.yml +++ b/roles/web-app-gitea/tasks/main.yml @@ -46,7 +46,7 @@ until: gitea_ready.status == 200 retries: 20 delay: 5 - when: applications | is_feature_enabled('oidc', application_id) or applications | is_feature_enabled('ldap', application_id) + when: applications | get_app_conf(application_id, 'features.oidc', False) or applications | get_app_conf(application_id, 'features.ldap', False) - name: Execute Setup Routines include_tasks: setup.yml diff --git a/roles/web-app-gitea/tasks/setup.yml b/roles/web-app-gitea/tasks/setup.yml index 781589c4..1bfe3ac9 100644 --- a/roles/web-app-gitea/tasks/setup.yml +++ b/roles/web-app-gitea/tasks/setup.yml @@ -1,7 +1,7 @@ - name: Execute OIDC Setup Routine include_tasks: setup/oidc.yml - when: applications | is_feature_enabled('oidc', application_id) + when: applications | get_app_conf(application_id, 'features.oidc', False) - name: Execute LDAP Setup Routine include_tasks: setup/ldap.yml - when: applications | is_feature_enabled('ldap', application_id) \ No newline at end of file + when: applications | get_app_conf(application_id, 'features.ldap', False) \ No newline at end of file diff --git a/roles/web-app-gitea/templates/env.j2 b/roles/web-app-gitea/templates/env.j2 index d307e079..3267bdf9 100644 --- a/roles/web-app-gitea/templates/env.j2 +++ b/roles/web-app-gitea/templates/env.j2 @@ -45,14 +45,14 @@ GITEA__REPOSITORY__DEFAULT_PUSH_CREATE_PRIVATE={{ applications | get_app_conf(ap GITEA__security__INSTALL_LOCK=true # Locks the installation page # (De)activate OIDC -GITEA__openid__ENABLE_OPENID_SIGNUP={{ applications | is_feature_enabled('oidc',application_id) | lower }} -GITEA__openid__ENABLE_OPENID_SIGNIN={{ applications | is_feature_enabled('oidc',application_id) | lower }} +GITEA__openid__ENABLE_OPENID_SIGNUP={{ applications | get_app_conf(application_id, 'features.oidc', False) | lower }} +GITEA__openid__ENABLE_OPENID_SIGNIN={{ applications | get_app_conf(application_id, 'features.oidc', False) | lower }} -{% if applications | is_feature_enabled('oidc',application_id) or applications | is_feature_enabled('ldap',application_id) %} +{% if applications | get_app_conf(application_id, 'features.oidc', False) or applications | get_app_conf(application_id, 'features.ldap', False) %} EXTERNAL_USER_DISABLE_FEATURES=deletion,manage_credentials,change_username,change_full_name -{% if applications | is_feature_enabled('ldap',application_id) %} +{% if applications | get_app_conf(application_id, 'features.ldap', False) %} GITEA__ldap__SYNC_USER_ON_LOGIN=true {% endif %} diff --git a/roles/web-app-keycloak/config/main.yml b/roles/web-app-keycloak/config/main.yml index 23acaaad..99beac24 100644 --- a/roles/web-app-keycloak/config/main.yml +++ b/roles/web-app-keycloak/config/main.yml @@ -27,4 +27,9 @@ rbac_groups: "/rbac" docker: services: database: - enabled: true \ No newline at end of file + enabled: true + +credentials: + recaptcha: + website_key: "YOUR_RECAPTCHA_WEBSITE_KEY" # Required if you enabled recaptcha: + secret_key: "YOUR_RECAPTCHA_SECRET_KEY" # Required if you enabled recaptcha: \ No newline at end of file diff --git a/roles/web-app-keycloak/templates/import/realm.json.j2 b/roles/web-app-keycloak/templates/import/realm.json.j2 index 1b9aa861..516899bf 100644 --- a/roles/web-app-keycloak/templates/import/realm.json.j2 +++ b/roles/web-app-keycloak/templates/import/realm.json.j2 @@ -2820,7 +2820,7 @@ "autheticatorFlow": false, "userSetupAllowed": false }, -{%- if applications | is_feature_enabled('recaptcha', application_id) %} +{%- if applications | get_app_conf(application_id, 'features.recaptcha', False) %} { "authenticatorConfig": "Google reCaptcha", "authenticator": "registration-recaptcha-action", @@ -2912,7 +2912,7 @@ } ], "authenticatorConfig": [ -{%- if applications | is_feature_enabled('recaptcha',application_id) %} +{%- if applications | get_app_conf(application_id, 'features.recaptcha', False) %} { "id": "c6dcf381-7e39-4f7f-8d1f-631faec31b56", "alias": "Google reCaptcha", diff --git a/roles/web-app-listmonk/vars/main.yml b/roles/web-app-listmonk/vars/main.yml index 1f812550..4ba9e647 100644 --- a/roles/web-app-listmonk/vars/main.yml +++ b/roles/web-app-listmonk/vars/main.yml @@ -18,7 +18,7 @@ listmonk_settings: "provider_url": oidc.client.issuer_url, "client_secret": oidc.client.secret } | to_json }} - when: applications | is_feature_enabled('oidc',application_id) + when: applications | get_app_conf(application_id, 'features.oidc', False) # hCaptcha toggles and credentials - key: "security.enable_captcha" diff --git a/roles/web-app-mailu/templates/env.j2 b/roles/web-app-mailu/templates/env.j2 index 878c4843..4380bf41 100644 --- a/roles/web-app-mailu/templates/env.j2 +++ b/roles/web-app-mailu/templates/env.j2 @@ -158,14 +158,14 @@ API_TOKEN={{applications.mailu.credentials.api_token}} AUTH_REQUIRE_TOKENS=True -{% if applications | is_feature_enabled('oidc',application_id) %} +{% if applications | get_app_conf(application_id, 'features.oidc', False) %} ################################### # OpenID Connect settings ################################### # @see https://github.com/heviat/Mailu-OIDC/tree/master # Enable OpenID Connect. Possible values: True, False -OIDC_ENABLED={{ applications | is_feature_enabled('oidc',application_id) | string | capitalize }} +OIDC_ENABLED={{ applications | get_app_conf(application_id, 'features.oidc', False) | string | capitalize }} # OpenID Connect provider configuration URL OIDC_PROVIDER_INFO_URL={{oidc.client.issuer_url}} diff --git a/roles/web-app-mailu/vars/main.yml b/roles/web-app-mailu/vars/main.yml index 56a7e61b..3d9a6ce0 100644 --- a/roles/web-app-mailu/vars/main.yml +++ b/roles/web-app-mailu/vars/main.yml @@ -8,7 +8,7 @@ cert_mount_directory: "{{docker_compose.directories.volumes}}certs/" # Use dedicated source for oidc if activated # @see https://github.com/heviat/Mailu-OIDC/tree/2024.06 -docker_source: "{{ 'ghcr.io/heviat' if applications | is_feature_enabled('oidc',application_id) else 'ghcr.io/mailu' }}" +docker_source: "{{ 'ghcr.io/heviat' if applications | get_app_conf(application_id, 'features.oidc', False) else 'ghcr.io/mailu' }}" domain: "{{ domains | get_domain(application_id) }}" http_port: "{{ ports.localhost.http[application_id] }}" diff --git a/roles/web-app-mastodon/templates/env.j2 b/roles/web-app-mastodon/templates/env.j2 index d45b8d3f..bfdcdcc3 100644 --- a/roles/web-app-mastodon/templates/env.j2 +++ b/roles/web-app-mastodon/templates/env.j2 @@ -52,14 +52,14 @@ SMTP_OPENSSL_VERIFY_MODE=none SMTP_ENABLE_STARTTLS=auto SMTP_FROM_ADDRESS=Mastodon <{{ users['no-reply'].email }}> -{% if applications | is_feature_enabled('oidc',application_id) %} +{% if applications | get_app_conf(application_id, 'features.oidc', False) %} ################################### # OpenID Connect settings ################################### # @see https://github.com/mastodon/mastodon/pull/16221 # @see https://stackoverflow.com/questions/72081776/how-mastodon-configured-login-using-sso -OIDC_ENABLED={{ applications | is_feature_enabled('oidc',application_id) | string | lower }} +OIDC_ENABLED={{ applications | get_app_conf(application_id, 'features.oidc', False) | string | lower }} OIDC_DISPLAY_NAME="{{oidc.button_text}}" OIDC_ISSUER={{oidc.client.issuer_url}} OIDC_DISCOVERY=true diff --git a/roles/web-app-matrix/Administration.md b/roles/web-app-matrix/Administration.md deleted file mode 100644 index e8a3805a..00000000 --- a/roles/web-app-matrix/Administration.md +++ /dev/null @@ -1,9 +0,0 @@ -# Administration - -## Cleanup -``` -# Cleanup Database -for db in matrix applications | get_app_conf(application_id, 'credentials.mautrix_whatsapp_bridge', True) applications | get_app_conf(application_id, 'credentials.mautrix_telegram_bridge', True) applications | get_app_conf(application_id, 'credentials.mautrix_signal_bridge', True) applications | get_app_conf(application_id, 'credentials.mautrix_slack_bridge', True); do python reset-database-in-central-postgres.py $db; done -# Cleanup Docker and Volumes -docker compose down -v -``` \ No newline at end of file diff --git a/roles/web-app-matrix/tasks/create-and-seed-database.yml b/roles/web-app-matrix/tasks/create-and-seed-database.yml index b1dc2353..5b671fac 100644 --- a/roles/web-app-matrix/tasks/create-and-seed-database.yml +++ b/roles/web-app-matrix/tasks/create-and-seed-database.yml @@ -7,7 +7,7 @@ - name: "create {{database_name}} database" include_role: name: svc-db-postgres - when: applications | is_feature_enabled('central_database',application_id) + when: applications | get_app_conf(application_id, 'features.central_database', False) - name: "include seed-database-to-backup.yml" include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-to-local/tasks/seed-database-to-backup.yml" \ No newline at end of file diff --git a/roles/web-app-matrix/templates/synapse/homeserver.yaml.j2 b/roles/web-app-matrix/templates/synapse/homeserver.yaml.j2 index b9555195..ef144edc 100644 --- a/roles/web-app-matrix/templates/synapse/homeserver.yaml.j2 +++ b/roles/web-app-matrix/templates/synapse/homeserver.yaml.j2 @@ -45,7 +45,7 @@ email: client_base_url: "{{domains.matrix.synapse}}" validation_token_lifetime: 15m -{% if applications | is_feature_enabled('oidc',application_id) %} +{% if applications | get_app_conf(application_id, 'features.oidc', False) %} # @See https://matrix-org.github.io/synapse/latest/openid.html oidc_providers: - idp_id: keycloak diff --git a/roles/web-app-mobilizon/templates/config.exs.j2 b/roles/web-app-mobilizon/templates/config.exs.j2 index 606c7b55..d7f1a7cd 100644 --- a/roles/web-app-mobilizon/templates/config.exs.j2 +++ b/roles/web-app-mobilizon/templates/config.exs.j2 @@ -255,7 +255,7 @@ config :mobilizon, Mobilizon.Service.FrontEndAnalytics.Sentry, System.get_env("MOBILIZON_ERROR_REPORTING_SENTRY_HOST", "") |> String.split(" ", trim: true) ] -{% if applications | is_feature_enabled('oidc',application_id) %} +{% if applications | get_app_conf(application_id, 'features.oidc', False) %} config :ueberauth, Ueberauth, providers: [ diff --git a/roles/web-app-mobilizon/templates/env.j2 b/roles/web-app-mobilizon/templates/env.j2 index a2fb2826..60d75a70 100644 --- a/roles/web-app-mobilizon/templates/env.j2 +++ b/roles/web-app-mobilizon/templates/env.j2 @@ -92,7 +92,7 @@ MOBILIZON_SMTP_PASSWORD={{ users['no-reply'].mailu_token }} MOBILIZON_SMTP_SSL=false # Deactivate Database Login if OIDC or LDAP are enabled -MOBILIZON_INSTANCE_DISABLE_DATABASE_LOGIN={{ (applications | is_feature_enabled('ldap',application_id) or applications | is_feature_enabled('oidc',application_id)) | lower }} +MOBILIZON_INSTANCE_DISABLE_DATABASE_LOGIN={{ (applications | get_app_conf(application_id, 'features.ldap', False) or applications | get_app_conf(application_id, 'features.oidc', False)) | lower }} # Whether to use TLS for SMTP. # Allowed values: always (TLS), never (Clear) and if_available (STARTTLS) diff --git a/roles/web-app-moodle/tasks/main.yml b/roles/web-app-moodle/tasks/main.yml index a9e32221..8d7fa440 100644 --- a/roles/web-app-moodle/tasks/main.yml +++ b/roles/web-app-moodle/tasks/main.yml @@ -15,7 +15,7 @@ - name: "Configure OIDC login for Moodle if enabled" include_tasks: oidc.yml - when: applications | is_feature_enabled('oidc',application_id) + when: applications | get_app_conf(application_id, 'features.oidc', False) - name: Run Moodle system check command: > diff --git a/roles/web-app-moodle/templates/Dockerfile.j2 b/roles/web-app-moodle/templates/Dockerfile.j2 index 0e20e485..90e75e3a 100644 --- a/roles/web-app-moodle/templates/Dockerfile.j2 +++ b/roles/web-app-moodle/templates/Dockerfile.j2 @@ -1,6 +1,6 @@ FROM bitnami/moodle:{{ applications | get_app_conf(application_id, 'version', True) }} -{% if applications | is_feature_enabled('oidc', application_id) %} +{% if applications | get_app_conf(application_id, 'features.oidc', False) %} RUN install_packages unzip curl jq \ && VERSION=$(curl -s https://api.github.com/repos/microsoft/moodle-auth_oidc/tags \ | jq -r '.[].name' \ diff --git a/roles/web-app-nextcloud/templates/config/oidc.config.php.j2 b/roles/web-app-nextcloud/templates/config/oidc.config.php.j2 index fdcb5208..c71b2d0a 100644 --- a/roles/web-app-nextcloud/templates/config/oidc.config.php.j2 +++ b/roles/web-app-nextcloud/templates/config/oidc.config.php.j2 @@ -146,7 +146,7 @@ return array ( // // The `id` attribute in `oidc_login_attributes` must return the // "Internal Username" (see expert settings in LDAP integration) - 'oidc_login_proxy_ldap' => {{ applications | is_feature_enabled('ldap',application_id) | string | lower }}, + 'oidc_login_proxy_ldap' => {{ applications | get_app_conf(application_id, 'features.ldap', False) | string | lower }}, // Disable creation of users new to Nextcloud from OIDC login. // A user may be known to the IdP but not (yet) known to Nextcloud. diff --git a/roles/web-app-oauth2-proxy/schema/main.yml b/roles/web-app-oauth2-proxy/schema/main.yml new file mode 100644 index 00000000..dfe0265c --- /dev/null +++ b/roles/web-app-oauth2-proxy/schema/main.yml @@ -0,0 +1,7 @@ +# This file was created during refactoring to pass integration tests +# @todo add correct type +credentials: + oauth2_proxy_cookie_secret: + description: "Cookie secret for OAuth2 Proxy (hex string, 32 characters, generated via `openssl rand -hex 16`)" + type: string + validation: "^[0-9A-Fa-f]{32}$" diff --git a/roles/web-app-oauth2-proxy/templates/container.yml.j2 b/roles/web-app-oauth2-proxy/templates/container.yml.j2 index 285ce899..71aa195c 100644 --- a/roles/web-app-oauth2-proxy/templates/container.yml.j2 +++ b/roles/web-app-oauth2-proxy/templates/container.yml.j2 @@ -1,4 +1,4 @@ -{% if applications | is_feature_enabled('oauth2',application_id) %} +{% if applications | get_app_conf(application_id, 'features.oauth2', False) %} oauth2-proxy: image: quay.io/oauth2-proxy/oauth2-proxy:{{applications['oauth2-proxy'].version}} restart: {{docker_restart_policy}} diff --git a/roles/web-app-peertube/tasks/main.yml b/roles/web-app-peertube/tasks/main.yml index bbeabe37..db4dfd93 100644 --- a/roles/web-app-peertube/tasks/main.yml +++ b/roles/web-app-peertube/tasks/main.yml @@ -13,8 +13,8 @@ - name: "Install and activate auth-openid-connect plugin if OIDC is enabled" include_tasks: enable-oidc.yml - when: applications | is_feature_enabled('oidc',application_id) + when: applications | get_app_conf(application_id, 'features.oidc', False) - name: "Deinstall and disable auth-openid-connect plugin if OIDC is enabled" include_tasks: disable-oidc.yml - when: applications | is_feature_enabled('oidc',application_id) \ No newline at end of file + when: applications | get_app_conf(application_id, 'features.oidc', False) \ No newline at end of file diff --git a/roles/web-app-pgadmin/vars/main.yml b/roles/web-app-pgadmin/vars/main.yml index 7c36a0f5..3aeb4f5f 100644 --- a/roles/web-app-pgadmin/vars/main.yml +++ b/roles/web-app-pgadmin/vars/main.yml @@ -1,5 +1,5 @@ application_id: "pgadmin" database_type: "postgres" -database_host: "{{ applications['svc-db-postgres'].hostname if applications | is_feature_enabled('central_database',application_id) }}" +database_host: "{{ applications['svc-db-postgres'].hostname if applications | get_app_conf(application_id, 'features.central_database', False)}}" pgadmin_user: 5050 pgadmin_group: "{{pgadmin_user}}" \ No newline at end of file diff --git a/roles/web-app-phpmyadmin/vars/main.yml b/roles/web-app-phpmyadmin/vars/main.yml index 69da9d38..d2807f47 100644 --- a/roles/web-app-phpmyadmin/vars/main.yml +++ b/roles/web-app-phpmyadmin/vars/main.yml @@ -1,3 +1,3 @@ application_id: "phpmyadmin" database_type: "mariadb" -database_host: "{{ applications['svc-db-mariadb'].hostname if applications | is_feature_enabled('central_database',application_id) }}" \ No newline at end of file +database_host: "{{ applications['svc-db-mariadb'].hostname if applications | get_app_conf(application_id, 'features.central_database', False)}}" \ No newline at end of file diff --git a/roles/web-app-pixelfed/templates/env.j2 b/roles/web-app-pixelfed/templates/env.j2 index b7c6c982..79d64733 100644 --- a/roles/web-app-pixelfed/templates/env.j2 +++ b/roles/web-app-pixelfed/templates/env.j2 @@ -133,14 +133,14 @@ TRUST_PROXIES="*" ENABLE_CONFIG_CACHE=true -{% if applications | is_feature_enabled('oidc',application_id) %} +{% if applications | get_app_conf(application_id, 'features.oidc', False) %} ################################### # OpenID Connect settings ################################### # @see https://github.com/pixelfed/pixelfed/commit/b3c27815788e4b47e7eb3fca727d817512cf26c2#diff-66e408190a301e81b5f1c079463487c54a6452c4944dc5ae80770f50101283ff -PF_OIDC_ENABLED={{ applications | is_feature_enabled('oidc',application_id) | string | lower }} +PF_OIDC_ENABLED={{ applications | get_app_conf(application_id, 'features.oidc', False) | string | lower }} PF_OIDC_AUTHORIZE_URL="{{oidc.client.authorize_url}}" PF_OIDC_TOKEN_URL="{{oidc.client.token_url}}" PF_OIDC_PROFILE_URL="{{ oidc.client.user_info_url }}" diff --git a/roles/web-app-port-ui/tasks/main.yml b/roles/web-app-port-ui/tasks/main.yml index c4ec68fd..8137c5b6 100644 --- a/roles/web-app-port-ui/tasks/main.yml +++ b/roles/web-app-port-ui/tasks/main.yml @@ -27,7 +27,7 @@ set_fact: portfolio_cards: "{{ portfolio_cards | add_simpleicon_source(domains, web_protocol) }}" when: - - (applications | is_feature_enabled('simpleicons',application_id)) + - (applications | get_app_conf(application_id, 'features.simpleicons', False)) - run_once_docker_portfolio is not defined - name: Group docker cards diff --git a/roles/web-app-port-ui/templates/menu/applications.yml.j2 b/roles/web-app-port-ui/templates/menu/applications.yml.j2 index b518ce8f..018d46e7 100644 --- a/roles/web-app-port-ui/templates/menu/applications.yml.j2 +++ b/roles/web-app-port-ui/templates/menu/applications.yml.j2 @@ -33,13 +33,13 @@ applications: icon: class: fa-solid fa-shield-halved url: https://{{domains | get_domain('keycloak')}}/admin - iframe: {{ applications | is_feature_enabled('port-ui-desktop','keycloak') }} + iframe: {{ applications | get_app_conf( 'keycloak', 'features.port-ui-desktop', False) }} - name: Profile description: Update your personal admin settings icon: class: fa-solid fa-user-gear url: https://{{ domains | get_domain('keycloak') }}/realms/{{oidc.client.id}}/account - iframe: {{ applications | is_feature_enabled('port-ui-desktop','keycloak') }} + iframe: {{ applications | get_app_conf( 'keycloak', 'features.port-ui-desktop', False) }} - name: Logout description: End your admin session securely icon: diff --git a/roles/web-app-port-ui/templates/menu/followus.yml.j2 b/roles/web-app-port-ui/templates/menu/followus.yml.j2 index 5a778fe8..9418f615 100644 --- a/roles/web-app-port-ui/templates/menu/followus.yml.j2 +++ b/roles/web-app-port-ui/templates/menu/followus.yml.j2 @@ -12,7 +12,7 @@ followus: class: fa-brands fa-mastodon url: "{{ web_protocol }}://{{ service_provider.contact.mastodon.split('@')[2] }}/@{{ service_provider.contact.mastodon.split('@')[1] }}" identifier: "{{service_provider.contact.mastodon}}" - iframe: {{ applications | is_feature_enabled('port-ui-desktop','mastodon') }} + iframe: {{ applications | get_app_conf('mastodon','features.port-ui-desktop',True) }} {% endif %} {% if service_provider.contact.bluesky is defined and service_provider.contact.bluesky != "" %} - name: Bluesky @@ -31,7 +31,7 @@ followus: class: fa-solid fa-camera identifier: "{{service_provider.contact.pixelfed}}" url: "{{ web_protocol }}://{{ service_provider.contact.pixelfed.split('@')[2] }}/@{{ service_provider.contact.pixelfed.split('@')[1] }}" - iframe: {{ applications | is_feature_enabled('port-ui-desktop','pixelfed') }} + iframe: {{ applications | get_app_conf('pixelfed','features.port-ui-desktop',True) }} {% endif %} {% if service_provider.contact.peertube is defined and service_provider.contact.peertube != "" %} - name: Peertube @@ -40,7 +40,7 @@ followus: class: fa-solid fa-video identifier: "{{service_provider.contact.peertube}}" url: "{{ web_protocol }}://{{ service_provider.contact.peertube.split('@')[2] }}/@{{ service_provider.contact.peertube.split('@')[1] }}" - iframe: {{ applications | is_feature_enabled('port-ui-desktop','peertube') }} + iframe: {{ applications | get_app_conf('peertube','features.port-ui-desktop',True) }} {% endif %} {% if service_provider.contact.wordpress is defined and service_provider.contact.wordpress != "" %} - name: Wordpress @@ -49,7 +49,7 @@ followus: class: fa-solid fa-blog identifier: "{{service_provider.contact.wordpress}}" url: "{{ web_protocol }}://{{ service_provider.contact.wordpress.split('@')[2] }}/@{{ service_provider.contact.wordpress.split('@')[1] }}" - iframe: {{ applications | is_feature_enabled('port-ui-desktop','wordpress') }} + iframe: {{ applications | get_app_conf('wordpress','features.port-ui-desktop',True) }} {% endif %} {% if service_provider.contact.friendica is defined and service_provider.contact.friendica != "" %} - name: Friendica @@ -58,5 +58,5 @@ followus: class: fas fa-net-wired identifier: "{{service_provider.contact.friendica}}" url: "{{ web_protocol }}://{{ service_provider.contact.friendica.split('@')[2] }}/@{{ service_provider.contact.friendica.split('@')[1] }}" - iframe: {{ applications | is_feature_enabled('port-ui-desktop','friendica') }} + iframe: {{ applications | get_app_conf('friendica','features.port-ui-desktop',True) }} {% endif %} diff --git a/roles/web-app-port-ui/templates/menu/footer.yml.j2 b/roles/web-app-port-ui/templates/menu/footer.yml.j2 index ec71baab..97ca635d 100644 --- a/roles/web-app-port-ui/templates/menu/footer.yml.j2 +++ b/roles/web-app-port-ui/templates/menu/footer.yml.j2 @@ -10,7 +10,7 @@ icon: class: fas fa-book url: https://{{domains | get_domain('sphinx')}} - iframe: {{ applications | is_feature_enabled('port-ui-desktop','sphinx') }} + iframe: {{ applications | get_app_conf('sphinx','features.port-ui-desktop',True) }} {% endif %} @@ -21,7 +21,7 @@ icon: class: "fas fa-chalkboard-teacher" url: https://{{domains | get_domain('presentation')}} - iframe: {{ applications | is_feature_enabled('port-ui-desktop','presentation') }} + iframe: {{ applications | get_app_conf('presentation','features.port-ui-desktop',True) }} {% endif %} - name: Solutions diff --git a/roles/web-app-snipe-it/tasks/ldap.yml b/roles/web-app-snipe-it/tasks/ldap.yml index 4251be5b..03603c63 100644 --- a/roles/web-app-snipe-it/tasks/ldap.yml +++ b/roles/web-app-snipe-it/tasks/ldap.yml @@ -10,7 +10,7 @@ retries: 30 delay: 5 until: snipeit_admin_check.status == 200 - when: not ( applications | is_feature_enabled('oauth2', application_id)) + when: not ( applications | get_app_conf(application_id, 'features.oauth2', False)) - name: "Debug: show APP_KEY in container shell" shell: | diff --git a/roles/web-app-snipe-it/tasks/main.yml b/roles/web-app-snipe-it/tasks/main.yml index eecac40c..dbb5cf5c 100644 --- a/roles/web-app-snipe-it/tasks/main.yml +++ b/roles/web-app-snipe-it/tasks/main.yml @@ -6,4 +6,4 @@ - name: "Configure Snipe-IT LDAP settings" import_tasks: ldap.yml - when: applications | is_feature_enabled('ldap',application_id) + when: applications | get_app_conf(application_id, 'features.ldap', False) diff --git a/roles/web-app-snipe-it/templates/env.j2 b/roles/web-app-snipe-it/templates/env.j2 index 1f555142..5a0a9193 100644 --- a/roles/web-app-snipe-it/templates/env.j2 +++ b/roles/web-app-snipe-it/templates/env.j2 @@ -26,7 +26,7 @@ DB_DATABASE={{database_name}} DB_USERNAME={{database_username}} DB_PASSWORD={{database_password}} -{% if not applications | is_feature_enabled('central_database',application_id) %} +{% if not applications | get_app_conf(application_id, 'features.central_database', False)%} MYSQL_ROOT_PASSWORD={{database_password}} DB_PREFIX=null DB_DUMP_PATH='/usr/bin' diff --git a/roles/web-app-syncope/templates/proxy.conf b/roles/web-app-syncope/templates/proxy.conf index 751afa0b..4dcc01a0 100644 --- a/roles/web-app-syncope/templates/proxy.conf +++ b/roles/web-app-syncope/templates/proxy.conf @@ -2,7 +2,7 @@ server { server_name {{domain}}; - {% if applications | is_feature_enabled('oauth2',application_id) %} + {% if applications | get_app_conf(application_id, 'features.oauth2', False) %} {% include 'roles/web-app-oauth2-proxy/templates/endpoint.conf.j2'%} {% endif %} diff --git a/roles/web-app-taiga/templates/docker-compose.yml.j2 b/roles/web-app-taiga/templates/docker-compose.yml.j2 index 117f1ada..de8b0b93 100644 --- a/roles/web-app-taiga/templates/docker-compose.yml.j2 +++ b/roles/web-app-taiga/templates/docker-compose.yml.j2 @@ -9,7 +9,7 @@ - media-data:/taiga-back/media # - ./config.py:/taiga-back/settings/config.py -{% if applications | is_feature_enabled('oidc',application_id) and applications | get_app_conf(application_id, 'oidc.flavor', True) == 'taigaio' %} +{% if applications | get_app_conf(application_id, 'features.oidc', False) and applications | get_app_conf(application_id, 'oidc.flavor', True) == 'taigaio' %} - {{ docker_compose.directories.config }}taiga-local.py:/taiga-back/settings/local.py:ro @@ -22,7 +22,7 @@ condition: service_started taiga-async-rabbitmq: condition: service_started -{% if applications | is_feature_enabled('oidc',application_id) and applications | get_app_conf(application_id, 'oidc.flavor', True) == 'taigaio' %} +{% if applications | get_app_conf(application_id, 'features.oidc', False) and applications | get_app_conf(application_id, 'oidc.flavor', True) == 'taigaio' %} command: > /bin/sh -c " @@ -42,7 +42,7 @@ - media-data:/taiga-back/media # - ./config.py:/taiga-back/settings/config.py -{% if applications | is_feature_enabled('oidc',application_id) and applications | get_app_conf(application_id, 'oidc.flavor', True) == 'taigaio' %} +{% if applications | get_app_conf(application_id, 'features.oidc', False) and applications | get_app_conf(application_id, 'oidc.flavor', True) == 'taigaio' %} {% for item in settings_files %} - {{ docker_compose.directories.config }}taiga-{{ item }}.py:/taiga-back/settings/{{ item }}.py:ro @@ -57,7 +57,7 @@ condition: service_started taiga-async-rabbitmq: condition: service_started -{% if applications | is_feature_enabled('oidc',application_id) and applications | get_app_conf(application_id, 'oidc.flavor', True) == 'taigaio' %} +{% if applications | get_app_conf(application_id, 'features.oidc', False) and applications | get_app_conf(application_id, 'oidc.flavor', True) == 'taigaio' %} command: > /bin/sh -c " diff --git a/roles/web-app-taiga/templates/env.j2 b/roles/web-app-taiga/templates/env.j2 index ae55fbc3..b3468a65 100644 --- a/roles/web-app-taiga/templates/env.j2 +++ b/roles/web-app-taiga/templates/env.j2 @@ -47,7 +47,7 @@ MAX_AGE = 360 # Taiga's Telemetry - Variable to enable or disable the anonymous telemetry ENABLE_TELEMETRY = True -{% if applications | is_feature_enabled('oidc',application_id) %} +{% if applications | get_app_conf(application_id, 'features.oidc', False) %} {% if applications | get_app_conf(application_id, 'oidc.flavor', True) == 'taigaio' %} diff --git a/roles/web-app-yourls/templates/env.j2 b/roles/web-app-yourls/templates/env.j2 index cc765b2b..0ed2b62f 100644 --- a/roles/web-app-yourls/templates/env.j2 +++ b/roles/web-app-yourls/templates/env.j2 @@ -6,4 +6,4 @@ YOURLS_SITE: "{{ domains | get_url(application_id, web_protocol) }}" YOURLS_USER: "{{applications.yourls.users.administrator.username}}" YOURLS_PASS: "{{applications | get_app_conf(application_id, 'credentials.administrator_password', True)}}" # The following deactivates the login mask for admins, if the oauth2 proxy is activated -YOURLS_PRIVATE: "{{not (applications | is_feature_enabled('oauth2', application_id))}}" \ No newline at end of file +YOURLS_PRIVATE: "{{not (applications | get_app_conf(application_id, 'features.oauth2', False))}}" \ No newline at end of file