Refactored and solved bugs

group_vars/all/03_domains.yml

@@ -17,6 +17,7 @@ defaults_domains:
   gitlab:                  "gitlab.{{primary_domain}}"
   html_server:             "html.{{primary_domain}}"
   keycloak:                "auth.{{primary_domain}}"
+  lam:                     "ldap.{{primary_domain}}"
   ldap:                    "ldap.{{primary_domain}}"
   listmonk:                "newsletter.{{primary_domain}}"
   mailu:                   "mail.{{primary_domain}}"
@@ -35,6 +36,7 @@ defaults_domains:
   peertube_alternates:     []
   pgadmin:                 "pgadmin.{{primary_domain}}"
   phpmyadmin:              "phpmyadmin.{{primary_domain}}"
+  phpmyldap:               "phpmyldap.{{primary_domain}}"
   pixelfed:                "picture.{{primary_domain}}"
   portfolio:               "{{primary_domain}}"
   roulette-wheel:          "roulette.{{primary_domain}}"
@@ -55,7 +57,10 @@ defaults_redirect_domain_mappings:
 - { source: "funkwhale.{{primary_domain}}",   target: "{{domains.funkwhale}}" }
 - { source: "gitea.{{primary_domain}}",       target: "{{domains.gitea}}" }
 - { source: "keycloak.{{primary_domain}}",    target: "{{domains.keycloak}}" }
-- { source: "lam.{{primary_domain}}",         target: "{{domains.ldap}}" }
+- { 
+    source: "{{ domains.ldap }}", 
+    target: "{% if 'lam' in group_names %}{{ domains.lam }}{% elif 'phpmyldap' in group_names %}{{ domains.phpmyldap }}{% else %}{{ primary_domain }}{% endif %}"
+  }
 - { source: "listmonk.{{primary_domain}}",    target: "{{domains.listmonk}}" }
 - { source: "mailu.{{primary_domain}}",       target: "{{domains.mailu}}" }
 - { source: "moodle.{{primary_domain}}",      target: "{{domains.moodle}}" }

group_vars/all/07_applications.yml

@@ -224,9 +224,9 @@ defaults_applications:
       application:                    application                                 # Needs to be the same as webinterface
       port:                           80                                          # application port
 #     cookie_secret:                  None                                        # Set via openssl rand -hex 16
-    matomo_tracking_enabled:      "{{matomo_tracking_enabled_default}}"           # Enables\Disables Matomo Tracking
-    css_enabled:                  "{{css_enabled_default}}"                       # Enables\Disables Global CSS Style
-    landingpage_iframe_enabled:   "{{landingpage_iframe_enabled_default}}"        # Enables\Disables the possibility to embed this on landing page via iframe
+    matomo_tracking_enabled:          "{{matomo_tracking_enabled_default}}"       # Enables\Disables Matomo Tracking
+    css_enabled:                      "{{css_enabled_default}}"                   # Enables\Disables Global CSS Style
+    landingpage_iframe_enabled:       "{{landingpage_iframe_enabled_default}}"    # Enables\Disables the possibility to embed this on landing page via iframe
 
   ## LDAP
   ldap:
@@ -235,17 +235,17 @@ defaults_applications:
       local:                        True                                        # Activates local network to allow other docker containers to connect
       public:                       False                                       # Set to true in inventory file if you want to expose the LDAP port to the internet
     hostname:                       "openldap"                                  # Hostname of the LDAP Server in the central_ldap network
-    webinterface:                     "lam"                                       # The webinterface which should be used. Possible: lam and phpldapadmin
+    webinterface:                   "lam"                                       # The webinterface which should be used. Possible: lam and phpldapadmin
     users:  
       administrator:
-        username:                     "{{users.administrator.username}}"
-    # administrator_password:                                                     # CHANGE for security reasons in inventory file
-    # administrator_database_password:                                            # CHANGE for security reasons in inventory file
-    force_import:                 False                                           # Forces the import of the LDIF files
+        username:                   "{{users.administrator.username}}"          # Administrator username
+    # administrator_password:                                                   # CHANGE for security reasons in inventory file
+    # administrator_database_password:                                          # CHANGE for security reasons in inventory file
+    force_import:                   False                                       # Forces the import of the LDIF files
 
   ## Libre Office
   libreoffice:
-    flavor:                       "fresh"                                         # Libre Office flavor, fresh for new, still for stable
+    flavor:                       "fresh"                                       # Libre Office flavor, fresh for new, still for stable
 
   ## Listmonk
   listmonk:
@@ -623,9 +623,9 @@ defaults_applications:
 
   ## Peertube
   peertube:
-    version:              "bookworm"
+    version:                      "bookworm"
     database:
-      central_storage:    True                                              # Activate Central Database Storage
+      central_storage:            True                                      # Activate Central Database Storage
     matomo_tracking_enabled:      "{{matomo_tracking_enabled_default}}"     # Enables\Disables Matomo Tracking
     css_enabled:                  "{{css_enabled_default}}"                 # Enables\Disables Global CSS Style
     landingpage_iframe_enabled:   "{{landingpage_iframe_enabled_default}}"  # Enables\Disables the possibility to embed this on landing page via iframe
@@ -735,7 +735,8 @@ defaults_applications:
     # - https://community.taiga.io/t/taiga-and-oidc-plugin/4866
     #
     # Due to this reason this plutin is deactivated atm
-      enabled:                    True                                     # De\Activate OIDC for Taiga
+      enabled:                    False                                     # De\Activate OIDC for Taiga
+      flavor:                     'taigaio'                                 # Potential flavors: robrotheram, taigaio
                                                                             
 
   ## YOURLS

group_vars/all/11_iam.yml

@@ -19,10 +19,11 @@ defaults_oidc:
     issuer_url:           "{{_oidc_client_issuer_url}}"                                     # Base URL of the OIDC provider (issuer)
     discovery_document:   "{{_oidc_client_issuer_url}}/.well-known/openid-configuration"    # URL for fetching the provider's configuration details
     authorize_url:        "{{_oidc_client_issuer_url}}/protocol/openid-connect/auth"        # Endpoint to start the authorization process
-    token_url:             "{{_oidc_client_issuer_url}}/protocol/openid-connect/token"       # Endpoint to exchange authorization codes for tokens (note: 'token_url' may be a typo for 'token_url')
+    token_url:            "{{_oidc_client_issuer_url}}/protocol/openid-connect/token"       # Endpoint to exchange authorization codes for tokens (note: 'token_url' may be a typo for 'token_url')
     user_info_url:        "{{_oidc_client_issuer_url}}/protocol/openid-connect/userinfo"    # Endpoint to retrieve user information
     logout_url:           "{{_oidc_client_issuer_url}}/protocol/openid-connect/logout"      # Endpoint to log out the user
     change_credentials:   "{{_oidc_client_issuer_url}}account/account-security/signing-in"  # URL for managing or changing user credentials
+    certs:                "{{_oidc_client_issuer_url}}/protocol/openid-connect/certs"       # JSON Web Key Set (JWKS)
   button_text:            "SSO Login({{primary_domain | upper}})"                           # Default button text
   attributes:
     # Attribut to identify the user
@@ -35,7 +36,7 @@ defaults_oidc:
 # Helper Variables:
 # Keep in mind to mapp this variables if there is ever the possibility for the user to define them in the inventory
 _ldap_dn_base:      "dc={{primary_domain_sld}},dc={{primary_domain_tld}}"
-_ldap_server_port:  "{% if applications.ldap.openldap.network.local | bool %}{{ ports.localhost.ldap.openldap }}{% else %}{{ ports.localhost.ldaps.openldap }}{% endif %}"
+_ldap_server_port:  "{% if applications.ldap.network.local | bool %}{{ ports.localhost.ldap.openldap }}{% else %}{{ ports.localhost.ldaps.openldap }}{% endif %}"
 
 ldap:
   # Distinguished Names (DN)
@@ -56,9 +57,9 @@ ldap:
   # Password to access dn.bind
   bind_credential:      "{{applications.ldap.administrator_database_password}}"
   server:
-    domain:             "{{applications.ldap.openldap.hostname if applications.ldap.openldap.network.local | bool else domains.ldap}}" # Mapping for public or locale access
+    domain:             "{{applications.ldap.hostname if applications.ldap.network.local | bool else domains.ldap}}" # Mapping for public or locale access
     port:               "{{_ldap_server_port}}"
-    uri:                "{% if applications.ldap.openldap.network.local | bool %}ldap://{{ applications.ldap.openldap.hostname }}{% else %}ldaps://{{ domains.ldap }}{% endif %}:{{ _ldap_server_port }}"
+    uri:                "{% if applications.ldap.network.local | bool %}ldap://{{ applications.ldap.hostname }}{% else %}ldaps://{{ domains.ldap }}{% endif %}:{{ _ldap_server_port }}"
   network:
-    local:              "{{applications.ldap.openldap.network.local}}" # Uses the application configuration to define if local network should be available or not
+    local:              "{{applications.ldap.network.local}}" # Uses the application configuration to define if local network should be available or not