Further optimisation of system user creation

group_vars/all/00_general.yml

@@ -20,13 +20,13 @@ primary_domain:         "{{primary_domain_sld}}.{{primary_domain_tld}}" # Primar
 _users_administrator_username:  "{{ users.administrator.username | default('administrator') }}"
 _users_administrator_email:     "{{ users.administrator.email | default(_users_administrator_username ~ '@' ~ primary_domain) }}"
 
-# Helper Variables for bouncer
+# Helper Variables for bounce
-_users_bouncer_username:        "{{ users.bouncer.username | default('bouncer') }}"
+_users_bounce_username:        "{{ users.bounce.username | default('bounce') }}"
-_users_bouncer_email:           "{{ users.bouncer.email | default(_users_bouncer_username ~ '@' ~ primary_domain) }}"
+_users_bounce_email:           "{{ users.bounce.email | default(_users_bounce_username ~ '@' ~ primary_domain) }}"
 
 # Helper Variables for no-reply
-_users_no_reply_username:       "{{ users.no-reply.username | default('no-reply') }}"
+_users_no_reply_username:       "{{ users['no-reply'].username | default('no-reply') }}"
-_users_no_reply_email:          "{{ users.no-reply.email | default(_users_no_reply_username ~ '@' ~ primary_domain) }}"
+_users_no_reply_email:          "{{ users['no-reply'].email | default(_users_no_reply_username ~ '@' ~ primary_domain) }}"
 
 # Administrator
 default_users:
@@ -38,12 +38,12 @@ default_users:
     gid:                1001                                    # Posix Group ID
     is_admin:           true                                    # Define as admin user
 
-  bouncer:
+  bounce:
-    username:           "{{ _users_bouncer_username }}"         # Bounce-handler account username
+    username:           "{{ _users_bounce_username }}"          # Bounce-handler account username
-    email:              "{{ _users_bouncer_email }}"            # Email address for handling bounces
+    email:              "{{ _users_bounce_email }}"             # Email address for handling bounces
     password:           "{{ansible_become_password}}"           # Example initialisation password needs to be set in inventory file
-    uid:                1002                                    # Posix User ID for bouncer
+    uid:                1002                                    # Posix User ID for bounce
-    gid:                1002                                    # Posix Group ID for bouncer
+    gid:                1002                                    # Posix Group ID for bounce
 
   no-reply:
     username:           "{{ _users_no_reply_username }}"        # No-reply account username

group_vars/all/02_system_email.yml

@@ -1,12 +1,9 @@
 # Email Configuration
 default_system_email:
-  local:     no-reply
   domain:    "{{primary_domain}}"
-  username:  "no-reply@{{primary_domain}}"
   host:      "mail.{{primary_domain}}"
   port:      465
   tls:       true
   start_tls: false
-  from:      "no-reply@{{primary_domain}}"
   smtp:      true
 # password:  # Needs to be defined in inventory file  

roles/docker-baserow/templates/env.j2

@@ -5,8 +5,8 @@ BASEROW_PUBLIC_URL=https://{{ domain }}
 EMAIL_SMTP={{ system_email.smtp | upper }}
 EMAIL_SMTP_HOST={{ system_email.host }}
 EMAIL_SMTP_PORT={{ system_email.port }}
-EMAIL_SMTP_USER={{system_email.username}}
+EMAIL_SMTP_USER={{ users['no-reply'].email }}
-EMAIL_SMTP_PASSWORD={{ system_email.password }}
+EMAIL_SMTP_PASSWORD={{ users['no-reply'].mailu_token }}
 EMAIL_SMTP_USE_TLS={{ system_email.tls | upper }}
 
 DATABASE_USER={{ database_username }}

roles/docker-bigbluebutton/tasks/main.yml

@@ -43,10 +43,12 @@
 - name: flush docker service
   meta: flush_handlers
 
-- name: wait for database
+- name: Wait for BigBlueButton
-  pause:
+  wait_for:
-    seconds: "{{pause_duration}}"
+    host: "{{ domains.bigbluebutton }}"
-  when: applications.bigbluebutton.setup | bool
+    port: 80
+    delay: 5
+    timeout: 600
 
 - name: create admin
   command:

roles/docker-bigbluebutton/templates/env.j2

@@ -209,16 +209,16 @@ ALLOW_GREENLIGHT_ACCOUNTS=true
 SMTP_SERVER={{system_email.host}}
 SMTP_DOMAIN={{system_email.domain}}
 SMTP_PORT={{system_email.port}}
-SMTP_USERNAME={{system_email.username}}
+SMTP_USERNAME={{ users['no-reply'].email }}
-SMTP_PASSWORD={{system_email.password}}
+SMTP_PASSWORD={{ users['no-reply'].mailu_token }}
 SMTP_AUTH=plain
 SMTP_OPENSSL_VERIFY_MODE=none
 SMTP_STARTTLS_AUTO={{system_email.start_tls | lower}}
 SMTP_STARTTLS={{system_email.start_tls | lower}}
 SMTP_TLS={{system_email.tls | lower}}
 SMTP_SSL_VERIFY=true
-SMTP_SENDER={{system_email.from}}
+SMTP_SENDER={{ users['no-reply'].email }}
-SMTP_SENDER_EMAIL={{system_email.from}}
+SMTP_SENDER_EMAIL={{ users['no-reply'].email }}
 
 # Prefix for the applications root URL.
 # Useful for deploying the application to a subdirectory, which is highly recommended

roles/docker-bluesky/templates/env.j2

@@ -8,8 +8,8 @@ PDS_JWT_SECRET="{{applications.bluesky.pds.jwt_secret}}"
 PDS_ADMIN_PASSWORD="{{applications.bluesky.pds.admin_password}}"
 PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX="{{applications.bluesky.pds.plc_rotation_key_k256_private_key_hex}}"
 PDS_CRAWLERS=https://bsky.network
-PDS_EMAIL_SMTP_URL=smtps://{{system_email.username}}:{{system_email.password}}@{{system_email.host}}:{{system_email.port}}/
+PDS_EMAIL_SMTP_URL=smtps://{{ users['no-reply'].email }}:{{ users['no-reply'].mailu_token }}@{{system_email.host}}:{{system_email.port}}/
-PDS_EMAIL_FROM_ADDRESS={{system_email.from}}
+PDS_EMAIL_FROM_ADDRESS={{ users['no-reply'].email }}
 LOG_ENABLED=true
 PDS_BLOBSTORE_DISK_LOCATION=/opt/pds/blocks
 PDS_DATA_DIRECTORY: /opt/pds

roles/docker-discourse/templates/discourse_application.yml.j2

@@ -58,11 +58,11 @@ env:
   # WARNING the char '#' in SMTP password can cause problems!
   DISCOURSE_SMTP_ADDRESS:           {{ system_email.host }}
   DISCOURSE_SMTP_PORT:              {{ system_email.port }}
-  DISCOURSE_SMTP_USER_NAME:         {{ system_email.username }}
+  DISCOURSE_SMTP_USER_NAME:         {{ users['no-reply'].email }}
-  DISCOURSE_SMTP_PASSWORD:          {{ system_email.password }}
+  DISCOURSE_SMTP_PASSWORD:          {{ users['no-reply'].mailu_token }}
   DISCOURSE_SMTP_ENABLE_START_TLS:  {{ system_email.start_tls | upper }}
   DISCOURSE_SMTP_DOMAIN:            {{ system_email.domain }}
-  DISCOURSE_NOTIFICATION_EMAIL:     {{ system_email.from }}
+  DISCOURSE_NOTIFICATION_EMAIL:     {{ users['no-reply'].email }}
 
   # Database Configuration
   DISCOURSE_DB_USERNAME: {{ database_username }}

roles/docker-friendica/templates/env.j2

@@ -20,11 +20,11 @@ MYSQL_PASSWORD= {{database_password}}
 SMTP=           {{system_email.host}}
 SMTP_DOMAIN=    {{system_email.domain}}
 SMTP_PORT=      {{system_email.port}}
-SMTP_AUTH_USER= {{system_email.username}}
+SMTP_AUTH_USER= {{ users['no-reply'].email }}
-SMTP_AUTH_PASS= {{system_email.password}}
+SMTP_AUTH_PASS= {{ users['no-reply'].mailu_token }}
 SMTP_TLS=       {{ 'on' if system_email.tls else 'off' }}
 SMTP_STARTTLS=  {{ 'on' if system_email.start_tls else 'off' }}
-SMTP_FROM=      {{system_email.local}}
+SMTP_FROM=      no-reply
 
 # Administrator Credentials
 FRIENDICA_ADMIN_MAIL= {{users.administrator.email}}

roles/docker-funkwhale/templates/env.j2

@@ -60,14 +60,14 @@ LOGLEVEL={% if enable_debug | bool %}debug{% else %}error{% endif %}
 # (returns `noreply%40youremail.host`)
 # EMAIL_CONFIG=smtp://user:password@youremail.host:25
 # EMAIL_CONFIG=smtp+ssl://user:password@youremail.host:465
-EMAIL_CONFIG=smtp+tls://{{system_email.local}}:{{system_email.password}}@{{system_email.host}}:{{system_email.port}}
+EMAIL_CONFIG=smtp+tls://no-reply:{{ users['no-reply'].mailu_token }}@{{system_email.host}}:{{system_email.port}}
 
 # Make e-mail verification mandatory before using the service
 # Doesn't apply to admins.
 # ACCOUNT_EMAIL_VERIFICATION_ENFORCE=false
 
 # The e-mail address to use to send system e-mails.
-DEFAULT_FROM_EMAIL={{system_email.from}}
+DEFAULT_FROM_EMAIL={{ users['no-reply'].email }}
 
 # Depending on the reverse proxy used in front of your funkwhale instance,
 # the API will use different kind of headers to serve audio files

roles/docker-gitea/templates/env.j2

@@ -19,12 +19,12 @@ ROOT_URL="{{ web_protocol }}://{{domains[application_id]}}/"
 # @see https://docs.gitea.com/next/installation/install-with-docker#managing-deployments-with-environment-variables
 # @todo test
 GITEA__mailer__ENABLED=true
-GITEA__mailer__FROM={{ system_email.from }}
+GITEA__mailer__FROM={{ users['no-reply'].email }}
 GITEA__mailer__PROTOCOL=smtps
 GITEA__mailer__SMTP_ADDR={{ system_email.host }}
 GITEA__mailer__SMTP_PORT={{ system_email.port }}
-GITEA__mailer__USER={{system_email.username}}
+GITEA__mailer__USER={{ users['no-reply'].email }}
-GITEA__mailer__PASSWD={{ system_email.password }}
+GITEA__mailer__PASSWD={{ users['no-reply'].mailu_token }}
 
 # Allow push creation
 # @see https://github.com/go-gitea/gitea/issues/17619

roles/docker-keycloak/templates/import/realm.json.j2

@@ -1655,18 +1655,18 @@
     "strictTransportSecurity": "max-age=31536000; includeSubDomains"
   },
   "smtpServer": {
-    "password": "{{system_email.password}}",
+    "password": "{{ users['no-reply'].mailu_token }}",
     "replyToDisplayName": "",
     "starttls": "{{system_email.start_tls | lower}}",
     "auth": "true",
     "port": "{{system_email.port}}",
     "replyTo": "",
     "host": "{{system_email.host}}",
-    "from": "{{system_email.from}}",
+    "from": "{{ users['no-reply'].email }}",
     "fromDisplayName": "Keycloak Authentification System - {{domains.keycloak}}",
     "envelopeFrom": "",
     "ssl": "true",
-    "user": "{{system_email.username}}"
+    "user": "{{ users['no-reply'].email }}"
   },
   "eventsEnabled": false,
   "eventsListeners": [

roles/docker-ldap/templates/ldif/data/02_users.ldif.j2

@@ -11,31 +11,31 @@ objectClass: organizationalUnit
 ou: roles
 description: Container for application access profiles
 
-{% for user in users %}
+{% for username, user in users.items() %}
 #######################################################################
-# Create User {{ user.username }}
+# Create User {{ username }}
 #######################################################################
-dn: {{ ldap.attributes.user_id }}={{ user.username }},{{ ldap.dn.users }}
+dn: {{ ldap.attributes.user_id }}={{ username }},{{ ldap.dn.users }}
 objectClass: top
 objectClass: inetOrgPerson
 objectClass: posixAccount
-{{ ldap.attributes.user_id }}: {{ user.username }}
+{{ ldap.attributes.user_id }}: {{ username }}
-sn: {{ user.username }}
+sn: {{ username }}
-cn: {{ user.username }}
+cn: {{ username }}
 userPassword: {{ user.password }}
 loginShell: /bin/bash
-homeDirectory: /home/{{ user.username }}
+homeDirectory: /home/{{ username }}
 uidNumber: {{ user.uid }}
 gidNumber: {{ user.gid }}
 
 #######################################################################
-# Assign {{ user.username }} to application user roles
+# Assign {{ username }} to application user roles
 #######################################################################
 {% for app, config in defaults_applications.items() %}
 dn: cn={{ app }}-user,{{ ldap.dn.application_roles }}
 changetype: modify
 add: roleOccupant
-roleOccupant: {{ ldap.attributes.user_id }}={{ user.username }},{{ ldap.dn.users }}
+roleOccupant: {{ ldap.attributes.user_id }}={{ username }},{{ ldap.dn.users }}
 
 {% endfor %}
 {% endfor %}

roles/docker-listmonk/vars/main.yml

@@ -38,8 +38,8 @@ listmonk_settings:
           "host":            system_email.host,
           "port":            system_email.port,
           "enabled":         system_email.smtp,
-          "username":        system_email.username,
+          "username":        "no-reply",
-          "password":        system_email.password,
+          "password":        users['no-reply'].email,
           "tls_type":        (
                                 system_email.tls
                                 | ternary("TLS",
@@ -72,8 +72,30 @@ listmonk_settings:
   - key: "app.site_name"
     value: '"{{ service_provider.company.titel }} Mailing list"'
 
-#  - key: "bounce.enabled"
+  # Enable the bounce module
-#    value: 'false'
+  - key: "bounce.enabled"
+    value: 'true'
+
+  # Configure POP3 mailbox for processing bounces
+  - key: "bounce.mailboxes"
+    value: >-
+      {{ [
+        {
+          "host":            system_email.host,
+          "port":            system_email.port,
+          "type":            "pop",
+          "uuid":            "471fd0e9-8c33-4e4a-9183-c4679699faca",
+          "enabled":         true,
+          "username":        users.bounce.email,
+          "password":        users.bounce.mailu_token,
+          "return_path":     users.bounce.email,
+          "tls_enabled":     system_email.tls,
+          "auth_protocol":   "userpass",
+          "scan_interval":   "15m",
+          "tls_skip_verify": false
+        }
+      ] | to_json }}
+
 #
 #  - key: "upload.max_file_size"
 #    value: '5000'
@@ -85,14 +107,14 @@ listmonk_settings:
 #    value: '1000'
 
   - key: "app.from_email"
-    value: '"{{ service_provider.company.titel }} Newsletter <{{ system_email.from }}>"'
+    value: '"{{ service_provider.company.titel }} Newsletter <{{ users["no-reply"].email }}>"'
 
-  - key: "bounce.actions"
+#  - key: "bounce.actions"
-    value: >-
+#    value: >-
-      {"hard": {"count": 1, "action": "blocklist"}, "soft": {"count": 2, "action": "none"}, "complaint": {"count": 1, "action": "blocklist"}}
+#      {"hard": {"count": 1, "action": "blocklist"}, "soft": {"count": 2, "action": "none"}, "complaint": {"count": 1, "action": "blocklist"}}
-
+#
-  - key: "app.concurrency"
+#  - key: "app.concurrency"
-    value: '10'
+#    value: '10'
 
   - key: "app.favicon_url"
     value: '"{{ service_provider.platform.favicon }}"'

roles/docker-mailu/tasks/TODO.md

@@ -1,2 +0,0 @@
-# Todo 
-- Implement create-mailu-user-and-token.yml for no-reply and bounce

roles/docker-mailu/tasks/create-mailu-user-and-token.yml

@@ -1,72 +1,75 @@
----
-# tasks/create-mailu-user-and-token.yml
-#
-# Ensures a Mailu user exists and idempotently creates an API token for them,
-# storing tokens in a dictionary for targeted access.
-#
-# Required variables:
-#   mailu_compose_dir:        Path to your docker-compose.yml directory
-#   mailu_user:               Local part of the user (e.g., "alice")
-#   mailu_domain:             Domain for the user (e.g., "example.com")
-#   mailu_password:           Password for the new user
-#   mailu_api_base_url:       Base URL of the Mailu API (e.g., "https://mail.example.com/api/v1")
-#   mailu_global_api_token:   Global API token (from API_TOKEN environment variable)
-#
-# Optional variable:
-#   mailu_user_tokens:        Dictionary of existing tokens, e.g. { "alice": "secret" }
-
 - name: "Ensure Mailu user {{ mailu_user }}@{{ mailu_domain }} exists"
   command: >
-    docker compose exec admin flask mailu {{ mailu_action }} {{ mailu_user }} {{ mailu_domain }} '{{ mailu_password }}'
+    docker compose exec admin flask mailu {{ mailu_action }}
+      {{ mailu_user }} {{ mailu_domain }} '{{ mailu_password }}'
   args:
     chdir: "{{ mailu_compose_dir }}"
-  register: mailu_user_creation
+  register: mailu_user_result
-  failed_when: false
+  failed_when: >
-  changed_when: mailu_user_creation.rc == 0 and 'User added' in mailu_user_creation.stdout
+    mailu_user_result.rc != 0 and
+    (
+      "exists, not created" not in mailu_user_result.stderr and
+      "Duplicate entry"   not in mailu_user_result.stderr
+    )
+  changed_when: mailu_user_result.rc == 0
 
-- name: "Fetch existing API tokens"
+- name: "Change password for user {{ mailu_user }}@{{ mailu_domain }}"
-  uri:
+  command: >
-    url: "{{ mailu_api_base_url }}/tokens"
+    docker compose exec admin flask mailu password
-    method: GET
+      {{ mailu_user }} {{ mailu_domain }} '{{ mailu_password }}'
-    headers:
+  args:
-      Authorization: "Bearer {{ mailu_global_api_token }}"
+    chdir: "{{ mailu_compose_dir }}"
-    return_content: yes
+
-  register: mailu_tokens_response
+- name: "Fetch existing API tokens via curl inside admin container"
-  failed_when: mailu_tokens_response.status not in [200]
+  command: >-
+    docker compose exec -T admin \
+      curl -s -X GET http://127.0.0.1:8080/api/v1/token \
+        -H "Authorization: Bearer {{ mailu_global_api_token }}"
+  args:
+    chdir: "{{ mailu_compose_dir }}"
+  register: mailu_tokens_cli
+  changed_when: false
 
 - name: "Extract existing token info for {{ mailu_user }}"
   set_fact:
-    mailu_user_existing_token: >
+    mailu_user_existing_token: >-
-      {{ mailu_tokens_response.json
+      {{ (
-         | selectattr('comment', 'equalto', mailu_user)
+           mailu_tokens_cli.stdout
+           | default('[]')
+           | from_json
+           | selectattr('comment','equalto', mailu_user ~ " - ansible.cymais")
            | list
-         | first }}
+         ).0 | default(None) }}
 
 - name: "Create API token for {{ mailu_user }} if none exists"
-  uri:
+  command: >-
-    url: "{{ mailu_api_base_url }}/tokens"
+    docker compose exec -T admin \
-    method: POST
+      curl -s -X POST http://127.0.0.1:8080/api/v1/token \
-    headers:
+        -H "Authorization: Bearer {{ mailu_global_api_token }}" \
-      Authorization: "Bearer {{ mailu_global_api_token }}"
+        -H "Content-Type: application/json" \
-      Content-Type: "application/json"
+        -d '{{ {
-    body_format: json
+              "comment": mailu_user ~ " - ansible.cymais",
-    body:
+              "email": users[mailu_user].email,
-      comment: "{{ mailu_user }}"
+              "ip": mailu_token_ip
-      ip: "{{ mailu_token_ip }}"
+            } | to_json }}'
-    status_code: 201
+  args:
+    chdir: "{{ mailu_compose_dir }}"
   register: mailu_token_creation
-  when: mailu_user_existing_token is not defined
+  when: (mailu_user_existing_token | default('') | length) == 0
 
-- name: "Set mailu_user_tokens dictionary"
+- name: "Add mailu_token to users dict if created"
   set_fact:
-    mailu_user_tokens: >
+    users: >-
-      {{ (mailu_user_tokens | default({}))
+      {{ users
-         | combine({ mailu_user: ((mailu_token_creation is defined)
+         | combine({
-                                  | ternary(mailu_token_creation.json.secret,
+             mailu_user: (
-                                            mailu_user_existing_token.secret)) }) }}
+               users[mailu_user]
-
+               | combine({
-# Note:
+                   'mailu_token': (mailu_token_creation.stdout | from_json).token
-# - GET /tokens returns only metadata (id, comment, ip, created), not the secret itself.
+                 })
-# - The secret is returned only by the POST request and must be captured when created.
+             )
-# - Tokens are stored in the mailu_user_tokens dictionary for targeted access.
+           }, recursive=True)
-# - Persist mailu_user_tokens securely (e.g., in Ansible Vault) for future use.
+      }}
+  when:
+    - mailu_token_creation is defined
+    - (mailu_user_existing_token | default('') | length) == 0

roles/docker-mailu/tasks/main.yml

@@ -30,7 +30,7 @@
   include_tasks: create-mailu-user-and-token.yml
   vars:
     mailu_compose_dir:        "{{ docker_compose.directories.instance }}"
-    mailu_domain:             "{{ domain }}"
+    mailu_domain:             "{{ primary_domain }}"
     mailu_api_base_url:       "{{ web_protocol }}://{{ domain }}/api/v1"
     mailu_global_api_token:   "{{ applications.mailu.credentials.api_token }}"
     mailu_action:             "{{ item.value.is_admin | default(false) | ternary('admin','user') }}"

roles/docker-mailu/templates/env.j2

@@ -144,9 +144,16 @@ LOG_LEVEL=WARNING
 SQLALCHEMY_DATABASE_URI_ROUNDCUBE=mysql://{{database_username}}:{{database_password}}@{{database_host}}/{{database_name}}?collation=utf8mb4_unicode_ci
 SQLALCHEMY_DATABASE_URI=mysql+mysqlconnector://{{database_username}}:{{database_password}}@{{database_host}}/{{database_name}}?collation=utf8mb4_unicode_ci
 
+
+################################### 
+# API Settings
+###################################
+API=true
+WEB_API=/api
 # Configures the authentication token. The minimum length is 3 characters. This token must be passed as request header to the API as authentication token. This is a mandatory setting for using the RESTful API.
 API_TOKEN={{applications.mailu.credentials.api_token}}
 
+
 # Activated https://mailu.io/master/configuration.html#advanced-settings
 AUTH_REQUIRE_TOKENS=True
 

roles/docker-mariadb/tasks/main.yml

@@ -36,10 +36,16 @@
     state: present
   when: run_once_docker_mariadb is not defined
 
-- name: wait for database
+- name: Wait for MariaDB inside the container to respond
-  pause:
+  shell: docker exec central-mariadb mysqladmin ping -h localhost --silent
-    seconds: "{{pause_duration}}"
+  register: mysql_ping
-  when: setup_mariadb_container_result.changed and run_once_docker_mariadb is not defined
+  until: mysql_ping.rc == 0
+  retries: 30
+  delay: 5
+  when:
+    - setup_mariadb_container_result is defined
+    - setup_mariadb_container_result.changed
+    - run_once_docker_mariadb is not defined
 
 - name: "Create database: {{ database_name }}"
   mysql_db:

roles/docker-mastodon/templates/env.j2

@@ -45,12 +45,12 @@ REDIS_PASSWORD=
 
 SMTP_SERVER={{system_email.host}}
 SMTP_PORT={{system_email.port}}
-SMTP_LOGIN={{system_email.username}}
+SMTP_LOGIN={{ users['no-reply'].email }}
-SMTP_PASSWORD={{system_email.password}}
+SMTP_PASSWORD={{ users['no-reply'].mailu_token }}
 SMTP_AUTH_METHOD=plain
 SMTP_OPENSSL_VERIFY_MODE=none
 SMTP_ENABLE_STARTTLS=auto
-SMTP_FROM_ADDRESS=Mastodon <{{system_email.from}}>
+SMTP_FROM_ADDRESS=Mastodon <{{ users['no-reply'].email }}>
 
 {% if applications[application_id].features.oidc | bool %}
 ################################### 

roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2

@@ -33,12 +33,12 @@ admin_contact: 'mailto:{{users.administrator.email}}'
 email:
   smtp_host:                    "{{system_email.host}}"
   smtp_port:                    "{{system_email.port}}"
-  smtp_user:                    "{{system_email.from}}"
+  smtp_user:                    "{{ users['no-reply'].email }}"
-  smtp_pass:                    "{{system_email.password}}"
+  smtp_pass:                    "{{ users['no-reply'].mailu_token }}"
   #force_tls:                    true
   #require_transport_security:   true
   enable_tls:                   "{{ system_email.tls | upper }}"
-  notif_from:                   "Your Friendly %(app)s homeserver <{{system_email.from}}>"
+  notif_from:                   "Your Friendly %(app)s homeserver <{{ users['no-reply'].email }}>"
   app_name:                     "Matrix on {{domains.matrix_synapse}}"
   enable_notifs:                true
   notif_for_new_users:          false

roles/docker-nextcloud/templates/env.j2

@@ -16,11 +16,11 @@ PHP_OPCACHE_MEMORY_CONSUMPTION= "{{applications[application_id].performance.php.
 SMTP_HOST=                      {{system_email.host}}
 SMTP_SECURE=                    {{ 'ssl' if system_email.tls else '' }}
 SMTP_PORT=                      {{system_email.port}}
-SMTP_NAME=                      {{system_email.username}}
+SMTP_NAME=                      {{ users['no-reply'].email }}
-SMTP_PASSWORD=                  {{system_email.password}}
+SMTP_PASSWORD=                  {{ users['no-reply'].mailu_token }}
 
 # Email from configuration
-MAIL_FROM_ADDRESS=              "{{system_email.local}}"
+MAIL_FROM_ADDRESS=              "no-reply"
 MAIL_DOMAIN=                    "{{system_email.domain}}"
 
 # Initial Admin Data

roles/docker-openproject/vars/main.yml

@@ -13,8 +13,8 @@ openproject_rails_settings:
   email_delivery_method:      "smtp"
   smtp_address:               "{{ system_email.host }}"
   smtp_domain:                "{{ system_email.domain }}"
-  smtp_user_name:             "{{ system_email.username }}"
+  smtp_user_name:             "{{ users['no-reply'].email }}"
-  smtp_password:              "{{ system_email.password }}"
+  smtp_password:              "{{ users['no-reply'].mailu_token }}"
   smtp_ssl:                   false
 
 openproject_filters:

roles/docker-peertube/templates/env.j2

@@ -14,11 +14,11 @@ PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback"]
 PEERTUBE_SECRET={{peertube_secret}}
 
 # E-mail configuration
-PEERTUBE_SMTP_USERNAME={{system_email.username}}
+PEERTUBE_SMTP_USERNAME={{ users['no-reply'].email }}
-PEERTUBE_SMTP_PASSWORD={{system_email.password}}
+PEERTUBE_SMTP_PASSWORD={{ users['no-reply'].mailu_token }}
 PEERTUBE_SMTP_HOSTNAME={{system_email.host}}
 PEERTUBE_SMTP_PORT={{system_email.port}}
-PEERTUBE_SMTP_FROM={{system_email.from}}
+PEERTUBE_SMTP_FROM={{ users['no-reply'].email }}
 PEERTUBE_SMTP_TLS={{ system_email.tls | lower }}
 PEERTUBE_SMTP_DISABLE_STARTTLS={{ 'false' if system_email.start_tls else 'true' }}
-PEERTUBE_ADMIN_EMAIL={{system_email.from}}
+PEERTUBE_ADMIN_EMAIL={{ users['no-reply'].email }}

roles/docker-pixelfed/templates/env.j2

@@ -48,10 +48,10 @@ RESTRICTED_INSTANCE=false
 MAIL_DRIVER=log
 MAIL_HOST={{system_email.host}}
 MAIL_PORT={{system_email.port}}
-MAIL_FROM_ADDRESS="{{system_email.from}}"
+MAIL_FROM_ADDRESS="{{ users['no-reply'].email }}"
 MAIL_FROM_NAME="Pixelfed"
-MAIL_USERNAME={{system_email.username}}
+MAIL_USERNAME={{ users['no-reply'].email }}
-MAIL_PASSWORD={{system_email.password}}
+MAIL_PASSWORD={{ users['no-reply'].mailu_token }}
 # Not sure if the following is correct
 # Checkout: https://github.com/pixelfed/pixelfed/blob/dev/.env.docker
 MAIL_ENCRYPTION={{ 'ssl' if system_email.start_tls else 'tls' }} 

roles/docker-postgres/tasks/main.yml

@@ -30,10 +30,16 @@
   register: setup_postgres_container_result
   when: run_once_docker_postgres is not defined
 
-- name: wait for database
+- name: Wait for Postgres inside the container
-  pause:
+  shell: docker exec central-postgres pg_isready -U postgres
-    seconds: "{{pause_duration}}"
+  register: pg_ready
-  when: setup_postgres_container_result.changed and run_once_docker_postgres is not defined
+  until: pg_ready.rc == 0
+  retries: 30
+  delay: 5
+  when:
+    - setup_postgres_container_result is defined
+    - setup_postgres_container_result.changed
+    - run_once_docker_postgres is not defined
 
 - name: install python-psycopg2
   pacman: 

roles/docker-snipe_it/templates/env.j2

@@ -51,12 +51,12 @@ DB_SSL_VERIFY_SERVER=null
 MAIL_MAILER             =   smtp
 MAIL_HOST               =   {{system_email.host}}               # SMTP server address
 MAIL_PORT               =   {{system_email.port}}               # SMTP server address
-MAIL_USERNAME           =   {{system_email.username}}           # user to connect the SMTP server
+MAIL_USERNAME           =   {{ users['no-reply'].email }}           # user to connect the SMTP server
-MAIL_PASSWORD           =   {{system_email.password}}           # SMTP user's password
+MAIL_PASSWORD           =   {{ users['no-reply'].mailu_token }}           # SMTP user's password
 MAIL_TLS_VERIFY_PEER    =   {{ system_email.tls | capitalize }} # use TLS (secure) connection with the SMTP server
-MAIL_FROM_ADDR          =   {{system_email.from}}               # default email address for the automated emails
+MAIL_FROM_ADDR          =   {{ users['no-reply'].email }}               # default email address for the automated emails
 MAIL_FROM_NAME          =   'Snipe-IT'
-MAIL_REPLYTO_ADDR       =   {{system_email.from}}               # default email address for the automated emails
+MAIL_REPLYTO_ADDR       =   {{ users['no-reply'].email }}               # default email address for the automated emails
 MAIL_REPLYTO_NAME       =   'Snipe-IT'
 MAIL_AUTO_EMBED_METHOD  =   'attachment'
 

roles/docker-taiga/templates/env.j2

@@ -19,11 +19,11 @@ POSTGRES_HOST       =   "{{database_host}}"
 EMAIL_BACKEND       =   "{{email_backend}}"          # use an SMTP server or display the emails in the console (either "smtp" or "console")
 EMAIL_HOST          =   "{{system_email.host}}"      # SMTP server address
 EMAIL_PORT          =   "{{system_email.port}}" # default SMTP port
-EMAIL_HOST_USER     =   "{{system_email.username}}"  # user to connect the SMTP server
+EMAIL_HOST_USER     =   "{{ users['no-reply'].email }}"  # user to connect the SMTP server
-EMAIL_HOST_PASSWORD =   "{{system_email.password}}"  # SMTP user's password
+EMAIL_HOST_PASSWORD =   "{{ users['no-reply'].mailu_token }}"  # SMTP user's password
-EMAIL_DEFAULT_FROM  =   "{{system_email.from}}"      # default email address for the automated emails
+EMAIL_DEFAULT_FROM  =   "{{ users['no-reply'].email }}"      # default email address for the automated emails
 EMAIL_BACKEND:      =   "django.core.mail.backends.{{email_backend}}.EmailBackend"
-DEFAULT_FROM_EMAIL  =   "{{system_email.from}}"
+DEFAULT_FROM_EMAIL  =   "{{ users['no-reply'].email }}"
 
 # EMAIL_USE_TLS/EMAIL_USE_SSL are mutually exclusive (only set one of those to True)
 EMAIL_USE_TLS   =   "{{ system_email.tls | capitalize }}"         # use TLS (secure) connection with the SMTP server

roles/msmtp/templates/msmtprc.conf.j2

@@ -13,8 +13,8 @@ tls            off
 account        system_email
 host           {{ system_email.host }}
 port           {{ system_email.port }}
-from           {{system_email.from}}
+from           {{ users['no-reply'].email }}
-user           {{system_email.username}}
+user           {{ users['no-reply'].email }}
-password       {{system_email.password}}
+password       {{ users['no-reply'].mailu_token }}
 
 account default : system_email

roles/systemd-notifier-email/templates/systemd-notifier-email.sh.j2

@@ -2,7 +2,7 @@
 
 /usr/bin/sendmail -t <<ERRMAIL
 To: {{users.administrator.email}}
-From: systemd <{{system_email.from}}>
+From: systemd <{{ users['no-reply'].email }}>
 Subject: $1
 Content-Transfer-Encoding: 8bit
 Content-Type: text/plain; charset=UTF-8