Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation

roles/web-app-friendica/Administration.md

@@ -0,0 +1,98 @@
+# Administration
+
+## CLI
+The CLI you reach via
+```bash
+docker compose exec --user www-data application bin/console
+```
+
+## Full Reset 🚫➡️✅
+
+The following environment variables need to be defined for successful operation:
+
+- `DB_ROOT_PASSWORD`: The root password for the MariaDB instance
+
+To completely reset Friendica, including its database and volumes, run:
+```bash
+docker exec -i {{applications.mariadb.hostname }} mariadb -u root -p"${DB_ROOT_PASSWORD}" -e "DROP DATABASE IF EXISTS friendica; CREATE DATABASE friendica;"
+docker compose down
+rm -rv /mnt/hdd/data/docker/volumes/friendica_data
+docker volume rm friendica_data
+```
+
+## Reset Database 🗄️
+
+## Manual Method:
+1. Connect to the MariaDB instance:
+   ```bash
+   docker exec -it {{applications.mariadb.hostname }} mariadb -u root -p
+   ```
+2. Run the following commands:
+   ```sql
+   DROP DATABASE friendica;
+   CREATE DATABASE friendica;
+   exit;
+   ```
+
+## Automatic Method:
+```bash
+DB_ROOT_PASSWORD="your_root_password"
+docker exec -i {{applications.mariadb.hostname }} mariadb -u root -p"${DB_ROOT_PASSWORD}" -e "DROP DATABASE IF EXISTS friendica; CREATE DATABASE friendica;"
+```
+
+## Enter the Application Container 🔍
+
+To access the application container:
+```bash
+docker compose exec -it application sh
+```
+
+## Debugging Tools 🛠️
+
+## Check Environment Variables
+```bash
+docker compose exec -it application printenv
+```
+
+## Inspect Volume Data
+```bash
+ls -la /var/lib/docker/volumes/friendica_data/_data/
+```
+
+## Autoinstall 🌟
+
+Run the following command to autoinstall Friendica:
+```bash
+docker compose exec --user www-data -it application bin/console autoinstall
+```
+
+## Reinitialization 🔄
+
+## Docker Only:
+```bash
+docker-compose up -d --force-recreate
+```
+
+## Full Reinitialization:
+```bash
+docker-compose up -d --force-recreate && sleep 2; docker compose exec --user www-data -it application bin/console autoinstall;
+```
+
+## Configuration Information ℹ️
+
+## General Configuration:
+```bash
+cat /var/lib/docker/volumes/friendica_data/_data/config/local.config.php
+```
+
+## Email Configuration:
+```bash
+docker compose exec -it application cat /etc/msmtprc
+```
+
+## Email Debugging ✉️
+
+To send a test email:
+```bash
+docker compose exec -it application msmtp --account=system_email -t test@test.de
+```

roles/web-app-friendica/README.md

@@ -0,0 +1,34 @@
+# Friendica
+
+## Description
+
+Empower your decentralized social networking with Friendica, a platform designed to foster communication and community building with ease. Experience a robust, containerized deployment that streamlines installation, configuration, and maintenance for your Friendica instance.
+
+## Overview
+
+This role deploys Friendica using Docker, managing the Friendica application container alongside a central MariaDB instance. It provides tools for full resets, manual and automatic database reinitialization, email and general configuration debugging, and autoinstall processes—all to ensure your Friendica installation remains reliable and easy to maintain.
+
+For detailed administration procedures, please refer to the [Administration.md](./Administration.md) file.
+
+## Features
+
+- **Decentralized Social Networking:** Facilitate a distributed network for seamless peer-to-peer communication.
+- **Containerized Deployment:** Leverage Docker for streamlined setup, management, and scalability.
+- **Robust Reset and Recovery Tools:** Easily reset and reinitialize both the application and its underlying database.
+- **Configuration Debugging:** Quickly inspect environment variables, volume data, and configuration files to troubleshoot issues.
+- **Autoinstall Capability:** Automate initial installation steps to rapidly deploy a working Friendica instance.
+
+## Further Resources
+
+- [Friendica Docker Hub](https://hub.docker.com/_/friendica)
+- [Friendica Installation Documentation](https://wiki.friendi.ca/docs/install)
+- [Friendica GitHub Repository](https://github.com/friendica/docker)
+- [Relevant Issue Tracker](https://github.com/friendica/friendica/issues)
+
+## Credits
+
+Developed and maintained by **Kevin Veen-Birkenbach**.  
+Learn more at [veen.world](https://www.veen.world).
+
+Part of the [CyMaIS Project](https://github.com/kevinveenbirkenbach/cymais)  
+Licensed under [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl).

roles/web-app-friendica/meta/main.yml

@@ -0,0 +1,24 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Empower your decentralized social networking with Friendica, a platform designed to foster communication and community building with ease. Experience a robust, containerized deployment that streamlines installation, configuration, and maintenance for your Friendica instance."
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: |
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  galaxy_tags:
+    - friendica
+    - docker
+    - social network
+    - decentralized
+  repository: https://s.veen.world/cymais
+  issue_tracker_url: https://s.veen.world/cymaisissues
+  documentation: https://s.veen.world/cymais
+  logo:
+    class: "fa-solid fa-users"
+  run_after:
+    - web-app-matomo
+    - web-app-keycloak
+    - service-openldap

roles/web-app-friendica/tasks/main.yml

@@ -0,0 +1,56 @@
+---
+- name: "include service-rdbms-central"
+  include_role: 
+    name: service-rdbms-central
+
+- name: "create {{ friendica_host_ldap_config }}"
+  template: 
+    src:  "ldapauth.config.php.j2" 
+    dest: "{{ friendica_host_ldap_config }}"
+    mode: '644'
+    owner: root
+    group: 33
+    force: yes
+  notify: docker compose up
+  when: applications | is_feature_enabled('ldap',application_id)
+
+- name: "include role webserver-proxy-domain for {{application_id}}"
+  include_role:
+    name: webserver-proxy-domain
+  vars:
+    domain:   "{{ domains | get_domain(application_id) }}"
+    http_port:   "{{ ports.localhost.http[application_id] }}"
+
+- name: Build friendica_addons based on features
+  set_fact:
+    friendica_addons: >-
+      {{
+        friendica_addons | default([])
+        + [{
+            'name': item.key,
+            'enabled': (
+              applications[application_id].features.oidc
+                if item.key == 'keycloakpassword'
+              else applications[application_id].features.ldap
+                if item.key == 'ldapauth'
+              else (item.value.enabled if item.value is mapping and 'enabled' in item.value else False)
+            )
+          }]
+      }}
+  loop: "{{ applications[application_id].addons | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+
+- name: Ensure Friendica addons are in sync
+  command: >
+    docker compose exec --user www-data
+    application
+    bin/console addon
+    {{ 'enable' if item.enabled else 'disable' }}
+    {{ item.name }}
+  args:
+    chdir: "{{ docker_compose.directories.instance }}"
+  loop: "{{ friendica_addons }}"
+  loop_control:
+    label: "{{ item.name }}"
+

roles/web-app-friendica/templates/docker-compose.yml.j2

@@ -0,0 +1,20 @@
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
+  application:
+    image: "{{ applications[application_id].images.friendica }}"
+    {% include 'roles/docker-container/templates/base.yml.j2' %}
+    volumes:
+      - html:{{ friendica_application_base }}
+      - data:/var/www/data # I assume that this one is unnessecarry
+      - {{ friendica_host_ldap_config }}:{{ friendica_docker_ldap_config }}:ro 
+    ports:
+      - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
+
+{% include 'roles/docker-container/templates/healthcheck/msmtp_curl.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}
+
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
+  data:
+  html:
+
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}

roles/web-app-friendica/templates/env.j2

@@ -0,0 +1,31 @@
+# The configuration options can be found here: 
+# @see https://hub.docker.com/_/friendica
+
+FRIENDICA_URL=https://{{domains | get_domain(application_id)}}
+HOSTNAME={{domains | get_domain(application_id)}}
+FRIENDICA_NO_VALIDATION={{friendica_no_validation | lower}}
+      
+# Debugging
+FRIENDICA_DEBUGGING={% if enable_debug | bool %}true{% else %}false{% endif %}{{"\n"}}
+FRIENDICA_LOGLEVEL={% if enable_debug | bool %}9{% else %}5{% endif %}{{"\n"}}
+FRIENDICA_LOGGER=syslog
+
+# Database Configuration 
+MYSQL_HOST=     "{{database_host}}:{{database_port}}"
+MYSQL_DATABASE= {{database_name}}
+MYSQL_USER=     {{database_username}}
+MYSQL_PASSWORD= {{database_password}}
+
+# Email Configuration
+SMTP=           {{system_email.host}}
+SMTP_DOMAIN=    {{system_email.domain}}
+SMTP_PORT=      {{system_email.port}}
+SMTP_AUTH_USER= {{ users['no-reply'].email }}
+SMTP_AUTH_PASS= {{ users['no-reply'].mailu_token }}
+SMTP_TLS=       {{ 'on' if system_email.tls else 'off' }}
+SMTP_STARTTLS=  {{ 'on' if system_email.start_tls else 'off' }}
+SMTP_FROM=      no-reply
+
+# Administrator Credentials
+FRIENDICA_ADMIN_MAIL= {{ users.administrator.email }}
+MAILNAME= {{ users.administrator.email }}

roles/web-app-friendica/templates/ldapauth.config.php.j2

@@ -0,0 +1,51 @@
+<?php
+// Source: https://git.friendi.ca/friendica/friendica-addons/src/branch/develop/ldapauth
+
+// Warning: Don't change this file! It only holds the default config values for this addon.
+// Instead, copy this file to config/ldapauth.config.php in your Friendica directory and set the correct values there
+
+return [
+	'ldapauth' => [
+		// ldap_server (String)
+		// ldap hostname server - required
+		// Example: ldap_server = host.example.com
+		'ldap_server' => '{{ ldap.server.uri }}',
+
+		// ldap_binddn (String)
+		// admin dn - optional - only if ldap server dont have anonymous access
+		// Example: ldap_binddn = cn=admin,dc=example,dc=com
+		'ldap_binddn' => '{{ ldap.dn.administrator.data }}',
+
+		// ldap_bindpw (String)
+		// admin password - optional - only if ldap server dont have anonymous access
+		'ldap_bindpw' => '{{ ldap.bind_credential }}',
+
+		// ldap_searchdn (String)
+		// dn to search users - required
+		// Example: ldap_searchdn = ou=users,dc=example,dc=com
+		'ldap_searchdn' => '{{ ldap.dn.ou.users }}',
+
+		// ldap_userattr (String)
+		// attribute to find username - required
+		// Example: ldap_userattr = uid
+		'ldap_userattr' => '{{ ldap.user.attributes.id }}',
+
+		// ldap_group (String)
+		// DN of the group whose member can auth on Friendica - optional
+		'ldap_group' =>'',
+
+		// ldap_autocreateaccount (Boolean)
+		// To create Friendica account if user exists in ldap
+		// Requires an email and a simple (beautiful) nickname on user ldap object
+		// active account creation - optional - default true
+		'ldap_autocreateaccount' => true,
+
+		// ldap_autocreateaccount_emailattribute (String)
+		// attribute to get email - optional - default : 'mail'
+		'ldap_autocreateaccount_emailattribute' => '{{ ldap.user.attributes.mail }}',
+
+		// ldap_autocreateaccount_nameattribute (String)
+		// attribute to get nickname - optional - default : 'givenName'
+		'ldap_autocreateaccount_nameattribute' => '{{ ldap.user.attributes.firstname }}',
+	],
+];

roles/web-app-friendica/vars/configuration.yml

@@ -0,0 +1,32 @@
+images:
+  friendica:          "friendica:latest"
+features:
+  matomo:             true
+  css:                false # Temporary deactivated
+  portfolio_iframe:   true
+  oidc:               false # Implementation doesn't work yet
+  central_database:   true
+  ldap:               true
+  oauth2:             false # No special login side which could be protected, use 2FA of Friendica instead
+domains:
+  canonical:
+    - "social.{{ primary_domain }}"
+csp:
+  flags:
+    script-src-elem:
+      unsafe-inline:  true
+    script-src:
+      unsafe-inline:  true
+      unsafe-eval:    true
+    style-src:
+      unsafe-inline:  true
+oauth2_proxy:  
+  application:        "application"
+  port:               "80"
+addons:
+  keycloakpassword: {}
+  ldapauth: {}
+docker:
+  services:
+    database:
+      enabled: true

roles/web-app-friendica/vars/main.yml

@@ -0,0 +1,8 @@
+application_id:     "friendica"
+database_type:      "mariadb"
+
+friendica_no_validation:       "{{ applications[application_id].features.oidc }}" # Email validation is not neccessary if OIDC is active
+friendica_application_base:    "/var/www/html"
+friendica_docker_ldap_config:  "{{friendica_application_base}}/config/ldapauth.config.php"
+friendica_host_ldap_config:    "{{ docker_compose.directories.volumes }}ldapauth.config.php"
+