- Use dockerized mc with MC_HOST_minio (stateless), no temp files/dirs
- Create only RAW policy name with slash to match Keycloak claim
- Split policy: s3:* on S3 ARNs; admin:* on Resource "*"
- Add mc vars (image, MC_HOST components) to vars/main.yml
- Remove unused Ollama dependency block from tasks
Refs: ChatGPT conversation → https://chatgpt.com/share/68d1eab9-a35c-800f-aa81-76fb2101bd93
- Added OIDC and LDAP feature flags in config
- Introduced API/Console URL vars for proxy alignment
- Implemented automatic MinIO policy creation for OIDC admin group
- Replaced static env.J2 with dynamic env.j2 (OIDC-aware)
- Added policy.json.j2 template with full admin rights
- Cleaned up tasks to use stdin instead of file for mc policy apply
Ref: https://chatgpt.com/share/68d1d3ef-ca84-800f-abe2-11ab70e20c4e
Introduce ADMIN_EMAIL and SHOW_ADMIN_DETAILS options to bootstrap the first
administrator account on fresh installations. This ensures at least one admin
exists without manual database intervention.
Conversation: https://chatgpt.com/share/68d18e02-d6b8-800f-aaab-920c61b9284a
Activate ENABLE_OAUTH_ROLE_MANAGEMENT and configure OAUTH_ROLES_CLAIM from
RBAC.GROUP.CLAIM. Define OAUTH_ADMIN_ROLES dynamically based on RBAC group
and application administrator naming convention.
Conversation: https://chatgpt.com/share/68d18e02-d6b8-800f-aaab-920c61b9284a
• Add svc-ai category under roles and load it in constructor stage
• Create new 'svc-ai-ollama' role (vars, tasks, compose, meta, README) and dedicated network
• Refactor former AI stack into separate app roles: web-app-flowise and web-app-openwebui
• Add web-app-minio role; adjust config (no central DB), meta (fa-database, run_after), compose networks include, volume key
• Provide user-focused READMEs for Flowise, OpenWebUI, MinIO, Ollama
• Networks: add subnets for web-app-openwebui, web-app-flowise, web-app-minio; rename web-app-ai → svc-ai-ollama
• Ports: rename ai_* keys to web-app-openwebui / web-app-flowise; keep minio_api/minio_console
• Add group_vars/all/17_ai.yml (OLLAMA_BASE_LOCAL_URL, OLLAMA_LOCAL_ENABLED)
• Replace hardcoded include paths with path_join in multiple roles (svc-db-postgres, sys-service, sys-stk-front-proxy, sys-stk-full-stateful, sys-svc-webserver, web-svc-cdn, web-app-keycloak)
• Remove obsolete web-app-ai templates/vars/env; split Flowise into its own role
• Minor config cleanups (CSP flags to {}, central_database=false)
https://chatgpt.com/share/68d15cb8-cf18-800f-b853-78962f751f81
Details:
- NEXTCLOUD_DOCKER_CONF_DIRECTORY, NEXTCLOUD_DOCKER_CONFIG_FILE, NEXTCLOUD_DOCKER_CONF_ADD_PATH
now built with path_join instead of string concat
- NEXTCLOUD_DOCKER_EXEC_OCC now uses path_join for occ command
- makes path handling more robust and consistent
See: https://chatgpt.com/share/68d14d85-3d80-800f-9d1d-fcf6bb8ce449
- Un-commented `view.bluesky.{{ PRIMARY_DOMAIN }}` in config to allow
explicit AppView domain definition.
- Reworked `03_dns.yml` to build `cloudflare_records` list programmatically,
including conditional addition of AppView records only if the domain is
not `api.bsky.app`.
- Improved AAAA handling with `| default('')` and proper ternary
expressions for `present/absent`.
- Updated `vars/main.yml` to remove default port fallback for
`BLUESKY_VIEW_PORT`.
Refs: https://chatgpt.com/share/68cdde1d-1bd4-800f-a4bb-319372752fcd
