2025-07-16 21:44:25 +02:00
8 changed files with 9 additions and 30 deletions
--- a/03_SECURITY_GUIDELINES.md
+++ b/03_SECURITY_GUIDELINES.md
@ -23,7 +23,6 @@ For optimal personal security, we **strongly recommend** the following:

 Following these guidelines will significantly enhance your personal security—but remember, no system is completely immune to risk.

-A tutorial how to setup secure password management you will find [here](https://blog.veen.world/blog/2025/04/04/%f0%9f%9b%a1%ef%b8%8f-keepassxc-cymais-cloud-the-ultimate-guide-to-cross-device-password-security/)
 ---

 ## For Administrators
--- a/group_vars/all/07_applications.yml
+++ b/group_vars/all/07_applications.yml
@ -623,11 +623,9 @@ defaults_applications:

  ## PgAdmin
  pgadmin:
-    version:                     "latest"
-    users:
-      administrator:
-        email:                   "{{ users.administrator.email }}"              # Initial login email address
-        password:                "{{ users.administrator.initial_password }}"   # Initial login password – should be overridden in inventory for security
+    version:                      "latest"
+    default_email:               "{{ users.administrator.email }}"              # Initial login email address
+    default_password:            "{{ users.administrator.initial_password }}"   # Initial login password – should be overridden in inventory for security
    oauth2_proxy:
      enabled:                    true                                           # Enable OAuth2 proxy for authentication
      application:                "application"
--- a/requirements.yml
+++ b/requirements.yml
@ -1,6 +1,4 @@
 collections:
  - name: kewlfft.aur
 pacman:
-  - ansible
-pip:
-  - passlib
+  - ansible
--- a/roles/docker-nextcloud/README.md
+++ b/roles/docker-nextcloud/README.md
@ -12,10 +12,6 @@ The role ensures consistent deployments, full automation, and secure configurati

 To automate the deployment of **secure, extensible, and production-ready Nextcloud instances** using Docker and Ansible.

-## User Guide
-
-The Nextcloud User Guide you will find [here](https://docs.nextcloud.com/server/latest/user_manual/en/).
-
 ## Features

 - Dockerized Nextcloud (PHP-FPM, Nginx, Cron, Redis)
--- a/roles/docker-oauth2-proxy/Setup.md
+++ b/roles/docker-oauth2-proxy/Setup.md
@ -1,9 +0,0 @@
-# Setup
-
-## Cookie Secret
-
-To generate a cookie secret execute:
-
-```bash
-ansible-vault encrypt_string "$(openssl rand -hex 16)"
-```
--- a/roles/docker-pgadmin/templates/env.j2
+++ b/roles/docker-pgadmin/templates/env.j2
@ -1,5 +1,5 @@
-# Configuration @see https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html
+# Configuration @see https://hub.docker.com/r/dpage/pgadmin4

-PGADMIN_DEFAULT_EMAIL={{ applications[application_id].users.administrator.email }}
-PGADMIN_DEFAULT_PASSWORD={{ applications.[application_id].users.administrator.password }}
+PGADMIN_DEFAULT_EMAIL={{ applications.pgadmin.default_email }}
+PGADMIN_DEFAULT_PASSWORD={{ applications.pgadmin.default_password }}
 PGADMIN_DISABLE_POSTFIX=True
--- a/roles/docker-phpmyadmin/templates/env.j2
+++ b/roles/docker-phpmyadmin/templates/env.j2
@ -1,7 +1,7 @@
 # Configuration @see https://hub.docker.com/_/phpmyadmin

 PMA_HOST= central-mariadb
-{% if applications.[application_id].autologin | bool %}
+{% if applications.phpmyadmin.autologin | bool %}
 PMA_USER= root
 PMA_PASSWORD= "{{central_mariadb_root_password}}"
 {% endif %}
--- a/roles/nginx-https-get-cert/tasks/main.yml
+++ b/roles/nginx-https-get-cert/tasks/main.yml
@ -8,21 +8,18 @@
      # Wildcard certificate should not be used
      # OR: The domain is not a first-level subdomain of the primary domain

-# The following should not work, checkout the Setup.md instructions. 
-# @see https://chatgpt.com/share/67efa9f0-1cdc-800f-8bce-62b00fc3e6a2
 - name: "recieve wildcard certificate *{{ primary_domain }} for {{domain}}"
  command: >-
    certbot certonly --agree-tos --email {{ users.administrator.email }}                                          
    --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{ primary_domain }} -d *.{{ primary_domain }}
    {{ '--test-cert' if mode_test | bool else '' }}
-  when:
+  when: 
    - enable_wildcard_certificate | bool  
      # Wildcard certificate is enabled
    - domain.split('.') | length == (primary_domain.split('.') | length + 1) and domain.endswith(primary_domain)
      # AND: The domain is a direct first-level subdomain of the primary domain
    - run_once_recieve_certificate is not defined  
      # Ensure this task runs only once for the wildcard certificate
-  ignore_errors: true

 - name: "Cleanup dedicated cert for {{ domain }}"
  command: >-