Shortened service- to svc-

roles/svc-rdbms-mariadb/Administration.md

@@ -0,0 +1,6 @@
+# Administration
+
+## Execute SQL commands
+```bash
+docker exec -it {{applications.mariadb.hostname }} mariadb -u root -p
+```

roles/svc-rdbms-mariadb/README.md

@@ -0,0 +1,30 @@
+# MariaDB
+
+## Overview
+This Ansible role facilitates the deployment of a MariaDB server using Docker. It is designed to ensure ease of installation and configuration, with the flexibility to adapt to different environments.
+
+## Features
+- **Dockerized MariaDB**: Leverages Docker for MariaDB deployment, ensuring consistency across different environments.
+- **Customizable Settings**: Allows customization of the MariaDB instance through various Ansible variables.
+- **Network Configuration**: Includes setup of a dedicated Docker network for MariaDB.
+- **Idempotent Design**: Ensures that repeat runs of the playbook do not result in unwanted changes.
+- **Security Focused**: Implements best practices for securing the MariaDB root password.
+
+## Prerequisites
+Before using this role, ensure you have the following:
+- Ansible installed on the control machine.
+- Docker installed on the target host(s).
+- Access to the target host(s) via SSH.
+
+## Configuration
+Configure the role by setting the required variables. These can be set in the playbook or in a separate variable file:
+- `central_mariadb_root_password`: The root password for the MariaDB server.
+- `database_name`: The name of the initial database to create.
+- `database_username`: The username for the database user.
+- `database_password`: The password for the database user.
+
+## Contributing
+Contributions to this project are welcome. Please submit issues and pull requests with your suggestions.
+
+## Further Resources
+- [Reset Password for MariaDB/MySQL in Docker](https://wolfgang.gassler.org/reset-password-mariadb-mysql-docker/)

roles/svc-rdbms-mariadb/config/main.yml

@@ -0,0 +1,2 @@
+version:  "latest"
+hostname: "central-mariadb"

roles/svc-rdbms-mariadb/defaults/README.md

@@ -0,0 +1,44 @@
+# defaults/
+
+This directory contains default variable definition files for the `svc-rdbms-mariadb` Ansible role. It centralizes all configurable values related to MariaDB deployment and can be adjusted without modifying task logic.
+
+---
+
+## files and their purpose
+
+### `main.yml`
+
+Defines default values for how the MariaDB database should be created.
+
+* **`database_encoding`** (string):
+
+  * **Default:** `"utf8mb4"`
+  * **Reasoning:**
+
+    * **Full Unicode support**: `utf8mb4` is the only MySQL/MariaDB character set that fully implements 4‑byte UTF‑8, allowing storage of emojis, supplementary symbols, and all global scripts without data loss.
+    * **Future‑proof:** Modern applications and standards have converged on UTF‑8; using `utf8mb4` avoids migration challenges later.
+    * **Performance trade‑off:** While slightly more storage might be used compared to `latin1`, the universality of `utf8mb4` outweighs the cost for most deployments.
+
+* **`database_collation`** (string):
+
+  * **Default:** `"utf8mb4_unicode_ci"`
+  * **Reasoning:**
+
+    * **Accurate sorting & comparison:** This collation uses full Unicode algorithm rules, ensuring linguistically correct comparisons across many languages.
+    * **Case‑insensitive (`ci`):** Most web apps expect case‑insensitive matching for usernames, emails, and search queries, improving usability.
+    * **Neutral choice:** Unlike language‑specific collations, `unicode_ci` works robustly in multilingual contexts without bias.
+
+> **Tip:** If you have a legacy application requiring a different charset or collation (e.g., for backward compatibility with existing data), simply override `database_encoding` and `database_collation` in your playbook-level variables.
+
+## Overriding default variables
+
+To customize any of these values without editing role defaults:
+
+1. Create or update a playbook-level vars file (e.g. `group_vars/all/svc-rdbms-mariadb.yml`).
+2. Set the desired values, for example:
+
+   ```yaml
+   database_encoding: "latin1"
+   database_collation: "latin1_swedish_ci"
+   ```
+3. Run your playbook—Ansible’s variable precedence ensures your overrides take effect.

roles/svc-rdbms-mariadb/defaults/main.yml

@@ -0,0 +1,3 @@
+# Check out the README.md file for more information, why this encodings and collations are used
+database_encoding:  "utf8mb4"
+database_collation: "utf8mb4_unicode_ci"

roles/svc-rdbms-mariadb/meta/main.yml

@@ -0,0 +1,26 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: >-
+    The Docker MariaDB Role offers an easy and efficient way to deploy a MariaDB server inside a Docker container.
+    Manage your data securely and effectively, making it ideal for production or local development.
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: |
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  min_ansible_version: "2.9"
+  platforms:
+    - name: Docker
+      versions:
+        - "latest"
+  galaxy_tags:
+    - mariadb
+    - docker
+    - database
+    - administration
+    - central-database
+  repository: "https://s.veen.world/cymais"
+  issue_tracker_url: "https://s.veen.world/cymaisissues"
+  documentation: "https://s.veen.world/cymais"

roles/svc-rdbms-mariadb/schema/main.yml

@@ -0,0 +1,5 @@
+credentials:
+  root_password:
+    description: "Password for the MariaDB root user"
+    algorithm: "bcrypt"
+    validation: "^\\$2[aby]\\$.{56}$"

roles/svc-rdbms-mariadb/tasks/main.yml

@@ -0,0 +1,88 @@
+- name: Create Docker network for MariaDB
+  docker_network:
+    name: central_mariadb
+    state: present
+    ipam_config:
+      - subnet: "{{ networks.local.mariadb.subnet }}"
+  when: run_once_docker_mariadb is not defined
+
+- name: install MariaDB
+  docker_container:
+    name: "{{applications.mariadb.hostname }}"
+    image: "mariadb:{{applications.mariadb.version}}" #could lead to problems with nextcloud
+    detach: yes
+    env:
+      MARIADB_ROOT_PASSWORD:  "{{applications.mariadb.credentials.root_password}}"
+      MARIADB_AUTO_UPGRADE:   "1"
+    networks:
+      - name: central_mariadb
+    volumes:
+      - central_mariadb_database:/var/lib/mysql
+    published_ports:
+      - "127.0.0.1:{{database_port}}:3306" # can be that this will be removed if all applications use sockets
+    command: "--transaction-isolation=READ-COMMITTED --binlog-format=ROW" #for nextcloud
+    restart_policy: "{{docker_restart_policy}}"
+    healthcheck:
+      test: "/usr/bin/mariadb --user=root --password={{applications.mariadb.credentials.root_password}} --execute \"SHOW DATABASES;\""
+      interval: 3s
+      timeout: 1s
+      retries: 5
+  when: run_once_docker_mariadb is not defined
+  register: setup_mariadb_container_result
+
+- name: install python-mysqlclient
+  pacman: 
+    name: python-mysqlclient
+    state: present
+  when: run_once_docker_mariadb is not defined
+
+- name: Wait until the MariaDB container is healthy
+  community.docker.docker_container_info:
+    name: "{{ applications.mariadb.hostname }}"
+  register: db_info
+  until:
+  - db_info.containers is defined
+  - db_info.containers | length > 0
+  - db_info.containers[0].State.Health.Status == "healthy"
+  retries: 30
+  delay: 5
+  when:
+    - setup_mariadb_container_result is defined
+    - setup_mariadb_container_result.changed
+    - run_once_docker_mariadb is not defined
+
+- name: "Create database: {{ database_name }}"
+  mysql_db:
+    name:           "{{ database_name }}"
+    state:          present
+    login_user:     root
+    login_password: "{{ applications.mariadb.credentials.root_password }}"
+    login_host:     127.0.0.1
+    login_port:     "{{ database_port }}"
+    encoding:       "{{ database_encoding }}"
+    collation:      "{{ database_collation }}"
+
+- name: "Create database user: {{ database_username }}"
+  mysql_user:
+    name:     "{{database_username}}"
+    password: "{{database_password}}"
+    host: "%"
+    priv: '{{database_name}}.*:ALL'
+    state: present
+    login_user: root
+    login_password: "{{applications.mariadb.credentials.root_password}}"
+    login_host: 127.0.0.1
+    login_port: "{{database_port}}"
+
+# Deactivated due to https://chatgpt.com/share/683ba14b-0e74-800f-9ad1-a8979bc77093
+# @todo Remove if this works fine in the future. 
+#- name: Grant database privileges
+#  ansible.builtin.shell:
+#    cmd: "docker exec {{applications.mariadb.hostname }} mariadb -u root -p{{ applications.mariadb.credentials.root_password }} -e \"GRANT ALL PRIVILEGES ON `{{database_name}}`.* TO '{{database_username}}'@'%';\""
+#  args:
+#    executable: /bin/bash
+
+- name: run the docker_mariadb tasks once
+  set_fact:
+    run_once_docker_mariadb: true
+  when: run_once_docker_mariadb is not defined

roles/svc-rdbms-mariadb/vars/README.md

@@ -0,0 +1,34 @@
+# vars/
+
+This directory contains variable definition files for the `svc-rdbms-mariadb` Ansible role. It centralizes all configurable values related to MariaDB deployment and can be adjusted without modifying task logic.
+
+---
+
+## files and their purpose
+
+### 1. `config/main.yml`
+
+Contains configuration values that determine which Docker image version to use and what hostname the container will be registered under.
+
+* **`version`** (string):
+
+  * Default: `"latest"`
+  * The MariaDB image tag to pull (e.g. `10.6`, `10.11`, or `latest`).
+
+* **`hostname`** (string):
+
+  * Default: `"central-mariadb"`
+  * The container name and DNS alias within the `central_mariadb` network. Used by other services (like Moodle) to connect.
+
+> **Tip:** Pin to a specific minor version (e.g., `10.6.12`) in production to avoid breaking changes on rebuilds.
+
+---
+
+### 2. `main.yml`
+
+Minimal file defining the application identifier for the role.
+
+* **`application_id`** (string):
+
+  * Default: `"mariadb"`
+  * Logical name used in templates, notifications, or paths when multiple roles/services may coexist.

roles/svc-rdbms-mariadb/vars/main.yml

@@ -0,0 +1 @@
+application_id: "mariadb"