Solved more domain related bugs

group_vars/all/07_applications.yml

@@ -254,6 +254,8 @@ defaults_applications:
   ## Peertube
   peertube:
     version:              "bookworm"
+    database:
+      central_storage:    True 
 
   ## PHPMyAdmin
   phpmyadmin:

roles/docker-akaunting/templates/env.j2

@@ -1,5 +1,5 @@
 # You should change this to match your reverse proxy DNS name and protocol
-APP_URL=https://{{domain}}
+APP_URL=https://{{domains[application_id]}}
 LOCALE={{locale}}
 
 # Don't change this unless you rename your database container or use rootless podman, in case of using rootless podman you should set it to 127.0.0.1 (NOT localhost)

roles/docker-attendize/tasks/main.yml

@@ -12,10 +12,10 @@
     - "{{ domains.mailu }}"
     - "{{ domain }}"
     
-- name: configure {{domain}}.conf
+- name: configure {{domains[application_id]}}.conf
   template: 
     src: roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 
-    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
+    dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
   notify: restart nginx
 
 - name: "include tasks update-repository-with-files.yml"

roles/docker-bigbluebutton/tasks/main.yml

@@ -9,10 +9,10 @@
 #- name: "include task certbot-and-globals.yml"
 #  include_tasks: certbot-and-globals.yml
 #
-#- name: configure {{domain}}.conf
+#- name: configure {{domains[application_id]}}.conf
 #  template: 
 #    src:  "nginx-proxy.conf.j2"
-#    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
+#    dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
 #  notify: restart nginx
 
 - name: "include role nginx-domain-setup for {{application_id}}"

roles/docker-bigbluebutton/templates/env.j2

@@ -40,7 +40,7 @@ FSESL_PASSWORD={{bigbluebutton_fsesl_password}}
 # CONNECTION
 # ====================================
 
-DOMAIN={{domain}}
+DOMAIN={{domains[application_id]}}
 
 EXTERNAL_IPv4={{networks.internet.ip4}}
 # The following line is not tested and could lead to bugs:
@@ -53,7 +53,7 @@ STUN_PORT={{ ports.public.stun[application_id] }}
 
 # TURN SERVER
 # uncomment and adjust following two lines to add an external TURN server
-TURN_SERVER=turns:{{domain}}:{{ ports.public.turn[application_id] }}?transport=tcp
+TURN_SERVER=turns:{{domains[application_id]}}:{{ ports.public.turn[application_id] }}?transport=tcp
 TURN_SECRET={{bigbluebutton_turn_secret}}
 
 # Allowed SIP IPs
@@ -204,7 +204,7 @@ ALLOW_GREENLIGHT_ACCOUNTS=true
 # Please refer to your SMTP provider to get the values for the variables below
 
 SMTP_SERVER={{system_email.host}}
-SMTP_DOMAIN={{domain}}
+SMTP_DOMAIN={{system_email.domain}}
 SMTP_PORT={{system_email.port}}
 SMTP_USERNAME={{system_email.username}}
 SMTP_PASSWORD={{system_email.password}}
@@ -290,5 +290,5 @@ DEFAULT_REGISTRATION=invite
 OPENID_CONNECT_CLIENT_ID={{oidc.client.id}}
 OPENID_CONNECT_CLIENT_SECRET={{oidc.client.secret}}
 OPENID_CONNECT_ISSUER={{oidc.client.issuer_url}}
-OPENID_CONNECT_REDIRECT=https://{{domain}}
+OPENID_CONNECT_REDIRECT=https://{{domains[application_id]}}
 {% endif %}

roles/docker-central-database/vars/database.yml

@@ -4,3 +4,5 @@ database_name:      "{{ application_id }}"
 database_username:  "{{ application_id }}"
 database_port:      "{{ 3306 if database_type == 'mariadb' else 5432 }}"
 database_env:       "{{docker_compose.directories.env}}{{database_type}}.env"
+
+# Don't set application_id . It would conflict with central database logic

roles/docker-discourse/templates/discourse_application.yml.j2

@@ -41,7 +41,7 @@ env:
   UNICORN_WORKERS: 8
 
   ## Required. Discourse will not work with a bare IP number.
-  DISCOURSE_HOSTNAME: {{domain}}
+  DISCOURSE_HOSTNAME: {{domains[application_id]}}
 
   ## Uncomment if you want the container to be started with the same
   ## hostname (-h option) as specified above (default "$hostname-$config")
@@ -122,7 +122,7 @@ run:
   - exec: rails r "SiteSetting.openid_connect_discovery_document = '{{oidc.client.discovery_document}}'"
   - exec: rails r "SiteSetting.openid_connect_client_id = '{{oidc.client.id}}'"         
   - exec: rails r "SiteSetting.openid_connect_client_secret = '{{oidc.client.secret}}'"     
-  - exec: rails r "SiteSetting.openid_connect_rp_initiated_logout_redirect = 'https://{{domain}}'"
+  - exec: rails r "SiteSetting.openid_connect_rp_initiated_logout_redirect = 'https://{{domains[application_id]}}'"
   - exec: rails r "SiteSetting.openid_connect_allow_association_change = false"
   - exec: rails r "SiteSetting.openid_connect_rp_initiated_logout = true"
 {% endif %}

roles/docker-friendica/templates/docker-compose.yml.j2

@@ -20,7 +20,7 @@ services:
       test:
         [
           "CMD-SHELL",
-          "(if [ ! -f /tmp/email_sent ]; then echo 'Subject: testmessage from {{domain}}\n\nSUCCESSFULL' | msmtp -t {{test_email}} && touch /tmp/email_sent; fi && curl -f http://127.0.0.1:80) || exit 1"
+          "(if [ ! -f /tmp/email_sent ]; then echo 'Subject: testmessage from {{domains[application_id]}}\n\nSUCCESSFULL' | msmtp -t {{test_email}} && touch /tmp/email_sent; fi && curl -f http://127.0.0.1:80) || exit 1"
         ]
       interval: 1m
       timeout: 10s

roles/docker-friendica/templates/env.j2

@@ -1,8 +1,8 @@
 # The configuration options can be found here: 
 # @see https://hub.docker.com/_/friendica
 
-FRIENDICA_URL= https://{{domain}}
+FRIENDICA_URL= https://{{domains[application_id]}}
-HOSTNAME= {{domain}}
+HOSTNAME= {{domains[application_id]}}
 FRIENDICA_NO_VALIDATION={{no_validation | lower}}
       
 # Debugging

roles/docker-funkwhale/templates/env.j2

@@ -40,7 +40,7 @@ FUNKWHALE_WEB_WORKERS=4
 # Replace this by the definitive, public domain you will use for
 # your instance. It cannot be changed after initial deployment
 # without breaking your instance.
-FUNKWHALE_HOSTNAME={{domain}}
+FUNKWHALE_HOSTNAME={{domains[application_id]}}
 FUNKWHALE_PROTOCOL=https
 
 # Log level (debug, info, warning, error, critical)

roles/docker-gitea/templates/env.j2

@@ -7,7 +7,7 @@ DB_USER={{database_username}}
 DB_PASSWD={{database_password}}
 SSH_PORT={{ports.public.ssh[application_id]}}
 SSH_LISTEN_PORT=22
-DOMAIN={{domain}}
+DOMAIN={{domains[application_id]}}
-SSH_DOMAIN={{domain}}
+SSH_DOMAIN={{domains[application_id]}}
 RUN_MODE="{{run_mode}}"
-ROOT_URL="https://{{domain}}/"
+ROOT_URL="https://{{domains[application_id]}}/"

roles/docker-gitlab/templates/docker-compose.yml.j2

@@ -6,7 +6,7 @@ services:
 
   web:
     image: "gitlab/gitlab-ee:{{applications.gitlab.version}}"
-    hostname: '{{domain}}'
+    hostname: '{{domains[application_id]}}'
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
     ports:
       - "127.0.0.1:{{ports.localhost.http[application_id]}}:80"

roles/docker-keycloak/templates/env.j2

@@ -2,7 +2,7 @@
 # Documentation can be found here: 
 # @see https://www.keycloak.org/server/containers
 
-KC_HOSTNAME=                    https://{{domain}}
+KC_HOSTNAME=                    https://{{domains[application_id]}}
 KC_HTTP_ENABLED=                true
 
 # Health Checks

roles/docker-ldap/tasks/main.yml

@@ -10,16 +10,16 @@
     domain: 	"{{ domains[application_id] }}"
     http_port: 	"{{ ports.localhost.http[application_id] }}"
 
-- name: Create {{domain}}.conf if LDAP is exposed to internet
+- name: Create {{domains[application_id]}}.conf if LDAP is exposed to internet
   template: 
     src:  "nginx.stream.conf.j2" 
-    dest: "{{nginx.directories.streams}}{{domain}}.conf"
+    dest: "{{nginx.directories.streams}}{{domains[application_id]}}.conf"
   notify: restart nginx
   when: applications.ldap.openldap.network.public | bool
 
-- name: Remove {{domain}}.conf if LDAP is not exposed to internet
+- name: Remove {{domains[application_id]}}.conf if LDAP is not exposed to internet
   file:
-    path: "{{ nginx.directories.streams }}{{ domain }}.conf"
+    path: "{{ nginx.directories.streams }}{{ domains[application_id] }}.conf"
     state: absent
   when: not applications.ldap.openldap.network.public | bool
 

roles/docker-ldap/templates/phpldapadmin.env.j2

@@ -1,3 +1,3 @@
 # @See https://github.com/leenooks/phpLDAPadmin/wiki/Docker-Container
-APP_URL=    https://{{domain}}
+APP_URL=    https://{{domains[application_id]}}
 LDAP_HOST=  openldap

roles/docker-mailu/templates/env.j2

@@ -20,7 +20,7 @@ SUBNET={{networks.local.mailu.subnet}}
 DOMAIN={{applications.mailu.domain}}
 
 # Hostnames for this server, separated with comas
-HOSTNAMES={{domain}}
+HOSTNAMES={{domains[application_id]}}
 
 # Postmaster local part (will append the main mail domain)
 POSTMASTER=admin
@@ -105,7 +105,7 @@ WEB_WEBMAIL=/webmail
 SITENAME=Mailservices
 
 # Linked Website URL
-WEBSITE=https://{{domain}}
+WEBSITE=https://{{domains[application_id]}}
 
 
 
@@ -162,7 +162,7 @@ OIDC_ENABLED={{ applications[application_id].oidc.enabled | string | capitalize
 # OpenID Connect provider configuration URL
 OIDC_PROVIDER_INFO_URL={{oidc.client.issuer_url}}
 # OpenID redirect URL if HOSTNAME not matching your login url
-OIDC_REDIRECT_URL=https://{{domain}}
+OIDC_REDIRECT_URL=https://{{domains[application_id]}}
 # OpenID Connect Client ID for Mailu
 OIDC_CLIENT_ID={{oidc.client.id}}
 # OpenID Connect Client secret for Mailu

roles/docker-mastodon/tasks/create-domains.yml

@@ -1,9 +1,11 @@
 - name: "include role receive certbot certificate"
   include_role: 
     name: nginx-https-recieve-certificate
+  vars:
+    domain: "{{domains[application_id]}}"
     
-- name: configure {{domain}}.conf
+- name: configure {{domains[application_id]}}.conf
   template: 
     src:  "mastodon.conf.j2" 
-    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
+    dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
   notify: restart nginx

roles/docker-mastodon/templates/env.j2

@@ -3,7 +3,7 @@
 # @see https://github.com/mastodon/mastodon/blob/main/.env.production.sample
 
 
-LOCAL_DOMAIN={{domain}}
+LOCAL_DOMAIN={{domains[application_id]}}
 ALTERNATE_DOMAINS="{{ domains.mastodon_alternates | join(',') }}"
 SINGLE_USER_MODE={{applications.mastodon.single_user_mode}}
 
@@ -66,7 +66,7 @@ OIDC_DISCOVERY=true
 OIDC_SCOPE="openid,profile,email"
 OIDC_UID_FIELD=preferred_username                       # @see https://stackoverflow.com/questions/72108087/how-to-set-the-username-of-mastodon-by-log-in-via-keycloak
 OIDC_CLIENT_ID={{oidc.client.id}}
-OIDC_REDIRECT_URI=https://{{domain}}/auth/auth/openid_connect/callback
+OIDC_REDIRECT_URI=https://{{domains[application_id]}}/auth/auth/openid_connect/callback
 OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true
 OIDC_CLIENT_SECRET={{oidc.client.secret}}
 OMNIAUTH_ONLY=true                                      # uncomment to only use OIDC for login / registration buttons

roles/docker-matrix-compose/tasks/main.yml

@@ -26,7 +26,7 @@
     src:  "templates/nginx.conf.j2" 
     dest: "{{nginx.directories.http.servers}}{{domains.matrix_synapse}}.conf"
   vars:
-    # domain:     "{{domains.matrix_synapse}}" This does not seem to work @todo Check how to solve without declaring set_fact, seems a bug at templates
+    domain:     "{{domains.matrix_synapse}}" # Didn't work in the past. May it works now. This does not seem to work @todo Check how to solve without declaring set_fact, seems a bug at templates
     http_port:  "{{ports.localhost.http.matrix_synapse}}"
   notify: restart nginx
         

roles/docker-mybb/tasks/main.yml

@@ -3,7 +3,7 @@
   include_role: 
     name: docker-central-database
 
-- name: "include tasks setup-domain.yml with {{domain}}"
+- name: "include tasks setup-domain.yml with {{domains[application_id]}}"
   include_tasks: setup-domain.yml
   loop: "{{ mybb_domains + [source_domain] }}"
   loop_control:

roles/docker-mybb/tasks/setup-domain.yml

@@ -3,11 +3,13 @@
 - name: "include role receive certbot certificate"
   include_role: 
     name: nginx-https-recieve-certificate
+  vars:
+    domain: "{{domains[application_id]}}"
 
-- name: configure {{domain}}.conf
+- name: configure {{domains[application_id]}}.conf
   template: 
     src:  "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2" 
-    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
+    dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
   notify: restart nginx
   vars: 
-    nginx_docker_reverse_proxy_extra_configuration: "sub_filter '{{source_domain}}' '{{domain}}';"
+    nginx_docker_reverse_proxy_extra_configuration: "sub_filter '{{source_domain}}' '{{domains[application_id]}}';"

roles/docker-nextcloud/tasks/main.yml

@@ -6,11 +6,13 @@
 - name: "include role receive certbot certificate"
   include_role: 
     name: nginx-https-recieve-certificate
+  vars:
+    domain: "{{domains[application_id]}}"
 
 - name: create nextcloud nginx proxy configuration file
   template: 
     src:  "proxy-nginx.conf.j2" 
-    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
+    dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
   notify: restart nginx
 
 - name: create internal nextcloud nginx configuration

roles/docker-openproject/templates/env.j2

@@ -7,7 +7,7 @@
 #   https://www.openproject.org/docs/installation-and-operations/configuration/environment/
 #
 OPENPROJECT_HTTPS=true
-OPENPROJECT_HOST__NAME={{domain}}
+OPENPROJECT_HOST__NAME={{domains[application_id]}}
 OPENPROJECT_RAILS__RELATIVE__URL__ROOT=
 IMAP_ENABLED=false
 POSTGRES_PASSWORD="{{ database_password }}"

roles/docker-peertube/tasks/create-domains.yml

@@ -1,9 +1,11 @@
 - name: "include role receive certbot certificate"
   include_role: 
     name: nginx-https-recieve-certificate
+  vars:
+    domain: "{{domains[application_id]}}"
 
-- name: configure {{domain}}.conf
+- name: configure {{domains[application_id]}}.conf
   template: 
     src:  "templates/peertube.conf.j2"
-    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
+    dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
   notify: restart nginx

roles/docker-peertube/templates/env.j2

@@ -8,7 +8,7 @@ PEERTUBE_DB_SSL=false
 PEERTUBE_DB_HOSTNAME={{database_host}}
 
 # PeerTube server configuration
-PEERTUBE_WEBSERVER_HOSTNAME={{domain}}
+PEERTUBE_WEBSERVER_HOSTNAME={{domains[application_id]}}
 PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback"]
 
 PEERTUBE_SECRET={{peertube_secret}}

roles/docker-peertube/templates/peertube.conf.j2

@@ -1,5 +1,5 @@
 server {
-  server_name {{domain}};
+  server_name {{domains[application_id]}};
 
   {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
 

roles/docker-pixelfed/templates/env.j2

@@ -5,10 +5,10 @@ APP_KEY={{pixelfed_app_key}}
 APP_NAME="{{applications.pixelfed.titel}}"
 APP_ENV=production
 APP_DEBUG={{enable_debug | string | lower }}
-APP_URL=https://{{domain}}
+APP_URL=https://{{domains[application_id]}}
-APP_DOMAIN="{{domain}}"
+APP_DOMAIN="{{domains[application_id]}}"
-ADMIN_DOMAIN="{{domain}}"
+ADMIN_DOMAIN="{{domains[application_id]}}"
-SESSION_DOMAIN="{{domain}}"
+SESSION_DOMAIN="{{domains[application_id]}}"
 
 OPEN_REGISTRATION=false
 ENFORCE_EMAIL_VERIFICATION=false

roles/docker-snipe_it/templates/env.j2

@@ -5,7 +5,7 @@ APP_ENV=production
 APP_DEBUG={{enable_debug | string | lower }}
 # Please regenerate the APP_KEY value by calling `docker compose run --rm app php artisan key:generate --show`. Copy paste the value here
 APP_KEY={{applications.snipe_it.app_key}}
-APP_URL=https://{{domain}}
+APP_URL=https://{{domains[application_id]}}
 # https://en.wikipedia.org/wiki/List_of_tz_database_time_zones - TZ identifier
 APP_TIMEZONE='{{timezone}}'
 APP_LOCALE={{locale}}

roles/docker-taiga/templates/env.j2

@@ -1,6 +1,6 @@
 # Taiga's URLs - Variables to define where Taiga should be served
 TAIGA_SITES_SCHEME  =   https          # serve Taiga using "http" or "https" (secured) connection
-TAIGA_SITES_DOMAIN  =   "{{domain}}"   # Taiga's base URL
+TAIGA_SITES_DOMAIN  =   "{{domains[application_id]}}"   # Taiga's base URL
   
 TAIGA_SUBPATH       =   ""  # it'll be appended to the TAIGA_DOMAIN (use either "" or a "/subpath")
 WEBSOCKETS_SCHEME   =   wss # events connection protocol (use either "ws" or "wss")

roles/docker-yourls/templates/env.j2

@@ -2,6 +2,6 @@ YOURLS_DB_HOST: "{{database_host}}"
 YOURLS_DB_USER: "{{database_username}}"
 YOURLS_DB_PASS: "{{database_password}}"
 YOURLS_DB_NAME: "{{database_name}}"
-YOURLS_SITE:    "https://{{domain}}"
+YOURLS_SITE:    "https://{{domains[application_id]}}"
 YOURLS_USER:    "{{applications.yourls.administrator_username}}"
 YOURLS_PASS:    "{{yourls_administrator_password}}"

roles/nginx-modifier-css/templates/global.css.j2

@@ -907,6 +907,12 @@ div.statusError {
     background: linear-gradient({{ range(0, 361) | random }}deg, var(--color-55), var(--color-60), var(--color-61), var(--color-65));
 }
 
+div.wrapper footer.main-footer, div.wrapper div.content-wrapper{
+    background-color: var(--color-85);
+    background: linear-gradient({{ range(0, 361) | random }}deg, var(--color-89), var(--color-85), var(--color-80), var(--color-79));
+    color: var(--color-39);
+}
+
 /** Nextcloud specific **/
 html.ng-csp header#header{
     background-color: var(--color-80);

roles/nginx-serve-files/tasks/main.yml

@@ -1,11 +1,13 @@
 ---
-- name: "include role nginx-modifier-all for {{domain}}"
+- name: "include role nginx-modifier-all for {{domains[application_id]}}"
   include_role: 
     name: nginx-modifier-all
 
-- name: "include role nginx-https-recieve-certificate for {{domain}}"
+- name: "include role nginx-https-recieve-certificate for {{domains[application_id]}}"
   include_role: 
     name: nginx-https-recieve-certificate
+  vars:
+    domain: "{{domains[application_id]}}"
 
 - name: "generate {{domains[application_id]}}.conf"
   template: 

roles/nginx-serve-html/tasks/main.yml

@@ -1,11 +1,13 @@
 ---
-- name: "include role nginx-modifier-all for {{domain}}"
+- name: "include role nginx-modifier-all for {{domains[application_id]}}"
   include_role: 
     name: nginx-modifier-all
 
-- name: "include role nginx-https-recieve-certificate for {{domain}}"
+- name: "include role nginx-https-recieve-certificate for {{domains[application_id]}}"
   include_role: 
     name: nginx-https-recieve-certificate
+  vars:
+    domain: "{{domains[application_id]}}"
 
 - name: "generate {{domains[application_id]}}.conf"
   template: