Solved portfolio bug, entered keycloak entries for portfolio, added hints to phpmyadmin and updated mailu documentary

2025-03-29 04:23:34 +01:00 · 2025-03-21 20:19:12 +01:00 · 2025-03-21 20:19:12 +01:00 · bb48e8ae36
commit bb48e8ae36
parent 12ad339221
7 changed files with 147 additions and 21 deletions
--- a/group_vars/all/00_general.yml
+++ b/group_vars/all/00_general.yml
@ -68,6 +68,4 @@ matomo_tracking_enabled_default:           true  # Enables\Disables Matomo track
 css_enabled_default:                       true  # Enables\Disables Global CSS on all html pages by default.
 ## iframe for primary domain
-# Enables\Disables the possibility to be embedded via iframe by default. 
+landingpage_iframe_enabled_default:        true  # Enables\Disables the possibility to be embedded via iframe by default. 
 # Enable conciously on every app in which it makes sense, due to that this a potential security risk
 landingpage_iframe_enabled_default:        false
--- a/group_vars/all/07_applications.yml
+++ b/group_vars/all/07_applications.yml
@ -32,8 +32,8 @@ defaults_applications:
  ## Assets Server
  assets_server:
-    source_directory:             "{{ playbook_dir }}/assets"                   # Directory from which the assets will be copied
+    source_directory:             "{{ playbook_dir }}/assets"               # Directory from which the assets will be copied
-    url:                          "https://{{domains.file_server}}/assets}}"    # Public address of the assets directory
+    url:                          "https://{{domains.file_server}}/assets"  # Public address of the assets directory
  ## Attendize 
  attendize:
@ -600,17 +600,17 @@ defaults_applications:
  ## PHPMyAdmin
  phpmyadmin:
-    version:              "latest"
+    version:                      "latest"
-    autologin:            false                                             # This is a high security risk. Just activate this option if you know what you're doing
+    autologin:                    false                                     # This is a high security risk. Just activate this option if you know what you're doing
    oauth2_proxy:  
-      enabled:            true
+      enabled:                    true
-      port:               "80"
+      port:                       "80"
-      application:        "application"
+      application:                "application"
-#     cookie_secret:      None                                              # Set via openssl rand -hex 16
+#     cookie_secret:              None                                      # Set via openssl rand -hex 16
    database:
-      central_storage:    True                                              # Activate Central Database Storage
+      central_storage:            True                                      # Activate Central Database Storage
    css:
-      enabled:            False                                             # The css needs more optimation for PHPMyAdmin
+      enabled:                    False                                     # The css needs more optimation for PHPMyAdmin
    matomo_tracking_enabled:      "{{matomo_tracking_enabled_default}}"     # Enables\Disables Matomo Tracking
    css_enabled:                  "{{css_enabled_default}}"                 # Enables\Disables Global CSS Style
    landingpage_iframe_enabled:   "{{landingpage_iframe_enabled_default}}"  # Enables\Disables the possibility to embed this on landing page via iframe
@ -639,7 +639,7 @@ defaults_applications:
  # Snipe-IT
  snipe_it:
-    version:           "latest"
+    version:                      "latest"
    database:
      central_storage:  True                                                # Activate Central Database Storage
    matomo_tracking_enabled:      "{{matomo_tracking_enabled_default}}"     # Enables\Disables Matomo Tracking
--- a/roles/docker-mailu/Administration.md
+++ b/roles/docker-mailu/Administration.md
@ -32,13 +32,6 @@ To resend queued mails, use this command:
 docker-compose exec -it smtp postqueue -f
 ```
 # Testing 🧪
 Use the following tools for testing:
 - [SSL-Tools Mailserver Test](https://de.ssl-tools.net/mailservers/)
 - [TestEmail.de](http://testemail.de/)
 # Updates 🔄
 For instructions on updating your Mailu setup, follow the official [Mailu maintenance guide](https://mailu.io/master/maintain.html).
--- a/roles/docker-mailu/Testing.md
+++ b/roles/docker-mailu/Testing.md
@ -0,0 +1,6 @@
 # Test Server Instance
 Use the following tools to test your server instance:
 - [SSL-Tools Mailserver Test](https://de.ssl-tools.net/mailservers/)
 - [TestEmail.de](http://testemail.de/)
--- a/roles/docker-mailu/User_Administration.md
+++ b/roles/docker-mailu/User_Administration.md
@ -0,0 +1,108 @@
 # User Administration
 ## Promoting an OIDC User to Admin 🧑‍💼
 If your administrator logs in via OpenID Connect (OIDC) and you don't want to create a separate local user, you can promote the existing OIDC-authenticated user to a global admin directly in the Mailu database using the CLI.
 Follow these steps:
 1. Enter the Mailu `admin` container shell:
   ```bash
   docker exec -it mailu-admin-1 flask shell
   ```
 2. Inside the interactive shell, run the following commands:
   ```python
   from mailu import models, db
   user = models.User.query.filter_by(email='admin@example.com').first()
   user.global_admin = True
   db.session.commit()
   ```
   Replace `admin@example.com` with the OIDC email address used to log in.
 3. Exit the shell:
   ```python
   exit()
   ```
 Your OIDC-authenticated user is now a full **global admin** and has access to all administrative functions in the Mailu interface.
 > 💡 Tip: This method is useful when you're using federated login and want to avoid managing separate local admin credentials.
 Klar! Hier ist die Anleitung zur Änderung der primären Domain eines Mailu-Benutzers, speziell für **MariaDB** als Datenbank-Backend, auf **Englisch** und im gleichen Stil wie deine Doku:
 ---
 ## Changing the Primary Domain of a Mailu Account (MariaDB) 🌐
 Mailu links user accounts to specific domains, so changing a user's primary domain cannot be done via the admin interface. You need to update it manually via the database.
 > ⚠️ **Warning:** Always back up your database before performing manual operations.
 ### Steps for MariaDB:
 1. Connect to the Mailu MariaDB container:
   ```bash
   docker compose exec -it database mariadb -u mailu -p
   ```
   Enter the password when prompted (you can find it in your `docker-compose.yml` or `.env` file).
 2. Select the Mailu database (usually named `mailu`):
   ```sql
   USE mailu;
   ```
 3. Update the user's domain and email:
   ```sql
   UPDATE user SET email='newname@newdomain.com', domain_name='newdomain.com' WHERE email='oldname@olddomain.com';
   ```
   If needed, also update the local part (username):
   ```sql
   UPDATE user SET localpart='newname' WHERE email='newname@newdomain.com';
   ```
 4. If the new domain does not exist yet, insert it into the `domain` table:
   ```sql
   INSERT INTO domain (name, max_users, max_aliases, max_quota_bytes, comment, enabled)
   VALUES ('newdomain.com', 100, 100, 10737418240, 'New domain', true);
   ```
 5. If the user had aliases, update the `alias` table accordingly.
 ---
 ### Alternative: Recreate the User
 If you prefer not to modify the database manually:
 - Delete the old user via the admin UI
 - Create a new user under the desired domain
 - Migrate emails using IMAP tools (e.g. `imapsync`)
 ---
 ### Update DNS and Mailu Configuration
 Ensure that the new domain is correctly set up:
 - Add it to `HOSTNAMES` in your `docker-compose.yml`
 - Set up proper DNS records (MX, SPF, DKIM, DMARC)
 - If using Let's Encrypt (`TLS_FLAVOR=cert`), make sure the domain is included in `LETSENCRYPT_HOSTS`
 > 💡 **Tip:** Mailu must be aware of the domain both in its configuration and the database for mail routing and certificate issuance to work correctly.
 ---
 Wenn du willst, kann ich dir das gleich in eine fertige Markdown-Datei oder ein Doku-Format einfügen.
--- a/roles/docker-phpmyadmin/templates/env.j2
+++ b/roles/docker-phpmyadmin/templates/env.j2
@ -1,3 +1,5 @@
 # Configuration @see https://hub.docker.com/_/phpmyadmin
 PMA_HOST= central-mariadb
 {% if applications.phpmyadmin.autologin | bool %}
 PMA_USER= root
--- a/roles/docker-portfolio/templates/config.yaml.j2
+++ b/roles/docker-portfolio/templates/config.yaml.j2
@ -682,6 +682,25 @@ navigation:
            class: fas fa-user-shield
          url: https://{{domains.keycloak}}/admin
          iframe: {{ applications | get_landingpage_iframe_enabled('keycloak') }}
          children:
          - name: Keycloak Master Admin
            description: Access the central admin console
            icon:
              class: fa-solid fa-shield-halved
            url: https://{{ domains.keycloak }}/admin/master/console/
            iframe: {{ applications | get_landingpage_iframe_enabled('keycloak') }}
          - name: Manage Your Profile
            description: Update your personal admin settings
            icon:
              class: fa-solid fa-user-gear
            url: https://{{ domains.keycloak }}/realms/{{oidc.client.id}}/account
            iframe: {{ applications | get_landingpage_iframe_enabled('keycloak') }}
          - name: Log Out of Keycloak
            description: End your admin session securely
            icon:
              class: fa-solid fa-right-from-bracket
            url: https://{{ domains.keycloak }}/realms/{{oidc.client.id}}/protocol/openid-connect/logout
            iframe: false
    {% endif %}
    {% if "ldap" in group_names %}