kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-10-10 10:48:10 +02:00
Code Issues Packages Projects Releases Wiki Activity
2,788 Commits 2 Branches 0 Tags
aa19a97ed62b7e79440e6ec324968e3e3e2d8fce
Commit Graph

8 Commits

Author SHA1 Message Date
Kevin Veen-Birkenbach
aa19a97ed6 CORS/CSP hardening & centralization 
- Add reusable Nginx include: roles/sys-svc-proxy/templates/headers/access_control_allow.conf.j2
  (dynamic ACAO/credentials/methods/headers via role vars)
- Set global 'Vary: Origin' in nginx.conf.j2 to prevent cache poisoning
- CSP: allow Simple Icons via connect-src when feature is enabled
- Front proxy: rename vars to lowercase + flush handlers after config deploy
- Desktop: gate & load Simple Icons role; inject brand logos when enabled
- Bluesky + Logout: replace inline CORS with centralized include
- Simpleicons: public CORS (ACAO='*', no credentials), keep GET/OPTIONS, allow headers
- Taiga: adjust canonical domain to taiga.kanban.{{ PRIMARY_DOMAIN }}
- LibreTranslate: remove unused images/versions keys

Fixes: https://open.project.infinito.nexus/projects/cymais/work_packages/342/activity
Discussion: https://chatgpt.com/share/68da5e27-ffd4-800f-91a3-0ef103058d44
 2025-09-29 12:23:58 +02:00
Kevin Veen-Birkenbach
4ae3cee36c web-svc-logout: merge logout domains into CSP connect-src and refactor task flow 
• Add tasks/01_core.yml to set applications[application_id].server.csp.whitelist['connect-src'] = LOGOUT_CONNECT_SRC_NEW.

• Switch tasks/main.yml to include 01_core.yml (run-once guard preserved).

• Update templates/env.j2 to emit LOGOUT_DOMAINS as a comma-separated list.

• Rework vars/main.yml: compute LOGOUT_DOMAINS, derive LOGOUT_ORIGINS with WEB_PROTOCOL, read connect-src via the get_app_conf filter, and merge/dedupe (unique).

Rationale: ensure CSP allows cross-domain logout requests for all configured services.

Conversation: https://chatgpt.com/share/68b5b07d-b208-800f-b6b2-f26934607c8a
 2025-09-01 16:41:33 +02:00
Kevin Veen-Birkenbach
dece6228a4 Refactor docker-compose build logic and pull policy 
- Added conditional '--pull' flag on retry in docker-compose build handler, tied to MODE_UPDATE
- Added 'pull_policy: never' to multiple docker-compose service templates to prevent unwanted image pulls
- Fixed minor formatting issues (e.g. Nextcloud volume spacing, WordPress desktop alignment)

Reference: https://chatgpt.com/share/68b0207a-4d9c-800f-b76f-9515885e5183
 2025-08-28 11:25:35 +02:00
Kevin Veen-Birkenbach
3794aa87b0 Optimized spacing 2025-08-20 01:02:29 +02:00
Kevin Veen-Birkenbach
7f53cc3a12 Replaced web_protocol by WEB_PROTOCOL 2025-08-07 12:31:20 +02:00
Kevin Veen-Birkenbach
f9f76892af Solved peertube bugs 2025-07-26 08:08:51 +02:00
Kevin Veen-Birkenbach
5dc8ec2344 Deactivated caching 2025-07-22 13:53:20 +02:00
Kevin Veen-Birkenbach
4b9e7dd3b7 Implemented universal logout 2025-07-22 13:14:06 +02:00