kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-11-02 19:28:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: kevinveenbirkenbach:37b213f96adf3751bc695c0417f5d7d9b2bcec78
Branches Tags
kevinveenbirkenbach:master kevinveenbirkenbach:feature/drupal kevinveenbirkenbach:feature/xwiki-auth-oidc kevinveenbirkenbach:feature/keycloak-service-account-client
..
compare: kevinveenbirkenbach:d61c81634c94ba452f01e997ad08a6412e14f117
Branches Tags
kevinveenbirkenbach:feature/drupal kevinveenbirkenbach:master kevinveenbirkenbach:feature/xwiki-auth-oidc kevinveenbirkenbach:feature/keycloak-service-account-client

3 Commits
37b213f96a ... d61c81634c

Author SHA1 Message Date
Kevin Veen-Birkenbach
d61c81634c Add Joomla CLI paths and implement non-interactive admin password reset via CLI 
Ref: https://chatgpt.com/share/69039c22-f530-800f-a641-fd2636d5b6af
 2025-10-30 18:11:18 +01:00
Kevin Veen-Birkenbach
265f815b48 Optimized Listmonk and Nextcloud CSP for hcaptcha 2025-10-30 16:02:09 +01:00
Kevin Veen-Birkenbach
f8e5110730 Add Redis readiness check before Nextcloud upgrade and add retry logic for maintenance repair 
This prevents OCC repair failures caused by Redis still loading its dataset after container restarts.
See context: https://chatgpt.com/share/690377ba-1520-800f-b8c1-bc93fbd9232f
 2025-10-30 15:36:00 +01:00
9 changed files with 54 additions and 3 deletions
Expand all files Collapse all files

4
roles/web-app-joomla/tasks/01_install.yml
View File

@@ -11,7 +11,7 @@
# (Optional) specifically wait for the CLI installer script # (Optional) specifically wait for the CLI installer script
- name: "Check for CLI installer" - name: "Check for CLI installer"
command: command:
argv: [ docker, exec, "{{ JOOMLA_CONTAINER }}", test, -f, /var/www/html/installation/joomla.php ] argv: [ docker, exec, "{{ JOOMLA_CONTAINER }}", test, -f, "{{ JOOMLA_INSTALLER_CLI_FILE }}" ]
register: has_installer register: has_installer
changed_when: false changed_when: false
failed_when: false failed_when: false
@@ -32,7 +32,7 @@
- exec - exec
- "{{ JOOMLA_CONTAINER }}" - "{{ JOOMLA_CONTAINER }}"
- php - php
- /var/www/html/installation/joomla.php - "{{ JOOMLA_INSTALLER_CLI_FILE }}"
- install - install
- "--db-type={{ JOOMLA_DB_CONNECTOR }}" - "--db-type={{ JOOMLA_DB_CONNECTOR }}"
- "--db-host={{ database_host }}" - "--db-host={{ database_host }}"

18
roles/web-app-joomla/tasks/05_reset_admin_password.yml Normal file
View File

@@ -0,0 +1,18 @@
---
# Reset Joomla admin password via CLI (inside the container)
- name: "Reset Joomla admin password (non-interactive CLI)"
command:
argv:
- docker
- exec
- "{{ JOOMLA_CONTAINER }}"
- php
- "{{ JOOMLA_CLI_FILE }}"
- user:reset-password
- "--username"
- "{{ JOOMLA_USER_NAME }}"
- "--password"
- "{{ JOOMLA_USER_PASSWORD }}"
register: j_password_reset
no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
changed_when: j_password_reset.rc == 0

4
roles/web-app-joomla/tasks/main.yml
View File

@@ -24,3 +24,7 @@
- name: Include assert routines - name: Include assert routines
include_tasks: "04_assert.yml" include_tasks: "04_assert.yml"
when: MODE_ASSERT | bool when: MODE_ASSERT | bool
- name: Reset Admin Password
include_tasks: 05_reset_admin_password.yml

2
roles/web-app-joomla/vars/main.yml
View File

@@ -13,6 +13,8 @@ JOOMLA_DOMAINS: "{{ applications | get_app_conf(application_id
JOOMLA_SITE_NAME: "{{ SOFTWARE_NAME }} Joomla - CMS" JOOMLA_SITE_NAME: "{{ SOFTWARE_NAME }} Joomla - CMS"
JOOMLA_DB_CONNECTOR: "{{ 'pgsql' if database_type == 'postgres' else 'mysqli' }}" JOOMLA_DB_CONNECTOR: "{{ 'pgsql' if database_type == 'postgres' else 'mysqli' }}"
JOOMLA_CONFIG_FILE: "/var/www/html/configuration.php" JOOMLA_CONFIG_FILE: "/var/www/html/configuration.php"
JOOMLA_INSTALLER_CLI_FILE: "/var/www/html/installation/joomla.php"
JOOMLA_CLI_FILE: "/var/www/html/cli/joomla.php"
# User # User
JOOMLA_USER_NAME: "{{ users.administrator.username }}" JOOMLA_USER_NAME: "{{ users.administrator.username }}"

10
roles/web-app-listmonk/config/main.yml
View File

@@ -13,6 +13,16 @@ server:
aliases: [] aliases: []
status_codes: status_codes:
default: 404 default: 404
csp:
flags:
script-src-elem:
unsafe-inline: true
whitelist:
script-src-elem:
- "https://www.hcaptcha.com"
- "https://js.hcaptcha.com"
frame-src:
- "https://newassets.hcaptcha.com/"
docker: docker:
services: services:
database: database:

4
roles/web-app-nextcloud/config/main.yml
View File

@@ -9,6 +9,9 @@ server:
script-src-attr: script-src-attr:
unsafe-eval: true unsafe-eval: true
whitelist: whitelist:
script-src-elem:
- "https://www.hcaptcha.com"
- "https://js.hcaptcha.com"
font-src: font-src:
- "data:" - "data:"
connect-src: connect-src:
@@ -19,6 +22,7 @@ server:
frame-src: frame-src:
- "{{ WEBSOCKET_PROTOCOL }}://collabora.{{ PRIMARY_DOMAIN }}" - "{{ WEBSOCKET_PROTOCOL }}://collabora.{{ PRIMARY_DOMAIN }}"
- "{{ WEB_PROTOCOL }}://collabora.{{ PRIMARY_DOMAIN }}" - "{{ WEB_PROTOCOL }}://collabora.{{ PRIMARY_DOMAIN }}"
- "https://newassets.hcaptcha.com/"
worker-src: worker-src:
- "blob:" - "blob:"
domains: domains:

3
roles/web-app-nextcloud/tasks/03_upgrade.yml
View File

@@ -7,6 +7,9 @@
command: "{{ NEXTCLOUD_DOCKER_EXEC_OCC }} maintenance:repair --include-expensive" command: "{{ NEXTCLOUD_DOCKER_EXEC_OCC }} maintenance:repair --include-expensive"
register: occ_repair register: occ_repair
changed_when: "'No repairs needed' not in occ_repair.stdout" changed_when: "'No repairs needed' not in occ_repair.stdout"
retries: 3
delay: 10
until: occ_repair.rc == 0
- name: Nextcloud | App update (retry once) - name: Nextcloud | App update (retry once)
command: "{{ NEXTCLOUD_DOCKER_EXEC_OCC }} app:update --all" command: "{{ NEXTCLOUD_DOCKER_EXEC_OCC }} app:update --all"

7
roles/web-app-nextcloud/tasks/main.yml
View File

@@ -16,6 +16,13 @@
- name: Flush all handlers immediately so that occ can be used - name: Flush all handlers immediately so that occ can be used
meta: flush_handlers meta: flush_handlers
- name: Wait until Redis is ready (PONG)
command: "docker exec {{ NEXTCLOUD_REDIS_CONTAINER }} redis-cli ping"
register: redis_ping
retries: 60
delay: 2
until: (redis_ping.stdout | default('')) is search('PONG')
- name: Update\Upgrade Nextcloud - name: Update\Upgrade Nextcloud
include_tasks: 03_upgrade.yml include_tasks: 03_upgrade.yml
when: MODE_UPDATE | bool when: MODE_UPDATE | bool

5
roles/web-app-nextcloud/vars/main.yml
View File

@@ -141,4 +141,7 @@ NEXTCLOUD_DOCKER_USER: "www-data" # Name of the www-data user
## Execution ## Execution
NEXTCLOUD_INTERNAL_OCC_COMMAND: "{{ [ NEXTCLOUD_DOCKER_WORK_DIRECTORY, 'occ'] | path_join }}" NEXTCLOUD_INTERNAL_OCC_COMMAND: "{{ [ NEXTCLOUD_DOCKER_WORK_DIRECTORY, 'occ'] | path_join }}"
NEXTCLOUD_DOCKER_EXEC: "docker exec -u {{ NEXTCLOUD_DOCKER_USER }} {{ NEXTCLOUD_CONTAINER }}" # General execute composition NEXTCLOUD_DOCKER_EXEC: "docker exec -u {{ NEXTCLOUD_DOCKER_USER }} {{ NEXTCLOUD_CONTAINER }}" # General execute composition
NEXTCLOUD_DOCKER_EXEC_OCC: "{{ NEXTCLOUD_DOCKER_EXEC }} {{ NEXTCLOUD_INTERNAL_OCC_COMMAND }}" # Execute docker occ command NEXTCLOUD_DOCKER_EXEC_OCC: "{{ NEXTCLOUD_DOCKER_EXEC }} {{ NEXTCLOUD_INTERNAL_OCC_COMMAND }}" # Execute docker occ command
## Redis
NEXTCLOUD_REDIS_CONTAINER: "{{ entity_name }}-redis"