diff --git a/group_vars/all/00_general.yml b/group_vars/all/00_general.yml
index 67283420..a4e10875 100644
--- a/group_vars/all/00_general.yml
+++ b/group_vars/all/00_general.yml
@@ -1,12 +1,14 @@
# General
pause_duration: "120" # Database delay to wait for the central database before continue tasks
-timezone: "UTC"
+timezone: "Etc/UTC"
locale: "en" # Some applications are case sensitive
# Deployment mode
deployment_mode: "single" # Use single, if you deploy on one server. Use cluster if you setup in cluster mode.
+web_protocol: "https" # Web protocol type. Use https or http. If you run local you need to change it to http
+
## Domain
primary_domain_tld: "localhost" # Top Level Domain of the server
primary_domain_sld: "cymais" # Second Level Domain of the server
diff --git a/group_vars/all/11_iam.yml b/group_vars/all/11_iam.yml
index 53c0912c..90d659ed 100644
--- a/group_vars/all/11_iam.yml
+++ b/group_vars/all/11_iam.yml
@@ -9,7 +9,7 @@
## Helper Variables:
_oidc_client_realm: "{{ oidc.client.realm if oidc.client is defined and oidc.client.realm is defined else primary_domain }}"
-_oidc_client_issuer_url: "https://{{domains.keycloak}}/realms/{{_oidc_client_realm}}"
+_oidc_client_issuer_url: "{{ web_protocol }}://{{domains.keycloak}}/realms/{{_oidc_client_realm}}"
defaults_oidc:
client:
diff --git a/group_vars/all/14_service_provider.yml b/group_vars/all/14_service_provider.yml
index e64cc016..e8342592 100644
--- a/group_vars/all/14_service_provider.yml
+++ b/group_vars/all/14_service_provider.yml
@@ -28,4 +28,4 @@ defaults_service_provider:
legal:
editorial_responsible: "Johannes Gutenberg"
source_code: "https://github.com/kevinveenbirkenbach/cymais"
- imprint: "https://{{domains.html_server}}/imprint.html"
\ No newline at end of file
+ imprint: "{{ web_protocol }}://{{domains.html_server}}/imprint.html"
\ No newline at end of file
diff --git a/roles/docker-bluesky/templates/docker-compose.yml.j2 b/roles/docker-bluesky/templates/docker-compose.yml.j2
index 474e5bc3..0714a6e2 100644
--- a/roles/docker-bluesky/templates/docker-compose.yml.j2
+++ b/roles/docker-bluesky/templates/docker-compose.yml.j2
@@ -22,8 +22,8 @@ services:
dockerfile: Dockerfile
# It doesn't compile yet with this parameters. @todo Fix it
args:
- REACT_APP_PDS_URL: "https://{{domains.bluesky_api}}" # URL des PDS
- REACT_APP_API_URL: "https://{{domains.bluesky_api}}" # API-URL des PDS
+ REACT_APP_PDS_URL: "{{ web_protocol }}://{{domains.bluesky_api}}" # URL des PDS
+ REACT_APP_API_URL: "{{ web_protocol }}://{{domains.bluesky_api}}" # API-URL des PDS
REACT_APP_SITE_NAME: "{{primary_domain | upper}} - Bluesky"
REACT_APP_SITE_DESCRIPTION: "Decentral Social "
ports:
diff --git a/roles/docker-gitea/templates/env.j2 b/roles/docker-gitea/templates/env.j2
index b1739829..d7403872 100644
--- a/roles/docker-gitea/templates/env.j2
+++ b/roles/docker-gitea/templates/env.j2
@@ -13,7 +13,7 @@ SSH_LISTEN_PORT=22
DOMAIN={{domains[application_id]}}
SSH_DOMAIN={{domains[application_id]}}
RUN_MODE="{{run_mode}}"
-ROOT_URL="https://{{domains[application_id]}}/"
+ROOT_URL="{{ web_protocol }}://{{domains[application_id]}}/"
# Mail Configuration
# @see https://docs.gitea.com/next/installation/install-with-docker#managing-deployments-with-environment-variables
diff --git a/roles/docker-keycloak/templates/import/realm.json.j2 b/roles/docker-keycloak/templates/import/realm.json.j2
index 5425b2db..d328eb18 100644
--- a/roles/docker-keycloak/templates/import/realm.json.j2
+++ b/roles/docker-keycloak/templates/import/realm.json.j2
@@ -517,7 +517,7 @@
"/realms/{{realm}}/account/*"
],
"webOrigins": [
- "https://{{domains.keycloak}}"
+ "{{ web_protocol }}://{{domains.keycloak}}"
],
"notBefore": 0,
"bearerOnly": false,
@@ -825,9 +825,9 @@
"clientId": "{{realm}}",
"name": "",
"description": "",
- "rootUrl": "https://{{realm}}/",
- "adminUrl": "https://{{realm}}/",
- "baseUrl": "https://{{realm}}/",
+ "rootUrl": "{{ web_protocol }}://{{realm}}/",
+ "adminUrl": "{{ web_protocol }}://{{realm}}/",
+ "baseUrl": "{{ web_protocol }}://{{realm}}/",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
@@ -837,10 +837,10 @@
{%- for application, domain in domains.items() %}
{%- if applications[application] is defined and (applications | get_oauth2_enabled(application) or applications | get_oidc_enabled(application)) %}
{%- if domain is string %}
- {%- set _ = redirect_uris.append("https://{}/*".format(domain)) %}
+ {%- set _ = redirect_uris.append("{{ web_protocol }}://{}/*".format(domain)) %}
{%- else %}
{%- for d in domain %}
- {%- set _ = redirect_uris.append("https://{}/*".format(d)) %}
+ {%- set _ = redirect_uris.append("{{ web_protocol }}://{}/*".format(d)) %}
{%- endfor %}
{%- endif %}
{%- endif %}
@@ -848,7 +848,7 @@
"redirectUris": {{ redirect_uris | tojson }},
"webOrigins": [
- "https://*.{{primary_domain}}"
+ "{{ web_protocol }}://*.{{primary_domain}}"
],
"notBefore": 0,
"bearerOnly": false,
@@ -865,7 +865,7 @@
"oidc.ciba.grant.enabled": "false",
"client.secret.creation.time": "0",
"backchannel.logout.session.required": "true",
- "post.logout.redirect.uris": "https://{{primary_domain}}/*##+",
+ "post.logout.redirect.uris": "{{ web_protocol }}://{{primary_domain}}/*##+",
"frontchannel.logout.session.required": "true",
"oauth2.device.authorization.grant.enabled": "false",
"display.on.consent.screen": "false",
diff --git a/roles/docker-listmonk/tasks/main.yml b/roles/docker-listmonk/tasks/main.yml
index 3777b4fa..6e611b37 100644
--- a/roles/docker-listmonk/tasks/main.yml
+++ b/roles/docker-listmonk/tasks/main.yml
@@ -54,6 +54,7 @@
shell: |
docker exec -i {{ database_host }} psql \
-U {{ database_username }} \
+ -v ON_ERROR_STOP=1 \
-d {{ database_name }} << 'EOSQL'
UPDATE settings
SET value = '{{ item.value }}'::jsonb
diff --git a/roles/docker-listmonk/templates/env.j2 b/roles/docker-listmonk/templates/env.j2
index db2fb8d1..8c24e124 100644
--- a/roles/docker-listmonk/templates/env.j2
+++ b/roles/docker-listmonk/templates/env.j2
@@ -1,4 +1,4 @@
-TZ=Etc/UTC
+TZ={{timezone}}
# Administrator setup
diff --git a/roles/docker-listmonk/vars/main.yml b/roles/docker-listmonk/vars/main.yml
index 62b01548..a2f6f4c5 100644
--- a/roles/docker-listmonk/vars/main.yml
+++ b/roles/docker-listmonk/vars/main.yml
@@ -4,7 +4,10 @@ database_type: "postgres"
listmonk_settings:
- key: "app.root_url"
- value: '"https://{{ domains[application_id] }}"'
+ value: '"{{ web_protocol }}://{{ domains[application_id] }}"'
+
+ - key: "app.notify_emails"
+ value: "{{ [ users.administrator.email ] | to_json }}"
# OIDC integration (conditional)
- key: "security.oidc"
@@ -17,9 +20,178 @@ listmonk_settings:
} | to_json }}
when: applications[application_id].features.oidc | bool
- # hCaptcha toggles and credentials\ n - key: "security.enable_captcha"
- value: "true"
+ # hCaptcha toggles and credentials
+ - key: "security.enable_captcha"
+ value: 'true'
+
- key: "security.captcha_key"
value: '"{{ applications[application_id].credentials.hcaptcha.site_key }}"'
+
- key: "security.captcha_secret"
- value: '"{{ applications[application_id].credentials.hcaptcha.secret }}"'
\ No newline at end of file
+ value: '"{{ applications[application_id].credentials.hcaptcha.secret }}"'
+
+ # SMTP servers
+ - key: "smtp"
+ value: >-
+ {{ [
+ {
+ "host": system_email.host,
+ "port": system_email.port,
+ "enabled": system_email.smtp,
+ "username": system_email.username,
+ "password": system_email.password,
+ "tls_type": (
+ system_email.tls
+ | ternary("TLS",
+ system_email.start_tls
+ | ternary("STARTTLS","NONE")
+ )
+ ),
+ "email_headers": [],
+ "hello_hostname": "",
+ "max_conns": 10,
+ "idle_timeout": "15s",
+ "wait_timeout": "5s",
+ "auth_protocol": "login",
+ "max_msg_retries": 2,
+ "tls_skip_verify": false
+ }
+ ] | to_json }}
+ when: system_email.smtp | bool
+
+
+ - key: "app.lang"
+ value: '"{{ locale }}"'
+
+# - key: "messengers"
+# value: '[]'
+
+ - key: "app.logo_url"
+ value: '"{{ service_provider.platform.logo }}"'
+
+ - key: "app.site_name"
+ value: '"Mailing list"'
+
+# - key: "bounce.enabled"
+# value: 'false'
+#
+# - key: "upload.max_file_size"
+# value: '5000'
+#
+# - key: "upload.s3.aws_secret_access_key"
+# value: '""'
+#
+# - key: "app.batch_size"
+# value: '1000'
+
+ - key: "app.from_email"
+ value: '"{{ service_provider.company.titel }} Newsletter <{{ system_email.from }}>"'
+
+ - key: "bounce.actions"
+ value: >-
+ {"hard": {"count": 1, "action": "blocklist"}, "soft": {"count": 2, "action": "none"}, "complaint": {"count": 1, "action": "blocklist"}}
+
+ - key: "app.concurrency"
+ value: '10'
+
+ - key: "app.favicon_url"
+ value: '"{{ service_provider.platform.favicon }}"'
+
+# - key: "bounce.postmark"
+# value: '{"enabled": false, "password": "", "username": ""}'
+#
+# - key: "upload.provider"
+# value: '"filesystem"'
+
+# - key: "app.message_rate"
+# value: '10'
+#
+# - key: "bounce.mailboxes"
+# value: >-
+# [{"host": "pop.yoursite.com", "port": 995, "type": "pop", "uuid": "471fd0e9-8c33-4e4a-9183-c4679699faca", "enabled": false, "password": "password", "username": "username", "return_path": "bounce@listmonk.yoursite.com", "tls_enabled": true, "auth_protocol": "userpass", "scan_interval": "15m", "tls_skip_verify": false}]
+
+# - key: "upload.s3.url"
+# value: '"https://ap-south-1.s3.amazonaws.com"'
+#
+# - key: "upload.s3.bucket"
+# value: '""'
+#
+# - key: "upload.s3.expiry"
+# value: '"167h"'
+
+ - key: "app.check_updates"
+ value: 'true'
+
+
+# - key: "upload.extensions"
+# value: '["jpg", "jpeg", "png", "gif", "svg", "*"]'
+#
+# - key: "bounce.ses_enabled"
+# value: 'false'
+#
+# - key: "privacy.allow_wipe"
+# value: 'true'
+#
+# - key: "privacy.exportable"
+# value: '["profile", "subscriptions", "campaign_views", "link_clicks"]'
+#
+# - key: "app.max_send_errors"
+# value: '1000'
+#
+# - key: "bounce.forwardemail"
+# value: '{"key": "", "enabled": false}'
+#
+# - key: "bounce.sendgrid_key"
+# value: '""'
+#
+# - key: "privacy.allow_export"
+# value: 'true'
+#
+# - key: "upload.s3.public_url"
+# value: '""'
+#
+# - key: "upload.s3.bucket_path"
+# value: '"/"'
+#
+# - key: "upload.s3.bucket_type"
+# value: '"public"'
+#
+# - key: "app.cache_slow_queries"
+# value: 'false'
+#
+# - key: "bounce.sendgrid_enabled"
+# value: 'false'
+#
+# - key: "bounce.webhooks_enabled"
+# value: 'false'
+#
+# - key: "privacy.domain_blocklist"
+# value: '[]'
+#
+# - key: "privacy.allow_blocklist"
+# value: 'true'
+#
+# - key: "privacy.record_optin_ip"
+# value: 'false'
+#
+# - key: "app.enable_public_archive"
+# value: 'true'
+#
+# - key: "privacy.allow_preferences"
+# value: 'true'
+#
+# - key: "app.message_sliding_window"
+# value: 'false'
+#
+# - key: "app.message_sliding_window_rate"
+# value: '10000'
+#
+# - key: "app.enable_public_subscription_page"
+# value: 'true'
+#
+# - key: "app.message_sliding_window_duration"
+# value: '"1h"'
+
+ - key: "app.enable_public_archive_rss_content"
+ value: 'true'
+
diff --git a/roles/docker-mailu/tasks/TODO.md b/roles/docker-mailu/tasks/TODO.md
new file mode 100644
index 00000000..ab9741a0
--- /dev/null
+++ b/roles/docker-mailu/tasks/TODO.md
@@ -0,0 +1,2 @@
+# Todo
+- Implement create-mailu-user-and-token.yml for no-reply and bounce
\ No newline at end of file
diff --git a/roles/docker-mailu/tasks/create-mailu-user-and-token.yml b/roles/docker-mailu/tasks/create-mailu-user-and-token.yml
new file mode 100644
index 00000000..08d21ba0
--- /dev/null
+++ b/roles/docker-mailu/tasks/create-mailu-user-and-token.yml
@@ -0,0 +1,69 @@
+---
+# tasks/create-mailu-user-and-token.yml
+#
+# Ensures a Mailu user exists and idempotently creates an API token for them.
+#
+# Required variables:
+# mailu_compose_dir: Path to your docker-compose.yml directory
+# mailu_user: Local part of the user (e.g., "alice")
+# mailu_domain: Domain for the user (e.g., "example.com")
+# mailu_password: Password for the new user
+# mailu_api_base_url: Base URL of the Mailu API (e.g., "https://mail.example.com/api/v1")
+# mailu_global_api_token: Global API token (from API_TOKEN environment variable)
+#
+# Optional variable:
+# mailu_user_token: Pre-existing API token for the user (if already created)
+
+- name: "Ensure Mailu user {{ mailu_user }}@{{ mailu_domain }} exists"
+ command: >
+ docker compose exec admin flask mailu user {{ mailu_user }} {{ mailu_domain }} '{{ mailu_password }}'
+ args:
+ chdir: "{{ mailu_compose_dir }}"
+ register: mailu_user_creation
+ failed_when: false
+ changed_when: mailu_user_creation.rc == 0 and 'User added' in mailu_user_creation.stdout
+
+- name: "Fetch existing API tokens"
+ uri:
+ url: "{{ mailu_api_base_url }}/tokens"
+ method: GET
+ headers:
+ Authorization: "Bearer {{ mailu_global_api_token }}"
+ return_content: yes
+ register: mailu_tokens_response
+ failed_when: mailu_tokens_response.status not in [200]
+
+- name: "Extract existing token info for {{ mailu_user }}"
+ set_fact:
+ mailu_user_existing_token: >
+ {{ mailu_tokens_response.json
+ | selectattr('comment', 'equalto', mailu_user)
+ | list
+ | first }}
+
+- name: "Create API token for {{ mailu_user }} if none exists"
+ uri:
+ url: "{{ mailu_api_base_url }}/tokens"
+ method: POST
+ headers:
+ Authorization: "Bearer {{ mailu_global_api_token }}"
+ Content-Type: "application/json"
+ body_format: json
+ body:
+ comment: "{{ mailu_user }}"
+ ip: "0.0.0.0/0"
+ status_code: 201
+ register: mailu_token_creation
+ when: mailu_user_existing_token is not defined
+
+- name: "Set mailu_user_token fact"
+ set_fact:
+ mailu_user_token: >
+ {{ (mailu_token_creation is defined)
+ ? mailu_token_creation.json.secret
+ : (mailu_user_existing_token.secret | default('')) }}
+
+# Note:
+# - GET /tokens returns only metadata (id, comment, ip, created), not the secret itself.
+# - The secret is returned only by the POST request and must be captured when created.
+# - Store mailu_user_token securely (e.g., in Ansible Vault) for future use.
\ No newline at end of file
diff --git a/roles/docker-matrix-compose/templates/element.config.json.j2 b/roles/docker-matrix-compose/templates/element.config.json.j2
index dd3714da..6960a15c 100644
--- a/roles/docker-matrix-compose/templates/element.config.json.j2
+++ b/roles/docker-matrix-compose/templates/element.config.json.j2
@@ -1,11 +1,11 @@
{
"default_server_config": {
"m.homeserver": {
- "base_url": "https://{{domains.matrix_synapse}}",
+ "base_url": "{{ web_protocol }}://{{domains.matrix_synapse}}",
"server_name": "{{domains.matrix_synapse}}"
},
"m.identity_server": {
- "base_url": "https://{{primary_domain}}"
+ "base_url": "{{ web_protocol }}://{{primary_domain}}"
}
},
"brand": "Element",
diff --git a/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2 b/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2
index 2fa0cb61..81d1c932 100644
--- a/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2
+++ b/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2
@@ -24,8 +24,8 @@ report_stats: true
macaroon_secret_key: "{{matrix_macaroon_secret_key}}"
form_secret: "{{matrix_form_secret}}"
signing_key_path: "/data/{{domains.matrix_synapse}}.signing.key"
-web_client_location: "https://{{domains.matrix_element}}"
-public_baseurl: "https://{{domains.matrix_synapse}}"
+web_client_location: "{{ web_protocol }}://{{domains.matrix_element}}"
+public_baseurl: "{{ web_protocol }}://{{domains.matrix_synapse}}"
trusted_key_servers:
- server_name: "matrix.org"
admin_contact: 'mailto:{{users.administrator.email}}'
diff --git a/roles/docker-nextcloud/templates/env.j2 b/roles/docker-nextcloud/templates/env.j2
index f9b10601..ca488d99 100644
--- a/roles/docker-nextcloud/templates/env.j2
+++ b/roles/docker-nextcloud/templates/env.j2
@@ -32,7 +32,7 @@ NEXTCLOUD_ADMIN_PASSWORD= "{{applications[application_id].users.administra
NEXTCLOUD_TRUSTED_DOMAINS= "{{domains[application_id]}}"
# Whitelist local docker gateway in Nextcloud to prevent brute-force throtteling
TRUSTED_PROXIES= "192.168.102.65"
-OVERWRITECLIURL= "https://{{domains[application_id]}}"
+OVERWRITECLIURL= "{{ web_protocol }}://{{domains[application_id]}}"
OVERWRITEPROTOCOL= "https"
# Redis Configuration
diff --git a/roles/docker-nextcloud/vars/system.yml b/roles/docker-nextcloud/vars/system.yml
index 7299a246..27cc71f1 100644
--- a/roles/docker-nextcloud/vars/system.yml
+++ b/roles/docker-nextcloud/vars/system.yml
@@ -18,4 +18,4 @@ nextcloud_system_config:
value: "{{domains[application_id]}}"
- parameter: "overwrite.cli.url"
- value: "https://{{domains[application_id]}}"
\ No newline at end of file
+ value: "{{ web_protocol }}://{{domains[application_id]}}"
\ No newline at end of file
diff --git a/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2 b/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
index 8d322f2a..31c3fe4d 100644
--- a/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
+++ b/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
@@ -9,7 +9,7 @@ whitelist_domains = [".{{primary_domain}}"]
# keycloak provider
client_secret = "{{oidc.client.secret}}"
client_id = "{{oidc.client.id}}"
-redirect_url = "https://{{domain}}/oauth2/callback"
+redirect_url = "{{ web_protocol }}://{{domain}}/oauth2/callback"
oidc_issuer_url = "{{oidc.client.issuer_url}}"
provider = "oidc"
provider_display_name = "Keycloak"
diff --git a/roles/docker-portfolio/templates/config.yaml.j2 b/roles/docker-portfolio/templates/config.yaml.j2
index 78f9cbf3..07b02b3b 100644
--- a/roles/docker-portfolio/templates/config.yaml.j2
+++ b/roles/docker-portfolio/templates/config.yaml.j2
@@ -26,7 +26,7 @@ accounts:
description: Follow {{ 'our' if service_provider.type == 'legal' else 'my' }} updates on Mastodon.
icon:
class: fa-brands fa-mastodon
- url: "https://{{ service_provider.contact.mastodon.split('@')[2] }}/@{{ service_provider.contact.mastodon.split('@')[1] }}"
+ url: "{{ web_protocol }}://{{ service_provider.contact.mastodon.split('@')[2] }}/@{{ service_provider.contact.mastodon.split('@')[1] }}"
identifier: "{{service_provider.contact.mastodon}}"
iframe: {{ applications | get_features_iframe('mastodon') }}
@@ -51,7 +51,7 @@ accounts:
icon:
class: fa-solid fa-camera
identifier: "{{service_provider.contact.pixelfed}}"
- url: "https://{{ service_provider.contact.pixelfed.split('@')[2] }}/@{{ service_provider.contact.pixelfed.split('@')[1] }}"
+ url: "{{ web_protocol }}://{{ service_provider.contact.pixelfed.split('@')[2] }}/@{{ service_provider.contact.pixelfed.split('@')[1] }}"
iframe: {{ applications | get_features_iframe('pixelfed') }}
{% endif %}
@@ -63,7 +63,7 @@ accounts:
icon:
class: fa-solid fa-video
identifier: "{{service_provider.contact.peertube}}"
- url: "https://{{ service_provider.contact.peertube.split('@')[2] }}/@{{ service_provider.contact.peertube.split('@')[1] }}"
+ url: "{{ web_protocol }}://{{ service_provider.contact.peertube.split('@')[2] }}/@{{ service_provider.contact.peertube.split('@')[1] }}"
iframe: {{ applications | get_features_iframe('peertube') }}
{% endif %}
@@ -75,7 +75,7 @@ accounts:
icon:
class: fa-solid fa-blog
identifier: "{{service_provider.contact.wordpress}}"
- url: "https://{{ service_provider.contact.wordpress.split('@')[2] }}/@{{ service_provider.contact.wordpress.split('@')[1] }}"
+ url: "{{ web_protocol }}://{{ service_provider.contact.wordpress.split('@')[2] }}/@{{ service_provider.contact.wordpress.split('@')[1] }}"
iframe: {{ applications | get_features_iframe('wordpress') }}
{% endif %}
@@ -97,7 +97,7 @@ accounts:
icon:
class: fas fa-network-wired
identifier: "{{service_provider.contact.friendica}}"
- url: "https://{{ service_provider.contact.friendica.split('@')[2] }}/@{{ service_provider.contact.friendica.split('@')[1] }}"
+ url: "{{ web_protocol }}://{{ service_provider.contact.friendica.split('@')[2] }}/@{{ service_provider.contact.friendica.split('@')[1] }}"
iframe: {{ applications | get_features_iframe('friendica') }}
{% endif %}
diff --git a/roles/docker-wordpress/tasks/install.yml b/roles/docker-wordpress/tasks/install.yml
index fcae5660..35a47294 100644
--- a/roles/docker-wordpress/tasks/install.yml
+++ b/roles/docker-wordpress/tasks/install.yml
@@ -2,7 +2,7 @@
command: >
docker-compose exec -T -u www-data application
wp core install
- --url="https://{{ domains[application_id][0] }}"
+ --url="{{ web_protocol }}://{{ domains[application_id][0] }}"
--title="{{ applications[application_id].title }}"
--admin_user="{{ applications[application_id].credentials.administrator.username }}"
--admin_password="{{ applications[application_id].credentials.administrator.password }}"
diff --git a/roles/docker-wordpress/vars/discourse.yml b/roles/docker-wordpress/vars/discourse.yml
index a1c18d0a..b5362cf8 100644
--- a/roles/docker-wordpress/vars/discourse.yml
+++ b/roles/docker-wordpress/vars/discourse.yml
@@ -11,7 +11,7 @@ discourse_settings:
- name: discourse_connect
key: url
- value: "https://{{ domains.discourse }}"
+ value: "{{ web_protocol }}://{{ domains.discourse }}"
- name: discourse_connect
key: api-key
value: "{{ vault_discourse_api_key }}"
diff --git a/roles/docker-yourls/templates/env.j2 b/roles/docker-yourls/templates/env.j2
index 4253d753..a6889c30 100644
--- a/roles/docker-yourls/templates/env.j2
+++ b/roles/docker-yourls/templates/env.j2
@@ -2,6 +2,6 @@ YOURLS_DB_HOST: "{{database_host}}"
YOURLS_DB_USER: "{{database_username}}"
YOURLS_DB_PASS: "{{database_password}}"
YOURLS_DB_NAME: "{{database_name}}"
-YOURLS_SITE: "https://{{domains[application_id]}}"
+YOURLS_SITE: "{{ web_protocol }}://{{domains[application_id]}}"
YOURLS_USER: "{{applications.yourls.users.administrator.username}}"
YOURLS_PASS: "{{yourls_administrator_password}}"
\ No newline at end of file
diff --git a/roles/health-nginx/templates/health-nginx.py.j2 b/roles/health-nginx/templates/health-nginx.py.j2
index 65fd61fa..6620ce0c 100644
--- a/roles/health-nginx/templates/health-nginx.py.j2
+++ b/roles/health-nginx/templates/health-nginx.py.j2
@@ -20,7 +20,7 @@ for filename in os.listdir(config_path):
parts = domain.split('.')
# Prepare the URL and expected status codes
- url = f"https://{domain}"
+ url = f"{{ web_protocol }}://{domain}"
# Default: Expect status code 200 or 302 for a domain
expected_statuses = [200,302]
diff --git a/roles/nginx-modifier-matomo/tasks/main.yml b/roles/nginx-modifier-matomo/tasks/main.yml
index 98d289bf..9594f127 100644
--- a/roles/nginx-modifier-matomo/tasks/main.yml
+++ b/roles/nginx-modifier-matomo/tasks/main.yml
@@ -28,7 +28,7 @@
- name: Add site to Matomo and get ID if not exists
uri:
- url: "https://{{ domains.matomo }}/index.php"
+ url: "{{ web_protocol }}://{{ domains.matomo }}/index.php"
method: POST
body: "module=API&method=SitesManager.addSite&siteName={{ base_domain }}&urls=https://{{ base_domain }}&token_auth={{ applications.matomo.credentials.auth_token }}&format=json"
body_format: form-urlencoded
diff --git a/roles/nginx-modifier-matomo/vars/main.yml b/roles/nginx-modifier-matomo/vars/main.yml
index 622d2ebf..74eeb35f 100644
--- a/roles/nginx-modifier-matomo/vars/main.yml
+++ b/roles/nginx-modifier-matomo/vars/main.yml
@@ -1,2 +1,2 @@
base_domain: "{{ domain | regex_replace('^(?:.*\\.)?(.+\\..+)$', '\\1') }}"
-verification_url: "https://{{domains.matomo}}/index.php?module=API&method=SitesManager.getSitesIdFromSiteUrl&url=https://{{base_domain}}&format=json&token_auth={{applications.matomo.credentials.auth_token}}"
\ No newline at end of file
+verification_url: "{{ web_protocol }}://{{domains.matomo}}/index.php?module=API&method=SitesManager.getSitesIdFromSiteUrl&url=https://{{base_domain}}&format=json&token_auth={{applications.matomo.credentials.auth_token}}"
\ No newline at end of file
diff --git a/roles/nginx-serve-legal/templates/imprint.html.j2 b/roles/nginx-serve-legal/templates/imprint.html.j2
index 342a8f4c..09e821b7 100644
--- a/roles/nginx-serve-legal/templates/imprint.html.j2
+++ b/roles/nginx-serve-legal/templates/imprint.html.j2
@@ -1,5 +1,5 @@
-
+
diff --git a/templates/vars/Todo.md b/templates/vars/Todo.md
new file mode 100644
index 00000000..14dde5e6
--- /dev/null
+++ b/templates/vars/Todo.md
@@ -0,0 +1,3 @@
+# Todo
+- Implement Keycloak iframe so that mailu can be used in iframe
+- Activate mailu in iframe
\ No newline at end of file
diff --git a/templates/vars/applications.yml.j2 b/templates/vars/applications.yml.j2
index f4ff7e84..1fa6220a 100644
--- a/templates/vars/applications.yml.j2
+++ b/templates/vars/applications.yml.j2
@@ -34,7 +34,7 @@ defaults_applications:
## Assets Server
assets_server:
source_directory: "{{ playbook_dir }}/assets" # Directory from which the assets will be copied
- url: "https://{{domains.file_server}}/assets" # Public address of the assets directory
+ url: "{{ web_protocol }}://{{domains.file_server}}/assets" # Public address of the assets directory
## Attendize
attendize:
version: "latest"
@@ -76,7 +76,7 @@ defaults_applications:
# fsesl_password: # Needs to be defined in inventory file
# turn_secret: # Needs to be defined in inventory file
urls:
- api: "https://{{domains.bigbluebutton}}/bigbluebutton/" # API Address used by Nextcloud Integration
+ api: "{{ web_protocol }}://{{domains.bigbluebutton}}/bigbluebutton/" # API Address used by Nextcloud Integration
## Bluesky
bluesky:
@@ -305,11 +305,12 @@ defaults_applications:
{% endraw %}{{ features.render_features({
'matomo': true,
'css': true,
- 'iframe': true,
+ 'iframe': false,
'oidc': true,
'database': false
}) }}{% raw %}
# Deactivate central database for mailu, I don't know why the database deactivation is necessary
+# Deactivated mailu iframe loading until keycloak supports it
## MariaDB
mariadb:
@@ -633,7 +634,7 @@ defaults_applications:
oauth2_proxy:
configuration_file: "oauth2-proxy-keycloak.cfg" # Needs to be set true in the roles which use it
version: "latest" # Docker Image version
- redirect_url: "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
+ redirect_url: "{{ web_protocol }}://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth" # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
allowed_roles: admin # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups
{% endraw %}{{ features.render_features({
'matomo': true,