Ignored non functional code

Added passlib to requirements
Addapt pgadmin variables
2025-11-03 19:58:14 +00:00 · 2025-04-04 12:00:19 +02:00 · 2025-04-04 11:34:16 +02:00 · 2025-04-04 11:20:38 +02:00
8 changed files with 30 additions and 9 deletions
--- a/03_SECURITY_GUIDELINES.md
+++ b/03_SECURITY_GUIDELINES.md
@@ -23,6 +23,7 @@ For optimal personal security, we **strongly recommend** the following:

 Following these guidelines will significantly enhance your personal security—but remember, no system is completely immune to risk.

+A tutorial how to setup secure password management you will find [here](https://blog.veen.world/blog/2025/04/04/%f0%9f%9b%a1%ef%b8%8f-keepassxc-cymais-cloud-the-ultimate-guide-to-cross-device-password-security/)
 ---

 ## For Administrators
--- a/group_vars/all/07_applications.yml
+++ b/group_vars/all/07_applications.yml
@@ -623,9 +623,11 @@ defaults_applications:

  ## PgAdmin
  pgadmin:
-    version:                      "latest"
-    default_email:               "{{ users.administrator.email }}"              # Initial login email address
-    default_password:            "{{ users.administrator.initial_password }}"   # Initial login password – should be overridden in inventory for security
+    version:                     "latest"
+    users:
+      administrator:
+        email:                   "{{ users.administrator.email }}"              # Initial login email address
+        password:                "{{ users.administrator.initial_password }}"   # Initial login password – should be overridden in inventory for security
    oauth2_proxy:
      enabled:                    true                                           # Enable OAuth2 proxy for authentication
      application:                "application"
--- a/requirements.yml
+++ b/requirements.yml
@@ -1,4 +1,6 @@
 collections:
  - name: kewlfft.aur
 pacman:
-  - ansible
+  - ansible
+pip:
+  - passlib
--- a/roles/docker-nextcloud/README.md
+++ b/roles/docker-nextcloud/README.md
@@ -12,6 +12,10 @@ The role ensures consistent deployments, full automation, and secure configurati

 To automate the deployment of **secure, extensible, and production-ready Nextcloud instances** using Docker and Ansible.

+## User Guide
+
+The Nextcloud User Guide you will find [here](https://docs.nextcloud.com/server/latest/user_manual/en/).
+
 ## Features

 - Dockerized Nextcloud (PHP-FPM, Nginx, Cron, Redis)
--- a/roles/docker-oauth2-proxy/Setup.md
+++ b/roles/docker-oauth2-proxy/Setup.md
@@ -0,0 +1,9 @@
+# Setup
+
+## Cookie Secret
+
+To generate a cookie secret execute:
+
+```bash
+ansible-vault encrypt_string "$(openssl rand -hex 16)"
+```
--- a/roles/docker-pgadmin/templates/env.j2
+++ b/roles/docker-pgadmin/templates/env.j2
@@ -1,5 +1,5 @@
-# Configuration @see https://hub.docker.com/r/dpage/pgadmin4
+# Configuration @see https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html

-PGADMIN_DEFAULT_EMAIL={{ applications.pgadmin.default_email }}
-PGADMIN_DEFAULT_PASSWORD={{ applications.pgadmin.default_password }}
+PGADMIN_DEFAULT_EMAIL={{ applications[application_id].users.administrator.email }}
+PGADMIN_DEFAULT_PASSWORD={{ applications.[application_id].users.administrator.password }}
 PGADMIN_DISABLE_POSTFIX=True
--- a/roles/docker-phpmyadmin/templates/env.j2
+++ b/roles/docker-phpmyadmin/templates/env.j2
@@ -1,7 +1,7 @@
 # Configuration @see https://hub.docker.com/_/phpmyadmin

 PMA_HOST= central-mariadb
-{% if applications.phpmyadmin.autologin | bool %}
+{% if applications.[application_id].autologin | bool %}
 PMA_USER= root
 PMA_PASSWORD= "{{central_mariadb_root_password}}"
 {% endif %}
--- a/roles/nginx-https-get-cert/tasks/main.yml
+++ b/roles/nginx-https-get-cert/tasks/main.yml
@@ -8,18 +8,21 @@
      # Wildcard certificate should not be used
      # OR: The domain is not a first-level subdomain of the primary domain

+# The following should not work, checkout the Setup.md instructions. 
+# @see https://chatgpt.com/share/67efa9f0-1cdc-800f-8bce-62b00fc3e6a2
 - name: "recieve wildcard certificate *{{ primary_domain }} for {{domain}}"
  command: >-
    certbot certonly --agree-tos --email {{ users.administrator.email }}                                          
    --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{ primary_domain }} -d *.{{ primary_domain }}
    {{ '--test-cert' if mode_test | bool else '' }}
-  when: 
+  when:
    - enable_wildcard_certificate | bool  
      # Wildcard certificate is enabled
    - domain.split('.') | length == (primary_domain.split('.') | length + 1) and domain.endswith(primary_domain)
      # AND: The domain is a direct first-level subdomain of the primary domain
    - run_once_recieve_certificate is not defined  
      # Ensure this task runs only once for the wildcard certificate
+  ignore_errors: true

 - name: "Cleanup dedicated cert for {{ domain }}"
  command: >-
Author	SHA1	Message	Date
Kevin Veen-Birkenbach	5151a21575	Ignored non functional code	2025-04-04 12:00:19 +02:00
Kevin Veen-Birkenbach	ccfc23f3fe	Added passlib to requirements	2025-04-04 11:34:16 +02:00
Kevin Veen-Birkenbach	b77f116bdf	Addapt pgadmin variables	2025-04-04 11:20:38 +02:00