mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-08-30 23:38:13 +02:00
Kevin Veen-Birkenbach
f36c7831b1
- Added new filter plugin 'timeout_start_sec_for_domains' to calculate TimeoutStartSec based on number of domains. - Updated sys-ctl-hlth-csp and sys-ctl-hlth-webserver tasks to use the filter. - Removed obsolete systemctl.service.j2 in sys-ctl-hlth-csp. - Adjusted variable naming (CURRENT_PLAY_DOMAINS_ALL etc.) in multiple roles. - Updated srv-letsencrypt and sys-svc-certs to use uppercase vars. - Switched pretix role to sys-stk-full-stateful and removed leftover javascript.js. - Added unittests for the new filter under tests/unit/filter_plugins. See conversation: https://chatgpt.com/share/68b1ae9a-1ac0-800f-b49d-2915386a1a23
Health CSP Crawler
Description
This Ansible role automates the validation of Content Security Policy (CSP) enforcement for all configured domains by crawling them using a CSP Checker.
Overview
Designed for Archlinux systems, this role periodically checks whether web resources (JavaScript, fonts, images, etc.) are blocked by CSP headers. It integrates Python and Node.js tooling and installs a systemd service with timer support.
Features
- CSP Resource Validation: Uses Puppeteer to simulate browser requests and detect blocked resources.
- Domain Extraction: Parses all
.conffiles in the NGINX config folder to determine the list of domains to check. - Automated Execution: Registers a systemd service and timer for recurring health checks.
- Error Notification: Integrates with
sys-ctl-alm-composefor alerting on failure.
License
Infinito.Nexus NonCommercial License https://s.infinito.nexus/license
Author
Kevin Veen-Birkenbach Consulting & Coaching Solutions https://www.veen.world