mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-12-02 07:38:22 +00:00

Files

Kevin Veen-Birkenbach e09f561f0b Refactor run-once orchestration and bootstrap Mailu/Mastodon in a single deploy

- Replace legacy utils/run_once.yml with the new helpers utils/once_flag.yml and utils/once_finalize.yml
- Introduce utils/compose_up.yml to ensure docker-compose stacks are up and to flush handlers safely without coupling to run-once flags
- Migrate all affected roles (desk-*, dev-*, sys-ctl-*, sys-svc-*, web-app-*, web-svc-*, util-*) to the new run-once helpers
- Rework sys-svc-msmtp to auto-load Mailu once per deploy, check reachability, and reuse the running stack instead of requiring multiple playbook passes
- Adjust web-app-mailu to integrate cert deployment, handler flushing, and run-once handling so Mailu is fully initialized in a single deploy
- Improve Matomo, CDN, logout and CSP/health-check related roles to cooperate with the new compose_up / once_* pattern
- Simplify alarm/backup/timer/service orchestration (sys-ctl-alm-*, sys-bkp-provider, sys-timer-cln-bkps, etc.) by moving run-once logic into dedicated 01_core.yml files
- Update integration tests so utils/once_flag.yml and utils/once_finalize.yml are recognised as valid run-once providers, keeping the global run_once_* guarantees consistent
- Align frontend injection and service dependencies so Mastodon- and Mailu-related services can be brought up coherently within a single deployment cycle rather than several iterations

2025-12-01 13:30:50 +01:00

config

CSP (Safari-safe): merge -elem/-attr into base; respect explicit disables; no mirror-back; header only for documents/workers

2025-10-22 13:53:06 +02:00

README.md

Confluence

Description

Confluence is Atlassian’s enterprise wiki and collaboration platform. This role deploys Confluence via Docker Compose, wires it to PostgreSQL, and integrates proxy awareness, optional OIDC SSO, health checks, and production-friendly defaults for Infinito.Nexus.

Overview

The role builds a minimal custom image on top of the official Confluence image, prepares persistent volumes, and exposes the app behind your reverse proxy. Configuration is driven by variables (image, version, volumes, domains, OIDC). JVM heap sizing is auto-derived from host RAM with safe caps to avoid Xms > Xmx.

Features

Fully Dockerized: Compose stack with a dedicated data volume (confluence_data) and a slim overlay image for future add-ons.
Reverse-Proxy Ready: Sets ATL_PROXY_NAME/PORT/SCHEME/SECURE so Confluence generates correct external URLs behind HTTPS.
OIDC SSO (Optional): Pre-templated vars for issuer, client, scopes, JWKS; compatible with Atlassian DC SSO/OIDC marketplace apps.
Central Database: PostgreSQL integration (local or central DB) with bootstrap credentials from role vars.
JVM Auto-Tuning: JVM_MINIMUM_MEMORY / JVM_MAXIMUM_MEMORY computed from host memory with upper bounds.
Health Checks: Curl-based container healthcheck for early failure detection.
CSP & Canonical Domains: Hooks into platform CSP/SSL/domain management to keep policies strict and URLs stable.
Backup Friendly: Data isolated under {{ CONFLUENCE_HOME }}.

Further Resources

Product page: Atlassian Confluence
Docker Hub (official image): atlassian/confluence