✨ Add new role web-app-confluence

Introduced a new Ansible role for deploying Atlassian Confluence within the Infinito.Nexus ecosystem.
The role follows the same structure as web-app-pretix and includes:

- : Core variables, database config, OIDC integration.
- : Docker service definitions, features (Matomo, CSS, OIDC, logout, central DB).
- : Loads docker, db and proxy stack.
- : Placeholder for schema definitions.
- :
  -  (base for OIDC plugins/extensions),
  -  (service orchestration),
  -  (environment configuration).
- : Metadata, license, company, logo (Font Awesome book-open icon).

Canonical domain is set to `confluence.{{ PRIMARY_DOMAIN }}`.
This role ensures Confluence integrates seamlessly with Keycloak OIDC and the Infinito.Nexus service stack.

Conversation: https://chatgpt.com/share/68b1d006-bbd4-800f-9d2e-9c8a8af2c00f

roles/web-app-confluence/config/main.yml

@@ -0,0 +1,27 @@
+credentials: {}
+docker:
+  services:
+    database:
+      enabled:  true
+    application:
+      image:    atlassian/confluence
+      version:  latest
+      name:     confluence
+  volumes:
+    data:       "confluence_data"
+features:
+  matomo:           true
+  css:              true
+  desktop:          true
+  central_database: true
+  logout:           true
+  oidc:             true
+server:
+  csp:
+    whitelist:      {}
+    flags:          {}
+  domains:
+    canonical:
+      - "confluence.{{ PRIMARY_DOMAIN }}"
+rbac:
+  roles: {}

roles/web-app-confluence/meta/main.yml

@@ -0,0 +1,21 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Confluence is an enterprise wiki and collaboration platform by Atlassian. This role deploys Confluence in Docker, adds support for OIDC authentication, and integrates with the Infinito.Nexus ecosystem."
+  license: "Infinito.Nexus NonCommercial License"
+  license_url: "https://s.infinito.nexus/license"
+  company: | 
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  galaxy_tags: []
+  repository: "https://s.infinito.nexus/code"
+  issue_tracker_url: "https://s.infinito.nexus/issues"
+  documentation: "https://s.infinito.nexus/code/"
+  logo:
+    class: "fas fa-book-open"
+  run_after:
+    - web-app-matomo
+    - web-app-keycloak
+    - web-app-mailu
+dependencies: []

roles/web-app-confluence/tasks/main.yml

@@ -0,0 +1,7 @@
+---
+- block:
+  - name: "load docker, db and proxy for {{ application_id }}"
+    include_role: 
+      name: sys-stk-full-stateful
+  - include_tasks: utils/run_once.yml
+  when: run_once_web_app_confluence is not defined

roles/web-app-confluence/templates/docker-compose.yml.j2

@@ -0,0 +1,25 @@
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
+  application:
+    build:
+      context: .
+      dockerfile: Dockerfile
+      args:
+        CONFLUENCE_BASE_IMAGE: "{{ CONFLUENCE_IMAGE }}:{{ CONFLUENCE_VERSION }}"
+    image: "{{ CONFLUENCE_IMAGE }}:{{ CONFLUENCE_VERSION }}-oidc"
+    container_name: "{{ CONFLUENCE_CONTAINER }}"
+    hostname: '{{ CONFLUENCE_HOSTNAME}}'
+    ports:
+      - "127.0.0.1:{{ ports.localhost.http[application_id] }}:8090"
+    volumes:
+      - 'data:/var/atlassian/application-data/confluence'
+{% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
+    depends_on:
+      - database
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
+  data:
+    name: {{ CONFLUENCE_DATA_VOLUME }}
+
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}

roles/web-app-confluence/templates/env.j2

@@ -0,0 +1,24 @@
+## Confluence core
+CONFLUENCE_URL="{{ CONFLUENCE_URL }}"
+
+## Database
+CONFLUENCE_DATABASE_NAME="{{ database_name }}"
+CONFLUENCE_DATABASE_USER="{{ database_username }}"
+CONFLUENCE_DATABASE_PASSWORD="{{ database_password }}"
+CONFLUENCE_DATABASE_HOST="{{ database_host }}"
+CONFLUENCE_DATABASE_PORT="{{ database_port }}"
+
+## OIDC
+{% if CONFLUENCE_OIDC_ENABLED %}
+CONFLUENCE_OIDC_TITLE="{{ CONFLUENCE_OIDC_LABEL | replace('\"','\\\"') }}"
+CONFLUENCE_OIDC_ISSUER="{{ CONFLUENCE_OIDC_ISSUER }}"
+CONFLUENCE_OIDC_AUTHORIZATION_ENDPOINT="{{ CONFLUENCE_OIDC_AUTH_URL }}"
+CONFLUENCE_OIDC_TOKEN_ENDPOINT="{{ CONFLUENCE_OIDC_TOKEN_URL }}"
+CONFLUENCE_OIDC_USERINFO_ENDPOINT="{{ CONFLUENCE_OIDC_USERINFO_URL }}"
+CONFLUENCE_OIDC_END_SESSION_ENDPOINT="{{ CONFLUENCE_OIDC_LOGOUT_URL }}"
+CONFLUENCE_OIDC_JWKS_URI="{{ CONFLUENCE_OIDC_JWKS_URL }}"
+CONFLUENCE_OIDC_CLIENT_ID="{{ CONFLUENCE_OIDC_CLIENT_ID }}"
+CONFLUENCE_OIDC_CLIENT_SECRET="{{ CONFLUENCE_OIDC_CLIENT_SECRET }}"
+CONFLUENCE_OIDC_SCOPES="{{ CONFLUENCE_OIDC_SCOPES }}"
+CONFLUENCE_OIDC_UNIQUE_ATTRIBUTE="{{ CONFLUENCE_OIDC_UNIQUE_ATTRIBUTE }}"
+{% endif %}

roles/web-app-confluence/vars/main.yml

@@ -0,0 +1,27 @@
+application_id:                 "web-app-confluence"
+database_type:                  "postgres"
+container_port:                 8090   # Standardport Confluence
+
+# URLs
+CONFLUENCE_URL:                 "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
+CONFLUENCE_HOSTNAME:            "{{ domains | get_domain(application_id) }}"
+
+# OIDC
+CONFLUENCE_OIDC_ENABLED:        "{{ applications | get_app_conf(application_id, 'features.oidc') }}"
+CONFLUENCE_OIDC_LABEL:          "{{ OIDC.BUTTON_TEXT }}"
+CONFLUENCE_OIDC_CLIENT_ID:      "{{ OIDC.CLIENT.ID }}"
+CONFLUENCE_OIDC_CLIENT_SECRET:  "{{ OIDC.CLIENT.SECRET }}"
+CONFLUENCE_OIDC_ISSUER:         "{{ OIDC.CLIENT.ISSUER_URL }}"
+CONFLUENCE_OIDC_AUTH_URL:       "{{ OIDC.CLIENT.AUTHORIZE_URL }}"
+CONFLUENCE_OIDC_TOKEN_URL:      "{{ OIDC.CLIENT.TOKEN_URL }}"
+CONFLUENCE_OIDC_USERINFO_URL:   "{{ OIDC.CLIENT.USER_INFO_URL }}"
+CONFLUENCE_OIDC_LOGOUT_URL:     "{{ OIDC.CLIENT.LOGOUT_URL }}"
+CONFLUENCE_OIDC_JWKS_URL:       "{{ OIDC.CLIENT.CERTS }}"
+CONFLUENCE_OIDC_SCOPES:         "openid,email,profile"
+CONFLUENCE_OIDC_UNIQUE_ATTRIBUTE: "{{ OIDC.ATTRIBUTES.USERNAME }}"
+
+# Docker
+CONFLUENCE_VERSION:             "{{ applications | get_app_conf(application_id, 'docker.services.application.version') }}"
+CONFLUENCE_IMAGE:               "{{ applications | get_app_conf(application_id, 'docker.services.application.image') }}"
+CONFLUENCE_CONTAINER:           "{{ applications | get_app_conf(application_id, 'docker.services.application.name') }}"
+CONFLUENCE_DATA_VOLUME:         "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"