Commit Graph

2755 Commits

Author SHA1 Message Date
39e745049b Revert "Removed incorrect flavor cloud for hetzner"
This reverts commit db034553a3.
2025-09-12 00:43:46 +02:00
db034553a3 Removed incorrect flavor cloud for hetzner 2025-09-12 00:41:18 +02:00
f7e661bcca Todos solved and removed 2025-09-12 00:37:47 +02:00
d5f1ae0288 Revert "Remmoved default filter"
This reverts commit 7cfe97ab50.
2025-09-12 00:12:46 +02:00
3c3083481e Replaced CURRENT_PLAY_DOMAINS with CURRENT_PLAY_DOMAINS_ALL 2025-09-12 00:04:40 +02:00
7cfe97ab50 Remmoved default filter 2025-09-12 00:00:43 +02:00
a552ea175d feat(dns): add sys-svc-dns role and extend parent DNS handling
Introduce sys-svc-dns to bootstrap Cloudflare DNS prerequisites. Validates CLOUDFLARE_API_TOKEN, (optionally) manages CAA for base SLDs, and delegates parent record creation to sys-dns-parent-hosts. Wired into sys-stk-front-pure.

sys-dns-parent-hosts: new parent_dns filter builds A/AAAA for each parent host and wildcard children (*.parent). Supports dict/list inputs for CURRENT_PLAY_DOMAINS, optional IPv6, proxied flag, and optional *.apex. Exposes a single parent_build_records entry point.

Let’s Encrypt role cleanup: remove DNS/C AA management from sys-svc-letsencrypt; it now focuses on webroot challenge config and renew timer. Fixed path joins and run_once guards.

Tests: update unit tests to allow wildcard outputs and dict-based CURRENT_PLAY_DOMAINS. Add generate_base_sld_domains filter. Documentation updates for both roles.

Conversation: https://chatgpt.com/share/68c342f7-d20c-800f-b61f-cefeebcf1cd8
2025-09-11 23:47:27 +02:00
dc16b7d21c Removed refresh systemctl service listener for systemctl daemon 2025-09-11 22:37:16 +02:00
54797aa65b Surpress flushing of CSP and Webserver health checks during setup because tests will fail if procedures didn't finish 2025-09-11 22:31:24 +02:00
a6e42bff9b Optimized more run_once routines for performance 2025-09-11 22:16:42 +02:00
58cf63c040 Removed deathlock and optimized run_once settings for performance 2025-09-11 21:48:56 +02:00
682ea6d7f2 Removed unnecessary --dirval-cmd dirval 2025-09-11 21:16:10 +02:00
486729d57d Removed directory-validator dependencies because it's installed via pkgmgr 2025-09-11 21:01:23 +02:00
5342f70b03 Solved wrong variable bugs :) 2025-09-11 20:58:02 +02:00
d40a275d70 feat(sys-ctl-cln-faild-bkps): migrate role to cleanback CLI (systemd oneshot) and derive workers from Ansible facts
- install via pkgmgr (CLEANUP_FAILED_BACKUPS_PKG=cleanback)
- run: cleanback --all --dirval-cmd dirval --workers {{ CLEANUP_FAILED_BACKUPS_WORKERS }} --timeout {{ CLEANBACK_TIMEOUT_SECONDS }} --yes
- remove obsolete systemctl template and path set_fact logic
- keep task variable names intact; no defaults for runtime knobs
- update README to reflect new behavior

Conversation: https://chatgpt.com/share/68c309bf-8818-800f-84d9-c4aa74a4544c
2025-09-11 20:30:29 +02:00
3224e24d76 Refactor systemd handling
- sys-ctl-rpr-btrfs-balancer: suppress service flush for btrfs balancer (too expensive to run each play)
- sys-daemon: replace raw systemctl calls with ansible.builtin.systemd (daemon_reload, daemon_reexec)
- sys-service: split handler into 'Enable systemctl service' and 'Set systemctl service state', add become, async/poll, suppress flush guard

Conversation: https://chatgpt.com/share/68c2f7a6-6fe4-800f-9d79-3e3b0ab4a563
2025-09-11 18:24:21 +02:00
4539817c16 Mount hibernate.cfg.xml directly into Tomcat WEB-INF to ensure validationQuery is applied and avoid PROCESS privilege errors. See https://chatgpt.com/share/68c2c4dd-beec-800f-b44a-9c84494491f8 2025-09-11 15:23:52 +02:00
1a377f1eb4 fix(categories): remove unused update-pkgmgr subcategory from categories.yml
See https://chatgpt.com/share/68c2c757-7224-800f-b0c5-4750c60af7ef
2025-09-11 14:58:34 +02:00
a356566822 Optimized categories for desktop 2025-09-11 14:48:54 +02:00
5af6c0ef1b Removed update-pip 2025-09-11 14:48:22 +02:00
71276f3e5a Add custom hibernate.cfg.xml to XWiki role to use SELECT 1 as validation query (avoids PROCESS privilege requirement in MariaDB). See https://chatgpt.com/share/68c2c4dd-beec-800f-b44a-9c84494491f8 2025-09-11 14:47:41 +02:00
d5d7a7dffb feat(nextcloud): add automatic installation of XWiki Nextcloud app when 'web-app-xwiki' is in group_names
Ref: https://chatgpt.com/share/68c2bf97-b740-800f-a058-260f17aa131b
2025-09-11 14:26:40 +02:00
dcd1545093 Merge branch 'master' of github.com:kevinveenbirkenbach/infinito-nexus 2025-09-11 14:17:49 +02:00
04778a4fcc Activated LDAP for XWiki 2025-09-11 14:17:32 +02:00
e57f3bfdc1 feat(menu): add Games, Sales, and Customer Relationship Management categories; rename IAM to User Management; update tags (see conversation: https://chatgpt.com/share/68c2bc3c-2178-800f-9c88-c2faf08989dd) 2025-09-11 14:11:02 +02:00
cbfb096cdb Refactor web health checker & domain expectations (filter-based)
- Move all domain→expected-status mapping to filter `web_health_expectations`.
- Require explicit app selection via non-empty `group_names`; only those apps are included.
- Add `www_enabled` flag (wired via `WWW_REDIRECT_ENABLED`) to generate/force www.* → 301.
- Support `redirect_maps` to include manual redirects (sources forced to 301), independent of app selection.
- Aliases always 301; canonicals use per-key override or `server.status_codes.default`, else [200,302,301].
- Remove legacy fallbacks (`server.status_codes.home` / `landingpage`).
- Wire filter output into systemd ExecStart script as JSON expectations.
- Normalize various templates to use `to_json` and minor spacing fixes.
- Update app configs (e.g., YOURLS default=301; Confluence default=302; Bluesky web=405; MediaWiki/Confluence canonical/aliases).
- Constructor now uses `WWW_REDIRECT_ENABLED` for domain generation.

Tests:
- Add comprehensive unit tests for filter: selection by group, keyed/default codes, aliases, www handling, redirect_maps, input sanitization.
- Add unit tests for the standalone checker script (JSON parsing, OK/mismatch counting, sanitization).

See conversation: https://chatgpt.com/share/68c2b93e-de58-800f-8c16-ea05755ba776
2025-09-11 13:58:16 +02:00
6418a462ec XWiki: LDAP/OIDC admin mapping, config mounts, and REST installs
- LDAP: move settings to xwiki.cfg; enable trylocal (1/0), group_mapping to XWiki.XWikiAdminGroup,
  and mode_group_sync=always.
- OIDC: add groups claim request (oidc.userinfoclaims), map provider group to XWiki.XWikiAdminGroup,
  and use space-separated scopes.
- Compose: mount xwiki.cfg and xwiki.properties into /usr/local/xwiki.
- Extensions: wait for REST readiness; pre-check OIDC/LDAP extensions (URL-encoded IDs);
  install via REST job only if missing.
- Vars: strict mappings to LDAP.* and OIDC.* (no defaults), add XWIKI_ADMIN_GROUP and derived DNs.
- Config: expose ldap.local_enabled; tidy meta tags; README grammar update.

Conversation: https://chatgpt.com/share/68c2b8ad-4814-800f-b377-065f967998db
2025-09-11 13:55:53 +02:00
8bc6e1f921 Optimized xwiki integration 2025-09-11 12:29:39 +02:00
91ce097a0a feat(sys-service): migrate cleanup/backup services to generic units; harden disk-space cleanup
Services: add SYS_SERVICE_CLEANUP_BACKUPS and SYS_SERVICE_CLEANUP_DISC_SPACE in group vars.

sys-ctl-bkp-docker-2-loc: switch to sys-service; add ExecStartPre lock; ExecStartPost triggers backup cleanup; OnFailure → cleanup-failed; fix shell quoting.

sys-ctl-cln-bkps: switch to sys-service; pass CLI args via ExecStart; add ExecStartPre lock; set OnFailure; copy files; remove role-specific service template.

sys-ctl-cln-disc-space: switch to sys-service; enable timer; set OnFailure; provide ExecStart/ExecStartPre; copy files; remove role-specific service template.

script.sh (disc-space): non-interactive docker exec; consistent threshold message (use parameter); guard docker/pacman via command checks; robust container check; fix typo; use POSIX '='.

svc-opt-keyboard-color: minor formatting cleanup.

sys-ctl-hlth-disc-space: chain OnFailure to cleanup-disc-space service.

Context: ChatGPT conversation (Sep 10, 2025, Europe/Berlin) — https://chatgpt.com/share/68c1982e-bdc8-800f-bf13-a8b9f084f90e
2025-09-10 17:24:56 +02:00
79c623d8db Add initial XWiki role draft
- Added web-app-xwiki draft role with config, vars, templates, and docs
- Registered new network and port for XWiki
- Adjusted MediaWiki canonical domain to media.wiki

https://chatgpt.com/share/68c18c65-a008-800f-8d62-b695df2c6fa1
2025-09-10 16:34:37 +02:00
445c94788e Refactor: consolidate pkgmgr updates and remove legacy roles
Details:
- Added pkgmgr update task directly in pkgmgr role (pkgmgr pull --all)
- Removed deprecated update-pkgmgr role and references
- Removed deprecated update-pip role and references
- Simplified update-compose by dropping update-pkgmgr include

https://chatgpt.com/share/68bbeff1-27a0-800f-bef3-03ab597595fd
2025-09-06 10:46:39 +02:00
aac9704e8b Refactor: remove legacy update-docker role and references
Details:
- Removed update-docker role (README, meta, vars, tasks, script)
- Cleaned references from group_vars, update-compose, and docs
- Adjusted web-app-matrix role (removed @todo pointing to update-docker)
- Updated administrator guide (update-docker no longer mentioned)

Ref: https://chatgpt.com/share/68bbeff1-27a0-800f-bef3-03ab597595fd
2025-09-06 10:32:33 +02:00
a57a5f8828 Refactor: remove Python-based Listmonk upgrade logic and implement upgrade as Ansible task
Details:
- Removed upgrade_listmonk() function and related calls from update-docker script
- Added dedicated Ansible task in web-app-listmonk role to run non-interactive DB/schema upgrade
- Conditional execution via MODE_UPDATE

Ref: https://chatgpt.com/share/68bbeff1-27a0-800f-bef3-03ab597595fd
2025-09-06 10:25:41 +02:00
90843726de keycloak: update realm mail settings to use smtp_server.json.j2 (SPOT); merge via kc_merge_path; fix display name and SSL handling
See: https://chatgpt.com/share/68bb0b25-96bc-800f-8ff7-9ca8d7c7af11
2025-09-05 18:09:33 +02:00
d25da76117 Solved wrong variable bug 2025-09-05 17:30:08 +02:00
d48a1b3c0a Solved missing variable bugs. Role is not fully implemented need to pause development on it for the moment 2025-09-05 17:07:15 +02:00
2839d2e1a4 In between commit Magento implementation 2025-09-05 17:01:13 +02:00
00c99e58e9 Cleaned up bridgy fed 2025-09-04 17:09:35 +02:00
904040589e Added correct variables and health check 2025-09-04 15:13:10 +02:00
9f3d300bca Removed unneccessary handlers 2025-09-04 14:04:53 +02:00
9e253a2d09 Bluesky: Patch hardcoded IPCC_URL and proxy /ipcc
- Added Ansible replace task to override IPCC_URL in geolocation.tsx to same-origin '/ipcc'
- Extended Nginx extra_locations.conf to proxy /ipcc requests to https://bsky.app/ipcc
- Ensures frontend avoids CORS errors when fetching IP geolocation

See: https://chatgpt.com/share/68b97be3-0278-800f-9ee0-94389ca3ac0c
2025-09-04 13:45:57 +02:00
49120b0dcf Added more CSP headers 2025-09-04 13:36:35 +02:00
b6f91ab9d3 changed database_user to database_username 2025-09-04 12:45:22 +02:00
77e8e7ed7e Magento 2.4.8 refactor:
- Switch to split containers (markoshust/magento-php:8.2-fpm + magento-nginx:latest)
- Disable central DB; use app-local MariaDB and pin to 11.4
- Composer bootstrap of Magento in php container (Adobe repo keys), idempotent via creates
- Make setup:install idempotent; run as container user 'app'
- Wire OpenSearch (security disabled) and depends_on ordering
- Add credentials schema (adobe_public_key/adobe_private_key)
- Update vars for php/nginx/search containers + MAGENTO_USER
- Remove legacy docs (Administration.md, Upgrade.md)
Context: changes derived from our ChatGPT session about getting Magento 2.4.8 running with MariaDB 11.4.
Conversation: https://chatgpt.com/share/68b8dc30-361c-800f-aa69-88df514cb160
2025-09-04 12:45:03 +02:00
32bc17e0c3 Optimized whitespacing 2025-09-04 12:41:11 +02:00
e294637cb6 Changed db config path attribut 2025-09-04 12:34:13 +02:00
577767bed6 sys-svc-rdbms: Refactor database service templates and add version support for Magento
- Unified Jinja2 variable spacing in tasks and templates
- Introduced database_image and database_version variables in vars/database.yml
- Updated mariadb.yml.j2 and postgres.yml.j2 to use {{ database_image }}:{{ database_version }}
- Ensured env file paths and includes are consistent
- Prepared support for versioned database images (needed for Magento deployment)

Ref: https://chatgpt.com/share/68b96a9d-c100-800f-856f-cd23d1eda2ed
2025-09-04 12:32:34 +02:00
e77f8da510 Added debug options to mastodon 2025-09-04 11:50:14 +02:00
4738b263ec Added docker_volume_path filter_plugin 2025-09-04 11:49:40 +02:00
0a588023a7 feat(bluesky): fix CORS by serving /config same-origin and pinning BAPP_CONFIG_URL
- Add `server.config_upstream_url` default in `roles/web-app-bluesky/config/main.yml`
  to define upstream for /config (defaults to https://ip.bsky.app/config).
- Introduce front-proxy injection `extra_locations.conf.j2` that:
  - proxies `/config` to the upstream,
  - sets SNI and correct Host header,
  - normalizes CORS headers for same-origin consumption.
- Wire the proxy injection only for the Web domain in
  `roles/web-app-bluesky/tasks/main.yml` via `proxy_extra_configuration`.
- Force fresh social-app checkout and patch
  `src/state/geolocation.tsx` to `const BAPP_CONFIG_URL = '/config'`
  in `roles/web-app-bluesky/tasks/02_social_app.yml`; notify `docker compose build` and `up`.
- Tidy and re-group PDS env in `roles/web-app-bluesky/templates/env.j2` (no functional change).
- Add vars in `roles/web-app-bluesky/vars/main.yml`:
  - `BLUESKY_FRONT_PROXY_CONTENT` (renders the extra locations),
  - `BLUESKY_CONFIG_UPSTREAM_URL` (reads `server.config_upstream_url`).

Security/Scope:
- Only affects the Bluesky web frontend (same-origin `/config`); PDS/API and AppView remain unchanged.

Refs:
- Conversation: https://chatgpt.com/share/68b8dd3a-2100-800f-959e-1495f6320aab
2025-09-04 02:29:10 +02:00