19b417602f
web-app-moodle: fix Bitnami Moodle paths and OIDC plugin directory (see ChatGPT conversation: https://chatgpt.com/share/6931eed0-88a8-800f-b6be-c048bba7374e )
2025-12-04 21:28:25 +01:00
9051ba179f
Optimized ESPOCRM and Moodle volumes
2025-12-04 14:10:53 +01:00
716ebef33b
Refactor task includes and update variable handling for Ansible 2.20 migration
...
This commit updates multiple roles to ensure compatibility with Ansible 2.20.
Several include paths and task-loading mechanisms required adjustments,
as Ansible 2.20 applies stricter evaluation rules for complex Jinja expressions
and no longer resolves certain relative include paths the way Ansible 2.18 did.
Key changes:
- Replaced legacy once_finalize.yml and once_flag.yml with the new structure
under tasks/utils/once/finalize.yml and tasks/utils/once/flag.yml.
- Updated all include_tasks statements to use 'path_join' with playbook_dir,
ensuring deterministic and absolute file resolution across roles.
- Fixed all network helper includes by converting direct relative paths such as
'roles/docker-compose/tasks/utils/network.yml' to proper Jinja-evaluated paths.
- Normalized MATOMO_* variable names for consistency with the updated variable
scope behavior in Ansible 2.20.
- Removed deprecated patterns that were implicitly supported in Ansible 2.18
but break under the more strict variable and path resolution model in 2.20.
These changes are part of the full migration step required to ensure the
infinito-nexus roles remain stable, deterministic, and forward-compatible with
Ansible 2.20.
Details of the discussion and reasoning can be found in this conversation:
https://chatgpt.com/share/69300a8d-24d4-800f-bec0-e895a695618a
2025-12-03 11:02:34 +01:00
57d5269b07
CSP (Safari-safe): merge -elem/-attr into base; respect explicit disables; no mirror-back; header only for documents/workers
...
- Add CSP3 support for style/script: include -elem and -attr directives
- Base (style-src, script-src) now unions elem/attr (CSP2/Safari fallback)
- Respect explicit base disables (e.g. style-src.unsafe-inline: false)
- Hashes only when 'unsafe-inline' absent in the final base tokens
- Nginx: set CSP only for HTML/worker via header_filter_by_lua_block; drop for subresources
- Remove per-location header_filter; keep body_filter only
- Update app role flags to *-attr where appropriate; extend desktop CSS sources
- Add comprehensive unit tests for union/explicit-disable/no-mirror-back
Ref: https://chatgpt.com/share/68f87a0a-cebc-800f-bb3e-8c8ab4dee8ee
2025-10-22 13:53:06 +02:00
6824e444b0
Changed bitnami images to legacy. See https://github.com/bitnami/containers/issues/83267 .
2025-10-02 07:31:20 +02:00
e6803e5614
refactor(ansible): normalize include_role syntax and unify host config paths via path_join
...
- Remove stray spaces after include_role: across many roles to ensure clean YAML and
consistent linting/formatting.
- Listmonk:
- Introduce LISTMONK_CONFIG_HOST = [ docker_compose.directories.config, 'config.toml' ] | path_join
- Use that var in the template task (dest) and the docker-compose volume mount
- Matrix:
- Build MATRIX_SYNAPSE_CONFIG_PATH_HOST, MATRIX_SYNAPSE_LOG_PATH_HOST, and
MATRIX_ELEMENT_CONFIG_PATH_HOST via path_join
- Mobilizon:
- Build mobilizon_host_conf_exs_file via path_join
- Keep get_app_conf strictness unchanged (defaults to True in our filter), so behavior
remains strict even though the explicit third arg was dropped
- Simpleicons:
- Build server.js and package.json host paths via path_join
- Numerous web-app roles (Confluence, Discourse, EspoCRM, Friendica, Funkwhale, Gitea,
GitLab, Jenkins, Joomla, Listmonk, Mailu, Mastodon, Matomo, Matrix, MediaWiki,
Mobilizon, Moodle, Nextcloud, OpenProject, Peertube, Pixelfed, Pretix, Roulette Wheel,
Snipe-IT, Syncope, Taiga, WordPress, XWiki, Yourls) and web-svc roles (coturn,
libretranslate, simpleicons) updated for consistent include_role formatting
Why:
- path_join avoids double slashes and missing separators across different config roots
- Consistent include_role: formatting improves readability and prevents linter noise
Ref:
- Conversation: https://chatgpt.com/share/68d14711-727c-800f-b454-7dc4c3c1f4cb
2025-09-22 14:55:25 +02:00
d523629cdd
Refactor docker-compose templates: replace {% include 'build.yml.j2' %} with lookup() + indent for proper YAML embedding. Also adjusted build.yml.j2 to remove leading spaces. See: https://chatgpt.com/share/68ce584a-a430-800f-8e2a-0f96884cc8d1
2025-09-20 09:31:49 +02:00
a4a8061998
Refactor: unify Docker build config via build.yml.j2 include
...
Replaced duplicated inline build definitions in multiple docker-compose.yml.j2
templates with a shared include (roles/docker-container/templates/build.yml.j2).
This ensures consistent use of pull_policy: never and Dockerfile context across
services (Postgres, Bookwyrm, Bridgy Fed, Chess, Confluence, Jira, Moodle,
OpenProject, Pretix, Roulette Wheel, WordPress, XWiki, Simpleicons).
Conversation: https://chatgpt.com/share/68cd8f35-b764-800f-9b00-2c837103d2fb
2025-09-19 19:13:44 +02:00
5e616d3962
web: general domain cleanup (canonical/aliases normalization)
...
- Normalize domain blocks across apps:
- Add explicit 'aliases: []' everywhere (no implicit aliases)
- Standardize canonical subdomains for consistency:
* Bluesky: web/api under *.bluesky.<PRIMARY_DOMAIN>
* EspoCRM: espo.crm.<PRIMARY_DOMAIN>
* Gitea: tea.git.<PRIMARY_DOMAIN>
* GitLab: lab.git.<PRIMARY_DOMAIN>
* Joomla: joomla.cms.<PRIMARY_DOMAIN>
* Magento: magento.shop.<PRIMARY_DOMAIN>
* OpenProject: open.project.<PRIMARY_DOMAIN>
* Pretix: ticket.shop.<PRIMARY_DOMAIN>
* Taiga: kanban.project.<PRIMARY_DOMAIN>
- Remove legacy/duplicate aliases and use empty list instead
- Fix 'alias' -> 'aliases' where applicable
Context: preparing for AUTO_BUILD_ALIASES=False and deterministic redirect mapping.
Ref: conversation https://chatgpt.com/share/68cd512c-c878-800f-bdf2-81737adf7e0e
2025-09-19 14:51:56 +02:00
7ca8b7c71d
feat(nextcloud): integrate Talk & Whiteboard; refactor to NEXTCLOUD_* vars; full-stack setup
...
config(ports): add Nextcloud websocket port (4003); canonical domains (nextcloud/talk/whiteboard)
refactor: unify get_app_conf usage & Jinja spacing; migrate paths/handlers to new NEXTCLOUD_* vars
feat(plugins): split plugin routines; configure Whiteboard via occ (URL + JWT)
fix(oidc): use NEXTCLOUD_URL for logout; correct LDAP attribute mappings; add OIDC flavor switch
feat: Whiteboard container & reverse-proxy location; Talk STUN/WS ports; Redis URL for Whiteboard
chore: drop obsolete TODO; minor cleanups in oauth2-proxy, matrix, peertube, pgadmin, phpldapadmin, pixelfed, phpmyadmin
security(schema): Bluesky jwt_secret now base64_prefixed_32; add Nextcloud whiteboard_jwt_secret
db: normalize postgres image tag templating; central DB host checks spacing fixes
ops: add full-stack bootstrap (certs, proxy, volumes); internal nginx config reload handler update
refs: https://chatgpt.com/share/68b5f5b7-8d64-800f-b001-1241f818dc0e
2025-09-01 21:37:02 +02:00
6ea8301364
Refactor: migrate cmp/* and srv/* roles into sys-stk/* and sys-svc/* namespaces
...
- Removed obsolete 'cmp' category, introduced 'stk' category (fa-bars-staggered icon).
- Renamed roles:
* cmp-db-docker → sys-stk-back-stateful
* cmp-docker-oauth2 → sys-stk-back-stateless
* srv-domain-provision → sys-stk-front
* cmp-db-docker-proxy → sys-stk-full-stateful
* cmp-docker-proxy → sys-stk-full-stateless
* cmp-rdbms → sys-svc-rdbms
- Updated all include_role references, vars, templates and README.md files.
- Adjusted run_once comments and variable paths accordingly.
- Updated all web-app roles to use new sys-stk/* and sys-svc/* roles.
Conversation: https://chatgpt.com/share/68b0ba66-09f8-800f-86fc-76c47009d431
2025-08-28 22:23:09 +02:00
dece6228a4
Refactor docker-compose build logic and pull policy
...
- Added conditional '--pull' flag on retry in docker-compose build handler, tied to MODE_UPDATE
- Added 'pull_policy: never' to multiple docker-compose service templates to prevent unwanted image pulls
- Fixed minor formatting issues (e.g. Nextcloud volume spacing, WordPress desktop alignment)
Reference: https://chatgpt.com/share/68b0207a-4d9c-800f-b76f-9515885e5183
2025-08-28 11:25:35 +02:00
a57fe718de
Optimized spacinbg
2025-08-20 05:49:35 +02:00
79517b2fe9
Optimized spacing
2025-08-20 01:01:32 +02:00
d3cc187c3b
Made System Email Variables UPPER
2025-08-19 09:34:18 +02:00
5c9ca20e04
Optimized keycloak variables
2025-08-17 11:40:15 +02:00
0de26fa6c7
Solved bug existed due to difference between mailu domain and hostname difference. also refactored during this to find the bug
2025-08-16 14:29:07 +02:00
5b64b47754
Added no_log
2025-08-15 23:18:44 +02:00
03564b34bb
Optimized reset routine for docker images and specially discourse
2025-08-15 21:35:45 +02:00
3ac9bd9f90
Optimized variable typos
2025-08-15 18:43:42 +02:00
022800425d
THE HUGE REFACTORING CALENDER WEEK 33; Optimized Matrix and during this updated variables, and implemented better reset and cleanup mode handling, also solved some initial setup bugs
2025-08-15 15:15:48 +02:00
0228014d34
Replaced .infinito.service and .infinito.timer by SOFTWARE_NAME suffix, optimized LICENSE link and update OIDC Realm and ID conf
2025-08-14 14:39:18 +02:00
4a65a254ae
replaced port-ui-desktop with desktop to make it more speakable
2025-08-14 11:45:08 +02:00
db0e030900
Renamed general and mode constants and implemented a check to verify that constants are just defined ones over the whole repository
2025-08-13 19:11:14 +02:00
f31565e4c5
Optimized URLS
2025-08-13 00:33:47 +02:00
de15c42de8
Added database patch to wordpress
2025-08-11 21:46:29 +02:00
6e04ac58d2
Moved blocks to include_tasks to raise performance. Deploy was really slow
2025-08-11 12:28:31 +02:00
0607974dac
Patched url in moodle config
2025-08-08 11:46:23 +02:00
220e3e1c60
Optimized namings in moodle
2025-08-08 09:12:50 +02:00
7f53cc3a12
Replaced web_protocol by WEB_PROTOCOL
2025-08-07 12:31:20 +02:00
9228d51e86
Restructured server config
2025-08-07 11:31:06 +02:00
44e0fea0b2
Renamed cymais to infinito and did some other optimations and logout implementations
2025-07-29 16:35:42 +02:00
f62355e490
Replaced nginx native with openresty for logout injection. Right now still buggy on nextcloud and espocrm
2025-07-24 03:19:16 +02:00
4b9e7dd3b7
Implemented universal logout
2025-07-22 13:14:06 +02:00
6a1a83432f
Different optimations and mig integration. test will fail due to strickter validation checks. need to be cleaned up tomorrow
2025-07-18 20:08:20 +02:00
ad449c3b6a
Adapted roles to new architecture
2025-07-17 15:39:31 +02:00
8cda54c46e
Finished moodle adaptation to new structure
2025-07-17 09:18:24 +02:00
c791e86b8b
Solved discourse variable bug
2025-07-17 07:46:39 +02:00
2529c7cdb3
Optimized moodle variables
2025-07-17 06:56:54 +02:00
529efc0bd7
Optimized moodle variable names
2025-07-17 06:38:51 +02:00
84322f81ef
Implemented draft for auto database credentials change moodle
2025-07-17 06:31:55 +02:00
4acf2137e8
Activated flush
2025-07-14 18:43:20 +02:00
ad60f5fb37
Rmeoved is_feature_enabled function
2025-07-13 17:54:09 +02:00
756597668c
Semi bsr for applications[] to prevent heavy to debug bugs in j2 - part 1
2025-07-13 15:11:38 +02:00
78031855b9
Replaced portfolio_iframe by port-ui-desktop
2025-07-13 14:22:36 +02:00
7a38241485
Made code more modular and refactored to cmp roles
2025-07-09 20:15:32 +02:00
c9c73cbdb2
Decoupeld database, docker and proxy
2025-07-09 14:21:30 +02:00
575df76ec3
Shortened service- to svc-
2025-07-09 05:00:41 +02:00
66198ca1ec
Shortened webserver to srv-web-
2025-07-09 04:27:58 +02:00
ed0cd9b8c0
Restructured users
2025-07-09 02:26:50 +02:00
