From b740b978b502faa815fafb9651ab7542b3bbde90 Mon Sep 17 00:00:00 2001
From: Kevin Veen-Birkenbach <kevin@veen.world>
Date: Mon, 17 Feb 2025 16:07:26 +0100
Subject: [PATCH] Added more scalable oauth2_proxy_active configuration

---
 group_vars/all/07_applications.yml             | 9 ++++++---
 roles/docker-ldap/vars/main.yml                | 2 +-
 roles/docker-openproject/vars/main.yml         | 2 +-
 roles/docker-phpmyadmin/vars/main.yml          | 3 +--
 roles/nginx-global-css/templates/global.css.j2 | 5 ++++-
 5 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/group_vars/all/07_applications.yml b/group_vars/all/07_applications.yml
index 2e667b7f..1fc2175b 100644
--- a/group_vars/all/07_applications.yml
+++ b/group_vars/all/07_applications.yml
@@ -80,6 +80,7 @@ defaults_applications:
     lam:
       version:                        "latest"
       administrator_password:         "{{user_administrator_initial_password}}" # CHANGE for security reasons
+      oauth2_proxy_active:            true
     openldap:
       version:                        "latest"
       network:
@@ -154,7 +155,8 @@ defaults_applications:
 
   ## Open Project
   openproject:
-    version:            "13" # Update when available. Sadly no rolling release implemented
+    version:              "13" # Update when available. Sadly no rolling release implemented
+    oauth2_proxy_active:  true
 
   ## Peertube
   peertube:
@@ -162,8 +164,9 @@ defaults_applications:
 
   ## PHPMyAdmin
   phpmyadmin:
-    version:         "latest"
-    autologin:       false     # This is a high security risk. Just activate this option if you know what you're doing
+    version:              "latest"
+    autologin:            false     # This is a high security risk. Just activate this option if you know what you're doing
+    oauth2_proxy_active:  true
 
   ## Pixelfed
   pixelfed:
diff --git a/roles/docker-ldap/vars/main.yml b/roles/docker-ldap/vars/main.yml
index 97c1365b..91dd5768 100644
--- a/roles/docker-ldap/vars/main.yml
+++ b/roles/docker-ldap/vars/main.yml
@@ -5,7 +5,7 @@ ldap_enabled:         True
 
 # OAuth2 Proxy Configuration
 oauth2_proxy_upstream_application_and_port: "{{ applications.ldap.webinterface }}:{% if applications.ldap.webinterface == 'phpldapadmin' %}8080{% else %}80{% endif %}"
-oauth2_proxy_active:                        true
+oauth2_proxy_active:                        "{{ applications.ldap.lam.oauth2_proxy_active | bool }}"
 
 enable_wildcard_certificate:  false # Activate dedicated Certificate
 
diff --git a/roles/docker-openproject/vars/main.yml b/roles/docker-openproject/vars/main.yml
index 048838ad..412144a9 100644
--- a/roles/docker-openproject/vars/main.yml
+++ b/roles/docker-openproject/vars/main.yml
@@ -13,6 +13,6 @@ dummy_volume:                                 "{{docker_compose.directories.volu
 
 # OAuth2 Proxy Configuration
 oauth2_proxy_upstream_application_and_port:   "proxy:80"
-oauth2_proxy_active:                          true
+oauth2_proxy_active:                          "{{ applications.openproject.oauth2_proxy_active | bool }}"
 
 ldap_enabled:                                 True
\ No newline at end of file
diff --git a/roles/docker-phpmyadmin/vars/main.yml b/roles/docker-phpmyadmin/vars/main.yml
index b92969f3..a6be9d84 100644
--- a/roles/docker-phpmyadmin/vars/main.yml
+++ b/roles/docker-phpmyadmin/vars/main.yml
@@ -1,5 +1,4 @@
 application_id:       "phpmyadmin"
 database_type:        "mariadb"
 database_host:        "{{ 'central-' + database_type if enable_central_database}}"
-# OAuth2 Proxy Configuration
-oauth2_proxy_active:  true
\ No newline at end of file
+oauth2_proxy_active:  "{{ applications.phpmyadmin.oauth2_proxy_active | bool }}"
\ No newline at end of file
diff --git a/roles/nginx-global-css/templates/global.css.j2 b/roles/nginx-global-css/templates/global.css.j2
index 8190087c..df362930 100644
--- a/roles/nginx-global-css/templates/global.css.j2
+++ b/roles/nginx-global-css/templates/global.css.j2
@@ -250,6 +250,8 @@ HINT: Better overwritte CSS variables instead of individual elements.
   --pf-v5-global--BackgroundColor--100:              var(--color-99);
   --pf-v5-global--BackgroundColor--150:              var(--color-95);
   --pf-v5-global--BackgroundColor--200:              var(--color-85);
+  --pf-v5-global--BackgroundColor--300:              var(--color-75);
+  --pf-v5-global--BackgroundColor--400:              var(--color-65);
   --pf-v5-global--BackgroundColor--light-100:        var(--color-100);
   --pf-v5-global--BackgroundColor--light-200:        var(--color-95);
   --pf-v5-global--BackgroundColor--light-300:        var(--color-85);
@@ -326,6 +328,7 @@ HINT: Better overwritte CSS variables instead of individual elements.
   --pf-v5-global--BorderColor--100:          var(--color-75);
   --pf-v5-global--BorderColor--200:          var(--color-50);
   --pf-v5-global--BorderColor--300:          var(--color-85);
+  --pf-v5-global--BorderColor--400:          var(--color-65);
   --pf-v5-global--BorderColor--dark-100:      var(--color-75);
   --pf-v5-global--BorderColor--light-100:     var(--color-65);
 
@@ -396,7 +399,7 @@ button:hover, .btn:hover {
 
 /* Inputs & Forms in Light Mode (Using a Light Tone from the Corporate Design) */
 input, textarea, select {
-    background-color: var(--info-color) !important;  /* Instead of var(--color-90) */
+    background-color: var(--color-82) !important;  /* Instead of var(--color-90) */
     color: var(--color-40) !important;
     border-color: var(--color-70) !important;
 }