mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-10-31 02:10:05 +00:00
Kevin Veen-Birkenbach
aa19a97ed6
- Add reusable Nginx include: roles/sys-svc-proxy/templates/headers/access_control_allow.conf.j2
(dynamic ACAO/credentials/methods/headers via role vars)
- Set global 'Vary: Origin' in nginx.conf.j2 to prevent cache poisoning
- CSP: allow Simple Icons via connect-src when feature is enabled
- Front proxy: rename vars to lowercase + flush handlers after config deploy
- Desktop: gate & load Simple Icons role; inject brand logos when enabled
- Bluesky + Logout: replace inline CORS with centralized include
- Simpleicons: public CORS (ACAO='*', no credentials), keep GET/OPTIONS, allow headers
- Taiga: adjust canonical domain to taiga.kanban.{{ PRIMARY_DOMAIN }}
- LibreTranslate: remove unused images/versions keys
Fixes: https://open.project.infinito.nexus/projects/cymais/work_packages/342/activity
Discussion: https://chatgpt.com/share/68da5e27-ffd4-800f-91a3-0ef103058d44
44 lines
2.0 KiB
YAML
44 lines
2.0 KiB
YAML
# General
|
|
application_id: "web-app-desktop"
|
|
|
|
## Webserver
|
|
proxy_extra_configuration: "{{ lookup('template', 'nginx/sso.html.conf.j2') }}"
|
|
|
|
## Docker
|
|
docker_repository_address: "https://github.com/kevinveenbirkenbach/port-ui"
|
|
docker_pull_git_repository: true
|
|
|
|
# Desktop
|
|
|
|
## Simpleicons
|
|
DESKTOP_SIMPLEICONS_ENABLED: "{{ applications | get_app_conf(application_id, 'features.simpleicons') }}"
|
|
|
|
## Javascript
|
|
DESKTOP_JS_CDN_URL: "{{ domains | get_url('web-svc-cdn', WEB_PROTOCOL) }}"
|
|
DESKTOP_JS_FILES: ['iframe.js','oidc.js']
|
|
DESKTOP_JS_BASE_PATH: "{{ application_id | get_entity_name }}/js"
|
|
DESKTOP_JS_SERVER_DIR: "{{ [ NGINX.DIRECTORIES.DATA.CDN, DESKTOP_JS_BASE_PATH ] | path_join }}"
|
|
DESKTOP_JS_BASE_URL: "{{ (DESKTOP_JS_CDN_URL | trim('/')) ~ '/' ~ (DESKTOP_JS_BASE_PATH | trim('/')) }}"
|
|
|
|
## Webserver
|
|
DESKTOP_LOCATION_SILENT_CHECK: "/silent-check-sso.html"
|
|
|
|
|
|
## Configuration
|
|
DESKTOP_CONFIG_YML_SRC_FILE: "config.yaml.j2"
|
|
DESKTOP_CONFIG_INV_PATH: "{{ [ inventory_dir, 'files', inventory_hostname ,'docker',application_id,DESKTOP_CONFIG_YML_SRC_FILE] | path_join }}"
|
|
DESKTOP_CONFIG_YML_DEST: "{{ [ docker_repository_path, 'app/config.yaml'] | path_join }}"
|
|
|
|
## OIDC
|
|
DESKTOP_KEYCLOAK_LOGIN_URL: >-
|
|
{{ OIDC.CLIENT.AUTHORIZE_URL
|
|
~ '?client_id=' ~ OIDC.CLIENT.ID
|
|
~ '&response_type=code'
|
|
~ '&scope=openid%20profile%20email'
|
|
~ '&redirect_uri=' ~ (domains | get_url(application_id, WEB_PROTOCOL)) | urlencode }}
|
|
DESKTOP_KEYCLOAK_IFRAME_ENABLED: "{{ applications | get_app_conf( 'web-app-keycloak', 'features.desktop') }}"
|
|
DESKTOP_OIDC_ENABLED: "{{ applications | get_app_conf( application_id, 'features.oidc') }}"
|
|
|
|
## Docker
|
|
DESKTOP_CONTAINER: "{{ applications | get_app_conf( application_id, 'docker.services.desktop.name') }}"
|
|
DESKTOP_IMAGE: "{{ applications | get_app_conf( application_id, 'docker.services.desktop.image') }}" |