Implemented a new docker compose structure which seperates between docker compose files and environment variable file to protect credentials better. Also did recatoring. Changes not fully tested

2025-02-22 04:29:38 +01:00 · 2025-02-04 22:37:07 +01:00 · 2025-02-04 22:37:07 +01:00 · e50fd54f4e
commit e50fd54f4e
parent 5503326ea6
85 changed files with 610 additions and 515 deletions
--- a/group_vars/all/07_applications.yml
+++ b/group_vars/all/07_applications.yml
@ -147,11 +147,15 @@ defaults_applications:
  ## OAuth2 Proxy
  oauth2_proxy:
-    configuration_file: "oauth2-proxy-keycloak.cfg"                                  # Needs to be set true in the roles which use it
+    configuration_file: "oauth2-proxy-keycloak.cfg"                                                                 # Needs to be set true in the roles which use it
    version:            "latest"
    redirect_url:       "https://{{domains.keycloak}}/auth/realms/{{primary_domain}}/protocol/openid-connect/auth"  # The redirect URL for the OAuth2 flow. It should match the redirect URL configured in Keycloak.
-    allowed_roles:      admin                                     # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups  
+    allowed_roles:      admin                                                                                       # Restrict it default to admin role. Use the vars/main.yml to open the specific role for other groups  
-    cookie_secret:      "{{applications.oauth2_proxy.cookie_secret}}"          # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16
+    cookie_secret:      "{{applications.oauth2_proxy.cookie_secret}}"                                               # Default use wildcard for primary domain, subdomain client specific configuration in vars files in the roles is possible openssl rand -hex 16
  ## Open Project
  openproject:
    version:            "13" # Update when available. Sadly no rolling release implemented
  ## Peertube
  peertube:
--- a/playbook.servers.yml
+++ b/playbook.servers.yml
@ -59,9 +59,7 @@
  become: true
  roles:
   -  role: docker-mailu
-      vars:
+
        enable_central_database: "{{enable_central_database_mailu}}"
 - name: setup elk hosts
  hosts: elk
  become: true
--- a/roles/docker-akaunting/tasks/main.yml
+++ b/roles/docker-akaunting/tasks/main.yml
@ -6,9 +6,16 @@
 - name: "include tasks nginx-docker-proxy-domain.yml"
  include_tasks: nginx-docker-proxy-domain.yml
- name: "include tasks update-repository-with-docker-compose.yml"
+- name: "include tasks update-repository-with-files.yml"
-  include_tasks: update-repository-with-docker-compose.yml
+  include_tasks: update-repository-with-files.yml
  vars:
    detached_files: 
      - "docker-compose.yml"
- name: configure run.env
+- name: "create {{docker_compose.files.env}}"
-  template: src=run.env.j2 dest={{docker_compose.directories.instance}}/env/run.env
+  template: 
    src:  "env.j2" 
    dest: "{{docker_compose.files.env}}"
    mode: '770'
    force: yes
  notify: docker compose project setup
--- a/roles/docker-akaunting/templates/docker-compose.yml.j2
+++ b/roles/docker-akaunting/templates/docker-compose.yml.j2
@ -3,6 +3,9 @@ services:
 {% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
  application:
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    image: docker.io/akaunting/akaunting:{{applications.akaunting.version}}
    build:
      context: .
@ -10,9 +13,6 @@ services:
      - 127.0.0.1:{{http_port}}:80
    volumes:
      - data:/var/www/html
    restart: {{docker_restart_policy}}
    env_file:
      - env/run.env
    environment:
      - AKAUNTING_SETUP
 {% include 'templates/docker/container/networks.yml.j2' %}
--- a/roles/docker-akaunting/templates/run.env.j2
+++ b/roles/docker-akaunting/templates/run.env.j2
--- a/roles/docker-attendize/tasks/main.yml
+++ b/roles/docker-attendize/tasks/main.yml
@ -17,5 +17,8 @@
    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
  notify: restart nginx
- name: "include tasks update-repository-with-docker-compose.yml"
+- name: "include tasks update-repository-with-files.yml"
-  include_tasks: update-repository-with-docker-compose.yml
+  include_tasks: update-repository-with-files.yml
  vars:
    detached_files: 
      - "docker-compose.yml"
--- a/roles/docker-baserow/tasks/main.yml
+++ b/roles/docker-baserow/tasks/main.yml
@ -6,14 +6,16 @@
 - name: "include tasks nginx-docker-proxy-domain.yml"
  include_tasks: nginx-docker-proxy-domain.yml
- name: add docker-compose.yml
+- name: "create {{docker_compose.files.docker_compose}}"
-  template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
+  template:
    src:	"docker-compose.yml.j2"
    dest:	"{{docker_compose.files.docker_compose}}"
  notify: docker compose project setup
- name: add env
+- name: "create {{docker_compose.files.env}}"
  template: 
-    src: env.j2 
+    src:  "env.j2" 
-    dest: "{{docker_compose.directories.instance}}env"
+    dest: "{{docker_compose.files.env}}"
    mode: '770'
    force: yes
  notify: docker compose project setup
--- a/roles/docker-baserow/templates/docker-compose.yml.j2
+++ b/roles/docker-baserow/templates/docker-compose.yml.j2
@ -5,13 +5,9 @@ services:
 {% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
  application:
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    image: "baserow/baserow:{{applications.baserow.version}}"
    container_name: baserow-application
    restart: {{docker_restart_policy}}
    logging:
      driver: journald
    env_file:
      - ./env
    volumes:
      - data:/baserow/data
    ports:
--- a/roles/docker-central-database/templates/services/mariadb.yml.j2
+++ b/roles/docker-central-database/templates/services/mariadb.yml.j2
@ -7,12 +7,12 @@
    image: mariadb
    restart: {{docker_restart_policy}}
    env_file:
-      - mein_env_file.env
+      - {{database_env}}
    command: "--transaction-isolation=READ-COMMITTED --binlog-format=ROW"
    volumes:
      - database:/var/lib/mysql
    healthcheck:
-      test: "/usr/bin/mariadb --user={{database_username}} --password={{database_password}} --execute \"SHOW DATABASES;\""
+      test: [ "CMD", "sh", "-c", "/usr/bin/mariadb --user=$$MYSQL_USER --password=$$MYSQL_PASSWORD --execute 'SHOW DATABASES;'" ]
      interval: 3s
      timeout: 1s
      retries: 5
--- a/roles/docker-compose/templates/services/base.yml.j2
+++ b/roles/docker-compose/templates/services/base.yml.j2
@ -0,0 +1,8 @@
 # Base for docker services
    restart: {{docker_restart_policy}}
    env_file:
      - "{{docker_compose.files.env}}"
    logging:
      driver: journald
 {{ "\n" }}
--- a/roles/docker-compose/vars/docker-compose.yml
+++ b/roles/docker-compose/vars/docker-compose.yml
@ -4,7 +4,11 @@ _docker_compose_directories_instance: "{{ path_docker_compose_instances }}{{ app
 # @See https://chatgpt.com/share/67a23d18-fb54-800f-983c-d6d00752b0b4
 docker_compose: 
  directories:
-    instance: "{{_docker_compose_directories_instance}}"          # Folder for docker-compose.yml file
+    instance:       "{{_docker_compose_directories_instance}}"                    # Folder for docker-compose.yml file
-    env:      "{{_docker_compose_directories_instance}}/.env/"     # Folder for env files
+    env:            "{{_docker_compose_directories_instance}}.env/"               # Folder for env files
-    services: "{{_docker_compose_directories_instance}}/services/" # Folder for services
+    services:       "{{_docker_compose_directories_instance}}services/"           # Folder for services
-    volumes:  "{{_docker_compose_directories_instance}}/volumes/"  # Folder for volumes
+    volumes:        "{{_docker_compose_directories_instance}}volumes/"            # Folder for volumes
    config:         "{{_docker_compose_directories_instance}}config/"             # Folder for configuration files
  files:
    env:            "{{_docker_compose_directories_instance}}.env/env"            # General env file
    docker_compose: "{{_docker_compose_directories_instance}}docker-compose.yml"  # Docker Compose file
--- a/roles/docker-discourse/tasks/main.yml
+++ b/roles/docker-discourse/tasks/main.yml
@ -43,10 +43,10 @@
    mode: '700'
    state: directory
- name: "copy configuration to {{discourse_repository_directory}}containers/discourse_application.yml"
+- name: "copy configuration to {{discourse_application_yml_destination}}"
  template: 
    src: discourse_application.yml.j2
-    dest: "{{discourse_repository_directory}}containers/discourse_application.yml"
+    dest: "{{discourse_application_yml_destination}}"
  notify: recreate discourse
 - name: "destroy container discourse_application"
--- a/roles/docker-discourse/vars/main.yml
+++ b/roles/docker-discourse/vars/main.yml
@ -1,5 +1,6 @@
-application_id:                   "discourse"
+application_id:                         "discourse"
-discourse_application_container:  "discourse_application"
+discourse_application_container:        "discourse_application"
-database_password:                "{{ baserow_database_password }}"
+database_password:                      "{{ discourse_database_password }}"
-database_type:                    "postgres"
+database_type:                          "postgres"
-discourse_repository_directory:   "{{ path_docker_compose_instances + application_id + '/repository/' }}"
+discourse_repository_directory:         "{{docker_compose.directories.services}}repository/"
 discourse_application_yml_destination:  "{{discourse_repository_directory}}containers/discourse_application.yml"
--- a/roles/docker-friendica/tasks/main.yml
+++ b/roles/docker-friendica/tasks/main.yml
@ -6,6 +6,16 @@
 - name: "include tasks nginx-docker-proxy-domain.yml"
  include_tasks: nginx-docker-proxy-domain.yml
- name: add docker-compose.yml
+- name: "create {{docker_compose.files.docker_compose}}"
-  template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
+  template:
    src:	"docker-compose.yml.j2"
    dest:	"{{docker_compose.files.docker_compose}}"
  notify: docker compose project setup
 - name: "create {{docker_compose.files.env}}"
  template: 
    src:  "env.j2" 
    dest: "{{docker_compose.files.env}}"
    mode: '770'
    force: yes
  notify: docker compose project setup
--- a/roles/docker-friendica/templates/docker-compose.yml.j2
+++ b/roles/docker-friendica/templates/docker-compose.yml.j2
@ -4,7 +4,7 @@ services:
  application:
    image: "friendica:{{applications.friendica.version}}"
-    restart: {{docker_restart_policy}}
+    {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    volumes:
      - data:/var/www/html
    ports:
@ -25,36 +25,6 @@ services:
      interval: 1m
      timeout: 10s
      retries: 3
    environment:
      FRIENDICA_URL: https://{{domain}}
      HOSTNAME: {{domain}}
      FRIENDICA_NO_VALIDATION: false
      # Debugging
      FRIENDICA_DEBUGGING: false
      FRIENDICA_LOGLEVEL: 5
      FRIENDICA_LOGGER: stream
      FRIENDICA_LOGFILE: php://stdout
      # Database Configuration 
      MYSQL_HOST:     "{{database_host}}:{{database_port}}"
      MYSQL_DATABASE: {{database_name}}
      MYSQL_USER:     {{database_username}}
      MYSQL_PASSWORD: {{database_password}}
      # Email Configuration
      SMTP:           {{system_email.host}}
      SMTP_DOMAIN:    {{system_email.domain}}
      SMTP_PORT:      {{system_email.smtp_port}}
      SMTP_AUTH_USER: {{system_email.username}}
      SMTP_AUTH_PASS: {{system_email.password}}
      SMTP_TLS:       {{ 'on' if system_email.tls else 'off' }}
      SMTP_STARTTLS:  {{ 'on' if system_email.start_tls else 'off' }}
      SMTP_FROM:      {{system_email.local}}
      # Administrator Credentials
      FRIENDICA_ADMIN_MAIL: {{administrator_email}}
      MAILNAME: {{administrator_email}}
 {% include 'templates/docker/container/networks.yml.j2' %}
 {% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
--- a/roles/docker-friendica/templates/env.j2
+++ b/roles/docker-friendica/templates/env.j2
@ -0,0 +1,29 @@
 FRIENDICA_URL= https://{{domain}}
 HOSTNAME= {{domain}}
 FRIENDICA_NO_VALIDATION= false
 # Debugging
 FRIENDICA_DEBUGGING= false
 FRIENDICA_LOGLEVEL= 5
 FRIENDICA_LOGGER= stream
 FRIENDICA_LOGFILE= php=//stdout
 # Database Configuration 
 MYSQL_HOST=     "{{database_host}}:{{database_port}}"
 MYSQL_DATABASE= {{database_name}}
 MYSQL_USER=     {{database_username}}
 MYSQL_PASSWORD= {{database_password}}
 # Email Configuration
 SMTP=           {{system_email.host}}
 SMTP_DOMAIN=    {{system_email.domain}}
 SMTP_PORT=      {{system_email.smtp_port}}
 SMTP_AUTH_USER= {{system_email.username}}
 SMTP_AUTH_PASS= {{system_email.password}}
 SMTP_TLS=       {{ 'on' if system_email.tls else 'off' }}
 SMTP_STARTTLS=  {{ 'on' if system_email.start_tls else 'off' }}
 SMTP_FROM=      {{system_email.local}}
 # Administrator Credentials
 FRIENDICA_ADMIN_MAIL= {{administrator_email}}
 MAILNAME= {{administrator_email}}
--- a/roles/docker-funkwhale/tasks/main.yml
+++ b/roles/docker-funkwhale/tasks/main.yml
@ -7,14 +7,18 @@
  include_tasks: nginx-docker-proxy-domain.yml
- name: add docker-compose.yml
+- name: "create {{docker_compose.files.docker_compose}}"
-  template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
+  template:
    src:	"docker-compose.yml.j2"
    dest:	"{{docker_compose.files.docker_compose}}"
  notify: docker compose project setup
- name: add .env
+- name: "create {{docker_compose.files.env}}"
  template: 
-    src: env.j2 
+    src:  "env.j2" 
-    dest: "{{docker_compose.directories.instance}}.env"
+    dest: "{{docker_compose.files.env}}"
    mode: '770'
    force: yes
-  notify: docker compose project setup
+  notify: docker compose project setup
--- a/roles/docker-funkwhale/templates/docker-compose.yml.j2
+++ b/roles/docker-funkwhale/templates/docker-compose.yml.j2
@ -13,9 +13,8 @@ services:
    # of CPUs. You can adjust this, by explicitly setting the --concurrency
    # flag:
    #   celery -A funkwhale_api.taskapp worker -l INFO --concurrency=4
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    image: funkwhale/api:${FUNKWHALE_VERSION}
    env_file: .env
    command: celery -A funkwhale_api.taskapp worker -l INFO --concurrency=${CELERYD_CONCURRENCY-0}
    environment:
      - C_FORCE_ROOT=true
@ -26,17 +25,15 @@ services:
 {% include 'templates/docker/container/networks.yml.j2' %}
  celerybeat:
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    image: funkwhale/api:${FUNKWHALE_VERSION}
    env_file: .env
    command: celery -A funkwhale_api.taskapp beat --pidfile= -l INFO
 {% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
 {% include 'templates/docker/container/networks.yml.j2' %}
  api:
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    image: funkwhale/api:${FUNKWHALE_VERSION}
    env_file: .env
    volumes:
      - "music:${MUSIC_DIRECTORY_PATH}:ro"
      - "data:${MEDIA_ROOT}"
@ -47,12 +44,10 @@ services:
 {% include 'templates/docker/container/networks.yml.j2' %}
  front:
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    image: funkwhale/front:${FUNKWHALE_VERSION}
    depends_on:
      - api
    env_file:
      - .env
    environment:
      # Override those variables in your .env file if needed
      - "NGINX_MAX_BODY_SIZE=${NGINX_MAX_BODY_SIZE-100M}"
@ -65,9 +60,7 @@ services:
 {% include 'templates/docker/container/networks.yml.j2' %}
  typesense:
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    env_file:
      - .env
    image: typesense/typesense:0.24.0
    volumes:
      - ./typesense/data:/data
--- a/roles/docker-gitea/tasks/main.yml
+++ b/roles/docker-gitea/tasks/main.yml
@ -6,6 +6,16 @@
 - name: "include tasks nginx-docker-proxy-domain.yml"
  include_tasks: nginx-docker-proxy-domain.yml
- name: add docker-compose.yml
+- name: "create {{docker_compose.files.docker_compose}}"
-  template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
+  template:
    src:	"docker-compose.yml.j2"
    dest:	"{{docker_compose.files.docker_compose}}"
  notify: docker compose project setup
 - name: "create {{docker_compose.files.env}}"
  template: 
    src:  "env.j2" 
    dest: "{{docker_compose.files.env}}"
    mode: '770'
    force: yes
  notify: docker compose project setup
--- a/roles/docker-gitea/templates/docker-compose.yml.j2
+++ b/roles/docker-gitea/templates/docker-compose.yml.j2
@ -3,24 +3,8 @@ services:
 {% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
  application:
-    logging:
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
      driver: journald
    restart: {{docker_restart_policy}}
    image: "gitea/gitea:{{applications.gitea.version}}"
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - DB_TYPE=mysql
      - DB_HOST={{database_host}}:{{database_port}}
      - DB_NAME={{database_name}}
      - DB_USER={{database_username}}
      - DB_PASSWD={{database_password}}
      - SSH_PORT={{ports.public.ssh_ports[application_id]}}
      - SSH_LISTEN_PORT=22
      - DOMAIN={{domain}}
      - SSH_DOMAIN={{domain}}
      - RUN_MODE="{{run_mode}}"
      - ROOT_URL="https://{{domain}}/"
    ports:
      - "127.0.0.1:{{http_port}}:3000"
      - "{{ports.public.ssh_ports[application_id]}}:22"
--- a/roles/docker-gitea/templates/env.j2
+++ b/roles/docker-gitea/templates/env.j2
@ -0,0 +1,13 @@
 USER_UID=1000
 USER_GID=1000
 DB_TYPE=mysql
 DB_HOST={{database_host}}:{{database_port}}
 DB_NAME={{database_name}}
 DB_USER={{database_username}}
 DB_PASSWD={{database_password}}
 SSH_PORT={{ports.public.ssh_ports[application_id]}}
 SSH_LISTEN_PORT=22
 DOMAIN={{domain}}
 SSH_DOMAIN={{domain}}
 RUN_MODE="{{run_mode}}"
 ROOT_URL="https://{{domain}}/"
--- a/roles/docker-gitlab/tasks/main.yml
+++ b/roles/docker-gitlab/tasks/main.yml
@ -6,6 +6,16 @@
 - name: "include tasks nginx-docker-proxy-domain.yml"
  include_tasks: nginx-docker-proxy-domain.yml
- name: add docker-compose.yml
+- name: "create {{docker_compose.files.docker_compose}}"
-  template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
+  template:
    src:	"docker-compose.yml.j2"
    dest:	"{{docker_compose.files.docker_compose}}"
  notify: docker compose project setup
 - name: "create {{docker_compose.files.env}}"
  template: 
    src:  "env.j2" 
    dest: "{{docker_compose.files.env}}"
    mode: '770'
    force: yes
  notify: docker compose project setup
--- a/roles/docker-gitlab/templates/docker-compose.yml.j2
+++ b/roles/docker-gitlab/templates/docker-compose.yml.j2
@ -6,28 +6,8 @@ services:
  web:
    image: "gitlab/gitlab-ee:{{applications.gitlab.version}}"
    restart: {{docker_restart_policy}}
    hostname: '{{domain}}'
-    environment:
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'https://{{domain}}'
        postgresql['enable']                  = false
        gitlab_rails['gitlab_shell_ssh_port'] = {{ports.public.ssh_ports[application_id]}}
        gitlab_rails['db_adapter']            = 'postgresql'
        gitlab_rails['db_encoding']           = 'utf8'
        gitlab_rails['db_host']               = '{{database_host}}'
        gitlab_rails['db_port']               = '{{database_port}}''
        gitlab_rails['db_username']           = '{{database_username}}'
        gitlab_rails['db_password']           = '{{database_password}}'
        gitlab_rails['db_database']           = "{{database_name}}"
        nginx['listen_port']                  = 80
        nginx['listen_https']                 = false
        gitlab_rails['initial_root_password'] = "{{gitlab_initial_root_password}}"
        redis['enable']                       = false
        gitlab_rails['redis_host']            = 'redis'
        gitlab_rails['redis_port']            = '6379'
    ports:
      - "127.0.0.1:{{http_port}}:80"
      - "{{ports.public.ssh_ports[application_id]}}:22"
--- a/roles/docker-gitlab/templates/env.j2
+++ b/roles/docker-gitlab/templates/env.j2
@ -0,0 +1,22 @@
 {# env.j2 #}
 {% set config_lines = [
  "external_url 'https://{{ domain }}'",
  "postgresql['enable']=false",
  "gitlab_rails['gitlab_shell_ssh_port']={{ ports.public.ssh_ports[application_id] }}",
  "gitlab_rails['db_adapter']='postgresql'",
  "gitlab_rails['db_encoding']='utf8'",
  "gitlab_rails['db_host']='{{ database_host }}'",
  "gitlab_rails['db_port']='{{ database_port }}'",
  "gitlab_rails['db_username']='{{ database_username }}'",
  "gitlab_rails['db_password']='{{ database_password }}'",
  "gitlab_rails['db_database']=\"{{ database_name }}\"",
  "nginx['listen_port']=80",
  "nginx['listen_https']=false",
  "",
  "gitlab_rails['initial_root_password']=\"{{ gitlab_initial_root_password }}\"",
  "",
  "redis['enable']=false",
  "gitlab_rails['redis_host']='redis'",
  "gitlab_rails['redis_port']='6379'"
 ] %}
 GITLAB_OMNIBUS_CONFIG="{{ config_lines | join('\\n') }}"
--- a/roles/docker-joomla/tasks/main.yml
+++ b/roles/docker-joomla/tasks/main.yml
@ -9,6 +9,16 @@
  loop_control:
    loop_var: domain
- name: add docker-compose.yml
+- name: "create {{docker_compose.files.docker_compose}}"
-  template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
+  template:
    src:	"docker-compose.yml.j2"
    dest:	"{{docker_compose.files.docker_compose}}"
  notify: docker compose project setup
 - name: "create {{docker_compose.files.env}}"
  template: 
    src:  "env.j2" 
    dest: "{{docker_compose.files.env}}"
    mode: '770'
    force: yes
  notify: docker compose project setup
--- a/roles/docker-joomla/templates/docker-compose.yml.j2
+++ b/roles/docker-joomla/templates/docker-compose.yml.j2
@ -4,14 +4,7 @@ services:
  application:
    image: "joomla:{{applications.joomla.version}}"
-    logging:
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
      driver: journald
    environment:
      JOOMLA_DB_HOST: "{{database_host}}:{{database_port}}"
      JOOMLA_DB_USER: "{{database_username}}"
      JOOMLA_DB_PASSWORD: "{{database_password}}"
      JOOMLA_DB_NAME: "{{database_name}}"
    restart: {{docker_restart_policy}}
    volumes:
      - data:/var/www/html
    ports:
--- a/roles/docker-joomla/templates/env.j2
+++ b/roles/docker-joomla/templates/env.j2
@ -0,0 +1,4 @@
 JOOMLA_DB_HOST="{{database_host}}:{{database_port}}"
 JOOMLA_DB_USER="{{database_username}}"
 JOOMLA_DB_PASSWORD="{{database_password}}"
 JOOMLA_DB_NAME="{{database_name}}"
--- a/roles/docker-keycloak/tasks/main.yml
+++ b/roles/docker-keycloak/tasks/main.yml
@ -6,6 +6,16 @@
 - name: "include tasks nginx-docker-proxy-domain.yml"
  include_tasks: nginx-docker-proxy-domain.yml
- name: add docker-compose.yml
+- name: "create {{docker_compose.files.docker_compose}}"
-  template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
+  template:
    src:	"docker-compose.yml.j2"
    dest:	"{{docker_compose.files.docker_compose}}"
  notify: docker compose project setup
 - name: "create {{docker_compose.files.env}}"
  template: 
    src:  "env.j2" 
    dest: "{{docker_compose.files.env}}"
    mode: '770'
    force: yes
  notify: docker compose project setup
--- a/roles/docker-keycloak/templates/docker-compose.yml.j2
+++ b/roles/docker-keycloak/templates/docker-compose.yml.j2
@ -5,16 +5,7 @@ services:
  application:
    image: quay.io/keycloak/keycloak:{{applications.keycloak.version}}
    command: start
-    environment:
+    {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
      KC_HOSTNAME:                    https://{{domain}}
      KC_HTTP_ENABLED:                true
      KC_HEALTH_ENABLED:              true
      KEYCLOAK_ADMIN:                 "{{applications.keycloak.administrator_username}}"
      KEYCLOAK_ADMIN_PASSWORD:        "{{keycloak_administrator_password}}"
      KC_DB:                          postgres
      KC_DB_URL:                      jdbc:postgresql://{{database_host}}/{{database_name}}
      KC_DB_USERNAME:                 {{database_username}}
      KC_DB_PASSWORD:                 {{database_password}}
    ports:
      - "127.0.0.1:{{http_port}}:8080"
    restart: {{docker_restart_policy}}
--- a/roles/docker-keycloak/templates/env.j2
+++ b/roles/docker-keycloak/templates/env.j2
@ -0,0 +1,9 @@
 KC_HOSTNAME=                    https://{{domain}}
 KC_HTTP_ENABLED=                true
 KC_HEALTH_ENABLED=              true
 KEYCLOAK_ADMIN=                 "{{applications.keycloak.administrator_username}}"
 KEYCLOAK_ADMIN_PASSWORD=        "{{keycloak_administrator_password}}"
 KC_DB=                          postgres
 KC_DB_URL=                      jdbc:postgresql://{{database_host}}/{{database_name}}
 KC_DB_USERNAME=                 {{database_username}}
 KC_DB_PASSWORD=                 {{database_password}}
--- a/roles/docker-ldap/tasks/main.yml
+++ b/roles/docker-ldap/tasks/main.yml
@ -19,14 +19,32 @@
    state: absent
  when: not applications.ldap.openldap.expose_to_internet | bool
- name: "create {{docker_compose.directories.instance}}"
+- name: "create {{docker_compose.files.docker_compose}}"
-  file:
+  template:
-    path: "{{docker_compose.directories.instance}}"
+    src:	"docker-compose.yml.j2"
-    state: directory
+    dest:	"{{docker_compose.files.docker_compose}}"
-    mode: 0755
+  notify: docker compose project setup
- name: add docker-compose.yml
+- name: "create {{docker_compose.files.env}}"
  template: 
-    src:  "docker-compose.yml.j2" 
+    src:  "env.j2" 
-    dest: "{{docker_compose.directories.instance}}docker-compose.yml"
+    dest: "{{docker_compose.files.env}}"
    mode: '770'
    force: yes
  notify: docker compose project setup
 - name: "create {{docker_compose.directories.env}}phpldapadmin.env"
  template: 
    src:  "phpldapadmin.env.j2" 
    dest: "{{docker_compose.directories.env}}phpldapadmin.env"
    mode: '770'
    force: yes
  notify: docker compose project setup
 - name: "create {{docker_compose.directories.env}}lam.env"
  template: 
    src:  "lam.env.j2" 
    dest: "{{docker_compose.directories.env}}lam.env"
    mode: '770'
    force: yes
  notify: docker compose project setup
--- a/roles/docker-ldap/templates/docker-compose.yml.j2
+++ b/roles/docker-ldap/templates/docker-compose.yml.j2
@ -11,64 +11,23 @@ services:
    image: ghcr.io/ldapaccountmanager/lam:{{applications.ldap.lam.version}}      # Dies ist das Docker-Image für LAM
    ports:
      - 127.0.0.1:{{http_port}}:80 
-    environment:                                                    # See all variables here: https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env  
+    env_file:
-      
+      - "{{docker_compose.directories.env}}lam.env"
      # Basic Configuration   
      LAM_PASSWORD:       {{applications.ldap.lam.administrator_password}}       # LAM configuration master password and password for server profile "lam
      # Database
      LAM_CONFIGURATION_DATABASE: files                              # configuration database (files or mysql) @todo implement mariadb
      # LDAP Configuration
      LDAP_SERVER:         ldap://openldap:389                       # LDAP server URL
      LDAP_DOMAIN:         {{domain}}                                # domain of LDAP database root entry, will be converted to dc=...,dc=...
      LDAP_BASE_DN:        {{ldap_root}}                             # LDAP base DN to overwrite value generated by LDAP_DOMAIN
      LDAP_USER:           {{ldap_admin_dn}}                         # LDAP admin user (set as login user for LAM)
      LDAP_ADMIN_PASSWORD: {{applications.ldap.administrator_database_password}}  # LDAP admin password
 {% elif applications.ldap.webinterface == 'phpldapadmin' %}
    image: leenooks/phpldapadmin:{{applications.ldap.phpldapadmin.version}}
    ports:
      - 127.0.0.1:{{http_port}}:8080
-    environment:
+    env_file:
-      # @See https://github.com/leenooks/phpLDAPadmin/wiki/Docker-Container
+      - "{{docker_compose.directories.env}}phpldapadmin.env"
      APP_URL:    https://{{domain}}
      LDAP_HOST:  openldap
 {% endif %}
  openldap:
    image: bitnami/openldap:{{applications.ldap.openldap.version}}
    container_name: openldap
-    logging:
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
      driver: journald
    restart: {{docker_restart_policy}}
    ports:
      - 127.0.0.1:{{ldap_localhost_port}}:{{ldap_localhost_port}}               # Expose just on localhost so that nginx stream proxy can use it
      - 127.0.0.1:{{ldap_secure_localhost_port}}:{{ldap_secure_localhost_port}} # Expose just on localhost
    environment:
      # @See https://hub.docker.com/r/bitnami/openldap
      # GENERAL
      ## Database
      LDAP_ADMIN_USERNAME:        {{applications.ldap.administrator_username}}          # LDAP database admin user.
      LDAP_ADMIN_PASSWORD:        {{applications.ldap.administrator_database_password}} # LDAP database admin password.
      ## Users
      LDAP_USERS:                 ' '                             # Comma separated list of LDAP users to create in the default LDAP tree. Default: user01,user02
      LDAP_PASSWORDS:             ' '                             # Comma separated list of passwords to use for LDAP users. Default: bitnami1,bitnami2
      LDAP_ROOT:                  {{ldap_root}}                   # LDAP baseDN (or suffix) of the LDAP tree. Default: dc=example,dc=org
      ## Admin
      LDAP_ADMIN_DN:              {{ldap_admin_dn}}               # Not well documented. Don't know if this has an effect
      LDAP_CONFIG_ADMIN_ENABLED:  yes
      LDAP_CONFIG_ADMIN_USERNAME: {{applications.ldap.administrator_username}}
      LDAP_CONFIG_ADMIN_PASSWORD: {{applications.ldap.administrator_password}}
      # Network
      LDAP_PORT_NUMBER:           {{ldap_localhost_port}}         # Route to default port
      LDAP_ENABLE_TLS:            no                              # Using nginx proxy for tls
      LDAP_LDAPS_PORT_NUMBER:     {{ldap_secure_localhost_port}}  # Port used for TLS secure traffic. Priviledged port is supported (e.g. 636). Default: 1636 (non privileged port).
      # Security
      LDAP_ALLOW_ANON_BINDING:    no                              # Allow anonymous bindings to the LDAP server. Default: yes.
    volumes:
      - 'data:/bitnami/openldap'
    healthcheck:
--- a/roles/docker-ldap/templates/env.j2
+++ b/roles/docker-ldap/templates/env.j2
@ -0,0 +1,26 @@
 # @See https://hub.docker.com/r/bitnami/openldap
 # GENERAL
 ## Database
 LDAP_ADMIN_USERNAME=        {{applications.ldap.administrator_username}}          # LDAP database admin user.
 LDAP_ADMIN_PASSWORD=        {{applications.ldap.administrator_database_password}} # LDAP database admin password.
 ## Users
 LDAP_USERS=                 ' '                             # Comma separated list of LDAP users to create in the default LDAP tree. Default: user01,user02
 LDAP_PASSWORDS=             ' '                             # Comma separated list of passwords to use for LDAP users. Default: bitnami1,bitnami2
 LDAP_ROOT=                  {{ldap_root}}                   # LDAP baseDN (or suffix) of the LDAP tree. Default: dc=example,dc=org
 ## Admin
 LDAP_ADMIN_DN=              {{ldap_admin_dn}}               # Not well documented. Don't know if this has an effect
 LDAP_CONFIG_ADMIN_ENABLED=  yes
 LDAP_CONFIG_ADMIN_USERNAME= {{applications.ldap.administrator_username}}
 LDAP_CONFIG_ADMIN_PASSWORD= {{applications.ldap.administrator_password}}
 # Network
 LDAP_PORT_NUMBER=           {{ldap_localhost_port}}         # Route to default port
 LDAP_ENABLE_TLS=            no                              # Using nginx proxy for tls
 LDAP_LDAPS_PORT_NUMBER=     {{ldap_secure_localhost_port}}  # Port used for TLS secure traffic. Priviledged port is supported (e.g. 636). Default: 1636 (non privileged port).
 # Security
 LDAP_ALLOW_ANON_BINDING=    no                              # Allow anonymous bindings to the LDAP server. Default: yes.
--- a/roles/docker-ldap/templates/lam.env.j2
+++ b/roles/docker-ldap/templates/lam.env.j2
@ -0,0 +1,13 @@
 # See all variables here: https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env  
 # Basic Configuration   
 LAM_PASSWORD=               {{applications.ldap.lam.administrator_password}}        # LAM configuration master password and password for server profile "lam
 # Database
 LAM_CONFIGURATION_DATABASE= files                                                   # configuration database (files or mysql) @todo implement mariadb
 # LDAP Configuration
 LDAP_SERVER=                {{domain}}                                              # domain of LDAP database root entry, will be converted to dc=...,dc=...
 LDAP_BASE_DN=               {{ldap_root}}                                           # LDAP base DN to overwrite value generated by LDAP_DOMAIN
 LDAP_USER=                  {{ldap_admin_dn}}                                       # LDAP admin user (set as login user for LAM)
 LDAP_ADMIN_PASSWORD=        {{applications.ldap.administrator_database_password}}   # LDAP admin password
--- a/roles/docker-ldap/templates/phpldapadmin.env.j2
+++ b/roles/docker-ldap/templates/phpldapadmin.env.j2
@ -0,0 +1,3 @@
 # @See https://github.com/leenooks/phpLDAPadmin/wiki/Docker-Container
 APP_URL=    https://{{domain}}
 LDAP_HOST=  openldap
--- a/roles/docker-listmonk/tasks/main.yml
+++ b/roles/docker-listmonk/tasks/main.yml
@ -15,16 +15,24 @@
 - name: "include tasks nginx-docker-proxy-domain.yml"
  include_tasks: nginx-docker-proxy-domain.yml
- name: add docker-compose.yml
+- name: "create {{docker_compose.files.docker_compose}}"
  template:
    src:	"docker-compose.yml.j2"
    dest:	"{{docker_compose.files.docker_compose}}"
  notify: docker compose project setup
 - name: "create {{docker_compose.files.env}}"
  template: 
-    src:  "docker-compose.yml.j2" 
+    src:  "env.j2" 
-    dest: "{{docker_compose.directories.instance}}docker-compose.yml"
+    dest: "{{docker_compose.files.env}}"
    mode: '770'
    force: yes
  notify: docker compose project setup
 - name: add config.toml
  template: 
    src:  "config.toml.j2" 
-    dest: "{{docker_compose.directories.instance}}config.toml"
+    dest: "{{docker_compose.directories.config}}config.toml"
  notify: docker compose project setup
 - name: flush docker service
--- a/roles/docker-listmonk/templates/docker-compose.yml.j2
+++ b/roles/docker-listmonk/templates/docker-compose.yml.j2
@ -3,14 +3,12 @@ services:
 {% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
  application:
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    image: listmonk/listmonk:{{applications.listmonk.version}}
    ports:
      - "127.0.0.1:{{http_port}}:9000"
    environment:
      - TZ=Etc/UTC
    volumes:
-      - ./config.toml:/listmonk/config.toml
+      - {{docker_compose.directories.config}}config.toml:/listmonk/config.toml
 {% include 'templates/docker/container/networks.yml.j2' %}
 {% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
--- a/roles/docker-listmonk/templates/env.j2
+++ b/roles/docker-listmonk/templates/env.j2
@ -0,0 +1 @@
 TZ=Etc/UTC
--- a/roles/docker-mailu/README.md
+++ b/roles/docker-mailu/README.md
@ -41,14 +41,6 @@ If you need to receive emails from another account, follow these steps:
 2. Export all data from your original account.
 3. Import all data to your new account.
 ### Data Deletion
 To delete all volumes and data, execute the following command with caution:
 ```bash
 rm -vr /etc/mailu/; docker volume rm $(docker volume ls -q | grep mailu_)
 ```
 ### Port Management
 Check for any port conflicts and manually change the conflicting ports if necessary. Use the following command to verify:
--- a/roles/docker-mailu/tasks/main.yml
+++ b/roles/docker-mailu/tasks/main.yml
@ -8,32 +8,22 @@
  vars:
    nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size 31M;"
 - name: "create {{docker_compose.directories.instance}}"
  file:
    path: "{{docker_compose.directories.instance}}"
    state: directory
    mode: 0755
 - name: "create /etc/mailu/"
  file:
    path: "/etc/mailu"
    state: directory
    mode: 0755
 - name: "Include the nginx-docker-cert-deploy role"
  include_role:
    name: nginx-docker-cert-deploy
- name: add docker-compose.yml
+- name: "create {{docker_compose.files.docker_compose}}"
-  template: 
+  template:
-    src:  "docker-compose.yml.j2" 
+    src:	"docker-compose.yml.j2"
-    dest: "{{docker_compose.directories.instance}}docker-compose.yml"
+    dest:	"{{docker_compose.files.docker_compose}}"
  notify: docker compose project setup
- name: add .env
+- name: "create {{docker_compose.files.env}}"
  template: 
    src:  "env.j2" 
-    dest: "{{docker_compose.directories.instance}}.env"
+    dest: "{{docker_compose.files.env}}"
    mode: '770'
    force: yes
  notify: docker compose project setup
 - name: flush docker service
--- a/roles/docker-mailu/templates/docker-compose.yml.j2
+++ b/roles/docker-mailu/templates/docker-compose.yml.j2
@ -7,19 +7,13 @@ services:
  # Core services
  resolver:
    image: ghcr.io/mailu/unbound:{{applications.mailu.version}}
-    env_file: .env
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    restart: {{docker_restart_policy}}
 {% include 'templates/docker/container/networks.yml.j2' %}
        ipv4_address: {{networks.local.mailu.dns}}
    logging:
      driver: journald
  front:
    image: ghcr.io/mailu/nginx:{{applications.mailu.version}}
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    env_file: .env
    logging:
      driver: journald
    ports:
      - "127.0.0.1:{{ http_port }}:80"
      - "{{networks.internet.ip4}}:25:25"
@ -31,7 +25,7 @@ services:
      - "{{networks.internet.ip4}}:993:993"
      - "{{networks.internet.ip4}}:4190:4190"
    volumes:
-      - "/etc/mailu/overrides/nginx:/overrides:ro"
+      - "{{docker_compose.directories.volumes}}overrides/nginx:/overrides:ro"
      - "{{cert_mount_directory}}:/certs:ro"
 {% include 'templates/docker/container/depends-on-also-database.yml.j2' %}
      resolver:
@ -44,8 +38,7 @@ services:
  admin:
    image: ghcr.io/mailu/admin:{{applications.mailu.version}}
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    env_file: .env
    volumes:
      - "admin_data:/data"
      - "dkim:/dkim"
@ -54,42 +47,34 @@ services:
        condition: service_started
      front:
        condition: service_started
    logging:
      driver: journald
    dns:
      - {{networks.local.mailu.dns}}
 {% include 'templates/docker/container/networks.yml.j2' %}
  imap:
    image: ghcr.io/mailu/dovecot:{{applications.mailu.version}}
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    env_file: .env
    volumes:
      - "dovecot_mail:/mail"
-      - "/etc/mailu/overrides:/overrides:ro"
+      - "{{docker_compose.directories.volumes}}overrides:/overrides:ro"
    depends_on:
      - front
      - resolver
    dns:
      - {{networks.local.mailu.dns}}
    logging:
      driver: journald
 {% include 'templates/docker/container/networks.yml.j2' %}
  smtp:
    image: ghcr.io/mailu/postfix:{{applications.mailu.version}}
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    env_file: .env
    volumes:
-      - "/etc/mailu/overrides:/overrides:ro"
+      - "{{docker_compose.directories.volumes}}overrides:/overrides:ro"
      - "smtp_queue:/queue"
    depends_on:
      - front
      - resolver
    dns:
      - {{networks.local.mailu.dns}}
    logging:
      driver: journald
 {% include 'templates/docker/container/networks.yml.j2' %}
  oletools:
@ -105,12 +90,11 @@ services:
  antispam:
    image: ghcr.io/mailu/rspamd:{{applications.mailu.version}}
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    env_file: .env
    volumes:
      - "filter:/var/lib/rspamd"
      - "dkim:/dkim"
-      - "/etc/mailu/overrides/rspamd:/overrides:ro"
+      - "{{docker_compose.directories.volumes}}overrides/rspamd:/overrides:ro"
    depends_on:
      - front
      - redis 
@ -118,8 +102,6 @@ services:
      - resolver
    dns:
      - {{networks.local.mailu.dns}}
    logging:
      driver: journald
 {% include 'templates/docker/container/networks.yml.j2' %}
      noinet:  
@ -127,26 +109,20 @@ services:
  # Optional services
  antivirus:
    image: clamav/clamav-debian:latest
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    env_file: .env
    volumes:
      - "filter:/data"
    depends_on:
      - resolver
    dns:
      - {{networks.local.mailu.dns}}
    logging:
      driver: journald
 {% include 'templates/docker/container/networks.yml.j2' %}
  webdav:
    image: ghcr.io/mailu/radicale:{{applications.mailu.version}}
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    env_file: .env
    volumes:
      - "webdav_data:/data"
    logging:
      driver: journald
    depends_on:
      - resolver
    dns:
@ -158,10 +134,7 @@ services:
    image: ghcr.io/mailu/fetchmail:{{applications.mailu.version}}
    volumes:
      - "admin_data:/data"
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    env_file: .env
    logging:
      driver: journald
    depends_on:
      - admin
      - smtp
@ -173,17 +146,14 @@ services:
  webmail:
    image: ghcr.io/mailu/webmail:{{applications.mailu.version}}
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    env_file: .env
    volumes:
      - "webmail_data:/data"
-      - "/etc/mailu/overrides:/overrides:ro"
+      - "{{docker_compose.directories.volumes}}overrides:/overrides:ro"
    depends_on:
      - imap
      - front
      - resolver
    logging:
      driver: journald
    dns:
      - {{networks.local.mailu.dns}}
 {% include 'templates/docker/container/networks.yml.j2' %}
--- a/roles/docker-mailu/vars/main.yml
+++ b/roles/docker-mailu/vars/main.yml
@ -1,5 +1,10 @@
 application_id:               "mailu"
 database_password:  	        "{{mailu_database_password}}"
 database_type:                "mariadb"
-cert_mount_directory:         "{{docker_compose.directories.instance}}/certs/"
+cert_mount_directory:         "{{docker_compose.directories.volumes}}certs/"
-enable_wildcard_certificate:  false
+enable_wildcard_certificate:  false
 # I don't know why this configuration is necessary.
 # Propabldy due to a database migration problem, or dificulties to configure an external db in mailu
 # @todo research
 enable_central_database:      "{{enable_central_database_mailu}}" 
--- a/roles/docker-mastodon/tasks/main.yml
+++ b/roles/docker-mastodon/tasks/main.yml
@ -9,14 +9,18 @@
  loop_control:
    loop_var: domain
- name: copy docker-compose.yml
+- name: "create {{docker_compose.files.docker_compose}}"
-  template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
+  template:
    src:	"docker-compose.yml.j2"
    dest:	"{{docker_compose.files.docker_compose}}"
  notify: docker compose project setup
- name: copy configuration
+- name: "create {{docker_compose.files.env}}"
  template: 
-    src: .env.production.j2 
+    src:  "env.j2" 
-    dest: "{{docker_compose.directories.instance}}.env.production"
+    dest: "{{docker_compose.files.env}}"
    mode: '770'
    force: yes
  notify: docker compose project setup
 - name: flush docker service
--- a/roles/docker-mastodon/templates/docker-compose.yml.j2
+++ b/roles/docker-mastodon/templates/docker-compose.yml.j2
@ -6,8 +6,7 @@ services:
  web:
    image: ghcr.io/mastodon/mastodon:{{applications.mastodon.version}}
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    env_file: .env.production
    command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
    healthcheck:
      test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
@ -16,36 +15,28 @@ services:
 {% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
    volumes:
      - data:/mastodon/public/system
    logging:
      driver: journald
 {% include 'templates/docker/container/networks.yml.j2' %}
  streaming:
    image: ghcr.io/mastodon/mastodon-streaming:{{applications.mastodon.version}}
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    env_file: .env.production
    command: node ./streaming
    healthcheck:
      test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
    ports:
      - "127.0.0.1:{{ports.localhost.web_socket[application_id]}}:4000"
 {% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
    logging:
      driver: journald
 {% include 'templates/docker/container/networks.yml.j2' %}
  sidekiq:
    image: ghcr.io/mastodon/mastodon:{{applications.mastodon.version}}
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    env_file: .env.production
    command: bundle exec sidekiq
 {% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
    volumes:
      - data:/mastodon/public/system
    healthcheck:
      test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
    logging:
      driver: journald
 {% include 'templates/docker/container/networks.yml.j2' %}
 {% include 'templates/docker/compose/volumes.yml.j2' %}
--- a/roles/docker-mastodon/templates/.env.production.j2
+++ b/roles/docker-mastodon/templates/.env.production.j2
--- a/roles/docker-matomo/tasks/main.yml
+++ b/roles/docker-matomo/tasks/main.yml
@ -6,8 +6,16 @@
 - name: "include tasks nginx-docker-proxy-domain.yml"
  include_tasks: nginx-docker-proxy-domain.yml
- name: add docker-compose.yml
+- name: "create {{docker_compose.files.docker_compose}}"
-  template: 
+  template:
-    src:  "docker-compose.yml.j2" 
+    src:	"docker-compose.yml.j2"
-    dest: "{{docker_compose.directories.instance}}docker-compose.yml"
+    dest:	"{{docker_compose.files.docker_compose}}"
  notify: docker compose project setup
 - name: "create {{docker_compose.files.env}}"
  template: 
    src:  "env.j2" 
    dest: "{{docker_compose.files.env}}"
    mode: '770'
    force: yes
  notify: docker compose project setup
--- a/roles/docker-matomo/templates/docker-compose.yml.j2
+++ b/roles/docker-matomo/templates/docker-compose.yml.j2
@ -3,18 +3,10 @@ services:
 {% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
  application:
-    logging:
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
      driver: journald
    image: matomo:{{applications.matomo.version}}
    restart: {{docker_restart_policy}}
    ports:
      - "127.0.0.1:{{http_port}}:80"
    environment:
      MATOMO_DATABASE_HOST:     "{{database_host}}:{{database_port}}"
      MATOMO_DATABASE_ADAPTER:  "mysql"
      MATOMO_DATABASE_USERNAME: "{{database_username}}"
      MATOMO_DATABASE_PASSWORD: "{{database_password}}"
      MATOMO_DATABASE_DBNAME:   "{{database_name}}"
    volumes:
      - data:/var/www/html
 {% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
--- a/roles/docker-matomo/templates/env.j2
+++ b/roles/docker-matomo/templates/env.j2
@ -0,0 +1,5 @@
 MATOMO_DATABASE_HOST=     "{{database_host}}:{{database_port}}"
 MATOMO_DATABASE_ADAPTER=  "mysql"
 MATOMO_DATABASE_USERNAME= "{{database_username}}"
 MATOMO_DATABASE_PASSWORD= "{{database_password}}"
 MATOMO_DATABASE_DBNAME=   "{{database_name}}"
--- a/roles/docker-moodle/tasks/main.yml
+++ b/roles/docker-moodle/tasks/main.yml
@ -6,8 +6,16 @@
 - name: "include tasks nginx-docker-proxy-domain.yml"
  include_tasks: nginx-docker-proxy-domain.yml
- name: add docker-compose.yml
+- name: "create {{docker_compose.files.docker_compose}}"
-  template: 
+  template:
-    src:  "docker-compose.yml.j2" 
+    src:	"docker-compose.yml.j2"
-    dest: "{{docker_compose.directories.instance}}docker-compose.yml"
+    dest:	"{{docker_compose.files.docker_compose}}"
  notify: docker compose project setup
 - name: "create {{docker_compose.files.env}}"
  template: 
    src:  "env.j2" 
    dest: "{{docker_compose.files.env}}"
    mode: '770'
    force: yes
  notify: docker compose project setup
--- a/roles/docker-moodle/templates/docker-compose.yml.j2
+++ b/roles/docker-moodle/templates/docker-compose.yml.j2
@ -5,27 +5,12 @@ services:
    image: docker.io/bitnami/moodle:{{applications.moodle.version}}
    ports:
      - 127.0.0.1:{{http_port}}:8080
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    logging:
      driver: journald
    environment:
      - MOODLE_DATABASE_HOST={{database_host}}
      - MOODLE_DATABASE_PORT_NUMBER={{database_port}}
      - MOODLE_DATABASE_USER={{database_username}}
      - MOODLE_DATABASE_NAME={{database_name}}
      - MOODLE_DATABASE_PASSWORD={{database_password}}
      - ALLOW_EMPTY_PASSWORD=no
      - MOODLE_SITE_NAME="{{applications.moodle.site_titel}}"
      - MOODLE_SSLPROXY=yes
      - MOODLE_REVERSE_PROXY=yes
      - MOODLE_USERNAME={{applications.moodle.administrator_name}}
      - MOODLE_PASSWORD={{moodle_user_password}}
      - MOODLE_EMAIL={{applications.moodle.administrator_email}}
      - BITNAMI_DEBUG={% if mode_debug | bool %}true{% else %}false{% endif %} 
    volumes:
      - 'moodle:/bitnami/moodle'
      - 'data:/bitnami/moodledata'
 # Healthcheck is not possible due to missing curl and wget in container
 # @todo implement healthcheck
 #    healthcheck:
 #      test: ["CMD", "curl", "-f", "http://127.0.0.1:8080"]
 #      interval: 1m
--- a/roles/docker-moodle/templates/env.j2
+++ b/roles/docker-moodle/templates/env.j2
@ -0,0 +1,13 @@
 MOODLE_DATABASE_HOST={{database_host}}
 MOODLE_DATABASE_PORT_NUMBER={{database_port}}
 MOODLE_DATABASE_USER={{database_username}}
 MOODLE_DATABASE_NAME={{database_name}}
 MOODLE_DATABASE_PASSWORD={{database_password}}
 ALLOW_EMPTY_PASSWORD=no
 MOODLE_SITE_NAME="{{applications.moodle.site_titel}}"
 MOODLE_SSLPROXY=yes
 MOODLE_REVERSE_PROXY=yes
 MOODLE_USERNAME={{applications.moodle.administrator_name}}
 MOODLE_PASSWORD={{moodle_user_password}}
 MOODLE_EMAIL={{applications.moodle.administrator_email}}
 BITNAMI_DEBUG={% if mode_debug | bool %}true{% else %}false{% endif %}
--- a/roles/docker-nextcloud/tasks/main.yml
+++ b/roles/docker-nextcloud/tasks/main.yml
@ -18,10 +18,18 @@
    dest: "{{docker_compose.directories.volumes}}nginx.conf"
  notify: docker compose project setup
- name: add docker-compose.yml
+- name: "create {{docker_compose.files.docker_compose}}"
  template:
    src:	"docker-compose.yml.j2"
    dest:	"{{docker_compose.files.docker_compose}}"
  notify: docker compose project setup
 - name: "create {{docker_compose.files.env}}"
  template: 
-    src:  docker-compose.yml.j2 
+    src:  "env.j2" 
-    dest: "{{docker_compose.directories.instance}}docker-compose.yml"
+    dest: "{{docker_compose.files.env}}"
    mode: '770'
    force: yes
  notify: docker compose project setup
 # @todo activate
--- a/roles/docker-nextcloud/templates/docker-compose.yml.j2
+++ b/roles/docker-nextcloud/templates/docker-compose.yml.j2
@ -7,34 +7,9 @@ services:
  application:
    image: "nextcloud:{{applications.nextcloud.version}}-fpm-alpine"
    container_name: {{nextcloud_application_container_name}} 
    restart: {{docker_restart_policy}}
    logging:
      driver: journald
    volumes:
      - data:/var/www/html
-    environment:
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
      # See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html
      # Database Configuration
      MYSQL_DATABASE: "{{database_name}}"
      MYSQL_USER: "{{database_username}}"
      MYSQL_PASSWORD: "{{database_password}}"
      MYSQL_HOST: "{{database_host}}:{{database_port}}"
      # Memory
      PHP_MEMORY_LIMIT: 1G # Required for plugin duplicate finder
      # Email Configuration
      SMTP_HOST: {{system_email.host}}
      SMTP_SECURE: {{ 'ssl' if system_email.tls else '' }}
      SMTP_PORT: {{system_email.smtp_port}}
      SMTP_NAME: {{system_email.username}}
      SMTP_PASSWORD: {{system_email.password}}
      # Email from configuration
      MAIL_FROM_ADDRESS: no-reply
      MAIL_DOMAIN: {{system_email.domain}}
 {% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
 {% include 'templates/docker/container/networks.yml.j2' %}
--- a/roles/docker-nextcloud/templates/env.j2
+++ b/roles/docker-nextcloud/templates/env.j2
@ -0,0 +1,21 @@
 # See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html
 # Database Configuration
 MYSQL_DATABASE= "{{database_name}}"
 MYSQL_USER=     "{{database_username}}"
 MYSQL_PASSWORD= "{{database_password}}"
 MYSQL_HOST=     "{{database_host}}:{{database_port}}"
 # Memory
 PHP_MEMORY_LIMIT= 1G # Required for plugin duplicate finder
 # Email Configuration
 SMTP_HOST=      {{system_email.host}}
 SMTP_SECURE=    {{ 'ssl' if system_email.tls else '' }}
 SMTP_PORT=      {{system_email.smtp_port}}
 SMTP_NAME=      {{system_email.username}}
 SMTP_PASSWORD=  {{system_email.password}}
 # Email from configuration
 MAIL_FROM_ADDRESS= no-reply
 MAIL_DOMAIN= {{system_email.domain}}
--- a/roles/docker-oauth2-proxy/tasks/main.yml
+++ b/roles/docker-oauth2-proxy/tasks/main.yml
@ -1,6 +1,6 @@
- name: "Transfering oauth2-proxy-keycloak.cfg.j2 to {{docker_compose.directories.instance}}"
+- name: "Transfering oauth2-proxy-keycloak.cfg.j2 to {{docker_compose.directories.volumes}}"
  template:
    src: oauth2-proxy-keycloak.cfg.j2
-    dest: "{{docker_compose.directories.instance}}{{applications.oauth2_proxy.configuration_file}}"
+    dest: "{{docker_compose.directories.volumes}}{{applications.oauth2_proxy.configuration_file}}"
  notify:
    - docker compose project setup
--- a/roles/docker-oauth2-proxy/templates/container.yml.j2
+++ b/roles/docker-oauth2-proxy/templates/container.yml.j2
@ -6,5 +6,5 @@
    ports:
      - {{ports.localhost.oauth2_proxy_ports[application_id]}}:4180/tcp
    volumes:
-      - "./{{applications.oauth2_proxy.configuration_file}}:/oauth2-proxy.cfg"
+      - "{{docker_compose.directories.volumes}}{{applications.oauth2_proxy.configuration_file}}:/oauth2-proxy.cfg"
 {% include 'templates/docker/container/networks.yml.j2' %}
--- a/roles/docker-openproject/files/Gemfile.plugins
+++ b/roles/docker-openproject/files/Gemfile.plugins
@ -1,3 +1,4 @@
 group :opf_plugins do
-  gem "openproject-gitlab_integration", git: "https://github.com/btey/openproject-gitlab-integration", branch: "master"
+  # Deactivated plugin because it seems like it's already included in the basic image
  #gem "openproject-gitlab_integration", git: "https://github.com/btey/openproject-gitlab-integration", branch: "master"
 end
--- a/roles/docker-openproject/handlers/main.yml
+++ b/roles/docker-openproject/handlers/main.yml
@ -1,8 +1,16 @@
 ---
- name: rebuild docker image
+- name: rebuild custom openproject docker image
  command:
-    cmd: docker build --no-cache -t custom_openproject .
+    cmd: docker build --no-cache -t {{custom_openproject_image}} .
-    chdir: "{{docker_compose.directories.instance}}"
+    chdir: "{{openproject_plugins_service}}"
  environment:
    COMPOSE_HTTP_TIMEOUT: 600
    DOCKER_CLIENT_TIMEOUT: 600
 - name: rebuild openproject repository
  command:
    cmd: docker compose build 
    chdir: "{{openproject_repository_service}}"
  environment:
    COMPOSE_HTTP_TIMEOUT: 600
    DOCKER_CLIENT_TIMEOUT: 600
--- a/roles/docker-openproject/tasks/main.yml
+++ b/roles/docker-openproject/tasks/main.yml
@ -6,24 +6,43 @@
 - name: "include tasks nginx-docker-proxy-domain.yml"
  include_tasks: nginx-docker-proxy-domain.yml
- name: "include tasks update-repository-with-docker-compose.yml"
+#- name: "include tasks update-repository-with-files.yml"
-  include_tasks: update-repository-with-docker-compose.yml
+#  include_tasks: update-repository-with-files.yml
 #  vars:
 #    detached_files: 
 #      - "docker-compose.yml"
- name: "Transfering Gemfile.plugins to {{docker_compose.directories.instance}}"
+- name: "Create {{openproject_plugins_service}}"
  file:
    path: "{{openproject_plugins_service}}"
    state: directory
    mode: '0755'
 - name: "Transfering Gemfile.plugins to {{openproject_plugins_service}}"
  copy:
    src: Gemfile.plugins
-    dest: "{{docker_compose.directories.instance}}Gemfile.plugins"
+    dest: "{{openproject_plugins_service}}Gemfile.plugins"
  notify:
    - docker compose project setup
-    - rebuild docker image
+    - rebuild custom openproject docker image
- name: "Transfering Dockerfile to {{docker_compose.directories.instance}}"
+- name: "Transfering Dockerfile to {{openproject_plugins_service}}Dockerfile"
-  copy:
+  template:
    src: Dockerfile
-    dest: "{{docker_compose.directories.instance}}Dockerfile"
+    dest: "{{openproject_plugins_service}}Dockerfile"
  notify:
    - docker compose project setup
-    - rebuild docker image
+    - rebuild custom openproject docker image
 - name: pull docker repository
  git:
    repo: "{{ repository_address }}"
    dest: "{{ openproject_repository_service }}"
    update: yes
  notify:
    - docker compose project setup
    - rebuild openproject repository
  become: true
 - name: "create {{dummy_volume}}"
  file:
@ -31,8 +50,16 @@
    state: directory
    mode: 0755
- name: "copy .env"
+- name: "create {{docker_compose.files.docker_compose}}"
-  template: 
+  template:
-    src: env.j2
+    src:	"docker-compose.yml.j2"
-    dest: "{{ docker_compose.directories.instance }}.env"
+    dest:	"{{docker_compose.files.docker_compose}}"
  notify: docker compose project setup
 - name: "create {{docker_compose.files.env}}"
  template: 
    src:  "env.j2" 
    dest: "{{docker_compose.files.env}}"
    mode: '770'
    force: yes
  notify: docker compose project setup
--- a/roles/docker-openproject/templates/Dockerfile
+++ b/roles/docker-openproject/templates/Dockerfile
@ -1,4 +1,4 @@
-FROM openproject/community:13
+FROM openproject/community:{{applications.openproject.version}}
 # If installing a local plugin (using `path:` in the `Gemfile.plugins` above),
 # you will have to copy the plugin code into the container here and use the
--- a/roles/docker-openproject/templates/docker-compose.yml.j2
+++ b/roles/docker-openproject/templates/docker-compose.yml.j2
@ -1,7 +1,7 @@
 x-op-app: &app
  logging:
    driver: journald
-  image: custom_openproject
+  image: {{custom_openproject_image}}
  environment:
    OPENPROJECT_HTTPS: "${OPENPROJECT_HTTPS}"
    OPENPROJECT_HOST__NAME: "${OPENPROJECT_HOST__NAME}"
@ -27,16 +27,12 @@ services:
  cache:
    image: memcached
    container_name: openproject-memcached
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    logging:
      driver: journald
 {% include 'templates/docker/container/networks.yml.j2' %}
  proxy:
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
-    logging:
+    image: {{custom_openproject_image}}
      driver: journald
    image: custom_openproject
    container_name: openproject-proxy
    command: "./docker/prod/proxy"
    ports:
@ -53,7 +49,7 @@ services:
  web:
    <<: *app
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    command: "./docker/prod/web"
    container_name: openproject-web
 {% include 'templates/docker/container/networks.yml.j2' %}
@ -74,9 +70,7 @@ services:
  autoheal:
    image: willfarrell/autoheal:1.2.0
    container_name: openproject-autoheal
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    logging:
      driver: journald
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
    environment:
@ -86,7 +80,7 @@ services:
  worker:
    <<: *app
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    command: "./docker/prod/worker"
    container_name: openproject-worker
 {% include 'templates/docker/container/networks.yml.j2' %}
@ -98,7 +92,7 @@ services:
  cron:
    <<: *app
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    command: "./docker/prod/cron"
    container_name: openproject-cron
 {% include 'templates/docker/container/networks.yml.j2' %}
@ -112,6 +106,10 @@ services:
    <<: *app
    command: "./docker/prod/seeder"
    container_name: openproject-seeder
    env_file:
      - "{{docker_compose.files.env}}"
    logging:
      driver: journald
    restart: on-failure
 {% include 'templates/docker/container/networks.yml.j2' %}
--- a/roles/docker-openproject/vars/main.yml
+++ b/roles/docker-openproject/vars/main.yml
@ -1,12 +1,15 @@
 application_id:                               "openproject"
 repository_directory:                         "{{ path_docker_compose_instances }}{{application_id}}/"
 docker_compose.directories.instance:            "{{repository_directory}}compose/"
 repository_address:                           "https://github.com/opf/openproject-deploy"
 database_password:                            "{{openproject_database_password}}"
 database_type:                                "postgres"
 openproject_plugins_service:                  "{{docker_compose.directories.services}}plugins/"
 openproject_repository_service:               "{{docker_compose.directories.services}}repository/"
 custom_openproject_image:                     "custom_openproject"
 # The following volume doesn't have a practcical function. It just exist to prevent the creation of unnecessary anonymous volumes
-dummy_volume:                                 "{{repository_directory}}dummy_volume"
+dummy_volume:                                 "{{docker_compose.directories.volumes}}dummy_volume"
 # OAuth2 Proxy Configuration
 oauth2_proxy_upstream_application_and_port:   "proxy:80"
--- a/roles/docker-peertube/tasks/main.yml
+++ b/roles/docker-peertube/tasks/main.yml
@ -9,12 +9,16 @@
  loop_control:
    loop_var: domain
- name: copy docker-compose.yml
+- name: "create {{docker_compose.files.docker_compose}}"
-  template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
+  template:
    src:	"docker-compose.yml.j2"
    dest:	"{{docker_compose.files.docker_compose}}"
  notify: docker compose project setup
- name: copy configuration
+- name: "create {{docker_compose.files.env}}"
  template: 
-    src: env.j2 
+    src:  "env.j2" 
-    dest: "{{docker_compose.directories.instance}}.env"
+    dest: "{{docker_compose.files.env}}"
    mode: '770'
    force: yes
  notify: docker compose project setup
--- a/roles/docker-peertube/templates/docker-compose.yml.j2
+++ b/roles/docker-peertube/templates/docker-compose.yml.j2
@ -6,8 +6,7 @@ services:
  application:
    image: chocobozzz/peertube:production-{{applications.peertube.version}}
-    env_file:
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
      - .env
    ports:
     - "1935:1935"
     - "{{http_port}}:9000" 
@ -15,7 +14,6 @@ services:
      - assets:/app/client/dist
      - data:/data
      - config:/config
    restart: "always"
 {% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
 {% include 'templates/docker/container/networks.yml.j2' %}
--- a/roles/docker-phpmyadmin/tasks/main.yml
+++ b/roles/docker-phpmyadmin/tasks/main.yml
@ -6,8 +6,16 @@
 - name: "include tasks nginx-docker-proxy-domain.yml"
  include_tasks: nginx-docker-proxy-domain.yml
- name: add docker-compose.yml
+- name: "create {{docker_compose.files.docker_compose}}"
-  template: 
+  template:
-    src:  "docker-compose.yml.j2" 
+    src:	"docker-compose.yml.j2"
-    dest: "{{docker_compose.directories.instance}}docker-compose.yml"
+    dest:	"{{docker_compose.files.docker_compose}}"
  notify: docker compose project setup
 - name: "create {{docker_compose.files.env}}"
  template: 
    src:  "env.j2" 
    dest: "{{docker_compose.files.env}}"
    mode: '770'
    force: yes
  notify: docker compose project setup
--- a/roles/docker-phpmyadmin/templates/docker-compose.yml.j2
+++ b/roles/docker-phpmyadmin/templates/docker-compose.yml.j2
@ -3,17 +3,9 @@ services:
 {% include 'roles/docker-oauth2-proxy/templates/container.yml.j2' %}
  application:
    logging:
      driver: journald
    image: phpmyadmin/phpmyadmin:{{applications.phpmyadmin.version}}
    container_name: phpmyadmin
-    environment:
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
      PMA_HOST: central-mariadb
 {% if applications.phpmyadmin.autologin | bool %}
      PMA_USER: root
      PMA_PASSWORD: "{{central_mariadb_root_password}}"
 {% endif %}
    restart: {{docker_restart_policy}}
    ports:
      - "127.0.0.1:{{http_port}}:80"
 {% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
--- a/roles/docker-phpmyadmin/templates/env.j2
+++ b/roles/docker-phpmyadmin/templates/env.j2
@ -0,0 +1,5 @@
 PMA_HOST= central-mariadb
 {% if applications.phpmyadmin.autologin | bool %}
 PMA_USER= root
 PMA_PASSWORD= "{{central_mariadb_root_password}}"
 {% endif %}
--- a/roles/docker-pixelfed/tasks/main.yml
+++ b/roles/docker-pixelfed/tasks/main.yml
@ -6,14 +6,16 @@
 - name: "include tasks nginx-docker-proxy-domain.yml"
  include_tasks: nginx-docker-proxy-domain.yml
- name: add docker-compose.yml
+- name: "create {{docker_compose.files.docker_compose}}"
-  template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
+  template:
    src:	"docker-compose.yml.j2"
    dest:	"{{docker_compose.files.docker_compose}}"
  notify: docker compose project setup
- name: add env
+- name: "create {{docker_compose.files.env}}"
  template: 
-    src: env.j2
+    src:  "env.j2" 
-    dest: "{{docker_compose.directories.instance}}env"
+    dest: "{{docker_compose.files.env}}"
    mode: '770'
    force: yes
  notify: docker compose project setup
--- a/roles/docker-pixelfed/templates/docker-compose.yml.j2
+++ b/roles/docker-pixelfed/templates/docker-compose.yml.j2
@ -6,11 +6,7 @@ services:
  application:
    image: zknt/pixelfed:{{applications.pixelfed.version}}
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    logging:
      driver: journald
    env_file:
      - ./env
    volumes:
      - "data:/var/www/storage"
      - "./env:/var/www/.env"
@ -20,11 +16,7 @@ services:
 {% include 'templates/docker/container/networks.yml.j2' %}
  worker:
    image: zknt/pixelfed:{{applications.pixelfed.version}}
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    logging:
      driver: journald
    env_file:
      - ./env
    volumes:
      - "data:/var/www/storage"
      - "./env:/var/www/.env"
--- a/roles/docker-portfolio/tasks/main.yml
+++ b/roles/docker-portfolio/tasks/main.yml
@ -6,8 +6,11 @@
 - name: "include tasks nginx-docker-proxy-domain.yml"
  include_tasks: nginx-docker-proxy-domain.yml
- name: "include tasks update-repository-with-docker-compose.yml"
+- name: "include tasks update-repository-with-files.yml"
-  include_tasks: update-repository-with-docker-compose.yml
+  include_tasks: update-repository-with-files.yml
  vars:
    detached_files: 
      - "docker-compose.yml"
 - name: create {{docker_compose.directories.instance}}/app/config.yaml
  copy:
--- a/roles/docker-taiga/tasks/main.yml
+++ b/roles/docker-taiga/tasks/main.yml
@ -10,6 +10,6 @@
  include_tasks: update-repository-with-files.yml
  vars:
    detached_files: 
-      - .env
+      - "{{docker_compose.directories.env}}env"
-      - docker-compose.yml
+      - "{{docker_compose.directories.instance}}docker-compose.yml"
-      - docker-compose-inits.yml
+      - "{{docker_compose.directories.instance}}docker-compose-inits.yml"
--- a/roles/docker-taiga/templates/docker-compose-inits.yml.j2
+++ b/roles/docker-taiga/templates/docker-compose-inits.yml.j2
@ -32,6 +32,7 @@ services:
  taiga-manage:
    image: taigaio/taiga-back:latest
    environment: *default-back-environment
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
 {% include 'templates/docker/container/depends-on-just-database.yml.j2' %}
 {% include 'templates/docker/container/networks.yml.j2' %}
--- a/roles/docker-taiga/templates/docker-compose.yml.j2
+++ b/roles/docker-taiga/templates/docker-compose.yml.j2
@ -38,16 +38,12 @@ x-volumes:
 services:
 {% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
  taiga-back:
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    logging:
      driver: journald
    image: taigaio/taiga-back:{{applications.taiga.version}}
    environment: *default-back-environment
    volumes: *default-back-volumes
 {% include 'templates/docker/container/networks.yml.j2' %}
      taiga:
 {% include 'templates/docker/container/depends-on-also-database.yml.j2' %}
      taiga-events-rabbitmq:
        condition: service_started
@ -55,9 +51,7 @@ services:
        condition: service_started
  taiga-async:
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    logging:
      driver: journald
    image: taigaio/taiga-back:latest
    entrypoint: ["/taiga-back/docker/async_entrypoint.sh"]
    environment: *default-back-environment
@ -82,9 +76,7 @@ services:
    hostname: "taiga-async-rabbitmq"
    volumes:
      - async-rabbitmq-data:/var/lib/rabbitmq
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    logging:
      driver: journald
 {% include 'templates/docker/container/networks.yml.j2' %}
      taiga:
@ -95,10 +87,7 @@ services:
      TAIGA_URL: "${TAIGA_SCHEME}://${TAIGA_DOMAIN}"
      TAIGA_WEBSOCKETS_URL: "${WEBSOCKETS_SCHEME}://${TAIGA_DOMAIN}"
      TAIGA_SUBPATH: "${SUBPATH}"
-      # ...your customizations go here
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    restart: {{docker_restart_policy}}
    logging:
      driver: journald
 {% include 'templates/docker/container/networks.yml.j2' %}
      taiga:
@ -111,10 +100,7 @@ services:
      RABBITMQ_USER: "${RABBITMQ_USER}"
      RABBITMQ_PASS: "${RABBITMQ_PASS}"
      TAIGA_SECRET_KEY: "${SECRET_KEY}"
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    logging:
      driver: journald
 {% include 'templates/docker/container/networks.yml.j2' %}
      taiga:
    depends_on:
@ -131,9 +117,7 @@ services:
    hostname: "events-rabbitmq"
    volumes:
      - events-rabbitmq-data:/var/lib/rabbitmq
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    logging:
      driver: journald
 {% include 'templates/docker/container/networks.yml.j2' %}
      taiga:
@ -143,9 +127,7 @@ services:
    environment:
      MAX_AGE: "${ATTACHMENTS_MAX_AGE}"
      SECRET_KEY: "${SECRET_KEY}"
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    logging:
      driver: journald
 {% include 'templates/docker/container/networks.yml.j2' %}
      taiga:
@ -158,9 +140,7 @@ services:
      - ./taiga-gateway/taiga.conf:/etc/nginx/conf.d/default.conf
      - static-data:/taiga/static
      - media-data:/taiga/media
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    logging:
      driver: journald
 {% include 'templates/docker/container/networks.yml.j2' %}
      taiga:
--- a/roles/docker-wordpress/handlers/main.yml
+++ b/roles/docker-wordpress/handlers/main.yml
@ -1,7 +1,7 @@
 ---
 - name: rebuild wordpress container
  command:
-    cmd: docker build --no-cache -t custom_wordpress .
+    cmd: docker build --no-cache -t {{custom_wordpress_image}} .
    chdir: "{{docker_compose.directories.instance}}"
  environment:
    COMPOSE_HTTP_TIMEOUT: 600
--- a/roles/docker-wordpress/tasks/main.yml
+++ b/roles/docker-wordpress/tasks/main.yml
@ -27,6 +27,17 @@
    - docker compose project setup
    - rebuild wordpress container
- name: "add docker-compose.yml to {{docker_compose.directories.instance}}"
+- name: "create {{docker_compose.files.docker_compose}}"
-  template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml
+  template:
    src:	"docker-compose.yml.j2"
    dest:	"{{docker_compose.files.docker_compose}}"
  notify: docker compose project setup
 - name: "create {{docker_compose.files.env}}"
  template: 
    src:  "env.j2" 
    dest: "{{docker_compose.files.env}}"
    mode: '770'
    force: yes
  notify: docker compose project setup
--- a/roles/docker-wordpress/templates/docker-compose.yml.j2
+++ b/roles/docker-wordpress/templates/docker-compose.yml.j2
@ -3,20 +3,13 @@ services:
 {% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
  application:
-    logging:
+    {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
-      driver: journald
+    image: {{custom_wordpress_image}}
    image: custom_wordpress
    container_name: wordpress-application
    build:
      context: .
    restart: {{docker_restart_policy}}
    ports:
      - "127.0.0.1:{{http_port}}:80"
    environment:
      WORDPRESS_DB_HOST:      "{{database_host}}:{{database_port}}"
      WORDPRESS_DB_USER:      "{{database_username}}"
      WORDPRESS_DB_PASSWORD:  "{{database_password}}"
      WORDPRESS_DB_NAME:      "{{database_name}}"
    volumes:
      - data:/var/www/html
    healthcheck:
--- a/roles/docker-wordpress/templates/env.j2
+++ b/roles/docker-wordpress/templates/env.j2
@ -0,0 +1,4 @@
 WORDPRESS_DB_HOST=      "{{database_host}}:{{database_port}}"
 WORDPRESS_DB_USER=      "{{database_username}}"
 WORDPRESS_DB_PASSWORD=  "{{database_password}}"
 WORDPRESS_DB_NAME=      "{{database_name}}"
--- a/roles/docker-wordpress/vars/main.yml
+++ b/roles/docker-wordpress/vars/main.yml
@ -1,4 +1,5 @@
 application_id:  	          "wordpress"
 wordpress_max_upload_size:  "64M"
 database_type:              "mariadb"
-database_password:  	      "{{wordpress_database_password}}"
+database_password:  	      "{{wordpress_database_password}}"
 custom_wordpress_image:     "custom_wordpress"
--- a/roles/docker-yourls/tasks/main.yml
+++ b/roles/docker-yourls/tasks/main.yml
@ -6,8 +6,16 @@
 - name: "include tasks nginx-docker-proxy-domain.yml"
  include_tasks: nginx-docker-proxy-domain.yml
- name: add docker-compose.yml
+- name: "create {{docker_compose.files.docker_compose}}"
-  template: 
+  template:
-    src:  "docker-compose.yml.j2" 
+    src:	"docker-compose.yml.j2"
-    dest: "{{docker_compose.directories.instance}}docker-compose.yml"
+    dest:	"{{docker_compose.files.docker_compose}}"
  notify: docker compose project setup
 - name: "create {{docker_compose.files.env}}"
  template: 
    src:  "env.j2" 
    dest: "{{docker_compose.files.env}}"
    mode: '770'
    force: yes
  notify: docker compose project setup
--- a/roles/docker-yourls/templates/docker-compose.yml.j2
+++ b/roles/docker-yourls/templates/docker-compose.yml.j2
@ -3,20 +3,10 @@ services:
 {% include 'roles/docker-central-database/templates/services/' + database_type + '.yml.j2' %}
  application:
    logging:
      driver: journald
    image: yourls:{{applications.yourls.version}}
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    ports:
      - "127.0.0.1:{{http_port}}:80"
    environment:
      YOURLS_DB_HOST: "{{database_host}}"
      YOURLS_DB_USER: "{{database_username}}"
      YOURLS_DB_PASS: "{{database_password}}"
      YOURLS_DB_NAME: "{{database_name}}"
      YOURLS_SITE:    "https://{{domain}}"
      YOURLS_USER:    "{{applications.yourls.administrator_username}}"
      YOURLS_PASS:    "{{yourls_administrator_password}}"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://127.0.0.1/admin/"]
      interval: 1m
--- a/roles/docker-yourls/templates/env.j2
+++ b/roles/docker-yourls/templates/env.j2
@ -0,0 +1,7 @@
 YOURLS_DB_HOST: "{{database_host}}"
 YOURLS_DB_USER: "{{database_username}}"
 YOURLS_DB_PASS: "{{database_password}}"
 YOURLS_DB_NAME: "{{database_name}}"
 YOURLS_SITE:    "https://{{domain}}"
 YOURLS_USER:    "{{applications.yourls.administrator_username}}"
 YOURLS_PASS:    "{{yourls_administrator_password}}"
--- a/roles/nginx-docker-cert-deploy/files/nginx-docker-cert-deploy.sh
+++ b/roles/nginx-docker-cert-deploy/files/nginx-docker-cert-deploy.sh
@ -2,29 +2,30 @@
 # Check if the necessary parameters are provided
 if [ "$#" -ne 2 ]; then
-    echo "Usage: $0 <domain> <docker_compose.directories.instance>"
+    echo "Usage: $0 <domain> <docker_compose_instance_directory>"
    exit 1
 fi
 # Assign parameters
 domain="$1"
-docker_compose.directories.instance="$2"
+docker_compose_instance_directory="$2"
 docker_compose_cert_directory="$docker_compose_instance_directory/volumes/certs"
 # Copy certificates
-cp -RvL "/etc/letsencrypt/live/$domain/"* "$docker_compose.directories.instance/certs" || exit 1
+cp -RvL "/etc/letsencrypt/live/$domain/"* "$docker_compose_cert_directory" || exit 1
 # This code is optimized for mailu
-cp -v "/etc/letsencrypt/live/$domain/privkey.pem" "$docker_compose.directories.instance/certs/key.pem" || exit 1
+cp -v "/etc/letsencrypt/live/$domain/privkey.pem" "$docker_compose_cert_directory/key.pem" || exit 1
-cp -v "/etc/letsencrypt/live/$domain/fullchain.pem" "$docker_compose.directories.instance/certs/cert.pem" || exit 1
+cp -v "/etc/letsencrypt/live/$domain/fullchain.pem" "$docker_compose_cert_directory/cert.pem" || exit 1
 # Set correct reading rights
-chmod a+r -v "$docker_compose.directories.instance/certs/"*
+chmod a+r -v "$docker_compose_cert_directory/"*
 # Flag to track if any Nginx reload was successful
 nginx_reload_successful=false
 # Reload Nginx in all containers within the Docker Compose setup
-cd "$docker_compose.directories.instance" || exit 1
+cd "$docker_compose_instance_directory" || exit 1
 # Iterate over all services
 for service in $(docker compose ps --services); do
--- a/roles/nginx-docker-cert-deploy/tasks/main.yml
+++ b/roles/nginx-docker-cert-deploy/tasks/main.yml
@ -3,6 +3,7 @@
    src: "nginx-docker-cert-deploy.sh" 
    dest: "{{nginx_docker_cert_deploy_script}}"
  when: run_once_nginx_docker_cert_deploy is not defined
  notify: restart nginx-docker-cert-deploy.cymais.service
 - name: run the nginx_docker_cert_deploy tasks once
  set_fact:
@ -14,6 +15,7 @@
    path:     "{{cert_mount_directory}}"
    state:    directory
    mode:     0755
  notify: restart nginx-docker-cert-deploy.cymais.service
 - name: configure nginx-docker-cert-deploy.cymais.service
  template: 
--- a/tasks/update-repository-with-docker-compose.yml
+++ b/tasks/update-repository-with-docker-compose.yml
@ -1,5 +0,0 @@
 - name: "include tasks update-repository-with-files.yml"
  include_tasks: update-repository-with-files.yml
  vars:
    detached_files: 
      - "docker-compose.yml"
--- a/tasks/update-repository-with-files.yml
+++ b/tasks/update-repository-with-files.yml
@ -1,3 +1,6 @@
 # It isn't best practice to use this task
 # Better load the repositories into /opt/docker/[servicename]/services, build them there and then use a docker-compose file for customizing
 # @todo Refactor\Remove 
 - name: "Merge detached_files with applications.oauth2_proxy.configuration_file"
  ansible.builtin.set_fact:
    merged_detached_files: "{{ detached_files + [applications.oauth2_proxy.configuration_file] }}"