Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation

roles/web-app-nextcloud/tasks/config.yml

@@ -0,0 +1,18 @@
+- name: Merge all files in cymais directory (container)
+  block:
+    - name: Add dynamic config merging from Jinja template
+      template:
+        src: include.php.j2
+        dest: "{{nextcloud_host_include_instructions_file}}"
+      notify: docker compose restart
+
+    - name: Copy include instructions to the container
+      command: >
+        docker cp {{ nextcloud_host_include_instructions_file }} {{ applications.nextcloud.container.application }}:{{nextcloud_docker_include_instructions_file}}
+
+    - name: Append generated config to config.php only if not present
+      command: >
+        docker exec -u {{nextcloud_docker_user}} {{ applications.nextcloud.container.application }} sh -c "
+          grep -q '{{ nextcloud_docker_config_additives_directory }}' {{ nextcloud_docker_config_file }} || 
+          cat {{nextcloud_docker_include_instructions_file}} >> {{ nextcloud_docker_config_file }}"
+      notify: docker compose restart

roles/web-app-nextcloud/tasks/main.yml

@@ -0,0 +1,72 @@
+---
+- name: "include service-rdbms-central"
+  include_role: 
+    name: service-rdbms-central
+
+- name: "create {{ nextcloud_host_config_additives_directory }}"
+  file:
+    path: "{{ nextcloud_host_config_additives_directory }}"
+    state: directory
+    mode: 0755
+
+- name: "Create config files at {{ nextcloud_host_config_additives_directory }}"
+  template:
+    src:    "{{ item }}"
+    dest:   "{{ nextcloud_host_config_additives_directory }}/{{ item | basename | regex_replace('\\.j2$', '') }}"
+    owner:  "{{nextcloud_docker_user_id}}"
+    group:  "{{nextcloud_docker_user_id}}"
+  loop:     "{{ lookup('fileglob', role_path ~ '/templates/config/*.j2', wantlist=True) }}"
+  # Not all type of changes take instantly place. Due to this reason a rebuild is required.
+  notify: docker compose up
+
+- name: "include role for {{application_id}} to receive certs & do modification routines"
+  include_role:
+    name: webserver-composer
+
+- name: create nextcloud nginx proxy configuration file
+  template: 
+    src:  "nginx/host.conf.j2" 
+    dest: "{{nginx.directories.http.servers}}{{domains | get_domain(application_id)}}.conf"
+  notify: restart nginx
+
+- name: create internal nextcloud nginx configuration
+  template: 
+    src:  "nginx/docker.conf.j2" 
+    dest: "{{docker_compose.directories.volumes}}nginx.conf"
+  notify: restart nextcloud nginx service
+
+- name: Flush all handlers immediately so that occ can be used
+  meta: flush_handlers
+
+- name: Setup config.php 
+  include_tasks: config.yml
+
+- name: Setup Nextcloud Plugins
+  include_tasks: plugin.yml
+  loop: "{{applications[application_id].plugins | dict2items }}"
+  loop_control:
+    loop_var: plugin_item
+  vars:
+    plugin_key:   "{{ plugin_item.key }}"
+    plugin_value: "{{ plugin_item.value }}"
+
+- name: Load system configuration
+  include_tasks: system.yml
+
+- name: Add missing database indices in Nextcloud
+  command: >
+    {{nextcloud_docker_exec_occ}} db:add-missing-indices
+  register: db_indices_result
+  changed_when: >
+    'Adding additional' in db_indices_result.stdout or 
+    'Removing' in db_indices_result.stdout or 
+    'updated successfully' in db_indices_result.stdout
+  failed_when: db_indices_result.rc != 0
+
+- name: Ensure Nextcloud administrator is in the 'admin' group
+  command: >
+    docker exec -u {{ nextcloud_docker_user }} {{ applications.nextcloud.container.application }}
+    php occ group:adduser admin {{ applications.nextcloud.users.administrator.username }}
+  register: add_admin_to_group
+  changed_when: "'Added user' in add_admin_to_group.stdout"
+  failed_when: add_admin_to_group.rc != 0 and "'is already a member of' not in add_admin_to_group.stderr"

roles/web-app-nextcloud/tasks/plugin.yml

@@ -0,0 +1,74 @@
+- name: "Disable incompatible plugins for {{plugin_key}}."
+  command: "{{nextcloud_docker_exec_occ}} app:disable {{incompatible_plugin}}"
+  loop: "{{plugin_value.incompatible_plugins}}"
+  loop_control: 
+    loop_var: incompatible_plugin
+  register: disable_incompatible_plugin_result
+  changed_when: disable_incompatible_plugin_result.rc == 0 and ("No such app enabled" not in disable_incompatible_plugin_result.stdout)
+  when: 
+    - plugin_value.incompatible_plugins is defined and plugin_value.incompatible_plugins | length > 0
+    - plugin_value.enabled | bool
+
+- name: disable {{ plugin_key }} nextcloud plugin
+  command: "{{nextcloud_docker_exec_occ}} app:disable {{ plugin_key }}"
+  register: disable_result
+  changed_when: disable_result.rc == 0 and ("No such app enabled" not in disable_result.stdout)
+  when: not (plugin_value.enabled | bool)
+
+- name: install {{ plugin_key }} nextcloud plugin
+  command: "{{ nextcloud_docker_exec_occ }} app:install {{ plugin_key }}"
+  register: install_result
+  failed_when: >
+    install_result.rc != 0
+    and
+    ("already installed" not in install_result.stdout)
+    and
+    ("not compatible with this version of the server" not in install_result.stdout)
+  changed_when: >
+    install_result.rc == 0
+    and
+    ("already installed" not in install_result.stdout)
+  when: plugin_value.enabled | bool
+
+- block:
+  - name: enable {{plugin_key}} nextcloud plugin
+    command: "{{nextcloud_docker_exec_occ}} app:enable {{plugin_key}}"
+    register: enable_result
+    changed_when: enable_result.rc == 0 and ("already enabled" not in enable_result.stdout)
+
+  - name: Check if {{nextcloud_control_node_plugin_vars_directory}}{{ plugin_key }}.yml exists
+    stat:
+      path: "{{nextcloud_control_node_plugin_vars_directory}}{{ plugin_key }}.yml"
+    delegate_to: localhost
+    become: false
+    register: plugin_vars_file
+
+  - name: "Load {{ plugin_key }} configuration variables"
+    include_vars:
+      file: "{{nextcloud_control_node_plugin_vars_directory}}{{ plugin_key }}.yml"
+    when: plugin_vars_file.stat.exists
+
+  - name: "Set {{ item.configkey }} for {{ item.appid }}"
+    loop: "{{ plugin_configuration }}"
+    command: >
+      {{ nextcloud_docker_exec_occ }} config:app:set {{ item.appid }} {{ item.configkey }} --value '{{ item.configvalue | to_json if item.configvalue is mapping else item.configvalue }}'
+    register: config_set_result
+    changed_when: (config_set_result.stdout is defined) and ("Config value were not updated" not in config_set_result.stdout)
+    when: plugin_vars_file.stat.exists
+
+  - name: Check if {{nextcloud_control_node_plugin_tasks_directory}}{{ plugin_key }}.yml exists
+    stat:
+      path: "{{nextcloud_control_node_plugin_tasks_directory}}{{ plugin_key }}.yml"
+    delegate_to: localhost
+    become: false
+    register: plugin_tasks_file
+
+  - name: "include {{nextcloud_control_node_plugin_tasks_directory}}{{ plugin_key }}.yml"
+    include_tasks: "{{nextcloud_control_node_plugin_tasks_directory}}{{ plugin_key }}.yml"
+    when: plugin_tasks_file.stat.exists
+  when:
+    - plugin_value.enabled | bool
+    - install_result is defined
+    - >
+      install_result.rc == 0
+      or "already installed" in install_result.stdout

roles/web-app-nextcloud/tasks/plugins/user_ldap.yml

@@ -0,0 +1,6 @@
+# @See https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html
+# @See https://chatgpt.com/c/67aa2d21-cb4c-800f-b1be-8629b6bd3f55
+
+- name: Set Nextcloud LDAP bind password
+  command: >
+    {{ nextcloud_docker_exec_occ }} ldap:set-config s01 ldapAgentPassword "{{ ldap.bind_credential }}"

roles/web-app-nextcloud/tasks/system.yml

@@ -0,0 +1,8 @@
+- name: Load System Nextcloud configuration variables
+  include_vars:
+    file: system.yml
+
+- name:     Apply Nextcloud configurations
+  loop:     "{{ nextcloud_system_config }}"
+  command:  "{{nextcloud_docker_exec_occ}} config:system:set {{ item.parameter }}{% if item.type is defined %} --type {{ item.type }}{% endif %} --value {{ item.value }}"
+  # No good changed_when condition available