Solved some bugs and optimized nextcloud

group_vars/all/07_applications.yml

@@ -234,7 +234,7 @@ defaults_applications:
     credentials:
 #     database_password:  Null          # Needs to be set in inventory file
       administrator_username:           "{{administrator_username}}"
-      administrator_initial_passwords:  "{{administrator_initial_password}}"
+      administrator_initial_password:   "{{administrator_initial_password}}"
 
 
   ## OAuth2 Proxy

roles/docker-attendize/tasks/main.yml

@@ -8,7 +8,7 @@
     name: nginx-https-get-cert-modify-all
   vars:
     domain: "{{ item }}"
-    http:   "{{ ports.localhost.http[application_id] }}"
+    http_port:   "{{ ports.localhost.http[application_id] }}"
   loop:
     - "{{ domains.mailu }}"
     - "{{ domain }}"

roles/docker-baserow/vars/main.yml

@@ -1,3 +1,5 @@
 application_id:     "baserow"
 database_password:  "{{ baserow_database_password }}"
-database_type:      "postgres"
+database_type:      "postgres"
+domain: 	          "{{ domains[application_id] }}"
+http_port: 	        "{{ ports.localhost.http[application_id] }}"

roles/docker-compose/handlers/main.yml

@@ -28,3 +28,9 @@
     COMPOSE_HTTP_TIMEOUT: 600
     DOCKER_CLIENT_TIMEOUT: 600
   listen: docker compose project build and setup
+
+- name: docker compose restart
+  command:
+    cmd: "docker compose restart"
+    chdir: "{{docker_compose.directories.instance}}"
+  listen: docker compose restart

roles/docker-nextcloud/tasks/config.yml

@@ -0,0 +1,31 @@
+- name: "Substitute http with https in {{ nextcloud_config_file_path }}"
+  replace:
+    path: "{{ nextcloud_config_file_path }}"
+    regexp: "http://{{ domain | regex_escape }}"
+    replace: "https://{{ domain }}"
+  notify:
+    - docker compose restart
+
+- name: "Ensure 'overwriteprotocol' is set to 'https' in Nextcloud {{ nextcloud_config_file_path }}"
+  block:
+    - name: Check if 'overwriteprotocol' is already set
+      lineinfile:
+        path: "{{ nextcloud_config_file_path }}"
+        regexp: "^\s*'overwriteprotocol'\s*=>\s*'http'"
+        line: "'overwriteprotocol' => 'https',"
+        backrefs: yes
+        state: present
+        notify:
+          - docker compose restart
+
+    - name: Add 'overwriteprotocol' => 'https' if not present
+      lineinfile:
+        path: "{{ nextcloud_config_file_path }}"
+        regexp: "^\s*\);$"
+        line: "'overwriteprotocol' => 'https',"
+        insertafter: "^\s*\);$"
+        state: present
+        notify:
+          - docker compose restart        
+  notify:
+    - docker compose restart

roles/docker-nextcloud/tasks/main.yml

@@ -6,18 +6,12 @@
 - name: "include role for {{application_id}} to recieve certs & do modification routines"
   include_role:
     name: nginx-https-get-cert-modify-all
-  vars:
-    domain: "{{domains[application_id]}}"
-    http:   "{{ ports.localhost.http[application_id] }}"
 
 - name: create nextcloud nginx proxy configuration file
   template: 
     src:  "proxy-nginx.conf.j2" 
     dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
   notify: restart nginx
-  vars:
-    domain:    "{{domains[application_id]}}"
-    http_port: "{{ports.localhost.http[application_id]}}"
 
 - name: create internal nextcloud nginx configuration
   template: 
@@ -34,4 +28,7 @@
 
 - name: Include LDAP specific tasks
   include_tasks: ldap.yml
-  when: applications[application_id].ldap_enabled | bool
+  when: applications[application_id].ldap_enabled | bool
+
+- name: Include Config specific tasks
+  include_tasks: config.yml

roles/docker-nextcloud/templates/env.j2

@@ -18,11 +18,11 @@ SMTP_NAME=      {{system_email.username}}
 SMTP_PASSWORD=  {{system_email.password}}
 
 # Email from configuration
-MAIL_FROM_ADDRESS=          {{system_email.local}}
-MAIL_DOMAIN=                {{system_email.domain}}
+MAIL_FROM_ADDRESS=          "{{system_email.local}}"
+MAIL_DOMAIN=                "{{system_email.domain}}"
 
 # Initial Admin Data
-NEXTCLOUD_ADMIN_USER=       {{applications.[application_id].credentials.administrator_username}}
-NEXTCLOUD_ADMIN_PASSWORD=   {{applications.[application_id].credentials.administrator_initial_password}}
+NEXTCLOUD_ADMIN_USER=       "{{applications[application_id].credentials.administrator_username}}"
+NEXTCLOUD_ADMIN_PASSWORD=   "{{applications[application_id].credentials.administrator_initial_password}}"
 
-NEXTCLOUD_TRUSTED_DOMAINS=  {{domains[application_id]}}
+NEXTCLOUD_TRUSTED_DOMAINS=  "{{domains[application_id]}}"

roles/docker-nextcloud/vars/main.yml

@@ -3,4 +3,7 @@ application_id:                       "nextcloud"
 database_password:  	                "{{applications.nextcloud.credentials.database_password}}"
 database_type:                        "mariadb"
 nextcloud_application_container_name: "nextcloud-application"
-nextcloud_nginx_container_name:       "nextcloud-web"
+nextcloud_nginx_container_name:       "nextcloud-web"
+nextcloud_config_file_path:           "/var/lib/docker/volumes/nextcloud_data/_data/config/config.php"
+domain:                               "{{domains[application_id]}}"
+http_port:                            "{{ ports.localhost.http[application_id] }}"

roles/nginx-serve-files/tasks/main.yml

@@ -3,8 +3,8 @@
   include_role:
     name: nginx-https-get-cert-modify-all
   vars:
-    domain: "{{domains[application_id]}}"
-    http:   "{{ ports.localhost.http[application_id] }}"
+    domain:     "{{domains[application_id]}}"
+    http_port:  "{{ ports.localhost.http[application_id] }}"
 
 - name: "generate {{domains[application_id]}}.conf"
   template: 

roles/nginx-serve-html/tasks/main.yml

@@ -3,8 +3,8 @@
   include_role:
     name: nginx-https-get-cert-modify-all
   vars:
-    domain: "{{domains[application_id]}}"
-    http:   "{{ ports.localhost.http[application_id] }}"
+    domain:     "{{domains[application_id]}}"
+    http_port:  "{{ ports.localhost.http[application_id] }}"
 
 - name: "generate {{domains[application_id]}}.conf"
   template: