Added no_logs, asyncs, and optimized listmonk variable names

Added no_logs to mailu
Added no_logs
2025-09-08 11:17:17 +02:00 · 2025-08-16 02:00:13 +02:00 · 2025-08-16 01:49:48 +02:00 · 2025-08-16 01:41:37 +02:00 · 2025-08-16 01:31:49 +02:00
27 changed files with 244 additions and 54 deletions
--- a/roles/docker-compose/handlers/main.yml
+++ b/roles/docker-compose/handlers/main.yml
@@ -50,5 +50,5 @@
 - name: docker compose restart
  command:
    cmd: 'docker compose restart'
-    chdir: "{{docker_compose.directories.instance}}"
+    chdir: "{{ docker_compose.directories.instance }}"
  listen: docker compose restart
--- a/roles/srv-proxy-6-6-tls-deploy/templates/srv-proxy-6-6-tls-deploy.service.j2
+++ b/roles/srv-proxy-6-6-tls-deploy/templates/srv-proxy-6-6-tls-deploy.service.j2
@@ -1,7 +1,7 @@
 [Unit]
-Description=Let's Encrypt deploy to {{docker_compose.directories.instance}}
+Description=Let's Encrypt deploy to {{ docker_compose.directories.instance }}
 OnFailure=sys-alm-compose.infinito@%n.service

 [Service]
 Type=oneshot
-ExecStart=/usr/bin/bash {{ PATH_ADMINISTRATOR_SCRIPTS }}/srv-proxy-6-6-tls-deploy.sh {{ssl_cert_folder}} {{docker_compose.directories.instance}}
+ExecStart=/usr/bin/bash {{ PATH_ADMINISTRATOR_SCRIPTS }}/srv-proxy-6-6-tls-deploy.sh {{ssl_cert_folder}} {{ docker_compose.directories.instance }}
--- a/roles/sys-srv-web-inj-compose/filter_plugins/inj_snippets.py
+++ b/roles/sys-srv-web-inj-compose/filter_plugins/inj_snippets.py
@@ -0,0 +1,56 @@
+# roles/sys-srv-web-inj-compose/filter_plugins/inj_snippets.py
+"""
+Jinja filter: `inj_features(kind)` filters a list of features to only those
+that actually provide the corresponding snippet template file.
+
+- kind='head' -> roles/sys-srv-web-inj-<feature>/templates/head_sub.j2
+- kind='body' -> roles/sys-srv-web-inj-<feature>/templates/body_sub.j2
+
+If the feature's role directory (roles/sys-srv-web-inj-<feature>) does not
+exist, this filter raises FileNotFoundError.
+
+Usage in a template:
+    {% set head_features = SRV_WEB_INJ_COMP_FEATURES_ALL | inj_features('head') %}
+    {% set body_features = SRV_WEB_INJ_COMP_FEATURES_ALL | inj_features('body') %}
+"""
+
+import os
+
+# This file lives at: roles/sys-srv-web-inj-compose/filter_plugins/inj_snippets.py
+_THIS_DIR = os.path.dirname(__file__)
+_ROLE_DIR = os.path.abspath(os.path.join(_THIS_DIR, ".."))   # roles/sys-srv-web-inj-compose
+_ROLES_DIR = os.path.abspath(os.path.join(_ROLE_DIR, ".."))  # roles
+
+def _feature_role_dir(feature: str) -> str:
+    return os.path.join(_ROLES_DIR, f"sys-srv-web-inj-{feature}")
+
+def _has_snippet(feature: str, kind: str) -> bool:
+    if kind not in ("head", "body"):
+        raise ValueError("kind must be 'head' or 'body'")
+
+    role_dir = _feature_role_dir(feature)
+    if not os.path.isdir(role_dir):
+        raise FileNotFoundError(
+            f"[inj_snippets] Expected role directory not found for feature "
+            f"'{feature}': {role_dir}"
+        )
+
+    path = os.path.join(role_dir, "templates", f"{kind}_sub.j2")
+    return os.path.exists(path)
+
+def inj_features_filter(features, kind: str = "head"):
+    if not isinstance(features, (list, tuple)):
+        return []
+    # Validation + filtering in one pass; will raise if a role dir is missing.
+    valid = []
+    for f in features:
+        name = str(f)
+        if _has_snippet(name, kind):
+            valid.append(name)
+    return valid
+
+class FilterModule(object):
+    def filters(self):
+        return {
+            "inj_features": inj_features_filter,
+        }
--- a/roles/sys-srv-web-inj-compose/tasks/main.yml
+++ b/roles/sys-srv-web-inj-compose/tasks/main.yml
@@ -39,6 +39,8 @@
 - name: Reinitialize 'inj_enabled' for '{{ domain }}', after modification by CDN
  set_fact:
    inj_enabled: "{{ applications | inj_enabled(application_id, SRV_WEB_INJ_COMP_FEATURES_ALL) }}"
+    inj_head_features: "{{ SRV_WEB_INJ_COMP_FEATURES_ALL | inj_features('head') }}"
+    inj_body_features: "{{ SRV_WEB_INJ_COMP_FEATURES_ALL | inj_features('body') }}"

 - name: "Activate Corporate CSS for '{{ domain }}'"
  include_role:
--- a/roles/sys-srv-web-inj-compose/templates/location.lua.j2
+++ b/roles/sys-srv-web-inj-compose/templates/location.lua.j2
@@ -1,15 +1,10 @@
+{# roles/sys-srv-web-inj-compose/templates/location.lua.j2 #}
 {% macro push_snippets(list_name, features) -%}
-{% for f in features -%}
-{% if inj_enabled.get(f) -%}
+{% set kind = list_name | regex_replace('_snippets$','') %}
+{% for f in features if inj_enabled.get(f) -%}
 {{ list_name }}[#{{ list_name }} + 1] = [=[
-  {%- include
-     'roles/sys-srv-web-inj-' ~ f ~
-     '/templates/' ~
-     ('head' if list_name == 'head_snippets' else 'body') ~
-     '_sub.j2'
-  -%}
+  {%- include 'roles/sys-srv-web-inj-' ~ f ~ '/templates/' ~ kind ~ '_sub.j2' -%}
 ]=]
-{% endif -%}
 {% endfor -%}
 {%- endmacro %}

@@ -48,7 +43,7 @@ body_filter_by_lua_block {
    local whole = table.concat(ngx.ctx.buf)
    ngx.ctx.buf = nil  -- clear buffer

-    -- remove html CSP, due to management via infinito nexus policies
+    -- remove html CSP, due to management via Infinito.Nexus policies
    whole = whole:gsub(
        '<meta[^>]-http%-equiv=["\']Content%-Security%-Policy["\'][^>]->%s*',
        ''
@@ -57,21 +52,21 @@ body_filter_by_lua_block {
    -- build a list of head-injection snippets
    local head_snippets = {}

-    {{ push_snippets('head_snippets', ['css','matomo','desktop','javascript','logout']) }}
+    {{ push_snippets('head_snippets', inj_head_features) }}

    -- inject all collected snippets right before </head>
    local head_payload = table.concat(head_snippets, "\n") .. "</head>"
-    whole = string.gsub(whole, "</head>", head_payload)
+    whole = ngx.re.gsub(whole, "</head>", head_payload, "ijo", nil, 1)

    -- build a list of body-injection snippets
    local body_snippets = {}

-    {{ push_snippets('body_snippets', ['matomo','logout','desktop']) }}
+    {{ push_snippets('body_snippets', inj_body_features) }}

    -- inject all collected snippets right before </body>
    local body_payload = table.concat(body_snippets, "\n") .. "</body>"
-    whole = string.gsub(whole, "</body>", body_payload)
+    whole = ngx.re.gsub(whole, "</body>", body_payload, "ijo", nil, 1)

    -- finally send the modified HTML out
    ngx.arg[1] = whole
-}
+}
--- a/roles/sys-srv-web-inj-matomo/tasks/main.yml
+++ b/roles/sys-srv-web-inj-matomo/tasks/main.yml
@@ -13,6 +13,7 @@
      base_domain: "{{ base_domain }}"
      matomo_verification_url: "{{ matomo_verification_url }}"
  when: MODE_DEBUG | bool
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"

 - name: "Check if site {{ domain }} is allready registered at Matomo"
  uri:
@@ -22,6 +23,7 @@
    status_code: 200
    validate_certs: yes
  register: site_check
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"

 - name: Set matomo_site_id to Null
  set_fact:
@@ -44,6 +46,7 @@
    validate_certs: yes
  register: add_site
  when: "matomo_site_id is not defined or matomo_site_id is none"
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"

 - name: Set fact for site ID if site was added
  set_fact:
--- a/roles/web-app-gitea/Administration.md
+++ b/roles/web-app-gitea/Administration.md
@@ -2,7 +2,7 @@

 ## update
 ```bash 
-cd {{docker_compose.directories.instance}}
+cd {{ docker_compose.directories.instance }}
 docker-compose down
 docker-compose pull
 docker-compose up -d
@@ -17,7 +17,7 @@ Keep in mind to track and to don't interrupt the update process until the migrat

 ## recreate
 ```bash
-cd {{docker_compose.directories.instance}} && docker-compose -p gitea up -d --force-recreate
+cd {{ docker_compose.directories.instance }} && docker-compose -p gitea up -d --force-recreate
 ```

 ## database access
--- a/roles/web-app-listmonk/tasks/main.yml
+++ b/roles/web-app-listmonk/tasks/main.yml
@@ -27,7 +27,7 @@
 - name: Run Listmonk setup only if DB is empty
  command:
    cmd: docker compose run -T --rm application sh -c "yes | ./listmonk --install"
-    chdir: "{{docker_compose.directories.instance}}"
+    chdir: "{{ docker_compose.directories.instance }}"
  when: "'No relations found.' in db_tables.stdout"

 - name: Build OIDC settings JSON
@@ -66,7 +66,10 @@
    EOSQL
  args:
    executable: /bin/bash
-  loop: "{{ listmonk_settings }}"
+  loop: "{{ LISTMONK_SETTINGS }}"
  loop_control:
    label: "{{ item.key }}"
  when: item.when is not defined or item.when
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
+  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
+  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
--- a/roles/web-app-listmonk/templates/docker-compose.yml.j2
+++ b/roles/web-app-listmonk/templates/docker-compose.yml.j2
@@ -2,8 +2,8 @@
  application:
 {% set container_healthcheck = 'health' %}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
-    image: "{{ listmonk_image }}:{{ listmonk_version }}"
-    container_name: "{{ listmonk_name }}"
+    image: "{{ LISTMONK_IMAGE }}:{{ LISTMONK_VERSION }}"
+    container_name: "{{ LISTMONK_NAME }}"
    ports:
      - "127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}"
    volumes:
--- a/roles/web-app-listmonk/vars/main.yml
+++ b/roles/web-app-listmonk/vars/main.yml
@@ -1,17 +1,18 @@
+# General 
 application_id: "web-app-listmonk"
 database_type:  "postgres"

-container_port:   "{{ applications | get_app_conf(application_id, 'docker.services.listmonk.port', True) }}"
+container_port:   "{{ applications | get_app_conf(application_id, 'docker.services.listmonk.port') }}"

 # Docker
 docker_compose_flush_handlers: false

-# Listmonk Specific
-listmonk_version: "{{ applications | get_app_conf(application_id, 'docker.services.listmonk.version', True) }}"
-listmonk_image:   "{{ applications | get_app_conf(application_id, 'docker.services.listmonk.image', True) }}"
-listmonk_name:    "{{ applications | get_app_conf(application_id, 'docker.services.listmonk.name', True) }}"
+# Listmonk
+LISTMONK_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.listmonk.version') }}"
+LISTMONK_IMAGE:   "{{ applications | get_app_conf(application_id, 'docker.services.listmonk.image') }}"
+LISTMONK_NAME:    "{{ applications | get_app_conf(application_id, 'docker.services.listmonk.name') }}"

-listmonk_settings:
+LISTMONK_SETTINGS:
  - key: "app.root_url"
    value: '"{{ domains | get_url(application_id, WEB_PROTOCOL) }}"'

@@ -34,10 +35,10 @@ listmonk_settings:
    value: 'true'

  - key: "security.captcha_key"
-    value: '"{{ applications | get_app_conf(application_id, "credentials.hcaptcha_site_key", True) }}"'
+    value: '"{{ applications | get_app_conf(application_id, "credentials.hcaptcha_site_key") }}"'

  - key: "security.captcha_secret"
-    value: '"{{ applications | get_app_conf(application_id, "credentials.hcaptcha_secret", True) }}"'
+    value: '"{{ applications | get_app_conf(application_id, "credentials.hcaptcha_secret") }}"'

  # SMTP servers
  - key: "smtp"
--- a/roles/web-app-mailu/tasks/02_create-mailu-user.yml
+++ b/roles/web-app-mailu/tasks/02_create-mailu-user.yml
@@ -13,6 +13,7 @@
    )
  changed_when: mailu_user_result.rc == 0
  when: "'mail-bot' in item.value.roles or 'administrator' in item.value.roles"
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"

 - name: "Change password for user '{{ mailu_user_key }};{{ mailu_user_name }}@{{ mailu_domain }}'"
  command: >
@@ -21,6 +22,7 @@
  args:
    chdir: "{{ mailu_compose_dir }}"
  when: "'mail-bot' in item.value.roles or 'administrator' in item.value.roles"
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"

 - name: "Create Mailu API Token for {{ mailu_user_name }}"
  include_tasks: 03_create-mailu-token.yml
--- a/roles/web-app-mailu/tasks/03_create-mailu-token.yml
+++ b/roles/web-app-mailu/tasks/03_create-mailu-token.yml
@@ -8,6 +8,7 @@
    chdir: "{{ mailu_compose_dir }}"
  register: mailu_tokens_cli
  changed_when: false
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"

 - name: "Extract existing token info for '{{ mailu_user_key }};{{ mailu_user_name }}'"
  set_fact:
@@ -33,6 +34,7 @@
    - mailu_user_existing_token.id is defined
  register: mailu_token_delete
  changed_when: mailu_token_delete.rc == 0
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"

 - name: "Create API token for '{{ mailu_user_key }};{{ mailu_user_name }}' if no local token defined"
  command: >-
@@ -50,6 +52,7 @@
  when: users[mailu_user_key].mailu_token is not defined
  register: mailu_token_creation
  changed_when: mailu_token_creation.rc == 0
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"

 - name: "Set mailu_token for '{{ mailu_user_key }};{{ mailu_user_name }}' in users dict if newly created"
  set_fact:
@@ -65,3 +68,4 @@
           }, recursive=True)
      }}
  when: users[mailu_user_key].mailu_token is not defined
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
--- a/roles/web-app-mailu/tasks/04_set-mailu-dns-records.yml
+++ b/roles/web-app-mailu/tasks/04_set-mailu-dns-records.yml
@@ -16,6 +16,7 @@
    state: present
  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"

 - name: "Set CNAME record for autoconfig"
  community.general.cloudflare_dns:
@@ -29,6 +30,7 @@
    state: present
  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"

 - name: "Set MX record"
  community.general.cloudflare_dns:
@@ -42,6 +44,7 @@
    state: present
  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"

 - name: "Set SRV records"
  community.general.cloudflare_dns:
@@ -63,6 +66,7 @@
  #changed_when: srv_result.rc == 0 and ("An identical record already exists" not in srv_result.stdout)
  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"

 - name: "Set SPF TXT record"
  community.general.cloudflare_dns:
@@ -75,6 +79,7 @@
    state: present
  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"

 - name: "Set DMARC TXT record"
  community.general.cloudflare_dns:
@@ -87,6 +92,7 @@
    state: present
  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"

 - name: "Set DKIM TXT record"
  community.general.cloudflare_dns:
@@ -98,4 +104,5 @@
    ttl: 1
    state: present
  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
-  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
+  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
--- a/roles/web-app-mailu/tasks/05_generate-and-read-dkim.yml
+++ b/roles/web-app-mailu/tasks/05_generate-and-read-dkim.yml
@@ -1,7 +1,7 @@
 - name: Check if DKIM private key file exists in the antispam container
  command: >
    docker compose exec -T antispam
-    test -f {{mailu_dkim_key_path}}
+    test -f {{ mailu_dkim_key_path }}
  register: dkim_key_file_stat
  failed_when:  false
  changed_when: false
@@ -16,6 +16,7 @@
  when: dkim_key_file_stat.rc != 0
  args:
    chdir: "{{ docker_compose.directories.instance }}"
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"

 - name: Fetch DKIM private key from antispam container
  shell: >
@@ -26,6 +27,7 @@
  register: dkim_priv_content
  failed_when: dkim_priv_content.rc != 0
  changed_when: false
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"

 - name: Generate DKIM public key on the host
  command: openssl rsa -pubout
@@ -33,6 +35,7 @@
    stdin: "{{ dkim_priv_content.stdout }}"
  register: dkim_pub_raw
  changed_when: false
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"

 - name: Normalize and build Mailu DKIM TXT record
  set_fact:
@@ -43,7 +46,10 @@
        | regex_replace('-----END PUBLIC KEY-----', '')
        | regex_replace('\s+', '')
      }}
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"

 - name: Debug Mailu DKIM public key
  debug:
-    msg: "Mailu DKIM public key: {{ mailu_dkim_public_key }}"
+    msg: "Mailu DKIM public key: {{ mailu_dkim_public_key }}"
+  when: MODE_DEBUG | bool
+  
--- a/roles/web-app-mastodon/tasks/01_setup.yml
+++ b/roles/web-app-mastodon/tasks/01_setup.yml
@@ -1,7 +1,7 @@
 - name: "Execute migration for '{{ application_id }}'"
  command:
    cmd: "docker-compose run --rm web bundle exec rails db:migrate"
-    chdir: "{{docker_compose.directories.instance}}"  
+    chdir: "{{ docker_compose.directories.instance }}"  

 - name: "Include administrator routines for '{{ application_id }}'"
  include_tasks: 02_administrator.yml
--- a/roles/web-app-mastodon/tasks/02_administrator.yml
+++ b/roles/web-app-mastodon/tasks/02_administrator.yml
@@ -1,7 +1,7 @@
 # Routines to create the administrator account
 # @see https://chatgpt.com/share/67b9b12c-064c-800f-9354-8e42e6459764

- name: Check health status of {{ item }} container
+- name: Check health status of '{{ item }}' container
  shell: |
    cid=$(docker compose ps -q {{ item }})
    docker inspect \
@@ -19,25 +19,29 @@
    - sidekiq
  loop_control:
    label: "{{ item }}"
+  changed_when: false

 - name: Remove line containing "- administrator" from config/settings.yml to allow creating administrator account
  command: 
    cmd:  "docker compose exec -u root web sed -i '/- administrator/d' config/settings.yml"
-    chdir: "{{docker_compose.directories.instance}}"
+    chdir: "{{ docker_compose.directories.instance }}"
  when: users.administrator.username == "administrator"

 - name: Create admin account via tootctl
-  command: 
+  command:
    cmd: 'docker compose exec -u root web bash -c "RAILS_ENV=production bin/tootctl accounts create {{users.administrator.username}} --email {{ users.administrator.email }} --confirmed --role Owner"'
-    chdir: "{{docker_compose.directories.instance}}"
+    chdir: "{{ docker_compose.directories.instance }}"
  register: tootctl_create
  changed_when: tootctl_create.rc == 0
  failed_when: >
    tootctl_create.rc != 0
    and
    ("taken" not in tootctl_create.stderr | lower)
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
    
 - name: Approve the administrator account in Mastodon
  command: 
    cmd: docker compose exec -u root web bash -c "RAILS_ENV=production bin/tootctl accounts modify {{users.administrator.username}} --approve"
-    chdir: "{{docker_compose.directories.instance}}"
+    chdir: "{{ docker_compose.directories.instance }}"
+  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
+  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
--- a/roles/web-app-mediawiki/tasks/main.yml
+++ b/roles/web-app-mediawiki/tasks/main.yml
@@ -4,5 +4,5 @@
    name: cmp-db-docker-proxy

 - name: add docker-compose.yml
-  template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
+  template: src=docker-compose.yml.j2 dest={{ docker_compose.directories.instance }}docker-compose.yml
  notify: docker compose up
--- a/roles/web-app-mybb/tasks/main.yml
+++ b/roles/web-app-mybb/tasks/main.yml
@@ -32,5 +32,5 @@
 - name: add docker-compose.yml
  template:
    src: "docker-compose.yml.j2"
-    dest: "{{docker_compose.directories.instance}}docker-compose.yml"
+    dest: "{{ docker_compose.directories.instance }}docker-compose.yml"
  notify: docker compose up
--- a/roles/web-app-mybb/vars/main.yml
+++ b/roles/web-app-mybb/vars/main.yml
@@ -1,6 +1,6 @@
 ---
 application_id:                                 "web-app-mybb"
-docker_compose_instance_confd_directory:        "{{docker_compose.directories.instance}}conf.d/"
+docker_compose_instance_confd_directory:        "{{ docker_compose.directories.instance }}conf.d/"
 docker_compose_instance_confd_defaultconf_file: "{{docker_compose_instance_confd_directory}}default.conf"
 target_mount_conf_d_directory:                  "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}"
 source_domain:                                  "mybb.{{ PRIMARY_DOMAIN }}"
--- a/roles/web-app-openproject/tasks/main.yml
+++ b/roles/web-app-openproject/tasks/main.yml
@@ -32,9 +32,10 @@
    RAILS_ENV={{ ENVIRONMENT | lower }} bundle exec rails runner \"Setting[:{{ item.key }}] = '{{ item.value }}'\""
  args:
    chdir: "{{ docker_compose.directories.instance }}"
-  loop: "{{ openproject_rails_settings | dict2items }}"
-  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
-  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
+  loop:   "{{ openproject_rails_settings | dict2items }}"
+  async:  "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
+  poll:   "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"

 - name: Setup LDAP
  include_tasks: 01_ldap.yml
--- a/roles/web-app-roulette-wheel/vars/main.yml
+++ b/roles/web-app-roulette-wheel/vars/main.yml
@@ -1,2 +1,2 @@
 application_id: "web-app-roulette-wheel"
-app_path:       "{{docker_compose.directories.instance}}/app/"
+app_path:       "{{ docker_compose.directories.instance }}/app/"
--- a/roles/web-app-taiga/vars/main.yml
+++ b/roles/web-app-taiga/vars/main.yml
@@ -2,7 +2,7 @@ application_id:             "web-app-taiga"
 database_type:              "postgres"
 docker_repository_address:  "https://github.com/taigaio/taiga-docker"
 email_backend:              "smtp"                                      ## use an SMTP server or display the emails in the console (either "smtp" or "console")
-docker_compose_init:        "{{docker_compose.directories.instance}}docker-compose-inits.yml.j2"
+docker_compose_init:        "{{ docker_compose.directories.instance }}docker-compose-inits.yml.j2"
 taiga_image_backend: >-
  {{ 'robrotheram/taiga-back-openid' if applications | get_app_conf(application_id, 'features.oidc', True) and applications | get_app_conf(application_id, 'oidc.flavor', True) == 'robrotheram'
     else 'taigaio/taiga-back' }}
--- a/tasks/utils/update-repository-with-files.yml
+++ b/tasks/utils/update-repository-with-files.yml
@@ -9,9 +9,9 @@

 - name: "backup detached files"
  command: >
-    mv "{{docker_compose.directories.instance}}{{ item }}" "/tmp/{{ application_id }}-{{ item }}.backup"
+    mv "{{ docker_compose.directories.instance }}{{ item }}" "/tmp/{{ application_id }}-{{ item }}.backup"
  args:
-    removes: "{{docker_compose.directories.instance}}{{ item }}"
+    removes: "{{ docker_compose.directories.instance }}{{ item }}"
  become: true
  loop: "{{ merged_detached_files | default(detached_files) }}"

@@ -19,12 +19,12 @@
  ansible.builtin.shell: git checkout .
  become: true
  args:
-    chdir: "{{docker_compose.directories.instance}}"
+    chdir: "{{ docker_compose.directories.instance }}"
  ignore_errors: true

 - name: "restore detached files"
  command: >
-    mv "/tmp/{{ application_id }}-{{ item }}.backup" "{{docker_compose.directories.instance}}{{ item }}"
+    mv "/tmp/{{ application_id }}-{{ item }}.backup" "{{ docker_compose.directories.instance }}{{ item }}"
  args:
    removes: "/tmp/{{ application_id }}-{{ item }}.backup"
  become: true
@@ -33,6 +33,6 @@
 - name: "copy {{ detached_files }} templates to server"
  template:
    src: "{{ item }}.j2"
-    dest: "{{docker_compose.directories.instance}}{{ item }}"
+    dest: "{{ docker_compose.directories.instance }}{{ item }}"
  loop: "{{ detached_files }}"
  notify: docker compose up
--- a/tests/unit/roles/sys-srv-web-inj-compose/init.py
+++ b/tests/unit/roles/sys-srv-web-inj-compose/init.py
--- a/tests/unit/roles/sys-srv-web-inj-compose/filter_plugins/init.py
+++ b/tests/unit/roles/sys-srv-web-inj-compose/filter_plugins/init.py
--- a/tests/unit/roles/sys-srv-web-inj-compose/filter_plugins/test_inj_enabled.py
+++ b/tests/unit/roles/sys-srv-web-inj-compose/filter_plugins/test_inj_enabled.py
--- a/tests/unit/roles/sys-srv-web-inj-compose/filter_plugins/test_inj_snippets.py
+++ b/tests/unit/roles/sys-srv-web-inj-compose/filter_plugins/test_inj_snippets.py
@@ -0,0 +1,106 @@
+# tests/unit/roles/sys-srv-web-inj-compose/filter_plugins/test_inj_snippets.py
+"""
+Unit tests for roles/sys-srv-web-inj-compose/filter_plugins/inj_snippets.py
+
+- Uses tempfile.TemporaryDirectory for an isolated roles/ tree.
+- Loads inj_snippets.py by absolute path (no sys.path issues).
+- Monkey-patches inj_snippets._ROLES_DIR to the temp roles/ path.
+- Calls the filter function via the loaded module to avoid method-binding.
+"""
+
+import os
+import sys
+import unittest
+import tempfile
+import importlib.util
+
+
+class TestInjSnippets(unittest.TestCase):
+    @classmethod
+    def setUpClass(cls):
+        # Find repo root by locating inj_snippets.py upwards from this file
+        cls.test_dir = os.path.dirname(__file__)
+        root = cls.test_dir
+        inj_rel = os.path.join(
+            "roles", "sys-srv-web-inj-compose", "filter_plugins", "inj_snippets.py"
+        )
+
+        while True:
+            candidate = os.path.join(root, inj_rel)
+            if os.path.isfile(candidate):
+                cls.repo_root = root
+                cls.inj_snippets_path = candidate
+                break
+            parent = os.path.dirname(root)
+            if parent == root:
+                raise RuntimeError(f"Could not locate {inj_rel} above {cls.test_dir}")
+            root = parent
+
+        # Create isolated temporary roles tree
+        cls.tmp = tempfile.TemporaryDirectory(prefix="inj-snippets-test-")
+        cls.roles_dir = os.path.join(cls.tmp.name, "roles")
+        os.makedirs(cls.roles_dir, exist_ok=True)
+
+        # Dynamically load inj_snippets by file path
+        spec = importlib.util.spec_from_file_location("inj_snippets", cls.inj_snippets_path)
+        if spec is None or spec.loader is None:
+            raise RuntimeError("Failed to create import spec for inj_snippets.py")
+        module = importlib.util.module_from_spec(spec)
+        spec.loader.exec_module(module)
+
+        # Point the module to our temp roles/ directory
+        module._ROLES_DIR = cls.roles_dir
+
+        # Keep the loaded module for calls
+        cls.mod = module
+
+        # Mock feature names
+        cls.feature_head_only = "zz_headonly"
+        cls.feature_body_only = "zz_bodyonly"
+        cls.feature_both = "zz_both"
+        cls.feature_missing = "zz_missing"
+
+        # Create mock roles and snippet files
+        cls._mkrole(cls.feature_head_only, head=True, body=False)
+        cls._mkrole(cls.feature_body_only, head=False, body=True)
+        cls._mkrole(cls.feature_both, head=True, body=True)
+
+    @classmethod
+    def _mkrole(cls, feature, head=False, body=False):
+        role_dir = os.path.join(cls.roles_dir, f"sys-srv-web-inj-{feature}")
+        tmpl_dir = os.path.join(role_dir, "templates")
+        os.makedirs(tmpl_dir, exist_ok=True)
+        if head:
+            with open(os.path.join(tmpl_dir, "head_sub.j2"), "w", encoding="utf-8") as f:
+                f.write("<!-- head test -->\n")
+        if body:
+            with open(os.path.join(tmpl_dir, "body_sub.j2"), "w", encoding="utf-8") as f:
+                f.write("<!-- body test -->\n")
+
+    @classmethod
+    def tearDownClass(cls):
+        cls.tmp.cleanup()
+
+    def test_head_features_filter(self):
+        features = [self.feature_head_only, self.feature_both, self.feature_body_only]
+        result = self.mod.inj_features_filter(features, kind="head")
+        self.assertEqual(result, [self.feature_head_only, self.feature_both])
+
+    def test_body_features_filter(self):
+        features = [self.feature_head_only, self.feature_both, self.feature_body_only]
+        result = self.mod.inj_features_filter(features, kind="body")
+        self.assertEqual(result, [self.feature_both, self.feature_body_only])
+
+    def test_raises_when_role_dir_missing(self):
+        with self.assertRaises(FileNotFoundError):
+            self.mod.inj_features_filter([self.feature_missing], kind="head")
+        with self.assertRaises(FileNotFoundError):
+            self.mod.inj_features_filter([self.feature_missing], kind="body")
+
+    def test_non_list_input_returns_empty(self):
+        self.assertEqual(self.mod.inj_features_filter("not-a-list", kind="head"), [])
+        self.assertEqual(self.mod.inj_features_filter(None, kind="body"), [])
+
+
+if __name__ == "__main__":
+    unittest.main()
Author	SHA1	Message	Date
Kevin Veen-Birkenbach	1bed83078e	Added no_logs, asyncs, and optimized listmonk variable names	2025-08-16 02:00:13 +02:00
Kevin Veen-Birkenbach	7ffd79ebd9	Added no_logs to mailu	2025-08-16 01:49:48 +02:00
Kevin Veen-Birkenbach	2b7950920c	Added no_logs	2025-08-16 01:41:37 +02:00
Kevin Veen-Birkenbach	f0b323afee	Added auto snippet for webserver injection	2025-08-16 01:31:49 +02:00