Adapted roles to new architecture

2025-08-29 15:06:26 +02:00 · 2025-07-17 15:39:31 +02:00
parent 9469452275
commit ad449c3b6a
41 changed files with 665 additions and 101 deletions
--- a/roles/cmp-rdbms/templates/services/mariadb.yml.j2
+++ b/roles/cmp-rdbms/templates/services/mariadb.yml.j2
@@ -13,9 +13,9 @@
      - database:/var/lib/mysql
    healthcheck:
      test: [ "CMD", "sh", "-c", "/usr/bin/mariadb --user=$$MYSQL_USER --password=$$MYSQL_PASSWORD --execute 'SHOW DATABASES;'" ]
-      interval: 3s
-      timeout: 1s
-      retries: 5
+      interval: 10s
+      timeout: 5s
+      retries: 18
    networks:
      - default
 {% endif %}
--- a/roles/cmp-rdbms/vars/database.yml
+++ b/roles/cmp-rdbms/vars/database.yml
@@ -1,14 +1,17 @@
 # Helper variables
-_database_id:           "svc-db-{{ database_type }}"
-_database_central_name: "{{ applications | get_app_conf( _database_id, 'docker.services.' ~ database_type ~ '.name') }}"
+_database_id:                 "svc-db-{{ database_type }}"
+_database_central_name:       "{{ applications | get_app_conf( _database_id, 'docker.services.' ~ database_type ~ '.name') }}"
+_database_consumer_public_id: "{{ database_application_id | get_public_id }}"
+_database_central_enabled:    "{{ applications | get_app_conf(database_application_id, 'features.central_database', False) }}"

 # Definition
-database_name:      "{{ applications | get_app_conf( database_application_id, 'database.name', false, database_application_id | get_public_id ) }}"               # The overwritte configuration is needed by bigbluebutton
-database_instance:  "{{ _database_central_name if applications | get_app_conf(database_application_id, 'features.central_database', False) else database_name }}" # This could lead to bugs at dedicated database @todo cleanup
-database_host:      "{{ _database_central_name if applications | get_app_conf(database_application_id, 'features.central_database', False) else 'database' }}"    # This could lead to bugs at dedicated database @todo cleanup
-database_username:  "{{ applications | get_app_conf(database_application_id, 'database.username', false, database_application_id | get_public_id)}}"              # The overwritte configuration is needed by bigbluebutton
+database_name:      "{{ applications | get_app_conf( database_application_id, 'database.name', false, _database_consumer_public_id ) }}"                      # The overwritte configuration is needed by bigbluebutton
+database_instance:  "{{ _database_central_name if _database_central_enabled else database_name }}"                                                            # This could lead to bugs at dedicated database @todo cleanup
+database_host:      "{{ _database_central_name if _database_central_enabled else 'database' }}"                                                               # This could lead to bugs at dedicated database @todo cleanup
+database_username:  "{{ applications | get_app_conf(database_application_id, 'database.username', false, _database_consumer_public_id)}}"                     # The overwritte configuration is needed by bigbluebutton
 database_password:  "{{ applications | get_app_conf(database_application_id, 'credentials.database_password', true) }}"
 database_port:      "{{ ports.localhost.database[ _database_id ] }}"
 database_env:       "{{docker_compose.directories.env}}{{database_type}}.env"
 database_url_jdbc:  "jdbc:{{ database_type if database_type == 'mariadb' else 'postgresql' }}://{{ database_host }}:{{ database_port }}/{{ database_name }}"
-database_url_full:  "{{database_type}}://{{database_username}}:{{database_password}}@{{database_host}}:{{database_port}}/{{ database_name }}"
+database_url_full:  "{{database_type}}://{{database_username}}:{{database_password}}@{{database_host}}:{{database_port}}/{{ database_name }}"
+database_volume:    "{{ _database_consumer_public_id ~ '_' if not _database_central_enabled }}{{ database_host }}"
--- a/roles/docker-compose/templates/volumes-just-database.yml.j2
+++ b/roles/docker-compose/templates/volumes-just-database.yml.j2
@@ -2,5 +2,6 @@
 {% if not applications | get_app_conf(application_id, 'features.central_database', False)%}
 volumes:
  database:
+    name: {{ database_volume }}
 {% endif %}
 {{ "\n" }}
--- a/roles/docker-compose/templates/volumes.yml.j2
+++ b/roles/docker-compose/templates/volumes.yml.j2
@@ -2,5 +2,6 @@
 volumes:
 {% if not applications | get_app_conf(application_id, 'features.central_database', False)%}
  database:
+    name: {{ database_volume }}
 {% endif %}
 {{ "\n" }}
--- a/roles/docker-core/Todo.md
+++ b/roles/docker-core/Todo.md
@@ -0,0 +1,2 @@
+# Todos
+- Add cleanup service for docker system prune -f
--- a/roles/svc-db-mariadb/tasks/main.yml
+++ b/roles/svc-db-mariadb/tasks/main.yml
@@ -24,9 +24,9 @@
    restart_policy: "{{ docker_restart_policy }}"
    healthcheck:
      test: "/usr/bin/mariadb --user=root --password={{ mariadb_root_pwd }} --execute \"SHOW DATABASES;\""
-      interval: 3s
-      timeout: 1s
-      retries: 5
+      interval: 10s
+      timeout: 5s
+      retries: 18
  when: run_once_docker_mariadb is not defined
  register: setup_mariadb_container_result

--- a/roles/svc-db-redis/templates/service.yml.j2
+++ b/roles/svc-db-redis/templates/service.yml.j2
@@ -3,7 +3,7 @@
 {% set redis_version = applications | get_app_conf('svc-db-redis', 'docker.services.redis.version')%}
  redis:
    image: "{{ redis_image }}:{{ redis_version }}"
-    container_name: {{ application_id }}-redis
+    container_name: {{ application_id | get_public_id }}-redis
    restart: {{ docker_restart_policy }}
    logging:
      driver: journald
--- a/roles/sys-hlth-webserver/templates/sys-hlth-webserver.py.j2
+++ b/roles/sys-hlth-webserver/templates/sys-hlth-webserver.py.j2
@@ -43,7 +43,7 @@ for filename in os.listdir(config_path):
        url = f"{{ web_protocol }}://{domain}"
        
        redirected_domains = [domain['source'] for domain in {{ current_play_domain_mappings_redirect}}]
-        redirected_domains.append("{{domains | get_domain('mailu')}}")
+        redirected_domains.append("{{domains | get_domain('web-app-mailu')}}")

        expected_statuses = get_expected_statuses(domain, parts, redirected_domains)

--- a/roles/sys-rpr-docker-hard/files/sys-rpr-docker-hard.py
+++ b/roles/sys-rpr-docker-hard/files/sys-rpr-docker-hard.py
@@ -43,7 +43,7 @@ if __name__ == "__main__":
            
            if os.path.isfile(docker_compose_file):
                print(f"Found docker-compose.yml in {dir_path}.")
-                if dir_name == "mailu":
+                if dir_name == "web-app-mailu":
                    print(f"Directory {dir_name} detected. Performing hard restart...")
                    hard_restart_docker_services(dir_path)
                else:
--- a/roles/web-app-attendize/tasks/main.yml
+++ b/roles/web-app-attendize/tasks/main.yml
@@ -10,7 +10,7 @@
    domain: "{{ item }}"
    http_port:   "{{ ports.localhost.http[application_id] }}"
  loop:
-    - "{{ domains | get_domain('mailu') }}"
+    - "{{ domains | get_domain('web-app-mailu') }}"
    - "{{ domain }}"
    
 - name: "For '{{ application_id }}': configure {{domains | get_domain(application_id)}}.conf"
--- a/roles/web-app-espocrm/config/main.yml
+++ b/roles/web-app-espocrm/config/main.yml
@@ -33,5 +33,5 @@ docker:
      image:    "espocrm/espocrm"
      version:  "latest"
      name:     "espocrm"
-    volumes:
-      data: espocrm_data
+  volumes:
+    data: espocrm_data
--- a/roles/web-app-espocrm/tasks/database.yml
+++ b/roles/web-app-espocrm/tasks/database.yml
@@ -0,0 +1,32 @@
+- name: Check if config.php exists in EspoCRM
+  command: docker exec --user root {{ espocrm_name }} test -f {{ espocrm_config_file }}
+  register: config_file_exists
+  changed_when: false
+  failed_when: false
+
+- name: Patch EspoCRM config.php with updated DB credentials
+  when: config_file_exists.rc == 0
+  block:
+    - name: Update DB host
+      command: >
+        docker exec --user root {{ espocrm_name }}
+        sed -i "s/'host' => .*/'host' => '{{ database_host }}',/" {{ espocrm_config_file }}
+      notify: docker compose up
+
+    - name: Update DB name
+      command: >
+        docker exec --user root {{ espocrm_name }}
+        sed -i "s/'dbname' => .*/'dbname' => '{{ database_name }}',/" {{ espocrm_config_file }}
+      notify: docker compose up
+
+    - name: Update DB user
+      command: >
+        docker exec --user root {{ espocrm_name }}
+        sed -i "s/'user' => .*/'user' => '{{ database_username }}',/" {{ espocrm_config_file }}
+      notify: docker compose up
+
+    - name: Update DB password
+      command: >
+        docker exec --user root {{ espocrm_name }}
+        sed -i "s/'password' => .*/'password' => '{{ database_password }}',/" {{ espocrm_config_file }}
+      notify: docker compose up
--- a/roles/web-app-espocrm/tasks/main.yml
+++ b/roles/web-app-espocrm/tasks/main.yml
@@ -3,6 +3,13 @@
  include_role: 
    name: cmp-db-docker-proxy

+- name: Update database credentials
+  include_tasks: database.yml
+
+- name: Flush handlers to make DB available before password reset
+  meta: flush_handlers
+  when: docker_compose_flush_handlers | bool
+
 - name: Set OIDC scopes in EspoCRM config (inside web container)
  ansible.builtin.shell: |
    docker compose exec -T web php -r '
--- a/roles/web-app-espocrm/vars/main.yml
+++ b/roles/web-app-espocrm/vars/main.yml
@@ -8,4 +8,5 @@ docker_compose_flush_handlers:  true
 espocrm_version:                "{{ applications | get_app_conf(application_id, 'docker.services.espocrm.version', True) }}"
 espocrm_image:                  "{{ applications | get_app_conf(application_id, 'docker.services.espocrm.image', True) }}"
 espocrm_name:                   "{{ applications | get_app_conf(application_id, 'docker.services.espocrm.name', True) }}"
-espocrm_volume:                 "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}"
+espocrm_volume:                 "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}"
+espocrm_config_file:            "/var/www/html/data/config-internal.php"
--- a/roles/web-app-mailu/Todo.md
+++ b/roles/web-app-mailu/Todo.md
@@ -0,0 +1,2 @@
+# Todos
+- Implement hard restart into Backup for mailu
--- a/roles/web-app-mailu/config/main.yml
+++ b/roles/web-app-mailu/config/main.yml
@@ -1,4 +1,3 @@
-version:                  "2024.06"                         # Docker Image Version
 oidc:
  email_by_username:      true                              # If true, then the mail is set by the username. If wrong then the OIDC user email is used
  enable_user_creation:   true                              # Users will be created if not existing
@@ -30,4 +29,7 @@ docker:
    redis:
      enabled: true
    database: 
-      enabled: true
+      enabled: true
+    mailu:
+      version:  "2024.06" # Docker Image Version
+      name:     mailu
--- a/roles/web-app-mailu/tasks/main.yml
+++ b/roles/web-app-mailu/tasks/main.yml
@@ -19,7 +19,7 @@
    mailu_compose_dir:        "{{ docker_compose.directories.instance }}"
    mailu_domain:             "{{ primary_domain }}"
    mailu_api_base_url:       "http://127.0.0.1:8080/api/v1"
-    mailu_global_api_token:   "{{ applications.mailu.credentials.api_token }}"
+    mailu_global_api_token:   "{{ applications | get_app_conf(application_id, 'credentials.api_token') }}"
    mailu_action: >-
      {{
        (
--- a/roles/web-app-mailu/templates/docker-compose.yml.j2
+++ b/roles/web-app-mailu/templates/docker-compose.yml.j2
@@ -2,13 +2,15 @@

  # Core services
  resolver:
-    image: {{docker_source}}/unbound:{{applications.mailu.version}}
+    image: {{docker_source}}/unbound:{{ mailu_version }}
+    container_name: {{mailu_name}}_resolver
 {% include 'roles/docker-container/templates/base.yml.j2' %}
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
-        ipv4_address: {{networks.local.mailu.dns}}
+        ipv4_address: {{networks.local['web-app-mailu'].dns}}

  front:
-    image: {{docker_source}}/nginx:{{applications.mailu.version}}
+    container_name: {{mailu_name}}_front
+    image: {{docker_source}}/nginx:{{ mailu_version }}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    ports:
      - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
@@ -30,10 +32,11 @@
      webmail:
      radicale:
    dns:
-      - {{networks.local.mailu.dns}}
+      - {{networks.local['web-app-mailu'].dns}}
      
  admin:
-    image: {{docker_source}}/admin:{{applications.mailu.version}}
+    container_name: {{mailu_name}}_admin
+    image: {{docker_source}}/admin:{{ mailu_version }}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    volumes:
      - "admin_data:/data"
@@ -44,11 +47,12 @@
      front:
        condition: service_started
    dns:
-      - {{networks.local.mailu.dns}}
+      - {{networks.local['web-app-mailu'].dns}}
 {% include 'roles/docker-container/templates/networks.yml.j2' %}

  imap:
-    image: {{docker_source}}/dovecot:{{applications.mailu.version}}
+    container_name: {{mailu_name}}_imap
+    image: {{docker_source}}/dovecot:{{ mailu_version }}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    volumes:
      - "dovecot_mail:/mail"
@@ -57,11 +61,12 @@
      - front
      - resolver
    dns:
-      - {{networks.local.mailu.dns}}
+      - {{networks.local['web-app-mailu'].dns}}
 {% include 'roles/docker-container/templates/networks.yml.j2' %}

  smtp:
-    image: {{docker_source}}/postfix:{{applications.mailu.version}}
+    container_name: {{mailu_name}}_smtp
+    image: {{docker_source}}/postfix:{{ mailu_version }}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    volumes:
      - "{{docker_compose.directories.volumes}}overrides:/overrides:ro"
@@ -70,22 +75,24 @@
      - front
      - resolver
    dns:
-      - {{networks.local.mailu.dns}}
+      - {{networks.local['web-app-mailu'].dns}}
 {% include 'roles/docker-container/templates/networks.yml.j2' %}

  oletools:
-    image: {{docker_source}}/oletools:{{applications.mailu.version}}
+    container_name: {{mailu_name}}_oletools
+    image: {{docker_source}}/oletools:{{ mailu_version }}
    hostname: oletools
    restart: {{docker_restart_policy}}
    depends_on:
      - resolver
    dns:
-      - {{networks.local.mailu.dns}}
+      - {{networks.local['web-app-mailu'].dns}}
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
      noinet:

  antispam:
-    image: {{docker_source}}/rspamd:{{applications.mailu.version}}
+    container_name: {{mailu_name}}_antispam
+    image: {{docker_source}}/rspamd:{{ mailu_version }}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    volumes:
      - "filter:/var/lib/rspamd"
@@ -97,13 +104,14 @@
      - antivirus
      - resolver
    dns:
-      - {{networks.local.mailu.dns}}
+      - {{networks.local['web-app-mailu'].dns}}
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
      noinet:  


  # Optional services
  antivirus:
+    container_name: {{mailu_name}}_antivirus
    image: clamav/clamav-debian:latest
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    volumes:
@@ -111,23 +119,25 @@
    depends_on:
      - resolver
    dns:
-      - {{networks.local.mailu.dns}}
+      - {{networks.local['web-app-mailu'].dns}}
 {% include 'roles/docker-container/templates/networks.yml.j2' %}

  webdav:
-    image: {{docker_source}}/radicale:{{applications.mailu.version}}
+    container_name: {{mailu_name}}_webdav
+    image: {{docker_source}}/radicale:{{ mailu_version }}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    volumes:
      - "webdav_data:/data"
    depends_on:
      - resolver
    dns:
-      - {{networks.local.mailu.dns}}
+      - {{networks.local['web-app-mailu'].dns}}
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
      radicale:

  fetchmail:
-    image: {{docker_source}}/fetchmail:{{applications.mailu.version}}
+    container_name: {{mailu_name}}_fetchmail
+    image: {{docker_source}}/fetchmail:{{ mailu_version }}
    volumes:
      - "admin_data:/data"
 {% include 'roles/docker-container/templates/base.yml.j2' %}
@@ -137,11 +147,12 @@
      - imap
      - resolver
    dns:
-      - {{networks.local.mailu.dns}}
+      - {{networks.local['web-app-mailu'].dns}}
 {% include 'roles/docker-container/templates/networks.yml.j2' %}

  webmail:
-    image: {{docker_source}}/webmail:{{applications.mailu.version}}
+    container_name: {{mailu_name}}_webmail
+    image: {{docker_source}}/webmail:{{ mailu_version }}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    volumes:
      - "webmail_data:/data"
@@ -151,19 +162,27 @@
      - front
      - resolver
    dns:
-      - {{networks.local.mailu.dns}}
+      - {{networks.local['web-app-mailu'].dns}}
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
      webmail:

 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  smtp_queue:
+    name: {{ mailu_smtp_queue }}
  admin_data:
+    name: {{ mailu_admin_data }}
  webdav_data:
+    name: {{ mailu_webdav_data }}
  webmail_data:
+    name: {{ mailu_webmail_data }}
  filter:
+    name: {{ mailu_filter }}
  dkim:
+    name: {{ mailu_dkim }}
  dovecot_mail:
+    name: {{ mailu_dovecot_mail }}
  redis:
+    name: {{ mailu_redis }}

 {% include 'roles/docker-compose/templates/networks.yml.j2' %}
  radicale:
--- a/roles/web-app-mailu/templates/env.j2
+++ b/roles/web-app-mailu/templates/env.j2
@@ -11,13 +11,13 @@
 LD_PRELOAD=/usr/lib/libhardened_malloc.so 

 # Set to a randomly generated 16 bytes string
-SECRET_KEY={{applications.mailu.credentials.secret_key}}
+SECRET_KEY={{applications | get_app_conf(application_id,'credentials.secret_key')}}

 # Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
-SUBNET={{networks.local.mailu.subnet}}
+SUBNET={{networks.local['web-app-mailu'].subnet}}

 # Main mail domain
-DOMAIN={{applications.mailu.domain}}
+DOMAIN={{ applications | get_app_conf(application_id,'domain') }}

 # Hostnames for this server, separated with comas
 HOSTNAMES={{domains | get_domain(application_id)}}
@@ -151,7 +151,7 @@ SQLALCHEMY_DATABASE_URI=mysql+mysqlconnector://{{database_username}}:{{database_
 API=true
 WEB_API=/api
 # Configures the authentication token. The minimum length is 3 characters. This token must be passed as request header to the API as authentication token. This is a mandatory setting for using the RESTful API.
-API_TOKEN={{applications.mailu.credentials.api_token}}
+API_TOKEN={{ applications | get_app_conf(application_id, 'credentials.api_token')}}


 # Activated https://mailu.io/master/configuration.html#advanced-settings
--- a/roles/web-app-mailu/vars/main.yml
+++ b/roles/web-app-mailu/vars/main.yml
@@ -1,7 +1,7 @@
-application_id:             "mailu"
+application_id:             "web-app-mailu"

 # Database Configuration
-database_password:          "{{applications.mailu.credentials.database_password}}"
+database_password:          "{{ applications | get_app_conf(application_id, ' credentials.database_password') }}"
 database_type:              "mariadb"

 cert_mount_directory:       "{{docker_compose.directories.volumes}}certs/"
@@ -12,4 +12,14 @@ docker_source:             "{{ 'ghcr.io/heviat' if applications | get_app_conf(a

 domain:                    "{{ domains | get_domain(application_id) }}"
 http_port:                 "{{ ports.localhost.http[application_id] }}"
-proxy_extra_configuration: "client_max_body_size 31M;"
+proxy_extra_configuration: "client_max_body_size 31M;"
+mailu_version:             "{{ applications | get_app_conf(application_id, 'docker.services.mailu.version', True) }}"
+mailu_name:                "{{ applications | get_app_conf(application_id, 'docker.services.mailu.name', True) }}"
+mailu_smtp_queue:          "mailu_smtp_queue"
+mailu_admin_data:          "mailu_admin_data"
+mailu_webdav_data:         "mailu_webdav_data"
+mailu_webmail_data:        "mailu_webmail_data"
+mailu_filter:              "mailu_filter"
+mailu_dkim:                "mailu_dkim"
+mailu_dovecot_mail:        "mailu_dovecot_mail"
+mailu_redis:               "mailu_redis"
--- a/roles/web-app-matomo/tasks/constructor.yml
+++ b/roles/web-app-matomo/tasks/constructor.yml
@@ -2,7 +2,7 @@
  include_role: 
    name: cmp-db-docker-proxy

- name: "Update database credentials"
+- name: "Patch Matomo config.ini.php with updated DB credentials"
  include_tasks: database.yml

 - name: flush docker service
--- a/roles/web-app-matomo/tasks/database.yml
+++ b/roles/web-app-matomo/tasks/database.yml
@@ -1,25 +1,16 @@
- name: Backup config.ini.php before patching
+- name: Update DB host
  command: >
-    docker cp {{ matomo_name }}:{{ matomo_config }} {{ matomo_backup_file }}
-
- name: Patch Matomo config.ini.php with updated DB credentials
-  block:
-    - name: Update DB host
-      command: >
-        docker exec --user root {{ matomo_name }}
-        sed -i "s/^host *=.*/host = {{ database_host }}/" {{ matomo_config }}
-
-    - name: Update DB name
-      command: >
-        docker exec --user root {{ matomo_name }}
-        sed -i "s/^dbname *=.*/dbname = {{ database_name }}/" {{ matomo_config }}
-
-    - name: Update DB user
-      command: >
-        docker exec --user root {{ matomo_name }}
-        sed -i "s/^username *=.*/username = {{ database_username }}/" {{ matomo_config }}
-
-    - name: Update DB password
-      command: >
-        docker exec --user root {{ matomo_name }}
-        sed -i "s/^password *=.*/password = {{ database_password }}/" {{ matomo_config }}
+    docker exec --user root {{ matomo_name }}
+    sed -i "s/^host *=.*/host = {{ database_host }}/" {{ matomo_config }}
+- name: Update DB name
+  command: >
+    docker exec --user root {{ matomo_name }}
+    sed -i "s/^dbname *=.*/dbname = {{ database_name }}/" {{ matomo_config }}
+- name: Update DB user
+  command: >
+    docker exec --user root {{ matomo_name }}
+    sed -i "s/^username *=.*/username = {{ database_username }}/" {{ matomo_config }}
+- name: Update DB password
+  command: >
+    docker exec --user root {{ matomo_name }}
+    sed -i "s/^password *=.*/password = {{ database_password }}/" {{ matomo_config }}
--- a/roles/web-app-matomo/vars/main.yml
+++ b/roles/web-app-matomo/vars/main.yml
@@ -8,7 +8,6 @@ matomo_version:       "{{ applications | get_app_conf(application_id, 'docker.se
 matomo_image:         "{{ applications | get_app_conf(application_id, 'docker.services.matomo.image', True) }}"
 matomo_name:          "{{ applications | get_app_conf(application_id, 'docker.services.matomo.name', True) }}"
 matomo_data:          "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}"
-matomo_backup_file:   "{{ docker_compose.directories.instance }}/config.ini.php.bak"
 matomo_config:        "/var/www/html/config/config.ini.php"

 # I don't know if this is still necessary
--- a/roles/web-app-moodle/tasks/database.yml
+++ b/roles/web-app-moodle/tasks/database.yml
@@ -13,10 +13,6 @@
        state: directory
        mode: "0755"

-    - name: Copy config.php from container to host
-      command: >
-        docker cp {{ moodle_container }}:{{ moodle_config }} {{ moodle_backup_file }}
-
 - name: Check if config.php exists
  command: docker exec --user root {{ moodle_container }} test -f {{ moodle_config }}
  register: config_file_exists
--- a/roles/web-app-moodle/vars/main.yml
+++ b/roles/web-app-moodle/vars/main.yml
@@ -10,7 +10,6 @@ bitnami_user_group:             "{{ bitnami_user }}:{{ bitnami_user }}"

 docker_compose_flush_handlers:  false # Wait for env update

-moodle_backup_file:             "{{ docker_compose.directories.instance }}/config.ini.php.bak"
 moodle_config:                  "/bitnami/moodle/config.php"
 moodle_version:                 "{{ applications | get_app_conf(application_id, 'docker.services.moodle.version', True) }}"
 moodle_image:                   "{{ applications | get_app_conf(application_id, 'docker.services.moodle.image', True) }}"
--- a/roles/web-app-nextcloud/config/main.yml
+++ b/roles/web-app-nextcloud/config/main.yml
@@ -10,9 +10,12 @@ csp:
      - "data:"
 domains:
  canonical:
-    nextcloud:  "cloud.{{ primary_domain }}"
+    - "cloud.{{ primary_domain }}"
+    # nextcloud:  "cloud.{{ primary_domain }}"
    # talk:       "talk.{{ primary_domain }}" @todo needs to be activated
 docker:
+  volumes:
+    data: nextcloud_data
  services:
    redis:
      enabled: true
@@ -21,7 +24,7 @@ docker:
    nextcloud:
      name:     "nextcloud"
      image:    "nextcloud"
-      version:  "latest-fpm-alpine"
+      version:  "production-fpm-alpine"
      backup:
        no_stop_required: true
    proxy: 
--- a/roles/web-app-nextcloud/tasks/01_config.yml
+++ b/roles/web-app-nextcloud/tasks/01_config.yml
@@ -3,16 +3,27 @@
    - name: Add dynamic config merging from Jinja template
      template:
        src: include.php.j2
-        dest: "{{nextcloud_host_include_instructions_file}}"
+        dest: "{{ nextcloud_host_include_instructions_file }}"
      notify: docker compose restart

+    - name: Flush handlers so Nextcloud container is restarted and ready
+      meta: flush_handlers
+
+    - name: "Wait until Nextcloud is reachable on port {{ports.localhost.http[application_id]}}"
+      wait_for:
+        host: 127.0.0.1
+        port: "{{ports.localhost.http[application_id]}}"
+        timeout: 120
+        delay: 2
+        state: started
+
    - name: Copy include instructions to the container
      command: >
-        docker cp {{ nextcloud_host_include_instructions_file }} {{ nextcloud_name }}:{{nextcloud_docker_include_instructions_file}}
+        docker cp {{ nextcloud_host_include_instructions_file }} {{ nextcloud_container }}:{{ nextcloud_docker_include_instructions_file }}

    - name: Append generated config to config.php only if not present
      command: >
-        docker exec -u {{nextcloud_docker_user}} {{ nextcloud_name }} sh -c "
+        docker exec -u {{ nextcloud_docker_user }} {{ nextcloud_container }} sh -c "
          grep -q '{{ nextcloud_docker_config_additives_directory }}' {{ nextcloud_docker_config_file }} || 
-          cat {{nextcloud_docker_include_instructions_file}} >> {{ nextcloud_docker_config_file }}"
-      notify: docker compose restart
+          cat {{ nextcloud_docker_include_instructions_file }} >> {{ nextcloud_docker_config_file }}"
+      notify: docker compose restart
--- a/roles/web-app-nextcloud/tasks/main.yml
+++ b/roles/web-app-nextcloud/tasks/main.yml
@@ -65,7 +65,7 @@

 - name: Ensure Nextcloud administrator is in the 'admin' group
  command: >
-    docker exec -u {{ nextcloud_docker_user }} {{ nextcloud_name }}
+    docker exec -u {{ nextcloud_docker_user }} {{ nextcloud_container }}
    php occ group:adduser admin {{ nextcloud_administrator_username }}
  register: add_admin_to_group
  changed_when: "'Added user' in add_admin_to_group.stdout"
--- a/roles/web-app-nextcloud/templates/docker-compose.yml.j2
+++ b/roles/web-app-nextcloud/templates/docker-compose.yml.j2
@@ -2,7 +2,7 @@

  application:
    image: "{{ nextcloud_image }}:{{ nextcloud_version }}"
-    container_name: {{ nextcloud_name }}
+    container_name: {{ nextcloud_container }}
    volumes:
      - data:{{nextcloud_docker_work_directory}}
      - {{nextcloud_host_config_additives_directory}}:{{nextcloud_docker_config_additives_directory}}:ro
@@ -70,6 +70,7 @@

 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  data:
+    name: {{ nextcloud_volume }}
  redis:

 {% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/web-app-nextcloud/vars/main.yml
+++ b/roles/web-app-nextcloud/vars/main.yml
@@ -20,16 +20,18 @@ nextcloud_control_node_plugin_tasks_directory:  "{{role_path}}/tasks/plugins/"
 # Host 

 ## Host Paths
-nextcloud_host_config_additives_directory:      "{{docker_compose.directories.volumes}}cymais/"               # This folder is the path to which the additive configurations will be copied
-nextcloud_host_include_instructions_file:       "{{docker_compose.directories.volumes}}includes.php"          # Path to the instruction file on the host. Responsible for loading the additional configurations
+nextcloud_host_config_additives_directory:      "{{ docker_compose.directories.volumes }}cymais/"               # This folder is the path to which the additive configurations will be copied
+nextcloud_host_include_instructions_file:       "{{ docker_compose.directories.volumes }}includes.php"          # Path to the instruction file on the host. Responsible for loading the additional configurations

-nextcloud_domains:                              "{{ domains[application_id].nextcloud }}"
+nextcloud_domains:                              "{{ domains | get_domain(application_id) }}"                    # This is wrong and should be optimized @todo implement support for multiple domains

 # Docker

+nextcloud_volume:                               "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}"
+
 nextcloud_version:                              "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.version', True) }}"
 nextcloud_image:                                "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.image', True) }}"
-nextcloud_name:                                 "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.name', True) }}"
+nextcloud_container:                                 "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.name', True) }}"

 nextcloud_proxy_name:                           "{{ applications | get_app_conf(application_id, 'docker.services.proxy.name', True) }}"
 nextcloud_proxy_image:                          "{{ applications | get_app_conf(application_id, 'docker.services.proxy.image', True) }}"
@@ -58,5 +60,5 @@ nextcloud_docker_config_additives_directory:    "{{nextcloud_docker_config_direc
 nextcloud_docker_include_instructions_file:     "/tmp/includes.php"                                           # Path to the temporary file which will be included to the config.php to load the additional configurations

 ## Execution
-nextcloud_docker_exec:                          "docker exec -u {{ nextcloud_docker_user }} {{ nextcloud_name }}" # General execute composition
+nextcloud_docker_exec:                          "docker exec -u {{ nextcloud_docker_user }} {{ nextcloud_container }}" # General execute composition
 nextcloud_docker_exec_occ:                      "{{nextcloud_docker_exec}} {{ nextcloud_docker_work_directory }}occ"                            # Execute docker occ command
--- a/roles/web-app-port-ui/templates/menu/followus.yml.j2
+++ b/roles/web-app-port-ui/templates/menu/followus.yml.j2
@@ -3,7 +3,7 @@ followus:
  description: Follow us to stay up to recieve the newest CyMaIS updates 
  icon:
    class: fas fa-newspaper
-{% if ["mastodon", "bluesky"] | any_in(group_names) %}
+{% if ["web-app-mastodon", "web-app-bluesky"] | any_in(group_names) %}
  children:
 {% if service_provider.contact.mastodon is defined and service_provider.contact.mastodon != "" %}
    - name: Mastodon
--- a/roles/web-app-wordpress/tasks/main.yml
+++ b/roles/web-app-wordpress/tasks/main.yml
@@ -6,7 +6,7 @@
 - name: "Include role srv-proxy-6-6-domain for {{ application_id }}"
  include_role:
    name: srv-proxy-6-6-domain
-  loop: "{{ applications | get_app_conf(application_id, 'domain', True)s.canonical }}"
+  loop: "{{ applications | get_app_conf(application_id, 'domains.canonical', True) }}"
  loop_control:
    loop_var: domain
  vars: