Deactivated cakeday plugin because it's an onboard plugin

Reformated navigation role
Solved Keycloak Master Email Configuration Update settings
2025-11-18 02:56:31 +00:00 · 2025-10-11 18:23:38 +02:00 · 2025-10-11 18:04:58 +02:00 · 2025-10-11 16:57:36 +02:00 · 2025-10-11 16:45:50 +02:00 · 2025-10-11 01:40:48 +02:00
9 changed files with 52 additions and 26 deletions
--- a/roles/web-app-discourse/config/main.yml
+++ b/roles/web-app-discourse/config/main.yml
@@ -43,9 +43,10 @@ plugins:
    enabled:  true
  discourse-akismet:
    enabled:  true
-  discourse-cakeday:
-    enabled:  true
-#  discourse-solved: Seems like this plugin is now also part of the default setup
+# The following plugins moved to the default setup
+#  discourse-cakeday:
+#    enabled:  true
+#  discourse-solved:
 #    enabled:  true 
 #  discourse-voting:
 #    enabled:  true
--- a/roles/web-app-keycloak/tasks/05_login.yml
+++ b/roles/web-app-keycloak/tasks/05_login.yml
@@ -1,3 +1,16 @@
+- name: "Wait until '{{ KEYCLOAK_CONTAINER }}' container is healthy"
+  community.docker.docker_container_info:
+    name: "{{ KEYCLOAK_CONTAINER }}"
+  register: kc_info
+  retries: 60
+  delay: 5
+  until: >
+    kc_info is succeeded and
+    (kc_info.container | default({})) != {} and
+    (kc_info.container.State | default({})) != {} and
+    (kc_info.container.State.Health | default({})) != {} and
+    (kc_info.container.State.Health.Status | default('')) == 'healthy'
+
 - name: Ensure permanent Keycloak admin exists and can log in (container env only)
  block:

@@ -30,7 +43,6 @@
    - name: Ensure permanent admin user exists (create if missing)
      shell: |
        {{ KEYCLOAK_EXEC_CONTAINER }} sh -lc '
-          # Try to create; if it already exists, Keycloak returns 409
          {{ KEYCLOAK_KCADM }} create users -r master \
            -s "username=$KEYCLOAK_PERMANENT_ADMIN_USERNAME" \
            -s "enabled=true"
@@ -53,17 +65,16 @@
        '
      changed_when: true

-    - name: Grant realm-admin role to permanent admin (by username)
+    - name: Grant global admin via master realm role 'admin'
      shell: |
        {{ KEYCLOAK_EXEC_CONTAINER }} sh -lc '
          {{ KEYCLOAK_KCADM }} add-roles -r master \
            --uusername "$KEYCLOAK_PERMANENT_ADMIN_USERNAME" \
-            --cclientid realm-management \
-            --rolename realm-admin
+            --rolename admin
        '
-      register: kc_grant_admin
-      changed_when: (kc_grant_admin.stderr is defined and kc_grant_admin.stderr | length > 0) or
-                    (kc_grant_admin.stdout is defined and kc_grant_admin.stdout | length > 0)
+      register: kc_grant_master_admin
+      changed_when: (kc_grant_master_admin.stderr is defined and kc_grant_master_admin.stderr | length > 0) or
+                    (kc_grant_master_admin.stdout is defined and kc_grant_master_admin.stdout | length > 0)
      failed_when: false

    - name: Verify login with permanent admin (after creation)
--- a/roles/web-app-keycloak/tasks/main.yml
+++ b/roles/web-app-keycloak/tasks/main.yml
@@ -19,12 +19,15 @@
 - name: "Load Client Update routines for '{{ application_id }}'"
  include_tasks: update/01_client.yml

- name: "Load Mail Update routines for '{{ application_id }}'"
-  include_tasks: update/02_mail.yml
+- name: "Load Mail Update routines for '{{ application_id }} - {{ KEYCLOAK_REALM }}'"
+  include_tasks: update/02_mail_realm.yml
+
+- name: "Load Mail Update routines for '{{ application_id }} - master'"
+  include_tasks: update/03_mail_master.yml

 - name: "Load RBAC Update routines for '{{ application_id }}'"
-  include_tasks: update/03_rbac_client_scope.yml
+  include_tasks: update/04_rbac_client_scope.yml

 - name: "Load LDAP Update routines for '{{ application_id }}'"
-  include_tasks: update/04_ldap.yml
+  include_tasks: update/05_ldap.yml
  when: KEYCLOAK_LDAP_ENABLED | bool
--- a/roles/web-app-keycloak/tasks/update/02_mail_realm.yml
+++ b/roles/web-app-keycloak/tasks/update/02_mail_realm.yml
@@ -1,4 +1,4 @@
- name: "Update REALM mail settings from realm dictionary (SPOT)"
+- name: "Update {{ KEYCLOAK_REALM }} REALM mail settings from realm dictionary"
  include_tasks: _update.yml
  vars:
    kc_object_kind:  "realm"
--- a/roles/web-app-keycloak/tasks/update/03_mail_master.yml
+++ b/roles/web-app-keycloak/tasks/update/03_mail_master.yml
@@ -0,0 +1,10 @@
+- name: "Update Master REALM mail settings from realm dictionary"
+  include_tasks: _update.yml
+  vars:
+    kc_object_kind:  "realm"
+    kc_lookup_field: "id"
+    kc_lookup_value: "master"
+    kc_desired:
+      smtpServer: "{{ KEYCLOAK_DICTIONARY_REALM.smtpServer | default({}, true) }}"
+    kc_merge_path:  "smtpServer"
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
--- a/roles/web-app-keycloak/tasks/update/04_rbac_client_scope.yml
+++ b/roles/web-app-keycloak/tasks/update/04_rbac_client_scope.yml
--- a/roles/web-app-keycloak/tasks/update/05_ldap.yml
+++ b/roles/web-app-keycloak/tasks/update/05_ldap.yml
--- a/roles/web-app-navigator/config/main.yml
+++ b/roles/web-app-navigator/config/main.yml
@@ -1,8 +1,8 @@
 features:
-  matomo:           true
-  css:              true
+  matomo:   true
+  css:      true
  desktop:  true
-  logout:           false
+  logout:   false
 server:
  csp:
    whitelist:
@@ -16,14 +16,15 @@ server:
      font-src:
        - https://cdnjs.cloudflare.com
      frame-src:
-        - "{{ WEB_PROTOCOL }}://*.{{ PRIMARY_DOMAIN }}" # Makes sense that all of the website content is available in the navigator
+         # Makes sense that all of the website content is available in the navigator
+        - "{{ WEB_PROTOCOL }}://*.{{ PRIMARY_DOMAIN }}"
    flags:
      style-src:
-        unsafe-inline: true
+        unsafe-inline:  true
      script-src:
-        unsafe-eval:  true
+        unsafe-eval:    true
      script-src-elem:
-        unsafe-inline: true
+        unsafe-inline:  true
  domains:
    canonical:
      - "slides.{{ PRIMARY_DOMAIN }}"
--- a/roles/web-app-navigator/meta/main.yml
+++ b/roles/web-app-navigator/meta/main.yml
@@ -1,8 +1,8 @@
 galaxy_info:
-  author: "Kevin Veen-Birkenbach"
-  description: "An interactive presentation platform focused on guiding end-users through the practical use of the Infinito.Nexus software. Designed to demonstrate features, workflows, and real-world applications for Administrators, Developers, End-Users, Businesses, and Investors."
-  license: "Infinito.Nexus NonCommercial License"
-  license_url: "https://s.infinito.nexus/license"
+  author:       "Kevin Veen-Birkenbach"
+  description:  "An interactive presentation platform focused on guiding end-users through the practical use of the Infinito.Nexus software. Designed to demonstrate features, workflows, and real-world applications for Administrators, Developers, End-Users, Businesses, and Investors."
+  license:      "Infinito.Nexus NonCommercial License"
+  license_url:  "https://s.infinito.nexus/license"
  company: |
    Kevin Veen-Birkenbach
    Consulting & Coaching Solutions
Author	SHA1	Message	Date
Kevin Veen-Birkenbach	2610aec293	Deactivated cakeday plugin because it's an onboard plugin	2025-10-11 18:23:38 +02:00
Kevin Veen-Birkenbach	07db162368	Reformated navigation role	2025-10-11 18:04:58 +02:00
Kevin Veen-Birkenbach	a526d1adc4	Solved Keycloak Master Email Configuration Update settings	2025-10-11 16:57:36 +02:00
Kevin Veen-Birkenbach	ca95079111	Added Email Configuration for Keycloak Master Realm	2025-10-11 16:45:50 +02:00
Kevin Veen-Birkenbach	e410d66cb4	Add health check for Keycloak container and grant global 'admin' realm role to permanent admin user This update waits for the Keycloak container to become healthy before attempting login and replaces the old realm-management based role assignment with the global 'admin' realm role. See: https://chatgpt.com/share/68e99953-e988-800f-8b82-9ffb14c11910	2025-10-11 01:40:48 +02:00