kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-15 08:30:46 +02:00
Code Issues Packages Projects Releases Wiki Activity
computer-playbook/roles/web-app-nextcloud/tasks/main.yml
Kevin Veen-Birkenbach 4fa1c6cfbd
ansible: quote file modes; keycloak: robust LDAP bind update + config cleanup 
Highlights
- Quote all file modes as strings ("0755"/"0770") across multiple roles to avoid YAML octal quirks and improve portability.
- Keycloak: introduce actions.{import_realm,update_ldap_bind} feature flags and wire them via vars/config.
- Implement idempotent LDAP bind updater (tasks/03_update-ldap-bind.yml):
  * kcadm login with no_log protection,
  * fetch LDAP UserStorage component by name,
  * compare current bindDn/bindCredential and update only when changed.
- Keycloak realm import template: keep providerId="ldap" and set name from keycloak_ldap_component_name.
- Centralize Keycloak readiness check in tasks/main.yml; remove duplicate waits from 02_update_client_redirects.yml and 04_ssh_public_key.yml.
- 01_import.yml: fix typo (keycloak), quote modes, tidy spacing, and replace Jinja-in-Jinja fileglob with concatenation.
- 02_update_client_redirects.yml: correct assert fail_msg filename; keep login-first flow.
- Minor template/vars tidy-ups (spacing, comments, consistent variable usage).

Files touched (excerpt)
- roles/*/*: replace 0755/0770 → "0755"/"0770"
- roles/web-app-keycloak/config/main.yml: add actions map
- roles/web-app-keycloak/vars/main.yml: unify Keycloak vars and feature flags
- roles/web-app-keycloak/tasks/{01_import,02_update_client_redirects,03_update-ldap-bind,04_ssh_public_key,main}.yml
- roles/web-app-keycloak/templates/{docker-compose.yml.j2,import/realm.json.j2}

https://chatgpt.com/share/689bda16-b138-800f-8258-e13f6d7d8239
2025-08-13 02:20:38 +02:00

74 lines
2.6 KiB
YAML
Raw Blame History

---
- name: "load docker and db for {{application_id}}"
include_role:
name: cmp-db-docker
- name: "create {{ nextcloud_host_config_additives_directory }}"
file:
path: "{{ nextcloud_host_config_additives_directory }}"
state: directory
mode: "0755"
- name: "Create config files at {{ nextcloud_host_config_additives_directory }}"
template:
src: "{{ item }}"
dest: "{{ nextcloud_host_config_additives_directory }}/{{ item | basename | regex_replace('\\.j2$', '') }}"
owner: "{{nextcloud_docker_user_id}}"
group: "{{nextcloud_docker_user_id}}"
loop: "{{ lookup('fileglob', role_path ~ '/templates/config/*.j2', wantlist=True) }}"
# Not all type of changes take instantly place. Due to this reason a rebuild is required.
notify: docker compose up
- name: "include role for {{application_id}} to receive certs & do modification routines"
include_role:
name: srv-web-7-6-composer
- name: create nextcloud proxy configuration file
template:
src: "nginx/host.conf.j2"
dest: "{{nginx.directories.http.servers}}{{domains | get_domain(application_id)}}.conf"
notify: restart openresty
- name: create internal nextcloud nginx configuration
template:
src: "nginx/docker.conf.j2"
dest: "{{ docker_compose.directories.volumes }}nginx.conf"
notify: restart nextcloud nginx service
- name: Setup config.php
include_tasks: 01_config.yml
- name: Flush all handlers immediately so that occ can be used
meta: flush_handlers
- name: Setup Nextcloud Plugins
include_tasks: 02_plugin.yml
loop: "{{ applications | get_app_conf(application_id, 'plugins', True) | dict2items }}"
loop_control:
loop_var: plugin_item
vars:
plugin_key: "{{ plugin_item.key }}"
plugin_value: "{{ plugin_item.value }}"
when: nextcloud_plugins_enabled
- name: Load system configuration
include_tasks: 05_system.yml
- name: Add missing database indices in Nextcloud
command: >
{{ nextcloud_docker_exec_occ }} db:add-missing-indices
register: db_indices_result
changed_when: >
'Adding additional' in db_indices_result.stdout or
'Removing' in db_indices_result.stdout or
'updated successfully' in db_indices_result.stdout
failed_when: db_indices_result.rc != 0
- name: Ensure Nextcloud administrator is in the 'admin' group
command: >
docker exec -u {{ nextcloud_docker_user }} {{ nextcloud_container }}
php occ group:adduser admin {{ nextcloud_administrator_username }}
register: add_admin_to_group
changed_when: "'Added user' in add_admin_to_group.stdout"
failed_when: add_admin_to_group.rc != 0 and "'is already a member of' not in add_admin_to_group.stderr"
Reference in New Issue View Git Blame Copy Permalink