Optimized listmonk, wordpress and activity pub for wordpress

roles/docker-bigbluebutton/vars/main.yml

@@ -2,10 +2,13 @@ application_id:               "bigbluebutton"
 bbb_repository_directory:     "{{ docker_compose.directories.services }}"
 docker_compose_file_origine:  "{{ docker_compose.directories.services }}docker-compose.yml"
 docker_compose_file_final:    "{{ docker_compose.directories.instance }}docker-compose.yml"
+
+# Database configuration
 database_instance:            "bigbluebutton"
 database_name:                "multiple_databases"
 database_username:            "postgres"
 database_password:            "{{ applications.bigbluebutton.credentials.postgresql_secret }}"
+
 domain: 	                    "{{ domains[application_id] }}"
 http_port: 	                  "{{ ports.localhost.http[application_id] }}"
 bbb_env_file_link:            "{{ docker_compose.directories.instance }}.env"    

roles/docker-listmonk/tasks/main.yml

@@ -19,21 +19,17 @@
     domain: 	"{{ domains[application_id] }}"
     http_port: 	"{{ ports.localhost.http[application_id] }}"
 
-- name: "copy docker-compose.yml and env file"
-  include_tasks: copy-docker-compose-and-env.yml
-
 - name: add config.toml
   template: 
     src:  "config.toml.j2" 
     dest: "{{docker_compose.directories.config}}config.toml"
   notify: docker compose project setup
 
-- name: flush docker service
+- name: "copy docker-compose.yml and env file"
-  meta: flush_handlers
+  include_tasks: copy-docker-compose-and-env.yml
-  when: applications.listmonk.setup |bool 
 
 - name: setup routine for listmonk
   command:
     cmd:   docker compose run -T --rm application sh -c "yes | ./listmonk --install"
     chdir: "{{docker_compose.directories.instance}}"
-  when: applications.listmonk.setup |bool 
+  ignore_errors: true # Ignore errors if already setup

roles/docker-listmonk/templates/config.toml.j2

@@ -5,14 +5,6 @@
 # port, use port 80 (this will require running with elevated permissions).
 address = "0.0.0.0:9000"
 
-# BasicAuth authentication for the admin dashboard. This will eventually
-# be replaced with a better multi-user, role-based authentication system.
-# IMPORTANT: Leave both values empty to disable authentication on admin
-# only where an external authentication is already setup.
-# admin_username = "{{applications.listmonk.users.administrator.username}}"
-# admin_password = "{{listmonk_admin_password}}"
-# Deactivated for newer versions
-
 # Database.
 [db]
 host = "{{database_host}}"

roles/docker-listmonk/templates/env.j2

@@ -2,8 +2,8 @@ TZ=Etc/UTC
 
 # Administrator setup
 
-LISTMONK_ADMIN_USER={{users.administrator.username}}
+LISTMONK_ADMIN_USER={{ applications[application_id].users.administrator.username }}
-LISTMONK_ADMIN_PASSWORD={{users.administrator.password}}
+LISTMONK_ADMIN_PASSWORD={{ applications[application_id].users.administrator.password }}
 
 {% if applications[application_id].features.oidc | bool %}
 ################################### 

roles/docker-listmonk/vars/main.yml

@@ -1,3 +1,3 @@
 application_id:  	  "listmonk"
-database_password:  "{{listmonk_database_password}}"
+database_password:  "{{applications[application_id].credentials.database.password}}"
 database_type:      "postgres"

roles/docker-mailu/vars/main.yml

@@ -1,6 +1,9 @@
 application_id:               "mailu"
+
+# Database Configuration
 database_password:  	        "{{applications.mailu.credentials.database.password}}"
 database_type:                "mariadb"
+
 cert_mount_directory:         "{{docker_compose.directories.volumes}}certs/"
 enable_wildcard_certificate:  false
 
@@ -8,5 +11,5 @@ enable_wildcard_certificate:  false
 # @see https://github.com/heviat/Mailu-OIDC/tree/2024.06
 docker_source:                "{{ 'ghcr.io/heviat' if applications[application_id].features.oidc | bool else 'ghcr.io/mailu' }}"
 
-domain:     "{{ domains[application_id] }}"
+domain:                       "{{ domains[application_id] }}"
-http_port: 	"{{ ports.localhost.http[application_id] }}"
+http_port: 	                  "{{ ports.localhost.http[application_id] }}"

roles/docker-mastodon/vars/main.yml

@@ -1,3 +1,3 @@
 application_id:  	  "mastodon"
-database_password:  "{{applications.mastodon.credentials.database.password}}"
+database_password:  "{{applications[application_id].credentials.database.password}}"
 database_type:      "postgres"

roles/docker-wordpress/tasks/discourse/README.md

@@ -1,4 +0,0 @@
-# Wordpress with Discourse Support
-
-This folder contains the files to setup Discourse support for Wordpress.
-IT's realized with the [WP Discourse Plugin](https://de.wordpress.org/plugins/wp-discourse/)

roles/docker-wordpress/tasks/discourse/generate-api-key.yml

@@ -1,38 +0,0 @@
----
-- name: Add /var/www/discourse to Git safe.directory
-  command: >
-    docker exec {{ applications.discourse.container }} \
-      git config --global --add safe.directory /var/www/discourse
-  args:
-    chdir: "{{ docker_compose.directories.instance }}"
-  changed_when: false
-
-- name: Revoke old WP Discourse API keys via Rails
-  command: >
-    docker exec {{ applications.discourse.container }} bash -lc "\
-      cd /var/www/discourse && \
-      script/rails runner \"\
-        ApiKey.where(\
-          user_id: User.find_by_username('system').id,\
-          description: 'WP Discourse Integration',\
-          revoked_at: nil\
-        ).update_all(revoked_at: Time.current)\
-      \""
-  args:
-    chdir: "{{ docker_compose.directories.instance }}"
-  changed_when: false
-  failed_when: false
-
-- name: Generate new WP Discourse API key via Rake task
-  command: >
-    docker exec {{ applications.discourse.container }} bash -lc "\
-      cd /var/www/discourse && \
-      bin/rake api_key:create_master['WP Discourse Integration']\
-    "
-  args:
-    chdir: "{{ docker_compose.directories.instance }}"
-  register: discourse_generated_api_key
-
-- name: Store the new WP Discourse API key in a fact
-  set_fact:
-    vault_discourse_api_key: "{{ discourse_generated_api_key.stdout | trim }}"

roles/docker-wordpress/tasks/main.yml

@@ -37,10 +37,15 @@
 - name: "Install wordpress"
   include_tasks: install.yml
 
-- name: "Activating OIDC when enabled."
+- name: "Install and activate WordPress plugins from application config"
-  include_tasks: oidc/install.yml
+  block:
-  when: applications[application_id].features.oidc | bool
+    - name: "Iterate through WordPress plugins"
-
+      include_tasks: plugin.yml
-- name: "Activating WP Discourse when enabled"
+      loop: "{{ applications[application_id].plugins | dict2items }}"
-  include_tasks: discourse/install.yml
+      loop_control:
-  when: applications[application_id].plugins.discourse | bool
+        label: "{{ item.key }}"
+      vars:
+        plugin_name: "{{ item.key }}"
+        plugin_enabled: "{{ item.value.enabled | bool }}"
+        plugin_task_path: "{{ role_path }}/tasks/plugins/{{ plugin_name }}/install.yml"
+      when: plugin_enabled

roles/docker-wordpress/tasks/oidc/README.md

@@ -1,2 +0,0 @@
-# Wordpress with OIDC
-This folder contains the files to setup Wordpress with OIDC.

roles/docker-wordpress/tasks/oidc/install.yml

@@ -1,19 +0,0 @@
----
-- name: "Install OpenID Connect Generic Plugin via WP CLI"
-  command: >
-    docker-compose exec -u www-data -T application
-      wp plugin install daggerhart-openid-connect-generic
-      --path={{ wordpress_docker_html_path }}
-  args:
-    chdir: "{{ docker_compose.directories.instance }}"
-
-- name: "Activate OpenID Connect Generic Plugin"
-  command: >
-    docker-compose exec -u www-data -T application
-      wp plugin activate daggerhart-openid-connect-generic
-      --path={{ wordpress_docker_html_path }}
-  args:
-    chdir: "{{ docker_compose.directories.instance }}"
-
-- name: "Setup OIDC settings"
-  include_tasks: "settings.yml"

roles/docker-wordpress/tasks/plugin.yml

@@ -0,0 +1,18 @@
+---
+- name: "Check if plugin has a dedicated install task"
+  stat:
+    path: "{{ plugin_task_path }}"
+  register: plugin_task_file
+
+- name: "Include plugin-specific install task if it exists"
+  include_tasks: "{{ plugin_task_path }}"
+  when: plugin_task_file.stat.exists
+
+- name: "Install and activate WordPress plugin via WP CLI"
+  command: >
+    docker-compose exec -u www-data -T application
+      wp plugin install {{ plugin_name }} --activate
+      --path={{ wordpress_docker_html_path }}
+  args:
+    chdir: "{{ docker_compose.directories.instance }}"
+  when: not plugin_task_file.stat.exists

roles/docker-wordpress/tasks/plugins/README.md

@@ -0,0 +1,15 @@
+# WordPress Plugins
+
+This WordPress setup integrates several powerful plugins to extend functionality with authentication, federation, and external discussion platforms:
+
+## 🔐 OpenID Connect Generic Client  
+Enables secure login via OpenID Connect (OIDC).  
+Plugin used: [daggerhart-openid-connect-generic](https://wordpress.org/plugins/daggerhart-openid-connect-generic/)
+
+## 💬 WP Discourse  
+Seamlessly connects WordPress with a Discourse forum for comments, discussions, and single sign-on (SSO).  
+Plugin used: [wp-discourse](https://wordpress.org/plugins/wp-discourse/)
+
+## 🌍 ActivityPub  
+Federates your blog with the Fediverse, making it accessible on platforms like Mastodon and Friendica.  
+Plugin used: [activitypub](https://wordpress.org/plugins/activitypub/)

roles/docker-wordpress/tasks/plugins/wp-discourse.yml

@@ -10,8 +10,43 @@
     delay: 5
     timeout: 600
 
-- name: "Generate Discourse API Key when WP Discourse is enabled"
+- name: Add /var/www/discourse to Git safe.directory
-  include_tasks: generate-api-key.yml
+  command: >
+    docker exec {{ applications.discourse.container }} \
+      git config --global --add safe.directory /var/www/discourse
+  args:
+    chdir: "{{ docker_compose.directories.instance }}"
+  changed_when: false
+
+- name: Revoke old WP Discourse API keys via Rails
+  command: >
+    docker exec {{ applications.discourse.container }} bash -lc "\
+      cd /var/www/discourse && \
+      script/rails runner \"\
+        ApiKey.where(\
+          user_id: User.find_by_username('system').id,\
+          description: 'WP Discourse Integration',\
+          revoked_at: nil\
+        ).update_all(revoked_at: Time.current)\
+      \""
+  args:
+    chdir: "{{ docker_compose.directories.instance }}"
+  changed_when: false
+  failed_when: false
+
+- name: Generate new WP Discourse API key via Rake task
+  command: >
+    docker exec {{ applications.discourse.container }} bash -lc "\
+      cd /var/www/discourse && \
+      bin/rake api_key:create_master['WP Discourse Integration']\
+    "
+  args:
+    chdir: "{{ docker_compose.directories.instance }}"
+  register: discourse_generated_api_key
+
+- name: Store the new WP Discourse API key in a fact
+  set_fact:
+    vault_discourse_api_key: "{{ discourse_generated_api_key.stdout | trim }}"
 
 - name: "Load WP Discourse settings"
   include_vars:

templates/vars/applications.yml.j2

@@ -273,6 +273,9 @@ defaults_applications:
       administrator:
         username:                     "{{users.administrator.username}}"          # Listmonk administrator account username
 #        password:                     "{{users.administrator.password}}"          # Password to initialized Listmonk administrator with
+    credentials:
+      database:
+#        password:                     ""                                          # Database password
     public_api_activated:             False                                       # Security hole. Can be used for spaming
     version:                          "latest"                                    # Docker Image version
     setup:                            false                                       # Set true in inventory file to execute the setup and initializing procedures
@@ -817,8 +820,13 @@ defaults_applications:
 #       password:                                                             # Password of the wordpress administrator
         email:                    "{{users.administrator.email}}"             # Email of the wordpress adminsitrator
     plugins:
-      discourse:                  "{{ 'discourse' in group_names | lower }}"
+      wp-discourse:
-      oidc:                       true
+        enabled:  "{{ 'discourse' in group_names | lower }}"
+      daggerhart-openid-connect-generic:
+        enabled:  true
+      activitypub:
+        enabled:  true
+      
 {% endraw %}{{ features.render_features({
   'matomo':   	true,
   'css':      	false,