kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-10-10 18:58:10 +02:00
Code Issues Packages Projects Releases Wiki Activity
2,753 Commits 2 Branches 0 Tags
0602148caa8dcb48be2517c58a35085e61da62f2
Commit Graph

58 Commits

Author SHA1 Message Date
Kevin Veen-Birkenbach
0602148caa bbb: pin mediasoup to IPv4-only and single worker via compose override 
Set MS_WORKERS=1, MS_ENABLE_IPV6=false, and MS_WEBRTC_LISTEN_IPS to announce only EXTERNAL_IPv4 for webrtc-sfu. Helps avoid mediasoup router init issues seen when IPv6 is present.

Context/conversation: https://chatgpt.com/share/68d69a0e-22b0-800f-890b-13721a35f51b
 2025-09-26 15:50:28 +02:00
Kevin Veen-Birkenbach
cbfb991e79 Hardened BBB Version 2025-09-26 15:21:01 +02:00
Kevin Veen-Birkenbach
c7cae93597 Optimized IP6 deactivation 2025-09-26 13:46:55 +02:00
Kevin Veen-Birkenbach
6ea0d09f14 bbb: WIP—stabilize env/compose wiring & prep SFU override 
Context: debugging mediasoup/WebRTC failures caused by empty/interpolated vars (EXTERNAL_IPv4, etc.).
- Normalize config/main.yml (ip6_enabled flag, enable greenlight/coturn) and tidy formatting.
- Extend vars/main.yml with BBB_* switches (IPv6, Greenlight, Coturn), TURN/Coturn cert paths.
- env.j2: wire secrets & toggles, guard IPv6 via BBB_IP6_ENABLED, switch LDAP/OIDC to role flags, add TURN/STUN, and general cleanup.
- tasks/main.yml: use BBB_* fact names, robust path joins, write docker-compose.override.yml, and notify compose on env/override changes.
- tasks/01_docker-compose.yml: reference new BBB_DOCKER_COMPOSE_* facts.
- Add templates/docker-compose.override.yml.j2 (placeholder for SFU overrides to avoid bad defaults during runs).
Rationale: make Compose brings deterministic (no empty ), paving the way to set MS_WEBRTC_LISTEN_IPS in override without risk.

Chat reference: debugging thread with GPT-5 Thinking on 2025-09-26 https://chatgpt.com/share/68d59d98-4388-800f-a627-07b6a603d0b2.
 2025-09-26 12:49:12 +02:00
Kevin Veen-Birkenbach
fa6bb67a66 Removed whitespaces in templates: 2025-09-22 16:28:57 +02:00
Kevin Veen-Birkenbach
6cf6c74802 Inverted docker_compose_skipp_file_creation to don't use double negation 2025-09-22 13:40:28 +02:00
Kevin Veen-Birkenbach
5e616d3962 web: general domain cleanup (canonical/aliases normalization) 
- Normalize domain blocks across apps:
  - Add explicit 'aliases: []' everywhere (no implicit aliases)
  - Standardize canonical subdomains for consistency:
    * Bluesky: web/api under *.bluesky.<PRIMARY_DOMAIN>
    * EspoCRM: espo.crm.<PRIMARY_DOMAIN>
    * Gitea:   tea.git.<PRIMARY_DOMAIN>
    * GitLab:  lab.git.<PRIMARY_DOMAIN>
    * Joomla:  joomla.cms.<PRIMARY_DOMAIN>
    * Magento: magento.shop.<PRIMARY_DOMAIN>
    * OpenProject: open.project.<PRIMARY_DOMAIN>
    * Pretix:  ticket.shop.<PRIMARY_DOMAIN>
    * Taiga:   kanban.project.<PRIMARY_DOMAIN>
  - Remove legacy/duplicate aliases and use empty list instead
  - Fix 'alias' -> 'aliases' where applicable

Context: preparing for AUTO_BUILD_ALIASES=False and deterministic redirect mapping.

Ref: conversation https://chatgpt.com/share/68cd512c-c878-800f-bdf2-81737adf7e0e
 2025-09-19 14:51:56 +02:00
Kevin Veen-Birkenbach
b0f10aa0d0 Removed unnecessary just up 2025-09-12 13:21:29 +02:00
Kevin Veen-Birkenbach
b02d88adc0 Refactored server roles for better readability 2025-09-01 18:08:35 +02:00
Kevin Veen-Birkenbach
6ea8301364 Refactor: migrate cmp/* and srv/* roles into sys-stk/* and sys-svc/* namespaces 
- Removed obsolete 'cmp' category, introduced 'stk' category (fa-bars-staggered icon).
- Renamed roles:
  * cmp-db-docker → sys-stk-back-stateful
  * cmp-docker-oauth2 → sys-stk-back-stateless
  * srv-domain-provision → sys-stk-front
  * cmp-db-docker-proxy → sys-stk-full-stateful
  * cmp-docker-proxy → sys-stk-full-stateless
  * cmp-rdbms → sys-svc-rdbms
- Updated all include_role references, vars, templates and README.md files.
- Adjusted run_once comments and variable paths accordingly.
- Updated all web-app roles to use new sys-stk/* and sys-svc/* roles.

Conversation: https://chatgpt.com/share/68b0ba66-09f8-800f-86fc-76c47009d431
 2025-08-28 22:23:09 +02:00
Kevin Veen-Birkenbach
cb66fb2978 Refactor LDAP variable schema to use top-level constant LDAP and nested ALL-CAPS keys. 
- Converted group_vars/all/13_ldap.yml from lower-case to ALL-CAPS nested keys.
- Updated all roles, tasks, templates, and filter_plugins to reference LDAP.* instead of ldap.*.
- Fixed Keycloak JSON templates to properly quote Jinja variables.
- Adjusted svc-db-openldap filter plugins and unit tests to handle new LDAP structure.
- Updated integration test to only check uniqueness of TOP-LEVEL ALL-CAPS constants, ignoring nested keys.

See: https://chatgpt.com/share/68b01017-efe0-800f-a508-7d7e2f1c8c8d
 2025-08-28 10:15:48 +02:00
Kevin Veen-Birkenbach
6016da6f1f Optimized bbb variables 2025-08-23 19:21:07 +02:00
Kevin Veen-Birkenbach
a4f39ac732 Renamed webserver roles to more speakable names 2025-08-20 08:54:17 +02:00
Kevin Veen-Birkenbach
b6aec5fe33 Optimized features 2025-08-20 05:39:49 +02:00
Kevin Veen-Birkenbach
d3cc187c3b Made System Email Variables UPPER 2025-08-19 09:34:18 +02:00
Kevin Veen-Birkenbach
3a839cfe37 Refactor systemctl services and categories due to alarm bugs 
This commit restructures systemctl service definitions and category mappings.

Motivation: Alarm-related bugs revealed inconsistencies in service and role handling.

Preparation step: lays the groundwork for fixing the alarm issues by aligning categories, roles, and service templates.
 2025-08-18 13:35:43 +02:00
Kevin Veen-Birkenbach
d1cd87c843 Fix RBAC groups handling and refactor Keycloak role 
- Fixed incorrect handling of RBAC group configuration (moved from OIDC claims into dedicated RBAC variable set).
- Unified RBAC group usage across applications (LAM, pgAdmin, phpLDAPadmin, phpMyAdmin, YOURLS).
- Replaced old 'KEYCLOAK_OIDC_RBAC_SCOPE_NAME' with dedicated 'KEYCLOAK_RBAC_GROUP_*' variables.
- Updated OAuth2 Proxy configuration to use 'RBAC.GROUP.CLAIM'.
- Refactored Keycloak role task structure:
  * Renamed and reorganized task files for clarity ('_update.yml', '02_cleanup.yml', etc.).
  * Introduced meta and dependency handling separation.
- Cleaned up Keycloak config defaults and recaptcha placeholders.
 2025-08-17 23:27:01 +02:00
Kevin Veen-Birkenbach
0de26fa6c7 Solved bug existed due to difference between mailu domain and hostname difference. also refactored during this to find the bug 2025-08-16 14:29:07 +02:00
Kevin Veen-Birkenbach
3ac9bd9f90 Optimized variable typos 2025-08-15 18:43:42 +02:00
Kevin Veen-Birkenbach
022800425d THE HUGE REFACTORING CALENDER WEEK 33; Optimized Matrix and during this updated variables, and implemented better reset and cleanup mode handling, also solved some initial setup bugs 2025-08-15 15:15:48 +02:00
Kevin Veen-Birkenbach
0228014d34 Replaced .infinito.service and .infinito.timer by SOFTWARE_NAME suffix, optimized LICENSE link and update OIDC Realm and ID conf 2025-08-14 14:39:18 +02:00
Kevin Veen-Birkenbach
4a65a254ae replaced port-ui-desktop with desktop to make it more speakable 2025-08-14 11:45:08 +02:00
Kevin Veen-Birkenbach
db0e030900 Renamed general and mode constants and implemented a check to verify that constants are just defined ones over the whole repository 2025-08-13 19:11:14 +02:00
Kevin Veen-Birkenbach
80dad1a5ed Removed proxy_extra_configuration fact 2025-08-13 06:32:52 +02:00
Kevin Veen-Birkenbach
03290eafe1 feat(proxy,bigbluebutton): use parameterized HTML location template & add build retry 
- proxy(html.conf.j2):
  * Make proxy_pass more robust (strip '=', '^~' prefixes; ignore @/~ match locations)
  * Switch WS header to $connection_upgrade
  * Unify timeouts (proxy_connect_timeout 5s)
  * Lua optional: include only when proxy_lua_enabled=true; unset Accept-Encoding only then
  * Buffering via flag: proxy_buffering/proxy_request_buffering 'on' with Lua, otherwise 'off'
- proxy(media.conf.j2): minor formatting/spacing fix
- inj-css(head_sub.j2): consistent spacing for global_css_version
- bigbluebutton(tasks/main.yml):
  * Render HTML location block once before include_role (location='^~ /html5client', OAuth2/Lua disabled)
  * Pass rendered snippet via proxy_extra_configuration to the vHost
  * Cleanup afterwards: proxy_extra_configuration = undef()
- docker-compose(handlers):
  * Build with retry: if 'docker compose build' fails -> retry with '--no-cache --pull'
  * Enable BuildKit (DOCKER_BUILDKIT=1, COMPOSE_DOCKER_CLI_BUILD=1)
- vars: trailing newline / minor formatting

Motivation:
- BBB HTML5 client (^~ /html5client) needs a separate location without Lua/buffering.
- More resilient CI/CD builds via automatic no-cache retry.
- Cleaner headers/proxy defaults and fewer side effects.

Files:
- roles/docker-compose/handlers/main.yml
- roles/srv-proxy-7-4-core/templates/location/html.conf.j2
- roles/srv-proxy-7-4-core/templates/location/media.conf.j2
- roles/srv-web-7-7-inj-css/templates/head_sub.j2
- roles/web-app-bigbluebutton/tasks/main.yml
- roles/web-app-bigbluebutton/vars/main.yml
 2025-08-13 06:01:50 +02:00
Kevin Veen-Birkenbach
58c64bd7c6 Placed docker compose flush more specific 2025-08-13 03:53:13 +02:00
Kevin Veen-Birkenbach
13d8663796 Added version and repository to bbb 2025-08-13 00:35:14 +02:00
Kevin Veen-Birkenbach
f31565e4c5 Optimized URLS 2025-08-13 00:33:47 +02:00
Kevin Veen-Birkenbach
38de10ba65 Solved bigbluebutton admin creation bug 2025-08-11 19:24:08 +02:00
Kevin Veen-Birkenbach
e8c19b4b84 Implemented correct path replace not just for context: but also for build: paths 2025-08-11 18:46:02 +02:00
Kevin Veen-Birkenbach
6e04ac58d2 Moved blocks to include_tasks to raise performance. Deploy was really slow 2025-08-11 12:28:31 +02:00
Kevin Veen-Birkenbach
149c563831 Optimized logic for database backups and integrated test to verify that database feature is used correct 2025-08-10 15:06:37 +02:00
Kevin Veen-Birkenbach
dba12b89d8 Normalized cmp-docker-proxy include 2025-08-08 12:02:14 +02:00
Kevin Veen-Birkenbach
90ad688ca9 Solved bbb backup bug 2025-08-07 14:57:02 +02:00
Kevin Veen-Birkenbach
7f53cc3a12 Replaced web_protocol by WEB_PROTOCOL 2025-08-07 12:31:20 +02:00
Kevin Veen-Birkenbach
9228d51e86 Restructured server config 2025-08-07 11:31:06 +02:00
Kevin Veen-Birkenbach
7a09f223af Implemented the correct setup of the bbb administrator 2025-08-06 15:51:08 +02:00
Kevin Veen-Birkenbach
44e0fea0b2 Renamed cymais to infinito and did some other optimations and logout implementations 2025-07-29 16:35:42 +02:00
Kevin Veen-Birkenbach
f62355e490 Replaced nginx native with openresty for logout injection. Right now still buggy on nextcloud and espocrm 2025-07-24 03:19:16 +02:00
Kevin Veen-Birkenbach
4b9e7dd3b7 Implemented universal logout 2025-07-22 13:14:06 +02:00
Kevin Veen-Birkenbach
b25f7f52b3 Left hint 2025-07-22 08:34:26 +02:00
Kevin Veen-Birkenbach
b1bf7aaba5 Fixed BBB stuff 2025-07-21 15:10:05 +02:00
Kevin Veen-Birkenbach
5343536d27 Optimized snipe-it und bbb 2025-07-21 01:40:42 +02:00
Kevin Veen-Birkenbach
ed866bf177 Finished bbb implementation 2025-07-20 20:07:43 +02:00
Kevin Veen-Birkenbach
6a1a83432f Different optimations and mig integration. test will fail due to strickter validation checks. need to be cleaned up tomorrow 2025-07-18 20:08:20 +02:00
Kevin Veen-Birkenbach
9a8ef5e047 Implemented new appid for bbb 2025-07-17 16:04:05 +02:00
Kevin Veen-Birkenbach
f02ca50f88 Renamed backup roles 2025-07-14 19:04:30 +02:00
Kevin Veen-Birkenbach
ad60f5fb37 Rmeoved is_feature_enabled function 2025-07-13 17:54:09 +02:00
Kevin Veen-Birkenbach
756597668c Semi bsr for applications[] to prevent heavy to debug bugs in j2 - part 1 2025-07-13 15:11:38 +02:00
Kevin Veen-Birkenbach
78031855b9 Replaced portfolio_iframe by port-ui-desktop 2025-07-13 14:22:36 +02:00