mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-15 08:30:46 +02:00

History

ansible: quote file modes; keycloak: robust LDAP bind update + config cleanup

Highlights
- Quote all file modes as strings ("0755"/"0770") across multiple roles to avoid YAML octal quirks and improve portability.
- Keycloak: introduce actions.{import_realm,update_ldap_bind} feature flags and wire them via vars/config.
- Implement idempotent LDAP bind updater (tasks/03_update-ldap-bind.yml):
  * kcadm login with no_log protection,
  * fetch LDAP UserStorage component by name,
  * compare current bindDn/bindCredential and update only when changed.
- Keycloak realm import template: keep providerId="ldap" and set name from keycloak_ldap_component_name.
- Centralize Keycloak readiness check in tasks/main.yml; remove duplicate waits from 02_update_client_redirects.yml and 04_ssh_public_key.yml.
- 01_import.yml: fix typo (keycloak), quote modes, tidy spacing, and replace Jinja-in-Jinja fileglob with concatenation.
- 02_update_client_redirects.yml: correct assert fail_msg filename; keep login-first flow.
- Minor template/vars tidy-ups (spacing, comments, consistent variable usage).

Files touched (excerpt)
- roles/*/*: replace 0755/0770 → "0755"/"0770"
- roles/web-app-keycloak/config/main.yml: add actions map
- roles/web-app-keycloak/vars/main.yml: unify Keycloak vars and feature flags
- roles/web-app-keycloak/tasks/{01_import,02_update_client_redirects,03_update-ldap-bind,04_ssh_public_key,main}.yml
- roles/web-app-keycloak/templates/{docker-compose.yml.j2,import/realm.json.j2}

https://chatgpt.com/share/689bda16-b138-800f-8258-e13f6d7d8239

2025-08-13 02:20:38 +02:00

README.md

Matrix (via Ansible Install)

Warning

This role is experimental and may not be actively maintained. Use it with caution in production environments. For a more stable deployment, please consider using the Matrix Compose role or another alternative solution.

Description

Step into the future of communication with Matrix, a dynamic and decentralized platform that delivers secure, real-time messaging and collaboration. This role deploys a Matrix homeserver using Ansible automation. Benefit from a federated architecture, end-to-end encryption, and versatile bridging support that connects you globally—all while safeguarding your data.

Overview

This role automates the deployment and configuration of a Matrix homeserver with Ansible. It sets up the Synapse server along with essential components such as bridges and the Element web client. Designed for high performance, scalability, and secure communication, this role streamlines the installation of Matrix in your environment.

For detailed configuration and operational instructions, please refer to the included documentation:

Administration.md

Features

Decentralized and Federated: Connect with a global network of Matrix homeservers, ensuring there is no single point of failure.
End-to-End Encryption: Protect your communications with robust encryption methods.
Interoperability: Bridge communications with external platforms, enabling seamless messaging across diverse systems.
Scalable Architecture: Handle increasing user loads and message volumes with high performance.
Ansible Automation: Enjoy a fully automated, reproducible deployment using Ansible.

Further Resources

Credits

Developed and maintained by Kevin Veen-Birkenbach.
Learn more at veen.world.

Part of the Infinito.Nexus Project
Licensed under Infinito.Nexus NonCommercial License (CNCL)