Commit Graph

2257 Commits

Author SHA1 Message Date
e6803e5614 refactor(ansible): normalize include_role syntax and unify host config paths via path_join
- Remove stray spaces after include_role: across many roles to ensure clean YAML and
  consistent linting/formatting.
- Listmonk:
  - Introduce LISTMONK_CONFIG_HOST = [ docker_compose.directories.config, 'config.toml' ] | path_join
  - Use that var in the template task (dest) and the docker-compose volume mount
- Matrix:
  - Build MATRIX_SYNAPSE_CONFIG_PATH_HOST, MATRIX_SYNAPSE_LOG_PATH_HOST, and
    MATRIX_ELEMENT_CONFIG_PATH_HOST via path_join
- Mobilizon:
  - Build mobilizon_host_conf_exs_file via path_join
  - Keep get_app_conf strictness unchanged (defaults to True in our filter), so behavior
    remains strict even though the explicit third arg was dropped
- Simpleicons:
  - Build server.js and package.json host paths via path_join
- Numerous web-app roles (Confluence, Discourse, EspoCRM, Friendica, Funkwhale, Gitea,
  GitLab, Jenkins, Joomla, Listmonk, Mailu, Mastodon, Matomo, Matrix, MediaWiki,
  Mobilizon, Moodle, Nextcloud, OpenProject, Peertube, Pixelfed, Pretix, Roulette Wheel,
  Snipe-IT, Syncope, Taiga, WordPress, XWiki, Yourls) and web-svc roles (coturn,
  libretranslate, simpleicons) updated for consistent include_role formatting

Why:
- path_join avoids double slashes and missing separators across different config roots
- Consistent include_role: formatting improves readability and prevents linter noise

Ref:
- Conversation: https://chatgpt.com/share/68d14711-727c-800f-b454-7dc4c3c1f4cb
2025-09-22 14:55:25 +02:00
6cf6c74802 Inverted docker_compose_skipp_file_creation to don't use double negation 2025-09-22 13:40:28 +02:00
734b8764f2 Optimized web-app-ai draft 2025-09-22 13:35:13 +02:00
3edb66f444 Merge branch 'master' of github.com:kevinveenbirkenbach/infinito-nexus 2025-09-22 11:17:40 +02:00
181b2d0542 Little optimations 2025-09-22 11:17:31 +02:00
78ebf4d075 Added draft base for AI assistant 2025-09-22 11:14:50 +02:00
d523629cdd Refactor docker-compose templates: replace {% include 'build.yml.j2' %} with lookup() + indent for proper YAML embedding. Also adjusted build.yml.j2 to remove leading spaces. See: https://chatgpt.com/share/68ce584a-a430-800f-8e2a-0f96884cc8d1 2025-09-20 09:31:49 +02:00
08ac8b6a9d Explicit activated async for creating of parent DNS entries 2025-09-20 09:30:16 +02:00
974a83fe6e web-app-bluesky: enable custom AppView domain and refactor DNS records
- Un-commented `view.bluesky.{{ PRIMARY_DOMAIN }}` in config to allow
  explicit AppView domain definition.
- Reworked `03_dns.yml` to build `cloudflare_records` list programmatically,
  including conditional addition of AppView records only if the domain is
  not `api.bsky.app`.
- Improved AAAA handling with `| default('')` and proper ternary
  expressions for `present/absent`.
- Updated `vars/main.yml` to remove default port fallback for
  `BLUESKY_VIEW_PORT`.

Refs: https://chatgpt.com/share/68cdde1d-1bd4-800f-a4bb-319372752fcd
2025-09-20 00:50:31 +02:00
1c7152ceb2 Solved build bug 2025-09-19 20:51:06 +02:00
2a98b265bc Reduced port exposal to local for better encapsulation 2025-09-19 19:43:16 +02:00
14d1362dc8 Removed alias from bookwyrm 2025-09-19 19:14:55 +02:00
a4a8061998 Refactor: unify Docker build config via build.yml.j2 include
Replaced duplicated inline build definitions in multiple docker-compose.yml.j2
templates with a shared include (roles/docker-container/templates/build.yml.j2).
This ensures consistent use of pull_policy: never and Dockerfile context across
services (Postgres, Bookwyrm, Bridgy Fed, Chess, Confluence, Jira, Moodle,
OpenProject, Pretix, Roulette Wheel, WordPress, XWiki, Simpleicons).

Conversation: https://chatgpt.com/share/68cd8f35-b764-800f-9b00-2c837103d2fb
2025-09-19 19:13:44 +02:00
96ded68ef4 Refactor DNS handling and add solo record support
- Added 'solo' flag support for A/AAAA, CNAME/MX/TXT, and SRV records in sys-dns-cloudflare-records.
- Simplified sys-svc-dns: removed NS management tasks and CLOUDFLARE_NAMESERVERS default.
- Renamed 03_apex.yml back to 02_apex.yml, adjusted AAAA task name.
- Updated web-app-bluesky DNS tasks: marked critical records with 'solo'.
- Updated web-app-mailu DNS tasks: removed cleanup block, enforced 'solo' on all records.
- Adjusted constructor stage to call domain_mappings with AUTO_BUILD_ALIASES parameter.

Conversation: https://chatgpt.com/share/68cd20d8-9ba8-800f-b070-f7294f072c40
2025-09-19 15:29:11 +02:00
2d8967d559 added www. alias for desktop as default 2025-09-19 14:55:40 +02:00
5e616d3962 web: general domain cleanup (canonical/aliases normalization)
- Normalize domain blocks across apps:
  - Add explicit 'aliases: []' everywhere (no implicit aliases)
  - Standardize canonical subdomains for consistency:
    * Bluesky: web/api under *.bluesky.<PRIMARY_DOMAIN>
    * EspoCRM: espo.crm.<PRIMARY_DOMAIN>
    * Gitea:   tea.git.<PRIMARY_DOMAIN>
    * GitLab:  lab.git.<PRIMARY_DOMAIN>
    * Joomla:  joomla.cms.<PRIMARY_DOMAIN>
    * Magento: magento.shop.<PRIMARY_DOMAIN>
    * OpenProject: open.project.<PRIMARY_DOMAIN>
    * Pretix:  ticket.shop.<PRIMARY_DOMAIN>
    * Taiga:   kanban.project.<PRIMARY_DOMAIN>
  - Remove legacy/duplicate aliases and use empty list instead
  - Fix 'alias' -> 'aliases' where applicable

Context: preparing for AUTO_BUILD_ALIASES=False and deterministic redirect mapping.

Ref: conversation https://chatgpt.com/share/68cd512c-c878-800f-bdf2-81737adf7e0e
2025-09-19 14:51:56 +02:00
c6677ca61b tests: ignore Jinja variables inside raw blocks in variable definitions check
- Added regex masking to skip {{ var }} usages inside {% raw %}…{% endraw %} blocks.
- Simplified code by removing redundant comments.
- Cleaned up task file for XWiki role by removing outdated note.

Ref: https://chatgpt.com/share/68cd2558-e92c-800f-a80a-a79d3c81476e
2025-09-19 11:42:01 +02:00
83ce88a048 Solved all open test issues 2025-09-19 11:32:58 +02:00
7d150fa021 DNS & certs refactor:
- Switch certbot flag from MODE_TEST → MODE_DUMMY in dedicated certs
- Add sys-svc-dns defaults for CLOUDFLARE_NAMESERVERS
- Introduce 02_nameservers.yml for NS cleanup + enforce, adjust task ordering (apex now 03_apex.yml)
- Enforce quoting for Bluesky and Mailu TXT records
- Add cleanup of MX/TXT/DMARC/DKIM in Mailu role
- Normalize no_log handling in Nextcloud plugin
- Simplify async conditionals in Collabora role
Conversation: https://chatgpt.com/share/68cd20d8-9ba8-800f-b070-f7294f072c40
2025-09-19 11:22:51 +02:00
2806aab89e Removed deathlock between sys-ctl-bkp-docker-2-loc and sys-ctl-cln-faild-bkps - Timer handles now cleanup exclusively 2025-09-19 11:21:18 +02:00
61772d5916 Solved testing mode bug 2025-09-19 11:18:29 +02:00
a10ba78a5a Bluesky: update Ansible patches to use new geolocation module path
Replaced hardcoded path to src/state/geolocation.tsx with variable BLUESKY_GEOLOCATION_PATH pointing to src/state/geolocation/index.tsx.
This ensures BAPP_CONFIG_URL and IPCC_URL replacements work with the updated Bluesky code structure.

Ref: https://chatgpt.com/share/68cb16d5-d698-800f-97e5-cc7d9016f27c
2025-09-17 22:15:30 +02:00
6854acf204 Used database type instead of database host for postgres 2025-09-17 20:53:48 +02:00
54d4eeb1ab Fix network alias assignment for DB services
Ensure that the database host alias is only attached to the database
containers themselves, not to dependent application containers. This
avoids DNS collisions where multiple containers expose the same alias
(e.g. 'postgres') on the same network, which led to connection refused
errors in XWiki.

See conversation: https://chatgpt.com/share/68cae4e5-94e4-800f-b291-d2acdb36af21
2025-09-17 18:42:36 +02:00
52fb7accac Disabled unnecessary variables temporary to make debugging easier and solved oidc bugs 2025-09-17 17:45:46 +02:00
d4c62dbf72 docker-container: ensure explicit network alias for DB services
Added explicit aliases in the networks configuration for database containers
(Postgres/MariaDB). This guarantees that the configured 'database_host' is always
resolvable across external networks, fixing intermittent 'UnknownHostException'
issues when restarting dependent services (e.g., Confluence).

Ref: https://chatgpt.com/share/68cabfac-8618-800f-bcf4-609fdff432ed
2025-09-17 16:26:02 +02:00
9ef4f91ec4 Added debug properties for xwiki but they don't seem to have any relevant effect 2025-09-17 15:07:45 +02:00
5bc635109a mediawiki: normalize LocalSettings.php base settings (clean+append once); fail if missing
oidc.php: autologin/localLogin templated via vars; optionally disable wgPasswordAttemptThrottle when 'web-svc-logout' present

vars: set defaults (AUTOLOGIN=true, LOCALLOGIN=false); use path_join/url_join for clean paths/URLs

Context: https://chatgpt.com/share/68caaf41-d098-800f-beb0-a473ff08c9c5
2025-09-17 14:53:53 +02:00
efb5488cfc Optimized variables 2025-09-17 13:16:57 +02:00
1dceabfd46 Added proxy conf variables for xwiki 2025-09-17 07:19:29 +02:00
c64ac0b4dc web-app-xwiki: verify extensions via Groovy page + new filter
- Added new filter 'xwiki_extension_status' (strips HTML, handles &nbsp;) -> returns 200/404
- Introduced checker tasks (_check_extension_via_groovy.yml) instead of REST probe
- Added early assert: superadmin login before extension installation
- Collect and assert probe results in 04_extensions.yml
- Set OIDC extension version to 'latest' (empty string)

https://chatgpt.com/share/68ca36cb-ac38-800f-8281-8dea480b6676
2025-09-17 06:20:28 +02:00
e94aac1d78 Removed non existing plugin 2025-09-17 05:18:03 +02:00
c274c1a5d4 refactor(xwiki): move extension installer logic into static Groovy file and switch to plugins dict
- Added 'plugins' section in config/main.yml to declare enabled extensions in a structured way
- Introduced new static file 'files/extension_installer_b64.groovy' that decodes Base64 JSON of requested plugins
- Simplified 04_extensions.yml: now builds installer code from static file and removed hardcoded OIDC/LDAP checks
- Dropped redundant XWIKI_EXT_* variables in vars/main.yml
- Added XWIKI_PLUGINS fact to collect enabled plugin items from config/main.yml

This refactor makes extension installation more generic, easier to unit test, and extendable beyond OIDC/LDAP.

See: https://chatgpt.com/share/68ca25e3-cbc4-800f-a45e-2b152369811a
2025-09-17 05:08:02 +02:00
62493ac5a9 XWiki: increase installer execution timeout and add retries
The task 'XWIKI | Execute installer page' now uses:
- timeout: 300 (allow up to 5 min per request)
- retries: 20
- delay: 15
- until: condition

This prevents early failures during the first Distribution Wizard bootstrap when hundreds of extensions are still being installed.

Context: https://chatgpt.com/share/68ca0f18-2124-800f-a70d-df1811966107
2025-09-17 03:30:40 +02:00
cc2b9d476f Added blob csp rule for xwiki 2025-09-17 02:47:01 +02:00
d9c527e2e2 Changed handler order 2025-09-17 02:36:17 +02:00
eafdacc378 Optimized CSP for XWIKI 2025-09-17 02:33:28 +02:00
c93ec6d43a feat(web-app-xwiki): install OIDC/LDAP via temporary Groovy page (PUT→execute→verify→delete)
Replace REST jobs flow with services.extension.install executed from a transient XWiki.InstallExtensions page.
- Build wishlist from Ansible vars; print machine-readable markers; assert success.
- Execute from XWiki space; delete page afterwards; fix delete changed_when.
- Use Jinja raw + indent for clean macro embedding.

https://chatgpt.com/share/68c9ebf5-f5e0-800f-9b80-372b4b31e772
2025-09-17 01:00:25 +02:00
0839b8e37f fix(xwiki): enable superadmin flag in xwiki.cfg and always force Distribution Wizard
- Added 'xwiki.superadmin=1' alongside the password in 'xwiki.cfg' to properly activate the superadmin account during bootstrap.
- Simplified 'xwiki.properties': Distribution Wizard config is now always present instead of conditional on the superadmin switch.
- Ensures that the Distribution Wizard ('distribution.wizard.enabled=true') and flavor bootstrap run automatically on first startup.
- This fixes the issue where REST endpoints (/rest/jobs, /repositories) stayed at 404 because the DW never executed.

Ref: https://chat.openai.com/share/7a5d58d2-8e91-4e34-8fa0-8b7d62494e4a
2025-09-16 23:53:14 +02:00
def6dc96d8 fix(xwiki): enable superadmin flag in xwiki.cfg and always force Distribution Wizard
- Added 'xwiki.superadmin=1' alongside the password in 'xwiki.cfg' to properly activate the superadmin account during bootstrap.
- Simplified 'xwiki.properties': Distribution Wizard config is now always present instead of conditional on the superadmin switch.
- Ensures that the Distribution Wizard ('distribution.wizard.enabled=true') and flavor bootstrap run automatically on first startup.
- This fixes the issue where REST endpoints (/rest/jobs, /repositories) stayed at 404 because the DW never executed.

Ref: https://chat.openai.com/share/7a5d58d2-8e91-4e34-8fa0-8b7d62494e4a
2025-09-16 23:30:07 +02:00
364f4799bc In between commit xwiki OIDC integration 2025-09-16 20:16:19 +02:00
6eb4ba45f7 Removed installjobrequest.xml.j2 2025-09-16 19:57:32 +02:00
0566c426c9 Refactored administrator page variables 2025-09-16 19:57:07 +02:00
9ce73b9c71 Harmonized saving path 2025-09-16 19:12:08 +02:00
83936edf73 fix(xwiki): use proper InstallRequest XML format for extension installation
- Replace custom <request> with class='org.xwiki.extension.job.InstallRequest'
- Use loop over extensions_to_install to build <extensionId> list
- Move namespace into <namespaces><string>wiki:xwiki</string>
- Remove unused <id>/<jobType> from root
- Ensure installDependencies, interactive, verbose inside request
- Fixes issue where server echoed <rest><list/> instead of actual extensions
2025-09-16 15:25:34 +02:00
40ecbc5466 Added correct extension install logic to prevent overwritte 2025-09-16 14:53:37 +02:00
b18b3b104c Implemented performance switch for Front Proxy 2025-09-16 13:58:46 +02:00
2f992983f4 xwiki: install/verify via REST Job API; add 'xwiki_job_id' filter; refactor extension probe; remove invalid /extensions/{id} verify; README wording
Context: fixed 404 on 'Verify OIDC extension is installed' by polling jobstatus and parsing job id via filter plugin.
Conversation: https://chatgpt.com/share/68c435b7-96c0-800f-b7d6-b3fe99b443e0
2025-09-12 17:01:37 +02:00
d7d8578b13 fix(xwiki): correct extension.repositories format to id:type:url
Changed repository definition from 'maven:xwiki-public ...' to 'xwiki-public:maven:...'
so that the XWiki Extension Manager can correctly register Maven repositories.
This resolves the 'Unsupported repository type [central]' error and allows OIDC extension installation.

Details: https://chatgpt.com/share/68c42c4f-fda4-800f-a003-c16bcc9bd2a3
2025-09-12 16:21:23 +02:00
f106d5ec36 web-app-xwiki: admin bootstrap & REST/extension install fixes
• Guard admin tasks via XWIKI_SSO_ENABLED
• Create admin using XWikiUsers object API
• Wait for REST without DW redirect
• Install OIDC/LDAP via /rest/jobs (+verify)
• Mount xwiki.cfg/properties under Tomcat WEB-INF
• Build REST URLs with url_join; enable DW auto bootstrap + repos

https://chatgpt.com/share/68c42502-a5cc-800f-b05a-a1dbe48f014d
2025-09-12 15:50:30 +02:00