Finalized Snipe IT role. SAML Support still missing

roles/docker-snipe_it/README.md

@@ -1,6 +1,47 @@
+# CyMaIS Role
 
-## more
+🚀 **CyMaIS** - Centralized Management and Integration System for **[Snipe-IT](https://github.com/snipe/snipe-it)**
-- https://github.com/snipe/snipe-it
+
-- https://snipeitapp.com/
+## About 📖
+This role provides an automated deployment and configuration for **Snipe-IT**, an open-source asset management system. It leverages **Docker Compose**, **Ansible**, and **centralized database integration** to streamline deployment and maintenance.
+
+👤 **Author:** Kevin Veen-Birkenbach  
+🔗 **Website:** [veen.world](https://veen.world)
+
+## Features ✨
+- Automated setup using **Docker Compose** 🐳
+- Centralized **MariaDB** database support 🛢️
+- Secure environment configurations 🔐
+- Configurable **SMTP email settings** 📧
+- **SAML Authentication Support** (Pending Fix) 🔐
+- **Redis Caching** for improved performance ⚡
+
+## Administration 🛠️
+Clear and restart the application:
+```bash
+docker-compose exec application php artisan config:clear
+docker-compose exec application php artisan cache:clear
+docker-compose restart application
+```
+
+## Configuration
+- **Database:** The role supports **MariaDB** as the primary database.
+- **Environment Variables:** Defined in `templates/env.j2`.
+- **Nginx Proxy Support:** Automated through `nginx-docker-proxy-domain.yml`.
+
+## Pending Issue 🚧
+To ensure full **SAML authentication integration**, this issue still needs to be resolved:  
+🔗 [GitHub Issue #16186](https://github.com/snipe/snipe-it/issues/16186)
+
+## Additional Resources 📚
+For more details, visit the official documentation and related links:
+- 🔗 [Snipe-IT Documentation](https://snipe-it.readme.io/docs/ldap-sync-login)
+- 🔗 [SAML Setup](https://snipe-it.readme.io/docs/saml)
+- 🔗 [Mattermost SSO Integration](https://docs.mattermost.com/onboard/sso-saml-keycloak.html)
 - https://snipe-it.readme.io/docs/ldap-sync-login
-- https://snipe-it.readme.io/docs/saml
+- https://github.com/snipe/snipe-it/issues/8584
+- https://chatgpt.com/c/67a34927-a994-800f-a3d5-86a5b0205c8b
+- https://github.com/snipe/snipe-it/issues/14895
+- https://github.com/snipe/snipe-it/issues/16186
+
+🚀 Happy Deploying! 🏗️

roles/docker-snipe_it/templates/env.j2

@@ -5,7 +5,7 @@ APP_ENV=production
 APP_DEBUG={{enable_debug | string | lower }}
 # Please regenerate the APP_KEY value by calling `docker compose run --rm app php artisan key:generate --show`. Copy paste the value here
 APP_KEY={{applications.snipe_it.app_key}}
-APP_URL=http://{{domain}}
+APP_URL=https://{{domain}}
 # https://en.wikipedia.org/wiki/List_of_tz_database_time_zones - TZ identifier
 APP_TIMEZONE='{{timezone}}'
 APP_LOCALE={{locale}}
@@ -87,18 +87,18 @@ EXPIRE_ON_CLOSE=false
 ENCRYPT=false
 COOKIE_NAME=snipeit_session
 COOKIE_DOMAIN=null
-SECURE_COOKIES=false
+SECURE_COOKIES=true
 API_TOKEN_EXPIRATION_YEARS=40
 
 # --------------------------------------------
 # OPTIONAL: SECURITY HEADER SETTINGS
 # --------------------------------------------
-APP_TRUSTED_PROXIES=172.17.0.1  # Docker Gateway
+APP_TRUSTED_PROXIES=**
 ALLOW_IFRAMING=false
 REFERRER_POLICY=same-origin
 ENABLE_CSP=false
 CORS_ALLOWED_ORIGINS=null
-ENABLE_HSTS=false               # Certificates managed by nginx
+ENABLE_HSTS=true               # Certificates managed by nginx
 
 # --------------------------------------------
 # OPTIONAL: CACHE SETTINGS

roles/docker-snipe_it/vars/main.yml

@@ -1,3 +1,4 @@
 application_id:           "snipe_it"
 database_password:        "{{applications.snipe_it.database_password}}"
 database_type:            "mariadb"
+# enable_central_database:  false For debugging reasons here

roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2

@@ -10,7 +10,7 @@ location /
   # headers
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
-  proxy_set_header X-Forwarded-Proto https;
+  proxy_set_header X-Forwarded-Proto $scheme;
   proxy_set_header X-Forwarded-Port 443;
   proxy_set_header Accept-Encoding "";