Restructure and cleaned up in preparation of new backup logic

group_vars/all/00_general.yml

@@ -55,7 +55,19 @@ certbot_cert_path:                        "/etc/letsencrypt/live" # Path contain
 docker_restart_policy:                    "unless-stopped"
 
 # helper
-_applications_nextcloud_oidc_flavor:      "{{ applications.nextcloud.oidc.flavor | default('oidc_login' if applications.nextcloud.features.ldap | default(true) else 'sociallogin') }}"
+_applications_nextcloud_oidc_flavor: >-
+  {{
+    applications
+      | get_app_conf(
+          'web-app-nextcloud',
+          'oidc.flavor',
+          False,
+          'oidc_login'
+          if applications
+            | get_app_conf('web-app-nextcloud','features.ldap',False)
+          else 'sociallogin'
+        )
+  }}
 
 # default value if not set via CLI (-e) or in playbook vars
 allowed_applications: []

group_vars/all/09_ports.yml

@@ -6,46 +6,46 @@ ports:
       svc-db-mariadb:   3306
     # https://developer.mozilla.org/de/docs/Web/API/WebSockets_API
     websocket:
-      mastodon: 4001
+      web-app-mastodon: 4001
       espocrm: 4002
     oauth2_proxy:
       phpmyadmin: 4181
       lam: 4182
-      openproject: 4183
+      web-app-openproject: 4183
       yourls: 4184
       pgadmin: 4185
       phpldapadmin: 4186
       fusiondirectory: 4187
-      gitea: 4188
+      web-app-gitea: 4188
       snipe-it: 4189
     ldap:
       svc-db-openldap: 389
     http:
-      nextcloud: 8001
-      gitea: 8002
-      wordpress: 8003
-      mediawiki: 8004
-      mybb: 8005
+      web-app-nextcloud: 8001
+      web-app-gitea: 8002
+      web-app-wordpress: 8003
+      web-app-mediawiki: 8004
+      web-app-mybb: 8005
       yourls: 8006
       mailu: 8007
-      elk: 8008
-      mastodon: 8009
-      pixelfed: 8010
-      peertube: 8011
+      web-app-elk: 8008
+      web-app-mastodon: 8009
+      web-app-pixelfed: 8010
+      web-app-peertube: 8011
       funkwhale: 8012
       roulette-wheel: 8013
-      joomla: 8014
+      web-app-joomla: 8014
       attendize: 8015
       pgadmin: 8016
-      baserow: 8017
+      web-app-baserow: 8017
       web-app-matomo: 8018
-      listmonk: 8019
-      discourse: 8020
-      matrix_synapse: 8021
-      matrix_element: 8022
-      openproject: 8023
+      web-app-listmonk: 8019
+      web-app-discourse: 8020
+      web-app-matrix_synapse: 8021
+      web-app-matrix_element: 8022
+      web-app-openproject: 8023
       gitlab: 8024
-      akaunting: 8025
+      web-app-akaunting: 8025
       moodle: 8026
       taiga: 8027
       friendica: 8028
@@ -73,11 +73,13 @@ ports:
   public:
     # The following ports should be changed to 22 on the subdomain via stream mapping
     ssh:
-      gitea: 2201
+      web-app-gitea: 2201
       gitlab: 2202
     ldaps:
       svc-db-openldap: 636
     stun:
       bigbluebutton: 3478    # Not sure if it's right placed here or if it should be moved to localhost section
+      web-app-nextcloud:     3479
     turn:
       bigbluebutton: 5349    # Not sure if it's right placed here or if it should be moved to localhost section
+      web-app-nextcloud:     5350    # Not used yet

group_vars/all/10_networks.yml

@@ -8,11 +8,11 @@ defaults_networks:
     # This should be sufficient for the most cases
 
     # /28 Networks, 14 Usable Ip Addresses
-    akaunting:
+    web-app-akaunting:
       subnet: 192.168.101.0/28
     attendize:
       subnet: 192.168.101.16/28
-    baserow:
+    web-app-baserow:
       subnet: 192.168.101.32/28
     mobilizon:
       subnet: 192.168.101.48/28
@@ -22,25 +22,25 @@ defaults_networks:
       subnet: 192.168.101.80/28
     funkwhale:
       subnet: 192.168.101.96/28
-    gitea:
+    web-app-gitea:
       subnet: 192.168.101.112/28
     gitlab:
       subnet: 192.168.101.128/28
-    joomla:
+    web-app-joomla:
       subnet: 192.168.101.144/28
     keycloak:
       subnet: 192.168.101.160/28
-    #svc-db-openldap:
-    #  subnet: 192.168.101.176/28
-    listmonk:
+    web-app-wordpress:
+      subnet: 192.168.101.176/28
+    web-app-listmonk:
       subnet: 192.168.101.192/28
     # Free:
     #  subnet: 192.168.101.208/28
     web-app-matomo:
       subnet: 192.168.101.224/28
-    mastodon:
+    web-app-mastodon:
       subnet: 192.168.101.240/28
-    matrix:
+    web-app-matrix:
       subnet: 192.168.102.0/28
     mailu:
       # Use one of the last container ips for dns resolving so that it isn't used
@@ -48,17 +48,17 @@ defaults_networks:
       subnet: 192.168.102.16/28
     moodle:
       subnet: 192.168.102.32/28
-    mybb:
+    web-app-mybb:
       subnet: 192.168.102.48/28
-    nextcloud:
+    web-app-nextcloud:
       subnet: 192.168.102.64/28
-    openproject:
+    web-app-openproject:
       subnet: 192.168.102.80/28
-    peertube:
+    web-app-peertube:
       subnet: 192.168.102.96/28
     phpmyadmin:
       subnet: 192.168.102.112/28
-    pixelfed:
+    web-app-pixelfed:
       subnet: 192.168.102.128/28
     pgadmin:
       subnet: 192.168.102.144/28
@@ -68,7 +68,7 @@ defaults_networks:
       subnet: 192.168.102.176/28
     yourls:
       subnet: 192.168.102.192/28
-    discourse:
+    web-app-discourse:
       subnet: 192.168.102.208/28
     sphinx:
       subnet: 192.168.102.224/28

group_vars/all/15_about.yml

@@ -20,12 +20,12 @@ defaults_service_provider:
       {{ ('@' ~ users.contact.username ~ '.' ~ domains.bluesky.api)
          if 'bluesky' in group_names else '' }}
     email:          "{{ users.contact.username ~ '@' ~ primary_domain if 'mailu' in group_names else '' }}"
-    mastodon:       "{{ '@' ~ users.contact.username ~ '@' ~ domains | get_domain('mastodon') if 'mastodon' in group_names else '' }}"
-    matrix:         "{{ '@' ~ users.contact.username ~ ':' ~ domains.matrix.synapse if 'matrix' in group_names else '' }}"
-    peertube:       "{{ '@' ~ users.contact.username ~ '@' ~ domains | get_domain('peertube') if 'peertube' in group_names else '' }}"
-    pixelfed:       "{{ '@' ~ users.contact.username ~ '@' ~ domains | get_domain('pixelfed') if 'pixelfed' in group_names else '' }}"
+    mastodon:       "{{ '@' ~ users.contact.username ~ '@' ~ domains | get_domain('web-app-mastodon') if 'web-app-mastodon' in group_names else '' }}"
+    matrix:         "{{ '@' ~ users.contact.username ~ ':' ~ domains['web-app-matrix'].synapse if 'web-app-matrix' in group_names else '' }}"
+    peertube:       "{{ '@' ~ users.contact.username ~ '@' ~ domains | get_domain('web-app-peertube') if 'web-app-peertube' in group_names else '' }}"
+    pixelfed:       "{{ '@' ~ users.contact.username ~ '@' ~ domains | get_domain(web-app-pixelfed) if web-app-pixelfed in group_names else '' }}"
     phone:          "+0 000 000 404"
-    wordpress:      "{{ '@' ~ users.contact.username ~ '@' ~ domains | get_domain('wordpress') if 'wordpress' in group_names else '' }}"
+    wordpress:      "{{ '@' ~ users.contact.username ~ '@' ~ domains | get_domain('web-app-wordpress') if 'web-app-wordpress' in group_names else '' }}"
 
   legal:
     editorial_responsible:  "Johannes Gutenberg"

group_vars/all/16_storage.yml

@@ -1,6 +1,3 @@
-## Enable Storage Optimizer for Docker Volumes
-enable_system_storage_optimizer:  true
-
 backups_folder_path:              "/Backups/"   # Path to the backups folder
 
 # Storage Space-Related Configurations          

roles/desk-nextcloud/Todo.md

@@ -0,0 +1,2 @@
+# Todos
+- Implement the schema 

roles/desk-nextcloud/schema/main.yml

@@ -0,0 +1 @@
+cloud_fqdn: # @todo Add detailled scheme for this entry 

roles/sys-bkp-docker-2-loc/README.md

@@ -2,7 +2,7 @@
 
 ## Description
 
-This Ansible role automates the process of backing up Docker volumes to a local folder. It pulls the [sys-bkp-docker-2-loc repository](https://github.com/kevinveenbirkenbach/sys-bkp-docker-2-loc.git), installs required software, configures systemd services for both standard and "everything" backup modes, and seeds backup database entries as needed.
+This Ansible role automates the process of backing up Docker volumes to a local folder. It pulls the [backup-docker-to-local](https://github.com/kevinveenbirkenbach/backup-docker-to-local), installs required software, configures systemd services for both standard and "everything" backup modes, and seeds backup database entries as needed.
 
 ## Overview
 
@@ -20,7 +20,7 @@ Backup Docker Volumes to Local is a comprehensive solution that leverages rsync
 ## Features
 
 - **Required Software Installation:** Installs necessary packages (e.g., lsof, python-pandas) via pacman.
-- **Git Repository Pull:** Automatically pulls the latest version of the [sys-bkp-docker-2-loc repository](https://github.com/kevinveenbirkenbach/sys-bkp-docker-2-loc.git).
+- **Git Repository Pull:** Automatically pulls the latest version of the [backup-docker-to-local](https://github.com/kevinveenbirkenbach/backup-docker-to-local).
 - **Systemd Service Configuration:** Deploys and reloads two systemd service templates to manage backup tasks.
 - **Database Seeding:** Includes tasks to seed and manage a backup database (`databases.csv`) for tracking backup details.
 - **Dependency Integration:** Works in conjunction with the dependent roles listed above to verify and manage backups.

roles/sys-bkp-docker-2-loc/filter_plugins/dict_to_cli_args.py

@@ -0,0 +1,36 @@
+def dict_to_cli_args(data):
+    """
+    Convert a dictionary into CLI argument string.
+    Example:
+    {
+        "backup-dir": "/mnt/backups",
+        "shutdown": True,
+        "ignore-volumes": ["redis", "memcached"]
+    }
+    becomes:
+    --backup-dir=/mnt/backups --shutdown --ignore-volumes="redis memcached"
+    """
+    if not isinstance(data, dict):
+        raise TypeError("Expected a dictionary for CLI argument conversion")
+
+    args = []
+
+    for key, value in data.items():
+        cli_key = f"--{key}"
+
+        if isinstance(value, bool):
+            if value:
+                args.append(cli_key)
+        elif isinstance(value, list):
+            items = " ".join(map(str, value))
+            args.append(f'{cli_key}="{items}"')
+        elif value is not None:
+            args.append(f'{cli_key}={value}')
+
+    return " ".join(args)
+
+class FilterModule(object):
+    def filters(self):
+        return {
+            'dict_to_cli_args': dict_to_cli_args
+        }

roles/update-docker/templates/update-docker.py.j2

@@ -130,8 +130,8 @@ def update_discourse(directory):
     os.chdir(docker_repository_directory )
     if git_pull():
         print("Start Discourse update procedure.")
-        update_procedure("docker stop {{applications.discourse.container}}")
-        update_procedure("docker rm {{applications.discourse.container}}")
+        update_procedure("docker stop {{applications.discourse.docker.service.discourse.name}}")
+        update_procedure("docker rm {{applications.discourse.docker.service.discourse.name}}")
         try:
             update_procedure("docker network connect {{applications.discourse.network}} {{ applications['bpostgres'].hostname }}")
         except subprocess.CalledProcessError as e:
@@ -140,7 +140,7 @@ def update_discourse(directory):
                 print("Network connection already exists. Skipping...")
             else:
                 raise
-        update_procedure("./launcher rebuild {{applications.discourse.container}}")
+        update_procedure("./launcher rebuild {{applications.discourse.docker.service.discourse.name}}")
     else:
         print("Discourse update skipped. No changes in git repository.")
 

roles/web-app-akaunting/config/main.yml

@@ -1,12 +1,11 @@
-images:
-  akaunting:      "docker.io/akaunting/akaunting:latest"
-company_name:       "{{primary_domain}}"
-company_email:      "{{ users.administrator.email }}"
+company:
+  name:             "Akaunting on {{ primary_domain | upper }}" # @todo load automatic based on service_provider infos, this will fail
+  email:            "{{ users.administrator.email }}" # @todo load automatic based on service_provider infos, this will fail
 setup_admin_email:  "{{ users.administrator.email }}"
 features:
   matomo:           true
   css:              true
-  port-ui-desktop: true
+  port-ui-desktop:  true
   central_database: true
 domains:
   canonical:
@@ -15,5 +14,12 @@ docker:
   services:
     database:
       enabled: true
+    akaunting:
+      no_stop_required: true
+      image: docker.io/akaunting/akaunting 
+      version: latest
+      name: akaunting
+  volumes: 
+    data: akaunting_data
 credentials: {}
 

roles/web-app-akaunting/templates/docker-compose.yml.j2

@@ -2,12 +2,12 @@
   application:
 
 {% include 'roles/docker-container/templates/base.yml.j2' %}
-
-    image: "{{ applications | get_app_conf(application_id, 'images.' ~ application_id, True) }}"
+    container_name: {{ akaunting_name }}
+    image: "{{ akaunting_image }}:{{ akaunting_version }}"
     build:
       context: .
     ports:
-      - 127.0.0.1:{{ports.localhost.http[application_id]}}:80
+      - 127.0.0.1:{{ ports.localhost.http[application_id] }}:80
     volumes:
       - data:/var/www/html
     environment:
@@ -17,5 +17,7 @@
 
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
   data:
+    name: {{ akaunting_volume }}
+
 
 {% include 'roles/docker-compose/templates/networks.yml.j2' %}

roles/web-app-akaunting/templates/env.j2

@@ -14,8 +14,8 @@ DB_PASSWORD={{database_password}}
 DB_PREFIX=asd_
 
 # These define the first company to exist on this instance. They are only used during setup.
-COMPANY_NAME={{applications | get_app_conf(application_id, 'company_name', True)}}
-COMPANY_EMAIL={{applications | get_app_conf(application_id, 'company_email', True)}}
+COMPANY_NAME={{applications | get_app_conf(application_id, 'company.name', True)}}
+COMPANY_EMAIL={{applications | get_app_conf(application_id, 'company.email', True)}}
 
 # This will be the first administrative user created on setup.
 ADMIN_EMAIL={{applications.akaunting.setup_admin_email}}

roles/web-app-akaunting/vars/main.yml

@@ -1,4 +1,8 @@
-application_id:             "akaunting"
+application_id:             "web-app-akaunting"
 database_type:              "mariadb"
 database_password:          "applications | get_app_conf(application_id, 'credentials.database_password', True)"
 docker_repository_address:  "https://github.com/akaunting/docker.git"
+akaunting_version:          "{{ applications | get_app_conf(application_id, 'docker.services.akaunting.version', True) }}"
+akaunting_image:            "{{ applications | get_app_conf(application_id, 'docker.services.akaunting.image', True) }}"
+akaunting_name:             "{{ applications | get_app_conf(application_id, 'docker.services.akaunting.name', True) }}"
+akaunting_volume:           "{{ applications | get_app_conf(application_id, 'docker.services.volumes.data', True) }}"

roles/web-app-baserow/config/main.yml

@@ -1,13 +1,18 @@
-images:
-  baserow:            "baserow/baserow:latest"
 features:
   matomo:             true
   css:                true
-  port-ui-desktop:   true
+  port-ui-desktop:    true
   central_database:   true
 docker:
   services:
     redis:
-      enabled:        true
+      enabled:          true
     database:
-      enabled: true
+      enabled:          true
+    baserow:  
+      no_stop_required: true
+      image:            "baserow/baserow"
+      version:          "latest"
+      name:             "baserow"
+    volumes:
+      data:             "baserow_data"

roles/web-app-baserow/templates/docker-compose.yml.j2

@@ -2,8 +2,8 @@
 
   application:
 {% include 'roles/docker-container/templates/base.yml.j2' %}
-    image: "{{ applications | get_app_conf(application_id, 'images.baserow', True) }}"
-    container_name: baserow-application
+    image: "{{ baserow_image }}:{{ baserow_version }}"
+    container_name: {{ baserow_name }}
     volumes:
       - data:/baserow/data
     ports:
@@ -13,6 +13,7 @@
 
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
   data:
+    name: {{ baserow_volume }}
   redis:
 
 {% include 'roles/docker-compose/templates/networks.yml.j2' %}

roles/web-app-baserow/vars/main.yml

@@ -1,3 +1,7 @@
-application_id:     "baserow"
-database_password:  "{{ baserow_database_password }}"
-database_type:      "postgres"
+application_id:     "web-app-baserow"
+database_password:  "{{ applications | get_app_conf(application_id, 'credentials.database_password', True) }}"
+database_type:      "postgres"
+baserow_version:    "{{ applications | get_app_conf(application_id, 'docker.services.baserow.version', True) }}"
+baserow_image:      "{{ applications | get_app_conf(application_id, 'docker.services.baserow.image', True) }}"
+baserow_name:       "{{ applications | get_app_conf(application_id, 'docker.services.baserow.name', True) }}"
+baserow_volume:     "{{ applications | get_app_conf(application_id, 'docker.services.volumes.data', True) }}"

roles/web-app-coturn/templates/docker-compose.yml.j2

@@ -1,24 +1,8 @@
 {% include 'roles/docker-compose/templates/base.yml.j2' %}
-  application:
-{% include 'roles/docker-container/templates/base.yml.j2' %}
-    image: "gitea/gitea:{{applications.gitea.version}}"
-    ports:
-      - "127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}"
-      - "{{ports.public.ssh[application_id]}}:22"
-    volumes:
-      - data:/data
-      - /etc/timezone:/etc/timezone:ro
-      - /etc/localtime:/etc/localtime:ro
-{% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}
-
-{% include 'roles/docker-container/templates/networks.yml.j2' %}
-{% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}
-
-{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
-  data:
-
-{% include 'roles/docker-compose/templates/networks.yml.j2' %}
+  
   coturn:
+{% include 'roles/docker-container/templates/base.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
     image: coturn/coturn
     restart: always
     network_mode: "host"  # Nutzt die Host-IP für externe Erreichbarkeit (optional)
@@ -58,6 +42,8 @@
       --denied-peer-ip=203.0.113.0-203.0.113.255
       --denied-peer-ip=240.0.0.0-255.255.255.255
 
-volumes:
-  nextcloud:
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
+
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
   coturn-config:
+

roles/web-app-coturn/vars/main.yml

@@ -1,3 +1,2 @@
-application_id:     "coturn"
-container_port:   3000
-#database_type:      "mariadb"
+application_id:     "web-app-coturn"
+container_port:     3000

roles/web-app-discourse/config/main.yml

@@ -1,10 +1,8 @@
-network:    "discourse_default"     # Name of the docker network
-container:  "discourse_application" # Name of the container application
 repository: "discourse_repository"  # Name of the repository folder                 
 features:
   matomo:             true
   css:                true
-  port-ui-desktop:   true
+  port-ui-desktop:    true
   oidc:               true
   central_database:   true
   ldap:               false         # @todo implement and activate
@@ -25,4 +23,13 @@ docker:
     database:
       enabled: true
     redis:
-      enabled: true
+      enabled: true
+    # This container is propably wrong name. 
+    # Chance is high that the name is discourse_application.
+    # @todo check this out and repair it if necessary
+    discourse:
+      name:             "discourse"
+      no_stop_required: true
+  volumes: 
+    data:   discourse_data
+  network:  discourse

roles/web-app-discourse/handlers/main.yml

@@ -1,7 +1,7 @@
 ---
 - name: "stop and remove discourse container if it exist"
   docker_container:
-    name: "{{applications | get_app_conf(application_id, 'container', True)}}"
+    name: "{{ discourse_name }}"
     state: absent
   register: container_action
   failed_when: container_action.failed and 'No such container' not in container_action.msg
@@ -17,7 +17,7 @@
   listen: recreate discourse
 
 - name: rebuild discourse
-  shell: ./launcher rebuild {{applications | get_app_conf(application_id, 'container', True)}}
+  shell: ./launcher rebuild {{ discourse_name }}
   args:
     executable: /bin/bash  
     chdir: "{{docker_repository_directory }}"

roles/web-app-discourse/tasks/main.yml

@@ -43,26 +43,26 @@
   meta: flush_handlers
   when: run_once_docker_discourse is not defined
 
-- name: "Connect {{ applications | get_app_conf(application_id, 'container', True) }} to network {{ applications['svc-db-postgres'].network }}"
+- name: "Connect {{ discourse_name }} to network {{ applications['svc-db-postgres'].network }}"
   command: >
-    docker network connect {{ applications['svc-db-postgres'].network }} {{ applications | get_app_conf(application_id, 'container', True) }}
+    docker network connect {{ applications['svc-db-postgres'].network }} {{ discourse_name }}
   register: network_connect
   failed_when: >
     network_connect.rc != 0 and
-    'Error response from daemon: endpoint with name {{ applications | get_app_conf(application_id, 'container', True) }} already exists in network {{ applications["svc-db-postgres"].network }}'
+    'Error response from daemon: endpoint with name {{ discourse_name }} already exists in network {{ applications["svc-db-postgres"].network }}'
     not in network_connect.stderr
   changed_when: network_connect.rc == 0
   when:
     - applications | get_app_conf(application_id, 'features.central_database', False)
     - run_once_docker_discourse is not defined
 
-- name: "Remove {{ applications | get_app_conf(application_id, 'network', True) }} from {{ database_host }}"
+- name: "Remove {{ discourse_network }} from {{ database_host }}"
   command: >
-    docker network disconnect {{ applications | get_app_conf(application_id, 'network', True) }} {{ database_host }}
+    docker network disconnect {{ discourse_network }} {{ database_host }}
   register: network_disconnect
   failed_when: >
     network_disconnect.rc != 0 and
-    'is not connected to network {{ applications | get_app_conf(application_id, 'network', True) }}' not in network_disconnect.stderr
+    'is not connected to network {{ discourse_network }}' not in network_disconnect.stderr
   changed_when: network_disconnect.rc == 0
   when:
     - applications | get_app_conf(application_id, 'features.central_database', False)

roles/web-app-discourse/templates/discourse_application.yml.j2

@@ -90,7 +90,7 @@ env:
 ## The Docker container is stateless; all data is stored in /shared
 volumes:
   - volume:
-      host: discourse_data
+      host: {{ discourse_volume }}
       guest: /shared
   - volume:
       host: /var/discourse/shared/standalone/log/var-log
@@ -178,4 +178,4 @@ run:
 
 docker_args:
   - --network={{application_id}}_default
-  - --name={{applications | get_app_conf(application_id, 'container', True)}}
+  - --name={{ discourse_name }}

roles/web-app-discourse/vars/main.yml

@@ -1,6 +1,15 @@
-application_id:                         "discourse"
+application_id:                         "web-app-discourse"
+
+# Database
 database_password:                      "{{ applications | get_app_conf(application_id, 'credentials.database_password', True) }}"
 database_type:                          "postgres"
-docker_repository_directory :           "{{docker_compose.directories.services}}{{applications | get_app_conf(application_id, 'repository', True)}}/"
-discourse_application_yml_destination:  "{{docker_repository_directory }}containers/{{applications | get_app_conf(application_id, 'container', True)}}.yml"
+
+# Discourse
+discourse_name:                         "{{ applications | get_app_conf(application_id, 'docker.services.discourse.name', True) }}"
+discourse_application_yml_destination:  "{{ docker_repository_directory }}containers/{{discourse_name }}.yml"
+discourse_network:                      "{{ applications | get_app_conf(application_id, 'docker.network', True) }}"
+discourse_volume:                       "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}"
+
+# General Docker Configuration
+docker_repository_directory :           "{{ docker_compose.directories.services}}{{applications | get_app_conf(application_id, 'repository', True) }}/"
 docker_compose_flush_handlers:          false

roles/web-app-elk/defaults/main.yml

@@ -1,2 +1,3 @@
 ---
 docker_elk_compose_path: "/srv/github.com/kevinveenbirkenbach/web-app-elk/"
+elastic_search_password: '' # Just defined to pass the integration test. this role is old and hadn't been used since ages so @todo delete it as soon as you implement it productive

roles/web-app-elk/vars/main.yml

@@ -1 +1 @@
-application_id: elk
+application_id: web-app-elk

roles/web-app-gitea/config/main.yml

@@ -1,6 +1,4 @@
-title:                            "CyMaIS Code Hub"
-images:
-  gitea:                          "gitea/gitea:latest"
+title:                            "CyMaIS Code Hub" # @todo load automatic based on service_porvider infos
 configuration:
   repository:
     enable_push_create_user:      True      # Allow users to push local repositories to Gitea and have them automatically created for a user.
@@ -9,14 +7,14 @@ configuration:
 features:
   matomo:                         true
   css:                            false
-  port-ui-desktop:               true
+  port-ui-desktop:                true
   central_database:               true
   ldap:                           true
   oauth2:                         true
-  oidc:                           false # Deactivated because users aren't auto-created. 
+  oidc:                           false     # Deactivated because users aren't auto-created. 
 oauth2_proxy:
   application:                    "application"
-  port:                           "3000"
+  port:                           "<< defaults_applications[web-app-gitea].docker.services.gitea.port >>"
   acl:
     blacklist:
       - "/user/login"
@@ -40,4 +38,12 @@ domains:
 docker:
   services:
     database:
-      enabled: true
+      enabled: true
+    gitea:                          
+      image:            "gitea/gitea"
+      version:          "latest"
+      no_stop_required: true
+      port:             3000
+      name:             "gitea"
+  volumes:
+    data:             "gitea_data"

roles/web-app-gitea/templates/docker-compose.yml.j2

@@ -2,7 +2,8 @@
 
   application:
 {% include 'roles/docker-container/templates/base.yml.j2' %}
-    image: "{{ applications | get_app_conf(application_id, 'images.gitea', True) }}"
+    image: "{{ gitea_image }}:{{ gitea_version }}"
+    name:  "{{ gitea_name }}"
     ports:
       - "127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}"
       - "{{ports.public.ssh[application_id]}}:22"
@@ -16,5 +17,6 @@
 
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
   data:
+    name: {{ gitea_volume }}
 
 {% include 'roles/docker-compose/templates/networks.yml.j2' %}

roles/web-app-gitea/vars/main.yml

@@ -1,6 +1,5 @@
-application_id:     "gitea"
-container_port:   3000
-database_type:      "mariadb"
+application_id:       "web-app-gitea"
+database_type:        "mariadb"
 gitea_ldap_auth_args:
   - '--name "LDAP ({{ primary_domain }})"'
   - '--host "{{ ldap.server.domain }}"'
@@ -16,3 +15,9 @@ gitea_ldap_auth_args:
   - '--email-attribute "{{ ldap.user.attributes.mail }}"'
   - '--public-ssh-key-attribute "{{ ldap.user.attributes.ssh_public_key }}"'
   - '--synchronize-users'
+gitea_version:   "{{ applications | get_app_conf(application_id, 'docker.services.gitea.version', True) }}"
+gitea_image:     "{{ applications | get_app_conf(application_id, 'docker.services.gitea.image', True) }}"
+gitea_name:      "{{ applications | get_app_conf(application_id, 'docker.services.gitea.name', True) }}"
+gitea_volume:    "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}"
+
+container_port:  "{{ applications | get_app_conf(application_id, 'docker.services.gitea.port', True) }}"

roles/web-app-gitlab/config/main.yml

@@ -10,4 +10,6 @@ docker:
     redis:
       enabled: true
     database: 
-      enabled: true
+      enabled: true
+credentials:
+  initial_root_password: "{{ users.administrator.password }}"

roles/web-app-gitlab/vars/main.yml

@@ -1,2 +1,3 @@
-application_id:     "gitlab"
-database_type:      "postgres"
+application_id:               "gitlab"
+database_type:                "postgres"
+gitlab_initial_root_password: "{{ applications | get_app_conf(application_id, 'credentials.initial_root_password') }}"

roles/web-app-joomla/vars/main.yml

@@ -1,3 +1,2 @@
-application_id:     "joomla"
-database_password:  "{{joomla_database_password}}"
+application_id:     "web-app-joomla"
 database_type:      "postgres"

roles/web-app-listmonk/config/main.yml

@@ -1,11 +1,8 @@
-images:
-  listmonk:                 "listmonk/listmonk:latest"
-public_api_activated:       False                                 # Security hole. Can be used for spaming
-version:                    "latest"                              # Docker Image version
+public_api_activated:       False                                 # Security hole. Can be used for spaming                          # Docker Image version
 features:
   matomo:                   true
   css:                      false
-  port-ui-desktop:         true
+  port-ui-desktop:          true
   central_database:         true
   oidc:                     true
 domains:
@@ -14,4 +11,10 @@ domains:
 docker:
   services:
     database:
-      enabled: true
+      enabled: true
+    listmonk:
+      image:            listmonk/listmonk
+      version:          latest
+      no_stop_required: true
+      name:             listmonk
+      port:             9000

roles/web-app-listmonk/templates/docker-compose.yml.j2

@@ -2,7 +2,8 @@
   application:
 {% set container_healthcheck = 'health' %}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
-    image: "{{ applications | get_app_conf(application_id, 'images.listmonk', True) }}"
+    image: "{{ listmonk_image }}:{{ listmonk_version }}"
+    container_name: "{{ listmonk_name }}"
     ports:
       - "127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}"
     volumes:

roles/web-app-listmonk/vars/main.yml

@@ -1,6 +1,10 @@
-application_id: "listmonk"
+application_id: "web-app-listmonk"
 database_type:  "postgres"
-container_port: "9000"
+
+container_port:   "{{ applications | get_app_conf(application_id, 'docker.services.listmonk.port', True) }}"
+listmonk_version: "{{ applications | get_app_conf(application_id, 'docker.services.listmonk.version', True) }}"
+listmonk_image:   "{{ applications | get_app_conf(application_id, 'docker.services.listmonk.image', True) }}"
+listmonk_name:    "{{ applications | get_app_conf(application_id, 'docker.services.listmonk.name', True) }}"
 
 listmonk_settings:
   - key: "app.root_url"

roles/web-app-mailu/templates/docker-compose.yml.j2

@@ -12,14 +12,14 @@
 {% include 'roles/docker-container/templates/base.yml.j2' %}
     ports:
       - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
-      - "{{networks.internet.ip4}}:25:25"
-      - "{{networks.internet.ip4}}:465:465"
-      - "{{networks.internet.ip4}}:587:587"
-      - "{{networks.internet.ip4}}:110:110"
-      - "{{networks.internet.ip4}}:995:995"
-      - "{{networks.internet.ip4}}:143:143"
-      - "{{networks.internet.ip4}}:993:993"
-      - "{{networks.internet.ip4}}:4190:4190"
+      - "{{ networks.internet.ip4 }}:25:25"
+      - "{{ networks.internet.ip4 }}:465:465"
+      - "{{ networks.internet.ip4 }}:587:587"
+      - "{{ networks.internet.ip4 }}:110:110"
+      - "{{ networks.internet.ip4 }}:995:995"
+      - "{{ networks.internet.ip4 }}:143:143"
+      - "{{ networks.internet.ip4 }}:993:993"
+      - "{{ networks.internet.ip4 }}:4190:4190"
     volumes:
       - "{{docker_compose.directories.volumes}}overrides/nginx:/overrides:ro"
       - "{{cert_mount_directory}}:/certs:ro"

roles/web-app-mastodon/config/main.yml

@@ -1,12 +1,9 @@
-images:
-  mastodon:           "ghcr.io/mastodon/mastodon:latest"
-  streaming:          "ghcr.io/mastodon/mastodon-streaming:latest"
 single_user_mode:     false                                           # Set true for initial setup
-setup:                false                                           # Set true in inventory file to execute the setup and initializing procedures                         
+setup:                false                                           # Set true in inventory file to execute the setup and initializing procedures, don't know if this is still necessary @todo test it                        
 features:
   matomo:             true
   css:                true
-  port-ui-desktop:   true
+  port-ui-desktop:    true
   oidc:               true
   central_database:   true
 domains:
@@ -21,4 +18,14 @@ docker:
     redis:
       enabled: true
     database: 
-      enabled: true
+      enabled: true
+    mastodon: 
+      image:            "ghcr.io/mastodon/mastodon"
+      version:          latest
+      no_stop_required: true
+      name:             "mastodon"
+    streaming: 
+      image:            "ghcr.io/mastodon/mastodon-streaming"
+      version:          latest
+  volumes:
+    data:               "mastodon_data"

roles/web-app-mastodon/tasks/main.yml

@@ -18,13 +18,13 @@
 
 - name: flush docker service
   meta: flush_handlers
-  when: applications.mastodon.setup |bool 
+  when: mastodon_setup |bool 
 
 - name: setup routine for mastodon
   command:
     cmd: "docker-compose run --rm web bundle exec rails db:migrate"
     chdir: "{{docker_compose.directories.instance}}"
-  when: applications.mastodon.setup |bool 
+  when: mastodon_setup |bool 
 
 - name: "include create-administrator.yml for mastodon"
   include_tasks: create-administrator.yml

roles/web-app-mastodon/templates/docker-compose.yml.j2

@@ -3,7 +3,8 @@
   web:
 {% set container_port = 3000 %}
 {% set container_healthcheck = 'health' %}
-    image: "{{ applications | get_app_conf(application_id, 'images.' ~ application_id, True) }}"
+    container_name: {{ mastodon_name }}
+    image: "{{ mastodon_image }}:{{ mastodon_version }}"
 {% include 'roles/docker-container/templates/base.yml.j2' %}
     command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p {{ container_port }}"
 {% include 'roles/docker-container/templates/healthcheck/wget.yml.j2' %}
@@ -17,7 +18,8 @@
   streaming:
 {% set container_port = 4000 %}
 {% set container_healthcheck = 'api/v1/streaming/health' %}
-    image: "{{ applications | get_app_conf(application_id, 'images.streaming', True) }}"
+    container_name: {{ mastodon_streaming_name }}
+    image: "{{ mastodon_streaming_image }}:{{ mastodon_streaming_version }}"
 {% include 'roles/docker-container/templates/base.yml.j2' %}
     command: node ./streaming
 {% include 'roles/docker-container/templates/healthcheck/wget.yml.j2' %}
@@ -27,7 +29,8 @@
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
 
   sidekiq:
-    image: "{{ applications | get_app_conf(application_id, 'images.mastodon', True) }}"
+    container_name: {{ mastodon_sidekiq_name }}
+    image: "{{ mastodon_image }}:{{ mastodon_version }}"
 {% include 'roles/docker-container/templates/base.yml.j2' %}
     command: bundle exec sidekiq
 {% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}
@@ -40,5 +43,5 @@
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
   redis:
   data:
-
+    name: "{{ mastodon_volume }}"
 {% include 'roles/docker-compose/templates/networks.yml.j2' %}

roles/web-app-mastodon/templates/env.j2

@@ -5,7 +5,7 @@
 
 LOCAL_DOMAIN={{domains | get_domain(application_id)}}
 ALTERNATE_DOMAINS="{{ domains.mastodon[1:] | join(',') }}"
-SINGLE_USER_MODE={{applications.mastodon.single_user_mode}}
+SINGLE_USER_MODE={{ applications | get_app_conf(application_id, 'single_user_mode', True) }}
 
 # Credentials
 
@@ -13,15 +13,15 @@ SINGLE_USER_MODE={{applications.mastodon.single_user_mode}}
 # -------
 # Make sure to use `bundle exec rails secret` to generate secrets
 # -------
-SECRET_KEY_BASE=    {{applications.mastodon.credentials.secret_key_base}}
-OTP_SECRET=         {{applications.mastodon.credentials.otp_secret}}
+SECRET_KEY_BASE=    {{ applications | get_app_conf(application_id, 'credentials.secret_key_base') }}
+OTP_SECRET=         {{ applications | get_app_conf(application_id, 'credentials.otp_secret') }}
 
 # Web Push
 # --------
 # Generate with `bundle exec rails mastodon:webpush:generate_vapid_key`
 # --------
-VAPID_PRIVATE_KEY=  {{applications.mastodon.credentials.vapid_private_key}}
-VAPID_PUBLIC_KEY=   {{applications.mastodon.credentials.vapid_public_key}}
+VAPID_PRIVATE_KEY=  {{ applications | get_app_conf(application_id, 'credentials.vapid_private_key') }}
+VAPID_PUBLIC_KEY=   {{ applications | get_app_conf(application_id, 'credentials.vapid_public_key') }}
 
 # Encryption secrets
 # ------------------
@@ -29,9 +29,9 @@ VAPID_PUBLIC_KEY=   {{applications.mastodon.credentials.vapid_public_key}}
 # These are private/secret values, do not share outside hosting environment
 # Use `bin/rails db:encryption:init` to generate fresh secrets
 # Do NOT change these secrets once in use, as this would cause data loss and other issues
-ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=     {{applications.mastodon.credentials.active_record_encryption_deterministic_key}}
-ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=   {{applications.mastodon.credentials.active_record_encryption_key_derivation_salt}}
-ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=           {{applications.mastodon.credentials.active_record_encryption_primary_key}}
+ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=     {{ applications | get_app_conf(application_id, 'credentials.active_record_encryption_deterministic_key') }}
+ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=   {{ applications | get_app_conf(application_id, 'credentials.active_record_encryption_key_derivation_salt') }}
+ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=           {{ applications | get_app_conf(application_id, 'credentials.active_record_encryption_primary_key') }}
 
 DB_HOST={{ database_host }}
 DB_PORT={{ database_port }}

roles/web-app-mastodon/vars/main.yml

@@ -1,2 +1,11 @@
-application_id:      "mastodon"
-database_type:      "postgres"
+application_id:               "web-app-mastodon"
+database_type:                "postgres"
+mastodon_version:             "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.version', True) }}"
+mastodon_image:               "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.image', True) }}"
+mastodon_name:                "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name', True) }}"
+mastodon_volume:              "{{ applications | get_app_conf(application_id, 'docker.services.volumes.data', True) }}"
+mastodon_streaming_version:   "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.version', True) }}"
+mastodon_streaming_image:     "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.image', True) }}"
+mastodon_streaming_name:      "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name', True) }}_streaming"
+mastodon_sidekiq_name:        "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name', True) }}_sidekiq"
+mastodon_setup:               "{{ applications | get_app_conf(application_id, 'setup', True) }}"

roles/web-app-matomo/config/main.yml

@@ -33,8 +33,13 @@ excluded_ips: "{{ networks.internet.values() | list }}"
 docker:
   services:
     matomo:
-      image:  "matomo:latest"
+      image:            "matomo"
+      version:          "latest"
+      name:             "matomo"
+      no_stop_required: true
     database:
       enabled: true
     redis:
-      enabled: false
+      enabled: false
+  volumes: 
+    data: matomo_data 

roles/web-app-matomo/templates/docker-compose.yml.j2

@@ -2,7 +2,7 @@
   application:
 {% set container_port = 80 %}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
-    image: "{{ applications | get_app_conf(application_id, 'docker.services.matomo.image', True) }}"
+    image: "{{ matomo_image }}:{{ matomo_version }}"
     ports:
       - "127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}"
     volumes:
@@ -12,5 +12,6 @@
 {% include 'roles/docker-container/templates/healthcheck/tcp.yml.j2' %}
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
   data:
+    name: {{ matomo_data }}
 
 {% include 'roles/docker-compose/templates/networks.yml.j2' %}

roles/web-app-matomo/vars/main.yml

@@ -4,7 +4,9 @@ database_type:        "mariadb"
 matomo_excluded_ips:  "{{ applications | get_app_conf(application_id, 'excluded_ips', True) }}"
 matomo_index_php_url: "{{ domains | get_url(application_id, web_protocol) }}/index.php"
 matomo_auth_token:    "{{ applications | get_app_conf(application_id, 'credentials.auth_token', True) }}"
-
+matomo_version:       "{{ applications | get_app_conf(application_id, 'docker.services.matomo.version', True) }}"
+matomo_image:         "{{ applications | get_app_conf(application_id, 'docker.services.matomo.image', True) }}"
+matomo_data:          "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}"
 
 # I don't know if this is still necessary
 domain:               "{{ domains | get_domain(application_id) }}"

roles/web-app-matrix-ansible/tasks/main.yml

@@ -3,8 +3,8 @@
   include_role: 
     name: srv-proxy-6-6-domain
   loop:
-    - "{{domains.matrix.element}}"
-    - "{{domains.matrix.synapse}}"
+    - "{{ domains[application_id].element }}"
+    - "{{ domains[application_id].synapse }}"
   loop_control:
     loop_var: domain
 
@@ -80,7 +80,7 @@
   become: false
 
 - name: play matrix-web-app-ansible-deploy
-  local_action: "command ansible-playbook -i {{hosts_path}} {{local_repository_directory}}/setup.yml -vvv --tags={{applications.matrix.playbook_tags}}"
+  local_action: "command ansible-playbook -i {{hosts_path}} {{local_repository_directory}}/setup.yml -vvv --tags={{ applications | get_app_conf(application_id, 'playbook_tags')}}"
   become: false
 
 
@@ -129,13 +129,13 @@
 #- name: add log.config
 #  template: 
 #    src:  "log.config.j2" 
-#    dest: "{{docker_compose.directories.instance}}{{domains.matrix.synapse}}.log.config"
+#    dest: "{{docker_compose.directories.instance}}{{domains[application_id].synapse}}.log.config"
 #  notify: recreate matrix
 #
 ## https://github.com/matrix-org/synapse/issues/6303
 #- name: set correct folder permissions
 #  command:
-#    cmd: "docker run --rm --mount type=volume,src=matrix_synapse_data,dst=/data -e SYNAPSE_SERVER_NAME={{domains.matrix.synapse}} -e SYNAPSE_REPORT_STATS=no --entrypoint /bin/sh matrixdotorg/synapse:latest -c 'chown -vR 991:991 /data'"
+#    cmd: "docker run --rm --mount type=volume,src=matrix_synapse_data,dst=/data -e SYNAPSE_SERVER_NAME={{domains[application_id].synapse}} -e SYNAPSE_REPORT_STATS=no --entrypoint /bin/sh matrixdotorg/synapse:latest -c 'chown -vR 991:991 /data'"
 #
 #- name: add docker-compose.yml
 #  template: 

roles/web-app-matrix-ansible/templates/vars.yml.j2

@@ -8,7 +8,7 @@
 # because you can't change the Domain after deployment.
 #
 # Example value: example.com
-matrix_domain: "{{domains.matrix.synapse}}"
+matrix_domain: "{{domains[application_id].synapse}}"
 
 # The Matrix homeserver software to install.
 # See:

roles/web-app-matrix/config/main.yml

@@ -2,20 +2,24 @@ docker:
   services:
     database:
       enabled: true
-images:
-  synapse:            "matrixdotorg/synapse:latest"
-  element:            "vectorim/element-web:latest"
+    synapse: 
+      version:          latest 
+      image:            matrixdotorg/synapse
+      name:             matrix-synapse
+      no_stop_required: true
+    element: 
+      version:        latest 
+      image:          vectorim/element-web
+      name:           matrix-element
+  volumes: 
+    synapse:          "matrix_synapse_data"
 playbook_tags:        "setup-all,start"                  # For the initial update use: install-all,ensure-matrix-users-created,start
-server_name:          "{{primary_domain}}"               # Adress for the account names etc.
-synapse:
-  version:            "latest"
-element:
-  version:            "latest"
+server_name:          "{{ primary_domain }}"               # Adress for the account names etc.
 setup:                false                              # Set true in inventory file to execute the setup and initializing procedures
 features:
   matomo:             false                              # Deactivated, because in html CSP restricts use
   css:                true
-  port-ui-desktop:   true
+  port-ui-desktop:    true
   oidc:               true                               # Deactivated OIDC due to this issue https://github.com/matrix-org/synapse/issues/10492
   central_database:   true
 csp:

roles/web-app-matrix/tasks/main.yml

@@ -16,8 +16,8 @@
   include_role:
     name: srv-web-7-6-composer
   vars:
-    domain:     "{{domains.matrix.synapse}}"
-    http_port:  "{{ports.localhost.http.matrix_synapse}}"
+    domain:     "{{domains[application_id].synapse}}"
+    http_port:  "{{ports.localhost.http['web-app-matrix_synapse']}}"
 
 - name: create {{well_known_directory}}
   file:
@@ -30,21 +30,21 @@
     src:  "well-known.j2" 
     dest: "{{well_known_directory}}server"
 
-- name: create {{domains.matrix.synapse}}.conf
+- name: create {{domains[application_id].synapse}}.conf
   template: 
     src:  "templates/nginx.conf.j2" 
-    dest: "{{nginx.directories.http.servers}}{{domains.matrix.synapse}}.conf"
+    dest: "{{nginx.directories.http.servers}}{{domains[application_id].synapse}}.conf"
   vars:
-    domain:     "{{domains.matrix.synapse}}" # Didn't work in the past. May it works now. This does not seem to work @todo Check how to solve without declaring set_fact, seems a bug at templates
-    http_port:  "{{ports.localhost.http.matrix_synapse}}"
+    domain:     "{{domains[application_id].synapse}}" # Didn't work in the past. May it works now. This does not seem to work @todo Check how to solve without declaring set_fact, seems a bug at templates
+    http_port:  "{{ports.localhost.http['web-app-matrix_synapse']}}"
   notify: restart nginx
         
 - name: "include role srv-proxy-6-6-domain for {{application_id}}"
   include_role: 
     name: srv-proxy-6-6-domain
   vars:        
-    domain:     "{{domains.matrix.element}}"
-    http_port:  "{{ports.localhost.http.matrix_element}}"
+    domain:     "{{domains[application_id].element}}"
+    http_port:  "{{ports.localhost.http['web-app-matrix_element']}}"
 
 - name: include create-and-seed-database.yml for multiple bridges
   include_tasks: create-and-seed-database.yml
@@ -94,13 +94,13 @@
 - name: add synapse log configuration
   template: 
     src:  "synapse/log.config.j2" 
-    dest: "{{docker_compose.directories.instance}}{{domains.matrix.synapse}}.log.config"
+    dest: "{{docker_compose.directories.instance}}{{domains[application_id].synapse}}.log.config"
   notify: docker compose up
 
 # https://github.com/matrix-org/synapse/issues/6303
 - name: set correct folder permissions
   command:
-    cmd: "docker run --rm --mount type=volume,src=matrix_synapse_data,dst=/data -e SYNAPSE_SERVER_NAME={{domains.matrix.synapse}} -e SYNAPSE_REPORT_STATS=no --entrypoint /bin/sh matrixdotorg/synapse:latest -c 'chown -vR 991:991 /data'"
+    cmd: "docker run --rm --mount type=volume,src=matrix_synapse_data,dst=/data -e SYNAPSE_SERVER_NAME={{domains[application_id].synapse}} -e SYNAPSE_REPORT_STATS=no --entrypoint /bin/sh matrixdotorg/synapse:latest -c 'chown -vR 991:991 /data'"
 
 - name: add docker-compose.yml
   template: 

roles/web-app-matrix/templates/docker-compose.yml.j2

@@ -1,23 +1,23 @@
 {% include 'roles/docker-compose/templates/base.yml.j2' %}
   synapse:
 {% set container_port = 8008 %}
-    image: "{{ applications | get_app_conf(application_id, 'images.synapse', True) }}"
-    container_name: matrix-synapse
+    image: "{{ matrix_synapse_image }}:{{ matrix_synapse_version }}"
+    container_name: {{ matrix_synapse_name }}
     restart: {{docker_restart_policy}}
     logging:
       driver: journald
     volumes:
       - synapse_data:/data
       - ./homeserver.yaml:/data/homeserver.yaml:ro
-      - ./{{domains.matrix.synapse}}.log.config:/data/{{domains.matrix.synapse}}.log.config:ro
+      - ./{{domains[application_id].synapse}}.log.config:/data/{{domains[application_id].synapse}}.log.config:ro
 {% for item in bridges %}
       - {{docker_compose.directories.instance}}mautrix/{{item.bridge_name}}/registration.yaml:{{registration_file_folder}}{{item.bridge_name}}.registration.yaml:ro
 {% endfor %}
     environment:
-      - SYNAPSE_SERVER_NAME={{domains.matrix.synapse}}
+      - SYNAPSE_SERVER_NAME={{domains[application_id].synapse}}
       - SYNAPSE_REPORT_STATS=no
     ports:
-      - "127.0.0.1:{{ports.localhost.http.matrix_synapse}}:{{ container_port }}"
+      - "127.0.0.1:{{ports.localhost.http['web-app-matrix_synapse']}}:{{ container_port }}"
 {% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}
 {% if bridges | length > 0 %}
 {% for item in bridges %}
@@ -30,13 +30,13 @@
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
   element:
 {% set container_port = 80 %}
-    image: "{{ applications | get_app_conf(application_id, 'images.element', True) }}"
-    container_name: matrix-element
+    image: "{{ matrix_element_image }}:{{ matrix_element_version }}"
+    container_name: {{ matrix_element_name }}
     restart: {{docker_restart_policy}}
     volumes:
       - ./element-config.json:/app/config.json
     ports:
-      - "127.0.0.1:{{ports.localhost.http.matrix_element}}:{{ container_port }}"
+      - "127.0.0.1:{{ports.localhost.http['web-app-matrix_element']}}:{{ container_port }}"
 {% include 'roles/docker-container/templates/healthcheck/wget.yml.j2' %}
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
 
@@ -81,7 +81,7 @@
       KEYV_URL: ''
       KEYV_BOT_ENCRYPTION: 'false'
       KEYV_BOT_STORAGE: 'true'
-      MATRIX_HOMESERVER_URL: 'https://{{domains.matrix.synapse}}'
+      MATRIX_HOMESERVER_URL: '{{ web_protocol }}://{{ domains[application_id].synapse }}'
       MATRIX_BOT_USERNAME: '@chatgptbot:{{applications | get_app_conf(application_id, 'server_name', True)}}'
       MATRIX_ACCESS_TOKEN: '{{ applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_access_token', True) | default('') }}'
       MATRIX_BOT_PASSWORD: '{{applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_user_password', True)}}'
@@ -98,8 +98,9 @@
 
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
   synapse_data:
+    name: {{ matrix_synapse_data }}
 {% if applications | get_app_conf(application_id, 'plugins.chatgpt', True) | bool %}
-    chatgpt_data:
+  chatgpt_data:
 {% endif %}
 
 {% include 'roles/docker-compose/templates/networks.yml.j2' %}

roles/web-app-matrix/templates/element.config.json.j2

@@ -1,8 +1,8 @@
 {
     "default_server_config": {
         "m.homeserver": {
-            "base_url": "{{ web_protocol }}://{{domains.matrix.synapse}}",
-            "server_name": "{{domains.matrix.synapse}}"
+            "base_url": "{{ web_protocol }}://{{domains[application_id].synapse}}",
+            "server_name": "{{domains[application_id].synapse}}"
         },
         "m.identity_server": {
             "base_url": "{{ web_protocol }}://{{primary_domain}}"

roles/web-app-matrix/templates/mautrix/facebook.config.yml.j2

@@ -143,7 +143,7 @@ bridge:
     sync_direct_chat_list: false
     # Servers to always allow double puppeting from
     double_puppet_server_map:
-        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{domains.matrix.synapse}}
+        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{domains[application_id].synapse}}
     # Allow using double puppeting from any server with a valid client .well-known file.
     double_puppet_allow_discovery: false
     # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth

roles/web-app-matrix/templates/mautrix/instagram.config.yml.j2

@@ -134,7 +134,7 @@ bridge:
     double_puppet_allow_discovery: false
     # Servers to allow double puppeting from, even if double_puppet_allow_discovery is false.
     double_puppet_server_map:
-        {{applications | get_app_conf(application_id, 'server_name', True)}}: https://{{domains.matrix.synapse}}
+        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ web_protocol }}://{{ domains[application_id].synapse }}
     # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
     #
     # If set, custom puppets will be enabled automatically for local users

roles/web-app-matrix/templates/mautrix/signal.config.yml.j2

@@ -141,7 +141,7 @@ bridge:
     federate_rooms: true
     # Servers to always allow double puppeting from
     double_puppet_server_map:
-        {{applications | get_app_conf(application_id, 'server_name', True)}}: https://{{domains.matrix.synapse}}
+        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ web_protocol }}://{{ domains[application_id].synapse }}
     # Allow using double puppeting from any server with a valid client .well-known file.
     double_puppet_allow_discovery: false
     # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth

roles/web-app-matrix/templates/mautrix/slack.config.yml.j2

@@ -118,7 +118,7 @@ bridge:
 
     # Servers to always allow double puppeting from
     double_puppet_server_map:
-        {{applications | get_app_conf(application_id, 'server_name', True)}}: https://{{domains.matrix.synapse}}
+        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ web_protocol }}://{{ domains[application_id].synapse }}
     # Allow using double puppeting from any server with a valid client .well-known file.
     double_puppet_allow_discovery: false
     # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth

roles/web-app-matrix/templates/mautrix/telegram.config.yml.j2

@@ -198,7 +198,7 @@ bridge:
     sync_direct_chat_list: false
     # Servers to always allow double puppeting from
     double_puppet_server_map:
-        {{applications | get_app_conf(application_id, 'server_name', True)}}: https://{{domains.matrix.synapse}}
+        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ web_protocol }}://{{ domains[application_id].synapse }}
     # Allow using double puppeting from any server with a valid client .well-known file.
     double_puppet_allow_discovery: false
     # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth

roles/web-app-matrix/templates/mautrix/whatsapp.config.yml.j2

@@ -236,7 +236,7 @@ bridge:
     force_active_delivery_receipts: false
     # Servers to always allow double puppeting from
     double_puppet_server_map:
-        {{applications | get_app_conf(application_id, 'server_name', True)}}: https://{{domains.matrix.synapse}}
+        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ web_protocol }}://{{ domains[application_id].synapse }}
     # Allow using double puppeting from any server with a valid client .well-known file.
     double_puppet_allow_discovery: false
     # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth

roles/web-app-matrix/templates/nginx.conf.j2

@@ -1,10 +1,10 @@
 server {
     {# Somehow .j2 doesn't interpretate the passed variable right. For this reasons this redeclaration is necessary #}
     {# Could be that this is related to the set_fact use #}
-    {% set domain = domains.matrix.synapse %}
-    {% set http_port = ports.localhost.http.matrix_synapse %}
+    {% set domain = domains[application_id].synapse %}
+    {% set http_port = ports.localhost.http['web-app-matrix_synapse'] %}
 
-    server_name {{domains.matrix.synapse}};
+    server_name {{domains[application_id].synapse}};
     {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %}
     
     # For the federation port

roles/web-app-matrix/templates/synapse/homeserver.yaml.j2

@@ -17,15 +17,15 @@ database:
     host: "{{database_host}}"
     cp_min: 5
     cp_max: 10
-log_config:                     "/data/{{domains.matrix.synapse}}.log.config"
+log_config:                     "/data/{{domains[application_id].synapse}}.log.config"
 media_store_path:               "/data/media_store"
 registration_shared_secret:     "{{applications | get_app_conf(application_id, 'credentials.registration_shared_secret', True)}}"
 report_stats:                   true
 macaroon_secret_key:            "{{applications | get_app_conf(application_id, 'credentials.macaroon_secret_key', True)}}"
 form_secret:                    "{{applications | get_app_conf(application_id, 'credentials.form_secret', True)}}"
-signing_key_path:               "/data/{{domains.matrix.synapse}}.signing.key"
-web_client_location:            "{{ web_protocol }}://{{domains.matrix.element}}"
-public_baseurl:                 "{{ web_protocol }}://{{domains.matrix.synapse}}"
+signing_key_path:               "/data/{{domains[application_id].synapse}}.signing.key"
+web_client_location:            "{{ web_protocol }}://{{domains[application_id].element}}"
+public_baseurl:                 "{{ web_protocol }}://{{domains[application_id].synapse}}"
 trusted_key_servers:
   - server_name: "matrix.org"
 admin_contact: 'mailto:{{ users.administrator.email }}'
@@ -39,10 +39,10 @@ email:
   #require_transport_security:   true
   enable_tls:                   "{{ system_email.tls | upper }}"
   notif_from:                   "Your Friendly %(app)s homeserver <{{ users['no-reply'].email }}>"
-  app_name:                     "Matrix on {{domains.matrix.synapse}}"
+  app_name:                     "Matrix on {{domains[application_id].synapse}}"
   enable_notifs:                true
   notif_for_new_users:          false
-  client_base_url:              "{{domains.matrix.synapse}}"
+  client_base_url:              "{{domains[application_id].synapse}}"
   validation_token_lifetime:    15m
 
 {% if applications | get_app_conf(application_id, 'features.oidc', False) %}

roles/web-app-matrix/templates/synapse/log.config.j2

@@ -8,7 +8,7 @@ handlers:
   file:
     class: logging.handlers.RotatingFileHandler
     formatter: precise
-    filename: /data/{{domains.matrix.synapse}}.homeserver.log
+    filename: /data/{{domains[application_id].synapse}}.homeserver.log
     maxBytes: 10485760
     backupCount: 3
   console:

roles/web-app-matrix/templates/well-known.j2

@@ -1,3 +1,3 @@
 {
-    "m.server": "{{domains.matrix.synapse}}:{{ WEB_PORT }}"
+    "m.server": "{{domains[application_id].synapse}}:{{ WEB_PORT }}"
 }

roles/web-app-matrix/vars/main.yml

@@ -1,5 +1,12 @@
 ---
-application_id:           "matrix"
+application_id:           "web-app-matrix"
 database_type:            "postgres"
 registration_file_folder: "/data/"
-well_known_directory:     "{{nginx.directories.data.well_known}}/matrix/"
+well_known_directory:     "{{nginx.directories.data.well_known}}/matrix/"
+matrix_synapse_version:   "{{ applications | get_app_conf(application_id, 'docker.services.synapse.version', True) }}"
+matrix_synapse_image:     "{{ applications | get_app_conf(application_id, 'docker.services.synapse.image', True) }}"
+matrix_synapse_name:      "{{ applications | get_app_conf(application_id, 'docker.services.synapse.name', True) }}"
+matrix_synapse_data:      "{{ applications | get_app_conf(application_id, 'docker.volumes.synapse', True) }}"
+matrix_element_version:   "{{ applications | get_app_conf(application_id, 'docker.services.element.version', True) }}"
+matrix_element_image:     "{{ applications | get_app_conf(application_id, 'docker.services.element.image', True) }}"
+matrix_element_name:      "{{ applications | get_app_conf(application_id, 'docker.services.element.name', True) }}"

roles/web-app-mediawiki/TODO.md

@@ -1,2 +1,3 @@
 # Todo
-- This role needs to be updated to the new role structure
+- This role needs to be updated to the new role structure
+- It needs to be tested - Really antique role which wasn't used since ages, because I used discourse in production instead and just updated the refactored and restructure stuff here. 

roles/web-app-mediawiki/config/main.yml

@@ -1,3 +1,12 @@
 domains:
   canonical:
-    - "wiki.{{ primary_domain }}"
+    - "wiki.{{ primary_domain }}"
+docker:
+  services:
+    mediawiki: 
+      image:    mediawiki
+      version:  latest
+      no_stop_required: true
+      name:     mediawiki
+    volumes:
+      data:     mediawiki_data

roles/web-app-mediawiki/templates/docker-compose.yml.j2

@@ -1,12 +1,10 @@
 {% include 'roles/docker-compose/templates/base.yml.j2' %}
   application:
-    # Seems like image tag got lost. @todo Check and implement if necessary
-      log_driver: journald
-      restart: "{{docker_restart_policy}}"
-      depends_on:
-        - database
+{% include 'roles/docker-container/templates/base.yml.j2' %}
+      container_name: "{{ mediawiki_name }}"
+      image: "{{ mediawiki_image }}:{{ mediawiki_version }}"
       volumes:
-        - "mediawiki-data:/var/www/html/"
+        - "data:/var/www/html/"
       ports:
         - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
@@ -14,5 +12,5 @@
 
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
   data:
-
+    name: {{ mediawiki_volume }}
 {% include 'roles/docker-compose/templates/networks.yml.j2' %}

roles/web-app-mediawiki/vars/main.yml

@@ -1,3 +1,6 @@
-application_id:     "mediawiki"
-database_password:  "{{mediawiki_database_password}}"
-database_type:      "mariadb"
+application_id:     "web-app-mediawiki"
+database_type:      "mariadb"
+mediawiki_version:   "{{ applications | get_app_conf(application_id, 'docker.services.mediawiki.version', True) }}"
+mediawiki_image:     "{{ applications | get_app_conf(application_id, 'docker.services.mediawiki.image', True) }}"
+mediawiki_name:      "{{ applications | get_app_conf(application_id, 'docker.services.mediawiki.name', True) }}"
+mediawiki_volume:    "{{ applications | get_app_conf(application_id, 'docker.services.volumes.data', True) }}"

roles/web-app-mobilizon/config/main.yml

@@ -1,6 +1,6 @@
-titel:        "Mobilizon on {{ primary_domain | upper }}"
+titel:              "Mobilizon on {{ primary_domain | upper }}"
 images:
-  mobilizon:  "docker.io/framasoft/mobilizon"
+  mobilizon:        "docker.io/framasoft/mobilizon"
 features:
   central_database: true
   oidc:             true

roles/web-app-mobilizon/vars/main.yml

@@ -3,6 +3,5 @@ application_id:                 mobilizon
 database_type:                  "postgres"
 database_gis_enabled:           true
 
-mobilizon_oidc_callback_url:    "{{ domains | get_url(application_id, web_protocol) }}/auth/openid_connect/callback"
-container_port:  4000
+container_port:                 4000
 mobilizon_host_conf_exs_file:   "{{docker_compose.directories.config}}config.exs"

roles/web-app-mybb/config/main.yml

@@ -1,12 +1,16 @@
 
-version:              "latest"
 features:
   matomo:             true
   css:                true
   port-ui-desktop:   true
   central_database:   true
-
 docker:
   services:
     database:
-      enabled: true
+      enabled: true
+    mybb:
+      image:    "mybb/mybb"
+      version:  "latest"
+      name:     "mybb"
+  volumes:
+    data:       "mybb_data"

roles/web-app-mybb/templates/docker-compose.yml.j2

@@ -4,7 +4,8 @@
       driver: journald
       options:
         tag: "mybb_application"
-    image: mybb/mybb:{{applications.mybb.version}}
+    image: {{ mybb_image }}:{{ mybb_version }}
+    container_name: {{ mybb_name }}
     restart: {{docker_restart_policy}}
     volumes:
       - data:/var/www/html
@@ -27,5 +28,6 @@
 
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
   data:
+    name: {{ mybb_volume }}
 
 {% include 'roles/docker-compose/templates/networks.yml.j2' %}

roles/web-app-mybb/vars/main.yml

@@ -1,8 +1,11 @@
 ---
-application_id:                                  "mybb"
+application_id:                                 "web-app-mybb"
 docker_compose_instance_confd_directory:        "{{docker_compose.directories.instance}}conf.d/"
 docker_compose_instance_confd_defaultconf_file: "{{docker_compose_instance_confd_directory}}default.conf"
 target_mount_conf_d_directory:                  "{{nginx.directories.http.servers}}"
 source_domain:                                  "mybb.{{primary_domain}}"
-database_password:                              "{{mybb_database_password}}"
-database_type:                                  "mariadb"
+database_type:                                  "mariadb"
+mybb_version:                                   "{{ applications | get_app_conf(application_id, 'docker.services.mybb.version', True) }}"
+mybb_image:                                     "{{ applications | get_app_conf(application_id, 'docker.services.mybb.image', True) }}"
+mybb_name:                                      "{{ applications | get_app_conf(application_id, 'docker.services.mybb.name', True) }}"
+mybb_volume:                                    "{{ applications | get_app_conf(application_id, 'docker.services.volumes.data', True) }}"

roles/web-app-nextcloud/config/main.yml

@@ -10,34 +10,53 @@ csp:
       - "data:"
 domains:
   canonical:
-    - "cloud.{{ primary_domain }}"
+    nextcloud:  "cloud.{{ primary_domain }}"
+    # talk:       "talk.{{ primary_domain }}" @todo needs to be activated
 docker:
   services:
     redis:
       enabled: true
     database: 
       enabled: true
+    nextcloud:
+      name:    "nextcloud"
+      image:  "nextcloud"
+      version: "latest-fpm-alpine"
+      no_stop_required: true
+    proxy: 
+      name:     "nextcloud-proxy"
+      image:    "nginx"
+      version:  "alpine"
+    cron:
+      name:     "nextcloud-cron"
+    talk:
+      name:     "nextcloud-talk"
+      image:    "nextcloud/aio-talk"
+      version:  "latest"
+      enabled:  false # Not enabled yet, because just implemented during refactoring and not tested yet. if tested activate
+    # Its in a own role. @todo remove it if it gets implemented via the other role
+    #collabora:
+    #  name:     "nextcloud-collabora"
+    #  image:    "nextcloud-collabora"
+    #  version:  "latest"
 oidc:
-  enabled:                    "{{ applications.nextcloud.features.oidc | default(true) }}"      # Activate OIDC for Nextcloud
+  enabled:  "{{ applications | get_app_conf(application_id, 'features.oidc')"   # Activate OIDC for Nextcloud
   # floavor decides which OICD plugin should be used. 
   # Available options: oidc_login, sociallogin
   # @see https://apps.nextcloud.com/apps/oidc_login
   # @see https://apps.nextcloud.com/apps/sociallogin
-  flavor:                     "oidc_login"                                      # Keeping on sociallogin because the other option is not implemented yet                                             
+  flavor:                       "oidc_login"                                    # Keeping on sociallogin because the other option is not implemented yet                                             
 features:
   matomo:                       true
   css:                          false
-  port-ui-desktop:             true
+  port-ui-desktop:              true
   ldap:                         true
   oidc:                         true
   central_database:             true
 default_quota:                 '1000000000'                                     # Quota to assign if no quota is specified in the OIDC response (bytes)
 legacy_login_mask:   
   enabled:                      False                                           # If true, then legacy  login mask is shown. Otherwise just SSO
-container:
-  application:                  "nextcloud-application"                         # Nextcloud application container name
-  proxy:                        "nextcloud-web"                                 # Nextcloud Proxy Container Name
-  collabora:                    "nextcloud-collabora"                                                   
+                           
 performance:
   php:
     memory_limit:               "{{ ((ansible_memtotal_mb | int) / 30)|int }}M" # Dynamic set memory limit
@@ -146,16 +165,16 @@ plugins:
     enabled: true
   integration_mastodon:
     # Nextcloud Integration Mastodon: connects Nextcloud with the Mastodon social network (https://apps.nextcloud.com/apps/integration_mastodon)
-    enabled: "{{ 'mastodon' in group_names | lower }}"
+    enabled: "{{ 'web-app-mastodon' in group_names | lower }}"
   integration_openai:
     # Nextcloud Integration OpenAI: brings OpenAI functionalities into Nextcloud (https://apps.nextcloud.com/apps/integration_openai)
     enabled: false
   integration_openproject:
     # Nextcloud Integration OpenProject: integrates project management features from OpenProject (https://apps.nextcloud.com/apps/integration_openproject)
-    enabled: "{{ 'openproject' in group_names | lower }}"
+    enabled: "{{ 'web-app-openproject' in group_names | lower }}"
   integration_peertube:
     # Nextcloud Integration PeerTube: connects to PeerTube for video sharing (https://apps.nextcloud.com/apps/integration_peertube)
-    enabled: "{{ 'peertube' in group_names | lower }}"
+    enabled: "{{ 'web-app-peertube' in group_names | lower }}"
   #keeweb 
   #  # Nextcloud KeeWeb: integrates the KeeWeb password manager within Nextcloud (https://apps.nextcloud.com/apps/keeweb)
   #  # This isn't maintained anymore. The alternatives don't support keepass files
@@ -216,13 +235,13 @@ plugins:
   #  enabled: false
   twofactor_nextcloud_notification:
     # Nextcloud two-factor notification: sends notifications for two-factor authentication events (https://apps.nextcloud.com/apps/twofactor_nextcloud_notification)
-    enabled: "{{ not applications.nextcloud.features.oidc | default(true) }}" # Deactivate 2FA if oidc is active
+    enabled: "{{ not applications | get_app_conf('web-app-nextcloud', 'features.oidc', False, True) }}" # Deactivate 2FA if oidc is active
   twofactor_totp:
     # Nextcloud two-factor TOTP: provides time-based one-time password authentication (https://apps.nextcloud.com/apps/twofactor_totp)
-    enabled: "{{ not applications.nextcloud.features.oidc | default(true) }}" # Deactivate 2FA if oidc is active
+    enabled: "{{ not applications | get_app_conf('web-app-nextcloud', 'features.oidc', False, True) }}" # Deactivate 2FA if oidc is active
   user_ldap:
     # Nextcloud user LDAP: integrates LDAP for user management and authentication (https://apps.nextcloud.com/apps/user_ldap)
-    enabled: "{{ applications.nextcloud.features.ldap | default(true) }}"
+    enabled: "{{ applications | get_app_conf('web-app-nextcloud', 'features.ldap', False, True) }}"
     user_directory:
       enabled:  true # Enables the LDAP User Directory Search
   user_oidc:

roles/web-app-nextcloud/docs/Update.md

@@ -8,7 +8,7 @@ export DOCKER_CLIENT_TIMEOUT=600 &&
 docker-compose down
 ```
 
-Afterwards, update the ***applications.nextcloud.version*** variable to the next version and run this repository with this Ansible role.
+Afterwards, update the ***applications.docker.services.*.version*** variable to the next version and run this repository with this Ansible role.
 
 > **Note:**  
 > It is only possible to update from one to the next major version at a time.  
@@ -25,7 +25,7 @@ docker-compose exec -it application top
 
 If Nextcloud remains in maintenance mode after the update, try the following:
 ```bash
-docker exec -it -u www-data nextcloud-application/var/www/html/occ maintenance:mode --on
+docker exec -it -u www-data nextcloud-application /var/www/html/occ maintenance:mode --on
 docker exec -it -u www-data nextcloud-application /var/www/html/occ upgrade
 docker exec -it -u www-data nextcloud-application /var/www/html/occ maintenance:mode --off
 ```

roles/web-app-nextcloud/handlers/main.yml

@@ -1,6 +1,6 @@
 ---
 - name: restart nextcloud nginx service
   command:
-    cmd: "docker exec {{applications.nextcloud.container.proxy}} nginx -s reload"
+    cmd: "docker exec {{ nextcloud_proxy_name }} nginx -s reload"
   listen: restart nextcloud nginx service
   ignore_errors: true # Ignoring if container is restarting

roles/web-app-nextcloud/tasks/01_config.yml

@@ -8,11 +8,11 @@
 
     - name: Copy include instructions to the container
       command: >
-        docker cp {{ nextcloud_host_include_instructions_file }} {{ applications.nextcloud.container.application }}:{{nextcloud_docker_include_instructions_file}}
+        docker cp {{ nextcloud_host_include_instructions_file }} {{ nextcloud_name }}:{{nextcloud_docker_include_instructions_file}}
 
     - name: Append generated config to config.php only if not present
       command: >
-        docker exec -u {{nextcloud_docker_user}} {{ applications.nextcloud.container.application }} sh -c "
+        docker exec -u {{nextcloud_docker_user}} {{ nextcloud_name }} sh -c "
           grep -q '{{ nextcloud_docker_config_additives_directory }}' {{ nextcloud_docker_config_file }} || 
           cat {{nextcloud_docker_include_instructions_file}} >> {{ nextcloud_docker_config_file }}"
       notify: docker compose restart

roles/web-app-nextcloud/tasks/main.yml

@@ -32,7 +32,7 @@
 - name: create internal nextcloud nginx configuration
   template: 
     src:  "nginx/docker.conf.j2" 
-    dest: "{{docker_compose.directories.volumes}}nginx.conf"
+    dest: "{{ docker_compose.directories.volumes }}nginx.conf"
   notify: restart nextcloud nginx service
 
 - name: Setup config.php 
@@ -43,7 +43,7 @@
 
 - name: Setup Nextcloud Plugins
   include_tasks: 02_plugin.yml
-  loop: "{{applications | get_app_conf(application_id, 'plugins', True) | dict2items }}"
+  loop: "{{ applications | get_app_conf(application_id, 'plugins', True) | dict2items }}"
   loop_control:
     loop_var: plugin_item
   vars:
@@ -55,7 +55,7 @@
 
 - name: Add missing database indices in Nextcloud
   command: >
-    {{nextcloud_docker_exec_occ}} db:add-missing-indices
+    {{ nextcloud_docker_exec_occ }} db:add-missing-indices
   register: db_indices_result
   changed_when: >
     'Adding additional' in db_indices_result.stdout or 
@@ -65,8 +65,8 @@
 
 - name: Ensure Nextcloud administrator is in the 'admin' group
   command: >
-    docker exec -u {{ nextcloud_docker_user }} {{ applications.nextcloud.container.application }}
-    php occ group:adduser admin {{ applications.nextcloud.users.administrator.username }}
+    docker exec -u {{ nextcloud_docker_user }} {{ nextcloud_name }}
+    php occ group:adduser admin {{ nextcloud_administrator_username }}
   register: add_admin_to_group
   changed_when: "'Added user' in add_admin_to_group.stdout"
   failed_when: add_admin_to_group.rc != 0 and "'is already a member of' not in add_admin_to_group.stderr"

roles/web-app-nextcloud/templates/docker-compose.yml.j2

@@ -1,8 +1,8 @@
 {% include 'roles/docker-compose/templates/base.yml.j2' %}
 
   application:
-    image: "nextcloud:{{applications.nextcloud.version}}-fpm-alpine"
-    container_name: {{applications.nextcloud.container.application}}
+    image: "{{ nextcloud_image }}:{{ nextcloud_version }}"
+    container_name: {{ nextcloud_name }}
     volumes:
       - data:{{nextcloud_docker_work_directory}}
       - {{nextcloud_host_config_additives_directory}}:{{nextcloud_docker_config_additives_directory}}:ro
@@ -16,31 +16,25 @@
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
         ipv4_address: 192.168.102.69
 
-  # @Todo activate
-  #nc-talk:
-  #  image: nextcloud/aio-talk:latest
-  #  container_name: talk_hpb
-  #  hostname: hpb_yt
-  #  restart: unless-stopped
-  #  init: true
-  #  ports:
-  #    - 3478:3478/tcp #TURN TCP
-  #    - 3478:3478/udp #TURN UDP
-  #    - 8181:8081/tcp #Signaling
-  #  environment:
-  #    - NC_DOMAIN=cloud.yourdomain.tld
-  #    - TALK_HOST=signaling.yourdomain.tld
-  #    - TURN_SECRET=${TURN_SECRET}
-  #    - SIGNALING_SECRET=${SIGNALING_SECRET}
-  #    - TZ=Europe/Berlin
-  #    - TALK_PORT=3478
-  #    - INTERNAL_SECRET=${INTERNAL_SECRET}
-  #  networks:
-  #    - nxnetwork_yt
+{% if nextcloud_talk_enabled %}
+  talk:
+    {% include 'roles/docker-container/templates/base.yml.j2' %}
+    image: "{{ nextcloud_talk_image }}:{{ nextcloud_talk_version }}"
+    container_name: {{ nextcloud_talk_name }}
+    hostname: hpb_yt
+    init: true
+    ports:
+      - {{ networks.internet.ip4 }}:{{ nextcloud_talk_stun_port }}:3478/tcp #TURN TCP
+      - {{ networks.internet.ip4 }}:{{ nextcloud_talk_stun_port }}:3478/udp #TURN UDP
+      - {{ networks.internet.ip4 }}:8181:8081/tcp                           #Signaling @todo needs to be optimized
+    networks:
+      default:
+        ipv4_address: 192.168.102.68
+{% endif %}
 
-  web:
-    image: nginx:alpine
-    container_name: {{applications.nextcloud.container.proxy}}
+  proxy:
+    image: "{{ nextcloud_proxy_image }}:{{ nextcloud_proxy_version }}"
+    container_name: "{{ nextcloud_proxy_name }}"
     logging:
       driver: journald
     restart: {{docker_restart_policy}}
@@ -57,8 +51,8 @@
         ipv4_address: 192.168.102.67
 
   cron:
-    container_name: nextcloud-cron
-    image: "nextcloud:{{applications.nextcloud.version}}-fpm-alpine"
+    container_name: "{{ nextcloud_cron_name }}"
+    image: "{{ nextcloud_image }}:{{ nextcloud_version }}"
     restart: {{docker_restart_policy}}
     logging:
       driver: journald

roles/web-app-nextcloud/templates/env.j2

@@ -21,7 +21,7 @@ SMTP_PASSWORD=                  {{ users['no-reply'].mailu_token }}
 
 # Email from configuration
 MAIL_FROM_ADDRESS=              "{{ users['no-reply'].username }}"
-MAIL_DOMAIN=                    "{{system_email.domain}}"
+MAIL_DOMAIN=                    "{{ system_email.domain }}"
 
 # Initial Admin Data
 NEXTCLOUD_ADMIN_USER=           "{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}"
@@ -29,7 +29,7 @@ NEXTCLOUD_ADMIN_PASSWORD=       "{{applications | get_app_conf(application_id, '
 
 # Security
 
-NEXTCLOUD_TRUSTED_DOMAINS=      "{{domains | get_domain(application_id)}}"
+NEXTCLOUD_TRUSTED_DOMAINS=      "{{ nextcloud_domains }}"
 # Whitelist local docker gateway in Nextcloud to prevent brute-force throtteling
 TRUSTED_PROXIES=                "{{ networks.internet.values() | select | join(',') }}"
 OVERWRITECLIURL=                "{{ domains | get_url(application_id, web_protocol) }}"
@@ -37,4 +37,17 @@ OVERWRITEPROTOCOL=              "https"
 
 # Redis Configuration
 REDIS_HOST=                     redis
-REDIS_PORT=                     6379
+REDIS_PORT=                     6379
+
+{% if nextcloud_talk_enabled %}
+# Talk Configuration
+# This code was just moved here during refactoring and isn't tested yet.
+# @todo move it to an own env file for encapsulation reasons
+NC_DOMAIN=cloud.yourdomain.tld
+TALK_HOST=signaling.yourdomain.tld
+TURN_SECRET=${TURN_SECRET}
+SIGNALING_SECRET=${SIGNALING_SECRET}
+TZ=Europe/Berlin
+TALK_PORT=3478
+INTERNAL_SECRET=${INTERNAL_SECRET}
+{% endif %}

roles/web-app-nextcloud/vars/main.yml

@@ -1,39 +1,62 @@
 ---
 # General
-application_id:                                     "nextcloud"                                                   # Application identifier
-container_port:                                   80
+application_id:                                 "web-app-nextcloud"                                           # Application identifier
+container_port:                                 80
 
 # Database
-database_password:                                  "{{applications.nextcloud.credentials.database_password}}"    # Database password
-database_type:                                      "mariadb"                                                     # Database flavor
+database_password:                              "{{ applications | get_app_conf(application_id, 'credentials.database_password', True)}}"
+database_type:                                  "mariadb"                                                     # Database flavor
 
 # Networking
-domain:                                             "{{ domains | get_domain(application_id) }}"                                 # Public domain at which Nextcloud will be accessable
-http_port:                                          "{{ ports.localhost.http[application_id] }}"                  # Port at which nextcloud is reachable in the local network
+domain:                                         "{{ domains | get_domain(application_id) }}"                  # Public domain at which Nextcloud will be accessable
+http_port:                                      "{{ ports.localhost.http[application_id] }}"                  # Port at which nextcloud is reachable in the local network
+
+nextcloud_administrator_username:               "{{ applications | get_app_conf(application_id, 'users.administrator.username', True) }}"
 
 # Control Node
-nextcloud_control_node_plugin_vars_directory:       "{{role_path}}/vars/plugins/"                                 # Folder in which the files for the plugin configuration are stored
-nextcloud_control_node_plugin_tasks_directory:      "{{role_path}}/tasks/plugins/"                                # Folder which contains the files for extra plugin configuration tasks
+nextcloud_control_node_plugin_vars_directory:   "{{role_path}}/vars/plugins/"                                 # Folder in which the files for the plugin configuration are stored
+nextcloud_control_node_plugin_tasks_directory:  "{{role_path}}/tasks/plugins/"                                # Folder which contains the files for extra plugin configuration tasks
 
 # Host 
 
 ## Host Paths
-nextcloud_host_config_additives_directory:          "{{docker_compose.directories.volumes}}cymais/"               # This folder is the path to which the additive configurations will be copied
-nextcloud_host_include_instructions_file:           "{{docker_compose.directories.volumes}}includes.php"          # Path to the instruction file on the host. Responsible for loading the additional configurations
+nextcloud_host_config_additives_directory:      "{{docker_compose.directories.volumes}}cymais/"               # This folder is the path to which the additive configurations will be copied
+nextcloud_host_include_instructions_file:       "{{docker_compose.directories.volumes}}includes.php"          # Path to the instruction file on the host. Responsible for loading the additional configurations
+
+nextcloud_domains:                              "{{ domains[application_id].nextcloud }}"
 
 # Docker
 
+nextcloud_version:                              "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.version', True) }}"
+nextcloud_image:                                "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.image', True) }}"
+nextcloud_name:                                 "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.name', True) }}"
+
+nextcloud_proxy_name:                           "{{ applications | get_app_conf(application_id, 'docker.services.proxy.name', True) }}"
+nextcloud_proxy_image:                          "{{ applications | get_app_conf(application_id, 'docker.services.proxy.image', True) }}"
+nextcloud_proxy_version:                        "{{ applications | get_app_conf(application_id, 'docker.services.proxy.version', True) }}"
+
+nextcloud_cron_name:                            "{{ applications | get_app_conf(application_id, 'docker.services.cron.name', True) }}"
+
+nextcloud_talk_name:                            "{{ applications | get_app_conf(application_id, 'docker.services.talk.name', True) }}"
+nextcloud_talk_image:                           "{{ applications | get_app_conf(application_id, 'docker.services.talk.image', True) }}"
+nextcloud_talk_version:                         "{{ applications | get_app_conf(application_id, 'docker.services.talk.version', True) }}"
+nextcloud_talk_enabled:                         "{{ applications | get_app_conf(application_id, 'docker.services.talk.enabled', True) }}"
+nextcloud_talk_stun_port:                       "{{ ports.public.stun[application_id] }}"
+# nextcloud_talk_domain:                          "{{ domains[application_id].talk }}"
+
+#nextcloud_collabora_name:                      "{{ applications | get_app_conf(application_id, 'docker.services.collabora.name', True) }}"                            
+
 ## User Configuration
-nextcloud_docker_user_id:                           82                                                            # UID of the www-data user
-nextcloud_docker_user:                              "www-data"                                                    # Name of the www-data user (Set here to easy change it in the future)
+nextcloud_docker_user_id:                       82                                                            # UID of the www-data user
+nextcloud_docker_user:                          "www-data"                                                    # Name of the www-data user (Set here to easy change it in the future)
 
 ## Internal Paths
-nextcloud_docker_work_directory:                    "/var/www/html/"                                              # Name of the workdir in which the application is stored
-nextcloud_docker_config_directory:                  "{{nextcloud_docker_work_directory}}config/"                  # Folder in which the Nextcloud configurations are stored     
-nextcloud_docker_config_file:                       "{{nextcloud_docker_config_directory}}config.php"             # Path to the Nextcloud configuration file
-nextcloud_docker_config_additives_directory:        "{{nextcloud_docker_config_directory}}cymais/"                # Path to the folder which contains additional configurations
-nextcloud_docker_include_instructions_file:         "/tmp/includes.php"                                           # Path to the temporary file which will be included to the config.php to load the additional configurations
+nextcloud_docker_work_directory:                "/var/www/html/"                                              # Name of the workdir in which the application is stored
+nextcloud_docker_config_directory:              "{{nextcloud_docker_work_directory}}config/"                  # Folder in which the Nextcloud configurations are stored     
+nextcloud_docker_config_file:                   "{{nextcloud_docker_config_directory}}config.php"             # Path to the Nextcloud configuration file
+nextcloud_docker_config_additives_directory:    "{{nextcloud_docker_config_directory}}cymais/"                # Path to the folder which contains additional configurations
+nextcloud_docker_include_instructions_file:     "/tmp/includes.php"                                           # Path to the temporary file which will be included to the config.php to load the additional configurations
 
 ## Execution
-nextcloud_docker_exec:                              "docker exec -u {{ nextcloud_docker_user }} {{ applications.nextcloud.container.application }}" # General execute composition
-nextcloud_docker_exec_occ:                          "{{nextcloud_docker_exec}} {{ nextcloud_docker_work_directory }}occ"                            # Execute docker occ command
+nextcloud_docker_exec:                          "docker exec -u {{ nextcloud_docker_user }} {{ nextcloud_name }}" # General execute composition
+nextcloud_docker_exec_occ:                      "{{nextcloud_docker_exec}} {{ nextcloud_docker_work_directory }}occ"                            # Execute docker occ command

roles/web-app-oauth2-proxy/tasks/main.yml

@@ -1,6 +1,6 @@
 - name: "Transfering oauth2-proxy-keycloak.cfg.j2 to {{(path_docker_compose_instances | get_docker_compose(application_id)).directories.volumes}}"
   template:
     src:  "{{ playbook_dir }}/roles/web-app-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2"
-    dest: "{{(path_docker_compose_instances | get_docker_compose(application_id)).directories.volumes}}{{applications['oauth2-proxy'].configuration_file}}"
+    dest: "{{(path_docker_compose_instances | get_docker_compose(application_id)).directories.volumes}}{{applications | get_app_conf('oauth2-proxy' 'configuration_file')}}"
   notify:
     - docker compose up

roles/web-app-oauth2-proxy/templates/container.yml.j2

@@ -7,5 +7,5 @@
     ports:
       - {{ports.localhost.oauth2_proxy[application_id]}}:4180/tcp
     volumes:
-      - "{{docker_compose.directories.volumes}}{{applications['oauth2-proxy'].configuration_file}}:/oauth2-proxy.cfg"
+      - "{{docker_compose.directories.volumes}}{{applications | get_app_conf('oauth2-proxy' 'configuration_file')}}:/oauth2-proxy.cfg"
 {% endif %}

roles/web-app-openproject/config/main.yml

@@ -1,4 +1,3 @@
-version:              "13"    # Update when available. Sadly no rolling release implemented
 oauth2_proxy:  
   application:        "proxy"
   port:               "80"
@@ -31,4 +30,20 @@ domains:
 docker:
   services:
     database:
-      enabled: true
+      enabled: true
+    web:
+      name:     openproject-web
+      image:    openproject/community
+      version:  "13"    # Update when available. Sadly no rolling release implemented
+      no_stop_required: true
+    seeder:
+      name:     openproject-seeder
+    cron:
+      name:     openproject-cron
+    worker:
+      name:     openproject-worker
+    proxy:
+      name:     openproject-proxy
+    
+  volumes:
+    data: "openproject_data"

roles/web-app-openproject/templates/Dockerfile.j2

@@ -1,4 +1,4 @@
-FROM openproject/community:{{applications.openproject.version}}
+FROM {{ openproject_image }}:{{ openproject_version }}
 
 # If installing a local plugin (using `path:` in the `Gemfile.plugins` above),
 # you will have to copy the plugin code into the container here and use the

roles/web-app-openproject/templates/docker-compose.yml.j2

@@ -17,7 +17,7 @@ x-op-app: &app
   proxy:
 {% include 'roles/docker-container/templates/base.yml.j2' %}
     image: {{custom_openproject_image}}
-    container_name: openproject-proxy
+    container_name: {{ openproject_proxy_name }}
     command: "./docker/prod/proxy"
     ports:
       - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
@@ -33,7 +33,7 @@ x-op-app: &app
     <<: *app
 {% include 'roles/docker-container/templates/base.yml.j2' %}
     command: "./docker/prod/web"
-    container_name: openproject-web
+    container_name: {{ openproject_web_name }}
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
 {% include 'roles/docker-container/templates/depends_on/dmbs_incl.yml.j2' %}
       cache:
@@ -51,7 +51,7 @@ x-op-app: &app
     <<: *app
 {% include 'roles/docker-container/templates/base.yml.j2' %}
     command: "./docker/prod/worker"
-    container_name: openproject-worker
+    container_name: {{ openproject_worker_name }}
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
 {% include 'roles/docker-container/templates/depends_on/dmbs_incl.yml.j2' %}
       cache:
@@ -67,7 +67,7 @@ x-op-app: &app
     <<: *app
 {% include 'roles/docker-container/templates/base.yml.j2' %}
     command: "./docker/prod/cron"
-    container_name: openproject-cron
+    container_name: {{ openproject_cron_name }}
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
 {% include 'roles/docker-container/templates/depends_on/dmbs_incl.yml.j2' %}
       cache:
@@ -81,7 +81,7 @@ x-op-app: &app
   seeder:
     <<: *app
     command: "./docker/prod/seeder"
-    container_name: openproject-seeder
+    container_name: {{ openproject_seeder_name }}
     env_file:
       - "{{docker_compose.files.env}}"
     logging:
@@ -94,5 +94,6 @@ x-op-app: &app
 
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
   data:
+    name: {{ openproject_volume }}
 
 {% include 'roles/docker-compose/templates/networks.yml.j2' %}

roles/web-app-openproject/vars/main.yml

@@ -1,7 +1,15 @@
-application_id:               "openproject"
+application_id:               "web-app-openproject"
 docker_repository_address:    "https://github.com/opf/openproject-deploy"
 database_type:                "postgres"
 docker_repository:            true
+openproject_version:          "{{ applications | get_app_conf(application_id, 'docker.services.web.version', True) }}"
+openproject_image:            "{{ applications | get_app_conf(application_id, 'docker.services.web.image', True) }}"
+openproject_volume:           "{{ applications | get_app_conf(application_id, 'docker.services.volumes.data', True) }}"
+openproject_web_name:         "{{ applications | get_app_conf(application_id, 'docker.services.web.name', True) }}"
+openproject_seeder_name:      "{{ applications | get_app_conf(application_id, 'docker.services.seeder.name', True) }}"
+openproject_cron_name:        "{{ applications | get_app_conf(application_id, 'docker.services.cron.name', True) }}"
+openproject_proxy_name:       "{{ applications | get_app_conf(application_id, 'docker.services.proxy.name', True) }}"
+openproject_worker_name:      "{{ applications | get_app_conf(application_id, 'docker.services.worker.name', True) }}"
       
 openproject_plugins_folder:  "{{docker_compose.directories.volumes}}plugins/"
 

roles/web-app-peertube/config/main.yml

@@ -1,8 +1,7 @@
-version:              "bookworm"
 features:
   matomo:             true
   css:                false
-  port-ui-desktop:   true
+  port-ui-desktop:    true
   central_database:   true
   oidc:               true
 csp:
@@ -30,4 +29,11 @@ docker:
     redis:
       enabled: true
     database: 
-      enabled: true
+      enabled: true
+    peertube: 
+      name:             "peertube"
+      version:          "production-bookworm"
+      image:            "chocobozzz/peertube"
+      no_stop_required: true
+  volumes:
+    data: peertube_data

roles/web-app-peertube/tasks/disable-oidc.yml

@@ -1,5 +1,5 @@
 - name: "Uninstall auth-openid-connect plugin for Peertube"
   command: >
-    docker exec {{ container_name }} \
+    docker exec {{ peertube_name }} \
     npm run plugin:uninstall -- --npm-name {{oidc_plugin}}
   ignore_errors: true

roles/web-app-peertube/tasks/enable-oidc.yml

@@ -4,14 +4,14 @@
 
 - name: Check if OIDC plugin is already installed
   command: >
-    docker exec {{ container_name }} test -d /data/plugins/data/peertube-plugin-auth-openid-connect
+    docker exec {{ peertube_name }} test -d /data/plugins/data/peertube-plugin-auth-openid-connect
   register: peertube_oidc_plugin_check
   failed_when:  false
   changed_when: false
 
 - name: "Install auth-openid-connect plugin for Peertube"
   command: >
-    docker exec {{ container_name }} \
+    docker exec {{ peertube_name }} \
     npm run plugin:install -- --npm-name {{oidc_plugin}}
   when: peertube_oidc_plugin_check.rc != 0
   notify: docker compose up

roles/web-app-peertube/templates/docker-compose.yml.j2

@@ -2,8 +2,8 @@
 
   application:
 {% set container_port = 9000 %}
-    image: chocobozzz/peertube:production-{{ applications | get_app_conf(application_id, 'version', True) }}
-    container_name: {{ container_name }}
+    image: {{ peertube_image }}:{{ peertube_version }}
+    container_name: {{ peertube_name }}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
     ports:
      - "1935:1935"  # @todo Add to ports
@@ -18,6 +18,7 @@
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
   assets:
   data:
+    name: {{ peertube_volume }}
   redis:
   config:
 

roles/web-app-peertube/vars/main.yml

@@ -1,4 +1,7 @@
-application_id: "peertube"
-database_type:  "postgres"
-container_name: "{{ application_id }}"
-oidc_plugin:    "peertube-plugin-auth-openid-connect"
+application_id:     "web-app-peertube"
+database_type:      "postgres"
+oidc_plugin:        "peertube-plugin-auth-openid-connect"
+peertube_version:   "{{ applications | get_app_conf(application_id, 'docker.services.peertube.version', True) }}"
+peertube_image:     "{{ applications | get_app_conf(application_id, 'docker.services.peertube.image', True) }}"
+peertube_name:      "{{ applications | get_app_conf(application_id, 'docker.services.peertube.name', True) }}"
+peertube_volume:    "{{ applications | get_app_conf(application_id, 'docker.services.volumes.data', True) }}"

roles/web-app-pixelfed/config/main.yml

@@ -1,7 +1,4 @@
 titel:                "Pictures on {{primary_domain}}"
-#version:              "latest"
-images:
-  pixelfed:           "zknt/pixelfed:latest"
 features:
   matomo:             true
   css:                false # Needs to be reactivated
@@ -28,4 +25,13 @@ docker:
     redis:
       enabled: true
     database: 
-      enabled: true
+      enabled: true
+    pixelfed:
+      image:           "zknt/pixelfed"
+      version:          "latest"
+      name:             "pixelfed"
+      no_stop_required: true
+    worker: 
+      name:             "pixelfed_worker"
+  volumes:
+    data:               "pixelfed_data"

roles/web-app-pixelfed/templates/docker-compose.yml.j2

@@ -1,7 +1,8 @@
 {% include 'roles/docker-compose/templates/base.yml.j2' %}
 
   application:
-    image: "{{ applications | get_app_conf(application_id, 'images.pixelfed', True) }}"
+    image: "{{ pixelfed_image }}:{{ pixelfed_version }}"
+    container_name: {{ pixelfed_name }}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
     volumes:
       - "data:/var/www/storage"
@@ -11,7 +12,8 @@
 {% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
   worker:
-    image: "{{ applications | get_app_conf(application_id, 'images.pixelfed', True) }}"
+    container_name: {{ pixelfed_worker_name }}
+    image: "{{ pixelfed_image }}:{{ pixelfed_version }}"
 {% include 'roles/docker-container/templates/base.yml.j2' %}
     volumes:
       - "data:/var/www/storage"
@@ -30,5 +32,6 @@
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
   redis:
   data:
+    name: {{ pixelfed_volume }}
 
 {% include 'roles/docker-compose/templates/networks.yml.j2' %}

roles/web-app-pixelfed/vars/main.yml

@@ -1,3 +1,8 @@
-application_id:                                 "pixelfed"
-proxy_extra_configuration: "client_max_body_size 512M;"
-database_type:                                  "mariadb"
+application_id:             "web-app-pixelfed"
+proxy_extra_configuration:  "client_max_body_size 512M;"
+database_type:              "mariadb"
+pixelfed_version:           "{{ applications | get_app_conf(application_id, 'docker.services.pixelfed.version', True) }}"
+pixelfed_image:             "{{ applications | get_app_conf(application_id, 'docker.services.pixelfed.image', True) }}"
+pixelfed_name:              "{{ applications | get_app_conf(application_id, 'docker.services.pixelfed.name', True) }}"
+pixelfed_worker_name:       "{{ applications | get_app_conf(application_id, 'docker.services.worker.name', True) }}"
+pixelfed_volume:            "{{ applications | get_app_conf(application_id, 'docker.services.volumes.data', True) }}"

roles/web-app-port-ui/templates/menu/followus.yml.j2

@@ -12,7 +12,7 @@ followus:
         class: fa-brands fa-mastodon
       url: "{{ web_protocol }}://{{ service_provider.contact.mastodon.split('@')[2] }}/@{{ service_provider.contact.mastodon.split('@')[1] }}"
       identifier: "{{service_provider.contact.mastodon}}"
-      iframe: {{ applications | get_app_conf('mastodon','features.port-ui-desktop',True) }}
+      iframe: {{ applications | get_app_conf('web-app-mastodon','features.port-ui-desktop',True) }}
 {% endif %}
 {% if service_provider.contact.bluesky is defined and service_provider.contact.bluesky != "" %}
     - name: Bluesky
@@ -31,7 +31,7 @@ followus:
           class: fa-solid fa-camera
       identifier: "{{service_provider.contact.pixelfed}}"
       url: "{{ web_protocol }}://{{ service_provider.contact.pixelfed.split('@')[2] }}/@{{ service_provider.contact.pixelfed.split('@')[1] }}"
-      iframe: {{ applications | get_app_conf('pixelfed','features.port-ui-desktop',True) }}
+      iframe: {{ applications | get_app_conf(web-app-pixelfed,'features.port-ui-desktop',True) }}
 {% endif %}
 {% if service_provider.contact.peertube  is defined and service_provider.contact.peertube  != "" %}
     - name: Peertube
@@ -40,7 +40,7 @@ followus:
         class: fa-solid fa-video
       identifier: "{{service_provider.contact.peertube}}"
       url: "{{ web_protocol }}://{{ service_provider.contact.peertube.split('@')[2] }}/@{{ service_provider.contact.peertube.split('@')[1] }}"
-      iframe: {{ applications | get_app_conf('peertube','features.port-ui-desktop',True) }}
+      iframe: {{ applications | get_app_conf('web-app-peertube','features.port-ui-desktop',True) }}
 {% endif %}
 {% if service_provider.contact.wordpress is defined and service_provider.contact.wordpress != "" %}
     - name: Wordpress
@@ -49,7 +49,7 @@ followus:
         class: fa-solid fa-blog
       identifier: "{{service_provider.contact.wordpress}}"
       url: "{{ web_protocol }}://{{ service_provider.contact.wordpress.split('@')[2] }}/@{{ service_provider.contact.wordpress.split('@')[1] }}"
-      iframe: {{ applications | get_app_conf('wordpress','features.port-ui-desktop',True) }}
+      iframe: {{ applications | get_app_conf('web-app-wordpress','features.port-ui-desktop',True) }}
 {% endif %}
 {% if service_provider.contact.friendica is defined and service_provider.contact.friendica != "" %}
     - name: Friendica

roles/web-app-wordpress/config/main.yml

@@ -1,7 +1,7 @@
 title:                "Blog"                                      # Wordpress titel
 plugins:
   wp-discourse:
-    enabled:          "{{ 'discourse' in group_names | lower }}"
+    enabled:          "{{ 'web-app-discourse' in group_names | lower }}"
   daggerhart-openid-connect-generic:
     enabled:          true
   activitypub:
@@ -12,7 +12,6 @@ features:
   port-ui-desktop:   true
   oidc:               true
   central_database:   true
-version:              latest
 csp:
   flags:
     style-src:
@@ -42,7 +41,14 @@ domains:
 docker:
   services:
     database:
-      enabled: true
+      enabled:          true
+    wordpress:
+      version:          latest 
+      image:            wordpress
+      name:             wordpress 
+      no_stop_required: true
+  volumes: 
+    data:               wordpress_data
 rbac:
   roles:
     subscriber:

roles/web-app-wordpress/tasks/plugins/wp-discourse.yml

@@ -5,14 +5,14 @@
 
 - name: Wait for Discourse API
   wait_for:
-    host: "{{ domains | get_domain('discourse') }}"
+    host: "{{ domains | get_domain('web-app-discourse') }}"
     port: 80
     delay: 5
     timeout: 600
 
 - name: Add /var/www/discourse to Git safe.directory
   command: >
-    docker exec {{ applications.discourse.container }} \
+    docker exec {{ applications['web-app-discourse'].docker.service.discourse.name }} \
       git config --global --add safe.directory /var/www/discourse
   args:
     chdir: "{{ docker_compose.directories.instance }}"
@@ -20,7 +20,7 @@
 
 - name: Revoke old WP Discourse API keys via Rails
   command: >
-    docker exec {{ applications.discourse.container }} bash -lc "\
+    docker exec {{ applications['web-app-discourse'].docker.service.discourse.name }} bash -lc "\
       cd /var/www/discourse && \
       script/rails runner \"\
         ApiKey.where(\
@@ -36,7 +36,7 @@
 
 - name: Generate new WP Discourse API key via Rake task
   command: >
-    docker exec {{ applications.discourse.container }} bash -lc "\
+    docker exec {{ applications['web-app-discourse'].docker.service.discourse.name }} bash -lc "\
       cd /var/www/discourse && \
       bin/rake api_key:create_master['WP Discourse Integration']\
     "

roles/web-app-wordpress/templates/Dockerfile.j2

@@ -1,4 +1,4 @@
-FROM wordpress:{{applications | get_app_conf(application_id, 'version', True)}}
+FROM {{ wordpress_image }}:{{ wordpress_version }}
 
 # Install msmtp and update system
 RUN apt-get update && \

roles/web-app-wordpress/templates/docker-compose.yml.j2

@@ -1,8 +1,8 @@
 {% include 'roles/docker-compose/templates/base.yml.j2' %}
   application:
     {% include 'roles/docker-container/templates/base.yml.j2' %}
-    image: {{wordpress_custom_image}}
-    container_name: wordpress-application
+    image: {{ wordpress_custom_image }}
+    container_name: {{ wordpress_name }}
     build:
       context: .
     ports:
@@ -18,3 +18,4 @@
 
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
   data:
+    name:   "{{ wordpress_volume }}"

roles/web-app-wordpress/vars/discourse.yml

@@ -11,7 +11,7 @@ discourse_settings:
 
   - name: discourse_connect
     key: url
-    value: "{{ domains | get_url('discourse', web_protocol) }}"
+    value: "{{ domains | get_url('web-app-discourse', web_protocol) }}"
   - name: discourse_connect
     key: api-key
     value: "{{ vault_discourse_api_key }}"

roles/web-app-wordpress/vars/main.yml

@@ -1,6 +1,10 @@
-application_id:             "wordpress"
-wordpress_max_upload_size:  "64M"
+application_id:             "web-app-wordpress"
 database_type:              "mariadb"
+host_msmtp_conf:            "{{docker_compose.directories.config}}msmtprc.conf"
+wordpress_max_upload_size:  "64M"
 wordpress_custom_image:     "wordpress_custom"
 wordpress_docker_html_path: "/var/www/html"
-host_msmtp_conf:            "{{docker_compose.directories.config}}msmtprc.conf"
+wordpress_version:          "{{ applications | get_app_conf(application_id, 'docker.services.wordpress.version', True) }}"
+wordpress_image:            "{{ applications | get_app_conf(application_id, 'docker.services.wordpress.image', True) }}"
+wordpress_name:             "{{ applications | get_app_conf(application_id, 'docker.services.wordpress.name', True) }}"
+wordpress_volume:           "{{ applications | get_app_conf(application_id, 'docker.services.volumes.data', True) }}"