Refactor and cleanup OIDC, desktop, and web-app roles

- Improved OIDC variable definitions (12_oidc.yml) - Added account/security/profile URLs - Restructured web-app-desktop tasks and JS handling - Introduced oidc.js and iframe.js with runtime loader - Fixed nginx.conf, LDAP, and healthcheck templates spacing - Improved Lua injection for CSP and snippets - Fixed typos (WordPress, receive, etc.) - Added silent-check-sso nginx location Conversation: https://chatgpt.com/share/68ae0060-4fac-800f-9f02-22592a4087d3
2025-08-30 15:28:12 +02:00 · 2025-08-26 20:44:05 +02:00
parent ce033c370a
commit c182ecf516
33 changed files with 543 additions and 146 deletions
--- a/roles/web-app-desktop/tasks/01_core.yml
+++ b/roles/web-app-desktop/tasks/01_core.yml
@@ -2,13 +2,16 @@
  include_tasks: "02_validate.yml"
  when: MODE_ASSERT | bool

+- name: "Include JS routines"
+  include_tasks: "03_javascript.yml"
+
 - name: "load docker, proxy for '{{ application_id }}'"
  include_role:
    name: cmp-docker-proxy

- name: "Check if host-specific config.yaml exists in {{ config_inventory_path }}"
+- name: "Check if host-specific config.yaml exists in {{ DESKTOP_INVENTORY_CONFIG_PATH }}"
  stat:
-    path: "{{ config_inventory_path }}"
+    path: "{{ DESKTOP_INVENTORY_CONFIG_PATH }}"
  delegate_to: localhost
  become: false
  register: config_file
@@ -42,20 +45,20 @@

 - name: Copy host-specific config.yaml if it exists
  template:
-    src: "{{ config_inventory_path }}"
-    dest: "{{docker_repository_path}}/app/config.yaml"
+    src: "{{ DESKTOP_INVENTORY_CONFIG_PATH }}"
+    dest: "{{ docker_repository_path }}/app/config.yaml"
  notify: docker compose up
  when: config_file.stat.exists

 - name: Copy default config.yaml from the role template if host-specific file does not exist
  template:
    src: "config.yaml.j2"
-    dest: "{{docker_repository_path}}/app/config.yaml"
+    dest: "{{ docker_repository_path }}/app/config.yaml"
  notify: docker compose up
  when: not config_file.stat.exists

 - name: add docker-compose.yml
  template:
    src:  docker-compose.yml.j2 
-    dest: "{docker_compose.directories.instance}}docker-compose.yml"
-  notify: docker compose up
+    dest: "{{ docker_compose.directories.instance }}docker-compose.yml"
+  notify: docker compose up
--- a/roles/web-app-desktop/tasks/03_javascript.yml
+++ b/roles/web-app-desktop/tasks/03_javascript.yml
@@ -0,0 +1,19 @@
+- name: "load required 'web-svc-cdn' for {{ application_id }}"
+  include_role:
+    name: web-svc-cdn
+    public: false
+  when: run_once_web_svc_cdn is not defined
+
+- name: Ensure {{ DESKTOP_JS_SERVER_DIR }} exists
+  file:
+    path: "{{ DESKTOP_JS_SERVER_DIR }}"
+    state: directory
+    owner: "{{ NGINX.USER }}"
+    group: "{{ NGINX.USER }}"
+    mode: '0755'
+
+- name: "Include file specific JS Routines"
+  include_tasks: "_javascript_file.yml"
+  loop: "{{ DESKTOP_JS_FILES }}"
+  loop_control:
+    loop_var: js_file_name
--- a/roles/web-app-desktop/tasks/_javascript_file.yml
+++ b/roles/web-app-desktop/tasks/_javascript_file.yml
@@ -0,0 +1,17 @@
+- name: Deploy {{ js_file_name }}
+  template:
+    src: "javascript/{{ js_file_name }}.j2"
+    dest: "{{ DESKTOP_JS_SERVER_DIR }}/{{ js_file_name }}"
+    owner: "{{ NGINX.USER }}"
+    group: "{{ NGINX.USER }}"
+    mode: '0644'
+
+- name: Get stat for {{ js_file_name }}
+  stat:
+    path: "{{ DESKTOP_JS_SERVER_DIR }}/{{ js_file_name }}"
+  register: javascript_file_stat
+
+- name: Update javascript_file_version with highest mtime
+  set_fact:
+    javascript_file_version: >-
+      {{ [ (javascript_file_version | default(0) | int), (javascript_file_stat.stat.mtime | int) ] | max }}