Big code and variable refactoring

2025-02-22 04:29:38 +01:00 · 2025-01-29 14:20:34 +01:00 · 2025-01-29 14:20:34 +01:00 · aca3399e9d
commit aca3399e9d
parent 13429d8e68
43 changed files with 519 additions and 503 deletions
--- a/group_vars/all
+++ b/group_vars/all
@ -1,343 +0,0 @@
 # General
 pause_duration:         "120"         # Database delay to wait for the central database before continue tasks
 ip4_address:            "127.0.0.1"   # Change thie in inventory to the ip address of your server
 backups_folder_path:    "/Backups/"   # Path to the backups folder
 ## Domain
 primary_domain_tld:     "localhost"                                     # Top Level Domain of the server
 primary_domain_sld:     "cymais"                                        # Second Level Domain of the server
 primary_domain:         "{{primary_domain_sld}}.{{primary_domain_tld}}" # Primary Domain of the server
 # Administrator
 administrator_username: "administrator"                                 # Username of the administrator
 administrator_email:    "{{administrator_username}}@{{primary_domain}}" # Email of the administrator
 #user_administrator_initial_password: EXAMPLE_PASSWORD_123456                         # Example initialisation password needs to be set in inventory file
 # Email Configuration
 system_email_local:     no-reply
 system_email_domain:    "{{primary_domain}}"
 system_email_username:  "{{system_email_local}}@{{system_email_domain}}"
 system_email_host:      "mail.{{primary_domain}}"
 system_email_smtp_port: 465
 system_email_tls:       true
 system_email_start_tls: false
 system_email_from:      "{{system_email_username}}"
 system_email_smtp:      true
 # Test Email
 test_email:             "test@{{primary_domain}}"
 # Mode
 # The following modes can be combined with each other
 mode_reset:   false # Cleans up all CyMaIS files. It's necessary to run to whole playbook and not particial roles when using this function.
 mode_debug:   false # Prints well formated debug information
 mode_test:    false # Executes test routines instead of productive routines
 mode_update:  true  # Executes updates
 mode_backup:  true  # Activates the backup before the update procedure
 mode_setup:   false # Execute the setup and initializing procedures
 # Server Tact Variables 
 ## Ours in which the server is "awake" (100% working). Rest of the time is reserved for maintanance
 hours_server_awake:                           "0..23"
 ## Random delay for systemd timers to avoid peak loads.
 randomized_delay_sec:                         "5min" 
 ## Schedule for Health Checks
 on_calendar_health_btrfs:                     "*-*-* 00:00:00"                        # Check once per day the btrfs for errors
 on_calendar_health_journalctl:                "*-*-* 00:00:00"                        # Check once per day the journalctl for errors
 on_calendar_health_disc_space:                "*-*-* 06,12,18,00:00:00"               # Check four times per day if there is sufficient disc space 
 on_calendar_health_docker_container:          "*-*-* {{ hours_server_awake }}:00:00"  # Check once per hour if the docker containers are healthy
 on_calendar_health_docker_volumes:            "*-*-* {{ hours_server_awake }}:15:00"  # Check once per hour if the docker volumes are healthy
 on_calendar_health_nginx:                     "*-*-* {{ hours_server_awake }}:45:00"  # Check once per hour if all webservices are available
 ## Schedule for Cleanup Tasks
 on_calendar_cleanup_backups:                  "*-*-* 00,06,12,18:30:00"               # Cleanup backups every 6 hours, MUST be called before disc space cleanup
 on_calendar_cleanup_disc_space:               "*-*-* 07,13,19,01:30:00"               # Cleanup disc space every 6 hours
 ## Schedule for Backup Tasks
 on_calendar_backup_docker_to_local:           "*-*-* 03:30:00"
 on_calendar_backup_remote_to_local:           "*-*-* 21:30:00"
 ## Schedule for Maintenance Tasks
 on_calendar_heal_docker:                      "*-*-* {{ hours_server_awake }}:30:00"  # Heal unhealthy docker instances once per hour
 on_calendar_renew_lets_encrypt_certificates:  "*-*-* 12,00:30:00"                     # Renew Mailu certificates twice per day
 on_calendar_deploy_certificates:              "*-*-* 13,01:30:00"                     # Deploy letsencrypt certificates twice per day to docker containers
 on_calendar_msi_keyboard_color:               "*-*-* *:*:00"                          # Change the keyboard color every minute
 on_calendar_cleanup_failed_docker:            "*-*-* 12:00:00"                        # Clean up failed docker backups every noon
 on_calendar_btrfs_auto_balancer:              "Sat *-*-01..07 00:00:00"               # Execute btrfs auto balancer every first Saturday of a month
 on_calendar_restart_docker:                   "Sun *-*-* 08:00:00"                    # Restart docker instances every Sunday at 8:00 AM
 # Storage Space-Related Configurations          
 size_percent_maximum_backup:                  75  # Maximum storage space in percent for backups
 size_percent_cleanup_disc_space:              85  # Threshold for triggering cleanup actions
 size_percent_disc_space_warning:              90  # Warning threshold in percent for free disk space
 # Path Variables for Key Directories and Scripts
 path_administrator_home:                      "/home/administrator/"
 path_administrator_scripts:                   "{{path_administrator_home}}scripts/"
 path_docker_volumes:                          "{{path_administrator_home}}volumes/docker/"
 path_docker_compose_instances:                "{{path_administrator_home}}docker-compose/"
 path_system_lock_script:                      "{{path_administrator_scripts}}system-maintenance-lock.py"
 # Runtime Variables for Process Control
 activate_all_timers:                          false   # Activates all timers, independend if the handlers had been triggered
 nginx_matomo_tracking:                        false   # Activates matomo tracking on all html pages
 # System maintenance Services
 ## Timeouts to wait for other services to stop
 system_maintenance_lock_timeout_cleanup_services:  "15min"
 system_maintenance_lock_timeout_storage_optimizer: "10min"
 system_maintenance_lock_timeout_backup_services:   "1h"
 system_maintenance_lock_timeout_heal_docker:       "30min"
 system_maintenance_lock_timeout_update_docker:     "2min"
 system_maintenance_lock_timeout_restart_docker:    "{{system_maintenance_lock_timeout_update_docker}}"
 ## Services
 ### Defined Services for Backup Tasks
 system_maintenance_backup_services:
  - "backup-docker-to-local"
  - "backup-remote-to-local"
  - "backup-data-to-usb"
  - "backup-docker-to-local-everything"
 ### Defined Services for System Cleanup
 system_maintenance_cleanup_services:
  - "cleanup-backups"
  - "cleanup-disc-space"
  - "cleanup-failed-docker-backups"
 ### Services that Manipulate the System
 system_maintenance_manipulation_services:
  - "heal-docker"
  - "update-docker"
  - "system-storage-optimizer"
  - "restart-docker"
 ## Total System Maintenance Services
 system_maintenance_services: "{{ system_maintenance_backup_services + system_maintenance_cleanup_services + system_maintenance_manipulation_services }}"
 ### Define Variables for Docker Volume Health services
 whitelisted_anonymous_docker_volumes: []
 # Webserver Configuration
 ## Nginx-Specific Path Configurations
 nginx_configuration_directory:  "/etc/nginx/conf.d/"                            # General configuration dir
 nginx_servers_directory:        "{{nginx_configuration_directory}}servers/"     # Contains server blogs
 nginx_maps_directory:           "{{nginx_configuration_directory}}maps/"        # Contains mappins
 nginx_streams_directory:        "{{nginx_configuration_directory}}streams/"     # Contains streams configuration e.g. for ldaps
 nginx_well_known_root:          "/usr/share/nginx/well-known/"                  # Path where well-known files are stored
 nginx_homepage_root:            "/usr/share/nginx/homepage/"                    # Path where the static homepage files are stored
 ## Nginx static repository
 nginx_static_repository_address: NULL #This should contain the url to an git repository which has a static homepage included and an index.html file
 ## Domains
 ### Service Domains
 domain_akaunting:               "accounting.{{primary_domain}}"
 domain_attendize:               "tickets.{{primary_domain}}"
 domain_baserow:                 "baserow.{{primary_domain}}"
 domain_bigbluebutton:           "meet.{{primary_domain}}"
 domain_bluesky_api:             "bluesky.{{primary_domain}}"
 domain_bluesky_web:             "bskyweb.{{primary_domain}}"
 domain_discourse:               "forum.{{primary_domain}}"
 domain_elk:                     "elk.{{primary_domain}}"
 domain_friendica:               "friendica.{{primary_domain}}"
 domain_funkwhale:               "music.{{primary_domain}}"
 domain_gitea:                   "git.{{primary_domain}}"
 domain_gitlab:                  "gitlab.{{primary_domain}}"
 domain_keycloak:                "auth.{{primary_domain}}"
 domain_ldap:                    "ldap.{{primary_domain}}"
 domain_listmonk:                "newsletter.{{primary_domain}}"
 domain_mailu:                   "{{system_email_host}}"
 domain_mastodon:                "microblog.{{primary_domain}}"
 domains_mastodon_alternates:    ["mastodon.{{primary_domain}}"]
 domain_matomo:                  "matomo.{{primary_domain}}"
 domain_matrix_synapse:          "matrix.{{primary_domain}}"
 domain_matrix_element:          "element.{{primary_domain}}"
 domain_moodle:                  "academy.{{primary_domain}}"
 domain_mediawiki:               "wiki.{{primary_domain}}"
 domain_nextcloud:               "cloud.{{primary_domain}}"
 domain_openproject:             "project.{{primary_domain}}"
 domain_peertube:                "video.{{primary_domain}}"
 domains_peertube:               []
 domain_phpmyadmin:              "phpmyadmin.{{primary_domain}}"
 domain_pixelfed:                "picture.{{primary_domain}}"
 domain_portfolio:               "{{primary_domain}}"
 domain_roulette:                "roulette.{{primary_domain}}"
 domain_taiga:                   "kanban.{{primary_domain}}"
 domain_yourls:                  "s.{{primary_domain}}"
 domains_wordpress:              ["wordpress.{{primary_domain}}","blog.{{primary_domain}}"]
 ### Domain Redirects
 redirect_domain_mappings:
 - { source: "akaunting.{{primary_domain}}",   target: "{{domain_akaunting}}" }
 - { source: "bbb.{{primary_domain}}",         target: "{{domain_bigbluebutton}}" }
 - { source: "discourse.{{primary_domain}}",   target: "{{domain_discourse}}" }
 - { source: "funkwhale.{{primary_domain}}",   target: "{{domain_funkwhale}}" }
 - { source: "gitea.{{primary_domain}}",       target: "{{domain_gitea}}" }
 - { source: "keycloak.{{primary_domain}}",    target: "{{domain_keycloak}}" }
 - { source: "listmonk.{{primary_domain}}",    target: "{{domain_listmonk}}" }
 - { source: "moodle.{{primary_domain}}",      target: "{{domain_moodle}}" }
 - { source: "nextcloud.{{primary_domain}}",   target: "{{domain_nextcloud}}" }
 - { source: "openproject.{{primary_domain}}", target: "{{domain_openproject}}" }
 - { source: "peertube.{{primary_domain}}",    target: "{{domain_peertube}}" }
 - { source: "pictures.{{primary_domain}}",    target: "{{domain_pixelfed}}" }
 - { source: "pixelfed.{{primary_domain}}",    target: "{{domain_pixelfed}}" }
 - { source: "short.{{primary_domain}}",       target: "{{domain_yourls}}" }
 - { source: "taiga.{{primary_domain}}",       target: "{{domain_taiga}}" }
 - { source: "videos.{{primary_domain}}",      target: "{{domain_peertube}}" }
 ## Docker Applications
 ### Enable Central MariaDB
 enable_central_database: true
 enable_central_database_mailu: "{{enable_central_database}}"
 ### Enable Storage Optimizer for Docker Volumes
 enable_system_storage_optimizer: true
 ### Docker Role Specific Parameters
 docker_restart_policy:        "unless-stopped"
 #### Akaunting
 akaunting_version:            "latest"
 akaunting_company_name:       "{{primary_domain}}"
 akaunting_company_email:      "{{administrator_email}}"
 akaunting_setup_admin_email:  "{{administrator_email}}"
 #### Attendize 
 attendize_version:                "latest"
 #### Baserow 
 baserow_version:                  "latest"
 #### Big Blue Button
 bigbluebutton_enable_greenlight:  "true"
 #### Bluesky
 bluesky_administrator_email:      "{{administrator_email}}"
 bluesky_pds_version:              "latest"
 #### Friendica
 friendica_version:                "latest"
 #### Funkwhale
 funkwhale_version:                "1.4.0"
 #### Gitea
 gitea_version:                    "latest"
 #### Gitlab
 gitlab_version:                   "latest"
 #### Joomla
 joomla_version:                   "latest"
 #### Keycloak
 keycloak_version:                 "latest"
 keycloak_administrator_username:  "{{administrator_username}}"  # Administrator Username for Keycloak
 ##### Keycloak Client Configuration
 oidc_client_active:               true  # Implement OpenID Connect https://en.wikipedia.org/wiki/OpenID_Connect
 oidc_client_id:                   "{{primary_domain}}"
 oidc_client_realm:                "{{primary_domain}}"   
 oidc_client_issuer_url:           "https://{{domain_keycloak}}/realms/{{oidc_client_realm}}"
 oidc_client_discovery_document:   "{{oidc_client_issuer_url}}/.well-known/openid-configuration"
 oidc_client_authorize_url:        "https://auth.veen.world/realms/veen.world/protocol/openid-connect/auth"
 oidc_client_toke_url:             "https://auth.veen.world/realms/veen.world/protocol/openid-connect/token"
 oidc_client_user_info_url:        "https://auth.veen.world/realms/veen.world/protocol/openid-connect/userinfo"
 oidc_client_logout_url:           "https://auth.veen.world/realms/veen.world/protocol/openid-connect/logout"
 # oidc_client_secret:             "{{oidc_client_secret}}"  # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible
 #### LDAP
 ldap_lam_version:                     "latest"
 ldap_openldap_version:                "latest"
 ldap_phpldapadmin_version:            "2.0.0-dev"                               # @todo Attention: Change this as fast as released to latest
 ldap_webinterface:                    "lam"                                     # The webinterface which should be used. Possible: lam and phpldapadmin
 ldap_administrator_username:          "{{administrator_username}}"
 ldap_administrator_password:          "{{user_administrator_initial_password}}" # CHANGE for security reasons
 ldap_administrator_database_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons
 ldap_lam_administrator_password:      "{{user_administrator_initial_password}}" # CHANGE for security reasons
 #### Listmonk
 listmonk_admin_username:          "{{administrator_username}}"
 listmonk_public_api_activated:    False # Security hole. Can be used for spaming
 listmonk_version:                 "latest"
 #### MariaDB
 mariadb_version:                  "latest"
 #### Matomo
 matomo_version:                   "latest"
 #### Mastodon
 mastodon_version:                 "latest"
 mastodon_single_user_mode:        false
 #### Matrix
 matrix_administrator_username:  "{{administrator_username}}"  # Accountname of the matrix admin
 matrix_playbook_tags:           "setup-all,start"             # For the initial update use: install-all,ensure-matrix-users-created,start
 matrix_role:                    "compose"                     # Role to setup Matrix. Valid values: ansible, compose
 matrix_server_name:             "{{primary_domain}}"          # Adress for the account names etc.
 matrix_synapse_version:         "latest"
 matrix_element_version:         "latest"
 #### Mailu
 mailu_version:                  "2024.06"
 mailu_domain:                   "{{primary_domain}}"
 mailu_subnet:                   "192.168.203.0/24"
 #### Moodle
 moodle_site_name:               "Global Learning Academy on {{primary_domain}}"
 moodle_administrator_name:      "{{administrator_username}}"
 moodle_administrator_email:     "{{administrator_email}}"
 moodle_version:                 "latest"
 #### MyBB
 mybb_version:                   "latest"
 #### Nextcloud
 nextcloud_version:              "production"  # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
 #### OAuth2 Proxy
 oauth2_configuration_file:                    "oauth2-proxy-keycloak.cfg"
 oauth2_proxy_active:                          false                                     # Needs to be set true in the roles which use it
 oauth2_version:                               "latest"
 oauth2_proxy_redirect_url:                    "https://{{domain_keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth"  # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
 # oauth2_proxy_port:                          >= 4180                                   # This ports should be defined in the roles. They are for the local mapping on the host and need to be defined in the playbook for transparancy.
 oauth2_proxy_upstream_application_and_port:   "application:80"                          # The name of the application which the server redirects to. Needs to be defined in role vars.
 oauth2_proxy_allowed_roles:                   admin                                     # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups  
 #oauth2_proxy_cookie_secret:                  "{{oauth2_proxy_cookie_secret}}"          # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16
 #### Peertube
 peertube_version:           "bookworm"
 #### PHPMyAdmin
 phpmyadmin_version:         "latest"
 phpmyadmin_autologin:       false     # This is a high security risk. Just activate this option if you know what you're doing
 #### Pixelfed
 pixelfed_app_name:          "Pictures on {{primary_domain}}"
 pixelfed_version:           "latest"
 #### Postgres
 # Please set an version in your inventory file - Rolling release for postgres isn't recommended
 postgres_database_version:  "latest"
 #### Taiga
 taiga_version:              "latest"
 #### YOURLS
 yourls_administrator_username:  "{{administrator_username}}"
 yourls_version:                 "latest"
--- a/group_vars/all/00_general.yml
+++ b/group_vars/all/00_general.yml
@ -0,0 +1,35 @@
 # General
 pause_duration:         "120"         # Database delay to wait for the central database before continue tasks
 ip4_address:            "127.0.0.1"   # Change thie in inventory to the ip address of your server
 backups_folder_path:    "/Backups/"   # Path to the backups folder
 ## Domain
 primary_domain_tld:     "localhost"                                     # Top Level Domain of the server
 primary_domain_sld:     "cymais"                                        # Second Level Domain of the server
 primary_domain:         "{{primary_domain_sld}}.{{primary_domain_tld}}" # Primary Domain of the server
 # Administrator
 administrator_username: "administrator"                                 # Username of the administrator
 administrator_email:    "{{administrator_username}}@{{primary_domain}}" # Email of the administrator
 #user_administrator_initial_password: EXAMPLE_PASSWORD_123456                         # Example initialisation password needs to be set in inventory file
 # Test Email
 test_email:             "test@{{primary_domain}}"
 # Server Tact Variables 
 ## Ours in which the server is "awake" (100% working). Rest of the time is reserved for maintanance
 hours_server_awake:                           "0..23"
 ## Random delay for systemd timers to avoid peak loads.
 randomized_delay_sec:                         "5min" 
 # Storage Space-Related Configurations          
 size_percent_maximum_backup:                  75  # Maximum storage space in percent for backups
 size_percent_cleanup_disc_space:              85  # Threshold for triggering cleanup actions
 size_percent_disc_space_warning:              90  # Warning threshold in percent for free disk space
 # Runtime Variables for Process Control
 activate_all_timers:                          false   # Activates all timers, independend if the handlers had been triggered
 nginx_matomo_tracking:                        false   # Activates matomo tracking on all html pages
--- a/group_vars/all/01_mode.yml
+++ b/group_vars/all/01_mode.yml
@ -0,0 +1,9 @@
 # Mode
 # The following modes can be combined with each other
 mode_reset:   false # Cleans up all CyMaIS files. It's necessary to run to whole playbook and not particial roles when using this function.
 mode_debug:   false # Prints well formated debug information
 mode_test:    false # Executes test routines instead of productive routines
 mode_update:  true  # Executes updates
 mode_backup:  true  # Activates the backup before the update procedure
 mode_setup:   false # Execute the setup and initializing procedures
--- a/group_vars/all/02_domains.yml
+++ b/group_vars/all/02_domains.yml
@ -0,0 +1,57 @@
 # Domains
 ## Service Domains
 default_domains:
  akaunting:               "accounting.{{primary_domain}}"
  attendize:               "tickets.{{primary_domain}}"
  baserow:                 "baserow.{{primary_domain}}"
  bigbluebutton:           "meet.{{primary_domain}}"
  bluesky_api:             "bluesky.{{primary_domain}}"
  bluesky_web:             "bskyweb.{{primary_domain}}"
  discourse:               "forum.{{primary_domain}}"
  elk:                     "elk.{{primary_domain}}"
  friendica:               "friendica.{{primary_domain}}"
  funkwhale:               "music.{{primary_domain}}"
  gitea:                   "git.{{primary_domain}}"
  gitlab:                  "gitlab.{{primary_domain}}"
  keycloak:                "auth.{{primary_domain}}"
  ldap:                    "ldap.{{primary_domain}}"
  listmonk:                "newsletter.{{primary_domain}}"
  mailu:                   "{{system_email.host}}"
  mastodon:                "microblog.{{primary_domain}}"
  mastodon_alternates:    ["mastodon.{{primary_domain}}"]
  matomo:                  "matomo.{{primary_domain}}"
  matrix_synapse:          "matrix.{{primary_domain}}"
  matrix_element:          "element.{{primary_domain}}"
  moodle:                  "academy.{{primary_domain}}"
  mediawiki:               "wiki.{{primary_domain}}"
  nextcloud:               "cloud.{{primary_domain}}"
  openproject:             "project.{{primary_domain}}"
  peertube:                "video.{{primary_domain}}"
  peertube_alternates:     []
  phpmyadmin:              "phpmyadmin.{{primary_domain}}"
  pixelfed:                "picture.{{primary_domain}}"
  portfolio:               "{{primary_domain}}"
  roulette:                "roulette.{{primary_domain}}"
  taiga:                   "kanban.{{primary_domain}}"
  yourls:                  "s.{{primary_domain}}"
  wordpress:              ["wordpress.{{primary_domain}}","blog.{{primary_domain}}"]
 ## Domain Redirects
 redirect_domain_mappings:
 - { source: "akaunting.{{primary_domain}}",   target: "{{domains.akaunting}}" }
 - { source: "bbb.{{primary_domain}}",         target: "{{domains.bigbluebutton}}" }
 - { source: "discourse.{{primary_domain}}",   target: "{{domains.discourse}}" }
 - { source: "funkwhale.{{primary_domain}}",   target: "{{domains.funkwhale}}" }
 - { source: "gitea.{{primary_domain}}",       target: "{{domains.gitea}}" }
 - { source: "keycloak.{{primary_domain}}",    target: "{{domains.keycloak}}" }
 - { source: "listmonk.{{primary_domain}}",    target: "{{domains.listmonk}}" }
 - { source: "moodle.{{primary_domain}}",      target: "{{domains.moodle}}" }
 - { source: "nextcloud.{{primary_domain}}",   target: "{{domains.nextcloud}}" }
 - { source: "openproject.{{primary_domain}}", target: "{{domains.openproject}}" }
 - { source: "peertube.{{primary_domain}}",    target: "{{domains.peertube}}" }
 - { source: "pictures.{{primary_domain}}",    target: "{{domains.pixelfed}}" }
 - { source: "pixelfed.{{primary_domain}}",    target: "{{domains.pixelfed}}" }
 - { source: "short.{{primary_domain}}",       target: "{{domains.yourls}}" }
 - { source: "taiga.{{primary_domain}}",       target: "{{domains.taiga}}" }
 - { source: "videos.{{primary_domain}}",      target: "{{domains.peertube}}" }
--- a/group_vars/all/03_system_email.yml
+++ b/group_vars/all/03_system_email.yml
@ -0,0 +1,11 @@
 # Email Configuration
 default_system_email:
  local:     no-reply
  domain:    "{{primary_domain}}"
  username:  "{{system_email.local}}@{{system_email.domain}}"
  host:      "mail.{{primary_domain}}"
  smtp_port: 465
  tls:       true
  start_tls: false
  from:      "{{system_email.username}}"
  smtp:      true
--- a/group_vars/all/04_maintenace.yml
+++ b/group_vars/all/04_maintenace.yml
@ -0,0 +1,38 @@
 # System maintenance Services
 ## Timeouts to wait for other services to stop
 system_maintenance_lock_timeout_cleanup_services:  "15min"
 system_maintenance_lock_timeout_storage_optimizer: "10min"
 system_maintenance_lock_timeout_backup_services:   "1h"
 system_maintenance_lock_timeout_heal_docker:       "30min"
 system_maintenance_lock_timeout_update_docker:     "2min"
 system_maintenance_lock_timeout_restart_docker:    "{{system_maintenance_lock_timeout_update_docker}}"
 ## Services
 ### Defined Services for Backup Tasks
 system_maintenance_backup_services:
  - "backup-docker-to-local"
  - "backup-remote-to-local"
  - "backup-data-to-usb"
  - "backup-docker-to-local-everything"
 ### Defined Services for System Cleanup
 system_maintenance_cleanup_services:
  - "cleanup-backups"
  - "cleanup-disc-space"
  - "cleanup-failed-docker-backups"
 ### Services that Manipulate the System
 system_maintenance_manipulation_services:
  - "heal-docker"
  - "update-docker"
  - "system-storage-optimizer"
  - "restart-docker"
 ## Total System Maintenance Services
 system_maintenance_services: "{{ system_maintenance_backup_services + system_maintenance_cleanup_services + system_maintenance_manipulation_services }}"
 ### Define Variables for Docker Volume Health services
 whitelisted_anonymous_docker_volumes: []
--- a/group_vars/all/05_nginx.yml
+++ b/group_vars/all/05_nginx.yml
@ -0,0 +1,12 @@
 # Webserver Configuration
 ## Nginx-Specific Path Configurations
 nginx_configuration_directory:  "/etc/nginx/conf.d/"                            # General configuration dir
 nginx_servers_directory:        "{{nginx_configuration_directory}}servers/"     # Contains server blogs
 nginx_maps_directory:           "{{nginx_configuration_directory}}maps/"        # Contains mappins
 nginx_streams_directory:        "{{nginx_configuration_directory}}streams/"     # Contains streams configuration e.g. for ldaps
 nginx_well_known_root:          "/usr/share/nginx/well-known/"                  # Path where well-known files are stored
 nginx_homepage_root:            "/usr/share/nginx/homepage/"                    # Path where the static homepage files are stored
 ## Nginx static repository
 nginx_static_repository_address: NULL #This should contain the url to an git repository which has a static homepage included and an index.html file
--- a/group_vars/all/06_paths.yml
+++ b/group_vars/all/06_paths.yml
@ -0,0 +1,7 @@
 # Path Variables for Key Directories and Scripts
 path_administrator_home:                      "/home/administrator/"
 path_administrator_scripts:                   "/opt/scripts/"
 #path_docker_volumes:                          "{{path_administrator_home}}volumes/docker/"
 path_docker_compose_instances:                "/opt/docker/"
 path_system_lock_script:                      "/opt/scripts/system-maintenance-lock.py"
--- a/group_vars/all/07_applications.yml
+++ b/group_vars/all/07_applications.yml
@ -0,0 +1,144 @@
 # Docker Applications
 ## Enable Central MariaDB
 enable_central_database: true
 enable_central_database_mailu: "{{enable_central_database}}"
 ## Enable Storage Optimizer for Docker Volumes
 enable_system_storage_optimizer: true
 ## Docker Role Specific Parameters
 docker_restart_policy:        "unless-stopped"
 ## Akaunting
 akaunting_version:            "latest"
 akaunting_company_name:       "{{primary_domain}}"
 akaunting_company_email:      "{{administrator_email}}"
 akaunting_setup_admin_email:  "{{administrator_email}}"
 ## Attendize 
 attendize_version:                "latest"
 ## Baserow 
 baserow_version:                  "latest"
 ## Big Blue Button
 bigbluebutton_enable_greenlight:  "true"
 ## Bluesky
 bluesky_administrator_email:      "{{administrator_email}}"
 bluesky_pds_version:              "latest"
 ## Friendica
 friendica_version:                "latest"
 ## Funkwhale
 funkwhale_version:                "1.4.0"
 ## Gitea
 gitea_version:                    "latest"
 ## Gitlab
 gitlab_version:                   "latest"
 ## Joomla
 joomla_version:                   "latest"
 ## Keycloak
 keycloak_version:                 "latest"
 keycloak_administrator_username:  "{{administrator_username}}"  # Administrator Username for Keycloak
 ### Keycloak Client Configuration
 oidc_client_active:               true  # Implement OpenID Connect https://en.wikipedia.org/wiki/OpenID_Connect
 oidc_client_id:                   "{{primary_domain}}"
 oidc_client_realm:                "{{primary_domain}}"   
 oidc_client_issuer_url:           "https://{{domains.keycloak}}/realms/{{oidc_client_realm}}"
 oidc_client_discovery_document:   "{{oidc_client_issuer_url}}/.well-known/openid-configuration"
 oidc_client_authorize_url:        "{{oidc_client_issuer_url}}/protocol/openid-connect/auth"
 oidc_client_toke_url:             "{{oidc_client_issuer_url}}/protocol/openid-connect/token"
 oidc_client_user_info_url:        "{{oidc_client_issuer_url}}/protocol/openid-connect/userinfo"
 oidc_client_logout_url:           "{{oidc_client_issuer_url}}/protocol/openid-connect/logout"
 # oidc_client_secret:             "{{oidc_client_secret}}"  # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible
 ## LDAP
 ldap_lam_version:                     "latest"
 ldap_openldap_version:                "latest"
 ldap_phpldapadmin_version:            "2.0.0-dev"                               # @todo Attention: Change this as fast as released to latest
 ldap_webinterface:                    "lam"                                     # The webinterface which should be used. Possible: lam and phpldapadmin
 ldap_administrator_username:          "{{administrator_username}}"
 ldap_administrator_password:          "{{user_administrator_initial_password}}" # CHANGE for security reasons
 ldap_administrator_database_password: "{{user_administrator_initial_password}}" # CHANGE for security reasons
 ldap_lam_administrator_password:      "{{user_administrator_initial_password}}" # CHANGE for security reasons
 ldap_expose_to_internet:              false                                     # Set to true if you want to expose the LDAP port to the internet. Keep in mind to 
 ## Listmonk
 listmonk_admin_username:          "{{administrator_username}}"
 listmonk_public_api_activated:    False # Security hole. Can be used for spaming
 listmonk_version:                 "latest"
 ## MariaDB
 mariadb_version:                  "latest"
 ## Matomo
 matomo_version:                   "latest"
 ## Mastodon
 mastodon_version:                 "latest"
 mastodon_single_user_mode:        false
 ## Matrix
 matrix_administrator_username:  "{{administrator_username}}"  # Accountname of the matrix admin
 matrix_playbook_tags:           "setup-all,start"             # For the initial update use: install-all,ensure-matrix-users-created,start
 matrix_role:                    "compose"                     # Role to setup Matrix. Valid values: ansible, compose
 matrix_server_name:             "{{primary_domain}}"          # Adress for the account names etc.
 matrix_synapse_version:         "latest"
 matrix_element_version:         "latest"
 ## Mailu
 mailu_version:                  "2024.06"
 mailu_domain:                   "{{primary_domain}}"
 mailu_subnet:                   "192.168.203.0/24"
 ## Moodle
 moodle_site_name:               "Global Learning Academy on {{primary_domain}}"
 moodle_administrator_name:      "{{administrator_username}}"
 moodle_administrator_email:     "{{administrator_email}}"
 moodle_version:                 "latest"
 ## MyBB
 mybb_version:                   "latest"
 ## Nextcloud
 nextcloud_version:              "production"  # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
 ## OAuth2 Proxy
 oauth2_configuration_file:                    "oauth2-proxy-keycloak.cfg"
 oauth2_proxy_active:                          false                                     # Needs to be set true in the roles which use it
 oauth2_version:                               "latest"
 oauth2_proxy_redirect_url:                    "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth"  # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
 # oauth2_proxy_port:                          >= 4180                                   # This ports should be defined in the roles. They are for the local mapping on the host and need to be defined in the playbook for transparancy.
 oauth2_proxy_upstream_application_and_port:   "application:80"                          # The name of the application which the server redirects to. Needs to be defined in role vars.
 oauth2_proxy_allowed_roles:                   admin                                     # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups  
 #oauth2_proxy_cookie_secret:                  "{{oauth2_proxy_cookie_secret}}"          # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16
 ## Peertube
 peertube_version:           "bookworm"
 ## PHPMyAdmin
 phpmyadmin_version:         "latest"
 phpmyadmin_autologin:       false     # This is a high security risk. Just activate this option if you know what you're doing
 ## Pixelfed
 pixelfed_app_name:          "Pictures on {{primary_domain}}"
 pixelfed_version:           "latest"
 ## Postgres
 # Please set an version in your inventory file - Rolling release for postgres isn't recommended
 postgres_database_version:  "latest"
 ## Taiga
 taiga_version:              "latest"
 ## YOURLS
 yourls_administrator_username:  "{{administrator_username}}"
 yourls_version:                 "latest"
--- a/group_vars/all/08_on_calendar.yml
+++ b/group_vars/all/08_on_calendar.yml
@ -0,0 +1,25 @@
 ## Schedule for Health Checks
 on_calendar_health_btrfs:                     "*-*-* 00:00:00"                        # Check once per day the btrfs for errors
 on_calendar_health_journalctl:                "*-*-* 00:00:00"                        # Check once per day the journalctl for errors
 on_calendar_health_disc_space:                "*-*-* 06,12,18,00:00:00"               # Check four times per day if there is sufficient disc space 
 on_calendar_health_docker_container:          "*-*-* {{ hours_server_awake }}:00:00"  # Check once per hour if the docker containers are healthy
 on_calendar_health_docker_volumes:            "*-*-* {{ hours_server_awake }}:15:00"  # Check once per hour if the docker volumes are healthy
 on_calendar_health_nginx:                     "*-*-* {{ hours_server_awake }}:45:00"  # Check once per hour if all webservices are available
 ## Schedule for Cleanup Tasks
 on_calendar_cleanup_backups:                  "*-*-* 00,06,12,18:30:00"               # Cleanup backups every 6 hours, MUST be called before disc space cleanup
 on_calendar_cleanup_disc_space:               "*-*-* 07,13,19,01:30:00"               # Cleanup disc space every 6 hours
 ## Schedule for Backup Tasks
 on_calendar_backup_docker_to_local:           "*-*-* 03:30:00"
 on_calendar_backup_remote_to_local:           "*-*-* 21:30:00"
 ## Schedule for Maintenance Tasks
 on_calendar_heal_docker:                      "*-*-* {{ hours_server_awake }}:30:00"  # Heal unhealthy docker instances once per hour
 on_calendar_renew_lets_encrypt_certificates:  "*-*-* 12,00:30:00"                     # Renew Mailu certificates twice per day
 on_calendar_deploy_certificates:              "*-*-* 13,01:30:00"                     # Deploy letsencrypt certificates twice per day to docker containers
 on_calendar_msi_keyboard_color:               "*-*-* *:*:00"                          # Change the keyboard color every minute
 on_calendar_cleanup_failed_docker:            "*-*-* 12:00:00"                        # Clean up failed docker backups every noon
 on_calendar_btrfs_auto_balancer:              "Sat *-*-01..07 00:00:00"               # Execute btrfs auto balancer every first Saturday of a month
 on_calendar_restart_docker:                   "Sun *-*-* 08:00:00"                    # Restart docker instances every Sunday at 8:00 AM
--- a/playbook.constructor.yml
+++ b/playbook.constructor.yml
@ -1,4 +1,13 @@
 ---
 - name: Merge variables
  hosts: all
  tasks:
  - name: Merge domain definitions
    set_fact:
      domains: "{{ default_domains | combine(domains | default({}, true)) }}"
  - name: Merge system_email definitions
    set_fact:
      system_email: "{{ default_system_email | combine(system_email | default({}, true)) }}"
 - name: update device
  hosts:  all
--- a/playbook.servers.yml
+++ b/playbook.servers.yml
@ -21,7 +21,7 @@
  roles:
   -  role: docker-nextcloud
      vars:
-        domain: "{{domain_nextcloud}}"
+        domain: "{{domains.nextcloud}}"
        http_port: 8001
 - name: setup gitea hosts
@ -30,7 +30,7 @@
  roles:
   -  role: docker-gitea
      vars:
-        domain: "{{domain_gitea}}"
+        domain: "{{domains.gitea}}"
        http_port: 8002
        ssh_port:  2201
        run_mode: prod
@ -50,7 +50,7 @@
  roles:
   -  role: docker-mediawiki
      vars:
-        domain: "{{domain_mediawiki}}"
+        domain: "{{domains.mediawiki}}"
        http_port: 8004
 - name: setup mybb hosts
@ -68,7 +68,7 @@
  roles:
   -  role: docker-yourls
      vars:
-        domain: "{{domain_yourls}}"
+        domain: "{{domains.yourls}}"
        http_port: 8006
 - name: setup mailu hosts
@ -77,7 +77,7 @@
  roles:
   -  role: docker-mailu
      vars:
-        domain: "{{domain_mailu}}"
+        domain: "{{domains.mailu}}"
        http_port: 8007
        enable_central_database: "{{enable_central_database_mailu}}"
@ -87,7 +87,7 @@
  roles:
   -  role: docker-elk
      vars:
-        domain: "{{domain_elk}}"
+        domain: "{{domains.elk}}"
        http_port: 8008
 - name: setup mastodon hosts
@ -96,7 +96,7 @@
  roles:
   -  role: docker-mastodon
      vars:
-        domain:       "{{domain_mastodon}}"
+        domain:       "{{domains.mastodon}}"
        domains:      "{{ [domain] + domains_mastodon_alternates }}"
        http_port:    8009
        stream_port:  4001
@ -107,7 +107,7 @@
  roles:
   -  role: docker-pixelfed
      vars:
-        domain: "{{domain_pixelfed}}"
+        domain: "{{domains.pixelfed}}"
        http_port: 8010
 - name: setup peertube hosts
@ -116,8 +116,8 @@
  roles:
   -  role: docker-peertube
      vars:
-        domain: "{{domain_peertube}}"
+        domain: "{{domains.peertube}}"
-        domains: "{{ [domain] + domains_peertube }}"
+        domains: "{{ [domain] + peertube_alternates }}"
        http_port: 8011
 - name: setup bigbluebutton hosts
@ -126,7 +126,7 @@
  roles:
   -  role: docker-bigbluebutton
      vars:
-        domain: "{{domain_bigbluebutton}}"
+        domain: "{{domains.bigbluebutton}}"
 - name: setup funkwhale hosts
  hosts: funkwhale
@ -134,7 +134,7 @@
  roles:
   -  role: docker-funkwhale
      vars:
-        domain: "{{domain_funkwhale}}"
+        domain: "{{domains.funkwhale}}"
        http_port: 8012
 - name: setup roulette-wheel hosts
@ -143,7 +143,7 @@
  roles:
   -  role: docker-roulette-wheel
      vars:
-        domain: "{{domain_roulette}}"
+        domain: "{{domains.roulette}}"
        http_port: 8013
 - name: setup joomla hosts
@ -161,7 +161,7 @@
  roles:
   -  role: docker-attendize
      vars:
-        domain: "{{domain_attendize}}"
+        domain: "{{domains.attendize}}"
        http_port: 8015
        mail_interface_http_port: 8016
@ -171,7 +171,7 @@
  roles:
   -  role: docker-baserow
      vars:
-        domain: "{{domain_baserow}}"
+        domain: "{{domains.baserow}}"
        http_port: 8017
 - name: setup matomo hosts
@ -180,7 +180,7 @@
  roles:
   -  role: docker-matomo
      vars:
-        domain: "{{domain_matomo}}"
+        domain: "{{domains.matomo}}"
        http_port: 8018
 - name: setup listmonk
@ -189,7 +189,7 @@
  roles:
   -  role: docker-listmonk
      vars:
-        domain:     "{{domain_listmonk}}"
+        domain:     "{{domains.listmonk}}"
        http_port:  8019
 - name: setup discourse
@ -198,7 +198,7 @@
  roles:
   -  role: docker-discourse
      vars:
-        domain:   "{{domain_discourse}}"
+        domain:   "{{domains.discourse}}"
        http_port: 8020
 - name: setup matrix
@ -209,16 +209,16 @@
      when: matrix_role == 'ansible'
      vars:
        domains:
-          - "{{domain_matrix_element}}"
+          - "{{domains.matrix_element}}"
-          - "{{domain_matrix_synapse}}"
+          - "{{domains.matrix_synapse}}"
-        element_domain:   "{{domain_matrix_element}}"
+        element_domain:   "{{domains.matrix_element}}"
-        synapse_domain:   "{{domain_matrix_synapse}}"
+        synapse_domain:   "{{domains.matrix_synapse}}"
        http_port: 8021
   -  role: docker-matrix-compose
      when: matrix_role == 'compose'
      vars:
-        element_domain:   "{{domain_matrix_element}}"
+        element_domain:   "{{domains.matrix_element}}"
-        synapse_domain:   "{{domain_matrix_synapse}}"
+        synapse_domain:   "{{domains.matrix_synapse}}"
        synapse_http_port: 8021
        element_http_port: 8022
@ -228,7 +228,7 @@
  roles:
   -  role: docker-openproject
      vars:
-        domain:             "{{domain_openproject}}"
+        domain:             "{{domains.openproject}}"
        http_port:          8023
        oauth2_proxy_port:  4180
@ -238,7 +238,7 @@
  roles:
   -  role: docker-gitlab
      vars:
-        domain: "{{domain_gitlab}}"
+        domain: "{{domains.gitlab}}"
        http_port: 8024
        ssh_port:  2202
@ -248,7 +248,7 @@
  roles:
   -  role: docker-akaunting
      vars:
-        domain:     "{{domain_akaunting}}"
+        domain:     "{{domains.akaunting}}"
        http_port:  8025
 - name: setup moodle instance
@ -257,7 +257,7 @@
  roles:
   -  role: docker-moodle
      vars:
-        domain:     "{{domain_moodle}}"
+        domain:     "{{domains.moodle}}"
        http_port:  8026
 - name: setup taiga instance
@ -266,7 +266,7 @@
  roles:
   -  role: docker-taiga
      vars:
-        domain:     "{{domain_taiga}}"
+        domain:     "{{domains.taiga}}"
        http_port:  8027
 - name: setup friendica hosts
@ -275,7 +275,7 @@
  roles:
   -  role: docker-friendica
      vars:
-        domain: "{{domain_friendica}}"
+        domain: "{{domains.friendica}}"
        http_port: 8028
 - name: setup portfolio
@ -284,7 +284,7 @@
  roles:
   -  role: docker-portfolio
      vars:
-        domain: "{{domain_portfolio}}"
+        domain: "{{domains.portfolio}}"
        http_port: 8029
 - name: setup bluesky
@ -293,8 +293,8 @@
  roles:
   -  role: docker-bluesky
      vars:
-        domain_api:   "{{domain_bluesky_api}}"
+        domain_api:   "{{domains.bluesky_api}}"
-        domain_web:   "{{domain_bluesky_web}}"
+        domain_web:   "{{domains.bluesky_web}}"
        http_port_api: 8030
        http_port_web: 8031
@ -304,7 +304,7 @@
  roles:
   -  role: docker-keycloak
      vars:
-        domain: "{{domain_keycloak}}"
+        domain: "{{domains.keycloak}}"
        http_port: 8032
 - name: setup ldap
@ -313,7 +313,7 @@
  roles:
   -  role: docker-ldap
      vars:
-        domain: "{{domain_ldap}}"
+        domain: "{{domains.ldap}}"
        http_port:          8033
        oauth2_proxy_port:  4182
@ -323,7 +323,7 @@
  roles:
   -  role: docker-phpmyadmin
      vars:
-        domain: "{{domain_phpmyadmin}}"
+        domain: "{{domains.phpmyadmin}}"
        http_port:          8034
        oauth2_proxy_port:  4181
--- a/roles/docker-baserow/templates/env.j2
+++ b/roles/docker-baserow/templates/env.j2
@ -2,12 +2,12 @@
 BASEROW_PUBLIC_URL=https://{{ domain }}
 # Email Server Configuration
-EMAIL_SMTP={{ system_email_smtp | upper }}
+EMAIL_SMTP={{ system_email.smtp | upper }}
-EMAIL_SMTP_HOST={{ system_email_host }}
+EMAIL_SMTP_HOST={{ system_email.host }}
-EMAIL_SMTP_PORT={{ system_email_smtp_port }}
+EMAIL_SMTP_PORT={{ system_email.smtp_port }}
-EMAIL_SMTP_USER={{system_email_username}}
+EMAIL_SMTP_USER={{system_email.username}}
-EMAIL_SMTP_PASSWORD={{ system_email_password }}
+EMAIL_SMTP_PASSWORD={{ system_email.password }}
-EMAIL_SMTP_USE_TLS={{ system_email_tls | upper }}
+EMAIL_SMTP_USE_TLS={{ system_email.tls | upper }}
 DATABASE_USER={{ database_username }}
 DATABASE_NAME={{ database_name }}
--- a/roles/docker-bigbluebutton/tasks/main.yml
+++ b/roles/docker-bigbluebutton/tasks/main.yml
@ -1,6 +1,7 @@
 ---
- name: "include docker/compose/common.yml"
+- name: "include docker-compose role"
-  include_tasks: docker/compose/common.yml
+  include_role: 
    name: docker-compose
 - name: "include task certbot-matomo.yml"
  include_tasks: certbot-matomo.yml
--- a/roles/docker-bigbluebutton/templates/env.j2
+++ b/roles/docker-bigbluebutton/templates/env.j2
@ -201,19 +201,19 @@ ALLOW_GREENLIGHT_ACCOUNTS=true
 # Emails are required for the basic features of Greenlight to function.
 # Please refer to your SMTP provider to get the values for the variables below
-SMTP_SERVER={{system_email_host}}
+SMTP_SERVER={{system_email.host}}
 SMTP_DOMAIN={{domain}}
-SMTP_PORT={{system_email_smtp_port}}
+SMTP_PORT={{system_email.smtp_port}}
-SMTP_USERNAME={{system_email_username}}
+SMTP_USERNAME={{system_email.username}}
-SMTP_PASSWORD={{system_email_password}}
+SMTP_PASSWORD={{system_email.password}}
 SMTP_AUTH=plain
 SMTP_OPENSSL_VERIFY_MODE=none
-SMTP_STARTTLS_AUTO={{system_email_start_tls | lower}}
+SMTP_STARTTLS_AUTO={{system_email.start_tls | lower}}
-SMTP_STARTTLS={{system_email_start_tls | lower}}
+SMTP_STARTTLS={{system_email.start_tls | lower}}
-SMTP_TLS={{system_email_tls | lower}}
+SMTP_TLS={{system_email.tls | lower}}
 SMTP_SSL_VERIFY=true
-SMTP_SENDER={{system_email_from}}
+SMTP_SENDER={{system_email.from}}
-SMTP_SENDER_EMAIL={{system_email_from}}
+SMTP_SENDER_EMAIL={{system_email.from}}
 # Prefix for the applications root URL.
 # Useful for deploying the application to a subdirectory, which is highly recommended
--- a/roles/docker-bluesky/tasks/main.yml
+++ b/roles/docker-bluesky/tasks/main.yml
@ -1,6 +1,7 @@
 ---
- name: "include docker/compose/common.yml"
+- name: "include docker-compose role"
-  include_tasks: docker/compose/common.yml
+  include_role: 
    name: docker-compose
 - name: "Include tasks for API domain"
  include_tasks: nginx-docker-proxy-domain.yml
--- a/roles/docker-bluesky/templates/docker-compose.yml.j2
+++ b/roles/docker-bluesky/templates/docker-compose.yml.j2
@ -7,7 +7,7 @@ services:
        - {{pdsadmin_file_path}}:/usr/local/bin/pdsadmin:ro
    environment:
      # Geben Sie hier Ihre Domain und Konfigurationsdetails an
-      PDS_HOSTNAME: "{{domain_api}}"
+      PDS_HOSTNAME: "{{domains.api}}"
      PDS_ADMIN_EMAIL: "{{bluesky_administrator_email}}"
      PDS_SERVICE_DID: "did:web:{{domain_api}}"
      # See https://mattdyson.org/blog/2024/11/self-hosting-bluesky-pds/
@ -16,8 +16,8 @@ services:
      PDS_ADMIN_PASSWORD: "{{bluesky_pds_admin_password}}"
      PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: "{{bluesky_pds_plc_rotation_key_k256_private_key_hex}}"
      PDS_CRAWLERS: https://bsky.network
-      PDS_EMAIL_SMTP_URL: smtps://{{system_email_username}}:{{system_email_password}}@{{system_email_host}}:{{system_email_smtp_port}}/
+      PDS_EMAIL_SMTP_URL: smtps://{{system_email.username}}:{{system_email.password}}@{{system_email.host}}:{{system_email.smtp_port}}/
-      PDS_EMAIL_FROM_ADDRESS: {{system_email_from}}
+      PDS_EMAIL_FROM_ADDRESS: {{system_email.from}}
      LOG_ENABLED: true
      PDS_BLOBSTORE_DISK_LOCATION: /opt/pds/blocks
      # -- DEFAULT VALUES ---
--- a/roles/docker-compose/defaults/main.yml
+++ b/roles/docker-compose/defaults/main.yml
--- a/roles/docker-compose/tasks/main.yml
+++ b/roles/docker-compose/tasks/main.yml
@ -1,6 +1,3 @@
 - name: include docker vars
  include_vars: vars/docker-common.yml.j2
 - name: load docker compose dependencies
  include_role:
    name: docker-compose
@ -15,4 +12,13 @@
  file:
    path: "{{docker_compose_instance_directory}}"
    state: directory
-    mode: 0755
+    mode: 0755
 - name: flush docker service
  meta: flush_handlers
  when: run_once_docker_compose is not defined
 - name: run the docker tasks once
  set_fact:
    run_once_docker_compose: true
  when: run_once_docker_compose is not defined
--- a/roles/docker-discourse/templates/discourse_application.yml.j2
+++ b/roles/docker-discourse/templates/discourse_application.yml.j2
@ -52,13 +52,13 @@ env:
  # SMTP ADDRESS, username, and password are required
  # WARNING the char '#' in SMTP password can cause problems!
-  DISCOURSE_SMTP_ADDRESS:           {{ system_email_host }}
+  DISCOURSE_SMTP_ADDRESS:           {{ system_email.host }}
-  DISCOURSE_SMTP_PORT:              {{ system_email_smtp_port }}
+  DISCOURSE_SMTP_PORT:              {{ system_email.smtp_port }}
-  DISCOURSE_SMTP_USER_NAME:         {{system_email_username}}
+  DISCOURSE_SMTP_USER_NAME:         {{system_email.username}}
-  DISCOURSE_SMTP_PASSWORD:          {{ system_email_password }}
+  DISCOURSE_SMTP_PASSWORD:          {{ system_email.password }}
-  DISCOURSE_SMTP_ENABLE_START_TLS:  {{ system_email_start_tls | upper }}
+  DISCOURSE_SMTP_ENABLE_START_TLS:  {{ system_email.start_tls | upper }}
-  DISCOURSE_SMTP_DOMAIN:            {{ system_email_domain }}
+  DISCOURSE_SMTP_DOMAIN:            {{ system_email.domain }}
-  DISCOURSE_NOTIFICATION_EMAIL:     {{system_email_from}}
+  DISCOURSE_NOTIFICATION_EMAIL:     {{system_email.from}}
  # Database Configuration
  DISCOURSE_DB_USERNAME: {{ database_username }}
--- a/roles/docker-friendica/templates/docker-compose.yml.j2
+++ b/roles/docker-friendica/templates/docker-compose.yml.j2
@ -43,14 +43,14 @@ services:
      MYSQL_PASSWORD: {{database_password}}
      # Email Configuration
-      SMTP:           {{system_email_host}}
+      SMTP:           {{system_email.host}}
-      SMTP_DOMAIN:    {{system_email_domain}}
+      SMTP_DOMAIN:    {{system_email.domain}}
-      SMTP_PORT:      {{system_email_smtp_port}}
+      SMTP_PORT:      {{system_email.smtp_port}}
-      SMTP_AUTH_USER: {{system_email_username}}
+      SMTP_AUTH_USER: {{system_email.username}}
-      SMTP_AUTH_PASS: {{system_email_password}}
+      SMTP_AUTH_PASS: {{system_email.password}}
-      SMTP_TLS:       {{ 'on' if system_email_tls else 'off' }}
+      SMTP_TLS:       {{ 'on' if system_email.tls else 'off' }}
-      SMTP_STARTTLS:  {{ 'on' if system_email_start_tls else 'off' }}
+      SMTP_STARTTLS:  {{ 'on' if system_email.start_tls else 'off' }}
-      SMTP_FROM:      {{system_email_local}}
+      SMTP_FROM:      {{system_email.local}}
      # Administrator Credentials
      FRIENDICA_ADMIN_MAIL: {{administrator_email}}
--- a/roles/docker-funkwhale/templates/env.j2
+++ b/roles/docker-funkwhale/templates/env.j2
@ -53,14 +53,14 @@ LOGLEVEL=error
 # (returns `noreply%40youremail.host`)
 # EMAIL_CONFIG=smtp://user:password@youremail.host:25
 # EMAIL_CONFIG=smtp+ssl://user:password@youremail.host:465
-EMAIL_CONFIG=smtp+tls://{{system_email_local}}:{{system_email_password}}@{{system_email_host}}:{{system_email_smtp_port}}
+EMAIL_CONFIG=smtp+tls://{{system_email.local}}:{{system_email.password}}@{{system_email.host}}:{{system_email.smtp_port}}
 # Make e-mail verification mandatory before using the service
 # Doesn't apply to admins.
 # ACCOUNT_EMAIL_VERIFICATION_ENFORCE=false
 # The e-mail address to use to send system e-mails.
-DEFAULT_FROM_EMAIL={{system_email_from}}
+DEFAULT_FROM_EMAIL={{system_email.from}}
 # Depending on the reverse proxy used in front of your funkwhale instance,
 # the API will use different kind of headers to serve audio files
--- a/roles/docker-ldap/tasks/main.yml
+++ b/roles/docker-ldap/tasks/main.yml
@ -1,15 +1,23 @@
 ---
- name: "include docker/compose/common.yml"
+- name: "include docker-compose role"
-  include_tasks: docker/compose/common.yml
+  include_role: 
    name: docker-compose
 - name: "include tasks nginx-docker-proxy-domain.yml"
  include_tasks: nginx-docker-proxy-domain.yml
- name: create {{domain}}.conf
+- name: Create {{domain}}.conf if LDAP is exposed to internet
  template: 
    src:  "nginx.stream.conf.j2" 
    dest: "{{nginx_streams_directory}}{{domain}}.conf"
  notify: restart nginx
  when: ldap_expose_to_internet | bool
 - name: Remove {{domain}}.conf if LDAP is not exposed to internet
  file:
    path: "{{ nginx_streams_directory }}{{ domain }}.conf"
    state: absent
  when: not ldap_expose_to_internet | bool
 - name: "create {{docker_compose_instance_directory}}"
  file:
--- a/roles/docker-ldap/templates/docker-compose.yml.j2
+++ b/roles/docker-ldap/templates/docker-compose.yml.j2
@ -79,6 +79,7 @@ services:
      retries: 3
      start_period: 20s
 {% include 'templates/docker/container/networks.yml.j2' %}
  central_ldap:
 {% include 'templates/docker/compose/volumes.yml.j2' %}
  data:
--- a/roles/docker-mastodon/templates/.env.production.j2
+++ b/roles/docker-mastodon/templates/.env.production.j2
@ -16,14 +16,14 @@ REDIS_HOST=redis
 REDIS_PORT=6379
 REDIS_PASSWORD=
-SMTP_SERVER={{system_email_host}}
+SMTP_SERVER={{system_email.host}}
-SMTP_PORT={{system_email_smtp_port}}
+SMTP_PORT={{system_email.smtp_port}}
-SMTP_LOGIN={{system_email_username}}
+SMTP_LOGIN={{system_email.username}}
-SMTP_PASSWORD={{system_email_password}}
+SMTP_PASSWORD={{system_email.password}}
 SMTP_AUTH_METHOD=plain
 SMTP_OPENSSL_VERIFY_MODE=none
 SMTP_ENABLE_STARTTLS=auto
-SMTP_FROM_ADDRESS=Mastodon <{{system_email_from}}>
+SMTP_FROM_ADDRESS=Mastodon <{{system_email.from}}>
 ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY= {{mastodon_active_record_encryption_deterministic_key}}
 ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT={{mastodon_active_record_encryption_key_derivation_salt}}
--- a/roles/docker-matrix-compose/templates/element.config.json.j2
+++ b/roles/docker-matrix-compose/templates/element.config.json.j2
@ -1,8 +1,8 @@
 {
    "default_server_config": {
        "m.homeserver": {
-            "base_url": "https://{{domain_matrix_synapse}}",
+            "base_url": "https://{{domains.matrix_synapse}}",
-            "server_name": "{{domain_matrix_synapse}}"
+            "server_name": "{{domains.matrix_synapse}}"
        },
        "m.identity_server": {
            "base_url": "https://{{primary_domain}}"
--- a/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2
+++ b/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2
@ -17,13 +17,13 @@ database:
    host: "{{database_host}}"
    cp_min: 5
    cp_max: 10
-log_config:                     "/data/{{domain_matrix_synapse}}.log.config"
+log_config:                     "/data/{{domains.matrix_synapse}}.log.config"
 media_store_path:               "/data/media_store"
 registration_shared_secret:     "{{matrix_registration_shared_secret}}"
 report_stats:                   true
 macaroon_secret_key:            "{{matrix_macaroon_secret_key}}"
 form_secret:                    "{{matrix_form_secret}}"
-signing_key_path:               "/data/{{domain_matrix_synapse}}.signing.key"
+signing_key_path:               "/data/{{domains.matrix_synapse}}.signing.key"
 web_client_location:            "https://{{element_domain}}"
 public_baseurl:                 "https://{{synapse_domain}}"
 trusted_key_servers:
@ -31,18 +31,18 @@ trusted_key_servers:
 admin_contact: 'mailto:{{administrator_email}}'
 email:
-  smtp_host:                    "{{system_email_host}}"
+  smtp_host:                    "{{system_email.host}}"
-  smtp_port:                    "{{system_email_smtp_port}}"
+  smtp_port:                    "{{system_email.smtp_port}}"
-  smtp_user:                    "{{system_email_from}}"
+  smtp_user:                    "{{system_email.from}}"
-  smtp_pass:                    "{{system_email_password}}"
+  smtp_pass:                    "{{system_email.password}}"
  #force_tls:                    true
  #require_transport_security:   true
-  enable_tls:                   "{{ system_email_tls | upper }}"
+  enable_tls:                   "{{ system_email.tls | upper }}"
-  notif_from:                   "Your Friendly %(app)s homeserver <{{system_email_from}}>"
+  notif_from:                   "Your Friendly %(app)s homeserver <{{system_email.from}}>"
  app_name:                     "Matrix on {{synapse_domain}}"
  enable_notifs:                true
  notif_for_new_users:          false
-  client_base_url:              "{{domain_matrix_synapse}}"
+  client_base_url:              "{{domains.matrix_synapse}}"
  validation_token_lifetime:    15m
 app_service_config_files:
--- a/roles/docker-nextcloud/tasks/main.yml
+++ b/roles/docker-nextcloud/tasks/main.yml
@ -11,10 +11,10 @@
    dest: "{{nginx_servers_directory}}{{domain}}.conf"
  notify: restart nginx
- name: configure nginx.conf
+- name: create nginx.conf
  template: 
    src:  "templates/nginx.conf.j2" 
-    dest: "{{path_docker_volumes}}nextcloud/nginx.conf"
+    dest: "{{docker_compose_instance_directory}}nginx.conf"
  notify: docker compose project setup
 - name: add docker-compose.yml
--- a/roles/docker-nextcloud/tasks/oidc_tasks.yml
+++ b/roles/docker-nextcloud/tasks/oidc_tasks.yml
@ -20,7 +20,7 @@
  command: >
    docker-compose exec -u www-data application /var/www/html/occ
    config:app:set sociallogin custom_providers
-    --value='{"custom_oidc":[{"name":"{{domain_keycloak}}","title":"keycloak","authorizeUrl":"{{oidc_client_authorize_url}}","tokenUrl":"{{oidc_client_toke_url}}","displayNameClaim":"","userInfoUrl":"{{oidc_client_user_info_url}}","logoutUrl":"{{oidc_client_logout_url}}","clientId":"{{oidc_client_id}}","clientSecret":"{{oidc_client_secret}}","scope":"openid","groupsClaim":"","style":"","defaultGroup":""}]}'
+    --value='{"custom_oidc":[{"name":"{{domains.keycloak}}","title":"keycloak","authorizeUrl":"{{oidc_client_authorize_url}}","tokenUrl":"{{oidc_client_toke_url}}","displayNameClaim":"","userInfoUrl":"{{oidc_client_user_info_url}}","logoutUrl":"{{oidc_client_logout_url}}","clientId":"{{oidc_client_id}}","clientSecret":"{{oidc_client_secret}}","scope":"openid","groupsClaim":"","style":"","defaultGroup":""}]}'
  # This configuration defines custom OpenID Connect (OIDC) providers for authentication.
  # In this case, it sets up a Keycloak provider with details like URLs for authorization,
  # token retrieval, user info, and logout, as well as the client ID and secret.
--- a/roles/docker-nextcloud/templates/docker-compose.yml.j2
+++ b/roles/docker-nextcloud/templates/docker-compose.yml.j2
@ -25,15 +25,15 @@ services:
      PHP_MEMORY_LIMIT: 1G # Required for plugin duplicate finder
      # Email Configuration
-      SMTP_HOST: {{system_email_host}}
+      SMTP_HOST: {{system_email.host}}
-      SMTP_SECURE: {{ 'ssl' if system_email_tls else '' }}
+      SMTP_SECURE: {{ 'ssl' if system_email.tls else '' }}
-      SMTP_PORT: {{system_email_smtp_port}}
+      SMTP_PORT: {{system_email.smtp_port}}
-      SMTP_NAME: {{system_email_username}}
+      SMTP_NAME: {{system_email.username}}
-      SMTP_PASSWORD: {{system_email_password}}
+      SMTP_PASSWORD: {{system_email.password}}
      # Email from configuration
      MAIL_FROM_ADDRESS: no-reply
-      MAIL_DOMAIN: {{system_email_domain}}
+      MAIL_DOMAIN: {{system_email.domain}}
 {% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
 {% include 'templates/docker/container/networks.yml.j2' %}
@ -47,7 +47,7 @@ services:
    ports:
      - "127.0.0.1:{{http_port}}:80"
    volumes:
-        - "{{path_docker_volumes}}nextcloud/nginx.conf:/etc/nginx/nginx.conf:ro"
+        - "{{docker_compose_instance_directory}}/nginx.conf:/etc/nginx/nginx.conf:ro"
    volumes_from:
      - application
    healthcheck:
--- a/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
+++ b/roles/docker-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
@ -3,7 +3,7 @@ cookie_secret           =   "{{oauth2_proxy_cookie_secret}}"
 email_domains           =   "{{primary_domain}}"
 cookie_secure           =   "false"
 upstreams               =   "http://{{oauth2_proxy_upstream_application_and_port}}"
-cookie_domains          =   ["{{domain}}", "{{domain_keycloak}}"]                   # Required so cookie can be read on all subdomains.
+cookie_domains          =   ["{{domain}}", "{{domains.keycloak}}"]                   # Required so cookie can be read on all subdomains.
 whitelist_domains       =   [".{{primary_domain}}"]                                 # Required to allow redirection back to original requested target.
 # keycloak provider
--- a/roles/docker-openproject/templates/docker-compose.yml.j2
+++ b/roles/docker-openproject/templates/docker-compose.yml.j2
@ -114,7 +114,7 @@ services:
    container_name: openproject-seeder
    restart: on-failure
 {% include 'templates/docker/container/networks.yml.j2' %}
-
+  central_ldap:
 {% include 'templates/docker/compose/networks.yml.j2' %}
 {% include 'templates/docker/compose/volumes.yml.j2' %}
--- a/roles/docker-peertube/templates/env.j2
+++ b/roles/docker-peertube/templates/env.j2
@ -14,11 +14,11 @@ PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback"]
 PEERTUBE_SECRET={{peertube_secret}}
 # E-mail configuration
-PEERTUBE_SMTP_USERNAME={{system_email_username}}
+PEERTUBE_SMTP_USERNAME={{system_email.username}}
-PEERTUBE_SMTP_PASSWORD={{system_email_password}}
+PEERTUBE_SMTP_PASSWORD={{system_email.password}}
-PEERTUBE_SMTP_HOSTNAME={{system_email_host}}
+PEERTUBE_SMTP_HOSTNAME={{system_email.host}}
-PEERTUBE_SMTP_PORT={{system_email_smtp_port}}
+PEERTUBE_SMTP_PORT={{system_email.smtp_port}}
-PEERTUBE_SMTP_FROM={{system_email_from}}
+PEERTUBE_SMTP_FROM={{system_email.from}}
-PEERTUBE_SMTP_TLS={{ system_email_tls | lower }}
+PEERTUBE_SMTP_TLS={{ system_email.tls | lower }}
-PEERTUBE_SMTP_DISABLE_STARTTLS={{ 'false' if system_email_start_tls else 'true' }}
+PEERTUBE_SMTP_DISABLE_STARTTLS={{ 'false' if system_email.start_tls else 'true' }}
-PEERTUBE_ADMIN_EMAIL={{system_email_from}}
+PEERTUBE_ADMIN_EMAIL={{system_email.from}}
--- a/roles/docker-phpmyadmin/tasks/main.yml
+++ b/roles/docker-phpmyadmin/tasks/main.yml
@ -1,6 +1,7 @@
 ---
- name: "include docker/compose/common.yml"
+- name: "include docker-compose role"
-  include_tasks: docker/compose/common.yml
+  include_role: 
    name: docker-compose
 - name: "include tasks nginx-docker-proxy-domain.yml"
  include_tasks: nginx-docker-proxy-domain.yml
--- a/roles/docker-pixelfed/templates/env.j2
+++ b/roles/docker-pixelfed/templates/env.j2
@ -46,15 +46,15 @@ RESTRICTED_INSTANCE=false
 ## Mail
 MAIL_DRIVER=log
-MAIL_HOST={{system_email_host}}
+MAIL_HOST={{system_email.host}}
-MAIL_PORT={{system_email_smtp_port}}
+MAIL_PORT={{system_email.smtp_port}}
-MAIL_FROM_ADDRESS="{{system_email_from}}"
+MAIL_FROM_ADDRESS="{{system_email.from}}"
 MAIL_FROM_NAME="Pixelfed"
-MAIL_USERNAME={{system_email_username}}
+MAIL_USERNAME={{system_email.username}}
-MAIL_PASSWORD={{system_email_password}}
+MAIL_PASSWORD={{system_email.password}}
 # Not sure if the following is correct
 # Checkout: https://github.com/pixelfed/pixelfed/blob/dev/.env.docker
-MAIL_ENCRYPTION={{ 'ssl' if system_email_start_tls else 'tls' }} 
+MAIL_ENCRYPTION={{ 'ssl' if system_email.start_tls else 'tls' }} 
 ## Databases (MySQL)
 DB_CONNECTION=mysql
--- a/roles/docker-portfolio/tasks/main.yml
+++ b/roles/docker-portfolio/tasks/main.yml
@ -1,6 +1,7 @@
 ---
- name: "include docker/compose/common.yml"
+- name: "include docker-compose role"
-  include_tasks: docker/compose/common.yml
+  include_role: 
    name: docker-compose
 - name: "include tasks nginx-docker-proxy-domain.yml"
  include_tasks: nginx-docker-proxy-domain.yml
--- a/roles/docker-roulette-wheel/tasks/main.yml
+++ b/roles/docker-roulette-wheel/tasks/main.yml
@ -1,6 +1,7 @@
 ---
- name: "include docker/compose/common.yml"
+- name: "include docker-compose role"
-  include_tasks: docker/compose/common.yml
+  include_role: 
    name: docker-compose
 - name: pull app repository
  git:
--- a/roles/docker-taiga/templates/.env.j2
+++ b/roles/docker-taiga/templates/.env.j2
@ -13,14 +13,14 @@ POSTGRES_PASSWORD={{database_password}}  # database user's password
 # Taiga's SMTP settings - Variables to send Taiga's emails to the users
 EMAIL_BACKEND       =   console                     # use an SMTP server or display the emails in the console (either "smtp" or "console")
-EMAIL_HOST          =   {{system_email_host}}       # SMTP server address
+EMAIL_HOST          =   {{system_email.host}}       # SMTP server address
-EMAIL_PORT          =   {{system_email_smtp_port}}  # default SMTP port
+EMAIL_PORT          =   {{system_email.smtp_port}}  # default SMTP port
-EMAIL_HOST_USER     =   {{system_email_username}}   # user to connect the SMTP server
+EMAIL_HOST_USER     =   {{system_email.username}}   # user to connect the SMTP server
-EMAIL_HOST_PASSWORD =   {{system_email_password}}   # SMTP user's password
+EMAIL_HOST_PASSWORD =   {{system_email.password}}   # SMTP user's password
-EMAIL_DEFAULT_FROM  =   {{system_email_from}}       # default email address for the automated emails
+EMAIL_DEFAULT_FROM  =   {{system_email.from}}       # default email address for the automated emails
 # EMAIL_USE_TLS/EMAIL_USE_SSL are mutually exclusive (only set one of those to True)
-EMAIL_USE_TLS={{ system_email_tls | lower | capitalize }}  # use TLS (secure) connection with the SMTP server
+EMAIL_USE_TLS={{ system_email.tls | lower | capitalize }}  # use TLS (secure) connection with the SMTP server
-EMAIL_USE_SSL={{ 'False' if system_email_start_tls else 'True' }}  # use implicit TLS (secure) connection with the SMTP server
+EMAIL_USE_SSL={{ 'False' if system_email.start_tls else 'True' }}  # use implicit TLS (secure) connection with the SMTP server
 # Taiga's RabbitMQ settings - Variables to leave messages for the realtime and asynchronous events
 RABBITMQ_USER=taiga  # user to connect to RabbitMQ
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@ -16,15 +16,6 @@
    group: administrator
  when: run_once_docker is not defined
 - name: "create {{path_docker_volumes}}"
  file:
    path: "{{path_docker_volumes}}"
    state: directory
    mode: 0700
    owner: administrator
    group: administrator
  when: run_once_docker is not defined
 - name: flush docker service
  meta: flush_handlers
  when: run_once_docker is not defined
--- a/roles/health-nginx/templates/health-nginx.py.j2
+++ b/roles/health-nginx/templates/health-nginx.py.j2
@ -25,17 +25,17 @@ for filename in os.listdir(config_path):
        # Default: Expect status code 200 or 302 for a domain
        expected_statuses = [200,302]
-        redirected_domains = [domain['source'] for domain in {{redirect_domain_mappings}}]
+        redirected_domains = [domain['source'] for domain in {{redirect_domains_mappings}}]
-        redirected_domains.append("{{domain_mailu}}")
+        redirected_domains.append("{{domains.mailu}}")
        # Determine expected status codes based on the domain
-        if domain == '{{domain_listmonk}}':
+        if domain == '{{domains.listmonk}}':
            expected_statuses = [404]
 {% if nginx_matomo_tracking | bool %}
        elif parts[0] == 'www' or domain in redirected_domains:
            expected_statuses = [301]
 {% endif %}
-        elif domain == '{{domain_yourls}}':
+        elif domain == '{{domains.yourls}}':
            expected_statuses = [403]
        try:
--- a/roles/systemd-notifier-email/templates/msmtprc.conf.j2
+++ b/roles/systemd-notifier-email/templates/msmtprc.conf.j2
@ -2,8 +2,8 @@
 defaults
 auth           on
 logfile        ~/.msmtp.log
-tls_starttls   {{ 'on' if system_email_start_tls else 'off' }}
+tls_starttls   {{ 'on' if system_email.start_tls else 'off' }}
-{% if system_email_tls %}
+{% if system_email.tls %}
 tls            on
 tls_trust_file /etc/ssl/certs/ca-certificates.crt
 {% else %}
@ -11,10 +11,10 @@ tls            off
 {% endif %}
 account        system_email
-host           {{system_email_host}}
+host           {{system_email.host}}
-port           {{system_email_smtp_port}}
+port           {{system_email.smtp_port}}
-from           {{system_email_from}}
+from           {{system_email.from}}
-user           {{system_email_username}}
+user           {{system_email.username}}
-password       {{system_email_password}}
+password       {{system_email.password}}
 account default : system_email
--- a/roles/systemd-notifier-email/templates/systemd-notifier-email.sh.j2
+++ b/roles/systemd-notifier-email/templates/systemd-notifier-email.sh.j2
@ -2,7 +2,7 @@
 /usr/bin/sendmail -t <<ERRMAIL
 To: {{administrator_email}}
-From: systemd <{{system_email_from}}>
+From: systemd <{{system_email.from}}>
 Subject: $1
 Content-Transfer-Encoding: 8bit
 Content-Type: text/plain; charset=UTF-8
--- a/tasks/docker/compose/database.yml
+++ b/tasks/docker/compose/database.yml
@ -1,8 +1,9 @@
 - name: include docker vars/docker-database.yml.j2
  include_vars: vars/docker-database.yml.j2
- name: "include docker/compose/common.yml"
+- name: "include docker-compose role"
-  include_tasks: docker/compose/common.yml
+  include_role: 
    name: docker-compose
 - name: create central database
  include_role: