mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-11-03 03:38:15 +00:00

Files

Kevin Veen-Birkenbach 4fa1c6cfbd ansible: quote file modes; keycloak: robust LDAP bind update + config cleanup

Highlights
- Quote all file modes as strings ("0755"/"0770") across multiple roles to avoid YAML octal quirks and improve portability.
- Keycloak: introduce actions.{import_realm,update_ldap_bind} feature flags and wire them via vars/config.
- Implement idempotent LDAP bind updater (tasks/03_update-ldap-bind.yml):
  * kcadm login with no_log protection,
  * fetch LDAP UserStorage component by name,
  * compare current bindDn/bindCredential and update only when changed.
- Keycloak realm import template: keep providerId="ldap" and set name from keycloak_ldap_component_name.
- Centralize Keycloak readiness check in tasks/main.yml; remove duplicate waits from 02_update_client_redirects.yml and 04_ssh_public_key.yml.
- 01_import.yml: fix typo (keycloak), quote modes, tidy spacing, and replace Jinja-in-Jinja fileglob with concatenation.
- 02_update_client_redirects.yml: correct assert fail_msg filename; keep login-first flow.
- Minor template/vars tidy-ups (spacing, comments, consistent variable usage).

Files touched (excerpt)
- roles/*/*: replace 0755/0770 → "0755"/"0770"
- roles/web-app-keycloak/config/main.yml: add actions map
- roles/web-app-keycloak/vars/main.yml: unify Keycloak vars and feature flags
- roles/web-app-keycloak/tasks/{01_import,02_update_client_redirects,03_update-ldap-bind,04_ssh_public_key,main}.yml
- roles/web-app-keycloak/templates/{docker-compose.yml.j2,import/realm.json.j2}

https://chatgpt.com/share/689bda16-b138-800f-8258-e13f6d7d8239

2025-08-13 02:20:38 +02:00

handlers

Renamed cymais to infinito and did some other optimations and logout implementations

2025-07-29 16:35:42 +02:00

README.md

Nginx Docker Cert Deploy Role

🎉 Author: Kevin Veen-Birkenbach

This Ansible role simplifies the deployment of Let's Encrypt certificates into Docker Compose setups with Nginx. It supports both individual certificates per subdomain and a single wildcard certificate for all subdomains.

🚀 Features

Automatically deploys Let's Encrypt certificates to Docker Compose setups.
Supports both single-domain certificates and one wildcard certificate for all subdomains.
Copies certificates to the target directory inside the container.
Automatically reloads or restarts Nginx services when certificates are updated.
Configures and manages a systemd service for automated certificate deployment.
Includes a systemd timer for scheduled renewals.
Handles dependent services like sys-alm-compose.

🔧 Tasks Overview

1️⃣ Main Tasks

Add Deployment Script
- Copies srv-proxy-6-6-tls-deploy.sh to the administrator scripts directory.
Create Certificate Directory
- Ensures cert_mount_directory exists with proper permissions.
Configure systemd Service
- Deploys a systemd service file for the deployment process.
Include sys-timer Role
- Schedules automatic certificate deployment using a systemd timer.

2️⃣ Handlers

Restart Nginx Service
- Restarts srv-proxy-6-6-tls-deploy whenever a certificate update occurs.

🔧 Deploying Certificates into Docker Containers

The role automates copying certificates into Docker Compose setups.

1️⃣ Deployment Script (`srv-proxy-6-6-tls-deploy.sh`)

This script:

Copies certificates to the correct container directory.
Reloads Nginx inside all running containers.
Restarts containers if needed.

Usage:

sh srv-proxy-6-6-tls-deploy.sh primary_domain /path/to/docker/compose

🎯 Summary

Feature	Description
Single-domain & wildcard support	Use individual certs or a wildcard certificate
Automated renewal	Cronjob or systemd timer ensures auto-renewals
Docker-ready	Deploys certificates directly into Docker containers
Supports Nginx & Mailu	Compatible with multiple services
Systemd integration	Automates deployment via `systemd`

🚀 Now your Nginx setup is fully automated and secured with Let's Encrypt! 🎉

README.md Unescape Escape