General optimations and refactorings in preparation for simpleicon role implementation

2025-08-29 23:08:06 +02:00 · 2025-07-06 14:54:31 +02:00
parent eed72368c1
commit cfeb8a5bf8
41 changed files with 421 additions and 151 deletions
--- a/roles/docker-akaunting/templates/env.j2
+++ b/roles/docker-akaunting/templates/env.j2
@@ -1,5 +1,5 @@
 # You should change this to match your reverse proxy DNS name and protocol
-APP_URL={{ web_protocol }}://{{domains | get_domain(application_id)}}
+APP_URL={{ domains | get_url(application_id, web_protocol) }}
 LOCALE={{ HOST_LL }}

 # Don't change this unless you rename your database container or use rootless podman, in case of using rootless podman you should set it to 127.0.0.1 (NOT localhost)
--- a/roles/docker-bigbluebutton/templates/env.j2
+++ b/roles/docker-bigbluebutton/templates/env.j2
@@ -290,6 +290,6 @@ DEFAULT_REGISTRATION=invite
 OPENID_CONNECT_CLIENT_ID={{oidc.client.id}}
 OPENID_CONNECT_CLIENT_SECRET={{oidc.client.secret}}
 OPENID_CONNECT_ISSUER={{oidc.client.issuer_url}}
-OPENID_CONNECT_REDIRECT=https://{{domains | get_domain(application_id)}}
+OPENID_CONNECT_REDIRECT={{ domains | get_url(application_id, web_protocol) }}
 # OPENID_CONNECT_UID_FIELD=sub default
 {% endif %}
--- a/roles/docker-compose/tasks/create-files.yml
+++ b/roles/docker-compose/tasks/create-files.yml
@@ -1,23 +1,27 @@
- name:           "Create (optional) '{{ docker_compose.files.dockerfile }}'"
+- name: Create (optional) Dockerfile
  template:
-    src:          "{{ playbook_dir }}/roles/{{ role_name }}/templates/Dockerfile.j2"
-    dest:         "{{ docker_compose.files.dockerfile }}"
-  notify:         docker compose up
-  ignore_errors:  false
-  register:       create_dockerfile_result
+    src: "{{ item }}"
+    dest: "{{ docker_compose.files.dockerfile }}"
+  with_first_found:
+    - "{{ playbook_dir }}/roles/{{ role_name }}/templates/Dockerfile.j2"
+    - "{{ playbook_dir }}/roles/{{ role_name }}/files/Dockerfile"
+  notify: docker compose up
+  register: create_dockerfile_result
  failed_when:
    - create_dockerfile_result is failed
    - "'Could not find or access' not in create_dockerfile_result.msg"

 - name:           "Create (optional) '{{ docker_compose.files.env }}'"
  template:
-    src:          "env.j2"
+    src:          "{{ item }}"
    dest:         "{{ docker_compose.files.env }}"
    mode:         '770'
    force:        yes
  notify:         docker compose up
  register:       env_template
-  ignore_errors:  false
+  with_first_found:
+    - "{{ playbook_dir }}/roles/{{ role_name }}/templates/env.j2"
+    - "{{ playbook_dir }}/roles/{{ role_name }}/files/env"
  failed_when:
    - env_template is failed
    - "'Could not find or access' not in env_template.msg"
--- a/roles/docker-espocrm/templates/env.j2
+++ b/roles/docker-espocrm/templates/env.j2
@@ -23,7 +23,7 @@ ESPOCRM_ADMIN_USERNAME={{ applications[application_id].users.administrator.usern
 ESPOCRM_ADMIN_PASSWORD={{ applications[application_id].credentials.administrator_password }}

 # Public base URL of the EspoCRM instance
-ESPOCRM_SITE_URL={{ web_protocol }}://{{ domains | get_domain(application_id) }}
+ESPOCRM_SITE_URL={{ domains | get_url(application_id, web_protocol) }}

 # ------------------------------------------------
 # General UI & locale settings
--- a/roles/docker-gitea/templates/env.j2
+++ b/roles/docker-gitea/templates/env.j2
@@ -4,7 +4,7 @@
 # General
 DOMAIN={{domains | get_domain(application_id)}}
 RUN_MODE="{{ 'dev' if (CYMAIS_ENVIRONMENT | lower) == 'development' else 'prod' }}"
-ROOT_URL="{{ web_protocol }}://{{domains | get_domain(application_id)}}/"
+ROOT_URL="{{ domains | get_url(application_id, web_protocol) }}/"
 APP_NAME="{{ applications[application_id].title }}"
 USER_UID=1000
 USER_GID=1000
--- a/roles/docker-keycloak/templates/import/realm.json.j2
+++ b/roles/docker-keycloak/templates/import/realm.json.j2
@@ -517,7 +517,7 @@
        "/realms/{{ keycloak_realm }}/account/*"
      ],
      "webOrigins": [
-        "{{ web_protocol }}://{{domains | get_domain('keycloak')}}"
+        "{{ domains | get_url('keycloak', web_protocol) }}"
      ],
      "notBefore": 0,
      "bearerOnly": false,
--- a/roles/docker-listmonk/vars/main.yml
+++ b/roles/docker-listmonk/vars/main.yml
@@ -3,7 +3,7 @@ database_type:      "postgres"

 listmonk_settings:
  - key: "app.root_url"
-    value: '"{{ web_protocol }}://{{ domains | get_domain(application_id) }}"'
+    value: '"{{ domains | get_url(application_id, web_protocol) }}"'

  - key: "app.notify_emails"
    value: "{{ [ users.administrator.email ] | to_json }}"
--- a/roles/docker-matomo/vars/main.yml
+++ b/roles/docker-matomo/vars/main.yml
@@ -2,7 +2,7 @@
 application_id:       "matomo"
 database_type:        "mariadb"
 matomo_excluded_ips:  "{{ applications.matomo.excluded_ips }}"
-matomo_index_php_url: "{{ web_protocol }}://{{ domains | get_domain('matomo') }}/index.php"
+matomo_index_php_url: "{{ domains | get_url('matomo', web_protocol) }}/index.php"
 matomo_auth_token:    "{{ applications.matomo.credentials.auth_token }}"


--- a/roles/docker-mobilizon/vars/main.yml
+++ b/roles/docker-mobilizon/vars/main.yml
@@ -3,6 +3,6 @@ application_id:                 mobilizon
 database_type:                  "postgres"
 database_gis_enabled:           true

-mobilizon_oidc_callback_url:    "{{ web_protocol }}://{{ domains | get_domain(application_id) }}/auth/openid_connect/callback"
+mobilizon_oidc_callback_url:    "{{ domains | get_url(application_id, web_protocol) }}/auth/openid_connect/callback"
 mobilizon_exposed_docker_port:  4000
 mobilizon_host_conf_exs_file:   "{{docker_compose.directories.config}}config.exs"
--- a/roles/docker-moodle/tasks/oidc.yml
+++ b/roles/docker-moodle/tasks/oidc.yml
@@ -39,7 +39,7 @@
    - { name: "field_lock_lastname",  value: "locked" }
    - { name: "field_map_email",      value: "locked" }
    #- { name: "showloginform",        value: 0 }  # Deactivate if OIDC is active
-    - { name: "alternateloginurl",    value: "{{ web_protocol }}://{{ domains | get_domain(application_id) }}/auth/oidc/" }
+    - { name: "alternateloginurl",    value: "{{ domains | get_url(application_id, web_protocol) }}/auth/oidc/" }
  loop_control:
    label: "{{ item.name }}"
  command: >
--- a/roles/docker-nextcloud/templates/env.j2
+++ b/roles/docker-nextcloud/templates/env.j2
@@ -32,7 +32,7 @@ NEXTCLOUD_ADMIN_PASSWORD=       "{{applications[application_id].credentials.admi
 NEXTCLOUD_TRUSTED_DOMAINS=      "{{domains | get_domain(application_id)}}"
 # Whitelist local docker gateway in Nextcloud to prevent brute-force throtteling
 TRUSTED_PROXIES=                "{{ networks.internet.values() | select | join(',') }}"
-OVERWRITECLIURL=                "{{ web_protocol }}://{{domains | get_domain(application_id)}}"
+OVERWRITECLIURL=                "{{ domains | get_url(application_id, web_protocol) }}"
 OVERWRITEPROTOCOL=              "https"

 # Redis Configuration
--- a/roles/docker-nextcloud/vars/plugins/bbb.yml
+++ b/roles/docker-nextcloud/vars/plugins/bbb.yml
@@ -4,4 +4,4 @@ plugin_configuration:
    configvalue:  "{{ applications.bigbluebutton.credentials.shared_secret }}"
  - appid:        "bbb"
    configkey:    "api.url"
-    configvalue:  "{{ web_protocol }}://{{domains | get_domain('bigbluebutton')}}{{applications.bigbluebutton.api_suffix}}"
+    configvalue:  "{{ domains | get_url('bigbluebutton', web_protocol) }}{{applications.bigbluebutton.api_suffix}}"
--- a/roles/docker-nextcloud/vars/system.yml
+++ b/roles/docker-nextcloud/vars/system.yml
@@ -18,4 +18,4 @@ nextcloud_system_config:
    value: "{{domains | get_domain(application_id)}}"

  - parameter: "overwrite.cli.url"
-    value: "{{ web_protocol }}://{{domains | get_domain(application_id)}}"
+    value: "{{ domains | get_url(application_id, web_protocol) }}"
--- a/roles/docker-phpldapadmin/templates/env.j2
+++ b/roles/docker-phpldapadmin/templates/env.j2
@@ -1,3 +1,3 @@
 # @See https://github.com/leenooks/phpLDAPadmin/wiki/Docker-Container
-APP_URL=    {{ web_protocol }}://{{domains | get_domain(application_id)}}
+APP_URL=    {{ domains | get_url(application_id, web_protocol) }}
 LDAP_HOST=  {{ldap.server.domain}}
--- a/roles/docker-pixelfed/templates/env.j2
+++ b/roles/docker-pixelfed/templates/env.j2
@@ -5,7 +5,7 @@ APP_KEY={{applications[application_id].credentials.app_key}}
 APP_NAME="{{applications.pixelfed.titel}}"
 APP_ENV={{ CYMAIS_ENVIRONMENT | lower }}
 APP_DEBUG={{enable_debug | string | lower }}
-APP_URL={{ web_protocol }}://{{domains | get_domain(application_id)}}
+APP_URL={{ domains | get_url(application_id, web_protocol) }}
 APP_DOMAIN="{{domains | get_domain(application_id)}}"
 ADMIN_DOMAIN="{{domains | get_domain(application_id)}}"
 SESSION_DOMAIN="{{domains | get_domain(application_id)}}"
--- a/roles/docker-simpleicons/files/Dockerfile
+++ b/roles/docker-simpleicons/files/Dockerfile
@@ -0,0 +1,16 @@
+FROM node:latest AS builder
+
+WORKDIR /app
+COPY package*.json ./
+
+RUN npm install
+
+FROM node:latest
+
+WORKDIR /app
+COPY --from=builder /app/node_modules ./node_modules
+COPY server.js .
+
+EXPOSE 3000
+
+CMD ["node", "server.js"]
--- a/roles/docker-simpleicons/files/env
+++ b/roles/docker-simpleicons/files/env
--- a/roles/docker-simpleicons/templates/package.json
+++ b/roles/docker-simpleicons/templates/package.json
--- a/roles/docker-simpleicons/templates/Dockerfile
+++ b/roles/docker-simpleicons/templates/Dockerfile
@@ -1,25 +0,0 @@
-# ---- Builder Stage ----
-FROM node:latest AS builder
-
-WORKDIR /app
-# Nur package.json und package-lock.json kopieren für schnellere Caching-Layers
-COPY package*.json ./
-
-# simple-icons installieren
-RUN npm install
-
-# ---- Runtime Stage ----
-FROM node:latest
-
-WORKDIR /app
-# Nur node_modules aus dem Builder übernehmen
-COPY --from=builder /app/node_modules ./node_modules
-# Kopiere den Server-Code
-COPY server.js .
-
-# Port, auf dem der Server lauscht
-ENV PORT=3000
-EXPOSE 3000
-
-# Startbefehl
-CMD ["node", "server.js"]
--- a/roles/docker-simpleicons/templates/docker-compose.yml
+++ b/roles/docker-simpleicons/templates/docker-compose.yml
@@ -1,14 +0,0 @@
-version: '3.8'
-
-services:
-  icons:
-    build:
-      context: .
-      dockerfile: Dockerfile
-    image: simpleicons-server:latest
-    container_name: simpleicons-server
-    ports:
-      - "3000:3000"
-    environment:
-      - PORT=3000
-    restart: unless-stopped
--- a/roles/docker-simpleicons/templates/docker-compose.yml.j2
+++ b/roles/docker-simpleicons/templates/docker-compose.yml.j2
@@ -0,0 +1,14 @@
+services:
+  application:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    image: simpleicons-server:latest
+    container_name: simpleicons-server
+    ports:
+      - "{{ports.localhost.http[application_id]}}:3000"
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+{% include 'templates/docker/container/networks.yml.j2' %}
+
+{% include 'templates/docker/compose/networks.yml.j2' %}
+
--- a/roles/docker-simpleicons/templates/server.js.j2
+++ b/roles/docker-simpleicons/templates/server.js.j2
@@ -5,7 +5,7 @@ import sharp from 'sharp';
 const app = express();
 const port = process.env.PORT || 3000;

-// Helper: turn 'nextcloud' → 'siNextcloud'
+// Helper: convert 'nextcloud' → 'siNextcloud'
 function getExportName(slug) {
  return 'si' + slug
    .split('-')
@@ -13,8 +13,13 @@ function getExportName(slug) {
    .join('');
 }

-// GET /icons/:slug.svg
-app.get('/icons/:slug.svg', (req, res) => {
+// Root: redirect to your documentation
+app.get('/', (req, res) => {
+  res.redirect('https://docs.cymais.cloud/roles/docker-{{ application_id }}/README.html');
+});
+
+// GET /:slug.svg
+app.get('/:slug.svg', (req, res) => {
  const slug = req.params.slug.toLowerCase();
  const exportName = getExportName(slug);
  const icon = icons[exportName];
@@ -23,11 +28,12 @@ app.get('/icons/:slug.svg', (req, res) => {
    return res.status(404).send('Icon not found');
  }

-  res.type('image/svg+xml').send(icon.svg);
+  res.type('image/svg+xml');
+  res.send(icon.svg);
 });

-// GET /icons/:slug.png?size=...
-app.get('/icons/:slug.png', async (req, res) => {
+// GET /:slug.png?size=...
+app.get('/:slug.png', async (req, res) => {
  const slug = req.params.slug.toLowerCase();
  const size = parseInt(req.query.size, 10) || 128;
  const exportName = getExportName(slug);
@@ -38,12 +44,13 @@ app.get('/icons/:slug.png', async (req, res) => {
  }

  try {
-    const png = await sharp(Buffer.from(icon.svg))
+    const pngBuffer = await sharp(Buffer.from(icon.svg))
      .resize(size, size)
      .png()
      .toBuffer();

-    res.type('image/png').send(png);
+    res.type('image/png');
+    res.send(pngBuffer);
  } catch (err) {
    console.error('PNG generation error:', err);
    res.status(500).send('PNG generation error');
--- a/roles/docker-simpleicons/vars/main.yml
+++ b/roles/docker-simpleicons/vars/main.yml
@@ -0,0 +1 @@
+application_id: simpleicons
--- a/roles/docker-snipe-it/vars/main.yml
+++ b/roles/docker-snipe-it/vars/main.yml
@@ -1,4 +1,4 @@
 application_id:     "snipe-it"
 database_password:  "{{ applications[application_id].credentials.database_password }}"
 database_type:      "mariadb"
-snipe_it_url:       "{{ web_protocol }}://{{domains | get_domain(application_id)}}"
+snipe_it_url:       "{{ domains | get_url(application_id, web_protocol) }}"
--- a/roles/docker-syncope/templates/docker-compose.yml.j2
+++ b/roles/docker-syncope/templates/docker-compose.yml.j2
@@ -13,7 +13,7 @@ services:
     environment:
       SPRING_PROFILES_ACTIVE: docker,postgresql,saml2
       OPENJPA_REMOTE_COMMIT: sjvm
-       SERVICE_DISCOVERY_ADDRESS: {{ web_protocol }}://{{ domains | get_domain(application_id) }}/{{syncope_paths[rest]}}/
+       SERVICE_DISCOVERY_ADDRESS: {{ domains | get_url(application_id, web_protocol) }}/{{syncope_paths[rest]}}/
    # database variablen auslesen

   console: 
@@ -25,7 +25,7 @@ services:
     restart: always
     environment:
       SPRING_PROFILES_ACTIVE: docker,saml2
-       SERVICE_DISCOVERY_ADDRESS: {{ web_protocol }}://{{ domains | get_domain(application_id) }}/{{syncope_paths[console]}}/
+       SERVICE_DISCOVERY_ADDRESS: {{ domains | get_url(application_id, web_protocol) }}/{{syncope_paths[console]}}/

   enduser: 
     depends_on:
@@ -36,5 +36,5 @@ services:
     restart: always
     environment:
       SPRING_PROFILES_ACTIVE: docker,saml2
-       SERVICE_DISCOVERY_ADDRESS: {{ web_protocol }}://{{ domains | get_domain(application_id) }}/{{syncope_paths[enduser]}}/
+       SERVICE_DISCOVERY_ADDRESS: {{ domains | get_url(application_id, web_protocol) }}/{{syncope_paths[enduser]}}/
       
--- a/roles/docker-template/README.md
+++ b/roles/docker-template/README.md
@@ -0,0 +1,2 @@
+# Docker Role Template
+This folder contains a template to setup docker roles
--- a/roles/docker-template/vars/main.yml
+++ b/roles/docker-template/vars/main.yml
@@ -0,0 +1 @@
+application_id: template
--- a/roles/docker-wordpress/tasks/install.yml
+++ b/roles/docker-wordpress/tasks/install.yml
@@ -2,7 +2,7 @@
  command: >
    docker-compose exec -T -u www-data application
    wp core install
-      --url="{{ web_protocol }}://{{ domains | get_domain(application_id) }}"
+      --url="{{ domains | get_url(application_id, web_protocol) }}"
      --title="{{ applications[application_id].title }}"
      --admin_user="{{ applications[application_id].users.administrator.username }}"
      --admin_password="{{ applications[application_id].credentials.administrator_password }}"
--- a/roles/docker-wordpress/vars/discourse.yml
+++ b/roles/docker-wordpress/vars/discourse.yml
@@ -11,7 +11,7 @@ discourse_settings:

  - name: discourse_connect
    key: url
-    value: "{{ web_protocol }}://{{ domains | get_domain('discourse') }}"
+    value: "{{ domains | get_url('discourse', web_protocol) }}"
  - name: discourse_connect
    key: api-key
    value: "{{ vault_discourse_api_key }}"
--- a/roles/docker-yourls/templates/env.j2
+++ b/roles/docker-yourls/templates/env.j2
@@ -2,7 +2,7 @@ YOURLS_DB_HOST: "{{database_host}}"
 YOURLS_DB_USER: "{{database_username}}"
 YOURLS_DB_PASS: "{{database_password}}"
 YOURLS_DB_NAME: "{{database_name}}"
-YOURLS_SITE:    "{{ web_protocol }}://{{domains | get_domain(application_id)}}"
+YOURLS_SITE:    "{{ domains | get_url(application_id, web_protocol) }}"
 YOURLS_USER:    "{{applications.yourls.users.administrator.username}}"
 YOURLS_PASS:    "{{applications[application_id].credentials.administrator_password}}"
 # The following deactivates the login mask for admins, if the oauth2 proxy is activated 
--- a/roles/nginx-modifier-matomo/vars/main.yml
+++ b/roles/nginx-modifier-matomo/vars/main.yml
@@ -1,4 +1,4 @@
 base_domain:              "{{ domain | regex_replace('^(?:.*\\.)?(.+\\..+)$', '\\1') }}"
-matomo_index_php_url:     "{{ web_protocol }}://{{ domains | get_domain('matomo') }}/index.php"
+matomo_index_php_url:     "{{ domains | get_url('matomo', web_protocol) }}/index.php"
 matomo_auth_token:        "{{ applications.matomo.credentials.auth_token }}"
 matomo_verification_url:  "{{ matomo_index_php_url }}?module=API&method=SitesManager.getSitesIdFromSiteUrl&url=https://{{ base_domain }}&format=json&token_auth={{ matomo_auth_token }}"