Kevin Veen-Birkenbach
26dfab147d
Add end-to-end support for reserved usernames and tighten CAPTCHA / Keycloak logic.
Changes:
- Makefile: rename EXTRA_USERS → RESERVED_USERNAMES and pass it as --reserved-usernames to the users defaults generator.
- cli/build/defaults/users.py: propagate flag into generated users, add --reserved-usernames CLI option and mark listed accounts as reserved.
- Add reserved_users filter plugin with and helpers for Ansible templates and tasks.
- Add unit tests for reserved_users filters and the new reserved-usernames behaviour in the users defaults generator.
- group_vars/all/00_general.yml: harden RECAPTCHA_ENABLED / HCAPTCHA_ENABLED checks with default('') and explicit > 0 length checks.
- svc-db-openldap: introduce OPENLDAP_PROVISION_* flags, add OPENLDAP_PROVISION_RESERVED and OPERNLDAP_USERS to optionally exclude reserved users from provisioning.
- svc-db-openldap templates/tasks: switch role/group LDIF and user import loops to use OPERNLDAP_USERS instead of the full users dict.
- networks: assign dedicated subnet for web-app-roulette-wheel.
- web-app-keycloak vars: compute KEYCLOAK_RESERVED_USERNAMES_LIST and KEYCLOAK_RESERVED_USERNAMES_REGEX from users | reserved_usernames.
- web-app-keycloak user profile template: inject reserved-username regex into username validation pattern and improve error message, fix SSH public key attribute usage and add component name field.
- web-app-keycloak update/_update.yml: strip subComponents from component payloads before update and disable async/poll for easier debugging.
- web-app-keycloak tasks/main.yml: guard cleanup include with MODE_CLEANUP and keep reCAPTCHA update behind KEYCLOAK_RECAPTCHA_ENABLED.
- user/users defaults: mark system/service accounts (root, daemon, mail, admin, webmaster, etc.) as reserved so they cannot be chosen as login names.
- svc-prx-openresty vars: simplify OPENRESTY_CONTAINER lookup by dropping unused default parameter.
- sys-ctl-rpr-btrfs-balancer: simplify main.yml by removing the extra block wrapper.
- sys-daemon handlers: quote handler name for consistency.
Context: change set discussed and refined in ChatGPT on 2025-11-29 (Infinito.Nexus reserved usernames & Keycloak user profile flow). See conversation: https://chatgpt.com/share/692b21f5-5d98-800f-8e15-1ded49deddc9
Infinito.Nexus 🚀
🔐 One login. ♾️ Infinite application
What is Infinito.Nexus? 📌
Infinito.Nexus is an automated, modular infrastructure framework built on Docker, Linux, and Ansible, equally suited for cloud services, local server management, and desktop workstations. At its core lies a web-based desktop with single sign-on—backed by an LDAP directory and OIDC—granting seamless access to an almost limitless portfolio of self-hosted applications. It fully supports ActivityPub applications and is Fediverse-compatible, while integrated monitoring, alerting, cleanup, self-healing, automated updates, and backup solutions provide everything an organization needs to run at scale.
| 📚 | 🔗 |
|---|---|
| 🌐 Try It Live |  |
| 🔧 Request Your Setup |  |
| 📖 About This Project |    |
| ☕️ Support Us |     |
Key Features 🎯
-
Automated Deployment 📦 Turn up servers and workstations in minutes with ready-made Ansible roles.
-
Enterprise-Grade Security 🔒 Centralized user management via LDAP & OIDC (Keycloak), plus optional 2FA and encrypted storage.
-
Modular Scalability 📈 Grow from small teams to global enterprises by composing only the services you need.
-
Fediverse & ActivityPub Support 🌐 Seamlessly integrate Mastodon, Peertube, Matrix and other ActivityPub apps out of the box.
-
Self-Healing & Maintenance ⚙️ Automated cleanup, container healing, and auto-updates keep infrastructure healthy without human intervention.
-
Monitoring, Alerting & Analytics 📊 Built-in system, application, and security monitoring with multi-channel notifications.
-
Backup & Disaster Recovery 💾 Scheduled backups and scripted recovery processes to safeguard your data.
-
Continuous Updates 🔄 Automatic patching and version upgrades across the stack.
-
Application Ecosystem 🚀 A curated suite of self-hosted apps—from project management, version control, and CI/CD to chat, video conferencing, CMS, e-learning, social networking, and e-commerce—all seamlessly integrated.
More informations about the features you will find here.
Get Started 🚀
Use it online 🌐
Try Infinito.Nexus – sign up in seconds, explore the platform, and discover what our solution can do for you! 🚀🔧✨
Install locally 💻
- Install Infinito.Nexus via Kevin's Package Manager
- Setup Infinito.Nexus using:
pkgmgr install infinito - Explore Commands with:
infinito --help
Setup with Docker🚢
Get Infinito.Nexus up and running inside Docker in just a few steps. For detailed build options and troubleshooting, see the Docker Guide.
# 1. Build the Docker image: the Docker image:
docker build -t infinito:latest .
# 2. Run the CLI interactively:
docker run --rm -it infinito:latest infinito --help
License ⚖️
Infinito.Nexus is distributed under the Infinito.Nexus NonCommercial License. Please see LICENSE.md for full terms.
Professional Setup & Support 💼
For expert installation and configuration visit cybermaster.space or write to us at contact@cymais.cloud.