Updated settings

Solved issuer url bug
Optimized oidc und hcaptcha autosetup für listmonk
2025-05-09 14:55:44 +02:00 · 2025-04-23 18:41:22 +02:00 · 2025-04-23 18:26:38 +02:00 · 2025-04-23 18:08:24 +02:00
5 changed files with 65 additions and 19 deletions
--- a/roles/docker-listmonk/tasks/main.yml
+++ b/roles/docker-listmonk/tasks/main.yml
@ -3,10 +3,10 @@
  include_role: 
    name: docker-central-database

- name: Set nginx_docker_reverse_proxy_extra_configuration based on applications.listmonk.public_api_activated
+- name: Set nginx_docker_reverse_proxy_extra_configuration based on applications[application_id].public_api_activated
  set_fact:
    nginx_docker_reverse_proxy_extra_configuration: >-
-      {% if not applications.listmonk.public_api_activated %}
+      {% if not applications[application_id].public_api_activated %}
      {{ lookup('file', '{{ role_path }}/files/deactivate-public-api.conf') }}
      {% else %}
      ""
@ -28,8 +28,40 @@
 - name: "copy docker-compose.yml and env file"
  include_tasks: copy-docker-compose-and-env.yml

- name: setup routine for listmonk
+- name: Check if listmonk database is already initialized
+  command: docker compose exec -T {{database_host}} psql -U {{database_username}} -d {{database_name}} -c "\dt"
+  register: db_tables
+  changed_when: false
+  failed_when: false
+
+- name: Run Listmonk setup only if DB is empty
  command:
    cmd: docker compose run -T --rm application sh -c "yes | ./listmonk --install"
    chdir: "{{docker_compose.directories.instance}}"
-  ignore_errors: true # Ignore errors if already setup
+  when: "'No relations found.' in db_tables.stdout"
+
+- name: Build OIDC settings JSON
+  set_fact:
+    oidc_settings_json: >-
+      {{ {
+         "enabled":       True,
+         "client_id":     oidc.client.id,
+         "provider_url":  oidc.client.issuer_url,
+         "client_secret": oidc.client.secret
+      } | to_json }}
+
+- name: Apply all Listmonk settings
+  shell: |
+    docker exec -i {{ database_host }} psql \
+      -U {{ database_username }} \
+      -d {{ database_name }} << 'EOSQL'
+    UPDATE settings
+    SET value = '{{ item.value }}'::jsonb
+    WHERE key = '{{ item.key }}';
+    EOSQL
+  args:
+    executable: /bin/bash
+  loop: "{{ listmonk_settings }}"
+  loop_control:
+    label: "{{ item.key }}"
+  when: item.when is not defined or item.when
--- a/roles/docker-listmonk/templates/env.j2
+++ b/roles/docker-listmonk/templates/env.j2
@ -4,14 +4,3 @@ TZ=Etc/UTC

 LISTMONK_ADMIN_USER={{ applications[application_id].users.administrator.username }}
 LISTMONK_ADMIN_PASSWORD={{ applications[application_id].users.administrator.password }}
-
-{% if applications[application_id].features.oidc | bool %}
-################################### 
-# OpenID Connect settings
-###################################
-
-LISTMONK_security__oidc__enabled=true  
-LISTMONK_security__oidc__provider_url={{ oidc.client.discovery_document }}
-LISTMONK_security__oidc__client_id={{oidc.client.id}}
-LISTMONK_security__oidc__client_secret={{oidc.client.secret}}
-{% endif %}
--- a/roles/docker-listmonk/vars/main.yml
+++ b/roles/docker-listmonk/vars/main.yml
@ -1,3 +1,25 @@
 application_id:  	  "listmonk"
 database_password:  "{{applications[application_id].credentials.database.password}}"
 database_type:      "postgres"
+
+listmonk_settings:
+  - key: "app.root_url"
+    value: '"https://{{ domains[application_id] }}"'
+
+  # OIDC integration (conditional)
+  - key: "security.oidc"
+    value: >-
+      {{ {
+         "enabled": True,
+         "client_id": oidc.client.id,
+         "provider_url": oidc.client.issuer_url,
+         "client_secret": oidc.client.secret
+      } | to_json }}
+    when: applications[application_id].features.oidc | bool
+
+  # hCaptcha toggles and credentials\ n  - key: "security.enable_captcha"
+    value: "true"
+  - key: "security.captcha_key"
+    value: '"{{ applications[application_id].credentials.hcaptcha.site_key }}"'
+  - key: "security.captcha_secret"
+    value: '"{{ applications[application_id].credentials.hcaptcha.secret }}"'
--- a/templates/vars/applications.yml.j2
+++ b/templates/vars/applications.yml.j2
@ -276,9 +276,12 @@ defaults_applications:
    credentials:
      database:
 #        password:                     ""                                          # Database password
+      hcaptcha:
+#       site_key:
+#       secret:
    public_api_activated:             False                                       # Security hole. Can be used for spaming
    version:                          "latest"                                    # Docker Image version
-    setup:                            false                                       # Set true in inventory file to execute the setup and initializing procedures
+
 {% endraw %}{{ features.render_features({
  'matomo':   true,
  'css':      true,
Author	SHA1	Message	Date
Kevin Veen-Birkenbach	c9ab0cd7cc	Updated settings	2025-04-23 18:41:22 +02:00
Kevin Veen-Birkenbach	f892a5b54d	Solved issuer url bug	2025-04-23 18:26:38 +02:00
Kevin Veen-Birkenbach	6a1be99f1e	Optimized oidc und hcaptcha autosetup für listmonk	2025-04-23 18:08:24 +02:00