kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-09-09 11:47:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
7791bd8c04a14c9b378a7ecc2013969f7065976d
computer-playbook/roles/sys-stk-front-proxy
History
Kevin Veen-Birkenbach 7791bd8c04 Implement filter checks: ensure all defined filters are used and remove dead code 
Integration tests added/updated:
- tests/integration/test_filters_usage.py: AST-based detection of filter definitions (FilterModule.filters), robust Jinja detection ({{ ... }}, {% ... %}, {% filter ... %}), plus Python call tracking; fails if a filter is used only under tests/.
- tests/integration/test_filters_are_defined.py: inverse check — every filter used in .yml/.yaml/.j2/.jinja2/.tmpl must be defined locally. Scans only inside Jinja blocks and ignores pipes inside strings (e.g., lookup('pipe', "... | grep ... | awk ...")) to avoid false positives like trusted_hosts, woff/woff2, etc.

Bug fixes & robustness:
- Build regexes without %-string formatting to avoid ValueError from literal '%' in Jinja tags.
- Strip quoted strings in usage analysis so sed/grep/awk pipes are not miscounted as filters.
- Prevent self-matches in the defining file.

Cleanup / removal of dead code:
- Removed unused filter plugins and related unit tests:
  * filter_plugins/alias_domains_map.py
  * filter_plugins/get_application_id.py
  * filter_plugins/load_configuration.py
  * filter_plugins/safe.py
  * filter_plugins/safe_join.py
  * roles/svc-db-openldap/filter_plugins/build_ldap_nested_group_entries.py
  * roles/sys-ctl-bkp-docker-2-loc/filter_plugins/dict_to_cli_args.py
  * corresponding tests under tests/unit/*
- roles/svc-db-postgres/filter_plugins/split_postgres_connections.py: dropped no-longer-needed list_postgres_roles API; adjusted tests.

Misc:
- sys-stk-front-proxy/defaults/main.yml: clarified valid vhost_flavour values (comma-separated).

Ref: https://chatgpt.com/share/68b56bac-c4f8-800f-aeef-6708dbb44199
2025-09-01 11:47:51 +02:00
..
defaults
Implement filter checks: ensure all defined filters are used and remove dead code
2025-09-01 11:47:51 +02:00
meta
Refactor role naming for TLS and proxy stack
2025-08-29 14:38:20 +02:00
tasks
Refactor role naming for TLS and proxy stack
2025-08-29 14:38:20 +02:00
vars
Refactor role naming for TLS and proxy stack
2025-08-29 14:38:20 +02:00
README.md
feat(frontend): rename inj roles to sys-front-*, add sys-svc-cdn, cache-busting lookup
2025-09-01 10:10:23 +02:00

README.md

Nginx Domain Setup 🚀

Description

This role bootstraps per-domain Nginx configuration: it requests TLS certificates, applies global modifiers, deploys a ready-made vHost file, and can optionally lock down access via OAuth2.

Overview

A higher-level orchestration wrapper, sys-stk-front-proxy ties together several lower-level roles:

  1. sys-front-inj-all applies global tweaks and includes.
  2. sys-svc-certs obtains Lets Encrypt certificates.
  3. Domain template deployment copies a Jinja2 vHost from srv-proxy-core.
  4. web-app-oauth2-proxy (optional) protects the site with OAuth2.

The result is a complete, reproducible domain rollout in a single playbook task.

Purpose

Provide one-stop, idempotent domain provisioning for Nginx-based homelabs or small production environments.

Features

  • End-to-end TLS — certificate retrieval and secure headers included.
  • Template-driven vHosts — choose basic or ws_generic flavours (or your own).
  • Conditional OAuth2 — easily toggle authentication per application.
  • Handler-safe — automatically triggers an Nginx reload when templates change.
  • Composable — designed to be called repeatedly for many domains.

Credits 📝

Developed and maintained by Kevin Veen-Birkenbach.
Learn more at https://www.veen.world

Part of the Infinito.Nexus Project — licensed under the Infinito.Nexus NonCommercial License