From 824eeb3fb31a9abde3d3c84c4166e98adb61968d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?=
 <christian.frass@dielinke-glauchau.de>
Date: Wed, 21 Aug 2024 20:14:17 +0200
Subject: [PATCH 1/4] [mod] role:hedgedoc:user directory

---
 roles/hedgedoc/tasks/main.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/roles/hedgedoc/tasks/main.json b/roles/hedgedoc/tasks/main.json
index b4fd779..5347cc1 100644
--- a/roles/hedgedoc/tasks/main.json
+++ b/roles/hedgedoc/tasks/main.json
@@ -27,7 +27,8 @@
 		"become": true,
 		"ansible.builtin.user": {
 			"name": "{{var_hedgedoc_user_name}}",
-			"create_home": true
+			"create_home": true,
+			"home": "{{var_hedgedoc_directory}}"
 		}
 	},
 	{

From 0a8cc8d1df2be33e0a254d3fa4fca3e74cc3c699 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?=
 <christian.frass@dielinke-glauchau.de>
Date: Thu, 22 Aug 2024 15:27:43 +0200
Subject: [PATCH 2/4] [mod] role:authelia:variable lifespans and cors endpoints

---
 roles/authelia/defaults/main.json          |  5 ++++-
 roles/authelia/templates/conf-main.json.j2 |  8 +++++++
 roles/authelia/vardef.json                 | 26 ++++++++++++++++++++++
 3 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/roles/authelia/defaults/main.json b/roles/authelia/defaults/main.json
index 47b1e01..04a1f7f 100644
--- a/roles/authelia/defaults/main.json
+++ b/roles/authelia/defaults/main.json
@@ -32,5 +32,8 @@
 	"var_authelia_notification_smtp_username": "authelia",
 	"var_authelia_notification_smtp_password": "REPLACE_ME",
 	"var_authelia_notification_smtp_sender": "authelia@example.org",
-	"var_authelia_oidc_hmac_secret": "REPLACE_ME"
+	"var_authelia_oidc_hmac_secret": "REPLACE_ME",
+	"var_authelia_oidc_lifespan_access_token": "1h",
+	"var_authelia_oidc_lifespan_refresh_token": "1m",
+	"var_authelia_oidc_cors_endpoints": null
 }
diff --git a/roles/authelia/templates/conf-main.json.j2 b/roles/authelia/templates/conf-main.json.j2
index 475cda4..81bee44 100644
--- a/roles/authelia/templates/conf-main.json.j2
+++ b/roles/authelia/templates/conf-main.json.j2
@@ -190,8 +190,16 @@
 		"oidc": {
 			"hmac_secret": "{{var_authelia_oidc_hmac_secret}}",
 			"issuer_private_key": "{{temp_tls_result.privatekey | replace('\n', '\\n')}}",
+			"lifespans": {
+				"access_token": "{{var_authelia_oidc_lifespan_access_token}}",
+				"refresh_token": "{{var_authelia_oidc_lifespan_refresh_token}}"
+			},
 			"cors": {
 				"allowed_origins_from_client_redirect_uris": true
+{% if var_authelia_oidc_cors_endpoints == None %}
+{% else %}
+				,"endpoints": {{var_authelia_oidc_cors_endpoints | to_json}}
+{% endif %}
 			},
 			"clients": [
 			]
diff --git a/roles/authelia/vardef.json b/roles/authelia/vardef.json
index 9b7d5bc..9b651a1 100644
--- a/roles/authelia/vardef.json
+++ b/roles/authelia/vardef.json
@@ -139,5 +139,31 @@
 	"oidc_hmac_secret": {
 		"type": "string",
 		"mandatory": true
+	},
+	"oidc_lifespan_access_token": {
+		"nullable": true,
+		"type": "string",
+		"mandatory": false
+	},
+	"oidc_lifespan_refresh_token": {
+		"nullable": true,
+		"type": "string",
+		"mandatory": false
+	},
+	"oidc_cors_endpoints": {
+		"nullable": true,
+		"type": "array",
+		"items": {
+			"type": "string",
+			"enum": [
+				"authorization",
+				"pushed-authorization-request",
+				"token",
+				"revocation",
+				"introspection",
+				"userinfo"
+			]
+		},
+		"mandatory": false
 	}
 }

From 4ec9a5c89979ed72896577e635f67e78d74533a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?=
 <christian.frass@dielinke-glauchau.de>
Date: Thu, 22 Aug 2024 15:28:31 +0200
Subject: [PATCH 3/4] [fix] role:hedgedoc-and-nginx:syntax for vserver conf

---
 roles/hedgedoc-and-nginx/templates/conf.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/hedgedoc-and-nginx/templates/conf.j2 b/roles/hedgedoc-and-nginx/templates/conf.j2
index e8fe34b..b9c6601 100644
--- a/roles/hedgedoc-and-nginx/templates/conf.j2
+++ b/roles/hedgedoc-and-nginx/templates/conf.j2
@@ -49,3 +49,4 @@ server {
 	
 {{ hedgedoc_common() }}
 }
+{% endif %}

From 67e9e06c82daaab09b44d453c1afe3a1bfb7bbbe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?=
 <christian.frass@dielinke-glauchau.de>
Date: Thu, 22 Aug 2024 15:29:48 +0200
Subject: [PATCH 4/4] [fix] role:murmur:ssl paths

---
 roles/murmur/tasks/main.json | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/roles/murmur/tasks/main.json b/roles/murmur/tasks/main.json
index 5b61756..f6c84a6 100644
--- a/roles/murmur/tasks/main.json
+++ b/roles/murmur/tasks/main.json
@@ -15,7 +15,7 @@
 		"become": true,
 		"ansible.builtin.file": {
 			"state": "directory",
-			"path": "/var/murmur"
+			"path": "/var/murmurd"
 		}
 	},
 	{
@@ -23,11 +23,10 @@
 		"when": "var_murmur_tls",
 		"become": true,
 		"loop": [
-			{"from": "/etc/ssl/private/{{var_murmur_domain}}.pem", "to": "/var/murmur/tls-key.pem"},
-			{"from": "/etc/ssl/fullchains/{{var_murmur_domain}}.pem", "to": "/var/murmur/tls-fullchain.pem"}
+			{"from": "/etc/ssl/private/{{var_murmur_domain}}.pem", "to": "/var/murmurd/tls-key.pem"},
+			{"from": "/etc/ssl/fullchains/{{var_murmur_domain}}.pem", "to": "/var/murmurd/tls-fullchain.pem"}
 		],
 		"ansible.builtin.copy": {
-			"state": "directory",
 			"remote_src": true,
 			"src": "{{item.from}}",
 			"dest": "{{item.to}}",