Refactor path handling, service conditions and dependencies

- Fixed incorrect filter usage in docker-compose handler (proper use of | path_join).
- Improved LetsEncrypt template by joining paths with filenames instead of appending manually.
- Enhanced sys-svc-msmtp task with an additional condition to only run if no-reply mailu_token exists.
- Updated Keycloak meta to depend on Mailu (ensuring token generation before setup).
- Refactored Keycloak import path variables to use path_join consistently.
- Adjusted Mailu meta dependency to run after Matomo instead of Keycloak.

See: https://chatgpt.com/share/68af13e6-edc0-800f-b76a-a5f427837173

roles/docker-compose/handlers/main.yml

@@ -15,7 +15,7 @@
 - name: docker compose pull
   shell: |
     set -euo pipefail
-    lock="{{ [ PATH_DOCKER_COMPOSE_PULL_LOCK_DIR | docker_compose.directories.instance ] path_join | hash('sha1') }}"
+    lock="{{ [ PATH_DOCKER_COMPOSE_PULL_LOCK_DIR | docker_compose.directories.instance ] | path_join | hash('sha1') }}"
     if [ ! -e "$lock" ]; then
       mkdir -p "$(dirname "$lock")"
       docker compose pull

roles/srv-letsencrypt/templates/ssl_credentials.j2

@@ -1,3 +1,3 @@
-ssl_certificate         {{ [ LETSENCRYPT_LIVE_PATH, ssl_cert_folder] | path_join }}/fullchain.pem;
-ssl_certificate_key     {{ [ LETSENCRYPT_LIVE_PATH, ssl_cert_folder] | path_join }}/privkey.pem;
-ssl_trusted_certificate {{ [ LETSENCRYPT_LIVE_PATH, ssl_cert_folder] | path_join }}/chain.pem;
+ssl_certificate         {{ [ LETSENCRYPT_LIVE_PATH, ssl_cert_folder, 'fullchain.pem'] | path_join }};
+ssl_certificate_key     {{ [ LETSENCRYPT_LIVE_PATH, ssl_cert_folder, 'privkey.pem'  ] | path_join }};
+ssl_trusted_certificate {{ [ LETSENCRYPT_LIVE_PATH, ssl_cert_folder, 'chain.pem'    ] | path_join }};

roles/sys-svc-msmtp/tasks/main.yml

@@ -2,4 +2,6 @@
   - include_tasks: 01_core.yml
   - set_fact:
       run_once_sys_svc_msmtp: true
-  when: run_once_sys_svc_msmtp is not defined
+  when:
+    - run_once_sys_svc_msmtp is not defined
+    - (users['no-reply'].mailu_token | default(false)) | bool # Don't setup the service if no-reply mailu token doesn't exist

roles/web-app-keycloak/meta/main.yml

@@ -21,3 +21,4 @@ galaxy_info:
     class: "fa-solid fa-lock"
   run_after:
     - web-app-matomo
+    - web-app-mailu # Token must be generated

roles/web-app-keycloak/vars/main.yml

@@ -23,10 +23,10 @@ KEYCLOAK_HEALTH_ENABLED:            true
 
 ## Import
 KEYCLOAK_REALM_IMPORT_ENABLED:      "{{ applications | get_app_conf(application_id, 'actions.import_realm') }}"
-KEYCLOAK_REALM_IMPORT_DIR_HOST:     "{{ docker_compose.directories.volumes }}import/"
+KEYCLOAK_REALM_IMPORT_DIR_HOST:     "{{ [docker_compose.directories.volumes,'import'] | path_join }}"
 KEYCLOAK_REALM_IMPORT_DIR_DOCKER:   "/opt/keycloak/data/import/"
 KEYCLOAK_REALM_IMPORT_FILE_SRC:     "import/realm.json.j2"
-KEYCLOAK_REALM_IMPORT_FILE_DST:     "{{ KEYCLOAK_REALM_IMPORT_DIR_HOST }}/realm.json"
+KEYCLOAK_REALM_IMPORT_FILE_DST:     "{{ [KEYCLOAK_REALM_IMPORT_DIR_HOST,'realm.json'] | path_join }}"
 
 ## Credentials
 KEYCLOAK_ADMIN:                     "{{ applications | get_app_conf(application_id, 'users.administrator.username') }}"

roles/web-app-mailu/meta/main.yml

@@ -20,4 +20,4 @@ galaxy_info:
   logo:
     class: "fa-solid fa-envelope"
   run_after:  
-    - web-app-keycloak
+    - web-app-matomo