This commit adds dynamic upload size configuration (upload_max_filesize + post_max_size), introduces a dedicated php-upload.ini template, mounts it through Docker Compose, renumbers all task files consistently, updates main.yml flow, and overrides client_max_body_size inside the logout role.
Improves clarity, consistency, and brings Joomla in line with other IN roles.
See: https://chatgpt.com/share/6927075c-4de0-800f-bcee-b1f5193e4a99
Implements automatic addition of 'unsafe-inline' when logout feature is enabled, ensuring inline handlers work for iframe logout bridge. Preserves strict base script-src when explicitly disabled. Includes full test suite for logout behaviour, propagation rules, and base override interactions.
Context: https://chatgpt.com/share/6927075c-4de0-800f-bcee-b1f5193e4a99
- Refactor cli/build/graph.py to use cached metadata and dependency indices
for faster graph generation and cleaner separation of concerns
- Refactor cli/build/tree.py to delegate per-role processing to process_role()
and support parallel execution via ProcessPoolExecutor
- Add unit tests for graph helper functions and build_mappings()
under tests/unit/cli/build/test_graph.py
- Add unit tests for find_roles() and process_role() behaviour
under tests/unit/cli/build/test_tree.py
- Remove the old include_role dependency integration test which relied on the
previous tree.json dependencies bucket
For details see ChatGPT conversation: https://chatgpt.com/share/6926b805-28a0-800f-a075-e5250aab5c4a
- Replace jvm_filters with unified memory_filters (JVM + Redis helpers)
- Add redis_maxmemory_mb filter and unit tests
- Introduce sys-ctl-cln-docker role (systemd-based Docker prune + anon volumes)
- Refactor disk space health check to Python script and wire SIZE_PERCENT_CLEANUP_DISC_SPACE
- Adjust schedules and services for Docker cleanup and disk space health
See discussion: https://chatgpt.com/share/6925c1c5-ee38-800f-84b6-da29ccfa7537
- New web-svc-onlyoffice role (Docker, env, CSP, proxy hooks)
- Nextcloud plugin integration with JWT and CSP updates
- Custom Nextcloud image with updated CA certificates
- Networking and port assignments
- Disabled Collabora by default
- Enabled ONLYOFFICE by default
- Link to conversation for reference: https://chatgpt.com/share/691f49ac-54d8-800f-83c3-60cf8c100183
This commit introduces a unified mechanism to configure client_max_body_size
for both HTML and upload locations in the sys-svc-proxy role. The directive
is now injected early in html.conf.j2 and moved to a dedicated block in
upload.conf.j2 to ensure consistent behavior for large file uploads such as
OpenProject attachments.
Additionally:
- Added client_max_body_size variable override from web-app-openproject (set to 30m).
- Reordered header includes to avoid duplicate injection.
- Improved comments and structure for better clarity.
Reference: https://chatgpt.com/share/691d873e-9b50-800f-ae70-baf8bf1e5454
- Add node_autosize filter (node_max_old_space_size) using get_app_conf
- Raise error when mem_limit < min_mb to prevent OOM-kill misconfigurations
- Wire Whiteboard NODE_OPTIONS and increase mem_limit to 1g; set cpus=1
- Refactor PeerTube to use the same filter; simplify vars
- Add unit tests; keep integration filters usage green
Context: https://chatgpt.com/share/690e0499-6a94-800f-b8ed-2c5124690103
- added new file roles/web-app-shopware/files/framework.yaml defining trusted_proxies and trusted_headers for Symfony
- mounted framework.yaml into /var/www/html/config/packages/ in docker-compose
- exposed new role vars SHOPWARE_FRAMEWORK_HOST/DOCKER for mounting path
- rendered framework.yaml via Ansible copy task with proper permissions
- adjusted env.j2 to set TRUSTED_PROXIES and TRUSTED_HOSTS dynamically from domains and networks
- added SHOPWARE_DOMAIN var to vars/main.yml
- removed inline framework.yaml creation from Dockerfile (now managed via mount)
- updated proxy template (html.conf.j2) to include X-Forwarded-Ssl header
- improved init.sh permission handling for shared volumes
See ChatGPT conversation for implementation details and rationale:
https://chatgpt.com/share/690d4fe7-2830-800f-8b6d-b868e7fe0e97
- Dynamically calculate PEERTUBE_MAX_OLD_SPACE_SIZE (~35% of container RAM, clamped between 768–3072 MB)
- Dynamically calculate PEERTUBE_TRANSCODING_CONCURRENCY (~½ vCPUs, min 1, max 8)
- Added default resource limits for Redis and Peertube containers
- Updated test suite to include human_to_bytes filter in built-in filter list
https://chatgpt.com/share/690914d2-6100-800f-a850-94e6d226e7c9
- Added 'font-src data:' to CSP whitelist to allow inline fonts in Admin UI
- Refactored init.sh to run as root only for volume permission setup, then drop privileges to www-data
- Unified all bash invocations to sh for POSIX compliance
- Added missing 'bundles' named volume and mount to Docker Compose
- Set init container to run as root (0:0) for permission setup
- Added admin user rename step via Ansible task
See discussion: https://chatgpt.com/share/69087361-859c-800f-862c-7413350cca3e
- moved init.sh from template to files/ for direct copying and bind mounting
- removed hardcoded user creation from init process
- added database emptiness check before running system:install
- added new task 03_admin.yml to ensure admin user exists and update password/email via Ansible
- switched docker exec shell from bash to sh for Alpine compatibility
- updated Dockerfile and docker-compose.yml accordingly for mount-based init script
- Added symfony/redis-messenger installation with ignored build-time PHP extension checks
- Installed php83-redis in runtime stage
- Ensured consistent network includes across all Shopware services in docker-compose template
- Improves compatibility with Redis-based Symfony Messenger transport during init phase
https://chatgpt.com/share/6908068e-0bb8-800f-8855-7b3913c57158
Changes include:
- Added OpenSearch configuration and variable definitions (image, version, heap, memory limits)
- Replaced legacy search/elasticsearch logic with OpenSearch integration
- Updated docker-compose template for OpenSearch with proper JVM heap and ulimits
- Ensured both OPENSEARCH_URL and ELASTICSEARCH_URL are set for compatibility
Reference: https://chatgpt.com/share/6907b0d4-ab14-800f-b576-62c0d26c8ad1
