Refactor and cleanup OIDC, desktop, and web-app roles

- Improved OIDC variable definitions (12_oidc.yml) - Added account/security/profile URLs - Restructured web-app-desktop tasks and JS handling - Introduced oidc.js and iframe.js with runtime loader - Fixed nginx.conf, LDAP, and healthcheck templates spacing - Improved Lua injection for CSP and snippets - Fixed typos (WordPress, receive, etc.) - Added silent-check-sso nginx location Conversation: https://chatgpt.com/share/68ae0060-4fac-800f-9f02-22592a4087d3
2025-08-31 15:48:57 +02:00 · 2025-08-26 20:44:05 +02:00
parent ce033c370a
commit c182ecf516
33 changed files with 543 additions and 146 deletions
--- a/roles/web-app-desktop/config/main.yml
+++ b/roles/web-app-desktop/config/main.yml
@@ -2,9 +2,10 @@ features:
  matomo:       true
  css:          true
  desktop:      false
-  simpleicons:  true  # Activate Brand Icons for your groups
-  javascript:   true  # Necessary for URL sync
-  logout:       false # Doesn't have own user data. Just a frame.
+  oidc:         true      # Needs to be activated so that the login url is working
+  simpleicons:  true      # Activate Brand Icons for your groups
+  javascript:   true      # Necessary for URL sync
+  logout:       true
 server:
  csp:
    whitelist:
@@ -19,6 +20,7 @@ server:
        - https://cdn.jsdelivr.net
      connect-src:
        - https://ka-f.fontawesome.com
+        - "{{ WEB_PROTOCOL }}://auth.{{ PRIMARY_DOMAIN }}" 
      frame-src:
        - "{{ WEB_PROTOCOL }}://*.{{ PRIMARY_DOMAIN }}"
    flags:
@@ -31,4 +33,8 @@ server:
  domains:
    canonical:
      - "{{ PRIMARY_DOMAIN }}"
-
+docker: 
+  services:
+    desktop:
+      name:   "desktop"
+      image:  "application-portfolio"