|
|
208848579d
|
svc-db-openldap: make LDIF import idempotent, unify container var, and tidy role
- Add handlers/main.yml to load memberof/refint modules and import groups via docker exec
- Use OPENLDAP_CONTAINER consistently (replace OPENLDAP_NAME)
- Rename tasks/ldifs_creation.yml -> tasks/_ldifs_creation.yml and update includes
- Drop default param from get_app_conf calls; add explicit meta: flush_handlers
- docker-compose: honor OPENLDAP_NETWORK_EXPOSE_LOCAL | bool; minor formatting
- env template: formatting/comments consistency
- Remove unused 01_rbac_group.ldif.j2; rename 02_rbac_roles -> 01_rbac_roles and fix filter to LDAP
- vars: rename OPENLDAP_NAME -> OPENLDAP_CONTAINER; prune LDIF schema type
Conversation: https://chatgpt.com/share/68d1d25d-e788-800f-bfb6-13b1f5bc6121
|
2025-09-23 00:49:57 +02:00 |
|
|
|
7ca3a73f21
|
Normalized OpenLDAP variables
|
2025-09-22 21:02:24 +02:00 |
|
|
|
97e2d440b2
|
Normalized OpenLDAP constants
|
2025-09-22 19:08:11 +02:00 |
|
|
|
fa6bb67a66
|
Removed whitespaces in templates:
|
2025-09-22 16:28:57 +02:00 |
|
|
|
e6803e5614
|
refactor(ansible): normalize include_role syntax and unify host config paths via path_join
- Remove stray spaces after include_role: across many roles to ensure clean YAML and
consistent linting/formatting.
- Listmonk:
- Introduce LISTMONK_CONFIG_HOST = [ docker_compose.directories.config, 'config.toml' ] | path_join
- Use that var in the template task (dest) and the docker-compose volume mount
- Matrix:
- Build MATRIX_SYNAPSE_CONFIG_PATH_HOST, MATRIX_SYNAPSE_LOG_PATH_HOST, and
MATRIX_ELEMENT_CONFIG_PATH_HOST via path_join
- Mobilizon:
- Build mobilizon_host_conf_exs_file via path_join
- Keep get_app_conf strictness unchanged (defaults to True in our filter), so behavior
remains strict even though the explicit third arg was dropped
- Simpleicons:
- Build server.js and package.json host paths via path_join
- Numerous web-app roles (Confluence, Discourse, EspoCRM, Friendica, Funkwhale, Gitea,
GitLab, Jenkins, Joomla, Listmonk, Mailu, Mastodon, Matomo, Matrix, MediaWiki,
Mobilizon, Moodle, Nextcloud, OpenProject, Peertube, Pixelfed, Pretix, Roulette Wheel,
Snipe-IT, Syncope, Taiga, WordPress, XWiki, Yourls) and web-svc roles (coturn,
libretranslate, simpleicons) updated for consistent include_role formatting
Why:
- path_join avoids double slashes and missing separators across different config roots
- Consistent include_role: formatting improves readability and prevents linter noise
Ref:
- Conversation: https://chatgpt.com/share/68d14711-727c-800f-b454-7dc4c3c1f4cb
|
2025-09-22 14:55:25 +02:00 |
|
|
|
4f8ce598a9
|
Mastodon: allow internal chess host & refactor var names; OpenLDAP: safer get_app_conf
- Add ALLOWED_PRIVATE_ADDRESSES to .env (from svc-db-postgres) to handle 422 Mastodon::PrivateNetworkAddressError
- Switch docker-compose to MASTODON_* variables and align vars/main.yml
- Always run 01_setup.yml during deployment (removed conditional flag)
- OpenLDAP: remove implicit True default on network.local to avoid unintended truthy behavior
Context: chess.infinito.nexus resolved to 192.168.200.30 (private IP) from Mastodon; targeted allowlist unblocks federation lookups.
Ref: https://chat.openai.com/share/REPLACE_WITH_THIS_CONVERSATION_LINK
|
2025-09-03 21:44:47 +02:00 |
|
|
|
c182ecf516
|
Refactor and cleanup OIDC, desktop, and web-app roles
- Improved OIDC variable definitions (12_oidc.yml)
- Added account/security/profile URLs
- Restructured web-app-desktop tasks and JS handling
- Introduced oidc.js and iframe.js with runtime loader
- Fixed nginx.conf, LDAP, and healthcheck templates spacing
- Improved Lua injection for CSP and snippets
- Fixed typos (WordPress, receive, etc.)
- Added silent-check-sso nginx location
Conversation: https://chatgpt.com/share/68ae0060-4fac-800f-9f02-22592a4087d3
|
2025-08-26 20:44:05 +02:00 |
|
|
|
022800425d
|
THE HUGE REFACTORING CALENDER WEEK 33; Optimized Matrix and during this updated variables, and implemented better reset and cleanup mode handling, also solved some initial setup bugs
|
2025-08-15 15:15:48 +02:00 |
|
|
|
4fa1c6cfbd
|
ansible: quote file modes; keycloak: robust LDAP bind update + config cleanup
Highlights
- Quote all file modes as strings ("0755"/"0770") across multiple roles to avoid YAML octal quirks and improve portability.
- Keycloak: introduce actions.{import_realm,update_ldap_bind} feature flags and wire them via vars/config.
- Implement idempotent LDAP bind updater (tasks/03_update-ldap-bind.yml):
* kcadm login with no_log protection,
* fetch LDAP UserStorage component by name,
* compare current bindDn/bindCredential and update only when changed.
- Keycloak realm import template: keep providerId="ldap" and set name from keycloak_ldap_component_name.
- Centralize Keycloak readiness check in tasks/main.yml; remove duplicate waits from 02_update_client_redirects.yml and 04_ssh_public_key.yml.
- 01_import.yml: fix typo (keycloak), quote modes, tidy spacing, and replace Jinja-in-Jinja fileglob with concatenation.
- 02_update_client_redirects.yml: correct assert fail_msg filename; keep login-first flow.
- Minor template/vars tidy-ups (spacing, comments, consistent variable usage).
Files touched (excerpt)
- roles/*/*: replace 0755/0770 → "0755"/"0770"
- roles/web-app-keycloak/config/main.yml: add actions map
- roles/web-app-keycloak/vars/main.yml: unify Keycloak vars and feature flags
- roles/web-app-keycloak/tasks/{01_import,02_update_client_redirects,03_update-ldap-bind,04_ssh_public_key,main}.yml
- roles/web-app-keycloak/templates/{docker-compose.yml.j2,import/realm.json.j2}
https://chatgpt.com/share/689bda16-b138-800f-8258-e13f6d7d8239
|
2025-08-13 02:20:38 +02:00 |
|
|
|
f72ac30884
|
Replaced redirects by origine to raise performance
|
2025-08-11 19:44:14 +02:00 |
|
|
|
f62355e490
|
Replaced nginx native with openresty for logout injection. Right now still buggy on nextcloud and espocrm
|
2025-07-24 03:19:16 +02:00 |
|
|
|
bfc42ce2ac
|
Different little optimations
|
2025-07-17 04:23:05 +02:00 |
|
|
|
169493179e
|
Restructuring for new backup solution
|
2025-07-16 19:09:31 +02:00 |
|
|
|
67122800f3
|
Optimized openldap role
|
2025-07-14 12:00:18 +02:00 |
|
|
|
732607bbb6
|
Added provisioning switches for openldap to improve performance
|
2025-07-14 08:45:53 +02:00 |
|
|
|
f012b4fc78
|
Restructured openldap tasks
|
2025-07-14 00:31:47 +02:00 |
|
|
|
24d2c0edb5
|
Solved variable but
|
2025-07-13 19:19:57 +02:00 |
|
|
|
756597668c
|
Semi bsr for applications[] to prevent heavy to debug bugs in j2 - part 1
|
2025-07-13 15:11:38 +02:00 |
|
|
|
3b03c5171d
|
Renamed the mariadb, openldap and postgres database
|
2025-07-12 16:06:13 +02:00 |
|
