kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-11-06 05:08:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
773655efb5beda8a2c3738884c6641594d225948
computer-playbook/filter_plugins
History
Kevin Veen-Birkenbach 57d5269b07 CSP (Safari-safe): merge -elem/-attr into base; respect explicit disables; no mirror-back; header only for documents/workers 
- Add CSP3 support for style/script: include -elem and -attr directives
- Base (style-src, script-src) now unions elem/attr (CSP2/Safari fallback)
- Respect explicit base disables (e.g. style-src.unsafe-inline: false)
- Hashes only when 'unsafe-inline' absent in the final base tokens
- Nginx: set CSP only for HTML/worker via header_filter_by_lua_block; drop for subresources
- Remove per-location header_filter; keep body_filter only
- Update app role flags to *-attr where appropriate; extend desktop CSS sources
- Add comprehensive unit tests for union/explicit-disable/no-mirror-back

Ref: https://chatgpt.com/share/68f87a0a-cebc-800f-bb3e-8c8ab4dee8ee
2025-10-22 13:53:06 +02:00
..
active_docker.py
feat(filters): add active_docker_container_count filter and use it for fair resource splits
2025-09-23 21:35:12 +02:00
application_allowed.py
Solved other minor bugs
2025-07-04 22:12:42 +02:00
applications_if_group_and_deps.py
Optimized code and solved bugs
2025-05-20 04:19:10 +02:00
canonical_domains_map.py
fix(domain-filters): support dependency expansion via seed param
2025-08-20 03:07:14 +02:00
csp_filters.py
CSP (Safari-safe): merge -elem/-attr into base; respect explicit disables; no mirror-back; header only for documents/workers
2025-10-22 13:53:06 +02:00
csp_hashes.py
Adapted CSP to new server dict structure
2025-08-07 13:00:52 +02:00
docker_service_enabled.py
Implemented new matomo setup
2025-07-13 12:58:10 +02:00
domain_redirect_mappings.py
filter/domain_redirect_mappings: add auto_build_alias parameter
2025-09-19 14:49:02 +02:00
domain_tools.py
Solved bug existed due to difference between mailu domain and hostname difference. also refactored during this to find the bug
2025-08-16 14:29:07 +02:00
generate_all_domains.py
Casted WWW_REDIRECT_ENABLED to bool
2025-09-23 19:18:22 +02:00
generate_base_sld_domains.py
get_all_application_ids.py
Fail safed more parts of the code
2025-07-12 21:35:33 +02:00
get_all_invokable_apps.py
Adapted roles to new architecture
2025-07-17 15:39:31 +02:00
get_app_conf.py
Renamed cymais to infinito and did some other optimations and logout implementations
2025-07-29 16:35:42 +02:00
get_category_entries.py
Add custom Ansible filter plugin get_category_entries
2025-08-18 11:27:26 +02:00
get_docker_image.py
Restored get_docker_image functionality
2025-07-13 18:27:24 +02:00
get_docker_paths.py
Added creation of docker-compose.override.yml file
2025-09-26 12:03:47 +02:00
get_domain.py
Added run_after integration test
2025-07-11 13:53:12 +02:00
get_entity_name.py
Overall optimations for application id naming
2025-07-17 17:41:52 +02:00
get_role.py
Fail safed more parts of the code
2025-07-12 21:35:33 +02:00
get_service_name.py
refactor: improve service handling and introduce MODE_ASSERT
2025-08-19 19:02:52 +02:00
get_service_script_path.py
Solved path bug
2025-08-19 00:46:47 +02:00
get_url.py
Added auto setting for redirect urls for keycloak clients. Element and Synapse still need to be mapped
2025-08-11 00:17:18 +02:00
has_env.py
Activated loading of env depending on if it exist
2025-07-18 19:40:34 +02:00
invokable_paths.py
Another bulk of refaktoring cleanup
2025-07-11 18:57:40 +02:00
jvm_filters.py
feat(jvm): add robust JVM sizing filters and apply across Confluence/Jira
2025-09-24 11:29:40 +02:00
merge_mapping.py
merge_with_defaults.py
Renamed cymais to infinito and did some other optimations and logout implementations
2025-07-29 16:35:42 +02:00
README.md
Renamed cymais to infinito and did some other optimations and logout implementations
2025-07-29 16:35:42 +02:00
redirect_filters.py
Renamed general and mode constants and implemented a check to verify that constants are just defined ones over the whole repository
2025-08-13 19:11:14 +02:00
resource_filter.py
Refactor resource_filter to delegate default handling to get_app_conf and update unittests accordingly https://chatgpt.com/share/68d3ad6d-76b4-800f-b04e-5e1fb70b44f3
2025-09-24 10:46:21 +02:00
role_path_by_app_id.py
Restructured libraries
2025-07-17 16:38:20 +02:00
text_filters.py
Restructured libraries
2025-07-17 16:38:20 +02:00
timeout_start_sec_for_domains.py
Enhance timeout_start_sec_for_domains filter to accept dict, list, or str
2025-08-29 15:57:00 +02:00
to_primary_domain.py
Optimized injection layer on lua base, as replace for nginx replace. Also optimized cloudflare cache deletion(no everytime for cleanup). Still CDN is required for logout mechanism via JS and Nextcloud deploy is buggy after changing from nginx to openresty. Propably some variable overwritte topic. Should be solved tomorrow.
2025-07-24 19:13:13 +02:00
url_join.py
feat(filter_plugins/url_join): add query parameter support
2025-09-01 08:16:22 +02:00
volume_path.py
Added docker_volume_path filter_plugin
2025-09-04 11:49:40 +02:00

README.md

Custom Filter Plugins for Infinito.Nexus

This directory contains custom Ansible filter plugins used within the Infinito.Nexus project.

When to Use a Filter Plugin

  • Transform values: Use filters to transform, extract, reformat, or compute values from existing variables or facts.
  • Inline data manipulation: Filters are designed for inline use in Jinja2 expressions (in templates, tasks, vars, etc.).
  • No external lookups: Filters only operate on data you explicitly pass to them and cannot access external files, the Ansible inventory, or runtime context.

Examples

{{ role_name | get_entity_name }}
{{ my_list | unique }}
{{ user_email | regex_replace('^(.+)@.*$', '\\1') }}

When not to Use a Filter Plugin

  • If you need to load data from an external source (e.g., file, environment, API), use a lookup plugin instead.
  • If your logic requires access to inventory, facts, or host-level information that is not passed as a parameter.

Further Reading