9bf77e1e35
mastodon: tighten resources, robust exec tasks, and env defaults
...
- resources: per-service cpus/mem/pids for mastodon/streaming/sidekiq/redis/db
- compose: rename service key to "mastodon" (was: web), set service_name blocks
- tasks(01_setup): run rails db:migrate via docker exec (non-tty, login shell)
- tasks(02_administrator): healthchecks for 'mastodon', sed with absolute path,
tootctl as user 'mastodon' (non-tty), optional re-health wait
- env.j2: add RAILS_ENV={{ ENVIRONMENT | default('production') }}
- resource.yml.j2: fix get_app_conf path (service_name default spacing)
- docs: remove outdated Installation/Administration files
Context: https://chatgpt.com/share/68d332a0-ae98-800f-b418-c0d0262eaa2e
2025-09-24 01:52:18 +02:00
426ba32c11
feat(services): add CPU/RAM/PIDs defaults for heavy roles and align service names
...
Add per-service resource overrides (cpus, mem_reservation, mem_limit, pids_limit) for ollama, mariadb, postgres, confluence, gitlab, jira, keycloak, nextcloud; light formatting fixes in wordpress.
Rename service keys from generic 'application/web' to concrete names (jira, confluence, gitlab, keycloak) and update compose templates accordingly.
Jira: introduce JIRA_STORAGE_PATH and switch mounts/README accordingly.
https://chatgpt.com/share/68d2d96c-9bf4-800f-bbec-d4f2c0051c06
2025-09-23 21:43:50 +02:00
ff7b7aeb2d
feat(filters): add active_docker_container_count filter and use it for fair resource splits
...
Compute per-container CPU/RAM shares based on active services (web-/svc-*, enabled=true or undefined). Cast host facts to numbers, add safe min=1, and output compose-ready values. Include robust unit test.
Also: include resource.yml.j2 in base template and minor formatting tidy-up.
https://chatgpt.com/share/68d2d96c-9bf4-800f-bbec-d4f2c0051c06
2025-09-23 21:35:12 +02:00
c523d8d8d4
Casted WWW_REDIRECT_ENABLED to bool
2025-09-23 19:18:22 +02:00
12d05ef013
Bluesky: add redirects for deactivated web/view domains to BLUESKY_API_DOMAIN via web-opt-rdr-domains
...
Ref: https://chatgpt.com/share/68d2cf5f-4a88-800f-a739-485580d84566
2025-09-23 18:48:47 +02:00
3cbf37d774
Added correct health status code for minio api
2025-09-23 18:34:59 +02:00
fc99c72f86
Optimized Swapfiles variables and enabled async
2025-09-23 18:34:18 +02:00
3211dd7cea
Optimized README.md
2025-09-23 13:47:46 +02:00
c07a9835fc
Updated Flowise Credentials
2025-09-23 12:48:43 +02:00
f4cf55b3c8
Open WebUI OIDC & proxy fixes + Ollama preload + async-safe pull
...
- svc-ai-ollama:
- Add preload_models (llama3, mistral, nomic-embed-text)
- Pre-pull task: loop_var=model, async-safe changed_when/failed_when
- sys-svc-proxy (OpenResty):
- Forward Authorization header
- Ensure proxy_pass_request_headers on
- web-app-openwebui:
- ADMIN_EMAIL from users.administrator.email
- Request RBAC group scope in OAUTH_SCOPES
Ref: ChatGPT support (2025-09-23) — https://chatgpt.com/share/68d20588-2584-800f-aed4-26ce710c69c4
2025-09-23 04:27:46 +02:00
1b91ddeac2
Optimized flowise
2025-09-23 03:03:11 +02:00
b638d00d73
Removed unneccessary MINIO_OIDC_POLICY_NAME_SAFE
2025-09-23 03:02:40 +02:00
75c36a1d71
web-app-minio: manage OIDC policy via containerized mc and fix policy JSON
...
- Use dockerized mc with MC_HOST_minio (stateless), no temp files/dirs
- Create only RAW policy name with slash to match Keycloak claim
- Split policy: s3:* on S3 ARNs; admin:* on Resource "*"
- Add mc vars (image, MC_HOST components) to vars/main.yml
- Remove unused Ollama dependency block from tasks
Refs: ChatGPT conversation → https://chatgpt.com/share/68d1eab9-a35c-800f-aa81-76fb2101bd93
2025-09-23 02:33:35 +02:00
7a119c3175
Deactivated CSS for Open WebUI
2025-09-23 02:21:59 +02:00
3e6193ffce
Solved ollama network bug
2025-09-23 02:21:20 +02:00
9d8e06015f
Added whitespaces
2025-09-23 00:59:55 +02:00
5daf3387bf
web-app-minio: enable OIDC integration and policy handling
...
- Added OIDC and LDAP feature flags in config
- Introduced API/Console URL vars for proxy alignment
- Implemented automatic MinIO policy creation for OIDC admin group
- Replaced static env.J2 with dynamic env.j2 (OIDC-aware)
- Added policy.json.j2 template with full admin rights
- Cleaned up tasks to use stdin instead of file for mc policy apply
Ref: https://chatgpt.com/share/68d1d3ef-ca84-800f-abe2-11ab70e20c4e
2025-09-23 00:56:11 +02:00
6da7f28370
Optimized whitespacing
2025-09-23 00:51:23 +02:00
208848579d
svc-db-openldap: make LDIF import idempotent, unify container var, and tidy role
...
- Add handlers/main.yml to load memberof/refint modules and import groups via docker exec
- Use OPENLDAP_CONTAINER consistently (replace OPENLDAP_NAME)
- Rename tasks/ldifs_creation.yml -> tasks/_ldifs_creation.yml and update includes
- Drop default param from get_app_conf calls; add explicit meta: flush_handlers
- docker-compose: honor OPENLDAP_NETWORK_EXPOSE_LOCAL | bool; minor formatting
- env template: formatting/comments consistency
- Remove unused 01_rbac_group.ldif.j2; rename 02_rbac_roles -> 01_rbac_roles and fix filter to LDAP
- vars: rename OPENLDAP_NAME -> OPENLDAP_CONTAINER; prune LDIF schema type
Conversation: https://chatgpt.com/share/68d1d25d-e788-800f-bfb6-13b1f5bc6121
2025-09-23 00:49:57 +02:00
d8c73e9fc3
Renamed to correct handler
2025-09-23 00:37:26 +02:00
10b20cc3c4
tests: treat mixed Jinja in notify/package_notify as wildcard regex; ignore pure Jinja; add reverse check so all notify targets map to existing handlers. See: https://chatgpt.com/share/68d1cf5a-f7e8-800f-910c-a2215d06c2a4
2025-09-23 00:36:50 +02:00
790c184e66
feat(web-app-openwebui): add bootstrap admin configuration via ADMIN_EMAIL
...
Introduce ADMIN_EMAIL and SHOW_ADMIN_DETAILS options to bootstrap the first
administrator account on fresh installations. This ensures at least one admin
exists without manual database intervention.
Conversation: https://chatgpt.com/share/68d18e02-d6b8-800f-aaab-920c61b9284a
2025-09-22 21:41:32 +02:00
93d165fa4c
Solved CSP issue
2025-09-22 21:22:35 +02:00
1f3abb95af
Required to move handler reloading one level higher
2025-09-22 21:07:34 +02:00
7ca3a73f21
Normalized OpenLDAP variables
2025-09-22 21:02:24 +02:00
08720a43c1
feat(web-app-openwebui): enable OIDC role-based admin mapping
...
Activate ENABLE_OAUTH_ROLE_MANAGEMENT and configure OAUTH_ROLES_CLAIM from
RBAC.GROUP.CLAIM. Define OAUTH_ADMIN_ROLES dynamically based on RBAC group
and application administrator naming convention.
Conversation: https://chatgpt.com/share/68d18e02-d6b8-800f-aaab-920c61b9284a
2025-09-22 20:27:01 +02:00
1baed62078
Removed ollama dependendy because it's managed via Ansible and not docker compose dependency
2025-09-22 20:22:54 +02:00
963e1aea21
Removed ollama from openwebui
2025-09-22 20:15:33 +02:00
a819a05737
Activated network for svc-ai-ollama
2025-09-22 20:12:34 +02:00
4cb58bec0f
Added correct portmapping for ollama
2025-09-22 20:09:01 +02:00
002f45d1df
Added LDAP draft for Open WebUI - Deactivated just PoC, because OIDC is anyhow prefered
2025-09-22 20:02:36 +02:00
cbc4dad1d1
Removed wrong :
2025-09-22 20:00:55 +02:00
70d395ed15
feat(web-app-openwebui): add OIDC support via env.j2 with feature flag
...
Enables OIDC login by adding feature flag (features.oidc), rendering OIDC-related
environment variables, and introducing OPENWEBUI_OIDC_ENABLED.
Conversation: https://chatgpt.com/share/68d18e02-d6b8-800f-aaab-920c61b9284a
2025-09-22 19:57:55 +02:00
e20a709f04
Solved wrong image bug for minio
2025-09-22 19:56:24 +02:00
d129f71cef
Added Ollama network
2025-09-22 19:19:44 +02:00
4cb428274a
Add new 'Artificial Intelligence' portfolio menu category for AI tools (Ollama, OpenWebUI, Flowise, MinIO, Qdrant, LiteLLM) 🤖
...
Details: Introduced dedicated AI category with proper description, tags, and robot icon to group AI-related applications.
Reference: https://chatgpt.com/share/68d183ea-04dc-800f-97c9-2e83d0ca3753
2025-09-22 19:14:36 +02:00
97e2d440b2
Normalized OpenLDAP constants
2025-09-22 19:08:11 +02:00
588cd1959f
Added local_ai configuration feature
2025-09-22 18:56:38 +02:00
5d1210d651
feat(ai): introduce dedicated AI roles and wiring; clean up legacy AI stack
...
• Add svc-ai category under roles and load it in constructor stage
• Create new 'svc-ai-ollama' role (vars, tasks, compose, meta, README) and dedicated network
• Refactor former AI stack into separate app roles: web-app-flowise and web-app-openwebui
• Add web-app-minio role; adjust config (no central DB), meta (fa-database, run_after), compose networks include, volume key
• Provide user-focused READMEs for Flowise, OpenWebUI, MinIO, Ollama
• Networks: add subnets for web-app-openwebui, web-app-flowise, web-app-minio; rename web-app-ai → svc-ai-ollama
• Ports: rename ai_* keys to web-app-openwebui / web-app-flowise; keep minio_api/minio_console
• Add group_vars/all/17_ai.yml (OLLAMA_BASE_LOCAL_URL, OLLAMA_LOCAL_ENABLED)
• Replace hardcoded include paths with path_join in multiple roles (svc-db-postgres, sys-service, sys-stk-front-proxy, sys-stk-full-stateful, sys-svc-webserver, web-svc-cdn, web-app-keycloak)
• Remove obsolete web-app-ai templates/vars/env; split Flowise into its own role
• Minor config cleanups (CSP flags to {}, central_database=false)
https://chatgpt.com/share/68d15cb8-cf18-800f-b853-78962f751f81
2025-09-22 18:40:20 +02:00
aeab7e7358
Improve CSP configuration test: validate section types safely and include role/file path in error output
...
See ChatGPT conversation: https://chatgpt.com/share/68d1762d-7930-800f-bba5-55f1de7446b1
2025-09-22 18:16:01 +02:00
fa6bb67a66
Removed whitespaces in templates:
2025-09-22 16:28:57 +02:00
3dc2fbd47c
refactor(objstore): extract MinIO into dedicated role 'web-app-minio' and adjust AI role
...
• Rename ports: web-app-ai_minio_* → web-app-minio_* in group_vars
• Remove MinIO from web-app-ai (service, volumes, ENV)
• Add new role web-app-minio (config, tasks, compose, env, vars) incl. front-proxy matrix
• AI role: front-proxy loop via matrix; unify domain/port vars (OPENWEBUI/Flowise *_PORT_PUBLIC/_PORT_INTERNAL, *_DOMAIN)
• Update compose templates accordingly
Ref: https://chatgpt.com/share/68d15cb8-cf18-800f-b853-78962f751f81
2025-09-22 16:27:51 +02:00
4b56ab3d18
Normalized Nextcloud port variable mapping
2025-09-22 16:20:32 +02:00
8e934677ff
refactor(nextcloud): introduce NEXTCLOUD_INTERNAL_OCC_COMMAND for consistency
...
Details:
- Added NEXTCLOUD_INTERNAL_OCC_COMMAND to centralize occ path handling
- Updated NEXTCLOUD_DOCKER_EXEC_OCC to reuse internal occ command
- Replaced hardcoded occ path in docker-compose healthchecks with variable
- Improves maintainability and avoids duplication
See: https://chatgpt.com/share/68d14d85-3d80-800f-9d1d-fcf6bb8ce449
2025-09-22 15:35:26 +02:00
0a927f49a2
refactor(nextcloud): use path_join for config/occ paths to avoid double slashes
...
Details:
- NEXTCLOUD_DOCKER_CONF_DIRECTORY, NEXTCLOUD_DOCKER_CONFIG_FILE, NEXTCLOUD_DOCKER_CONF_ADD_PATH
now built with path_join instead of string concat
- NEXTCLOUD_DOCKER_EXEC_OCC now uses path_join for occ command
- makes path handling more robust and consistent
See: https://chatgpt.com/share/68d14d85-3d80-800f-9d1d-fcf6bb8ce449
2025-09-22 15:22:41 +02:00
e6803e5614
refactor(ansible): normalize include_role syntax and unify host config paths via path_join
...
- Remove stray spaces after include_role: across many roles to ensure clean YAML and
consistent linting/formatting.
- Listmonk:
- Introduce LISTMONK_CONFIG_HOST = [ docker_compose.directories.config, 'config.toml' ] | path_join
- Use that var in the template task (dest) and the docker-compose volume mount
- Matrix:
- Build MATRIX_SYNAPSE_CONFIG_PATH_HOST, MATRIX_SYNAPSE_LOG_PATH_HOST, and
MATRIX_ELEMENT_CONFIG_PATH_HOST via path_join
- Mobilizon:
- Build mobilizon_host_conf_exs_file via path_join
- Keep get_app_conf strictness unchanged (defaults to True in our filter), so behavior
remains strict even though the explicit third arg was dropped
- Simpleicons:
- Build server.js and package.json host paths via path_join
- Numerous web-app roles (Confluence, Discourse, EspoCRM, Friendica, Funkwhale, Gitea,
GitLab, Jenkins, Joomla, Listmonk, Mailu, Mastodon, Matomo, Matrix, MediaWiki,
Mobilizon, Moodle, Nextcloud, OpenProject, Peertube, Pixelfed, Pretix, Roulette Wheel,
Snipe-IT, Syncope, Taiga, WordPress, XWiki, Yourls) and web-svc roles (coturn,
libretranslate, simpleicons) updated for consistent include_role formatting
Why:
- path_join avoids double slashes and missing separators across different config roots
- Consistent include_role: formatting improves readability and prevents linter noise
Ref:
- Conversation: https://chatgpt.com/share/68d14711-727c-800f-b454-7dc4c3c1f4cb
2025-09-22 14:55:25 +02:00
6cf6c74802
Inverted docker_compose_skipp_file_creation to don't use double negation
2025-09-22 13:40:28 +02:00
734b8764f2
Optimized web-app-ai draft
2025-09-22 13:35:13 +02:00
3edb66f444
Merge branch 'master' of github.com:kevinveenbirkenbach/infinito-nexus
2025-09-22 11:17:40 +02:00
181b2d0542
Little optimations
2025-09-22 11:17:31 +02:00
