kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-10-31 02:10:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Optimized code and solved bugs

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-05-20 04:19:10 +02:00
parent 2f1d6a5178
commit d5dd568994
21 changed files with 167 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
roles/dns-records-cloudflare/tasks/main.yml
View File

@@ -1,8 +1,3 @@
- name: "Debug: cloudflare_domains"
debug:
var: cloudflare_domains
when: enable_debug
- name: Create or update Cloudflare A-record for {{ item }}
community.general.cloudflare_dns:
api_token: "{{ cloudflare_api_token }}"

2
roles/docker-bigbluebutton/templates/env.j2
View File

@@ -283,7 +283,7 @@ HELP_URL=https://docs.bigbluebutton.org/greenlight/gl-overview.html
# approval - For approve/decline registration
DEFAULT_REGISTRATION=invite
{% if applications[application_id].features.oidc | bool %}
{% if applications | is_feature_enabled('oidc',application_id) %}
### EXTERNAL AUTHENTICATION METHODS
# @See https://docs.bigbluebutton.org/greenlight/v3/external-authentication/
#

2
roles/docker-discourse/templates/discourse_application.yml.j2
View File

@@ -118,7 +118,7 @@ run:
## If you want to set the 'From' email address for your first registration, uncomment and change:
## After getting the first signup email, re-comment the line. It only needs to run once.
#- exec: rails r "SiteSetting.notification_email='info@unconfigured.discourse.org'"
{% if applications[application_id].features.oidc | bool %}
{% if applications | is_feature_enabled('oidc',application_id) %}
# Deactivate Default Login
- exec: rails r "SiteSetting.enable_local_logins = false"
- exec: rails r "SiteSetting.enable_passkeys = false" # https://meta.discourse.org/t/passwordless-login-using-passkeys/285589

2
roles/docker-espocrm/templates/env.j2
View File

@@ -77,7 +77,7 @@ ESPOCRM_CONFIG_LDAP_USER_LOGIN_FILTER=(sAMAccountName=%USERNAME%)
# OpenID Connect settings (optional)
# Applied only if the feature flag is true
# ------------------------------------------------
{% if applications[application_id].features.oidc | bool %}
{% if applications | is_feature_enabled('oidc',application_id) %}
# ------------------------------------------------
# OpenID Connect settings

2
roles/docker-listmonk/vars/main.yml
View File

@@ -17,7 +17,7 @@ listmonk_settings:
"provider_url": oidc.client.issuer_url,
"client_secret": oidc.client.secret
} | to_json }}
when: applications[application_id].features.oidc | bool
when: applications | is_feature_enabled('oidc',application_id)
# hCaptcha toggles and credentials
- key: "security.enable_captcha"

2
roles/docker-mailu/templates/env.j2
View File

@@ -158,7 +158,7 @@ API_TOKEN={{applications.mailu.credentials.api_token}}
AUTH_REQUIRE_TOKENS=True
{% if applications[application_id].features.oidc | bool %}
{% if applications | is_feature_enabled('oidc',application_id) %}
###################################
# OpenID Connect settings
###################################

2
roles/docker-mailu/vars/main.yml
View File

@@ -8,7 +8,7 @@ cert_mount_directory: "{{docker_compose.directories.volumes}}certs/"
# Use dedicated source for oidc if activated
# @see https://github.com/heviat/Mailu-OIDC/tree/2024.06
docker_source: "{{ 'ghcr.io/heviat' if applications[application_id].features.oidc | bool else 'ghcr.io/mailu' }}"
docker_source: "{{ 'ghcr.io/heviat' if applications | is_feature_enabled('oidc',application_id) else 'ghcr.io/mailu' }}"
domain: "{{ domains | get_domain(application_id) }}"
http_port: "{{ ports.localhost.http[application_id] }}"

2
roles/docker-mastodon/templates/env.j2
View File

@@ -52,7 +52,7 @@ SMTP_OPENSSL_VERIFY_MODE=none
SMTP_ENABLE_STARTTLS=auto
SMTP_FROM_ADDRESS=Mastodon <{{ users['no-reply'].email }}>
{% if applications[application_id].features.oidc | bool %}
{% if applications | is_feature_enabled('oidc',application_id) %}
###################################
# OpenID Connect settings
###################################

2
roles/docker-nextcloud/vars/configuration.yml
View File

@@ -20,8 +20,6 @@ oidc:
# @see https://apps.nextcloud.com/apps/sociallogin
flavor: "oidc_login" # Keeping on sociallogin because the other option is not implemented yet
credentials:
# database_password: Null # Needs to be set in inventory file
# administrator_password: None # Keep in mind to change the password fast after creation and activate 2FA
features:
matomo: true
css: true

8
roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
View File

@@ -1,15 +1,15 @@
http_address = "0.0.0.0:4180"
cookie_secret = "{{ applications[oauth2_proxy_application_id].credentials.oauth2_proxy_cookie_secret }}"
email_domains = "{{ primary_domain }}"
cookie_secure = "true" # True is necessary to force the cookie set via https
cookie_secure = "true" # True is necessary to force the cookie set via https
upstreams = "http://{{ applications[oauth2_proxy_application_id].oauth2_proxy.application }}:{{ applications[oauth2_proxy_application_id].oauth2_proxy.port }}"
cookie_domains = ["{{ domains[oauth2_proxy_application_id] }}", "{{ domains | get_domain('keycloak') }}"] # Required so cookie can be read on all subdomains.
whitelist_domains = [".{{ primary_domain }}"] # Required to allow redirection back to original requested target.
cookie_domains = ["{{ domains | get_domain(oauth2_proxy_application_id) }}", "{{ domains | get_domain('keycloak') }}"] # Required so cookie can be read on all subdomains.
whitelist_domains = [".{{ primary_domain }}"] # Required to allow redirection back to original requested target.
# keycloak provider
client_secret = "{{ oidc.client.secret }}"
client_id = "{{ oidc.client.id }}"
redirect_url = "{{ web_protocol }}://{{domains[oauth2_proxy_application_id]}}/oauth2/callback"
redirect_url = "{{ web_protocol }}://{{ domains | get_domain(oauth2_proxy_application_id) }}/oauth2/callback"
oidc_issuer_url = "{{ oidc.client.issuer_url }}"
provider = "oidc"
provider_display_name = "Keycloak"

2
roles/docker-openproject/vars/configuration.yml
View File

@@ -17,6 +17,8 @@ csp:
flags:
script-src:
unsafe-inline: true
style-src:
unsafe-inline: true
domains:
canonical:
- "project.{{ primary_domain }}"

2
roles/docker-pgadmin/vars/main.yml
View File

@@ -1,5 +1,5 @@
application_id: "pgadmin"
database_type: "postgres"
database_host: "{{ 'central-' + database_type if applications | is_feature_enabled('central_database',application_id)"
database_host: "{{ 'central-' + database_type if applications | is_feature_enabled('central_database',application_id) }}"
pgadmin_user: 5050
pgadmin_group: "{{pgadmin_user}}"

2
roles/docker-phpmyadmin/vars/main.yml
View File

@@ -1,3 +1,3 @@
application_id: "phpmyadmin"
database_type: "mariadb"
database_host: "{{ 'central-' + database_type if applications | is_feature_enabled('central_database',application_id)"
database_host: "{{ 'central-' + database_type if applications | is_feature_enabled('central_database',application_id) }}"

2
roles/health-nginx/templates/health-nginx.py.j2
View File

@@ -47,7 +47,7 @@ for filename in os.listdir(config_path):
# Prepare the URL and expected status codes
url = f"{{ web_protocol }}://{domain}"
redirected_domains = [domain['source'] for domain in {{current_play_redirect_domain_mappings}}]
redirected_domains = [domain['source'] for domain in {{ current_play_domain_mappings_redirect}}]
{%- if domains.mailu | safe_var | bool %}
redirected_domains.append("{{domains | get_domain('mailu')}}")
{%- endif %}

2
roles/nginx-serve-html/vars/main.yml
View File

@@ -1,2 +1,2 @@
application_id: "html_server"
application_id: "html-server"
domain: "{{domains | get_domain(application_id)}}"