Finished CLI Installer for SuiteCRM Implementation (LDAP still missing) - https://chatgpt.com/share/69274924-9dec-800f-8653-345aa2c25664

roles/web-app-suitecrm/config/main.yml

@@ -1,25 +1,24 @@
 features:
   matomo:             true
-  css:                true
+  css:                false # Temporary deactivated
   desktop:            true
   ldap:               true
   oidc:               false # OIDC isn't available, just SAML for SSO
   central_database:   true
   logout:             true
-  oauth2:             true
+  oauth2:             false # Deactivated for API
 
 server:
   csp:
-    flags: {}
-    whitelist:
-      # Allow data URIs for icons etc.
-      connect-src:
-        - "data:"
+    flags:
+      script-src-attr:
+        unsafe-eval: true
+    whitelist:  
+      manifest-src: "{{ WEB_PROTOCOL }}://auth.{{ PRIMARY_DOMAIN }}"
   domains:
     aliases: []
     canonical:
       - suite.crm.{{ PRIMARY_DOMAIN }}
-
 email:
   from_name: "Customer Relationship Management (SuiteCRM, {{ PRIMARY_DOMAIN }})"
 

roles/web-app-suitecrm/files/docker-entrypoint-suitecrm.sh

@@ -31,6 +31,12 @@ for d in cache public/upload public/legacy/upload public/legacy/cache; do
   fi
 done
 
+TMPDIR="${APP_DIR}/tmp"
+export TMPDIR
+mkdir -p "$TMPDIR"
+chown -R "$WEB_USER:$WEB_GROUP" "$TMPDIR"
+chmod 775 "$TMPDIR"
+
 ############################################
 # 3) Auto-Install SuiteCRM (only if not yet installed)
 ############################################

roles/web-app-suitecrm/files/style.css

@@ -0,0 +1,12 @@
+.admin-card-link-box .admin-card-link .admin-card-link-wrapper {
+    color: var(--color-01-22);
+}
+
+.admin-view {
+    background-color: var(--color-01-77);
+}
+
+div.widget-panel .panel-card .card-header {
+    background-color: var(--color-01-23);
+    color: var(--color-01-92);
+}

roles/web-app-suitecrm/templates/Dockerfile.j2

@@ -13,6 +13,8 @@ RUN apt-get update && apt-get install -y \
       libldap2-dev \
   && docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu \
   && docker-php-ext-install \
+      pdo \
+      pdo_mysql \
       mysqli \
       gd \
       zip \
@@ -23,6 +25,13 @@ RUN apt-get update && apt-get install -y \
       ldap \
   && rm -rf /var/lib/apt/lists/*
 
+RUN { \
+      echo 'file_uploads = On'; \
+      echo 'upload_max_filesize = 32M'; \
+      echo 'post_max_size = 32M'; \
+      echo 'memory_limit = 512M'; \
+   } > /usr/local/etc/php/conf.d/suitecrm-upload.ini
+
 # Install Apache modules
 RUN a2enmod rewrite headers
 
@@ -48,12 +57,31 @@ RUN set -eux; \
 # Install PHP dependencies via Composer (critical!)
 RUN set -eux; \
     composer install \
-      --no-dev \
       --prefer-dist \
       --no-interaction \
       --optimize-autoloader \
       --no-scripts
 
+# Legacy (SugarCRM) dependencies – Tinymce etc.
+WORKDIR /var/www/html/public/legacy
+
+RUN set -eux; \
+    if [ -f composer.json ]; then \
+      composer install --prefer-dist --no-interaction --optimize-autoloader --no-scripts; \
+    fi
+
+WORKDIR /var/www/html
+
+# Install Node + Corepack
+RUN apt-get update && apt-get install -y nodejs npm \
+ && corepack enable && corepack prepare yarn@4.5.1 --activate
+
+WORKDIR /var/www/html
+
+RUN yarn install --immutable \
+ && yarn merge-angular-json \
+ && yarn build
+
 # Copy entrypoint
 COPY {{ SUITECRM_ENTRYPOINT_SCRIPT_HOST_REL }} {{ SUITECRM_ENTRYPOINT_SCRIPT_DOCKER }}
 RUN chmod +x {{ SUITECRM_ENTRYPOINT_SCRIPT_DOCKER }}

roles/web-app-suitecrm/templates/env.j2

@@ -50,11 +50,11 @@ SUITECRM_EMAIL_FROM_NAME={{ applications | get_app_conf(application_id, 'email.f
 AUTH_TYPE=ldap
 LDAP_HOST={{ LDAP.SERVER.DOMAIN }}
 LDAP_PORT={{ LDAP.SERVER.PORT }}
-LDAP_ENCRYPTION={{ LDAP.SERVER.SECURITY | lower if LDAP.SERVER.SECURITY else "none" }}   # none|ssl|tls
+LDAP_ENCRYPTION={{ LDAP.SERVER.SECURITY | lower if LDAP.SERVER.SECURITY else "none" }}
 LDAP_BASE_DN={{ LDAP.DN.OU.USERS }}
 LDAP_BIND_DN={{ LDAP.DN.ADMINISTRATOR.DATA }}
 LDAP_BIND_PASSWORD={{ LDAP.BIND_CREDENTIAL }}
-LDAP_UID_KEY={{ LDAP.USER.ATTRIBUTES.ID }}   # e.g. uid or mail
+LDAP_UID_KEY={{ LDAP.USER.ATTRIBUTES.ID }}
 {% else %}
 AUTH_TYPE=disabled
 {% endif %}
@@ -63,3 +63,5 @@ AUTH_TYPE=disabled
 # Maintenance mode toggle
 # ------------------------------------------------
 SUITECRM_MAINTENANCE={{ SUITECRM_INIT_MAINTENANCE_MODE | lower }}
+
+NODE_OPTIONS=--max-old-space-size={{ SUITECRM_MAX_OLD_SPACE_SIZE }}

roles/web-app-suitecrm/vars/main.yml

@@ -1,36 +1,39 @@
 # General
-application_id:                   "web-app-suitecrm"
-entity_name:                      "{{ application_id | get_entity_name }}"
+application_id:                       "web-app-suitecrm"
+entity_name:                          "{{ application_id | get_entity_name }}"
 
 # Database
-database_type:                    "mariadb"
+database_type:                        "mariadb"
 
 # Webserver
-client_max_body_size:             "100m"
+client_max_body_size:                 "100m"
 
 # Container images
 # Base PHP image used to run SuiteCRM
-SUITECRM_BASE_IMAGE:              "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.image') }}"
-SUITECRM_BASE_VERSION:            "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.version') }}"
+SUITECRM_BASE_IMAGE:                  "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.image') }}"
+SUITECRM_BASE_VERSION:                "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.version') }}"
 # Upstream SuiteCRM application version (Git tag, e.g. 8.6.0)
-SUITECRM_APP_VERSION:             "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.app_version') }}"
+SUITECRM_APP_VERSION:                 "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.app_version') }}"
 
-SUITECRM_CUSTOM_IMAGE:            "custom_suitecrm"
-SUITECRM_CONTAINER:               "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.name') }}"
-SUITECRM_SERVICE:                 "{{ entity_name }}"
+SUITECRM_CUSTOM_IMAGE:                "custom_suitecrm"
+SUITECRM_CONTAINER:                   "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.name') }}"
+SUITECRM_SERVICE:                     "{{ entity_name }}"
 
 # Volumes
-SUITECRM_DATA_VOLUME:             "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
+SUITECRM_DATA_VOLUME:                 "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
 
 # URLs & feature flags
-SUITECRM_URL:                     "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
-SUITECRM_LDAP_ENABLED:            "{{ applications | get_app_conf(application_id, 'features.ldap') }}"
+SUITECRM_URL:                         "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
+SUITECRM_LDAP_ENABLED:                "{{ applications | get_app_conf(application_id, 'features.ldap') }}"
 
 # Simple maintenance toggle (for later extensions)
-SUITECRM_INIT_MAINTENANCE_MODE:   "{{ applications | get_app_conf(application_id, 'maintenance_mode') }}"
+SUITECRM_INIT_MAINTENANCE_MODE:       "{{ applications | get_app_conf(application_id, 'maintenance_mode') }}"
 
 # Entrypoint script (host <-> container mapping)
 SUITECRM_ENTRYPOINT_SCRIPT_FILE:      "docker-entrypoint-suitecrm.sh"
 SUITECRM_ENTRYPOINT_SCRIPT_HOST_ABS:  "{{ [ docker_compose.directories.volumes, SUITECRM_ENTRYPOINT_SCRIPT_FILE ] | path_join }}"
 SUITECRM_ENTRYPOINT_SCRIPT_HOST_REL:  "volumes/{{ SUITECRM_ENTRYPOINT_SCRIPT_FILE }}"
 SUITECRM_ENTRYPOINT_SCRIPT_DOCKER:    "{{ [ '/usr/local/bin/', SUITECRM_ENTRYPOINT_SCRIPT_FILE ] | path_join }}"
+
+# Node
+SUITECRM_MAX_OLD_SPACE_SIZE:          "{{ applications | node_max_old_space_size(application_id, entity_name) }}"