3ace667b6c
- authentik: address the rewrite service by compose service name instead of a network alias on the public FQDN, which shadowed extra_hosts pins and broke OIDC discovery for c-ares-based (Node) resolvers - homarr: add homarr_extra_hosts to pin the IdP FQDN to a LAN IP so OIDC discovery stays in-network while the issuer matches the browser-facing URL - opnform: add opnform_oidc_sso_redirect_root to 302 the root URL to the SSO path (deep-links untouched, /login?bypass=1 break-glass); restart ingress via container restart so envsubst re-renders nginx.conf - nextcloud: make the UserConfig sed workaround fail loud on upstream drift instead of silently skipping (nextcloud/server#59629) - gitignore: exclude the local .ansible/ collection cache
18 lines
604 B
YAML
18 lines
604 B
YAML
#SPDX-License-Identifier: MIT-0
|
|
---
|
|
# handlers file for opnform
|
|
|
|
- name: restart opnform
|
|
community.docker.docker_compose_v2:
|
|
project_src: "{{ opnform_docker_compose_dir }}"
|
|
state: restarted
|
|
|
|
# nginx.conf is bind-mounted into the ingress container and rendered to
|
|
# /etc/nginx/conf.d/default.conf by the envsubst entrypoint on container
|
|
# start. Plain `docker restart` re-runs that entrypoint, so the new
|
|
# template is picked up without bouncing db/redis/api/ui.
|
|
- name: restart opnform ingress
|
|
community.docker.docker_container:
|
|
name: opnform-ingress
|
|
state: started
|
|
restart: true
|