Deactivated OIDC

Optimized Docker Matrix Role in Preparation for use on CyMaIS.Cloud Server
Optimized more CSP policies and recaptcha
2025-06-25 11:45:32 +02:00 · 2025-05-15 22:10:45 +02:00 · 2025-05-15 21:11:21 +02:00 · 2025-05-15 19:36:46 +02:00 · 2025-05-15 18:53:37 +02:00 · 2025-05-15 18:49:52 +02:00
66 changed files with 417 additions and 366 deletions
--- a/27
+++ b/27
@ -1,17 +1,26 @@
-ROLES_DIR=./roles
+ROLES_DIR         	:= ./roles
-OUTPUT=./group_vars/all/11_applications.yml
+APPLICATIONS_OUT  	:= ./group_vars/all/11_applications.yml
-SCRIPT=./cli/generate_defaults_applications.py
+APPLICATIONS_SCRIPT := ./cli/generate_defaults_applications.py
 INCLUDES_OUT      	:= ./tasks/include-docker-roles.yml
 INCLUDES_SCRIPT   	:= ./cli/generate_role_includes.py
 .PHONY: build install test
 build:
-	@echo "🔧 Generating $(OUTPUT) from roles in $(ROLES_DIR)..."
+	@echo "🔧 Generating applications defaults → $(APPLICATIONS_OUT) from roles in $(ROLES_DIR)…"
-	@mkdir -p $(dir $(OUTPUT))
+	@mkdir -p $(dir $(APPLICATIONS_OUT))
-	python3 $(SCRIPT) --roles-dir $(ROLES_DIR) --output-file $(OUTPUT)
+	python3 $(APPLICATIONS_SCRIPT) --roles-dir $(ROLES_DIR) --output-file $(APPLICATIONS_OUT)
-	@echo "✅ Output written to $(OUTPUT)"
+	@echo "✅ Applications defaults written to $(APPLICATIONS_OUT)\n"
 	@echo "🔧 Generating Docker role includes → $(INCLUDES_OUT)…"
 	@mkdir -p $(dir $(INCLUDES_OUT))
 	python3 $(INCLUDES_SCRIPT) $(ROLES_DIR) -o $(INCLUDES_OUT) -p docker-
 	@echo "✅ Docker role includes written to $(INCLUDES_OUT)"
 install: build
 	@echo "⚙️  Install complete."
 test:
-	@echo "Executing Unit Tests:"
+	@echo "🧪 Running Unit Tests..."
 	python -m unittest discover -s tests/unit
-	@echo "Executing Integration Tests:"
+	@echo "🔬 Running Integration Tests..."
 	python -m unittest discover -s tests/integration
--- a/cli/generate_role_includes.py
+++ b/cli/generate_role_includes.py
@ -0,0 +1,79 @@
 import os
 import argparse
 import yaml
 def find_roles(roles_dir, prefix=None):
    """
    Yield absolute paths of role directories under roles_dir.
    Only include roles whose directory name starts with prefix (if given) and contain vars/main.yml.
    """
    for entry in os.listdir(roles_dir):
        if prefix and not entry.startswith(prefix):
            continue
        path = os.path.join(roles_dir, entry)
        vars_file = os.path.join(path, 'vars', 'main.yml')
        if os.path.isdir(path) and os.path.isfile(vars_file):
            yield path, vars_file
 def load_application_id(vars_file):
    """
    Load the vars/main.yml and return the value of application_id key.
    Returns None if not found.
    """
    with open(vars_file, 'r') as f:
        data = yaml.safe_load(f) or {}
    return data.get('application_id')
 def generate_playbook_entries(roles_dir, prefix=None):
    entries = []
    for role_path, vars_file in find_roles(roles_dir, prefix):
        app_id = load_application_id(vars_file)
        if not app_id:
            continue
        # Derive role name from directory name
        role_name = os.path.basename(role_path)
        # entry text
        entry = (
            f"- name: setup {app_id}\n"
            f"  when: (\"{app_id}\" in group_names)\n"
            f"  include_role:\n"
            f"    name: {role_name}\n"
        )
        entries.append(entry)
    return entries
 def main():
    parser = argparse.ArgumentParser(
        description='Generate an Ansible playbook include file from Docker roles and application_ids.'
    )
    parser.add_argument(
        'roles_dir',
        help='Path to directory containing role folders'
    )
    parser.add_argument(
        '-p', '--prefix',
        help='Only include roles whose names start with this prefix (e.g. docker-, client-)',
        default=None
    )
    parser.add_argument(
        '-o', '--output',
        help='Output file path (default: stdout)',
        default=None
    )
    args = parser.parse_args()
    entries = generate_playbook_entries(args.roles_dir, args.prefix)
    output = ''.join(entries)
    if args.output:
        with open(args.output, 'w') as f:
            f.write(output)
        print(f"Playbook entries written to {args.output}")
    else:
        print(output)
 if __name__ == '__main__':
    main()
--- a/docs/guides/developer/Role_Creation.md
+++ b/docs/guides/developer/Role_Creation.md
@ -21,7 +21,7 @@ defaults_applications:
    features:                               # Version of the service
      matomo:     true                      # Enable Matomo tracking for analytics
      css:        true                      # Enable or disable global CSS styling
-      iframe:     false                     # Allow embedding the landing page in an iframe (if true)
+      portfolio_iframe:     false                     # Allow embedding the landing page in an iframe (if true)
      database:   true                      # Enable central database integration
      ldap:       true                      # Enable ldap integration
      oauth2:     true                      # Enable oauth2 proxy
--- a/filter_plugins/init.py
+++ b/filter_plugins/init.py
@ -0,0 +1,2 @@
 from pkgutil import extend_path
 __path__ = extend_path(__path__, __name__)
--- a/filter_plugins/csp_filters.py
+++ b/filter_plugins/csp_filters.py
@ -113,6 +113,13 @@ class FilterModule(object):
                    if matomo_domain:
                        tokens.append(f"{web_protocol}://{matomo_domain}")
                # ReCaptcha integration: allow loading scripts from Google if feature enabled
                if (
                    self.is_feature_enabled(applications, 'recaptcha', application_id)
                    and directive == 'script-src'
                ):
                    tokens.append('https://www.google.com')
                # whitelist
                tokens += self.get_csp_whitelist(applications, application_id, directive)
--- a/group_vars/all/00_general.yml
+++ b/group_vars/all/00_general.yml
@ -1,3 +1,4 @@
 CYMAIS_ENVIRONMENT:       "production"
 HOST_CURRENCY:            "EUR"
 HOST_TIMEZONE:            "UTC"
--- a/main.py
+++ b/main.py
@ -3,6 +3,7 @@
 import argparse
 import subprocess
 import os
 import datetime
 def run_ansible_vault(action, filename, password_file):
    """Execute an ansible-vault command with the specified action on a file."""
@ -10,6 +11,8 @@ def run_ansible_vault(action, filename, password_file):
    subprocess.run(cmd, check=True) 
 def run_ansible_playbook(inventory: str, playbook: str, modes: dict, limit: str = None, password_file: str = None, verbose: int = 0, skip_tests: bool = False):
    start_time = datetime.datetime.now().isoformat()
    print(f"\n▶️ Script started at: {start_time}\n")
    print("\n🛠️  Building project (make build)...\n")
    subprocess.run(["make", "build"], check=True)
@ -39,6 +42,8 @@ def run_ansible_playbook(inventory: str, playbook: str, modes: dict, limit: str
    print("\n🚀 Launching Ansible Playbook...\n")
    subprocess.run(cmd, check=True)
    end_time = datetime.datetime.now().isoformat()
    print(f"\n✅ Script ended at: {end_time}\n")
 def main():
    # Change to script dir to execute all folders relative to their
    script_dir = os.path.dirname(os.path.realpath(__file__))
--- a/roles/docker-akaunting/vars/configuration.yml
+++ b/roles/docker-akaunting/vars/configuration.yml
@ -5,7 +5,7 @@ setup_admin_email:        "{{users.administrator.email}}"
 features:
  matomo:                 true
  css:                    true
-  landingpage_iframe:     false
+  portfolio_iframe:     false
  central_database:       true
 credentials:
 #  database_password:     Needs to be defined in inventory file 
--- a/roles/docker-attendize/vars/configuration.yml
+++ b/roles/docker-attendize/vars/configuration.yml
@ -5,5 +5,5 @@ credentials:
 features:
  matomo:             true
  css:                true
-  landingpage_iframe: false
+  portfolio_iframe: false
  central_database:   true
--- a/roles/docker-baserow/vars/configuration.yml
+++ b/roles/docker-baserow/vars/configuration.yml
@ -2,5 +2,5 @@ version:              "latest"
 features:
  matomo:             true
  css:                true
-  landingpage_iframe: true
+  portfolio_iframe: true
  central_database:   true
--- a/roles/docker-bigbluebutton/vars/configuration.yml
+++ b/roles/docker-bigbluebutton/vars/configuration.yml
@ -15,7 +15,7 @@ urls:
 features:
  matomo:             true
  css:                true
-  landingpage_iframe: false
+  portfolio_iframe: false
  ldap:               false
  oidc:               true
  central_database:   false
--- a/roles/docker-bluesky/vars/configuration.yml
+++ b/roles/docker-bluesky/vars/configuration.yml
@ -10,5 +10,5 @@ credentials:
 features:
  matomo: true
  css: true
-  landingpage_iframe: true
+  portfolio_iframe: true
  central_database: true
--- a/roles/docker-discourse/vars/configuration.yml
+++ b/roles/docker-discourse/vars/configuration.yml
@ -5,7 +5,7 @@ credentials:
 features:
  matomo:             true
  css:                true
-  landingpage_iframe: false
+  portfolio_iframe: false
  oidc:               true
  central_database:   true
 csp:
--- a/roles/docker-espocrm/vars/configuration.yml
+++ b/roles/docker-espocrm/vars/configuration.yml
@ -8,7 +8,7 @@ credentials:
 features:
  matomo:             true
  css:                false
-  landingpage_iframe: false
+  portfolio_iframe: false
  ldap:               false
  oidc:               true
  central_database:   true
--- a/roles/docker-friendica/vars/configuration.yml
+++ b/roles/docker-friendica/vars/configuration.yml
@ -2,6 +2,6 @@ version:              "latest"
 features:
  matomo:             true
  css:                true
-  landingpage_iframe: true
+  portfolio_iframe: true
  oidc:               true
  central_database:   true
--- a/roles/docker-funkwhale/vars/configuration.yml
+++ b/roles/docker-funkwhale/vars/configuration.yml
@ -2,7 +2,7 @@ version:              "1.4.0"
 features:
  matomo:             true
  css:                true
-  landingpage_iframe: true
+  portfolio_iframe: true
  ldap:               true
  central_database:   true
 credentials:
--- a/roles/docker-gitea/templates/env.j2
+++ b/roles/docker-gitea/templates/env.j2
@ -12,7 +12,7 @@ SSH_PORT={{ports.public.ssh[application_id]}}
 SSH_LISTEN_PORT=22
 DOMAIN={{domains[application_id]}}
 SSH_DOMAIN={{domains[application_id]}}
-RUN_MODE="{{run_mode}}"
+RUN_MODE="{{ 'dev' if (CYMAIS_ENVIRONMENT | lower) == 'development' else 'prod' }}"
 ROOT_URL="{{ web_protocol }}://{{domains[application_id]}}/"
 # Mail Configuration 
--- a/roles/docker-gitea/vars/configuration.yml
+++ b/roles/docker-gitea/vars/configuration.yml
@ -7,7 +7,7 @@ configuration:
 features:
  matomo:                         true
  css:                            true
-  landingpage_iframe:             true
+  portfolio_iframe:             true
  central_database:               true
 csp:
  flags:
--- a/roles/docker-gitlab/vars/configuration.yml
+++ b/roles/docker-gitlab/vars/configuration.yml
@ -2,5 +2,5 @@ version:              "latest"
 features:
  matomo:             true
  css:                true
-  landingpage_iframe: true
+  portfolio_iframe: true
  central_database:   true
--- a/roles/docker-joomla/vars/configuration.yml
+++ b/roles/docker-joomla/vars/configuration.yml
@ -2,4 +2,4 @@ version:              "latest"
 features:
  matomo:             true
  css:                true
-  landingpage_iframe: true
+  portfolio_iframe: true
--- a/roles/docker-keycloak/vars/configuration.yml
+++ b/roles/docker-keycloak/vars/configuration.yml
@ -4,12 +4,16 @@ users:
    username:         "{{users.administrator.username}}"  # Administrator Username for Keycloak
 import_realm:         True                                # If True realm will be imported. If false skip.
 credentials:
 #   database_password:                                    # Needs to be defined in inventory file
 #   administrator_password:                               # Needs to be defined in inventory file
 features:
  matomo:             true
  css:                true
-  landingpage_iframe: true
+  portfolio_iframe:   true
  ldap:               true
  central_database:   true
  recaptcha:          true
 csp:
  flags:
    script-src:
      unsafe-inline: true
    style-src:
      unsafe-inline: true
--- a/roles/docker-lam/vars/configuration.yml
+++ b/roles/docker-lam/vars/configuration.yml
@ -8,7 +8,7 @@ credentials:
 features:
  matomo:                       true
  css:                          true
-  landingpage_iframe:           true
+  portfolio_iframe:           true
  ldap:                         true
  central_database:             false
  oauth2:                       false
--- a/roles/docker-listmonk/vars/configuration.yml
+++ b/roles/docker-listmonk/vars/configuration.yml
@ -6,6 +6,6 @@ version:                    "latest"                              # Docker Image
 features:
  matomo:                   true
  css:                      true
-  landingpage_iframe:       true
+  portfolio_iframe:       true
  central_database:         true
  oidc:                     true
--- a/roles/docker-mailu/vars/configuration.yml
+++ b/roles/docker-mailu/vars/configuration.yml
@ -15,6 +15,6 @@ credentials:
 features:
  matomo:                 true
  css:                    true
-  landingpage_iframe:     false                             # Deactivated mailu iframe loading until keycloak supports it
+  portfolio_iframe:     false                             # Deactivated mailu iframe loading until keycloak supports it
  oidc:                   true
  central_database:       false                             # Deactivate central database for mailu, I don't know why the database deactivation is necessary
--- a/roles/docker-mastodon/vars/configuration.yml
+++ b/roles/docker-mastodon/vars/configuration.yml
@ -14,6 +14,6 @@ credentials:
 features:
  matomo: true
  css: true
-  landingpage_iframe: false
+  portfolio_iframe: false
  oidc: true
  central_database: true
--- a/roles/docker-matomo/vars/configuration.yml
+++ b/roles/docker-matomo/vars/configuration.yml
@ -2,7 +2,7 @@ version:              "latest"
 features:
  matomo:             true
  css:                false
-  landingpage_iframe: false
+  portfolio_iframe: false
  central_database:   true
  oauth2:             false
 csp:
--- a/roles/docker-matrix/Todo.md
+++ b/roles/docker-matrix/Todo.md
@ -0,0 +1,5 @@
 # Todo 
 - Enable Whatsapp by default
 - Enable Telegram by default
 - Enable Slack by default
 - Enable ChatGPT by default
--- a/roles/docker-matrix/filter_plugins/init.py
+++ b/roles/docker-matrix/filter_plugins/init.py
@ -0,0 +1,2 @@
 from pkgutil import extend_path
 __path__ = extend_path(__path__, __name__)
--- a/roles/docker-matrix/filter_plugins/bridge_filters.py
+++ b/roles/docker-matrix/filter_plugins/bridge_filters.py
@ -0,0 +1,13 @@
 def filter_enabled_bridges(bridges, plugins):
    """
    Return only those bridge definitions whose 'bridge_name' is set to True in plugins.
    :param bridges: list of dicts, each with a 'bridge_name' key
    :param plugins: dict mapping bridge_name to a boolean
    """
    return [b for b in bridges if plugins.get(b['bridge_name'], False)]
 class FilterModule(object):
    def filters(self):
        return {
            'filter_enabled_bridges': filter_enabled_bridges,
        }
--- a/roles/docker-matrix/tasks/main.yml
+++ b/roles/docker-matrix/tasks/main.yml
@ -1,4 +1,13 @@
 ---
 - name: Load bridges configuration
  include_vars:
    file: "bridges.yml"
 - name: Filter enabled bridges and register as fact
  set_fact:
    bridges: "{{ bridges_configuration | filter_enabled_bridges(applications[application_id].plugins) }}"
  changed_when: false
 - name: "include docker-central-database"
  include_role: 
    name: docker-central-database
--- a/roles/docker-matrix/templates/docker-compose.yml.j2
+++ b/roles/docker-matrix/templates/docker-compose.yml.j2
@ -25,7 +25,11 @@ services:
      interval: 1m
      timeout: 10s
      retries: 3
 {% if bridges | bool %}
 {% include 'templates/docker/container/depends-on-also-database.yml.j2' %}
 {% else %}
 {% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
 {% endif %}
 {% for item in bridges %}
      mautrix-{{item.bridge_name}}:
        condition: service_healthy
@ -61,47 +65,47 @@ services:
      retries: 3
 {% include 'templates/docker/container/networks.yml.j2' %}
 {% endfor %}
-# Deactivated chatgpt. 
+{% if applications[application_id] | bool %}
-# @todo needs to be reactivated as soon as bug is found
+  matrix-chatgpt-bot:
-#  matrix-chatgpt-bot:
+    restart: {{docker_restart_policy}}
-#    restart: {{docker_restart_policy}}
+    container_name: matrix-chatgpt
-#    container_name: matrix-chatgpt
+    image: ghcr.io/matrixgpt/matrix-chatgpt-bot:latest
-#    image: ghcr.io/matrixgpt/matrix-chatgpt-bot:latest
+    volumes:
-#    volumes:
+      - chatgpt_data:/storage
-#      - chatgpt_data:/storage
+    environment:
-#    environment:
+      OPENAI_API_KEY: '{{applications[application_id].credentials.chatgpt_bridge_openai_api_key}}'
-#      OPENAI_API_KEY: '{{applications[application_id].credentials.chatgpt_bridge_openai_api_key}}'
+      # Uncomment the next two lines if you are using Azure OpenAI API
-#      # Uncomment the next two lines if you are using Azure OpenAI API
+      # OPENAI_AZURE: 'false'
-#      # OPENAI_AZURE: 'false'
+      # CHATGPT_REVERSE_PROXY: 'your-completion-endpoint-here'
-#      # CHATGPT_REVERSE_PROXY: 'your-completion-endpoint-here'
+      CHATGPT_CONTEXT: 'thread'
-#      CHATGPT_CONTEXT: 'thread'
+      CHATGPT_API_MODEL: 'gpt-3.5-turbo'
-#      CHATGPT_API_MODEL: 'gpt-3.5-turbo'
+      # Uncomment and edit the next line if needed
-#      # Uncomment and edit the next line if needed
+      # CHATGPT_PROMPT_PREFIX: 'Instructions:\nYou are ChatGPT, a large language model trained by OpenAI.'
-#      # CHATGPT_PROMPT_PREFIX: 'Instructions:\nYou are ChatGPT, a large language model trained by OpenAI.'
+      # CHATGPT_IGNORE_MEDIA: 'false'
-#      # CHATGPT_IGNORE_MEDIA: 'false'
+      CHATGPT_REVERSE_PROXY: 'https://api.openai.com/v1/chat/completions'
-#      CHATGPT_REVERSE_PROXY: 'https://api.openai.com/v1/chat/completions'
+      # Uncomment and edit the next line if needed
-#      # Uncomment and edit the next line if needed
+      # CHATGPT_TEMPERATURE: '0.8'
-#      # CHATGPT_TEMPERATURE: '0.8'
+      # Uncomment and edit the next line if needed
-#      # Uncomment and edit the next line if needed
+      #CHATGPT_MAX_CONTEXT_TOKENS: '4097'
-#      #CHATGPT_MAX_CONTEXT_TOKENS: '4097'
+      CHATGPT_MAX_PROMPT_TOKENS: '3000'
-#      CHATGPT_MAX_PROMPT_TOKENS: '3000'
+      KEYV_BACKEND: 'file'
-#      KEYV_BACKEND: 'file'
+      KEYV_URL: ''
-#      KEYV_URL: ''
+      KEYV_BOT_ENCRYPTION: 'false'
-#      KEYV_BOT_ENCRYPTION: 'false'
+      KEYV_BOT_STORAGE: 'true'
-#      KEYV_BOT_STORAGE: 'true'
+      MATRIX_HOMESERVER_URL: 'https://{{domains.synapse}}'
-#      MATRIX_HOMESERVER_URL: 'https://{{domains.synapse}}'
+      MATRIX_BOT_USERNAME: '@chatgptbot:{{applications.matrix.server_name}}'
-#      MATRIX_BOT_USERNAME: '@chatgptbot:{{applications.matrix.server_name}}'
+      MATRIX_ACCESS_TOKEN: '{{ applications[application_id].credentials.chatgpt_bridge_access_token | default('') }}'
-#      MATRIX_ACCESS_TOKEN: '{{ applications[application_id].credentials.chatgpt_bridge_access_token | default('') }}'
+      MATRIX_BOT_PASSWORD: '{{applications[application_id].credentials.chatgpt_bridge_user_password}}'
-#      MATRIX_BOT_PASSWORD: '{{applications[application_id].credentials.chatgpt_bridge_user_password}}'
+      MATRIX_DEFAULT_PREFIX: '!chatgpt'
-#      MATRIX_DEFAULT_PREFIX: '!chatgpt'
+      MATRIX_DEFAULT_PREFIX_REPLY: 'false'
-#      MATRIX_DEFAULT_PREFIX_REPLY: 'false'
+      #MATRIX_BLACKLIST: ''
-#      #MATRIX_BLACKLIST: ''
+      MATRIX_WHITELIST: ':{{applications.matrix.server_name}}'
-#      MATRIX_WHITELIST: ':{{applications.matrix.server_name}}'
+      MATRIX_AUTOJOIN: 'true'
-#      MATRIX_AUTOJOIN: 'true'
+      MATRIX_ENCRYPTION: 'true'
-#      MATRIX_ENCRYPTION: 'true'
+      MATRIX_THREADS: 'true'
-#      MATRIX_THREADS: 'true'
+      MATRIX_PREFIX_DM: 'false'
-#      MATRIX_PREFIX_DM: 'false'
+      MATRIX_RICH_TEXT: 'true'
-#      MATRIX_RICH_TEXT: 'true'
+{% endif %}
 {% include 'templates/docker/compose/volumes.yml.j2' %}
  synapse_data:
--- a/roles/docker-matrix/templates/synapse/homeserver.yaml.j2
+++ b/roles/docker-matrix/templates/synapse/homeserver.yaml.j2
@ -45,7 +45,7 @@ email:
  client_base_url:              "{{domains.synapse}}"
  validation_token_lifetime:    15m
-{% if applications[application_id].features.oidc | bool %}
+{% if applications | is_feature_enabled('oidc',application_id) %}
 # @See https://matrix-org.github.io/synapse/latest/openid.html
 oidc_providers:
  - idp_id: keycloak
@ -61,7 +61,9 @@ oidc_providers:
    backchannel_logout_enabled: true
 {% endif %}
 {% if bridges | bool %}
 app_service_config_files:
 {% for item in bridges %}
  - {{registration_file_folder}}{{item.bridge_name}}.registration.yaml
 {% endfor %}
 {% endif %}
--- a/roles/docker-matrix/vars/bridges.yml
+++ b/roles/docker-matrix/vars/bridges.yml
@ -0,0 +1,30 @@
 bridges_configuration:
  - database_password: "{{ applications[application_id].credentials.mautrix_whatsapp_bridge_database_password }}"
    database_username:  "mautrix_whatsapp_bridge"
    database_name:      "mautrix_whatsapp_bridge"
    bridge_name:        "whatsapp"   
  - database_password:  "{{ applications[application_id].credentials.mautrix_telegram_bridge_database_password }}"
    database_username:  "mautrix_telegram_bridge"
    database_name:      "mautrix_telegram_bridge"
    bridge_name:        "telegram"
  - database_password:  "{{ applications[application_id].credentials.mautrix_signal_bridge_database_password }}"
    database_username:  "mautrix_signal_bridge"
    database_name:      "mautrix_signal_bridge"
    bridge_name:        "signal"
  - database_password:  "{{ applications[application_id].credentials.mautrix_slack_bridge_database_password }}"
    database_username:  "mautrix_slack_bridge"
    database_name:      "mautrix_slack_bridge"
    bridge_name:        "slack"
  - database_password:  "{{ applications[application_id].credentials.mautrix_facebook_bridge_database_password }}"
    database_username:  "mautrix_facebook_bridge"
    database_name:      "mautrix_facebook_bridge"
    bridge_name:        "facebook"
  - database_password:  "{{ applications[application_id].credentials.mautrix_instagram_bridge_database_password }}"
    database_username:  "mautrix_instagram_bridge"
    database_name:      "mautrix_instagram_bridge"
    bridge_name:        "instagram"
--- a/roles/docker-matrix/vars/configuration.yml
+++ b/roles/docker-matrix/vars/configuration.yml
@ -3,7 +3,6 @@ users:
  administrator:
    username:         "{{users.administrator.username}}" # Accountname of the matrix admin
 playbook_tags:        "setup-all,start"                  # For the initial update use: install-all,ensure-matrix-users-created,start
 role:                 "compose"                          # Role to setup Matrix. Valid values: ansible, compose
 server_name:          "{{primary_domain}}"               # Adress for the account names etc.
 synapse:
  version:            "latest"
@ -13,8 +12,8 @@ setup:                false                              # Set true in inventory
 features:
  matomo:             true
  css:                true
-  landingpage_iframe: false
+  portfolio_iframe:   false
-  oidc:               false                              # Deactivated OIDC due to this issue https://github.com/matrix-org/synapse/issues/10492
+  oidc:               true                              # Deactivated OIDC due to this issue https://github.com/matrix-org/synapse/issues/10492
  central_database:   true
 csp:
  flags:
@ -30,3 +29,14 @@ csp:
    script-src:
      - "{{ domains.synapse }}"
      - "https://cdn.jsdelivr.net"
 plugins:
 # You need to enable them in the inventory file
  chatgpt:    false
  facebook:   false
  immesage:   false
  instagram:  false
  signal:     false
  slack:      false
  telegram:   false
  whatsapp:   false
--- a/roles/docker-matrix/vars/main.yml
+++ b/roles/docker-matrix/vars/main.yml
@ -3,36 +3,3 @@ application_id:            "matrix"
 database_type:            "postgres"
 registration_file_folder: "/data/"
 well_known_directory:     "{{nginx.directories.data.well_known}}/matrix/"
 bridges:
  - database_password: "{{ applications[application_id].credentials.mautrix_whatsapp_bridge_database_password }}"
    database_username:  "mautrix_whatsapp_bridge"
    database_name:      "mautrix_whatsapp_bridge"
    bridge_name:        "whatsapp"   
  - database_password:  "{{ applications[application_id].credentials.mautrix_telegram_bridge_database_password }}"
    database_username:  "mautrix_telegram_bridge"
    database_name:      "mautrix_telegram_bridge"
    bridge_name:        "telegram"
  - database_password:  "{{ applications[application_id].credentials.mautrix_signal_bridge_database_password }}"
    database_username:  "mautrix_signal_bridge"
    database_name:      "mautrix_signal_bridge"
    bridge_name:        "signal"
 # Deactivated temporary, due to bug which is hard to find 
 # @todo Reactivate 
 #  - database_password:  "{{ applications[application_id].credentials.mautrix_slack_bridge_database_password }}"
 #    database_username:  "mautrix_slack_bridge"
 #    database_name:      "mautrix_slack_bridge"
 #    bridge_name:        "slack"
  - database_password:  "{{ applications[application_id].credentials.mautrix_facebook_bridge_database_password }}"
    database_username:  "mautrix_facebook_bridge"
    database_name:      "mautrix_facebook_bridge"
    bridge_name:        "facebook"
  - database_password:  "{{ applications[application_id].credentials.mautrix_instagram_bridge_database_password }}"
    database_username:  "mautrix_instagram_bridge"
    database_name:      "mautrix_instagram_bridge"
    bridge_name:        "instagram"
--- a/roles/docker-moodle/vars/configuration.yml
+++ b/roles/docker-moodle/vars/configuration.yml
@ -6,8 +6,8 @@ users:
 version:              "latest"
 features:
  matomo:             true
-  css:                true
+  css:                false
-  landingpage_iframe: false
+  portfolio_iframe:   false
  central_database:   true
 csp:
  flags:
@ -20,4 +20,5 @@ csp:
    font-src:
      - "data:"
      - "blob:"
    script-src:
      - "https://cdn.jsdelivr.net"
--- a/roles/docker-mybb/vars/configuration.yml
+++ b/roles/docker-mybb/vars/configuration.yml
@ -3,5 +3,5 @@ version:              "latest"
 features:
  matomo:             true
  css:                true
-  landingpage_iframe: false
+  portfolio_iframe: false
  central_database:   true
--- a/roles/docker-nextcloud/vars/configuration.yml
+++ b/roles/docker-nextcloud/vars/configuration.yml
@ -23,7 +23,7 @@ credentials:
 features:
  matomo:                       true
  css:                          true
-  landingpage_iframe:           false
+  portfolio_iframe:           false
  ldap:                         true
  oidc:                         true
  central_database:             true
--- a/roles/docker-oauth2-proxy/vars/configuration.yml
+++ b/roles/docker-oauth2-proxy/vars/configuration.yml
@ -5,4 +5,4 @@ allowed_roles:      admin
 features:
  matomo: true
  css: true
-  landingpage_iframe: false
+  portfolio_iframe: false
--- a/roles/docker-openproject/tasks/ldap.yml
+++ b/roles/docker-openproject/tasks/ldap.yml
@ -96,7 +96,7 @@
  shell: >
    docker compose exec web bash -c "
      cd /app &&
-      RAILS_ENV=production bundle exec rails runner \"
+      RAILS_ENV={{ CYMAIS_ENVIRONMENT | lower }} bundle exec rails runner \"
        user = User.find_by(mail: '{{ users.administrator.email }}');
        if user.nil?;
          puts 'User with email {{ users.administrator.email }} not found.';
--- a/roles/docker-openproject/tasks/main.yml
+++ b/roles/docker-openproject/tasks/main.yml
@ -49,7 +49,7 @@
 - name: Set settings in OpenProject
  shell: >
    docker compose exec web bash -c "cd /app &&
-    RAILS_ENV=production bundle exec rails runner \"Setting[:{{ item.key }}] = '{{ item.value }}'\""
+    RAILS_ENV={{ CYMAIS_ENVIRONMENT | lower }} bundle exec rails runner \"Setting[:{{ item.key }}] = '{{ item.value }}'\""
  args:
    chdir: "{{ docker_compose.directories.instance }}"
  loop: "{{ openproject_rails_settings | dict2items }}"
--- a/roles/docker-openproject/vars/configuration.yml
+++ b/roles/docker-openproject/vars/configuration.yml
@ -9,7 +9,7 @@ ldap:
 features:
  matomo:             true
  css:                true
-  landingpage_iframe: false
+  portfolio_iframe: false
  ldap:               true
  central_database:   true
  oauth2:             true
--- a/roles/docker-peertube/vars/configuration.yml
+++ b/roles/docker-peertube/vars/configuration.yml
@ -2,7 +2,7 @@ version:              "bookworm"
 features:
  matomo:             true
  css:                true
-  landingpage_iframe: false
+  portfolio_iframe:   false
  central_database:   true
 csp:
  flags:
--- a/roles/docker-pgadmin/vars/configuration.yml
+++ b/roles/docker-pgadmin/vars/configuration.yml
@ -10,6 +10,6 @@ oauth2_proxy:
 features:
  matomo:                 true
  css:                    true
-  landingpage_iframe:     false
+  portfolio_iframe:     false
  central_database:       true
  oauth2:                 true
--- a/roles/docker-phpldapadmin/vars/configuration.yml
+++ b/roles/docker-phpldapadmin/vars/configuration.yml
@ -5,6 +5,6 @@ oauth2_proxy:
 features:
  matomo:             true
  css:                true
-  landingpage_iframe: false
+  portfolio_iframe: false
  ldap:               true
  oauth2:             true
--- a/roles/docker-phpmyadmin/vars/configuration.yml
+++ b/roles/docker-phpmyadmin/vars/configuration.yml
@ -6,7 +6,7 @@ oauth2_proxy:
 features:
  matomo:             true
  css:                false
-  landingpage_iframe: false
+  portfolio_iframe: false
  central_database:   true
  oauth2:             true
 hostname:             central-mariadb
--- a/roles/docker-pixelfed/vars/configuration.yml
+++ b/roles/docker-pixelfed/vars/configuration.yml
@ -3,7 +3,7 @@ version:              "latest"
 features:
  matomo:             true
  css:                true
-  landingpage_iframe: false
+  portfolio_iframe: false
  central_database:   true
 csp:
  flags:
--- a/roles/docker-portfolio/templates/config.yaml.j2
+++ b/roles/docker-portfolio/templates/config.yaml.j2
@ -28,7 +28,7 @@ accounts:
          class: fa-brands fa-mastodon
        url: "{{ web_protocol }}://{{ service_provider.contact.mastodon.split('@')[2] }}/@{{ service_provider.contact.mastodon.split('@')[1] }}"
        identifier: "{{service_provider.contact.mastodon}}"
-        iframe: {{ applications | is_feature_enabled('landing_page_iframe','mastodon') }}
+        iframe: {{ applications | is_feature_enabled('portfolio_iframe','mastodon') }}
 {% endif %}
 {% if service_provider.contact.bluesky is defined and service_provider.contact.bluesky != "" %}
@ -52,7 +52,7 @@ accounts:
          class: fa-solid fa-camera
      identifier: "{{service_provider.contact.pixelfed}}"
      url: "{{ web_protocol }}://{{ service_provider.contact.pixelfed.split('@')[2] }}/@{{ service_provider.contact.pixelfed.split('@')[1] }}"
-      iframe: {{ applications | is_feature_enabled('landing_page_iframe','pixelfed') }}
+      iframe: {{ applications | is_feature_enabled('portfolio_iframe','pixelfed') }}
 {% endif %}
 {% if service_provider.contact.peertube  is defined and service_provider.contact.peertube  != "" %}
@ -64,7 +64,7 @@ accounts:
        class: fa-solid fa-video
      identifier: "{{service_provider.contact.peertube}}"
      url: "{{ web_protocol }}://{{ service_provider.contact.peertube.split('@')[2] }}/@{{ service_provider.contact.peertube.split('@')[1] }}"
-      iframe: {{ applications | is_feature_enabled('landing_page_iframe','peertube') }}
+      iframe: {{ applications | is_feature_enabled('portfolio_iframe','peertube') }}
 {% endif %}
 {% if service_provider.contact.wordpress is defined and service_provider.contact.wordpress != "" %}
@ -76,7 +76,7 @@ accounts:
        class: fa-solid fa-blog
      identifier: "{{service_provider.contact.wordpress}}"
      url: "{{ web_protocol }}://{{ service_provider.contact.wordpress.split('@')[2] }}/@{{ service_provider.contact.wordpress.split('@')[1] }}"
-      iframe: {{ applications | is_feature_enabled('landing_page_iframe','wordpress') }}
+      iframe: {{ applications | is_feature_enabled('portfolio_iframe','wordpress') }}
 {% endif %}
 {% if service_provider.contact.source_code is defined and service_provider.contact.source_code != "" %}
@ -98,7 +98,7 @@ accounts:
      class: fas fa-network-wired
    identifier: "{{service_provider.contact.friendica}}"
    url: "{{ web_protocol }}://{{ service_provider.contact.friendica.split('@')[2] }}/@{{ service_provider.contact.friendica.split('@')[1] }}"
-    iframe: {{ applications | is_feature_enabled('landing_page_iframe','friendica') }}
+    iframe: {{ applications | is_feature_enabled('portfolio_iframe','friendica') }}
 {% endif %}
--- a/roles/docker-portfolio/templates/footer_menu.yaml.j2
+++ b/roles/docker-portfolio/templates/footer_menu.yaml.j2
@ -37,13 +37,13 @@
                icon:
                  class: fa-solid fa-shield-halved
                url: https://{{domains.keycloak}}/admin
-                iframe: {{ applications | is_feature_enabled('landing_page_iframe','keycloak') }}
+                iframe: {{ applications | is_feature_enabled('portfolio_iframe','keycloak') }}
              - name: Profile
                description: Update your personal admin settings
                icon:
                  class: fa-solid fa-user-gear
                url: https://{{ domains.keycloak }}/realms/{{oidc.client.id}}/account
-                iframe: {{ applications | is_feature_enabled('landing_page_iframe','keycloak') }}
+                iframe: {{ applications | is_feature_enabled('portfolio_iframe','keycloak') }}
              - name: Logout
                description: End your admin session securely
                icon:
@ -113,7 +113,7 @@
      icon:
        class: fas fa-book
      url: https://{{domains.sphinx}}
-      iframe: {{ applications | is_feature_enabled('landing_page_iframe','sphinx') }}
+      iframe: {{ applications | is_feature_enabled('portfolio_iframe','sphinx') }}
 {% endif %}
@ -124,7 +124,7 @@
      icon:
        class: "fas fa-chalkboard-teacher"
      url: https://{{domains.presentation}}
-      iframe: {{ applications | is_feature_enabled('landing_page_iframe','presentation') }}
+      iframe: {{ applications | is_feature_enabled('portfolio_iframe','presentation') }}
 {% endif %}
--- a/roles/docker-portfolio/vars/configuration.yml
+++ b/roles/docker-portfolio/vars/configuration.yml
@ -1,7 +1,7 @@
 features:
  matomo:             true
  css:                true
-  landingpage_iframe: false
+  portfolio_iframe: false
 csp:
  whitelist:
    script-src:
--- a/roles/docker-presentation/vars/configuration.yml
+++ b/roles/docker-presentation/vars/configuration.yml
@ -1,7 +1,7 @@
 features:
  matomo:             true
  css:                true
-  landingpage_iframe: true
+  portfolio_iframe: true
 csp:
  whitelist:
--- a/roles/docker-snipe_it/vars/configuration.yml
+++ b/roles/docker-snipe_it/vars/configuration.yml
@ -2,5 +2,5 @@ version:              "latest"
 features:
  matomo:             true
  css:                true
-  landingpage_iframe: false
+  portfolio_iframe: false
  central_database:   true
--- a/roles/docker-sphinx/vars/configuration.yml
+++ b/roles/docker-sphinx/vars/configuration.yml
@ -1,7 +1,7 @@
 features:
  matomo:               true
  css:                  true
-  landingpage_iframe:   false
+  portfolio_iframe:   false
 csp:
  flags:
    script-src:
--- a/roles/docker-taiga/vars/configuration.yml
+++ b/roles/docker-taiga/vars/configuration.yml
@ -9,7 +9,7 @@ flavor:               'taigaio' # Potential flavors: robrotheram, taigaio
 features:
  matomo:             true
  css:                true
-  landingpage_iframe: false
+  portfolio_iframe: false
  oidc:               false
  central_database:   true
--- a/roles/docker-wordpress/vars/configuration.yml
+++ b/roles/docker-wordpress/vars/configuration.yml
@ -13,7 +13,7 @@ plugins:
 features:
  matomo:             true
  css:                false
-  landingpage_iframe: false
+  portfolio_iframe: false
  oidc:               true
  central_database:   true
 csp:
@ -28,10 +28,9 @@ csp:
      - "blob:"
    font-src:
      - "data:"
      - "https://fonts.bunny.net"
    script-src:
      - "https://cdn.gtranslate.net"
      - "{{ domains.wordpress[0] }}"
    frame-src:
      - "{{ domains.peertube }}"
    style-src:
      - "https://fonts.bunny.net"
--- a/roles/docker-yourls/vars/configuration.yml
+++ b/roles/docker-yourls/vars/configuration.yml
@ -9,6 +9,6 @@ oauth2_proxy:
 features:
  matomo:             true
  css:                true
-  landingpage_iframe: false
+  portfolio_iframe: false
  central_database:   true
  oauth2:             true
--- a/roles/nginx-serve-files/vars/configuration.yml
+++ b/roles/nginx-serve-files/vars/configuration.yml
@ -1,4 +1,4 @@
 features:
  matomo:             true
  css:                true
-  landingpage_iframe: true
+  portfolio_iframe: true
--- a/roles/nginx-serve-html/vars/configuration.yml
+++ b/roles/nginx-serve-html/vars/configuration.yml
@ -1,4 +1,4 @@
 features:
  matomo: true
  css: true
-  landingpage_iframe: false
+  portfolio_iframe: false
--- a/roles/update-docker/templates/update-docker.py.j2
+++ b/roles/update-docker/templates/update-docker.py.j2
@ -149,7 +149,7 @@ def update_mastodon():
    Runs the database migration for Mastodon to ensure all required tables are up to date.
    """
    print("Starting Mastodon database migration.")
-    run_command("docker compose exec -T web bash -c 'RAILS_ENV=production bin/rails db:migrate'")
+    run_command("docker compose exec -T web bash -c 'RAILS_ENV={{ CYMAIS_ENVIRONMENT | lower }} bin/rails db:migrate'")
    print("Mastodon database migration complete.")
 def upgrade_listmonk():
--- a/tasks/.gitignore
+++ b/tasks/.gitignore
@ -0,0 +1 @@
 include-docker-roles.yml
--- a/tasks/server.yml
+++ b/tasks/server.yml
@ -11,215 +11,8 @@
    - health-btrfs
    - system-btrfs-auto-balancer
-#########################################################################
+- name: "Integrate Docker Role includes"
-### Docker Roles                                                      ###
+  include_tasks: "include-docker-roles.yml"
 #########################################################################
 - name: "setup matomo"
  when: ("matomo" in group_names)
  include_role:
    name: docker-matomo
 - name: setup ldap
  when: ("ldap" in group_names)
  include_role:
    name: docker-ldap
 - name: setup keycloak
  when: ("keycloak" in group_names)
  include_role:
    name: docker-keycloak
 - name: setup lam
  when: ("lam" in group_names)
  include_role:
    name: docker-lam
 - name: setup phpldapadmin
  when: ("phpldapadmin" in group_names)
  include_role:
    name: docker-phpldapadmin
 - name: setup nextcloud hosts
  when: ("nextcloud" in group_names)
  include_role:
    name: docker-nextcloud
 - name: setup gitea hosts
  when: ("gitea" in group_names)
  include_role:
    name: docker-gitea
  vars:
    run_mode: prod
 - name: setup wordpress hosts
  when: ("wordpress" in group_names)
  include_role:
    name: docker-wordpress
 - name: setup mediawiki hosts
  when: ("mediawiki" in group_names)
  include_role:
    name: docker-mediawiki
 - name: setup mybb hosts
  when: ("mybb" in group_names)
  include_role:
    name: docker-mybb
  vars:
    mybb_domains: "{{domains.mybb}}"
 - name: setup yourls hosts
  when: ("yourls" in group_names)
  include_role:
    name: docker-yourls
 - name: setup mailu hosts
  when: ("mailu" in group_names)
  include_role:
    name: docker-mailu
 - name: setup elk hosts
  when: ("elk" in group_names)
  include_role:
    name: docker-elk
 - name: setup mastodon hosts
  when: ("mastodon" in group_names)
  include_role:
    name: docker-mastodon
 - name: setup pixelfed hosts
  when: ("pixelfed" in group_names)
  include_role:
    name: docker-pixelfed
 - name: setup peertube hosts
  when: ("peertube" in group_names)
  include_role:
    name: docker-peertube
 - name: setup bigbluebutton hosts
  when: ("bigbluebutton" in group_names)
  include_role:
    name: docker-bigbluebutton
  vars:
    domain: "{{domains.bigbluebutton}}"
 - name: setup funkwhale hosts
  when: ("funkwhale" in group_names)
  include_role:
    name: docker-funkwhale
 - name: setup roulette-wheel hosts
  when: ("roulette-wheel" in group_names)
  include_role:
    name: docker-roulette-wheel
 - name: setup joomla hosts
  when: ("joomla" in group_names)
  include_role:
    name: docker-joomla
 - name: setup attendize
  when: ("attendize" in group_names)
  include_role:
    name: docker-attendize
 - name: setup baserow hosts
  when: ("baserow" in group_names)
  include_role:
    name: docker-baserow
 - name: setup listmonk
  when: ("listmonk" in group_names)
  include_role:
    name: docker-listmonk
 - name: setup discourse
  when: ("discourse" in group_names)
  include_role:
    name: docker-discourse
 - name: setup matrix with flavor 'ansible'
  include_role:
    name: docker-matrix-ansible
  when: applications.matrix.role == 'ansible' and ("matrix" in group_names)
 - name: setup matrix with flavor 'compose'
  include_role:
    name: docker-matrix
  when: applications.matrix.role == 'compose' and ("matrix" in group_names)
 - name: setup open project instances
  when: ("openproject" in group_names)
  include_role:
    name: docker-openproject
 - name: setup gitlab hosts
  when: ("gitlab" in group_names)
  include_role:
    name: docker-gitlab
 - name: setup akaunting hosts
  when: ("akaunting" in group_names)
  include_role:
    name: docker-akaunting
 - name: setup moodle instance
  when: ("moodle" in group_names)
  include_role:
    name: docker-moodle
 - name: setup taiga instance
  when: ("taiga" in group_names)
  include_role:
    name: docker-taiga
 - name: setup friendica hosts
  when: ("friendica" in group_names)
  include_role:
    name: docker-friendica
 - name: setup portfolio
  when: ("portfolio" in group_names)
  include_role:
    name: docker-portfolio
 - name: setup bluesky
  when: ("bluesky" in group_names)
  include_role:
    name: docker-bluesky
 - name: setup PHPMyAdmin
  when: ("phpmyadmin" in group_names)
  include_role:
    name: docker-phpmyadmin
 - name: setup SNIPE-IT
  when: ("snipe_it" in group_names)
  include_role:
    name: docker-snipe_it
 - name: setup sphinx
  when: ("sphinx" in group_names)
  include_role:
    name: docker-sphinx
 - name: setup pgadmin
  when: ("pgadmin" in group_names)
  include_role:
    name: docker-pgadmin
 - name: setup presentation
  when: ("presentation" in group_names)
  include_role:
    name: docker-presentation
 - name: setup espocrm hosts
  when: ("espocrm" in group_names)
  include_role:
    name: docker-espocrm
 # Native Webserver Roles
 - name: setup nginx-serve-htmls
--- a/tests/unit/test_bridge_filters.py
+++ b/tests/unit/test_bridge_filters.py
@ -0,0 +1,64 @@
 import os
 import sys
 import unittest
 # Add the filter_plugins directory from the docker-matrix role to the import path
 sys.path.insert(
    0,
    os.path.abspath(
        os.path.join(os.path.dirname(__file__), "../../roles/docker-matrix")
    ),
 )
 from filter_plugins.bridge_filters import filter_enabled_bridges
 class TestBridgeFilters(unittest.TestCase):
    def test_no_bridges_returns_empty_list(self):
        # When there are no bridges defined, result should be an empty list
        self.assertEqual(filter_enabled_bridges([], {}), [])
    def test_all_bridges_disabled(self):
        # Define two bridges, but plugins dict has them disabled or missing
        bridges = [
            {'bridge_name': 'whatsapp', 'config': {}},
            {'bridge_name': 'telegram', 'config': {}},
        ]
        plugins = {
            'whatsapp': False,
            'telegram': False,
        }
        result = filter_enabled_bridges(bridges, plugins)
        self.assertEqual(result, [])
    def test_some_bridges_enabled(self):
        # Only bridges with True in plugins should be returned
        bridges = [
            {'bridge_name': 'whatsapp', 'version': '1.0'},
            {'bridge_name': 'telegram', 'version': '1.0'},
            {'bridge_name': 'signal', 'version': '1.0'},
        ]
        plugins = {
            'whatsapp': True,
            'telegram': False,
            'signal': True,
        }
        result = filter_enabled_bridges(bridges, plugins)
        expected = [
            {'bridge_name': 'whatsapp', 'version': '1.0'},
            {'bridge_name': 'signal', 'version': '1.0'},
        ]
        self.assertEqual(result, expected)
    def test_bridge_without_plugin_entry_defaults_to_disabled(self):
        # If a bridge_name is not present in plugins, it should be treated as disabled
        bridges = [
            {'bridge_name': 'facebook', 'enabled': True},
        ]
        plugins = {}  # no entries
        result = filter_enabled_bridges(bridges, plugins)
        self.assertEqual(result, [])
 if __name__ == "__main__":
    unittest.main()
--- a/tests/unit/test_configuration_filters.py
+++ b/tests/unit/test_configuration_filters.py
@ -1,6 +1,16 @@
 # tests/unit/test_configuration_filters.py
 import unittest
 import sys
 import os
 sys.path.insert(
    0,
    os.path.abspath(
        os.path.join(os.path.dirname(__file__), "../../")
    ),
 )
 from filter_plugins.configuration_filters import (
    is_feature_enabled,
 )
--- a/tests/unit/test_csp_filters.py
+++ b/tests/unit/test_csp_filters.py
@ -1,6 +1,16 @@
 import unittest
 import hashlib
 import base64
 import sys
 import os
 sys.path.insert(
    0,
    os.path.abspath(
        os.path.join(os.path.dirname(__file__), "../../")
    ),
 )
 from filter_plugins.csp_filters import FilterModule, AnsibleFilterError
 class TestCspFilters(unittest.TestCase):
@ -137,5 +147,25 @@ class TestCspFilters(unittest.TestCase):
        style_hash = self.filter.get_csp_hash("body { background: #fff; }")
        self.assertNotIn(style_hash, header)
    def test_build_csp_header_recaptcha_toggle(self):
        """
        When the 'recaptcha' feature is enabled, 'https://www.google.com'
        must be included in script-src; when disabled, it must not be.
        """
        # enabled case
        self.apps['app1']['features']['recaptcha'] = True
        header_enabled = self.filter.build_csp_header(
            self.apps, 'app1', self.domains, web_protocol='https'
        )
        self.assertIn("https://www.google.com", header_enabled)
        # disabled case
        self.apps['app1']['features']['recaptcha'] = False
        header_disabled = self.filter.build_csp_header(
            self.apps, 'app1', self.domains, web_protocol='https'
        )
        self.assertNotIn("https://www.google.com", header_disabled)
 if __name__ == '__main__':
    unittest.main()
--- a/tests/unit/test_redirect_filters.py
+++ b/tests/unit/test_redirect_filters.py
@ -2,8 +2,12 @@ import os
 import sys
 import unittest
-PROJECT_ROOT = os.path.abspath(os.path.join(os.path.dirname(__file__), "../../.."))
+sys.path.insert(
-sys.path.insert(0, PROJECT_ROOT)
+    0,
    os.path.abspath(
        os.path.join(os.path.dirname(__file__), "../../")
    ),
 )
 from filter_plugins.redirect_filters import FilterModule
Author	SHA1	Message	Date
Kevin Veen-Birkenbach	f06ad0af18	Deactivated OIDC	2025-05-15 22:10:45 +02:00
Kevin Veen-Birkenbach	76aef5949b	Optimized Docker Matrix Role in Preparation for use on CyMaIS.Cloud Server	2025-05-15 21:11:21 +02:00
Kevin Veen-Birkenbach	9c65c320f9	Optimized more CSP policies and recaptcha	2025-05-15 19:36:46 +02:00
Kevin Veen-Birkenbach	2302cbfeb4	Added missing 'import datetime'	2025-05-15 18:53:37 +02:00
Kevin Veen-Birkenbach	9c45d070b4	Added datetime logs	2025-05-15 18:49:52 +02:00
Kevin Veen-Birkenbach	2478e4013f	Refactored docker role include	2025-05-15 18:35:21 +02:00
Kevin Veen-Birkenbach	2aac8b5f80	Solved portfolio iframe naming bug	2025-05-15 17:36:22 +02:00
		`@ -0,0 +1,2 @@`
							`from pkgutil import extend_path`
							`__path__ = extend_path(__path__, __name__)`