Restructure and cleaned up in preparation of new backup logic

2025-07-17 22:14:25 +02:00 · 2025-07-15 23:51:51 +02:00 · 2025-07-15 23:51:51 +02:00 · af3ea9039c
commit af3ea9039c
parent c8054ffbc3
106 changed files with 703 additions and 429 deletions
--- a/group_vars/all/00_general.yml
+++ b/group_vars/all/00_general.yml
@ -55,7 +55,19 @@ certbot_cert_path:                        "/etc/letsencrypt/live" # Path contain
 docker_restart_policy:                    "unless-stopped"
 # helper
-_applications_nextcloud_oidc_flavor:      "{{ applications.nextcloud.oidc.flavor | default('oidc_login' if applications.nextcloud.features.ldap | default(true) else 'sociallogin') }}"
+_applications_nextcloud_oidc_flavor: >-
  {{
    applications
      | get_app_conf(
          'web-app-nextcloud',
          'oidc.flavor',
          False,
          'oidc_login'
          if applications
            | get_app_conf('web-app-nextcloud','features.ldap',False)
          else 'sociallogin'
        )
  }}
 # default value if not set via CLI (-e) or in playbook vars
 allowed_applications: []
--- a/group_vars/all/09_ports.yml
+++ b/group_vars/all/09_ports.yml
@ -6,46 +6,46 @@ ports:
      svc-db-mariadb:   3306
    # https://developer.mozilla.org/de/docs/Web/API/WebSockets_API
    websocket:
-      mastodon: 4001
+      web-app-mastodon: 4001
      espocrm: 4002
    oauth2_proxy:
      phpmyadmin: 4181
      lam: 4182
-      openproject: 4183
+      web-app-openproject: 4183
      yourls: 4184
      pgadmin: 4185
      phpldapadmin: 4186
      fusiondirectory: 4187
-      gitea: 4188
+      web-app-gitea: 4188
      snipe-it: 4189
    ldap:
      svc-db-openldap: 389
    http:
-      nextcloud: 8001
+      web-app-nextcloud: 8001
-      gitea: 8002
+      web-app-gitea: 8002
-      wordpress: 8003
+      web-app-wordpress: 8003
-      mediawiki: 8004
+      web-app-mediawiki: 8004
-      mybb: 8005
+      web-app-mybb: 8005
      yourls: 8006
      mailu: 8007
-      elk: 8008
+      web-app-elk: 8008
-      mastodon: 8009
+      web-app-mastodon: 8009
-      pixelfed: 8010
+      web-app-pixelfed: 8010
-      peertube: 8011
+      web-app-peertube: 8011
      funkwhale: 8012
      roulette-wheel: 8013
-      joomla: 8014
+      web-app-joomla: 8014
      attendize: 8015
      pgadmin: 8016
-      baserow: 8017
+      web-app-baserow: 8017
      web-app-matomo: 8018
-      listmonk: 8019
+      web-app-listmonk: 8019
-      discourse: 8020
+      web-app-discourse: 8020
-      matrix_synapse: 8021
+      web-app-matrix_synapse: 8021
-      matrix_element: 8022
+      web-app-matrix_element: 8022
-      openproject: 8023
+      web-app-openproject: 8023
      gitlab: 8024
-      akaunting: 8025
+      web-app-akaunting: 8025
      moodle: 8026
      taiga: 8027
      friendica: 8028
@ -73,11 +73,13 @@ ports:
  public:
    # The following ports should be changed to 22 on the subdomain via stream mapping
    ssh:
-      gitea: 2201
+      web-app-gitea: 2201
      gitlab: 2202
    ldaps:
      svc-db-openldap: 636
    stun:
      bigbluebutton: 3478    # Not sure if it's right placed here or if it should be moved to localhost section
      web-app-nextcloud:     3479
    turn:
      bigbluebutton: 5349    # Not sure if it's right placed here or if it should be moved to localhost section
      web-app-nextcloud:     5350    # Not used yet
--- a/group_vars/all/10_networks.yml
+++ b/group_vars/all/10_networks.yml
@ -8,11 +8,11 @@ defaults_networks:
    # This should be sufficient for the most cases
    # /28 Networks, 14 Usable Ip Addresses
-    akaunting:
+    web-app-akaunting:
      subnet: 192.168.101.0/28
    attendize:
      subnet: 192.168.101.16/28
-    baserow:
+    web-app-baserow:
      subnet: 192.168.101.32/28
    mobilizon:
      subnet: 192.168.101.48/28
@ -22,25 +22,25 @@ defaults_networks:
      subnet: 192.168.101.80/28
    funkwhale:
      subnet: 192.168.101.96/28
-    gitea:
+    web-app-gitea:
      subnet: 192.168.101.112/28
    gitlab:
      subnet: 192.168.101.128/28
-    joomla:
+    web-app-joomla:
      subnet: 192.168.101.144/28
    keycloak:
      subnet: 192.168.101.160/28
-    #svc-db-openldap:
+    web-app-wordpress:
-    #  subnet: 192.168.101.176/28
+      subnet: 192.168.101.176/28
-    listmonk:
+    web-app-listmonk:
      subnet: 192.168.101.192/28
    # Free:
    #  subnet: 192.168.101.208/28
    web-app-matomo:
      subnet: 192.168.101.224/28
-    mastodon:
+    web-app-mastodon:
      subnet: 192.168.101.240/28
-    matrix:
+    web-app-matrix:
      subnet: 192.168.102.0/28
    mailu:
      # Use one of the last container ips for dns resolving so that it isn't used
@ -48,17 +48,17 @@ defaults_networks:
      subnet: 192.168.102.16/28
    moodle:
      subnet: 192.168.102.32/28
-    mybb:
+    web-app-mybb:
      subnet: 192.168.102.48/28
-    nextcloud:
+    web-app-nextcloud:
      subnet: 192.168.102.64/28
-    openproject:
+    web-app-openproject:
      subnet: 192.168.102.80/28
-    peertube:
+    web-app-peertube:
      subnet: 192.168.102.96/28
    phpmyadmin:
      subnet: 192.168.102.112/28
-    pixelfed:
+    web-app-pixelfed:
      subnet: 192.168.102.128/28
    pgadmin:
      subnet: 192.168.102.144/28
@ -68,7 +68,7 @@ defaults_networks:
      subnet: 192.168.102.176/28
    yourls:
      subnet: 192.168.102.192/28
-    discourse:
+    web-app-discourse:
      subnet: 192.168.102.208/28
    sphinx:
      subnet: 192.168.102.224/28
--- a/group_vars/all/15_about.yml
+++ b/group_vars/all/15_about.yml
@ -20,12 +20,12 @@ defaults_service_provider:
      {{ ('@' ~ users.contact.username ~ '.' ~ domains.bluesky.api)
         if 'bluesky' in group_names else '' }}
    email:          "{{ users.contact.username ~ '@' ~ primary_domain if 'mailu' in group_names else '' }}"
-    mastodon:       "{{ '@' ~ users.contact.username ~ '@' ~ domains | get_domain('mastodon') if 'mastodon' in group_names else '' }}"
+    mastodon:       "{{ '@' ~ users.contact.username ~ '@' ~ domains | get_domain('web-app-mastodon') if 'web-app-mastodon' in group_names else '' }}"
-    matrix:         "{{ '@' ~ users.contact.username ~ ':' ~ domains.matrix.synapse if 'matrix' in group_names else '' }}"
+    matrix:         "{{ '@' ~ users.contact.username ~ ':' ~ domains['web-app-matrix'].synapse if 'web-app-matrix' in group_names else '' }}"
-    peertube:       "{{ '@' ~ users.contact.username ~ '@' ~ domains | get_domain('peertube') if 'peertube' in group_names else '' }}"
+    peertube:       "{{ '@' ~ users.contact.username ~ '@' ~ domains | get_domain('web-app-peertube') if 'web-app-peertube' in group_names else '' }}"
-    pixelfed:       "{{ '@' ~ users.contact.username ~ '@' ~ domains | get_domain('pixelfed') if 'pixelfed' in group_names else '' }}"
+    pixelfed:       "{{ '@' ~ users.contact.username ~ '@' ~ domains | get_domain(web-app-pixelfed) if web-app-pixelfed in group_names else '' }}"
    phone:          "+0 000 000 404"
-    wordpress:      "{{ '@' ~ users.contact.username ~ '@' ~ domains | get_domain('wordpress') if 'wordpress' in group_names else '' }}"
+    wordpress:      "{{ '@' ~ users.contact.username ~ '@' ~ domains | get_domain('web-app-wordpress') if 'web-app-wordpress' in group_names else '' }}"
  legal:
    editorial_responsible:  "Johannes Gutenberg"
--- a/group_vars/all/16_storage.yml
+++ b/group_vars/all/16_storage.yml
@ -1,6 +1,3 @@
 ## Enable Storage Optimizer for Docker Volumes
 enable_system_storage_optimizer:  true
 backups_folder_path:              "/Backups/"   # Path to the backups folder
 # Storage Space-Related Configurations          
--- a/roles/desk-nextcloud/Todo.md
+++ b/roles/desk-nextcloud/Todo.md
@ -0,0 +1,2 @@
 # Todos
 - Implement the schema 
--- a/roles/desk-nextcloud/schema/main.yml
+++ b/roles/desk-nextcloud/schema/main.yml
@ -0,0 +1 @@
 cloud_fqdn: # @todo Add detailled scheme for this entry 
--- a/roles/sys-bkp-docker-2-loc/README.md
+++ b/roles/sys-bkp-docker-2-loc/README.md
@ -2,7 +2,7 @@
 ## Description
-This Ansible role automates the process of backing up Docker volumes to a local folder. It pulls the [sys-bkp-docker-2-loc repository](https://github.com/kevinveenbirkenbach/sys-bkp-docker-2-loc.git), installs required software, configures systemd services for both standard and "everything" backup modes, and seeds backup database entries as needed.
+This Ansible role automates the process of backing up Docker volumes to a local folder. It pulls the [backup-docker-to-local](https://github.com/kevinveenbirkenbach/backup-docker-to-local), installs required software, configures systemd services for both standard and "everything" backup modes, and seeds backup database entries as needed.
 ## Overview
@ -20,7 +20,7 @@ Backup Docker Volumes to Local is a comprehensive solution that leverages rsync
 ## Features
 - **Required Software Installation:** Installs necessary packages (e.g., lsof, python-pandas) via pacman.
- **Git Repository Pull:** Automatically pulls the latest version of the [sys-bkp-docker-2-loc repository](https://github.com/kevinveenbirkenbach/sys-bkp-docker-2-loc.git).
+- **Git Repository Pull:** Automatically pulls the latest version of the [backup-docker-to-local](https://github.com/kevinveenbirkenbach/backup-docker-to-local).
 - **Systemd Service Configuration:** Deploys and reloads two systemd service templates to manage backup tasks.
 - **Database Seeding:** Includes tasks to seed and manage a backup database (`databases.csv`) for tracking backup details.
 - **Dependency Integration:** Works in conjunction with the dependent roles listed above to verify and manage backups.
--- a/roles/sys-bkp-docker-2-loc/filter_plugins/init.py
+++ b/roles/sys-bkp-docker-2-loc/filter_plugins/init.py
--- a/roles/sys-bkp-docker-2-loc/filter_plugins/dict_to_cli_args.py
+++ b/roles/sys-bkp-docker-2-loc/filter_plugins/dict_to_cli_args.py
@ -0,0 +1,36 @@
 def dict_to_cli_args(data):
    """
    Convert a dictionary into CLI argument string.
    Example:
    {
        "backup-dir": "/mnt/backups",
        "shutdown": True,
        "ignore-volumes": ["redis", "memcached"]
    }
    becomes:
    --backup-dir=/mnt/backups --shutdown --ignore-volumes="redis memcached"
    """
    if not isinstance(data, dict):
        raise TypeError("Expected a dictionary for CLI argument conversion")
    args = []
    for key, value in data.items():
        cli_key = f"--{key}"
        if isinstance(value, bool):
            if value:
                args.append(cli_key)
        elif isinstance(value, list):
            items = " ".join(map(str, value))
            args.append(f'{cli_key}="{items}"')
        elif value is not None:
            args.append(f'{cli_key}={value}')
    return " ".join(args)
 class FilterModule(object):
    def filters(self):
        return {
            'dict_to_cli_args': dict_to_cli_args
        }
--- a/roles/update-docker/templates/update-docker.py.j2
+++ b/roles/update-docker/templates/update-docker.py.j2
@ -130,8 +130,8 @@ def update_discourse(directory):
    os.chdir(docker_repository_directory )
    if git_pull():
        print("Start Discourse update procedure.")
-        update_procedure("docker stop {{applications.discourse.container}}")
+        update_procedure("docker stop {{applications.discourse.docker.service.discourse.name}}")
-        update_procedure("docker rm {{applications.discourse.container}}")
+        update_procedure("docker rm {{applications.discourse.docker.service.discourse.name}}")
        try:
            update_procedure("docker network connect {{applications.discourse.network}} {{ applications['bpostgres'].hostname }}")
        except subprocess.CalledProcessError as e:
@ -140,7 +140,7 @@ def update_discourse(directory):
                print("Network connection already exists. Skipping...")
            else:
                raise
-        update_procedure("./launcher rebuild {{applications.discourse.container}}")
+        update_procedure("./launcher rebuild {{applications.discourse.docker.service.discourse.name}}")
    else:
        print("Discourse update skipped. No changes in git repository.")
--- a/roles/web-app-akaunting/config/main.yml
+++ b/roles/web-app-akaunting/config/main.yml
@ -1,12 +1,11 @@
-images:
+company:
-  akaunting:      "docker.io/akaunting/akaunting:latest"
+  name:             "Akaunting on {{ primary_domain | upper }}" # @todo load automatic based on service_provider infos, this will fail
-company_name:       "{{primary_domain}}"
+  email:            "{{ users.administrator.email }}" # @todo load automatic based on service_provider infos, this will fail
 company_email:      "{{ users.administrator.email }}"
 setup_admin_email:  "{{ users.administrator.email }}"
 features:
  matomo:           true
  css:              true
-  port-ui-desktop: true
+  port-ui-desktop:  true
  central_database: true
 domains:
  canonical:
@ -15,5 +14,12 @@ docker:
  services:
    database:
      enabled: true
    akaunting:
      no_stop_required: true
      image: docker.io/akaunting/akaunting 
      version: latest
      name: akaunting
  volumes: 
    data: akaunting_data
 credentials: {}
--- a/roles/web-app-akaunting/templates/docker-compose.yml.j2
+++ b/roles/web-app-akaunting/templates/docker-compose.yml.j2
@ -2,12 +2,12 @@
  application:
 {% include 'roles/docker-container/templates/base.yml.j2' %}
-
+    container_name: {{ akaunting_name }}
-    image: "{{ applications | get_app_conf(application_id, 'images.' ~ application_id, True) }}"
+    image: "{{ akaunting_image }}:{{ akaunting_version }}"
    build:
      context: .
    ports:
-      - 127.0.0.1:{{ports.localhost.http[application_id]}}:80
+      - 127.0.0.1:{{ ports.localhost.http[application_id] }}:80
    volumes:
      - data:/var/www/html
    environment:
@ -17,5 +17,7 @@
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  data:
    name: {{ akaunting_volume }}
 {% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/web-app-akaunting/templates/env.j2
+++ b/roles/web-app-akaunting/templates/env.j2
@ -14,8 +14,8 @@ DB_PASSWORD={{database_password}}
 DB_PREFIX=asd_
 # These define the first company to exist on this instance. They are only used during setup.
-COMPANY_NAME={{applications | get_app_conf(application_id, 'company_name', True)}}
+COMPANY_NAME={{applications | get_app_conf(application_id, 'company.name', True)}}
-COMPANY_EMAIL={{applications | get_app_conf(application_id, 'company_email', True)}}
+COMPANY_EMAIL={{applications | get_app_conf(application_id, 'company.email', True)}}
 # This will be the first administrative user created on setup.
 ADMIN_EMAIL={{applications.akaunting.setup_admin_email}}
--- a/roles/web-app-akaunting/vars/main.yml
+++ b/roles/web-app-akaunting/vars/main.yml
@ -1,4 +1,8 @@
-application_id:             "akaunting"
+application_id:             "web-app-akaunting"
 database_type:              "mariadb"
 database_password:          "applications | get_app_conf(application_id, 'credentials.database_password', True)"
 docker_repository_address:  "https://github.com/akaunting/docker.git"
 akaunting_version:          "{{ applications | get_app_conf(application_id, 'docker.services.akaunting.version', True) }}"
 akaunting_image:            "{{ applications | get_app_conf(application_id, 'docker.services.akaunting.image', True) }}"
 akaunting_name:             "{{ applications | get_app_conf(application_id, 'docker.services.akaunting.name', True) }}"
 akaunting_volume:           "{{ applications | get_app_conf(application_id, 'docker.services.volumes.data', True) }}"
--- a/roles/web-app-baserow/config/main.yml
+++ b/roles/web-app-baserow/config/main.yml
@ -1,13 +1,18 @@
 images:
  baserow:            "baserow/baserow:latest"
 features:
  matomo:             true
  css:                true
-  port-ui-desktop:   true
+  port-ui-desktop:    true
  central_database:   true
 docker:
  services:
    redis:
-      enabled:        true
+      enabled:          true
    database:
-      enabled: true
+      enabled:          true
    baserow:  
      no_stop_required: true
      image:            "baserow/baserow"
      version:          "latest"
      name:             "baserow"
    volumes:
      data:             "baserow_data"
--- a/roles/web-app-baserow/templates/docker-compose.yml.j2
+++ b/roles/web-app-baserow/templates/docker-compose.yml.j2
@ -2,8 +2,8 @@
  application:
 {% include 'roles/docker-container/templates/base.yml.j2' %}
-    image: "{{ applications | get_app_conf(application_id, 'images.baserow', True) }}"
+    image: "{{ baserow_image }}:{{ baserow_version }}"
-    container_name: baserow-application
+    container_name: {{ baserow_name }}
    volumes:
      - data:/baserow/data
    ports:
@ -13,6 +13,7 @@
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  data:
    name: {{ baserow_volume }}
  redis:
 {% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/web-app-baserow/vars/main.yml
+++ b/roles/web-app-baserow/vars/main.yml
@ -1,3 +1,7 @@
-application_id:     "baserow"
+application_id:     "web-app-baserow"
-database_password:  "{{ baserow_database_password }}"
+database_password:  "{{ applications | get_app_conf(application_id, 'credentials.database_password', True) }}"
-database_type:      "postgres"
+database_type:      "postgres"
 baserow_version:    "{{ applications | get_app_conf(application_id, 'docker.services.baserow.version', True) }}"
 baserow_image:      "{{ applications | get_app_conf(application_id, 'docker.services.baserow.image', True) }}"
 baserow_name:       "{{ applications | get_app_conf(application_id, 'docker.services.baserow.name', True) }}"
 baserow_volume:     "{{ applications | get_app_conf(application_id, 'docker.services.volumes.data', True) }}"
--- a/roles/web-app-coturn/templates/docker-compose.yml.j2
+++ b/roles/web-app-coturn/templates/docker-compose.yml.j2
@ -1,24 +1,8 @@
 {% include 'roles/docker-compose/templates/base.yml.j2' %}
-  application:
+  
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    image: "gitea/gitea:{{applications.gitea.version}}"
    ports:
      - "127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}"
      - "{{ports.public.ssh[application_id]}}:22"
    volumes:
      - data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
 {% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
 {% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  data:
 {% include 'roles/docker-compose/templates/networks.yml.j2' %}
  coturn:
 {% include 'roles/docker-container/templates/base.yml.j2' %}
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
    image: coturn/coturn
    restart: always
    network_mode: "host"  # Nutzt die Host-IP für externe Erreichbarkeit (optional)
@ -58,6 +42,8 @@
      --denied-peer-ip=203.0.113.0-203.0.113.255
      --denied-peer-ip=240.0.0.0-255.255.255.255
-volumes:
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
-  nextcloud:
+
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  coturn-config:
--- a/roles/web-app-coturn/vars/main.yml
+++ b/roles/web-app-coturn/vars/main.yml
@ -1,3 +1,2 @@
-application_id:     "coturn"
+application_id:     "web-app-coturn"
-container_port:   3000
+container_port:     3000
 #database_type:      "mariadb"
--- a/roles/web-app-discourse/config/main.yml
+++ b/roles/web-app-discourse/config/main.yml
@ -1,10 +1,8 @@
 network:    "discourse_default"     # Name of the docker network
 container:  "discourse_application" # Name of the container application
 repository: "discourse_repository"  # Name of the repository folder                 
 features:
  matomo:             true
  css:                true
-  port-ui-desktop:   true
+  port-ui-desktop:    true
  oidc:               true
  central_database:   true
  ldap:               false         # @todo implement and activate
@ -25,4 +23,13 @@ docker:
    database:
      enabled: true
    redis:
-      enabled: true
+      enabled: true
    # This container is propably wrong name. 
    # Chance is high that the name is discourse_application.
    # @todo check this out and repair it if necessary
    discourse:
      name:             "discourse"
      no_stop_required: true
  volumes: 
    data:   discourse_data
  network:  discourse
--- a/roles/web-app-discourse/handlers/main.yml
+++ b/roles/web-app-discourse/handlers/main.yml
@ -1,7 +1,7 @@
 ---
 - name: "stop and remove discourse container if it exist"
  docker_container:
-    name: "{{applications | get_app_conf(application_id, 'container', True)}}"
+    name: "{{ discourse_name }}"
    state: absent
  register: container_action
  failed_when: container_action.failed and 'No such container' not in container_action.msg
@ -17,7 +17,7 @@
  listen: recreate discourse
 - name: rebuild discourse
-  shell: ./launcher rebuild {{applications | get_app_conf(application_id, 'container', True)}}
+  shell: ./launcher rebuild {{ discourse_name }}
  args:
    executable: /bin/bash  
    chdir: "{{docker_repository_directory }}"
--- a/roles/web-app-discourse/tasks/main.yml
+++ b/roles/web-app-discourse/tasks/main.yml
@ -43,26 +43,26 @@
  meta: flush_handlers
  when: run_once_docker_discourse is not defined
- name: "Connect {{ applications | get_app_conf(application_id, 'container', True) }} to network {{ applications['svc-db-postgres'].network }}"
+- name: "Connect {{ discourse_name }} to network {{ applications['svc-db-postgres'].network }}"
  command: >
-    docker network connect {{ applications['svc-db-postgres'].network }} {{ applications | get_app_conf(application_id, 'container', True) }}
+    docker network connect {{ applications['svc-db-postgres'].network }} {{ discourse_name }}
  register: network_connect
  failed_when: >
    network_connect.rc != 0 and
-    'Error response from daemon: endpoint with name {{ applications | get_app_conf(application_id, 'container', True) }} already exists in network {{ applications["svc-db-postgres"].network }}'
+    'Error response from daemon: endpoint with name {{ discourse_name }} already exists in network {{ applications["svc-db-postgres"].network }}'
    not in network_connect.stderr
  changed_when: network_connect.rc == 0
  when:
    - applications | get_app_conf(application_id, 'features.central_database', False)
    - run_once_docker_discourse is not defined
- name: "Remove {{ applications | get_app_conf(application_id, 'network', True) }} from {{ database_host }}"
+- name: "Remove {{ discourse_network }} from {{ database_host }}"
  command: >
-    docker network disconnect {{ applications | get_app_conf(application_id, 'network', True) }} {{ database_host }}
+    docker network disconnect {{ discourse_network }} {{ database_host }}
  register: network_disconnect
  failed_when: >
    network_disconnect.rc != 0 and
-    'is not connected to network {{ applications | get_app_conf(application_id, 'network', True) }}' not in network_disconnect.stderr
+    'is not connected to network {{ discourse_network }}' not in network_disconnect.stderr
  changed_when: network_disconnect.rc == 0
  when:
    - applications | get_app_conf(application_id, 'features.central_database', False)
--- a/roles/web-app-discourse/templates/discourse_application.yml.j2
+++ b/roles/web-app-discourse/templates/discourse_application.yml.j2
@ -90,7 +90,7 @@ env:
 ## The Docker container is stateless; all data is stored in /shared
 volumes:
  - volume:
-      host: discourse_data
+      host: {{ discourse_volume }}
      guest: /shared
  - volume:
      host: /var/discourse/shared/standalone/log/var-log
@ -178,4 +178,4 @@ run:
 docker_args:
  - --network={{application_id}}_default
-  - --name={{applications | get_app_conf(application_id, 'container', True)}}
+  - --name={{ discourse_name }}
--- a/roles/web-app-discourse/vars/main.yml
+++ b/roles/web-app-discourse/vars/main.yml
@ -1,6 +1,15 @@
-application_id:                         "discourse"
+application_id:                         "web-app-discourse"
 # Database
 database_password:                      "{{ applications | get_app_conf(application_id, 'credentials.database_password', True) }}"
 database_type:                          "postgres"
-docker_repository_directory :           "{{docker_compose.directories.services}}{{applications | get_app_conf(application_id, 'repository', True)}}/"
+
-discourse_application_yml_destination:  "{{docker_repository_directory }}containers/{{applications | get_app_conf(application_id, 'container', True)}}.yml"
+# Discourse
 discourse_name:                         "{{ applications | get_app_conf(application_id, 'docker.services.discourse.name', True) }}"
 discourse_application_yml_destination:  "{{ docker_repository_directory }}containers/{{discourse_name }}.yml"
 discourse_network:                      "{{ applications | get_app_conf(application_id, 'docker.network', True) }}"
 discourse_volume:                       "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}"
 # General Docker Configuration
 docker_repository_directory :           "{{ docker_compose.directories.services}}{{applications | get_app_conf(application_id, 'repository', True) }}/"
 docker_compose_flush_handlers:          false
--- a/roles/web-app-elk/defaults/main.yml
+++ b/roles/web-app-elk/defaults/main.yml
@ -1,2 +1,3 @@
 ---
 docker_elk_compose_path: "/srv/github.com/kevinveenbirkenbach/web-app-elk/"
 elastic_search_password: '' # Just defined to pass the integration test. this role is old and hadn't been used since ages so @todo delete it as soon as you implement it productive
--- a/roles/web-app-elk/vars/main.yml
+++ b/roles/web-app-elk/vars/main.yml
@ -1 +1 @@
-application_id: elk
+application_id: web-app-elk
--- a/roles/web-app-gitea/config/main.yml
+++ b/roles/web-app-gitea/config/main.yml
@ -1,6 +1,4 @@
-title:                            "CyMaIS Code Hub"
+title:                            "CyMaIS Code Hub" # @todo load automatic based on service_porvider infos
 images:
  gitea:                          "gitea/gitea:latest"
 configuration:
  repository:
    enable_push_create_user:      True      # Allow users to push local repositories to Gitea and have them automatically created for a user.
@ -9,14 +7,14 @@ configuration:
 features:
  matomo:                         true
  css:                            false
-  port-ui-desktop:               true
+  port-ui-desktop:                true
  central_database:               true
  ldap:                           true
  oauth2:                         true
-  oidc:                           false # Deactivated because users aren't auto-created. 
+  oidc:                           false     # Deactivated because users aren't auto-created. 
 oauth2_proxy:
  application:                    "application"
-  port:                           "3000"
+  port:                           "<< defaults_applications[web-app-gitea].docker.services.gitea.port >>"
  acl:
    blacklist:
      - "/user/login"
@ -40,4 +38,12 @@ domains:
 docker:
  services:
    database:
-      enabled: true
+      enabled: true
    gitea:                          
      image:            "gitea/gitea"
      version:          "latest"
      no_stop_required: true
      port:             3000
      name:             "gitea"
  volumes:
    data:             "gitea_data"
--- a/roles/web-app-gitea/templates/docker-compose.yml.j2
+++ b/roles/web-app-gitea/templates/docker-compose.yml.j2
@ -2,7 +2,8 @@
  application:
 {% include 'roles/docker-container/templates/base.yml.j2' %}
-    image: "{{ applications | get_app_conf(application_id, 'images.gitea', True) }}"
+    image: "{{ gitea_image }}:{{ gitea_version }}"
    name:  "{{ gitea_name }}"
    ports:
      - "127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}"
      - "{{ports.public.ssh[application_id]}}:22"
@ -16,5 +17,6 @@
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  data:
    name: {{ gitea_volume }}
 {% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/web-app-gitea/vars/main.yml
+++ b/roles/web-app-gitea/vars/main.yml
@ -1,6 +1,5 @@
-application_id:     "gitea"
+application_id:       "web-app-gitea"
-container_port:   3000
+database_type:        "mariadb"
 database_type:      "mariadb"
 gitea_ldap_auth_args:
  - '--name "LDAP ({{ primary_domain }})"'
  - '--host "{{ ldap.server.domain }}"'
@ -16,3 +15,9 @@ gitea_ldap_auth_args:
  - '--email-attribute "{{ ldap.user.attributes.mail }}"'
  - '--public-ssh-key-attribute "{{ ldap.user.attributes.ssh_public_key }}"'
  - '--synchronize-users'
 gitea_version:   "{{ applications | get_app_conf(application_id, 'docker.services.gitea.version', True) }}"
 gitea_image:     "{{ applications | get_app_conf(application_id, 'docker.services.gitea.image', True) }}"
 gitea_name:      "{{ applications | get_app_conf(application_id, 'docker.services.gitea.name', True) }}"
 gitea_volume:    "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}"
 container_port:  "{{ applications | get_app_conf(application_id, 'docker.services.gitea.port', True) }}"
--- a/roles/web-app-gitlab/config/main.yml
+++ b/roles/web-app-gitlab/config/main.yml
@ -10,4 +10,6 @@ docker:
    redis:
      enabled: true
    database: 
-      enabled: true
+      enabled: true
 credentials:
  initial_root_password: "{{ users.administrator.password }}"
--- a/roles/web-app-gitlab/vars/main.yml
+++ b/roles/web-app-gitlab/vars/main.yml
@ -1,2 +1,3 @@
-application_id:     "gitlab"
+application_id:               "gitlab"
-database_type:      "postgres"
+database_type:                "postgres"
 gitlab_initial_root_password: "{{ applications | get_app_conf(application_id, 'credentials.initial_root_password') }}"
--- a/roles/web-app-joomla/vars/main.yml
+++ b/roles/web-app-joomla/vars/main.yml
@ -1,3 +1,2 @@
-application_id:     "joomla"
+application_id:     "web-app-joomla"
 database_password:  "{{joomla_database_password}}"
 database_type:      "postgres"
--- a/roles/web-app-listmonk/config/main.yml
+++ b/roles/web-app-listmonk/config/main.yml
@ -1,11 +1,8 @@
-images:
+public_api_activated:       False                                 # Security hole. Can be used for spaming                          # Docker Image version
  listmonk:                 "listmonk/listmonk:latest"
 public_api_activated:       False                                 # Security hole. Can be used for spaming
 version:                    "latest"                              # Docker Image version
 features:
  matomo:                   true
  css:                      false
-  port-ui-desktop:         true
+  port-ui-desktop:          true
  central_database:         true
  oidc:                     true
 domains:
@ -14,4 +11,10 @@ domains:
 docker:
  services:
    database:
-      enabled: true
+      enabled: true
    listmonk:
      image:            listmonk/listmonk
      version:          latest
      no_stop_required: true
      name:             listmonk
      port:             9000
--- a/roles/web-app-listmonk/templates/docker-compose.yml.j2
+++ b/roles/web-app-listmonk/templates/docker-compose.yml.j2
@ -2,7 +2,8 @@
  application:
 {% set container_healthcheck = 'health' %}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
-    image: "{{ applications | get_app_conf(application_id, 'images.listmonk', True) }}"
+    image: "{{ listmonk_image }}:{{ listmonk_version }}"
    container_name: "{{ listmonk_name }}"
    ports:
      - "127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}"
    volumes:
--- a/roles/web-app-listmonk/vars/main.yml
+++ b/roles/web-app-listmonk/vars/main.yml
@ -1,6 +1,10 @@
-application_id: "listmonk"
+application_id: "web-app-listmonk"
 database_type:  "postgres"
-container_port: "9000"
+
 container_port:   "{{ applications | get_app_conf(application_id, 'docker.services.listmonk.port', True) }}"
 listmonk_version: "{{ applications | get_app_conf(application_id, 'docker.services.listmonk.version', True) }}"
 listmonk_image:   "{{ applications | get_app_conf(application_id, 'docker.services.listmonk.image', True) }}"
 listmonk_name:    "{{ applications | get_app_conf(application_id, 'docker.services.listmonk.name', True) }}"
 listmonk_settings:
  - key: "app.root_url"
--- a/roles/web-app-mailu/templates/docker-compose.yml.j2
+++ b/roles/web-app-mailu/templates/docker-compose.yml.j2
@ -12,14 +12,14 @@
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    ports:
      - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
-      - "{{networks.internet.ip4}}:25:25"
+      - "{{ networks.internet.ip4 }}:25:25"
-      - "{{networks.internet.ip4}}:465:465"
+      - "{{ networks.internet.ip4 }}:465:465"
-      - "{{networks.internet.ip4}}:587:587"
+      - "{{ networks.internet.ip4 }}:587:587"
-      - "{{networks.internet.ip4}}:110:110"
+      - "{{ networks.internet.ip4 }}:110:110"
-      - "{{networks.internet.ip4}}:995:995"
+      - "{{ networks.internet.ip4 }}:995:995"
-      - "{{networks.internet.ip4}}:143:143"
+      - "{{ networks.internet.ip4 }}:143:143"
-      - "{{networks.internet.ip4}}:993:993"
+      - "{{ networks.internet.ip4 }}:993:993"
-      - "{{networks.internet.ip4}}:4190:4190"
+      - "{{ networks.internet.ip4 }}:4190:4190"
    volumes:
      - "{{docker_compose.directories.volumes}}overrides/nginx:/overrides:ro"
      - "{{cert_mount_directory}}:/certs:ro"
--- a/roles/web-app-mastodon/config/main.yml
+++ b/roles/web-app-mastodon/config/main.yml
@ -1,12 +1,9 @@
 images:
  mastodon:           "ghcr.io/mastodon/mastodon:latest"
  streaming:          "ghcr.io/mastodon/mastodon-streaming:latest"
 single_user_mode:     false                                           # Set true for initial setup
-setup:                false                                           # Set true in inventory file to execute the setup and initializing procedures                         
+setup:                false                                           # Set true in inventory file to execute the setup and initializing procedures, don't know if this is still necessary @todo test it                        
 features:
  matomo:             true
  css:                true
-  port-ui-desktop:   true
+  port-ui-desktop:    true
  oidc:               true
  central_database:   true
 domains:
@ -21,4 +18,14 @@ docker:
    redis:
      enabled: true
    database: 
-      enabled: true
+      enabled: true
    mastodon: 
      image:            "ghcr.io/mastodon/mastodon"
      version:          latest
      no_stop_required: true
      name:             "mastodon"
    streaming: 
      image:            "ghcr.io/mastodon/mastodon-streaming"
      version:          latest
  volumes:
    data:               "mastodon_data"
--- a/roles/web-app-mastodon/tasks/main.yml
+++ b/roles/web-app-mastodon/tasks/main.yml
@ -18,13 +18,13 @@
 - name: flush docker service
  meta: flush_handlers
-  when: applications.mastodon.setup |bool 
+  when: mastodon_setup |bool 
 - name: setup routine for mastodon
  command:
    cmd: "docker-compose run --rm web bundle exec rails db:migrate"
    chdir: "{{docker_compose.directories.instance}}"
-  when: applications.mastodon.setup |bool 
+  when: mastodon_setup |bool 
 - name: "include create-administrator.yml for mastodon"
  include_tasks: create-administrator.yml
--- a/roles/web-app-mastodon/templates/docker-compose.yml.j2
+++ b/roles/web-app-mastodon/templates/docker-compose.yml.j2
@ -3,7 +3,8 @@
  web:
 {% set container_port = 3000 %}
 {% set container_healthcheck = 'health' %}
-    image: "{{ applications | get_app_conf(application_id, 'images.' ~ application_id, True) }}"
+    container_name: {{ mastodon_name }}
    image: "{{ mastodon_image }}:{{ mastodon_version }}"
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p {{ container_port }}"
 {% include 'roles/docker-container/templates/healthcheck/wget.yml.j2' %}
@ -17,7 +18,8 @@
  streaming:
 {% set container_port = 4000 %}
 {% set container_healthcheck = 'api/v1/streaming/health' %}
-    image: "{{ applications | get_app_conf(application_id, 'images.streaming', True) }}"
+    container_name: {{ mastodon_streaming_name }}
    image: "{{ mastodon_streaming_image }}:{{ mastodon_streaming_version }}"
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    command: node ./streaming
 {% include 'roles/docker-container/templates/healthcheck/wget.yml.j2' %}
@ -27,7 +29,8 @@
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
  sidekiq:
-    image: "{{ applications | get_app_conf(application_id, 'images.mastodon', True) }}"
+    container_name: {{ mastodon_sidekiq_name }}
    image: "{{ mastodon_image }}:{{ mastodon_version }}"
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    command: bundle exec sidekiq
 {% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}
@ -40,5 +43,5 @@
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  redis:
  data:
-
+    name: "{{ mastodon_volume }}"
 {% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/web-app-mastodon/templates/env.j2
+++ b/roles/web-app-mastodon/templates/env.j2
@ -5,7 +5,7 @@
 LOCAL_DOMAIN={{domains | get_domain(application_id)}}
 ALTERNATE_DOMAINS="{{ domains.mastodon[1:] | join(',') }}"
-SINGLE_USER_MODE={{applications.mastodon.single_user_mode}}
+SINGLE_USER_MODE={{ applications | get_app_conf(application_id, 'single_user_mode', True) }}
 # Credentials
@ -13,15 +13,15 @@ SINGLE_USER_MODE={{applications.mastodon.single_user_mode}}
 # -------
 # Make sure to use `bundle exec rails secret` to generate secrets
 # -------
-SECRET_KEY_BASE=    {{applications.mastodon.credentials.secret_key_base}}
+SECRET_KEY_BASE=    {{ applications | get_app_conf(application_id, 'credentials.secret_key_base') }}
-OTP_SECRET=         {{applications.mastodon.credentials.otp_secret}}
+OTP_SECRET=         {{ applications | get_app_conf(application_id, 'credentials.otp_secret') }}
 # Web Push
 # --------
 # Generate with `bundle exec rails mastodon:webpush:generate_vapid_key`
 # --------
-VAPID_PRIVATE_KEY=  {{applications.mastodon.credentials.vapid_private_key}}
+VAPID_PRIVATE_KEY=  {{ applications | get_app_conf(application_id, 'credentials.vapid_private_key') }}
-VAPID_PUBLIC_KEY=   {{applications.mastodon.credentials.vapid_public_key}}
+VAPID_PUBLIC_KEY=   {{ applications | get_app_conf(application_id, 'credentials.vapid_public_key') }}
 # Encryption secrets
 # ------------------
@ -29,9 +29,9 @@ VAPID_PUBLIC_KEY=   {{applications.mastodon.credentials.vapid_public_key}}
 # These are private/secret values, do not share outside hosting environment
 # Use `bin/rails db:encryption:init` to generate fresh secrets
 # Do NOT change these secrets once in use, as this would cause data loss and other issues
-ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=     {{applications.mastodon.credentials.active_record_encryption_deterministic_key}}
+ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=     {{ applications | get_app_conf(application_id, 'credentials.active_record_encryption_deterministic_key') }}
-ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=   {{applications.mastodon.credentials.active_record_encryption_key_derivation_salt}}
+ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=   {{ applications | get_app_conf(application_id, 'credentials.active_record_encryption_key_derivation_salt') }}
-ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=           {{applications.mastodon.credentials.active_record_encryption_primary_key}}
+ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=           {{ applications | get_app_conf(application_id, 'credentials.active_record_encryption_primary_key') }}
 DB_HOST={{ database_host }}
 DB_PORT={{ database_port }}
--- a/roles/web-app-mastodon/vars/main.yml
+++ b/roles/web-app-mastodon/vars/main.yml
@ -1,2 +1,11 @@
-application_id:      "mastodon"
+application_id:               "web-app-mastodon"
-database_type:      "postgres"
+database_type:                "postgres"
 mastodon_version:             "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.version', True) }}"
 mastodon_image:               "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.image', True) }}"
 mastodon_name:                "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name', True) }}"
 mastodon_volume:              "{{ applications | get_app_conf(application_id, 'docker.services.volumes.data', True) }}"
 mastodon_streaming_version:   "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.version', True) }}"
 mastodon_streaming_image:     "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.image', True) }}"
 mastodon_streaming_name:      "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name', True) }}_streaming"
 mastodon_sidekiq_name:        "{{ applications | get_app_conf(application_id, 'docker.services.mastodon.name', True) }}_sidekiq"
 mastodon_setup:               "{{ applications | get_app_conf(application_id, 'setup', True) }}"
--- a/roles/web-app-matomo/config/main.yml
+++ b/roles/web-app-matomo/config/main.yml
@ -33,8 +33,13 @@ excluded_ips: "{{ networks.internet.values() | list }}"
 docker:
  services:
    matomo:
-      image:  "matomo:latest"
+      image:            "matomo"
      version:          "latest"
      name:             "matomo"
      no_stop_required: true
    database:
      enabled: true
    redis:
-      enabled: false
+      enabled: false
  volumes: 
    data: matomo_data 
--- a/roles/web-app-matomo/templates/docker-compose.yml.j2
+++ b/roles/web-app-matomo/templates/docker-compose.yml.j2
@ -2,7 +2,7 @@
  application:
 {% set container_port = 80 %}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
-    image: "{{ applications | get_app_conf(application_id, 'docker.services.matomo.image', True) }}"
+    image: "{{ matomo_image }}:{{ matomo_version }}"
    ports:
      - "127.0.0.1:{{ports.localhost.http[application_id]}}:{{ container_port }}"
    volumes:
@ -12,5 +12,6 @@
 {% include 'roles/docker-container/templates/healthcheck/tcp.yml.j2' %}
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  data:
    name: {{ matomo_data }}
 {% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/web-app-matomo/vars/main.yml
+++ b/roles/web-app-matomo/vars/main.yml
@ -4,7 +4,9 @@ database_type:        "mariadb"
 matomo_excluded_ips:  "{{ applications | get_app_conf(application_id, 'excluded_ips', True) }}"
 matomo_index_php_url: "{{ domains | get_url(application_id, web_protocol) }}/index.php"
 matomo_auth_token:    "{{ applications | get_app_conf(application_id, 'credentials.auth_token', True) }}"
-
+matomo_version:       "{{ applications | get_app_conf(application_id, 'docker.services.matomo.version', True) }}"
 matomo_image:         "{{ applications | get_app_conf(application_id, 'docker.services.matomo.image', True) }}"
 matomo_data:          "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}"
 # I don't know if this is still necessary
 domain:               "{{ domains | get_domain(application_id) }}"
--- a/roles/web-app-matrix-ansible/tasks/main.yml
+++ b/roles/web-app-matrix-ansible/tasks/main.yml
@ -3,8 +3,8 @@
  include_role: 
    name: srv-proxy-6-6-domain
  loop:
-    - "{{domains.matrix.element}}"
+    - "{{ domains[application_id].element }}"
-    - "{{domains.matrix.synapse}}"
+    - "{{ domains[application_id].synapse }}"
  loop_control:
    loop_var: domain
@ -80,7 +80,7 @@
  become: false
 - name: play matrix-web-app-ansible-deploy
-  local_action: "command ansible-playbook -i {{hosts_path}} {{local_repository_directory}}/setup.yml -vvv --tags={{applications.matrix.playbook_tags}}"
+  local_action: "command ansible-playbook -i {{hosts_path}} {{local_repository_directory}}/setup.yml -vvv --tags={{ applications | get_app_conf(application_id, 'playbook_tags')}}"
  become: false
@ -129,13 +129,13 @@
 #- name: add log.config
 #  template: 
 #    src:  "log.config.j2" 
-#    dest: "{{docker_compose.directories.instance}}{{domains.matrix.synapse}}.log.config"
+#    dest: "{{docker_compose.directories.instance}}{{domains[application_id].synapse}}.log.config"
 #  notify: recreate matrix
 #
 ## https://github.com/matrix-org/synapse/issues/6303
 #- name: set correct folder permissions
 #  command:
-#    cmd: "docker run --rm --mount type=volume,src=matrix_synapse_data,dst=/data -e SYNAPSE_SERVER_NAME={{domains.matrix.synapse}} -e SYNAPSE_REPORT_STATS=no --entrypoint /bin/sh matrixdotorg/synapse:latest -c 'chown -vR 991:991 /data'"
+#    cmd: "docker run --rm --mount type=volume,src=matrix_synapse_data,dst=/data -e SYNAPSE_SERVER_NAME={{domains[application_id].synapse}} -e SYNAPSE_REPORT_STATS=no --entrypoint /bin/sh matrixdotorg/synapse:latest -c 'chown -vR 991:991 /data'"
 #
 #- name: add docker-compose.yml
 #  template: 
--- a/roles/web-app-matrix-ansible/templates/vars.yml.j2
+++ b/roles/web-app-matrix-ansible/templates/vars.yml.j2
@ -8,7 +8,7 @@
 # because you can't change the Domain after deployment.
 #
 # Example value: example.com
-matrix_domain: "{{domains.matrix.synapse}}"
+matrix_domain: "{{domains[application_id].synapse}}"
 # The Matrix homeserver software to install.
 # See:
--- a/roles/web-app-matrix/config/main.yml
+++ b/roles/web-app-matrix/config/main.yml
@ -2,20 +2,24 @@ docker:
  services:
    database:
      enabled: true
-images:
+    synapse: 
-  synapse:            "matrixdotorg/synapse:latest"
+      version:          latest 
-  element:            "vectorim/element-web:latest"
+      image:            matrixdotorg/synapse
      name:             matrix-synapse
      no_stop_required: true
    element: 
      version:        latest 
      image:          vectorim/element-web
      name:           matrix-element
  volumes: 
    synapse:          "matrix_synapse_data"
 playbook_tags:        "setup-all,start"                  # For the initial update use: install-all,ensure-matrix-users-created,start
-server_name:          "{{primary_domain}}"               # Adress for the account names etc.
+server_name:          "{{ primary_domain }}"               # Adress for the account names etc.
 synapse:
  version:            "latest"
 element:
  version:            "latest"
 setup:                false                              # Set true in inventory file to execute the setup and initializing procedures
 features:
  matomo:             false                              # Deactivated, because in html CSP restricts use
  css:                true
-  port-ui-desktop:   true
+  port-ui-desktop:    true
  oidc:               true                               # Deactivated OIDC due to this issue https://github.com/matrix-org/synapse/issues/10492
  central_database:   true
 csp:
--- a/roles/web-app-matrix/tasks/main.yml
+++ b/roles/web-app-matrix/tasks/main.yml
@ -16,8 +16,8 @@
  include_role:
    name: srv-web-7-6-composer
  vars:
-    domain:     "{{domains.matrix.synapse}}"
+    domain:     "{{domains[application_id].synapse}}"
-    http_port:  "{{ports.localhost.http.matrix_synapse}}"
+    http_port:  "{{ports.localhost.http['web-app-matrix_synapse']}}"
 - name: create {{well_known_directory}}
  file:
@ -30,21 +30,21 @@
    src:  "well-known.j2" 
    dest: "{{well_known_directory}}server"
- name: create {{domains.matrix.synapse}}.conf
+- name: create {{domains[application_id].synapse}}.conf
  template: 
    src:  "templates/nginx.conf.j2" 
-    dest: "{{nginx.directories.http.servers}}{{domains.matrix.synapse}}.conf"
+    dest: "{{nginx.directories.http.servers}}{{domains[application_id].synapse}}.conf"
  vars:
-    domain:     "{{domains.matrix.synapse}}" # Didn't work in the past. May it works now. This does not seem to work @todo Check how to solve without declaring set_fact, seems a bug at templates
+    domain:     "{{domains[application_id].synapse}}" # Didn't work in the past. May it works now. This does not seem to work @todo Check how to solve without declaring set_fact, seems a bug at templates
-    http_port:  "{{ports.localhost.http.matrix_synapse}}"
+    http_port:  "{{ports.localhost.http['web-app-matrix_synapse']}}"
  notify: restart nginx
 - name: "include role srv-proxy-6-6-domain for {{application_id}}"
  include_role: 
    name: srv-proxy-6-6-domain
  vars:        
-    domain:     "{{domains.matrix.element}}"
+    domain:     "{{domains[application_id].element}}"
-    http_port:  "{{ports.localhost.http.matrix_element}}"
+    http_port:  "{{ports.localhost.http['web-app-matrix_element']}}"
 - name: include create-and-seed-database.yml for multiple bridges
  include_tasks: create-and-seed-database.yml
@ -94,13 +94,13 @@
 - name: add synapse log configuration
  template: 
    src:  "synapse/log.config.j2" 
-    dest: "{{docker_compose.directories.instance}}{{domains.matrix.synapse}}.log.config"
+    dest: "{{docker_compose.directories.instance}}{{domains[application_id].synapse}}.log.config"
  notify: docker compose up
 # https://github.com/matrix-org/synapse/issues/6303
 - name: set correct folder permissions
  command:
-    cmd: "docker run --rm --mount type=volume,src=matrix_synapse_data,dst=/data -e SYNAPSE_SERVER_NAME={{domains.matrix.synapse}} -e SYNAPSE_REPORT_STATS=no --entrypoint /bin/sh matrixdotorg/synapse:latest -c 'chown -vR 991:991 /data'"
+    cmd: "docker run --rm --mount type=volume,src=matrix_synapse_data,dst=/data -e SYNAPSE_SERVER_NAME={{domains[application_id].synapse}} -e SYNAPSE_REPORT_STATS=no --entrypoint /bin/sh matrixdotorg/synapse:latest -c 'chown -vR 991:991 /data'"
 - name: add docker-compose.yml
  template: 
--- a/roles/web-app-matrix/templates/docker-compose.yml.j2
+++ b/roles/web-app-matrix/templates/docker-compose.yml.j2
@ -1,23 +1,23 @@
 {% include 'roles/docker-compose/templates/base.yml.j2' %}
  synapse:
 {% set container_port = 8008 %}
-    image: "{{ applications | get_app_conf(application_id, 'images.synapse', True) }}"
+    image: "{{ matrix_synapse_image }}:{{ matrix_synapse_version }}"
-    container_name: matrix-synapse
+    container_name: {{ matrix_synapse_name }}
    restart: {{docker_restart_policy}}
    logging:
      driver: journald
    volumes:
      - synapse_data:/data
      - ./homeserver.yaml:/data/homeserver.yaml:ro
-      - ./{{domains.matrix.synapse}}.log.config:/data/{{domains.matrix.synapse}}.log.config:ro
+      - ./{{domains[application_id].synapse}}.log.config:/data/{{domains[application_id].synapse}}.log.config:ro
 {% for item in bridges %}
      - {{docker_compose.directories.instance}}mautrix/{{item.bridge_name}}/registration.yaml:{{registration_file_folder}}{{item.bridge_name}}.registration.yaml:ro
 {% endfor %}
    environment:
-      - SYNAPSE_SERVER_NAME={{domains.matrix.synapse}}
+      - SYNAPSE_SERVER_NAME={{domains[application_id].synapse}}
      - SYNAPSE_REPORT_STATS=no
    ports:
-      - "127.0.0.1:{{ports.localhost.http.matrix_synapse}}:{{ container_port }}"
+      - "127.0.0.1:{{ports.localhost.http['web-app-matrix_synapse']}}:{{ container_port }}"
 {% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}
 {% if bridges | length > 0 %}
 {% for item in bridges %}
@ -30,13 +30,13 @@
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
  element:
 {% set container_port = 80 %}
-    image: "{{ applications | get_app_conf(application_id, 'images.element', True) }}"
+    image: "{{ matrix_element_image }}:{{ matrix_element_version }}"
-    container_name: matrix-element
+    container_name: {{ matrix_element_name }}
    restart: {{docker_restart_policy}}
    volumes:
      - ./element-config.json:/app/config.json
    ports:
-      - "127.0.0.1:{{ports.localhost.http.matrix_element}}:{{ container_port }}"
+      - "127.0.0.1:{{ports.localhost.http['web-app-matrix_element']}}:{{ container_port }}"
 {% include 'roles/docker-container/templates/healthcheck/wget.yml.j2' %}
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
@ -81,7 +81,7 @@
      KEYV_URL: ''
      KEYV_BOT_ENCRYPTION: 'false'
      KEYV_BOT_STORAGE: 'true'
-      MATRIX_HOMESERVER_URL: 'https://{{domains.matrix.synapse}}'
+      MATRIX_HOMESERVER_URL: '{{ web_protocol }}://{{ domains[application_id].synapse }}'
      MATRIX_BOT_USERNAME: '@chatgptbot:{{applications | get_app_conf(application_id, 'server_name', True)}}'
      MATRIX_ACCESS_TOKEN: '{{ applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_access_token', True) | default('') }}'
      MATRIX_BOT_PASSWORD: '{{applications | get_app_conf(application_id, 'credentials.chatgpt_bridge_user_password', True)}}'
@ -98,8 +98,9 @@
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  synapse_data:
    name: {{ matrix_synapse_data }}
 {% if applications | get_app_conf(application_id, 'plugins.chatgpt', True) | bool %}
-    chatgpt_data:
+  chatgpt_data:
 {% endif %}
 {% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/web-app-matrix/templates/element.config.json.j2
+++ b/roles/web-app-matrix/templates/element.config.json.j2
@ -1,8 +1,8 @@
 {
    "default_server_config": {
        "m.homeserver": {
-            "base_url": "{{ web_protocol }}://{{domains.matrix.synapse}}",
+            "base_url": "{{ web_protocol }}://{{domains[application_id].synapse}}",
-            "server_name": "{{domains.matrix.synapse}}"
+            "server_name": "{{domains[application_id].synapse}}"
        },
        "m.identity_server": {
            "base_url": "{{ web_protocol }}://{{primary_domain}}"
--- a/roles/web-app-matrix/templates/mautrix/facebook.config.yml.j2
+++ b/roles/web-app-matrix/templates/mautrix/facebook.config.yml.j2
@ -143,7 +143,7 @@ bridge:
    sync_direct_chat_list: false
    # Servers to always allow double puppeting from
    double_puppet_server_map:
-        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{domains.matrix.synapse}}
+        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{domains[application_id].synapse}}
    # Allow using double puppeting from any server with a valid client .well-known file.
    double_puppet_allow_discovery: false
    # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
--- a/roles/web-app-matrix/templates/mautrix/instagram.config.yml.j2
+++ b/roles/web-app-matrix/templates/mautrix/instagram.config.yml.j2
@ -134,7 +134,7 @@ bridge:
    double_puppet_allow_discovery: false
    # Servers to allow double puppeting from, even if double_puppet_allow_discovery is false.
    double_puppet_server_map:
-        {{applications | get_app_conf(application_id, 'server_name', True)}}: https://{{domains.matrix.synapse}}
+        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ web_protocol }}://{{ domains[application_id].synapse }}
    # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
    #
    # If set, custom puppets will be enabled automatically for local users
--- a/roles/web-app-matrix/templates/mautrix/signal.config.yml.j2
+++ b/roles/web-app-matrix/templates/mautrix/signal.config.yml.j2
@ -141,7 +141,7 @@ bridge:
    federate_rooms: true
    # Servers to always allow double puppeting from
    double_puppet_server_map:
-        {{applications | get_app_conf(application_id, 'server_name', True)}}: https://{{domains.matrix.synapse}}
+        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ web_protocol }}://{{ domains[application_id].synapse }}
    # Allow using double puppeting from any server with a valid client .well-known file.
    double_puppet_allow_discovery: false
    # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
--- a/roles/web-app-matrix/templates/mautrix/slack.config.yml.j2
+++ b/roles/web-app-matrix/templates/mautrix/slack.config.yml.j2
@ -118,7 +118,7 @@ bridge:
    # Servers to always allow double puppeting from
    double_puppet_server_map:
-        {{applications | get_app_conf(application_id, 'server_name', True)}}: https://{{domains.matrix.synapse}}
+        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ web_protocol }}://{{ domains[application_id].synapse }}
    # Allow using double puppeting from any server with a valid client .well-known file.
    double_puppet_allow_discovery: false
    # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
--- a/roles/web-app-matrix/templates/mautrix/telegram.config.yml.j2
+++ b/roles/web-app-matrix/templates/mautrix/telegram.config.yml.j2
@ -198,7 +198,7 @@ bridge:
    sync_direct_chat_list: false
    # Servers to always allow double puppeting from
    double_puppet_server_map:
-        {{applications | get_app_conf(application_id, 'server_name', True)}}: https://{{domains.matrix.synapse}}
+        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ web_protocol }}://{{ domains[application_id].synapse }}
    # Allow using double puppeting from any server with a valid client .well-known file.
    double_puppet_allow_discovery: false
    # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
--- a/roles/web-app-matrix/templates/mautrix/whatsapp.config.yml.j2
+++ b/roles/web-app-matrix/templates/mautrix/whatsapp.config.yml.j2
@ -236,7 +236,7 @@ bridge:
    force_active_delivery_receipts: false
    # Servers to always allow double puppeting from
    double_puppet_server_map:
-        {{applications | get_app_conf(application_id, 'server_name', True)}}: https://{{domains.matrix.synapse}}
+        {{applications | get_app_conf(application_id, 'server_name', True)}}: {{ web_protocol }}://{{ domains[application_id].synapse }}
    # Allow using double puppeting from any server with a valid client .well-known file.
    double_puppet_allow_discovery: false
    # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
--- a/roles/web-app-matrix/templates/nginx.conf.j2
+++ b/roles/web-app-matrix/templates/nginx.conf.j2
@ -1,10 +1,10 @@
 server {
    {# Somehow .j2 doesn't interpretate the passed variable right. For this reasons this redeclaration is necessary #}
    {# Could be that this is related to the set_fact use #}
-    {% set domain = domains.matrix.synapse %}
+    {% set domain = domains[application_id].synapse %}
-    {% set http_port = ports.localhost.http.matrix_synapse %}
+    {% set http_port = ports.localhost.http['web-app-matrix_synapse'] %}
-    server_name {{domains.matrix.synapse}};
+    server_name {{domains[application_id].synapse}};
    {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %}
    # For the federation port
--- a/roles/web-app-matrix/templates/synapse/homeserver.yaml.j2
+++ b/roles/web-app-matrix/templates/synapse/homeserver.yaml.j2
@ -17,15 +17,15 @@ database:
    host: "{{database_host}}"
    cp_min: 5
    cp_max: 10
-log_config:                     "/data/{{domains.matrix.synapse}}.log.config"
+log_config:                     "/data/{{domains[application_id].synapse}}.log.config"
 media_store_path:               "/data/media_store"
 registration_shared_secret:     "{{applications | get_app_conf(application_id, 'credentials.registration_shared_secret', True)}}"
 report_stats:                   true
 macaroon_secret_key:            "{{applications | get_app_conf(application_id, 'credentials.macaroon_secret_key', True)}}"
 form_secret:                    "{{applications | get_app_conf(application_id, 'credentials.form_secret', True)}}"
-signing_key_path:               "/data/{{domains.matrix.synapse}}.signing.key"
+signing_key_path:               "/data/{{domains[application_id].synapse}}.signing.key"
-web_client_location:            "{{ web_protocol }}://{{domains.matrix.element}}"
+web_client_location:            "{{ web_protocol }}://{{domains[application_id].element}}"
-public_baseurl:                 "{{ web_protocol }}://{{domains.matrix.synapse}}"
+public_baseurl:                 "{{ web_protocol }}://{{domains[application_id].synapse}}"
 trusted_key_servers:
  - server_name: "matrix.org"
 admin_contact: 'mailto:{{ users.administrator.email }}'
@ -39,10 +39,10 @@ email:
  #require_transport_security:   true
  enable_tls:                   "{{ system_email.tls | upper }}"
  notif_from:                   "Your Friendly %(app)s homeserver <{{ users['no-reply'].email }}>"
-  app_name:                     "Matrix on {{domains.matrix.synapse}}"
+  app_name:                     "Matrix on {{domains[application_id].synapse}}"
  enable_notifs:                true
  notif_for_new_users:          false
-  client_base_url:              "{{domains.matrix.synapse}}"
+  client_base_url:              "{{domains[application_id].synapse}}"
  validation_token_lifetime:    15m
 {% if applications | get_app_conf(application_id, 'features.oidc', False) %}
--- a/roles/web-app-matrix/templates/synapse/log.config.j2
+++ b/roles/web-app-matrix/templates/synapse/log.config.j2
@ -8,7 +8,7 @@ handlers:
  file:
    class: logging.handlers.RotatingFileHandler
    formatter: precise
-    filename: /data/{{domains.matrix.synapse}}.homeserver.log
+    filename: /data/{{domains[application_id].synapse}}.homeserver.log
    maxBytes: 10485760
    backupCount: 3
  console:
--- a/roles/web-app-matrix/templates/well-known.j2
+++ b/roles/web-app-matrix/templates/well-known.j2
@ -1,3 +1,3 @@
 {
-    "m.server": "{{domains.matrix.synapse}}:{{ WEB_PORT }}"
+    "m.server": "{{domains[application_id].synapse}}:{{ WEB_PORT }}"
 }
--- a/roles/web-app-matrix/vars/main.yml
+++ b/roles/web-app-matrix/vars/main.yml
@ -1,5 +1,12 @@
 ---
-application_id:           "matrix"
+application_id:           "web-app-matrix"
 database_type:            "postgres"
 registration_file_folder: "/data/"
-well_known_directory:     "{{nginx.directories.data.well_known}}/matrix/"
+well_known_directory:     "{{nginx.directories.data.well_known}}/matrix/"
 matrix_synapse_version:   "{{ applications | get_app_conf(application_id, 'docker.services.synapse.version', True) }}"
 matrix_synapse_image:     "{{ applications | get_app_conf(application_id, 'docker.services.synapse.image', True) }}"
 matrix_synapse_name:      "{{ applications | get_app_conf(application_id, 'docker.services.synapse.name', True) }}"
 matrix_synapse_data:      "{{ applications | get_app_conf(application_id, 'docker.volumes.synapse', True) }}"
 matrix_element_version:   "{{ applications | get_app_conf(application_id, 'docker.services.element.version', True) }}"
 matrix_element_image:     "{{ applications | get_app_conf(application_id, 'docker.services.element.image', True) }}"
 matrix_element_name:      "{{ applications | get_app_conf(application_id, 'docker.services.element.name', True) }}"
--- a/roles/web-app-mediawiki/TODO.md
+++ b/roles/web-app-mediawiki/TODO.md
@ -1,2 +1,3 @@
 # Todo
- This role needs to be updated to the new role structure
+- This role needs to be updated to the new role structure
 - It needs to be tested - Really antique role which wasn't used since ages, because I used discourse in production instead and just updated the refactored and restructure stuff here. 
--- a/roles/web-app-mediawiki/config/main.yml
+++ b/roles/web-app-mediawiki/config/main.yml
@ -1,3 +1,12 @@
 domains:
  canonical:
-    - "wiki.{{ primary_domain }}"
+    - "wiki.{{ primary_domain }}"
 docker:
  services:
    mediawiki: 
      image:    mediawiki
      version:  latest
      no_stop_required: true
      name:     mediawiki
    volumes:
      data:     mediawiki_data
--- a/roles/web-app-mediawiki/templates/docker-compose.yml.j2
+++ b/roles/web-app-mediawiki/templates/docker-compose.yml.j2
@ -1,12 +1,10 @@
 {% include 'roles/docker-compose/templates/base.yml.j2' %}
  application:
-    # Seems like image tag got lost. @todo Check and implement if necessary
+{% include 'roles/docker-container/templates/base.yml.j2' %}
-      log_driver: journald
+      container_name: "{{ mediawiki_name }}"
-      restart: "{{docker_restart_policy}}"
+      image: "{{ mediawiki_image }}:{{ mediawiki_version }}"
      depends_on:
        - database
      volumes:
-        - "mediawiki-data:/var/www/html/"
+        - "data:/var/www/html/"
      ports:
        - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
@ -14,5 +12,5 @@
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  data:
-
+    name: {{ mediawiki_volume }}
 {% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/web-app-mediawiki/vars/main.yml
+++ b/roles/web-app-mediawiki/vars/main.yml
@ -1,3 +1,6 @@
-application_id:     "mediawiki"
+application_id:     "web-app-mediawiki"
-database_password:  "{{mediawiki_database_password}}"
+database_type:      "mariadb"
-database_type:      "mariadb"
+mediawiki_version:   "{{ applications | get_app_conf(application_id, 'docker.services.mediawiki.version', True) }}"
 mediawiki_image:     "{{ applications | get_app_conf(application_id, 'docker.services.mediawiki.image', True) }}"
 mediawiki_name:      "{{ applications | get_app_conf(application_id, 'docker.services.mediawiki.name', True) }}"
 mediawiki_volume:    "{{ applications | get_app_conf(application_id, 'docker.services.volumes.data', True) }}"
--- a/roles/web-app-mobilizon/config/main.yml
+++ b/roles/web-app-mobilizon/config/main.yml
@ -1,6 +1,6 @@
-titel:        "Mobilizon on {{ primary_domain | upper }}"
+titel:              "Mobilizon on {{ primary_domain | upper }}"
 images:
-  mobilizon:  "docker.io/framasoft/mobilizon"
+  mobilizon:        "docker.io/framasoft/mobilizon"
 features:
  central_database: true
  oidc:             true
--- a/roles/web-app-mobilizon/vars/main.yml
+++ b/roles/web-app-mobilizon/vars/main.yml
@ -3,6 +3,5 @@ application_id:                 mobilizon
 database_type:                  "postgres"
 database_gis_enabled:           true
-mobilizon_oidc_callback_url:    "{{ domains | get_url(application_id, web_protocol) }}/auth/openid_connect/callback"
+container_port:                 4000
 container_port:  4000
 mobilizon_host_conf_exs_file:   "{{docker_compose.directories.config}}config.exs"
--- a/roles/web-app-mybb/config/main.yml
+++ b/roles/web-app-mybb/config/main.yml
@ -1,12 +1,16 @@
 version:              "latest"
 features:
  matomo:             true
  css:                true
  port-ui-desktop:   true
  central_database:   true
 docker:
  services:
    database:
-      enabled: true
+      enabled: true
    mybb:
      image:    "mybb/mybb"
      version:  "latest"
      name:     "mybb"
  volumes:
    data:       "mybb_data"
--- a/roles/web-app-mybb/templates/docker-compose.yml.j2
+++ b/roles/web-app-mybb/templates/docker-compose.yml.j2
@ -4,7 +4,8 @@
      driver: journald
      options:
        tag: "mybb_application"
-    image: mybb/mybb:{{applications.mybb.version}}
+    image: {{ mybb_image }}:{{ mybb_version }}
    container_name: {{ mybb_name }}
    restart: {{docker_restart_policy}}
    volumes:
      - data:/var/www/html
@ -27,5 +28,6 @@
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  data:
    name: {{ mybb_volume }}
 {% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/web-app-mybb/vars/main.yml
+++ b/roles/web-app-mybb/vars/main.yml
@ -1,8 +1,11 @@
 ---
-application_id:                                  "mybb"
+application_id:                                 "web-app-mybb"
 docker_compose_instance_confd_directory:        "{{docker_compose.directories.instance}}conf.d/"
 docker_compose_instance_confd_defaultconf_file: "{{docker_compose_instance_confd_directory}}default.conf"
 target_mount_conf_d_directory:                  "{{nginx.directories.http.servers}}"
 source_domain:                                  "mybb.{{primary_domain}}"
-database_password:                              "{{mybb_database_password}}"
+database_type:                                  "mariadb"
-database_type:                                  "mariadb"
+mybb_version:                                   "{{ applications | get_app_conf(application_id, 'docker.services.mybb.version', True) }}"
 mybb_image:                                     "{{ applications | get_app_conf(application_id, 'docker.services.mybb.image', True) }}"
 mybb_name:                                      "{{ applications | get_app_conf(application_id, 'docker.services.mybb.name', True) }}"
 mybb_volume:                                    "{{ applications | get_app_conf(application_id, 'docker.services.volumes.data', True) }}"
--- a/roles/web-app-nextcloud/config/main.yml
+++ b/roles/web-app-nextcloud/config/main.yml
@ -10,34 +10,53 @@ csp:
      - "data:"
 domains:
  canonical:
-    - "cloud.{{ primary_domain }}"
+    nextcloud:  "cloud.{{ primary_domain }}"
    # talk:       "talk.{{ primary_domain }}" @todo needs to be activated
 docker:
  services:
    redis:
      enabled: true
    database: 
      enabled: true
    nextcloud:
      name:    "nextcloud"
      image:  "nextcloud"
      version: "latest-fpm-alpine"
      no_stop_required: true
    proxy: 
      name:     "nextcloud-proxy"
      image:    "nginx"
      version:  "alpine"
    cron:
      name:     "nextcloud-cron"
    talk:
      name:     "nextcloud-talk"
      image:    "nextcloud/aio-talk"
      version:  "latest"
      enabled:  false # Not enabled yet, because just implemented during refactoring and not tested yet. if tested activate
    # Its in a own role. @todo remove it if it gets implemented via the other role
    #collabora:
    #  name:     "nextcloud-collabora"
    #  image:    "nextcloud-collabora"
    #  version:  "latest"
 oidc:
-  enabled:                    "{{ applications.nextcloud.features.oidc | default(true) }}"      # Activate OIDC for Nextcloud
+  enabled:  "{{ applications | get_app_conf(application_id, 'features.oidc')"   # Activate OIDC for Nextcloud
  # floavor decides which OICD plugin should be used. 
  # Available options: oidc_login, sociallogin
  # @see https://apps.nextcloud.com/apps/oidc_login
  # @see https://apps.nextcloud.com/apps/sociallogin
-  flavor:                     "oidc_login"                                      # Keeping on sociallogin because the other option is not implemented yet                                             
+  flavor:                       "oidc_login"                                    # Keeping on sociallogin because the other option is not implemented yet                                             
 features:
  matomo:                       true
  css:                          false
-  port-ui-desktop:             true
+  port-ui-desktop:              true
  ldap:                         true
  oidc:                         true
  central_database:             true
 default_quota:                 '1000000000'                                     # Quota to assign if no quota is specified in the OIDC response (bytes)
 legacy_login_mask:   
  enabled:                      False                                           # If true, then legacy  login mask is shown. Otherwise just SSO
-container:
+                           
  application:                  "nextcloud-application"                         # Nextcloud application container name
  proxy:                        "nextcloud-web"                                 # Nextcloud Proxy Container Name
  collabora:                    "nextcloud-collabora"                                                   
 performance:
  php:
    memory_limit:               "{{ ((ansible_memtotal_mb | int) / 30)|int }}M" # Dynamic set memory limit
@ -146,16 +165,16 @@ plugins:
    enabled: true
  integration_mastodon:
    # Nextcloud Integration Mastodon: connects Nextcloud with the Mastodon social network (https://apps.nextcloud.com/apps/integration_mastodon)
-    enabled: "{{ 'mastodon' in group_names | lower }}"
+    enabled: "{{ 'web-app-mastodon' in group_names | lower }}"
  integration_openai:
    # Nextcloud Integration OpenAI: brings OpenAI functionalities into Nextcloud (https://apps.nextcloud.com/apps/integration_openai)
    enabled: false
  integration_openproject:
    # Nextcloud Integration OpenProject: integrates project management features from OpenProject (https://apps.nextcloud.com/apps/integration_openproject)
-    enabled: "{{ 'openproject' in group_names | lower }}"
+    enabled: "{{ 'web-app-openproject' in group_names | lower }}"
  integration_peertube:
    # Nextcloud Integration PeerTube: connects to PeerTube for video sharing (https://apps.nextcloud.com/apps/integration_peertube)
-    enabled: "{{ 'peertube' in group_names | lower }}"
+    enabled: "{{ 'web-app-peertube' in group_names | lower }}"
  #keeweb 
  #  # Nextcloud KeeWeb: integrates the KeeWeb password manager within Nextcloud (https://apps.nextcloud.com/apps/keeweb)
  #  # This isn't maintained anymore. The alternatives don't support keepass files
@ -216,13 +235,13 @@ plugins:
  #  enabled: false
  twofactor_nextcloud_notification:
    # Nextcloud two-factor notification: sends notifications for two-factor authentication events (https://apps.nextcloud.com/apps/twofactor_nextcloud_notification)
-    enabled: "{{ not applications.nextcloud.features.oidc | default(true) }}" # Deactivate 2FA if oidc is active
+    enabled: "{{ not applications | get_app_conf('web-app-nextcloud', 'features.oidc', False, True) }}" # Deactivate 2FA if oidc is active
  twofactor_totp:
    # Nextcloud two-factor TOTP: provides time-based one-time password authentication (https://apps.nextcloud.com/apps/twofactor_totp)
-    enabled: "{{ not applications.nextcloud.features.oidc | default(true) }}" # Deactivate 2FA if oidc is active
+    enabled: "{{ not applications | get_app_conf('web-app-nextcloud', 'features.oidc', False, True) }}" # Deactivate 2FA if oidc is active
  user_ldap:
    # Nextcloud user LDAP: integrates LDAP for user management and authentication (https://apps.nextcloud.com/apps/user_ldap)
-    enabled: "{{ applications.nextcloud.features.ldap | default(true) }}"
+    enabled: "{{ applications | get_app_conf('web-app-nextcloud', 'features.ldap', False, True) }}"
    user_directory:
      enabled:  true # Enables the LDAP User Directory Search
  user_oidc:
--- a/roles/web-app-nextcloud/docs/Update.md
+++ b/roles/web-app-nextcloud/docs/Update.md
@ -8,7 +8,7 @@ export DOCKER_CLIENT_TIMEOUT=600 &&
 docker-compose down
 ```
-Afterwards, update the ***applications.nextcloud.version*** variable to the next version and run this repository with this Ansible role.
+Afterwards, update the ***applications.docker.services.*.version*** variable to the next version and run this repository with this Ansible role.
 > **Note:**  
 > It is only possible to update from one to the next major version at a time.  
@ -25,7 +25,7 @@ docker-compose exec -it application top
 If Nextcloud remains in maintenance mode after the update, try the following:
 ```bash
-docker exec -it -u www-data nextcloud-application/var/www/html/occ maintenance:mode --on
+docker exec -it -u www-data nextcloud-application /var/www/html/occ maintenance:mode --on
 docker exec -it -u www-data nextcloud-application /var/www/html/occ upgrade
 docker exec -it -u www-data nextcloud-application /var/www/html/occ maintenance:mode --off
 ```
--- a/roles/web-app-nextcloud/handlers/main.yml
+++ b/roles/web-app-nextcloud/handlers/main.yml
@ -1,6 +1,6 @@
 ---
 - name: restart nextcloud nginx service
  command:
-    cmd: "docker exec {{applications.nextcloud.container.proxy}} nginx -s reload"
+    cmd: "docker exec {{ nextcloud_proxy_name }} nginx -s reload"
  listen: restart nextcloud nginx service
  ignore_errors: true # Ignoring if container is restarting
--- a/roles/web-app-nextcloud/tasks/01_config.yml
+++ b/roles/web-app-nextcloud/tasks/01_config.yml
@ -8,11 +8,11 @@
    - name: Copy include instructions to the container
      command: >
-        docker cp {{ nextcloud_host_include_instructions_file }} {{ applications.nextcloud.container.application }}:{{nextcloud_docker_include_instructions_file}}
+        docker cp {{ nextcloud_host_include_instructions_file }} {{ nextcloud_name }}:{{nextcloud_docker_include_instructions_file}}
    - name: Append generated config to config.php only if not present
      command: >
-        docker exec -u {{nextcloud_docker_user}} {{ applications.nextcloud.container.application }} sh -c "
+        docker exec -u {{nextcloud_docker_user}} {{ nextcloud_name }} sh -c "
          grep -q '{{ nextcloud_docker_config_additives_directory }}' {{ nextcloud_docker_config_file }} || 
          cat {{nextcloud_docker_include_instructions_file}} >> {{ nextcloud_docker_config_file }}"
      notify: docker compose restart
--- a/roles/web-app-nextcloud/tasks/main.yml
+++ b/roles/web-app-nextcloud/tasks/main.yml
@ -32,7 +32,7 @@
 - name: create internal nextcloud nginx configuration
  template: 
    src:  "nginx/docker.conf.j2" 
-    dest: "{{docker_compose.directories.volumes}}nginx.conf"
+    dest: "{{ docker_compose.directories.volumes }}nginx.conf"
  notify: restart nextcloud nginx service
 - name: Setup config.php 
@ -43,7 +43,7 @@
 - name: Setup Nextcloud Plugins
  include_tasks: 02_plugin.yml
-  loop: "{{applications | get_app_conf(application_id, 'plugins', True) | dict2items }}"
+  loop: "{{ applications | get_app_conf(application_id, 'plugins', True) | dict2items }}"
  loop_control:
    loop_var: plugin_item
  vars:
@ -55,7 +55,7 @@
 - name: Add missing database indices in Nextcloud
  command: >
-    {{nextcloud_docker_exec_occ}} db:add-missing-indices
+    {{ nextcloud_docker_exec_occ }} db:add-missing-indices
  register: db_indices_result
  changed_when: >
    'Adding additional' in db_indices_result.stdout or 
@ -65,8 +65,8 @@
 - name: Ensure Nextcloud administrator is in the 'admin' group
  command: >
-    docker exec -u {{ nextcloud_docker_user }} {{ applications.nextcloud.container.application }}
+    docker exec -u {{ nextcloud_docker_user }} {{ nextcloud_name }}
-    php occ group:adduser admin {{ applications.nextcloud.users.administrator.username }}
+    php occ group:adduser admin {{ nextcloud_administrator_username }}
  register: add_admin_to_group
  changed_when: "'Added user' in add_admin_to_group.stdout"
  failed_when: add_admin_to_group.rc != 0 and "'is already a member of' not in add_admin_to_group.stderr"
--- a/roles/web-app-nextcloud/templates/docker-compose.yml.j2
+++ b/roles/web-app-nextcloud/templates/docker-compose.yml.j2
@ -1,8 +1,8 @@
 {% include 'roles/docker-compose/templates/base.yml.j2' %}
  application:
-    image: "nextcloud:{{applications.nextcloud.version}}-fpm-alpine"
+    image: "{{ nextcloud_image }}:{{ nextcloud_version }}"
-    container_name: {{applications.nextcloud.container.application}}
+    container_name: {{ nextcloud_name }}
    volumes:
      - data:{{nextcloud_docker_work_directory}}
      - {{nextcloud_host_config_additives_directory}}:{{nextcloud_docker_config_additives_directory}}:ro
@ -16,31 +16,25 @@
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
        ipv4_address: 192.168.102.69
-  # @Todo activate
+{% if nextcloud_talk_enabled %}
-  #nc-talk:
+  talk:
-  #  image: nextcloud/aio-talk:latest
+    {% include 'roles/docker-container/templates/base.yml.j2' %}
-  #  container_name: talk_hpb
+    image: "{{ nextcloud_talk_image }}:{{ nextcloud_talk_version }}"
-  #  hostname: hpb_yt
+    container_name: {{ nextcloud_talk_name }}
-  #  restart: unless-stopped
+    hostname: hpb_yt
-  #  init: true
+    init: true
-  #  ports:
+    ports:
-  #    - 3478:3478/tcp #TURN TCP
+      - {{ networks.internet.ip4 }}:{{ nextcloud_talk_stun_port }}:3478/tcp #TURN TCP
-  #    - 3478:3478/udp #TURN UDP
+      - {{ networks.internet.ip4 }}:{{ nextcloud_talk_stun_port }}:3478/udp #TURN UDP
-  #    - 8181:8081/tcp #Signaling
+      - {{ networks.internet.ip4 }}:8181:8081/tcp                           #Signaling @todo needs to be optimized
-  #  environment:
+    networks:
-  #    - NC_DOMAIN=cloud.yourdomain.tld
+      default:
-  #    - TALK_HOST=signaling.yourdomain.tld
+        ipv4_address: 192.168.102.68
-  #    - TURN_SECRET=${TURN_SECRET}
+{% endif %}
  #    - SIGNALING_SECRET=${SIGNALING_SECRET}
  #    - TZ=Europe/Berlin
  #    - TALK_PORT=3478
  #    - INTERNAL_SECRET=${INTERNAL_SECRET}
  #  networks:
  #    - nxnetwork_yt
-  web:
+  proxy:
-    image: nginx:alpine
+    image: "{{ nextcloud_proxy_image }}:{{ nextcloud_proxy_version }}"
-    container_name: {{applications.nextcloud.container.proxy}}
+    container_name: "{{ nextcloud_proxy_name }}"
    logging:
      driver: journald
    restart: {{docker_restart_policy}}
@ -57,8 +51,8 @@
        ipv4_address: 192.168.102.67
  cron:
-    container_name: nextcloud-cron
+    container_name: "{{ nextcloud_cron_name }}"
-    image: "nextcloud:{{applications.nextcloud.version}}-fpm-alpine"
+    image: "{{ nextcloud_image }}:{{ nextcloud_version }}"
    restart: {{docker_restart_policy}}
    logging:
      driver: journald
--- a/roles/web-app-nextcloud/templates/env.j2
+++ b/roles/web-app-nextcloud/templates/env.j2
@ -21,7 +21,7 @@ SMTP_PASSWORD=                  {{ users['no-reply'].mailu_token }}
 # Email from configuration
 MAIL_FROM_ADDRESS=              "{{ users['no-reply'].username }}"
-MAIL_DOMAIN=                    "{{system_email.domain}}"
+MAIL_DOMAIN=                    "{{ system_email.domain }}"
 # Initial Admin Data
 NEXTCLOUD_ADMIN_USER=           "{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}"
@ -29,7 +29,7 @@ NEXTCLOUD_ADMIN_PASSWORD=       "{{applications | get_app_conf(application_id, '
 # Security
-NEXTCLOUD_TRUSTED_DOMAINS=      "{{domains | get_domain(application_id)}}"
+NEXTCLOUD_TRUSTED_DOMAINS=      "{{ nextcloud_domains }}"
 # Whitelist local docker gateway in Nextcloud to prevent brute-force throtteling
 TRUSTED_PROXIES=                "{{ networks.internet.values() | select | join(',') }}"
 OVERWRITECLIURL=                "{{ domains | get_url(application_id, web_protocol) }}"
@ -37,4 +37,17 @@ OVERWRITEPROTOCOL=              "https"
 # Redis Configuration
 REDIS_HOST=                     redis
-REDIS_PORT=                     6379
+REDIS_PORT=                     6379
 {% if nextcloud_talk_enabled %}
 # Talk Configuration
 # This code was just moved here during refactoring and isn't tested yet.
 # @todo move it to an own env file for encapsulation reasons
 NC_DOMAIN=cloud.yourdomain.tld
 TALK_HOST=signaling.yourdomain.tld
 TURN_SECRET=${TURN_SECRET}
 SIGNALING_SECRET=${SIGNALING_SECRET}
 TZ=Europe/Berlin
 TALK_PORT=3478
 INTERNAL_SECRET=${INTERNAL_SECRET}
 {% endif %}
--- a/roles/web-app-nextcloud/vars/main.yml
+++ b/roles/web-app-nextcloud/vars/main.yml
@ -1,39 +1,62 @@
 ---
 # General
-application_id:                                     "nextcloud"                                                   # Application identifier
+application_id:                                 "web-app-nextcloud"                                           # Application identifier
-container_port:                                   80
+container_port:                                 80
 # Database
-database_password:                                  "{{applications.nextcloud.credentials.database_password}}"    # Database password
+database_password:                              "{{ applications | get_app_conf(application_id, 'credentials.database_password', True)}}"
-database_type:                                      "mariadb"                                                     # Database flavor
+database_type:                                  "mariadb"                                                     # Database flavor
 # Networking
-domain:                                             "{{ domains | get_domain(application_id) }}"                                 # Public domain at which Nextcloud will be accessable
+domain:                                         "{{ domains | get_domain(application_id) }}"                  # Public domain at which Nextcloud will be accessable
-http_port:                                          "{{ ports.localhost.http[application_id] }}"                  # Port at which nextcloud is reachable in the local network
+http_port:                                      "{{ ports.localhost.http[application_id] }}"                  # Port at which nextcloud is reachable in the local network
 nextcloud_administrator_username:               "{{ applications | get_app_conf(application_id, 'users.administrator.username', True) }}"
 # Control Node
-nextcloud_control_node_plugin_vars_directory:       "{{role_path}}/vars/plugins/"                                 # Folder in which the files for the plugin configuration are stored
+nextcloud_control_node_plugin_vars_directory:   "{{role_path}}/vars/plugins/"                                 # Folder in which the files for the plugin configuration are stored
-nextcloud_control_node_plugin_tasks_directory:      "{{role_path}}/tasks/plugins/"                                # Folder which contains the files for extra plugin configuration tasks
+nextcloud_control_node_plugin_tasks_directory:  "{{role_path}}/tasks/plugins/"                                # Folder which contains the files for extra plugin configuration tasks
 # Host 
 ## Host Paths
-nextcloud_host_config_additives_directory:          "{{docker_compose.directories.volumes}}cymais/"               # This folder is the path to which the additive configurations will be copied
+nextcloud_host_config_additives_directory:      "{{docker_compose.directories.volumes}}cymais/"               # This folder is the path to which the additive configurations will be copied
-nextcloud_host_include_instructions_file:           "{{docker_compose.directories.volumes}}includes.php"          # Path to the instruction file on the host. Responsible for loading the additional configurations
+nextcloud_host_include_instructions_file:       "{{docker_compose.directories.volumes}}includes.php"          # Path to the instruction file on the host. Responsible for loading the additional configurations
 nextcloud_domains:                              "{{ domains[application_id].nextcloud }}"
 # Docker
 nextcloud_version:                              "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.version', True) }}"
 nextcloud_image:                                "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.image', True) }}"
 nextcloud_name:                                 "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.name', True) }}"
 nextcloud_proxy_name:                           "{{ applications | get_app_conf(application_id, 'docker.services.proxy.name', True) }}"
 nextcloud_proxy_image:                          "{{ applications | get_app_conf(application_id, 'docker.services.proxy.image', True) }}"
 nextcloud_proxy_version:                        "{{ applications | get_app_conf(application_id, 'docker.services.proxy.version', True) }}"
 nextcloud_cron_name:                            "{{ applications | get_app_conf(application_id, 'docker.services.cron.name', True) }}"
 nextcloud_talk_name:                            "{{ applications | get_app_conf(application_id, 'docker.services.talk.name', True) }}"
 nextcloud_talk_image:                           "{{ applications | get_app_conf(application_id, 'docker.services.talk.image', True) }}"
 nextcloud_talk_version:                         "{{ applications | get_app_conf(application_id, 'docker.services.talk.version', True) }}"
 nextcloud_talk_enabled:                         "{{ applications | get_app_conf(application_id, 'docker.services.talk.enabled', True) }}"
 nextcloud_talk_stun_port:                       "{{ ports.public.stun[application_id] }}"
 # nextcloud_talk_domain:                          "{{ domains[application_id].talk }}"
 #nextcloud_collabora_name:                      "{{ applications | get_app_conf(application_id, 'docker.services.collabora.name', True) }}"                            
 ## User Configuration
-nextcloud_docker_user_id:                           82                                                            # UID of the www-data user
+nextcloud_docker_user_id:                       82                                                            # UID of the www-data user
-nextcloud_docker_user:                              "www-data"                                                    # Name of the www-data user (Set here to easy change it in the future)
+nextcloud_docker_user:                          "www-data"                                                    # Name of the www-data user (Set here to easy change it in the future)
 ## Internal Paths
-nextcloud_docker_work_directory:                    "/var/www/html/"                                              # Name of the workdir in which the application is stored
+nextcloud_docker_work_directory:                "/var/www/html/"                                              # Name of the workdir in which the application is stored
-nextcloud_docker_config_directory:                  "{{nextcloud_docker_work_directory}}config/"                  # Folder in which the Nextcloud configurations are stored     
+nextcloud_docker_config_directory:              "{{nextcloud_docker_work_directory}}config/"                  # Folder in which the Nextcloud configurations are stored     
-nextcloud_docker_config_file:                       "{{nextcloud_docker_config_directory}}config.php"             # Path to the Nextcloud configuration file
+nextcloud_docker_config_file:                   "{{nextcloud_docker_config_directory}}config.php"             # Path to the Nextcloud configuration file
-nextcloud_docker_config_additives_directory:        "{{nextcloud_docker_config_directory}}cymais/"                # Path to the folder which contains additional configurations
+nextcloud_docker_config_additives_directory:    "{{nextcloud_docker_config_directory}}cymais/"                # Path to the folder which contains additional configurations
-nextcloud_docker_include_instructions_file:         "/tmp/includes.php"                                           # Path to the temporary file which will be included to the config.php to load the additional configurations
+nextcloud_docker_include_instructions_file:     "/tmp/includes.php"                                           # Path to the temporary file which will be included to the config.php to load the additional configurations
 ## Execution
-nextcloud_docker_exec:                              "docker exec -u {{ nextcloud_docker_user }} {{ applications.nextcloud.container.application }}" # General execute composition
+nextcloud_docker_exec:                          "docker exec -u {{ nextcloud_docker_user }} {{ nextcloud_name }}" # General execute composition
-nextcloud_docker_exec_occ:                          "{{nextcloud_docker_exec}} {{ nextcloud_docker_work_directory }}occ"                            # Execute docker occ command
+nextcloud_docker_exec_occ:                      "{{nextcloud_docker_exec}} {{ nextcloud_docker_work_directory }}occ"                            # Execute docker occ command
--- a/roles/web-app-oauth2-proxy/tasks/main.yml
+++ b/roles/web-app-oauth2-proxy/tasks/main.yml
@ -1,6 +1,6 @@
 - name: "Transfering oauth2-proxy-keycloak.cfg.j2 to {{(path_docker_compose_instances | get_docker_compose(application_id)).directories.volumes}}"
  template:
    src:  "{{ playbook_dir }}/roles/web-app-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2"
-    dest: "{{(path_docker_compose_instances | get_docker_compose(application_id)).directories.volumes}}{{applications['oauth2-proxy'].configuration_file}}"
+    dest: "{{(path_docker_compose_instances | get_docker_compose(application_id)).directories.volumes}}{{applications | get_app_conf('oauth2-proxy' 'configuration_file')}}"
  notify:
    - docker compose up
--- a/roles/web-app-oauth2-proxy/templates/container.yml.j2
+++ b/roles/web-app-oauth2-proxy/templates/container.yml.j2
@ -7,5 +7,5 @@
    ports:
      - {{ports.localhost.oauth2_proxy[application_id]}}:4180/tcp
    volumes:
-      - "{{docker_compose.directories.volumes}}{{applications['oauth2-proxy'].configuration_file}}:/oauth2-proxy.cfg"
+      - "{{docker_compose.directories.volumes}}{{applications | get_app_conf('oauth2-proxy' 'configuration_file')}}:/oauth2-proxy.cfg"
 {% endif %}
--- a/roles/web-app-openproject/config/main.yml
+++ b/roles/web-app-openproject/config/main.yml
@ -1,4 +1,3 @@
 version:              "13"    # Update when available. Sadly no rolling release implemented
 oauth2_proxy:  
  application:        "proxy"
  port:               "80"
@ -31,4 +30,20 @@ domains:
 docker:
  services:
    database:
-      enabled: true
+      enabled: true
    web:
      name:     openproject-web
      image:    openproject/community
      version:  "13"    # Update when available. Sadly no rolling release implemented
      no_stop_required: true
    seeder:
      name:     openproject-seeder
    cron:
      name:     openproject-cron
    worker:
      name:     openproject-worker
    proxy:
      name:     openproject-proxy
  volumes:
    data: "openproject_data"
--- a/roles/web-app-openproject/templates/Dockerfile.j2
+++ b/roles/web-app-openproject/templates/Dockerfile.j2
@ -1,4 +1,4 @@
-FROM openproject/community:{{applications.openproject.version}}
+FROM {{ openproject_image }}:{{ openproject_version }}
 # If installing a local plugin (using `path:` in the `Gemfile.plugins` above),
 # you will have to copy the plugin code into the container here and use the
--- a/roles/web-app-openproject/templates/docker-compose.yml.j2
+++ b/roles/web-app-openproject/templates/docker-compose.yml.j2
@ -17,7 +17,7 @@ x-op-app: &app
  proxy:
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    image: {{custom_openproject_image}}
-    container_name: openproject-proxy
+    container_name: {{ openproject_proxy_name }}
    command: "./docker/prod/proxy"
    ports:
      - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
@ -33,7 +33,7 @@ x-op-app: &app
    <<: *app
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    command: "./docker/prod/web"
-    container_name: openproject-web
+    container_name: {{ openproject_web_name }}
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
 {% include 'roles/docker-container/templates/depends_on/dmbs_incl.yml.j2' %}
      cache:
@ -51,7 +51,7 @@ x-op-app: &app
    <<: *app
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    command: "./docker/prod/worker"
-    container_name: openproject-worker
+    container_name: {{ openproject_worker_name }}
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
 {% include 'roles/docker-container/templates/depends_on/dmbs_incl.yml.j2' %}
      cache:
@ -67,7 +67,7 @@ x-op-app: &app
    <<: *app
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    command: "./docker/prod/cron"
-    container_name: openproject-cron
+    container_name: {{ openproject_cron_name }}
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
 {% include 'roles/docker-container/templates/depends_on/dmbs_incl.yml.j2' %}
      cache:
@ -81,7 +81,7 @@ x-op-app: &app
  seeder:
    <<: *app
    command: "./docker/prod/seeder"
-    container_name: openproject-seeder
+    container_name: {{ openproject_seeder_name }}
    env_file:
      - "{{docker_compose.files.env}}"
    logging:
@ -94,5 +94,6 @@ x-op-app: &app
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  data:
    name: {{ openproject_volume }}
 {% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/web-app-openproject/vars/main.yml
+++ b/roles/web-app-openproject/vars/main.yml
@ -1,7 +1,15 @@
-application_id:               "openproject"
+application_id:               "web-app-openproject"
 docker_repository_address:    "https://github.com/opf/openproject-deploy"
 database_type:                "postgres"
 docker_repository:            true
 openproject_version:          "{{ applications | get_app_conf(application_id, 'docker.services.web.version', True) }}"
 openproject_image:            "{{ applications | get_app_conf(application_id, 'docker.services.web.image', True) }}"
 openproject_volume:           "{{ applications | get_app_conf(application_id, 'docker.services.volumes.data', True) }}"
 openproject_web_name:         "{{ applications | get_app_conf(application_id, 'docker.services.web.name', True) }}"
 openproject_seeder_name:      "{{ applications | get_app_conf(application_id, 'docker.services.seeder.name', True) }}"
 openproject_cron_name:        "{{ applications | get_app_conf(application_id, 'docker.services.cron.name', True) }}"
 openproject_proxy_name:       "{{ applications | get_app_conf(application_id, 'docker.services.proxy.name', True) }}"
 openproject_worker_name:      "{{ applications | get_app_conf(application_id, 'docker.services.worker.name', True) }}"
 openproject_plugins_folder:  "{{docker_compose.directories.volumes}}plugins/"
--- a/roles/web-app-peertube/config/main.yml
+++ b/roles/web-app-peertube/config/main.yml
@ -1,8 +1,7 @@
 version:              "bookworm"
 features:
  matomo:             true
  css:                false
-  port-ui-desktop:   true
+  port-ui-desktop:    true
  central_database:   true
  oidc:               true
 csp:
@ -30,4 +29,11 @@ docker:
    redis:
      enabled: true
    database: 
-      enabled: true
+      enabled: true
    peertube: 
      name:             "peertube"
      version:          "production-bookworm"
      image:            "chocobozzz/peertube"
      no_stop_required: true
  volumes:
    data: peertube_data
--- a/roles/web-app-peertube/tasks/disable-oidc.yml
+++ b/roles/web-app-peertube/tasks/disable-oidc.yml
@ -1,5 +1,5 @@
 - name: "Uninstall auth-openid-connect plugin for Peertube"
  command: >
-    docker exec {{ container_name }} \
+    docker exec {{ peertube_name }} \
    npm run plugin:uninstall -- --npm-name {{oidc_plugin}}
  ignore_errors: true
--- a/roles/web-app-peertube/tasks/enable-oidc.yml
+++ b/roles/web-app-peertube/tasks/enable-oidc.yml
@ -4,14 +4,14 @@
 - name: Check if OIDC plugin is already installed
  command: >
-    docker exec {{ container_name }} test -d /data/plugins/data/peertube-plugin-auth-openid-connect
+    docker exec {{ peertube_name }} test -d /data/plugins/data/peertube-plugin-auth-openid-connect
  register: peertube_oidc_plugin_check
  failed_when:  false
  changed_when: false
 - name: "Install auth-openid-connect plugin for Peertube"
  command: >
-    docker exec {{ container_name }} \
+    docker exec {{ peertube_name }} \
    npm run plugin:install -- --npm-name {{oidc_plugin}}
  when: peertube_oidc_plugin_check.rc != 0
  notify: docker compose up
--- a/roles/web-app-peertube/templates/docker-compose.yml.j2
+++ b/roles/web-app-peertube/templates/docker-compose.yml.j2
@ -2,8 +2,8 @@
  application:
 {% set container_port = 9000 %}
-    image: chocobozzz/peertube:production-{{ applications | get_app_conf(application_id, 'version', True) }}
+    image: {{ peertube_image }}:{{ peertube_version }}
-    container_name: {{ container_name }}
+    container_name: {{ peertube_name }}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    ports:
     - "1935:1935"  # @todo Add to ports
@ -18,6 +18,7 @@
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  assets:
  data:
    name: {{ peertube_volume }}
  redis:
  config:
--- a/roles/web-app-peertube/vars/main.yml
+++ b/roles/web-app-peertube/vars/main.yml
@ -1,4 +1,7 @@
-application_id: "peertube"
+application_id:     "web-app-peertube"
-database_type:  "postgres"
+database_type:      "postgres"
-container_name: "{{ application_id }}"
+oidc_plugin:        "peertube-plugin-auth-openid-connect"
-oidc_plugin:    "peertube-plugin-auth-openid-connect"
+peertube_version:   "{{ applications | get_app_conf(application_id, 'docker.services.peertube.version', True) }}"
 peertube_image:     "{{ applications | get_app_conf(application_id, 'docker.services.peertube.image', True) }}"
 peertube_name:      "{{ applications | get_app_conf(application_id, 'docker.services.peertube.name', True) }}"
 peertube_volume:    "{{ applications | get_app_conf(application_id, 'docker.services.volumes.data', True) }}"
--- a/roles/web-app-pixelfed/config/main.yml
+++ b/roles/web-app-pixelfed/config/main.yml
@ -1,7 +1,4 @@
 titel:                "Pictures on {{primary_domain}}"
 #version:              "latest"
 images:
  pixelfed:           "zknt/pixelfed:latest"
 features:
  matomo:             true
  css:                false # Needs to be reactivated
@ -28,4 +25,13 @@ docker:
    redis:
      enabled: true
    database: 
-      enabled: true
+      enabled: true
    pixelfed:
      image:           "zknt/pixelfed"
      version:          "latest"
      name:             "pixelfed"
      no_stop_required: true
    worker: 
      name:             "pixelfed_worker"
  volumes:
    data:               "pixelfed_data"
--- a/roles/web-app-pixelfed/templates/docker-compose.yml.j2
+++ b/roles/web-app-pixelfed/templates/docker-compose.yml.j2
@ -1,7 +1,8 @@
 {% include 'roles/docker-compose/templates/base.yml.j2' %}
  application:
-    image: "{{ applications | get_app_conf(application_id, 'images.pixelfed', True) }}"
+    image: "{{ pixelfed_image }}:{{ pixelfed_version }}"
    container_name: {{ pixelfed_name }}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    volumes:
      - "data:/var/www/storage"
@ -11,7 +12,8 @@
 {% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
  worker:
-    image: "{{ applications | get_app_conf(application_id, 'images.pixelfed', True) }}"
+    container_name: {{ pixelfed_worker_name }}
    image: "{{ pixelfed_image }}:{{ pixelfed_version }}"
 {% include 'roles/docker-container/templates/base.yml.j2' %}
    volumes:
      - "data:/var/www/storage"
@ -30,5 +32,6 @@
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  redis:
  data:
    name: {{ pixelfed_volume }}
 {% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/web-app-pixelfed/vars/main.yml
+++ b/roles/web-app-pixelfed/vars/main.yml
@ -1,3 +1,8 @@
-application_id:                                 "pixelfed"
+application_id:             "web-app-pixelfed"
-proxy_extra_configuration: "client_max_body_size 512M;"
+proxy_extra_configuration:  "client_max_body_size 512M;"
-database_type:                                  "mariadb"
+database_type:              "mariadb"
 pixelfed_version:           "{{ applications | get_app_conf(application_id, 'docker.services.pixelfed.version', True) }}"
 pixelfed_image:             "{{ applications | get_app_conf(application_id, 'docker.services.pixelfed.image', True) }}"
 pixelfed_name:              "{{ applications | get_app_conf(application_id, 'docker.services.pixelfed.name', True) }}"
 pixelfed_worker_name:       "{{ applications | get_app_conf(application_id, 'docker.services.worker.name', True) }}"
 pixelfed_volume:            "{{ applications | get_app_conf(application_id, 'docker.services.volumes.data', True) }}"
--- a/roles/web-app-port-ui/templates/menu/followus.yml.j2
+++ b/roles/web-app-port-ui/templates/menu/followus.yml.j2
@ -12,7 +12,7 @@ followus:
        class: fa-brands fa-mastodon
      url: "{{ web_protocol }}://{{ service_provider.contact.mastodon.split('@')[2] }}/@{{ service_provider.contact.mastodon.split('@')[1] }}"
      identifier: "{{service_provider.contact.mastodon}}"
-      iframe: {{ applications | get_app_conf('mastodon','features.port-ui-desktop',True) }}
+      iframe: {{ applications | get_app_conf('web-app-mastodon','features.port-ui-desktop',True) }}
 {% endif %}
 {% if service_provider.contact.bluesky is defined and service_provider.contact.bluesky != "" %}
    - name: Bluesky
@ -31,7 +31,7 @@ followus:
          class: fa-solid fa-camera
      identifier: "{{service_provider.contact.pixelfed}}"
      url: "{{ web_protocol }}://{{ service_provider.contact.pixelfed.split('@')[2] }}/@{{ service_provider.contact.pixelfed.split('@')[1] }}"
-      iframe: {{ applications | get_app_conf('pixelfed','features.port-ui-desktop',True) }}
+      iframe: {{ applications | get_app_conf(web-app-pixelfed,'features.port-ui-desktop',True) }}
 {% endif %}
 {% if service_provider.contact.peertube  is defined and service_provider.contact.peertube  != "" %}
    - name: Peertube
@ -40,7 +40,7 @@ followus:
        class: fa-solid fa-video
      identifier: "{{service_provider.contact.peertube}}"
      url: "{{ web_protocol }}://{{ service_provider.contact.peertube.split('@')[2] }}/@{{ service_provider.contact.peertube.split('@')[1] }}"
-      iframe: {{ applications | get_app_conf('peertube','features.port-ui-desktop',True) }}
+      iframe: {{ applications | get_app_conf('web-app-peertube','features.port-ui-desktop',True) }}
 {% endif %}
 {% if service_provider.contact.wordpress is defined and service_provider.contact.wordpress != "" %}
    - name: Wordpress
@ -49,7 +49,7 @@ followus:
        class: fa-solid fa-blog
      identifier: "{{service_provider.contact.wordpress}}"
      url: "{{ web_protocol }}://{{ service_provider.contact.wordpress.split('@')[2] }}/@{{ service_provider.contact.wordpress.split('@')[1] }}"
-      iframe: {{ applications | get_app_conf('wordpress','features.port-ui-desktop',True) }}
+      iframe: {{ applications | get_app_conf('web-app-wordpress','features.port-ui-desktop',True) }}
 {% endif %}
 {% if service_provider.contact.friendica is defined and service_provider.contact.friendica != "" %}
    - name: Friendica
--- a/roles/web-app-wordpress/config/main.yml
+++ b/roles/web-app-wordpress/config/main.yml
@ -1,7 +1,7 @@
 title:                "Blog"                                      # Wordpress titel
 plugins:
  wp-discourse:
-    enabled:          "{{ 'discourse' in group_names | lower }}"
+    enabled:          "{{ 'web-app-discourse' in group_names | lower }}"
  daggerhart-openid-connect-generic:
    enabled:          true
  activitypub:
@ -12,7 +12,6 @@ features:
  port-ui-desktop:   true
  oidc:               true
  central_database:   true
 version:              latest
 csp:
  flags:
    style-src:
@ -42,7 +41,14 @@ domains:
 docker:
  services:
    database:
-      enabled: true
+      enabled:          true
    wordpress:
      version:          latest 
      image:            wordpress
      name:             wordpress 
      no_stop_required: true
  volumes: 
    data:               wordpress_data
 rbac:
  roles:
    subscriber:
--- a/roles/web-app-wordpress/tasks/plugins/wp-discourse.yml
+++ b/roles/web-app-wordpress/tasks/plugins/wp-discourse.yml
@ -5,14 +5,14 @@
 - name: Wait for Discourse API
  wait_for:
-    host: "{{ domains | get_domain('discourse') }}"
+    host: "{{ domains | get_domain('web-app-discourse') }}"
    port: 80
    delay: 5
    timeout: 600
 - name: Add /var/www/discourse to Git safe.directory
  command: >
-    docker exec {{ applications.discourse.container }} \
+    docker exec {{ applications['web-app-discourse'].docker.service.discourse.name }} \
      git config --global --add safe.directory /var/www/discourse
  args:
    chdir: "{{ docker_compose.directories.instance }}"
@ -20,7 +20,7 @@
 - name: Revoke old WP Discourse API keys via Rails
  command: >
-    docker exec {{ applications.discourse.container }} bash -lc "\
+    docker exec {{ applications['web-app-discourse'].docker.service.discourse.name }} bash -lc "\
      cd /var/www/discourse && \
      script/rails runner \"\
        ApiKey.where(\
@ -36,7 +36,7 @@
 - name: Generate new WP Discourse API key via Rake task
  command: >
-    docker exec {{ applications.discourse.container }} bash -lc "\
+    docker exec {{ applications['web-app-discourse'].docker.service.discourse.name }} bash -lc "\
      cd /var/www/discourse && \
      bin/rake api_key:create_master['WP Discourse Integration']\
    "
--- a/roles/web-app-wordpress/templates/Dockerfile.j2
+++ b/roles/web-app-wordpress/templates/Dockerfile.j2
@ -1,4 +1,4 @@
-FROM wordpress:{{applications | get_app_conf(application_id, 'version', True)}}
+FROM {{ wordpress_image }}:{{ wordpress_version }}
 # Install msmtp and update system
 RUN apt-get update && \
--- a/roles/web-app-wordpress/templates/docker-compose.yml.j2
+++ b/roles/web-app-wordpress/templates/docker-compose.yml.j2
@ -1,8 +1,8 @@
 {% include 'roles/docker-compose/templates/base.yml.j2' %}
  application:
    {% include 'roles/docker-container/templates/base.yml.j2' %}
-    image: {{wordpress_custom_image}}
+    image: {{ wordpress_custom_image }}
-    container_name: wordpress-application
+    container_name: {{ wordpress_name }}
    build:
      context: .
    ports:
@ -18,3 +18,4 @@
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  data:
    name:   "{{ wordpress_volume }}"
--- a/roles/web-app-wordpress/vars/discourse.yml
+++ b/roles/web-app-wordpress/vars/discourse.yml
@ -11,7 +11,7 @@ discourse_settings:
  - name: discourse_connect
    key: url
-    value: "{{ domains | get_url('discourse', web_protocol) }}"
+    value: "{{ domains | get_url('web-app-discourse', web_protocol) }}"
  - name: discourse_connect
    key: api-key
    value: "{{ vault_discourse_api_key }}"
--- a/roles/web-app-wordpress/vars/main.yml
+++ b/roles/web-app-wordpress/vars/main.yml
@ -1,6 +1,10 @@
-application_id:             "wordpress"
+application_id:             "web-app-wordpress"
 wordpress_max_upload_size:  "64M"
 database_type:              "mariadb"
 host_msmtp_conf:            "{{docker_compose.directories.config}}msmtprc.conf"
 wordpress_max_upload_size:  "64M"
 wordpress_custom_image:     "wordpress_custom"
 wordpress_docker_html_path: "/var/www/html"
-host_msmtp_conf:            "{{docker_compose.directories.config}}msmtprc.conf"
+wordpress_version:          "{{ applications | get_app_conf(application_id, 'docker.services.wordpress.version', True) }}"
 wordpress_image:            "{{ applications | get_app_conf(application_id, 'docker.services.wordpress.image', True) }}"
 wordpress_name:             "{{ applications | get_app_conf(application_id, 'docker.services.wordpress.name', True) }}"
 wordpress_volume:           "{{ applications | get_app_conf(application_id, 'docker.services.volumes.data', True) }}"
--- a/Show More
+++ b/Show More
		`@ -0,0 +1 @@`
							`cloud_fqdn: # @todo Add detailled scheme for this entry`
		`@ -1 +1 @@`
			`application_id: elk`				`application_id: web-app-elk`