Solved multiple bugs like networking, variables etc. which occured on veen.world server

group_vars/all/07_applications.yml

@@ -114,14 +114,17 @@ defaults_applications:
     setup:                            false                                     # Set true in inventory file to execute the setup and initializing procedures
 
   mailu:
+    version:                          "2024.06"                                 # Docker Image Version
+    setup:                            false                                     # Set true in inventory file to execute the setup and initializing procedures
     oidc:
       enabled:                        true                                      # Activate OIDC for Mailu
     domain:                           "{{primary_domain}}"                      # The main domain from which mails will be send \ email suffix behind @
     # I don't know why the database deactivation is necessary
     enable_central_database:          False                                     # Deactivate central database for mailu
-#    secret_key:                                                                # Needs to be set in inventory file
-#    database_password:                                                         # Needs to be set in inventory file
-#    api_token:                                                                 # Needs to be set in inventory file
+    credentials:                                     
+#     secret_key:                                                               # Needs to be set in inventory file
+#     database_password:                                                        # Needs to be set in inventory file
+#     api_token:                                                                # Needs to be set in inventory file
 
   ## MariaDB
   mariadb:
@@ -143,21 +146,19 @@ defaults_applications:
     single_user_mode:                 false                         # Set true for initial setup
     setup:                            false                         # Set true in inventory file to execute the setup and initializing procedures
     oidc:
-      enabled:               true                                   # Activate OIDC for Mailu
-#
+        enabled:                        true                          # Activate OIDC for Mastodon
+    credentials:
 # Check out the README.md of the docker-mastodon role to get detailled instructions about how to setup the credentials
-#
-#    credentials:
-#      database_password:                              
-#      secret_key_base:                                
-#      otp_secret:                                     
-#      vapid:
-#        private_key:                                  
-#        public_key:                                   
-#      active_record_encryption:
-#        deterministic_key:                            
-#        key_derivation_salt:                          
-#        primary_key:                                  
+#     database_password:                              
+#     secret_key_base:                                
+#     otp_secret:                                     
+#     vapid:
+#       private_key:                                  
+#       public_key:                                   
+#     active_record_encryption:
+#       deterministic_key:                            
+#       key_derivation_salt:                          
+#       primary_key:                                  
 
   ## Matrix
   matrix:
@@ -171,12 +172,6 @@ defaults_applications:
       version:                        "latest"
     setup:                            false                         # Set true in inventory file to execute the setup and initializing procedures
 
-  ## Mailu
-  mailu:
-    version:                          "2024.06"
-    domain:                           "{{primary_domain}}"
-    setup:                            false                         # Set true in inventory file to execute the setup and initializing procedures
-
   ## Moodle
   moodle:
     site_titel:                       "Global Learning Academy on {{primary_domain}}"

group_vars/all/10_networks.yml

@@ -6,6 +6,8 @@ defaults_networks:
     # The default docker subnetworking does lead to overlapping and to huge networks.
     # Due to this reason networks with 16 ips are created.
     # This should be sufficient for the most cases
+
+    # /28 Networks, 14 Usable Ip Addresses
     akaunting:
       subnet: 192.168.101.0/28
     attendize:
@@ -32,8 +34,8 @@ defaults_networks:
       subnet: 192.168.101.176/28
     listmonk:
       subnet: 192.168.101.192/28
-    mariadb:
-      subnet: 192.168.101.208/28
+    # Free:
+    #  subnet: 192.168.101.208/28
     matomo:
       subnet: 192.168.101.224/28
     mastodon:
@@ -58,8 +60,8 @@ defaults_networks:
       subnet: 192.168.102.112/28
     pixelfed:
       subnet: 192.168.102.128/28
-    postgres:
-      subnet: 192.168.102.144/28
+    # Free :
+    #  subnet: 192.168.102.144/28
     snipe_it:
       subnet: 192.168.102.160/28
     taiga:
@@ -68,7 +70,14 @@ defaults_networks:
       subnet: 192.168.102.192/28
     discourse:
       subnet: 192.168.102.208/28
+    # /24 Networks / 254 Usable Clients
     bigbluebutton:
-      subnet: 10.7.7.0/24 # This variable does not have an impact. It's just there for documentation reasons.
+      subnet: 10.7.7.0/24 # This variable does not have an impact. It's just there for documentation reasons, because this network is used in bbb
+    postgres:
+      subnet: 192.168.200.0/24
+    mariadb:
+      subnet: 192.168.201.0/24
+    central_ldap:
+      subnet: 192.168.202.0/24
 
   

roles/docker-central-database/tasks/main.yml

@@ -18,5 +18,5 @@
 
 - name: create central database
   include_role:
-    name: docker-{{database_type}}
+    name: "docker-{{database_type}}"
   when: enable_central_database | bool

roles/docker-keycloak/templates/import/realm.json.j2

@@ -834,19 +834,17 @@
       "clientAuthenticatorType": "client-secret",
       "secret": "{{oidc.client.secret}}",
       "redirectUris": [
-        {%- set redirect_uris = [] -%}
         {%- for application, domain in domains.items() -%}
           {%- if applications[application_id] is defined and applications | get_oauth2_enabled(application_id) -%}
             {%- if domain is string -%}
-              {%- set _ = redirect_uris.append("https://" ~ domain ~ "/*") -%}
+                "https://" {{ domain }} "/*",
             {%- else -%}
               {%- for d in domain -%}
-                {%- set _ = redirect_uris.append("https://" ~ domain ~ "/*") -%}
+                "https://" {{ domain }} "/*",
               {%- endfor -%}
             {%- endif -%}
           {%- endif -%}
         {%- endfor -%}
-        {{ redirect_uris | map('tojson') | join(",\n") }}
       ],
 
       "webOrigins": [

roles/docker-ldap/tasks/main.yml

@@ -24,6 +24,8 @@
   docker_network:
     name: central_ldap
     state: present
+    ipam_config:
+      - subnet: "{{ networks.local.central_ldap.subnet }}"
 
 - name: "copy docker-compose.yml and env file"
   include_tasks: copy-docker-compose-and-env.yml

roles/docker-mailu/templates/env.j2

@@ -12,7 +12,7 @@
 LD_PRELOAD=/usr/lib/libhardened_malloc.so 
 
 # Set to a randomly generated 16 bytes string
-SECRET_KEY={{applications.mailu.secret_key}}
+SECRET_KEY={{applications.mailu.credentials.secret_key}}
 
 # Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
 SUBNET={{networks.local.mailu.subnet}}
@@ -145,7 +145,7 @@ LOG_LEVEL=WARNING
 SQLALCHEMY_DATABASE_URI_ROUNDCUBE=mysql://{{database_username}}:{{database_password}}@{{database_host}}/{{database_name}}?collation=utf8mb4_unicode_ci
 SQLALCHEMY_DATABASE_URI=mysql+mysqlconnector://{{database_username}}:{{database_password}}@{{database_host}}/{{database_name}}?collation=utf8mb4_unicode_ci
 
-API_TOKEN={{applications.mailu.api_token}}
+API_TOKEN={{applications.mailu.credentials.api_token}}
 
 # Activated https://mailu.io/master/configuration.html#advanced-settings
 AUTH_REQUIRE_TOKENS=True

roles/docker-mailu/vars/main.yml

@@ -1,5 +1,5 @@
 application_id:               "mailu"
-database_password:  	        "{{applications.mailu.database_password}}"
+database_password:  	        "{{applications.mailu.credentials.database_password}}"
 database_type:                "mariadb"
 cert_mount_directory:         "{{docker_compose.directories.volumes}}certs/"
 enable_wildcard_certificate:  false

roles/docker-mariadb/tasks/main.yml

@@ -2,6 +2,8 @@
   docker_network:
     name: central_mariadb
     state: present
+    ipam_config:
+      - subnet: "{{ networks.local.mariadb.subnet }}"
   when: run_once_docker_mariadb is not defined
 
 - name: install MariaDB

roles/docker-postgres/README.md

@@ -31,4 +31,6 @@ docker exec -it central-postgres psql -U postgres
 
 ## Notes
 - The PostgreSQL server is bound to `127.0.0.1:5432` on the host machine, making it accessible only from localhost.
-- Ensure that the provided passwords are secure and stored securely, preferably using Ansible Vault or another encryption method.
+
+## Author
+This role was created by [Kevin Veen-Birkenbach](https://www.veen.world).

roles/docker-postgres/tasks/main.yml

@@ -2,6 +2,8 @@
   docker_network:
     name: central_postgres
     state: present
+    ipam_config:
+      - subnet: "{{ networks.local.postgres.subnet }}"
   when: run_once_docker_postgres is not defined
 
 - name: Install PostgreSQL

roles/user/tasks/main.yml

@@ -1,6 +1,6 @@
 - name: create .bashrc
   template:
     src: "bashrc.j2"
-    dest: "/home/{{user_name}}/.bashrc"
+    dest: "{{ '/root/.bashrc' if user_name == 'root' else '/home/' ~ user_name ~ '/.bashrc' }}"
     owner: "{{user_name}}"
     group: "{{user_name}}"

roles/user/templates/bashrc.j2

@@ -1,10 +1,6 @@
-  GNU nano 8.3                                                                                                                                                                              .bashrc                                                                                                                                                                                         
 #!/bin/bash
 
-# If not running interactively, don't do anything
-[[ $- != *i* ]] && return
-
-# Set color variables based on the current user
+# Set color variables for the welcome text based on the current user
 if [ "$USER" = "root" ]; then
     HEADER_COLOR="\033[1;31m"      # Bold red for root
 elif [ "$USER" = "administrator" ]; then
@@ -14,8 +10,12 @@ else
 fi
 RESET_COLOR="\033[0m"
 
-# Welcome message
-echo -e "${HEADER_COLOR}Welcome, $USER on $HOSTNAME!${RESET_COLOR}"
+# Color code for the hostname (set to green, bold, underlined, and blinking)
+HOSTNAME_COLOR="\[\033[1;4;5;32m\]"
+
+# Print welcome message
+echo -e "${HEADER_COLOR}Welcome, $USER on ${HOSTNAME_COLOR}$HOSTNAME!${RESET_COLOR}"
+echo ""
 echo -e "${HEADER_COLOR}Today is $(date +"%A, %d.%m.%Y %T")${RESET_COLOR}"
 echo ""
 
@@ -44,16 +44,23 @@ echo -e "${HEADER_COLOR}Top 5 Processes by CPU Usage:${RESET_COLOR}"
 ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%cpu | head -n 6
 echo ""
 
+# Set aliases for colored output for ls and grep
 alias ls='ls --color=auto'
 alias grep='grep --color=auto'
-PS1="\$(if [ \"\$USER\" = \"administrator\" ]; then \
-    echo \"\[\033[4;38;5;208m\]$USER\"; \
-  elif [ \"\$USER\" = \"root\" ]; then \
-    echo \"\[\033[4;5;1;31m\]$USER\"; \
-  else \
-    echo \"\[\033[4;33m\]\$USER\"; \
-  fi)@\$(if [ \"\$USER\" = \"root\" ]; then \
-    echo \"\[\033[1;4;5;32m\]\h\"; \
-  else \
-    echo \"\[\033[1;4;32m\]\h\"; \
-  fi) \[\033[90m\]\$(date +%H:%M:%S)\[\033[0m\]:\[\033[38;5;13m\]\w \[\033[0m\]\$ "
+
+# --- Prompt Configuration ---
+
+# Define color codes for the username in the prompt based on the current user
+if [ "$USER" = "root" ]; then
+    PROMPT_USER_COLOR="\[\033[4;5;1;31m\]"        # Underlined, bold red for root
+elif [ "$USER" = "administrator" ]; then
+    PROMPT_USER_COLOR="\[\033[4;38;5;208m\]"      # Underlined, bold orange for administrator
+else
+    PROMPT_USER_COLOR="\[\033[33m\]"              # yellow for other users
+fi
+
+# Reset code for the prompt (must be wrapped in \[ \])
+PROMPT_RESET="\[\033[0m\]"
+
+# Configure PS1: username, hostname in green, time and current directory
+PS1="${PROMPT_USER_COLOR}\u${PROMPT_RESET}@${HOSTNAME_COLOR}\h${PROMPT_RESET} \[\033[90m\]\$(date +%H:%M:%S)\[\033[0m\]:\[\033[38;5;13m\]\w ${PROMPT_RESET}\$ "

tasks/copy-docker-compose-and-env.yml

@@ -1,13 +1,24 @@
-- name: "create {{docker_compose.files.docker_compose}}"
+- name: "create {{ docker_compose.files.docker_compose }}"
   template:
-    src:	"docker-compose.yml.j2"
-    dest:	"{{docker_compose.files.docker_compose}}"
+    src: "docker-compose.yml.j2"
+    dest: "{{ docker_compose.files.docker_compose }}"
   notify: docker compose project setup
+  register: docker_compose_template
 
-- name: "create {{docker_compose.files.env}}"
-  template: 
-    src:  "env.j2" 
-    dest: "{{docker_compose.files.env}}"
+- name: "create {{ docker_compose.files.env }}"
+  template:
+    src: "env.j2"
+    dest: "{{ docker_compose.files.env }}"
     mode: '770'
     force: yes
-  notify: docker compose project setup
+  notify: docker compose project setup
+  register: env_template
+
+- name: Check if docker compose has any running container and trigger setup if needed
+  command: docker compose ps -q --filter status=running
+  args:
+    chdir: "{{ docker_compose.directories.instance }}"
+  register: docker_ps
+  changed_when: (docker_ps.stdout | trim) == ""
+  notify: docker compose project setup
+  when: not (docker_compose_template.changed or env_template.changed)