From 5aaf2d28dc7be3bc4ea8d793deb034b1f182f4ee Mon Sep 17 00:00:00 2001
From: Kevin Veen-Birkenbach <kevin@veen.world>
Date: Wed, 27 Aug 2025 16:19:57 +0200
Subject: [PATCH] Refactor path handling, service conditions and dependencies

- Fixed incorrect filter usage in docker-compose handler (proper use of | path_join).
- Improved LetsEncrypt template by joining paths with filenames instead of appending manually.
- Enhanced sys-svc-msmtp task with an additional condition to only run if no-reply mailu_token exists.
- Updated Keycloak meta to depend on Mailu (ensuring token generation before setup).
- Refactored Keycloak import path variables to use path_join consistently.
- Adjusted Mailu meta dependency to run after Matomo instead of Keycloak.

See: https://chatgpt.com/share/68af13e6-edc0-800f-b76a-a5f427837173
---
 roles/docker-compose/handlers/main.yml             | 2 +-
 roles/srv-letsencrypt/templates/ssl_credentials.j2 | 6 +++---
 roles/sys-svc-msmtp/tasks/main.yml                 | 4 +++-
 roles/web-app-keycloak/meta/main.yml               | 1 +
 roles/web-app-keycloak/vars/main.yml               | 4 ++--
 roles/web-app-mailu/meta/main.yml                  | 2 +-
 6 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/roles/docker-compose/handlers/main.yml b/roles/docker-compose/handlers/main.yml
index 9752577d..e883eb23 100644
--- a/roles/docker-compose/handlers/main.yml
+++ b/roles/docker-compose/handlers/main.yml
@@ -15,7 +15,7 @@
 - name: docker compose pull
   shell: |
     set -euo pipefail
-    lock="{{ [ PATH_DOCKER_COMPOSE_PULL_LOCK_DIR | docker_compose.directories.instance ] path_join | hash('sha1') }}"
+    lock="{{ [ PATH_DOCKER_COMPOSE_PULL_LOCK_DIR | docker_compose.directories.instance ] | path_join | hash('sha1') }}"
     if [ ! -e "$lock" ]; then
       mkdir -p "$(dirname "$lock")"
       docker compose pull
diff --git a/roles/srv-letsencrypt/templates/ssl_credentials.j2 b/roles/srv-letsencrypt/templates/ssl_credentials.j2
index 3f04c374..ac54edc0 100644
--- a/roles/srv-letsencrypt/templates/ssl_credentials.j2
+++ b/roles/srv-letsencrypt/templates/ssl_credentials.j2
@@ -1,3 +1,3 @@
-ssl_certificate         {{ [ LETSENCRYPT_LIVE_PATH, ssl_cert_folder] | path_join }}/fullchain.pem;
-ssl_certificate_key     {{ [ LETSENCRYPT_LIVE_PATH, ssl_cert_folder] | path_join }}/privkey.pem;
-ssl_trusted_certificate {{ [ LETSENCRYPT_LIVE_PATH, ssl_cert_folder] | path_join }}/chain.pem;
\ No newline at end of file
+ssl_certificate         {{ [ LETSENCRYPT_LIVE_PATH, ssl_cert_folder, 'fullchain.pem'] | path_join }};
+ssl_certificate_key     {{ [ LETSENCRYPT_LIVE_PATH, ssl_cert_folder, 'privkey.pem'  ] | path_join }};
+ssl_trusted_certificate {{ [ LETSENCRYPT_LIVE_PATH, ssl_cert_folder, 'chain.pem'    ] | path_join }};
\ No newline at end of file
diff --git a/roles/sys-svc-msmtp/tasks/main.yml b/roles/sys-svc-msmtp/tasks/main.yml
index f5b3b735..8d537bdc 100644
--- a/roles/sys-svc-msmtp/tasks/main.yml
+++ b/roles/sys-svc-msmtp/tasks/main.yml
@@ -2,4 +2,6 @@
   - include_tasks: 01_core.yml
   - set_fact:
       run_once_sys_svc_msmtp: true
-  when: run_once_sys_svc_msmtp is not defined
+  when:
+    - run_once_sys_svc_msmtp is not defined
+    - (users['no-reply'].mailu_token | default(false)) | bool # Don't setup the service if no-reply mailu token doesn't exist
diff --git a/roles/web-app-keycloak/meta/main.yml b/roles/web-app-keycloak/meta/main.yml
index 32f4dad1..c0a1ac65 100644
--- a/roles/web-app-keycloak/meta/main.yml
+++ b/roles/web-app-keycloak/meta/main.yml
@@ -21,3 +21,4 @@ galaxy_info:
     class: "fa-solid fa-lock"
   run_after:
     - web-app-matomo
+    - web-app-mailu # Token must be generated
diff --git a/roles/web-app-keycloak/vars/main.yml b/roles/web-app-keycloak/vars/main.yml
index 1ce46f1a..aee077ad 100644
--- a/roles/web-app-keycloak/vars/main.yml
+++ b/roles/web-app-keycloak/vars/main.yml
@@ -23,10 +23,10 @@ KEYCLOAK_HEALTH_ENABLED:            true
 
 ## Import
 KEYCLOAK_REALM_IMPORT_ENABLED:      "{{ applications | get_app_conf(application_id, 'actions.import_realm') }}"
-KEYCLOAK_REALM_IMPORT_DIR_HOST:     "{{ docker_compose.directories.volumes }}import/"
+KEYCLOAK_REALM_IMPORT_DIR_HOST:     "{{ [docker_compose.directories.volumes,'import'] | path_join }}"
 KEYCLOAK_REALM_IMPORT_DIR_DOCKER:   "/opt/keycloak/data/import/"
 KEYCLOAK_REALM_IMPORT_FILE_SRC:     "import/realm.json.j2"
-KEYCLOAK_REALM_IMPORT_FILE_DST:     "{{ KEYCLOAK_REALM_IMPORT_DIR_HOST }}/realm.json"
+KEYCLOAK_REALM_IMPORT_FILE_DST:     "{{ [KEYCLOAK_REALM_IMPORT_DIR_HOST,'realm.json'] | path_join }}"
 
 ## Credentials
 KEYCLOAK_ADMIN:                     "{{ applications | get_app_conf(application_id, 'users.administrator.username') }}"
diff --git a/roles/web-app-mailu/meta/main.yml b/roles/web-app-mailu/meta/main.yml
index b9a33d3c..af76aef8 100644
--- a/roles/web-app-mailu/meta/main.yml
+++ b/roles/web-app-mailu/meta/main.yml
@@ -20,4 +20,4 @@ galaxy_info:
   logo:
     class: "fa-solid fa-envelope"
   run_after:  
-    - web-app-keycloak
+    - web-app-matomo