Added mailu_token_enabled condition

cli/generate_playbook.py

@@ -105,32 +105,13 @@ def print_dependency_tree(graph):
 
 def generate_playbook_entries(roles_dir, prefix=None):
     """Generate playbook entries based on the sorted order."""
-    # Build dependency graph
     graph, in_degree, roles = build_dependency_graph(roles_dir, prefix)
 
-    # Print and collect roles in tree order
+    # Detect cycles and get correct topological order
-    tree_sorted_roles = print_dependency_tree(graph)
-
-    # Topologically sort the roles
     sorted_role_names = topological_sort(graph, in_degree)
 
-    # Ensure that roles that appear in the tree come first
-    final_sorted_roles = [role for role in tree_sorted_roles if role in sorted_role_names]
-
-    # Include the remaining unsorted roles
-    final_sorted_roles += [role for role in sorted_role_names if role not in final_sorted_roles]
-
-    # Remove duplicates, keeping only the first occurrence to preserve dependency order
-    seen = set()
-    deduplicated_roles = []
-    for role in final_sorted_roles:
-        if role not in seen:
-            deduplicated_roles.append(role)
-            seen.add(role)
-
-    # Generate the playbook entries
     entries = []
-    for role_name in deduplicated_roles:
+    for role_name in sorted_role_names:
         role = roles[role_name]
         entries.append(
             f"- name: setup {role['application_id']}\n"

roles/docker-akaunting/meta/main.yml

@@ -19,3 +19,7 @@ galaxy_info:
   documentation: https://s.veen.world/cymais
   logo:
     class: "fa-solid fa-file-invoice-dollar"
+  run_after:
+    - docker-matomo
+    - docker-keycloak
+    - docker-mailu

roles/docker-attendize/meta/main.yml

@@ -19,4 +19,8 @@ galaxy_info:
   documentation: https://s.veen.world/cymais
   logo:
     class: "fa-solid fa-calendar-check"
+  run_after:
+    - docker-matomo
+    - docker-keycloak
+    - docker-mailu
 dependencies: []

roles/docker-baserow/meta/main.yml

@@ -18,4 +18,7 @@ galaxy_info:
   documentation: https://s.veen.world/cymais
   logo:
     class: "fa-solid fa-table"
-dependencies: []
+  run_after:
+    - docker-matomo
+    - docker-keycloak
+    - docker-mailu

roles/docker-bluesky/meta/main.yml

@@ -18,4 +18,8 @@ galaxy_info:
   documentation: https://s.veen.world/cymais
   logo:
     class: "fa-solid fa-sun"
+  run_after:
+    - docker-matomo
+    - docker-keycloak
+    - docker-mailu
 dependencies: []

roles/docker-central-database/vars/database.yml

@@ -3,7 +3,7 @@ database_host:      "{{ 'central-' + database_type if applications | is_feature_
 database_name:      "{{ applications[database_application_id].database.name | default( database_application_id ) }}"      # The overwritte configuration is needed by bigbluebutton
 database_username:  "{{ applications[database_application_id].database.username | default( database_application_id )}}"   # The overwritte configuration is needed by bigbluebutton
 database_password:  "{{ applications[database_application_id].credentials.database_password }}"
-database_port:      "{{ 3306 if database_type == 'mariadb' else 5432 }}"
+database_port:      "{{ 3306 if database_type == 'mariadb' else applications.postgres.port }}"
 database_env:       "{{docker_compose.directories.env}}{{database_type}}.env"
 database_url_jdbc:  "jdbc:{{ database_type if database_type == 'mariadb' else 'postgresql' }}://{{ database_host }}:{{ database_port }}/{{ database_name }}"
 database_url_full:  "{{database_type}}://{{database_username}}:{{database_password}}@{{database_host}}:{{database_port}}/{{ database_name }}"

roles/docker-espocrm/meta/users.yml

@@ -2,5 +2,6 @@ users:
   administrator:
     username:         "administrator"
   contact:
-    description:      "General contact account"
+    description:          "General contact account"
-    username:         "contact"
+    username:             "contact"
+    mailu_token_enabled:  true

roles/docker-espocrm/templates/env.j2

@@ -54,7 +54,7 @@ ESPOCRM_CONFIG_SMTP_SECURITY={{ "TLS" if system_email.start_tls else "SSL"}}
 ESPOCRM_CONFIG_SMTP_AUTH=true
 ESPOCRM_CONFIG_SMTP_USERNAME={{ users['contact'].email }}
 ESPOCRM_CONFIG_SMTP_PASSWORD={{ users['contact'].mailu_token }}
-ESPOCRM_CONFIG_OUTBOUND_EMAIL_FROM_NAME={{ service_provider.company.titel }} - CRM
+ESPOCRM_CONFIG_OUTBOUND_EMAIL_FROM_NAME={{ applications[application_id].email.from_name}}
 ESPOCRM_CONFIG_OUTBOUND_EMAIL_FROM_ADDRESS={{ users['contact'].email }}
 
 # ------------------------------------------------
@@ -100,6 +100,6 @@ ESPOCRM_CONFIG_OIDC_AUTHORIZATION_REDIRECT_URI=https://{{ domains | get_domain(a
 ESPOCRM_CONFIG_OIDC_CREATE_USER=true
 ESPOCRM_CONFIG_OIDC_SYNC=true
 ESPOCRM_CONFIG_OIDC_USERNAME_CLAIM={{oidc.attributes.username}}
-# ESPOCRM_CONFIG_OIDC_SYNC_TEAMS=true      # (optional) Gruppen-→-Team-Mapping
+# ESPOCRM_CONFIG_OIDC_SYNC_TEAMS=true
 # ESPOCRM_CONFIG_OIDC_GROUP_CLAIM=group
 {% endif %}

roles/docker-espocrm/vars/main.yml

@@ -1,3 +1,5 @@
 application_id: "espocrm"
 # EspoCRM uses MySQL/MariaDB
 database_type: "mariadb"
+email:
+  from_name: "Customer Relationship Management ({{ primary_domain }})"

roles/docker-friendica/meta/main.yml

@@ -18,4 +18,6 @@ galaxy_info:
   documentation: https://s.veen.world/cymais
   logo:
     class: "fa-solid fa-users"
-dependencies: []
+  run_after:
+    - docker-matomo
+    - docker-keycloak

roles/docker-funkwhale/meta/main.yml

@@ -19,4 +19,7 @@ galaxy_info:
   logo:
     class: "fa-solid fa-music"
   run_after:
+    - docker-matomo
+    - docker-keycloak
+    - docker-mailu
     - docker-ldap

roles/docker-fusiondirectory/meta/main.yml

@@ -19,3 +19,7 @@ galaxy_info:
   repository: "https://s.veen.world/cymais"
   issue_tracker_url: "https://s.veen.world/cymaisissues"
   documentation: "https://s.veen.world/cymais"
+  run_after:
+    - docker-matomo
+    - docker-keycloak
+    - docker-mailu

roles/docker-gitea/meta/main.yml

@@ -19,4 +19,8 @@ galaxy_info:
   documentation: https://s.veen.world/cymais
   logo:
     class: "fa-solid fa-code"
+  run_after:
+    - docker-matomo
+    - docker-keycloak
+    - docker-mailu
 dependencies: []

roles/docker-gitlab/meta/main.yml

@@ -19,4 +19,8 @@ galaxy_info:
   documentation: https://s.veen.world/cymais
   logo:
     class: "fa-solid fa-code-branch"
+  run_after:
+    - docker-matomo
+    - docker-keycloak
+    - docker-mailu
 dependencies: []

roles/docker-joomla/meta/main.yml

@@ -19,4 +19,8 @@ galaxy_info:
   documentation: https://s.veen.world/cymais
   logo:
     class: "fa-solid fa-sitemap"
+  run_after:
+    - docker-matomo
+    - docker-keycloak
+    - docker-mailu
 dependencies: []

roles/docker-listmonk/meta/main.yml

@@ -19,5 +19,7 @@ galaxy_info:
   documentation: "https://s.veen.world/cymais"
   logo:
     class: "fa-solid fa-list"
-dependencies:
+  run_after:
-  - docker-mailu
+    - docker-matomo
+    - docker-keycloak
+    - docker-mailu

roles/docker-listmonk/meta/users.yml

@@ -3,5 +3,7 @@ users:
     username:               "administrator"
   bounce:
     username:               "bounce"
+    mailu_token_enabled:    true
   newsletter:
     username:               "newsletter"
+    mailu_token_enabled:    true

roles/docker-mailu/tasks/create-mailu-token.yml

@@ -1,24 +1,3 @@
-- name: "Ensure Mailu user '{{ mailu_user_key }};{{ mailu_user_name }}@{{ mailu_domain }}'' exists"
-  command: >
-    docker compose exec admin flask mailu {{ mailu_action }}
-      {{ mailu_user_name }} {{ mailu_domain }} '{{ mailu_password }}'
-  args:
-    chdir: "{{ mailu_compose_dir }}"
-  register: mailu_user_result
-  failed_when: >
-    mailu_user_result.rc != 0 and
-    (
-      "exists, not created" not in mailu_user_result.stderr and
-      "Duplicate entry"   not in mailu_user_result.stderr
-    )
-  changed_when: mailu_user_result.rc == 0
-
-- name: "Change password for user '{{ mailu_user_key }};{{ mailu_user_name }}@{{ mailu_domain }}'"
-  command: >
-    docker compose exec admin flask mailu password
-      {{ mailu_user_name }} {{ mailu_domain }} '{{ mailu_password }}'
-  args:
-    chdir: "{{ mailu_compose_dir }}"
 
 - name: "Fetch existing API tokens via curl inside admin container"
   command: >-

roles/docker-mailu/tasks/create-mailu-user.yml

@@ -0,0 +1,25 @@
+- name: "Ensure Mailu user '{{ mailu_user_key }};{{ mailu_user_name }}@{{ mailu_domain }}'' exists"
+  command: >
+    docker compose exec admin flask mailu {{ mailu_action }}
+      {{ mailu_user_name }} {{ mailu_domain }} '{{ mailu_password }}'
+  args:
+    chdir: "{{ mailu_compose_dir }}"
+  register: mailu_user_result
+  failed_when: >
+    mailu_user_result.rc != 0 and
+    (
+      "exists, not created" not in mailu_user_result.stderr and
+      "Duplicate entry"   not in mailu_user_result.stderr
+    )
+  changed_when: mailu_user_result.rc == 0
+
+- name: "Change password for user '{{ mailu_user_key }};{{ mailu_user_name }}@{{ mailu_domain }}'"
+  command: >
+    docker compose exec admin flask mailu password
+      {{ mailu_user_name }} {{ mailu_domain }} '{{ mailu_password }}'
+  args:
+    chdir: "{{ mailu_compose_dir }}"
+
+- name: "Create Mailu API Token for {{ mailu_user_name }}"
+  include_tasks: create-mailu-token.yml
+  when: mailu_token_enabled

roles/docker-mailu/tasks/main.yml

@@ -25,8 +25,8 @@
   meta: flush_handlers
   when: run_once_docker_mailu is not defined
 
-- name: "Create Mailu accounts and API tokens"
+- name: "Create Mailu accounts"
-  include_tasks: create-mailu-user-and-token.yml
+  include_tasks: create-mailu-user.yml
   vars:
     mailu_compose_dir:        "{{ docker_compose.directories.instance }}"
     mailu_domain:             "{{ primary_domain }}"
@@ -36,6 +36,7 @@
     mailu_user_key:           "{{ item.key }}"
     mailu_user_name:          "{{ item.value.username }}"
     mailu_password:           "{{ item.value.password }}"
+    mailu_token_enabled:      "{{ item.value.mailu_token_enabled | default(false)}}"
     mailu_token_ip:           "{{ item.value.ip | default('') }}"
   loop:                       "{{ users | dict2items }}"
   loop_control:

roles/docker-matrix/meta/main.yml

@@ -20,4 +20,8 @@ galaxy_info:
   documentation: "https://s.veen.world/cymais"
   logo:
     class: "fa-solid fa-satellite-dish"
+  run_after:
+    - docker-matomo
+    - docker-keycloak
+    - docker-mailu
 dependencies: []

roles/docker-mediawiki/meta/main.yml

@@ -19,3 +19,7 @@ galaxy_info:
   documentation: "https://s.veen.world/cymais"
   logo:
     class: "fa-solid fa-book"
+  run_after:
+    - docker-matomo
+    - docker-keycloak
+    - docker-mailu

roles/docker-mobilizon/meta/main.yml

@@ -19,4 +19,8 @@ galaxy_info:
   logo:
     class: "fa-solid fa-calendar-days"
   run_after:
-    - "docker-postgres"
+    - docker-matomo
+    - docker-keycloak
+    - docker-mailu
+    - docker-ldap
+    - docker-postgres

roles/docker-mybb/meta/main.yml

@@ -19,5 +19,9 @@ galaxy_info:
   documentation: "https://s.veen.world/cymais"
   logo:
     class: "fa-solid fa-comments"
+  run_after:
+    - docker-matomo
+    - docker-keycloak
+    - docker-mailu
 dependencies:
   - nginx-docker-reverse-proxy

roles/docker-nextcloud/meta/users.yml

@@ -1,5 +1,6 @@
 users:      
   administrator:
-    username:                  "administrator"
+    username:               "administrator"
   no-reply:
-    username: "no-reply"
+    username:               "no-reply"
+    mailu_token_enabled:    true

roles/docker-postgres/Todo.md

@@ -0,0 +1,2 @@
+# Todos
+- Move init_database.yml to an own role

roles/docker-postgres/Upgrade.md

@@ -7,84 +7,11 @@ This guide explains how to safely upgrade a PostgreSQL Docker container from one
 ## ⚠️ Important
 PostgreSQL data directories are **not compatible across major versions**. You cannot just point a newer version to the old data volume. You must export and re-import your data.
 
----
+## Backup
+First do a backup
 
-## 💾 Step 1: Start a temporary container with your current PostgreSQL version
+## Restore
-
+Setup new Version and apply restore_postgres_databases.py.
-Replace `<old-version>` with your current PostgreSQL version (e.g., `12`).
-
-```bash
-docker run --rm -d \
-  --name pg-old \
-  -v pgdata:/var/lib/postgresql/data \
-  postgres:<old-version>
-```
-
-This container mounts your old data volume and runs the matching PostgreSQL version.
-
----
-
-## ⬇️ Step 2: Dump all databases
-
-```bash
-docker exec pg-old pg_dumpall -U postgres > backup.sql
-```
-
-Stop the old container:
-
-```bash
-docker stop pg-old
-```
-
----
-
-## 💥 Step 3: Remove the old data volume
-
-```bash
-docker volume rm pgdata
-```
-
-⚠️ This will permanently delete your old PostgreSQL data files. Make sure you have a successful backup (`backup.sql`) before running this!
-
----
-
-## 📦 Step 4: Start a new container with your target PostgreSQL version
-
-Replace `<new-version>` with the version you want to upgrade to (e.g., `16`).
-
-```bash
-docker run --rm -d \
-  --name pg-new \
-  -v pgdata:/var/lib/postgresql/data \
-  -e POSTGRES_PASSWORD=secret \
-  postgres:<new-version>
-```
-
-This creates a clean PostgreSQL instance with a fresh data directory.
-
----
-
-## ⬆️ Step 5: Restore your data
-
-```bash
-cat backup.sql | docker exec -i pg-new psql -U postgres
-```
-
-This restores all roles, databases, and data into your new PostgreSQL instance.
-
----
-
-## ✅ Done!
-You now have the target PostgreSQL version running with your old data successfully restored.
-
----
-
-## 📝 Tips
-- Always test this procedure in a staging environment before running it in production.
-- You can automate this with Ansible or a custom script.
-- For large databases, consider using `pg_dump` per database and `pg_restore` with parallel jobs.
-
----
 
 ## 🔗 References
 - [PostgreSQL Backup Documentation](https://www.postgresql.org/docs/current/backup-dump.html)

roles/docker-postgres/tasks/init_database.yml

@@ -0,0 +1,85 @@
+- name: "Create database: {{ database_name }}"
+  postgresql_db:
+    name: "{{ database_name }}"
+    state: present
+    login_user: postgres
+    login_password: "{{ applications[application_id].credentials.postgres_password }}"
+    login_host: 127.0.0.1
+    login_port: "{{database_port}}"
+
+- name: "Create database user: {{ database_username }}"
+  postgresql_user:
+    name:           "{{ database_username }}"
+    password:       "{{ database_password }}"
+    db:             "{{ database_name }}"
+    state:          present
+    login_user:     postgres
+    login_password: "{{ applications[application_id].credentials.postgres_password }}"
+    login_host:     127.0.0.1
+    login_port:     "{{database_port}}"
+
+- name: "Set privileges for database user: {{ database_username }}"
+  postgresql_privs:
+    db:             "{{ database_name }}"
+    role:           "{{ database_username }}"
+    objs:           ALL_IN_SCHEMA
+    privs:          ALL
+    type:           table
+    state:          present
+    login_user:     postgres
+    login_password: "{{ applications[application_id].credentials.postgres_password }}"
+    login_host:     127.0.0.1
+    login_port:     "{{database_port}}"
+
+- name: Grant all privileges at the database level
+  postgresql_privs:
+    db: "{{ database_name }}"
+    role: "{{ database_username }}"
+    privs: ALL
+    type: database
+    state: present
+    login_user: postgres
+    login_password: "{{ applications[application_id].credentials.postgres_password }}"
+    login_host: 127.0.0.1
+    login_port: "{{database_port}}"
+
+- name: Grant all privileges on all tables in the public schema
+  postgresql_privs:
+    db: "{{ database_name }}"
+    role: "{{ database_username }}"
+    objs: ALL_IN_SCHEMA
+    privs: ALL
+    type: table
+    schema: public
+    state: present
+    login_user: postgres
+    login_password: "{{ applications[application_id].credentials.postgres_password }}"
+    login_host: 127.0.0.1
+    login_port: "{{database_port}}"
+
+- name: Set comprehensive privileges for user on public schema
+  postgresql_query:
+    db: "{{ database_name }}"
+    login_user: postgres
+    login_password: "{{ applications[application_id].credentials.postgres_password }}"
+    login_host: 127.0.0.1
+    login_port: "{{database_port}}"
+    query: |
+      GRANT USAGE ON SCHEMA public TO {{ database_username }};
+      GRANT CREATE ON SCHEMA public TO {{ database_username }};
+      ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON TABLES TO {{ database_username }};
+
+- name: Ensure PostGIS-related extensions are installed
+  community.postgresql.postgresql_ext:
+    db: "{{ database_name }}"
+    ext: "{{ item }}"
+    state: present
+    login_user: postgres
+    login_password: "{{ applications[application_id].credentials.postgres_password }}"
+    login_host: 127.0.0.1
+    login_port: "{{ database_port }}"
+  loop:
+    - postgis
+    - pg_trgm
+    - unaccent
+  when: database_gis_enabled is defined and database_gis_enabled

roles/docker-postgres/tasks/main.yml

@@ -8,19 +8,19 @@
 
 - name: Install PostgreSQL
   docker_container:
-    name: "{{ applications.postgres.hostname }}"
+    name: "{{ applications[application_id].hostname }}"
     image: "{{ applications | get_docker_image(application_id) }}"
     detach: yes
     env:
-      POSTGRES_PASSWORD: "{{ applications.postgres.credentials.postgres_password }}"
+      POSTGRES_PASSWORD: "{{ applications[application_id].credentials.postgres_password }}"
       POSTGRES_INITDB_ARGS: "--encoding=UTF8 --locale=C" # Necessary for docker-matrix
     networks:
       - name: central_postgres
     published_ports:
-      - "127.0.0.1:{{database_port}}:5432"
+      - "127.0.0.1:{{ applications[application_id].port }}:5432"
     volumes:
       - central_postgres_database:/var/lib/postgresql/data
-    restart_policy: "{{docker_restart_policy}}"
+    restart_policy: "{{ docker_restart_policy }}"
     healthcheck:
       test: ["CMD-SHELL", "pg_isready -U postgres"]
       interval: 10s
@@ -31,7 +31,7 @@
   when: run_once_docker_postgres is not defined
 
 - name: Wait for Postgres inside the container
-  shell: "docker exec {{ applications.postgres.hostname }} pg_isready -U postgres"
+  shell: "docker exec {{ applications[application_id].hostname }} pg_isready -U postgres"
   register: pg_ready
   until: pg_ready.rc == 0
   retries: 30
@@ -47,91 +47,12 @@
     state: present
   when: run_once_docker_postgres is not defined
 
-- name: "Create database: {{ database_name }}"
+- name: Load database initialization tasks dynamically
-  postgresql_db:
+  include_tasks: init_database.yml
-    name: "{{ database_name }}"
+  when:
-    state: present
+    - database_username is defined
-    login_user: postgres
+    - database_password is defined
-    login_password: "{{ applications.postgres.credentials.postgres_password }}"
+    - database_name is defined
-    login_host: 127.0.0.1
-    login_port: "{{database_port}}"
-
-- name: "Create database user: {{ database_username }}"
-  postgresql_user:
-    name:           "{{ database_username }}"
-    password:       "{{ database_password }}"
-    db:             "{{ database_name }}"
-    state:          present
-    login_user:     postgres
-    login_password: "{{ applications.postgres.credentials.postgres_password }}"
-    login_host:     127.0.0.1
-    login_port:     "{{database_port}}"
-
-- name: "Set privileges for database user: {{ database_username }}"
-  postgresql_privs:
-    db:             "{{ database_name }}"
-    role:           "{{ database_username }}"
-    objs:           ALL_IN_SCHEMA
-    privs:          ALL
-    type:           table
-    state:          present
-    login_user:     postgres
-    login_password: "{{ applications.postgres.credentials.postgres_password }}"
-    login_host:     127.0.0.1
-    login_port:     "{{database_port}}"
-
-- name: Grant all privileges at the database level
-  postgresql_privs:
-    db: "{{ database_name }}"
-    role: "{{ database_username }}"
-    privs: ALL
-    type: database
-    state: present
-    login_user: postgres
-    login_password: "{{ applications.postgres.credentials.postgres_password }}"
-    login_host: 127.0.0.1
-    login_port: "{{database_port}}"
-
-- name: Grant all privileges on all tables in the public schema
-  postgresql_privs:
-    db: "{{ database_name }}"
-    role: "{{ database_username }}"
-    objs: ALL_IN_SCHEMA
-    privs: ALL
-    type: table
-    schema: public
-    state: present
-    login_user: postgres
-    login_password: "{{ applications.postgres.credentials.postgres_password }}"
-    login_host: 127.0.0.1
-    login_port: "{{database_port}}"
-
-- name: Set comprehensive privileges for user on public schema
-  postgresql_query:
-    db: "{{ database_name }}"
-    login_user: postgres
-    login_password: "{{ applications.postgres.credentials.postgres_password }}"
-    login_host: 127.0.0.1
-    login_port: "{{database_port}}"
-    query: |
-      GRANT USAGE ON SCHEMA public TO {{ database_username }};
-      GRANT CREATE ON SCHEMA public TO {{ database_username }};
-      ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON TABLES TO {{ database_username }};
-
-- name: Ensure PostGIS-related extensions are installed
-  community.postgresql.postgresql_ext:
-    db: "{{ database_name }}"
-    ext: "{{ item }}"
-    state: present
-    login_user: postgres
-    login_password: "{{ applications.postgres.credentials.postgres_password }}"
-    login_host: 127.0.0.1
-    login_port: "{{ database_port }}"
-  loop:
-    - postgis
-    - pg_trgm
-    - unaccent
-  when: database_gis_enabled is defined and database_gis_enabled
 
 - name: Run the docker_postgres tasks once
   set_fact:

roles/docker-postgres/vars/configuration.yml

@@ -1,4 +1,5 @@
 hostname: "central-postgres"
+port: 5432
 docker:
   images:
     # Postgis is necessary for mobilizon
@@ -7,4 +8,3 @@ docker:
     # Please set an version in your inventory file! 
     # Rolling release isn't recommended
     postgres: "latest"
-

roles/docker-snipe-it/meta/main.yml

@@ -26,5 +26,9 @@ galaxy_info:
   documentation: "https://s.veen.world/cymais"
   logo:
     class: "fa-solid fa-box"
+  run_after:
+    - docker-matomo
+    - docker-keycloak
+    - docker-mailu
 dependencies: []
 

tests/unit/test_generate_playbook.py

@@ -0,0 +1,85 @@
+#!/usr/bin/env python3
+import os
+import sys
+import unittest
+import tempfile
+import shutil
+import yaml
+
+# Adjust path to include cli/ folder
+sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), "../../..", "cli")))
+
+from generate_playbook import build_dependency_graph, topological_sort, generate_playbook_entries
+
+class TestGeneratePlaybook(unittest.TestCase):
+    def setUp(self):
+        # Create a temporary directory to simulate roles
+        self.temp_dir = tempfile.mkdtemp()
+
+        # Define mock roles and dependencies
+        self.roles = {
+            'role-a': {'run_after': [], 'application_id': 'a'},
+            'role-b': {'run_after': ['role-a'], 'application_id': 'b'},
+            'role-c': {'run_after': ['role-b'], 'application_id': 'c'},
+            'role-d': {'run_after': [], 'application_id': 'd'},
+        }
+
+        for role_name, meta in self.roles.items():
+            role_path = os.path.join(self.temp_dir, role_name)
+            os.makedirs(os.path.join(role_path, 'meta'), exist_ok=True)
+            os.makedirs(os.path.join(role_path, 'vars'), exist_ok=True)
+
+            meta_file = {
+                'galaxy_info': {
+                    'run_after': meta['run_after']
+                }
+            }
+
+            vars_file = {
+                'application_id': meta['application_id']
+            }
+
+            with open(os.path.join(role_path, 'meta', 'main.yml'), 'w') as f:
+                yaml.dump(meta_file, f)
+
+            with open(os.path.join(role_path, 'vars', 'main.yml'), 'w') as f:
+                yaml.dump(vars_file, f)
+
+    def tearDown(self):
+        # Clean up the temporary directory
+        shutil.rmtree(self.temp_dir)
+
+    def test_dependency_graph_and_sort(self):
+        graph, in_degree, roles = build_dependency_graph(self.temp_dir)
+
+        self.assertIn('role-a', graph)
+        self.assertIn('role-b', graph)
+        self.assertEqual(graph['role-a'], ['role-b'])
+        self.assertEqual(graph['role-b'], ['role-c'])
+        self.assertEqual(graph['role-c'], [])
+        self.assertEqual(in_degree['role-c'], 1)
+        self.assertEqual(in_degree['role-b'], 1)
+        self.assertEqual(in_degree['role-a'], 0)
+        self.assertEqual(in_degree['role-d'], 0)
+
+        sorted_roles = topological_sort(graph, in_degree)
+        # The expected order must be a → b → c, d can be anywhere before or after
+        self.assertTrue(sorted_roles.index('role-a') < sorted_roles.index('role-b') < sorted_roles.index('role-c'))
+
+    def test_generate_playbook_entries(self):
+        entries = generate_playbook_entries(self.temp_dir)
+
+        text = ''.join(entries)
+        self.assertIn("setup a", text)
+        self.assertIn("setup b", text)
+        self.assertIn("setup c", text)
+        self.assertIn("setup d", text)
+
+        # Order must preserve run_after
+        a_index = text.index("setup a")
+        b_index = text.index("setup b")
+        c_index = text.index("setup c")
+        self.assertTrue(a_index < b_index < c_index)
+
+if __name__ == '__main__':
+    unittest.main()