Commit Graph

2839 Commits

Author SHA1 Message Date
eafdacc378 Optimized CSP for XWIKI 2025-09-17 02:33:28 +02:00
c93ec6d43a feat(web-app-xwiki): install OIDC/LDAP via temporary Groovy page (PUT→execute→verify→delete)
Replace REST jobs flow with services.extension.install executed from a transient XWiki.InstallExtensions page.
- Build wishlist from Ansible vars; print machine-readable markers; assert success.
- Execute from XWiki space; delete page afterwards; fix delete changed_when.
- Use Jinja raw + indent for clean macro embedding.

https://chatgpt.com/share/68c9ebf5-f5e0-800f-9b80-372b4b31e772
2025-09-17 01:00:25 +02:00
0839b8e37f fix(xwiki): enable superadmin flag in xwiki.cfg and always force Distribution Wizard
- Added 'xwiki.superadmin=1' alongside the password in 'xwiki.cfg' to properly activate the superadmin account during bootstrap.
- Simplified 'xwiki.properties': Distribution Wizard config is now always present instead of conditional on the superadmin switch.
- Ensures that the Distribution Wizard ('distribution.wizard.enabled=true') and flavor bootstrap run automatically on first startup.
- This fixes the issue where REST endpoints (/rest/jobs, /repositories) stayed at 404 because the DW never executed.

Ref: https://chat.openai.com/share/7a5d58d2-8e91-4e34-8fa0-8b7d62494e4a
2025-09-16 23:53:14 +02:00
def6dc96d8 fix(xwiki): enable superadmin flag in xwiki.cfg and always force Distribution Wizard
- Added 'xwiki.superadmin=1' alongside the password in 'xwiki.cfg' to properly activate the superadmin account during bootstrap.
- Simplified 'xwiki.properties': Distribution Wizard config is now always present instead of conditional on the superadmin switch.
- Ensures that the Distribution Wizard ('distribution.wizard.enabled=true') and flavor bootstrap run automatically on first startup.
- This fixes the issue where REST endpoints (/rest/jobs, /repositories) stayed at 404 because the DW never executed.

Ref: https://chat.openai.com/share/7a5d58d2-8e91-4e34-8fa0-8b7d62494e4a
2025-09-16 23:30:07 +02:00
364f4799bc In between commit xwiki OIDC integration 2025-09-16 20:16:19 +02:00
6eb4ba45f7 Removed installjobrequest.xml.j2 2025-09-16 19:57:32 +02:00
0566c426c9 Refactored administrator page variables 2025-09-16 19:57:07 +02:00
9ce73b9c71 Harmonized saving path 2025-09-16 19:12:08 +02:00
83936edf73 fix(xwiki): use proper InstallRequest XML format for extension installation
- Replace custom <request> with class='org.xwiki.extension.job.InstallRequest'
- Use loop over extensions_to_install to build <extensionId> list
- Move namespace into <namespaces><string>wiki:xwiki</string>
- Remove unused <id>/<jobType> from root
- Ensure installDependencies, interactive, verbose inside request
- Fixes issue where server echoed <rest><list/> instead of actual extensions
2025-09-16 15:25:34 +02:00
40ecbc5466 Added correct extension install logic to prevent overwritte 2025-09-16 14:53:37 +02:00
b18b3b104c Implemented performance switch for Front Proxy 2025-09-16 13:58:46 +02:00
2f992983f4 xwiki: install/verify via REST Job API; add 'xwiki_job_id' filter; refactor extension probe; remove invalid /extensions/{id} verify; README wording
Context: fixed 404 on 'Verify OIDC extension is installed' by polling jobstatus and parsing job id via filter plugin.
Conversation: https://chatgpt.com/share/68c435b7-96c0-800f-b7d6-b3fe99b443e0
2025-09-12 17:01:37 +02:00
d7d8578b13 fix(xwiki): correct extension.repositories format to id:type:url
Changed repository definition from 'maven:xwiki-public ...' to 'xwiki-public:maven:...'
so that the XWiki Extension Manager can correctly register Maven repositories.
This resolves the 'Unsupported repository type [central]' error and allows OIDC extension installation.

Details: https://chatgpt.com/share/68c42c4f-fda4-800f-a003-c16bcc9bd2a3
2025-09-12 16:21:23 +02:00
f106d5ec36 web-app-xwiki: admin bootstrap & REST/extension install fixes
• Guard admin tasks via XWIKI_SSO_ENABLED
• Create admin using XWikiUsers object API
• Wait for REST without DW redirect
• Install OIDC/LDAP via /rest/jobs (+verify)
• Mount xwiki.cfg/properties under Tomcat WEB-INF
• Build REST URLs with url_join; enable DW auto bootstrap + repos

https://chatgpt.com/share/68c42502-a5cc-800f-b05a-a1dbe48f014d
2025-09-12 15:50:30 +02:00
53b3a3a7b1 Deactivated LDAP by default 2025-09-12 14:13:13 +02:00
f576b42579 XWiki: two-phase bootstrap + extension install before enabling auth; add XOR validation
- Add 02_validation.yml to prevent OIDC+LDAP enabled simultaneously
- Introduce _flush_config.yml with switches (OIDC/LDAP/superadmin)
- Bootstrap with native+superadmin → create admin → install extensions (superadmin) → enable final auth
- Refactor REST vars (XWIKI_REST_BASE, XWIKI_REST_XWIKI, XWIKI_REST_EXTENSION_INSTALL)
- Update templates to use switch vars; gate OIDC block in properties
- Idempotent REST readiness waits

Conversation: https://chatgpt.com/share/68c40c1e-2b3c-800f-b59f-8d37baa9ebb2
2025-09-12 14:04:02 +02:00
b0f10aa0d0 Removed unnecessary just up 2025-09-12 13:21:29 +02:00
a6a2be4373 Optimized Listmonk variables 2025-09-12 13:04:06 +02:00
b7a7be4737 Fix XWiki automation bootstrap:
- Accept HTTP 302 (Distribution Wizard redirects) in REST readiness and extension checks
- Treat 302 as missing admin user during bootstrap
- Move superadmin password to xwiki.cfg (correct location)
- Disable automatic Distribution Wizard start in xwiki.properties
- Standardize run_once includes for postgres, cdn, and xwiki roles

See: https://chatgpt.com/share/68c3a67b-80b4-800f-8a90-ebdcd4abb86c
2025-09-12 06:50:24 +02:00
2d71c461de web-app-xwiki: add SuperAdmin bootstrap support
- Added schema entry for superadminpassword
- Added vars for XWIKI_SUPERADMIN_USERNAME/PASSWORD
- Extended xwiki.properties.j2 to configure superadminpassword
- Added 02_bootstrap_admin.yml to create XWiki admin via REST using SuperAdmin
- Updated REST URLs to use XWIKI_REST_GENERAL
- Enabled CSP flag unsafe-inline

Conversation: https://chatgpt.com/share/68c39ddb-e9cc-800f-b32f-9d4c1e09e43e
2025-09-12 06:13:34 +02:00
07b7c6484f xwiki: switch to PostgreSQL and remove custom Hibernate override
Config: set database.type=postgres; use image tag lts-<dbtype>-tomcat; make DB_TYPE templated; derive database_type from app config.

Cleanup: delete hibernate.cfg.xml template and volume mounts; remove XWIKI_HOST_HIBERNATE_PATH; stop rendering hibernate.cfg.xml.

web-svc-cdn: run_once task fix.

Context: troubleshooting on 2025-09-12. Conversation link: https://chatgpt.com/share/68c3978e-77cc-800f-beda-19220f70855f
2025-09-12 05:46:45 +02:00
cce33373ba sys-svc-dns: add apex A/AAAA records for SYS_SVC_DNS_BASE_DOMAINS via task_include
This update introduces apex (@) A and optional AAAA records for all base SLD domains.
The tasks were moved into a new 02_apex.yml file and are looped using
SYS_SVC_DNS_BASE_DOMAINS. CAA record loops were updated accordingly.
See details: https://chatgpt.com/share/68c385c3-1804-800f-8c78-8614bc853f77
2025-09-12 04:30:59 +02:00
fcc9dc71ef Removed solved Todos 2025-09-12 04:05:02 +02:00
1b42ca46e8 Removed sys-dns-cloudflare-records from web-opt-rdr-www because it's covered by other tasks 2025-09-12 03:55:52 +02:00
ce8958cc01 sys-dns-wildcards: always create apex wildcard (*.apex); use explicit_domains for CURRENT_PLAY_DOMAINS_ALL list; update README and unit tests. Ref: https://chatgpt.com/share/68c37a74-7468-800f-a612-765bbbd442de 2025-09-12 03:47:37 +02:00
7e5990aa16 deploy(cli): auto-generate MODE_* flags from 01_modes.yml; remove legacy skip flags/params; drive cleanup via MODE_CLEANUP; validation via MODE_ASSERT; tests via MODE_TEST; drop MODE_BACKUP from 01_modes.yml. Ref: https://chatgpt.com/share/68c3725f-43a0-800f-9bb0-eb7cbf77ac24 2025-09-12 03:08:18 +02:00
60ef36456a Optimized variables 2025-09-12 02:41:33 +02:00
3a8b9cc958 Deactivated proxy for wildcards 2025-09-12 02:20:59 +02:00
a1a956585c Moved utils/run_once.yml to core 2025-09-12 02:20:26 +02:00
1a1f185265 Casted to bool to be sure it's interpretated correct 2025-09-12 02:19:47 +02:00
57ca6adaec MediaWiki: runtime patch for LocalSettings.php (URL, DB, lang) + safe quoting
- Add 03_patch_settings.yml to sync $wgServer/$wgCanonicalServer, DB vars, and language
- Use single-quoted PHP strings with proper escaping; idempotent grep guards
- Wire task into main.yml; rename 03_admin→04_admin and 04_extensions→05_extensions

Ref: https://chatgpt.com/share/68c3649a-e830-800f-a059-fc8eda8f76bb
2025-09-12 02:09:33 +02:00
a0c2245bbd Refactor web-opt-rdr-www:
- Split Cloudflare edge redirect into _01 and _02 task files
- Wrap Cloudflare routines in a conditional block on DNS_PROVIDER
- Preserve origin vs edge flavor handling
Conversation: https://chatgpt.com/share/68c3609b-5624-800f-b5fa-69def6032dca
2025-09-12 01:52:13 +02:00
206b3eadbc refactor(dns): replace sys-dns-parent-hosts with sys-dns-wildcards; emit only *.parent wildcards from CURRENT_PLAY_DOMAINS_ALL
Rename filter parent_build_records→wildcard_records; create only wildcard (*.parent) A/AAAA records (no base/apex); switch to CURRENT_PLAY_DOMAINS_ALL; update vars to SYN_DNS_WILDCARD_RECORDS; adjust role/task names, defaults, and docs; add unittest expecting *.a.b from www.a.b.example.com. See: https://chatgpt.com/share/68c35dc1-7170-800f-8fbe-772e61780597
2025-09-12 01:40:06 +02:00
feee3fd71f Fix false negatives in integration test for unused vars
Updated tests/integration/test_vars_usage_in_yaml.py:
- Variables immediately followed by '(' are now treated as function calls,
  not as set variables. This prevents false errors.
- Fixed detection of redirect_domain_mappings so it is no longer flagged
  as unused.

See: https://chatgpt.com/share/68c3542d-f44c-800f-a483-b3e43739f315
2025-09-12 00:59:14 +02:00
39e745049b Revert "Removed incorrect flavor cloud for hetzner"
This reverts commit db034553a3.
2025-09-12 00:43:46 +02:00
db034553a3 Removed incorrect flavor cloud for hetzner 2025-09-12 00:41:18 +02:00
f7e661bcca Todos solved and removed 2025-09-12 00:37:47 +02:00
d5f1ae0288 Revert "Remmoved default filter"
This reverts commit 7cfe97ab50.
2025-09-12 00:12:46 +02:00
3c3083481e Replaced CURRENT_PLAY_DOMAINS with CURRENT_PLAY_DOMAINS_ALL 2025-09-12 00:04:40 +02:00
7cfe97ab50 Remmoved default filter 2025-09-12 00:00:43 +02:00
a552ea175d feat(dns): add sys-svc-dns role and extend parent DNS handling
Introduce sys-svc-dns to bootstrap Cloudflare DNS prerequisites. Validates CLOUDFLARE_API_TOKEN, (optionally) manages CAA for base SLDs, and delegates parent record creation to sys-dns-parent-hosts. Wired into sys-stk-front-pure.

sys-dns-parent-hosts: new parent_dns filter builds A/AAAA for each parent host and wildcard children (*.parent). Supports dict/list inputs for CURRENT_PLAY_DOMAINS, optional IPv6, proxied flag, and optional *.apex. Exposes a single parent_build_records entry point.

Let’s Encrypt role cleanup: remove DNS/C AA management from sys-svc-letsencrypt; it now focuses on webroot challenge config and renew timer. Fixed path joins and run_once guards.

Tests: update unit tests to allow wildcard outputs and dict-based CURRENT_PLAY_DOMAINS. Add generate_base_sld_domains filter. Documentation updates for both roles.

Conversation: https://chatgpt.com/share/68c342f7-d20c-800f-b61f-cefeebcf1cd8
2025-09-11 23:47:27 +02:00
dc16b7d21c Removed refresh systemctl service listener for systemctl daemon 2025-09-11 22:37:16 +02:00
54797aa65b Surpress flushing of CSP and Webserver health checks during setup because tests will fail if procedures didn't finish 2025-09-11 22:31:24 +02:00
a6e42bff9b Optimized more run_once routines for performance 2025-09-11 22:16:42 +02:00
58cf63c040 Removed deathlock and optimized run_once settings for performance 2025-09-11 21:48:56 +02:00
682ea6d7f2 Removed unnecessary --dirval-cmd dirval 2025-09-11 21:16:10 +02:00
486729d57d Removed directory-validator dependencies because it's installed via pkgmgr 2025-09-11 21:01:23 +02:00
5342f70b03 Solved wrong variable bugs :) 2025-09-11 20:58:02 +02:00
d40a275d70 feat(sys-ctl-cln-faild-bkps): migrate role to cleanback CLI (systemd oneshot) and derive workers from Ansible facts
- install via pkgmgr (CLEANUP_FAILED_BACKUPS_PKG=cleanback)
- run: cleanback --all --dirval-cmd dirval --workers {{ CLEANUP_FAILED_BACKUPS_WORKERS }} --timeout {{ CLEANBACK_TIMEOUT_SECONDS }} --yes
- remove obsolete systemctl template and path set_fact logic
- keep task variable names intact; no defaults for runtime knobs
- update README to reflect new behavior

Conversation: https://chatgpt.com/share/68c309bf-8818-800f-84d9-c4aa74a4544c
2025-09-11 20:30:29 +02:00
3224e24d76 Refactor systemd handling
- sys-ctl-rpr-btrfs-balancer: suppress service flush for btrfs balancer (too expensive to run each play)
- sys-daemon: replace raw systemctl calls with ansible.builtin.systemd (daemon_reload, daemon_reexec)
- sys-service: split handler into 'Enable systemctl service' and 'Set systemctl service state', add become, async/poll, suppress flush guard

Conversation: https://chatgpt.com/share/68c2f7a6-6fe4-800f-9d79-3e3b0ab4a563
2025-09-11 18:24:21 +02:00