kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-11-02 19:28:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
57d5269b07b8a21b200780dcd374247d425f78fa
computer-playbook/roles/web-app-jira
History
Kevin Veen-Birkenbach 57d5269b07 CSP (Safari-safe): merge -elem/-attr into base; respect explicit disables; no mirror-back; header only for documents/workers 
- Add CSP3 support for style/script: include -elem and -attr directives
- Base (style-src, script-src) now unions elem/attr (CSP2/Safari fallback)
- Respect explicit base disables (e.g. style-src.unsafe-inline: false)
- Hashes only when 'unsafe-inline' absent in the final base tokens
- Nginx: set CSP only for HTML/worker via header_filter_by_lua_block; drop for subresources
- Remove per-location header_filter; keep body_filter only
- Update app role flags to *-attr where appropriate; extend desktop CSS sources
- Add comprehensive unit tests for union/explicit-disable/no-mirror-back

Ref: https://chatgpt.com/share/68f87a0a-cebc-800f-bb3e-8c8ab4dee8ee
2025-10-22 13:53:06 +02:00
..
config
meta
schema
tasks
templates
vars
README.md

README.md

Jira

Description

Jira Software is Atlassians issue and project-tracking platform. This role deploys Jira via Docker Compose, connects it to PostgreSQL, and adds proxy awareness, optional OIDC SSO, health checks, and production-oriented defaults for Infinito.Nexus.

Overview

The role builds a lean custom image on top of the official Jira Software image, provisions persistent volumes, and exposes the app behind your reverse proxy. Variables control image/version/volumes/domains/SSO. JVM heap sizing is auto-derived from host RAM with safe caps to prevent Xms > Xmx.

Features

  • Fully Dockerized: Compose stack with a dedicated data volume (jira_data) and a minimal overlay image to enable future plugins/config.
  • Reverse-Proxy/HTTPS Ready: Preconfigured Atlassian Tomcat proxy envs so Jira respects external scheme/host/port.
  • OIDC SSO (Optional): Pre-templated vars for issuer, client, endpoints, scopes; compatible with Atlassian DC SSO/OIDC marketplace apps.
  • Central Database: PostgreSQL integration (local or central) with credentials sourced from role configuration.
  • JVM Auto-Tuning: Safe calculation of JVM_MINIMUM_MEMORY / JVM_MAXIMUM_MEMORY with caps to avoid VM init errors.
  • Health Checks: Container healthcheck for quicker failure detection and stable automation.
  • CSP & Canonical Domains: Integrates with platform CSP and domain management.
  • Backup Ready: Persistent data under {{ JIRA_STORAGE_PATH }}.

Further Resources