05ff3d3d61
Added matomo to roles and optimized features configuration
2025-11-27 14:46:04 +01:00
bee833feb4
Introduce deterministic CSS gradient angle and shared color palette facts
...
This ensures CSS output remains stable between runs, preventing unnecessary OpenResty restarts for every service caused by randomized gradients or regenerated CSS files.
Ref: https://chatgpt.com/share/69281d4b-2488-800f-8c0c-c0db44810d1d
2025-11-27 10:44:01 +01:00
d97d34a822
Refactored OAuth2 Proxy and PhpLDAPAdmin
2025-11-27 00:21:22 +01:00
57d5269b07
CSP (Safari-safe): merge -elem/-attr into base; respect explicit disables; no mirror-back; header only for documents/workers
...
- Add CSP3 support for style/script: include -elem and -attr directives
- Base (style-src, script-src) now unions elem/attr (CSP2/Safari fallback)
- Respect explicit base disables (e.g. style-src.unsafe-inline: false)
- Hashes only when 'unsafe-inline' absent in the final base tokens
- Nginx: set CSP only for HTML/worker via header_filter_by_lua_block; drop for subresources
- Remove per-location header_filter; keep body_filter only
- Update app role flags to *-attr where appropriate; extend desktop CSS sources
- Add comprehensive unit tests for union/explicit-disable/no-mirror-back
Ref: https://chatgpt.com/share/68f87a0a-cebc-800f-bb3e-8c8ab4dee8ee
2025-10-22 13:53:06 +02:00
5e616d3962
web: general domain cleanup (canonical/aliases normalization)
...
- Normalize domain blocks across apps:
- Add explicit 'aliases: []' everywhere (no implicit aliases)
- Standardize canonical subdomains for consistency:
* Bluesky: web/api under *.bluesky.<PRIMARY_DOMAIN>
* EspoCRM: espo.crm.<PRIMARY_DOMAIN>
* Gitea: tea.git.<PRIMARY_DOMAIN>
* GitLab: lab.git.<PRIMARY_DOMAIN>
* Joomla: joomla.cms.<PRIMARY_DOMAIN>
* Magento: magento.shop.<PRIMARY_DOMAIN>
* OpenProject: open.project.<PRIMARY_DOMAIN>
* Pretix: ticket.shop.<PRIMARY_DOMAIN>
* Taiga: kanban.project.<PRIMARY_DOMAIN>
- Remove legacy/duplicate aliases and use empty list instead
- Fix 'alias' -> 'aliases' where applicable
Context: preparing for AUTO_BUILD_ALIASES=False and deterministic redirect mapping.
Ref: conversation https://chatgpt.com/share/68cd512c-c878-800f-bdf2-81737adf7e0e
2025-09-19 14:51:56 +02:00
231fd567b3
feat(frontend): rename inj roles to sys-front-*, add sys-svc-cdn, cache-busting lookup
...
Introduce sys-svc-cdn (cdn_paths/cdn_urls/cdn_dirs) and ensure CDN directories + latest symlink.
Rename sys-srv-web-inj-* → sys-front-inj-*; update includes/templates; serve shared/per-app CSS & JS via CDN.
Add lookup_plugins/local_mtime_qs.py for mtime-based cache busting; split CSS into default.css/bootstrap.css + optional per-app style.css.
CSP: use style-src-elem; drop unsafe-inline for styles. Services: fix SYS_SERVICE_ALL_ENABLED bool and controlled flush.
BREAKING CHANGE: role names changed; replace includes and references accordingly.
Conversation: https://chatgpt.com/share/68b55494-9ec4-800f-b559-44707029141d
2025-09-01 10:10:23 +02:00
6ea8301364
Refactor: migrate cmp/* and srv/* roles into sys-stk/* and sys-svc/* namespaces
...
- Removed obsolete 'cmp' category, introduced 'stk' category (fa-bars-staggered icon).
- Renamed roles:
* cmp-db-docker → sys-stk-back-stateful
* cmp-docker-oauth2 → sys-stk-back-stateless
* srv-domain-provision → sys-stk-front
* cmp-db-docker-proxy → sys-stk-full-stateful
* cmp-docker-proxy → sys-stk-full-stateless
* cmp-rdbms → sys-svc-rdbms
- Updated all include_role references, vars, templates and README.md files.
- Adjusted run_once comments and variable paths accordingly.
- Updated all web-app roles to use new sys-stk/* and sys-svc/* roles.
Conversation: https://chatgpt.com/share/68b0ba66-09f8-800f-86fc-76c47009d431
2025-08-28 22:23:09 +02:00
cb66fb2978
Refactor LDAP variable schema to use top-level constant LDAP and nested ALL-CAPS keys.
...
- Converted group_vars/all/13_ldap.yml from lower-case to ALL-CAPS nested keys.
- Updated all roles, tasks, templates, and filter_plugins to reference LDAP.* instead of ldap.*.
- Fixed Keycloak JSON templates to properly quote Jinja variables.
- Adjusted svc-db-openldap filter plugins and unit tests to handle new LDAP structure.
- Updated integration test to only check uniqueness of TOP-LEVEL ALL-CAPS constants, ignoring nested keys.
See: https://chatgpt.com/share/68b01017-efe0-800f-a508-7d7e2f1c8c8d
2025-08-28 10:15:48 +02:00
79517b2fe9
Optimized spacing
2025-08-20 01:01:32 +02:00
d1cd87c843
Fix RBAC groups handling and refactor Keycloak role
...
- Fixed incorrect handling of RBAC group configuration (moved from OIDC claims into dedicated RBAC variable set).
- Unified RBAC group usage across applications (LAM, pgAdmin, phpLDAPadmin, phpMyAdmin, YOURLS).
- Replaced old 'KEYCLOAK_OIDC_RBAC_SCOPE_NAME' with dedicated 'KEYCLOAK_RBAC_GROUP_*' variables.
- Updated OAuth2 Proxy configuration to use 'RBAC.GROUP.CLAIM'.
- Refactored Keycloak role task structure:
* Renamed and reorganized task files for clarity ('_update.yml', '02_cleanup.yml', etc.).
* Introduced meta and dependency handling separation.
- Cleaned up Keycloak config defaults and recaptcha placeholders.
2025-08-17 23:27:01 +02:00
5c9ca20e04
Optimized keycloak variables
2025-08-17 11:40:15 +02:00
022800425d
THE HUGE REFACTORING CALENDER WEEK 33; Optimized Matrix and during this updated variables, and implemented better reset and cleanup mode handling, also solved some initial setup bugs
2025-08-15 15:15:48 +02:00
0228014d34
Replaced .infinito.service and .infinito.timer by SOFTWARE_NAME suffix, optimized LICENSE link and update OIDC Realm and ID conf
2025-08-14 14:39:18 +02:00
4a65a254ae
replaced port-ui-desktop with desktop to make it more speakable
2025-08-14 11:45:08 +02:00
db0e030900
Renamed general and mode constants and implemented a check to verify that constants are just defined ones over the whole repository
2025-08-13 19:11:14 +02:00
f31565e4c5
Optimized URLS
2025-08-13 00:33:47 +02:00
aeaf84de6f
Deactivated central_database for lam
2025-08-10 13:42:52 +02:00
dba12b89d8
Normalized cmp-docker-proxy include
2025-08-08 12:02:14 +02:00
6272303b55
Changed LAM container name
2025-08-07 15:34:40 +02:00
9228d51e86
Restructured server config
2025-08-07 11:31:06 +02:00
44e0fea0b2
Renamed cymais to infinito and did some other optimations and logout implementations
2025-07-29 16:35:42 +02:00
f62355e490
Replaced nginx native with openresty for logout injection. Right now still buggy on nextcloud and espocrm
2025-07-24 03:19:16 +02:00
0472fecd64
Solved ooauth2 bugs and restructured postgres roile to implement extensions used by discourse
2025-07-23 13:24:55 +02:00
d1fcbedef6
Set correct roles path for oidc keycloak groups\roles
2025-07-22 22:11:00 +02:00
bab1035a24
Activated oauth2 for lam
2025-07-22 21:31:11 +02:00
bba663f95d
Added missing canonicals
2025-07-22 19:20:29 +02:00
4b9e7dd3b7
Implemented universal logout
2025-07-22 13:14:06 +02:00
bf16a44e87
Implemented allowed_groups
2025-07-20 10:46:35 +02:00
1882fcfef5
Changed lam to web-app-lam
2025-07-20 09:59:31 +02:00
756597668c
Semi bsr for applications[] to prevent heavy to debug bugs in j2 - part 1
2025-07-13 15:11:38 +02:00
78031855b9
Replaced portfolio_iframe by port-ui-desktop
2025-07-13 14:22:36 +02:00
7a38241485
Made code more modular and refactored to cmp roles
2025-07-09 20:15:32 +02:00
66198ca1ec
Shortened webserver to srv-web-
2025-07-09 04:27:58 +02:00
22b4342300
Implemented schema/main.yml und config/main.yml file
2025-07-09 02:03:32 +02:00
563d5fd528
Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation
2025-07-08 23:43:13 +02:00
