More optimation of domain bugs

group_vars/all/07_applications.yml

@@ -153,6 +153,7 @@ defaults_applications:
 #     secret_key:                                                               # Set to a randomly generated 16 bytes string
 #     database_password:                                                        # Needs to be set in inventory file
 #     api_token:                                                                # Configures the authentication token. The minimum length is 3 characters. This is a mandatory setting for using the RESTful API.
+#     initial_administrator_password:                                           # Initial administrator password for setup 
 
   ## MariaDB
   mariadb:
@@ -280,6 +281,10 @@ defaults_applications:
   postgres:
     database.version:  "latest"
 
+  portfolio:
+    database:
+      central_storage:  False # Portfolio doesn't use any database
+
   # Snipe-IT
   snipe_it:
     version:           "latest"

roles/docker-mailu/tasks/main.yml

@@ -21,11 +21,9 @@
 
 - name: flush docker service
   meta: flush_handlers
-  when: applications.mailu.setup |bool 
 
 - name: execute database migration
   command:
-    cmd: "docker compose -p mailu exec admin flask mailu admin admin {{primary_domain}} {{mailu_initial_root_password}}"
+    cmd: "docker compose -p mailu exec admin flask mailu admin admin {{primary_domain}} {{applications.mailu.initial_administrator_password}}"
     chdir: "{{docker_compose.directories.instance}}"
   ignore_errors: true
-  when: applications.mailu.setup |bool 

roles/docker-mailu/vars/main.yml

@@ -7,3 +7,6 @@ enable_wildcard_certificate:  false
 # Use dedicated source for oidc if activated  
 # @see https://github.com/heviat/Mailu-OIDC/tree/2024.06
 docker_source:                "{{ 'ghcr.io/heviat' if applications[application_id].oidc.enabled | bool else 'ghcr.io/mailu' }}"
+
+domain:     "{{ domains[application_id] }}"
+http_port: 	"{{ ports.localhost.http[application_id] }}"

roles/docker-nextcloud/README.md

@@ -84,11 +84,6 @@ docker-compose exec -it database mysql -u nextcloud -D nextcloud -p
 docker-compose run --detach --name database --env MYSQL_USER="nextcloud" --env MYSQL_PASSWORD=PASSWORD --env MYSQL_ROOT_PASSWORD=PASSWORD --env MYSQL_DATABASE="nextcloud" -v nextcloud_database:/var/lib/mysql
 ```
 
-Check the process with:
-```sql
-show processlist;
-```
-
 ---
 
 ## OCC (Nextcloud Command Line) 🔧
@@ -125,6 +120,12 @@ docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mo
 
 OIDC is supported in this role—for example, via **Keycloak**. OIDC-specific tasks are included when enabled, allowing integration of external authentication providers seamlessly.
 
+### Verify OIDC Configuration
+
+```bash
+docker compose exec -u www-data application /var/www/html/occ config:app:get sociallogin custom_providers
+```
+
 ## LDAP 
 
 More information: https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html

roles/docker-nextcloud/tasks/main.yml

@@ -14,6 +14,9 @@
     src:  "proxy-nginx.conf.j2" 
     dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
   notify: restart nginx
+  vars:
+    domain:    "{{domains[application_id]}}"
+    http_port: "{{ports.localhost.http[application_id]}}"
 
 - name: create internal nextcloud nginx configuration
   template: 

roles/docker-nextcloud/tasks/oidc.yml

@@ -14,6 +14,13 @@
   # This configuration allows users to connect multiple accounts to their Nextcloud profile
   # using the sociallogin app.
 
+- name: install sociallogin plugin
+  command: "docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ app:install sociallogin"
+  ignore_errors: true
+
+- name: enable sociallogin plugin
+  command: "docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ app:enable sociallogin"
+
 - name: Set custom_providers
   command: >
     docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ

roles/nginx-domain-setup/tasks/main.yml

@@ -2,17 +2,20 @@
   include_role: 
     name: nginx-modifier-all
 
-- name: "include role nginx-https-recieve-certificate for {{domain}}"
-  include_role: 
-    name: nginx-https-recieve-certificate
-
 - name: "Relevant variables for role: {{ role_path | basename }}"
   debug:
     msg:
+      domain:       "{{domain}}"
       domains:      "{{domains}}"
       applications: "{{applications}}"
   when: enable_debug | bool
 
+- name: "include role nginx-https-recieve-certificate for {{domain}}"
+  include_role: 
+    name: nginx-https-recieve-certificate
+  vars:
+    domain: "{{domain}}"
+
 - name: "copy nginx domain configuration to {{configuration_destination}}"
   template: 
     src:  "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2" 

roles/user/tasks/main.yml

@@ -4,3 +4,10 @@
     dest: "{{ '/root/.bashrc' if user_name == 'root' else '/home/' ~ user_name ~ '/.bashrc' }}"
     owner: "{{user_name}}"
     group: "{{user_name}}"
+
+- name: create .bash_profile
+  template:
+    src: "bash_profile.j2"
+    dest: "{{ '/root/.bash_profile' if user_name == 'root' else '/home/' ~ user_name ~ '/.bash_profile' }}"
+    owner: "{{user_name}}"
+    group: "{{user_name}}"

roles/user/templates/bash_profile.j2

@@ -0,0 +1,5 @@
+#
+# ~/.bash_profile
+#
+
+[[ -f ~/.bashrc ]] && . ~/.bashrc