Add Joomla CLI paths and implement non-interactive admin password reset via CLI

Ref: https://chatgpt.com/share/69039c22-f530-800f-a641-fd2636d5b6af

roles/web-app-gitlab/config/main.yml

@@ -27,3 +27,7 @@ server:
   domains:
     canonical:
       - lab.git.{{ PRIMARY_DOMAIN }}
+  csp:
+    flags:
+      script-src-elem:
+        unsafe-inline:  true

roles/web-app-joomla/tasks/01_install.yml

@@ -11,7 +11,7 @@
 # (Optional) specifically wait for the CLI installer script
 - name: "Check for CLI installer"
   command:
-    argv: [ docker, exec, "{{ JOOMLA_CONTAINER }}", test, -f, /var/www/html/installation/joomla.php ]
+    argv: [ docker, exec, "{{ JOOMLA_CONTAINER }}", test, -f, "{{ JOOMLA_INSTALLER_CLI_FILE }}" ]
   register: has_installer
   changed_when: false
   failed_when: false
@@ -32,7 +32,7 @@
       - exec
       - "{{ JOOMLA_CONTAINER }}"
       - php
-      - /var/www/html/installation/joomla.php
+      - "{{ JOOMLA_INSTALLER_CLI_FILE }}"
       - install
       - "--db-type={{ JOOMLA_DB_CONNECTOR }}"
       - "--db-host={{ database_host }}"

roles/web-app-joomla/tasks/05_reset_admin_password.yml

@@ -0,0 +1,18 @@
+---
+# Reset Joomla admin password via CLI (inside the container)
+- name: "Reset Joomla admin password (non-interactive CLI)"
+  command:
+    argv:
+      - docker
+      - exec
+      - "{{ JOOMLA_CONTAINER }}"
+      - php
+      - "{{ JOOMLA_CLI_FILE }}"
+      - user:reset-password
+      - "--username"
+      - "{{ JOOMLA_USER_NAME }}"
+      - "--password"
+      - "{{ JOOMLA_USER_PASSWORD }}"
+  register: j_password_reset
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
+  changed_when: j_password_reset.rc == 0

roles/web-app-joomla/tasks/main.yml

@@ -24,3 +24,7 @@
 - name: Include assert routines
   include_tasks: "04_assert.yml"
   when: MODE_ASSERT | bool
+
+- name: Reset Admin Password
+  include_tasks: 05_reset_admin_password.yml
+

roles/web-app-joomla/vars/main.yml

@@ -13,6 +13,8 @@ JOOMLA_DOMAINS:                   "{{ applications | get_app_conf(application_id
 JOOMLA_SITE_NAME:                 "{{ SOFTWARE_NAME }} Joomla - CMS"
 JOOMLA_DB_CONNECTOR:              "{{ 'pgsql' if database_type == 'postgres' else 'mysqli' }}"
 JOOMLA_CONFIG_FILE:               "/var/www/html/configuration.php"
+JOOMLA_INSTALLER_CLI_FILE:        "/var/www/html/installation/joomla.php"
+JOOMLA_CLI_FILE:                  "/var/www/html/cli/joomla.php"
 
 # User
 JOOMLA_USER_NAME:                 "{{ users.administrator.username }}"

roles/web-app-listmonk/config/main.yml

@@ -13,6 +13,16 @@ server:
     aliases: []
   status_codes:
     default: 404
+  csp:
+    flags:
+      script-src-elem:
+        unsafe-inline:  true
+    whitelist:
+      script-src-elem:
+        - "https://www.hcaptcha.com"
+        - "https://js.hcaptcha.com"
+      frame-src:
+        - "https://newassets.hcaptcha.com/"
 docker:
   services:
     database:

roles/web-app-nextcloud/config/main.yml

@@ -9,6 +9,9 @@ server:
       script-src-attr:
         unsafe-eval:    true
     whitelist:
+      script-src-elem:
+        - "https://www.hcaptcha.com"
+        - "https://js.hcaptcha.com"
       font-src:
         - "data:"
       connect-src:
@@ -19,6 +22,7 @@ server:
       frame-src:
         - "{{ WEBSOCKET_PROTOCOL }}://collabora.{{ PRIMARY_DOMAIN }}"
         - "{{ WEB_PROTOCOL }}://collabora.{{ PRIMARY_DOMAIN }}"
+        - "https://newassets.hcaptcha.com/"
       worker-src:
         - "blob:"
   domains:

roles/web-app-nextcloud/tasks/03_upgrade.yml

@@ -7,6 +7,9 @@
   command: "{{ NEXTCLOUD_DOCKER_EXEC_OCC }} maintenance:repair --include-expensive"
   register: occ_repair
   changed_when: "'No repairs needed' not in occ_repair.stdout"
+  retries: 3
+  delay: 10
+  until: occ_repair.rc == 0
 
 - name: Nextcloud | App update (retry once)
   command: "{{ NEXTCLOUD_DOCKER_EXEC_OCC }} app:update --all"

roles/web-app-nextcloud/tasks/main.yml

@@ -16,6 +16,13 @@
 - name: Flush all handlers immediately so that occ can be used
   meta: flush_handlers
 
+- name: Wait until Redis is ready (PONG)
+  command: "docker exec {{ NEXTCLOUD_REDIS_CONTAINER }} redis-cli ping"
+  register: redis_ping
+  retries: 60
+  delay: 2
+  until: (redis_ping.stdout | default('')) is search('PONG')
+
 - name: Update\Upgrade Nextcloud
   include_tasks: 03_upgrade.yml
   when: MODE_UPDATE | bool

roles/web-app-nextcloud/vars/main.yml

@@ -142,3 +142,6 @@ NEXTCLOUD_DOCKER_USER:                    "www-data" # Name of the www-data user
 NEXTCLOUD_INTERNAL_OCC_COMMAND:           "{{ [ NEXTCLOUD_DOCKER_WORK_DIRECTORY, 'occ'] | path_join }}"
 NEXTCLOUD_DOCKER_EXEC:                    "docker exec -u {{ NEXTCLOUD_DOCKER_USER }} {{ NEXTCLOUD_CONTAINER }}"  # General execute composition
 NEXTCLOUD_DOCKER_EXEC_OCC:                "{{ NEXTCLOUD_DOCKER_EXEC }} {{ NEXTCLOUD_INTERNAL_OCC_COMMAND }}"      # Execute docker occ command
+
+## Redis
+NEXTCLOUD_REDIS_CONTAINER:                "{{ entity_name }}-redis"

roles/web-app-xwiki/templates/docker-compose.yml.j2

@@ -9,9 +9,11 @@
     environment:
       JAVA_OPTS: >-
 {% if xwiki_oidc_enabled_switch| bool %}
+        -Dxwiki.authentication.authservice=oidc
         -Dxwiki.authentication.authclass=org.xwiki.contrib.oidc.auth.OIDCAuthServiceImpl
 {% elif xwiki_ldap_enabled_switch | bool %}
         -Dxwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl
+        -Dxwiki.authentication.authservice=ldap
         -Dxwiki.authentication.ldap=1
         -Dxwiki.authentication.ldap.trylocal={{ (XWIKI_LDAP_TRYLOCAL | bool) | ternary(1, 0) }}
         -Dxwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup={{ XWIKI_LDAP_ADMIN_GROUP_DN }}
@@ -24,6 +26,7 @@
         -Dxwiki.authentication.ldap.fields_mapping={{ XWIKI_LDAP_FIELDS_MAPPING }}
         -Dxwiki.authentication.ldap.update_user=1
 {% else %}
+        -Dxwiki.authentication.authservice=standard
         -Dxwiki.authentication.authclass=com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl
 {% endif %}
     volumes: