Kevin Veen-Birkenbach
986f959696
Refactor proxy/webserver configuration variables to a consistent webserver_* naming scheme across roles. Replace legacy variables like proxy_extra_configuration, client_max_body_size, vhost_flavour, location_ws and ws_port with webserver_extra_configuration, webserver_client_max_body_size, webserver_vhost_flavour, webserver_websocket_location and webserver_websocket_port. Update NGINX vhost and location templates (html, upload, ws, basic, ws_generic) as well as callers (sys-front-inj-all, sys-stk-front-proxy, various web-app-* and web-svc-* roles) to use the new naming. Tighten docker-compose Git repository handling by making docker_git_repository_pull depend on docker_git_repository_address being defined, a string and non-empty. This avoids accidental Git operations when the repository address is unset or of the wrong type. Refactor the BigBlueButton role structure and fix deployment bugs: introduce 01_core.yml to orchestrate docker/proxy setup, database seeding, websocket map deployment, docker-compose overrides and admin/bootstrap logic in a single once-executed entrypoint. Rename supporting task files (02_docker-compose.yml, 03_administrator.yml, 04_dependencies.yml) and update tasks/main.yml to delegate via include_tasks with run_once_web_app_bigbluebutton. Improve Greenlight admin creation behavior by treating the 'Email has already been taken' error as a non-fatal, unchanged outcome and running user:set_admin_role as a fallback, both for the primary password and the OIDC starred-password path. Also standardize vhost flavour selection for services like Mailu, Discourse, CDN, Collabora, Coturn, OnlyOffice, Simpleicons and web-svc-logout by explicitly passing webserver_vhost_flavour where needed and aligning client_max_body_size and websocket configuration with the new webserver_* variables. Reference: ChatGPT conversation https://chatgpt.com/share/6931c530-bba8-800f-9997-dd61dc1d497b
Syncope (DRAFT)
🔥 Description
Apache Syncope is a powerful and flexible open-source system for managing digital identities in enterprise environments. It offers Identity Governance and Administration (IGA) capabilities, including user provisioning, role management, auditing, workflow integration, and more. Syncope is designed to handle complex identity life cycles across multiple systems, both on-premise and in the cloud.
This role deploys Apache Syncope using Docker Compose, automating the setup of its core services, database, and reverse proxy integration.
📖 Overview
Optimized for Archlinux, this role brings up a fully functional Syncope stack based on the official Docker Compose samples. It includes all core components like Syncope Core, Console, and Enduser, with secure environment management and HTTPS integration.
Key Features
- Complete Identity Management: Centralized user, group, and policy management.
- Extensible Architecture: Integrates easily with external identity providers (LDAP, Active Directory, etc.).
- Modern Interfaces: Provides REST APIs and web consoles for administrators and end-users.
- Open Standards Support: SAML 2.0, OAuth 2.0, OpenID Connect, SCIM.
🎯 Purpose
The Syncope (Docker Deployment) role provides a fully automated environment for testing, development, or production setups of Apache Syncope, simplifying the complexities of IAM deployment.
🚀 Features
- PostgreSQL Database Setup: Integrated database management for Syncope.
- Syncope Core + Console + Enduser Deployment: All critical services brought up automatically.
- Nginx Reverse Proxy with SSL: Secured access with HTTPS termination.
- Credential and Secrets Management: Handles sensitive user credentials securely.
- Customizable Paths and Environment: Easy adjustment for your domain and access paths.