mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-08-30 07:18:09 +02:00
Kevin Veen-Birkenbach
18f3b1042f
Why - Fix flaky first-run installs and make config edits idempotent. - Prepare LDAP support and allow optional inline CSP for UI. - Improve observability and guard against broken configuration.php. What - config/main.yml: enable features.ldap; add CSP flags (allow inline style/script elem); minor spacing. - tasks/: split into 01_install (wait for core, absolute CLI path), 02_debug (toggle $debug/$error_reporting safely), 03_patch (patch DB creds in configuration.php), 04_ldap (configure plugin via helper), 05_assert (optional php -l). - templates/Dockerfile.j2: conditionally install/compile php-ldap (fallback to docker-php-ext-install with libsasl2-dev). - templates/cli-ldap.php.j2: idempotently enable & configure Authentication - LDAP from env. - templates/docker-compose.yml.j2: build custom image when LDAP is enabled; mount cli-ldap.php; pull_policy: never. - templates/env.j2: add site/admin vars, MariaDB connector/env, full LDAP env. - vars/main.yml: default to MariaDB (mysqli), add JOOMLA_* vars incl. JOOMLA_CONFIG_FILE. Notes - LDAP path implemented but NOT yet tested end-to-end. - Ref: https://chatgpt.com/share/68b068a8-2aa4-800f-8cd1-56383561a9a8.
42 lines
2.4 KiB
YAML
42 lines
2.4 KiB
YAML
# General
|
|
application_id: "web-app-joomla"
|
|
database_type: "mariadb"
|
|
container_port: 80
|
|
|
|
# Joomla
|
|
JOOMLA_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.joomla.version') }}"
|
|
JOOMLA_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.joomla.image') }}"
|
|
JOOMLA_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.joomla.name') }}"
|
|
JOOMLA_VOLUME: "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
|
|
JOOMLA_CUSTOM_IMAGE: "{{ JOOMLA_IMAGE }}_custom"
|
|
JOOMLA_DOMAINS: "{{ applications | get_app_conf(application_id, 'server.domains.canonical') }}"
|
|
JOOMLA_SITE_NAME: "{{ SOFTWARE_NAME }} Joomla - CMS"
|
|
JOOMLA_DB_CONNECTOR: "{{ 'pgsql' if database_type == 'postgres' else 'mysqli' }}"
|
|
JOOMLA_CONFIG_FILE: "/var/www/html/configuration.php"
|
|
|
|
# User
|
|
JOOMLA_USER_NAME: "{{ users.administrator.username }}"
|
|
JOOMLA_USER: "{{ JOOMLA_USER_NAME | capitalize }}"
|
|
JOOMLA_USER_PASSWORD: "{{ users.administrator.password }}"
|
|
JOOMLA_USER_EMAIL: "{{ users.administrator.email }}"
|
|
|
|
# LDAP
|
|
JOOMLA_LDAP_CONF_FILE: "{{ [ docker_compose.directories.volumes, 'cli-ldap.php' ] | path_join }}"
|
|
JOOMLA_LDAP_ENABLED: "{{ applications | get_app_conf(application_id, 'features.ldap') }}"
|
|
JOOMLA_LDAP_HOST: "{{ LDAP.SERVER.DOMAIN }}"
|
|
JOOMLA_LDAP_PORT: "{{ LDAP.SERVER.PORT }}"
|
|
JOOMLA_LDAP_BASE_DN: "{{ LDAP.DN.ROOT }}"
|
|
JOOMLA_LDAP_USER_TREE_DN: "{{ LDAP.DN.OU.USERS }}"
|
|
JOOMLA_LDAP_GROUP_TREE_DN: "{{ LDAP.DN.OU.GROUPS }}"
|
|
JOOMLA_LDAP_UID_ATTR: "{{ LDAP.USER.ATTRIBUTES.ID }}" # e.g. uid
|
|
JOOMLA_LDAP_EMAIL_ATTR: "{{ LDAP.USER.ATTRIBUTES.MAIL }}"
|
|
JOOMLA_LDAP_NAME_ATTR: "{{ LDAP.USER.ATTRIBUTES.FULLNAME }}"
|
|
JOOMLA_LDAP_BIND_DN: "{{ LDAP.DN.ADMINISTRATOR.DATA }}"
|
|
JOOMLA_LDAP_BIND_PASSWORD: "{{ LDAP.BIND_CREDENTIAL }}"
|
|
JOOMLA_LDAP_USE_STARTTLS: false
|
|
JOOMLA_LDAP_IGNORE_CERT: true
|
|
JOOMLA_LDAP_MAP_FULLNAME: true
|
|
JOOMLA_LDAP_MAP_EMAIL: true
|
|
JOOMLA_LDAP_AUTH_METHOD: "search" # "bind" or "search"
|
|
JOOMLA_LDAP_USER_SEARCH_STRING: "{{ JOOMLA_LDAP_UID_ATTR }}=[username],{{ JOOMLA_LDAP_USER_TREE_DN }}"
|