mathias.riechsteiner (Mathias Riechsteiner)

mathias.riechsteiner 推送了 master 分支的代码到 ANALYTIKDATA/automated-office

064bb1eead feat: Aktualisierung der Nginx- und Docker-Konfiguration für Keycloak und Paperless - Hinzugefügt: Secure Cookie Flags (secure, samesite=lax) für Keycloak. - Überarbeitet: Keycloak-Nginx-Locations für token und realms zur verbesserten Proxy-Konfiguration. - Bereinigt: Entfernte überflüssige Sicherheitsheader und OIDC-Konfigurationen in Paperless. - Aktualisiert: Nginx-Upstream-IP für Paperless angepasst. - Hinzugefügt: Unterstützung für WebSocket-Verbindungen in der Paperless-Nginx-Konfiguration. - Neu: Konfiguration für benutzerdefinierte Paperless-Einstellungen in Docker-Compose hinzugefügt. - Verbesserte Sicherheit: CSRF Trusted Origins und erweiterte DNS-Einstellungen für Paperless ergänzt. - Verschoben: Root-Location in Keycloak ans Ende für klarere Priorisierung. - Gelöscht: Veraltete `custom_settings.py` für Paperless entfernt. Diese Änderungen verbessern die Sicherheit und Kompatibilität der Dienste.

11 月之前

mathias.riechsteiner 推送了 master 分支的代码到 ANALYTIKDATA/automated-office

dca0981795 paperless nginx configuration finalized

11 月之前

mathias.riechsteiner 推送了 master 分支的代码到 ANALYTIKDATA/automated-office

71710f869c Network Configuration Updates: Keycloak upstream IP changed from 172.19.0.3 to 172.18.0.3 Nextcloud upstream IP changed from 172.20.0.3 to 172.19.0.3 Paperless Service Changes: Complete overhaul of Paperless configuration Moved from nginx upstream configuration to Docker service definition Updated OIDC (OpenID Connect) configuration with standardized environment variables Added health checks and network configurations Docker Compose Updates: Added explicit network names for all services Reorganized and standardized environment variables Enhanced debug and logging configurations

11 月之前

mathias.riechsteiner 推送了 master 分支的代码到 ANALYTIKDATA/automated-office

2ccc84e275 feat: Add Paperless service integration - Updated `.gitignore` to exclude `node_modules` for Paperless setup. - Extended Ansible `main.yml` with Paperless OIDC configuration. - Added Paperless service configuration to Ansible tasks. - Introduced Paperless-related variables in Ansible defaults. - Adjusted NGINX configurations for Keycloak, Nextcloud, and Paperless. - Included Paperless environment variables in `docker/.env`. - Updated `docker-compose.yml` with Paperless, database, and Redis services. - Created Paperless Docker setup in `docs/context/configuration/docker-compose.yml`. Supports Paperless deployment with OpenID Connect authentication and Docker container setup.

11 月之前

mathias.riechsteiner 推送了 master 分支的代码到 ANALYTIKDATA/automated-office

045c6950f6 dokumentation nachgeführt

11 月之前

mathias.riechsteiner 推送了 master 分支的代码到 ANALYTIKDATA/automated-office

57632206a6 dokumentation

11 月之前

mathias.riechsteiner 推送了 master 分支的代码到 ANALYTIKDATA/automated-office

40ee243a42 feat: Enhance Keycloak integration and refactor setup process This commit introduces significant improvements to the Keycloak integration and refactors the setup process for better security and automation. Key changes include: * **Security:** * Implemented secure handling of the Nextcloud client secret by passing it as an extra variable to the Ansible playbook. * Moved credential files to `.gitignore` and implemented a more robust encryption method in the setup script, prioritizing `openssl` with `gpg` as a fallback. * Removed the previous credential backup file. * **Keycloak Configuration:** * Added a dedicated location block in the Keycloak Nginx configuration for the token endpoint, including specific buffer and timeout settings. * Ensured proper forwarding of SSL information to Keycloak. * Improved the Nextcloud client configuration in Keycloak, including `postLogoutRedirectUris` and the creation of a dedicated `groups-nextcloud` client scope with a group membership mapper. * Added more granular Nextcloud-specific groups in Keycloak (admins, users, youpi, service). * Removed the `nextcloud-dedicated` client scope from the Nextcloud client. * **Nextcloud Configuration:** * Added an explicit Nginx location block for the Nextcloud OpenID Connect callback. * Configured Nextcloud with environment variables for URL, debug mode, and custom OpenID Connect scopes. * **Setup Script Refactoring:** * Completely refactored the `setup_environment.sh` script for better organization, readability, and error handling. * Introduced functions for password generation, environment file creation, and conditional password setting. * Integrated Ansible for configuring Keycloak and Nextcloud after initial setup. * Improved logging and feedback during the setup process. * **Docker Configuration:** * Standardized the Keycloak database volume name. * Added `extra_hosts` entries in `docker-compose.yml` to facilitate communication between containers using domain names. * Adjusted health checks for Keycloak and Nextcloud. * **General Improvements:** * Added more detailed logging in the Keycloak setup script (`setup_realm.js`). * Adjusted the admin group check in the Keycloak test script. These changes aim to provide a more secure, robust, and automated setup for the office automation platform, with a focus on seamless Keycloak and Nextcloud integration.

11 月之前

mathias.riechsteiner 推送了 master 分支的代码到 ANALYTIKDATA/automated-office

579430d44b small correction

11 月之前

mathias.riechsteiner 推送了 master 分支的代码到 ANALYTIKDATA/automated-office

b4b4472827 new file: scripts/setup/keycloak/test_realm.js

11 月之前

mathias.riechsteiner 推送了 master 分支的代码到 ANALYTIKDATA/automated-office

f0e1ae63b1 fix: Correctly setup keycloak realm This commit fixes all issues related to setting up a keycloak realm, and retrieving test tokens, including: - Correctly configures client mappers with the correct URL's and handling of existing Clients. - Correctly retrieves Test Tokens with the client_secret. - Adds multiple Log messages to understand the state of the script. - Enhances the Script to be fully reproducible, by adding checks for existings resources and creating them if they do not exists. - Handles HTTP 404 and HTTP 405 errors when creating Mappers. These changes makes the script more robust and reliable.

11 月之前

mathias.riechsteiner 推送了 master 分支的代码到 ANALYTIKDATA/automated-office

bc5ba498f0 feat: Integrate client mapper management into setup_realm.js This commit integrates the client mapper management logic into the setup_realm.js script, ensuring that client mappers are correctly created or updated during the realm setup process. The old getClientMappers function was removed and all requests are handled with the new ensureClientMappers function.

11 月之前

mathias.riechsteiner 推送了 master 分支的代码到 ANALYTIKDATA/automated-office

47099a95e2 feat: Refactor environment setup and update project documentation This commit introduces significant changes to the environment setup and project documentation: - **`setup_environment.sh` Updates:** - Now generates secure passwords for Nextcloud database (root user, regular user) and the Nextcloud admin user. - Adds generated passwords to the `docker/.env` file. - Adds generated passwords to the encrypted credentials file. - Creates a separate .env file in scripts/setup/keycloak for the setup_realm.js - **`docker-compose.yml` Updates:** - Added Nextcloud and Nextcloud-db services. - Configured Nextcloud to use a separate database. - Configured networks for Nextcloud and Keycloak. - **`project_documentation.md` Updates:** - Added detailed descriptions of the new environment setup process. - Added details about the usage of the `.env` files. - Updated Keycloak Setup Section. - Added more details to the Installation instructions. These changes improve the automation of the setup process and provide comprehensive documentation for Keycloak and Nextcloud.

11 月之前

mathias.riechsteiner 推送了 master 分支的代码到 ANALYTIKDATA/automated-office

589d0d8244 Initial commit: Projektstruktur hinzugefügt

11 月之前

mathias.riechsteiner 创建了新的分支 master 到 ANALYTIKDATA/automated-office

11 月之前

mathias.riechsteiner 创建了仓库 ANALYTIKDATA/automated-office

11 月之前

mathias.riechsteiner 推送了 master 分支的代码到 ANALYTIKDATA/AutoMate

aca54ea47c Fix MariaDB Docker volume permissions and improve startup reliability - Updated permissions for the MariaDB data volume to ensure proper write access during container startup. - Adjusted health check settings to provide more time for MariaDB initialization, avoiding premature failures. - Added instructions for reinitializing Docker volumes to avoid corrupted state issues. - Tested volume mounts to confirm MariaDB startup completes without extended delays.

1 年之前

mathias.riechsteiner 推送了 master 分支的代码到 ANALYTIKDATA/AutoMate

1816c2859e feat: assign static IP addresses to Docker containers for consistent networking Added static IP addresses to all containers in the automate-network for stability across container restarts. Updated docker-compose.yml to include explicit IPv4 addresses for all services to prevent changes in IP allocation. Modified extra_hosts entries for nextcloud and keycloak to ensure proper name resolution. Ensured each container has a fixed IP to address communication issues between containers. Adjusted network settings for reliability, especially for services that depend on fixed addresses (e.g., nextcloud, keycloak). This update aims to improve service communication reliability and prevent dynamic IP changes causing disruptions in cross-service dependencies.

1 年之前

mathias.riechsteiner 推送了 master 分支的代码到 ANALYTIKDATA/AutoMate

76c330a18d Fix Keycloak configuration with persistent volumes and log issues

1 年之前

mathias.riechsteiner 推送了 master 分支的代码到 ANALYTIKDATA/AutoMate

822d2f577b Add persistent volumes for Keycloak and configuration improvements for Nextcloud and SSL

1 年之前

mathias.riechsteiner 推送了 master 分支的代码到 ANALYTIKDATA/AutoMate

cb72bea64d feat: Set up and configured Kimai with Apache, added necessary Doctrine bundles - Configured Docker Compose for Kimai with the Apache image. - Set up environment variables for better configurability (e.g., database, timezone, proxies). - Installed missing DoctrineFixturesBundle via Composer to resolve ClassNotFound error. - Updated Nginx Proxy Manager to correctly forward traffic to Kimai. - Tested and verified functionality for all services (Kimai, Nextcloud, Keycloak, n8n, Paperless).

1 年之前